T.me/UnderCodeTestingOfficial

# Support & Share

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑 PreInstalled kali tool DNSChef Package Description
(instagram.com/UnderCodeTestingCompany)

WHAT IS DNS CHEF ?

> DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts.

> A DNS proxy (aka “Fake DNS”) is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for “badguy.com” to point to a local machine for termination or interception instead of a real host somewhere on the Internet.

> Most will simply point all DNS queries a single IP address or implement only rudimentary filtering. DNSChef was developed as part of a penetration test where there was a need for a more configurable system.

> As a result, DNSChef is cross-platform application capable of forging responses based on inclusive and exclusive domain lists, supporting multiple DNS record types, matching domains with wildcards, proxying true responses for nonmatching domains, defining external configuration files, IPv6 and many other features. You can find detailed explanation of each of the features and suggested uses below.

> The use of DNS Proxy is recommended in situations where it is not possible to force an application to use some other proxy server directly. For example, some mobile applications completely ignore OS HTTP Proxy settings. In these cases, the use of a DNS proxy server such as DNSChef will allow you to trick that application into forwarding connections to the desired destination.

oFFICIAL Source: http://thesprawl.org/projects/dnschef/

🦑How to Use?

> root@kali:~# dnschef -h


> dnschef.py [options]:
_
Written by UnderCode
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑What is exactly definition for dns?
(t.me/UnderCodeTestingOfficial)

🦑DNS

1) The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

2) Each device connected to the Internet has a unique IP address which other machines use to find the device.

3) DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).

🦑How does DNS work?

1) The process of DNS resolution involves converting a hostname (such as www.example.com) into a computer-friendly IP address (such as 192.168.1.1).

2) An IP address is given to each device on the Internet, and that address is necessary to find the appropriate Internet device - like a street address is used to find a particular home. When a user wants to load a webpage, a translation must occur between what a user types into their web browser (example.com) and the machine-friendly address necessary to locate the example.com webpage.

3) In order to understand the process behind the DNS resolution, it’s important to learn about the different hardware components a DNS query must pass between. For the web browser, the DNS lookup occurs “ behind the scenes” and requires no interaction from the user’s computer apart from the initial request.

@ Mr BotNet(tm)
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑All dns Servers Types:
t.me/UnderCodeTestingOfficial)

🦑There are 4 DNS servers involved in loading a webpage:


1) DNS recursor -

> The recursor can be thought of as a librarian who is asked to go find a particular book somewhere in a library. The DNS recursor is a server designed to receive queries from client machines through applications such as web browsers. Typically the recursor is then responsible for making additional requests in order to satisfy the client’s DNS query.


2) Root nameserver -

> The root server is the first step in translating (resolving) human readable host names into IP addresses. It can be thought of like an index in a library that points to different racks of books - typically it serves as a reference to other more specific locations.


3) TLD nameserver -

> The top level domain server (TLD) can be thought of as a specific rack of books in a library. This nameserver is the next step in the search for a specific IP address, and it hosts the last portion of a hostname (In example.com, the TLD server is “com”).

4) Authoritative nameserver -

> This final nameserver can be thought of as a dictionary on a rack of books, in which a specific name can be translated into its definition. The authoritative nameserver is the last stop in the nameserver query. If the authoritative name server has access to the requested record, it will return the IP address for the requested hostname back to the DNS Recursor (the librarian) that made the initial request.

🦑What's the difference between an authoritative DNS server and a recursive DNS resolver?

1) Both concepts refer to servers (groups of servers) that are integral to the DNS infrastructure, but each performs a different role and lives in different locations inside the pipeline of a DNS query. One way to think about the difference is the recursive resolver is at the beginning of the DNS query and the authoritative nameserver is at the end.
Recursive DNS resolver

2) The recursive resolver is the computer that responds to a recursive request from a client and takes the time to track down the DNS record. It does this by making a series of requests until it reaches the authoritative DNS nameserver for the requested record (or times out or returns an error if no record is found).

