β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦β XSS-Finder: a super powerful and advanced cross-site scripting scanner :
F E A T U R E S :
Blind XSS
Saved XSS using file
Persistent XSS using file
Reflected XSS
Reflecting XSS URLs in Paths
DOM XSS
Java XSS Special Payloads
By eshirovannye page XSS
Form-based XSS
H TTP Link XSS
HTTP Host XSS
HTTP Referer XSS
HTTP XSS cookies
HTTP Location XSS
Dump server values
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Dump and write information
1) Dumper can create parameters for server, form, etc.
The registrar will write the response to the results file
Use grep to check for reflections
DOM scanner for sync
Example:
<script> var x = document.URL.substring (document.URL.indexOf (βname =β) + 5); document.write (name + β!β); </script>
Payloads
Use payloads, update payloads, add more payloads
2) False positives
Make sure to remove all new lines, tabs, etc. to reduce false positives in reports
π¦Installation on Kali, ParrotOS, Termux
1) git clone https://github.com/tegal1337/XSS-Finder
2) cd XSS-Finder
chmod u + x Kali_Installer.ss && ./Kali_Installer.sh
chmod u + x Parrot_Os_Installer.sh && ./Parrot_Os_Installer.sh
chmod u + x Termux_Installer.sh && ./interface.sh
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦β XSS-Finder: a super powerful and advanced cross-site scripting scanner :
F E A T U R E S :
Blind XSS
Saved XSS using file
Persistent XSS using file
Reflected XSS
Reflecting XSS URLs in Paths
DOM XSS
Java XSS Special Payloads
By eshirovannye page XSS
Form-based XSS
H TTP Link XSS
HTTP Host XSS
HTTP Referer XSS
HTTP XSS cookies
HTTP Location XSS
Dump server values
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Dump and write information
1) Dumper can create parameters for server, form, etc.
The registrar will write the response to the results file
Use grep to check for reflections
DOM scanner for sync
Example:
<script> var x = document.URL.substring (document.URL.indexOf (βname =β) + 5); document.write (name + β!β); </script>
Payloads
Use payloads, update payloads, add more payloads
2) False positives
Make sure to remove all new lines, tabs, etc. to reduce false positives in reports
π¦Installation on Kali, ParrotOS, Termux
1) git clone https://github.com/tegal1337/XSS-Finder
2) cd XSS-Finder
chmod u + x Kali_Installer.ss && ./Kali_Installer.sh
chmod u + x Parrot_Os_Installer.sh && ./Parrot_Os_Installer.sh
chmod u + x Termux_Installer.sh && ./interface.sh
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - tegal1337/XSS-Finder: World's most Powerful and Advanced Cross Site Scripting Software
World's most Powerful and Advanced Cross Site Scripting Software - GitHub - tegal1337/XSS-Finder: World's most Powerful and Advanced Cross Site Scripting Software
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to find out the creation time of a file on Linux using Debugfs :
How to find the creation time of a file using debugfs
To find out the creation time of a file, you first need to find the inode number of the target file using the stat command.
The stat command is a command line tool used to display detailed information about a file's metadata, for example:
-file size
-Inode number
-File UID and GID
-I / O block
-Access times, modifications and changes.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) You can use the stat command in its basic form to check the inode number of a file using the syntax:
$ stat filename
2) For instance:
$ stat file1.txt
To skip all other information and just display only the inode number, use the syntax:
$ stat -c% i file_name
For instance:
$ stat -c% i file1.txt
Once you have the inode number, you can easily navigate to getting the file creation time with the debugfs command using the syntax shown:
$ sudo debugfs -R 'stat <inode number>' DEVICE
DEVICE is the block device where your file resides, for example / dev / sda1, / dev / sda2, etc.
3) To check the block device, run the command:
$ lsblk
Using the inode number we got earlier, the command looks like this:
$ sudo debugfs -R 'stat < 951356 >' / dev / sda
We see that the file was created on ... 2020 at 11:48:19
Alternatively, instead of specifying the inode number, you can pass the full path to the file, as shown here:
$ sudo debugfs -R 'stat /home/itsecforu/file1.txt ' / dev / sda1
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to find out the creation time of a file on Linux using Debugfs :
How to find the creation time of a file using debugfs
To find out the creation time of a file, you first need to find the inode number of the target file using the stat command.
