▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Nord Vpn New Accounts non-tested all
twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

hansiboy980@gmail.com:Hansmartin980 | Expiration = 2020-07-10 12:13:21
kylestasiuk10@gmail.com:Bigdog10$ | Expiration = 2022-05-12 19:16:34
nbohannan@gmail.com:tk421421 | Expiration = 2021-04-06 23:42:55
mattyheap@hotmail.com:MDH163264 | Expiration = 2022-05-28 01:58:37
ddeleon1103@gmail.com:Dyllon24 | Expiration = 2022-03-08 01:53:35
nath4c@gmail.com:Trains444 | Expiration = 2022-09-28 18:25:54
khushpreetsokhi@gmail.com:capt6717 | Expiration = 2022-05-08 10:41:30
infidusdiabolus@gmail.com:amethistI1 | Expiration = 2019-09-22 03:35:14
burn.lunacy@gmail.com:burn1976 | Expiration = 2021-07-19 08:01:34
jsmitty87@live.com:iddqd090 | Expiration = 2022-04-21 07:56:44
agonzo1121@gmail.com:superman65 | Expiration = 2022-11-11 19:30:29
robineau.antoine@hotmail.fr:Antoine1984 | Expiration = 2022-08-18 16:41:14
chloebellj767@hotmail.com:cebj070489 | Expiration = 2021-08-30 00:00:00
stefanos.valvis@ymail.com:cheese99 | Expiration = 2019-09-26 20:39:26
olga.kaczynska@gmail.com:kaczulla3 | Expiration = 2020-06-22 11:36:52
QuentonH234@gmail.com:Wordbla6 | Expiration = 2022-06-18 23:38:36
kubadziech.main@gmail.com:kdnfsug2 | Expiration = 2019-09-20 20:36:13
john_wb_hill@yahoo.com:Albatross1 | Expiration = 2020-03-15 00:41:57
tmantis1@lakeheadu.ca:Monkey52 | Expiration = 2019-10-23 15:44:03
mongelt@gmail.com:a89gg5kd | Expiration = 2020-05-09 02:26:41
robtdixon@gmail.com:Sauvage00 | Expiration = 2022-05-23 21:33:40
carljsandberg@live.com:Bajs12345 | Expiration = 2020-02-16 06:35:58
darth_maximus@hotmail.com:ingorion177g | Expiration = 2020-09-21 07:08:37
patkell13@gmail.com:Murphy13 | Expiration = 2022-10-06 21:07:20
kazemini1018@gmail.com:Hassan10 | Expiration = 2020-10-22 23:09:41
aaron.john.burke@gmail.com:aptkauic0$ | Expiration = 2021-03-04 08:13:52
victorialrussell101@gmail.com:200801121 | Expiration = 2020-10-08 20:09:07
imbatman2332@live.com:William23 | Expiration = 2019-10-10 21:50:53
fatihgorman@hotmail.com:fatgor01 | Expiration = 2020-02-07 09:18:20
huussiman@gmail.com:murmeli1 | Expiration = 2022-06-21 15:48:15
nebys082@gmail.com:xodqmffl0822 | Expiration = 2022-02-14 01:14:34
gascart@hotmail.com:Fripouille59 | Expiration = 2019-09-25 14:19:16
scummer999@hotmail.com:djj0rdan | Expiration = 2020-05-12 12:04:18
abu_soni@yahoo.com:bangladesh1 | Expiration = 2021-05-02 00:11:01
krilleman420@hotmail.com:r313afaf1 | Expiration = 2020-06-20 14:34:37
krogercarneiro@gmail.com:fatima3546 | Expiration = 2022-03-04 17:10:44
lior.cohen06@gmail.com:juliee13 | Expiration = 2019-09-19 22:11:25
borges.felix@gmx.de:7Z78a3Xfbz23 | Expiration = 2021-12-07 11:50:55
joelmoore14@gmail.com:Leedsutd1 | Expiration = 2019-10-01 22:33:58
blake.smartguy@gmail.com:goF15h1ng | Expiration = 2019-12-23 13:33:31
gaming_yeti@hotmail.com:sasquatch10 | Expiration = 2022-04-18 01:51:03
jttatsuo@gmail.com:Junelake1 | Expiration = 2019-09-19 00:00:00
ravi@ravigovind.com:r1a0v2i3 | Expiration = 2022-07-27 13:44:18
reed.jaren@gmail.com:Basegod1 | Expiration = 2022-07-12 07:38:55


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑For Carder All Tools Needed :
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Web Base BIN Tools

2) BIN Checker - To validate user input BIN.

