🦑Facebook Ads Mastery
https://mega.nz/folder/xU4VWbiL#YmluelvnaSNRPt8SiMrfGw

Google AdWords Mastery
https://mega.nz/#F!fcdwAKrJ!b1y5bqP-wHHN6VsEiIAFSw

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Nine practical methods to break through IDS intrusion detection system

The first trick: "/./" string insertion method

In view of the special role of "./", we can insert it into the URL to achieve URL transformation. For example, for /msadc/msadcs.dll, we can rewrite it as /././msadc/././msadcs.dll, /./msadc/.//./msadcs.dll and other forms to disrupt IDS The identification mark analysis engine realizes the purpose of deceiving IDS. Moreover, the URL after the rewrite is equivalent to the unmodified URL. The author has shown through experiments that this method can bypass IDS such as Snort.

The second trick: "00" ASCII code

Some time ago, the Internet upload vulnerability was used to exploit this feature, and everyone must be familiar with it. Its principle is that when the computer processes the string, it automatically truncates at the ASCII code 00. We can rewrite /msadc/msadcs.dll to /msadc/msadcs.dll Iloveheikefangxian, use Winhex to change the space between .dll and Ilove to the ASCII code of 00, save it, and submit it with NC and pipe. In this way, in the view of some IDS, the /msadc/msadcs.dll Iloveheikefangxian is not the same as the string of attack intent specified in its rule set file, so it will be indifferent to the behavior of the attacker. Look! How extensive is the application of the principle of "automatically truncating at ASCII code 00 when the computer processes a string"! From a philosophical point of view, things are related to each other. We should think more and dig out the internal laws, so There will be new discoveries.

The third trick: use the path separator "\"

For web servers like Microsoft's IIS, "\" can also be used as a path separator like "/". Some IDS did not consider the non-standard path separator "\" when setting the rule set file. If we rewrite /msadc/msadcs.dll to \msadc\ msadcs.dll, we can escape snort, because there is no identification mark of \msadc\ msadcs.dll in the snort rule set file. It is worth mentioning that the path separator "\" also has a magical effect, which is the "%5c" violent library method mentioned in the "Hacker Line of Defense" some time ago. "%5c" is the hexadecimal representation of "\".

Fourth trick: hexadecimal encoding

For a character, we can use the escape symbol "%" plus its hexadecimal ASCII code to represent it. For example, the first character "/" in /msadc/msadcs.dll can be expressed as %2F, and the following characters can be expressed by their corresponding hexadecimal ASCII code combined with "%". The URL encoded by this method It is no longer what it was before, and there may be no encoded string in the IDS rule set file, so IDS can be bypassed. But this method is invalid for IDS that uses HTTP preprocessing technology.

The fifth trick. Illegal Unicode encoding

UTF-8 encoding allows the character set to contain more than 256 characters, so it also allows more than 8 bits of encoding. The hexadecimal ASCII code of the "/" character is 2F, and the binary number is 00101111. The standard method for representing 2F in UTF-8 format is still 2F, but multi-byte UTF-8 can also be used to represent 2F. The character "/" can be represented by single-byte, double-byte, and three-byte UTF-8 encoding as shown in the following table:

"/" character representation binary hexadecimal

Single byte 0xxxxxxx 00101111 2F

Double byte 110xxxxx 10xxxxxx 11000000 10101111 C0 AF

Three bytes 1110xxxx 10xxxxxx 10xxxxxx 11100000 10000000 10101111 E0 80 AF

According to this method, we can encode the entire string accordingly. Although the resources that the encoded URLs ultimately point to are all the same, their expressions are different, and the filter string may not exist in the IDS rule set file, thus achieving the goal of breaking IDS.

Sixth trick: redundant coding method

The redundant coding is also called double decoding. I still remember that the Unicode decoding vulnerabilities and the double decoding vulnerabilities of IIS in 2000-2001 were making a lot of noise. At that time, many friends were confused and thought that the Unicode decoding vulnerabilities were double decoding vulnerabilities. In fact, the two of them are two different things. The author of the former has been mentioned above. Is described in "Illegal Unicode Encoding". The redundant encoding refers to encoding a character multiple times. For example, the "/" character can be represented by %2f, and the "%", "2", and "f" characters in "%2f" can be represented by its ASCII code hexadecimal. According to the mathematical According to the knowledge of permutation and combination, the encoding form is 2 to the 3rd power, so "%2f" can be rewritten as: "%25%32%66", "%252f" and so on to realize the polymorphism of URL. After encoding, The string may not be collected in the IDS rule set file, which can fool some IDS.

Seventh trick. Add false paths

After adding the string "../" to the URL, the directory after the string has no meaning and becomes invalid. Therefore, using the "../" character string can disrupt the identification mark analysis engine and break through the IDS!

Eighth trick: insert multiple slashes

We can use multiple "/" instead of a single "/". The replaced URL will still work as before. For example, the request for /msadc/msadcs.dll can be changed to ////msadc////msadcs.dll. After the author has experimented, this method can bypass some IDS.

