β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 update wireless protocol investigation
any linux/macos
The Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios. URH allows easy demodulation of signals combined with an automatic detection of modulation parameters making it a breeze to identify the bits and bytes that fly over the air. As data often gets encoded before transmission, URH offers customizable decodings to crack even sophisticated encodings like CC1101 data whitening. When it comes to protocol reverse-engineering, URH is helpful in two ways. You can either manually assign protocol fields and message types or let URH automatically infer protocol fields with a rule-based intelligence. Finally, URH entails a fuzzing component aimed at stateless protocols and a simulation environment for stateful attacks.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/jopohl/urh
2) cd urh
3) sudo python3 -m pip install --upgrade pip # Update your pip installation
4) sudo python3 -m pip install urh # Install URH
5) python setup.py install
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 update wireless protocol investigation
any linux/macos
The Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios. URH allows easy demodulation of signals combined with an automatic detection of modulation parameters making it a breeze to identify the bits and bytes that fly over the air. As data often gets encoded before transmission, URH offers customizable decodings to crack even sophisticated encodings like CC1101 data whitening. When it comes to protocol reverse-engineering, URH is helpful in two ways. You can either manually assign protocol fields and message types or let URH automatically infer protocol fields with a rule-based intelligence. Finally, URH entails a fuzzing component aimed at stateless protocols and a simulation environment for stateful attacks.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/jopohl/urh
2) cd urh
3) sudo python3 -m pip install --upgrade pip # Update your pip installation
4) sudo python3 -m pip install urh # Install URH
5) python setup.py install
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - jopohl/urh: Universal Radio Hacker: Investigate Wireless Protocols Like A Boss
Universal Radio Hacker: Investigate Wireless Protocols Like A Boss - jopohl/urh
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What are the hazards website vulnerabilities :
The harm of SQL injection vulnerabilities is not only reflected in the database level, but also may endanger the operating system that hosts the database; if SQL injection is used to hang horses, it may also be used to spread malware, etc. These hazards include but are not limited to:
1) Database information leakage: user privacy information stored in the database is leaked.
2) Web page tampering: tampering with specific web pages by operating the database.
3) The website is hacked to spread malicious software: modify the value of some fields in the database, embed the link of the network horse, and carry out a hacking attack.
4) The database was maliciously operated: The database server was attacked and the database system administrator account was tampered with.
5) The server is controlled remotely and a backdoor is installed: the operating system support provided by the database server allows hackers to modify or control the operating system.
6) Destroy hard disk data and paralyze the entire system.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What are the hazards website vulnerabilities :
The harm of SQL injection vulnerabilities is not only reflected in the database level, but also may endanger the operating system that hosts the database; if SQL injection is used to hang horses, it may also be used to spread malware, etc. These hazards include but are not limited to:
1) Database information leakage: user privacy information stored in the database is leaked.
2) Web page tampering: tampering with specific web pages by operating the database.
3) The website is hacked to spread malicious software: modify the value of some fields in the database, embed the link of the network horse, and carry out a hacking attack.
4) The database was maliciously operated: The database server was attacked and the database system administrator account was tampered with.
5) The server is controlled remotely and a backdoor is installed: the operating system support provided by the database server allows hackers to modify or control the operating system.
6) Destroy hard disk data and paralyze the entire system.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WEB HACK METHODE BY UNDERCODE:
π Injection of OS command to attack web applications :
A) What is OS Command Injection?
OS Command Injection (also known as shell injection) is a web security vulnerability that allows an attacker to execute arbitrary operating system (OS) commands on the server running an application, and typically completely compromise the application and all of its data.
Very often, an attacker can exploit an OS command injection vulnerability to compromise other parts of the hosting infrastructure, using trust relationships to attack other systems in an organization.
B) Execution of arbitrary commands
1) Consider a shopping app that allows a user to see if an item is in stock at a particular store.
2) This information is available via a URL, for example:
3) To provide information on promotions, the application must query various legacy systems.
4) For historical reasons, functionality is implemented by invoking a shell command with product IDs and storing the IDs:
stockreport.pl 381 29
5) This command displays the stock status for the specified item, which is returned to the user.
Since the application does not implement any protection against OS command injection, an attacker can send the following input to execute an arbitrary command:
& echo aiwefwlguh &
9) If this input is passed in the productID parameter, then the command executed by the application is:
stockreport.pl & echo aiwefwlguh & 29
10) The echo command simply causes the passed string to fly to stdout, which is a useful way to test some types of OS command injection.
The & character is the shell command separator, and therefore actually three separate commands are executed one after the other.
As a result, the output returned to the user is:
Error - productID was not provided
aiwefwlguh
29: command not found
11) These lines of output demonstrate that:
The original stockreport.pl command was executed with no expected arguments and therefore returned an error.
