▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Aireplay-ng General Troubleshooting Tips
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Most modes of Aireplay-ng, with the exception of client disassociation, fake
authentication, and injection test, require that your MAC address is associated with
the AP. You must either perform a fake authentication to associate your MAC
address with the AP or use the MAC address of a client that is already associated
with the AP. Failure to do this will cause the access point to reject your packets.

2) Look for deauthentication or disassociation messages during injection that indicate
you are not associated with the AP. Aireplay-ng will typically indicate this or it can
be seen in tcpdump: ‘tcpdump -n -e -s0 -vvv -i <interface name>’

3) Ensure the wireless card driver is properly patched and installed. Use the injection
test to confirm that your card can inject.

4) Make sure that you are physically close enough to the AP. You can confirm that you
can communicate with the specific AP by running the injection test.

5) Verify that your card is in monitor mode. Use ‘iwconfig’ to confirm this.

6) Your card needs to be configured on the same channel as the AP.

7) Make sure you are using a real MAC address.

8) Some APs are programmed to only accept connections from specific MAC addresses.
In this situation, you will need to obtain a valid MAC address by observing
Airodump and use a valid client MAC address once it becomes inactive. Do not
perform a fake authentication for a specific client MAC address if the client is still
active on the AP.

@UnderCodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 this commun error when hack wifi on kali or parrot

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Waiting for Beacon Frame -due to wifi hacking recently tutorials :by undercode
t.me/undercodeTesting

If, while executing the attack, the system freezes or a line is printed with “Waiting for
beacon frame” with no other activity, it could be due to one of the following:

1) The wireless card is set to a channel different than that of the AP. Ensure that you
start monitor mode on the same channel as the AP.

2) The card is hopping channels. This can be resolved by running Airodump-ng with
the -c parameter and specifying the AP channel.

3) The ESSID is wrong. If it contains spaces or special characters, enclose it in quotes.

4) The BSSID is wrong. Ensure you have entered the BSSID correctly.

5) You are too far away from the AP and are not receiving any beacons. Use tcpdump,
Wireshark, or Airodump-ng to see if you are receiving beacons. If not, move closer to
the AP.

6) If none of the above applies, it could be due to faulty drivers.

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 RECOMMENDED TO KNOW, FOR WIFI ATTACK :
fb.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) ieee80211 vs. mac80211

Under Linux operating systems, there are 2 different wireless stacks: the older ieee80211
and the newer mac80211. We’ll review both of these stacks as they are both still in use.

2) ieee80211

The ieee80211 stack has been around since the Linux 2.4 and even 2.2 kernels. In order to
control the wireless cards, some early drivers required an external utility and because
there were many different chipsets, there were multiple utilities to control them since they
had different capabilities.
To cope with this fragmentation, an API was created in order to provide a common set of
utilities to control the different drivers, the Wireless Extension (WE)11. The WE has the

🦑 following utilities:

1) iwconfig: manipulates the basic wireless parameters – change modes, set channels,
and keys

2) iwlist: allows for the initiation of scanning, listing frequencies, bit rates, and
encryption keys

3) iwspy: provides per-node link quality (not often implemented by drivers)

4) iwpriv: allows for the manipulation of the Wireless Extensions specific to a driver

@undercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑instagram-scraper is a command-line application written in Python that scrapes and downloads an instagram user's photos and videos. Use responsibly:
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> https://github.com/rarcega/instagram-scraper

To install instagram-scraper:

1) $ pip install instagram-scraper

2) To update instagram-scraper:

$ pip install instagram-scraper --upgrade

3) Alternatively, you can clone the project and run the following command to install: Make sure you cd into the instagram-scraper-master folder before performing the command below.

> $ python setup.py install

🦑To scrape a user's media:

$ instagram-scraper <username> -u <your username> -p <your password>

To scrape a hashtag for media:

$ instagram-scraper <hashtag without #> --tag
It may be useful to specify the --maximum <#> argument to limit the total number of items to scrape when scraping by hashtag.

To specify multiple users, pass a delimited list of users:

$ instagram-scraper username1,username2,username3
You can also supply a file containing a list of usernames:

$ instagram-scraper -f ig_users.txt
# ig_users.txt

username1
username2
username3

# and so on...
The usernames may be separated by newlines, commas, semicolons, or whitespace.

🦑--help -h Show help message and exit.

--login-user -u Instagram login user.

--login-pass -p Instagram login password.

--followings-input Use profiles followed by login-user as input

--followings-output Output profiles from --followings-input to file

--filename -f Path to a file containing a list of users to scrape.

--destination -d Specify the download destination. By default, media will
be downloaded to <current working directory>/<username>.

--retain-username -n Creates a username subdirectory when the destination flag is
set.

--media-types -t Specify media types to scrape. Enter as space separated values.
Valid values are image, video, story (story-image & story-video),
or none. Stories require a --login-user and --login-pass to be defined.

--latest Scrape only new media since the last scrape. Uses the last modified
time of the latest media item in the destination directory to compare.

--latest-stamps Specify a file to save the timestamps of latest media scraped by user.
This works similarly to --latest except the file specified by
--latest-stamps will store the last modified time instead of using
timestamps of media items in the destination directory.
This allows the destination directories to be emptied whilst
still maintaining history.

--cookiejar File in which to store cookies so that they can be reused between runs.

--quiet -q Be quiet while scraping.

--maximum -m Maximum number of items to scrape.

--media-metadata Saves the media metadata associated with the user's posts to
<destination>/<username>.json. Can be combined with --media-types none
to only fetch the metadata without downloading the media.

--include-location Includes location metadata when saving media metadata.
Implicitly includes --media-metadata.

--profile-metadata Saves the user profile metadata to <destination>/<username>.json.

