β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Exploitation of the blind command injection vulnerability
#FastTips
1) A command injection (also known as remote code execution) vulnerability allows commands to be executed at the operating system level. Such vulnerabilities can be found in web applications, routers.
2) A detailed description of this vulnerability and methods of exploitation are described in the article " OS Command Injection : Concept, Operation, Automated Vulnerability Search".
3) mentions the blind command injection vulnerability and shows examples of its exploitation. However, the blind vulnerability is harder to understand and slightly harder to exploit - instead of injecting a payload and watching the results right in a browser window or console, you need to use a third-party web server.
βββββββββββββββββββββββ-
π¦For training we need:
1) machine with web server and vulnerable web application
2) attacker's web server - it could be a second machine on the local network or your hosting
The following script will execute the role of the vulnerable application:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>undercode </title>
</head>
<body>
<form>
<input name="message" type="text" />
<input type="submit">
</form>
<?php
if (isset($_GET["message"])) {
exec ('echo ' . $_GET["message"] . ' >> /tmp/messages');
}
?>
</body>
</html>
written
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Exploitation of the blind command injection vulnerability
#FastTips
1) A command injection (also known as remote code execution) vulnerability allows commands to be executed at the operating system level. Such vulnerabilities can be found in web applications, routers.
2) A detailed description of this vulnerability and methods of exploitation are described in the article " OS Command Injection : Concept, Operation, Automated Vulnerability Search".
3) mentions the blind command injection vulnerability and shows examples of its exploitation. However, the blind vulnerability is harder to understand and slightly harder to exploit - instead of injecting a payload and watching the results right in a browser window or console, you need to use a third-party web server.
βββββββββββββββββββββββ-
π¦For training we need:
1) machine with web server and vulnerable web application
2) attacker's web server - it could be a second machine on the local network or your hosting
The following script will execute the role of the vulnerable application:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>undercode </title>
</head>
<body>
<form>
<input name="message" type="text" />
<input type="submit">
</form>
<?php
if (isset($_GET["message"])) {
exec ('echo ' . $_GET["message"] . ' >> /tmp/messages');
}
?>
</body>
</html>
written
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦start hacking for beginers :
1) Penetration Testing of an FTP Server:
https://medium.com/p/19afe538be4b
2) Reverse Engineering of the Anubis Malware Γ’β¬β Part 1:
https://medium.com/p/741e12f5a6bd
3) Privilege Escalation on Linux with Live examples:
https://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/
4) Pentesting Cheatsheets:
https://ired.team/offensive-security-experiments/offensive-security-cheetsheets
5) Powershell Payload Delivery via DNS using Invoke-PowerCloud:
https://ired.team/offensive-security-experiments/payload-delivery-via-dns-using-invoke-powercloud
6) SMART GOOGLE SEARCH QUERIES TO FIND VULNERABLE SITES Γ’β¬β LIST OF 4500+ GOOGLE DORKS:
https://sguru.org/ghdb-download-list-4500-google-dorks-free/
7) SQL Injection Cheat Sheet:
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
8) SQLmapΓ’β¬β’s os-shell + Backdooring website with Weevely:
https://medium.com/p/8cb6dcf17fa4
9) SQLMap Tamper Scripts (SQL Injection and WAF bypass) Tips:
https://medium.com/p/c5a3f5764cb3
10 )BugBounty Γ’β¬β How I was able to download the Source Code of IndiaΓ’β¬β’s Largest Telecom Service Provider including dozens of more popular websites!:
https://medium.com/p/52cf5c5640a1
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦start hacking for beginers :
1) Penetration Testing of an FTP Server:
https://medium.com/p/19afe538be4b
2) Reverse Engineering of the Anubis Malware Γ’β¬β Part 1:
https://medium.com/p/741e12f5a6bd
3) Privilege Escalation on Linux with Live examples:
https://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/
4) Pentesting Cheatsheets:
https://ired.team/offensive-security-experiments/offensive-security-cheetsheets
5) Powershell Payload Delivery via DNS using Invoke-PowerCloud:
https://ired.team/offensive-security-experiments/payload-delivery-via-dns-using-invoke-powercloud
6) SMART GOOGLE SEARCH QUERIES TO FIND VULNERABLE SITES Γ’β¬β LIST OF 4500+ GOOGLE DORKS:
https://sguru.org/ghdb-download-list-4500-google-dorks-free/
7) SQL Injection Cheat Sheet:
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
8) SQLmapΓ’β¬β’s os-shell + Backdooring website with Weevely:
https://medium.com/p/8cb6dcf17fa4
9) SQLMap Tamper Scripts (SQL Injection and WAF bypass) Tips:
https://medium.com/p/c5a3f5764cb3
10 )BugBounty Γ’β¬β How I was able to download the Source Code of IndiaΓ’β¬β’s Largest Telecom Service Provider including dozens of more popular websites!:
https://medium.com/p/52cf5c5640a1
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Medium
Penetration Testing of an FTP Server
Welcome to Internal penetration testing on FTP server where you will learn FTP installation and configuration, enumeration and attackβ¦
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Remove Docker Image ?
