—————Under𝕮𝖔d𝖊—————

🦑HOW TO GENERATE PAYLOADS IN WORD AND EXCELL DOCUMENTS by UnderCode:(termux/kali)
(T.me/UndercodeTestingOfficial)

🦑INSTALLISATION:

1) git clone https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads

2) cd Office-DDE-Payloads

3) pip install -r requirements.txt

🦑HOW TO USE (Excel)

1) Insert a simple (unobfuscated) DDE command string into the Excel payload document:

> python ddeexcel.py

2) This will generate one Excel document:

> out/payload-final.xlsx

3) Contains user-provided DDE payload/command string.

🦑Delivery

By default, the user then has one standard methods of payload delivery, described below:

> Customize/Stylize the Excel payload document and send directly to the desired target(s).

🦑HOW TO USE FOR (Word) DOC:

1) Insert a simple (unobfuscated) DDE command string into the Word payload document:

> python ddeword.py

2) Insert an obfuscated DDE command string by way of the {QUOTE} field code technique into the Word payload document:

> python ddeword.py --obfuscate

Written by Steave(t.m)
——————Under𝕮𝖔d𝖊—————-

——————Under𝕮𝖔d𝖊—————-

🦑WHAT ABOUT OTP BYPASS:
(instgram.com/UndercOdeTestingOfficial)

🦑What is OTP?

topic that known What is OTP Verification. Sometimes when you are going to register a new account or Re-login on any website or application, Then it asks you to verify our phone number. By using one-time verification (OTP) Method. In which that website/application send a code on our mobile number by SMS, or they also give you Call option, and you have to enter it your mobile number on that Website or Application to verify your account.

>Some websites ask you for OTP Verification and some not ask. But We can’t be able to Register / Re-login new account on (OTP Verification Enable) Websites and Applications without verifying our phone number by entering otp on those app or sites.

>So users must have to enter our real phone number to verify our new created account by entering OTP (One Time Password) sent by the site or App. But sometimes according to some personal situation, users don’t want to enter our real mobile number, because some Web sites or Apps are fake so if you also have same problems. then don’t worry, because today you are on right place.

🦑How To Bypass Mobile Number Verification On Any Website Or App:

1) you have to select any website from above-given list.

2) After choosing any website, you have to proceed to next step in these guidelines, to get the mobile number and receive OTP code on a number to verify your online site or app account. in this time

3) Example selecting “http://www.receive-sms-now.com”

🦑SO LETS FOLLOW undercOde Steps:

1) First of all open http://www.receive-sms-now.com, or you can select another from above given websites list.

2) When you open the site, then You will see a lot of numbers of different countries on site.

3) Then you need to Select your number according to your need (I mean any country).

4) Then enter that phone number on Website or app from where you want to bypass OTP verification.

5) Now that website will send your OTP on that number you selected.

6) Then click on that phone number on this or any other website (www.receive-sms-now.com), and you will see all the recent SMS / messages received on that mobile number.

7) Then Copy the OTP code from (www.receive-sms-now.com) and enter on the website to bypass your OTP verification.

8) That’s it. You have successfully bypassed OTP verification with the help of Fake mobile number for that site.

Written by Mr. BotNet(tm)
——————Under𝕮𝖔d𝖊—————-

——————Under𝕮𝖔d𝖊—————-

🦑Top 10 Free Sites to Receive SMS Online Without Real Phone Number can used for netflix or whatsapp / telegram facbook...
(t.me/UnderCodeTestingOfficial)

ⓁⒺⓉ Ⓢ ⓈⓉⒶⓇⓉ


🦑 Pinger Textfree Web

The Pinger Textfree Web is a good resource to receive SMS online. One very good advantage of this site is that it offers an alternative to have problems signing up with TextNow because they cannot find a VPN or good US proxy. But in Pinger Textfree, anyone can sign up, access and use it for free. All you need to do during sign up is to provide a valid US zip code which can be obtained by searching through Google. On sign up, you are presented with some US phone numbers you will like to use. The only drawback of this service is that of frequent outage of the website which is frustrating to users. You can check the website here.