3) BIN Search & Finder - To find out BIN.

4) IP/BIN Combo Checker - To validate user input IP Address and BIN.

5) Credit Card Checker - To validate user input Credit Card or Debit Card.

6) Credit Card Number Generator

7) Random Credit Card Number Generator - To generate valid (but fake)

8) random Credit Card or Debit Card Numbers.

9) BIN Credit Card Number Generator - To generate valid (but fake)

10) random Credit Card or Debit Card Numbers base on user input BIN.

11) Bank Credit Card Number Generator - To generate valid (but fake)

12) random Credit Card or Debit Card Numbers base on bank specific BIN.

13) BIN Lists and Ranges - Information on BIN Lists and Ranges.

14) API Lookup BIN Tools

15) API Lookup Access - Documentation on our API Access tools.

16) BIN Checker API

17) Credit Card Checker API

18) Credit Card Generator API

19) Multi BIN Checker Premium API

20) BIN Search Premium API

23) Many sites avaible their i recommended
> https://www.bincodes.com/

FOR FREE

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Grab and analyze a file Crawl and analyze a file :
crawl and analyze a file is very simple. This tutorial will guide you step by step to achieve it with an example. let's start!
PART 1
Twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :


1) First, I have to decide the URL address we will crawl. Can be set in a script or passed in $ QUERY_STRING. For simplicity, let's set the variables directly in the script.

<?
$ Url = 'http://www.php.net' ;
?>

2) The second step, we crawl the specified file, and by file () function it exists in an array.

<?
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
?>

3) OK, now there are files in the array. However, the text we want to analyze may not be all on one line. To understand this file, we can simply convert the array $ lines_array into a string. We can implement it using the implode (x, y) function. If you later want to use explode (set an array of string variables), it may be better to set x to "|" or "!" Or other similar separator. But for our purposes, it is best to set x to a space. y is another required parameter because it is the array you want to process with implode ().

<?
$ url = 'http:;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
?>

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Grab and analyze a file Crawl and analyze a file :
crawl and analyze a file is very simple. This tutorial will guide you step by step to achieve it with an example. let's start!
PART 2
Twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

4) Now that the crawling is done, it's time to analyze it. For the purpose of this example, we want to get everything between <head> to </ head>. In order to parse out the string, we also need something called a regular expression.

<?
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
eregi ( "<head> (. *) </ head> " , $ lines_string ,$ head );
?>

5) Let's take a look at the code. As you can see, the eregi () function is executed in the following format:

eregi ("<head> (. *) </ Head>", $ lines_string, $ head);

"(. *)" Means everything and can be explained For, "Analyze all things between <head> and </ head>". $ lines_string is the string we are analyzing, and $ head is the array where the analysis results are stored.

6) Finally, we can lose data. Because there is only one instance between <head> and </ head>, we can safely assume that there is only one element in the array, and that is what we want. Let's print it out.

<?
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
eregi ( "<head> (. *) </ head> " ,);
echo $ head [ 0 ];
?>

7) That's all there is to it.
<? php
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
preg_match_all ( "/ <body ([^>] . +?)> (. *) <\ / body> / is " , $ lines_string , $ m );
echo " <xmp> " ;
echo $ m [ 2 ] [ 0 ];
?>

That all !
Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 SSD does not recognize the disk [processing skills]
by UndercOde
t.me/UndercOdeTesting

