▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HOW to simulate http server attacks in Python which logs HackerIP and all the tracing he does into a Logfile then a database.
instagram.com/UndercodeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

(rooted termux/kali)

1) git clone https://github.com/anouarbensaad/HTTP-Honeypot.git

2) cd HTTP-Honeypot

3) run mysql with root user sudo mysql -u root

4) Create the database isetsohoney CREATE DATABASE isetsohoney;
add the privileges to rootGRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'isetso';

5) create table log with this fieldsCREATE TABLE log (id int NOT NULL PRIMARY KEY, date datetime, iphacker varchar(255), uri varchar(255));

6) run server with command : python HTTP_Honeypot_Server.py

7) Starting Server ON 999, Username : root , Password : toor

8) Run HTTrack for copy real websites to local directory and copy it in Sys/fake

9) Scan The Server Banner with Nmap nmap -sV --script=banner 192.168.1.1 -p999

> Open http://192.168.1.1:999

🦑REQUIREMENTS :

> Python (2.7 or 3.0)

> Apache2

> Mysql-server

> HTTrack


@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Your can Get hackers news& Scripts from Our Twitter.com/UnderCodeTC

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WHAT IS DOXXING ATTACK ?
t.me/UndercOdeTestingOfficial

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

Doxxing is usually meant to embarrass the victim, draw criticism towards them, get revenge or cause the victim physical harm.

> Doxxing is a very serious threat to your privacy and can ruin people’s lives.
> Larger doxxing attacks include public shaming and public humiliation on a large scale. Some people can lose their jobs, families or even their homes as a result of doxxing. Many are forced to change their identities and pay large sums of money to remove unwanted information online.

🦑Common methods include:

1) IP Logging: As mentioned above, this method uses an IP logger (a piece of code you cannot see). The IP logger is typically added to an email or a message to find out your IP address. Once a user has opened the message, the IP address is tracked and sent back to the doxxer.

2) Packet Sniffing: Data you send over a WiFi network can be intercepted by a doxxer if they break into the WiFi’s security measures. The doxxer can then access valuable information such as emails, passwords and bank account details.

3) Reverse Cellphone Lookup: This allows a doxxer to find a victim’s name, email, age and additional information by using their cellphone number.

4) Social Media Stalking: The majority of internet users have social media accounts. Doxxers use these to access information such as names of relatives, birthdays, locations and more.

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Avoid Getting Doxxed
instagram.com/UndercOdeTestingCompany

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:


1) Use a VPN

A virtual private network offers excellent protection from exposing IP addresses and physical addresses of an individual. The VPN takes the user's internet traffic, encrypts it, and sends it through one of the service's servers before heading out to the public internet. In a previous blog, we outlined several VPNs that take privacy and security very seriously.

2) Limiting Personal Information Online

People must go to much greater lengths to dox a person that doesn't share personal information online. Social media sites often ask many of invasive questions, which can lead to attackers learning more than enough about their target. By keeping this information offline entirely, doxxers usually move on to someone else.

3) Auditing Social Media Posts

Over the years, social media profiles fill up with all sorts of data about the person and their past. Take the time to go through social media accounts and delete posts that contain too much personal information. Even if you didn't post it directly, look for comments that may accidentally share this type of data as well.

4) Ask Google to Remove Information

If personal information appears in Google search results, the individual can request that it get removed from the search engine. Google makes this a simple process through an online form. Many data brokers put this type of data online, usually for background checks or crime check information.

5) Avoid Online Quizzes

Some quizzes ask a lot of seemingly random questions, which are actually the answers to common security questions. Plus, it gives attackers more data to work with. Supplying an email address or name to go along with results makes it even easier to associate information from other data sources.

6) Practice Good Cybersecurity Practices

Put anti-virus and malware detection software in place that can stop a doxxer from stealing information through malicious applications. Regularly update software to avoid any security bugs that could lead to being hacked and doxxed. Once an operating system reaches the end of its supported life, switch to a newer version to decreased security vulnerabilities.

7) Change Passwords Regularly

Data breaches happen all the time, so it's usually only a matter of time before a username and password combination gets out in the wild. By switching every month and using a password manager to create complex codes, it's harder for a hacker to break into accounts. An individual can consider using two-factor or multi-factor authentication as well, which requires more than just a username/password combination to access the application.

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 LINKING IN TELEGRAM BOTS 2019
t.me/UndercOdeTestingOfficial

🦑Deep linking🦑

1) Telegram bots have a deep linking mechanism, that allows for passing additional parameters to the bot on startup. It could be a command that launches the bot — or an auth token to connect the user's Telegram account to their account on some external service.

