▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑best apps for youtubers :

https://itunes.apple.com/app/youtube-creator-studio/id888530356

https://play.google.com/store/apps/details?id=com.octoly.app&utm_source=octomag&utm_medium=footer_medium_app&utm_campaign=bestappsforyoutube

https://itunes.apple.com/us/app/octoly/id1100218563?mt=8

https://www.apple.com/imovie/


enjoy❤️👍🏻
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Security hacking tool :
-termux/linux

F E A T U R E S :

Reconnaissance:

HTTP Header checks
HTTP enabled methods check (Cross Site Tracing)
Cookie checks (decodes base64 automatically)
Information Disclosure:

Robots.txt Analysis
.htaccess public access check
.svn/entries public access check
Microsoft IIS, internal IP disclosure check
Injection Attacks:

Error based SQL injection:

Cookie based
User-Agent based
CRLF injection:

CRLF tests on main URLs
Host header injection:

Modifying Host header
Adding X-Forwarded-Host additional header
Clickjacking:

X-FRAME-OPTIONS header check
Frame busting checks

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/a0xnirudh/WebXploiter.git

2) cd WebXploiter

3) Just run python install.py from install directory. Rest is taken care of :)

4) A sample output against localhost:

python WebXploiter.py -u "http://localhost/challs/action.php" -a

5) usage: WebXploiter.py [-h] [-u U] [-a] [-A1] [-A3]

Do a basic Recon for Web challenges

optional arguments:
-h, --help show this help message and exit
-u U, -url U Target URL to Recon
-a, -all Try all possible attacks
-A1 Test for only Injection Attacks
-A3 Test for only XSS Attacks

enjoy❤️👍🏻
git topic
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST ANDROID VIDEO EDITING APPS 2020

https://play.google.com/store/apps/details?id=com.wondershare.filmorago

https://play.google.com/store/apps/details?id=com.adobe.premiereclip

https://play.google.com/store/apps/details?id=com.xvideostudio.videoeditor

https://play.google.com/store/apps/details?id=com.cyberlink.powerdirector.DRA140225_01

https://play.google.com/store/apps/details?id=com.nexstreaming.app.kinemasterfree

https://play.google.com/store/apps/details?id=com.stupeflix.replay

https://play.google.com/store/apps/details?
id=com.quvideo.xiaoying

https://play.google.com/store/apps/details?id=com.avcrbt.funimate

https://play.google.com/store/apps/details?id=com.magisto

https://play.google.com/store/apps/details?id=com.alivestory.android.alive

https://play.google.com/store/apps/details?id=com.funcamerastudio.videomaker


enjoy❤️👍🏻
git topic
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MULTI HACKING TOOLS 2020 TOPIC :


* [GRR Rapid Response](https://github.com/google/grr) - Incident response framework focused on remote live forensics. It consists of a python agent (client) that is installed on target systems, and a python server infrastructure that can manage and talk to the agent. Besides the included Python API client, [PowerGRR](https://github.com/swisscom/PowerGRR) provides an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.


* [Kolide Fleet](https://kolide.com/fleet) - State of the art host monitoring platform tailored for security experts. Leveraging Facebook's battle-tested osquery project, Kolide delivers fast answers to big questions.


* [Limacharlie](https://github.com/refractionpoint/limacharlie) - Endpoint security platform composed of a collection of small projects all working together that gives you a cross-platform (Windows, OSX, Linux, Android and iOS) low-level environment for managing and pushing additional modules into memory to extend its functionality.


* [MozDef](https://github.com/mozilla/MozDef) - Automates the security incident handling process and
facilitate the real-time activities of incident handlers.


* [nightHawk](https://github.com/biggiesmallsAG/nightHawkResponse) - Application built for asynchronus forensic data presentation using ElasticSearch as the backend. It's designed to ingest Redline collections.


* [Open Computer Forensics Architecture](http://sourceforge.net/projects/ocfa/) - Another popular distributed open-source computer forensics framework. This framework was built on Linux platform and uses postgreSQL database for storing data.


* [osquery](https://osquery.io/) - Easily ask questions about your Linux and macOS infrastructure using a SQL-like query language; the provided *incident-response pack* helps you detect and respond to breaches.


* [Redline](https://www.fireeye.com/services/freeware/redline.html) - Provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis, and the development of a threat assessment profile.


* [The Sleuth Kit & Autopsy](http://www.sleuthkit.org) - Unix and Windows based tool which helps in forensic analysis of computers. It comes with various tools which helps in digital forensics. These tools help in analyzing disk images, performing in-depth analysis of file systems, and various other things.


* [TheHive](https://thehive-project.org/) - Scalable 3-in-1 open source and free solution designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.


* [X-Ways Forensics](http://www.x-ways.net/forensics/) - Forensics tool for Disk cloning and imaging. It can be used to find deleted files and disk analysis.


