β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 WORKING SPYING APPS ANDROID LIST 4:
https://www.flexispy.com/en/android-spy-app-flexispy.htm
https://play.google.com/store/apps/details?id=com.google.android.apps.kids.familylink
https://play.google.com/store/apps/details?id=com.google.android.apps.adm
https://play.google.com/store/apps/details?id=net.frju.heimdall
https://play.google.com/store/apps/details?id=com.prey
https://spyera.com/android-spy-app/
https://play.google.com/store/apps/details?id=com.wavemarket.finder.mobile
https://findmymobile.samsung.com/
https://xnspy.com/android-spy.html
Don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 WORKING SPYING APPS ANDROID LIST 4:
https://www.flexispy.com/en/android-spy-app-flexispy.htm
https://play.google.com/store/apps/details?id=com.google.android.apps.kids.familylink
https://play.google.com/store/apps/details?id=com.google.android.apps.adm
https://play.google.com/store/apps/details?id=net.frju.heimdall
https://play.google.com/store/apps/details?id=com.prey
https://spyera.com/android-spy-app/
https://play.google.com/store/apps/details?id=com.wavemarket.finder.mobile
https://findmymobile.samsung.com/
https://xnspy.com/android-spy.html
Don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Flexispy
Android Spy App - Android Monitoring Software - FlexiSPYβ’
The only Android spy app that captures all forms of messaging, records and intercepts all types of calls, is 100% hidden, logs keystrokes and much more. With over 150 features it is the most powerful monitoring software for Android.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦πSome Nginx security configuration tips by undercode:
1) Basic security setup
The best way to protect your web server is to provide the attacker with a minimum of data: version number of Nginx, PHP, OS, etc.
Typically, information is hidden in HTTP headers.
# Only return Nginx in server header
server_tokens off ;
Testing
# Display title
curl https://mywebserver.domain.net/ -ksv 2> & 1> / dev / null | grep Server
2) Strict Transport Security (HSTS)
This setting allows you to declare to the HTTP client that your web server allows HTTP.
The HSTS policy protects users from eavesdropping attacks.
A man-in-the-middle attack cannot intercept the request while the HSTS is active.
add_header Strict-Transport-Security "max-age = 15552001; includeSubdomains; preload";
3) Other means of protection
# Server passes inodes through blocked ETag
etag off;
more_clear_headers 'ETag';
π¦ Anti-clickjacking :
add_header X-Frame-Options "SAMEORIGIN";
1) SSL and TLS encryption protocols
When we talk about SSL, it is actually SSL / TLS.
You should be aware that SSL has been deprecated since 1999 and its latest version, SSLv3, dates from 1996.
Since then, TLS has come into play and three versions have been released: TLSv1.0, TLSv1.1, and TLSv1.2.
Google claims that as of October 14, 2014, it can decrypt messages using SSLv3 through the POODLE attack.
While 2/3 of the web servers on the Internet accept and use this protocol, the community was in a panic.
Admittedly, the exploit is not easy, but if we combine with an attack that lowers the level of cryptography (like Logjam, see below), then all versions of TLS can be affected.
The best way to protect yourself is to disable SSLv3.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Testing the configuration
echo -n | openssl s_client -connect mywebserver.domain.net:443 -ssl3
2) Encryption algorithms
Encryption algorithms are divided into 4 types:
- Key exchange
- Authentication
- Block encryption
- Message authentication
Some algorithms (RC4, DH, 3DES, EXP, etc.) should be avoided and others should be given priority.
# Best ratio Security / Accessibility
ssl_ciphers CDHE-RSA-AES128-GCM-SHA256: ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-AES256-GCM-SHA384: DHE-RSA256 : DHE-DSS-AES128-GCM-SHA256: kEDH + AESGCM: ECDHE-RSA-AES128-SHA256: ECDHE-ECDSA-AES128-SHA256: ECDHE-RSA-AES128-SHA: ECDHE-ECDHE-AES12 -AES256-SHA384: ECDHE-ECDSA-AES256-SHA384: ECDHE-RSA-AES256-SHA: ECDHE-ECDSA-AES256-SHA: DHE-RSA-AES128-SHA256: DHE-RSA-AES128-DSSA-DHE -SHA256:! DHE-RSA-AES256-SHA256: DHE-DSS-AES256-SHA:! DHE-RSA-AES256-SHA: AES128-GCM-SHA256:! AES256-GCM-SHA384: AES128-SHA256: !256256-SHA : AES128-SHA:! AES256-SHA: AES: DES-CBC3-SHA:! ANULL:! ENULL:! EXPORT:! DES:! RC4:! MD5:! PSK:! AECDH:! EDH-DSS-DES-CBC3 -SHA:! EDH-RSA-DES-CBC3-SHA:! KRB5-DES-CBC3-SHA;
# Secure
ssl_ciphers EECDH + AESGCM: EDH + AESGCM: AES256 + EECDH: AES256 + EDH;
# Global
ssl_ciphers EECDH + AESGCM: EDH + AESGCM: AES256 + EECDH: ECDHE-RSA-AES128-SHA: DHE-RSA-
Don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦πSome Nginx security configuration tips by undercode:
1) Basic security setup
The best way to protect your web server is to provide the attacker with a minimum of data: version number of Nginx, PHP, OS, etc.
Typically, information is hidden in HTTP headers.