2) Each bot has a link that opens a conversation with it in Telegram — https://telegram.me/<bot username>. You can add the parameters start or startgroup to this link, with values up to 64 characters long. For example:

> https://telegram.me/triviabot?startgroup=test

A-Z, a-z, 0-9, _ and - are allowed. We recommend using base64url to encode parameters with binary and other types of content.

3) Following a link with the start parameter will open a one-on-one conversation with the bot, showing a START button in the place of the input field. If the startgroup parameter is used, the user is prompted to select a group to add the bot to. As soon as a user confirms the action (presses the START button in their app or selects a group to add the bot to), your bot will receive a message from that user in this format:

/start PAYLOAD

4) PAYLOAD stands for the value of the start or startgroup parameter that was passed in the link.

🦑 Deep linking Example

> Suppose the website example.com would like to send notifications to its users via a Telegram bot. Here's what they could do to enable notifications for a user with the ID 123.

1) Create a bot with a suitable username, e.g. @ExampleComBot

2) Set up a webhook for incoming messages

3) Generate a random string of a sufficient length, e.g. $memcache_key = "vCH1vGWJxfSeofSAs0K5PA"

4) Put the value 123 with the key $memcache_key into Memcache for 3600 seconds (one hour)

5) Show our user the button https://telegram.me/ExampleComBot?start=vCH1vGWJxfSeofSAs0K5PA

6) Configure the webhook processor to query Memcached with the parameter that is passed in incoming messages beginning with /start. If the key exists, record the chat_id passed to the webhook as telegram_chat_id for the user 123. Remove the key from Memcache.

7) Now when we want to send a notification to the user 123, check if they have the field telegram_chat_id. If yes, use the sendMessage method in the Bot API to send them a message in Telegram.

THATS ALL 😊

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 automatic deface many websites at once
instagram.com/UndercodeTestingCompany

🦑INSTALLISATION & RUN:

A) Termux:

1) pkg install python2

2) pip2 install requests

3) pkg install git

4) git clone https://github.com/Ranginang67/AOXdeface

5) cd AOXdeface

6) python2 aox.py

B) Linux:

1) apt-get install python

2) apt-get install pthon-pip

3) pip install requests

4) apt-get install git

5) git clone https://github.com/Ranginang67/AOXdeface

6) cd AOXdeface

7) python aox.py

🦑 before using this tool, put your deface script with the aox.py file, edit the file 'target.txt' and enter the target url

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How exploite android 2019
Using open Adb ports we can exploit a Andriod Device
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

>HOW TO INSTALL WINDOWS

1) git clone https://github.com/Zucccs/PhoneSploit

2) extract adb.rar to the phonesploit directory

3) cd PhoneSploit

4) pip install colorama

5) python2 main.py

> HOW TO INSTALL Linux

1) git clone https://github.com/Zucccs/PhoneSploit

2) cd PhoneSploit

3) pip install colorama

4) python2 main_linux.py

> IF ADB NOT FOUND

sudo apt update sudo apt install android-tools-adb android-tools-fastboot

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2019 lastest update cracking tool
JWT brute force cracker written in C

>A multi-threaded JWT brute-force cracker written in C. If you are very lucky or have a huge computing power, this program should find the secret key of a JWT token, allowing you to forge valid tokens
instagram.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

kali/ubanto

1) git clone https://github.com/brendan-rius/c-jwt-cracker

2) cd c-jwt-cracker

3) apt-get install libssl-dev

4) make

5)(((( If you use a Mac, you can install OpenSSL with brew install openssl, but the headers will be stored in a different location:
make OPENSSL=/usr/local/opt/openssl/include OPENSSL_LIB=-L/usr/local/opt/openssl/lib))

6) ./jwtcrack eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.cAOIAifu3fykvhkHpbuhbvtH807-Z2rI1FS3vX1XMjE

> use for learn only

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑a very fast brute force webshell password tool
>dictionary-based brute force password webshell tool, running as fast as a cheetah hunt for prey.

