▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Common methods / processes for hacking websites

Generally speaking, hacker attacks generally have the following behaviors:

1. Information collection

1.1 / Whois information-registrant, phone, email, DNS, address

1.2 / Googlehack-collection of sensitive directories, sensitive files, more information

1.3 / Server IP-Nmap scanning, port corresponding services, C segment

1.4 / Sidenote – Bing query, script tool

1.5 / If you encounter CDN–Cloudflare (bypass), start from a subdomain (mail, postfix), DNS transfer domain vulnerability

1.6 / Server, component (fingerprint)-operating system, web server (apache, nginx, iis), scripting language

1.7/ More…

Through the information collection stage, the attacker has basically been able to obtain most of the information on the website. Of course, information collection is the first step of the website invasion, which determines the success of the subsequent invasion.

2. Vulnerability mining

2.1 / Detection of Web application fingerprints – Discuz, PHPwind, Dedecms, Ecshop…

2.2 / XSS, CSRF, XSIO, SQLinjection, permission bypass, arbitrary file reading, file inclusion ...

2.3 / Upload vulnerability-truncation, modification, and parsing vulnerability

2.4 / Is there a verification code-brute force cracking

2.5/ More…

After a long day, the attacker already has a lot of information on your website and a few small and large vulnerabilities. Next, they will begin to use these vulnerabilities to gain website permissions.

3. Vulnerability exploitation

3.1 / Thinking about purpose-what effect is achieved

3.2 / Hidden, destructive-find the corresponding EXP attack payload based on the detected application fingerprint or write your own

3.3 / Start the vulnerability attack, obtain the corresponding permissions, and get the webshell according to different scenarios

4. Privilege upgrade

4.1 / Select different attack payloads according to the server type for privilege escalation

4.2 / Unable to upgrade the permissions, combined with the obtained data to start password guessing and backtracking information collection

5. Implanted back door

5.1 / Concealment

5.2 / Check and update regularly, keep it periodic

6. Clean up logs

6.1 / camouflage, concealment, to avoid alarm, they usually choose to delete the specified log

6.2 / According to the time period, find the corresponding log file


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Tool to look for several security related Android application vulnerabilities


🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

With pip (no security checks on requirements):

~ pip install --user qark # --user is only needed if not using a virtualenv
~ qark --help
With requirements.txt (security checks on requirements):

~ git clone https://github.com/linkedin/qark
~ cd qark
~ pip install -r requirements.txt
~ pip install . --user # --user is only needed if not using a virtualenv
~ qark --help

🦑Exploit APK
QARK can generate a basic exploit APK for a few of the vulnerabilities that have been found.

To generate the exploit APK there are a few steps to follow. You need to have the Android SDK v21 and build-tools v21.1.2

1) Install the android SDK, you can get it under the 'command line tools': https://developer.android.com/studio/#downloads

2) Unzip the android SDK

3) Go into the new directory and generate the licenses with bin/sdkmanager --licenses

4) Make sure the generated licenses are in the android SDK directory.

5) Install the SDK and the proper build-tools version: bin/sdkmanager --

6) install "platforms;android-21" "sources;android-21" "build-tools;21.1.2"

🦑Included in the types of security vulnerabilities this tool attempts to find are:

Inadvertently exported components
Improperly protected exported components
Intents which are vulnerable to interception or eavesdropping
Improper x.509 certificate validation
Creation of world-readable or world-writeable files
Activities which may leak data
The use of Sticky Intents
Insecurely created Pending Intents
Sending of insecure Broadcast Intents
Private keys embedded in the source
Weak or improper cryptography use
Potentially exploitable WebView configurations
Exported Preference Activities
Tapjacking
Apps which enable backups
Apps which are debuggable
Apps supporting outdated API versions, with known vulnerabilities


@uNDERCODEtESTING
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 Quickly analyze and reverse engineer Android packages


🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

FEATURES :

Device info
Intents
Command execution
SQLite references
Logging references
Content providers
Broadcast recievers
Service references
File references
Crypto references
Hardcoded secrets
URL's
Network connections
SSL references
WebView references

