π¦Bin For Spotify 3 Months Premium + ATRESplayer Premium
BIN: 5183024500xxxxxx
DATE: Rnd
CVV: Rnd
IP: USA πΊπΈ
β Spotify
β AteresPlayer
How use bin https://t.me/UnderCodeTesting/3768
BIN: 5183024500xxxxxx
DATE: Rnd
CVV: Rnd
IP: USA πΊπΈ
β Spotify
β AteresPlayer
How use bin https://t.me/UnderCodeTesting/3768
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦MALWARE RESOURCES :
* [SMRT](https://github.com/pidydx/SMRT) - Sublime Malware Research Tool, a
plugin for Sublime 3 to aid with malware analyis.
* [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for
* [StringSifter](https://github.com/fireeye/stringsifter) - A machine learning tool
that automatically ranks strings based on their relevance for malware analysis.
* [Triton](https://triton.quarkslab.com/) - A dynamic binary analysis (DBA) framework.
* [Udis86](https://github.com/vmt/udis86) - Disassembler library and tool
for x86 and x86_64.
* [Vivisect](https://github.com/vivisect/vivisect) - Python tool for
malware analysis.
* [WinDbg](https://developer.microsoft.com/en-us/windows/hardware/download-windbg) - multipurpose debugger for the Microsoft Windows computer operating system, used to debug user mode applications, device drivers, and the kernel-mode memory dumps.
* [X64dbg](https://github.com/x64dbg/) - An open-source x64/x32 debugger for windows.
* [iocextract](https://github.com/InQuest/python-iocextract) - Advanced Indicator
of Compromise (IOC) extractor, Python library and command-line tool.
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦MALWARE RESOURCES :
* [SMRT](https://github.com/pidydx/SMRT) - Sublime Malware Research Tool, a
plugin for Sublime 3 to aid with malware analyis.
* [strace](https://sourceforge.net/projects/strace/) - Dynamic analysis for
* [StringSifter](https://github.com/fireeye/stringsifter) - A machine learning tool
that automatically ranks strings based on their relevance for malware analysis.
* [Triton](https://triton.quarkslab.com/) - A dynamic binary analysis (DBA) framework.
* [Udis86](https://github.com/vmt/udis86) - Disassembler library and tool
for x86 and x86_64.
* [Vivisect](https://github.com/vivisect/vivisect) - Python tool for
malware analysis.
* [WinDbg](https://developer.microsoft.com/en-us/windows/hardware/download-windbg) - multipurpose debugger for the Microsoft Windows computer operating system, used to debug user mode applications, device drivers, and the kernel-mode memory dumps.
* [X64dbg](https://github.com/x64dbg/) - An open-source x64/x32 debugger for windows.
* [iocextract](https://github.com/InQuest/python-iocextract) - Advanced Indicator
of Compromise (IOC) extractor, Python library and command-line tool.
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
pidydx/SMRT
Sublime Malware Research Tool. Contribute to pidydx/SMRT development by creating an account on GitHub.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦helpfull termux tool :
FEATURES :
>Grabb email passwords NEW!
>Check passwords leaked.
>Check hash code leaked.
>Check email leaked!
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦helpfull termux tool :
FEATURES :
>Grabb email passwords NEW!
>Check passwords leaked.
>Check hash code leaked.
>Check email leaked!
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£
sudo apt update && sudo apt install python3 python3-pip
2οΈβ£git clone https://github.com/GitHackTools/Leaked
3οΈβ£cd Leaked
4οΈβ£bash install_update.sh
5οΈβ£python3 leaked.py
6οΈβ£CHOOSE OPTIONS VIA NUMBER SIMPLY@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Apache Log Modules
Apache has several modules that are responsible for weblogs:
1οΈβ£mod_log_config . Keeps a log of requests made to the server. This is the main module, which is enabled by default, and it is he who saves information about requests. Basically, here we will consider this particular module and its settings. Provides access log operation .
2οΈβ£mod_log_debug . Additional custom debug logs. Enables Additional configurable debug logging. It has an experimental status.
