▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Linux Hex Editors :

There are many Linux hex editors out there. Some of the popular ones are xxd, DHex, HexEdit, Bless, HexCurse etc. Here xxd, Dhex, Hexedit, HexCurse hex editors don’t have any graphical user interface, you can only use them from the Linux terminal. Bless hex editor does have a graphical user interface (GUI). Vim and Emacs can also be used as hex editors in Linux.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

Installing Linux Hex Editors
In this section, I am going to show you how to install the hex editors in Linux, especially on Ubuntu/Debian.

open terminal & type :

1) $ sudo apt-get update

2) $ sudo apt-get install xxd

3) Installing DHex:
You can install DHex with the following command:

$ sudo apt-get install dhex

4) You can run the following command to install HexEdit:

$ sudo apt-get install hexedit

5) You can install HexCurse with the following command:

$ sudo apt-get install hexcurse

6) To install Bless graphical hex editor, run the following command:

$ sudo apt-get install bless

7) NOTE: If you’re using Ubuntu/Debian, and you want to follow along, you will need to install the C/C++ development tools for compiling C programs. Just run ‘sudo apt-get update’ and then run ‘sudo apt-get install build-essential -y’ to install the C/C++ development tools on Ubuntu/Debian.

E N J O Y ❤️👍🏻
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑how to check if the website is vulnerable of clickjacking and creates a poc : via termux/linux

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

 git clone https://github.com/D4Vinci/Clickjacking-Tester.git

2) cd Clickjacking-Tester

3) python(3) clickjacking_tester.py <file_name>

4) python clickjacking_tester.py sites.txt

5) E X A M P L E :

> sites.txt
www.google.com
www.turkhackteam.com

> Output
* Checking www.google.com

- Website is not vulnerable!

* Checking www.turkhackteam.org

+ Website is vulnerable!
* Created a poc and saved to <URL>.html

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hack Whatsapp through a clone of a sim card :

Again, in theory everything looks nice, but in practice the owner's original SIM card is deactivated after the clone is activated. Why?

> Yes, because two identical numbers simultaneously receive a signal, SMS and calls will not be able, therefore, the original is blocked, and the clone receives the signal for itself. This is for the GSM operator. On WhatsApp, two active sessions are also impossible, so after disabling the SIM card of the jailbroken, WhatsApp will also be disabled. Consequently, the owner will immediately notice that something was wrong.


The second disadvantage of this method is that it is still impossible to restore a backup copy with a SIM card, since archived correspondence lives in Icloud and Google Drive cloud storage. There is no need to talk about the memory card in the device, since there is no influence of the clone of the SIM card on it. But if the phone number was linked to Google mail, you can restore access to the storage by resetting the password via SMS.

The only plus of this method is to receive and send messages in real time with the contacts of the former owner of the number. Of course, these will be naked numbers, without names and surnames like the contact list on the owner's smartphone. However, it will not be difficult to figure out who is sending hearts and who is just a friendly "hello".

🦑The main question is how to clone someone else's SIM card?

1) Power of attorney from Natarius to reissue the SIM card and visit the operator. If you have the passport data of the previous owner of the SIM card, you can try your luck with a notary and a branch of the mobile operator where they will "understand" you. Or, if you have a friend, a manager, turn a scam without a power of attorney
> for clone sim card http://www.mobiledit.com/sim-cloning/

2) Purchase a duplicate SIM card by providing the operator with passport data and PUK code of the SIM card. The duplicate is activated with the same number, but in your name. Such a solution was found on the forums, the performance of which is questionable.

3) Multi-SIM card - a special SIM card for clone encoding, identical to the original. Limitation of cloning sim cards rests on their date of manufacture and operator. Modern SIM cards MTS, Megafon can no longer be copied.

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#requested for beginers helpful

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Gerrit is a web-based code analysis tool that is integrated with Git and built on top of the Git version control system (helps developers work together and keep their work history). This allows you to merge your changes into the Git repository when you're done with code reviews.