12) The echo command was injected and the provided string was reflected in the output.
The original argument 29 was executed as the command that caused the error.
13) Placing an extra command separator & after the entered command is usually good practice, as it separates the command you entered from what follows the insertion point.
This reduces the likelihood that subsequent action will prevent the execution of the command entered.
WRITTEN BY
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WEB HACK METHODE BY UNDERCODE:
π Injection of OS command to attack web applications :
A) What is OS Command Injection?
OS Command Injection (also known as shell injection) is a web security vulnerability that allows an attacker to execute arbitrary operating system (OS) commands on the server running an application, and typically completely compromise the application and all of its data.
Very often, an attacker can exploit an OS command injection vulnerability to compromise other parts of the hosting infrastructure, using trust relationships to attack other systems in an organization.
B) Execution of arbitrary commands
1) Consider a shopping app that allows a user to see if an item is in stock at a particular store.
2) This information is available via a URL, for example:
3) To provide information on promotions, the application must query various legacy systems.
4) For historical reasons, functionality is implemented by invoking a shell command with product IDs and storing the IDs:
stockreport.pl 381 29
5) This command displays the stock status for the specified item, which is returned to the user.
Since the application does not implement any protection against OS command injection, an attacker can send the following input to execute an arbitrary command:
& echo aiwefwlguh &
9) If this input is passed in the productID parameter, then the command executed by the application is:
stockreport.pl & echo aiwefwlguh & 29
10) The echo command simply causes the passed string to fly to stdout, which is a useful way to test some types of OS command injection.
The & character is the shell command separator, and therefore actually three separate commands are executed one after the other.
As a result, the output returned to the user is:
Error - productID was not provided
aiwefwlguh
29: command not found
11) These lines of output demonstrate that:
The original stockreport.pl command was executed with no expected arguments and therefore returned an error.
12) The echo command was injected and the provided string was reflected in the output.
The original argument 29 was executed as the command that caused the error.
13) Placing an extra command separator & after the entered command is usually good practice, as it separates the command you entered from what follows the insertion point.
This reduces the likelihood that subsequent action will prevent the execution of the command entered.
WRITTEN BY
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π What is the .htpasswd file and why is it needed ?
.htpasswd is a system file used to store usernames and passwords.
This file is typically used by a web server like Apache, Nginx, etc. to authenticate users using HTTP basic authentication.
A) What is the content of the .htpasswd file?
.htpasswd is a text file containing ASCII text.
1) The structure of .htpaswd is very simple, where each line stores a username and associated passwords.
2) The username and password are separated by a colon.
3) In addition, the password is stored encrypted rather than in clear text to keep the password secure.
example :
ismail:$apr1$/5EzxSg3$SXVemrqNIb/TrKvJv4Z5r0
ahmet:$apr1$cEKbD/Wa$M012WG8Txqp/dhso8.znk0
ali:$apr1$o/t1Efly$E7798GsGjMWoNUpqmG4l60
How do I create a .httpaswd file?
B) The .htpasswd file can be created using the htpasswd command, touch command, or a text editor .
1) But the most suitable way is to use the httpasswd command.
2) You can also edit the contents of the .htpasswd file using the htpasswd command.
3) Next, we will create a .htpasswd file using the htpasswd command, where we will provide the filename with the -c option.
$ htpasswd -c .htpasswd itsecforu
Or we can specify the full path as shown below.
$ htpasswd -c /var/www/mysite/.htpasswd itsecforu
Alternatively, we can use the touch command where the generated .htpasswd file will be an empty file with its own name.
$ touch .htpasswd
4) Another alternative for creating the .htpasswd file is to use the command line or a text editor.
5) We will use the nano text editor as an example, but alternatively text editors such as vi, vim, KWrite can be used.
$ nano .htpasswd
6) Setting up the .htpasswd file
Since the .htpasswd file is used for Apache and its associated web server software to authenticate users, we must configure the web server to use the .htpasswd file.
7) Next, we'll enable HTTP Basic Authentication by specifying a .htpasswd file for the username and password.
AuthUserFile /var/www/mysite/.htpasswd
AuthType Basic
Require valid-user
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π What is the .htpasswd file and why is it needed ?
.htpasswd is a system file used to store usernames and passwords.
This file is typically used by a web server like Apache, Nginx, etc. to authenticate users using HTTP basic authentication.
A) What is the content of the .htpasswd file?
.htpasswd is a text file containing ASCII text.
1) The structure of .htpaswd is very simple, where each line stores a username and associated passwords.
2) The username and password are separated by a colon.
