▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑hack passwords and more / Cipher

affineBreaker.py: Break Affine Cipher-encrypted messages.

affineCipher.py: Encrypt and decrypt using the Affine Cipher.

al_sweigart_privkey.txt: A sample private key file that is used by the rsaCipher.py program.

al_sweigart_pubkey.txt: A sample public key file that is used by the rsaCipher.py program.

buggy.py: Used as practice for using Python's debugger.

caesarBreaker.py: Break Caesar Cipher-encrypted messages.

caesarCipher.py: Encrypts and decrypts using the Caesar Cipher.

coinFlips.py: Used as practice for using Python's debugger.

detectEnglish.py: Used to detect if a string is English.

dictionary.txt: A dictionary file of English words, one per line.

encrypted_file.txt: A sample encrypted file from the

frankenstein.txt: A large text file sample. (The public domain novel Frankenstein.)

freqFinder.py: Module for gathering letter frequency statistics.

makeRsaKeys.py: Generate a public/private RSA key pair.

nullBreaker.py: Breaks Null Cipher-encrypted messages.

nullCipher.py: Encrypts and decrypts using the Null Cipher.

primeSieve.py: Generates prime numbers using the Sieve of Erastothenes algorithm

pyperclip.py: A module for copying and pasting to the clipboard. This source code isn't going to be featured in the book, and is only included so that people can test the programs that use it.

rabinMiller.py: Module for primality testing using the Rabin-Miller algorithm.

README.md: The file that you are reading right now, silly. :D

reverseCipher.py: Encrypts with the reverse "cipher", which just reverse the string.

rsaCipher.py: Encrypts and decrypts using the RSA Cipher.

simpleSubBreaker.py: Breaks Simple Substitution Cipher-encrypted messages.

simpleSubCipher.py: Encrypts and decrypts using the Simple Substitution Cipher.

simpleSubKeyword.py: Encrypts and decrypts using the Simple Substitution Cipher, using an English word for the key.

transpositionBreaker.py: Breaks Transposition Cipher-encrypted messages.

transpositionCipherFile.py: Encrypts and decrypts files using the Transposition Cipher.

transpositionDecrypt.py: Decrypts messages using the Transposition Cipher.

transpositionEncrypt.py: Encrypts messages using the Transposition Cipher.

transpositionFileBreaker.py: Breaks Transposition Cipher-encrypted files.

transpositionTest.py: Tests to see if the Transposition Cipher program works.

vigenereBreaker.py: Breaks Vigenere Cipher-encrypted messages.

vigenereCipher.py: Encrypts and decrypts using the Vigenere Cipher.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/asweigart/codebreaker

2) cd codebreaker

3) choose the python and execute with

> python example..py

4) choose a option and hack

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Wordpress Exploit verified for 5.5.2 version

https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad

WordPress today release 14 bug fixes in addition to 10 security fixes.
#Vulnerabilities

More Vulnerabilities & warning @UndercodeNews

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#SocialMediaHacking Top Phishing tools:


- SocialFish

- HiddenEye

- Evilginx2

- I-See_You(Get Location using phishing attack)

- SayCheese (Grab target's Webcam Shots)

- QR Code Jacking

- ShellPhish

- BlackPhish

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 How to show dropped packets for a network interface on Linux :

1) Display dropped packets for each interface on Linux using netstat
The netstat command is now deprecated.

2) The ss and ip commands are replacements for netstat.

However, netstat is still available on older Linux distributions.

So I'll start with netstat, but use the ip / ss tools if possible.

3) Syntax:

netstat -i
netstat --interfaces

4) To display summary statistics for each protocol, run:
netstat -s
netstat --statistics

5) Let's show tcp statistics
netstat --statistics --tcp
netstat -s -t

Let's show statistics udp
netstat --statistics --udp
netstat -s -u

6) Displaying dropped packet statistics on a network interface in Linux using IP

7) Let's see how to view the statistics of a network device using the ip command. Syntax:
ip -s link
ip -s link show {interface}
ip -s link show eth0

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How viruses Spread :


Trojans masquerading as useful programs are a source of viruses infecting your computer.

The main ways to distribute your Trojan:

1) Protroyan gamer: Go to the gaming forum, well, or a blog where you can leave comments and glue your Trojan with cheats, as they say the profit is good, because gamers turn off their antivirus.

2) The same thing, but gluing with cracks, again comments on forums, torrent trackers, etc. The coverage is great, maybe as they say.

3) Varez music and clips, here the method is quite simple, a shortcut is made, like music / playlist, etc. for example, it runs it, and instead of it the Trojan is launched, well, of course, music / movie can also be launched to divert your eyes. The main thing is to mask your virus so that no one thinks that this is an executable file that will launch the shortcut.

4) Distribution by mail with the extension .src, you can spam by mail like there: "You got an invoice!"

5) Extensions like doc.exe are used less often, but everything is clear here, this is spam for soap, etc.

6) Another good way, this is a miracle program for hacking VKontakte, etc., there are many victims in general.

7) Phishing sites, such as update adob, chrome, etc.

