▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑LAN Intrusion Complete Edition by Undercode :

First declare:

　　1. The scope of the intrusion only includes the local area network, if it is in the school, it can invade the entire campus network;

　　2. The only thing that can be invaded is the existence of a weak password (the user name is administrator, etc., the password is blank), and port 139 is opened, But the machine without the firewall.

🦑　　Intrusion tools:

　　generally need to use three: NTscan metamorphic scanner, Recton-D free anti-killing version, DameWare mini Chinese version 4.5. (The first two tools antivirus software will report poison, it is recommended to temporarily turn off real-time antivirus antivirus software And encrypt the compressed packages of these two software to prevent being killed.)

🦑　　Invasion steps:

　　1. Use "NTscan metamorphic scanner", fill in the IP range to be scanned in the IP, select "WMI scan" method, press After "Start", wait for the scan result.

　　2. Use "Recton--D Special Edition" to

　　select the "CMD command" item, and enter "net share C$=C:\" in "CMD:" to open the C drive sharing of the remote host. Change "C" to D, E, F, etc., you can open the sharing of D drive, E drive, F drive, etc. This sharing method is highly concealed, and it is completely shared, and will not appear on the other host. Hold the shared logo of the disk with one hand and enter "\\Party IP\C$" in the address bar to enter the other party's C drive.

　　Select the "Telnet" item, enter the IP just scanned in the "Remote Host", remotely start the Telnet service, after successful, in the "CMD Options", execute the command: "net share ipc$", then execute: "net share admin$", and finally execute "net use \*.

　　3. Use "DameWare Mini Chinese Version 4.5", click "DameWare Mini Remote Control" after installation, select the activation product in the "Help" item, enter the registration information, and after successful registration, enter the "Remote Connection" window, in the "Host" Fill in the IP address, click "Settings", click "Edit" in the "Service Installation Options", remove the "Notify when connecting" in the "Notification Dialog", and deselect none of the "Additional Settings". Remove "Enable User Options Menu" in User Options. After the settings are completed, you can click "Connect", click "OK" in the pop-up dialog box, after success, you can control other people's computers like operating your own machine, of course, you can also just choose to monitor the other party's screen. Note: If you don't register, a dialog box will pop up on the host to reveal your identity.

 one allowed to clone our tutorials)

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The following are the six major database attacks:

1. Strong (or non-strong) cracking of weak passwords or default usernames and passwords

2. Elevation of privileges

3. Exploitation of unused and unwanted database services and vulnerabilities in functions

4. Targeting unpatched database vulnerabilities

5.SQL injection

6. steal tape backup (unencrypted)

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is the A5 encryption algorithm?

1️⃣The A5 algorithm was developed by the French in 1989. It is a serial cipher algorithm mainly used in the GSM system. The A5 encryption algorithm is used to encrypt the communication connection from the mobile phone to the base station. The algorithm has three versions, A5/1, A5/2, and A5/3.

2️⃣ If not specified, the commonly referred to as A5 refers to Is A5/1. Regarding the issue of GSM encryption, some people believe that the security of passwords will hinder the promotion of GSM phones; others believe that the strength of the A5 encryption algorithm is too weak to resist eavesdropping by some intelligence agencies.

3️⃣A5 encryption algorithm is characterized by high efficiency, suitable for efficient implementation on hardware, and it can also pass known statistical tests.

4️⃣In short, the basic idea of ​​the A5 encryption algorithm is not a problem, and its execution efficiency is very high. But from the perspective of cryptography and security, this algorithm has many security problems

written by Undercode powered by wiki
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Use and unneeded database services and features unused #vulnerabilities :

　> An external attacker will look for weak database passwords, see its potential Is the victim running the listener function on their Oracle database? The listener can search out the network connection to the Oracle database, and can forward the connection, so that the link between the user and the database will be exposed.

> 　　With just a few Google hacking attacks, an attacker can search and find the listeners exposed on the database service. Markovich said, "Many customers do not set a password on the listener, so hackers can search for the string and find the listener active on the Web. I just searched and found that there are some things that can attract people’s attention, such as Government sites. This is indeed a big problem."

>　Other features, such as the hook between the operating system and the database, can expose the database to attackers. This hook can become a communication link to the database.

-When you link the library and write the program... that will become the interface with the database," you are exposing the database and may allow hackers to enter inside without authentication and authorization.

> Usually, the database administrator does not shut down unnecessary services. Julian said, "They just leave it alone. This design is outdated and management can't keep up. This is the easiest way to make it work. Unwanted services exist in the infrastructure, which will make your Vulnerabilities are exposed."The

> key is to keep the database features streamlined and install only what you have to use. Don't need anything else. Markovich said, "Any feature can be used to deal with you, so only install what you need. If you have not deployed a feature, you do not need to patch it later."

written @UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Misc IMSI/Cellular Tools

https://github.com/Evrytania/LTE-Cell-Scanner

https://harrisonsand.com/imsi-catcher/

https://github.com/Oros42/IMSI-catcher

https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector



▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#HackersToday

> Ordinary hackers can complete a data attack in less than 10 seconds from entry to exit. This time is almost insufficient for database administrators even if they notice an intruder. Therefore, many database attacks were not noticed by the organization until the data was damaged for a long time.

> Strangely, according to the introduction of many experts, as the base of the "crown" of the enterprise, the database has not been properly secured in many enterprises. Malicious hackers are using very simple attack methods to enter the database, such as the use of weak passwords and imprecise configuration, and the use of unpatched known vulnerabilities.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑## SS7/Telecom Specific

- D1T2 - Bypassing GSMA Recommendations on SS7 Networks - Kirill Puzankov

- http://www.hackitoergosum.org/2010/HES2010-planglois-Attacking-SS7.pdf

- Getting in the SS7 kingdom: hard technology and disturbingly easy hacks= to get entry points in the walled garden

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Interesting hacking #SIM Specific Attacks :

- Rooting SIM-cards

- The Most Expensive Lesson Of My Life: Details of SIM port hack

- Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stack (https://www.usenix.org/system/files/conference/woot12/woot12-final24.pdf)

- Hiding in Plain Signal:Physical Signal Overshadowing Attack on LTE

- LTE Security Disabled—Misconfiguration in Commercial Network

- Shupeng-All-The-4G-Modules-Could-Be-Hacked

✅2020 git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner:

🦑Features

1) Works with Windows, Linux and OS X

2)Automatic Configuration

3) Automatic Update

4) Provides 8 different Local File Inclusion attack modalities:

/proc/self/environ
php://filter
php://input
/proc/self/fd
access log
phpinfo
data://
expect://

5) Provides a ninth modality, called Auto-Hack, which scans and exploits the target automatically by trying all the attacks one after the other without you having to do anything (except for providing, at the beginning, a list of paths to scan, which if you don't have you can find in this project directory in two versions, small and huge).

6) Tor proxy support

7) Reverse Shell for Windows, Linux and OS X

🦑REQUIRE :

>Python 2.7.x

>Python extra modules: termcolor, requests

>socks.py

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

CLONE https://github.com/D35m0nd142/LFISuite & GO DIR THEN
1️⃣Usage is extremely simple and LFI Suite has an easy-to-use user interface; just run it and let it lead you.

2️⃣Reverse Shell

> When you got a LFI shell by using one of the available attacks, you can easily obtain a reverse shell by entering the command "reverseshell" (obviously you must put your system listening for the reverse connection, for instance using "nc -lvp port")

( any doubt check this vid https://www.youtube.com/watch?v=6sY1Skx8MBc )

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 discovering and attacking IoT devices based on web attacks by Undercode :

1️⃣The attack methods used are:

　1-　Deceive the victim and induce them to visit the website controlled by the attacker.

　2-　Discover IoT devices on the victim's local network.

　3-　Control devices through web-based attacks.

2️⃣Attack duration

1- Technically, this is not a new attack vector. The research report cited previous research and found that it takes an average of one minute for an attacker to use these attack vectors to obtain results. Strangely, the results of a famous study

2-　　(What You Think You Know About the Web is Wrong) shows that 55% of users spend less than 15 seconds on the site. It seems that most users will not be affected by the IoT vulnerability.

　3-　But in studies conducted at Princeton University and the University of California, Berkeley, the researchers significantly shortened the duration of the attack. Researchers say that using the methods they discovered, they can discover and access devices on the local network faster than previous research. Except Chrome, because it caches DNS requests, if the TTL is below a certain threshold, the TTL is ignored. It should be noted that devices in the demilitarized zone (DMZ, internal network inside the firewall) are generally considered to be safe, because users assume that these devices cannot be accessed from outside. However, through the attack described here, the attacker can access the browser in the victim's internal network.

3️⃣Discover HTTP endpoints :

1-　The researchers analyzed these devices by connecting them to the wireless access point of the Raspberry Pi. Observe and analyze the data packets sent and received from the device, and the data packets sent and received by the mobile application bound to each device. Through analysis, 35 GET request endpoints and 8 POST request endpoints were found. These endpoints are used to identify the IP address in the discovery phase.

　2- Research phase

　　Researchers conduct research through two different stages, the discovery stage and the access stage:

3-　　The goal of the discovery phase is to find Internet of Things devices containing HTML5 elements on the browser on the local network.

4-　　The goal of the access phase is to use DNS rebinding and discovered IP addresses to access HTTP endpoints.