1) as long as the reasons for the solid-state hard disk drive drop-out, there are generally several reasons, such as abnormal power failure, loose SATA interface, link power management, and firmware bug. Or, it is a firmware bug. If it is a firmware bug, updating the manufacturer's firmware can usually solve it.
2) the abnormal power failure will cause the FTL of the solid state disk to be damaged. This situation generally requires secure erasure, but before proceeding, you need to scan it with software to confirm that commonly used tools can be downloaded online After, after confirming, then perform Secure Erase repair, usually the success rate is 100%. However, if you perform a secure erase repair, the data on the solid state hard disk will be gone, so readers are reminded again that, for security reasons, generally important files and data are stored on the mechanical hard disk. The solid state hard disk only contains the system and installs applications. The steps can be, let's take a look at the idea of undercode to solve the solid state hard disk does not recognize it.

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) There are several reasons for solid-state hard disk drive failures, such as abnormal power failures, loose SATA interfaces, link power management, and firmware bugs. The most frequent disk failures are FTL damage caused by abnormal power failures and disk failures, or Firmware bug. If it is a firmware bug, you can usually fix it by updating the manufacturer's firmware.

2) Secondly, the abnormal power failure will cause the FTL of the solid state disk to be damaged. This situation generally requires secure erasure, but before proceeding, you need to scan it with software to confirm that commonly used tools can be downloaded online After, after confirming, then perform Secure Erase repair, usually the success rate is 100%. However, if you perform a secure erase repair, the data on the solid state hard disk will be gone, so readers are reminded again that, for security reasons, generally important files and data are stored on the mechanical hard disk. The solid state hard disk only contains the system and installs applications.

3) First of all, when encountering a solid-state hard disk that does not recognize the disk, all we have to do is disassemble the machine and look at the main control. ), Which is the very square and square chip on the circuit board. Only when you know the main control chip, you can go to the corresponding card-opening software tool to open the card. .

4) Secondly, to open the card for mass production, you need to put the solid-state hard disk into a SATA mobile hard disk box and convert it into a USB interface, and then insert it into the computer USB2.0 interface. This is indeed the case through practice. Please try to insert a USB2.0 card to start mass production.

5) Download a corresponding card-opening mass production tool. Because this disk is no longer recognized, you need to short the 2 shorting points on the motherboard to allow the mass production tool to recognize the main control model, so we have to insert it in this posture. USB to computer. Of course, other solid-state short-circuiting points will be elsewhere, but most solid-state card openings require short-circuiting, and the specific location depends on the situation. Those without tweezers can also be shorted with a soldering iron flying lead.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 you can get Many Hackers News 2020 From trusted sources
From UndercOde tweets :
Twitter.com/UndercOdeTC

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Unix administrative security :
t.me/UnderCodeTesting

PART 1 THEOR

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Most people think that the security issues are technical. Hackers are computer geniuses with superb programming skills.

2) This is not the case. Most hackers are just more patient and careful than ordinary network users. Function or system administrator's sloppy intrusion into the system.

3) According to CERT statistics, 80% of security problems are caused by management vulnerabilities, that is to say, the vast majority of security vulnerabilities are caused by operating errors of system administrators. The structure is thoroughly analyzed), and most of the current security articles discuss the use of firewalls. I am not opposed to using firewalls to protect the security of the network, but since most problems can be prevented from a management perspective, why wait for a firewall?

> Of course, any operating system has one or more technical vulnerabilities, but in general, the premise of using these technical vulnerabilities to obtain superuser rights is to have a native shell. Without an operational shell, a hacker cannot use such a buffer Overflow, sendmail bug and other programs to gain superuser permissions This article introduces the security of the system from a management perspective. Management can prevent most general hackers from attacking, but it is not to say that security can be achieved completely through management.

4) For those hackers who are very familiar with the operating system, even without a Shell account, he may still invade this machine, such as using IP spoofing and technical vulnerabilities of certain operating systems. And if a hacker just wants to paralyze a machine instead of stealing information, he will most likely use a DOS attack (denial of service), which is to let the host process the useless information all the time so that it cannot work properly. Setting up a fire wall for a sensitive network should be as important as setting up a network environment. As far as the current situation is concerned, as long as the firewall is properly set, the security of the local area network is still guaranteed.

