▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is a DNS leak and why it matters👨⚕️

1) When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network.

2) If any traffic flows outside of a secure connection to the network, any adversary controlling your traffic will be able to register your activity.

3) DNS or Domain Name System is used to translate domain names such as www.privacyinternational.org into numeric IP addresses, for example. 123.123.123.123, which are required to route data packets on the Internet.

4) Whenever your computer needs to contact a server on the Internet, for example when you enter a URL in your browser, your computer contacts the DNS server and asks for an IP address.

5) Most ISPs assign their customers a DNS server that they control and use to log and record your online activities.

6) Under certain conditions, even when connected to the anonymity network, the operating system will continue to use its default DNS servers instead of the anonymous DNS servers assigned to your computer over the anonymity network.

7) DNS leaks pose a serious privacy threat as an anonymous network can provide a false sense of security while personal data is leaked.

8) If you are concerned about DNS leaks, you should also understand DNS transparent proxy technology to ensure that the solution you choose preserves your privacy.

don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑IMPORTANT 2020 HACKING TOOLS :'

Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat)

Shell Spawning (TTY Shell Spawning)

XSS Payloads

Basic SQLi payloads

Local file inclusion payloads (LFI)

Base64 Encoder / Decoder

Hash Generator (MD5, SHA1, SHA256, SHA512)

Useful Linux commands (Port Forwarding, SUID)

RSS Feed (Exploit DB and Cisco Security Advisories)

CVE Search Engine

Various method of data exfiltration and download from a remote machine

Download: https://github.com/LasCC/Hack-Tools

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST HACKING TERMS:

Delete process record.
Alternative Process Implementation.
Redirecting data using Trojans.
Redirection and Disadvantages of Tripwire.
Driver for redirection.
Hiding files and directories.
Binary code fix.
"Keyhole" in the program.
Installing patches in the Windows NT kernel to block the entire security system.
Hardware virus.
Read and write operations for non-volatile memory.
Read and write operations for memory embedded in critical devices
CIH virus.
EEPROM memory and synchronization.
EEPROM memory on Ethernet network adapters.
Serial or parallel EEPROM.
How hardware burns out.
Manufacturers.
Discovery of devices using the CFI specification.
Identifying Devices Using ID or JEDEC ID Mode.
Low-level disk access.
Read / write operations for the master boot record (MBR).
Data corruption in CD images.
Adding network access to the driver.
Using the NDIS Library.
Putting the interface in promiscuous mode.
Finding the correct network adapter.
Using boron tags to keep a hacker safe.
Adding an interactive command interpreter.
Interrupts.
Interrupt request architecture.
Intercept interrupt.
The riddle of the programmable interrupt controller.
Registration of keystrokes.
Program for registering keystrokes in Linux-system.
Keystroke logger for Windows NT / / XP.
Keyboard controller.
Enhanced Hacking Toolkits.
Using the Hacking Toolkit as a Debugger.
Disable Windows system file protection.
Direct writing of data to physical memory.
Kernel buffer overflow.
"Infection" of the kernel image.
Redirecting execution.
Cracking Toolkit Discovery.

don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 How to install Apache mod_cloudflare on Debian ?

1) Cloudflare is the most popular service provider as a network provider.

This also includes DNS, DDoS protection and website security.

Cloudflare works as a reverse proxy server.

2) Once website traffic is routed through the Cloudflare network, the backend server does not know the visitor's actual IP address.

As a result, you will see the cloudflare IP address in the Apache logs.

3) Now the question is how to get the real IP of the visitor in the logs, and not the IP of Cloudflare.

To solve this problem, cloudflare provides an Apache module to get the real IP addresses of visitors and register them.

4) This guide will help you enable Apache mod_cloudflare module on Debian system.

It will register the IP address of the real visitor in the Apache access logs.

5) Installing Apache mod_cloudflare on Debian
Cloudflare provides an official module for Apache server to capture real IP address.

6) Add GPG - Open Terminal and run the following commands to enable adding the gpg key to your system.

7) sudo apt install curl

8) curl -C - https://pkg.cloudflare.com/pubkey.gpg | sudo apt-key add -

9) Add PPA - then add cloudflare repository to your debian system

10) echo "deb http://pkg.cloudflare.com/ lsb_release -cs main" | sudo tee /etc/apt/sources.list.d/cloudflare.list

11) Install the package - then update the Apt cache and install the libapache2-mod-cloudflare package on your Ubuntu system.

12) sudo apt update

13) sudo apt install libapache2-mod-cloudflare

14) Press "Y" to confirm the request during installation.

15) Restart Apache

16) After the installation is complete, restart the Apache2 service and check the active modules using the following commands.

17) sudo systemctl restart apache2
It's all.

18) The Apache server now logs the visitor's real IP address.
sudo apache2ctl -M


don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🖧 How to test SSH connection with a remote host ?

1) Using bash's timeout utility to test the SSH connection
The / usr / bin / timeout utility is installed by default on most distributions that come with the coreutils rpm on Linux

2) Check if coreutils is installed on your server

# rpm -q coreutils
coreutils-8.22-24.el7.x86_64
We can use this utility to test the SSH connection by checking the status of port 22.