3οΈβ£mod_log_forensic . Forensic registration of server requests. Provides Forensic (forensic logs).
4οΈβ£mod_logio . Registration of input and output bytes of each request. This module must be included in the Apache configuration if you want to log information about the amount of data transferred and / or received. Provides some of the features of the Access Log format (access log).
5οΈβ£Apache Core Features - The main Apache HTTP Server features that are always available. It also provides the operation of Error Log and Per-module logging .
6οΈβ£mod_cgi and mod_cgid . Provides the work of the CGI Script Execution Log.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Apache Log Modules
Apache has several modules that are responsible for weblogs:
1οΈβ£mod_log_config . Keeps a log of requests made to the server. This is the main module, which is enabled by default, and it is he who saves information about requests. Basically, here we will consider this particular module and its settings. Provides access log operation .
2οΈβ£mod_log_debug . Additional custom debug logs. Enables Additional configurable debug logging. It has an experimental status.
3οΈβ£mod_log_forensic . Forensic registration of server requests. Provides Forensic (forensic logs).
4οΈβ£mod_logio . Registration of input and output bytes of each request. This module must be included in the Apache configuration if you want to log information about the amount of data transferred and / or received. Provides some of the features of the Access Log format (access log).
5οΈβ£Apache Core Features - The main Apache HTTP Server features that are always available. It also provides the operation of Error Log and Per-module logging .
6οΈβ£mod_cgi and mod_cgid . Provides the work of the CGI Script Execution Log.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 BRUTEFORCE RDP BEST METHODE USING HYDRA THE FAMOUS TOOL-
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
-Kali
-Parrot
-Debian 10/9
- work's for ubuntu Systems
π¦
ENJOY β€οΈππ»
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 BRUTEFORCE RDP BEST METHODE USING HYDRA THE FAMOUS TOOL-
RUSSIAN CODE
Script for automatic scanning of the address list for the presence of open 3389 ports, and then selecting the method and starting busting pair login / password. πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/getdrive/Lazy-RDP3οΈβ£Installing dependencies
2οΈβ£cd Lazy-RDP && chmod +x hydra/configure hydra/hydra src/rdp_brute.sh patator.py start INSTALL
./INSTALL4οΈβ£Running the script
./start
π¦Tested On :-Kali
-Parrot
-Debian 10/9
- work's for ubuntu Systems
π¦
VIDEO TUTORIAL (BRUTEFORCE RDP)
https://www.youtube.com/watch?v=Kpl8l6YQq48&feature=youtu.beENJOY β€οΈππ»
β 2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
YouTube
Lab Pentestit v.11 - RDP vs Lazy-RDP+MS16-032
Π Π²ΠΎΠΏΡΠΎΡΡ ΠΎ ΡΠΎΠΌ, ΠΊ ΡΠ΅ΠΌΡ ΠΌΠΎΠ³ΡΡ ΠΏΡΠΈΠ²Π΅ΡΡΠΈ ΡΠ»Π°Π±ΡΠ΅ ΠΏΠ°ΡΠΎΠ»ΠΈ, Π΄Π°ΠΆΠ΅ Π½Π΅ΠΏΡΠΈΠ²ΠΈΠ»Π΅Π³ΠΈΡΠΎΠ²Π°Π½Π½ΡΡ
Π°ΠΊΠΊΠ°ΡΠ½ΡΠΎΠ².
Link Lazy-RDP: https://github.com/getdrive/Lazy-RDP
Track: Electric Universe - Visiting Venus
Network diagram: https://drive.google.com/open?id=1RfsGBmTA-BaD5XA2xQC08nfgN9eiG0Pr
Link Lazy-RDP: https://github.com/getdrive/Lazy-RDP
Track: Electric Universe - Visiting Venus
Network diagram: https://drive.google.com/open?id=1RfsGBmTA-BaD5XA2xQC08nfgN9eiG0Pr
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to change x11vnc options without restarting the service ??
