β β β Uππ»βΊπ«6π¬πβ β β β
π¦Source Code Analysis & decryption Tools
pyup | Automated Security and Dependency Updates
RIPS | PHP Security Analysis
Retire.js | detecting the use of JavaScript libraries with known vulnerabilities
Snyk | find & fix vulnerabilities in dependencies, supports various languages
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Source Code Analysis & decryption Tools
pyup | Automated Security and Dependency Updates
RIPS | PHP Security Analysis
Retire.js | detecting the use of JavaScript libraries with known vulnerabilities
Snyk | find & fix vulnerabilities in dependencies, supports various languages
β β β Uππ»βΊπ«6π¬πβ β β β
Getsafety
Safety | Software Supply Chain Firewall & Security
Prevent vulnerable and malicious packages from entering your software supply chain with Safety's AI-powered platform. Protection for Python, Java, and JavaScript ecosystems.
Tracking Users_ From Cookies to DeviceFingerprinting.pdf
320.4 KB
Tracking via cookies methode
β β β Uππ»βΊπ«6π¬πβ β β β
π¦DANGEROUS EXPLOIT TOOLS-USE CVE:
LinEnum | Scripted Local Linux Enumeration & Privilege Escalation Checks
CVE-2017-5123 | Linux Kernel 4.14.0-rc4+ - 'waitid()' Local Privilege Escalation
Oracle Privilege Escalation via Deserialization | CVE-2018-3004 Oracle Privilege Escalation via Deserialization
linux-exploit-suggester | The tool is meant to assist the security analyst in his testing for privilege escalation opportunities on Linux machine
BeRoot Project | BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.
yodo: Local Privilege Escalation | yodo proves how easy it is to become root via limited sudo permissions, via dirty COW or using Pa(th)zuzu.
Share usβ€οΈππ»
β GIT SOURCES 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦DANGEROUS EXPLOIT TOOLS-USE CVE:
LinEnum | Scripted Local Linux Enumeration & Privilege Escalation Checks
CVE-2017-5123 | Linux Kernel 4.14.0-rc4+ - 'waitid()' Local Privilege Escalation
Oracle Privilege Escalation via Deserialization | CVE-2018-3004 Oracle Privilege Escalation via Deserialization
linux-exploit-suggester | The tool is meant to assist the security analyst in his testing for privilege escalation opportunities on Linux machine
BeRoot Project | BeRoot Project is a post exploitation tool to check common misconfigurations to find a way to escalate our privilege.
yodo: Local Privilege Escalation | yodo proves how easy it is to become root via limited sudo permissions, via dirty COW or using Pa(th)zuzu.
Share usβ€οΈππ»
β GIT SOURCES 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
Scripted Local Linux Enumeration & Privilege Escalation Checks - rebootuser/LinEnum
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Why Use Password Managers ?
#FastTips
The main rules for the safe use of passwords:
>the password must be complex (i.e. include 4 groups of
>characters - uppercase and lowercase letters, numbers, special
>characters - and not consist of words or a combination of them that can be found in the dictionary)
>you cannot use the same password on different sites and services, because compromising your password, for example, on a poorly protected site / forum, can give an attacker access to your mail, cloud storage, social networks, network folder, etc.
>passwords should not be stored on a computer in text files, as well as in public places (a sticker with a password on a computer is also bad)
>Under these conditions, you need to remember a large number of complex passwords, which is practically impossible. Therefore, many users do not comply with these conditions (which is bad), and those who comply are forced to write passwords, for example, to a text file (if the file is not encrypted, then this is also bad).
π¦A password manager can help in this situation - a program that stores your password in encrypted form. That is, instead of many passwords, you only need to remember one master password.
written by undercode
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Why Use Password Managers ?
#FastTips
The main rules for the safe use of passwords:
>the password must be complex (i.e. include 4 groups of
>characters - uppercase and lowercase letters, numbers, special
>characters - and not consist of words or a combination of them that can be found in the dictionary)
>you cannot use the same password on different sites and services, because compromising your password, for example, on a poorly protected site / forum, can give an attacker access to your mail, cloud storage, social networks, network folder, etc.