3) Luckily, recursive DNS resolvers do not always need to make multiple requests in order to track down the records needed to respond to a client; caching is a data persistence process that helps short-circuit the necessary requests by serving the requested resource record earlier in the DNS lookup

@ Mr BotNet(tm)
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑
DNS Spoofing tool made in Python 3 with Scapy☠️kali/Termux
(t.me/UnderCodeTestingOfficial)

🦑INSTALLISATION & RUN:

1) git clone https://github.com/Trackbool/DerpNSpoof'


2) install the requirements with:

> 'pip3 install -r requirements.txt' (recomended) or manually 'pip3 install scapy'

> Scapy uses tcpdump

3) To execute the tool, you will need root permissions


4) Options to use:
<ip> - Spoof the DNS query packets of a certain IP address
<all> - Spoof the DNS query packets of all hosts
[!] Examples:
# python3 DerpNSpoof.py 192.168.1.20 myfile.txt
# python3 DerpNSpoof.py all myfile.txt

@ Mr BotNet(tm)
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑 Kali Linux Burp Suite Tutorial :
(instagram.com/UnderCodeTestingCompany)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> Burpsuite is a collection of tools bundled into a single suite made for Web Application Security or Penetration testing. It’s a java executable and hence it’s cross-platform. Kali Linux comes with Buprsuite free edition installed. There is also a professional version available.

🦑Features include:


1) Application-Aware Spider: Used for spidering/crawling a given scope of pages.

2) Scanner: Automatically scans for vulnerabilities just like any other automated scanners

3) Intruder: Used to perform attacks & brute-forces on pages in a highly customize-able manner.

4) Repeater: Used for manipulating and resending individual requests.

5) Sequencer: Used mainly for testing/fuzzing session tokens.

6) Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.

7) Comparer & Decoder used for misc purposes that might come along the way when you conduct a Web Security test


🦑How Hack With it?

> Spidering a website

Spidering is a major part of recon while performing Web security tests. It helps the pentester to identify the scope & archetecture of the web-application.As described earlier, burpsuite has it’s own spider called the burp spider which can crawl into a website.

1) Setup Proxy

First, start burpsuite and check details under the proxy tab in Options sub-tab. Ensure IP is localhost IP & port is 8080.

> on IceWeasel/Firefox, Goto Options > Preferences > Network > Connection Settings.

> Choose Manual Proxy Configuration

2) Getting Content into Burpsuite

> After you have setup the proxy, goto the target normally by entering the URL in the address bar. You can notice that the page will not be loading up.

> This is because burpsuite is intercepting the connection.

3) Scope Selection & Starting Spider

> Now narrow down the target as you want. Here the target/mutillidae is selected. Right click the mutillidae from the sitemap & select Spider from Here option

4) Manipulating Details

Now you can see as the spider runs on your screan , the tree inside of the mutillidae branch gets populated. Also, the requests made are shown in the queue and the details are shown in the Request tab.

5) Move on to different Tabs and see all the underlying information.

6) Finally, check if the spider is finished by viewing the Spider tab.

@ Mr BotNet(tm)
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑 How to hack a website using Termux
(t.me/UnderCodeTestingOfficial)

🦑INSTALLISATION & RUN:

Hackerpro - All in One Hacking Tool for Linux & Android (Termux)

A) Installation for Android

1) install termux

2) apt update

3) apt upgrade

4) apt install git

5) apt install pythongit clone https://github.com/technicaldada/hackerpro.gitcd hackerpro

6) python hackerpro.py

B) Installation for Linux

1) git clone https://github.com/technicaldada/hackerpro.git

2) cd hackerpro

3) python hackerpro.py python hackerpro.py

🦑Features:


Information Gathering
Password Attacks
Wireless Testing
Exploitation Tools
Sniffing & Spoofing
Web Hacking
Private Web Hacking
Post Exploitation
Install The HACKERPRO

🦑Information Gathering

Nmap
Setoolkit
Port Scanning
Host To IP
wordpress user
CMS scanner
XSStrike
Dork - Google Dorks Passive Vulnerability Auditor
Scan A server's Users
Crips

