▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 bypasses DPI (Deep Packet Inspection) systems found in many ISPs (Internet Service Providers) which block access to certain websites.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/SadeghHayeri/GreenTunnel.git

2) cd GreenTunnel

3) $ npm i -g green-tunnel
or using snap (edge version):

4) sudo snap install --edge green-tunnel --devmode`

5) Docker
$ docker run -p 8000:8000 sadeghhayeri/green-tunnel
envs

PORT
HTTPS-ONLY
VERBOSE
SILENT
DNS_TYPE
DNS_SERVER
usage:

6) $ docker run -e 'PORT=1000' -p 8000:1000 sadeghhayeri/green-tunnel

7) On Raspberry Pi
$ docker run -p 8000:8000 sadeghhayeri/green-tunnel:arm

8) If you want to make container keep running when reboot:

$ docker run -d --restart unless-stopped -p 8000:8000 sadeghhayeri/green-tunnel:arm
Please make sure port 8000 is not blocked on Raspberry Pi firewall. (sudo ufw allow 8000 comment Green-Tunnel)

9) To use it on your other device, set http proxy to <Raspberry Pi IP Address>:<PORT>. (PORT = 8000)

enable/disable proxy on windows

HTTPHandler

add CLI arguments

catch all exceptions

add preferences menu

fix close button


@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Go Simple Mail is a simple and efficient package to send emails. It is well tested and documented.

Go Simple Mail can only send emails using an SMTP server. But the API is flexible and it is easy to implement other methods for sending emails using a local Postfix, an API, etc.


F E A T U R E S :

Multiple Attachments with path
Multiple Attachments in base64
Multiple Recipients
Priority
Reply to
Set other sender
Set other from
Embedded images
HTML and text templates
Automatic encoding of special characters
SSL and TLS
Unencrypted connection (not recommended)
Sending multiple emails with the same SMTP connection (Keep Alive or Persistent Connection)
Timeout for connect to a SMTP Server
Timeout for send an email
Return Path
Alternative Email Body
CC and BCC
Add Custom Headers in Message
Send NOOP, RESET, QUIT and CLOSE to SMTP client
PLAIN, LOGIN and CRAM-MD5 Authentication (since v2.3.0)
Custom TLS Configuration (since v2.5.0)

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/xhit/go-simple-mail.git

2) cd go-simple-mail

3) type Email ¶

> type Email struct {
Charset string
Encoding encoding
Error error
SMTPServer *smtpClient
// contains filtered or unexported fields
}


> Email represents an email message.

func NewMSG ¶
func NewMSG() *Email
NewMSG creates a new email. It uses UTF-8 by default. All charsets: http://webcheatsheet.com/HTML/character_sets_list.php

func (*Email) AddAddresses
func (email *Email) AddAddresses(header string, addresses ...string) *Email

> AddAddresses allows you to add addresses to the specified address header.

func (*Email) AddAlternative
func (email *Email) AddAlternative(contentType contentType, body string) *Email


🦑more info
https://pkg.go.dev/github.com/xhit/go-simple-mail/v2

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

India's digital payment app Paytm was removed by Google
#international
_

WhatsApp, Signal and Telegram failed miserably banal security test
#Vulnerabilities
_

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑ALL BANKING MALWARES FOR FREE :