The stat command is a command line tool used to display detailed information about a file's metadata, for example:
-file size
-Inode number
-File UID and GID
-I / O block
-Access times, modifications and changes.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) You can use the stat command in its basic form to check the inode number of a file using the syntax:
$ stat filename
2) For instance:
$ stat file1.txt
To skip all other information and just display only the inode number, use the syntax:
$ stat -c% i file_name
For instance:
$ stat -c% i file1.txt
Once you have the inode number, you can easily navigate to getting the file creation time with the debugfs command using the syntax shown:
$ sudo debugfs -R 'stat <inode number>' DEVICE
DEVICE is the block device where your file resides, for example / dev / sda1, / dev / sda2, etc.
3) To check the block device, run the command:
$ lsblk
Using the inode number we got earlier, the command looks like this:
$ sudo debugfs -R 'stat < 951356 >' / dev / sda
We see that the file was created on ... 2020 at 11:48:19
Alternatively, instead of specifying the inode number, you can pass the full path to the file, as shown here:
$ sudo debugfs -R 'stat /home/itsecforu/file1.txt ' / dev / sda1
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 Update #Decryption - A command line that recreates the famous data decryption effect seen in the 1992 movie Sneakers.
> This command works on piped data. Pipe any ASCII or UTF-8 text to nms, and it will apply the Hollywood effect, initially showing encrypted data, then starting a decryption sequence to reveal the original plain-text characters.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) $ git clone https://github.com/bartobri/no-more-secrets.git
2) $ cd ./no-more-secrets
3) $ make nms
4) $ make sneakers ## Optional
5) $ sudo make install
π¦Install with Ncurses Support
If your terminal does not support ANSI/VT100 escape sequences, the effect may not render properly. This project provides a ncurses implementation for such cases. You will need the ncurses library installed. Install this library from your package manager. Next, follow these instructions:
$ git clone https://github.com/bartobri/no-more-secrets.git
$ cd ./no-more-secrets
$ make nms-ncurses
$ make sneakers-ncurses ## Optional
$ sudo make install
π¦HOW TO USE ?
nms works on piped data. Pipe any ASCII or UTF-8 characters to it and enjoy the magic. In the below examples, I use a simple directory listing.
$ ls -l | nms
$ ls -l | nms -a // Set auto-decrypt flag
$ ls -l | nms -s // Set flag to mask space characters
$ ls -l | nms -f green // Set foreground color to green
$ ls -l | nms -c // Clear screen
$ nms -v // Display version
Note that by default, after the initial encrypted characters are displayed, nms will wait for the user to press a key before initiating the decryption sequence. This is how the it is depicted in the movie.
β GIT 2020 TOPIC
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 Update #Decryption - A command line that recreates the famous data decryption effect seen in the 1992 movie Sneakers.
> This command works on piped data. Pipe any ASCII or UTF-8 text to nms, and it will apply the Hollywood effect, initially showing encrypted data, then starting a decryption sequence to reveal the original plain-text characters.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) $ git clone https://github.com/bartobri/no-more-secrets.git
2) $ cd ./no-more-secrets
3) $ make nms
4) $ make sneakers ## Optional
5) $ sudo make install
π¦Install with Ncurses Support
If your terminal does not support ANSI/VT100 escape sequences, the effect may not render properly. This project provides a ncurses implementation for such cases. You will need the ncurses library installed. Install this library from your package manager. Next, follow these instructions:
$ git clone https://github.com/bartobri/no-more-secrets.git
$ cd ./no-more-secrets
$ make nms-ncurses
$ make sneakers-ncurses ## Optional
$ sudo make install
π¦HOW TO USE ?
nms works on piped data. Pipe any ASCII or UTF-8 characters to it and enjoy the magic. In the below examples, I use a simple directory listing.