3) In addition, the password is stored encrypted rather than in clear text to keep the password secure.
example :
ismail:$apr1$/5EzxSg3$SXVemrqNIb/TrKvJv4Z5r0
ahmet:$apr1$cEKbD/Wa$M012WG8Txqp/dhso8.znk0
ali:$apr1$o/t1Efly$E7798GsGjMWoNUpqmG4l60
How do I create a .httpaswd file?
B) The .htpasswd file can be created using the htpasswd command, touch command, or a text editor .
1) But the most suitable way is to use the httpasswd command.
2) You can also edit the contents of the .htpasswd file using the htpasswd command.
3) Next, we will create a .htpasswd file using the htpasswd command, where we will provide the filename with the -c option.
$ htpasswd -c .htpasswd itsecforu
Or we can specify the full path as shown below.
$ htpasswd -c /var/www/mysite/.htpasswd itsecforu
Alternatively, we can use the touch command where the generated .htpasswd file will be an empty file with its own name.
$ touch .htpasswd
4) Another alternative for creating the .htpasswd file is to use the command line or a text editor.
5) We will use the nano text editor as an example, but alternatively text editors such as vi, vim, KWrite can be used.
$ nano .htpasswd
6) Setting up the .htpasswd file
Since the .htpasswd file is used for Apache and its associated web server software to authenticate users, we must configure the web server to use the .htpasswd file.
7) Next, we'll enable HTTP Basic Authentication by specifying a .htpasswd file for the username and password.
AuthUserFile /var/www/mysite/.htpasswd
AuthType Basic
Require valid-user
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦445 port intrusion reason detailed analysis :
In Windows NT 4.0, a challenge response protocol is used to establish a session with a remote machine. The successful session will become a secure tunnel through which the two parties can exchange information. The general sequence of this process is as follows:
1) The session requester (client) sends a data packet to the session receiver (server) to request the establishment of a secure tunnel;
2) The server generates a random 64-digit number (implementation challenge) and sends it back to the client;
3) The client obtains the 64-digit number generated by the server, disrupts it with the password of the account that is trying to establish a session, and returns the result to the server (response);
4) After the server accepts the response, it sends it to the local security authentication (LSA). The LSA verifies the response by using the user's correct password to confirm the identity of the requester. If the account of the requester is a local account of the server, the verification occurs locally; if the account requested is a domain account, the response is sent to the domain controller for verification. When the response to the challenge is verified as correct, an access token is generated and then sent to the client. The client uses this access token to connect to the resource on the server until the proposed session is terminated.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦445 port intrusion reason detailed analysis :
In Windows NT 4.0, a challenge response protocol is used to establish a session with a remote machine. The successful session will become a secure tunnel through which the two parties can exchange information. The general sequence of this process is as follows:
1) The session requester (client) sends a data packet to the session receiver (server) to request the establishment of a secure tunnel;
2) The server generates a random 64-digit number (implementation challenge) and sends it back to the client;
3) The client obtains the 64-digit number generated by the server, disrupts it with the password of the account that is trying to establish a session, and returns the result to the server (response);
4) After the server accepts the response, it sends it to the local security authentication (LSA). The LSA verifies the response by using the user's correct password to confirm the identity of the requester. If the account of the requester is a local account of the server, the verification occurs locally; if the account requested is a domain account, the response is sent to the domain controller for verification. When the response to the challenge is verified as correct, an access token is generated and then sent to the client. The client uses this access token to connect to the resource on the server until the proposed session is terminated.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TOR VS VPN, VPN AND TOR, one of which is more anonymous ?
> If your purpose is to encrypt the transmitted data such that it can not be examined by your Internet provider, then you can come up with both Tor and your VPN! I would not consider using any third-party VPNs, as all the transmitted traffic + client IP (that is, your IP address) can be identified by their user. If you use a VPN provider from a third party, then you are sure to get a spyware that knows your real IP address at least as well! If this is a paying VPN, then anonymity is completely not acceptable, since the VPN operator not only knows your IP address and has access to all sent data, but also knows who you are from your payment information.
> The self-configured OpenVPN enables transmitted information to be secured and your computers to be inserted into a virtual private network. Your actual IP address and bypass web blocking can also be covered.
> But this alternative is not ideal for anonymity, since you need to reserve a VPS for the OpenVPN service, for which you have to pay. While OpenVPN can allow you to remain anonymous, whether you use cryptocurrencies or other anonymous payment methods.
> Using a single proxy has the same downside as a VPN: your exact IP address is exposed by the eavesdropper + proxy application. In the absence of encryption, an added downside is that your ISP can also examine your traffic and also restrict links to websites.
> If a proxy chain is used, the situation of IP concealment increases because (depending on the settings), any next proxy knows (always) the IP address of the previous node and (sometimes) the IP address of 1 node before the previous one. If we assume that traffic at every point is not encrypted, and a certain portion of public proxies are only honeypots, then the proxy alternative is not the safest way to guarantee confidentiality.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TOR VS VPN, VPN AND TOR, one of which is more anonymous ?
