Scripting Metasploit to exploit a group of hosts / servers ...

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to install secure, robust Mosquitto MQTT broker on AWS Ubuntu ?

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :


1) Install Mosquitto
Log into the AWS Ubuntu Instance.

1️⃣$ sudo apt-get update

> Install iboth the mosquitto broker and the publish / subscribe clients.

2️⃣$ sudo apt-get install mosquitto mosquitto-clients
Example for subscribe:

3️⃣$ mosquittosub -h localhost -t mychanel
Example for publish:

4️⃣$ mosquittopub -h localhost -t mychanel "Hello World"


2) Enable Remote Access

5️⃣To publish or subscribe using this broker from a remote machine, we need first open port 1883 in the security group setting. Using the AWS console, go to the security group and open port 1883 to everyone.

The default config file may permit connections from localhost only. The default conf file is can be opened

6️⃣$ sudo vim /etc/mosquitto/conf.d/default.conf
The file should contain line following enable remote usage

listener 1883
Note that this port is currently unsecured, so if you don’t want to permit remote access:

listener 1883 localhost
Everytime you edit the conf file, you will have to restart the service for the settings to take effect.

$ sudo systemctl restart mosquitto

3) Robust MQTT
If MQTT broker crashed sometimes, disabling the real time communication. So we added a script that checked the state of the process and restarted Mosquitto in case it was down.

7️⃣if "ps -aux | grep /usr/sbin/mosquitto | wc -l" == "1"

then

echo "mosquitto wasnt running so attempting restart" >> /home/ubuntu/cron.log

systemctl restart mosquitto

exit 0

fi

echo "$SERVICE is currently running" >> /home/ubuntu/cron.log

exit 0

8️⃣This can script can be saved in a file say ‘mosquittorestart.sh’.

This file needs to be made an executable and then put in a cron job that runs every 5 minutes. The cron should be set as root.


9️⃣$ chmod +x mosquittorestart.sh

🔟$ sudo -i

1️⃣1️⃣$ crontab -e
Add the following statement

 * * * * /home/ubuntu/mosquitto_restart.sh

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Complete Conf file for reference It uses password protection, runs a MQTT on port 1883, for ubuntu-kali-

> MQTTS on port 1884, websockets on port 3033, and WSS on port 8083. Do not forget the open these ports in the security group.

allowanonymous false

passwordfile /etc/mosquitto/passwd

listener 1883

listener 1884

certfile /etc/letsencrypt/live/mqtt.example.io/cert.pem

cafile /etc/letsencrypt/live/mqtt.example.io/chain.pem

keyfile /etc/letsencrypt/live/mqtt.example.io/privkey.pem

listener 3033

protocol websockets

listener 8083

protocol websockets

certfile /etc/letsencrypt/live/mqtt.example.io/cert.pem

cafile /etc/letsencrypt/live/mqtt.example.io/chain.pem

keyfile /etc/letsencrypt/live/mqtt.example.io/privkey.pem


enjoy❤️👍🏻
wiki source
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What are all termux addons ?
#ForBeginers

<> Addons
Some extra features available. You can add them by installing addons:

1) Termux:API – Access Android and Chrome hardware features.

2) Termux:Boot – Run script(s) when your device boots.

3) Termux:Float – Run in a floating window.

4) Termux:Styling – Have color schemes and powerline-ready fonts customize the appearance of the terminal.

5) Termux:Task – An easy way to call Termux executables from Tasker and compatible apps.

6) Termux:Widget – Start small scriptlets from the home screen.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Extracting the payload from a pcap file using Python so helpful
- enjoy :)

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Many Hackers asking what is difference between termux & Cmd or terminal apk on android & termux so popular
#ForBeginers

> forget about python and scripting let's take a look to termux features not avaible for Terminal apk app :))

1) Secure. Access remote servers using the ssh client from OpenSSH. Termux combines standard packages with accurate terminal emulation in a beautiful open source solution.

2) Feature packed. Take your pick between Bash, fish or Zsh and nano, Emacs or Vim. Grep through your SMS inbox.

3) Access API endpoints with curl and use rsync to store backups of your contact list on a remote server.

4) Customizable. Install what you want through the APT package management system known from Debian and Ubuntu GNU/Linux. Why not start with installing Git and syncing your dotfiles?

5) Explorable. Have you ever sat on a bus and wondered exactly which arguments tar accepts? Packages available in Termux are the same as those on Mac and Linux – install man pages on your phone and read them in one session while experimenting with them in another.