> The x11vnc service can be controlled remotely, for example, terminate its work or change options on the fly. To do this, use the same command that runs the VNC server, that is, x11vnc with the -remote option . This option has two aliases: -R and -r
The list of supported commands is large, let's consider only a few examples:
To install an already running VNC server, use any of the following commands:
1οΈβ£x11vnc -remote stop<font></font>
x11vnc -R stop
2οΈβ£To enable shared connections:
x11vnc -R shared
3οΈβ£The following command will scale the desktop:
x11vnc -R scale:3/4
π¦The command to allow connections if the VNC server was started with the -deny_all option :
1οΈβ£ x11vnc -remote nodeny
To run a sequence of commands, use something like this:
2οΈβ£x11vnc -R 'script:
To read commands from a file, use:
x11vnc -R script:file...
3οΈβ£A file can consist of several lines and use the ' # ' symbol for commenting. In any case, you need to use split ' ; 'to separate each team.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to change x11vnc options without restarting the service ??
> The x11vnc service can be controlled remotely, for example, terminate its work or change options on the fly. To do this, use the same command that runs the VNC server, that is, x11vnc with the -remote option . This option has two aliases: -R and -r
The list of supported commands is large, let's consider only a few examples:
To install an already running VNC server, use any of the following commands:
1οΈβ£x11vnc -remote stop<font></font>
x11vnc -R stop
2οΈβ£To enable shared connections:
x11vnc -R shared
3οΈβ£The following command will scale the desktop:
x11vnc -R scale:3/4
π¦The command to allow connections if the VNC server was started with the -deny_all option :
1οΈβ£ x11vnc -remote nodeny
To run a sequence of commands, use something like this:
2οΈβ£x11vnc -R 'script:
To read commands from a file, use:
x11vnc -R script:file...
3οΈβ£A file can consist of several lines and use the ' # ' symbol for commenting. In any case, you need to use split ' ; 'to separate each team.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#DefinitionS HACKING TERMS
1οΈβ£SOCIAL WORKERS VULNERABILITY :
When you specifically Google:) /Baidu social worker, the answer is social work, we said that social workers would have nothing to do with this. Social workers are called social engineering, which is a technology that studies the weakness of human nature to attack. For instance the website administrator is called Xiao Ming.Then the administrator password of the website is likely to be xiaoming, or even xiaohong, why is it with Xiaohong? Because it may be the person Xiao Ming likes, of course, it may also have xiaofeng, but the probability is very low, at least much lower than the previous two. Social work attacks are usually attacked with this idea. To put it simply, you can also understand it as human flesh, and some of the materials that are extracted from human flesh on the Internet all use social engineering technology. Xiaofeng gives a simple example. For example, if you are looking for the qq number of a star, you can search for the name of his company in the qq group. The xx company group may appear, and then you know how to find the qq number.
2οΈβ£WebShell
WebShell is a command environment that exists in the form of asp, php, jsp and other web files, and it can also be called a web page backdoor. After a hacker has invaded a website, these asp or php backdoor files are usually mixed with the normal web page files in the WEB directory of the website server, and they are usually hidden deeper because they cannot be found by the administrator and cannot be accessed after being deleted. Take control. A website is hung with a webshell backdoor, basically you can do whatever you want, you can modify any part of the website or delete it. The web transactions between hackers are carried out through webshell. For example, how much do I spend to buy webshell permissions for this website, and the attacker is responsible for finding a way to put a webshell backdoor in this website, so that everyone should understand.
ENJOY π¦ππ»
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#DefinitionS HACKING TERMS
1οΈβ£SOCIAL WORKERS VULNERABILITY :
When you specifically Google:) /Baidu social worker, the answer is social work, we said that social workers would have nothing to do with this. Social workers are called social engineering, which is a technology that studies the weakness of human nature to attack. For instance the website administrator is called Xiao Ming.Then the administrator password of the website is likely to be xiaoming, or even xiaohong, why is it with Xiaohong? Because it may be the person Xiao Ming likes, of course, it may also have xiaofeng, but the probability is very low, at least much lower than the previous two. Social work attacks are usually attacked with this idea. To put it simply, you can also understand it as human flesh, and some of the materials that are extracted from human flesh on the Internet all use social engineering technology. Xiaofeng gives a simple example. For example, if you are looking for the qq number of a star, you can search for the name of his company in the qq group. The xx company group may appear, and then you know how to find the qq number.