1) To remove the docker image from your system, you will need to list out all available images in your system.
You can list them using the following command:
docker image ls
2) You should see the following output:
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 4bb46517cac3 2 days ago 133MB
wordpress latest f1da35a7ddca 3 days ago 546MB
mariadb latest b95867b52886 4 days ago 407MB
Now, you have a list of all images in your system. Next, locate the ID of the image that you want to remove and run the following command:
> docker image rm 4bb46517cac3
3) You should see the following error:
Error response from daemon: conflict: unable to delete 4bb46517cac3 (cannot be forced)
- image is being used by running container 8f3d538370e5
4) This output indicates any container uses the image you want to remove. So you will need to remove that container before removing the image.
If you want to remove multiple images, you will need to specify the ID of each docker image with βdocker image rmβ command:
> docker image rm ID1 ID2 ID3
Remove Dangling Docker Images
A dangling image is an unused image that is not used by any container. You can remove the dangling image from your system by running the following command:
docker image prune
5) You will be prompt to type y to continue, as shown below:
WARNING! This will remove all dangling images.
Are you sure you want to continue? [y/N] y
Total reclaimed space: 0B
6) Remove All Unused Docker Images
Docker allows you to remove all images that are not used by any containers using a single command, as shown below:
docker image prune -a
7) You will be prompt to type y to continue, as shown below:
WARNING! This will remove all images without at least one container associated with them.
Are you sure you want to continue? [y/N] y
8) Deleted Images:
untagged: ubuntu:latest
untagged: ubuntu@sha256:5d1d5407f353843ecf8b16524bc5565aa332e9e6a1297c73a92d3e754b8a636d
deleted: sha256:1e4467b07108685c38297025797890f0492c4ec509212e2e4b4822d367fe6bc8
Total reclaimed space: 0B
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Remove Docker Image ?
1) To remove the docker image from your system, you will need to list out all available images in your system.
You can list them using the following command:
docker image ls
2) You should see the following output:
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx latest 4bb46517cac3 2 days ago 133MB
wordpress latest f1da35a7ddca 3 days ago 546MB
mariadb latest b95867b52886 4 days ago 407MB
Now, you have a list of all images in your system. Next, locate the ID of the image that you want to remove and run the following command:
> docker image rm 4bb46517cac3
3) You should see the following error:
Error response from daemon: conflict: unable to delete 4bb46517cac3 (cannot be forced)
- image is being used by running container 8f3d538370e5
4) This output indicates any container uses the image you want to remove. So you will need to remove that container before removing the image.
If you want to remove multiple images, you will need to specify the ID of each docker image with βdocker image rmβ command:
> docker image rm ID1 ID2 ID3
Remove Dangling Docker Images
A dangling image is an unused image that is not used by any container. You can remove the dangling image from your system by running the following command:
docker image prune
5) You will be prompt to type y to continue, as shown below:
WARNING! This will remove all dangling images.
