Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to use User Agent to attack websites ?
1) The User Agent is a string of text that identifies the browser and operating system for the web server. User Agent is passed in the HTTP header when the browser makes a request to the web server.
2) You can view the transmitted HTTP headers, including User Agent, in the Webmaster Developer Tools. For example, in Chrome to do this, press F12 , go to the Network tab and in the General window, find Request Headers
3) Or you can make it even easier - go to the page of one of the many services that show the User Agent: https://suip.biz/?act=my-user-agent
π¦User Agent example:
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
The string is not very clear - it is clear that this is Chrome and that its version is 86. If you are curious why the string is so long and what the rest of the elements mean, then check out the article β What is a Browser User Agent? β, It explains the meaning of the lines and why there are so many of them.
π¦How can the User Agent be used to attack websites? I know at least 3 options:
SQL Injection via User Agent
XSS with User Agent
Spoofing User Agent to deceive the server
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to use User Agent to attack websites ?
1) The User Agent is a string of text that identifies the browser and operating system for the web server. User Agent is passed in the HTTP header when the browser makes a request to the web server.
2) You can view the transmitted HTTP headers, including User Agent, in the Webmaster Developer Tools. For example, in Chrome to do this, press F12 , go to the Network tab and in the General window, find Request Headers
3) Or you can make it even easier - go to the page of one of the many services that show the User Agent: https://suip.biz/?act=my-user-agent
π¦User Agent example:
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
The string is not very clear - it is clear that this is Chrome and that its version is 86. If you are curious why the string is so long and what the rest of the elements mean, then check out the article β What is a Browser User Agent? β, It explains the meaning of the lines and why there are so many of them.
π¦How can the User Agent be used to attack websites? I know at least 3 options:
SQL Injection via User Agent
XSS with User Agent
Spoofing User Agent to deceive the server
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Apple cuts App Store commissions for developers with annual revenues of less than $1 million to 15%
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π§ How to Create Your Own VPN Server on Linux ?
π¦Requirements
Fresh CentOS / RHEL or Ubuntu / Debian VPS (Virtual Private Server) from any VPS vendor.
Configuring IPsec / L2TP VPN Server in Linux
To set up the VPN server, we will be using the wonderful collection of shell scripts created by Lin Song, which sets Libreswan as the IPsec server and xl2tpd as the L2TP provider.
The offering also includes scripts to add or remove VPN users, update VPN installations, and more.
First, log into your VPS via SSH, then run the appropriate commands for your distribution to set up the VPN server.
By default, the script will generate random VPN credentials (preshared key (PSK), VPN username and password) for you and display them at the end of the installation.
However, if you want to use your own credentials, you first need to generate a strong password and PSK as shown below
# openssl rand -base64 10
# openssl rand -base64 16
Then set these generated values ββas described in the following command, all values ββMUST be enclosed in "single quotes" as follows:
VPN_IPSEC_PSK is your IPsec pre-shared key.
VPN_USER - Your VPN username.
VPN_PASSWORD - Your VPN password.
---------------- On CentOS / RHEL ----------------
# wget https://git.io/vpnsetup-centos - O vpnsetup.sh && VPN_IPSEC_PSK = ' KvLjedUkNzo5gBH72SqkOA == ' VPN_USER = ' tecmint ' VPN_PASSWORD = ' 8DbDiPpGbcr4wQ == ' sh vpnsetup.sh
---------------- On Debian and Ubuntu ----------------
# wget https://git.io/vpnsetup -O vpnsetup .sh && VPN_IPSEC_PSK = ' KvLjedUkNzo5gBH72SqkOA == ' VPN_USER = ' tecmint ' VPN_PASSWORD = ' 8DbDiPpGbcr4wQ == ' sudo sh vpnsetup.sh
The main packages to be installed are bind-utils, net-tools, bison, flex, gcc, libcap-ng-devel, libcurl-devel, libselinux-devel, nspr-devel, nss-devel, pam-devel, xl2tpd, iptables -services, systemd-devel, fipscheck-devel, libevent-devel and fail2ban (for SSH security) and their respective dependencies.
The script then downloads, compiles and installs Libreswan from source, and enables and starts the required services.
Once the installation is complete, the VPN details will be displayed.
To add a VPN connection on a mobile device such as an Android phone, go to Settings -> Network & Internet (or Wireless & Networks -> Advanced) -> Advanced -> VPN.
Select the option to add a new VPN.
The VPN type must be IPSec Xauth PSK, then use the VPN gateway and credentials above.
How to add or remove VPN user on Linux
To create a new VPN user or update an existing VPN user with a new password, download and use the add_vpn_user.sh script using the following wget command.
$ wget -O add_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/add_vpn_user.sh
$ sudo sh add_vpn_user.sh 'username_to_add' 'user_password'
To remove a VPN user, download and use the del_vpn_user.sh script.
$ wget -O del_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/del_vpn_user.sh
$ sudo sh del_vpn_user.sh 'username_to_delete'
How to upgrade Libreswan on Linux
You can upgrade your Libreswan installation using the vpnupgrade.sh or vpnupgrade_centos.sh script.
Be sure to edit the SWAN_VER variable for the version you want to set in the script.
---------------- On CentOS / RHEL ----------------
# wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh && sh vpnupgrade.sh
---------------- On Debian and Ubuntu ----------------
# wget https://git.io/vpnupgrade -O vpnupgrade .sh && sudo sh vpnupgrade.sh
How to remove VPN server on Linux
To uninstall a VPN installation, follow these steps.
On RHEL / CentOS
# yum remove xl2tpd
Then open the configuration file / etc / sysconfig / iptables, remove unnecessary rules, edit the /etc/sysctl.conf and /etc/rc.local files, and remove the lines after the #Added by hwdsl2 VPN script comment in both files.
On Debian / Ubuntu
$ sudo apt-get purge xl2tpd
Then edit the /etc/iptables.rules configuration file and remove any unnecessary rules.
Also, edit /etc/iptables/rules.v4 if it exists.
π§ How to Create Your Own VPN Server on Linux ?
π¦Requirements
Fresh CentOS / RHEL or Ubuntu / Debian VPS (Virtual Private Server) from any VPS vendor.
Configuring IPsec / L2TP VPN Server in Linux
To set up the VPN server, we will be using the wonderful collection of shell scripts created by Lin Song, which sets Libreswan as the IPsec server and xl2tpd as the L2TP provider.
The offering also includes scripts to add or remove VPN users, update VPN installations, and more.
First, log into your VPS via SSH, then run the appropriate commands for your distribution to set up the VPN server.
By default, the script will generate random VPN credentials (preshared key (PSK), VPN username and password) for you and display them at the end of the installation.
However, if you want to use your own credentials, you first need to generate a strong password and PSK as shown below
# openssl rand -base64 10
# openssl rand -base64 16
Then set these generated values ββas described in the following command, all values ββMUST be enclosed in "single quotes" as follows:
VPN_IPSEC_PSK is your IPsec pre-shared key.
VPN_USER - Your VPN username.
VPN_PASSWORD - Your VPN password.
---------------- On CentOS / RHEL ----------------
# wget https://git.io/vpnsetup-centos - O vpnsetup.sh && VPN_IPSEC_PSK = ' KvLjedUkNzo5gBH72SqkOA == ' VPN_USER = ' tecmint ' VPN_PASSWORD = ' 8DbDiPpGbcr4wQ == ' sh vpnsetup.sh
---------------- On Debian and Ubuntu ----------------
# wget https://git.io/vpnsetup -O vpnsetup .sh && VPN_IPSEC_PSK = ' KvLjedUkNzo5gBH72SqkOA == ' VPN_USER = ' tecmint ' VPN_PASSWORD = ' 8DbDiPpGbcr4wQ == ' sudo sh vpnsetup.sh
The main packages to be installed are bind-utils, net-tools, bison, flex, gcc, libcap-ng-devel, libcurl-devel, libselinux-devel, nspr-devel, nss-devel, pam-devel, xl2tpd, iptables -services, systemd-devel, fipscheck-devel, libevent-devel and fail2ban (for SSH security) and their respective dependencies.
The script then downloads, compiles and installs Libreswan from source, and enables and starts the required services.
Once the installation is complete, the VPN details will be displayed.
To add a VPN connection on a mobile device such as an Android phone, go to Settings -> Network & Internet (or Wireless & Networks -> Advanced) -> Advanced -> VPN.
Select the option to add a new VPN.
The VPN type must be IPSec Xauth PSK, then use the VPN gateway and credentials above.