6) With batteries included. Can you imagine a more powerful yet elegant pocket calculator than a readline-powered Python console? Up-to-date versions of Perl, Python, Ruby and Node.js are all available.

7) Ready to scale up. Connect a Bluetooth keyboard and hook up your device to an external display if you need to – It supports keyboard shortcuts and has full mouse support.

8) Tinkerable. Develop by compiling C files with Clang and build your own projects with CMake and pkg-config. Both GDB and strace are available if you get stuck and need to debug.


enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
—termux features
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Protocols names & functions :)

1) Transmission Control Protocol (TCP): TCP is a popular communication protocol which is used for communicating over a network. It divides any message into series of packets that are sent from source to destination and there it gets reassembled at the destination.

2) Internet Protocol (IP): IP is designed explicitly as addressing protocol. It is mostly used with TCP. The IP addresses in packets help in routing them through different nodes in a network until it reaches the destination system. TCP/IP is the most popular protocol connecting the networks.

3) User Datagram Protocol (UDP): UDP is a substitute communication protocol to Transmission Control Protocol implemented primarily for creating loss-tolerating and low-latency linking between different applications.

4) Post office Protocol (POP): POP3 is designed for receiving incoming E-mails.

5) Simple mail transport Protocol (SMTP): SMTP is designed to send and distribute outgoing E-Mail.

6) File Transfer Protocol (FTP): FTP allows users to transfer files from one machine to another. Types of files may include program files, multimedia files, text files, and documents, etc.

7) Hyper Text Transfer Protocol (HTTP): HTTP is designed for transferring a hypertext among two or more systems. HTML tags are used for creating links. These links may be in any form like text or images. HTTP is designed on Client-server principles which allow a client system for establishing a connection with the server machine for making a request. The server acknowledges the request initiated by the client and responds accordingly.

8) Hyper Text Transfer Protocol Secure (HTTPS): HTTPS is abbreviated as Hyper Text Transfer Protocol Secure is a standard protocol to secure the communication among two computers one using the browser and other fetching data from web server. HTTP is used for transferring data between the client browser (request) and the web server (response) in the hypertext format, same in case of HTTPS except that the transferring of data is done in an encrypted format. So it can be said that https thwart hackers from interpretation or modification of data throughout the transfer of packets.

9) Telnet: Telnet is a set of rules designed for connecting one system with another. The connecting process here is termed as remote login. The system which requests for connection is the local computer, and the system which accepts the connection is the remote computer.

10) Gopher: Gopher is a collection of rules implemented for searching, retrieving as well as displaying documents from isolated sites. Gopher also works on the client/server principle.

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
(powered by wiki)\
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 Web Development Bootcamp full course —18 Gb—
- 4,7rating stars
-price $139.99


https://mega.nz/folder/Zq5miKQI#rdXFJRvgAAHvBLbe0EBPeQ

enjoy

🦑Follow Undercode Testing on :

> Twitter
> Twitter

> instagram

> Facebook

> Pinterest

> Linkedln

> Youtube

> Telegram

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑EU sanctions China, North Korea and Russia for the first time on the grounds of cyber attacks :
#News

> On Thursday, the European Union announced that it would impose sanctions on six individuals and three entities from Russia and China who carried out or participated in various so-called "cyber attacks." In addition, the European Union also stated that it has locked a special technical department of Russian military intelligence, namely The General Staff of the Armed Forces of the Russian Federation GRU.

> The three organizations subject to sanctions are Russia’s GRU, North Korea’s Chosun Expo, and China’s Haitai Technology Development Co., Ltd.

This is the first EU sanctions related to cyber attacks. Sanctions include imposing travel bans, freezing assets, and prohibiting EU personnel and entities from providing funds to sanctioned targets.

In fact, the EU has imposed sanctions on China because of "China's treatment of Hong Kong" before, in order to move closer to the Trump administration's relatively tough stance on China.

> And Borelli, the EU’s high representative for foreign and security policy, once voiced that the US increasingly uses sanctions against European companies or threats with sanctions will harm European interests. "The EU opposes sanctions imposed by third countries on the legal operations of European companies. This kind of'extraterritorial sanctions' violates international law." But obviously, after only half a month, the EU has also chosen cyber sanctions.