>passwords should not be stored on a computer in text files, as well as in public places (a sticker with a password on a computer is also bad)
>Under these conditions, you need to remember a large number of complex passwords, which is practically impossible. Therefore, many users do not comply with these conditions (which is bad), and those who comply are forced to write passwords, for example, to a text file (if the file is not encrypted, then this is also bad).
π¦A password manager can help in this situation - a program that stores your password in encrypted form. That is, instead of many passwords, you only need to remember one master password.
written by undercode
β β β Uππ»βΊπ«6π¬πβ β β β
Google hacking (dorking) tutorial #1.pdf
261.2 KB
The most requested tutorial
Forwarded from UNDERCODE SECURITY
Termux Tutorials by Techncyber.pdf
1.3 MB
Termux command tutorial & tools
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TERMUX Parrot Shell :
Beautify your Termux App
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
> or use Single Command
8οΈβ£apt update && apt install git -y && git clone https://github.com/htr-tech/termux-shell.git && cd termux-shell && chmod +x * && sh install.sh
enjoyβ€οΈππ»
β β β Uππ»βΊπ«6π¬πβ β β β
π¦TERMUX Parrot Shell :
Beautify your Termux App
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£apt updatethat's all
2οΈβ£apt install git -y
3οΈβ£git clone https://github.com/htr-tech/termux-shell.git
4οΈβ£cd termux-shell
5οΈβ£chmod +x *
6οΈβ£bash install.sh
7οΈβ£exit
> or use Single Command
8οΈβ£apt update && apt install git -y && git clone https://github.com/htr-tech/termux-shell.git && cd termux-shell && chmod +x * && sh install.sh
enjoyβ€οΈππ»
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - htr-tech/termux-shell: Beautify your Termux App with this Shell π
Beautify your Termux App with this Shell π. Contribute to htr-tech/termux-shell development by creating an account on GitHub.
Forwarded from UNDERCODE HACKING
Get info from gmail & google .pdf
1.4 MB
β β β Uππ»βΊπ«6π¬πβ β β β
π¦SOME CARDING #TERMS:
1. CC (Credit Card)
2. CCN (Credit Card Number) β Includes the number of the card and expiration date, no name or address.
3. CVV (Credit Verification Value) / (Card Security Code) / CVV2- The number on the back of the card used for verification purposes. 3 digit number for visa/mc and 4 digit for AMEX (American Express) (There is also CVV1 which is a verification number that is written into the magstripe on the back of the card that is read when the card is swiped)
4. SSN (Social Security Number) β one of the details of CC holder , used to bypass security measures
5. MMN (Mothers Maiden Name) β Comes in handy when bypassing security measures on VBV/MCSC. One of your security question.
6. DOB β Date of Birth β Used to bypass some security measures.
7. COB (Change of Billing) β Some stores will only ship large/high priced items if the shipping and billing info match, these can be obtained through some cvv sellers, usually in the form of a βFullsβ
8. Fulls βYou listen many times βFulls/ Fullzβ. It is nothing but CC Details with more info eg. security question answers, SSN, DOB, MMN, etc. which can be usedfor COB, etc.
9. AVS (Address Verification Service) β System that checks the billing address entered against the credit card companyβs records..
10. VBV (Verified by Visa) β Extra verification process initially added by visa, there are different types of authentication used, most notably would be a password, date of birth, social security number, or mothers maiden name.
11. MCSC (MasterCard SecureCode) β MC (MasterCard) adopted this process after VBV came out, basically the same thing but with mastercards.
12. POS (Point of Sale) β Terminal at a physical shop where the card is swiped/read
13. Dump β The information that is written onto the magnetic stripe on the back of the card, the only way to get these is with a skimmer, comes in different βtracksβ which i will not be explaining β a dump would look like
14. Skimmer β A device that is normally attached to an atm where you insert your card, which records your card information (there are other varients, that is the most common)
15. Embosser β A device that βstampsβ the cards to produce the raised lettering
16. Tipper β A device that adds the gold/silver accents to the embossed characters
17. MSR (Magnetic Stripe Reader/Writer) Used in the carding scene for writing dumps (and drivers license, student ID) info to blank cards or giftcards (if you want to use blank white cards, you will need a printer for the card template, embosser/tipper also, which can get costly to buy)
18. BIN (Bank Identification Number) β The first 6 digits of a card number (this will be gone over in more detail later on)
19. Novs (Novelty ID / Fake ID) β Commonly used for signing at drops, store pickups, WU Drops, Bank Drops, etc.
20. VPN (Virtual Private Network ) β This will change your IP to wherever the location is of the VPN server. This is used with a application rather than through your browser as with socks. Watch out as some VPN providers will keep logs. But it leaks our DNS info so it is not safe
21. BTC (Bitcoin) β It is a digital currency. Used for buying anything in digital world. You need it to buy CC, SOCKS, VPN etc. You have to exchange your local currency (INR/Dollar etc) to BTC.
