▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What was the Heartbleed Bug?
instagram.com/UndercOdeTestingCompany

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> Impact of the Vulnerability

> This vulnerability allows an attacker to extract memory contents from the webserver through the vulnerability in the heartbeat.

> As a result an attacker may be able to access sensitive information such as the private keys used for SSL/TLS.

1) Active Attack - Equipped with the private key, an attacker can silently monitor and decrypt communications between the user and the web server. As a result, an attacker could view private data such as passwords, credit card data, medical records and any other sensitive data the user exchanges with the website. In addition, the attacker could impersonate the target website to deliver fake, inaccurate or malicious data to the user.

2) Offline Attack - Some well funded attackers gather large amounts of encrypted data and store this data in the event they can later decrypt the information. Using the Heartbleed vulnerability the attackers could decrypt this information if it was obtained when passed between a user and a vulnerable website. This means that sensitive data exchanged up to two years ago could also now be at risk for exposure to attackers. Note: sites implementing Perfect Forward Secrecy are protected against this particular attack.

3) Scope - 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Apache, which uses OpenSSL for HTTPS, is used by 66% of all websites according to netcraft.com. A study of the TLS heartbeat extension by Netcraft also identified that 17.5% of SSL sites may be vulnerable to the Heartbleed bug.


🦑The Fix
The patch in OpenSSL 1.0.1g is essentially a bounds check, using the correct record length in the SSL3 structure (s3->rrec) that described the incoming HeartbeatMessage.

Below is the revised code from Github.[8]

hbtype = *p++;
n2s(p, payload);
if (1 + 2 + payload + 16 > s->s3->rrec.length)
return 0; /* silently discard per RFC 6520 sec. 4 */
pl = p;


🦑Verify if you are using a vulnerable version of OpenSSL.

1) Upgrade OpenSSL as soon as possible. OpenSSL was released on (https://www.openssl.org/source/).

2) Reissue your security certificates for SSL/TLS. The vulnerability has been present for two years and there is no way to verify if your private key has been compromised as a result of this vulnerability.

3) In addition, a compromised key would be used to silently monitor communications from your users and the attack would be undetectable. It is prudent to assume a breach and proactively reissue security certificates.

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Termux Backup restore 2019 Tool
t.me/UndercOdeTestingOfficial


🦑Termux Backup :

From this option you can backup all the tools and default bash terminal script into your internal stoarge without any issue and you can restore it at any time.

> Termuc Restore :

From this option you can restore the backup tools of termux and default terminal as it was first.

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

$ apt-get update -y
$ apt-get upgrade -y
$ pkg install python -y
$ pkg install python2 -y
$ pkg install git -y
$ pip install lolcat
$ git clone https://github.com/noob-hackers/snap
$ ls
$ cd snap
$ ls
$ bash snap.sh

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Happy New Year all 😊We have some great tutorials for next year

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Termux DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) apt-get install python3

2) pip install scapy

3) pip install shodan

4) now You may obtain one for free in Shodan if you sign up using a .edu email
> https://shodan.io/

5) git clone https://github.com/649/Memcrashed-DDoS-Exploit.git

6) cd Memcrashed-DDoS-Exploit

7) echo "SHODAN_KEY" > api.txt

8) docker build -t memcrashed .

9) docker run -it memcrashed

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Hack Website Using AUTOMATE SQLiNJECTION ON Android
>sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.
t.me/iOsDeveloppers

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
(sqlmap works out of the box with Python version 2.6, 2.7 and 3.x on any platform.)

2)go dir then python sqlmap.py -h

3) python sqlmap.py -hh

4) to attack
python sqlmap.py -u (site name) - -batch

THAT ALL !

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Mobile Apps (Hack On Android)
i know we already sent 250 android hack app in one git link but lets focus on most usuable apps !"
t.me/UndercOdeTestingOfficial

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) AndroRat - Android Remote Administrative Tool
>https://github.com/wszf/androrat

2)cspoilt - A tool that enumerates local hosts, finds vulnerabilities and their exploits, cracks Wi-Fi password, installs backdoors blablabla!!!
> http://www.csploit.org/

3) Hackode - All In One Android Pentest Tool
>https://play.google.com/store/apps/details?id=com.techfond.hackode&hl=en

4) zANTI - Network mapping, port discovery, sniffing, packet manipulation, DoS, MITM blablabla!!
> https://www.zimperium.com/zanti-mobile-penetration-testing

5) FaceNiff - Intercept and sniff WiFi network traffic for Social Media packets
> http://faceniff.ponury.net/

6) Droidsheep - Android application that analyzes security in wireless networks and also captures Twitter, Linked, Facebook, and other accounts
> http://droidsheep.downloadxapp.com/

