▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑what is CTF?
#forBeginers

A) CTF (Capture The Flag) is a kind of information security competition that challenges contestants to solve a variety of tasks ranging from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data. In these challenges, the contestant is usually asked to find a specific piece of text that may be hidden on the server or behind a webpage. This goal is called the flag, hence the name!

B) Like many competitions, the skill level for CTFs varies between the events. Some are targeted towards professionals with experience operating on cyber security teams. These typically offer a large cash reward and can be held at a specific physical location. Other events target the high school and college student range, sometimes offering monetary support for education to those that place highly in the competition!

C) CTFtime details the different types of CTF. To summarize, Jeopardy style CTFs provide a list of challenges and award points to individuals or teams that complete the challenges, groups with the most points wins. Attack/Defense style CTFs focus on either attacking an opponent's servers or defending one's own. These CTFs are typically aimed at those with more experience and are conducted at a specific physical location.

CTFs can be played as an individual or in teams so feel free to get your friends onboard!

I'd like to stress that CTFs are available to everyone. Many challenges do not require programming knowledge and are simply a matter of problem solving and creative thinking.

🦑Challenge types :

1) Jeopardy style CTFs challenges are typically divided into categories. I'll try to briefly cover the common ones.

2) Cryptography - Typically involves decrypting or encrypting a piece of data

3) Steganography - Tasked with finding information hidden in files or images

4) Binary - Reverse engineering or exploiting a binary file

5) Web - Exploiting web pages to find the flag

6) Pwn - Exploiting a server to find the flag

(some wifi resources)
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Multiple Unpatched vulnerabilities has been discovered in wireless sensor networks.
#Vulnerabilities

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑DNS TYPES:

1) DNS recursor: The DNS recursor—also called the recursive DNS server—is usually supplied by the internet service provider. This server is responsible for receiving user queries, resolving them, and responding with the IP address. Think of it as being the middleman. It serves as the liaison between the other servers, and undertakes all the communicating, organizing, and transferring of information. It visits the cache initially, to see if the IP address requested already exists there and contacts the root name server if not.

2) Root name server: The root name server, or root server, gets involved when the DNS recursor can’t find what it needs in its cache. The root server exists at the top of the DNS hierarchy, in a position called the root zone—this is the point at which requests are redirected to the appropriate zone. There are 13 root zone servers, which are run by a dozen independent organizations. At this stage, the 13 servers respond to the recursor with the IP address for the TLD name server.

3) TLD name server: Next, the request goes through the TLD (Top Level Domain) name server. This server retains the information for hostnames sharing common extensions—for example, .com, .net, .gov, .edu, or .co.uk. The TLD server then points the recursor server to the authoritative name server IP address.

4) Authoritative name server: The authoritative name server is the last step before the request is resolved. This server contains all the data for specific domains (e.g., google.com). The authoritative server resolves the hostname to the correct IP address, then sends this back to the recursor to be cached. It’s then returned to the user’s browser, so the requested site can be accessed via the IP address.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FREE WINDOWS PASSWORD CRACKER:

100% recovery rate.
Easy to install and use with a very handy and clear user interface.
Resets passwords with a bootable CD/DVD.
Resets passwords with a bootable USB drive.
Resets local Administrator password.
Retrieve product keys from unbootable Windows installations.
WinPE Recovery CD Builder.
Automatically detects several operating systems installed on the computer.
Unlocks and Enables user accounts.
Disables the password expiry option.
Supports Windows 2000, XP, Vista, 7, Windows 8, Windows 8.1, Windows 10.
Works on all laptops including Legend, Toshiba, Dell, IBM etc.
Supports 32-bit and 64-bit Windows.
Support WinPE USB boot disk.
Added options to special WinPE version and type while building boot disk
Added options to special custom drivers while building boot disk
Enhanced password recovery for Windows 8, Windows 8.1, Windows 10
Create UEFI boot USB disk/CD/DVD
Supports Windows 10 x86
Supports Windows 10 x64
Enhanced guides for resetting Windows Live ID user account password
Recover Windows 8/8.1 OEM product key from BIOS
Start Menu on boot disk
FREE technical support.