🦑Password Attacks

Cupp
Ncrack

🦑Wireless Testing

reaver
pixiewps
Fluxion

🦑Exploitation Tools

ATSCAN
sqlmap
Shellnoob
commix
FTP Auto Bypass
jboss-autopwn

🦑Sniffing & Spoofing

Setoolkit
SSLtrip
pyPISHER
SMTP Mailer

🦑Web Hacking

Drupal Hacking
Inurlbr
Wordpress & Joomla Scanner
Gravity Form Scanner
File Upload Checker
Wordpress Exploit Scanner
Wordpress Plugins Scanner
Shell and Directory Finder
Joomla! 1.5 - 3.4.5 remote code execution
Vbulletin 5.X remote code execution
BruteX - Automatically brute force all services running on a target
Arachni - Web Application Security Scanner Framework

🦑Private Web Hacking

Get all websites
Get joomla websites
Get wordpress websites
Control Panel Finder
Zip Files Finder
Upload File Finder
Get server users
SQli Scanner
Ports Scan (range of ports)
ports Scan (common ports)
Get server Info
Bypass Cloudflare

🦑Post Exploitation

Shell Checker
POET
Weeman
@ Mr BotNet(tm)
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑Hack Wifi Termux or /linux gd tool:
(instagram.com/UnderCodeTestingCompany)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng, Airodump-ng, MDK3 and Reaver. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses.

2) This application requires an ARM android device with an internal wireless adapter that supports Monitor Mode. A few android devices do, but none of them natively. This means that you will need a custom firmware. Any device that uses the BCM4339 chipset (MSM8974, such as Nexus 5, Xperia Z1/Z2, LG G2, LG G Flex, Samsung Galaxy Note 3) will work with Nexmon (which also supports some other chipsets). Devices that use BCM4330 can use bcmon.

> An alternative would be to use an external adapter that supports monitor mode in Android with an OTG cable.

3) The required tools are included for ARM devices. The Nexmon firmware and management utility for BCM4339 and BCM4358 are also included.

🦑Root access is also necessary, as these tools need root to work.🦑
INSTALLISATION & RUN:

1) you are on Android 5+

2) you are rooted

3) you have a firmware to support Monitor Mode on your wireless interface

4) download the project https://github.com/chrisk44/Hijacker/releases/tag/v1.5-beta.11

You can get it apk or .tar.gz (or source .zip)

5) Simply get apk on android


🦑Features:

1) View a list of access points and stations (clients) around you (even hidden ones)

2) View the activity of a specific network (by measuring beacons and data packets) and its clients

3) Statistics about access points and stations

4) See the manufacturer of a device (AP or station) from the OUI database

5) See the signal power of devices and filter the ones that are closer to you

6) Save captured packets in .cap file

7) Deauthenticate all the clients of a network (either targeting each one (effective) or without specific target)

8) Deauthenticate a specific client from the network it's connected

9) MDK3 Beacon Flooding with custom options and SSID list

10) MDK3 Authentication DoS for a specific network or to every nearby AP

11) Capture a WPA handshake or gather IVs to crack a WEP network

12) Reaver WPS cracking (pixie-dust attack using NetHunter chroot and external adapter)

13) Leave the app running in the background, optionally with a notification
14) Copy commands or MAC addresses to clipboard
15) Includes the required tools, no need for manual installation
16) Includes the Nexmon driver, required library and management utility for BCM4339 and BCM4358 devices

17) Crack .cap files with a custom wordlist

18) Create custom actions and run them on an access point or a client easily

19) Sort and filter Access Points and Stations with many parameters

20) Export all gathered information to a file

21) Add a persistent alias to a device (by MAC) for easier identification

Written by UnderCode
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑Who uses Java? Why it Java the 1st choice for most developers?
t.me/IosDeveloppers


1) 97% of Enterprise Desktops Run Java

2) 89% of Desktops (or Computers) in the U.S. Run Java

3) There are 9 Million Java Developers Worldwide

4) Java is the #1 Choice for Developers

5) Java is the #1 Development Platform

6) 3 Billion Mobile Phones Run Java

7) 100% of Blu-ray Disc Players Ship with Java

8) There are 5 Billion Java Cards in Use

9) 125 million TV devices run Java

10) 5 of the Top 5 Original Equipment Manufacturers Ship Java ME.

@ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑Best Programming Languages for Hacking
facebook.com/UnderCodeTestingCompanie

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) Python

> The de-facto language for hacking programming, Python is heralded as the best programming language for hacking – and for good reasons so. Ethical hackers often use this dynamic programming language for scripting their on-demand hacking programs

Why Python?


> The interpreted nature of Python allows it to run without the need for compilation.

> An easy-to-read language that’s helpful for beginning ethical hackers.

> Has a massive community that wields useful 3rd-party plugins/library every day.

> One of the best programming language for hacking into web servers.

> Makes it fairly easy to write automation scripts.

> Python lets you do a fast reconnaissance of the target network and makes prototyping much faster.

2) SQL

> SQL stands for Structured Query Language and is one of the most favorite hacking programming language for ethical hackers. This programming language is used to query and fetch information from databases. As most web-based software store valuable information like user credentials in some form of a database,

> SQL is the best programming language for hacking into corporate databases

🦑¿Why sql?

> SQL is not a traditional programming language and used for only communicating with databases.

> hackers use this language to develop hacking programs based on SQL injection.

> SQL is often used by hackers to run unauthorized queries in order to obtain unhashed passwords.

> Popular SQL databases include MySQL, MS SQL, and PostgreSQL.

3) C

> The holy grail of modern programming languages, it’s no surprise C is also used extensively in the security industry. The low-level nature of C provides an edge over other languages used for hacking programming when it comes to accessing low-level hardware components such as the RAM

🦑¿ Why C ?

> C is a low-level fast programming language.

> Most modern systems including Windows and Unix are built using C, so mastery of this language is essential if you want to understand these systems thoroughly.

> C is often used to gain low-level access to memory and system processes after compromising a system.

> Veteran security professionals often use C to simulate the library highjacking attack.

4) JavaScript

> it s the de-facto choice for developing cross-site scripting hacking programs.

> JavaScript can manipulate the browser DOM very easily, thus making it a viable solution for building internet worms.
It can be used for mimicking attacks not only on the server side but also on the client side.

> JavaScript is the go-to language for creating adware hacking programs, rising increasingly in recent times.

> Since JavaScript can be used to build cross-platform desktop software, hackers might utilize it for attacks like buffer overflow and stack overflow.

5) PHP

> PHP is used extensively in server-side scripting, so knowledge of this hacking programming language is essential if you want to develop server hacking programs.

> Older PHP websites often contain deprecated scripts, manipulating them effectively can give you easy access to servers.

> A deeper understanding of this hacking coding language means you’ll be prepared to take down faulty websites as soon as you spot them.

> PHP is undoubtedly the best programming language for hacking personal websites.

6) C++

> The object-oriented nature of C++ allows hackers to write fast and efficient modern-day hacking programs.

> C++ is statically typed, meaning you can avoid a lot of trivial bugs right at compile time.

> The ability to access low-level system components makes sure hackers can easily reverse engineer enterprise software with this programming language.

> The high-level polymorphism feature allows programmers to write metamorphic computer viruses with C++.

7) JAva

> Just like C++, Java is also widely used by hackers to reverse engineer paid software.

> It is used heavily by professional penetration testers to curate scalable servers for delivering payloads.

> Java makes it possible to develop state of the art hacking programs for advanced ethical hackers.

> Contrary to C++, Java is dynamic in nature. This means once you write your hacking programs with Java, you can run them on any platform that supports Java.

> A deeper understanding of Java is integral to develop hacking programs for the Android system.

Written By ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑How Track Browsing Activities google chrome?
(t.me/UnderCodeTestingOfficial)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> Chrome extension for automatic time tracking and metrics generated from your browsing activity

> Automatic time tracking for stats about your website debugging, research, documentation, etc.