Alina Spark (Point of Sales Trojan)
Betabot, Neurevt (Trojan)
Bleeding Life 2 (Exploit Pack)
Carberp (Botnet)
Carberp (Banking Trojan)
Crimepack 3.1.3 (Exploit Pack)
Dendroid (Android Trojan)
Dexter v2 (Point of Sales Trojan)
Eda2, Stolich, Win32.Stolich (Ransom)
Sednit, Fancy Bear, APT28, Sofacy, Strontium (Gmail C2C)
FlexiSpy (Spyware)
Fuzzbunch (Exploit Framework)
GMBot (Android Trojan)
Gozi-ISFB - (Banking Trojan)
Grum (Spam Bot)
Hacking Team RCS (Remote Control System)
Hidden Tear (Ransom)
KINS (Banking Trojan)
Mazar (Android Trojan)
Mirai (IoT Botnet)
Pony 2.0 (Stealer)
Poshspy (APT29 backdoor)
PowerLoader (Botnet)
RIG Front-end (Exploit Kit)
Rovnix (Bootkit)
Tinba (Tiny ASM Banking Trojan)
TinyNuke, Nuclear Bot, Micro Banking Trojan, NukeBot (Banking Trojan)
Trochilus, RedLeaves (RAT)
ZeroAccess (Toolkit for ZeroAccess/Sirefef v3)
Zeus (Banking Trojan)


» https://github.com/alexandreborges/malware-1

Use for learn, since nothing 100% anonymous :)
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hidden gesture in iOS 14 speeds up navigation through system settings :

1) Apple always finds a way to offer seemingly subtle features that make the iPhone more convenient. IOS 14 has a hidden gesture that allows you to move around faster in system settings.

2) If you go deep into the settings, you can forget exactly where you are. Search is only available on the main settings page, so you have to return to it.

3) Let's say you're looking for the history of a specific place in the Highlights menu and want to go back and check for software updates or enable some accessibility features. You will need to go back to Important Locations> System Services> Location Services> Privacy> Settings. To do this, you need to click on the "Back" button in the upper left corner or make a gesture from left to right. That means five gestures or taps to get to the main settings screen.

4) Apple has made it easy to navigate to a specific Settings page in iOS 14. This applies to any Apple app. When you're in Settings, press and hold the Back button in the upper left corner. A small menu will appear, displaying in reverse order all the pages you have visited to get to your current location.

5) Thus, you move your finger to the page you want in the list and release. After that, this page opens.

6) This can be done not only in the system settings. This feature is supported in the App Store, Books, Calendar, Clock, Contacts, Files, FaceTime, Notes, Mail, Music, News, Keynote, Numbers, Pages, Phone, Photos, Podcasts, and Safari. Third-party apps can also get this option if their developers want it.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Detailed fresh Proxies List

https://pastebin.com/Snizvy6F

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Add Titles to Photos and Videos on iOS 14 for Easier Search :

1) If you have been using iPhone for several days, then you probably have a lot of videos and photos in iCloud storage or on the device itself. If you don't know the date, location, or event, finding the photo or video you want can be tricky. Even smart search suggestions, AI-generated hints, and multi-keyword filters may not help. This should change in iOS 14.

2) The Photos app on iOS lacked a tagging system. With their help, you can record keywords for each photo and video without relying on their automatic creation. When you search for a specific keyword, it will appear immediately.

3) This feature will appear in iOS 14. You can write a caption for any photo and video in the Photos application and then search by it. If you use iCloud Photos, all signatures are synced across all your devices, allowing you to search from anywhere. Anyone who can access Exif data can also read your signatures.

4) The only problem is adding captions to thousands of existing photos and videos. At the very least, captions can be easily added to new pictures.

5) Add captions to photos and videos
When viewing photos and videos in the Photos app or the Camera app, swipe up the screen. then you can see the effects of Live Photos, people and places. Below the image or clip there is a command "Add caption". Click on it, write a signature, tag or label and click "Finish".

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Why Linux does not see Wi-Fi adapters in WSL ?
Linux in WSL does not have direct access to the computer hardware. For this reason, it is not possible to use Wi-Fi adapters, even USB Wi-Fi adapters, in WSL.

1) Can Linux in WSL use graphics cards to perform computation

> At the moment Linux in WSL cannot use GPUs, but they promise to add this feature later.