Are you sure you want to continue? [y/N] y
Total reclaimed space: 0B
6) Remove All Unused Docker Images
Docker allows you to remove all images that are not used by any containers using a single command, as shown below:
docker image prune -a
7) You will be prompt to type y to continue, as shown below:
WARNING! This will remove all images without at least one container associated with them.
Are you sure you want to continue? [y/N] y
8) Deleted Images:
untagged: ubuntu:latest
untagged: ubuntu@sha256:5d1d5407f353843ecf8b16524bc5565aa332e9e6a1297c73a92d3e754b8a636d
deleted: sha256:1e4467b07108685c38297025797890f0492c4ec509212e2e4b4822d367fe6bc8
Total reclaimed space: 0B
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦speed up any windows recommended by Microsoft :
https://www.microsoft.com/en-us/p/total-pc-cleaner-free-disk-space-clean-up-optimize-memory-windows-system/9nb3xctl0rwd?activetab=pivot:overviewtab#
https://www.microsoft.com/en-us/p/speed-o-meter/9nblggh4n9fs?activetab=pivot:overviewtab
https://www.microsoft.com/en-us/p/360-total-security/9nblggh1np58?activetab=pivot:overviewtab
https://www.microsoft.com/en-us/p/duplicate-cleaner-master/9nblggh52s41?activetab=pivot:overviewtab#
https://www.microsoft.com/en-us/p/comet-disk-cleanup/9n5xkh8shwqv?activetab=pivot:overviewtab
https://www.microsoft.com/en-us/p/smart-disk-cleanup/9pm1sh8s2vqv?activetab=pivot:overviewtab#
https://www.microsoft.com/en-us/p/trend-cleaner-free-your-disk-computer/9nwmt7tmtmn0?activetab=pivot%3Aoverviewtab
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦speed up any windows recommended by Microsoft :
https://www.microsoft.com/en-us/p/total-pc-cleaner-free-disk-space-clean-up-optimize-memory-windows-system/9nb3xctl0rwd?activetab=pivot:overviewtab#
https://www.microsoft.com/en-us/p/speed-o-meter/9nblggh4n9fs?activetab=pivot:overviewtab
https://www.microsoft.com/en-us/p/360-total-security/9nblggh1np58?activetab=pivot:overviewtab
https://www.microsoft.com/en-us/p/duplicate-cleaner-master/9nblggh52s41?activetab=pivot:overviewtab#
https://www.microsoft.com/en-us/p/comet-disk-cleanup/9n5xkh8shwqv?activetab=pivot:overviewtab
https://www.microsoft.com/en-us/p/smart-disk-cleanup/9pm1sh8s2vqv?activetab=pivot:overviewtab#
https://www.microsoft.com/en-us/p/trend-cleaner-free-your-disk-computer/9nwmt7tmtmn0?activetab=pivot%3Aoverviewtab
β β β Uππ»βΊπ«Δπ¬πβ β β β
Microsoft
Get Total PC Cleaner - Clean Disk & Cache from the Microsoft Store
Best FREE PC cleaner in 2021. Free disk space clean up, optimize memory, and speed up Windows system. Optimize and clean my PC.
Cleaner & PC Cleaner for free. CCleaner & Clean master alternative cleaner.
Keep your computer clean and fast with Total PCβ¦
Cleaner & PC Cleaner for free. CCleaner & Clean master alternative cleaner.