Download : https://www.lazesoft.com/downloads/lsrmphdsetup.exe

How to use
https://youtu.be/68jkBLKIJas

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Crack Linux Password Hash :
using JohnTheripper:

1) Example of Linux Password Hash:

$1$e7NfNpNi$A6nCwOTqrNR2oDuIKirRZ

$1 = MD5 hashing algorithm.

$2 =Blowfish Algorithm is in use.

$2a=eksblowfish Algorithm

$5 =SHA-256 Algorithm

$6 =SHA-512 Algorithm

2) So this is MD5 hash

3) The second field is salt value so e7NfNpNi is the salt

4) The last field is the hash value of salt+user password i.e A6nCwOTqrNR2oDuIKirRZ

5) Now comes the cracking part. But unless this is a common hash which it isn’t you can’t decrypt it.

6) You can use Johntheripper to crack the password. This might take a long time if you are keyspace bruteforcing. If you want you can use a dictionary based attack to crack it. To do this first you
need to setup the hash file.

cp /etc/passwd ./

cp /etc/shadow ./

7) unshadow passwd shadow > hashes

8) After this you can do one of the following

9) Dictionary Based Cracking

john -w /path/to/wordlist — format=md5crypt hashes

10) Key-space Brute-forcing
john — show hashes

🦑Other Methods :

1) If you have access to a GPU, you can harness its power for your
cracking process. For this you can use hash-cat.
hashcat -m 1800 -a 0 [Path-to-Hashes] [Path-to-Word-list] -o [Path-to-Output-Cracked-Hashes]

2) you can set m to either 500 or 1800, depending on your setup.
(mediuM
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Again a new whatsapp vulnerability strike.
#Vulnerabilities

MORE INFO - https://undercodenews.com/again-a-new-whatsapp-vulnerability-strike/04/11/2020/

SO IMPORTANT IOS USERS »> UPDATE WHATSAPP

At any time you can visit, still under-construction in covid-19, UndercodeTesting.com

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 ALL REAL CRACKING TOOLS :

https://hashcat.net/hashcat/

http://www.openwall.com/john/

https://www.darknet.org.uk/2006/09/brutus-password-cracker-download-brutus-aet2zip-aet2/

https://www.thc.org/thc-hydra/

http://www.foofus.net/jmk/tools/medusa-2.1.1.tar.gz

http://ophcrack.sourceforge.net/tables.php

http://www.l0phtcrack.com/

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is Google Dork?

1) It is basically a search string that uses advanced search query to find information that are not easily available on the websites. It is also regarded as illegal google hacking activity which hackers often uses for purposes such as cyber terrorism and cyber theft.
Dork

2) They are like search criteria in which a search engine returns results related to your dork.

🦑Can Google be used by Hackers to hack websites?

1) People often take Google as just a search engine used to find text, images, videos, and news. However, in the infosec world, it has a very vast role. Google can also be used as a very useful hacking tool.

2) You cannot hack websites directly using Google. But, it’s tremendous web crawling capabilities can be of great help to index almost anything within any websites which includes sensitive information. This can include from username, password and other general vulnerabilities you won’t even be knowing.
Basically, using Google Dorking you can find vulnerabilities of any web applications and servers with the help of native Google Search engine.
(medium)
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 Bash function for extracting file archives of various types:

1) Bash function for extracting file archives of various types
Open your ~ / .bashrc file:

$ nano ~/.bashrc

2) Add the following snippet at the end:

# Bash Function To Extract File Archives Of Various Types
extract () {
if [ -f $1 ] ; then
case $1 in
*.tar.bz2) tar xjf $1 ;;
*.tar.gz) tar xzf $1 ;;
*.bz2) bunzip2 $1 ;;
*.rar) rar x $1 ;;
*.gz) gunzip $1 ;;
*.tar) tar xf $1 ;;
*.tbz2) tar xjf $1 ;;
*.tgz) tar xzf $1 ;;
*.zip) unzip $1 ;;
*.Z) uncompress $1 ;;
*.7z) 7z x $1 ;;
*) echo "'$1' cannot be extracted via extract()" ;;
esac
else
echo "'$1' is not a valid file"
fi
}

3) Press Ctrl + o and press ENTER to save the file and then press Ctrl + x to exit the file.