$ ls -l | nms
$ ls -l | nms -a // Set auto-decrypt flag
$ ls -l | nms -s // Set flag to mask space characters
$ ls -l | nms -f green // Set foreground color to green
$ ls -l | nms -c // Clear screen
$ nms -v // Display version
Note that by default, after the initial encrypted characters are displayed, nms will wait for the user to press a key before initiating the decryption sequence. This is how the it is depicted in the movie.
β GIT 2020 TOPIC
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - bartobri/no-more-secrets: A command line tool that recreates the famous data decryption effect seen in the 1992 movieβ¦
A command line tool that recreates the famous data decryption effect seen in the 1992 movie Sneakers. - bartobri/no-more-secrets
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to track traffic from a smartphone using Wireshark & hack wifi/phone.... ALL VIDEOS:
https://www.youtube.com/watch?v=4_7A8Ikp5Cc
https://www.youtube.com/watch?v=50DNcpDRjB8
https://hackertarget.com/wireshark-tutorial-and-cheat-sheet/
https://www.youtube.com/watch?v=Yo8zGbCbqd0
https://www.youtube.com/watch?v=jvuiI1Leg6w
https://www.youtube.com/watch?v=uhA8qLCj1Z8
https://www.youtube.com/watch?v=Lu05owzpSb8
well now your's expert in wireshark
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to track traffic from a smartphone using Wireshark & hack wifi/phone.... ALL VIDEOS:
https://www.youtube.com/watch?v=4_7A8Ikp5Cc
https://www.youtube.com/watch?v=50DNcpDRjB8
https://hackertarget.com/wireshark-tutorial-and-cheat-sheet/
https://www.youtube.com/watch?v=Yo8zGbCbqd0
https://www.youtube.com/watch?v=jvuiI1Leg6w
https://www.youtube.com/watch?v=uhA8qLCj1Z8
https://www.youtube.com/watch?v=Lu05owzpSb8
well now your's expert in wireshark
β β β Uππ»βΊπ«Δπ¬πβ β β β
YouTube
Wireshark Tutorial - Installation and Password sniffing
In this Wireshark Tutorial, I demonstrate how to install Wireshark and then capturing packets with Wireshark. Get my full Wireshark Course for $10 here on Udemy: http://bit.ly/2IXZnn8 or GNS3 Academy: http://bit.ly/2J4PzIb
I analyze Telnet and HTTP in thisβ¦
I analyze Telnet and HTTP in thisβ¦
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Install TWRP on Android devices :
1) Switch off your device. Press Volume Down, Home and Power button altogether until you see the warning triangle. Now press the Volume Up button to enter into Download Mode.
2) Now connect your device to the PC via USB cable.
3) Run Odin3 v3.07.exe with Administrator privileges
4) You will see the COM port number in the ID: COM box, which means the connection has been established successfully.
5) In the Odin window, click on the PDA button and select the openrecovery-twrp-xy....tar
6) Make sure Auto-Reboot and F.Reset Time are checked.
7) Click on the Start button to initiate the process and observe the on-going process in the Message screen on the bottom-left of the Odin window.
8) Once the process is complete, you will be indicated by a PASS message.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Install TWRP on Android devices :
1) Switch off your device. Press Volume Down, Home and Power button altogether until you see the warning triangle. Now press the Volume Up button to enter into Download Mode.
2) Now connect your device to the PC via USB cable.
3) Run Odin3 v3.07.exe with Administrator privileges
4) You will see the COM port number in the ID: COM box, which means the connection has been established successfully.
5) In the Odin window, click on the PDA button and select the openrecovery-twrp-xy....tar
6) Make sure Auto-Reboot and F.Reset Time are checked.
7) Click on the Start button to initiate the process and observe the on-going process in the Message screen on the bottom-left of the Odin window.