> http://www.pinger.com/tfw/

🦑Receive Sms-Online.Com

This is also an incredible website that can be used in receiving text messages online when you want to keep your real phone number to yourself. You are encouraged to pick a number from a list of numbers for the service. It is free to use. The only disadvantage is that there secondary domain server could be done at any moment preventing you from using the service.

> Visit the site here: http://receive-sms-online.com/

🦑FreeOnlinePhone. Org

This is a good resource site. It is free to use to receive text messages online .Boast of over 228 countries in its global SMs coverage with a 24/7 customer support. You can select any number you like to use on the site and receive your sms. One of the major disadvantages is that sometimes the phone numbers don't work. However they try to replace them immediately.

> Visit the site here: http://www.freeonlinephone.org/

🦑RecieveSMSOnline.net

If you visited the freeOnlinePhone.org, you will find out that the site looks similar to this one except that there is a difference in color. This is because they are created by the same company called "Cicklow". It offers 5 phone numbers from the US and 3 from the UK to receive text messages online. One drawback of their service is that there is a delay in receiving SMS from the number according to their users.

> Visit the site here: r thttps://www.receivesmsonline.net/

🦑RecieveFreeSMS.com

The site offers 10 public phone numbers from a total of 8 countries to receive sms online.

The countries are the US, Sweden, Hungary, Lithuania, Australia, Spain and Norway. With this site, you can have the luxury of using varieties of phone numbers. The con of this site is that they are unreliable. Out of the 10 numbers listed on their site, only about 3 received SMS as at the time of check.

> Visit the site here: http://receivefreesms.com/

🦑Sellaite SMS Receiver

Estonia is the host country of the service offered by Sellaite SMS Receiver to receive online sms. The good thing about them is that they are reliable as they quickly take down phone numbers from the website which is not working. The disadvantage is that it will not work if the SMS gateway cannot send any message to Estonia at any particular time. You do not have any other option.

> Visit the site here: http://sellaite.com/smsreceiver/

🦑TwiLio

Twilio will give you a private phone number for free in the trial account once you provide your phone number to receive a verification code. The advantage of Twilio is that you can use any of the phone numbers on the site to receive the verification code to activate your account. However, the disadvantage is that the trial account cannot send text messages to unverified phone numbers.

> Visit the site here: https://www.twilio.com/try-twilio

🦑TextNow

If you are looking for a reliable and free private phone number to receive sms online that you alone have access to, you can try TextNow. On sign up for their free account, you will automatically get a free unique phone number and this is one of the major advantages.

However, the disadvantage is that they have a common problem where users receive generic error message which says " Something went wrong with your sign up, please try again" when attempting to sign up.

> Visit the site here: https://www.textnow.com/

🦑GRE.im

The site offers numbers from the US and Hungary. It brings up error messages occasionally but you can ignore it and click on any of the public listed numbers to view the text messages. It is a good site. However, the major disadvantage is that the US phone numbers are very unreliable and there are not much phone numbers for better options.

> Visit the site here: http://gre.im/

🦑Receive-SMS.com

The last on the list nut probably the best is the Receive-SMS.com. They boast of 6 numbers with 3 from Sweden and 3 from the UK. The major advantage of this site is that messages sent to the public phone numbers will be displayed instantly on their website after a browser refresh and you can subscribe to the private numbers where you view your message on a private inbox. There is actually no real disadvantage now as all their lines are working perfectly for now.

> Visit the site here: http://receive-sms.com/

w͓̽r͓̽i͓̽t͓̽t͓̽e͓̽n͓̽ ͓̽b͓̽y͓̽ ͓̽M͓̽r͓̽.͓̽ ͓̽B͓̽o͓̽t͓̽N͓̽e͓̽t͓̽ ͓̽(͓̽t͓̽.͓̽m͓̽.͓̽)͓̽

- - - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - - -

THOSE BEST WORKING APPS & SITES FOR FREE VIRTUALS NUMBERS OR REICIVE SMS ONLINE ....

- - - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - - -

🦑HOW CREATE VIRUS INSIDE IMAGE (PAYLOAD):
Use a Fake image.jpg to exploit targets (hide known file extensions)
(facebook.com/UndercOdeTestingCompanie)

🦑INSTALLISATION & RUN:

1º - Download framework from github
git clone https://github.com/r00t-3xp10it/FakeImageExploiter.git

2º - Set files execution permitions
cd FakeImageExploiter
sudo chmod +x *.sh

3º - Config FakeImageExploiter settings
nano settings

4º - Run main tool
sudo ./FakeImageExploiter.sh

5)WARNING: set Resource-Hacker.exe installer to 'Program Files' (not Program Files (x86))

🦑FOR The noob friendly funtion:

> Bypass the need to input your payload.ps1, And let FakeImageExploiter take
care of building the required payload.ps1 + agent.jpg.exe and config the handler.
"With this funtion active, you only need to input your picture.jpg :D"

@ Mr. Botnet(tm)

- - - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - - -

t.me/UnderCodeTestingOfficial
# Support & Share

Payload image tested by UnderCode On Win7/work for lastest win version/ use for learn...

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - - -

🦑THE FAMOUS SCRIPT FATRAT HAVE NEW RELEASE FOR LINUX OS Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and then the compiled malware can be execute on windows, android, mac . The malware that created with this tool also have an ability to bypass most AV softw…
(instgram.com/UnderCodeTestingCompany)

🦑Installation & RUN:

> Instructions on how to install TheFatRat

1) git clone https://github.com/Screetsec/TheFatRat.git

2) cd TheFatRat

3) chmod +x setup.sh && ./setup.sh

🦑FEATURES:

> Fully Automating MSFvenom & Metasploit.

> Local or remote listener Generation.

> Easily Make Backdoor by category Operating System.

> Generate payloads in Various formats.

> Bypass anti-virus backdoors.

> File pumper that you can use for increasing the size of your files.

> The ability to detect external IP & Interface address .

> Atomatically creates AutoRun files for USB / CDROM exploitation

@̶͝ ̯̯ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - - -

- - - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - - -

🦑HOW SCAN VULNERABLITITY WITH OPEN VAS 9:
(t.me/UnderCodeTestingOfficial)

🦑Installing Openvas 9 on Kali Linux:

> To install Openvas 9 and its dependencies on our Kali Linux system we simply have to run the following command:

1) apt-get update

2) apt-get install openvas

3) Press ‘Y’ to continue the installation of OpenVAS and dependencies.

4) The next step to run the setup procedure that will setup OpenVAS and download a large number of Network Vulnerability Tests (NVTs) or signatures.

5) Due to the large number of NVTs (50.000+) the setup procedure might take a while to complete and consume a considerable amount of data

6) Run the following command to start the setup process:

> openvas-setup

7) When the setup process is finished,

> The web interface is running locally on port 9392 and can accessed through: https://localhost:9392.

8) OpenVAS will also setup an admin account and automatically generate a password for this account which is displayed in the last section of the setup output:

9) you can change password via:

openvasmd –user=[username]–new-password=[password]
openvasmd –user=admin –new-password=[password]

10) After logging in on the web interface we’re redirected to the Greenbone Security Assistant dashboard. From this point on we can start to configure and run vulnerability scans.

11) TO STOP OPEN VAS

> openvas-stop

12) To start the OpenVAS services again, run:

> openvas-start

Written by @̶͝ ̯̯ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - - -

- - - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - - -

🦑How to Setup the OpenVAS Virtual Appliance:
(instagram.com/UnderCodeTestingCompany)

🦑INSTALLISATION & RUN:

1) you can also install the OpenVAS virtual appliance in a network and configure it to periodically run scans on the network.

2) The virtual appliance can be downloaded using the following link:

> http://www.openvas.org/vm.html

3) STart VMware or Virtual Box... and configure as following:

>Let’s start with configuring a VM with the following specifications:

-Processor cores: 2

-2 GB RAM

-10 GB Hard disk

-Network: NAT (only when using VMware Workstation/Free/Virtualbox)

-CD/DVD drive: ISO (choose the downloaded iso file as medium)

-Guest operating system: Linux Kernel 4.x or later 64-bit (VMWare) or

-Other Linux (64bit) (VirtualBox)


4) The next step is to boot the virtual machine :

> Its ask to Setup up GSM

> OK

5) Then its ask to format partion

> YES

6) Please note that this process might take a while to complete. When the installation process is finished we have to specify a username for the administrator user.

> We’ll keep it default as admin as well as the password

7) After specifying the username and password we’re asked to reboot the machine,

> choose ‘yes’ to reboot and also to eject the installation medium

8) Next, we’re asked to configure an IP address for the appliance, choose:

> ‘yes’:

9) The next step is to create a web-admin user, choose

> ‘Yes

10) Finally we’re ask about a subscription key, unless you’re in the possession of a subscription key,

> choose ‘skip’ which will provide with the Greenbone community feed

11) Next we’re asked if we want to update the feed, choose

> ‘yes’ to upgrade the feed in the background. After running through all settings we can log out or reboot the appliance and we’re presented with an IP address to access the web interface

12) When we browser to the web interface we’re presented with a login page.

> Use the credentials of the web-admin account we’ve created during the configuration process

Written by @̶͝ ̯̯ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

- - - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - - -

🦑 Scanning with OpenVAS 9 part 2:
> Vulnerability Scanning
(Facebook.com/UnderCodeTestingCompanie)

🦑LET S START:

A- Before we can actually start vulnerability scanning with OpenVAS 9, we have to complete the following tasks:

1)Create and configure a target.

2) Create and configure a scan task.

3) Run the scan.

B- The lab setup used for this tutorial looks as follows:

1)Host machine with VMWare Workstation Pro

2)Kali Linux 2018.2 VM with OpenVAS 9.0 installed

3) Metasploitable 2 VM

C- Creating a target in OpenVAS
To create a target, we need to follow 2 steps:

1) Go to ‘Configuration’ in the top menu and select ’Targets’.

2) Click the blue icon in the top left corner to create a new target.

D- After hitting the new target button, a dialog screen appears where we have to enter the following information:

1) Target name, we’ll name it Metasploitable

2) The target IP host which is the IP address for our Metasploitable 2 lab machine.

3) Keep all other settings default and click the ‘Create’ button.

E- Configuring a scanning task in OpenVAS

To create a new scan task, we have to perform the following steps:

1) Go to ‘Scans’ in the top menu and select ’Tasks’.

2) Point to the blue icon in the top left corner and select ‘New Task’.

F- After clicking the new scan option, a dialog screen appears where we have to enter the following information:

1) Task name, we’ll name it ‘Scan Metasploitable 2’.

2) Make sure that the Metasploitable 2 target we’ve created earlier is selected.

3) Tick the schedule once checkbox.

4) Keep all other settings default and click the ‘Create’ button to create the new task.

G- Running the OpenVAS vulnerability scan

The scan task will now execute against the selected target. Please note that full scan may take a while to complete. When you refresh the tasks page you will be able to check the progress for the executed task:

1)Reload the page.

2) Check task status/progress.

H- As expected we can see that OpenVAS found a number of severe vulnerabilities. Let’s have a look at the details of the results.
🦑 Interpreting the scan results

Now that the vulnerability scan is finished we can browse to ‘Scans -> Reports’ in the top menu.

> On the reports page we can find the report for the completed scanning task

I- When we click on the vulnerability name we can get an overview of the details regarding the vulnerability.

ENJOY WITH OUR TUTORIALS

@ UnderCodeOfficial

- - - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

- - - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - - -

🦑Best apps for WIFI android:
(t.me/UNDERCODETESTINGOFFICIAL)

🦑 Aircrack-ng

> REQUIRE:

1-Rooted Android Device

2-Computer with Ubuntu 14/ 15/ 16 (or any other Linux distribution)

3-USB OTG Adapter (micro USB to USB female cable)

4-Wireless USB Adapter (This is the most important tool)

5-Time (Must, at any cost, don’t give up)

> https://forum.xda-developers.com/showthread.php?t=2338179

🦑Kali Linux Nethunter

> https://www.kali.org/kali-linux-nethunter/

🦑 WiFi WPS WPA Tester

>https://play.google.com/store/apps/details?id=com.tester.wpswpatester

🦑dSploit

Wi-Fi Cracking
Router PWN
Trace
Port Scanner (scan the ports)
Inspector
Vulnerability finder
>Login cracker
Packet forgery (Change the data packets in between)
Man in the middle (Decide the data packets you want to send)
Simple sniff (Steal Victim’s Data from the phone)
Password sniff (ability to view or steal passwords from the victim’s device)
Session Hijacker (Full control over victim’s Device)
Kill connections (Disable usage of data packets, thereby killing the connection)
Redirect to any particular URL to of the attacker’s choice
Replace images (pop up images/replace them with the ones being viewed)
Replace videos (pop up videos/replace them with the ones being played)
Script injector (run random page scripts)
Custom filter
These extra features give this app an advantage over others but some users find it difficult to use and is not updated anymore.