2οΈβ£WebShell
WebShell is a command environment that exists in the form of asp, php, jsp and other web files, and it can also be called a web page backdoor. After a hacker has invaded a website, these asp or php backdoor files are usually mixed with the normal web page files in the WEB directory of the website server, and they are usually hidden deeper because they cannot be found by the administrator and cannot be accessed after being deleted. Take control. A website is hung with a webshell backdoor, basically you can do whatever you want, you can modify any part of the website or delete it. The web transactions between hackers are carried out through webshell. For example, how much do I spend to buy webshell permissions for this website, and the attacker is responsible for finding a way to put a webshell backdoor in this website, so that everyone should understand.
ENJOY π¦ππ»
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦A REAL extremely buggy web app 2020 RECOMMENDED BY Undercode :
FEATURES :
SQL, HTML, iFrame, SSI, OS Command, PHP, XML, XPath, LDAP and SMTP injections
Blind SQL injection and Blind OS Command injection
Boolean-based and time-based Blind SQL injections
Drupageddon and Drupalgeddon2 (CVE-2018-7600)
AJAX and Web Services issues (JSON/XML/SOAP)
Heartbleed vulnerability (OpenSSL) + detection script included
Shellshock vulnerability (CGI)
Cross-Site Scripting (XSS) and Cross-Site Tracing (XST)
phpMyAdmin BBCode Tag XSS
Cross-Site Request Forgery (CSRF)
Information disclosures: favicons, version info, custom headers,...
Unrestricted file uploads and backdoor files
Old, backup & unreferenced files
Authentication, authorization and session management issues
Password and CAPTCHA attacks
Insecure DistCC, FTP, NTP, Samba, SNMP, VNC, WebDAV configurations
Arbitrary file access with Samba
Directory traversals and unrestricted file access
Local and remote file inclusions (LFI/RFI)
Server Side Request Forgery (SSRF)
XML External Entity attacks (XXE)
Man-in-the-Middle attacks (HTTP/SMTP)
HTTP parameter pollution and HTTP verb tampering
Denial-of-Service (DoS) attacks: Slow Post, SSL-Exhaustion, XML Bomb,...
POODLE vulnerability
BREACH/CRIME/BEAST SSL attacks
HTML5 ClickJacking and web storage issues
Insecure iFrame (HTML5 sandboxing)
Insecure cryptographic storage
Cross-Origin Resource Sharing (CORS) issues
Cross-domain policy file attacks (Flash/Silverlight)
Local privilege escalations: udev, sendpage
Cookie and password reset poisoning
Host header attacks: password reset poisoning en cache pollutions
PHP CGI remote code execution
Dangerous PHP Eval function
Local and remote buffer overflows (BOF)
phpMyAdmin and SQLiteManager vulnerabilities
Nginx web server vulnerabilities
HTTP response splitting, unvalidated redirects and forwards
WSDL SOAP vulnerabilities
Form-based authentication and No-authentication modes
Active Directory LDAP integration
Fuzzing possibilities
and much more...
HINT: download our bee-box VM > it has ALL necessary extensions
bee-box is compatible with VMware and VirtualBox!
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ :
DOWNLOAD APP :
https://sourceforge.net/projects/bwapp/
ENJOY π¦ππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦A REAL extremely buggy web app 2020 RECOMMENDED BY Undercode :
FEATURES :
SQL, HTML, iFrame, SSI, OS Command, PHP, XML, XPath, LDAP and SMTP injections
Blind SQL injection and Blind OS Command injection
Boolean-based and time-based Blind SQL injections
Drupageddon and Drupalgeddon2 (CVE-2018-7600)
AJAX and Web Services issues (JSON/XML/SOAP)
Heartbleed vulnerability (OpenSSL) + detection script included
Shellshock vulnerability (CGI)
Cross-Site Scripting (XSS) and Cross-Site Tracing (XST)
phpMyAdmin BBCode Tag XSS
Cross-Site Request Forgery (CSRF)
Information disclosures: favicons, version info, custom headers,...