» F E A T U R E S :

Below are some of the reasons why you should use Gerrit.

You can easily find the error in the source code using Gerrit.

You can work with Gerrit if you have a regular Git client; no need to install any Gerrit client.

Gerrit can be used as an intermediary between developers and git repositories.

Gerrit is a free and open source Git version control system.

Gerrit's user interface is built on Google Web Toolkit .

This is a lightweight structure for checking each commit.

Gerrit acts as a repository that allows you to upload code and creates an overview for your commit.

Gerrit provides access control to Git repositories and a web interface for code review.

You can push code without using additional command line tools.

Gerrit can allow or deny permission at the store level and down to the branch level.

Gerrit is supported by Eclipse.

Reviewing, reviewing, and resubmitting code commits will slow down your time to market.

Gerrit can only work with Git.

Gerrit is slow and there is no way to change the sort order that lists the changes.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) Linux
You can install Git on Linux using the software package management tool. For example, if you are using Fedora you can use both -

sudo yum install git
If you are using a Debian based distribution like Ubuntu use the following command:

sudo apt-get install git

2) Windows
You can install Git on Windows by downloading it from the Git website. Just go to msysgit.github.io and hit the download button.

3) mac.
Git can be installed on Mac using the following command -

brew install git
Another way to install Git is to download it from the Git site. Just follow the Git install on Mac link , which will install the Git for Mac framework.

4) You can check your existing SSH key on your local machine using the following command in Git Bash:

$ ls ~ / .ssh

5) Generating a new SSH key
You can generate a new SSH key for authentication using the following command in Git Bash -

$ ssh-keygen -t rsa -C "your_email@mail.com"

6) If you already have an SSH key, do not generate a new key as it will be overwritten. You can only use the ssh-keygen command if you have installed Git with Git Bash.

When you run the above command, it will create 2 files in ~ / .ssh directory .

~ / .ssh / id_rsa is the private key or identity key.

~ / .ssh / id_rsa.pub is public TV.

7) You can track each commit by setting the name and email variables . The name variable specifies the name, and the email variable specifies the email address associated with Git commits. You can install them using the following commands -

git config --global user.email "your_email@mail.com"
git config --global user.name "your_name"

E N J O Y ❤️👍🏻
written @undercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Documents show that the U.S. treats DDS as a criminal hacking organization :
#news

> Transparency activity organization "Distributed Denial of Secrets" (DDoSecrets) was officially designated as a "criminal hacker organization" after it released 296GB of sensitive law enforcement data earlier this summer. This description comes from an announcement distributed by the Office of Intelligence and Analysis of the Department of Homeland Security to fusion centers across the country at the end of June. The wording of the announcement is exactly the same as the US government's earlier description of WikiLeaks, Anonymous, and LulzSec.

> The announcement read: "A criminal hacking organization Distributed Denial of Secrets (DDS) conducted a hacking and leaking operation against federal, state, and local law enforcement databases on June 19, 2020, possibly to support or respond to George- National protests triggered by Freud’s death.” According to reports, DDS leaked ten-year data on 200 police departments, integration centers and other law enforcement training and support resources around the world. DDS had previously conducted hacking and leaking activities against the Russian government. "

> According to reports, BlueLeaks' data was provided to DDS by a hacker who claimed to have a relationship with Anonymous, including 10 years of information from more than 200 police departments and fusion centers. These records include police and FBI reports, announcements, guidelines, and technical data related to surveillance technology and intelligence collection. Some news organizations used BlueLeaks data to publish reports on law enforcement methods, including anti-surveillance methods for black life-important protesters, analysis of threats by anti-law enforcement agencies, and widespread use of masks to thwart facial recognition algorithms during the COVID-19 pandemic. Worry.

> At the end of June, Twitter suspended the account of DDS in response to the leak and blocked the hyperlinks of the leaked data set on a large scale, making it impossible to share on the platform. This is a very severe step for a company that has long allowed extremist content such as DCLeaks and allowed links to election interference. Last month, the German authorities seized the DDS server hosting BlueLeaks data, effectively shutting down the organization's online record database. This seizure was carried out at the request of the US authorities.

#news
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Amazon Alexa vulnerability: may expose user personal information and voice history :

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/esmog/nodexp.git

2) cd nodexp

3) To get a list of all options run:

python2.7 nodexp -h

4) Setting up and Use Testbeds
In order get familiar with NodeXP you might need to set the Node.js testing services provided (/testbeds) and start using the tool. A local machine running Node.js server will be necessary.

5) Firstly, you should install 'body-parser' and 'express' packages, in the GET and POST directories.

6) Go to 'testbeds/GET' directory on your local machine and paste the command below in terminal:

npm install express --save

7) Go to 'testbeds/POST' directory and paste the commands below in terminal:

npm install body-parser --save
nmp install express --save

8) After the correct installment of the packages you could run each service by running the command 'node' and the desirable js file (ex. node eval.js).

9) After you server is up and running, you are ready to run NodeXP and test it upon those services!

🦑Example for GET case shown below:

> python2.7 nodexp.py --url=http://localiprunningnodejsserver:3001/?name=[INJECT_HERE]
Example for POST case shown below:

> python2.7 nodexp.py --url=http://localiprunningnodejsserver:3001/post.js --pdata=username=[INJECT_HERE]

E N J O Y ❤️👍🏻
written @undercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑YouTube bans videos containing hacker information, fearing that it may interfere with the US election :
#news

-As the Democrats and Republicans prepare to hold the National Convention starting next week, YouTube announced on Thursday that it will update its policies on deceptive videos and other content aimed at disrupting the election. The world’s largest video platform with more than 2 billion users per month will ban videos containing hacked videos that may interfere with elections or the census. This will include materials like campaign emails obtained by hackers with details about candidates.

> After the update, Google, which owns YouTube, announced similar rules earlier this month to prohibit ads containing hacker information. Google will begin to implement this policy on September 1. YouTube also said it will remove videos that encourage people to interfere in voting and other democratic processes. For example, videos that tell people to line up at a polling place to stifle voting will not be allowed.

> The new policy was introduced before the Democratic National Convention, which began on Monday, followed by Republican events later this month. These conventions marked the beginning of the US presidential election season. As the election climaxed and former Vice President Joe Biden appointed California Senator Kamala Harris as his running mate earlier this week, Silicon Valley companies have been eager to prove that they can avoid the traps they encountered in 2016. That election was interfered by Russia, which used the platforms of Google, Facebook and Twitter to try to influence the election results.

Earlier this week, several large technology companies including Google, Facebook, Twitter, Reddit and Microsoft announced the formation of an alliance to work with US government agencies to protect the integrity of the election. YouTube said that it will broadcast the two conferences live, in order to curb the spread of the coronavirus, the broadcast of the two conferences will be conducted in a virtual way. The video platform also said that when people search for president and federal candidates on YouTube, it will add new information panels. These panels will include the person’s name, party affiliation, and a link to the candidate’s official video channel.

#news
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Netflix GiftCard Method✅

1) Go to : https://www.randomcodegenerator.com/en/generate-codes

2) Click Generate Using Pattern

3) Put this Pattern : LEQ9X999999

4) Untick the Exclude Characters Box

5) Generate Some Codes You can generate in the site [ but max is 1k ] , Or export to .txt File

6)choose the netflix checker :

https://t.me/UnderCodeTesting/9401

E N J O Y ❤️👍🏻
(not by us)
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WEB VULNERABILITIES SCANN & ANALYSE FREE CODES :

https://github.com/neuroo/grabber

https://subgraph.com/vega/

https://github.com/zaproxy/zaproxy

http://wapiti.sourceforge.net/

http://w3af.org/

https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

http://code.google.com/p/skipfish/

https://github.com/sqlmapproject/sqlmap

http://sourceforge.net/projects/grendel/

http://code.google.com/p/wfuzz/

http://xss.codeplex.com/

http://www.arachni-scanner.com/

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Creating a Helpers File :
#protips

1) Problem
You have common functions you want available for every request.