🦑 ͶUЯ ⅃⅃ATꙄͶI

1) git clone https://github.com/1N3/ReverseAPK

2) cd RevereAPK

3) ./install

🦑To use :

reverse-apk <apk name>

@UndercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑new release2020 updated Weaponized web shell


🦑 FEATURES :

Shell access to the target
SQL console pivoting on the target
HTTP/HTTPS proxy to browse through the target
Upload and download files
Spawn reverse and direct TCP shells
Audit remote target security
Port scan pivoting on target
Mount the remote filesystem
Bruteforce SQL accounts pivoting on the target

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

Linux
The following example runs on a Debian/Ubuntu derived Linux environments with Python 3.

# Make sure that the python package manager and yaml libraries are installed
$ sudo apt-get install -y python3 python3-pip curl
$ cd weevely3/
$ sudo pip3 install -r requirements.txt --upgrade
OS X
OS X requires Python3 to be installed in the system. Follow the following commands to install manually gnureadline Python package.

$ sudo pip3 install gnureadline
$ cd weevely3/
$ sudo pip3 install -r requirements.txt --upgrade

@uNDERCODEtESTING
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.


🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

Zip

1) wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip \

2) && unzip SecList.zip \

3) && rm -f SecList.zip

> Git (Small)

git clone --depth 1 https://github.com/danielmiessler/SecLists.git
Git (Complete)

git clone https://github.com/danielmiessler/SecLists.git
Kali Linux (Tool Page)

apt -y install seclists

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑new realese 2020 good tool- recommended :
>Accurately Locate Smartphones using Social Engineering

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

A) Kali Linux / Ubuntu / Parrot OS

1) git clone https://github.com/thewhiteh4t/seeker.git

2) cd seeker/

3) chmod 777 install.sh

4) ./install.sh

B) BlackArch Linux

> pacman -S seeker

C ) Docker

> docker pull thewhiteh4t/seeker

D) Termux

1) git clone https://github.com/thewhiteh4t/seeker.git

2) cd seeker/

3) chmod 777 termuxinstall.sh

4) ./termuxinstall.sh

🦑 Usage

> python3 seeker.py -h

usage: seeker.py -h -s SUBDOMAIN

optional arguments:
-h, --help show this help message and exit
-s SUBDOMAIN, --subdomain Subdomain Provide Subdomain for Serveo URL ( Optional )
-k KML, --kml KML Provide KML Filename ( Optional )
-t TUNNEL, --tunnel TUNNEL Specify Tunnel Mode manual

# Example

# SERVEO

🦑Tested by undercode on :

> parrot lastest v

> kali lastest v

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 X 30 NEW NORDVPN ACCOUNTS :

Send screanshoat @Undercode_Bot😍

> pastebin.com/5wuaaZFe

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Simple random DNS, HTTP/S internet traffic noise generator Termux-Linux update


1) pip install requests
Usage

2) Clone the repository

> git clone https://github.com/1tayH/noisy.git
Navigate into the noisy directory

3) cd noisy
Run the script

4) python noisy.py --config config.json
The program can accept a number of command line arguments:

$ python noisy.py --help

5) usage: noisy.py -h --log -l --config -c --timeout -t

🦑 optional arguments:
-h, --help show this help message and exit
--log -l logging level
--config -c config file
--timeout -t for how long the crawler should be running, in seconds
only the config file argument is required.

🦑 Output
$ docker run -it noisy --config config.json --log debug
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): 4chan.org:80
DEBUG:urllib3.connectionpool:http://4chan.org:80 "GET / HTTP/1.1" 301 None
DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): www.4chan.org:80
DEBUG:urllib3.connectionpool:http://www.4chan.org:80 "GET / HTTP/1.1" 200 None
DEBUG:root:found 92 links

🦑Build the image VIA DOCKER :

1) docker build -t noisy .