Ninth trick: Comprehensive polymorphic coding

Smart, you will know when you read this subtitle. The so-called synthesis is to combine the several polymorphic coding techniques introduced above. In this way, the effect will be better.

> I hope this turirial will learn from you.

written By Undercode
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Nine practical methods to break through IDS intrusion detection system

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Termux-Linux Topic 2020 :
WireSpy enables the automation of various WiFi attacks to conduct Man-In-The-Middle-Attacks (MITMAs).

> WireSpy allows attackers to set up quick honeypots to carry out MITMAs. Monitoring and logging functionality is implemented in order to keep records of the victims' traffic/activities. Other tools can be used together with Wirespy to conduct more advanced attacks.

> Two type of attacks are supported at the moment:

1-Evil twin: Force victims to auto-connect to the honeypot by spoofing a "trusted" hotspot (clone an existing access point and de-authenticate its users to force them to transparently connect to the spoofed honeypot).

2-Honeypot: Set up a simple rogue hotspot and wait for clients to connect.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/aress31/wirespy.git

2️⃣cd wirespy

3️⃣$ chmod +x wirespy.sh

4️⃣$ sudo ./wirespy.sh

5️⃣commands :
Attacks:
eviltwin > launch an evil twin attack
honeypot > launch a rogue access point attack

Commands:
clear > clear the terminal
help > list available commands
quit|exit > exit the program
apscan > show all wireless access points nearby
leases > display DHCP leases
powerup > power wireless interface up (may cause issues)
start capture > start packet capture (tcpdump)
stop capture > stop packet capture (tcpdump)
status > show modules status

🦑Features :

>Capture victims' traffic.
>MAC address spoofing.
>Set-up honeypot and evil twin attacks.
>Show the list of in range access points.
>Wireless adapter|card|dongle power amplification.

ENJOY❤️👍🏻
✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A security breach exposed more than 1 million DNA data in the genealogical database GEDmatch
#News

> According to the foreign media BuzzFeed News, on July 19, genealogist lovers who used the GEDmatch website to upload DNA information and find relatives to fill in their genealogy received an unpleasant news. Suddenly, more than 1 million pieces of DNA data that had been hidden were used by the police to find data that partially matched the DNA at the crime scene for the police to search.

> This news undermined the efforts of Verogen, the forensic genetics company that acquired GEDmatch in December, convinced users that it would protect their privacy while pursuing a business based on the use of genetic genealogy to help solve violent crimes.

> The second alert occurred on July 21, when MyHeritage, an Israeli-based genealogy website, announced that some of its users were under phishing attacks to obtain their login information on the site-apparently against the electronic data obtained when GEDmatch was attacked two days ago. Mail address.

> In a statement sent to BuzzFeed News via email and posted on Facebook, Verogen explained that the GEDmatch information that should have been hidden by law enforcement agencies was suddenly uncovered, which is "complicating one of our servers through existing user accounts." Planned for the attack".

"Due to this vulnerability, the permissions of all users were reset, allowing all users to see all files. This situation lasted for about three hours," the statement said. "During this period, users who did not choose to participate in law enforcement matching can perform law enforcement matching. On the contrary, all law enforcement files will be visible to GEDmatch users."

#News
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WeChat domain name anti-blocking technology WeChat domain name is always blocked and intercepted how to solve

#solutions
1) Reports by users and peers

This type of situation occurs most frequently, especially malicious reports made by peers. There is a team dedicated to reporting this section. Through a large number of reports on WeChat, the domain name was blocked.

Solution: Block the report button

If the report button is blocked through technical means, they will have no way to report. We have implemented this solution on WeChat/QQ. After comprehensive testing, customer feedback is still good!

2) There are induced sharing, compulsory attention, etc.

The blocking in this situation is also relatively high, because every link is published on WeChat, WeChat will have a crawler to grab the information of the current webpage. The webpage will be blocked if the above situation occurs.

Solution: detection interface + domain name rotation system

Configure your website, use multiple sets of domain names one and two. For example, if the shared domain name is number one, the number one is called the primary domain name. After clicking it, jump to number two. Before jumping, check if number two has been blocked. The number two inside is called the landing domain name. Usually, the second domain name of whereabouts needs to be prepared a little bit more, the detection interface is always automatically queried, and it is changed if it is sealed. Bulk wholesale domain names don’t cost much.

3) Third, the content on the page violates regulations or induces inTerception caused by being reported

This category means that your product belongs to the HS industry, and this category is also more sensitive in WeChat.

Solution: Jump system

The user clicks on the No. 1 page in WeChat and immediately automatically opens the mobile browser and jumps to your default page. In fact, it is very common for a domain name to be blocked. After all, WeChat is only software and cannot be so smart. There are often many misjudgments. After testing, there are still many ways to prevent domain names from being blocked. Many industries use anti-block codes to be stable for a long time.

4) Four, Tencent and other regular inspections

As mentioned above, when each link is published on WeChat, Tencent will have web page information crawled by a crawler. Some links with relatively large traffic are usually repeatedly crawled by Tencent, because the frequency is too high to lead to the domain name link Blocked.