# Only return Nginx in server header
server_tokens off ;
Testing
# Display title
curl https://mywebserver.domain.net/ -ksv 2> & 1> / dev / null | grep Server
2) Strict Transport Security (HSTS)
This setting allows you to declare to the HTTP client that your web server allows HTTP.
The HSTS policy protects users from eavesdropping attacks.
A man-in-the-middle attack cannot intercept the request while the HSTS is active.
add_header Strict-Transport-Security "max-age = 15552001; includeSubdomains; preload";
3) Other means of protection
# Server passes inodes through blocked ETag
etag off;
more_clear_headers 'ETag';
π¦ Anti-clickjacking :
add_header X-Frame-Options "SAMEORIGIN";
1) SSL and TLS encryption protocols
When we talk about SSL, it is actually SSL / TLS.
You should be aware that SSL has been deprecated since 1999 and its latest version, SSLv3, dates from 1996.
Since then, TLS has come into play and three versions have been released: TLSv1.0, TLSv1.1, and TLSv1.2.
Google claims that as of October 14, 2014, it can decrypt messages using SSLv3 through the POODLE attack.
While 2/3 of the web servers on the Internet accept and use this protocol, the community was in a panic.
Admittedly, the exploit is not easy, but if we combine with an attack that lowers the level of cryptography (like Logjam, see below), then all versions of TLS can be affected.
The best way to protect yourself is to disable SSLv3.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Testing the configuration
echo -n | openssl s_client -connect mywebserver.domain.net:443 -ssl3
2) Encryption algorithms
Encryption algorithms are divided into 4 types:
- Key exchange
- Authentication
- Block encryption
- Message authentication
Some algorithms (RC4, DH, 3DES, EXP, etc.) should be avoided and others should be given priority.
# Best ratio Security / Accessibility
ssl_ciphers CDHE-RSA-AES128-GCM-SHA256: ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-AES256-GCM-SHA384: DHE-RSA256 : DHE-DSS-AES128-GCM-SHA256: kEDH + AESGCM: ECDHE-RSA-AES128-SHA256: ECDHE-ECDSA-AES128-SHA256: ECDHE-RSA-AES128-SHA: ECDHE-ECDHE-AES12 -AES256-SHA384: ECDHE-ECDSA-AES256-SHA384: ECDHE-RSA-AES256-SHA: ECDHE-ECDSA-AES256-SHA: DHE-RSA-AES128-SHA256: DHE-RSA-AES128-DSSA-DHE -SHA256:! DHE-RSA-AES256-SHA256: DHE-DSS-AES256-SHA:! DHE-RSA-AES256-SHA: AES128-GCM-SHA256:! AES256-GCM-SHA384: AES128-SHA256: !256256-SHA : AES128-SHA:! AES256-SHA: AES: DES-CBC3-SHA:! ANULL:! ENULL:! EXPORT:! DES:! RC4:! MD5:! PSK:! AECDH:! EDH-DSS-DES-CBC3 -SHA:! EDH-RSA-DES-CBC3-SHA:! KRB5-DES-CBC3-SHA;
# Secure
ssl_ciphers EECDH + AESGCM: EDH + AESGCM: AES256 + EECDH: AES256 + EDH;
# Global
ssl_ciphers EECDH + AESGCM: EDH + AESGCM: AES256 + EECDH: ECDHE-RSA-AES128-SHA: DHE-RSA-
Don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How do I stop Google Chrome from Restoring Tabs?
#forBeginers
Β» Method of Stopping Google Chrome from Restoring Tabs:
For stopping Google Chrome from restoring tabs, you will need to perform the following steps:
1) Launch Google Chrome by double-clicking on its shortcut icon located on your desktop.
2) Now click on the three dots located at the top right corner of your Google Chrome window
3) As soon as you will click on this icon, a cascading menu will appear on your screen. Select the Settings option from this menu
4) In the Google Chrome Settings window, scroll down to the βOn start-upβ section and then select the Open the New Tab page radio button as highlighted in the image shown below for restricting Google Chrome from restoring tabs.
Don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How do I stop Google Chrome from Restoring Tabs?
#forBeginers
Β» Method of Stopping Google Chrome from Restoring Tabs:
For stopping Google Chrome from restoring tabs, you will need to perform the following steps:
1) Launch Google Chrome by double-clicking on its shortcut icon located on your desktop.
2) Now click on the three dots located at the top right corner of your Google Chrome window
3) As soon as you will click on this icon, a cascading menu will appear on your screen. Select the Settings option from this menu
4) In the Google Chrome Settings window, scroll down to the βOn start-upβ section and then select the Open the New Tab page radio button as highlighted in the image shown below for restricting Google Chrome from restoring tabs.
Don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ExampleS TRICKS break through the IDS intrusion detection system :
1) trick: use the path separator "\"
For Web servers like Microsoft's IIS, "\" can also be used as a path separator like "/". Some IDS did not consider the non-standard path separator "\" when setting up the rule set file. If we rewrite /msadc/msadcs.dll to \msadc\ msadcs.dll, we can escape snort, because there is no identification mark of \msadc\ msadcs.dll in the snort rule set file. It is worth mentioning that the path separator "\" also has a magical effect, which is the "%5c" violent library method mentioned in the "Hacker Defense" some time ago. "%5c" is the hexadecimal representation of "\".