2) Error in WSL (Kali Linux, Ubuntu) "sleep: cannot read realtime clock: Invalid argument"
An error can occur when trying to install the program:

> sudo apt install ПАКЕТ
Or when updating packages and the system:

> sudo apt update && sudo apt full-upgrade -y

3) These commands will output something like the following:

E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).
Running

4) sudo apt --fix-broken install
will lead to other errors:

sleep: cannot read realtime clock: Invalid argument
dpkg: error processing package libc6:amd64 (--configure):
installed libc6:amd64 package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
libc6:amd64

E: Sub-process /usr/bin/dpkg returned an error code (1)
And so on ad infinitum.

5) To fix, run the following commands:

sudo -i

>sudo mv /bin/sleep /bin/sleep~;
touch /bin/sleep;

>chmod +x /bin/sleep
Then try again

>sudo apt --fix-broken install

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑why a beginer should Learn multiple programming languages ?
#forBeginers

As we all know, in order to break the rules, you need to know them first. The same principle works for programming: in order to crack someone's code, you must know how programming languages ​​work and be able to program yourself. Some of the more recommended languages ​​for learning:

A) Python: This is perhaps the best language for web development. Two large frameworks are written on it, on which a huge number of web applications have been created, these are Flask and Django. The language is well built and well documented. Most importantly, it is very easy to learn. By the way, many developers use Python to create simple and complete automation.

B) C ++: a language used in industrial programming. It is taught in schools and universities. Servers are written on it. I recommend that you start learning languages ​​with it, since it contains all the principles of OOP. Having learned to work with it, you can easily master other languages.

C) JavaScript, JQuery: Basically almost all sites use JS and JQuery. You need to be aware that these sites depend on JS, such as password forms. After all, some sites do not allow you to select and copy some information, do not allow you to download a file or view the content, however, to do this, it is enough to disable JS in the browser. Well, to disable JavaScript, you need to know: a) in what situations the work (protection) of the site depends on it; b) how JavaScript is connected and in what ways you can block scripts.

D) SQL: the fun part. All passwords, personal data are stored in databases written in SQL. The most common database management system is MySQL. To understand how to use MySQL injection, you need to know what MySQL injection is. To grasp the essence of MySQL injection, you need to know what MySQL queries are, what the syntax of these queries is, what the database structure is, how data is stored, what tables are, etc.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Control your phone using advantages of the termux-api over ssh from your linux pc.

F E A T U R E S :

arp-scan* - for scanning phone's IP adress from it's MAC

ssh* - core of whole script

sshfs - for mounting folder option

sqlite3 - for sms option, parsing the sms databases

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/KebabLord/teriyaki.git

2) cd teriyaki

3) After you updated script's first line with your phone's mac address, generate ssh keys using:

$ ssh-keygen -t rsa -f ./teriyaki_key -N " " -q

4) copy the public key (the one ending with .pub) to phone and keep the secret key on PC.

After that, on termux:

$ cat teriyaki_key.pub >> ~/.ssh/authorized_keys

5) edit script's 2nd line with the location of your key on PC.

$ mv ./teriyaki_key ~/.ssh/ PHONE_KEY="~/.ssh/teriyaki_key"

6) Detailed answer
First of all start by adding your phone's mac address to script's 2nd line. You can find your phone's mac address in phone settings>system>about phone>status>Wifi mac adress or from your wireless' admin panel, or using nmap like tools. The script needs your phone's MAC in order to find it's current IP address. MAC addresses are static unlike IP.

7) Now you need to exchange secret key in order to use teriyaki script without getting "enter ssh password" prompt every single time.

8) Generate an ssh secret key on your computer, the command below will generate a key with no password named teriyaki_key.

$ ssh-keygen -t rsa -f ./teriyaki_key -N " " -q

9) There will be 2 files generated after the command above. Copy the one ending with .pub to your phone. Keep the other on computer, you may move it to ~/.ssh folder also.

Now on termux, add the public key you generated on computer to ssh's authorized keys file using

$ cat teriyaki_key.pub >> ~/.ssh/authorized_keys

10) Now you can connect to termux ssh from pc using the secret key instead of entering password everytime, it's also more secure.

eg:$ ssh phoneip -p 8022 -i ~/.ssh/teriyaki_key

11) Now update the script (3rd line) with your secret key's location.

