Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦security tip for ios 14
How Password Tracking to Protect Against Hacks Works in iOS 14:
1) Most people live online these days, so they have hundreds of logins and passwords for accounts on different sites and services. In such a case, a password manager is a vital necessity. IPhones have a built-in manager. In iOS 14, it has become even more useful, as it regularly checks to see if your passwords have appeared in data leaks on the Internet.
Apple's iCloud Keychain password manager has previously been able to warn about weak passwords and the fact that they are reused in different accounts. Previously, there was no check for matching passwords with cracked ones.
2) If a password is found in a data breach, this does not mean that your account has been compromised. The password leak could have happened from another site or by stealing data from the company as a whole, not necessarily on the exact site you are using. Despite this, even if you have complex passwords, hackers regularly add passwords that hit the network to brute force lists. It is only a matter of time before you become a target and your account can be hacked.
3) Monitoring passwords in Safari
If i.Cloud Keychain is configured to automatically enter passwords in mobile apps and web apps, Safari will alert you of cracked passwords when you visit the site. If you use iCloud Keychain to automatically enter logins and passwords on sites in this browser, after logging in, the browser will warn you about the need to change the password on the site:
βThis password appeared in a data breach, which increases the risk of this account being compromised. You must change your password immediately. "
βThe iPhone can create a complex password for you. Do you want to change the password for [site name] "?
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦security tip for ios 14
How Password Tracking to Protect Against Hacks Works in iOS 14:
1) Most people live online these days, so they have hundreds of logins and passwords for accounts on different sites and services. In such a case, a password manager is a vital necessity. IPhones have a built-in manager. In iOS 14, it has become even more useful, as it regularly checks to see if your passwords have appeared in data leaks on the Internet.
Apple's iCloud Keychain password manager has previously been able to warn about weak passwords and the fact that they are reused in different accounts. Previously, there was no check for matching passwords with cracked ones.
2) If a password is found in a data breach, this does not mean that your account has been compromised. The password leak could have happened from another site or by stealing data from the company as a whole, not necessarily on the exact site you are using. Despite this, even if you have complex passwords, hackers regularly add passwords that hit the network to brute force lists. It is only a matter of time before you become a target and your account can be hacked.
3) Monitoring passwords in Safari
If i.Cloud Keychain is configured to automatically enter passwords in mobile apps and web apps, Safari will alert you of cracked passwords when you visit the site. If you use iCloud Keychain to automatically enter logins and passwords on sites in this browser, after logging in, the browser will warn you about the need to change the password on the site:
βThis password appeared in a data breach, which increases the risk of this account being compromised. You must change your password immediately. "
βThe iPhone can create a complex password for you. Do you want to change the password for [site name] "?
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Nvidia responds to serious shortage of RTX3070/3080: temporarily unable to do anything.
#international
#international
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to use User Agent to attack websites ?
1) The User Agent is a string of text that identifies the browser and operating system for the web server. User Agent is passed in the HTTP header when the browser makes a request to the web server.
2) You can view the transmitted HTTP headers, including User Agent, in the Webmaster Developer Tools. For example, in Chrome to do this, press F12 , go to the Network tab and in the General window, find Request Headers
3) Or you can make it even easier - go to the page of one of the many services that show the User Agent: https://suip.biz/?act=my-user-agent
π¦User Agent example:
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
The string is not very clear - it is clear that this is Chrome and that its version is 86. If you are curious why the string is so long and what the rest of the elements mean, then check out the article β What is a Browser User Agent? β, It explains the meaning of the lines and why there are so many of them.
π¦How can the User Agent be used to attack websites? I know at least 3 options:
SQL Injection via User Agent
XSS with User Agent
Spoofing User Agent to deceive the server
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to use User Agent to attack websites ?
1) The User Agent is a string of text that identifies the browser and operating system for the web server. User Agent is passed in the HTTP header when the browser makes a request to the web server.