7) USB Cleaver - Silently recover information from a target Windows 2000 or higher computer, including password hashes, LSA secrets, IP information
>https://forum.xda-developers.com/showthread.php?t=1656497

8) Shark - Network Packate analysis tool
> https://github.com/sundaysec/Android-Exploits/blob/master

9) DroidBox - Dynamic analysis of Android apps
>https://github.com/pjlantz/droidbox

10) Wi-Fi Kill - Disable other Users from WiFi Access
> https://wifikillapk.com/

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WHAT IS Definition
virtual network computing (VNC)
t.me/iOsDeveloppers

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> Virtual network computing (VNC) is a type of remote-control software that makes it possible to control another computer over a network connection. Keystrokes and mouse clicks are transmitted from one computer to another, allowing technical support staff to manage a desktop, server, or other networked device without being in the same physical location.

> VNC works on a client/server model: A VNC viewer (or client) is installed on the local computer and connects to the server component, which must be installed on the remote computer.

> The server transmits a duplicate of the remote computer's display screen to the viewer. It also interprets commands coming from the viewer and carries them out on the remote computer.

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How Control vnc servers ?
>LibVNCServer/LibVNCClient are cross-platform C libraries that allow you to easily implement VNC server or client functionality in your program.
>VNC is a set of programs using the RFB (Remote Frame Buffer) protocol. They are designed to "export" a frame buffer via net (if you don't know VNC, I suggest you read "Basics" below). It is already in wide use for administration, but it is not that easy to program a server yourself.
instagram.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/LibVNC/libvncserver

2) cd libvncserver

3) mkdir build

4) cd build

5) cmake ..

6) cmake --build .

🦑How It Works ?

1) To make a server, you just have to initialise a server structure using the function rfbDefaultScreenInit, like rfbScreenInfoPtr rfbScreen = rfbGetScreen(argc,argv,width,height,8,3,bpp); where byte per pixel should be 1, 2 or 4. If performance doesn't matter, you may try bpp=3 (internally one cannot use native data types in this case; if you want to use this, look at pnmshow24).

2) You then can set hooks and io functions (see below) or other options
> And you allocate the frame buffer like this: rfbScreen->frameBuffer = (char*)malloc(widthheightbpp);

3) After that, you initialize the server, like rfbInitServer(rfbScreen);

4) You can use a blocking event loop, a background (pthread based) event loop, or implement your own using the rfbProcessEvents function.

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SPOOTIFY ACCOUNTS 2019-2020 NON-TESTED

cnb2001@gmail.com 01122001 1-Month
philfroese@gmail.com groovy11 1-Month
carlton.t.jones@gmail.com gotwins1 1-Month
amberenixon@gmail.com macie123 1-Month
kristenreeson@hotmail.com NCC74656 1-Month
s.curry.e@gmail.com shannon 1-Month
ranzi.vogel1@web.de shakira 1-Month
maddiepwheeler@gmail.com ilikepie4 US Accounts
reagankurtz@yahoo.com mackenzie2002 US Accounts
jenniferrocks101@gmail.com rebecca US Accounts
a.carroll12@icloud.com Leopard13 US Accounts
guardianangel6066@gmail.com Samson10 US Accounts
sophieconcannon@gmail.com piggy2011 US Accounts
tianosale85@gmail.com mamita1990 1-Month
jutsilveira@gmail.com juju5940 1-Month
keliann214@gmail.com Fitness1 1-Month
finfan41@yahoo.com legs1234 1-Month
joey230michael@icloud.com Joey129453 1-Month

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to scan for general system information, vulnerable software packages, and possible configuration issues... in one tool
t.me/UndercOdeTestingOfficial

🦑Features :

> Automated security auditing

> Compliance testing (e.g. ISO27001, PCI-DSS, HIPAA)

> Vulnerability detection

The software (also) assists with:

> Configuration and asset management

> Software patch management

> System hardening

> Penetration testing (privilege escalation)

> Intrusion detection

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/CISOfy/lynis

2) cd lynis

3) ./lynis audit system

🦑Tested by UndercOde on

> kali
> ubanto

@ M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Cloudflarew 2020 Features & Why Its secure & safe to use this protection ?
twitter.com/UndercodeTC

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> Fast, Global Content Delivery Network.

> Fast, Powerful, And Secure DNS.

>Load Balancing.

> A rgo Smart Routing.

> Web Optimizations.

> Local Storage Caching.

> AutoMinify.