#WIKI SOURCES
β β β Uππ»βΊπ«6π¬πβ β β β
π¦SOME CARDING #TERMS:
1. CC (Credit Card)
2. CCN (Credit Card Number) β Includes the number of the card and expiration date, no name or address.
3. CVV (Credit Verification Value) / (Card Security Code) / CVV2- The number on the back of the card used for verification purposes. 3 digit number for visa/mc and 4 digit for AMEX (American Express) (There is also CVV1 which is a verification number that is written into the magstripe on the back of the card that is read when the card is swiped)
4. SSN (Social Security Number) β one of the details of CC holder , used to bypass security measures
5. MMN (Mothers Maiden Name) β Comes in handy when bypassing security measures on VBV/MCSC. One of your security question.
6. DOB β Date of Birth β Used to bypass some security measures.
7. COB (Change of Billing) β Some stores will only ship large/high priced items if the shipping and billing info match, these can be obtained through some cvv sellers, usually in the form of a βFullsβ
8. Fulls βYou listen many times βFulls/ Fullzβ. It is nothing but CC Details with more info eg. security question answers, SSN, DOB, MMN, etc. which can be usedfor COB, etc.
9. AVS (Address Verification Service) β System that checks the billing address entered against the credit card companyβs records..
10. VBV (Verified by Visa) β Extra verification process initially added by visa, there are different types of authentication used, most notably would be a password, date of birth, social security number, or mothers maiden name.
11. MCSC (MasterCard SecureCode) β MC (MasterCard) adopted this process after VBV came out, basically the same thing but with mastercards.
12. POS (Point of Sale) β Terminal at a physical shop where the card is swiped/read
13. Dump β The information that is written onto the magnetic stripe on the back of the card, the only way to get these is with a skimmer, comes in different βtracksβ which i will not be explaining β a dump would look like
14. Skimmer β A device that is normally attached to an atm where you insert your card, which records your card information (there are other varients, that is the most common)
15. Embosser β A device that βstampsβ the cards to produce the raised lettering
16. Tipper β A device that adds the gold/silver accents to the embossed characters
17. MSR (Magnetic Stripe Reader/Writer) Used in the carding scene for writing dumps (and drivers license, student ID) info to blank cards or giftcards (if you want to use blank white cards, you will need a printer for the card template, embosser/tipper also, which can get costly to buy)
18. BIN (Bank Identification Number) β The first 6 digits of a card number (this will be gone over in more detail later on)
19. Novs (Novelty ID / Fake ID) β Commonly used for signing at drops, store pickups, WU Drops, Bank Drops, etc.
20. VPN (Virtual Private Network ) β This will change your IP to wherever the location is of the VPN server. This is used with a application rather than through your browser as with socks. Watch out as some VPN providers will keep logs. But it leaks our DNS info so it is not safe
21. BTC (Bitcoin) β It is a digital currency. Used for buying anything in digital world. You need it to buy CC, SOCKS, VPN etc. You have to exchange your local currency (INR/Dollar etc) to BTC.
#WIKI SOURCES
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME LINUX TIPS :
1οΈβ£Why does the MAC address change, even if the program is not used for this?
Many modern distributions are configured to constantly change the MAC address. For details on this, as well as how to disable or vice versa enable this function, see the article " How to change MAC-address in Linux, how to enable and disable automatic MAC spoofing (Linux) ".
2οΈβ£How to find out if a Wi-Fi card will be supported for auditing Wi-Fi networks
The easiest option is to choose an adapter from this list: β USB Wi-Fi adapters with support for monitor mode and wireless injection .β
If you want to determine if another adapter that is not included in the list supports monitor mode and wireless injections, then check out β How to determine which Wi-Fi adapter is suitable for Kali Linux β.