5) However, the system administrator needs to have a certain degree of security awareness, and can judge whether the machine is faulty or technically attacked.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Unix administrative security :
t.me/UnderCodeTesting

PART 2 :

> Easy to go wrong

finger is a very common tool on the UNIX platform. The purpose of using it is to provide users with some relevant information on a given system. The most problematic part of a Unix host is fingerd, which is the daemon for finger. Its working principle is described in many UNIX books, but its disadvantage is that there are too many messages. A person skilled in using finger can break a fingerd machine in a short period of time. This is not alarmist. Finger of SUN Solaris can provide all online user names and all user names on the host. User information. For example, I make a finger request to a SUN machine and query the root status. If its fingerd is not closed or replaced, it will tell me the following information:
Login name: root In real life: Super-User

Directory: / Shell: / sbin / sh

Last login Fri Mar 26 16:54 on pts / 2

New mail received Sat Mar 27 23:10:37

🦑 So I can get the following information :

(1) The real name of root is Super-User (some hard-working system administrators will write their own names here, and set the root password to their own name !!);

(2) The root directory of root is at / next, sometimes after hacking a machine as a normal user find / etc / passwd is the root to read and write, so he can get the majority of users on the host name by viewing the user directory;

(3) the environment is the root of Shell / sbin / sh, if it is / bin / passwd, it proves that the user can only change the password when logging in to the host;

(4) The last time root logged into the machine was at 2019.3.26 16:54;

(5) A new letter from root arrived at 2019.3.26, but he has not seen the letter since 2018.12.23.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Programming Techniques-Self-made c language compiled cgi to achieve search C language to achieve self-compiled cgi search

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Environmental
/ usr / local / apache / htdocs / ( to be retrieved files Under this directory)
/ usr / local / apache / temp / (as a transit folder)
/ usr / local / apache / cgi-bin /

2) Place the a.out generated by gcc search.c in / usr / local / In apache / cgi-bin /, the permission is set to nobody
to execute.

3) chown -R nobody.nobody / usr / local / apache / temp

4) Add a file deletetemp permission in /etc/cron.daily to 555
rm -f / usr / local / apache / temp / *

5) In / Add a file myetc permission in etc / cron.hourly to 555
updatedb -U / usr / local / apache / htdocs

6) Delete the

appendix (a total of 2) of a file locate.cron in /etc/cron.daily :

a) index .htm source
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</head>

<body>
<p>...</p>
<form name="form1" action="http://129.158.217.223/cgi-bin/a.out">
<p> </p>
<p>
<input name="keyname" value="" type=text>
</p>
<p>
<input type="submit" value="...">
</p>
</form>
<p> </p>
</body>
</html>

2. search.com
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <fcntl.h>

int main(int argc, char* argv[])
{
int fd;
int status;
time_t i;
char cFileName[64];
char cTempName[64];
char cBuffer[1024];
char *p = cBuffer;
char cContent[10240];

char *data;
char keyword[1024];
data = getenv("QUERY_STRING");
if(data==NULL)
{
printf("Content-Type:text/html ");
printf("not found!");
exit(1);
}

sscanf(data, "keyname=%s&", keyword);

p += sprintf(p, "locate '%s' | sed -e 's#^/usr/local/apache/htdocs#http://129.158.217.223#' | sed -e 's#^.*$#<a href=&>&</a>
#' > ", keyword);
i = time(NULL);

sprintf(cTempName, "%d.html", i);
sprintf(cFileName, "/usr/local/apache/temp/%d.html", i);
strcat(cBuffer, cFileName);
cBuffer[1024-1]=0;

system(cBuffer);
fd = open(cFileName, O_RDWR);
status = read(fd, cContent, sizeof(cContent)-1);
close(fd);

printf("Content-Type:text/html ");
printf("<meta http-equiv=refresh content=0;url="http://129.158.217.223/temp/%s"> ", cTempName);
printf("Waiting....................... ");
printf("%s", keyword);
return 0;
}

Written by uNDERCoDE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Configuration examples of proxy server and router in LAN FOR ANONYMITY REASONS BY UNDERCODE
instagram.com/UndercOdeTestingCompany

PART 1

> rapid development of network technology, so that enterprises LAN access INTERNET more and more ways to share resources, For the most part,

> DDN special line with its stable performance, expansion The advantage of good performance has become a commonly used method.