8) Once the process is complete, you will be indicated by a PASS message.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Wifi Hacking/network applications 2020 new list
https://github.com/kost/nmap-android/releases
https://play.google.com/store/apps/details?id=com.tester.wpswpatester&hl=en
https://play.google.com/store/apps/details?id=teampro.wifi.wpsconnect&hl=en_US
https://sourceforge.net/projects/netspoof/
https://github.com/robclemons/Arpspoof
https://play.google.com/store/apps/details?id=com.xti.wifiwarden&hl=en_IN
https://play.google.com/store/apps/details?id=com.ngb.wpsconnect
https://play.google.com/store/apps/details?id=com.overlook.android.fing
https://play.google.com/store/apps/details?id=lksystems.wifiintruder
https://play.google.com/store/apps/details?id=com.arcai.netcut
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Wifi Hacking/network applications 2020 new list
https://github.com/kost/nmap-android/releases
https://play.google.com/store/apps/details?id=com.tester.wpswpatester&hl=en
https://play.google.com/store/apps/details?id=teampro.wifi.wpsconnect&hl=en_US
https://sourceforge.net/projects/netspoof/
https://github.com/robclemons/Arpspoof
https://play.google.com/store/apps/details?id=com.xti.wifiwarden&hl=en_IN
https://play.google.com/store/apps/details?id=com.ngb.wpsconnect
https://play.google.com/store/apps/details?id=com.overlook.android.fing
https://play.google.com/store/apps/details?id=lksystems.wifiintruder
https://play.google.com/store/apps/details?id=com.arcai.netcut
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
Releases Β· kost/nmap-android
Nmap on Android - Makefile/diff/scripts to build it with Android NDK - kost/nmap-android
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to configure Apache as an external proxy for Node.js :
1) Step 1 - Creating the Sample Application
Since you are here πat the you must be running Node.js application at some port.
We assume that you are running your application on port 3000.
2) For demonstration, I'll create a sample web application in Node.js and run it on port 3000.
So that it is easier for you to understand.
vi myapp.js
3) Then add the following content to your javascript file.
var http = require ('http');
http.createServer (function (req, res) {
res.writeHead (200, {'Content-Type': 'text / plain'});
res.end ('Hello World');
}). listen (3000, "127.0.0.1");
console.log ('Server running at http://127.0.0.1:3000/');
4) Your Node application is ready to run on port 3000. Let's run the Node.js application in the background.
node myapp.js &
And we will access this application in the browser.
5) Step 2 - Install Apache Server
sudo apt install apache2 ### Debians of the system
sudo yum install httpd ### CentOS 7/6
sudo dnf install httpd ### Fedora & CentOS 8
6) After installing Apache web server, you must have the proxy module enabled.
This module is included in Apache for users who have installed using rpm packages.
7) If you have not enabled it, change your Apache config /etc/httpd/conf/httpd.conf or for Apache 2.4 /etc/httpd/conf.modules.d/00-proxy.conf and uncomment the following lines or put them in a file.
8) LoadModule proxy_module modules / mod_proxy.so
LoadModule proxy_http_module modules / mod_proxy_http.so
For Debian based systems use the following command to enable the Proxy module with Apache.
sudo a2enmod proxy proxy_http
8) Step 3 - Configure Apache VirtualHost
Create a virtual host configuration file for your domain
π¦ Debian Based Systems :
sudo vim /etc/apache2/sites-enabled/example.com.conf
### Redhat based systems
sudo vim /etc/httpd/conf.d/example.com.conf
and add the following content.
\
< VirtualHost *: 80 >
ServerName example . com
ProxyRequests On
ProxyPass / http : / / localhost : 3000
ProxyPassReverse / http : / / localhost : 3000
< / VirtualHost >
Β» Check the setup
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to configure Apache as an external proxy for Node.js :
1) Step 1 - Creating the Sample Application
Since you are here πat the you must be running Node.js application at some port.
We assume that you are running your application on port 3000.
2) For demonstration, I'll create a sample web application in Node.js and run it on port 3000.
So that it is easier for you to understand.
vi myapp.js
3) Then add the following content to your javascript file.
var http = require ('http');
http.createServer (function (req, res) {
res.writeHead (200, {'Content-Type': 'text / plain'});
res.end ('Hello World');
}). listen (3000, "127.0.0.1");
console.log ('Server running at http://127.0.0.1:3000/');
4) Your Node application is ready to run on port 3000. Let's run the Node.js application in the background.
node myapp.js &
And we will access this application in the browser.