Unrestricted file uploads and backdoor files
Old, backup & unreferenced files
Authentication, authorization and session management issues
Password and CAPTCHA attacks
Insecure DistCC, FTP, NTP, Samba, SNMP, VNC, WebDAV configurations
Arbitrary file access with Samba
Directory traversals and unrestricted file access
Local and remote file inclusions (LFI/RFI)
Server Side Request Forgery (SSRF)
XML External Entity attacks (XXE)
Man-in-the-Middle attacks (HTTP/SMTP)
HTTP parameter pollution and HTTP verb tampering
Denial-of-Service (DoS) attacks: Slow Post, SSL-Exhaustion, XML Bomb,...
POODLE vulnerability
BREACH/CRIME/BEAST SSL attacks
HTML5 ClickJacking and web storage issues
Insecure iFrame (HTML5 sandboxing)
Insecure cryptographic storage
Cross-Origin Resource Sharing (CORS) issues
Cross-domain policy file attacks (Flash/Silverlight)
Local privilege escalations: udev, sendpage
Cookie and password reset poisoning
Host header attacks: password reset poisoning en cache pollutions
PHP CGI remote code execution
Dangerous PHP Eval function
Local and remote buffer overflows (BOF)
phpMyAdmin and SQLiteManager vulnerabilities
Nginx web server vulnerabilities
HTTP response splitting, unvalidated redirects and forwards
WSDL SOAP vulnerabilities
Form-based authentication and No-authentication modes
Active Directory LDAP integration
Fuzzing possibilities
and much more...
HINT: download our bee-box VM > it has ALL necessary extensions
bee-box is compatible with VMware and VirtualBox!
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ :
DOWNLOAD APP :
https://sourceforge.net/projects/bwapp/
ENJOY π¦ππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
SourceForge
bWAPP
Download bWAPP for free. an extremely buggy web app ! bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Website #Summary attack defense solution by Undercode
1οΈβ£Static Page :
Due to the slow opening speed of dynamic pages, a large amount of data needs to be frequently called from the database. For a cc attacker, even a few broilers can consume all the website resources, so dynamic pages are vulnerable to cc attacks. Normally, the static page is only a few tens of kb, while the dynamic page may need to be called from the tens of megabytes database, so the consumption situation is very obvious. For the forum, often need a good server to run stably, because the forum is very It is difficult to be purely static.
2οΈβ£Hide server ip
Using CDN acceleration can hide the real ip of the server , resulting in the attacker not being able to attack the real ip, but this can only prevent some of the more attackers unless you really hide the ip.
3οΈβ£Prohibit proxy access
As mentioned earlier, the attacker attacks through a large number of proxies. Setting up to prohibit proxy access or limit the number of proxy connections can also play a certain role in protection.
4οΈβ£Shield attack ip
Thousands of tcp connections usually appear on the server when being attacked by cc. Open cmd and enter netstat -an. If a large number of external IPs appear, you will be attacked. At this time, you can use protective software to block the attack ip or manually block. This method is often used. passive.
5οΈβ£Use protection software
Personally think that the use of protective software is the smallest, and can only stop small attacks. Many software claim to be able to effectively identify attack methods to intercept. also for theme,and hostfile...
ENJOY π¦ππ»
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Website #Summary attack defense solution by Undercode
1οΈβ£Static Page :
Due to the slow opening speed of dynamic pages, a large amount of data needs to be frequently called from the database. For a cc attacker, even a few broilers can consume all the website resources, so dynamic pages are vulnerable to cc attacks. Normally, the static page is only a few tens of kb, while the dynamic page may need to be called from the tens of megabytes database, so the consumption situation is very obvious. For the forum, often need a good server to run stably, because the forum is very It is difficult to be purely static.
