▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How hackany Wifi On Windows 7-8-10 ?
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) download Aircrack :
> https://download.aircrack-ng.org/aircrack-ng-1.2-win.zip

2) Extract via Winar or winzip

3) Go to your 'Local Disk (C:) and open the folder "Program Files" or "Program Files (x86)" depending on your windows architecture. Since my Windows is 64-bit I will choose the 'Program Files' folder.

4) Then, copy and paste the Aircrack-ng folder that you uncompressed before inside the "Program Files" folder.

> The Aircrack-ng folder should look like this inside the "Program Files" folder.

5) After pasting the "Aircrack-ng" folder inside the "Program files" or "Program Files (x86)" you have to go inside of that folder.

Once inside the folder you will have to open the "bin" folder.

6) Depending on your Windows architecture you will choose the folder according to your Windows 32 or 64 bit

7) Once inside your corresponding folder, you will have to copy the address
(the dir location )

8) Now go to pc Propriety :

> left click on Advanced system settings

9) Now you will have to click on the button that says "Environment Variables...

10) Once you got this window, you will have to click the "New" button pointed with the arrow.

In this new window, you have to write (path) inside the "Variable name:" box. Then, you will have to paste the address that you copied before

11) After that, just click "OK" on all the windows that are open. Also, click on "Apply" if you see the option.

Final Step: Go to your desktop and press the keys "Ctrl + R" to open the "Run" program. Inside "Run" type "cmd"

>Then press "OK"

12) type "aireplay-ng" inside the "cmd".
Then, press enter.

13) You should get a set of information
Now you are done and ready to use it : just input the catured file + a wifi worldlist example :

>http://wordlist.softwaresea.com/Windows-software-download/wordlist-wireshark
in addiction you can run this setup to capture wifi packets :
>http://wordlist.softwaresea.com/Windows-software-download

E N J O Y W I T H UndercOde
@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Best emulator : full Android system on a regular GNU/Linux system like Ubuntu
>Anbox is a container-based approach to boot a full Android system on a regular GNU/Linux system like Ubuntu. In other words: Anbox will let you run Android on your Linux system without the slowness of virtualization.
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) sudo apt install build-essential cmake cmake-data debhelper dbus google-mock \

2) libboost-dev libboost-filesystem-dev libboost-log-dev libboost-iostreams-dev \

3) libboost-program-options-dev libboost-system-dev libboost-test-dev \

4) libboost-thread-dev libcap-dev libsystemd-dev libegl1-mesa-dev \

5) libgles2-mesa-dev libglm-dev libgtest-dev liblxc1 \

6) libproperties-cpp-dev libprotobuf-dev libsdl2-dev libsdl2-image-dev lxc-dev \

7) pkg-config protobuf-compile

8) git clone https://github.com/anbox/anbox.git

9) cd anbox

10) mkdir build

11) cd build

12) cmake ..

13) make

🦑 simple

1) sudo make install
will install the necessary bits into your system.

2) If you want to build the anbox snap instead you can do this with the following steps:

> mkdir android-images
> cp /path/to/android.img android-images/android.img
> snapcraft
The result will be a .snap file you can install on a system supporting snaps

2) snap install --dangerous --devmode anbox_1_amd64.snap

🦑Requirements :

libdbus
google-mock
google-test
libboost
libboost-filesystem
libboost-log
libboost-iostreams
libboost-program-options
libboost-system
libboost-test
libboost-thread
libcap
libsystemd
mesa (libegl1, libgles2)
libsdl2
libprotobuf
protobuf-compiler
lxc (>= 3.0)

🦑Tested:
>kali
>ubanto
@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Massive automated handshake capture on BlackArch with zizzania automate Wifi Hacking tutorial by UndercOde :
t.me/iOsDeveloppers

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/cyrus-and/zizzania
2) cd zizzania
3) for debian/kali/parrot...
> sudo apt-get install libpcap-dev

🦑For macOS systems (Homebrew):
1)brew install libpcap
2)Building
3)make -f config.Makefile
4)make
5)The installation process is not mandatory, zizzania can be run from the src directory. Just in case:
> make install
> make uninstall
6) now Channel switching must be performed manually:

ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/local/bin/airport
7)sudo airport --disassociate
8)sudo airport --channel=<channel>

🦑We re ready now :
1) Suppose we are interested in an access point with BSSID AA: BB: CC: DD: EE: FF, but very rarely (once a day, once a week, once a month) clients connect to it.
We can run zizzania on the network interface -i wlp2s0 , restrict listening to the sixth channel -c 6 (if we specify the channel, the program switches the network interface to monitoring mode), specify the access point we are interested in -b AA: BB: CC: DD: EE: FF and the file to which the intercepted handshakes -w out.pcap should be written :

>
<font style="vertical-align: inherit;"><font style="vertical-align: inherit;">sudo zizzania -i wl

2) Suppose we want to listen to a specific channel and we are interested in all access points on it. Then the command will look something like this (we did not specify the -b switch with the BSSID of any AP):

>
<font style="vertical-align: inherit;"><font style="vertical-align: inherit;">sudo zizzania -i wlp2s0 -c 1 -2 -w zizza / out5</font></font>

3) We want to capture handshakes from all access points of all channels. At the same time,

> use a deauthentication attack to get the maximum possible handshakesWe want to capture handshakes from all access points of all channels. At the same time, we want to use a deauthentication attack to get the maximum possible handshakes

Lets run :
>use the --berlin 1200 option . It is needed only so that access points do not crash too quickly from the screen (this does not affect the work in any way)

2) sudo airodump-ng wlp2s0 -f 30000 -w hndshk/auto5 --berlin 1200
When starting zizzania, I specify only the name of the wireless interface on which it will work (send deauthentication packets)
3) sudo zizzania -i wlp2s0

4) pyrit -r "hndshk/auto5-01.cap" analyze
(note auto5... its name of pcapfile )

5) finallu use any packets in aircrack & Wait till done

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How Dump a git repository from a website termux or any linux distro
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/arthaud/git-dumper

2) cd git-dumper

3) pip install -r requirements.txt

4) ./git-dumper.py http://website.com/.git ~/website

🦑Features :

> Fetch all common files (.gitignore, .git/HEAD, .git/index, etc.);

> Find as many refs as possible (such as refs/heads/master, refs/remotes/origin/HEAD, etc.) by analyzing .git/HEAD, .git/logs/HEAD, .git/config, .git/packed-refs and so on;

> Find as many objects (sha1) as possible by analyzing .git/packed-refs, .git/index, .git/refs/* and .git/logs/*;

> Fetch all objects recursively, analyzing each commits to find their parents;

> Run git checkout . to recover the current working tree

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 UndercOde Stickers :

> T.me/addstickers/UndercOdeTesting

> T.me/addstickers/UndercOde

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Calculation in the Cloud
CoCalc offers collaborative calculation in the cloud. This includes working with the full (scientific) Python stack, SageMath, Julia, R, Octave, and more. It also offers capabilities to author documents in LaTeX, R/knitr or Markdown, storing and organizing files, a web-based Linux Terminal, communication tools like a chat, course management and more.
t.me/UndercodeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone --recurse-submodules https://github.com/sagemathinc/cocalc

2)cd cocalc/src

3) npm run install-all -- build

4) npm test -- run test suite (expected failures if your clock is not UTC)

5) install.py all --compute --web -- build and install some parts system-wide for development use
See INSTALL.md for more details.

🦑Requirements :

>node

> Postgres

>pip install pyyaml; pip3 install pyyaml

🦑Architecture:

1) Client -- javascript client library that runs in web browser

2) Load balancer/ssl -- HAproxy

3) Database -- PostgreSQL

4) Compute -- VM's running TCP servers (e.g., sage, console, projects, python3, R, etc.)

5) Hub -- written in Node.js; primus server; connects with everything -- compute servers, database, other hubs, and clients.