5) Step 2 - Install Apache Server
sudo apt install apache2 ### Debians of the system
sudo yum install httpd ### CentOS 7/6
sudo dnf install httpd ### Fedora & CentOS 8
6) After installing Apache web server, you must have the proxy module enabled.
This module is included in Apache for users who have installed using rpm packages.
7) If you have not enabled it, change your Apache config /etc/httpd/conf/httpd.conf or for Apache 2.4 /etc/httpd/conf.modules.d/00-proxy.conf and uncomment the following lines or put them in a file.
8) LoadModule proxy_module modules / mod_proxy.so
LoadModule proxy_http_module modules / mod_proxy_http.so
For Debian based systems use the following command to enable the Proxy module with Apache.
sudo a2enmod proxy proxy_http
8) Step 3 - Configure Apache VirtualHost
Create a virtual host configuration file for your domain
π¦ Debian Based Systems :
sudo vim /etc/apache2/sites-enabled/example.com.conf
### Redhat based systems
sudo vim /etc/httpd/conf.d/example.com.conf
and add the following content.
\
< VirtualHost *: 80 >
ServerName example . com
ProxyRequests On
ProxyPass / http : / / localhost : 3000
ProxyPassReverse / http : / / localhost : 3000
< / VirtualHost >
Β» Check the setup
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is DOM (Document Object Model)?
The DOM provides a structured and hierarchical presentation of a document.
The DOM is primarily used for web pages where they contain many different elements related to each other.
The DOM can be edited with JavaScript which will reflect the web page.
The DOM provides object-oriented presentations for JavaScript where these objects can be used for manipulation.
π¦ DOM standard:
The DOM standard was created by the W3C in 1998 under the name Dom Level 1, which provides a complete model for all HTML or XML documents.
DOM Level 2 was published in 200, which introduces the getElementByID function.
DOM Level 3 published in 2004, added XPath support and event handling.
DOM Level 4 was published in 2015 by the WHATWG and W3C.
π¦How do I access the DOM?
The DOM can be accessed in a variety of ways and with tools such as JavaScript, the web browser's DOM editor, etc.
But for making robust changes and automating them, JavaScript is the best way to go.
JavaScript stores the complete DOM in the document with the object name.
We can use various properties of the document object to access DOM objects.
document.head
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is DOM (Document Object Model)?
The DOM provides a structured and hierarchical presentation of a document.
The DOM is primarily used for web pages where they contain many different elements related to each other.
The DOM can be edited with JavaScript which will reflect the web page.
The DOM provides object-oriented presentations for JavaScript where these objects can be used for manipulation.
π¦ DOM standard:
The DOM standard was created by the W3C in 1998 under the name Dom Level 1, which provides a complete model for all HTML or XML documents.
DOM Level 2 was published in 200, which introduces the getElementByID function.
DOM Level 3 published in 2004, added XPath support and event handling.
DOM Level 4 was published in 2015 by the WHATWG and W3C.
π¦How do I access the DOM?
The DOM can be accessed in a variety of ways and with tools such as JavaScript, the web browser's DOM editor, etc.
But for making robust changes and automating them, JavaScript is the best way to go.
JavaScript stores the complete DOM in the document with the object name.
We can use various properties of the document object to access DOM objects.