3οΈβ£Modern Wi-Fi cards for wireless auditing
Dual-band wireless adapters with support for monitor mode and wireless injection, as well as supporting the AC standard:
>Alfa AWUS1900 (chipset: Realtek RTL8814AU)
>TRENDnet TEW-809UB (chipset: Realtek RTL8814AU)
>ASUS USB-AC68 (chipset: Realtek RTL8814AU)
>Alfa AWUS036ACH (chipset: Realtek RTL8812AU)
>Alfa AWUS036AC (chipset: Realtek RTL8812AU)
>ASUS USB-AC56 (chipset: Realtek RTL8812AU)
Any of these adapters will be relevant for many more years.
written by undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME LINUX TIPS :
1οΈβ£Why does the MAC address change, even if the program is not used for this?
Many modern distributions are configured to constantly change the MAC address. For details on this, as well as how to disable or vice versa enable this function, see the article " How to change MAC-address in Linux, how to enable and disable automatic MAC spoofing (Linux) ".
2οΈβ£How to find out if a Wi-Fi card will be supported for auditing Wi-Fi networks
The easiest option is to choose an adapter from this list: β USB Wi-Fi adapters with support for monitor mode and wireless injection .β
If you want to determine if another adapter that is not included in the list supports monitor mode and wireless injections, then check out β How to determine which Wi-Fi adapter is suitable for Kali Linux β.
3οΈβ£Modern Wi-Fi cards for wireless auditing
Dual-band wireless adapters with support for monitor mode and wireless injection, as well as supporting the AC standard:
>Alfa AWUS1900 (chipset: Realtek RTL8814AU)
>TRENDnet TEW-809UB (chipset: Realtek RTL8814AU)
>ASUS USB-AC68 (chipset: Realtek RTL8814AU)
>Alfa AWUS036ACH (chipset: Realtek RTL8812AU)
>Alfa AWUS036AC (chipset: Realtek RTL8812AU)
>ASUS USB-AC56 (chipset: Realtek RTL8812AU)
Any of these adapters will be relevant for many more years.
written by undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦WEBSITES FOR PRACTICE HACKING 2020 :
1.bWAPP
Free and open source web application security project. It helps security enthusiasts and researchers to discover and prevent web vulnerabilities.
Address: http://www. itsecgames.com/
2.Damn Vulnerable iOS App (DVIA)
DVIA is an iOS security application. Its main goal is to provide a legal platform for mobile security enthusiasts to learn iOS penetration testing skills. The APP covers all common iOS security vulnerabilities. It is free and open source, and vulnerability testing and solutions cover the iOS 10 version.
Address: http:// damnvulnerableiosapp.com /
3.Damn Vulnerable Web Application (DVWA)
Virtual web applications based on php and mysql, "built-in" common web vulnerabilities, such as SQL injection, xss, etc., can be built on their own computers.
Address: http://www. dvwa.co.uk/
4.Game of Hacks
To test your security technology based on the game, each task topic provides a lot of code, which may or may not have security holes!
Address: http://www. gameofhacks.com/
5. Google Gruyere
A low-looking URL, but full of loopholes, is intended to help those who are just beginning to learn application security.
Address: http:// google-gruyere.appspot.com /
6.HackThis!!
Designed to teach you how to crack, dump and alter, as well as hacking skills to protect your website, it offers over 50 different levels of difficulty.
Address: https://www. hackthis.co.uk/
7.Hack This Site
Is a legal and safe website for testing hacking skills, and contains hacking information, articles, forums and tutorials, designed to help you learn hacking techniques.
Address: https://www. hackthissite.org/
8. Hellbound Hackers
Provides a variety of security practice methods and challenges, the purpose is to teach you how to identify attacks and code patch suggestions. Topics include application encryption and cracking, social work and rooting. The community has nearly 100,000 registered members and is one of the largest hacker communities.
Address: https://www. hellboundhackers.org/
9.McAfee HacMe Sites
Various hacking and security testing tools provided by McAfee
Address: http://www. mcafee.com/us/downloads /free-tools/index.aspx
10.Mutillidae
mutillidaemutillidae is a free, open source web application that provides specifically allowed security testing and intrusion web applications. It contains a wealth of penetration testing projects, such as SQL injection, cross-site scripting, clickjacking, local file inclusion, remote code execution, etc.