Or if you'd like to build it for a Raspberry Pi (running Raspbian stretch):

2) docker build -f Dockerfile.pi -t noisy .

3) Create the container and run:

> docker run -it noisy --config config.json

E N J O Y
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hack the World using Termux
small update

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) pkg update

2) pkg upgrade

3) pkg install git

4) git clone https://github.com/sabri-zaki/EasY_HaCk

5) cd EasYHaCk

6) chmod +x install.sh

7) Type EasYHaCk


Verified lastest termux version

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑new release Setup A Beautiful Desktop/GUI In Termux

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :


1) You can install all important programs simply pasting this in the termux -

pkg update && pkg upgrade && pkg install x11-repo && pkg install tigervnc openbox obconf xorg-xsetroot xcompmgr xterm polybar st libnl zsh geany pcmanfm rofi feh neofetch htop vim elinks mutt git wget curl xfce4-settings

2) Configuration
Now all the necessary programs are installed, it's time to configure the system.
So, first clone this repo by,

3) cd $HOME && git clone https://github.com/adi1090x/termux-desktop

4) Now go to the cloned directory termux-desktop and copy or move home & usr (Basically usr/lib/archlabs/common) directory to /data/data/com.termux/files. you can do it by,

5) cp -rf ./home /data/data/com.termux/files && cp -rf ./usr /data/data/com.termux/files
or

6) mv -f ./home /data/data/com.termux/files && mv -f ./usr /data/data/com.termux/files

> Warning : I'm assuming you're doing this on a fresh termux install. If not so, please backup your files before running these command above. These commands will forcefully copy or move files in home & usr directory. So, before doing that, take a look inside the repo directories, and backup your existing config files (like .vimrc, .zshrc, .gitconfig, etc).

7) VNC Server Now, Let's configure the vnc server for graphical output. Run -

vncserver -localhost
At first time, you will be prompted for setting up passwords -

8) You will require a password to access your desktops.

Password:
Verify:

> Would you like to enter a view-only password (y/n)? n
Note that passwords are not visible when you are typing them and maximal password length is 8 characters.
If everything is okay, you will see this message -

9) New 'localhost:1 ()' desktop is localhost:1

Creating default startup script /data/data/com.termux/files/home/.vnc/xstartup

10) Creating default config /data/data/com.termux/files/home/.vnc/config

11) Starting applications specified in /data/data/com.termux/files/home/.vnc/xstartup

12)( Log file is /data/data/com.termux/files/home/.vnc/localhost:1.log

13) It means that X (vnc) server is available on display 'localhost:1'.
Finally, to make programs do graphical output to the display 'localhost:1', set environment variable like shown here (yes, without specifying 'localhost'):

export DISPLAY=":1"

14) You may even put this variable to your bashrc or profile so you don't have to always set it manually unless display address will be changed.

15) Now You can start the vnc server by,

vncserver
And to stop the server, run -

vncserver -kill :1

16) VNC Client Now you need a vnc client app to connect to server. I'm using this Android VNC client: VNC Viewer (developed by RealVNC Limited). You can use TigerVNC if you're trying to connect to server by a computer (Windows or Linux).

17) Determine port number on which VNC server listens. It can be calculated like this: 5900 + {display number}. So for display 'localhost:1' the port will be 5901.

Now open the VNC Viewer application and create a new connection with the following information (assuming that VNC port is 5901) -

🦑Address:
127.0.0.1:5901

Name:
Termux
Now launch it. You will be prompted for password that you entered on first launch of 'vncserver'. And because you've copy pasted everthing, you'll be headed to this desktop -


✅Tested by Undercode
@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 onex is a hacking tool installer and package manager for hackers. Onex is a library of all hacking tools for Termux and other Linux distributions. onex can install any third party tool or any hacking tool for you.

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) apt update

2) apt install git

3) git clone https://github.com/rajkumardusad/onex.git

4) chmod +x onex/install

5) sh onex/install if not work than use ./onex/install

🦑Operating System Requirements :

onex works on any of the following operating systems:

Android (Using the Termux App)
Linux (Linux Based Systems)

✅verified
@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑from 2 days updated Information Gathering Instagram.
termux

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) $ pkg install -y git

2) $ git clone https://github.com/th3unkn0n/osi.ig.git && cd osi.ig

3) $ chmod +x install.sh && ./install.sh

• Usage

4) $ python3 main.py -u username

5) $ python3 main.py -h

usage: main.py -h -u USERNAME -p -s

🦑optional arguments:

-h, --help show this help message and exit

-u USERNAME, --username USERNAME username of account to scan

-p, --postscrap scrape all uploaded images info

-s, --savedata save data to file ( save profile pic, info , post info )

✅verified
@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Come on lets modify TERMUX terminal from boring to awesome no root required
> updated

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) $ apt-get update -y

2) $ apt-get upgrade -y

3) $ pkg install git -y

4) $ git clone https://github.com/noob-hackers/T-LOAD

5) $ ls

6)$ cd T-LOAD

7)$ ls

8)$ bash t-load.sh

9)Now make sue that you internet connection is on and after that the installation starts automatically
After the installation succesfully completes you will see a THANKS text on screen after that a new text appears
EXIT FROM TERMUX AFTER 5 SECONDS AND RE-OPEN IT after seeing this just exit from termux and re open it
Now you can see a new loading screen of termux and you can feel real hacking terminal Sound+New interface with banner.

10) Note:- Don't delete any of the audio files from your sdcard/internal storage or else you cannot feel the terminal startup sound

11) To revert/to get back into normal termux mode use this commands

12) cd T-LOAD

13) ls

14) bash rvt.sh

✅verified
@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Speed ​​optimization-Overview of tuning methods for tuning the performance of LINUX networks

🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋:


1) there are three ways to choose, multi-process mode, multi-thread mode and asynchronous mode. Among them, in the multi-process mode, the server needs to use a process to provide services to a client. Because in the operating system, generating a process requires additional overhead such as process memory copy,

2) so that the performance will be reduced when there are many clients. In order to overcome the extra overhead of this generation process, you can use multi-threaded or asynchronous. In the multi-threaded mode, multiple threads in the process are used to provide services.

3) Due to the lower thread overhead, performance will improve. In fact, there is no need for any additional overhead or asynchronous mode. It uses a non-blocking method to communicate with each client, and the server uses a process for polling.

4) In asynchronous mode, the scheduling of multiple tasks is done by the server program itself, and if a problem occurs in one place, the entire server will have problems, which are not within the scope of the discussion. Increase the number of system threads:

> There are many factors that limit the number of threads, mainly the number of processes, the size of memory, the limit of mutex / semaphore / shm / ipc; under normal circumstances, first increase the maximum number of processes, and then expand the memory , In increasing the maximum number of threads, and the method to increase the maximum number of threads is very simple, you only need to change two places in glibc: the maximum number of threads and the size of the thread stack area; the increase in the maximum number of threads is based on the process of asynchronous I / O performance comes at a price; so it needs to be balanced.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Great Bin

> Bin For Wayfair


BIN:402766160062xxxx
DATE: 12/24
Cvv: RND
IP: USA & MX

—————————-

🦑Bin Multifunctional For Netflix, AppStore, PayPal, Apple Music, Apple TV+, HBO, Deezer,VYPR VPN, HMA VPN, PicsArt

BIN : 515462001xxxxxxx
IP : USA 🇱🇷
Date: GEN
CCV : GEN
————————-

🦑 Bin For Napster Premium


Bin : 522334xxxxxxxxxx

CVV/Date: RND
IP : USA 🇺🇸
Zip Code : 10080

—————————

🦑 Bin Multifunctional For Prime Video, Tidal, Nord VPN, PicsArt Gold, Deezer


Bin : 412288xxxxxxxxxx

CVV/Date : RND
IP : USA 🇺🇸

Prime Video
Tidal
Nord VPN
PicsArt Gold
Deezer

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

HAVE A GOOD Sunday everyone..