#News
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ABOUT 500 TERMUX TOOLS #FASTINSTALL :


1️⃣How to install Metasploit in Termux?
open your Termux app and type the following commands one by one and wait for each command to get finished.

pkg update && pkg upgrade -y

pkg install unstable-repo

pkg install metasploit

2️⃣How to install Nmap in Termux?
Open your Termux app and type the following commands:

pkg update && pkg upgrade -y

pkg install curl

pkg install nmap

3️⃣How to install SQLMAP in Termux
Open your Termux and type the following commands one by one in order to install SQLMAP.

pkg update && pkg upgrade -y

apt install python python2

pkg install git

git clone https://github.com/sqlmapproject/sqlmap

cd sqlmap

chmod +x sqlmap.py

python2 sqlmap.py

4️⃣How to install Social Engineering Toolkit in Termux
pkg update && pkg upgrade -y

apt install curl -y

curl -LO https://raw.githubusercontent.com/Hax4us/setoolkit/master/setoolkit.sh

sh setoolkit.sh

After finishing the above process type the following command

cd setoolkit

./setup.py install

./setoolkit

5️⃣How to install Nikto in Termux
Open your Termux and type the following commands one by one:

apt update && apt upgrade

pkg install git

pkg install perl

git clone https://github.com/sullo/nikto.git

cd nikto

cd program

6️⃣How to install Tool-X in Termux
Open your Termux and type the following command one by one

pkg update && pkg upgrade -y

pkg install git

git clone https://github.com/Rajkumrdusad/Tool-X.git

cd Tool-X

chmod +x install.aex

sh install.aex

./install.aex

(MORE THAN 300 TOOL)

7️⃣How to install Fsociety Toolkit in Termux
Open your Termux and type the below commands one by one in order to install Fsociety Toolkit.

pkg update && pkg upgrade

pkg install git

pkg install python2

git clone https://github.com/Manisso/fsociety.git

cd fsociety

chmod +x install.sh

That's it Fsociety is installed in your Termux. You can simply go to the society directory and type the following command to run the tool

8️⃣How to install Hydra in Termux
The installation of Hydra in Termux is very simple. Just open your Termux and type the following commands

pkg update && pkg upgrade -y

pkg install hydra

That's it Hydra has been installed in your Termux.

To see the usage of Hydra simply type the following command:

hydra -h

The above command will guide you to how to use Hydra in Termux

9️⃣How to install Slowloris
Open your Termux and type the following commands one by one

pkg update && pkg upgrade -y

pkg install python

pkg install slowloris

Hence the slowloris is installed in your Termux. Now simply type the below command to see how to use slowloris.

slowloris

🦑ABOUT 500 TERMUX TOOLS


ENJOY❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SOME VERIFIED BINS :

> Bin Spotify

Bin: 43476953xxxxxxxx

Date/CCV: Random

Zip Code: 10080

IP: USA

> BIN SHUDDER 1 MONTH

BIN: 5392249xxxxxxxxx
IP: USA 🇺🇸 10080
PROMO CODE: SHUTIN

> Bin google ads
536517xxxxxxxxxx
IP: BRAZIL

>Bin For WWE Network Premium

BIN: 52187011xxxxxxxx
IP: USA 🇺🇸 NY STREET 1xx
10080
LINK: https://www.wwe.com/wwenetwork

> Bin NameCheap vpn
650159xxxxxxxxxx
Ip USA
10080



🦑Those bin Only veriified by Us & not created

> use for learn

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

2020 Practical Ethical Hacking - The Complete Course 11.95 GB
#REQUESTED #REPOSTED

https://www.udemy.com/course/practical-ethical-hacking/

https://mega.nz/folder/XAhmyIBY#z2RJ40zWY3K4N9_ibjG6Uw

Decrypting TLS Browser Traffic With Wireshark – The Easy Way! #tutorial

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SOME UDEMY PACK- HIGH RATING -2020 -
1️⃣Carding Vids

https://mega.nz/folder/03IHyIYa#eWDB-A42w_Qgi7b3u9FMyg

2️⃣2020 CCNA Data Center DCICN 200-150 & DCICT 200-155

https://mega.nz/folder/V25AlQwC#UnAZ5lhW8eit1L9hCjSa0Q

3️⃣Curso Hacking

https://mega.nz/folder/x3Y3hILb#uIIyryhrMF5bUEGQKc9IqA

3️⃣Digital Character Illustration Create A Memorable Whimsical Character

https://mega.nz/folder/giIAhIqR#4EWS8Qh-xu1l4FTLYVtAfA

4️⃣Packt - Building Web Servers in Java

https://mega.nz/folder/d3ZmgQbC#7jWhIWPp9Fr7kC4IN30AJA

5️⃣Packt - Kubernetes in 7 Days

https://mega.nz/folder/lv4j2KQC#dLqUWCmP4fOQTeV6_IAlIQ

6️⃣Pluralsight - NativeScript-AnimationTechniques

https://mega.nz/folder/57AwXIjY#yRK4ONTav6V32DaYnfxwMg

7️⃣Udemy - Learn about Python and Blockchain The Complete Guide

https://mega.nz/folder/1q4nXaSD#a3OuvWFPQxOhcm5IHdq2bw

E N J O Y ❤️👍🏻
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑The secure boot function exposes a new BootHole vulnerability affecting a large number of Linux and Windows systems :
#News