8) Well, the last way, trample the hacker, go for a hack. board and put a cryptor, a stealer, etc. there. with a fucker, you can both in the build and in the builder. In the latter case, someone else will do the job for you. UPD This article was created for informational purposes only. If we missed something, add it in the comments.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Methodes: Android APK Reverse Engineering

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🛡 How to install dnscrypt proxy with ad blocker on Linux
#REQUESTED


1) Debian/Ubuntu :

$ sudo apt install dnscrypt-proxy

## Alpine Linux

$ sudo apk add dnscrypt-proxy
## CentOS / RHEL пользователи:

$ sudo yum install dnscrypt-proxy

## Arch Linux используйте pacman ##
$ sudo pacman -S dnscrypt-proxy

## OpenSUSE/SUSE Linux

$ sudo zypper in dnscrypt-proxy

## Fedora dnf ##
$ sudo dnf install dnscrypt-proxy

Dnscrypt proxy configuration
Edit dnscrypt-proxy.toml in the / etc / dnscrypt-proxy / directory.

> For instance:

$ ls -l /etc/dnscrypt-proxy/
$ sudo vim /etc/dnscrypt-proxy/dnscrypt-proxy.toml

First, we need to set up a list of used servers.
Let's use both Google and Cloudflare:
server_names = [ 'google' 'cloudflare']
I can use cloudflare too:
server_names = [ 'cloudflare']
Configure the list of listening local addresses and ports:
listen_addresses = ['127.0.0.1:53', '[::1]:53']
For my VPN 172.168.0.0/24:

listen_addresses = ['127.0.0.1:53', '172.168.0.1:53' ]
If you have an IPv6 connection, use the servers available over IPv6 (IPv4 by default):
ipv6_servers = true
Make sure we are using servers that implement DNSCrypt and DoH protocol.
dnscrypt_servers = true
doh_servers = true
Make sure we enable DNS cache to reduce latency and outgoing traffic:
cache = true
The server must support DNS Security Extensions (DNSSEC):
require_dnssec = true
Adblock lists consist of one template per line.
Examples of valid patterns:
##
## example.com
## = example.com
## ads. *
## ads * .example. *
## ads * .example [0-9] *. com
Blocking rules file path:
blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
Save and close the file.
Installing adblocker list for dnscrypt proxy
Here is a small bash script to download and update the list.

#! / bin / bash
DEST = "/ etc / dnscrypt-proxy / blacklist.txt"
#
# Blocks both adware + malware
# See for other lists https://github.com/StevenBlack/hosts
SRC = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
TMP_B_FILE = "$ (mktemp)"
TMP_B_FILE_SORTED = "$ (mktemp)"
wget --timeout = 10 --tries = 5 -qO- "$ {SRC}" | grep -Ev "(localhost)" | grep -Ev "#" | sed -E "s / (0.0.0.0 | 127.0.0.1 | 255.255.255.255) //" >> "$ {TMP_B_FILE}"
awk '/ ^ [^ #] / {print $ 1}' "$ {TMP_B_FILE}" | sort -u> "$ {TMP_B_FILE_SORTED}"
cp -f "$ {TMP_B_FILE_SORTED}" "$ DEST"
rm -f "$ {TMP_B_FILE}" "$ {TMP_B_FILE_SORTED}"
Running the script:
# ./update-adblocker.sh

🦑Checking the list:
# more /etc/dnscrypt-proxy/blacklist.txt
Be sure to run the update-adblocker.sh script daily to get an updated list of hosts.

> Add a new cron job like this:
@daily /path/to/update-adblocker.sh
Besides ads and malware , you can block fake news , gambling, porn, and social media !

🦑How to enable dnscrypt proxy service
Use the systemctl command to enable the dnscrypt-proxy service on Linux:

$ sudo systemctl enable dnscrypt-proxy
Service start:

$ sudo systemctl start dnscrypt-proxy
Service check:

$ sudo systemctl status dnscrypt-proxy

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HACK PHONE ON SAME NETWORK - BY IP :

1) ONE of the flashy method can be session hijacking .

In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. You can view their contents over the network if they aren’t using https protocol .

2) This hack doesn’t need password , just capture ethernet packets using any packet capture tools like ferret(kali linux ) and then analyse it with session analyzing tool like (hamster).This way you need not access their device and can know lots of things .

3) Other conventional methods can be sending payloads , arp-poisoning , password-bruteforcing .

Even evil-twin attack may work wonders.

will post methodes related to this next
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is a random number generator?

1) The random number generator (RNG) is the modern equivalent of rolling dice or shuffling cards.

2) This form of randomization has now been mathematically transformed into a computer algorithm that works to generate a set of random numbers that (should) be free of any pattern.

3) When it comes to casino games, lotteries, sweepstakes and similar games, RNGs take the form of blocks of code hidden in software that provide a "chance" in gambling.

🦑Random RNG and Pseudo RNG
RNGs in casino games and slot machines are actually not random, but rather "pseudo".

1) The difference between the two is determined by the ways in which the numbers are generated.