Syntax:

# timeout <value> bash -c "</ dev / tcp / <server> / <port>"

3) Here server2 is my target host, I will execute the command with a timeout value of 5s on port 22
# timeout 5 bash -c "</ dev / tcp / server2 / 22"

4) If the output status is 0 it means the test ssh connection was successful
# echo $?
0

5) Or if you get " connection refused " with a non-zero output state, then the test SSH connection failed
# timeout 5 bash -c "</ dev / tcp / server2 / 22"
bash: connect: Connection refused
bash: /dev/tcp/10.10.10.10/22: Connection refused
# echo $?

Sample shell script
We can use this tool in a shell script to test the SSH connection on port 22

# cat /tmp/check_connectivity.sh
#! / bin / bash

server = 10.10.10.10 # server IP
port = 22 # port
connect_timeout = 5 # Connection timeout

timeout $ connect_timeout bash -c "</ dev / tcp / $ server / $ port"
if [$? == 0]; then
echo "SSH Connection to $ server over port $ port is possible"
else
echo "SSH connection to $ server over port $ port is not possible"
fi
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hack ssh methode
use telnet to test the SSH connection ?

1) Telnet is another very handy tool for checking port status.
/ usr / bin / telnet is provided by the telnet rpm package which is part of the default repositories and you don't need any third party repository to install
Check if telnet is installed

# rpm -q telnet
telnet-0.17-65.el7_8.x86_64

🦑Syntax

# telnet <server> <port>

2) But since our ultimate goal is automation, we'll set up the syntax like this:

# echo quit | telnet <server> <port> 2> / dev / null | egrep -qi Connected

3) Let's use this to test SSH connection on Linux.
If we see grep output " Connected " then port 22 is available and SSH connection is possible
# echo quit | telnet server2 22 2> / dev / null | egrep -qi Connected
# echo $?
0
Reverse option:

# echo quit | telnet server2 22 2> / dev / null | egrep -qi Connected
# echo $?
1
Sample shell script
We can use this tool in a shell script to test the SSH connection on port 22

# cat /tmp/check_connectivity.sh
#! / bin / bash

server = 10.10.10.10 # server IP
port = 22 # port
connect_timeout = 5 # Connection timeout

echo quit | telnet $ server $ port 2> / dev / null | egrep -qi "Connected"
if [$? == 0]; then
echo "SSH Connection to $ server over port $ port is possible"
else
echo "SSH connection to $ server over port $ port is not possible"
fi


don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑💉 How to audit NoSQL for vulnerabilities?

(SQL injection is one of the popular attack methods, but it is applied not only in SQL (relational database), but also in NoSQL (non-SQL or also known as non-relational database))/

A) NoSQLMap

NoSQLMap is a tiny open source Python-based utility capable of auditing for misconfiguration and automating injection attacks.

It currently supports the following databases.

1) MongoDB

2) CouchDB

3) Redis

4) Cassandra

5) To install NoSQLMap you need the Git module, Python and Setuptools, which you can install below using Ubuntu example.

-apt-get install python

-apt-get install python-setuptools

-After installing Python, follow the instructions to install NoSQLMAP.

-git clone https://github.com/codingo/NoSQLMap.git

-python setup.py install

-After that, you can run ./nosqlmap.py from the cloned GIT directory:

1-Set options
2-NoSQL DB Access Attacks
3-NoSQL Web App attacks
4-Scan for Anonymous MongoDB Access
5-Change Platform (Current: MongoDB)
x-Exit

🦑You need to set a goal by going to option 1 before testing.
Mongoaudit

7) As the name suggests, it is MongoDB specific.
Mongoaudit is good for performing a penetration test to find bugs, misconfigurations, and potential risks.
It is tested against many best practices, including the following.

8) Is MongoDB running on default port and HTTP interface enabled

9) Is the base secured with TLS, authentication

10) Authentication Method

11) CRUD operations

12) for install
You can use pip command.
pip install mongoaudit

don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Detailed fresh Proxies List

https://pastebin.com/YZ7mZD8L

SOCK5

https://pastebin.com/T2zcKeRd

written tutorials

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑for beginers Capture The Flag (CTF) Information
Capture the flag (CTF) is a computer security competition that is designed for educational purposes. In Lesson 6.4, "Learning How to Host Enterprise Capture the Flag Events" of the "Enterprise Penetration Testing and Continuous Monitoring (the Art of Hacking Series) LiveLessons" video course, you learned how these CTF work and how you can potentially create these as a "cyber range" within your enterprise. The following are a few links that provide numerous resources and references to past and current CTF events, as well as online practice sites.

## This is one of the best resources:
* https://github.com/apsdehal/awesome-ctf

🦑 Some others:
* https://trailofbits.github.io/ctf/
* https://ctftime.org
* https://ctf365.com
* http://captf.com
* https://pentesterlab.com/exercises
* http://vulnhub.com
* https://challenges.re
* http://cryptopals.com
* https://github.com/CTFd/CTFd

git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