▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SUB DOMAINS FINDER TOOLS KALI :

A) Sublist3r
Sublist3r - a tool in Python, intended for the transfer of sub-domains of websites using OSINT.

It helps penetration testers and bug hunters collect subdomains from the domain they are targeting.

Sublist3r lists subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask.

Sublist3r also lists subdomains with Netcraft, Virustotal, ThreatCrowd, DNSdumpster and ReverseDNS.

This very nice tool is hosted on github, although when I last checked there were some complaints about it crashing with some of its engines mentioned above.

🦑How to install sublist3r

git clone https://github.com/about3la/Sublist3r.git

Then, in the directory where you cloned the repository, run:

python3 setup.py install
Then you can just run it like normal Linux commands

sublist3r -d itsecforu.ru

B) Dnscan
Dnscan is a Python wordlist based DNS subdomain scanner.

The script will first try to transfer the zone using each of the target domain name servers.

If that fails, it will look up the domain's TXT and MX records and then recursively scan the subdomains using the provided dictionary.

The tool is dictionary based, which means it will use its internal wordlist to try and check if the subdomain actually exists.
Some of the dictionaries it contains include:
subdomains-1000.txt

subdomains-10000.txt

subdomains-500.txt

subdomains-uk-1000.txt

subdomains-uk-500.txt

subdomains.txt

As you can see, subdomain scanning depends entirely on the above files.
Also this tool is available on the Internet, you can test it:
https://www.nmmapper.com/sys/tools/subdomainfinder/


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑May you interested in those links :

1) The Hacker Playbook : Practical Guide To Penetration Testing
Link : http://www.allitebooks.com/the-hacker-playbook-practical-guide-to-penetration-testing/

2) The Hacker Playbook 2: Practical Guide To Penetration Testing
Link : http://www.allitebooks.com/the-hacker-playbook-2-practical-guide-to-penetration-testing/

3) Android Hacker's Handbook
Link : http://www.allitebooks.com/android-hackers-handbook/

4) BackTrack 5 Wireless Penetration Testing Beginner's Guide
Link : http://www.allitebooks.com/backtrack-5-wireless-penetration-testing-beginners-guide/

5) Black Hat Python
Link : http://www.allitebooks.com/black-hat-python/


▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to solve the problem that there is a black border around the Windows 10 monitor that cannot be displayed in full screen?

Some friends reported that in the actual application of their win10 system, the display cannot be displayed in full screen and there is a black border around it! How to solve the problem of a black border around the display in win10 cannot be displayed in full screen? Today, the editor brings you a solution to the black border around the win10 monitor that cannot be displayed in full screen. Interested friends should not miss it.

🦑How to solve the problem that there is a black border around the Windows 10 monitor that cannot be displayed in full screen:

1) Press win+r to enter the run window, enter "regedit" and press Enter.

2) In the registry editor window, locate [HKEY_CURRENT_USER/SOFTWARE/BLIZZARD ENTERTAIMENT/WARCRAFTIII/Video].

3) Open the reshight file (screen height) in the left margin and change the numerical data inside to "768", then open the reswidth file (screen width) and change the numerical data to "1366".

4) In the blank area of ​​the desktop, right-click and select "Display Settings".

5) In the window, select "Advanced Display Settings", then change the resolution to "1366 x 768" and click Apply.

#fASTtIPS
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑# ️⃣ What is HMAC (Hach-based Message Authentication Code) ?

Hach-based Message Authentication Code or HMAC is used to authenticate a message using hash functions.
Message authentication is an important mechanism in cybersecurity and is used to authenticate a message.
There are different ways and mechanisms for message authentication.

🄻🄴🅃'🅂 🅂🅃🄰🅁🅃 :

1) Message
A message is data, text, image, or whatever we want to authenticate.

The message is verified for authenticity with the key by hashing them.

2) Key
The key is used by both parties to authenticate the message.

As stated earlier, the message and the key are used together and the hash value is calculated.

3) Hash function
The hash function is used to compute a hash value that is unique.

The hash function can be sha1, sha256, or use a different algorithm.

»Encryption and Hashing. Difference and application

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑How to create an HMAC using OpenSSL


1) We can use the OpenSSL tool to generate some HMAC or hash value.

2) We will use the echo and openssl commands.

3) We will also use sha256 as our hash algorithm.

4) We will provide data or messages to HMAC, and then we will have it with the -hmac switch and mysecretkey as shown :

$ echo -n "secretmessage.txt" | openssl dgst -sha256 -hmac "mysecretkey"

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Which Programming language is the fastest in 2020, compared to 27 languages

4k
https://youtu.be/NSiVo1t5ncQ

🦑PHP Ransomware 2020:
Ransomware will self-destruct upon running, which means you only have one chance at decrypting your data.

Keep also in mind that each decryption file has a uniquely generated salt used in encryption and as such cannot be replaced with another decryption file.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) download the code https://github.com/ivan-sincek/php-ransomware

2) cd php-ransomware

3) Requires PHP v5.5.0 or greater because openssl_pbkdf2() is being used.

4) Copy \src\encrypt.php to your server's web root directory (e.g. to \xampp\htdocs\ on XAMPP).

Navigate to the encryption file with your preferred web browser.

5) Decryption file will be created automaticly after the encryption phase.

P.S. On web servers other than XAMPP (Apache) you might need to load OpenSSL and Multibyte String libraries within PHP.

6) In XAMPP it is as simple as uncommenting the following in the "php.ini" file:

> extension=php_openssl.dll

> extension=mbstring
✅git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

TODAY TOPICS :

EC-Council - Computer Hacking Forensic Investigator (CHFIv9)
https://t.me/UnderCodeTesting/11684

How JavaScript email attachments may carry malicious code ?
https://t.me/UnderCodeTesting/11685

Some good fresh sock5
https://t.me/UnderCodeTesting/11686

Vulnserver 5 tutorials + pictures (pdf)
https://t.me/UnderCodeTesting/11688

Linux privilege escalation auditing tool
https://t.me/UnderCodeTesting/11695

cdaengine0400.dll manual deletion method
https://t.me/UnderCodeTesting/11696

SUB DOMAINS FINDER TOOLS KALI
https://t.me/UnderCodeTesting/11697

May you interested in those links
(collection hack)
https://t.me/UnderCodeTesting/11698

How to solve the problem that there is a black border around the Windows 10 monitor that cannot be displayed in full screen?
https://t.me/UnderCodeTesting/11699

6 days Lab vulnhub tutorial
https://t.me/UnderCodeTesting/11700

What is HMAC (Hach-based Message Authentication Code) ?
https://t.me/UnderCodeTesting/11701

How to create an HMAC using OpenSSL tip
https://t.me/UnderCodeTesting/11702

Which Programming language is the fastest in 2020, compared to 27 languages
https://t.me/UnderCodeTesting/11703

PHP Ransomware 2020
https://t.me/UnderCodeTesting/11704

ENJOY FRIENDS❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Web hack and more2020 topic

> OpenWAF is the first fully open source Web application protection system (WAF), based on nginx_lua API analysis of HTTP request information. OpenWAF is composed of two functional engines: behavior analysis engine and rule engine. The rule engine mainly analyzes the individual requests, and the behavior analysis engine is mainly responsible for the tracking of the request information.
  
> Rule engine inspired by modsecurity and freewaf(lua-resty-waf), the ModSecurity rules will be implemented using lua. The rule engine can be based on the protocol specification, automatic tools, injection attacks, cross site attacks, information leaks and other security exception request, adding support for dynamic rules, timely repair vulnerabilities.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/titansec/OpenWAF#bugs-and-patches.git

2) cd /opt

3) apt-get install gcc wget git swig make perl build-essential zlib1g-dev libgeoip-dev libncurses5-dev libreadline-dev -y

4) wget http://www.over-yonder.net/~fullermd/projects/libcidr/libcidr-1.2.3.tar.xz

5) wget https://ftp.pcre.org/pub/pcre/pcre-8.43.tar.gz

6) wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz

7) wget https://openresty.org/download/openresty-1.15.8.2.tar.gz

8) tar -xvf libcidr-1.2.3.tar.xz

9) tar -zxvf pcre-8.43.tar.gz

10) tar -zxvf openssl-1.1.1d.tar.gz

11) tar -zxvf openresty-1.15.8.2.tar.gz

12) rm -rf pcre-8.43.tar.gz \

13) openssl-1.1.1d.tar.gz \

14) openresty-1.15.8.2.tar.gz

15) cd /opt/libcidr-1.2.3

16) make && make install

🦑Tested on:

debian/ubuntu

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A simple way for others to prompt for an empty number when they call your phone :

1) When you don’t want to be annoyed by others and are embarrassed to turn off the phone, it’s a good idea to let someone call your phone to prompt an empty number. Here is a way to make your mobile phone become an empty number at any time. It is very simple~~ Friends in need can make a note...
　　
2) Enter **21*999999# in the standby mode and press the dial button~ OK ! ~ done
　　
3) in this state, someone hit you over the phone number is empty and you will not receive phone
　　preliminary judging most phones can
　　
> Note: Since there is no test for all models, we can not guarantee success rate
　　
4) in this state, even if to remind shutdown Power also will not cancel
　　
5) the code number to cancel the empty state is the same as above ## 21 # enter the
　　
6) last remind remember to finish off state so as not to cause delay in releasing the empty No.
　　
7) this principle probably use call forwarding to achieve, but do not answer incoming calls There is no charge if you pass, so this method will not waste your phone bill...

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑This really a good debugger for windows 64/32
#reverse

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) Download a snapshot from GitHub, SourceForge or OSDN
> https://github.com/x64dbg/x64dbg

2) extract it in a location your user has write access to.

3) Optionally use x96dbg.exe to register a shell extension and add shortcuts to your desktop.

4) You can now run x32\x32dbg.exe if you want to debug a 32-bit executable or x64\x64dbg.exe to debug a 64-bit executable! If

5) you are unsure you can always run x96dbg.exe and chose your architecture there if win 64/or win 32 .

6) You can also compile x64dbg yourself with a few easy steps!


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Does your phone have ROOT? Mobile phone vulnerabilities after ROOT cannot be prevented :

1) Maybe your phone ROOT is just to install a game and install a tool. To us ordinary people, ROOT represents convenience and freedom. In fact, what you don't know is that it also brings convenience and freedom for hackers to violate your privacy. See how the mobile phone after ROOT opens the door for loopholes.

2) Even when all the information is disclosed, Android Root application developers still have an unknown side.

🦑ROOT also opens the door for vulnerability exploitation

The latest research found that by promoting powerful root applications, the few app distributors are putting millions of Android users in a very dangerous situation. Root programs can easily be reverse engineered, allowing malware to use exploit tools to bypass important security checks on Android.

1) On Thursday, researchers from the University of California, Riverside, published a report entitled " Android Root and its suppliers: a double-edged sword " at the ACM Computer and Communication Security Conference . They spent a month of free time reverse engineering A Root tool contains 167 vulnerabilities. In the end, the researchers concluded that by providing a large variety of highly customized vulnerabilities, root vendors can easily lead to reverse engineering and are difficult to detect, which raises the security risk for all Android users.

2) ROOT: a double-edged sword

Researchers from the University of California, Riverside put forward in the paper:

"We found that they are not only working hard to integrate and integrate known exploits, but also to develop new exploits in order to remain competitive. However, these exquisite exploits are not well protected. Once they fall into the wrong hands, they will Cause extremely dangerous effects."

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🌐 How to block .git in Apache, Nginx and Cloudflare?

A) Nginx
If you are using Nginx you can add the following location directive in nginx.conf file

location ~ /\.git {
deny all;
}

Alternatively, you can return a 404 error if you don't want an attacker to assume that you have .git on your server.
location ~ /\.git {
return 404;
}
In this case, the server will return an HTTP 404 status code.
Whatever you choose, remember to restart Nginx after changing the configuration.

> service nginx restart

B) Apache HTTP
Let's see how to block access to .git on Apache web server.

You can use RedirectMatch or DirectoryMatch for this.

Using RedirectMatch is probably the easiest.

You just need to add the following to your httpd.conf or .htaccess file.

RedirectMatch 404 /\.git
The above setting will give 404 when someone accesses .git and the following will show 403.

RedirectMatch 403 /\.git
Then let's try using the DirectoryMatch rule by adding the following to the httpd.conf file.
<DirectoryMatch "^/.*/\.git/">
Deny from all
</Directorymatch>
Restart Apache and try to access the url including .git; it will show the server a 403 Forbidden error.

C) Cloudflare
But as you can guess, this will only work if your site is running over the Cloudflare network.

Sign in to Cloudflare
Go to Firewall >> Firewall Rules >> Create a Firewall rule tab.
Name the rule - GIT
Select field –- URI
Operator - contains
Value - .git
Choose an action - Block and save
It will take approximately 1 minute to propagate the rule to all Cloudflare datacenters.
After that, Cloudflare will do the rest.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

AWESOME FREE API FOR TRACKING (Topic 2020)

https://github.com/ActivityWatch/activitywatch

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Anonymously Hiding Tools

- Anonmously Surf

- Multitor

🦑Information gathering tools

- Network Map (nmap)

- Dracnmap

- Port scanning

- Host to IP

- Xerosploit

- RED HAWK (All In One Scanning)

- ReconSpider(For All Scaning)

- IsItDown (Check Website Down/Up)

- Infoga - Email OSINT

- ReconDog

- Striker

- SecretFinder (like API & etc)

- Find Info Using Shodan

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