🦑INSTALLISATION & RUN:

1) Install the extension (from chrome official webstore)
> https://chrome.google.com/webstore/detail/wakatime/jnbbnacmeggbgdjgaoojpmhdlkkpblgi

2) Login to WakaTime

> https://wakatime.com/

3) Use in conjunction with other WakaTime plugins.

🦑Development instructions
>For development purposes only.

To get started, install NPM and Bower dependencies, and do an initial build with Gulp:

1) npm start

2) npm run gulp

> To monitor changes:

3) npm run watch

> Run tests:

4) npm test

> Lint code (Both JS and JSX):

5) jsxhint --jsx-only .

> Automatic code linting

🦑How unpacked in Chrome?

1) Clone repository to disk

2) Go to Settings → Extensions

3) Enable Developer mode

4) Click Load unpacked extension...

5) Select repository directory

🦑Enjoy with UndercOde tutorials🦑

@ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑netflix is so secure now because bin methode not works
hackers still get it because :

1) The send free without trial : once peoples in community entered on their phones its will ask for trials so if the hack cc the will missing the money and netflix they think its works. This Methode when the sender checks again its now a trial or subscription

Or MeThode 2

2) They Exploite accounts from backdoors from phones, Windows...

Those Only Two ways Don t be noob and think that netflix Works with virtual cc or fake bins...

@UnderCodeOfficial

- - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑ackers Target Smart Homes & 7 Tips to Protect Yours ?
(instagram.com/UnderCodeTestingCompany)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> All of these smart devices are really networked computers in addition to what they traditionally are: refrigerators, light bulbs, televisions, cat litter boxes, dog feeders, cameras, garage door openers, door locks

> In other words, connected appliances can be hacked into like any other website or computer, and most of them are behind poorly secured consumer-grade home routers.

🦑which smart devices are most at risk and why ?

1) Most vulnerable: Outdoor devices with embedded computers that support little or no security protocols. For example, garage door openers, wireless doorbells and smart sprinklers are all examples of devices that may be easily accessible to someone driving down the street with a computer or other Wi-Fi transmitter.

2) Second most vulnerable: “Inside-the-home devices that can be controlled through an app from a smartphone or PC such as smart bulbs, smart switches, security cameras, baby monitors, smart door locks, smart thermostats, and personal home assistants,” says Dr. Anwar. “These devices rely on weak security tokens and may be hacked due to weaknesses in the communication protocols used, configuration settings or vulnerable entry-points left open by the vendor for maintenance.”


3) Less likely to be attacked: Home appliances like refrigerators and ovens are the least likely to be attacked, but it can happen.


@ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑Help Hackproof Your Devices: Smart Home Safety Tips :
(t.me/UnderCodeTestingOfficial)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) Weigh the vulnerabilities vs. the benefits.

Unfortunately, it is always worth remembering that there is no IT infrastructure that can be 100% secured. The only thing we can do is seek to reduce the risk. Therefore, when designing a smart home system, it is worth analyzing what is important to us

2) Create a secure Wi-Fi network.

> Purchase a router from a reputable brand and follow the manufacturer’s instructions to change the name of the network and default password.

> Choose a network name that doesn’t automatically give away your location or personal details. Consider also hiding your network from view, an option which can usually be found in the router’s settings menu.

> It’s also possible to create a second Wi-Fi network specifically for your smart home devices.

> Many routers allow you to create multiple networks, each with their own name and password.

> This way, hacking your IoT device will confine an attacker to that network and keeping it segregated from where you do your banking and store your sensitive information. It’s also a good idea to set up a Guest network for visitors’ smartphones and computers, where they can’t see or access your IoT devices.

3) Don’t underestimate the importance of your passwords.

> old-fashioned password system is the main line of defense protecting our most high-tech devices.

> Take your passwords seriously> Whenever you get a new device, change the default password immediately. Otherwise, the password to your Wi-Fi router or security camera might be just a Google search away.

