some new & old hacking methodes :)

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🕵️‍♂️ How to display banner / message before OpenSSH authentication :


Want to display a message or banner before OpenSSH authentication (SSHD server)?

1) Try this simple trick to show an ASCII banner or logo on your Linux or Unix system.

3) OpenSSH has a built-in configuration option called Banner.

4) The contents of the specified file are sent to the remote user before authentication is allowed.

5) If the "banner" parameter is set to "no", then no banner is displayed when using the ssh command or client.

6) By default, no banner is displayed and this setting is disabled.

🦑You can also post a legal notice if required by local law.

see also:

1) How to set your banner in Metasploit

How to display banner / message before OpenSSH authentication
Log into the remote Linux and Unix server.
Edit the file / etc / ssh / sshd_config.
Add / change configuration parameter. For example: Banner / etc / ssh / my_banner
Save and close the file.

2) Make sure you create a new file called / etc / ssh / my_banner file.
Restart the sshd service. For instance:
# Linux #
sudo systemctl reload ssh.service
# FreeBSD #
sudo /etc/rc.d/sshd restart
# OpenBSD #
doas /etc/rc.d/sshd restart

3) Example banner / message file for sshd
Here is my file:
$ cat /etc/ssh/my_banner
Output:

. _____
| | / | _ ______ ____ _____ / ____ \ ___________
| \ \ / ___ // \ _ / ___ \ \ / _ \ _ \ | \
| || | \ ___ \\ ___ / \ \ ___ | | (<_>) | \ / | /
| || | / ____> \ ___> \ ___> | \ ____ / | __ | | ____ /
\ / \ / \ /
Testing
Let's test our SSH client.
4) It is a program for logging into a remote computer and for executing commands on that system.
As you know, ssh server and client provide secure encrypted communication between two untrusted hosts on an insecure network like LAN or Internet.

5) Use your favorite search engine and enter:
ASCII art

6) Another option is to use the figlet command to display large characters composed of normal screen characters.

7)We also have a toilet command that prints out text using large characters composed of smaller characters.
It is similar to a FIGlet with additional features such as Unicode handling, color fonts, filters, and various export formats.

🦑For instance:
$ figlet nixCraft
$ toilet -f mono12 -F metal itsecforu
# figlet itsecforu > /etc/ssh/my_banner

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 Parsing the / etc / shadow file :L

The / etc / shadow file stores the actual password in an encrypted format (more like a password hash) for the user account with additional properties related to the user's password.

Basically, it stores secure user account information.

All fields are separated by colons (:).

It contains one entry per line for each user specified in the / etc / passwd file.

🄻🄴🅃'🅂 🅂🅃🄰🅁🅃 :

1) Username: This is your login name.

2) Password: This is your encrypted password. The password must be at least 8-12 characters long, including special characters, numbers, lowercase letters, etc.

Usually the password format is $ id $ salt $ hashed. $ Id is an algorithm used in GNU / Linux as follows:

$1$ this is MD5
$2a$ this is Blowfish
$2y$ this is Blowfish
$5$ it's SHA-256
$6$ this is SHA-512

3) Last change of password (last change): days since January 1, 1970, when the password was last changed.

4) Minimum: The minimum number of days required to change the password, that is, the number of days remaining before the user is allowed to change their password.

5) Maximum: The maximum number of days the password is valid (after this user is forced to change his password)

6)) Warning: The number of days before the password expires that the user is warned to change the password.

7) Inactivity: the number of days after the password expires that the account has been disabled.

8) Expiration Date: Days from January 1, 1970, when this account is disabled, that is, an absolute date indicating when the login can no longer be used.