2) In the case of a radial RNG, number generation is usually a completely unpredictable physical phenomenon (such as radio or atmospheric noise), fueled by entropy and explained only by quantum mechanics.

3) N Sevda RNG, on the other hand, using a mathematical algorithm or otherwise generated by a computer.

4) The key difference is that with the help of computer algorithms the entire result could be technically predicted if all the initial values ​​were known.

Hence ... "pseudo".

As in everything related to mathematics, if there is an equation, then it is not at all random.

🦑So, is it possible to hack an RNG?
Random number generators are quite complex.

As you can see, they include complex mathematical code that is hidden in software, encrypted, and hidden in computers monitored by CCTV cameras.

You must be a complete WRONG.. if you think you can hack the Random Number Generator.

In fact, you really only need a small piece of information to crack this code.


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Network/ip scanners & More :

https://istumbler.net

http://kismac-ng.org

https://www.kismetwireless.net

https://github.com/uoaerg/wavemon

https://github.com/ghostop14/sparrow-wifi

http://a.farproc.com/wifi-analyzer

https://apkpure.com/network-scanner/com.easymobile.lan.scanner

https://apkpure.com/net-scan/com.wwnd.netmapper

https://apkpure.com/network-scan/com.bitsworking.networkscanner.app

🦑 from wireshark:
https://www.youtube.com/watch?v=EUmHdVeBBNc

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is CA/PEM/DER/X509/PKCS Encryption ?

> The general public key will not be transmitted to others in plain text

> . Under normal circumstances, a file will be generated.

> This file is the public key file. Then this file can be handed over to others for encryption, but if someone maliciously destroys it during the transmission process, it will be Your public key is replaced with his public key, and then the party who gets the public key encrypts the data.

> Can't he use his own key to decrypt and see the data? In order to solve this problem, a notary party is needed to do this Anyone can find it to confirm who sent the public key.

> This is the CA. The principle of the CA confirming the public key is also very simple. It publishes its own public key to everyone, and then one wants to publish its own public key.

> The key holder can send his public key and some identity information to the CA, and the CA encrypts it with its own key, which can also be called a signature here. Then this file containing your public key and your information can be called It is a certificate file. In this way, all people who have obtained some public key files decrypt the files through the public key of the CA.

> If they are decrypted normally, the information in the secret must be true, because the encryption party can only be the CA, and others There is no key. Then you can unlock the public key file and look at the information inside to know if this is the public key you need to encrypt.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑💆♀️ Seccubus - Simple automated scanning, reporting and
vulnerability analysis :
Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI where findings can be easily marked as either real findings or non-issues. Non issues get ignored until they change. This causes a dramatic reduction in analysis time. Before the results of a vulnerability scan are imported into Seccubus they are first converted to the Intermediate Vulnerability Information Language (IVIL) format to make sure Seccubus can work with many different scanners

F E A T U R E S :

Nessus
OpenVAS
Skipfish
Medusa (local and remote)
Nikto (local and remote)
NMap (local and remote)
OWASP-ZAP (local and remote)
SSLyze
Medusa
Qualys SSL labs
testssl.sh (local and remote)

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) wget https://github.com/schubergphilis/Seccubus_v2/releases/download/x/seccubus_x.Bx_all.deb

2) sudo apt-get update

3) sudo dpkg -i seccubus_2.32.143-0_amd64.deb # This will fail

4) sudo apt-get -f install # This will install failed dependancies

5) Update the configuration file in /etc/seccubus/config.xml

6) Reload the seccubus service if you changed the config.

service seccubus reload

7) After installation, the default username and password for seccubus is:

admin / GiveMeVulns!

8) It is highly recommended to change it after installation.

/bin/seccubus_passwd -u admin

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Another web hacking
#requested

F E A T U R E S :

Brute Force via API, not login form bypassing some forms of protection

Can automatically upload an interactive shell

Can be used to spawn a full featured reverse shell

Dumps WordPress password hashes

Can backdoor authentication function for plaintext password
collection

Inject BeEF hook into all pages

Pivot to meterpreter if needed

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) CLONE https://github.com/n00py/WPForce

2) cd WPForce

3) python wpforce.py -i usr.txt -w pass.txt -u "http://www.[website].com"

Full guide https://www.n00py.io/2017/03/squeezing-the-juice-out-of-a-compromised-wordpress-server/


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What are the hazards of vulnerabilities ?

The harm of SQL injection vulnerabilities is not only reflected in the database level, but also may endanger the operating system that hosts the database; if SQL injection is used to hang horses, it may also be used to spread malware, etc. These hazards include but are not limited to:

• Database information leakage: user privacy information stored in the database is leaked.

• Web page tampering: tampering with specific web pages by operating the database.

• The website is hacked to spread malicious software: modify the value of some fields in the database, embed the link of the network horse, and carry out a hacking attack.

• The database was maliciously operated: The database server was attacked and the database system administrator account was tampered with.

• The server is controlled remotely and a backdoor is installed: the operating system support provided by the database server allows hackers to modify or control the operating system.

• Destroy hard disk data and paralyze the entire system.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

New proxies detailed list

https://pastebin.com/qD5KQuTD