> Use unique, hard to guess passwords with several characters, numbers and letters on all of your devices. A password manager like LastPass can help you remember them all more conveniently

4) Register every new device with the manufacturer and keep them up to date

5) Consider professional installation.

> Remember that the leading home security providers offer professional installation with great built-in smart home integration.

> Technicians can handle any necessary hardwiring for you and answer all of your questions about more advanced security measures

6) Unplug devices that aren’t in use

7) Factory reset devices before getting rid of them

@ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑Install ADB & FastBoot Tools in Termux :
(instagram.com/UnderCodeTestingCompany)

🦑How to install

A) Silent installation:

> Copy and paste the following command in Termux to silently install Tools:

> apt update > /dev/null 2>&1 && apt --assume-yes install wget > /dev/null 2>&1 && wget https://github.com/MasterDevX/Termux-ADB/raw/master/InstallTools.sh -q && bash InstallTools.sh

B) Common installation:

> Copy and paste the following command in Termux to install Tools with logs output:


> apt update && apt install wget && wget https://github.com/MasterDevX/Termux-ADB/raw/master/InstallTools.sh && bash InstallTools.sh

🦑How to uninstall

A) Silent uninstallation:

> Copy and paste the following command in Termux to silently remove Tools:

> apt update > /dev/null 2>&1 && apt --assume-yes install wget > /dev/null 2>&1 && wget https://github.com/MasterDevX/Termux-ADB/raw/master/RemoveTools.sh -q && bash RemoveTools.sh

B) Common uninstallation:

> Copy and paste the following command in Termux to remove Tools with logs output:

> apt update && apt install wget && wget https://github.com/MasterDevX/Termux-ADB/raw/master/RemoveTools.sh && bash RemoveTools.sh

@ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑TOP EXPLPOITED Bugs 2019 Dangerous//
Twitter.com/UnderCodeTC

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) WordPress Plainview Activity Monitor 20161228 Remote Command Execution -

> WordPress Plainview Activity Monitor plugin is vulnerable to OS command injection which allows an attacker to remotely execute commands on the underlying system. Application passes unsafe user supplied data to ip parameter into activities_overview.php. Privileges are required in order to exploit this vulnerability. Vulnerable plugin version: 20161228 and possibly prior. Fixed plugin version: 20180826.


2) Debian Security Advisory 4578-1 - Debian Linux Security Advisory 4578-1 -

> Multiple security issues were found in libvpx multimedia library which could result in denial of service and potentially the execution of arbitrary code if malformed WebM files are processed.

3) axTLS 2.1.5 Denial Of Service - Multiple denial of service vulnerabilities have been discovered and disclosed in the axTLS library versions 2.1.5 and below.

4) OwnCloud 8.1.8 Username Disclosure - OwnCloud version 8.1.8 suffers from a username disclosure vulnerability.

5) Bash 5.0 Patch 11 Privilege Escalation - An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.

6) Online Inventory Manager 3.2 Cross Site Scripting - Online Inventory Manager version 3.2 suffers from a persistent cross site scripting vulnerability.

7) Ubuntu Security Notice USN-4204-1 - Ubuntu Security Notice 4204-1 - Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.

8) Debian Security Advisory 4577-1 - Debian Linux Security Advisory 4577-1 - Tim Dusterhus discovered that haproxy, a TCP/HTTP reverse proxy, did not properly sanitize HTTP headers when converting from HTTP/2 to HTTP/1. This would allow a remote user to perform CRLF injections.

9) SpotAuditor 5.3.2 Denial Of Service - SpotAuditor version 5.3.2 Name and Key proof of concept denial of service exploits.

10) Mersive Solstice 2.8.0 Remote Code Execution - Mersive Solstice version 2.8.0 suffers from a remote code execution vulnerability.

11) The zero-day Exploite Hack Wa Like a Pro Via Simple Atumating 2 Big Scripts -2019 patched now

12) The Ios Exploite-easy Jailbreak Any device Doesn t matter wich ios Version...

