Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦# οΈβ£ What is HMAC (Hach-based Message Authentication Code) ?
A message is data, text, image, or whatever we want to authenticate.
The message is verified for authenticity with the key by hashing them.
2) Key
The key is used by both parties to authenticate the message.
As stated earlier, the message and the key are used together and the hash value is calculated.
3) Hash function
The hash function is used to compute a hash value that is unique.
The hash function can be sha1, sha256, or use a different algorithm.
4) Encryption and Hashing. Difference and application
π¦How to create an HMAC using OpenSSL ?
We can use the OpenSSL tool to generate some HMAC or hash value.
We will use the echo and openssl commands.
We will also use sha256 as our hash algorithm.
We will provide data or messages to the HMAC and then haveh it using the -hmac switch and mysecretkey as shown :
$ echo -n "secretmessage.txt" | openssl dgst -sha256 -hmac "mysecretkey"
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦# οΈβ£ What is HMAC (Hach-based Message Authentication Code) ?
Hach-based Message Authentication Code or HMAC is used to authenticate a message using hash functions.1) Message
Message authentication is an important mechanism in cybersecurity and is used to authenticate a message.
There are different ways and mechanisms for message authentication.
A message is data, text, image, or whatever we want to authenticate.
The message is verified for authenticity with the key by hashing them.
2) Key
The key is used by both parties to authenticate the message.
As stated earlier, the message and the key are used together and the hash value is calculated.
3) Hash function
The hash function is used to compute a hash value that is unique.
The hash function can be sha1, sha256, or use a different algorithm.
4) Encryption and Hashing. Difference and application
π¦How to create an HMAC using OpenSSL ?
We can use the OpenSSL tool to generate some HMAC or hash value.
We will use the echo and openssl commands.
We will also use sha256 as our hash algorithm.
We will provide data or messages to the HMAC and then haveh it using the -hmac switch and mysecretkey as shown :
$ echo -n "secretmessage.txt" | openssl dgst -sha256 -hmac "mysecretkey"
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ WORDPRESS HACKING PDFs AND VIDEOS :
https://secure360.org/wp-content/uploads/2018/05/Hacking-WordPress_S360-TC-2018_Bob-Weiss.pdf
https://owasp.org/www-pdf-archive//Dan_Catalin_VASILE_-_Hacking_the_Wordpress_EcoSystem.pdf
https://blogsitestudio.com/wp-content/uploads/woocommerce_uploads/2017/04/Secure-Your-WordPress-Website-1491859920.pdf
https://www.youtube.com/watch?v=0UfPkYH6Da4
23 MIN
https://www.youtube.com/watch?v=l77AgiphUQo
2h
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ WORDPRESS HACKING PDFs AND VIDEOS :
https://secure360.org/wp-content/uploads/2018/05/Hacking-WordPress_S360-TC-2018_Bob-Weiss.pdf
https://owasp.org/www-pdf-archive//Dan_Catalin_VASILE_-_Hacking_the_Wordpress_EcoSystem.pdf
https://blogsitestudio.com/wp-content/uploads/woocommerce_uploads/2017/04/Secure-Your-WordPress-Website-1491859920.pdf
https://www.youtube.com/watch?v=0UfPkYH6Da4
23 MIN
https://www.youtube.com/watch?v=l77AgiphUQo
2h
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODER
Blackview Tab 8E: the economic alternative to the iPad, on offer for Christmas.
#Updates
MORE INFO - https://undercodenews.com/blackview-tab-8e-the-economic-alternative-to-the-ipad-on-offer-for-christmas/09/12/2020/
#Updates
MORE INFO - https://undercodenews.com/blackview-tab-8e-the-economic-alternative-to-the-ipad-on-offer-for-christmas/09/12/2020/
UNDERCODE COMMUNITY
KB4-CON2019-12WaystoHack2FA.pdf
12 Ways to Hack 2FA
Forwarded from UNDERCODE NEWS
Huge lawsuit against Facebook: 48 states in the US are demanding that it be forced to disband.
#international
#international
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hijacking tutorial:
1) First, we will need to gear up for the attack:
Open up the Ettercap utility in Kali Linux. To work with it in a GUI, open up a terminal and type:
$ ettercap -G
The Ettercap GUI window will be displayed. Go to the menu and select βsniff>unisniff,β as shown in the following window:
2) Next, open up a new terminal without closing the other one, and type the following command:
$ ifconfig
3) After entering the above command, you will see your default network interface. Now, copy it and select it in the Ettercap menu.
With that done, click the βhostβ button in the menu and select the βscan for hostβ option. Then, wait until the scan is finished.
4) The results will be displayed . From the submenu, click on the MITM tab and select βARP poisoning.β
Next, instruct the machine using the options tab that has just popped up. Enable the βsniff remote networkβ option by checking the box next to it.
5) Then, hit the start button from the menu to the attack. Your machine will now engage in sniffing for any systems connected to your remote network.
Now that the ettercap has been primed for the attack, leave it running in the background and proceed to launch the Ferret tool.
6) Start the Ferret plugin
To launch the Ferret plugin, open up a new terminal and type the following syntax, then hit Enter:
$ ferret -i eth0
You have now successfully launched the ferret tool, as well. Next, we will minimize this window and fire up the Hamster plugin.
7) Launch Hamster
Start Hamster by typing the following into a new command terminal:
$ hamster
This will listen to the loopback IP, which, in our case, is [IP address] and [port number]
8) Next, fire up the web browser and type the port number and the loopback IP in its URL terminal to set up the web interface for Hamster:
With the Hamster utility prepared, we must now configure the adapters. Go to the options in the browserβs menu and click on βeth0,β and wait until the browser comes up with some results:
9) Examine the results carefully once they pop up. You will see a whole bunch of IP addresses, including your own.
10) Next, we will select the target IP address in the Hamster web interface
11) See the Victimβs Web History
You can click on each of the recorded cookies to see what is going on in the sessions, which websites were accessed, the userβs private chat logs, file transfer history, etc. You can extract a lot of information here, as you are likely to have a lot of cookies.
Mess around and see what you can get your hands on. And remember, everything that you can do on the system that you are pen-testing here, a hacker can do as well, which goes to show how prone a system can be to such simple attacks.
Reference linuxforo
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hijacking tutorial:
1) First, we will need to gear up for the attack:
Open up the Ettercap utility in Kali Linux. To work with it in a GUI, open up a terminal and type:
$ ettercap -G
The Ettercap GUI window will be displayed. Go to the menu and select βsniff>unisniff,β as shown in the following window:
2) Next, open up a new terminal without closing the other one, and type the following command:
$ ifconfig
3) After entering the above command, you will see your default network interface. Now, copy it and select it in the Ettercap menu.
With that done, click the βhostβ button in the menu and select the βscan for hostβ option. Then, wait until the scan is finished.
4) The results will be displayed . From the submenu, click on the MITM tab and select βARP poisoning.β
Next, instruct the machine using the options tab that has just popped up. Enable the βsniff remote networkβ option by checking the box next to it.
5) Then, hit the start button from the menu to the attack. Your machine will now engage in sniffing for any systems connected to your remote network.
Now that the ettercap has been primed for the attack, leave it running in the background and proceed to launch the Ferret tool.
6) Start the Ferret plugin
To launch the Ferret plugin, open up a new terminal and type the following syntax, then hit Enter:
$ ferret -i eth0
You have now successfully launched the ferret tool, as well. Next, we will minimize this window and fire up the Hamster plugin.
7) Launch Hamster
Start Hamster by typing the following into a new command terminal:
$ hamster
This will listen to the loopback IP, which, in our case, is [IP address] and [port number]
8) Next, fire up the web browser and type the port number and the loopback IP in its URL terminal to set up the web interface for Hamster:
With the Hamster utility prepared, we must now configure the adapters. Go to the options in the browserβs menu and click on βeth0,β and wait until the browser comes up with some results:
9) Examine the results carefully once they pop up. You will see a whole bunch of IP addresses, including your own.
10) Next, we will select the target IP address in the Hamster web interface
11) See the Victimβs Web History
You can click on each of the recorded cookies to see what is going on in the sessions, which websites were accessed, the userβs private chat logs, file transfer history, etc. You can extract a lot of information here, as you are likely to have a lot of cookies.
Mess around and see what you can get your hands on. And remember, everything that you can do on the system that you are pen-testing here, a hacker can do as well, which goes to show how prone a system can be to such simple attacks.
Reference linuxforo
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CISCO AUDI TOOLS PDFs and VIDEOS:
https://www.cisco.com/c/dam/en_us/training-events/product-training/prime-infrastructure-31/ja-audit/PI31_Audit_JobAid.pdf
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/icm_enterprise/icm_enterprise_12_0_1/Configuration/Guide/ucce_b_12-security-guide/ucce_b_1171-security-guide_chapter_01001.pdf
https://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/2-2/configuration/guide/pi_22_cg/tools.pdf
https://www.youtube.com/watch?v=r39qD_FV_X4
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/auditing_the_system.pdf
https://www.youtube.com/watch?v=EaA5pLAwnkc
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CISCO AUDI TOOLS PDFs and VIDEOS:
https://www.cisco.com/c/dam/en_us/training-events/product-training/prime-infrastructure-31/ja-audit/PI31_Audit_JobAid.pdf
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/icm_enterprise/icm_enterprise_12_0_1/Configuration/Guide/ucce_b_12-security-guide/ucce_b_1171-security-guide_chapter_01001.pdf
https://www.cisco.com/c/en/us/td/docs/wireless/prime_infrastructure/2-2/configuration/guide/pi_22_cg/tools.pdf
https://www.youtube.com/watch?v=r39qD_FV_X4
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/auditing_the_system.pdf
https://www.youtube.com/watch?v=EaA5pLAwnkc
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SQL HACKING PDFS & VIDEOS :
https://www.pdfdrive.com/sql-injection-attacks-and-defensepdf-e23004387.html
http://index-of.es/Failed-attack-techniques/SQL%20Injection.pdf
http://scholarworks.sjsu.edu/cgi/viewcontent.cgi?article=1081&context=etd_projects
http://www.sis.pitt.edu/~jjoshi/courses/IS2620/Spring11/Paper7.pdf
https://www.youtube.com/watch?v=WFFQw01EYHM
https://www.youtube.com/watch?v=SJgYdTckMBY
https://www.youtube.com/watch?v=1qgehzaxMEY
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SQL HACKING PDFS & VIDEOS :
https://www.pdfdrive.com/sql-injection-attacks-and-defensepdf-e23004387.html
http://index-of.es/Failed-attack-techniques/SQL%20Injection.pdf
http://scholarworks.sjsu.edu/cgi/viewcontent.cgi?article=1081&context=etd_projects
http://www.sis.pitt.edu/~jjoshi/courses/IS2620/Spring11/Paper7.pdf
https://www.youtube.com/watch?v=WFFQw01EYHM
https://www.youtube.com/watch?v=SJgYdTckMBY
https://www.youtube.com/watch?v=1qgehzaxMEY
β β β Uππ»βΊπ«Δπ¬πβ β β β
Pdfdrive
SQL Injection Attacks and Defense.pdf - PDF Drive
Justin Clarke is a co-founder and Director of Gotham Digital Science, He provides Oracle security audits, security training and consulting.
Forwarded from UNDERCODE NEWS
