▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Now, let's look at another cause that causes the network to slow down:
( Network Configuration-LAN Implementation VLAN Example full by UndercOde part 2)
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) broadcast. Broadcasts exist on all networks. If they are not properly controlled, they will flood the entire network and
generate a large amount of network traffic. Broadcasting not only consumes bandwidth, but also reduces the processing efficiency of user workstations.

2) Each of various
reasons like, the network operating system (NOS) using broadcast, TCP / IP using the broadcast MAC address resolution from the IP address, so that also
advertises by using broadcasts RIP and IGRP protocol, therefore, is inevitable broadcast

3) Bridges and switches will
forward all broadcast messages, while routers will not. Therefore, in order to control the broadcast, a router must be used. Routers
make forwarding decisions based on Layer 3 headers, destination IP addressing, destination IPX addressing, or destination Appletalk addressing.

4) A router is a
Layer 3 device.


5) we can easily understand the three-layer switching technology. In simple terms, it is the technology that combines routing and switching into one.


6) After a first router for routing data stream, will produce a MAC address and IP address mapping table, when the same number of
time data stream through again, this will be exchanged according to the mapping table directly from the floor rather than re-routing Provides wire-speed performance, which
eliminates network delay caused by router selection and improves the efficiency of packet forwarding. The switch using this technology is
often called a Layer 3 switch.

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 UNDERSTANDING BEFORE ATTACK :
what is a VLAN? VLAN (Virtual Local Area Network) means virtual local area network.
pinterest.com/UndercOdeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) VLANs do not consider the physical location of users, but logically divide users into
working groups with relatively independent functions based on functions, applications, and other factors . Each user host is connected to a VLAN-enabled switch port and belongs to a VLAN .

2) Members in the same VLAN all share broadcasts to form a broadcast domain, and broadcast information between different VLANs is isolated from each other.

3) In this
way, the entire network is divided into multiple different broadcast domains (VLANs).

4) Generally, if a station in a VLAN sends a broadcast, all stations in this VLAN will
receive the broadcast, but the switch will not send the broadcast to any port in other VLANs. If you want to broadcast
to other VLAN ports, you need to use a Layer 3 switch.

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Network Configuration-Find Computer IP by NETBIOS Name
fb.com/UnderCodeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Use nmblookup test to find the IP of the machine with the NETBIOS name test in the same network, if This machine
has multiple IPs and will be listed together.

2) My linux was forced to die under yesterday ’s sudden power failure. What should I do

> when I cannot enter KDE when I enter again :

fsck -s -y /

fsck -s -y / var

fsck -s -y / usr

@UndercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 The Best Antiviruses for Linux in 2020:
twitter.com/UNDERCODETC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Bitdefender GravityZone Business Security – Best for Businesses
www.bitdefender.com

2) Comodo Antivirus for Linux – Best for Home Users
> https://www.comodo.com/home/internet-security/antivirus-for-linux.php

3) ESET NOD32 Antivirus for Linux – Best for New Linux Users (Home)
> www.eset.com

4) Kaspersky Endpoint Security for Linux – Best for Hybrid IT Environments (Business)
> https://me-en.kaspersky.com/small-business-security?redef=1&THRU&reseller=me-en_meta-ksos_acq_ona_sem_bra_onl_b2c__psrch_______&utm_source=google&utm_medium=branded&utm_campaign=ksos-15&ksid=fb29975b-4f58-4bce-8b22-1697c3e77cf9&ksprof_id=434&ksaffcode=305783&ksdevice=c&kschadid=214581515961&kschname=google&kpid=Google|822220295|45727109471|214581515961|kwd-299077543916|c&gclid=EAIaIQobChMIhonei-jG5wIVSdHeCh0nPwlREAAYAiAAEgLYPvD_BwE

5) recommended for ubunto servers- sofos antivirus
> https://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-linux.aspx

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Topic 2019-2020 termux scripts: configurable prompt builder for Bash and ZSH
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

a) Termux

>< apt update

> apt install gbt

b) Arch Linux

> yaourt -S gbt

> Or install gbt-git if you would like to run the latest greatest from the master branch.

🦑 CentOS/RHEL
Packages hosted by Packagecloud):

echo '[gbt]
name=GBT YUM repo
baseurl=https://packagecloud.io/gbt/release/el/7/$basearch
gpgkey=https://packagecloud.io/gbt/release/gpgkey
https://packagecloud.io/gbt/release/gpgkey/gbt-release-4C6E79EFF45439B6.pub.gpg
gpgcheck=1
repo_gpgcheck=1' | sudo tee /etc/yum.repos.d/gbt.repo >/dev/null
sudo yum install gbt
Use the exact repository definition from above for all RedHat-based distribution regardless its version.

🦑 Ubuntu/Debian/kali

> Packages hosted by Packagecloud):

1) curl -L https://packagecloud.io/gbt/release/gpgkey | sudo apt-key add -

2) echo 'deb https://packagecloud.io/gbt/release/ubuntu/ xenial main' |

3) sudo tee /etc/apt/sources.list.d/gbt.list >/dev/null

4) sudo apt-get update

5) sudo apt-get install gbt

6) Use the exact repository definition from above for all Debian-based distribution regardless its version.

🦑 Mac
Using Homebrew:

1) brew tap jtyr/repo

2) brew install gbt

3) Or install gbt-git if you would like to run the latest greatest from the master branch.

E N J O Y
@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Updated 2020 repo for web pentesting api
pinterest.com/UndercOdeOfficial

🦑FEATURES :

1) A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.

2) Has 5 main phases, subdivided into 14 sub-phases consisting a total of 108 modules.

3) Reconnaissance Phase has 50 modules of its own (including active and passive recon, information disclosure modules).

4) Scanning & Enumeration Phase has got 16 modules (including port scans, WAF analysis, etc)

5) Vulnerability Analysis Phase has 37 modules (including most common vulnerabilites in action).

6) Exploits Castle has only 1 exploit. (purely developmental)
And finally, Auxillaries have got 4 modules. more under development

7) All four phases each have a Auto-Awesome module which automates every module for you.

8) You just need the domain, and leave everything is to this tool.
TIDoS has full verbose out support, so you'll know whats going on.

9) Fully user friendly interaction environment. (no shits)

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :


Presently, for installing globally, you will need to default your Python version to 2.x. However, the work of migration from Python2 to Python3 is already underway.

1) Clone the repository locally and navigate there:

> git clone https://github.com/0xinfection/tidos-framework.git

2) cd tidos-framework

3) Install the dependencies:

> chmod +x install

4) ./install

🦑Now lets run the tool:

TIDoS needs some libraries to run, which can be installed via aptitude or yum Package Managers.

1) sudo apt-get install libncurses5 libxml2 nmap tcpdump libexiv2-dev build-essential python-pip python-xmpp

2) Now after these dependencies are finished installing, we need to install the remaining Python Package dependencies, hence run:

> pip2 install -r requirements.txt
Thats it. You now have TIDoS at your service. Fire it up using:

3) python2 tidos.py

🦑 Docker image :
You can build it from Dockerfile :

1> git clone https://github.com/0xinfection/tidos-framework.git

2> cd tidos-framework/docker

3> docker build -r tidos .

> To run TIDoS :

> docker run --interactive --tty --rm tidos bash
tidos

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 What is CVE-2014-6271 Detail >?
This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
>Written by Undercode- Powered by Gov Site
t.me/UndercOdeTesting

𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

🦑 Current Description

1) GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables,

2) which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka


3) "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

🦑References to Advisories, Solutions, and Tools :

1) By selecting these links, you will be leaving NIST webspace.

2) We have provided these links to other web sites because they may have information that would be of interest to you.

3) No inferences should be drawn on account of other sites being referenced, or not, from this page. T

4) here may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites


Hyperlink Resource
http://advisories.mageia.org/MGASA-2014-0388.html Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html Third Party Advisory
http://jvn.jp/en/jp/JVN55667175/index.html Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126 Third Party Advisory VDB Entry Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 Third Party Advisory
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1293.html Third Party Advisory
http://linux.oracle.com/errata/ELSA-2014-1294.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-10/msg00023.html Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html Third Party Advisory
http://marc.info/?l=bugtraq&m=141216207813411&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=141216668515282&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=141235957116749&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=141319209015420&w=2 Third Party Advisory
http://marc.info/?l=bugtraq&m=141330425327438&w=2

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 The web pentesting- script lastest post by undercode include CVE-2014-6271 -Verified by UndercOde so use for learn only 😁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 CVE identifiers :
MITRE Corporation's documentation defines CVE Identifiers (also called "CVE names", "CVE numbers", "CVE-IDs", and "CVEs") as unique, common identifiers for publicly known information-security vulnerabilities in publicly released software packages.
twitter.com/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

Syntax::

1> In order to support CVE ID's beyond CVE-YEAR-9999 (aka the CVE10k problem, cf. year 10,000 problem) a change was made to the CVE syntax in 2014 and took effect on Jan 13, 2015

2>The new CVE-ID syntax is variable length and includes:

CVE prefix + Year + Arbitrary Digits

3> NOTE: The variable length arbitrary digits will begin at four (4) fixed digits and expand with arbitrary digits only when needed in a calendar year, for example, CVE-YYYY-NNNN and if needed CVE-YYYY-NNNNN, CVE-YYYY-NNNNNN, and so on. This also means there will be no changes needed to previously assigned CVE-IDs, which all include a minimum of 4 digits.

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to change Xwin's refresh rate bny UndercOde
instagram.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) If you are using Redhat your X window configuration file is / etc / X11 / XF86Config Slackware's X Window configuration file is / etc / XF86Config

🦑 In that file you will see something like this:

# 640x400 @ 70 Hz , 31.5 kHz hsync Modeline "640x400" 25.175 640 664 760 800 400 409 411 450 # 640x480 @ 60 Hz, 31.5 kHz hsync Modeline "640x480" 25.175 640 664 760 800 480 491 493 525 # 800x600 @ 56 Hz, 35.15 kHz hsync ModeLine " 800x600 "36 800 824 896 1024 600 601 603 625 # 1024x768 @ 87 Hz interlaced, 35.5 kHz hsync Modeline" 1024x768 "44.9 1024 1048 1208 1264 768 776 784 817 Interlace

# 640x480 @ 72 Hz, 36.5 kHz hsync Modeline" 640x480 "31.5 640 680 720 864 480 488 491 521 # 800x600 @ 60 Hz, 37.8 kHz hsync Modeline “800x600” 40 800 840 968 1056 600 601 605 628 + hsync + vsync

# 800x600 @ 72 Hz, 48.0 kHz hsync Modeline "800x600" 50 800 856 976 1040 600 637 643 666 + hsync + vsync # 1024x768 @ 60 Hz, 48.4 kHz hsync Modeline "1024x768" 65 1024 1032 1176 1344 768 771 777 806 -hsync -vsync

# 1024x768 @ 70 Hz, 56.5 kHz hsync Modeline "1024x768" 75 1024 1048 1184 1328 768 771 777 806 -hsync -vsync # 1280x1024 @ 87 Hz interlaced, 51 kHz hsync Modeline "1280x1024" 80 1280 1296 1512 1568 1024 1025 1037 1165 Interlace

2) These things control the settings of your graphics card.

> For example, the following line notes that the resolution is 1280x1024 and the refresh rate is 76 Hz. The line scan frequency is 81.13 kilohertz # 1280x1024 @ 76 Hz, 81.13 kHz hsync Set the graphics card in this line: Modeline “1280x1024” 135 1280 1312 1416 1664 1024 1027 1030 1064

3) The meaning of each item in this line is as follows: (from the left To the right)

> mode line, resolution, pixel frequency (megahertz), number of pixels per line, clock cycle at which line synchronization (blanking) pulse starts, clock period at which line synchronization (blanking) pulse ends, The number of clock cycles, the number of image lines per frame, the number of scanning lines at the beginning of the frame synchronization pulse, the number of scanning lines at the end of the frame synchronization pulse, and the number of scanning lines per frame.

4) Adjust these numbers to make the most of your graphics card and monitor.

> For example, your graphics card has a megabyte of memory and you can set it to a resolution of 1152x900. :-) What you need to be careful of is to carefully check the scan frequency allowed by your monitor. Some monitors will burn the line scan transistor when they receive too high scan sync pulses. I have burned a display.

5) The transistor is not very easy to buy. The line scan transistor of a color TV is usually not available. The frequency is too low and the power is not high enough. :-( The

> next question is what pixel frequency your graphics card can use. For example, the above line requires 135MHz, but your card only has 125 MHz. It's over 125.

6) If there are multiple mode lines in your configuration file corresponding to the resolution you want, you can use # to seal other low-frequency mode lines, leaving only the frequencies you want. You can change the scanning frequency.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Infrared devices in Linux full bu UndercOde
This article mainly introduces the relationship between Infrared and Linux, and describes the types of Infrared and the protocols and architectures supported by Linux Infrared. Linux IrDA uses IrDA infrared wireless transmission to communicate with peripheral devices. These devices include printers, modems, fax machines, mobile phones, and today's applications on PDAs.
Pinterest.com/UndercOdeOfficial

🦑 The types of Infrared include:

1) SIR: Standard IR-115200bps (emulation Serial Port)

2) MIR: Middle IR-1.15Mbps

3) FIR: Fast IR-4Mbps

4) VFIR: Very Fast IR-16Mbpshgdi

5) Dongle: Infrared adapters for the serial port


🦑 Linux Infrared Supported protocols:
Linux The protocols supported by IrDA include

1) .IrLAP

2) .IrLMP

3) .IrIAS

4) .IrIAP

5) .IrLPT-transfers between printers

6) .IrCOMM-emulate Serial and Parallel port

7) .IrOBEX-object (file etc.) transmission

8) .IrLAN-infrared network device (HTTP etc.)

9). IrSocket

🦑 The architecture of IrMC Linux Infrared:

Since its development in 1997, Linux IrDA is basically divided into two parts:

1) Linux-IrDA source code integrated in the Linux kernel Kernel version 2.2.x ~

directory-
　　/ usr / src / linux / net / irda (protocal stuff)
　　/ usr / src / linux / drivers / net / irda (device drivers)
　　/ usr / src / linux / include / net / irda (header files)


2) Linux-IrDA tools.
PS. Currently throwing It is an experimental stage.

🦑 Linux system settings:

1) Edit file: /etc/conf.modules

#Irda
alias tty-ldisc-11 irtty
alias char-major-161 ircomm-tty
# post-install ircomm-tty /etc/rc.d /init.d/rc.irda autostart
# post-remove ircomm-tty /etc/rc.d/init.d/rc.irda autostop


2) Run: depmod -a


File the Edit: / etc / IrDA / your ON the IR Chip Drivers the depend.


3) The Run: depmod -a


🦑 HOW TO ?

In Case Dell Inspiron 5000

1) determines BIOS has IrDA enabled, and the recording system allocates resources (IRQ, DMA, I / O Port )


2) When recompiling Kernel
make menuconfig, IrDA modules are enabled, and check the protocols that need to be supported.

3) Install Irda-utils RPM

> irmanager: Detect peripheral infrared devices
irattach: Enable (mount) infrared
irdadump: Monitor the transmission between infrared devices
irdaping : Ping infrared peripheral device
irkbd: infrared keyboard

4) system is set with reference to the previous section

VI /etc/rc.config START_IRDA = Yes

LN -s /etc/rc.config /etc/rc.d/rd3.d/S99irda

the mknod / dev / irnine c 161 0

ln -s / dev / pilot / etc / irnine

E N J O Y
Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑All Linux command: bzip2
bzip2
twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Function description: Compression program for .bz2 file.

2) Syntax: bzip2 [-cdfhkLstvVz] [-repetitive-best] [-repetitive-fast] [-compression level] [files to be compressed]

3) Supplementary explanation: bzip2 uses a new compression algorithm, and the compression effect is better than traditional LZ77 / The LZ78 compression algorithm is good. If you do not add any parameters, bzip2 will generate a .bz2 compressed file after deleting the file, and delete the original file.

🦑 Parameters:

　-c or --stdout send compressed and decompressed results to standard output.

　-d or --decompress performs decompression.

　-f or --force bzip2 When compressing or decompressing, if the output file has the same name as an existing file, the preset file will not be overwritten by default. To override, use this parameter.

　-h or --help Display help.

　-k or --keep bzip2 deletes the original file after compression or
decompression. To keep the original file, use this parameter.

　-s or --small reduces the amount of memory used during program execution.

　-t or --test Test the integrity of the .bz2 compressed file.

　-v or --verbose Display detailed information when compressing or decompressing files.

　-z or --compress Force compression.

　-L, --license,

　-V or --version Display version information.

　--repetitive-best If there are repeated data in the file, you can use this parameter to improve the compression effect.

　--repetitive-fast If there is repeated information in the file, this parameter can be used to speed up the execution.

　-Compression level Block size when compressed.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

this pic source wiki - verified & posted by UndercOde- ALL CVE TYPES-2020 analysis

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 topic Geolocation Spy (GeoSpy) is an OSINT analysis and research tool that is used to track and execute
intelligent social engineering attacks in real time. It was created with the aim of teaching the world
show large Internet companies could obtain confidential information such as the status of sessions of their
websites or services and control their users through their browser, without their knowlege, but It evolves
with the aim of helping government organizations, companies and researchers to track the cybercriminals

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) git clone https://github.com/entynetproject/geospy

2) cd geospy

3) chmod +x install.sh

4) ./install.sh

🦑 Commands:

Geolocation Spy execution
geospy -h

usage: geospy [-h] [-v] [-u URL] [-p PORT] [-ak ACCESSKEY] [-l LOCAL] [-n]
[-ic INJC] [-ud]

optional arguments:
-h, --help show this help message and exit
-u URL, --url URL Put the web page URL to clone.
-p PORT, --port PORT Insert your port.
-ak ACCESSKEY, --accesskey ACCESSKEY
Insert your custom Access Key.
-n, --ngrok Insert your ngrok Authtoken.
-ic INJC, --injectcode INJC
Insert your custom REST API path.
-ud, --update Update GeoSpy to the latest version.

🦑 Tested by UndercOde on

Ubuntu
debian

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Security issues with NFS services Full by UndercOde :
The NFS service of the Unix system is equivalent to the file sharing service on the MS system. Some people may think that this is an inappropriate analogy, but the two have surprisingly similar security issues.

> Just as many security problems on NT / Windows machines come from sharing Like resources, the misconfiguration of the NFS service can also allow your system to be taken over by intruders. NFS is built on the RPC (Remote Procedure Call) mechanism. Similarly, NT-based services on the RPC mechanism are not secure; they are shared for MS Resource attacks are currently the most popular NT attack method on the Internet. Attacks on NFS are also the most common method for UNix platform machines.
instagram.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

The insecurity of NFS is mainly reflected in the following 4 aspects:

1) Novice access control mechanism for NFS handy difficult to achieve control objectives accuracy difficult to achieve

2) NFS no real user authentication mechanism, but only authentication mechanism to process RPC / Mount request

3) earlier NFS allows unauthorized users to obtain a valid file handle

4) In a RPC remote call, a SUID program has superuser privileges.


Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Part 2 :Security issues with NFS services Full by UndercOde
We discuss them from these aspects:

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) In the default case of most Unix systems When exporting a directory, if you do not specify read-only, the directory is writable; the NFS access control file is prone to misconfiguration. In many cases, it is configured to be accessible by any machine on the Internet. Remote users can use this command to It is found whether there is a configuration vulnerability in NFS. This command is a necessary step for almost all NFS attacks:

> showmount -e www.examl....com The
possible results are as follows:
/ usr (everyone)
/ export / target1 -access = target2
/ export / target2 -access = target1

2) You can mount the / usr directory on this NFS server to the local directory:
# mount www.exampl...com:/usr / tmp

3) This shows that the / usr directory can be mounted by any machine, and may even have write permissions; and / The export / target1 directory specifies host access restrictions, and must be a member of target2.exam,...com or a member of the Netgroup of target2 to mount.

4) Most intruders first use this command to query the NFS vulnerability on the target, just as the Netview command for NT It is worth reminding that the popular invasion method has changed from the previous attack method to determine the target to the method of invasion as long as there is opportunity for the opponent.

5) The intruder may write a script or a program using To scan a large range of addresses, list the results and report to yourself. Therefore, the correct configuration is very important. On the Internet, there are a lot of machines with wrong NFS settings. This configuration is generally stored in the / etc / exports file or / etc / dfs / dfstab.

6) The user authentication requested by the client from the client is composed of the user's UID and the GID of the group to which it belongs. This type of file access security verification is of course for systems without NFSIt is safe; but on the Internet, the root of other machines has the right to set such a UID on its own machine, and the NFS server does not matter whether the UID is on its own machine or not, as long as the UID matches, it will give this user operation on this file

🦑 EXample :

> For example, the directory / home / frank can only be opened for reading and writing by a user with a UID of 501, and this directory can be mounted by a remote machine.Then, the root user of this machine adds a user with a UID of 501, and then uses this The user logs in and mounts the directory, and can get the equivalent of 501 user operation permissions on the NFS server to read and write / home / frank. To solve this problem, you must properly configure exports, limit the host address of the customer, and explicitly set rw = host options, ro (read-only) options, and access = host options.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 the purpose is to make NFS file handles difficult to guess. This information is generated by the stat (2) system call. Unfortunately, this call is used A function vn_stat () has a problem:
t.me/UndercOdeTesting

...
sb-> st_gen = vap-> va_gen;
sb-> st_blocks = vap-> va_bytes / S_BLKSIZE;
return (0);} The

🦑 above program code is exposed to generate st_gen All the information of this number, using this information, unauthorized users can get the handle of the file. The correct program should only allow this information to be exposed to root:

...
sb-> st_flags = vap-> va_flags;
if (suser (p-> p_ucred, & p-> p_acflag)) {
sb-> st_gen = 0;
} else {
sb-> st_gen = vap-> va_gen;
}
sb-> st_blocks = vap-> va_bytes / S_BLKSIZE;
return (0);
} In

this way, if it is not root, he can only get 0.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