Written By Steave(tm)
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

- - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

what is Unixware?
(instagram.com/UnderCodeTestingCompany)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> UnixWare is an x86, Unix-based operating system originally released by Univel; a company jointly owned by AT&T and Novell. It is primarily used on servers and is rarely run on desktop computers.

> Its design focuses on high levels of reliability, scalability, and security. UnixWare contains a large amount of open source software components, including X11, BIND, sendmail, DHCP, Perl, and Tcl.

Written by @ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑Roguehostapd is a fork of hostapd, the famous user space software access point. It provides Python ctypes bindings and a number of additional attack features. It was primarily developed for use in the in phishing ap
(instagram.com/UnderCodeTestingCompany)

🦑INSTALLISATION & RUN:

> TERMUX ROOT OR ANY LINUX

1) git clone https://github.com/wifiphisher/roguehostapd.git

2) cd roguehostapd

3) python setup.py install

4) shell

5) python run.py -i wlan0 -ssid

6) Use wlan0 for spawning the WPA2/WPA rogue AP with passhrase 12345678

shell
> python run.py -i wlan0 -ssid haha -kA

7) Use wlan0 for spawning the OPEN rogue AP supporting the KARMA attack

🦑More:

Short form | Long form | Explanation |
| :----------: | :---------: | :-----------: |
|-h | --help| show this help message and exit |
|-ssid SSID| --ssid SSID| Select the ssid for the spawn rogue AP|
|-c CHANNEL| --channel CHANNEL| Select the channel number for the spawn rogue AP|
|-bI BEACON_INT| --beacon_int BEACON_INT| Define the beacon interval in milliseconds for the spawn rogue AP|
|-i INTERFACE| --interface INTERFACE| Select the interface for the spawn rogue AP. Example: -i wlan0|
|-pK WPA_PASSPHRASE| --wpa_passphrase WPA_PASSPHRASE| Define the password for the spawn rogue AP.|
|-kA|| Enabling the KARMA attack|
|-dV|--debug-verbose| Enabling the verbose debug log|
|-K|--key_data|Include key data in debug messages|
|-t|--timestamp|Include timestamps in some debug messages|
|-v|--version|Show hostapd version|

Written by @ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑 A fake implementation of AWS SNS to test against Tested :
t.me/UnderCodeTestingOfficial

🦑INSTALLISATION & RUN:

There are 2 ways of running FakeSNS, as a gem, or as plain Rack app. The first is easy, the latter is more flexible.

A) As a gem:

1) git clone https://github.com/yourkarma/fake_sns

2) cd fake_sns

3) gem install fake_sns

4) fake_sns -p 9292

5) To configure AWS-SDK to send messages here:

AWS.config(
use_ssl: false,
sns_endpoint: "0.0.0.0",
sns_port: 9292,
)

🦑 Command line options:

1) Store the database somewhere else: --database FILENAME or specify an in memory database that will be lost: --database :memory:


2) To get a YAML representation of all the data known to FakeSNS, do a GET request to the root path:

> curl -X GET http://localhost:9292/

3) To change the database, submit the contents you got from the previous step, augment it and submit it as the body of a PUT request:

> curl -X GET http://localhost:9292/ -o my-data.yml
vim my-data.yml

> curl -X PUT --data @my-data.yml http://localhost:9292/

4) To reset the entire database, send a DELETE request:

> curl -X DELETE http://localhost:9292/

5) To send ALL the messages stored in the queue, you can send a post request:

> curl -X POST http://localhost:9292/drain

6) You can also just send a single message:

> curl -X POST http://localhost:9292/drain/:message_id

7) Currently, only HTTP/HTTPS and SQS endpoints are working. You'll need to pass AWS config (in JSON format) for the SQS integration to work. See [FakeSNS] [fake_sns] for more information.

> curl \
-X POST \
--data '{"aws_config": {"use_ssl": false, "sqs_endpoint": "localhost", "sqs_port": 4789, "secret_access_key": "xxx", "access_key_id": "yyy"}}' \
http://localhost:9292/drain

🦑ENJOY

Written by @ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -


Written by @ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -