▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑vulnx spider is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms {`wordpress , joomla , drupal , prestashop ..`}
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/anouarbensaad/vulnx

2) cd vulnx

3) chmod 777 install.sh

4) ./install.sh

🦑FEATURES :

> Detects cms (wordpress, joomla, prestashop, drupal, opencart, magento, lokomedia)

> Target informations gatherings

> Target Subdomains gathering

> Multi-threading on demand

> Checks for vulnerabilities

> Auto shell injector

> Exploit dork searcher

> Ports Scan High Level

> Dns-Servers Dump

> Input multiple target to scan.

> Dorks Listing by Name& by ExploitName.

> Export multiple target from Dorks into a logfile.

EN J O Y


@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HOW to simulate http server attacks in Python which logs HackerIP and all the tracing he does into a Logfile then a database.
instagram.com/UndercodeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

(rooted termux/kali)

1) git clone https://github.com/anouarbensaad/HTTP-Honeypot.git

2) cd HTTP-Honeypot

3) run mysql with root user sudo mysql -u root

4) Create the database isetsohoney CREATE DATABASE isetsohoney;
add the privileges to rootGRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY 'isetso';

5) create table log with this fieldsCREATE TABLE log (id int NOT NULL PRIMARY KEY, date datetime, iphacker varchar(255), uri varchar(255));

6) run server with command : python HTTP_Honeypot_Server.py

7) Starting Server ON 999, Username : root , Password : toor

8) Run HTTrack for copy real websites to local directory and copy it in Sys/fake

9) Scan The Server Banner with Nmap nmap -sV --script=banner 192.168.1.1 -p999

> Open http://192.168.1.1:999

🦑REQUIREMENTS :

> Python (2.7 or 3.0)

> Apache2

> Mysql-server

> HTTrack


@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Your can Get hackers news& Scripts from Our Twitter.com/UnderCodeTC

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WHAT IS DOXXING ATTACK ?
t.me/UndercOdeTestingOfficial

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

Doxxing is usually meant to embarrass the victim, draw criticism towards them, get revenge or cause the victim physical harm.

> Doxxing is a very serious threat to your privacy and can ruin people’s lives.
> Larger doxxing attacks include public shaming and public humiliation on a large scale. Some people can lose their jobs, families or even their homes as a result of doxxing. Many are forced to change their identities and pay large sums of money to remove unwanted information online.

🦑Common methods include:

1) IP Logging: As mentioned above, this method uses an IP logger (a piece of code you cannot see). The IP logger is typically added to an email or a message to find out your IP address. Once a user has opened the message, the IP address is tracked and sent back to the doxxer.

2) Packet Sniffing: Data you send over a WiFi network can be intercepted by a doxxer if they break into the WiFi’s security measures. The doxxer can then access valuable information such as emails, passwords and bank account details.

3) Reverse Cellphone Lookup: This allows a doxxer to find a victim’s name, email, age and additional information by using their cellphone number.

4) Social Media Stalking: The majority of internet users have social media accounts. Doxxers use these to access information such as names of relatives, birthdays, locations and more.

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Avoid Getting Doxxed
instagram.com/UndercOdeTestingCompany

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:


1) Use a VPN

A virtual private network offers excellent protection from exposing IP addresses and physical addresses of an individual. The VPN takes the user's internet traffic, encrypts it, and sends it through one of the service's servers before heading out to the public internet. In a previous blog, we outlined several VPNs that take privacy and security very seriously.

2) Limiting Personal Information Online

People must go to much greater lengths to dox a person that doesn't share personal information online. Social media sites often ask many of invasive questions, which can lead to attackers learning more than enough about their target. By keeping this information offline entirely, doxxers usually move on to someone else.

3) Auditing Social Media Posts

Over the years, social media profiles fill up with all sorts of data about the person and their past. Take the time to go through social media accounts and delete posts that contain too much personal information. Even if you didn't post it directly, look for comments that may accidentally share this type of data as well.