>The DDN connection is simple in terms of hardware requirements. It only needs a router and a proxy server. However, many of the system configuration Network management is a more difficult problem. The following takes CISCO router as an example, the author introduces several successful configuration methods for reference by colleagues:
First, the configuration of accessing Internet resources directly through the router

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

A)`1) The general idea and the equipment connection method
In general, Internal LAN use reserved addresses on the INTERNET:
10.0.0.0/8:10.0.0.0~10.255.255.255
172.16.0.0/12:172.16.0.0~172.31.255.255
192.168. 0.0 / 16: 192.168.0.0 ～ 192.168.255.255
Under normal circumstances, when the workstations in the unit directly use the route for external access, they will be filtered out by the router because the workstations use the reserved addresses on the Internet, resulting in inaccessibility Internet resources. The solution to this problem is to use the NAT (Network Address Translation) address translation function provided by the routing operating system to convert the private address of the intranet into a legal address on the Internet, so that users without legal IP addresses can access it through NAT. External Internet. This has the advantage of not requiring a proxy server, reducing investment, saving legal IP addresses, and improving the security of the internal network.

2) There are two types of NAT: Single mode and global mode.
Using single mode of NAT, just like its name, you can map many local LAN hosts to one Internet address. All hosts in the local area network are regarded as an Internet user to the external Internet network. Hosts within the local area network continue to use local addresses.
Using the global mode of NAT, the interface of the router maps a large number of local LAN hosts to a certain Internet address range (IP address pool). When the local host port is connected to a host on the Internet, an IP address in the IP address pool is automatically assigned to the local host. After the connection is interrupted, the dynamically assigned IP address will be released, and the released IP address can be used by other local hosts. use.

3) The following takes the network environment of my organization as an example to list the configuration method and process for your reference.

4) Our unit uses Unicom optical cable (V.35) to access the Internet. The router is CISCO2610. The LAN uses an INTEL550 100M switch. Unicom provided us with the following four IP addresses:
211.90.137.25 (255.255.255.252) for local use The router's WAN port
211.990.137.26 (255.255.255.252) is used by the other party (China Unicom) port
211.990.139.41 (255.255.255.252) for its own control
211.990.139.42 (255.255.255.252) for its own control

Written by uNDERCoDE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Configuration examples of proxy server and router in LAN FOR ANONYMITY REASONS BY UNDERCODE
fb.com/UndercOdeTestingCompany

PART 2

B) 1 ) configuration of the router

config T
IP NAT the pool c2610 211.90.139.41 211.90.139.42 Netmask 255.255.255.252
(Define an address pool c2601, within which includes two free legal IP address for NAT use conversion)
int E0 / 0
IP address 192.168.0.3 255.255.255.0
IP NAT inside
Exit

> (provided the IP address of the Ethernet port, and set its internal network to connect the port)
interface S0 / 0
IP address 211.90.137.25 255.255.255.252
ip nat outside
exit
(Set the IP address of the WAN port and set it as the port to connect to the external network)
ip route 0.0.0.0 0.0.0.0 211.90.137.26
(Set dynamic routing)
access-list 2 permit 192.168.0.1 0.0.0.255
(establish an access control list )
! Dynamic NAT
!

2) Ip nat inside source list 2 pool c2610 overload
(establish dynamic address translation)
line console 0
exec-timeout 0 0
!
Line vty 0 4
end
wr
(Save the settings)

3) Workstation configuration
requires static IP address, set in the TCP / IP properties and set off to network 192.168.0.3 (the IP address of the router Ethernet port), the address is provided, the Internet browser and other tools to provide access to the DNS in No special settings are required.
Second, access to INTERNET resources through a proxy server configuration

Written by uNDERCoDE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to stop and remove viruses and other malware
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) What is a computer virus?

A computer virus is a small software program that can spread from one computer to another and interfere with the operation of the computer. Computer viruses can damage or delete data on your computer, use an email program to spread viruses to other computers, or even delete everything on your hard drive.

2) Computer viruses usually spread through attachments in e-mail messages or instant messaging messages. Therefore, never open an e-mail attachment unless you know the identity of the sender or this is exactly the e-mail attachment you are looking for. Viruses can disguise themselves as funny pictures, greeting cards, or attachments in audio and video files. Computer viruses are also spread through Internet downloads. They can be hidden in pirated software or other files or programs you download.


3) Computer virus symptoms

For information about computer virus symptoms, go to the
Microsoft Computer Security website.
> detailed ...


4)What is a worm?

A worm is a type of computer code that can spread without user interaction. Most worms start as email attachments and infect computers once opened. The worm scans files on the infected computer that contain email addresses, such as address books or temporary web pages. The worm will use these addresses to send infected emails, and it will often mimic (or spoof) the "sender" address in subsequent emails to make the infected messages appear to come from people they know. The worm then spreads automatically via email, network, or operating system vulnerabilities, often crushing the system before knowing why. Worms don't always damage computers, but they often cause performance and stability issues on computers and networks.

5) What is a Trojan horse?

Trojan horse is a malware program hidden inside other programs. When it enters your computer, it is hidden in legitimate programs such as screen savers. It then places code into the operating system that gives hackers access to the affected computer. Trojan horses usually do not spread on their own. They can spread through viruses, worms, or downloaded software.

6) What is spyware?

Spyware can be installed on your computer without your knowledge. These programs can change your computer configuration or collect advertising data and personal information. Spyware can track Internet search habits, or it can redirect your web browser to other websites that you didn't plan to visit.


7) What is rogue security software?

Rogue security software programs try to make you think your computer is infected with a virus and usually prompts you to download or buy a product to remove the virus. The names of these products often include words such as antivirus, protection, security, protection or repair. This approach makes them sound legitimate. They usually run immediately after you download or the next time you start your computer. Rogue security software prevents applications such as Internet Explorer from opening. Rogue security software may also show legitimate important Windows files as infections. Typical error messages or pop-up messages may include the following phrases:

caveat!
Computer is infected!
This computer is infected with spyware and adware.

🦑 What is malware?

Malware is designed to damage computer systems or take unnecessary action. Here are some examples of malware:
virus
worm
Trojan horse
Spyware
Rogue security software

@UndercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 change your Internet Explorer proxy settings yourself, follow these steps:
twitter.com/UNdercOdetc

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Click "start"And click "Run".

2) In "run"Box, copy and paste the following:
reg add "HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings" / v ProxyEnable / t REG_DWORD / d 0 / f

3) Click "OK".

4) Click "start"And click "Run".

5) In "run"Box, copy and paste the following:
reg delete "HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings" / v ProxyServer / f

6) Click "OK".

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑DOMAINE NAME SERVICES :
DNS Configuration Reference
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> As we all know, the DNS system used on the Internet was bind4, and
bind8 is the latter version of bind4. And bind4 compared, bind8 better, managers
can more fully control its behavior, but the difference between the two is still very large, changing
not only the format, you can have a lot of new concepts. The statements available in bind8 are logging,
options, zone, acl, key, trusted-keys, server, controls, include.
The instructions in it can be in the format of c, c ++, or shell / perl. I would like to introduce major
primary, secondary domain name server method of basic configuration to work with bind8 (they are on the internet
two kinds of domain name servers used mainly), if interested can refer to a deeper understanding of man and
RFC 882, RFC 883 , RFC 973, RFC 974, RFC 1033, RFC 1034, RFC1035,
RFC 1123, RFC 2308 "Name Server Operations Guide for BIND".

🦑 Necessary conditions for the master DNS server to work properly:

1) Install the bind8 software, which is available in many unix distributions You can find it in version,
or go to http://freesoft.online.sh.cn ,
ftp://studio.sinet.net.cn .