Keep your computer clean and fast with Total PCβ¦
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACKING TOP PDF :
https://mega.nz/#!3Hw0jKrA!CQgjBPlShS8F0I78VtjUSRiVbxgaX3XXI7MwvPKJ5xE
https://mega.nz/#!WWxQxDra!aZXzFU1xmzQ2WA5oREynES09jNrrghlA4nJoMiD2D08
https://mega.nz/#!Pe5EWYYC!-wdbOjgzpqKoP-cIfk53lnJnzZRJu_UsVmQb-yU_-lU
https://mega.nz/#!mKYgGJbS!Uukn-N1UgrrL8H3l782zamAfcRcqdEUYgzZNDRaThFU
https://mega.nz/#!PKx3jQ6R!01pz7962NoK6OO5T2l4cpZ_DfmjblNYCxgdaXFFY1js
https://mega.nz/#!fLAQSaKY!wXcwBlMLtQrAbjSjI3xffdoxqtArpi8LilnNRDiuNkw
https://mega.nz/#!SKQzhCbZ!nq-5UeolLFCNJXAjQaozndbiL2ZZMLhJCzIA6kZHEtk
https://mega.nz/#!mOhEWKhR!C4JmiXrvYrZBMk4K8ez4oa7UKp9awyflQDx1UIayhAU
https://mega.nz/#!jS53wbSa!nQg__qNxQUffbEKk6_dAOAJq8cKzNPEPrFDGsbNgaO0
https://mega.nz/#!3CICFKyK!T5wr-7w8Ua9ZWghOO7zYkDpmZj99EXMNnKEwWXaX17M
https://mega.nz/#!eLQklSTK!X7kbivoPlTI_TAUpYag5qi2AKgqreG_eFADsqNURibk
https://mega.nz/#!HfQ2lSQR!LBrGdhRENQUpuGO3ud_6eG438JG-2FK8Yekrm175pcM
https://mega.nz/#!HfQ2lSQR!LBrGdhRENQUpuGO3ud_6eG438JG-2FK8Yekrm175pcM
https://mega.nz/#!2G4ynDRY!x9BWn6AQnT2yqusi3UU_wctymGQ09T7HcmQnRlnOC0Q
https://mega.nz/#!WGRlVJyQ!ojxMbOZOlki3bH_ZwwPNMTrGvkjfS9Yf3lanxuiFp4I
https://mega.nz/#!zWgGlR7Q!4SeJkHrVoB1H4lTNmR2w8bypAWTQSAyRwXFufxyajDI
https://mega.nz/#!nP5lnCzL!NBZxeTM14sAd-Zar9ObrSxICTSSP9t4l9VjTA5OxSl0
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACKING TOP PDF :
https://mega.nz/#!3Hw0jKrA!CQgjBPlShS8F0I78VtjUSRiVbxgaX3XXI7MwvPKJ5xE
https://mega.nz/#!WWxQxDra!aZXzFU1xmzQ2WA5oREynES09jNrrghlA4nJoMiD2D08
https://mega.nz/#!Pe5EWYYC!-wdbOjgzpqKoP-cIfk53lnJnzZRJu_UsVmQb-yU_-lU
https://mega.nz/#!mKYgGJbS!Uukn-N1UgrrL8H3l782zamAfcRcqdEUYgzZNDRaThFU
https://mega.nz/#!PKx3jQ6R!01pz7962NoK6OO5T2l4cpZ_DfmjblNYCxgdaXFFY1js
https://mega.nz/#!fLAQSaKY!wXcwBlMLtQrAbjSjI3xffdoxqtArpi8LilnNRDiuNkw
https://mega.nz/#!SKQzhCbZ!nq-5UeolLFCNJXAjQaozndbiL2ZZMLhJCzIA6kZHEtk
https://mega.nz/#!mOhEWKhR!C4JmiXrvYrZBMk4K8ez4oa7UKp9awyflQDx1UIayhAU
https://mega.nz/#!jS53wbSa!nQg__qNxQUffbEKk6_dAOAJq8cKzNPEPrFDGsbNgaO0
https://mega.nz/#!3CICFKyK!T5wr-7w8Ua9ZWghOO7zYkDpmZj99EXMNnKEwWXaX17M
https://mega.nz/#!eLQklSTK!X7kbivoPlTI_TAUpYag5qi2AKgqreG_eFADsqNURibk
https://mega.nz/#!HfQ2lSQR!LBrGdhRENQUpuGO3ud_6eG438JG-2FK8Yekrm175pcM
https://mega.nz/#!HfQ2lSQR!LBrGdhRENQUpuGO3ud_6eG438JG-2FK8Yekrm175pcM
https://mega.nz/#!2G4ynDRY!x9BWn6AQnT2yqusi3UU_wctymGQ09T7HcmQnRlnOC0Q
https://mega.nz/#!WGRlVJyQ!ojxMbOZOlki3bH_ZwwPNMTrGvkjfS9Yf3lanxuiFp4I
https://mega.nz/#!zWgGlR7Q!4SeJkHrVoB1H4lTNmR2w8bypAWTQSAyRwXFufxyajDI
https://mega.nz/#!nP5lnCzL!NBZxeTM14sAd-Zar9ObrSxICTSSP9t4l9VjTA5OxSl0
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
mega.nz
MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to compress a file with Gzip and keep the original file
We can use three options to keep the original file when using gzip:
1) Method 1: using the -k option
$ sudo gzip -k picture.img
or
$ sudo gzip --keep picture.img
2) Method 2: using the -c option
$ sudo gzip -c picture.img> picture.img.gz
3) For the gunzip command, you can use the same -c option to keep the original file.