2) trick: hexadecimal encoding
For a character, we can use the escape symbol "%" plus its hexadecimal ASCII code to represent it. For example, the first character "/" in /msadc/msadcs.dll can be expressed as %2F, and the following characters can be expressed by their corresponding hexadecimal ASCII code combined with "%". The URL encoded by this method It is no longer what it was before, and there may be no encoded string in the IDS rule set file, so IDS can be bypassed. But this method is invalid for IDS that uses HTTP preprocessing technology.
3) trick. Illegal Unicode encoding
UTF-8 encoding allows the character set to contain more than 256 characters, so it also allows more than 8 bits of encoding. The hexadecimal ASCII code of the "/" character is 2F, and the binary number is 00101111. The standard way to represent 2F in UTF-8 format is still 2F, but multi-byte UTF-8 can also be used to represent 2F. The character "/" can be represented by single-byte, double-byte, and three-byte UTF-8 encoding as shown in the following table:
"/" character representation binary hexadecimal
Single byte 0xxxxxxx 00101111 2F
Double byte 110xxxxx 10xxxxxx 11000000 10101111 C0 AF
Three bytes 1110xxxx 10xxxxxx 10xxxxxx 11100000 10000000 10101111 E0 80 AF
According to this method, we can encode the entire string accordingly. Although the resources that the encoded URLs ultimately point to are the same, their expressions are different, and the filter string may not exist in the IDS rule set file, thus achieving the goal of breaking through the IDS.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ExampleS TRICKS break through the IDS intrusion detection system :
1) trick: use the path separator "\"
For Web servers like Microsoft's IIS, "\" can also be used as a path separator like "/". Some IDS did not consider the non-standard path separator "\" when setting up the rule set file. If we rewrite /msadc/msadcs.dll to \msadc\ msadcs.dll, we can escape snort, because there is no identification mark of \msadc\ msadcs.dll in the snort rule set file. It is worth mentioning that the path separator "\" also has a magical effect, which is the "%5c" violent library method mentioned in the "Hacker Defense" some time ago. "%5c" is the hexadecimal representation of "\".
2) trick: hexadecimal encoding
For a character, we can use the escape symbol "%" plus its hexadecimal ASCII code to represent it. For example, the first character "/" in /msadc/msadcs.dll can be expressed as %2F, and the following characters can be expressed by their corresponding hexadecimal ASCII code combined with "%". The URL encoded by this method It is no longer what it was before, and there may be no encoded string in the IDS rule set file, so IDS can be bypassed. But this method is invalid for IDS that uses HTTP preprocessing technology.
3) trick. Illegal Unicode encoding
UTF-8 encoding allows the character set to contain more than 256 characters, so it also allows more than 8 bits of encoding. The hexadecimal ASCII code of the "/" character is 2F, and the binary number is 00101111. The standard way to represent 2F in UTF-8 format is still 2F, but multi-byte UTF-8 can also be used to represent 2F. The character "/" can be represented by single-byte, double-byte, and three-byte UTF-8 encoding as shown in the following table:
"/" character representation binary hexadecimal
Single byte 0xxxxxxx 00101111 2F
Double byte 110xxxxx 10xxxxxx 11000000 10101111 C0 AF
Three bytes 1110xxxx 10xxxxxx 10xxxxxx 11100000 10000000 10101111 E0 80 AF
According to this method, we can encode the entire string accordingly. Although the resources that the encoded URLs ultimately point to are the same, their expressions are different, and the filter string may not exist in the IDS rule set file, thus achieving the goal of breaking through the IDS.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ best file sharing apps for Android :
https://play.google.com/store/apps/details?id=com.reliance.jio.jioswitch&hl=en
https://play.google.com/store/apps/details?id=com.google.android.apps.nbu.files&hl=en
https://play.google.com/store/apps/details?id=cn.xender&hl=en
https://play.google.com/store/apps/details?id=com.lenovo.anyshare.gps&hl=en
https://play.google.com/store/apps/details?id=com.pushbullet.android.portal
https://play.google.com/store/apps/details?id=com.sand.airdroid
https://play.google.com/store/apps/details?id=org.mozilla.firefoxsend
https://play.google.com/store/apps/details?id=com.genonbeta.TrebleShot&hl=en
https://play.google.com/store/apps/details?id=net.easyjoin.pro
Your not allowed to clone our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ best file sharing apps for Android :
https://play.google.com/store/apps/details?id=com.reliance.jio.jioswitch&hl=en
https://play.google.com/store/apps/details?id=com.google.android.apps.nbu.files&hl=en
https://play.google.com/store/apps/details?id=cn.xender&hl=en
https://play.google.com/store/apps/details?id=com.lenovo.anyshare.gps&hl=en
https://play.google.com/store/apps/details?id=com.pushbullet.android.portal
https://play.google.com/store/apps/details?id=com.sand.airdroid
https://play.google.com/store/apps/details?id=org.mozilla.firefoxsend
https://play.google.com/store/apps/details?id=com.genonbeta.TrebleShot&hl=en
https://play.google.com/store/apps/details?id=net.easyjoin.pro
Your not allowed to clone our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Google Play
JioSwitch - Transfer Files & S - Apps on Google Play
Data transfer app trusted by experts
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Commonly used unpacking method
#Cracking
A) Single-step tracking method
1) Load with OD, click "Do not analyze code"
2) Single-step downward tracking F8 to achieve downward jump. That is to say, the upward jump is not allowed to be realized (through F4)
3) When the program jumps back (including loops), we press F4 at the next line of code (or right-click the code and select the breakpointββ >Run to the selected)
4) The green line indicates that the jump has not been realized, don't care, the red line indicates that the jump has been realized
5) If the program has just been loaded, there is a CALL nearby, we will follow up with F7, Otherwise, the program is easy to run away, so that the OEP of the program can be quickly reached.
6) When tracking, if it runs to a certain CALL program, it will run, just enter F7 in this CALL
7) Generally, there are large jumps (large spans), such as jmp XXXXXX or JE XXXXXX or RETN, which will usually go to the OEP of the program soon.
Note: When some shells cannot be tracked down, we can Find an unrealized big jump nearby, right click --> "Follow", then F2 to break, Shift+F9 stops at the "Follow" position, then cancel the breakpoint, and continue F8 single-step tracking. Under normal circumstances, you can easily reach the OEP
Your not allowed to clone our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Commonly used unpacking method
#Cracking
A) Single-step tracking method
1) Load with OD, click "Do not analyze code"
2) Single-step downward tracking F8 to achieve downward jump. That is to say, the upward jump is not allowed to be realized (through F4)
3) When the program jumps back (including loops), we press F4 at the next line of code (or right-click the code and select the breakpointββ >Run to the selected)
4) The green line indicates that the jump has not been realized, don't care, the red line indicates that the jump has been realized
5) If the program has just been loaded, there is a CALL nearby, we will follow up with F7, Otherwise, the program is easy to run away, so that the OEP of the program can be quickly reached.
6) When tracking, if it runs to a certain CALL program, it will run, just enter F7 in this CALL
7) Generally, there are large jumps (large spans), such as jmp XXXXXX or JE XXXXXX or RETN, which will usually go to the OEP of the program soon.
Note: When some shells cannot be tracked down, we can Find an unrealized big jump nearby, right click --> "Follow", then F2 to break, Shift+F9 stops at the "Follow" position, then cancel the breakpoint, and continue F8 single-step tracking. Under normal circumstances, you can easily reach the OEP
Your not allowed to clone our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from WEB UNDERCODE - PRIVATE
SMTP Log Poisioning .pdf
996.7 KB
In this PDF, we will be discussing on SMTP log poisoning. But before getting in details, kindly read our previous articles for βSMTP Lab Set-Upβ and βBeginner Guide to File Inclusion Attack (LFI/RFI)β . Today you will see how we can exploit a web server by abusing SMTP services if the web server is vulnerable to local file Inclusion
#Practical
#Practical
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Track mobile traffic consumption on iPhone and Android :
1) Tracking traffic consumption on iPhone
When you insert a SIM card or activate an eSIM, the iPhone receives data from the operator, including the tariff plan, billing cycle, current traffic consumption. Since this is operator information, you cannot track this information completely independently. But you can see the increase in consumption in order to prevent some suspicious spikes.
2) In the "Consumption" section, you can see the traffic consumption. If you scroll down to the Cellular Traffic section, you will find a list of applications. You can turn off the switch to prevent the app from wasting mobile traffic. Instead, it will only use Wi-Fi to access the Internet. This is fine if your mobile traffic limit does not exceed 5 GB.
3) If you are gradually approaching the limit, in order to avoid exceeding it is better to turn on the Low Data Mode. To do this, select the mobile options in the same menu. Once enabled, applications will not use mobile traffic unless you purposefully work with them. Video streaming is reduced, automatic data synchronization is disabled, and services like photos will no longer be updated.
4) The system does not have a built-in ability to issue alerts when the traffic limit is approaching. This can be done using third-party applications. For example, telecom operators may have similar programs. Without the help of third-party applications, you can only periodically check the traffic consumption in the system settings in the "Consumption" section.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Track mobile traffic consumption on iPhone and Android :
1) Tracking traffic consumption on iPhone
When you insert a SIM card or activate an eSIM, the iPhone receives data from the operator, including the tariff plan, billing cycle, current traffic consumption. Since this is operator information, you cannot track this information completely independently. But you can see the increase in consumption in order to prevent some suspicious spikes.
2) In the "Consumption" section, you can see the traffic consumption. If you scroll down to the Cellular Traffic section, you will find a list of applications. You can turn off the switch to prevent the app from wasting mobile traffic. Instead, it will only use Wi-Fi to access the Internet. This is fine if your mobile traffic limit does not exceed 5 GB.
3) If you are gradually approaching the limit, in order to avoid exceeding it is better to turn on the Low Data Mode. To do this, select the mobile options in the same menu. Once enabled, applications will not use mobile traffic unless you purposefully work with them. Video streaming is reduced, automatic data synchronization is disabled, and services like photos will no longer be updated.
4) The system does not have a built-in ability to issue alerts when the traffic limit is approaching. This can be done using third-party applications. For example, telecom operators may have similar programs. Without the help of third-party applications, you can only periodically check the traffic consumption in the system settings in the "Consumption" section.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦More basic on Anonimity :
A) Web browsers
> The key application that the non-profit Tor project distributes for free is the Tor browser... It is a security-enhanced version of Firefox that allows all traffic to pass through the Tor anonymous network. Encrypted traffic moves between two computers in different parts of the world, providing the greatest possible anonymity.