🦑How do I change my password?
Use the following syntax to change your own password:

$ passwd

See the passwd command man page for more information.
How can I change the password for another user?
You must be root to change the password for other users:
# passwd userNameHere
or
$ sudo passwd userNameHere
How do I change or set password expiration information?
Use the chage command on Linux to change the password expiration information for a user.
The syntax is as follows (again, you must be root to set the password again):
chage username
chage [options] username
chage itsecforu
chage -l tom


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑List apps work with iOS 14 home screen widgets :

Acorns: Invest Spare Change
Apollo for Reddit
Aviary (RUB 379)
Balance: Meditation & Sleep
Bazaart Photo Editor & Design
Birch - Organized Photo Notes
Bolt - Workout Tracker Gym Log
Book Track - Library Manager ($ 4.99)
Brief: just the news you need
Calendar 5 by Readdle
Calendars: Planner & Reminders
Calory
CardPointers for Credit Cards
CARROT Weather ($ 4.99)
Cheep: Flight Deals Tracker
ChibiStudio - Avatar Maker
Coinbase - Buy & sell Bitcoin
Copilot: The Smart Money App
Countdown - Countdown to Dates
Curio: hear great journalism
Dark Noise (459 rub.)
DataMan - track data usage (75 rub.)
Date Today (149 rub.)
Day one journal
Debit & Credit
Dice by PCalc (149 rub.)
Documents by Readdle
Drafts
DuckDuckGo Privacy Browser
Flow by Moleskine Studio
FoodNoms - Food Tracker
Friendship Circles
GasBuddy: Find & Pay for Gas
GameTrack
GoodTask - To Do List Manager
Google
HabitMinder
Hard Disk - Monitor Disk Usage (TestFlight beta)
HealthView
Health Auto Export to CSV (149 rubles)
IMDb: Movies & TV Shows
Kahoot! Play & Create Quizzes
LookUp: English dictionary (459 rub.)
Menstrual Period Tracker
Menstrual Period Tracker Pro ($ 5.99)
MFC Deck (TestFlight beta)
Microsoft OneDrive
MusicHarbor - Track New Music
MusicView (75 rub.)
Next: Magic DJs & Playlists (379 rub.)
Nikola for Tesla
Nighthawk for Twitter ($ 3.99)
Night sky
Nudget: Budgeting Made Simple (229 Rub.)
Parcel - Delivery Tracking
PDF Expert: PDF Reader, Editor
Pedometer ++
Pennant
Personal Best Workouts
Photo Widget: Simple
Pillow Automatic Sleep Tracker
Pocketdex for Pokémon GO
Robinhood: Invest. Save. Earn.
Scanner Pro: PDF Scanner App ($ 3.99)
Schooly (TestFlight beta)
Scriptable
Slopes: Ski & Snowboard
SmartGym: Gym & Home Workouts
Soor Player ($ 4.99)
Spark Mail - Email by Readdle
Spendy - Spendings reimagined (229 rub.)
Spend Stack: Budget Tracker (229 rub.)
Streaks (379 rub.)
Sunrise - Day Greeter (149 rubles)
Tangerine: Self-care & Goals
Things 3
Timepage by Moleskin Studio
Todoist: To-Do List & Tasks
Träning - Workout Goals
TripIt: Travel Planner
TuneTrack
Twilight Dice | TTRPG Roller
Unwind - Mindful Breathing
Watch chess
WaterMinder (379 rub.)
Weather - The Weather Channel
Weather line
WidgetPack (TestFlight beta)
Widgetsmith
Widget Wizard (149 rub.)
Wikipedia


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 Cloud City IoT Hack, an event that provides developers with a hands-on introduction to some of the very best features Microsoft Azure has to offer, including IoT Hubs, Event Hubs, Azure Functions, Stream Analytics, and Cognitive Services. Four hands-on labs are located in folders named HOL 1, HOL 2, HOL 3, and HOL 4. Here's a synopsis of those labs:

P A R T S :

1) HOL 1 - Attendees create an Azure IoT Hub and program an MXCHIP to send accelerometer data to it.