2) You can view the transmitted HTTP headers, including User Agent, in the Webmaster Developer Tools. For example, in Chrome to do this, press F12 , go to the Network tab and in the General window, find Request Headers
3) Or you can make it even easier - go to the page of one of the many services that show the User Agent: https://suip.biz/?act=my-user-agent
π¦User Agent example:
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
The string is not very clear - it is clear that this is Chrome and that its version is 86. If you are curious why the string is so long and what the rest of the elements mean, then check out the article β What is a Browser User Agent? β, It explains the meaning of the lines and why there are so many of them.
π¦How can the User Agent be used to attack websites? I know at least 3 options:
SQL Injection via User Agent
XSS with User Agent
Spoofing User Agent to deceive the server
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Apple cuts App Store commissions for developers with annual revenues of less than $1 million to 15%
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π§ How to Create Your Own VPN Server on Linux ?
π¦Requirements
Fresh CentOS / RHEL or Ubuntu / Debian VPS (Virtual Private Server) from any VPS vendor.
Configuring IPsec / L2TP VPN Server in Linux
To set up the VPN server, we will be using the wonderful collection of shell scripts created by Lin Song, which sets Libreswan as the IPsec server and xl2tpd as the L2TP provider.
The offering also includes scripts to add or remove VPN users, update VPN installations, and more.
First, log into your VPS via SSH, then run the appropriate commands for your distribution to set up the VPN server.
By default, the script will generate random VPN credentials (preshared key (PSK), VPN username and password) for you and display them at the end of the installation.
However, if you want to use your own credentials, you first need to generate a strong password and PSK as shown below
# openssl rand -base64 10
# openssl rand -base64 16
Then set these generated values ββas described in the following command, all values ββMUST be enclosed in "single quotes" as follows:
VPN_IPSEC_PSK is your IPsec pre-shared key.
VPN_USER - Your VPN username.
VPN_PASSWORD - Your VPN password.
---------------- On CentOS / RHEL ----------------
# wget https://git.io/vpnsetup-centos - O vpnsetup.sh && VPN_IPSEC_PSK = ' KvLjedUkNzo5gBH72SqkOA == ' VPN_USER = ' tecmint ' VPN_PASSWORD = ' 8DbDiPpGbcr4wQ == ' sh vpnsetup.sh
---------------- On Debian and Ubuntu ----------------
# wget https://git.io/vpnsetup -O vpnsetup .sh && VPN_IPSEC_PSK = ' KvLjedUkNzo5gBH72SqkOA == ' VPN_USER = ' tecmint ' VPN_PASSWORD = ' 8DbDiPpGbcr4wQ == ' sudo sh vpnsetup.sh
The main packages to be installed are bind-utils, net-tools, bison, flex, gcc, libcap-ng-devel, libcurl-devel, libselinux-devel, nspr-devel, nss-devel, pam-devel, xl2tpd, iptables -services, systemd-devel, fipscheck-devel, libevent-devel and fail2ban (for SSH security) and their respective dependencies.
The script then downloads, compiles and installs Libreswan from source, and enables and starts the required services.
Once the installation is complete, the VPN details will be displayed.
To add a VPN connection on a mobile device such as an Android phone, go to Settings -> Network & Internet (or Wireless & Networks -> Advanced) -> Advanced -> VPN.
Select the option to add a new VPN.
The VPN type must be IPSec Xauth PSK, then use the VPN gateway and credentials above.
How to add or remove VPN user on Linux
To create a new VPN user or update an existing VPN user with a new password, download and use the add_vpn_user.sh script using the following wget command.
$ wget -O add_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/add_vpn_user.sh
$ sudo sh add_vpn_user.sh 'username_to_add' 'user_password'
To remove a VPN user, download and use the del_vpn_user.sh script.
$ wget -O del_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/del_vpn_user.sh
$ sudo sh del_vpn_user.sh 'username_to_delete'
How to upgrade Libreswan on Linux
You can upgrade your Libreswan installation using the vpnupgrade.sh or vpnupgrade_centos.sh script.
Be sure to edit the SWAN_VER variable for the version you want to set in the script.
---------------- On CentOS / RHEL ----------------
# wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh && sh vpnupgrade.sh
---------------- On Debian and Ubuntu ----------------
# wget https://git.io/vpnupgrade -O vpnupgrade .sh && sudo sh vpnupgrade.sh
How to remove VPN server on Linux
To uninstall a VPN installation, follow these steps.