> The security research company Eclypsium has just exposed a new vulnerability in the Secure Boot function and named it BootHole. It especially exists in the GRUB2 file of Secure Boot, which allows the attacker to achieve "nearly complete control" of the victim's system. Moreover, both Linux and a large number of Windows operating systems will be affected by this vulnerability in the UEFI firmware.

> Eclypsium pointed out that as long as the standard Microsoft third-party UEFI certificate authorization is used, these Windows devices that support the Secure Boot function will be affected by the BootHole vulnerability, including a large number of Windows desktops, notebooks, workstations, servers, and other related technical fields.

> Given that Secure Boot is very important to control the boot process, the influence of BootHole vulnerability is also evident. For an attacker, it can execute arbitrary malicious code before the operating system is loaded, while avoiding the control of multiple security measures, and finally allows it to gain almost complete control of the target system.

#News
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WEB HACKING TIPS BY UNDERCODE :
#fastTips

1. Use website filtering to bypass the background verification directly, add admin/session.asp or admin/left.asp behind the website

2. When some websites enter the background, a script prompt box will appear, enter: administrator to break! admin means to enter as an administrator.

3. Some websites have opened 3389. Before hacking, connect to 3389 first, try a weak password or blast, and then press the shift key 5 times to see if anyone has installed the back door, and then the social work password.

4. Sometimes a prompt box "Please log in" will pop up when entering the background, copy the address out (you can't copy it), and then put it in the webpage source code analyzer, select the browser-intercept jump check-check to enter the background!

5. Break through the anti-theft chain to access webshell, code:



Copy codecode show as below:

javascript:document.write("<a href='http://www.example.com/uploadfile/1.asp'>fuck</a>")

After pressing enter, click GO to enter the webshell

6. Break through the first-class information monitoring interception system access. When the pony can access but uploading to Malaysia is not possible, you can use Malaysia to merge with a picture first, upload the merged picture, and then access after the database is backed up!

7. When taking the editor's shell, sometimes adding asp|asa|cer|php|aspx and other extensions are filtered when uploading, in fact, as long as adding aaspsp and uploading asp will break through.

8. Sometimes D has guessed the table segment, but when you can’t guess the field, you can go to the background to view the source file, search for ID or type, you can usually find it, and then add a field to D to guess the content to break through .

9. This technique can be used for the social work background password. If the website domain name is: exehack.Net and the administrator name is admin, you can try the passwords "exehack" and "exehack.net" to log in.

10. If the website filters and 1=1 and 1=2 during manual injection, you can use xor 1=1 xor 1=2 to judge.

11. The local structure uploads a one-sentence Trojan. If it prompts "Please select the file you want to upload! [Re-upload]", the file is too small. Open it with Notepad and copy a few more sentences to enlarge the file size before uploading OK.

12. Use ah d to stop the watch, run the field name name and pass can not come out, the display length exceeds 50 or something, if you can't figure it out, you can usually run out of pangolins at this time!

13. Guess the administrator background tips, admin/left.asp, admin/main.asp, admin/top.asp, admin/admin.asp will show the menu navigation, and then Thunder download all links.

14. Know the table name, field, use SQL statement to add a user name and password statement in the ACCESS database:

Insert into admin(user,pwd) values('test','test')

15. When you get the administrator's password, but you can't get the administrator's account, go to the front desk to open a news item and look for words such as "submitter" and "publisher". Generally, the "submitter" is the administrator's Account now.

16. The absolute web path of the website set up by blasting ASP+IIS, assuming that the home page of the website is: http://www.xxxxx/index.asp/ Submit http://www.xxxxx.cn/fkbhvv.aspx/, fkbhvv.aspx is nonexistent.

17. Utilization of source code, many websites use source code downloaded from the Internet. Some webmasters are lazy and don’t change anything, and then upload and open the website. We can download a set, which contains a lot of default information worthy of use.

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