PHONE_KEY="~/.ssh/teriyaki_key"

Script is now ready to go. Don't forget to start ssh daemon (sshd) on termux before you use the script. You may want to acquire wake lock for faster response and to avoid timeouts.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Bash2Mp4 is a tool to Download Videos.This tool can Download Videos from more than 20 sites.This Tool is created for Educational Purpose only.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) apt update

2) apt install git -y

3) git clone https://github.com/htr-tech/bash2mp4

4) cd bash2mp4

5) bash setup.sh

6) Type b2mp4 to run the Tool.
Or, Use Single Command
apt update && apt install git -y && git clone https://github.com/htr-tech/bash2mp4 && cd bash2mp4 && bash setup.

✅
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑how see gmail from youtube:

1) go to the channel page and click on the “About” tab.

2)Many YouTubers leave an email address for inquiries. All you have to do is complete the human verification, and it will show the email address to contact the YouTube user.

3) note that not all YouTube users put their email address in.

4) this all:)

🦑Methode 2 :

1) YouTube will not directly tell users what email address is tied to their channel(s) in the event they forget. 

2) The Account Recovery options they provide is all users have to try and recall your channel login.  If the options do not successfully regain access to a channel, there is nothing further they can do to assist.
 
3) If you are able to log into a Google Account, but are unsure if that account has access to the channel, you can visit https://www.youtube.com/channel_switcher while logged in to see if the channel in question is listed.

 @undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Exploitation of the blind command injection vulnerability
#FastTips


1) A command injection (also known as remote code execution) vulnerability allows commands to be executed at the operating system level. Such vulnerabilities can be found in web applications, routers.

2) A detailed description of this vulnerability and methods of exploitation are described in the article " OS Command Injection : Concept, Operation, Automated Vulnerability Search".

3) mentions the blind command injection vulnerability and shows examples of its exploitation. However, the blind vulnerability is harder to understand and slightly harder to exploit - instead of injecting a payload and watching the results right in a browser window or console, you need to use a third-party web server.
———————————————————————-

🦑For training we need:

1) machine with web server and vulnerable web application

2) attacker's web server - it could be a second machine on the local network or your hosting

The following script will execute the role of the vulnerable application:

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>undercode </title>
</head>
<body>
<form>
<input name="message" type="text" />
<input type="submit">
</form>

<?php
if (isset($_GET["message"])) {
exec ('echo ' . $_GET["message"] . ' >> /tmp/messages');
}
?>
</body>
</html>

written
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑start hacking for beginers :


1) Penetration Testing of an FTP Server:

https://medium.com/p/19afe538be4b

2) Reverse Engineering of the Anubis Malware — Part 1:

https://medium.com/p/741e12f5a6bd


3) Privilege Escalation on Linux with Live examples:

https://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/

4) Pentesting Cheatsheets:


https://ired.team/offensive-security-experiments/offensive-security-cheetsheets

5) Powershell Payload Delivery via DNS using Invoke-PowerCloud:
https://ired.team/offensive-security-experiments/payload-delivery-via-dns-using-invoke-powercloud


6) SMART GOOGLE SEARCH QUERIES TO FIND VULNERABLE SITES – LIST OF 4500+ GOOGLE DORKS:


https://sguru.org/ghdb-download-list-4500-google-dorks-free/

7) SQL Injection Cheat Sheet:
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

8) SQLmap’s os-shell + Backdooring website with Weevely:


https://medium.com/p/8cb6dcf17fa4

9) SQLMap Tamper Scripts (SQL Injection and WAF bypass) Tips:

https://medium.com/p/c5a3f5764cb3

10 )BugBounty — How I was able to download the Source Code of India’s Largest Telecom Service Provider including dozens of more popular websites!:

https://medium.com/p/52cf5c5640a1


@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