2οΈβ£Hide server ip
Using CDN acceleration can hide the real ip of the server , resulting in the attacker not being able to attack the real ip, but this can only prevent some of the more attackers unless you really hide the ip.
3οΈβ£Prohibit proxy access
As mentioned earlier, the attacker attacks through a large number of proxies. Setting up to prohibit proxy access or limit the number of proxy connections can also play a certain role in protection.
4οΈβ£Shield attack ip
Thousands of tcp connections usually appear on the server when being attacked by cc. Open cmd and enter netstat -an. If a large number of external IPs appear, you will be attacked. At this time, you can use protective software to block the attack ip or manually block. This method is often used. passive.
5οΈβ£Use protection software
Personally think that the use of protective software is the smallest, and can only stop small attacks. Many software claim to be able to effectively identify attack methods to intercept. also for theme,and hostfile...
ENJOY π¦ππ»
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ vulnerability names :
1οΈβ£Violence Library
this loophole now rarely met, but there are many sites have this vulnerability could use, violence Library is submitted character to get the database file address, we have been able to download the database file location, it took the equivalent of the most important sites The database contains all the information of the website and of course the data of all users!
2οΈβ£Injection Vulnerability
This vulnerability is the SQL injection vulnerability mentioned earlier. It is the most widely used and highly lethal vulnerability.
3οΈβ£Side note: When
we invade a site, it may be impeccably consolidated. We can find the site with the same server as this site, and then invade the site, using privilege escalation, sniffing and other methods to invade the site we want to invade. For example, if you and I are in a building, my house is very safe, but your house is full of loopholes. Now a thief wants to invade my house. He monitored my house (that is, scanned) and found that there is nothing Use the thing, then this thief finds that your house and my house are in one building, and your house is easy to enter. He can enter your house first, and then get the key of the whole building (server authority) through your house, so naturally get my With the key, you can enter my home (website).
ENJOY π¦ππ»
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ vulnerability names :
1οΈβ£Violence Library
this loophole now rarely met, but there are many sites have this vulnerability could use, violence Library is submitted character to get the database file address, we have been able to download the database file location, it took the equivalent of the most important sites The database contains all the information of the website and of course the data of all users!
2οΈβ£Injection Vulnerability
This vulnerability is the SQL injection vulnerability mentioned earlier. It is the most widely used and highly lethal vulnerability.
3οΈβ£Side note: When
we invade a site, it may be impeccably consolidated. We can find the site with the same server as this site, and then invade the site, using privilege escalation, sniffing and other methods to invade the site we want to invade. For example, if you and I are in a building, my house is very safe, but your house is full of loopholes. Now a thief wants to invade my house. He monitored my house (that is, scanned) and found that there is nothing Use the thing, then this thief finds that your house and my house are in one building, and your house is easy to enter. He can enter your house first, and then get the key of the whole building (server authority) through your house, so naturally get my With the key, you can enter my home (website).
ENJOY π¦ππ»
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦DIFFERENCE BETWEEN INTRANET & EXTRANET :
> Intranet
Generally speaking, local area networks, such as Internet cafes, campus networks, and corporate intranets, all fall into this category. If the IP address is within the following three ranges, it means that we are in the internal network: 10.0.0.0β10.255.255.255, 172.16.0.0β172.31.255.255, 192.168.0.0β192.168.255.255.
> Extranet
Direct connection to the Internet (Internet) allows any computer to access each other, and the external network needs to be connected to broadband to achieve.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦DIFFERENCE BETWEEN INTRANET & EXTRANET :
> Intranet
Generally speaking, local area networks, such as Internet cafes, campus networks, and corporate intranets, all fall into this category. If the IP address is within the following three ranges, it means that we are in the internal network: 10.0.0.0β10.255.255.255, 172.16.0.0β172.31.255.255, 192.168.0.0β192.168.255.255.
> Extranet
Direct connection to the Internet (Internet) allows any computer to access each other, and the external network needs to be connected to broadband to achieve.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β