> This slows down data transfer significantly. The Tor browser is getting faster, says Mika Lee, a privacy-focused techie who worked for the Electronic Frontier Foundation.
> This is one of the organizations that funds the Tor Project. Over the past month, he has tried using Tor as his primary browser and has only occasionally returned to regular browsers, mainly to visit sites using Flash and others that require plugins.
> After about a week, the transition was almost invisible. βIt may not be absolutely necessary, but Iβm not uncomfortable either,β says Lee. But there are real benefits in the form of privacy. All Internet users are tracked, but they can stop it if they want.
B) Email
The easiest way to send emails anonymously is to use the Tor Browser email service. This requires you to create a new account without specifying personal information. By comparison, Gmail, Outlook and Yahoo! Mail requires a phone number.
1) Runa Sandvik prefers Guerrilla Mail , a temporary disposable mailing address service. Here you can randomly generate a mailbox with just one click. Using this mail in the Tor Browser means that no one, not even the Guerrilla Mail service itself, will be able to find out your IP address.
2) Encrypting mail messages can be tricky. It is often necessary for the user to copy and paste messages into text boxes and then use the PGP encryption algorithm to encrypt and decrypt them. To fix this problem, Lee suggests using email services like Riseup.net, Mozilla's Thunderbird, the Enigmail encryption plugin, and another plugin called TorBirdy that routes messages over the Tor network.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦More basic on Anonimity :
A) Web browsers
> The key application that the non-profit Tor project distributes for free is the Tor browser... It is a security-enhanced version of Firefox that allows all traffic to pass through the Tor anonymous network. Encrypted traffic moves between two computers in different parts of the world, providing the greatest possible anonymity.
> This slows down data transfer significantly. The Tor browser is getting faster, says Mika Lee, a privacy-focused techie who worked for the Electronic Frontier Foundation.
> This is one of the organizations that funds the Tor Project. Over the past month, he has tried using Tor as his primary browser and has only occasionally returned to regular browsers, mainly to visit sites using Flash and others that require plugins.
> After about a week, the transition was almost invisible. βIt may not be absolutely necessary, but Iβm not uncomfortable either,β says Lee. But there are real benefits in the form of privacy. All Internet users are tracked, but they can stop it if they want.
B) Email
The easiest way to send emails anonymously is to use the Tor Browser email service. This requires you to create a new account without specifying personal information. By comparison, Gmail, Outlook and Yahoo! Mail requires a phone number.
1) Runa Sandvik prefers Guerrilla Mail , a temporary disposable mailing address service. Here you can randomly generate a mailbox with just one click. Using this mail in the Tor Browser means that no one, not even the Guerrilla Mail service itself, will be able to find out your IP address.
2) Encrypting mail messages can be tricky. It is often necessary for the user to copy and paste messages into text boxes and then use the PGP encryption algorithm to encrypt and decrypt them. To fix this problem, Lee suggests using email services like Riseup.net, Mozilla's Thunderbird, the Enigmail encryption plugin, and another plugin called TorBirdy that routes messages over the Tor network.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MOST SECURE WAY FOR COMMUNICATE & SHARE FILES:
A) Instant messaging
> Adium and Pidgin are the most popular instant messaging clients on both Mac and Windows platforms that support OTR and Tor encryption protocol.
> The Tor Project is working to create an instant messaging program for maximum security and anonymity. This program will be based on the Instant Bird app and was supposed to be released in March but is delayed. At the moment, the preliminary version can be expected to be received in mid-July.
B) Transferring large files
> Google Drive and Dropbox don't care too much about privacy. Therefore, Lee created the open source software Onionshare ,
https://www.wired.com/2014/05/onionshare/
> which allows large files to be transferred over the Tor network. When you use this program to share a file, the Tor Hidden Service is created. This is a hidden anonymous website that resides on your computer.
> The recipients of the file are given the URL of this site in .onion format, after which they can download it anonymously through their Tor Browser.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MOST SECURE WAY FOR COMMUNICATE & SHARE FILES:
A) Instant messaging
> Adium and Pidgin are the most popular instant messaging clients on both Mac and Windows platforms that support OTR and Tor encryption protocol.
> The Tor Project is working to create an instant messaging program for maximum security and anonymity. This program will be based on the Instant Bird app and was supposed to be released in March but is delayed. At the moment, the preliminary version can be expected to be received in mid-July.
B) Transferring large files
> Google Drive and Dropbox don't care too much about privacy. Therefore, Lee created the open source software Onionshare ,
https://www.wired.com/2014/05/onionshare/
> which allows large files to be transferred over the Tor network. When you use this program to share a file, the Tor Hidden Service is created. This is a hidden anonymous website that resides on your computer.
> The recipients of the file are given the URL of this site in .onion format, after which they can download it anonymously through their Tor Browser.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
WIRED
Free App Lets the Next Snowden Send Big Files Securely and Anonymously
Onionshare is simple, free software designed to let anyone send files securely and anonymously.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦LIST 2 OF ExampleS TRICKS break through the IDS intrusion detection system :
1) Trick: "/./" string insertion method
In view of the special role of "./", we can insert it into the URL to achieve URL transformation. For example, for /msadc/msadcs.dll, we can rewrite it as /././msadc/././msadcs.dll, /./msadc/.//./msadcs.dll and other forms to disrupt IDS The identification mark analysis engine realizes the purpose of deceiving IDS. Moreover, the URL after the rewrite is equivalent to the unmodified URL. The author has shown through experiments that this method can bypass IDS such as Snort.