On RHEL / CentOS
# yum remove xl2tpd
Then open the configuration file / etc / sysconfig / iptables, remove unnecessary rules, edit the /etc/sysctl.conf and /etc/rc.local files, and remove the lines after the #Added by hwdsl2 VPN script comment in both files.
On Debian / Ubuntu
$ sudo apt-get purge xl2tpd
Then edit the /etc/iptables.rules configuration file and remove any unnecessary rules.
Also, edit /etc/iptables/rules.v4 if it exists.
π§ How to Create Your Own VPN Server on Linux ?
π¦Requirements
Fresh CentOS / RHEL or Ubuntu / Debian VPS (Virtual Private Server) from any VPS vendor.
Configuring IPsec / L2TP VPN Server in Linux
To set up the VPN server, we will be using the wonderful collection of shell scripts created by Lin Song, which sets Libreswan as the IPsec server and xl2tpd as the L2TP provider.
The offering also includes scripts to add or remove VPN users, update VPN installations, and more.
First, log into your VPS via SSH, then run the appropriate commands for your distribution to set up the VPN server.
By default, the script will generate random VPN credentials (preshared key (PSK), VPN username and password) for you and display them at the end of the installation.
However, if you want to use your own credentials, you first need to generate a strong password and PSK as shown below
# openssl rand -base64 10
# openssl rand -base64 16
Then set these generated values ββas described in the following command, all values ββMUST be enclosed in "single quotes" as follows:
VPN_IPSEC_PSK is your IPsec pre-shared key.
VPN_USER - Your VPN username.
VPN_PASSWORD - Your VPN password.
---------------- On CentOS / RHEL ----------------
# wget https://git.io/vpnsetup-centos - O vpnsetup.sh && VPN_IPSEC_PSK = ' KvLjedUkNzo5gBH72SqkOA == ' VPN_USER = ' tecmint ' VPN_PASSWORD = ' 8DbDiPpGbcr4wQ == ' sh vpnsetup.sh
---------------- On Debian and Ubuntu ----------------
# wget https://git.io/vpnsetup -O vpnsetup .sh && VPN_IPSEC_PSK = ' KvLjedUkNzo5gBH72SqkOA == ' VPN_USER = ' tecmint ' VPN_PASSWORD = ' 8DbDiPpGbcr4wQ == ' sudo sh vpnsetup.sh
The main packages to be installed are bind-utils, net-tools, bison, flex, gcc, libcap-ng-devel, libcurl-devel, libselinux-devel, nspr-devel, nss-devel, pam-devel, xl2tpd, iptables -services, systemd-devel, fipscheck-devel, libevent-devel and fail2ban (for SSH security) and their respective dependencies.
The script then downloads, compiles and installs Libreswan from source, and enables and starts the required services.
Once the installation is complete, the VPN details will be displayed.
To add a VPN connection on a mobile device such as an Android phone, go to Settings -> Network & Internet (or Wireless & Networks -> Advanced) -> Advanced -> VPN.
Select the option to add a new VPN.
The VPN type must be IPSec Xauth PSK, then use the VPN gateway and credentials above.
How to add or remove VPN user on Linux
To create a new VPN user or update an existing VPN user with a new password, download and use the add_vpn_user.sh script using the following wget command.
$ wget -O add_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/add_vpn_user.sh
$ sudo sh add_vpn_user.sh 'username_to_add' 'user_password'
To remove a VPN user, download and use the del_vpn_user.sh script.
$ wget -O del_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/del_vpn_user.sh
$ sudo sh del_vpn_user.sh 'username_to_delete'
How to upgrade Libreswan on Linux
You can upgrade your Libreswan installation using the vpnupgrade.sh or vpnupgrade_centos.sh script.
Be sure to edit the SWAN_VER variable for the version you want to set in the script.
---------------- On CentOS / RHEL ----------------
# wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh && sh vpnupgrade.sh
---------------- On Debian and Ubuntu ----------------
# wget https://git.io/vpnupgrade -O vpnupgrade .sh && sudo sh vpnupgrade.sh
How to remove VPN server on Linux
To uninstall a VPN installation, follow these steps.