4️⃣ Discovery stage: Identify IoT devices

　1-Use WebRTC to obtain the local IP address.

2-Send requests to all IP addresses in the IP range through port 81. Since port 81 is usually not occupied, the active device will immediately respond to a TCP RST packet. For inactive devices within the IP range, the request packet will time out.

3-Each active IP address receives requests for 35 GET endpoints collected using HTML5 at the initial stage. Based on the error message returned, the attack script will identify whether the IP address matches any of the seven devices.

4-The study plans to use three different operating systems (Windows 10,

MacOS, and Ubuntu) and four different browsers (Chrome, Firefox, Safari, MicrosoftEdge). However, only Chrome and Firefox are suitable for this research. Therefore, Safari and Edge browsers are not used, because according to (Web-based attack on the discovery and control of local IoT devices):

> On Safari, all FETCH requests timed out, causing the attack script to identify all IP addresses as inactive. On the Edge browser, the script can use the FETCH request to correctly identify the active IP address, but Edge does not disclose a detailed HTML5 error message, so the attack script cannot identify any device on the Edge.

5️⃣Access stage: control of IoT devices

1-The victim accesses the domain name (domain.tld) ​​​​​​controlled by the attacker, and the browser executes the malicious JavaScript code found on the attacker's site. The domain name is still resolved to the attacker's server IP.

2-The malicious script requests another resource on domain.tld, which only exists on the attacker's server.

3-If the victim's local DNS cache is still resolved to the attacker's remote IP, the request for /hello.php will return the string "hello" and repeat step

4-But if the domain.tld in the victim's cache expires, a new DNS query will be sent to the attacker.

5-Finally, the local IP obtained from the discovery phase will be returned instead of the attacker's remote IP. /hello.php will not respond with the string "hello", but will use different content, such as a 404 error, which tells the malicious script The DNS rebinding attack has been successful.

6-Through this attack, the malicious script bypassed the browser's Same-Origin Policy and gained access to Web applications running on the device. Attackers can now perform restarts or start video/audio files on Google Chromecast, Google Home, smart TVs, and smart switch devices.

6️⃣How to prevent DNS rebinding attacks against IoT devices


1-Users can disable WebRTC on the browser and prevent the disclosure of private IP. The attacker will be able to discover the user's private IP by sending a request to all *.1 addresses (router addresses) within the private IP range.

2-The attacker assumes that all IP devices have the same IP range as the victim's PC. Users can assign IP addresses on another subnet (such as /16) by configuring the router's DHCP server.

3-Users can install dnsmasq to prevent DNS rebinding attacks by removing RFC 1918 addresses from DNS responses. Users can also use dnsmasq's OpenWRT router.

4-IoT vendors can control the Host header in requests sent to the Web interface. If there is no private IP that complies with RFC 1918, you can block access.

5-DNS providers can use mechanisms like dnswall to filter private IPs from DNS responses.

6-Browser vendors can develop extensions that restrict public network access to private IP ranges.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 discovering and attacking IoT devices based on web attacks full guide by Undercode

4 K hd- java Objects & Classes Detailed

https://www.youtube.com/watch?v=84hGoR9HjAY

For more youtube.com/Undercode

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WARNING #HackersToday
> Hackers use graphical verification to flicker real people download malicious files and evade automated detection

1) The Microsoft security intelligence team recently exposed the new trend of the hacker organization CHIMBORAZO.

2) As the behind-the-scenes hands of Dudear and GraceWire, the information theft Trojan, it once again looked at the CAPTCHA graphic verification code used by major websites for real-person detection .

3) Compared with fuzzy, distorted numbers or letters, the graphic verification codes that have been online for more than ten years can block many people with ulterior

4) The Microsoft Security Intelligence team pointed out that their tracking analysis from January this year found that the organization has distributed malicious Excel documents on sites that require users to complete CAPTCHA verification.

@UndercodeNews
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MAKE YOUR SITE APPEARS ON GOOGLE #REQUESTED :
- Simple random DNS, HTTP/S internet traffic noise generator

1️⃣git clone https://github.com/1tayH/noisy.git

2️⃣cd noisy

3️⃣pip install requests

4️⃣python noisy.py --config config.json

5️⃣$ python noisy.py --help
usage: noisy.py [-h] [--log -l] --config -c [--timeout -t]

🦑optional arguments:
-h, --help show this help message and exit
--log -l logging level
--config -c config file
--timeout -t for how long the crawler should be running, in seconds

🦑Build Using Docker
Build the image

1️⃣docker build -t noisy .

Or if you'd like to build it for a Raspberry Pi (running Raspbian stretch):

2️⃣docker build -f Dockerfile.pi -t noisy .

Create the container and run:

3️⃣docker run -it noisy --config config.json


✅topic 2020 git
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