How to add or remove VPN user on Linux
To create a new VPN user or update an existing VPN user with a new password, download and use the add_vpn_user.sh script using the following wget command.
$ wget -O add_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/add_vpn_user.sh
$ sudo sh add_vpn_user.sh 'username_to_add' 'user_password'
To remove a VPN user, download and use the del_vpn_user.sh script.
$ wget -O del_vpn_user.sh https://raw.githubusercontent.com/hwdsl2/setup-ipsec-vpn/master/extras/del_vpn_user.sh
$ sudo sh del_vpn_user.sh 'username_to_delete'
How to upgrade Libreswan on Linux
You can upgrade your Libreswan installation using the vpnupgrade.sh or vpnupgrade_centos.sh script.
Be sure to edit the SWAN_VER variable for the version you want to set in the script.
---------------- On CentOS / RHEL ----------------
# wget https://git.io/vpnupgrade-centos -O vpnupgrade.sh && sh vpnupgrade.sh
---------------- On Debian and Ubuntu ----------------
# wget https://git.io/vpnupgrade -O vpnupgrade .sh && sudo sh vpnupgrade.sh
How to remove VPN server on Linux
To uninstall a VPN installation, follow these steps.
On RHEL / CentOS
# yum remove xl2tpd
Then open the configuration file / etc / sysconfig / iptables, remove unnecessary rules, edit the /etc/sysctl.conf and /etc/rc.local files, and remove the lines after the #Added by hwdsl2 VPN script comment in both files.
On Debian / Ubuntu
$ sudo apt-get purge xl2tpd
Then edit the /etc/iptables.rules configuration file and remove any unnecessary rules.
Also, edit /etc/iptables/rules.v4 if it exists.
Then edit the /etc/sysctl.conf and /etc/rc.local files , remove the lines after the # Added by hwdsl2 VPN script comment in both files.
Do not remove exit 0 if the entry exists.
Optionally, you can delete specific files and directories that were created during VPN setup.
# rm -f /etc/ipsec.conf* /etc/ipsec.secrets* / etc / ppp / chap-secrets * /etc/ppp/options.xl2tpd* /etc/pam.d/pluto / etc / sysconfig / pluto / etc / default / pluto
# rm -rf /etc/ipsec.d / etc / xl2tpd
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Do not remove exit 0 if the entry exists.
Optionally, you can delete specific files and directories that were created during VPN setup.
# rm -f /etc/ipsec.conf* /etc/ipsec.secrets* / etc / ppp / chap-secrets * /etc/ppp/options.xl2tpd* /etc/pam.d/pluto / etc / sysconfig / pluto / etc / default / pluto
# rm -rf /etc/ipsec.d / etc / xl2tpd
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦AWS Pen Testing References
- PENETRATION TESTING AWS STORAGE: KICKING THE S3 BUCKET - Written by Dwight Hohnstein from Rhino Security Labs.
- AWS PENETRATION TESTING PART 1. S3 BUCKETS - Written by @VirtueSecurity.
- AWS PENETRATION TESTING PART 2. S3, IAM, EC2 - Written by @VirtueSecurity.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦AWS Pen Testing References
- PENETRATION TESTING AWS STORAGE: KICKING THE S3 BUCKET - Written by Dwight Hohnstein from Rhino Security Labs.
- AWS PENETRATION TESTING PART 1. S3 BUCKETS - Written by @VirtueSecurity.
- AWS PENETRATION TESTING PART 2. S3, IAM, EC2 - Written by @VirtueSecurity.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Rhino Security Labs
Penetration Testing AWS Storage: Kicking the S3 Bucket
Penetration Testing AWS instances for potential security vulnerabilities in S3 βSimple Storageβ buckets. We apply it to the Alexa top 10,000 sites.
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Track Location With Live Address And Accuracy In Termux:
[+] Real live location !
[+] Updated maintainence !
[+] Ip lookup
[+] Easy for Beginners !
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) apt-get update -y
2) apt-get upgrade -y
3) pkg install python -y
4) pkg install python2 -y
5) pkg install git -y
6) pip install lolcat
7) pip install requests
8) git clone https://github.com/noob-hackers/ipdrone
9) cd $HOME
10) ls
11) cd ipdrone
12) ls
13) python ipdrone.py -v (your victim ip here)
ex:- python ipdrone.py -v 127.0,0.1
Hurray... you got his location with some more information
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Track Location With Live Address And Accuracy In Termux:
[+] Real live location !
[+] Updated maintainence !
[+] Ip lookup
[+] Easy for Beginners !
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) apt-get update -y
2) apt-get upgrade -y
3) pkg install python -y
4) pkg install python2 -y
5) pkg install git -y
6) pip install lolcat
7) pip install requests
8) git clone https://github.com/noob-hackers/ipdrone
9) cd $HOME
10) ls
11) cd ipdrone
12) ls
13) python ipdrone.py -v (your victim ip here)
ex:- python ipdrone.py -v 127.0,0.1
Hurray... you got his location with some more information
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - noob-hackers/ipdrone: Track Location With Live Address And Accuracy In Termux
Track Location With Live Address And Accuracy In Termux - noob-hackers/ipdrone
Forwarded from UNDERCODE NEWS
The mass production of the smartphone on Debian Linux "for the paranoid" began
#Technologies #Updates
#Technologies #Updates
Forwarded from UNDERCODE NEWS
Many dangerous vulnerabilities found in famous industrial system products.
#Analytiques #Vulnerabilities
#Analytiques #Vulnerabilities
β β β Uππ»βΊπ«Δπ¬πβ β β β
π© HardInfo - checking hardware information on Linux:
Installing HardInfo
1) HardInfo is the most popular graphical application, tested on Ubuntu / Mint, Debian, OpenSUSE, Fedora / CentOS / RHEL, Arch Linux and Manjaro Linux.
2) HardInfo is available for installation on all major Linux distributions from the default repository.
Installing HardInfo on Debian, Ubuntu and Linux Mint
$ sudo apt install hardinfo
Installing HardInfo on Fedora / CentOS Linux
3) For some reason, the Fedora team decided to stop packaging Hardinfo in the repository, so you will need to build it from source as follows:
# dnf install glib-devel gtk + -devel zlib-devel libsoup-devel
$ cd Downloads
$ git clone https://github.com/lpereira/hardinfo.git
$ cd hardinfo
$ mkdir build
$ cd build
$ cmake ..
$ make
4) # make install
Installing HardInfo on Arch and Manjaro Linux
$ sudo pacman -S hardinfo
Installing HardInfo on OpenSUSE
$ sudo zypper in hardinfo
5) How to use HardInfo on Linux
After installation, open Hardinfo on your computer.
It is a graphical application and should be categorized as System named System Profiler and Benchmark in your distribution's launcher.
6) When it opens, you will see the various tabs on the left sidebar, sorted by category, and the information contained in those tabs listed on the right.
For example, you can view information about your system processor.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π© HardInfo - checking hardware information on Linux:
Installing HardInfo
1) HardInfo is the most popular graphical application, tested on Ubuntu / Mint, Debian, OpenSUSE, Fedora / CentOS / RHEL, Arch Linux and Manjaro Linux.
2) HardInfo is available for installation on all major Linux distributions from the default repository.
Installing HardInfo on Debian, Ubuntu and Linux Mint
$ sudo apt install hardinfo
Installing HardInfo on Fedora / CentOS Linux
3) For some reason, the Fedora team decided to stop packaging Hardinfo in the repository, so you will need to build it from source as follows:
# dnf install glib-devel gtk + -devel zlib-devel libsoup-devel
$ cd Downloads
$ git clone https://github.com/lpereira/hardinfo.git
$ cd hardinfo
$ mkdir build
$ cd build
$ cmake ..
$ make
4) # make install
Installing HardInfo on Arch and Manjaro Linux
$ sudo pacman -S hardinfo
Installing HardInfo on OpenSUSE
$ sudo zypper in hardinfo
5) How to use HardInfo on Linux
After installation, open Hardinfo on your computer.
It is a graphical application and should be categorized as System named System Profiler and Benchmark in your distribution's launcher.
6) When it opens, you will see the various tabs on the left sidebar, sorted by category, and the information contained in those tabs listed on the right.
For example, you can view information about your system processor.
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - lpereira/hardinfo: System profiler and benchmark tool for Linux systems
System profiler and benchmark tool for Linux systems - lpereira/hardinfo
Forwarded from UNDERCODE NEWS