6) Storage -- Snapshots of project data

7) HTTP server -- Nginx

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Top Free Proxies lastest for Anonymity :
t.me/UndercOdeTestingOfficial

1) https://www.4everproxy.com

2) https://www.proxysite.com/

3) https://hide.me/en/proxy

4) https://whoer.net/webproxy

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Usufull for Many Developpers :
> RSA public/private key generation, RSA, AES encryption/decryption, RSA sign/verify in Swift with CommonCrypto in iOS and OS X
t.me/iOsDeveloppers

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:
1> clone https://github.com/soyersoyer/SwCrypt
2> go dir as usuall then :
3> Install https://guides.cocoapods.org/using/getting-started.html#getting-started
4> pod 'SwCrypt'
5> Run pod install

🦑Let s Start :

1) Create public and private RSA keys in DER format
let (privateKey, publicKey) = try! CC.RSA.generateKeyPair(2048)

2) Convert them to PEM format
let privateKeyPEM = try SwKeyConvert.PrivateKey.derToPKCS1PEM(privateKey)
let publicKeyPEM = SwKeyConvert.PublicKey.derToPKCS8PEM(publicKey)

3) Or read them from strings with PEM data
let privateKeyDER = SwKeyConvert.PrivateKey.pemToPKCS1DER(privateKeyPEM)
let publicKeyDER = SwKeyConvert.PublicKey.pemToPKCS1DER(publicKeyPEM)

4) Or encrypt, decrypt the private key (OpenSSL compatible)
try SwKeyConvert.PrivateKey.encryptPEM(privateKeyPEM, passphrase: "longpassword", mode: .aes256CBC)
try SwKeyConvert.PrivateKey.decryptPEM(privEncrypted, passphrase: "longpassword")

5) Get public key from private keys in DER format
let publicKeyDER = try? CC.RSA.getPublicKeyFromPrivateKey(privateKeyDER!)

6) Encrypt, decrypt data with RSA
try CC.RSA.encrypt(data, derKey: publicKey, tag: tag, padding: .oaep, digest: .sha1)
try CC.RSA.decrypt(data, derKey: privateKey, tag: tag, padding: .oaep, digest: .sha1)
Sign, verify data with RSA
let sign = try? CC.RSA.sign(testMessage, derKey: privKey, padding: .pss,
digest: .sha256, saltLen: 16)
let verified = try? CC.RSA.verify(testMessage, derKey: pubKey, padding: .pss,
digest: .sha256, saltLen: 16, signedData: sign!)

7) Elliptic curve functions
let keys = try? CC.EC.generateKeyPair(384)
let signed = try? CC.EC.signHash(keys!.0, hash: hash)
let verified = try? CC.EC.verifyHash(keys!.1, hash: hash, signedData: signed!)

let shared = try? CC.EC.computeSharedSecret(keys!.0, publicKey: partnerPubKey)

let privComponents = try? CC.EC.getPrivateKeyComponents(keys!.0)
let pubComponents = try? CC.EC.getPublicKeyComponents(keys!.1)

let pubKey = try? CC.EC.createFromData(keySize, x, y)
let pubKey = try? CC.EC.getPublicKeyFromPrivateKey(keys!.0)

8) Diffie-Hellman functions
let dh = try CC.DH.DH(dhParam: .rfc3526Group5)
let myPubKey = try dh.generateKey()
let commonKey = try dh.computeKey(partnerPubKey!)
Encrypt, decrypt data with symmetric ciphers
try CC.crypt(.encrypt, blockMode: .cbc, algorithm: .aes, padding: .pkcs7Padding, data: data, key: aesKey, iv: iv)
try CC.crypt(.decrypt, blockMode: .cfb, algorithm: .aes, padding: .pkcs7Padding, data: data, key: aesKey, iv: iv)
Encrypt, decrypt data with symmetric authenticating ciphers
try CC.cryptAuth(.encrypt, blockMode: .gcm, algorithm: .aes, data: data, aData: aData, key: aesKey, iv: iv, tagLength: tagLength)
try CC.cryptAuth(.decrypt, blockMode: .ccm, algorithm: .aes, data: data, aData: aData, key: aesKey, iv: iv, tagLength: tagLength)
Digest functions
CC.digest(data, alg: .md5)
CC.digest(data, alg: .sha256)
CC.digest(data, alg: .sha512)

10) HMAC function
CC.HMAC(data, alg: .sha512, key: key)
CMAC function
CC.CMAC.AESCMAC(input, key: key)

🦑CRC function
let output = try? CC.CRC.crc(input, mode: .crc32)
KeyDerivation
CC.KeyDerivation.PBKDF2(password, salt: salt, prf: .sha256, rounds: 4096)

11) Symmetric Key Wrapping
try CC.KeyWrap.SymmetricKeyWrap(CC.KeyWrap.rfc3394IV, kek: kek, rawKey: rawKey)
try CC.KeyWrap.SymmetricKeyUnwrap(CC.KeyWrap.rfc3394IV, kek: kek, wrappedKey: wrappedKey)
...

12) Check availability
SwCrypt uses dlopen and dlsym to load the CommonCrypto's functions, because not all of them are available in public header files. You have to check the availability before using them.

13) or all in one turn:
let ccAvailable : Bool = CC.available()

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The Social-Engineer Toolkit (SET) Updated tool 2019
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
2) cd set
3) pip install -r requirements.txt

🦑Tested On :

Ubuntu/Debian System

> Linux
> Mac OS X (experimental)

🦑How To Use See Full TuTorial In Next Pdf

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Best Types Of Ransomware :
t.me/UndercOdeTestingOfficial

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) Locker Ransomware

2) Crypto Ransomware

3) CryptoWall

4) CTB-Locker

5) TorrentLocker

6) Bitcryptor and CoinVault

8) TeslaCrypt

9) Locky

10) WannaCry

11) Mac Ransomware

> KeRanger

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑Features Of Creating Your IOwn BotNet :
t.me/UndercOdeTestingOfficial

> Post-exploitation modules that are remotely importable by clients

1) Keylogger (byob.modules.keylogger): logs the user’s keystrokes & the window name entered

2) Screenshot (byob.modules.screenshot): take a screenshot of current user’s desktop

3) Webcam (byob.modules.webcam): view a live stream or capture image/video from the webcam

4) Ransom (byob.modules.ransom): encrypt files & generate random BTC wallet for ransom payment

5) Outlook (byob.modules.outlook): read/search/upload emails from the local Outlook client

6) Packet Sniffer (byob.modules.packetsniffer): run a packet sniffer on the host network & upload .pcap file

7) Persistence (byob.modules.persistence): establish persistence on the host machine using 5 different methods

8) Phone (byob.modules.phone): read/search/upload text messages from the client smartphone

9) Escalate Privileges (byob.modules.escalate): attempt UAC bypass to gain unauthorized administrator privileges

10) Port Scanner (byob.modules.portscanner): scan the local network for other online devices & open ports

11) Process Control (byob.modules.process): list/search/kill/monitor currently running processes on the host

12) iCloud (byob.modules.icloud): check for logged in iCloud account on macOS

13) Spreader (byob.modules.spreader): spread client to other hosts via emails disguised as a plugin update

14) Miner (byob.modules.miner): run a cryptocurrency miner in the background (supports Bitcoin & Litecoin)

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A Signal bridge for Matrix To Your Mobile(iOs // ANDROID) 2019 updated :
Twitter.com/UndercOdeTC

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

Go Terminal &

1) git clone https://github.com/matrix-hacks/matrix-puppet-signal

2) cd matrix-puppet-signal

3) npm install

4) register/link with your signal mobile app
Before configuring the bridge with Matrix, you need to setup the Signal link with your phone. Open up your Signal app and go to Settings and then Linked Devices. You should see your camera preview open up.

5) In the terminal, run npm run link and you should soon see a giant QR code. Scan that with Signal.

> If you get an error, restart the node process so that you can try with a different QR (it may have expired).

6) If you ever need to unlink it and cleanup the data and keys, run npm run clean. Make sure to delete the linked device from the Signal mobile app as well.

7) configure

> Copy config.sample.json to config.json and update it to match your setup.

8) register the app service
Generate an signal-registration.yaml file with node index.js -r -u "http://your-bridge-server:8090"

Note: The 'registration' setting in the config.json needs to set to the path of this file. By default, it already is.

9) Copy this signal-registration.yaml file to your home server, then edit it, setting its url to point to your bridge server. e.g. url: 'http://your-bridge-server.example.org:8090'

10) Edit your homeserver.yaml file and update the app_service_config_files with the path to the signal-registration.yaml file.

11) Restart your HS.

12) Launch the bridge with start.sh or node index.js. If you want to run the bridge as a service you can use the matrix-puppet-signal.service file as a template for every systemd based operating system.

🦑FEatures:

1> Linking as a second device
2> Signal to Matrix direct text message
3> Matrix to Signal direct text message
4>Signal to Matrix group text message
5>Matrix to Signal group text message
6>Signal to Matrix image attachment message
7>Matrix to Signal image attachment message
8>Signal to Matrix file attachment message
9> Matrix to Signal file attachment message
10> contact list syncing
11>group syncing
12>show read receipts
13>send read receipts
14>show typing events
15>send typing events

E N J O Y
@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Find origin servers of websites behind by CloudFlare using Internet-wide scan data from Censys
>CloudFlair is a tool to find origin servers of websites protected by CloudFlare who are publicly exposed and don't restrict network access to the CloudFlare IP ranges as they should.
> The tool uses Internet-wide scan data from Censys to find exposed IPv4 hosts presenting an SSL certificate associated with the target's domain name
T.me/UnderCodeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) Register an account (free) on https://censys.io/register

2) Browse to https://censys.io/account/api, and set two environment variables with your API ID and API secret

3) export CENSYS_API_ID=...

4) export CENSYS_API_SECRET=...

5) Clone the repository
> git clone https://github.com/christophetd/cloudflair.git

6) cd cloudflair

7) pip install -r requirements.txt

8) Run CloudFlair (see Usage below for more detail)

9) python cloudflair.py myvulnerable.site

Then

10) python cloudflair.py --help

usage: cloudflair.py [-h] [-o OUTPUT_FILE] [--censys-api-id CENSYS_API_ID]
[--censys-api-secret CENSYS_API_SECRET]
domain

🦑Docker image


A lightweight Docker image of CloudFlair (christophetd/cloudflair) is provided. A scan can easily be instantiated using the following command.

1) docker run --rm -e CENSYS_API_ID=your-id -e CENSYS_API_SECRET=your-secret christophetd/cloudflair myvulnerable.site

2) You can also create a file containing the definition of the environment variables, and use the Docker--env-file option.

> cat censys.env
CENSYS_API_ID=your-id
CENSYS_API_SECRET=your-secret

3) docker run --rm --env-file=censys.env christophetd/cloudflair myvulnerable.site

🦑Tested by UndercOde

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST METHODES FOR HACKING ATM
t.me/UndercOdeTesting

1) fake processing center :

>This method can be used if an attacker is able to access the cable that connects the cashier to the network. A hacker disconnects the ATM from the bank's network and then connects it to a device that acts as a fake processing center.

>The cashier is used to control the withdrawal of cash and sends commands to the cashier requesting that money be withdrawn from the selected tray. Voila! The attacker can use any card or enter any PIN code, the false transaction would seem legitimate.

2) remote attack on several ATMs

> In this method an infiltrate is needed to work in the bank. The offender remotely obtains (acquires) a key used to open the cashier's rack. Although this key does not allow the attacker to access the withdrawal of money, the network cable would be exposed. The hacker disconnects the ATM from the bank's network and connects a special device that sends all the data to its own server.

> Often, the network to which you connect to the ATM is not segmented and the ATMs themselves may be misconfigured. In this case, with this device, a hacker could compromise several ATMs at once, even if the malicious device is only connected to one of them.

>The rest of the attack is carried out as we have explained before. A fake processing center is installed on the server and the attacker gains full control over the cashier. Using any card, the culprit can withdraw money from the cashier, regardless of the model

3) Black Box Attack

> As in the method described above, the attacker obtains the key from the cashier's frame and puts the machine into maintenance mode. Then, the hacker connects the so-called black box to the exposed USB port. A black box is a device that allows the hacker to control the cash drawer.

> While the criminal alters the cashier, the screen shows a message that says "in maintenance" or "out of service", although, in reality, it is possible to get money from it. In addition, the black box can be controlled wirelessly with a smartphone .

> hacker only has to press a button on the screen for sacardinero in cash and get rid of the black box to hide the evidence.

4) malware attack

> There are two ways to infect a cashier with malware : inserting a USB device with malware (that means having the key to open the cashier's rack) or infecting the machine remotely, all after having compromised the bank's network.

> If the cashier is not protected against malware and does not use whitelists, a hacker can have the malware send commands to the cashier and sell money. The attack could be repeated until the cashier's money runs out.

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Before You Test An ATM VULNERABILITY OR BUG UNDERSTAND HOW IT WORKS ?
Twitter.com/UndercOdeTC

1) An ATM is composed of electronic subsystems with industrial controllers. However, behind the terminals there is a totally conventional computer that controls the system, in many cases with an outdated
operating system.

2) If the cashier works with Windows XP, it will no longer receive technical support from Microsoft, so any vulnerability it suffers will remain unpatched , leaving it unprotected against hacker attacks.

3) ATM systems have vulnerable software , from non-updated Flash players, and with more than 9,000 known bugs, to remote management tools.

4) The manufacturers of these terminals usually think that ATMs always operate in normal conditions and that they have no operating errors. Therefore, in many cases, ATMs do not have antivirus , or authentication of the application that is responsible for sending commands to the cash dispenser.

5) If a part of the cashier does not contain money, why worry about its security?

> this is what most ATM manufacturers think. Thus, accessing the deposit and ticket dispenser is a complicated task since they are usually shielded and blocked.

6) access to the cashier's computer is quite simple . Security measures are not enough to stop cybercriminals, since the computer is protected only by a plastic case or a thin metal.

7) ATM modules are usually connected to standard interfaces, usually through USB and COM ports (serial port). However, many times the interface can be accessed remotely .

8) Since the Internet is the most economical form of communication today, banks use the Network to connect ATMs to their processing centers. However, many banks do not know that their terminals appear in the Shodan search engine .

> This site allows anyone to find a wide variety of systems connected only with the word " admin " as username and " 1234 " as password, thus demonstrating the poor security of these devices .

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Banking Trojans ALL TYPES 2017 -—> 2020 :
T.me/UndercOdeTesting

🦑Ⓛⓔⓣⓢ Ⓢⓣⓐⓡⓣ

Alina Spark (Point of Sales Trojan)
Betabot, Neurevt (Trojan)
Bleeding Life 2 (Exploit Pack)
Carberp (Botnet)
Carberp (Banking Trojan)
Crimepack 3.1.3 (Exploit Pack)
Dendroid (Android Trojan)
Dexter v2 (hack point of sale Trojan)
Eda2, Stolich, Win32.Stolich (Ransom)
Sednit, Fancy Bear, APT28, Sofacy, Strontium (Gmail C2C)
FlexiSpy (Spyware)
Fuzzbunch (Exploit Framework)
GMBot (Android Trojan)
Gozi-ISFB - (Banking Trojan)
Grum (Spam Bot)
Hacking Team RCS (Remote Control System)
Hidden Tear (Ransom)
KINS (Banking Trojan)
Mazar (Android Trojan)
Mirai (IoT Botnet)
Pony 2.0 (Stealer)
Poshspy (APT29 backdoor)
PowerLoader (Botnet)
RIG Front-end (Exploit Kit)
Rovnix (Bootkit)
Tinba (Tiny ASM Banking Trojan)
TinyNuke, Nuclear Bot, Micro Banking Trojan, NukeBot (Banking Trojan)
Trochilus, RedLeaves (RAT)
ZeroAccess (Toolkit for ZeroAccess/Sirefef v3)
Zeus (Banking Trojan)

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