4) Ask Google to Remove Information

If personal information appears in Google search results, the individual can request that it get removed from the search engine. Google makes this a simple process through an online form. Many data brokers put this type of data online, usually for background checks or crime check information.

5) Avoid Online Quizzes

Some quizzes ask a lot of seemingly random questions, which are actually the answers to common security questions. Plus, it gives attackers more data to work with. Supplying an email address or name to go along with results makes it even easier to associate information from other data sources.

6) Practice Good Cybersecurity Practices

Put anti-virus and malware detection software in place that can stop a doxxer from stealing information through malicious applications. Regularly update software to avoid any security bugs that could lead to being hacked and doxxed. Once an operating system reaches the end of its supported life, switch to a newer version to decreased security vulnerabilities.

7) Change Passwords Regularly

Data breaches happen all the time, so it's usually only a matter of time before a username and password combination gets out in the wild. By switching every month and using a password manager to create complex codes, it's harder for a hacker to break into accounts. An individual can consider using two-factor or multi-factor authentication as well, which requires more than just a username/password combination to access the application.

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 LINKING IN TELEGRAM BOTS 2019
t.me/UndercOdeTestingOfficial

🦑Deep linking🦑

1) Telegram bots have a deep linking mechanism, that allows for passing additional parameters to the bot on startup. It could be a command that launches the bot — or an auth token to connect the user's Telegram account to their account on some external service.

2) Each bot has a link that opens a conversation with it in Telegram — https://telegram.me/<bot username>. You can add the parameters start or startgroup to this link, with values up to 64 characters long. For example:

> https://telegram.me/triviabot?startgroup=test

A-Z, a-z, 0-9, _ and - are allowed. We recommend using base64url to encode parameters with binary and other types of content.

3) Following a link with the start parameter will open a one-on-one conversation with the bot, showing a START button in the place of the input field. If the startgroup parameter is used, the user is prompted to select a group to add the bot to. As soon as a user confirms the action (presses the START button in their app or selects a group to add the bot to), your bot will receive a message from that user in this format:

/start PAYLOAD

4) PAYLOAD stands for the value of the start or startgroup parameter that was passed in the link.

🦑 Deep linking Example

> Suppose the website example.com would like to send notifications to its users via a Telegram bot. Here's what they could do to enable notifications for a user with the ID 123.

1) Create a bot with a suitable username, e.g. @ExampleComBot

2) Set up a webhook for incoming messages

3) Generate a random string of a sufficient length, e.g. $memcache_key = "vCH1vGWJxfSeofSAs0K5PA"

4) Put the value 123 with the key $memcache_key into Memcache for 3600 seconds (one hour)

5) Show our user the button https://telegram.me/ExampleComBot?start=vCH1vGWJxfSeofSAs0K5PA

6) Configure the webhook processor to query Memcached with the parameter that is passed in incoming messages beginning with /start. If the key exists, record the chat_id passed to the webhook as telegram_chat_id for the user 123. Remove the key from Memcache.

7) Now when we want to send a notification to the user 123, check if they have the field telegram_chat_id. If yes, use the sendMessage method in the Bot API to send them a message in Telegram.

THATS ALL 😊

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 automatic deface many websites at once
instagram.com/UndercodeTestingCompany

🦑INSTALLISATION & RUN:

A) Termux:

1) pkg install python2

2) pip2 install requests

3) pkg install git

4) git clone https://github.com/Ranginang67/AOXdeface

5) cd AOXdeface

6) python2 aox.py

B) Linux:

1) apt-get install python

2) apt-get install pthon-pip

3) pip install requests

4) apt-get install git

5) git clone https://github.com/Ranginang67/AOXdeface

6) cd AOXdeface

7) python aox.py

🦑 before using this tool, put your deface script with the aox.py file, edit the file 'target.txt' and enter the target url