Address: https:// sourceforge.net/project s/mutillidae/
11.OverTheWire
Game-based hacker website that lets you learn security techniques and concepts
Address: http:// overthewire.org/wargame s/
12.Peruggia
A hacker website that provides safe and legal attacks
Address: https:// sourceforge.net/project s/peruggia/
13.Root Me
A website that improves your hacking skills and cybersecurity knowledge with over 200 hacker challenges and 50 virtual environments
Address: https://www. root-me.org/
14.Try2Hack
One of the oldest hacking websites, providing multiple security challenges.
Address: http://www. try2hack.nl/
15.Vicnum
One of the OWASP projects, a simple framework, for different needs, and to guide security developers to learn security technology based on games.
Address: http:// vicnum.ciphertechs.com/
16.WebGoat
The most popular OWASP project provides a real security teaching environment and guides users to design complex application security issues
Address: http:// webappsecmovies.sourceforge.net /webgoat/
Public number: Security Rhino, officially designated by the CSA Cyber Security Conference from the media.
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦WEBSITES FOR PRACTICE HACKING 2020 :
1.bWAPP
Free and open source web application security project. It helps security enthusiasts and researchers to discover and prevent web vulnerabilities.
Address: http://www. itsecgames.com/
2.Damn Vulnerable iOS App (DVIA)
DVIA is an iOS security application. Its main goal is to provide a legal platform for mobile security enthusiasts to learn iOS penetration testing skills. The APP covers all common iOS security vulnerabilities. It is free and open source, and vulnerability testing and solutions cover the iOS 10 version.
Address: http:// damnvulnerableiosapp.com /
3.Damn Vulnerable Web Application (DVWA)
Virtual web applications based on php and mysql, "built-in" common web vulnerabilities, such as SQL injection, xss, etc., can be built on their own computers.
Address: http://www. dvwa.co.uk/
4.Game of Hacks
To test your security technology based on the game, each task topic provides a lot of code, which may or may not have security holes!
Address: http://www. gameofhacks.com/
5. Google Gruyere
A low-looking URL, but full of loopholes, is intended to help those who are just beginning to learn application security.
Address: http:// google-gruyere.appspot.com /
6.HackThis!!
Designed to teach you how to crack, dump and alter, as well as hacking skills to protect your website, it offers over 50 different levels of difficulty.
Address: https://www. hackthis.co.uk/
7.Hack This Site
Is a legal and safe website for testing hacking skills, and contains hacking information, articles, forums and tutorials, designed to help you learn hacking techniques.
Address: https://www. hackthissite.org/
8. Hellbound Hackers
Provides a variety of security practice methods and challenges, the purpose is to teach you how to identify attacks and code patch suggestions. Topics include application encryption and cracking, social work and rooting. The community has nearly 100,000 registered members and is one of the largest hacker communities.
Address: https://www. hellboundhackers.org/
9.McAfee HacMe Sites
Various hacking and security testing tools provided by McAfee
Address: http://www. mcafee.com/us/downloads /free-tools/index.aspx
10.Mutillidae
mutillidaemutillidae is a free, open source web application that provides specifically allowed security testing and intrusion web applications. It contains a wealth of penetration testing projects, such as SQL injection, cross-site scripting, clickjacking, local file inclusion, remote code execution, etc.
Address: https:// sourceforge.net/project s/mutillidae/
11.OverTheWire
Game-based hacker website that lets you learn security techniques and concepts
Address: http:// overthewire.org/wargame s/
12.Peruggia
A hacker website that provides safe and legal attacks
Address: https:// sourceforge.net/project s/peruggia/
13.Root Me
A website that improves your hacking skills and cybersecurity knowledge with over 200 hacker challenges and 50 virtual environments
Address: https://www. root-me.org/
14.Try2Hack
One of the oldest hacking websites, providing multiple security challenges.
Address: http://www. try2hack.nl/
15.Vicnum
One of the OWASP projects, a simple framework, for different needs, and to guide security developers to learn security technology based on games.
Address: http:// vicnum.ciphertechs.com/
16.WebGoat
The most popular OWASP project provides a real security teaching environment and guides users to design complex application security issues
Address: http:// webappsecmovies.sourceforge.net /webgoat/
Public number: Security Rhino, officially designated by the CSA Cyber Security Conference from the media.
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β