document.head
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦FREE UDEMY #LIMITED
Setting up Android Studio and Emulators
Basics of adb
Decompiling apks
Insecure Logging
Hardcoding Issues
Insecure Data Storage
Input Valdiation Issues
Drozer
Finding Attack Surfaces
Access Control Issues
Content Provider Injections
General Bug Hunting Tips
https://www.udemy.com/course/foundations-of-hacking-and-pentesting-android-apps/
Setting up Android Studio and Emulators
Basics of adb
Decompiling apks
Insecure Logging
Hardcoding Issues
Insecure Data Storage
Input Valdiation Issues
Drozer
Finding Attack Surfaces
Access Control Issues
Content Provider Injections
General Bug Hunting Tips
https://www.udemy.com/course/foundations-of-hacking-and-pentesting-android-apps/
Udemy
Free Ethical Hacking Tutorial - Foundations of Hacking and Pentesting Android Apps
Learn how to hack Android apps, and find vulnerabilties - Free Course
TODAY TOPIC :
COMMAND AND CONTROL WEBSITE/WMI
https://t.me/UnderCodeTesting/11804
https://t.me/UnderCodeTesting/11805
SQLMAP GUIDE & ALOT OF STUFFS PDF
https://t.me/UnderCodeTesting/11806
Become a professional trader 4GB
https://t.me/UnderCodeTesting/11815
New mobile phone battery is dangerous to charge for 12 hours in the first three times #Tip
https://t.me/UnderCodeTesting/11816
run postfix with smtp authentication (sasldb) in a docker container. TLS and OpenDKIM support are optional #tool
https://t.me/UnderCodeTesting/11817
HACK ANY LINUX
https://t.me/UnderCodeTesting/11819
XSS-Finder: a super powerful and advanced cross-site scripting scanner
https://t.me/UnderCodeTesting/11820
How to find out the creation time of a file on Linux using Debugfs
https://t.me/UnderCodeTesting/11821
2020 Update #Decryption - A command line that recreates the famous data decryption effect seen in the 1992 movie Sneakers.
https://t.me/UnderCodeTesting/11822
How to track traffic from a smartphone using Wireshark & hack wifi/phone.... ALL VIDEOS
https://t.me/UnderCodeTesting/11823
Install TWRP on Android devices
https://t.me/UnderCodeTesting/11824
A Lessons about database
https://t.me/UnderCodeTesting/11825
Wifi Hacking/network applications 2020 new list
https://t.me/UnderCodeTesting/11826
How to configure Apache as an external proxy for Node.js
https://t.me/UnderCodeTesting/11827
What is DOM (Document Object Model)?
Setting up Android Studio and Emulators
Basics of adb
Decompiling apks
Insecure Logging
Hardcoding Issues
Insecure Data Storage
Input Valdiation Issues
Drozer
Finding Attack Surfaces
Access Control Issues
Content Provider Injections
General Bug Hunting Tips
https://t.me/UnderCodeTesting/11828
LEANR Awesome course
https://t.me/UnderCodeTesting/11829
COMMAND AND CONTROL WEBSITE/WMI
https://t.me/UnderCodeTesting/11804
https://t.me/UnderCodeTesting/11805
SQLMAP GUIDE & ALOT OF STUFFS PDF
https://t.me/UnderCodeTesting/11806
Become a professional trader 4GB
https://t.me/UnderCodeTesting/11815
New mobile phone battery is dangerous to charge for 12 hours in the first three times #Tip
https://t.me/UnderCodeTesting/11816
run postfix with smtp authentication (sasldb) in a docker container. TLS and OpenDKIM support are optional #tool
https://t.me/UnderCodeTesting/11817
HACK ANY LINUX
https://t.me/UnderCodeTesting/11819
XSS-Finder: a super powerful and advanced cross-site scripting scanner
https://t.me/UnderCodeTesting/11820
How to find out the creation time of a file on Linux using Debugfs
https://t.me/UnderCodeTesting/11821
2020 Update #Decryption - A command line that recreates the famous data decryption effect seen in the 1992 movie Sneakers.
https://t.me/UnderCodeTesting/11822
How to track traffic from a smartphone using Wireshark & hack wifi/phone.... ALL VIDEOS
https://t.me/UnderCodeTesting/11823
Install TWRP on Android devices
https://t.me/UnderCodeTesting/11824
A Lessons about database
https://t.me/UnderCodeTesting/11825
Wifi Hacking/network applications 2020 new list
https://t.me/UnderCodeTesting/11826
How to configure Apache as an external proxy for Node.js
https://t.me/UnderCodeTesting/11827
What is DOM (Document Object Model)?