> https://github.com/Azure/CloudIoTHack/blob/master/HOL%201/HOL%201%20-%20MXChip.md

2) HOL 2 - Attendees create an Azure Event Hub and deploy an Azure Function that transforms accelerometer data input to the IoT Hub into "flight data" denoting the disposition on an airplane and transmits it to the Event Hub. Then they connect a UWP client app to the Event Hub and use their MXChip to fly a simulated airplane.

> https://github.com/Azure/CloudIoTHack/blob/master/HOL%202/HOL%202%20-%20Functions%20and%20Event%20Hubs.md

3) HOL 3 - The instructor creates a pair of Event Hubs and deploys a Stream Analytics job that analyzes all the air traffic in the room for aircraft that are within two miles of each another. He or she also deploys a UWP app that shows all the air traffic. THIS HOL IS INSTRUCTOR-LED.

> https://github.com/Azure/CloudIoTHack/blob/master/HOL%203/HOL%203%20-%20Stream%20Analytics.md

4) HOL 4 - Attendees modify the Azure Function they deployed in HOL 2 to transmit flight data to the input hub used by Stream Analytics. They also connect the client app to the Stream Analytics output and modify the app to transmit warning messages back to the MXChip when their aircraft are within two miles of another.

> https://github.com/Azure/CloudIoTHack/blob/master/HOL%204/HOL%204%20-%20Putting%20It%20All%20Together.md

✅GIT 2020
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑📦 Detecting deprecated shared libraries in memory with UChecker:

A) What is UChecker

1) UChecker, short for Userspace Checker, is a free open source scanner that detects which of your processes are still using outdated libraries and need to be restarted.

2) The tool was created by KernelCare during live patching development for shared libraries.

3) With Uchecker, you can identify vulnerable FOSS libraries and fix them.

4) You will have to reload the affected processes (unless you are using the library update services without rebooting), but by scanning for vulnerabilities, you can determine which processes need attention and which do not.

5) As a result, you avoid unnecessary server reboots, which lead to degraded service and / or crashes, as well as creating access vulnerabilities, since libraries are left unpatched until a reboot is scheduled.

6) In fact, you may not even know which services are using which libraries, so it is tempting to just reboot the server to update everything, or restart the core services.

🦑This example can be just as devastating as rebooting:


1) How UChecker works
Uchecker works with all modern Linux distributions starting from version 6.

2) It is free JSON software that is open for distribution and / or modification under the terms of the GNU General Public License.

3) Uchecker detects processes that are using old (i.e. unpatched) shared libraries.

4) It detects and reports obsolete libraries that are being used by running processes.

5) Its detection capabilities are based on BuildID comparisons.

6 )As a result, the tool knows about deleted or replaced files.

7) The Uchecker tool can determine the process ID and name, as well as the names of the shared libraries that are not patched, as well as their build IDs.

8) Uchecker gets the latest BuildIDs from KC resources.

9) It then starts the process by iterating over / proc / and gets the associated shared library from / proc / <pid> / maps.

10) At this point, Uchecker asks if the shared library has been replaced or removed.

11) Depending on the answer, the program will either parse ELF from the file system or parse ELF from mapped memory.

Uchecker then collects the BuildID from the .note.gnu.build-id.

12) Detecting obsolete in-memory libraries with UChecker
No installation required!

Just run the Uchecker script to find the unpatched libraries on your Linux server:

# curl -s -L https://kernelcare.com/checker | python


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Android Games hacking apps list 3 :

https://xmodgames.download
https://hackerbot.net/software/444-hackerbot-download
https://noxofficial.com/nox-for-pc/
https://www.bluestacks.com
https://www.cheatengine.org/downloads.php
https://sbgamehacker.download/apk/
https://creehack.net
https://gameguardian.net/download
https://gamecihworld.puzl.com
https://www.luckypatchers.com/lucky-patcher-6-0-7-apk/
http://leoplaycard.info
https://gamekiller.co
https://latestmodapks.com/download-freedom-apk-latest/
https://play.google.com/store/apps/details?id=com.acr.rootfilemanager&hl=en_IN


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How Data Anti-Leakage Software work's :

1) it is possible to completely prohibit the use of U disks, mobile hard drives, SD cards, mobile phones to connect to computers, tablet computers and other devices with storage functions.