Cheetah's working principle is that it can submit a large number of detection passwords based on different web services at once, blasting efficiency is thousands of times other common brute force password webshell tools.
instagram.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1>git clone https://github.com/sunnyelf/cheetah.git

2>python cheetah.py

3>git pull orgin master

🦑Features:

usage: cheetah.py [-h] [-i] [-v] [-c] [-up] [-r] [-w] [-s] [-n] [-u] [-b]
[-p [file [file ...]]]

optional arguments:
-h, --help show this help message and exit
-i, --info show information of cheetah and exit
-v, --verbose enable verbose output(default disabled)
-c, --clear clear duplicate password(default disabled)
-up, --update update cheetah
-r , --request specify request method(default POST)
-t , --time specify request interval seconds(default 0)
-w , --webshell specify webshell type(default auto-detect)
-s , --server specify web server name(default auto-detect)
-n , --number specify the number of request parameters
-u , --url specify the webshell url
-b , --url-file specify batch webshell urls file
-p file [file ...] specify possword file(default data/pwd.list)

🦑use examples:
python cheetah.py -u http://orz/orz.php
python cheetah.py -u http://orz/orz.jsp -r post -n 1000 -v
python cheetah.py -u http://orz/orz.asp -r get -c -p pwd.list
python cheetah.py -u http://orz/orz -w aspx -s iis -n 1000
python cheetah.py -b url.list -c -p pwd1.list pwd2.list -v

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How To Install a USRP Device on Linux
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) sudo add-apt-repository ppa:ettusresearch/uhd

2) sudo apt-get update

3) sudo apt-get install libuhd-dev libuhd003 uhd-host

4) uhd_find_devices

5) cd /usr/lib/uhd/utils/

6) ./uhd_images_downloader.py

7) sudo uhd_usrp_probe

🦑FEATURES

(Troubleshooting SDR's that are running BTS software):

> Improper FW

>Lack of proper antennas

> Wrong cellular phone type

> Wrong SIM

> Not configured correctly - Mobile Country Codes (MCC) and Mobile

>Network Codes (MNC)

> Incorrect software BTS settings

> Virtualized platform is not fast enough

> Wrong SDR firmware

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Android users attacked by “undeletable” virus from two days
t.me/UndercOdeTestingOfficial

>Symantec cybersecurity experts have revealed a new Xhelper virus that infects gadgets running on the Android operating system. This was reported on the android company's website(https://www.android.com)

> Due to the virus, gadgets constantly pop up ads and also reduce memory.

> It is noted that the virus enters the device along with other programs, continuing to operate when they are removed. In addition, even restoring factory settings does not allow you to get rid of malware.

> According to experts, Xhelper has already hit 45 thousand devices, most of which belong to Russians, Australians and Indians.

> On December 18, cybersecurity experts reported the discovery of a new virus that infects Android-based devices. It is known that users downloaded infected applications from the Google Play store. The malicious code is called Andr / Clickr-AD. He is able to generate a constant click on advertising links, regardless of the desire of the owner of the gadget. In this regard, the malware provokes the rapid discharge of smartphones and tablets.

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WHAT ABOUT LASTEST VULNERABILITY ((THE MOZI)) 12/2019
Twitter.com/UndercOdeTC

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

>experts have discovered a new Mozi P2P botnet that actively brutes Netgear, D-Link and Huawei routers, checking for weak passwords via Telnet.

> Researchers discovered a botnet about four months ago and over the past time have come to the conclusion that its main target is DDoS attacks.

🦑How It Works ??

> Mozi is built using the Distributed Hash Table (DHT) protocol, which is widely used by torrent clients and other P2P platforms. This allows the botnet to work without command servers, as well as to hide the payload among normal DHT traffic. To ensure the integrity and security of the botnet components, ECDSA384 and the XOR algorithm are used.

🦑So, Mozi is able to:

> implement DDoS attacks (this module uses the code of the well-known Malvari Gafgyt, supports HTTP, TCP, UDP, and so on);

> collect and steal information about bots (bot ID, IP address, PORT, file name, gateway, processor architecture);

> execute payload from the specified URL;

> Updated through the specified URL;

> execute system or custom commands.

> The botnet also attacks dozens of different potentially vulnerable devices using known vulnerabilities: Eir D1000, Vacron NVR, devices using Realtek SDK, Netgear R7000 and R6400, MVPower DVR, Huawei HG532, D-Link gadgets, GPON routers, CCTV DVR.

@UndercOdeTestingOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ALL Tested Ways To Hack A Facebook Account And Prevention
t.me/UnderCodeTestingOfficial

> Phishing

>Social engineering

>Easy password capture

>Keylogger

>Browser extensions cracking Facebook

>Malicious application

>Hacking software

>Malicious mobile app

>Browser vulnerabilities

>Self XSS Vulnerability

>Trojan

>Facebook Zero Day

🦑Will posts next tutorials for each way

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Facebook& instagram Hack Box full tunisian script
t.me/UndercOdeTestingOfficial

🦑Features:

1) Grab Infos From Your_Fb With Graph.fb.com

2) Auto Save Emails And Phones

3) See Trikz.txt To Know About Some Priv8 Tricks

4) Make PasswordsList With Victim's Infos + Some Math ;)

5) Brute Facebook Or Instagram's Account Directly After Making The Passwds List

6) Range List With Numbers (The Best Way if you have script Like fb.py(recoveryCode Bruter))

7) Range PhoneNumbers And Brute It Directly (Send Me Your #Country# And I Will Make It For Next Update)

8) Ofc You Need Also Some Secure Passwords To Keep Your Accounts Safely From Crackers ;)

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

For Debien Based Systems

1) sudo apt-get install git

2) git clone https://github.com/m4rktn/xsmash && cd xsmash

3) python2 xsmash.py

>For Termux

1) apt-get install python2 git

2) git clone https://github.com/m4rktn/xsmash && cd xsmash

3) python2 xsmash.py

>For Windows

1) Install Python2.7 From https://www.python.org/downloads/

2) Go To https://github.com/m4rktn/xsmash And Download In ".zip" Format

3) Extract xsmash-master.zip

4) Just Click In Xsmash.py

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A powerful and useful hacker dictionary builder for a brute-force attack
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone --depth=1 --branch=master https://www.github.com/landgrey/pydictor.git

2) cd pydictor/

3) chmod +x pydictor.py

4) python pydictor.py

🦑How to use ?

1) occur function

Usage : --occur [letters_occur_times_range] [digital_occur_times_range] [special_chars_occur_times_range]

Example: --occur ">=4" "<6" "==0"
types function

Usage : --types [letters_types_range] [digital_types_range] [special_types_range]

Example: --types "<=8" "<=4" "==0"
repeat function

Usage : --repeat [letters_repeat_times] [digital_repeat_times] [special_repeat_times]

Example: --repeat "<=3" ">=3" "==0"
regex function

Usage : --regex [regex]

Example: --regex "^z.*?g$"
level function

Usage : --level [level]

Example: --level 4 level >= 4 will be work in /funcfg/extend.conf
default leet table

2) leet char = replace char, and in /funcfg/leet_mode.conf

a = 4
b = 6
e = 3
l = 1
i = 1
o = 0
s = 5

3) code

0 default，replace all
1 left-to-right, replace all the first encountered leet char
2 right-to-left, replace all the first encountered leet char
11-19 left-to-right, replace the first encountered leet char to maximum code-10 chars
21-29 right-to-left, replace the first encountered leet char to maximum code-20 chars

🦑function code
function code description
len F1 the scope of length
head F2 add items prefix
tail F3 add items suffix
encode F4 encode the items
occur F5 filter by occur times of letter、digital、special chars
types F6 filter by types of letter、digital、special chars
regex F7 filter by regex
level F8 set the word list rule level
leet F9 enable 1337 mode
repeat F10 filter by consecutive repeat times of letter、digital、special chars
@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2019 lastest
Your Social Engineering Sidekick for KALI/ubanto Os
twitter.com/UndercOdeTC

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) clone https://github.com/tevora-threat/Dragnet

git clone this repo to your development machine

2) Initial Firebase Setup

3) Create a Firebase account if you don't already have one

4) Create a new project in Firebase

5) Upgrade the project to the Blaze plan

6) Choose "Cloud Firestore" as your database

7) Make sure that Firestore Database rules are as follows:
service cloud.firestore { match /databases/{database}/documents { match /{document=} { allow read, write : if request.auth != null; } } }

8) Make sure that Firebase Storage rules are as follows:
service firebase.storage { match /b/{bucket}/o { match /{allPaths=} {

> allow read, write: if request.auth != null; } } }

> Head to Authentication > Sign-In Method, and enable the Email method

9) Create an account for yourself with a NON-TEMPORARY EMAIL

10 )Initial VoIP Setup

11) Choose a SIP Trunk provider that allows masking (VoIP.ms is used in this documentation)

12) Purchase a DID number and some minutes

13) Take proper precautions to harden this account
Initial Admin Server Setup

14) Spin up a new cloud VM running Ubuntu 18.04
(You should be good with 4 GB Memory)

15) Get Asterisk 15 installed
(Here's a good starting point)

16) Get Node 8.x installed

> curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
>sudo apt-get install -y nodejs

17)(Get set up for headless browsing

>sudo apt-get install -y xvfb x11-xkb-utils xfonts-100dpi xfonts-75dpi xfonts-scalable xfonts-cyrillic x11-apps clang libdbus-1-dev libgtk2.0-dev libnotify-dev libgconf2-dev libasound2-dev libcap-dev libcups2-dev libxtst-dev libxss1 libnss3-dev gcc-multilib g++-multilib

18) git clone the Dragnet repo onto this cloud VM
cp / mv the contents of the repo's "admin" folder so that your file structure is as follows:

> Edit the contents of asterisk/sip.conf with your new SIP Trunk account info

>cp asterisk/sip.conf asterisk/extensions.conf /etc/asterisk/.

>Edit the contents of ~/ak/logUrl.txt with your Firebase details

>Edit the contents of endpoint/endpoint.js, replacing the following:

domain: the domain name you set up during set 6 (4.6) above
authPass: a strong password for use with Basic Auth
authUser: a username for use with Basic Auth
storageBucketUrl: the url of your Firebase storage bucket

🦑NOW TYPE

>mkdir /endpoint/ak && mkdir /osint/ak && touch /endpoint/ak/ServiceAccountKey.json

>ServiceAccountKey.json (created above) should contain the contents downloaded from:

https://console.firebase.google.com/project/CHANGEME/settings/serviceaccounts/adminsdk

>cp ~/endpoint/ak/ServiceAccountKey.json ~/osint/ak/.

>npm install in ~/endpoint/and ~/osint/

🦑from Terminal , start each of these in a seperate screen:

> sudo asterisk && sudo asterisk -rvvvvv

>then, in the asterisk console:
sip reload

dialplan reload

>nodemon ./endpoint/endpoint.js

🦑Final development machine setup

>firebase deploy --only functions from the functions directory on your development machine

>If all went well, you can now npm run dev from your development machine where you git cloned the project initially. Then log in and get started!
enjoy with UndercOde

Written by UnderCodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Bypassing MSI installer checks
how to bypass certain checks that MSI installers can do.

for one having two factor authentication on Windows 8 Enterprise edition, using a token.
t.me/UndercOdeTestingOfficial

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) Required Tools
- http://www.instedit.com/ - An MSI Install Editor (A nice alternative for Microsoft Orca)

2) Edit the MSI Installer

> Open InstEd It! and open the required MSI file. Go to the table “InstallExecuteSequence”.

3) Here you’ll see an action called “LaunchConditions”.

> In the next table, called “InstallUIConditions” you will see the same action called “LaunchConditions”.

4) now look at the action in table “LaunchConditions”.

5) In the condition row, you can see the value “Installed or (MsiNTPersonal = 1)”, changing this value to 0 will install only on non Windows Home editions, not the best if we want this software to be available on any edition of Windows.

6) To make this work on all editions of Windows 7/8, remove the action “LaunchConditions” in the tables:

> InstallExecuteSequence

> InstallUIConditions

7) Finally, save the MSI file, launch it and have fun!

@UnderCodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Cookies exact Explication bu UndercOde
instagram.com/UndercOdeTestingCompany

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

What is Cookie ?

>A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user’s browser and for the browser to return the state information to the origin site. The state information can be used for authentication, identification of a user session, user’s preferences, shopping cart contents, or anything else that can be accomplished through storing text data.

>Cookies are not software. They cannot be programmed, cannot carry viruses, and cannot install malware on the host computer. However, they can be used by spyware to track user’s browsing activities – a major privacy concern that prompted European and US law makers to take action. Cookies could also be stolen by hackers to gain access to a victim’s web account.

🦑Where can i find my Cookie ?
Here is one way to get your stored cookies using your browser. This method is applied for Mozilla FireFox:

> 1. From the Tools menu, select Options. If the menu bar is hidden, press Alt to make it visible.

2. At the top of the window that appears, click Privacy.

3. To modify settings, from the drop-down menu under “History”, select Use custom settings for history. Then enable or disable the settings by checking or unchecking the boxes next to each setting:

*To allow sites to set cookies on your computer, select Accept cookies from sites. To specify which sites are always or never allowed to use cookies, click "Exceptions".

🦑Why Cookies always not safe ?

> Are you talking about Cookie Poisoning-like attack ?

1) Cookie Poisoning attacks involve the modification of the contents of a cookie (personal information stored in a Web user’s computer) in order to bypass security mechanisms.

2) Using cookie poisoning attacks, attackers can gain unauthorized information about another user and steal their identity.

3) Cookie poisoning is a known technique mainly for achieving impersonation and breach of privacy through manipulation of session cookies, which maintain the identity of the client. By forging these cookies, an attacker can impersonate a valid client, and thus gain information and perform actions on behalf of the victim. The ability to forge such session cookies (or more generally, session tokens) stems from the fact that the tokens are not generated in a secure way.

4) To sum up, cookie-based SQL Injection is far to be a kind of Cookie Poisoning.

@UnderCodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