2) Several required configuration files:
named.conf
named.ca
named.local
mater file (that is, the zone file

in bind4) Among these configuration files, the most important is named.conf. Under / etc,
it is the default startup file when named is started. A typical The named.conf file includes at least
options, and zones. For example:

options {
directory "/ var / named";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "named.local";
};

"." Zone in {
type hint;
File "the named.ca";
};

Zone "99.cn.net" in {
type Master;
File "db.99.cn.net";
};

3) in it, options to define the path of the master file is stored, corresponds to a certain
field, here will find the named data files, require a www.example.. if the request,
the named will arrive at / var / named find db.exa .ample. net this file, find the ip of www.example...
zone define a domain, such as exa.mple.net this field, type type custom domain name server, master
stated that this is a primary domain name server, the first zone is defined as a local server to send back its own domain
master server, will address 127.0 .0.1 mapping to localhost, in almost all types of domain name servers where
you can see all this domain.

Written by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ NEWS ▄ ▂ ▁


1) We Start Using Pinterest
pinterest.com/UndercOdeOfficial


2) After 3 ban at github.com we decide to get another pro github account :
github.com/UndercOdeOfficial


🦑 Some Follow From you will appreciate it 😊
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ NEWS ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Android Hacking- Simple algorithm analysis
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

New to Android dynamic debugging, and decided to use

1) First of all, without anti-debugging, he would not pretend to be cut off) Run the apk, enter the verification code, and pop up


2) Then use JEB to analyze the apk file to find the character string "Sorry, Fish!", Find the verification process, and find the verification function EatRice

3) So in libxy.so, find the function as follows. The dynamic debugging finds that the program first determines whether the first character of the input string is 'X' (0x58), whether the second character is '#' (0x23), and whether the string length Is 7, if these conditions are not met then wait 3s and then return 0. From this, it is judged that the verification code format should be: "X # -----", where "-" represents a temporarily unknown character. It is assumed here that the name of the string is szA.

4) The debugger finds that the program will calculate szA [1: 2], szA [2: 3], szA [3: 4], szA [4: 5], szA [5: 6] respectively and perform the calculation with the corresponding results. By comparison, if the results are correct, it is considered successful.

5) pecific algorithm is not described. Let ’s look at the program. Let ’s talk about the cracking process. Since the algorithm involves some shifts and feedback, it is difficult to push backwards (personally think) However, in the algorithm, the operation is performed once every two bits and each bit is a visible character (0x21 ~ 0x7e). Therefore, the idea here is to
explode bit by bit. In this example, when calculating szA [1: 2], szA [1] = '#' is known. Then szA [2] can be blasted,
and szA [2] is known during the calculation of szA [2: 3], szA [3]
can be blasted , and so on, the value of each bit can be blasted ,
And the calculation time complexity should also be O (1), that is, a maximum of (0x7e-0x21) * 5 = 0x1d1 operations to calculate the answer

🦑 will send later other parts
Written by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑TOPIC HACKERS SCRIPTS - KALI -TERMUX at GITHUB
Twitter.com/UndercOdeTC

🦑 Active Intelligence Gathering

1) EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. https://github.com/ChrisTruncer/EyeWitness

2) AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. https://github.com/jordanpotti/AWSBucketDump

3) AQUATONE is a set of tools for performing reconnaissance on domain names. https://github.com/michenriksen/aquatone

4) spoofcheck a program that checks if a domain can be spoofed from. The program checks SPF and DMARC records for weak configurations that allow spoofing. https://github.com/BishopFox/spoofcheck

5) Nmap is used to discover hosts and services on a computer network, thus building a "map" of the network. https://github.com/nmap/nmap
dnsrecon a tool DNS Enumeration Script. https://github.com/darkoperator/dnsrecon

6) dirsearch is a simple command line tool designed to brute force directories and files in websites. https://github.com/maurosoria/dirsearch

7) Sn1per automated pentest recon scanner. https://github.com/1N3/Sn1per

8) Social Mapper OSINT Social Media Mapping Tool, takes a list of names & images (or LinkedIn company name) and performs automated target searching on a huge scale across multiple social media sites. Not restricted by APIs as it instruments a browser using Selenium. Outputs reports to aid in correlating targets across sites. https://github.com/

9) SpiderLabs/social_mapper
skiptracer OSINT scraping framework, utilizes some basic python webscraping (BeautifulSoup) of PII paywall sites to compile passive information on a target on a ramen noodle budget. https://github.com/xillwillx/skiptracer

10) FOCA (Fingerprinting Organizations with Collected Archives) is a tool used mainly to find metadata and hidden information in the documents its scans. https://github.com/ElevenPaths/FOCA

11) theHarvester is a tool for gathering subdomain names, e-mail addresses, virtual hosts, open ports/ banners, and employee names from different public sources. https://github.com/laramies/theHarvester

12) Metagoofil is a tool for extracting metadata of public documents (pdf,doc,xls,ppt,etc) availables in the target websites. https://github.com/laramies/metagoofil

E N J O Y
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Dangerous Virus Code Red (computer worm)
> server attack
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Code Red was a computer worm observed on the Internet on July 15, 2001. It attacked computers running Microsoft's IIS web server.

2) The Code Red worm was first discovered and researched by eEye Digital Security employees Marc Maiffret and Ryan Permeh when it exploited a vulnerability discovered by Riley Hassell. They named it "Code Red" because Code Red Mountain Dew was what they were drinking at the time.

🦑 Exploited vulnerability

3) The worm showed a vulnerability in the growing software distributed with IIS, described in Microsoft Security Bulletin MS01-033,[3] for which a patch had been available a month earlier.

4) The worm spread itself using a common type of vulnerability known as a buffer overflow. It did this by using a long string of the repeated letter 'N' to overflow a buffer, allowing the worm to execute arbitrary code and infect the machine with the worm. Kenneth D. Eichman was the first to discover how to block it, and was invited to the White House for his discovery.

🦑Worm payload:

5) The payload of the worm included:

> Defacing the affected web site to display:
HELLO! Welcome to http://www.worm.com! Hacked By xy

6) Other activities based on day of the month:

> Days 1-19: Trying to spread itself by looking for more IIS servers on the Internet.

> Days 20–27: Launch denial of service attacks on several fixed IP addresses. The IP address of the White House web server was among those.[2]

> Days 28-end of month: Sleeps, no active attacks.

7) When scanning for vulnerable machines, the worm did not test to see if the server running on a remote machine was running a vulnerable version of IIS, or even to see if it was running IIS at all. Apache access logs from this time frequently had entries such as these:

GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNN
%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801
%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3
%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
The worm's payload is the string following the last 'N'. Due to a buffer overflow, a vulnerable host interpreted this string as computer instructions, propagating the worm.

powred by wiki
Posted On UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 news from twitter.com/UndercOdeTC
> XRed virus attack on a company's (special in europ) remote office during the holiday season

1) Tencent Enterprise Security Emergency Response Center (hereinafter referred to as Tencent Security) received a request from an Internet company.
> A remote business tool and spreadsheet file shared by an internal business group of the company's internal work group was found to be infected with a virus, causing more than 200 employees' computers in the department. Being infected, the company was concerned that the security of the system's business was threatened.

🦑Troubleshoot the source of virus infection:

1) The company's early internal investigation: The company's network administrator noticed that the exe file of the remote office tool in the compressed package shared by an employee through the internal working group was infected, and the remote office tool exe provided by the company was a normal file. Therefore, the source of virus transmission is basically confirmed.

2) Tencent security engineer conducted a remote investigation on this and found that the computer suspected of being infected has the following phenomena:

a) Unzip the file on this computer and find that the uncompressed exe file is larger than the original file and has been infected.

b)Copy any exe file to the desktop and the exe file will be infected. After the infection, the file description is modified into a touchpad device driver. Based on this, it can be basically confirmed that the virus is the "Synaptics" worm that has been disclosed by peers.

c) Continued inspections revealed that the cracked version of the compression software on this poisoned computer did not find any “supply chain pollution” issues. Basically, it can be confirmed that this personal computer was infected with XRed virus some time ago earlier. In this emergency, it was used as a work computer for remote office use. When sharing files externally, it was monitored by the company's IT staff and found abnormal.

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