▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Cracking WPA with coWPAtty :
fb.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> coWPAtty23 is a versatile tool that can recover WPA pre-shared keys using both dictionary
and rainbow table attacks. Although it is not being actively developed, it is still quite useful,
especially when using its rainbow table attack method. For this reason alone, it is worth
adding to your arsenal of tools.

1) our target information is as follows:

> BSSID: 32:08:04:09:3D:xy ESSID: wifu (WPA2 PSK)
Client: 00:18:4D:1D:A8:1F mon0: 00:1F:33:F3:51:13

2) Since coWPAtty does not include a sniffer component, it still requires a WPA handshake to
be captured with an external tool such as Airodump-ng. In this module, we will simply

3) reuse our capture from the John the Ripper section since the password of our access point
has not been changed.

4) There won’t be any word mangling taking place so we will add our WPA password to the
end of the John the Ripper wordlist.

>root@wifu:~# echo Password123 >> /pentest/passwords/john/password.lst

5) Having the password at the end of the wordlist rather than at the beginning will provide a
better indication of the speed difference between dictionary mode and rainbow table
mode.

🦑Installed On :PARROT, KALI , WIFISLAX(new v)

@UndercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Crawl and analysis by undercode :
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

>It is very simple to scrape and analyze a file. This tutorial will guide you step by step to achieve it with an example. let's start!

　1) First, I have to decide the URL address we will crawl. Can be set in a script or passed in $ QUERY_STRING. For simplicity, let's set the variables directly in the script.

<?
$ url = 'http://www.php.net'
;?> In the

2) second step, we grab the specified file and store it in an array using the file () function.

<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);
?>

3) 　　OK, now there are files in the array. However, the text we want to analyze may not be all on one line. To understand this file, we can simply convert the array $ lines_array into a string. We can implement it using the implode (x, y) function. If you later want to use explode (set an array of string variables), it may be better to set x to "|" or "!" Or other similar separator. But for our purposes, it is best to set x to a space. y is another required parameter because it is the array you want to process with implode ().

<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);
$ lines_string = implode ('', $ lines_array);
?>

4) 　　Now that the crawling is done, it's time to analyze it. For the purpose of this example, we want to get everything between <head> to </ head>. In order to parse out the string, we also need something called a regular expression.

<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);
$ lines_string = implode ('', $ lines_array);
eregi ("<head> (. *) </ head> ", $ lines_string, $ head);
?>

5) 　　Let's take a look at the code. As you can see, the eregi () function is executed in the following format:

eregi ("<head> (. *) </ Head>", $ lines_string, $ head);

6) 　　"(. *)" Means everything and can be explained For, "Analyze all things between <head> and </ head>". $ lines_string is the string we are analyzing, and $ head is the array where the analysis results are stored.

7) 　　Finally, we can lose data. Because there is only one instance between <head> and </ head>, we can safely assume that there is only one element in the array, and that is what we want. Let's print it out.

<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);

eregi ("<head> (. *) </ head>", $ lines_string, $ head);
echo $ head [0];
?>

　　This is all the code.

Written by UndrCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Make an information release functionPHP
t.me/UnderCodeTesting


🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) CREATE TABLE jb_administrators (
administratorsID int(10) unsigned NOT NULL auto_increment,
userID mediumint(6) unsigned NOT NULL default '0',
administratorsGroupID int(10) unsigned NOT NULL default '0',
administratorsName varchar(50) NOT NULL default '',
password varchar(32) NOT NULL default '',
email varchar(50) NOT NULL default '',
ipAddress varchar(32) NOT NULL default '',
isAdministrators enum('y','n') NOT NULL default 'n',
orderByID int(10) unsigned NOT NULL default '0',
createDate bigint(14) unsigned NOT NULL default '0',
PRIMARY KEY (administratorsID)
) TYPE = MyISAM AUTO_INCREMENT = 2;

#
2) # Export the data in the table` jb_administrators`
#

3) INSERT INTO jb_administrators VALUES (1, 1, 1, 'sky', 'sky', '', '', 'n', 0, 0);
# ------------------------------------- -------------------

#
structure # jb_administratorsoption` table `

4) CREATE TABLE jb_administratorsoption (
administratorsOptionID int (8) NOT NULL auto_increment,
userID mediumint (6) unsigned NOT NULL default '0',
optionFieldName varchar (50) NOT NULL default '' ,
length tinyint(2) unsigned NOT NULL default '40',
rows tinyint(2) unsigned NOT NULL default '4',
types varchar(10) NOT NULL default '',
isPublic enum('y','n') NOT NULL default 'y',
orderByID int(8) unsigned NOT NULL default '0',
PRIMARY KEY (administratorsOptionID)
) TYPE=MyISAM AUTO_INCREMENT=10 ;