On RHEL / CentOS
# yum remove xl2tpd
Then open the configuration file / etc / sysconfig / iptables, remove unnecessary rules, edit the /etc/sysctl.conf and /etc/rc.local files, and remove the lines after the #Added by hwdsl2 VPN script comment in both files.
On Debian / Ubuntu
$ sudo apt-get purge xl2tpd
Then edit the /etc/iptables.rules configuration file and remove any unnecessary rules.
Also, edit /etc/iptables/rules.v4 if it exists.
Then edit the /etc/sysctl.conf and /etc/rc.local files , remove the lines after the # Added by hwdsl2 VPN script comment in both files.
Do not remove exit 0 if the entry exists.
Optionally, you can delete specific files and directories that were created during VPN setup.
# rm -f /etc/ipsec.conf* /etc/ipsec.secrets* / etc / ppp / chap-secrets * /etc/ppp/options.xl2tpd* /etc/pam.d/pluto / etc / sysconfig / pluto / etc / default / pluto
# rm -rf /etc/ipsec.d / etc / xl2tpd
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Do not remove exit 0 if the entry exists.
Optionally, you can delete specific files and directories that were created during VPN setup.
# rm -f /etc/ipsec.conf* /etc/ipsec.secrets* / etc / ppp / chap-secrets * /etc/ppp/options.xl2tpd* /etc/pam.d/pluto / etc / sysconfig / pluto / etc / default / pluto
# rm -rf /etc/ipsec.d / etc / xl2tpd
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦AWS Pen Testing References
- PENETRATION TESTING AWS STORAGE: KICKING THE S3 BUCKET - Written by Dwight Hohnstein from Rhino Security Labs.
- AWS PENETRATION TESTING PART 1. S3 BUCKETS - Written by @VirtueSecurity.
- AWS PENETRATION TESTING PART 2. S3, IAM, EC2 - Written by @VirtueSecurity.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦AWS Pen Testing References
- PENETRATION TESTING AWS STORAGE: KICKING THE S3 BUCKET - Written by Dwight Hohnstein from Rhino Security Labs.
- AWS PENETRATION TESTING PART 1. S3 BUCKETS - Written by @VirtueSecurity.
- AWS PENETRATION TESTING PART 2. S3, IAM, EC2 - Written by @VirtueSecurity.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Rhino Security Labs
Penetration Testing AWS Storage: Kicking the S3 Bucket
Penetration Testing AWS instances for potential security vulnerabilities in S3 βSimple Storageβ buckets. We apply it to the Alexa top 10,000 sites.
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Track Location With Live Address And Accuracy In Termux:
[+] Real live location !
[+] Updated maintainence !
[+] Ip lookup
[+] Easy for Beginners !
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) apt-get update -y
2) apt-get upgrade -y
3) pkg install python -y
4) pkg install python2 -y
5) pkg install git -y
6) pip install lolcat
7) pip install requests
8) git clone https://github.com/noob-hackers/ipdrone
9) cd $HOME
10) ls
11) cd ipdrone
12) ls
13) python ipdrone.py -v (your victim ip here)
ex:- python ipdrone.py -v 127.0,0.1
Hurray... you got his location with some more information
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Track Location With Live Address And Accuracy In Termux:
[+] Real live location !
[+] Updated maintainence !
[+] Ip lookup
[+] Easy for Beginners !
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) apt-get update -y
2) apt-get upgrade -y
3) pkg install python -y
4) pkg install python2 -y
5) pkg install git -y
6) pip install lolcat
7) pip install requests
8) git clone https://github.com/noob-hackers/ipdrone
9) cd $HOME
10) ls
11) cd ipdrone
12) ls
13) python ipdrone.py -v (your victim ip here)
ex:- python ipdrone.py -v 127.0,0.1
Hurray... you got his location with some more information
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - noob-hackers/ipdrone: Track Location With Live Address And Accuracy In Termux
Track Location With Live Address And Accuracy In Termux - noob-hackers/ipdrone