> If your purpose is to encrypt the transmitted data such that it can not be examined by your Internet provider, then you can come up with both Tor and your VPN! I would not consider using any third-party VPNs, as all the transmitted traffic + client IP (that is, your IP address) can be identified by their user. If you use a VPN provider from a third party, then you are sure to get a spyware that knows your real IP address at least as well! If this is a paying VPN, then anonymity is completely not acceptable, since the VPN operator not only knows your IP address and has access to all sent data, but also knows who you are from your payment information.
> The self-configured OpenVPN enables transmitted information to be secured and your computers to be inserted into a virtual private network. Your actual IP address and bypass web blocking can also be covered.
> But this alternative is not ideal for anonymity, since you need to reserve a VPS for the OpenVPN service, for which you have to pay. While OpenVPN can allow you to remain anonymous, whether you use cryptocurrencies or other anonymous payment methods.
> Using a single proxy has the same downside as a VPN: your exact IP address is exposed by the eavesdropper + proxy application. In the absence of encryption, an added downside is that your ISP can also examine your traffic and also restrict links to websites.
> If a proxy chain is used, the situation of IP concealment increases because (depending on the settings), any next proxy knows (always) the IP address of the previous node and (sometimes) the IP address of 1 node before the previous one. If we assume that traffic at every point is not encrypted, and a certain portion of public proxies are only honeypots, then the proxy alternative is not the safest way to guarantee confidentiality.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Deep Reinforcement Learning: A Hands-on Tutorial in Python [1.48 GB]
https://mega.nz/#F!GxtVHayI!wb3gAohVAZO622JeMSHRXA
Visual Studio Code Tutorial - Getting Started With VS Code [4.6 GB]
https://mega.nz/#F!lVVH0S5Z!WFhaKyETBuz4tTp9ltzIdg
MCSD 70-483 C# Complete Preparation Course + Practice Exams [3.9 GB]
https://mega.nz/#F!1INGiAzA!mwuqgGIlzibovFuZ4aGm4w
JUnit 5: Java Unit Tests for Beginners [587 MB]
https://mega.nz/#F!QQlUlKQB!8bvQLYGkjM5xRbyuFZ8L_w
Ultimate Neural Nets and Deep Learning Masterclass in Python [872 MB]
https://mega.nz/#F!1JFSGIRb!LiJ1n2lUJvsc7AhZqRZ5EQ
Start Web Development with GIS Map in JavaScript [879 MB]
https://www.udemy.com/course/start-web-development-with-gis-map-in-javascript/
https://mega.nz/#F!qx5QQILR!ZBaTPewL9wrR_M0QSJZZYg
JavaScript Variables Lifecycles [2.82 GB]
https://mega.nz/#F!MEskgSob!4mUkmta_EoV-REkACQ6eVQ
Angular 8 Masterclass with TypeScript, Firebase, & Material [3.13 GB]
https://mega.nz/#F!LoIUkArT!4KoPer_i1KZs-uJug8yvqw
https://mega.nz/#F!GxtVHayI!wb3gAohVAZO622JeMSHRXA
Visual Studio Code Tutorial - Getting Started With VS Code [4.6 GB]
https://mega.nz/#F!lVVH0S5Z!WFhaKyETBuz4tTp9ltzIdg
MCSD 70-483 C# Complete Preparation Course + Practice Exams [3.9 GB]
https://mega.nz/#F!1INGiAzA!mwuqgGIlzibovFuZ4aGm4w
JUnit 5: Java Unit Tests for Beginners [587 MB]
https://mega.nz/#F!QQlUlKQB!8bvQLYGkjM5xRbyuFZ8L_w
Ultimate Neural Nets and Deep Learning Masterclass in Python [872 MB]
https://mega.nz/#F!1JFSGIRb!LiJ1n2lUJvsc7AhZqRZ5EQ
Start Web Development with GIS Map in JavaScript [879 MB]
https://www.udemy.com/course/start-web-development-with-gis-map-in-javascript/
https://mega.nz/#F!qx5QQILR!ZBaTPewL9wrR_M0QSJZZYg
JavaScript Variables Lifecycles [2.82 GB]
https://mega.nz/#F!MEskgSob!4mUkmta_EoV-REkACQ6eVQ
Angular 8 Masterclass with TypeScript, Firebase, & Material [3.13 GB]
https://mega.nz/#F!LoIUkArT!4KoPer_i1KZs-uJug8yvqw
mega.nz
MEGA provides free cloud storage with convenient and powerful always-on privacy. Claim your free 20GB now