> https://forum.xda-developers.com/showthread.php?t=1914699

🦑 Nmap

>Powerful

>Easy to use

>It is open source so you get all the latest Updates fast free of cost.

>It supports almost all devices.

>Variety of options available.

🦑 Arpspoof

> https://forum.xda-developers.com/showthread.php?t=2236465

🦑Wi-Fi Inspect

>https://play.google.com/store/apps/details?id=lksystems.wifiintruder

🦑Network Spoofer

> https://github.com/w-shackleton/android-netspoof/

🦑 Wi-Fi Kill

>< https://github.com/cSploit/android

🦑 Arcai.com ’s NetCut

> https://play.google.com/store/apps/details?id=com.arcai.netcut

THOSE APPS TESTED BY undercOde

@UnderCodeOfficial

- - - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

- - - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - - -

🦑TYPES OF BITCOIN ATTACKS Under Code:
(t.me/UnderCodetestingOfficial)

🦑Bitcoin Mitigating Attacks
Bitcoin is the most secure cryptocurrency, which provides security at multiple levels of the protocol. It is often rendering sustained sophisticated attacks. In this section, we are going to look at various types of probable attacks in the bitcoin system.

🦑The Sybil Attack
The Sybil attack happens in the peer-to-peer network. A malicious attacker wishes to carry out this attack on the bitcoin network. In this, a node in the network operates multiple identities at the same time and undermines the authority in the reputation system. Its main aim is to gain the majority of influence in the network to carry out illegal actions in the system.

>The Sybil attack is difficult to detect and prevent, but the following measures can be useful

🦑By increasing the cost of creating a new identity.
Require validation of identities or trust for joining the network.
Give different power to different members.

🦑Race Attack
The Race Attack requires the recipients to accept unconfirmed transactions as payment. As an attacker, you can send the same coin to different vendors by using the two different machines. If the vendors deliver the things without waiting for block confirmation, they will soon realize that the transaction was rejected during the mining process. The solution to this is that the vendor must wait for at least one block confirmation before sending things.

This attack is easier to pull off when the attacker has a direct connection to the victim's node. Therefore it is recommended to turn off incoming connections to nodes for receiving payments so that your node will identify their own peers. And it does not allow the payer to submit the payment to the payee directly.

🦑Finney Attack
The Finney attack is named after Hal Finney. The Finney attack is one of the types of double-spending problem. In this attack, the attacker is the miner who mines blocks normally. In the block, he includes a transaction which sends some of his coins back to himself without broadcasting the transaction. When he finds a pre-mined block, he sends the same coins in a second transaction. The second transaction would be rejected by other miners, but this will take some time. To prevent this attack, the seller should wait for at least six blocks confirmation before releasing the goods.

🦑Vector76 Attack
The Vector76 attack is a combination of the Race attack and the Finney attack such that a transaction that even has one confirmation can still be reversed. In this attack, a miner creates two nodes, one of which is connected to the exchange node, and the other is connected to well-connected peers in the blockchain network. Now, the miner creates two transactions, one high value, and one low value. Then, the attacker pre-mines a high-value transaction to an exchange service. When a block is announced, he quickly sends the pre-mined block directly to the exchange service. When exchange service confirms the high-value transaction, the corrupted attacker sends a low-value transaction to the blockchain network that finally rejects the high-value transaction. As a result, the corrupted attacker's account is deposited on the amount of the high-value transaction. This attack can be protected by disabling the incoming connections and only connecting to well-connected nodes.

🦑The 51% Attack
The 51% attack is a potential attack on the blockchain network. It refers to a single miner or group of miners who are trying to control more than 50% of a network's mining power, computing power or hash rate. In this attack, the attacker can block new transactions from taking place or being confirmed. They are also able to reverse the transactions that have already confirmed while they were in control of the network, leading to a double-spending problem.