2) Completely disable the optical drive, prohibit the use of the floppy drive, and at the same time, you can only prohibit the optical drive from burning and restrict the use of the optical drive without affecting the playback function of the optical drive.

3) Completely disable computer COM ports, computer ports, and printers and other external devices.

4) Fully protect the security of the operating system. It is forbidden to modify the registry, modify the group policy, prohibit the use of msconfig, prohibit entering the computer safe mode, prohibit the use of task manager, prohibit the use of device manager, etc.

5) Comprehensively prevent employees from uninstalling, prevent accidental killing or interception by anti-virus software, maximize the protection of computer information security, and protect the security of corporate business secrets.

6) Allow network administrators to set a blacklist of programs that are forbidden to run on the computer, a whitelist of programs that are only allowed to run, a blacklist of forbidden URLs, and a whitelist of only accessible URLs, thereby enhancing the control over computer use.

7) Effectively prohibit network hotspots, prohibit 360 portable wifi, prohibit Baidu portable wifi, block wifi sharing wizard, prohibit the functions of wifi master key, and prevent employees from using these portable wifi to provide Internet access for their laptops, mobile phones or tablets. .

8) Newly added prohibiting email sending, prohibiting online disk uploading, prohibiting forum attachment uploading, prohibiting FTP uploading, only allowing specific QQ account login, only allowing specific Ali Wangwang account login, prohibiting QQ sending files, prohibiting QQ group sharing file uploads.

9) Exclusive support not only stand-alone installation, stand-alone management, but also support server and client management based on the C/S architecture, thus facilitating the use of users.

10) It can be customized for users, prohibit all kinds of computer equipment and modify any configuration of the operating system at any time, so as to protect computer security and commercial secrets

Written by
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The trend to the leading advantage of USB port control software :

Compared with similar domestic systems, the Da Shizhi computer file anti-leakage system has many advantages. It has the following leading advantages:

1) There is no need for users to encrypt computer files throughout the process. At present, similar computer file anti-leakage systems usually encrypt user computer files. This not only requires a lot of complex encryption and decryption operations, which increases the user's workload, but also easily destroys files due to the need to format the computer files themselves. However, the present invention does not perform any format conversion or encryption and decryption operations on computer files throughout the entire process, and only performs real-time monitoring of various channels for computer leakage, thereby protecting file security and preventing file leakage.

2) Based on HOOK and window filtering technology, the system can control all potentially leaky programs, URLs, and access behaviors, especially through the preset of program keywords, window class names, window names, and window process information, and Support users to make personalized presets, which can prevent various possible leaks.

3) Realize precise control of the use of USB storage devices. Currently, similar anti-leakage systems can only completely disable the use of USB storage devices, or only allow the use of specific USB storage devices. The present invention can not only realize the above-mentioned functions by making full use of the HOOK and window filtering technology, but also can further set the use authority of the USB storage device. It can only copy files from the USB storage device to the computer, and prohibit the computer to the USB storage device. Copying files, or entering a password from the computer to the USB storage device can be realized, so as to prevent the USB storage device from leaking, but also give full play to the file storage function of the USB storage device.

4) The traditional computer file anti-leakage system focuses on the control of the file itself, and the present invention realizes the key functions of the operating system, computer running programs, computer website access, computer external equipment, etc. by giving full play to the hook and window filtering technology. The position control can realize the overall and three-dimensional computer file anti-leakage control, which is convenient for realizing the realization of the computer file anti-leakage control function.