* [Zentral](https://github.com/zentralopensource/zentral) - Combines osquery's powerful endpoint inventory features with a flexible notification and action framework. This enables one to identify and react to changes on OS X and Linux clients.


enjoy❤️👍🏻
git topic 2020

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST FREE RDP (LIMITES TIME)

1) Amazon Web Services - EC2 (free for 12 months but 750hours/month limit) - free tier t2.micro (1core 1Gb ram) too slow to run CGB.
2) Microsoft Azure - Virtual Machines (free $200 for 1-month trial)
3) Google Cloud - Compute Engine (free $300 for 60 days trial)
4) HP Helion - Cloud Compute (free $300 for 90 days trial)

Mid-tier:
1) Rackspace - https://developer.rackspace.com/ (free $600 for 12 months!)
2) DimensionData Public Cloud - https://cloud.dimens...n/limitedoffer/ (free $100)
3) RunAbove - Intel Steadfast instances https://www.runabove.com (free 1-week trial)

Others:
1) Vultr - https://www.vultr.com/ (free $50 for 2 months trial)
2) https://www.profitbricks.com/trial (free for 14 days) - no credit card needed but you need a business email and reason for using their VPS
3) http://cloudsigma.com/ (free for 7 days) - no credit card needed!
4) Digital Ocean - www.digitalocean.com - free $10 credit with promo code: DROPLET10 or DO10 - No Windows provided but you can install it, lots of tutorials on how to do so out there
5) http://ezywatch.com/freevps/ (free for 1 month) - no credit card needed!
6) Legionhoster - VPS http://legionhoster.com (1 week trial available on request from helpdesk)
7) http://www.yellowcircle.net/ - no credit card needed! No network access was given!
8) https://www.ctl.io/free-trial/ (free $2500 or 1 month - whichever comes first)
9) https://www.ihor.ru/ (free for 3 days) - no credit card needed!
10) http://www.neuprime.com/l_vds3.php (free for 10 days trial) - phone verification required.



enjoy❤️👍🏻
FROM RANDOM FORUM
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Quickly check for valid credentials across a network over SMB. Credentials can be:

Combination of user / plain-text password.
Combination of user / NTLM hash.
Combination of user / NTLM logon session token.

M O R E F E AT U R E S :

—Spawn an interactive command prompt.

—Navigate through the remote SMB shares: list, upload, download files, create, remove files, etc.

—Deploy and undeploy their own services, for instance, a backdoor listening on a TCP port for incoming connections.

—List users details, domains and password policy.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/nccgroup/keimpx.git

2) pip install -r requirements.txt

3) keimpx can then be executed by running on Linux systems:

./keimpx.py options

4) Or if this doesn't work:

python keimpx.py options
python3 keimpx.py options

5) On Windows systems, you may need to specify the full path to your Python 3.8 binary, for example:

C:\Python37\bin\python.exe keimpx.py options

enjoy❤️👍🏻
✅git 2020
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is IOC ? #definitions

One of the challenges that security incident investigators face in the process of security incident emergency response is to find an effective method to organize all the information in the investigation process, including the activities of the attacker, the tools used, malware, or other information. Indicators of compromise (IOC).

🄳🄴🄵🄸🄽🄸🅃🄸🄾🄽🅂 :

1) The security of the network layer has traditional IOC related search methods, such as domain name blacklist, IP blacklist and some CIDRs, or use Snort or Bro to find relevant signatures of malicious events.

2) With the rapid development of malicious technologies, the basic settings of attackers are becoming more and more dynamic, and it is difficult to distinguish them from legitimate servers. The use of network IOCs to detect threats has become more difficult and less effective. In other words, the network IOC will soon be eliminated. Attackers often monitor their network assets, and once they find a filtered list, they will migrate to other terminals. Some attackers divide the attack program into each attack target to reduce related IOC information.

3) Cloud computing has exacerbated the challenges related to IOC search. Attackers can easily obtain IP addresses from hosting providers. Similarly, the new ccTLD and ICANN tld only require very little information verification, making this easier and cheaper or even free, and because of the WHOIS privacy service registrant information will not be disclosed.

4) For these reasons, we need more intelligent methods. Instead of tracking the past and searching for known errors, cyber defenders look for models and signals related to unknown errors. Once a previously unknown sign of malicious behavior is identified, organizations can activate their response programs.

🦑 Use passive DNS tracking :

1) Passive DNS has a simple structured method to capture these signals and patterns. Passive DNS reorganizes DNS transmissions by passively capturing internal DNS transmissions to collect data.

2) Since then, many security organizations have begun to install DNS sensors in the network to collect passive DNS information and then analyze the resulting data to generate threat intelligence. In today's threat environment, passive DNS is very useful in tracking threats.