But you don’t want to dirty up app\start\global.php with a bunch of functions.

2) Solution
Create a helpers.php file.


> First create the file app/helpers.php.

<?php
// My common functions
function somethingOrOther()
{
return (mtrand(1,2) == 1) ? 'something' : 'other';
}
?>

🦑 Then either load it at the bottom of app\start\global.php as follows :

// at the bottom of the file
require apppath().'/helpers.php';
Or change your composer.json file and dump the autoloader.

{
"autoload": {
"files":
"app/helpers.php"

}
}

3) $ composer dump-auto

4) some suggestions.

>app/helpers.php – For general purpose functions.
>app/composers.php – To initialize all your View composers in one place.
>app/listeners.php – To set up all your event listeners in one place.
>app/observers.php – Or, if you like observers better than listeners use this filename for event listeners.

> It’s really up to you and the demands of your application

#protips
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found..->

R E Q U I R E M E N T S :

1) sudo apt-get install php5-curl

2) INSTALLING LIB CLI: sudo apt-get install php5-cli

3) INSTALLING PROXY TOR https://www.torproject.org/docs/debian.html.en

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/googleinurl/SCANNER-INURLBR.git

2) cd SCANNER-INURLBR

3) $chmod +x inurlbr.php

4) Executar: ./inurlbr.php

5) to get a list of basic options and switches use:

php inurlbr.php -h

6) To get a list of all options and switches use:

php inurlbr.php --help

E N J O Y ❤️👍🏻
U S E F O R L E A R N
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SIMCARD CLONING TOOLS :

 http://mister-sim.software.informer.com/

> https://www.dekart.com/products/card_management/sim_explorer/

> https://www.amazon.com/Cellphone-Reader-Cloner-Writer-Backup/dp/B00ZWNGPX6/

> https://ssl-download.cnet.com/MagicSIM/3000-2094_4-10601728.html

>  http://www.mobiledit.com/sim-cloning/

—MUCH MORE SIM CARD CLONING TOOLS BUT THOSE VERIFIED BEST TOOLS _

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NSA and FBI jointly expose the Linux malicious program Drvorub developed in Russia
#News

> The US National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) recently issued a press release that jointly disclosed the malicious software used by Russian military hackers in cyber espionage. In the detailed report disclosed on Thursday, hackers working for the Special Service Center of the 85th Army of the General Intelligence Service of the Russian General Staff (Unit 26165) used a malicious program called "Drovorub" to launch attacks specifically against Linux systems.

> These hackers are also known as APT28 or Fancy Bear. They invaded the Democratic National Committee in 2016 and often attacked defense, government, aerospace and other fields.

Although the alert did not contain specific details about the victims of "Drovorub", US officials said that they had issued alerts to multiple agencies this Thursday to raise awareness of hacking and vulnerabilities in the defense sector.

The National Security Agency and the FBI stated in the report: "The malware has posed a threat because Linux systems are widely used in the US national security system, the Department of Defense and the National Defense Industry Base."

#news
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑hack.chat is a minimal, distraction-free, accountless, logless, disappearing chat service which is easily deployable as your own service. The current client comes bundled with LaTeX rendering provided by KaTeX and code syntax highlighting provided by highlight.js.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) Clone the repository: git clone https://github.com/hack-chat/main.git

2) Change the directory: cd main

Install the dependencies: npm install

3) Launch: npm start

4) If you change the websocketPort option during the config setup then these changes will need to be reflected on line 60 of client.js.

R E Q U I R E M E N T S :

node.js 8.10.0 or higher

npm 5.7.1 or higher


@undercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