Solution: Block detection

In layman's terms, we found that Tencent's IP had come in, so we filtered it out and led him to another place, where we showed them normal content. This workload is also very huge, because Tencent's computer rooms are widely distributed.

Well, the above are some anti-sealing strategies and methods organized here.

Here are a few protection platforms for everyone to choose from, because our two levels of advertising are too big, and we have also found many anti-seal and anti-red on the Internet. These are all cooperative,

>Booker Anti-Red Short URL

>Paparazzi domain name anti-blocking

> Jingyun Anti-Red Short Link

> Pegasus Red

ENJOY❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 Updates
> NodeXP is an intergrated tool, written in Python 2.7, capable of detecting possible vulnerabilities on Node.js services as well as exploiting them in an automated way, based on S(erver)S(ide)J(avascript)I(njection) attack!


🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣Download NodeXP by cloning the Git repository:

> git clone https://github.com/esmog/nodexp

2️⃣To get a list of all options run:

>python2.7 nodexp -h

3️⃣Examples for POST and GET cases accordingly:

> python2.7 nodexp.py --url="http://nodegoat.herokuapp.com/contributions" --pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"
python2.7 nodexp.py --url="http://nodegoat.herokuapp.com/contributions" --pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" --tech=blind

> python2.7 nodexp.py --url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"
python2.7 nodexp.py --url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" --tech=blind

4️⃣Setting up and Use Testbeds
In order get familiar with NodeXP you might need to set the Node.js testing services provided (/testbeds) and start using the tool. A local machine running Node.js server will be necessary.

5️⃣Firstly, you should install 'body-parser' and 'express' packages, in the GET and POST directories.

6️⃣Go to 'testbeds/GET' directory on your local machine and paste the command below in terminal:

npm install express --save
Go to 'testbeds/POST' directory and paste the commands below in terminal:

> npm install body-parser --save

> nmp install express --save

> After the correct installment of the packages you could run each service by running the command 'node' and the desirable js file (ex. node eval.js).

7️⃣After you server is up and running, you are ready to run NodeXP and test it upon those services!

Example for GET case shown below:

> python2.7 nodexp.py --url=http://localiprunningnodejsserver:3001/?name=[INJECT_HERE]

8️⃣Example for POST case shown below:

python2.7 nodexp.py --url=http://localiprunningnodejsserver:3001/post.js --pdata=username=[INJECT_HERE]

enjoy❤️👍🏻
✅git 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

ACTIVATE ANY WINDOWS/OFFICE OFFICIAL NEW 2020 UPDATE

> TURN OF ANTI-VIRUS & RUN
> safe 100%

12345 Password

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Google AdSense allows modification of Western Union’s phonetic name
#FastTips

The modification steps are very simple:

1) Log in to your AdSense account and click on the link to my account.

2) Click the edit link next to the payment details.

3) Select Set up Western Union Quick Cash, and then click Continue.

4) Then you will see the page to modify the pinyin name: you only need to fill in the pinyin of your name in the corresponding box, the case of the pinyin has no effect, but do not add spaces between the names.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PROGRAMMING 2020 —19,4 GB— :

https://mega.nz/folder/FzQRgCDb#BBa50R1bHBi-zFbyljkJzg

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑virus prevention for any Linux platform :


(1) Do a good job in system reinforcement.

(2) Pay attention to security announcements and correct loopholes in time.

(3) Do not use root privileges for daily operations.

(4) Don't just install various device drivers from unknown sources.

(5) Do not run some executable programs or scripts of unknown origin on important servers.

(6) Install anti-virus software as much as possible, and regularly upgrade the virus code base.

(7) For Linux servers connected to the Internet, Linux viruses should be checked regularly. Whether worms and Trojan horses exist.

(8) For Linux servers that provide file services, it is best to deploy a software that can check and kill Windows and Linux viruses at the same time.

(9) For Linux servers that provide mail services, it is best to use an E-mail virus scanner.

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

1 K New NordVpn ✅

https://pastebin.com/raw/PGgaY027

send sc @Undercode_Bot

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑445 port intrusion reason detailed analysis :
#fASTtIPS

In Windows NT 4.0, a challenge response protocol is used to establish a session with a remote machine. The successful session will become a secure tunnel through which the two parties can exchange information. The general sequence of this process is as follows:

1) The session requester (client) transmits a data packet to the session receiver (server) to request the establishment of a secure tunnel;

2) The server generates a random 64-digit number (implementation challenge) and sends it back to the client;

3) The client obtains the 64-digit number generated by the server, disrupts it with the password of the account trying to establish the session, and returns the result to the server (response);

4) After the server accepts the response, it sends it to the local security authentication (LSA). The LSA verifies the response by using the user's correct password to confirm the identity of the requester. If the account of the requester is a local account of the server, the verification occurs locally; if the account requested is a domain account, the response is sent to the domain controller for verification. When the response to the challenge is verified as correct, an access token is generated and then sent to the client. The client uses this access token to connect to the resource on the server until the proposed session is terminated.

WRITTEN BY UNDERCODE
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