> Rocket Loader

> anti-ddos solution

> hide admin mail & phones from website

> hide cms feature include

> multi language + Two-factor login

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Python wrapper for the Cloudflare Client API v4
updated
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) sudo pip install cloudflare

or via git

1) git clone https://github.com/cloudflare/python-cloudflare

2) cd python-cloudflare

3) ./setup.py build

4) sudo ./setup.py install

🦑Example

A very simple listing of zones within your account; including the IPv6 status of the zone.

import CloudFlare

def main():
cf = CloudFlare.CloudFlare()
zones = cf.zones.get()
for zone in zones:
zone_id = zone['id']
zone_name = zone['name']
print zone_id, zone_name

if name == 'main':
main()

>This example works when there are less than 50 zones (50 is the default number of values returned from a query like this).

🦑Providing Cloudflare Username and API Key

When you create a CloudFlare class you can pass up to four parameters.

1> API Token or API Key
2> Account email (only if an API Key is being used)
3> Optional Origin-CA Certificate Token
4> Optional Debug flag (True/False)

🦑import CloudFlare

# A minimal call - reading values from environment variables or configuration file
cf = CloudFlare.CloudFlare()

# A minimal call with debug enabled
cf = CloudFlare.CloudFlare(debug=True))

# An authenticated call using an API Token (note the missing email)
cf = CloudFlare.CloudFlare(token='00000000000000000000000000000000')

# An authenticated call using an API Key
cf = CloudFlare.CloudFlare(email='user@example.com', token='00000000000000000000000000000000')

# An authenticated call using an API Key and CA-Origin info
cf = CloudFlare.CloudFlare(email='user@example.com', token='00000000000000000000000000000000', certtoken='v1.0-...')

> If the account email and API key are not passed when you create the class, then they are retrieved from either the use exported shell environment variables or the .cloudflare.cfg or ~/.cloudflare.cfg or ~/.cloudflare/cloudflare.cfg files, in that order.

🦑example Using shell environment variables

1> export CF_API_EMAIL='user@example.com' # Do not set if using an API Token
2> export CF_API_KEY='00000000000000000000000000000000'
3> export CF_API_CERTKEY='v1.0-...

🦑Using configuration file to store email and keys

1> cat ~/.cloudflare/cloudflare.cfg
[CloudFlare]
2>email = user@example.com # Do not set if using an API Token
token = 00000000000000000000000000000000
certtoken = v1.0-...
extras =

E N J O Y

M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A Cloudflare WebExtension
>so helpful for hackers
instagram.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) adding to google chrome browser
>https://chrome.google.com/webstore/detail/claire/fgbpcgddpmjmamlibbaobboigaijnmkl

2) adding to firefox
>https://addons.mozilla.org/en-US/firefox/addon/cloudflare-claire/

🦑 manual mode

>to use the extension from source:

1> Clone this repository (git clone https://github.com/cloudflare/claire.git)

2> In the checked out directory, run yarn install && yarn run build.

3> Bring up the extensions page (Wrench icon -> Tools -> Extensions)

4> If Developer mode is not checked, check it and this will expose a few additional buttons

5> Click on the Load unpacked extension button and browse to the "dist" folder in the Claire repo folder

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hack any wps wifi on Termux/Linux Withou root :
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/SilentGhostX/HT-WPS-Breaker

2) cd Desktop

3) unzip HT-WPS-Breaker.zip

4) cd HT-WPS-Breaker

5) chmod +x HT-WB.sh

6) ./HT-WB.sh or bash HT-WB.sh

7) Choose Options via Numbers

> note also hidden any wifi can be sucessful getting here name

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A Kubernetes ingress controller for Cloudflare's Argo Tunnels
Updated
>Argo Tunnel Ingress Controller provides Kubernetes Ingress via Argo Tunnels. The controller establishes or destroys tunnels by monitoring changes to resources.
>Argo Tunnel offers an easy way to expose web servers securely to the internet, without opening up firewall ports and configuring ACLs. Argo Tunnel also ensures requests route through Cloudflare before reaching the web server so you can be sure attack traffic is stopped with Cloudflare’s WAF and Unmetered DDoS mitigation and authenticated with Access if you’ve enabled those features for your account.
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/cloudflare/cloudflare-ingress-controller

2) cd cloudflare-ingress-controller

3) kubectl apply -f deploy/argo-tunnel.yaml

4) Update the ServiceAccount namespace and bindings to deploy in an alternate namespace.Without role based access control (RBAC).