Setting up Android Studio and Emulators
Basics of adb
Decompiling apks
Insecure Logging
Hardcoding Issues
Insecure Data Storage
Input Valdiation Issues
Drozer
Finding Attack Surfaces
Access Control Issues
Content Provider Injections
General Bug Hunting Tips
https://t.me/UnderCodeTesting/11828
LEANR Awesome course
https://t.me/UnderCodeTesting/11829
Hacking The Art of Exploitation Ebook
Download Link : http://www.mediafire.com/file/ht5dy5dwmf4h0j7/hacking-the-art-of-exploitation.pdf
Download Link : http://www.mediafire.com/file/ht5dy5dwmf4h0j7/hacking-the-art-of-exploitation.pdf
MediaFire
hacking-the-art-of-exploitation
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
The Hacker's Underground Hand Book.
Download Link : http://www.mediafire.com/file/kb94m3pa9zahrv9/The-Hackers-Underground-Handbook.pdf
Download Link : http://www.mediafire.com/file/kb94m3pa9zahrv9/The-Hackers-Underground-Handbook.pdf
MediaFire
The-Hackers-Underground-Handbook
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Connecting to networks and creating an Access Point :
1) I always recommend stopping NetworkManager when auditing the security of Wi-Fi networks, as its constant intervention makes attacks unstable and leads to incomprehensible and random errors. However, you may need to connect to a Wi-Fi network such as the Captive Portal to carry out further attacks. Some attacks require Internet access. Therefore, now the script helps you connect to Wi-Fi networks directly from the command line.
2) Remember that you can select the Wi-Fi adapter for which the action is performed. For example, we want to check all access points against the 3WIFI base. To do this, we select the first adapter and connect to the Internet. Then we select the second adapter and use it to scan the air.
3) Added the function of creating an Access Point with or without a password. This access point can be used to enhance the signal from a distant Access Point or to make the Internet connection available to other devices.
π¦Strengthening the wireless signal in the router settings
This is an optional step. If using Router Scan by Stas'M or RouterSploit you managed to get access to the admin panel of the router, you can change the signal level in the wireless network settings.
> https://kali.tools/?p=501
https://kali.tools/?p=2187
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Connecting to networks and creating an Access Point :
1) I always recommend stopping NetworkManager when auditing the security of Wi-Fi networks, as its constant intervention makes attacks unstable and leads to incomprehensible and random errors. However, you may need to connect to a Wi-Fi network such as the Captive Portal to carry out further attacks. Some attacks require Internet access. Therefore, now the script helps you connect to Wi-Fi networks directly from the command line.
2) Remember that you can select the Wi-Fi adapter for which the action is performed. For example, we want to check all access points against the 3WIFI base. To do this, we select the first adapter and connect to the Internet. Then we select the second adapter and use it to scan the air.
3) Added the function of creating an Access Point with or without a password. This access point can be used to enhance the signal from a distant Access Point or to make the Internet connection available to other devices.
π¦Strengthening the wireless signal in the router settings
This is an optional step. If using Router Scan by Stas'M or RouterSploit you managed to get access to the admin panel of the router, you can change the signal level in the wireless network settings.
> https://kali.tools/?p=501
https://kali.tools/?p=2187
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
All android users should update their google application.
#Vulnerabilities
#Vulnerabilities
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π Brute SSH the remote server:
Brute SSH the remote server
For brute-force attacks (brute-force attacks), we will use the Hydra tool , which is included with the Kali Linux distribution. SSH is present on any Linux or Unix server and is generally the primary use for administrators to access and control their systems.
Warning: Hydra is an attack tool
β Use it only on your own systems and networks unless you have written permission from the owner. Otherwise, it is illegal . "
To implement the attack, use the command:
# hydra -s 22 -l root -P / usr / share / wordlists / fasttrack .txt 192.168.1.1 -t 4 ssh
Now let's analyze it:
- s - The flag indicates the port. It is worth noting that administrators can replace the default port 22 for the ssh service , in order to find out on which port the service is running, it is necessary to perform an initial scan of the target using the Nmap tool . We wrote about how to do this earlier in the article .