5) Traditional computer file anti-leakage systems are often based on the HOOK operating system clipboard to prevent file copying. However, many third-party software copy and cut operations are not cached by the operating system's clipboard. Instead, it is stored directly through the third-party software itself, which leads to the failure of the traditional control method of disabling the clipboard based on the HOOK clipboard and the global hook.

Written by
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑🐧 How to find out the last modified date of a file on Linux ?

1) Using stat command
The ls -l command gives you basic information about a file, such as file ownership and permissions, file size and creation date.

The stat command returns the attributes of a file with detailed information, such as when the file was last opened and modified.

The syntax is pretty straightforward.

Stat is followed by the file name or full path to this file.

$ stat filename

2) From the above output, we can clearly see when the file was last accessed (Access Date), Modified Date, Modified Date of other parameters.

If you want to view only the modified date and omit all other information, run the following command:

$ stat -c '% y' file1.txt

3) The -c option is used to return the date in a custom format, and the "% y" flag displays the time it was last modified.
For catalogs, the syntax remains the same.
Just replace the filename with the directory name.

4) Using the date command
The date command displays the current date in basic syntax.

However, when used with the -r option, you can display the last modified date of the file as follows:

$ date -r filename
for instance

$ date -r file1.txt

5) Using the ls -l command
The ls -l command is commonly used to display additional information about files, such as file ownership and permissions, size and creation date.

To list and display the last modified time, use the lt parameter as shown below.

$ ls -lt filename

6) Using httpie
Another way to check the last modified date is to use the httpie command line client tool.

HTTPie is a modern HTTP client similar to Curl and Wget commands

The tool is commonly used to interact with HTTP servers and APIs and can also check when a file residing on a web server was last modified.

7) But first you need to install it using the command:

$ pip3 install httpie --user
Ubuntu / Debian / Mint:

$ sudo apt install httpie
To check when a file was last modified on the web server, use the syntax:

$ http -h [url] | grep 'Last-Modified'
For instance:

$ http -h https://itsecforu.ru/wp-content/uploads/2020/09/Fedora.png | grep -i 'Last-Modified'

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Running the Cloud Resource Operator :
#Requested
Operator to provision resources such as Postgres, Redis and storage for you, either in-cluster or through a cloud provider such as Amazon AWS.

This operator depends on the Cloud Credential Operator for creating certain resources such as Amazon AWS Credentials. If using the AWS provider, ensure the Cloud Credential Operator is running

Due to a change in how networking is configured for Openshift >= v4.4.6 the use of cro <= v0.16.1 with these Openshift versions is unsupported. Please use >= v0.17.x of CRO for Openshift >= v4.4.6.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

Prerequisites:

1) go
make

2) git-secrets - for preventing cloud-provider credentials being included in commits

3) Ensure you are running at least Go 1.13.

$ go version
go version go1.13 darwin/amd64

4) If not, ensure Go Modules are enabled.

5) Clone this repository into your working directory, outside of $GOPATH. For example:

$ cd ~/dev

6) $ git clone git@github.com:integr8ly/cloud-resource-operator.git

7) Seed the Kubernetes/OpenShift cluster with required resources:

$ make cluster/prepare

8) Run the operator:

$ make run

9) Clean up the Kubernetes/OpenShift cluster:

$ make cluster/clean

🦑TUTORIALS :

1) Provider configmap
The cloud-resource-config configmap defines which provider should be used to provision a specific resource type. Different deployment types can contain different resource type > provider mappings. An example can be seen here. For example, a workshop deployment type might choose to deploy a Postgres resource type in-cluster (openshift), while a managed deployment type might choose AWS to deploy an RDS instance instead.

2) Strategy configmap
A config map object is expected to exist for each provider (Currently AWS or Openshift) that will be used by the operator. This config map contains information about how to deploy a particular resource type, such as blob storage, with that provider. In the Cloud Resources Operator, this provider-specific configuration is called a strategy. An example of an AWS strategy configmap can be seen here.


@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