4) Method 3: using shell redirection
$ sudo gzip <picture.img> picture.img.gz
5) How to compress all files
To compress all files in the current folder and subfolders use:
$ sudo gzip -kr.
6) How to compress all files and subfolders
Unlike the gzip command, the tar command by default preserves the original directories or files, use this option:
$ sudo tar -zcvf compressednewfile1.tar.gz directorytocompress
or
$ sudo tar -zcvf allfilesdirectories.tar.gz *
7) Select the required number of directories to compress:
$ sudo tar -zcvf directory1and2.tar.gz dir1 dir2
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to compress a file with Gzip and keep the original file
We can use three options to keep the original file when using gzip:
1) Method 1: using the -k option
$ sudo gzip -k picture.img
or
$ sudo gzip --keep picture.img
2) Method 2: using the -c option
$ sudo gzip -c picture.img> picture.img.gz
3) For the gunzip command, you can use the same -c option to keep the original file.
4) Method 3: using shell redirection
$ sudo gzip <picture.img> picture.img.gz
5) How to compress all files
To compress all files in the current folder and subfolders use:
$ sudo gzip -kr.
6) How to compress all files and subfolders
Unlike the gzip command, the tar command by default preserves the original directories or files, use this option:
$ sudo tar -zcvf compressednewfile1.tar.gz directorytocompress
or
$ sudo tar -zcvf allfilesdirectories.tar.gz *
7) Select the required number of directories to compress:
$ sudo tar -zcvf directory1and2.tar.gz dir1 dir2
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Like a Ransomware :
π How to encrypt files on your Linux servers using gocryptfs ?
1) How to install gocryptfs
Since gocryptfs is in the standard repositories, you can install this tool with a single command.
2) On an Ubuntu based system, this command:
sudo apt-get install gocryptfs -y
3) If you are using a Red Hat based distribution, the command is:
sudo dnf install gocryptfs -y
4) How to create an encrypted directory
With gocryptfs installed, you can create your first encrypted directory.
5) Let's create a new directory using the command:
mkdir data_vault
6) Initialize this new directory with the command:
gocryptfs --init data_vault
7) You will be prompted to create a password for the new directory.
8) A new gocryptfs filesystem will be created in the directory, and then you will be presented with the master key for that filesystem.
9) This master key is used to decrypt the encrypted file system if it gets damaged or you forget your decryption password.
10) Please keep this key in a safe place.
11) We will now create a mount point for our new filesystem.
12) Let's create a directory named vault using the command:
> mkdir vault
13) Mount the encrypted filesystem to the mount directory using the command:
gocryptfs data_vault vault
14) You will be prompted for the encryption password you created when you initialized the data_vault directory.
After successful authentication, you will see the filesystem is mounted and ready.
15) Now you can add data to this directory.
16) When you add data to a mounted directory, it automatically syncs it with the file system.
Although the files in the mounted directory are viewable, they are encrypted on the file system.
17) After you've added all the files, unmount the directory with the command:
fusermount -u vault
18) At this point, nothing is found in the vault directory and everything in data_vault is encrypted.
19) To work with data_vault again, just mount it to the vault directory, work with your files, and then unmount it again.
Simple and safe.
With gocryptfs, you can easily protect your files and folders with a strong encryption layer.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Like a Ransomware :
π How to encrypt files on your Linux servers using gocryptfs ?
1) How to install gocryptfs
Since gocryptfs is in the standard repositories, you can install this tool with a single command.
2) On an Ubuntu based system, this command:
sudo apt-get install gocryptfs -y
3) If you are using a Red Hat based distribution, the command is:
sudo dnf install gocryptfs -y
4) How to create an encrypted directory
With gocryptfs installed, you can create your first encrypted directory.
5) Let's create a new directory using the command:
mkdir data_vault
6) Initialize this new directory with the command:
gocryptfs --init data_vault
7) You will be prompted to create a password for the new directory.
8) A new gocryptfs filesystem will be created in the directory, and then you will be presented with the master key for that filesystem.
9) This master key is used to decrypt the encrypted file system if it gets damaged or you forget your decryption password.
10) Please keep this key in a safe place.
11) We will now create a mount point for our new filesystem.
12) Let's create a directory named vault using the command:
> mkdir vault
13) Mount the encrypted filesystem to the mount directory using the command:
gocryptfs data_vault vault
14) You will be prompted for the encryption password you created when you initialized the data_vault directory.
After successful authentication, you will see the filesystem is mounted and ready.
15) Now you can add data to this directory.
16) When you add data to a mounted directory, it automatically syncs it with the file system.
Although the files in the mounted directory are viewable, they are encrypted on the file system.
17) After you've added all the files, unmount the directory with the command:
fusermount -u vault
18) At this point, nothing is found in the vault directory and everything in data_vault is encrypted.
19) To work with data_vault again, just mount it to the vault directory, work with your files, and then unmount it again.
Simple and safe.
With gocryptfs, you can easily protect your files and folders with a strong encryption layer.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
UNDERCODE SECURITY
Malware writing series - Python Malware, part 1.pdf
Write your own malware
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TIPS FOR BLOGGERS
1. Crop images to improve composition
Sometimes you can take a photo that is almost perfect, but still requires some tweaking.
In these cases, a simple crop may be all you need to get your photos perfect.
By cropping, you can remove unnecessary background details to better define the main subject of your photos.
You can also use the free image cropping editor, which we will show next.
2. Adjust the exposure.
If you want to learn how to edit photos, you need to know about adjusting exposure.
First, you need to know that exposure is the amount of light your camera uses when taking a photo.
Both aperture and shutter speed affect exposure.
An overexposed photo may look washed out.
In contrast, an underexposed photo can appear dull and dark.
For this, a photo retouching program is suitable, you can easily adjust the exposure.
3. Perform color correction.
When taking photos, you should always properly adjust the white balance on your camera.
If your white balance is not properly adjusted, your photo may have a color cast that affects its contrast, saturation, and brightness.
Fortunately, you can easily fix any color problems during the editing process.
It takes some trial and error to master color grading.
But this is one of the most important skills to acquire if you really want to learn how to edit photos like a pro.
4. Removing unwanted stains
Sometimes you may need to make selective corrections to remove any blemishes, imperfections, etc.
One way to avoid making these adjustments is to make sure the camera lens is clean and free of dirt, grime and water droplets before shooting.
However, it would be nice to learn how to edit photos in order to eliminate these disadvantages.
5. Using PhotoMASTER
The free program PhotoMASTER has many possibilities in its functionality.
All of the above tips, you can implement using this tool.
The program is in Russian and has a simple and intuitive interface.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TIPS FOR BLOGGERS
1. Crop images to improve composition
Sometimes you can take a photo that is almost perfect, but still requires some tweaking.
In these cases, a simple crop may be all you need to get your photos perfect.
By cropping, you can remove unnecessary background details to better define the main subject of your photos.
You can also use the free image cropping editor, which we will show next.
2. Adjust the exposure.
If you want to learn how to edit photos, you need to know about adjusting exposure.
First, you need to know that exposure is the amount of light your camera uses when taking a photo.
Both aperture and shutter speed affect exposure.
An overexposed photo may look washed out.
In contrast, an underexposed photo can appear dull and dark.
For this, a photo retouching program is suitable, you can easily adjust the exposure.
3. Perform color correction.
When taking photos, you should always properly adjust the white balance on your camera.
If your white balance is not properly adjusted, your photo may have a color cast that affects its contrast, saturation, and brightness.
Fortunately, you can easily fix any color problems during the editing process.
It takes some trial and error to master color grading.
But this is one of the most important skills to acquire if you really want to learn how to edit photos like a pro.
4. Removing unwanted stains
Sometimes you may need to make selective corrections to remove any blemishes, imperfections, etc.
One way to avoid making these adjustments is to make sure the camera lens is clean and free of dirt, grime and water droplets before shooting.
However, it would be nice to learn how to edit photos in order to eliminate these disadvantages.
5. Using PhotoMASTER
The free program PhotoMASTER has many possibilities in its functionality.
All of the above tips, you can implement using this tool.
The program is in Russian and has a simple and intuitive interface.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Brute SSH the remote server :
For brute-force attacks (brute-force attacks), we will use the Hydra tool , which is included with the Kali Linux distribution. SSH is present on any Linux or Unix server and is generally the primary use for administrators to access and control their systems.
Warning: Hydra is an attack tool
β Use it only on your own systems and networks unless you have written permission from the owner. Otherwise, it is illegal . "
1) To implement the attack, use the command:
# hydra -s 22 -l root -P / usr / share / wordlists / fasttrack .txt 192.168.1.1 -t 4 ssh
2) Now let's analyze it:
- s - The flag indicates the port. It is worth noting that administrators can replace the default port 22 for the ssh service , in order to find out which port the service is running on, it is necessary to perform an initial scan of the target using the Nmap tool . We wrote about how to do this earlier in the article .
- l - the flag indicates the login, in our example we use root and admin. (we can provide a link to the dictionary here)
- P - the flag indicates the password, in our case we use the fasttrack .txt dictionary from the kali distribution , which is located in the / usr / share / wordlists / directory
3) It is worth noting that in order to effectively carry out a brute-force attack, it is worth paying due attention to the preparation of the dictionary, namely: taking into account geographical and linguistic peculiarities, including the name of the company, the names of its subsidiaries, the names of the services and applications running, the names of employees, etc.
192.168.1.1 - ip address of the target, since the target we are using has a white ip, it is smeared
- t - the flag indicates the number of simultaneously used threads. We indicate 4
ssh - used protocol
4) Based on the results of the team's work, we see that the passwords from the dictionary did not fit for the admin and root logins
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Brute SSH the remote server :
For brute-force attacks (brute-force attacks), we will use the Hydra tool , which is included with the Kali Linux distribution. SSH is present on any Linux or Unix server and is generally the primary use for administrators to access and control their systems.
Warning: Hydra is an attack tool
β Use it only on your own systems and networks unless you have written permission from the owner. Otherwise, it is illegal . "
1) To implement the attack, use the command:
# hydra -s 22 -l root -P / usr / share / wordlists / fasttrack .txt 192.168.1.1 -t 4 ssh
2) Now let's analyze it:
- s - The flag indicates the port. It is worth noting that administrators can replace the default port 22 for the ssh service , in order to find out which port the service is running on, it is necessary to perform an initial scan of the target using the Nmap tool . We wrote about how to do this earlier in the article .
- l - the flag indicates the login, in our example we use root and admin. (we can provide a link to the dictionary here)
- P - the flag indicates the password, in our case we use the fasttrack .txt dictionary from the kali distribution , which is located in the / usr / share / wordlists / directory
3) It is worth noting that in order to effectively carry out a brute-force attack, it is worth paying due attention to the preparation of the dictionary, namely: taking into account geographical and linguistic peculiarities, including the name of the company, the names of its subsidiaries, the names of the services and applications running, the names of employees, etc.
192.168.1.1 - ip address of the target, since the target we are using has a white ip, it is smeared
- t - the flag indicates the number of simultaneously used threads. We indicate 4
ssh - used protocol
4) Based on the results of the team's work, we see that the passwords from the dictionary did not fit for the admin and root logins
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β