4) Run the following command for the changes to take effect:
$ source ~/.bashrc

5) From now on, you can simply call this function to extract archives of various types.

For example, I'm going to extract a .7z archive file using the command:

$ extract archive.7z

🦑Output example:

p7zip Version 16.02 (locale=en_IN,Utf16=on,HugeFiles=on,64 bits,4 CPUs Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz (206A7),ASM)

7) Scanning the drive for archives:
1 file, 16013693 bytes (16 MiB)

8) Extracting archive: archive.7z
--
Path = archive.7z
Type = 7z
Physical Size = 16013693
Headers Size = 1204
Method = LZMA:23
Solid = +
Blocks = 1
Folders: 21
Files: 37
Size: 16625007
Compressed: 16013693

9) Likewise, to extract .zip files, the command would be:
$ extract archive.zip

10) Please note that you must install the appropriate archive manager before using this function.
If your system does not have supported archiving tools installed, you will receive an error message similar to the one below:
$ extract archive.zip

11) bash: /usr/bin/unzip: No such file or directory
This script is mentioned in many places on the Internet.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 How to set up and manage log rotation using Logrotate on Linux:

A) Installing Logrotate on Linux
To install logrotate just use your package manager:

---------- On Debian and Ubuntu ----------
# aptitude update && aptitude install logrotate

---------- On CentOS, RHEL and Fedora ----------
# yum update && yum install logrotate

B) It is worth noting that the configuration file (/etc/logrotate.conf) may indicate that other, more specific settings can be placed in separate .conf files inside /etc/logrotate.d.
This will be the case if and only if the following line exists and is not commented out:

include /etc/logrotate.d

C) We will stick to this approach as it will help us keep things tidy and will use the Debian box for the following examples.
Configuring Logrotate on Linux

D) As a very versatile tool, logrotate provides many directives to help us customize when and how the logs will be rotated, and what should happen immediately afterwards.

Let's paste the following content into /etc/logrotate.d/apache2.conf (note that you will most likely need to create this file) and examine each line.

/ var / log / apache2 / * {
weekly
rotate 3
size 10M
compress
delaycompress
}

E) The first line indicates that the directives inside the block apply to all logs inside / var / log / apache2:
weekly means the tool will try to update the logs on a weekly basis. Other possible values ​​are daily and monthly.
rotate 3 indicates that only 3 rotations should be left. Thus, the oldest file will be deleted on the fourth subsequent run.
size = 10M sets the minimum size for rotation to 10M. In other words, each log will not rotate until it reaches 10MB.
compress and delaycompress are used to specify that all but the most recent logs being processed should be compressed.
Let's do a dry run to see what logrotate would do if it were actually executed now.
Use the -d option followed by the config file (you can run logrotate by omitting this option):

# logrotate -d /etc/logrotate.d/apache2.conf

F) Instead of compressing the logs, we could rename them according to the date they were edited.

G) To do this, we'll use the dateext directive.

If our date format is different from the default yyyymmdd, we can specify it using dateformat.

Note that we can even prevent rotation if the log is empty using notifempty.

Also, let's tell logrotate to send the updated log to the system administrator (in this case admin@mydomain.com) for his reference (this will require setting up a mail server, which is beyond the scope of this article).

H) This time we will only use /etc/logrotate.d/squid.conf for the /var/log/squid/access.log route:/var/log/squid/access.log {
monthly
create 0644 root root
rotate 5
size = 1M
dateext
dateformat -% d% m% Y
notifempty
mail admin@mydomain.com
}

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Use The Mac OS X Hackers Toolbox :

Before we install Metasploit, we need to install some software dependencies. It is a little more work to install Metasploit on Mac OS X, but it will be worth it. Listed below are the prerequisite software packages.