2) The second trick: "00" ASCII code
Some time ago, the Internet upload vulnerability was used to exploit this feature, and everyone must be familiar with it. Its principle is that the computer automatically truncates the character string at ASCII code 00 when it is processed. We can rewrite /msadc/msadcs.dll to /msadc/msadcs.dll Iloveheikefangxian, use Winhex to change the space between .dll and Ilove to the ASCII code of 00, save it, and then submit it with NC and pipe. In this way, in the view of some IDS, /msadc/msadcs.dll Iloveheikefangxian is not the same as the string with the attack intent specified in its rule set file, so it will be indifferent to the attacker's behavior. Look! How extensive is the application of the principle of "automatically truncating at ASCII code 00 when the computer processes a string"! Philosophically speaking, there is a connection between things. We should think more and dig out the internal laws, so There will be new discoveries.
3) trick: use the path separator "\"
For Web servers like Microsoft's IIS, "\" can also be used as a path separator like "/". Some IDS did not consider the non-standard path separator "\" when setting up the rule set file. If we rewrite /msadc/msadcs.dll to \msadc\ msadcs.dll, we can escape snort, because there is no identification mark of \msadc\ msadcs.dll in the snort rule set file. It is worth mentioning that the path separator "\" also has a magical effect, which is the "%5c" violent library method mentioned in the "Hacker Defense" some time ago. "%5c" is the hexadecimal representation of "\".
4) trick: hexadecimal encoding
For a character, we can use the escape symbol "%" plus its hexadecimal ASCII code to represent it. For example, the first character "/" in /msadc/msadcs.dll can be expressed as %2F, and the following characters can be expressed by their corresponding hexadecimal ASCII code combined with "%". The URL encoded by this method It is no longer what it was before, and there may be no encoded string in the IDS rule set file, so IDS can be bypassed. But this method is invalid for IDS that uses HTTP preprocessing technology.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦LIST 2 OF ExampleS TRICKS break through the IDS intrusion detection system :
1) Trick: "/./" string insertion method
In view of the special role of "./", we can insert it into the URL to achieve URL transformation. For example, for /msadc/msadcs.dll, we can rewrite it as /././msadc/././msadcs.dll, /./msadc/.//./msadcs.dll and other forms to disrupt IDS The identification mark analysis engine realizes the purpose of deceiving IDS. Moreover, the URL after the rewrite is equivalent to the unmodified URL. The author has shown through experiments that this method can bypass IDS such as Snort.
2) The second trick: "00" ASCII code
Some time ago, the Internet upload vulnerability was used to exploit this feature, and everyone must be familiar with it. Its principle is that the computer automatically truncates the character string at ASCII code 00 when it is processed. We can rewrite /msadc/msadcs.dll to /msadc/msadcs.dll Iloveheikefangxian, use Winhex to change the space between .dll and Ilove to the ASCII code of 00, save it, and then submit it with NC and pipe. In this way, in the view of some IDS, /msadc/msadcs.dll Iloveheikefangxian is not the same as the string with the attack intent specified in its rule set file, so it will be indifferent to the attacker's behavior. Look! How extensive is the application of the principle of "automatically truncating at ASCII code 00 when the computer processes a string"! Philosophically speaking, there is a connection between things. We should think more and dig out the internal laws, so There will be new discoveries.
3) trick: use the path separator "\"
For Web servers like Microsoft's IIS, "\" can also be used as a path separator like "/". Some IDS did not consider the non-standard path separator "\" when setting up the rule set file. If we rewrite /msadc/msadcs.dll to \msadc\ msadcs.dll, we can escape snort, because there is no identification mark of \msadc\ msadcs.dll in the snort rule set file. It is worth mentioning that the path separator "\" also has a magical effect, which is the "%5c" violent library method mentioned in the "Hacker Defense" some time ago. "%5c" is the hexadecimal representation of "\".
4) trick: hexadecimal encoding
For a character, we can use the escape symbol "%" plus its hexadecimal ASCII code to represent it. For example, the first character "/" in /msadc/msadcs.dll can be expressed as %2F, and the following characters can be expressed by their corresponding hexadecimal ASCII code combined with "%". The URL encoded by this method It is no longer what it was before, and there may be no encoded string in the IDS rule set file, so IDS can be bypassed. But this method is invalid for IDS that uses HTTP preprocessing technology.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BASIC ENCRYPTION :
1) "Mobile encryption" is a file encryption method for sending files through U disk, mail or chat software, etc., when the non-local computer is running, this encryption method will change the file format and icon, and the user double-clicks to enter the password Can be opened at the rear.
2) "Normal encryption" refers to files that are still accessed or decrypted locally after the local file is encrypted. This encryption method does not change the file format. The encrypted file is exactly the same as before encryption, except that the password must be entered before access.
3) "Advanced Encryption" is also ordinary encryption, but you can set the access permissions for encrypted files. You can only open encrypted files but prohibit saving as a local disk, only read encrypted files but prohibit copying encrypted files, and only modify encrypted files. It is forbidden to delete encrypted files, or to drag encrypted files, or to print encrypted files, etc., to protect the security of encrypted files. At the same time, once the access is completed, the encrypted files will be automatically re-encrypted, thus ensuring the entire security of the encrypted files and preventing reading The act of leaking encrypted files after encrypting them.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BASIC ENCRYPTION :
1) "Mobile encryption" is a file encryption method for sending files through U disk, mail or chat software, etc., when the non-local computer is running, this encryption method will change the file format and icon, and the user double-clicks to enter the password Can be opened at the rear.