- l - the flag indicates the login, in our example we use root and admin. (we can provide a link to the dictionary here)
- P - the flag indicates the password, in our case we use the fasttrack .txt dictionary from the kali distribution , which is located in the / usr / share / wordlists / directory
It is worth noting that in order to effectively carry out a brute-force attack, it is worth paying due attention to the preparation of the dictionary, namely: taking into account geographical and linguistic peculiarities, including the name of the company, the names of its subsidiaries, the names of the services and applications running, the names of employees, etc.
192.168.1.1 - ip address of the target, since the target we are using has a white ip, it is smeared
- t - the flag indicates the number of simultaneously used threads. We indicate 4
ssh - used protocol
Based on the results of the team's work, we see that the passwords from the dictionary did not fit for the admin and root
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π Brute SSH the remote server:
Brute SSH the remote server
For brute-force attacks (brute-force attacks), we will use the Hydra tool , which is included with the Kali Linux distribution. SSH is present on any Linux or Unix server and is generally the primary use for administrators to access and control their systems.
Warning: Hydra is an attack tool
β Use it only on your own systems and networks unless you have written permission from the owner. Otherwise, it is illegal . "
To implement the attack, use the command:
# hydra -s 22 -l root -P / usr / share / wordlists / fasttrack .txt 192.168.1.1 -t 4 ssh
Now let's analyze it:
- s - The flag indicates the port. It is worth noting that administrators can replace the default port 22 for the ssh service , in order to find out on which port the service is running, it is necessary to perform an initial scan of the target using the Nmap tool . We wrote about how to do this earlier in the article .
- l - the flag indicates the login, in our example we use root and admin. (we can provide a link to the dictionary here)
- P - the flag indicates the password, in our case we use the fasttrack .txt dictionary from the kali distribution , which is located in the / usr / share / wordlists / directory
It is worth noting that in order to effectively carry out a brute-force attack, it is worth paying due attention to the preparation of the dictionary, namely: taking into account geographical and linguistic peculiarities, including the name of the company, the names of its subsidiaries, the names of the services and applications running, the names of employees, etc.
192.168.1.1 - ip address of the target, since the target we are using has a white ip, it is smeared
- t - the flag indicates the number of simultaneously used threads. We indicate 4
ssh - used protocol
Based on the results of the team's work, we see that the passwords from the dictionary did not fit for the admin and root
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Wifi Hacking
any linux
R E Q U I R E M E N T S :
- libpcap >= 0.8.1
- libnet >= 1.1.2.1 (>= 1.1.5 for IPv6 support)
- openssl >= 0.9.7
- libpthread
- zlib
- libgeoip
- CMake 2.8
- Curl >= 7.26.0 to build SSLStrip plugin
If you don't want to enable SSLStrip plugin you have to disable it.
(more information about disabling a plugin in the README.GIT file)
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/Ettercap/ettercap
2) The easiest way to compile ettercap is in the form:
mkdir build
3) cd build
4) cmake ..
(Use ccmake . to change options such as disabling IPv6 support,
5) add
6) plugins support, etc).
7) make install
8) choose options depend on wifi security
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Wifi Hacking
any linux
R E Q U I R E M E N T S :
- libpcap >= 0.8.1
- libnet >= 1.1.2.1 (>= 1.1.5 for IPv6 support)
- openssl >= 0.9.7
- libpthread
- zlib
- libgeoip
- CMake 2.8
- Curl >= 7.26.0 to build SSLStrip plugin
If you don't want to enable SSLStrip plugin you have to disable it.
(more information about disabling a plugin in the README.GIT file)
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/Ettercap/ettercap
2) The easiest way to compile ettercap is in the form:
mkdir build
3) cd build
4) cmake ..
(Use ccmake . to change options such as disabling IPv6 support,
5) add
6) plugins support, etc).
7) make install
8) choose options depend on wifi security
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - Ettercap/ettercap: Ettercap Project
Ettercap Project. Contribute to Ettercap/ettercap development by creating an account on GitHub.