🦑Software Prerequisites
MacPorts
Ruby1.9.3
Homebrew
PostgreSQL

🄻🄴🅃'🅂 🅂🅃🄰🅁🅃 :

1) MacPorts Installation Install Xcode
Xcode Install from the Apple App Store, or it can be downloaded from the following URL: https://developer.apple.com/xcode/
Once Xcode is installed, go into the Xcode preferences and install the “Command Line Tools”.

2) Install the MacPorts app

3) Download and install the package file (.dmg) file from the MacPorts web site: https://distfiles.macports.org/MacPorts/
Once the files are downloaded, install MacPorts. More information on MacPorts can be found here: http://www.macports.org/install.php

4) Run MacPorts selfupdate to make sure it is using the latest version.

5) From a terminal window run the following command:
$ sudo port selfupdate

6) Ruby 1.9.3
Mac OS X is preinstalled with Ruby, but we want to upgrade to Ruby 1.9.3

We will be using MacPorts to upgrade Ruby. From a terminal window run the following command:

$ sudo port install ruby19 +nosuffix

7) The default Ruby install path for MacPorts is: /opt/local/ It’s a good idea to verify that the PATH is correct, so that opt/local/bin is listed before /usr/bin. You should get back something that looks like this:

/opt/local/bin:/opt/local/sbin:/usr/bin:/bin:/usr/ sbin:/sbin

8) You can verify the path by entering the following syntax in a terminal window:

$ echo $PATH

9) To verify the Ruby install locations, enter this syntax:

$ which ruby gem

You should get back the following response:

/opt/local/bin/ruby /opt/local/bin/gem

Now ready to install hacking tools such metasploit and more ...

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Windows 7, still the second most common operating system, is not gone.
#Updates

Microsoft is upgrading the beta version of Excel for Mac.
#Technologies

Multiple GitLab security vulnerabilities could allow hackers to exploit logins and more.
#Vulnerabilities

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST HTML AND CSS EDITORS FOR WINDOWS:

https://atom.io/

https://notepad-plus-plus.org/

https://www.sublimetext.com/

https://clk.tradedoubler.com/click?p=264355&a=3118363&g=24531572

https://code.visualstudio.com/#meet-intellisense

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑This can hack any windows
🦟 SharpHide: a tool to create hidden registry keys

1) Malware that runs without elevated privileges in Windows has limited ability to recover from a system reboot (called persistence).

Malware that elevates privileges using zero-day exploits or public exploits has more potential to persist.

However, zero days are expensive and risk exposing them, and public exploits will not work on patched systems.

2) Most malware gets stuck using well known save methods that are easy to detect.

The easiest save method is to write the value to HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run (or a
similar key to HKEY_LOCAL_MACHINE).

3) The values ​​for this key are commands that Windows executes when the user logs on (in the case of HKEY_CURRENT_USER) or when it boots (in the case of HKEY_LOCAL_MACHINE).

The malicious program writes the path to its executable file into the Run key.

4) So it restores execution after reboot.

Since this is a well-known method, the suspicious value in the Run key is a red flag indicating that the system is infected.

It also reveals the location of malware on the system, making it very easy to collect samples for analysis.

5) FILE-FREE BINARY STORAGE

CONVENTIONAL STORAGE OF FILES ON DISK

Antivirus software scans files on the disk.

Antivirus software hashes files and sends signatures to the cloud.

Some antiviruses perform heuristic scans of files stored on the disk.

6) Suspected malware files can even be silently sent to the cloud.

To counter this, malware has several options.

Files on disk can be regular droppers that access the Internet and load more essential modules (which are loaded into memory without touching the disk).

Malicious programs can also create executable files that are stored on disk so as not to disable antivirus heuristics.

🦑For example, because antivirus often scans high-entropy segments in PE (which indicate compressed or encrypted data), malware can avoid using encryption and compression to protect its executable files.

Since the antivirus has heuristics that scans the import tables, malware can avoid importing suspicious functions.

Such countermeasures are burdensome for malware developers and, in any case, do not guarantee that their binaries will not be uploaded to the cloud.

Download && Use
https://github.com/outflanknl/SharpHide#usage

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