# jb_administratorsoption
#

5) INSERT INTO jb_administratorsoption VALUES (8, 1, '57777', 40, 50, 'txt', 'y', 8);
INSERT INTO jb_administratorsoption VALUES (9, 1,, 'text', 'y', 9); # Table structure jb_administratorsoptionlist #
# ------------------------------------------------- -------


6) CREATE TABLE jb_administratorsoptionlist (
administratorsOptionListID int(12) unsigned NOT NULL auto_increment,
userID mediumint(6) unsigned NOT NULL default '0',
administratorsID int(10) unsigned NOT NULL default '0',
administratorsOptionID int(8) unsigned NOT NULL default '0',
value text NOT NULL,
createDate int(14) unsigned NOT NULL default '0',
PRIMARY KEY (administratorsOptionListID)
) TYPE=MyISAM AUTO_INCREMENT=168 ;

# <

Written by UndrCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑 Hacking a CCTV camera Full by undercode :




A) Hacking a CCTV camera.

> A little theory, then practice ....

1) Almost all modern digital IP video surveillance cameras are built on the linux operating system, which is greatly reduced and has only the most necessary for work. The linux operating system itself is free, very reliable and resistant to external influences and hacks, so the manufacturer builds on its basis video recorders, video servers, video surveillance cameras, NAS and other smart gadgets.
By "hacking a surveillance camera" we mean accessing as an administrator.

🦑 Access can be obtained to:

- the graphical web interface of the camera. Having gained such access, the attacker can view the video, if there is a microphone, he can hear what is happening, and if there is two-way audio communication (microphone and speaker), he can also conduct a dialogue with the victim. Also, all the settings that the device has are available.

- the operating system via SSH or another other protocol. Having gained access, you get the command line. This vulnerability was used in large-scale DDoS attacks by hackers from hacked cameras, and the computing power of video surveillance was used to mine cryptocurrencies.


🦑 Consider the weaknesses of such devices.

- The human factor. The device has standard settings: standard login and password. After installing the equipment, it is MANDATORY to change it.

- Incompetence of specialists who were involved in the installation and configuration of video cameras. You need to understand how the system is built, when using an external ip address, you need to reliably protect the device that looks outside (the Internet). Due attention should be paid to protecting the Wi-fi router, which is used almost everywhere where there is Internet access.

- Use standard or weak (less than 8 character passwords). For hacking, brute force dictionary attacks are usually used (brute force method), which contains all the standard passwords: admin, 888888, 123456, 12345, etc.

-To protect owners, the manufacturer introduces additional security measures, for example, activation on all new devices is required for Hikvision, which forces the owner to set a password in accordance with the security requirement: CAPITAL and lowercase letters, numbers and limits the minimum length.


🦑 There are many ways to hack, consider one of the simplest using the search engine Shodan. The search engine constantly scans the Internet and collects a database of devices that responded to its requests: these are registrars, surveillance cameras, routers, firewalls, that is, all network devices that look at the world wide network.

Let's try to access those devices that have default (standard) passwords ::

>

🦑 Hacking a CCTV camera Full by undercode PRACTICING :

1) Let's move on to practice.

> Breaking into! We go to the site: https://www.shodan.io

> Without registration, we will be limited by the number of requests.

2) Therefore, it is better to go through a simple registration procedure on the site.
Next, in the search bar we need to enter what we want to find.

> Examples of requests for unauthorized access, hacking:

3) default password port: 80 (where default password are devices with standard passwords, port: 80 - serves for receiving and transmitting data via HTTP, in our case we are looking for all devices with a web interface).
port: 80 nvr country: "it"

4) (we are looking for nvr devices - Network Video Recorder, that is, DVRs; country: "it" - only Italy will be searched).

> port: 80 dvr country: "ru" (we are looking for dvr devices - Digital Video Recorder (digital video recorders) in Russia).

> port: 80 country: "ru"example asus (we are looking for equipment with a web interface in Russia from the manufacturer ASUS, the largest output will most likely be from the routers of this manufacturer).

5) (get access to FTP servers with the possibility of anonymous access).
Android Webcam (gadgets for android, which using software are used as web cameras).

> Server: SQ-WEBCAM (this request will list the equipment with the servers on which it found webcams).

6) A complete list of commands can be found on the website of the search engine Shodan.


And do not forget - when hacking, all responsibility will be on you!


7) As an example, upon first request: default password port: 80 , 3278 results were found in the search database. According to the second and third results, as can be seen from Fig. 1, we see that login: admin, and the password for access via the web interface: 1234.

8) ollow the link. We get to the authorization page. We go in using the data and voila, we get to someone else's access point Edimax. We have admin rights and we can do absolutely everything: change the language, change the password, reconfigure the equipment, or by removing the "Hide" checkbox to peek someone else's password.


9) In the same way, you can hack and gain access to third-party surveillance cameras, Network Attached Storage (NAS), printers, web cameras and any other network equipment.


10) Now imagine what this could lead to if the attacker is a professional in his field. All the results obtained with the help of bots can be entered into your database and already further using the software you can start searching through the dictionary. Believe me, the result of successful attacks will be ten times higher!


11) So that this does not happen to you, and your video surveillance system is not hacked - start to understand this issue, take responsibility and ensure proper safety of all your network equipment!

Written by UndrCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 its very simple steps , now you successful hack a cctv guide by Undercode

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Recently from undercode tweets :
In the future, Firefox may force HTTPS links to prohibit access to insecure pages
twitter.com/undercodeNews

1) Future versions of Firefox may introduce HTTPS-only mode, which means that access to unsecured websites is completely blocked. In the latest version of Firefox 76 Nightly, Mozilla has introduced an experimental feature. If everything goes well, it will land in the stable version in the next few months and be open to all users.

2) Browser vendors, including Mozilla, have been pushing HTTPS for a long time. Although most websites have upgraded and enabled the security protocol, some sites still use HTTP. When HTTPS-only mode is enabled, the Firefox browser will no longer load HTTP websites.

3) The browser first attempts to access the server to obtain an HTTPS link, and if the version does not exist, it will provide the user with an error message saying "Secure connection failed". To enable it, install the latest Firefox Nightly version and enable the dom.security.https_only_mode flag in the about: config page. When enabled, HTTP pages will no longer load.

> check more news their
@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

15 HOURS HACKING -
(Not by undercode)

https://m.youtube.com/watch?v=3Kq1MIfTWCE

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to use VPN to stream via Chromecast or AirPlay ?
t.me/undercodeTesting

1) Chromecast and AirPlay let you stream music and videos from your computer or mobile device to speakers, TVs, and other stream devices. But all of them need Wi-Fi, which can be problematic if you use a VPN.

2) When the VPN is turned on, your traffic moves through the encrypted tunnel, which prevents devices connected to the same Wi-Fi network from detecting each other. This is how it should work, because you don’t want someone just being in the coverage area of your network to find out what you are doing. It's sad to admit, but it also means that Chromecast and AirPlay will not work while you are using a VPN.

3) The easiest solution is to turn off the VPN, but it is not the only one. You can use split tunneling, as noted earlier, to route through the VPN only the traffic that you want to protect. You can also enable the VPN-browser plugin, it only encrypts browser traffic and nothing else.

4) Alternative solution: you can install VPN on your router. After that, all devices connected to your router (from your phone to the smart juicer) will use encrypted traffic. This is a great solution for well-equipped smart homes.

Written by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to hide secret data inside an image or audio file in seconds :
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

A) How does steganography work?
There are several methods for hiding data inside regular files. One of the most common and easy to understand is a method called LSB.

> It changes the last few bits in a byte to encode the message. This is especially useful when working with images where the red, green and blue colors of each pixel are encoded using 8 bits or 1 byte from 0 to 255 in decimal or in binary from 00000000 to 11111111.

> Changing the last two bits in a completely red pixel from 11111111 to 11111101 changes the value of red from 255 to 253. For the naked eye, this difference is imperceptible, while the message will be encoded inside the picture.

2) Embedding hidden data in a file
Using Steghide is very easy. To install the application through the Linux terminal, use the apt command .

apt-get install steghide

3) When the program is installed, enter the following command to embed data in a file:

steghide embed -ef secretFile -cf coverFile -sf outputFile -z compressionLevel -e scheme

🦑 The arguments may be as follows:

-ef specifies the path to the file you want to hide. You can embed a file of any type in another file, including Python scripts and shell files.
-cf is the file where the data is embedded. Supported file types are BMP, JPEG, WAV, and AU.
-sf is an optional argument that defines the resulting file. If you do not specify it, the original file where the data is inserted will be overwritten with the new file.
-z determines the compression level between 1 and 9. If you do not want to compress your file, use the -Z argument.
-e specifies the type of encryption. Steghide supports many encryption schemes. If this argument is not specified, the 128-bit AES algorithm is used. If you prefer not to use encryption, type -e none.

> In this example, secret text is hidden inside the cat image. The original file is not overwritten or compressed, encryption is not used.

steghide embed -ef secret.txt -cf StegoCat.jpg -e none -Z

> An example of working with Steghide through a terminal

🦑 When you run the Steghide command, you will be asked to set a password, which will later allow you to retrieve the embedded data. Enter the password twice to confirm. After that, you can hide the data in image and audio files.

> Comparison of the original image and the image with the embedded text. The difference in the eye can not be determined.

3) Retrieve hidden data from a file
Retrieving hidden data from a file is even easier than pasting it there. The following command applies:

$ steghide extract -sf stegoFile -xf outputFile

> displayed in the terminal window.

After entering the command, you will need to enter pass

Hiding information in images is very simple.
The benefits of steganography are that you can hide data right in front of other people's eyes, but they will not see it. The minimum difference in the files is not visible by eye, at least if you do not look closely under the microscope.

Written by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑hide secret data inside image