โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆHow to encrypt, decrypt PDF files using TERMUX :
1๏ธโฃDOWNLOAD https://d-05.winudf.com/b/apk/Y29tLmNidXp6YXBwcy5wZGZ1bmxvY2tlcm1hc3Rlcl8xX2Y0OWExMDcy?_fn=UERGIFBhc3N3b3JkIFVubG9ja2VyIExvY2sgVW5sb2NrIFBERl92MS4wX2Fwa3B1cmUuY29tLmFwaw&_p=Y29tLmNidXp6YXBwcy5wZGZ1bmxvY2tlcm1hc3Rlcg&as=ded856575890fedcbcbc1ec37a7d6dfa5a753208&c=1%7CTOOLS&k=58607254a02f1c85b65759aa04a431245a7850cd
2๏ธโฃ Now type command chmod +x peepdf.py and Press Enter
3๏ธโฃtype command python2 peepdf.py -i and press Enter.
4๏ธโฃThe steps above help in installation of PDF Unlocker in system.
5๏ธโฃNow we come to the Encryption part.
1) After opening the PDF, type command encrypt Yourpassword Here โYourPasswordโ is Password for PDF file to open.
2) then type command โsaveโ and press Enter which makes your PDF Password Protected โ a note pops up on your screen describing the same.
๐ฆhow decrypt pdf- termux :
Step#1: Open the file again by command open -f /sdcard/FileName.pdfand press Enter.
Step#2: Then type command decrypt YourPassword and press Enter. Password must be the same as set to encrypt the same PDF. In case of problem, PDF Unlocker is always there to help you
termux-wiki
enjoyโค๏ธ๐๐ป
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆHow to encrypt, decrypt PDF files using TERMUX :
1๏ธโฃDOWNLOAD https://d-05.winudf.com/b/apk/Y29tLmNidXp6YXBwcy5wZGZ1bmxvY2tlcm1hc3Rlcl8xX2Y0OWExMDcy?_fn=UERGIFBhc3N3b3JkIFVubG9ja2VyIExvY2sgVW5sb2NrIFBERl92MS4wX2Fwa3B1cmUuY29tLmFwaw&_p=Y29tLmNidXp6YXBwcy5wZGZ1bmxvY2tlcm1hc3Rlcg&as=ded856575890fedcbcbc1ec37a7d6dfa5a753208&c=1%7CTOOLS&k=58607254a02f1c85b65759aa04a431245a7850cd
2๏ธโฃ Now type command chmod +x peepdf.py and Press Enter
3๏ธโฃtype command python2 peepdf.py -i and press Enter.
4๏ธโฃThe steps above help in installation of PDF Unlocker in system.
5๏ธโฃNow we come to the Encryption part.
1) After opening the PDF, type command encrypt Yourpassword Here โYourPasswordโ is Password for PDF file to open.
2) then type command โsaveโ and press Enter which makes your PDF Password Protected โ a note pops up on your screen describing the same.
๐ฆhow decrypt pdf- termux :
Step#1: Open the file again by command open -f /sdcard/FileName.pdfand press Enter.
Step#2: Then type command decrypt YourPassword and press Enter. Password must be the same as set to encrypt the same PDF. In case of problem, PDF Unlocker is always there to help you
termux-wiki
enjoyโค๏ธ๐๐ป
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆPay attention to container security: Doki infects Docker servers in the cloud
๐ฆMain findings
1) The Ngrok Mining Botnet is an active activity that targets Docker servers exposed in AWS, Azure and other cloud platforms. It has been active for at least two years.
2) We detected a recent attack that included completely undetected Linux malware and previously undocumented technology that used blockchain wallets to generate C&C domain names.
3) Anyone with public access to the Docker API can be hacked in just a few hours. This is most likely due to the hacker's automatic and continuous full Internet scan of vulnerable victims.
4) Since the first analysis on January 14, 2020, VirusTotalโs 60 malware detection engines have not yet detected a new malware called โDokiโ.
5) The attacker is using the infected victim to search for other vulnerable cloud servers.
๐ฆMORE DETAILS :
Linux threats are becoming more and more common. One factor causing this situation is the increasing shift and reliance on cloud environments, which are mainly based on Linux infrastructure. Therefore, attackers have adopted new tools and techniques specifically designed for this infrastructure.
A popular technique is to abuse misconfigured Docker API ports, where attackers scan for publicly accessible Docker servers and use them to set up their own containers and execute malware on the victim's infrastructure.
The Ngrok botnet is one of the longest-lasting attacks using the Docker API port, previously reported by researchers from Netlab and Trend Micro. As part of the attack, the attacker abused the Docker configuration function to evade standard container restrictions and execute various malicious loads from the host. They also deployed a network scanner and used it to scan the IP range of the cloud provider to find other potentially vulnerable targets. Our evidence shows that it only takes a few hours from the launch of the newly misconfigured Docker server to the infection.
Recently, we detected a new malware payload that is different from the standard crypto miners usually deployed in this attack. The malware is a completely undiscovered backdoor, we named it Doki.
Doki uses a previously undocumented method to abuse the Dogecoin cryptocurrency blockchain in a unique way to contact its operator in order to dynamically generate its C2 domain address. Although VirusTotal publicly provided samples, the malware has been successfully hidden for more than six months.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆPay attention to container security: Doki infects Docker servers in the cloud
๐ฆMain findings
1) The Ngrok Mining Botnet is an active activity that targets Docker servers exposed in AWS, Azure and other cloud platforms. It has been active for at least two years.
2) We detected a recent attack that included completely undetected Linux malware and previously undocumented technology that used blockchain wallets to generate C&C domain names.
3) Anyone with public access to the Docker API can be hacked in just a few hours. This is most likely due to the hacker's automatic and continuous full Internet scan of vulnerable victims.
4) Since the first analysis on January 14, 2020, VirusTotalโs 60 malware detection engines have not yet detected a new malware called โDokiโ.
5) The attacker is using the infected victim to search for other vulnerable cloud servers.
๐ฆMORE DETAILS :
Linux threats are becoming more and more common. One factor causing this situation is the increasing shift and reliance on cloud environments, which are mainly based on Linux infrastructure. Therefore, attackers have adopted new tools and techniques specifically designed for this infrastructure.
A popular technique is to abuse misconfigured Docker API ports, where attackers scan for publicly accessible Docker servers and use them to set up their own containers and execute malware on the victim's infrastructure.
The Ngrok botnet is one of the longest-lasting attacks using the Docker API port, previously reported by researchers from Netlab and Trend Micro. As part of the attack, the attacker abused the Docker configuration function to evade standard container restrictions and execute various malicious loads from the host. They also deployed a network scanner and used it to scan the IP range of the cloud provider to find other potentially vulnerable targets. Our evidence shows that it only takes a few hours from the launch of the newly misconfigured Docker server to the infection.
Recently, we detected a new malware payload that is different from the standard crypto miners usually deployed in this attack. The malware is a completely undiscovered backdoor, we named it Doki.
Doki uses a previously undocumented method to abuse the Dogecoin cryptocurrency blockchain in a unique way to contact its operator in order to dynamically generate its C2 domain address. Although VirusTotal publicly provided samples, the malware has been successfully hidden for more than six months.
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Backup Legal Mega
mega.nz
213.16 MB folder on MEGA
20 files and 6 subfolders
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆThe meaning of sniffer and sniffer
1) Sniffers have almost as long a history as the internet. Sniffer is a commonly used method of collecting useful data.
2) These data can be the user's account and password, or some commercial confidential data. With the increasing popularity of the Internet and e-commerce, the security of the Internet has also received more and more attention.
3) Sniffer, which plays an important role in Internet security risks, has attracted more and more attention, so today I want to introduce Sniffer and how to stop it.
4) Most hackers only want to detect hosts on the intranet and gain control. Only those "ambitious" hackers install Trojan horses and backdoor programs and clear records in order to control the entire network. The technique they often use is to install sniffers.
5) On the intranet, if hackers want to quickly obtain a large number of accounts (including user names and passwords), the most effective method is to use the "sniffer" program.
> This method requires that the host running the Sniffer program and the monitored host must be on the same Ethernet segment, so running the sniffer on an external host has no effect. Furthermore, you must use the sniffer program as root to be able to monitor the data stream on the Ethernet segment.
> When talking about Ethernet sniffers, you must talk about Ethernet sniffing.
@UndercodeTesting
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆThe meaning of sniffer and sniffer
1) Sniffers have almost as long a history as the internet. Sniffer is a commonly used method of collecting useful data.
2) These data can be the user's account and password, or some commercial confidential data. With the increasing popularity of the Internet and e-commerce, the security of the Internet has also received more and more attention.
3) Sniffer, which plays an important role in Internet security risks, has attracted more and more attention, so today I want to introduce Sniffer and how to stop it.
4) Most hackers only want to detect hosts on the intranet and gain control. Only those "ambitious" hackers install Trojan horses and backdoor programs and clear records in order to control the entire network. The technique they often use is to install sniffers.
5) On the intranet, if hackers want to quickly obtain a large number of accounts (including user names and passwords), the most effective method is to use the "sniffer" program.
> This method requires that the host running the Sniffer program and the monitored host must be on the same Ethernet segment, so running the sniffer on an external host has no effect. Furthermore, you must use the sniffer program as root to be able to monitor the data stream on the Ethernet segment.
> When talking about Ethernet sniffers, you must talk about Ethernet sniffing.
@UndercodeTesting
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from UNDERCODE HACKING
Malware Engineering Part 0x2โ Finding shelter for parasite.pdf
1.2 MB
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ#RANSOMWARE AES Crypt. Simple cross-platform file encryption solution.
> AES Crypt differs from the previously described VeraCrypt and TrueCrypt by the lack of on-the-fly encryption; it cannot be used to mount encrypted containers. This program can encrypt the file and decrypt it, but often you don't need more.
> AES Crypt is freeware, except for the iOS version, which uses the AES algorithm (256 bit). Today this algorithm is considered exemplary reliable and well analyzed, it is accepted as a standard by the US government (I do not recommend blindly trusting their standards, even for the Dual EC_DRBG algorithm with a backdoor for the NSA). There is no choice of algorithms and the possibility of combined encryption.
โช๏ธDownload :
https://www.aescrypt.com/download/
enjoyโค๏ธ๐๐ป
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ#RANSOMWARE AES Crypt. Simple cross-platform file encryption solution.
> AES Crypt differs from the previously described VeraCrypt and TrueCrypt by the lack of on-the-fly encryption; it cannot be used to mount encrypted containers. This program can encrypt the file and decrypt it, but often you don't need more.
> AES Crypt is freeware, except for the iOS version, which uses the AES algorithm (256 bit). Today this algorithm is considered exemplary reliable and well analyzed, it is accepted as a standard by the US government (I do not recommend blindly trusting their standards, even for the Dual EC_DRBG algorithm with a backdoor for the NSA). There is no choice of algorithms and the possibility of combined encryption.
โช๏ธDownload :
https://www.aescrypt.com/download/
enjoyโค๏ธ๐๐ป
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Aescrypt
AES Crypt - Downloads
AES Crypt is an advanced file encryption software product for Windows, Mac, Linux, and BSD systems
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆfor ROOTED ONEPLUS :
TWRP Alternative Lets Manage Magisk Modules on OnePlus Devices :
Sky Hawk Recovery Project (SHRP) is a new custom recovery for OnePlus devices with some interesting features. Sky Hawk is based on the latest version of TWRP 3.4.0-0, but it's hard to see from the looks. The developers have implemented many appearance changes and additional features, making an excellent alternative to TWRP.
๐ฆRequirements :
1) OnePlus 6, 6T, 7 Pro
Installed TWRP
2) OxygenOS 10.3 or newer
๐ฆInstalling Sky Hawk Recovery on OnePlus
Before using Sky Hawk Recovery on OnePlus, you need to install TWRP. This process is described in separate articles.
After installing TWRP, you can download the Sky Hawk installation file from one of the links below. Place the file in a convenient location on your device, such as the Downloads folder.
> Download Sky Hawk Recovery (.zip): OnePlus 6 | OnePlus 6T | OnePlus 7 Pro
> https://sourceforge.net/projects/ab-temp/files/SHRP/enchilada/SHRP_v2.3_enchilada-190630062020.zip/download
3) You need to boot into TWRP, find the Sky Hawk installation file, click on it once and swipe the slider to install. Once complete, open Reboot and select Recovery. After a few seconds, the device will boot into the Sky Hawk custom recovery. Enter your pin or password and access the main menu. You can now explore all the available features.
4) Built-in Magisk manager for modules
Magisk Manager in Sky Hawk does not require any third party mods to function. You can disable, delete and view information about each module on the device. The Core Only Mode switch turns off all modules at once. The Unroot option removes Magisk entirely.
5) Built-in theme manager
Sky Hawk contains a graphic theme manager. This allows you to change the appearance of the custom recovery environment. You can change the color, status bar settings, bar icon, navigation bar styles.
6)Many additional tweaks
In the "Tweaks" section, you can select options for Substratum. This is useful if the installed theme has not been updated for a long time. You can also remove the fingerprint lock if something goes wrong or someone has added their own finger.
Removing forced encryption on a device may be required if custom firmware or kernel requires it for certain functions. You can enable or disable the Camera 2 API, which gives advanced camera functionality on some devices.
enjoyโค๏ธ๐๐ป
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆfor ROOTED ONEPLUS :
TWRP Alternative Lets Manage Magisk Modules on OnePlus Devices :
Sky Hawk Recovery Project (SHRP) is a new custom recovery for OnePlus devices with some interesting features. Sky Hawk is based on the latest version of TWRP 3.4.0-0, but it's hard to see from the looks. The developers have implemented many appearance changes and additional features, making an excellent alternative to TWRP.
๐ฆRequirements :
1) OnePlus 6, 6T, 7 Pro
Installed TWRP
2) OxygenOS 10.3 or newer
๐ฆInstalling Sky Hawk Recovery on OnePlus
Before using Sky Hawk Recovery on OnePlus, you need to install TWRP. This process is described in separate articles.
After installing TWRP, you can download the Sky Hawk installation file from one of the links below. Place the file in a convenient location on your device, such as the Downloads folder.
> Download Sky Hawk Recovery (.zip): OnePlus 6 | OnePlus 6T | OnePlus 7 Pro
> https://sourceforge.net/projects/ab-temp/files/SHRP/enchilada/SHRP_v2.3_enchilada-190630062020.zip/download
3) You need to boot into TWRP, find the Sky Hawk installation file, click on it once and swipe the slider to install. Once complete, open Reboot and select Recovery. After a few seconds, the device will boot into the Sky Hawk custom recovery. Enter your pin or password and access the main menu. You can now explore all the available features.
4) Built-in Magisk manager for modules
Magisk Manager in Sky Hawk does not require any third party mods to function. You can disable, delete and view information about each module on the device. The Core Only Mode switch turns off all modules at once. The Unroot option removes Magisk entirely.
5) Built-in theme manager
Sky Hawk contains a graphic theme manager. This allows you to change the appearance of the custom recovery environment. You can change the color, status bar settings, bar icon, navigation bar styles.
6)Many additional tweaks
In the "Tweaks" section, you can select options for Substratum. This is useful if the installed theme has not been updated for a long time. You can also remove the fingerprint lock if something goes wrong or someone has added their own finger.
Removing forced encryption on a device may be required if custom firmware or kernel requires it for certain functions. You can enable or disable the Camera 2 API, which gives advanced camera functionality on some devices.
enjoyโค๏ธ๐๐ป
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Forwarded from Backup Legal Mega
Network Hacking Continued - Intermediate to Advanced
Udemy Link:
https://www.udemy.com/course/network-hacking-continued-intermediate-to-advanced/
OneDrive Link:
https://mygavilan-my.sharepoint.com/:f:/g/personal/kali_masi_my_gavilan_edu/ElE2KQoGdIJIg1UELOxAlGEBwZ0zQ5nHrxOQbXDT8ojNAw?e=lxobFz
Udemy Link:
https://www.udemy.com/course/network-hacking-continued-intermediate-to-advanced/
OneDrive Link:
https://mygavilan-my.sharepoint.com/:f:/g/personal/kali_masi_my_gavilan_edu/ElE2KQoGdIJIg1UELOxAlGEBwZ0zQ5nHrxOQbXDT8ojNAw?e=lxobFz
Udemy
Network Hacking Continued - Intermediate to Advanced
Learn advanced techniques to hack into WiFi & wired networks & implement custom MITM attacks
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆKaspersky Report: Large hunting game organized by Lazarus APT
#News
> There is no doubt that 2020 will be an unpleasant year in history. In the field of network security, ransomware attacks against targets are increasing, and the collective damage is even more obvious. After investigating many such incidents and discussing with some trusted industry partners, we believe that we now have a good understanding of the structure of the ransomware ecosystem.
> Criminals use widespread botnet infections (for example, the notorious Emotet and Trickbot malware families) to spread to the network of victims and third-party developersโ ransomware โproductsโ. When the attackers have a full understanding of the target's financial status and IT processes, they will deploy ransomware on all the company's assets and enter the negotiation phase.
> This ecosystem runs in independent, highly specialized clusters. In most cases, these clusters are not connected to each other except for business connections. This is why the concept of threat actors has become blurred: the organization responsible for the initial breach is unlikely to be the party that compromised the victim's Active Directory server, which was not the party that actually used the ransomware code in the incident. More importantly, in the two incidents, the same criminal may exchange business partners and may use different botnets or ransomware families.
#News
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆKaspersky Report: Large hunting game organized by Lazarus APT
#News
> There is no doubt that 2020 will be an unpleasant year in history. In the field of network security, ransomware attacks against targets are increasing, and the collective damage is even more obvious. After investigating many such incidents and discussing with some trusted industry partners, we believe that we now have a good understanding of the structure of the ransomware ecosystem.
> Criminals use widespread botnet infections (for example, the notorious Emotet and Trickbot malware families) to spread to the network of victims and third-party developersโ ransomware โproductsโ. When the attackers have a full understanding of the target's financial status and IT processes, they will deploy ransomware on all the company's assets and enter the negotiation phase.
> This ecosystem runs in independent, highly specialized clusters. In most cases, these clusters are not connected to each other except for business connections. This is why the concept of threat actors has become blurred: the organization responsible for the initial breach is unlikely to be the party that compromised the victim's Active Directory server, which was not the party that actually used the ransomware code in the incident. More importantly, in the two incidents, the same criminal may exchange business partners and may use different botnets or ransomware families.
#News
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
Magento 2.3.1_ Unauthenticated Stored XSS to RCE.pdf
499.7 KB
Magento 2.3.1_ Unauthenticated Stored XSS to RCE
โ Full Tutorial
โ Full Tutorial
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆHow to install RouterSploit in BackBox-KALI :
RouterSploit is a platform for exploiting vulnerabilities in routers, allows you to scan a router for vulnerabilities, as well as exploit vulnerabilities found to obtain a login and password, or to access a router.
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
1๏ธโฃsudo apt-get install python-dev python-pip libncurses5-dev git<font></font>
2๏ธโฃgit clone https://github.com/reverse-shell/routersploit<font></font>
3๏ธโฃcd routersploit<font></font>
4๏ธโฃsudo pip install -U setuptools<font></font>
5๏ธโฃsudo pip install -r requirements.txt<font></font>
6๏ธโฃ./rsf.py
enjoyโค๏ธ๐๐ป
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆHow to install RouterSploit in BackBox-KALI :
RouterSploit is a platform for exploiting vulnerabilities in routers, allows you to scan a router for vulnerabilities, as well as exploit vulnerabilities found to obtain a login and password, or to access a router.
๐ธ๐ฝ๐ ๐ ๐ฐ๐ป๐ป๐ธ๐ ๐ฐ๐ ๐ธ๐พ๐ฝ & ๐ ๐ ๐ฝ :
1๏ธโฃsudo apt-get install python-dev python-pip libncurses5-dev git<font></font>
2๏ธโฃgit clone https://github.com/reverse-shell/routersploit<font></font>
3๏ธโฃcd routersploit<font></font>
4๏ธโฃsudo pip install -U setuptools<font></font>
5๏ธโฃsudo pip install -r requirements.txt<font></font>
6๏ธโฃ./rsf.py
enjoyโค๏ธ๐๐ป
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
GitHub
GitHub - threat9/routersploit: Exploitation Framework for Embedded Devices
Exploitation Framework for Embedded Devices. Contribute to threat9/routersploit development by creating an account on GitHub.
โ
verified bin appleMusic 6 months
BIN: 5595581x20xx36x0
FECHA: 04/26
CVV: Generado
ZIP CODE: 110001
IP: INDIA ๐จ๐ฎ
>https://music.apple.com/in/for-you?ign-itscg=10000&ign-itsct=402x
(only verified by Us & Not created )
Use for learn
BIN: 5595581x20xx36x0
FECHA: 04/26
CVV: Generado
ZIP CODE: 110001
IP: INDIA ๐จ๐ฎ
>https://music.apple.com/in/for-you?ign-itscg=10000&ign-itsct=402x
(only verified by Us & Not created )
Use for learn
Appleย Music - Web Player
Apple Music Web Player
Listen to millions of songs all ad-free on Apple Music.
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆcheckout the Authentication steps :
Test for user enumeration
Test for authentication bypass
Test for bruteforce protection
Test password quality rules
Test remember me functionality
Test for autocomplete on password forms/input
Test password reset and/or recovery
Test password change process
Test CAPTCHA
Test multi factor authentication
Test for logout functionality presence
Test for cache management on HTTP (eg Pragma, Expires, Max-age)
Test for default logins
Test for user-accessible authentication history
Test for out-of channel notification of account lockouts and
successful password changes
Test for consistent authentication across applications with
shared authentication schema / SSO
enjoyโค๏ธ๐๐ป
โ git 2020
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆcheckout the Authentication steps :
Test for user enumeration
Test for authentication bypass
Test for bruteforce protection
Test password quality rules
Test remember me functionality
Test for autocomplete on password forms/input
Test password reset and/or recovery
Test password change process
Test CAPTCHA
Test multi factor authentication
Test for logout functionality presence
Test for cache management on HTTP (eg Pragma, Expires, Max-age)
Test for default logins
Test for user-accessible authentication history
Test for out-of channel notification of account lockouts and
successful password changes
Test for consistent authentication across applications with
shared authentication schema / SSO
enjoyโค๏ธ๐๐ป
โ git 2020
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆAll steps for Data Validation
Test for Reflected Cross Site Scripting
Test for Stored Cross Site Scripting
Test for DOM based Cross Site Scripting
Test for Cross Site Flashing
Test for HTML Injection
Test for SQL Injection
Test for LDAP Injection
Test for ORM Injection
Test for XML Injection
Test for XXE Injection
Test for SSI Injection
Test for XPath Injection
Test for XQuery Injection
Test for IMAP/SMTP Injection
Test for Code Injection
Test for Expression Language Injection
Test for Command Injection
Test for Overflow (Stack, Heap and Integer)
Test for Format String
Test for incubated vulnerabilities
Test for HTTP Splitting/Smuggling
Test for HTTP Verb Tampering
Test for Open Redirection
Test for Local File Inclusion
Test for Remote File Inclusion
Compare client-side and server-side validation rules
Test for NoSQL injection
Test for HTTP parameter pollution
Test for auto-binding
Test for Mass Assignment
Test for NULL/Invalid Session Cookie
enjoyโค๏ธ๐๐ป
โ git 2020
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆAll steps for Data Validation
Test for Reflected Cross Site Scripting
Test for Stored Cross Site Scripting
Test for DOM based Cross Site Scripting
Test for Cross Site Flashing
Test for HTML Injection
Test for SQL Injection
Test for LDAP Injection
Test for ORM Injection
Test for XML Injection
Test for XXE Injection
Test for SSI Injection
Test for XPath Injection
Test for XQuery Injection
Test for IMAP/SMTP Injection
Test for Code Injection
Test for Expression Language Injection
Test for Command Injection
Test for Overflow (Stack, Heap and Integer)
Test for Format String
Test for incubated vulnerabilities
Test for HTTP Splitting/Smuggling
Test for HTTP Verb Tampering
Test for Open Redirection
Test for Local File Inclusion
Test for Remote File Inclusion
Compare client-side and server-side validation rules
Test for NoSQL injection
Test for HTTP parameter pollution
Test for auto-binding
Test for Mass Assignment
Test for NULL/Invalid Session Cookie
enjoyโค๏ธ๐๐ป
โ git 2020
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
300+ Powerful Termux Hacking Tools For Hackers .pdf
374.4 KB
300+ Powerful Termux Hacking Tools For Hackers
#Requested
#Requested
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆRisky Functionality - Card Payment
#FastTips
>Test for known vulnerabilities and configuration issues on Web Server and Web Application
Test for default or guessable password
Test for non-production data in live environment, and vice-versa
Test for Injection vulnerabilities
Test for Buffer Overflows
Test for Insecure Cryptographic Storage
Test for Insufficient Transport Layer Protection
Test for Improper Error Handling
Test for all vulnerabilities with a CVSS v2 score > 4.0
Test for Authentication and Authorization issues
Test for CSRF
enjoyโค๏ธ๐๐ป
โ git 2020
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆRisky Functionality - Card Payment
#FastTips
>Test for known vulnerabilities and configuration issues on Web Server and Web Application
Test for default or guessable password
Test for non-production data in live environment, and vice-versa
Test for Injection vulnerabilities
Test for Buffer Overflows
Test for Insecure Cryptographic Storage
Test for Insufficient Transport Layer Protection
Test for Improper Error Handling
Test for all vulnerabilities with a CVSS v2 score > 4.0
Test for Authentication and Authorization issues
Test for CSRF
enjoyโค๏ธ๐๐ป
โ git 2020
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆRemote Information Services
1๏ธโฃDNS
Zone Transfer - host -l securitymuppets.com 192.168.100.2
Metasploit Auxiliarys:
auxiliary/gather/enumdns
use auxiliary/gather/dns...
2๏ธโฃ Finger - Enumerate Users
finger @192.168.0.1
finger -l -p user@ip-address
auxiliary/scanner/finger/fingerusers
3๏ธโฃ NTP
Metasploit Auxiliarys
4๏ธโฃ SNMP
onesixtyone -c /usr/share/doc/onesixtyone/dict.txt
Metasploit Module snmpenum
snmpcheck -t snmpservice
5๏ธโฃ rservices
rwho 192.168.0.1
rlogin -l root 192.168.0.17
6๏ธโฃ RPC Services
rpcinfo -p
Endpointmapper metasploit
enjoyโค๏ธ๐๐ป
โ git 2020
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆRemote Information Services
1๏ธโฃDNS
Zone Transfer - host -l securitymuppets.com 192.168.100.2
Metasploit Auxiliarys:
auxiliary/gather/enumdns
use auxiliary/gather/dns...
2๏ธโฃ Finger - Enumerate Users
finger @192.168.0.1
finger -l -p user@ip-address
auxiliary/scanner/finger/fingerusers
3๏ธโฃ NTP
Metasploit Auxiliarys
4๏ธโฃ SNMP
onesixtyone -c /usr/share/doc/onesixtyone/dict.txt
Metasploit Module snmpenum
snmpcheck -t snmpservice
5๏ธโฃ rservices
rwho 192.168.0.1
rlogin -l root 192.168.0.17
6๏ธโฃ RPC Services
rpcinfo -p
Endpointmapper metasploit
enjoyโค๏ธ๐๐ป
โ git 2020
โ โ โ U๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