2) "Normal encryption" refers to files that are still accessed or decrypted locally after the local file is encrypted. This encryption method does not change the file format. The encrypted file is exactly the same as before encryption, except that the password must be entered before access.
3) "Advanced Encryption" is also ordinary encryption, but you can set the access permissions for encrypted files. You can only open encrypted files but prohibit saving as a local disk, only read encrypted files but prohibit copying encrypted files, and only modify encrypted files. It is forbidden to delete encrypted files, or to drag encrypted files, or to print encrypted files, etc., to protect the security of encrypted files. At the same time, once the access is completed, the encrypted files will be automatically re-encrypted, thus ensuring the entire security of the encrypted files and preventing reading The act of leaking encrypted files after encrypting them.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Since there is no ready-made tool on the market that can perform this kind of attack, we made the tool ourselves and named it EvilAbigail. Evil maid attacks can target any operating system. In this research, we aimed at the Linux system using LUKS full disk encryption :
1) Generally speaking, when the Linux system uses full disk encryption, a small partition is still not encrypted. This area is used to decrypt and boot the encrypted disk. This partition will be mounted at /boot and contains the kernel and initial RAM disk (initrd). Although it is possible to attack the kernel or bootloader, we still attacked the initrd.
2) Initrd refers to a temporary file system, which is called by the Linux kernel during the startup phase. The initrd is mainly used for preparatory work before the root file system is mounted. The initrd contains the smallest set of directories and executable programs needed to decrypt and mount the root file system. Once the initrd task is completed, it will execute pivot_root to unmount the initrd root file system and mount the real root file system.
3) Generally speaking, initrd is a cpio image compressed by gzip. The Debian-based operating system we tested is like this, but the RedHat-based operating systems (Fedora, RHEL, CentOS) now use dracut, which contains an uncompressed cpio image. Debian-based initrds will use ash shell scripts to execute startup, while dracut will use systemd and its associated configuration methods.
4) In order to execute our attack, we chose to use a bootkit based on LD_PRELOAD, but it can also be injected into a malicious kernel or executable file. Our main goal of using LD_PRELOAD is to inject a shared object into the first executable file in the root file system that has just been decrypted. The first executable file is usually /sbin/init, and the PID is usually 1. The easiest way to attack is to modify the init script and export this environment variable so that the environment variable is set when pivot_root is executed. Because when the file system changes, the shared objects must be copied to the new system at the right time (after decryption). Put the following two lines into the init script of initrd and insert them before switching the file system:
cp /hack.so /${rootmnt}/hack.so
export LD_PRELOAD=/hack.so
5) This is possible because the real root file system is decrypted and mounted under the temporary root file system, which precedes pivot, and the rootmnt variable is filled with the mount point location. However, before that, the target file system needs to be remounted as read-write, because it is read-only by default. In our example, we have modified the init script, modified the script to analyze the kernel command line, so no matter what the parameters provided, the root file system is mounted in read-write mode. Another method is to add mount -o remount,rw /${rootmnt} to the injected command.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Since there is no ready-made tool on the market that can perform this kind of attack, we made the tool ourselves and named it EvilAbigail. Evil maid attacks can target any operating system. In this research, we aimed at the Linux system using LUKS full disk encryption :
1) Generally speaking, when the Linux system uses full disk encryption, a small partition is still not encrypted. This area is used to decrypt and boot the encrypted disk. This partition will be mounted at /boot and contains the kernel and initial RAM disk (initrd). Although it is possible to attack the kernel or bootloader, we still attacked the initrd.
2) Initrd refers to a temporary file system, which is called by the Linux kernel during the startup phase. The initrd is mainly used for preparatory work before the root file system is mounted. The initrd contains the smallest set of directories and executable programs needed to decrypt and mount the root file system. Once the initrd task is completed, it will execute pivot_root to unmount the initrd root file system and mount the real root file system.
3) Generally speaking, initrd is a cpio image compressed by gzip. The Debian-based operating system we tested is like this, but the RedHat-based operating systems (Fedora, RHEL, CentOS) now use dracut, which contains an uncompressed cpio image. Debian-based initrds will use ash shell scripts to execute startup, while dracut will use systemd and its associated configuration methods.
4) In order to execute our attack, we chose to use a bootkit based on LD_PRELOAD, but it can also be injected into a malicious kernel or executable file. Our main goal of using LD_PRELOAD is to inject a shared object into the first executable file in the root file system that has just been decrypted. The first executable file is usually /sbin/init, and the PID is usually 1. The easiest way to attack is to modify the init script and export this environment variable so that the environment variable is set when pivot_root is executed. Because when the file system changes, the shared objects must be copied to the new system at the right time (after decryption). Put the following two lines into the init script of initrd and insert them before switching the file system:
cp /hack.so /${rootmnt}/hack.so
export LD_PRELOAD=/hack.so
5) This is possible because the real root file system is decrypted and mounted under the temporary root file system, which precedes pivot, and the rootmnt variable is filled with the mount point location. However, before that, the target file system needs to be remounted as read-write, because it is read-only by default. In our example, we have modified the init script, modified the script to analyze the kernel command line, so no matter what the parameters provided, the root file system is mounted in read-write mode. Another method is to add mount -o remount,rw /${rootmnt} to the injected command.