3) A passive DNS sensor essentially captures DNS transmissions—UDP packets (DNS) on port 53—and then reassembles the information into a single record, including requests and responses. We have done experiments on two open source sensors

l passiveDNS

l sie-dns-sensor

We have options to collect duplicate DNS requests (green part) or collect all DNS transfers.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

—When an attacker has managed to gain access on a system one of his first moves is to search the entire system in order to discover credentials for the local administrator account which it will allow him to fully compromise the box.
— This is of course the easiest method of escalating privileges in a Windows system and the purpose of this article is to examine some common places of where these credentials might exist in order to assist with this process. Windows Files It is very common for administrators to use Windows Deployment Services in order to create an image of a Windows operating system and deploy this image in various systems through the network. This is called unattended installation. The problem with unattended installations is that the local administrator password is stored in various locations either in plaintext or as Base-64 encoded

#full (commands + pictures)

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 network address discovering
tool, developed mainly for those wireless networks without dhcp server, it also works on hub/switched networks. Its based on arp packets, it will send arp requests and sniff for replys.

Requirements
============

- libpcap
- libnet > 1.1.2
- Tested to work on Linux, Solaris MacOS X and OpenBSD, other unixes may work

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) $ git clone https://github.com/alexxy/netdiscover.git

2) $ cd netdiscover

3) $ sh update-oui-database.sh (optional)

4) $ cmake .

5) $ make

6) make install

E X A M P L E S :

1) Scan common lan addresses on eth0
# netdiscover -i eth0

2) Fast scan common lan addresses on eth0 (search only for gateways)
# netdiscover -i eth0 -f

3) Scan some fixed ranges
# netdiscover -i eth0 172.26.0.0/24
# netdiscover -i eth0 192.168.0.0/16
# netdiscover -i eth0 10.0.0.0/8

4) Scan common lan addresses with sleep time 0.5 instead of default 1
# netdiscover -i eth0 -s 0.5

5) Scan fixed range on fast mode with sleep time 0.5 instead of default 1
# netdiscover -i eth0 192.168.0.0/16 -f -s 0.5

6) Only sniff for arp traffic, dont send nothing
# netdiscover -i eth0 -p

7) Scan for common lan addresses using old hardcore mode (much more faster, but
avoid it on networks with bad link)
# netdiscover -i eth0 -S

»»»»»» More parameter combinations are possible, these are only some examples «««««««

enjoy❤️👍🏻
✅git 2020
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to transfer landline calls ?

When you're out of your incoming calls can be transferred to a landline phone on their mobile phone or other landline phone does not ensure bobble.

1) Second, set the application: 57 TN #; Cancel: # 57 #. (TN stands for the phone number or mobile phone you want to set) I have tested that both Telecom and Tietong landlines are suitable. Because there is no Netcom landline installed, I did not test it myself!

2) Third, Tips this function can not be transferred to a long distance number four charges no monthly transfer once counted a fee; (cost of landline perform call transfer call transfer fee of numbers)

3) Fifth, for dial 10000 apply in person at the Telecommunications Business Office processing.
The general dial 10086 in the north (Netcom)

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The APP rankings you see are not necessarily true revealing mobile phone software malicious sweeping promotion :

#PROTIPS

1) Decrypt the sdk.data and image data in the assets directory. After decryption, sdk.data is a directory, including MainJson.txt, dexhostinjection.jar, libDaemonProcess.so, and image is an apk file;

2) Arouse PushDexService and PushJobService to complete the loading of dexhostinjection.jar, and execute the startExternalBody method of the com.hostinjectiondex.external.ExternalInterfaces class of dexhostinjection.jar. The subpackage downloads the "downloader" virus update and induces the user to install it.

3) Open the background service and use libgodlikelib.so to escalate root privileges. The privilege escalation successfully writes the libgodlikelib.so privilege escalation tool library into the system library file; the image decrypted apk file is implanted in the system directory, and the name AndroidDaemonFrame. "Zombie" virus;


@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑root escalation (OLD CVE, SO USEFUL FOR NOW)
#PROTIPS :

This sample is rewritten based on the open source RUN_ROOT_SHELL, which can root all devices before October 2015, mainly using the following vulnerabilities to raise rights:

(1) CVE-2012-4220

Affected devices: Android2.3～4.2

The Qualcomm Innovation Center (QuIC) Diagnostics kernel-mode driver diagcharcore.c used has an integer overflow vulnerability in its implementation. By passing specially crafted input to diagcharioctl, remote attackers can use this vulnerability to execute arbitrary code or cause a denial of service.

(2) /dev/graphics/fb0

mmap vulnerability in fb0 device (triggering parameter FBIOGETFSCREENINFO)

(3) /dev/hdcp

mmap vulnerabilities in hdcp devices

(4) CVE-2013-6282

Affected version: linux kernel 3.2.1, Linux kernel 3.2.2, Linux kernel 3.2.13

The Linux kernel lacks access permission checks for getuser/putuser on ARM. Local attackers can use this vulnerability to read and write kernel memory and gain privilege escalation.