>kubectl apply -f deploy/argo-tunnel-no-rbac.yaml

5) With Helm:

>helm install --name anydomain cloudflare/argo-tunnel

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Great Tool To Automate checking Vulnerability For Any Website :
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/penetrate2hack/ITWSV.git

2) cd ITWSV

3) chmod +x start.sh

4) chmod +x update.sh (only if required)

5) ./start.sh

🦑Features :

WHOIS

DNSWALK

FIERCE

DNSRecon

DNSenum

NMAP

DMitry

theHarvester

LBD

SSLScan

SSLYze

WhatWeb

Automater

Grabber

Parsero

Uniscan

Metagoofil

A2SV

WPScan

Droopescan

WPSeku

XssPy

Spaghetti

sublist3r

WAFW00F

nslookup

nslookup

dirsearch

OWASP Joomscan

Spaghetti

Globuster

Grabber

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑KALI CRACKING TOOLS + How Run & USE:
t.me/UndercOdeTestingOfficial

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) Hydra

Hydra is a login cracker that supports many protocols to attack ( Cisco AAA, Cisco auth, Cisco enable, CVS, FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-GET, HTTP(S)-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MySQL, NNTP, Oracle Listener, Oracle SID, PC-Anywhere, PC-NFS, POP3, PostgreSQL, RDP, Rexec, Rlogin, Rsh, SIP, SMB(NT), SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP).

> To open it, go to Applications → Password Attacks → Online Attacks → hydra.
Hydra

> It will open the terminal console, as shown in the following screenshot.

> Open Terminal

In this case, we will brute force FTP service of metasploitable machine, > which has IP 192.168.1.101
Brute Force

> now you created in Kali a word list with extension ‘lst’ in the path usr\share\wordlist\metasploit.
Share Wordlist

The command will be as follows −

hydra -l /usr/share/wordlists/metasploit/user -P
/usr/share/wordlists/metasploit/ passwords ftp://192.168.1.101 –V

where –V is the username and password while trying


> >Hydra Command

As shown in the following screenshot, the username and password are found which are msfadmin:msfadmin
Admin Password


🦑 Johnny

Johnny is a GUI for the John the Ripper password cracking tool. Generally, it is used for weak passwords.

1) To open it, go to Applications → Password Attacks → johnny.
Johnny

2) will get the password of Kali machine with the following command and a file will be created on the desktop.
Desktop

3) Click “Open Passwd File” → OK and all the files
shown then Open File

4) Click “Start Attack”.
Start Attack

5) After the attack is complete, click the left panel at “Passwords” and the password will be unshaded


john is a command line version of Johnny GUI. To start it, open the Terminal and type “john”.
Unshadowing

In case of unshadowing the password, we need to write the following command −

root@kali:~# unshadow passwd shadow > unshadowed.txt

🦑 Rainbowcrack

The RainbowCrack software cracks hashes by rainbow table lookup. Rainbow tables are ordinary files stored on the hard disk. Generally, Rainbow tables are bought online or can be compiled with different tools.

To open it, go to Applications → Password Attacks → click “rainbowcrack”.
RainbowCrack

The command to crack a hash password is −

rcrack path_to_rainbow_tables -f path_to_password_hash

🦑 SQLdict

It is a dictionary attack tool for SQL server and is very easy and basic to be used. To open it, open the terminal and type “sqldict”. It will open the following view.
Sql Dict

Under “Target IP Server”, enter the IP of the server holding the SQL. Under “Target Account”, enter the username. Then load the file with the password and click “start” until it finishes.
hash-identifier

It is a tool that is used to identify types of hashes, meaning what they are being used for. For example, if I have a HASH, it can tell me if it is a Linux or windows HASH.

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Office 2019 All Version SERIALS TESTED By undercOde :
instagram.com/UndercOdeTestingCompany

1) Office Professional Plus 2019

NMMKJ-6RK4F-KMJVX-8D9MJ-6MWKP

2) Office Standard 2019

6NWWJ-YQWMR-QKGCB-6TMB3-9D9HK

3) Project Professional 2019

B4NPR-3FKK7-T2MBV-FRQ4W-PKD2B

4) Project Standard 2019

C4F7P-NCP8C-6CQPT-MQHV9-JXD2M

5) Visio Professional 2019

9BGNQ-K37YR-RQHF2-38RQ3-7VCBB

6) Visio Standard 2019

7TQNQ-K3YQQ-3PFH7-CCPPM-X4VQ2

7) Access 2019

9N9PT-27V4Y-VJ2PD-YXFMF-YTFQT

8) Excel 2019

TMJWT-YYNMB-3BKTF-644FC-RVXBD

9) Outlook 2019

7HD7K-N4PVK-BHBCQ-YWQRW-XW4VK

10) PowerPoint 2019

RRNCX-C64HY-W2MM7-MCH9G-TJHMQ

11) Publisher 2019

G2KWX-3NW6P-PY93R-JXK2T-C9Y9V

12) Skype for Business 2019

NCJ33-JHBBY-HTK98-MYCV8-HMKHJ

13) Word 2019

PBX3G-NWMT6-Q7XBW-PYJGG-WXD33

@UndercOdeOfficial

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