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Shell script
I'll use the following shell script to illustrate the idea.
Nothing fancy, it will display the available disk space on a specific server and partition.
#! / usr / bin / env bash
# Display available disk space on specific server and partition
# default parameters
default_bastion = ""
default_busername = ""
default_server = "localhost"
default_username = "milosz"
default_partition = "/ srv"
# nextcloud server
nextcloud_server = "nextcloud.local"
nextcloud_partition = "/ data"
# dokuwiki server
dokuwiki_bastion = "bastion.example.org"
dokuwiki_busername = "bouncer"
dokuwiki_server = "192.0.2.10"
dokuwiki_username = "dokuwiki"
dokuwiki_partition = "/ wiki"
# kolab server
kolab_bastion = "bastion.example.org"
kolab_busername = "bouncer"
kolab_server = "192.0.2.20"
kolab_username = "monitoring"
kolab_partition = "/"
# get defined servers / applications
applications = "$ ((set -o posix; set) | awk -F '=' '/ _server / {split ($ 1, array," _ "); print array [1]}' | grep -v default)"
# get defined attributes
attributes = "$ ((set -o posix; set) | awk -F '=' '/ default_ / {split ($ 1, array," _ "); print array [2]}')"
for application in $ applications; do
# define attributes for server / application
for attribute in $ attributes; do
application_attribute = "$ {application} _ $ {attribute}"
default_attribute = "default _ $ {attribute}"
if [-n "$ {! application_attribute}"]; then
eval "$ {attribute}" = "$ {! application_attribute}"
else
eval "$ {attribute}" = "$ {! default_attribute}"
fi
done
# perform an action
if [-n "$ bastion"]; then
bastion_param = "- J $ {busername} @ $ {bastion}"
else
bastion_param = ""
fi
echo -n "$ server:"
ssh $ bastion_param $ server -l $ username "bash -c 'df -h --output = avail $ partition | sed 1d'"
done
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Shell script
I'll use the following shell script to illustrate the idea.
Nothing fancy, it will display the available disk space on a specific server and partition.
#! / usr / bin / env bash
# Display available disk space on specific server and partition
# default parameters
default_bastion = ""
default_busername = ""
default_server = "localhost"
default_username = "milosz"
default_partition = "/ srv"
# nextcloud server
nextcloud_server = "nextcloud.local"
nextcloud_partition = "/ data"
# dokuwiki server
dokuwiki_bastion = "bastion.example.org"
dokuwiki_busername = "bouncer"
dokuwiki_server = "192.0.2.10"
dokuwiki_username = "dokuwiki"
dokuwiki_partition = "/ wiki"
# kolab server
kolab_bastion = "bastion.example.org"
kolab_busername = "bouncer"
kolab_server = "192.0.2.20"
kolab_username = "monitoring"
kolab_partition = "/"
# get defined servers / applications
applications = "$ ((set -o posix; set) | awk -F '=' '/ _server / {split ($ 1, array," _ "); print array [1]}' | grep -v default)"
# get defined attributes
attributes = "$ ((set -o posix; set) | awk -F '=' '/ default_ / {split ($ 1, array," _ "); print array [2]}')"
for application in $ applications; do
# define attributes for server / application
for attribute in $ attributes; do
application_attribute = "$ {application} _ $ {attribute}"
default_attribute = "default _ $ {attribute}"
if [-n "$ {! application_attribute}"]; then
eval "$ {attribute}" = "$ {! application_attribute}"
else
eval "$ {attribute}" = "$ {! default_attribute}"
fi
done
# perform an action
if [-n "$ bastion"]; then
bastion_param = "- J $ {busername} @ $ {bastion}"
else
bastion_param = ""
fi
echo -n "$ server:"
ssh $ bastion_param $ server -l $ username "bash -c 'df -h --output = avail $ partition | sed 1d'"
done
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HOW FIX 80% errors of Android Studio:
1) Close Android Studio Go to C:
\Users\UserName.android and rename the folder:
β’ build-cache to build-cache_old
2) Go to C:\Users\UserName.AndroidStudio3.2\system and rename these folders:
β’ caches to caches_old
β’ compiler to compiler_old
β’ compile-server to compile-server_old
β’ conversion to conversion_old
β’ external_build_system to external_build_system_old
β’ frameworks to frameworks_old
β’ gradle to gradle_old
β’ resource_folder_cache to resource_folder_cache_old
3) Open the Android Studio and open your project again.
Voila!
don't copy our tutorials
(Unix forums)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HOW FIX 80% errors of Android Studio:
1) Close Android Studio Go to C:
\Users\UserName.android and rename the folder:
β’ build-cache to build-cache_old
2) Go to C:\Users\UserName.AndroidStudio3.2\system and rename these folders:
β’ caches to caches_old
β’ compiler to compiler_old
β’ compile-server to compile-server_old
β’ conversion to conversion_old
β’ external_build_system to external_build_system_old
β’ frameworks to frameworks_old
β’ gradle to gradle_old
β’ resource_folder_cache to resource_folder_cache_old
3) Open the Android Studio and open your project again.
Voila!
don't copy our tutorials
(Unix forums)
β β β Uππ»βΊπ«Δπ¬πβ β β β