(5) /dev/msmacdb

Qualcomm device vulnerability

(6) CVE-2013-2595

/dev/msmcamera/config0 Qualcomm device MMAP vulnerability.

(7) CVE-2013-2094

Affected version: devices with PERFEVENT enabled before linux kernel 3.8.9

By exploiting this vulnerability, local users can obtain the highest system privileges through the perfeventopen system call.

(8) CVE-2015-3636

pingpong This vulnerability is a Use-After-Free vulnerability in the ping socket of the Linux kernel.

(9) CVE-2014-3153

The vulnerability exploits the RELOCK and REQUEUE vulnerabilities in the three functions futexrequeue, futexlockpi, and futexwaitrequeuepi, resulting in data modification on the kernel stack.

After the device is successfully upgraded, the decrypted image will be implanted in the /system/priv-app directory and named AndroidDaemonFrame.apk, and libgodlikelib.so will be implanted in the /system/lib directory. The following figure escalates rights and implants malicious files into the system directory.

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Detailed fresh Proxies List :


https://pastebin.com/rCJzEeBE

#full with pictures

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#fastTips What's the best way to stay anonymous on Parrot linux or Kali Linux, if you wanted to hack with it?

1) Use Proxychains if you’re using command line tools :

haad/proxychains
https://github.com/haad/proxychains

2) If you’re going to use a browser use tor bundle browser:

Tor Browser
https://www.torproject.org/projects/torbrowser.html.en

3) you can also use Anonsurf:
https://github.com/Und3rf10w/kali-anonsurf

Und3rf10w/kali-anonsurf

Anonsurf works for both if you want to use command line tools or normal browser.

4) If you want to change your mac address use macchanger, you can use this command to install it:

> sudo apt install macchanger.

I would recommend you to use Tails because it’s a live distro less chances of getting caught and if you’re going to hack it use public wifi.

enjoy❤️👍🏻
(wiki resources)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Generating a HTML Link to a Named Route :

1) Use the HTML::linkRoute() method.

The only required argument is the first one, the name of the route.

{{ HTML::linkRoute('login') }}

2) Depending on your app/routes.php file, this may output something like.

<a href="http://your.url/user/login">http://your.url/user/login</a>
If you don’t have a route with the name specified, an error will get generated.

3) You can pass a second argument to specify the title to display.

{{ HTML::linkRoute('login', 'Sign In') }}

4)This produces something similar to the following (based on routes.php).

<a href="http://your.url/user/login">Sign In</a>

5) If you’re route takes parameters, then you must pass a third argument.

{{ HTML::linkRoute('items.show', 'Show item #4', array(4)) }}

6) The output could look something like below.

<a href="http://your.url/items/4">Show item #4</a>

7) You can specify an array as the fourth parameter. This array should contain any additional attributes to apply to the anchor tag.

{{ HTML::linkRoute('login', 'Sign In', array(), array('class' => 'btn')) }}
Now the anchor tag has a class attribute.

<a href="http://your.url/user/login" class="btn">Sign In</a>

enjoy❤️👍🏻
(wiki sources)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑web hacking :

-Real platform independence. Tested on Windows, Linux, *BSD and OS X.

-No native library dependencies. All of the framework has been written in pure Python.

-Good performance when compared with other frameworks written in Python and other scripting languages.

-Very easy to use.

-Plugin development is extremely simple.

-The framework also collects and unifies the results of well known tools: sqlmap, xsser, openvas, dnsrecon, theharvester...

-Integration with standards: CWE, CVE and OWASP.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) apt-get install python2.7 python2.7-dev python-pip

2) python-docutils git perl nmap sslscan

3) cd /opt

4) git clone https://github.com/golismero/golismero.git

5) cd golismero

6) pip install -r requirements.txt

7) pip install -r requirements_unix.txt

8) ln -s ${PWD}/golismero.py /usr/bin/golismero
exit

9) If you have an API key for Shodan, or an OpenVAS server or SpiderFoot server you want to integrate with GoLismero, run the following commands:

10) mkdir ~/.golismero

11) touch ~/.golismero/user.conf

12) chmod 600 ~/.golismero/user.conf

13) nano ~/.golismero/user.conf

14) At the editor, add the following sections to the file, as appropriate:

[shodan:Configuration]
apikey = <INSERT YOUR SHODAN API KEY HERE>

[openvas]
host = <INSERT THE OPENVAS HOST HERE>
user = <INSERT THE OPENVAS USERNAME HERE>
*password = <INSERT THE OPENVAS PASSWORD HERE>

FOR MAC GO TO : https://github.com/golismero/golismero

enjoy❤️👍🏻
✅git 2020
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