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How exploite android 2019
Using open Adb ports we can exploit a Andriod Device
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

>HOW TO INSTALL WINDOWS

1) git clone https://github.com/Zucccs/PhoneSploit

2) extract adb.rar to the phonesploit directory

3) cd PhoneSploit

4) pip install colorama

5) python2 main.py

> HOW TO INSTALL Linux

1) git clone https://github.com/Zucccs/PhoneSploit

2) cd PhoneSploit

3) pip install colorama

4) python2 main_linux.py

> IF ADB NOT FOUND

sudo apt update sudo apt install android-tools-adb android-tools-fastboot

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2019 lastest update cracking tool
JWT brute force cracker written in C

>A multi-threaded JWT brute-force cracker written in C. If you are very lucky or have a huge computing power, this program should find the secret key of a JWT token, allowing you to forge valid tokens
instagram.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

kali/ubanto

1) git clone https://github.com/brendan-rius/c-jwt-cracker

2) cd c-jwt-cracker

3) apt-get install libssl-dev

4) make

5)(((( If you use a Mac, you can install OpenSSL with brew install openssl, but the headers will be stored in a different location:
make OPENSSL=/usr/local/opt/openssl/include OPENSSL_LIB=-L/usr/local/opt/openssl/lib))

6) ./jwtcrack eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.cAOIAifu3fykvhkHpbuhbvtH807-Z2rI1FS3vX1XMjE

> use for learn only

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑a very fast brute force webshell password tool
>dictionary-based brute force password webshell tool, running as fast as a cheetah hunt for prey.

Cheetah's working principle is that it can submit a large number of detection passwords based on different web services at once, blasting efficiency is thousands of times other common brute force password webshell tools.
instagram.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1>git clone https://github.com/sunnyelf/cheetah.git

2>python cheetah.py

3>git pull orgin master

🦑Features:

usage: cheetah.py [-h] [-i] [-v] [-c] [-up] [-r] [-w] [-s] [-n] [-u] [-b]
[-p [file [file ...]]]

optional arguments:
-h, --help show this help message and exit
-i, --info show information of cheetah and exit
-v, --verbose enable verbose output(default disabled)
-c, --clear clear duplicate password(default disabled)
-up, --update update cheetah
-r , --request specify request method(default POST)
-t , --time specify request interval seconds(default 0)
-w , --webshell specify webshell type(default auto-detect)
-s , --server specify web server name(default auto-detect)
-n , --number specify the number of request parameters
-u , --url specify the webshell url
-b , --url-file specify batch webshell urls file
-p file [file ...] specify possword file(default data/pwd.list)

🦑use examples:
python cheetah.py -u http://orz/orz.php
python cheetah.py -u http://orz/orz.jsp -r post -n 1000 -v
python cheetah.py -u http://orz/orz.asp -r get -c -p pwd.list
python cheetah.py -u http://orz/orz -w aspx -s iis -n 1000
python cheetah.py -b url.list -c -p pwd1.list pwd2.list -v

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How To Install a USRP Device on Linux
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) sudo add-apt-repository ppa:ettusresearch/uhd

2) sudo apt-get update

3) sudo apt-get install libuhd-dev libuhd003 uhd-host

4) uhd_find_devices

5) cd /usr/lib/uhd/utils/

6) ./uhd_images_downloader.py

7) sudo uhd_usrp_probe

🦑FEATURES

(Troubleshooting SDR's that are running BTS software):

> Improper FW

>Lack of proper antennas

> Wrong cellular phone type

> Wrong SIM

> Not configured correctly - Mobile Country Codes (MCC) and Mobile

>Network Codes (MNC)

> Incorrect software BTS settings

> Virtualized platform is not fast enough

> Wrong SDR firmware

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Android users attacked by “undeletable” virus from two days
t.me/UndercOdeTestingOfficial

>Symantec cybersecurity experts have revealed a new Xhelper virus that infects gadgets running on the Android operating system. This was reported on the android company's website(https://www.android.com)

> Due to the virus, gadgets constantly pop up ads and also reduce memory.

> It is noted that the virus enters the device along with other programs, continuing to operate when they are removed. In addition, even restoring factory settings does not allow you to get rid of malware.

> According to experts, Xhelper has already hit 45 thousand devices, most of which belong to Russians, Australians and Indians.

> On December 18, cybersecurity experts reported the discovery of a new virus that infects Android-based devices. It is known that users downloaded infected applications from the Google Play store. The malicious code is called Andr / Clickr-AD. He is able to generate a constant click on advertising links, regardless of the desire of the owner of the gadget. In this regard, the malware provokes the rapid discharge of smartphones and tablets.

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WHAT ABOUT LASTEST VULNERABILITY ((THE MOZI)) 12/2019
Twitter.com/UndercOdeTC

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

>experts have discovered a new Mozi P2P botnet that actively brutes Netgear, D-Link and Huawei routers, checking for weak passwords via Telnet.

> Researchers discovered a botnet about four months ago and over the past time have come to the conclusion that its main target is DDoS attacks.

🦑How It Works ??

> Mozi is built using the Distributed Hash Table (DHT) protocol, which is widely used by torrent clients and other P2P platforms. This allows the botnet to work without command servers, as well as to hide the payload among normal DHT traffic. To ensure the integrity and security of the botnet components, ECDSA384 and the XOR algorithm are used.

🦑So, Mozi is able to:

> implement DDoS attacks (this module uses the code of the well-known Malvari Gafgyt, supports HTTP, TCP, UDP, and so on);

> collect and steal information about bots (bot ID, IP address, PORT, file name, gateway, processor architecture);

> execute payload from the specified URL;

> Updated through the specified URL;

> execute system or custom commands.

> The botnet also attacks dozens of different potentially vulnerable devices using known vulnerabilities: Eir D1000, Vacron NVR, devices using Realtek SDK, Netgear R7000 and R6400, MVPower DVR, Huawei HG532, D-Link gadgets, GPON routers, CCTV DVR.

@UndercOdeTestingOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ALL Tested Ways To Hack A Facebook Account And Prevention
t.me/UnderCodeTestingOfficial

> Phishing

>Social engineering

>Easy password capture

>Keylogger

>Browser extensions cracking Facebook

>Malicious application

>Hacking software

>Malicious mobile app

>Browser vulnerabilities

>Self XSS Vulnerability

>Trojan

>Facebook Zero Day

🦑Will posts next tutorials for each way

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Facebook& instagram Hack Box full tunisian script
t.me/UndercOdeTestingOfficial

🦑Features:

1) Grab Infos From Your_Fb With Graph.fb.com

2) Auto Save Emails And Phones

3) See Trikz.txt To Know About Some Priv8 Tricks

4) Make PasswordsList With Victim's Infos + Some Math ;)

5) Brute Facebook Or Instagram's Account Directly After Making The Passwds List

6) Range List With Numbers (The Best Way if you have script Like fb.py(recoveryCode Bruter))

7) Range PhoneNumbers And Brute It Directly (Send Me Your #Country# And I Will Make It For Next Update)

8) Ofc You Need Also Some Secure Passwords To Keep Your Accounts Safely From Crackers ;)

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

For Debien Based Systems

1) sudo apt-get install git

2) git clone https://github.com/m4rktn/xsmash && cd xsmash

3) python2 xsmash.py

>For Termux

1) apt-get install python2 git

2) git clone https://github.com/m4rktn/xsmash && cd xsmash

3) python2 xsmash.py

>For Windows

1) Install Python2.7 From https://www.python.org/downloads/

2) Go To https://github.com/m4rktn/xsmash And Download In ".zip" Format

3) Extract xsmash-master.zip

4) Just Click In Xsmash.py

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