--proxies Enable use of proxies, add a valid JSON with http or/and https urls.
Example: '{"http": "http://<ip>:<port>", "http": "https://<ip>:<port>" }'

--comments Saves the comment metadata associated with the posts to


...
@undercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Wifi Cracking tutorial after capture handshake :
pinterest.com/undercode_Testing

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

If you haven’t already done so, ensure your AP is configured with WPA/WPA2 encryption.

1) Select a password that requires extra digits to be added to it as was demonstrated in this
module.

2) Capture a WPA handshake by deauthenticating your victim client.

3) Edit the default John the Ripper rules so that your new password can be found.

3) Crack the WPA password using John the Ripper combined with Aircrack-ng.

🦑 SO HOW TO DO :

Aircrack-ng and JTR Attack Summary

Place your wireless card into monitor mode on the channel number of the AP:

> Start an Airodump capture, filtering on the AP channel and BSSID, saving the capture to
disk:

> Force a client to reconnect and complete the 4-way handshake by running a
deauthentication attack against it:

> Once a handshake has been captured, change to the John the Ripper directory and pipe in
the mangled words into Aircrack-ng to obtain the WPA password:


> airmon-ng start <interface><AP channel>

> airodump-ng -c <AP channel> --bssid <AP MAC> -w <capture><interface>

> aireplay-ng -0 1 -a <AP MAC> -c <Client MAC><interface>
./john --wordlist=<wordlist> --rules --stdout | aircrack-ng -e <ESSID> -w -
<capture>

ENJOY
@UndercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Cracking WPA with coWPAtty :
fb.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> coWPAtty23 is a versatile tool that can recover WPA pre-shared keys using both dictionary
and rainbow table attacks. Although it is not being actively developed, it is still quite useful,
especially when using its rainbow table attack method. For this reason alone, it is worth
adding to your arsenal of tools.

1) our target information is as follows:

> BSSID: 32:08:04:09:3D:xy ESSID: wifu (WPA2 PSK)
Client: 00:18:4D:1D:A8:1F mon0: 00:1F:33:F3:51:13

2) Since coWPAtty does not include a sniffer component, it still requires a WPA handshake to
be captured with an external tool such as Airodump-ng. In this module, we will simply

3) reuse our capture from the John the Ripper section since the password of our access point
has not been changed.

4) There won’t be any word mangling taking place so we will add our WPA password to the
end of the John the Ripper wordlist.

>root@wifu:~# echo Password123 >> /pentest/passwords/john/password.lst

5) Having the password at the end of the wordlist rather than at the beginning will provide a
better indication of the speed difference between dictionary mode and rainbow table
mode.

🦑Installed On :PARROT, KALI , WIFISLAX(new v)

@UndercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Crawl and analysis by undercode :
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

>It is very simple to scrape and analyze a file. This tutorial will guide you step by step to achieve it with an example. let's start!

　1) First, I have to decide the URL address we will crawl. Can be set in a script or passed in $ QUERY_STRING. For simplicity, let's set the variables directly in the script.

<?
$ url = 'http://www.php.net'
;?> In the

2) second step, we grab the specified file and store it in an array using the file () function.

<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);
?>

3) 　　OK, now there are files in the array. However, the text we want to analyze may not be all on one line. To understand this file, we can simply convert the array $ lines_array into a string. We can implement it using the implode (x, y) function. If you later want to use explode (set an array of string variables), it may be better to set x to "|" or "!" Or other similar separator. But for our purposes, it is best to set x to a space. y is another required parameter because it is the array you want to process with implode ().

<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);
$ lines_string = implode ('', $ lines_array);
?>

4) 　　Now that the crawling is done, it's time to analyze it. For the purpose of this example, we want to get everything between <head> to </ head>. In order to parse out the string, we also need something called a regular expression.

<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);
$ lines_string = implode ('', $ lines_array);
eregi ("<head> (. *) </ head> ", $ lines_string, $ head);
?>

5) 　　Let's take a look at the code. As you can see, the eregi () function is executed in the following format:

eregi ("<head> (. *) </ Head>", $ lines_string, $ head);

6) 　　"(. *)" Means everything and can be explained For, "Analyze all things between <head> and </ head>". $ lines_string is the string we are analyzing, and $ head is the array where the analysis results are stored.

7) 　　Finally, we can lose data. Because there is only one instance between <head> and </ head>, we can safely assume that there is only one element in the array, and that is what we want. Let's print it out.

<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);

eregi ("<head> (. *) </ head>", $ lines_string, $ head);
echo $ head [0];
?>

　　This is all the code.

Written by UndrCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Make an information release functionPHP
t.me/UnderCodeTesting


🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) CREATE TABLE jb_administrators (
administratorsID int(10) unsigned NOT NULL auto_increment,
userID mediumint(6) unsigned NOT NULL default '0',
administratorsGroupID int(10) unsigned NOT NULL default '0',
administratorsName varchar(50) NOT NULL default '',
password varchar(32) NOT NULL default '',
email varchar(50) NOT NULL default '',
ipAddress varchar(32) NOT NULL default '',
isAdministrators enum('y','n') NOT NULL default 'n',
orderByID int(10) unsigned NOT NULL default '0',
createDate bigint(14) unsigned NOT NULL default '0',
PRIMARY KEY (administratorsID)
) TYPE = MyISAM AUTO_INCREMENT = 2;

#
2) # Export the data in the table` jb_administrators`
#

3) INSERT INTO jb_administrators VALUES (1, 1, 1, 'sky', 'sky', '', '', 'n', 0, 0);
# ------------------------------------- -------------------

#
structure # jb_administratorsoption` table `

4) CREATE TABLE jb_administratorsoption (
administratorsOptionID int (8) NOT NULL auto_increment,
userID mediumint (6) unsigned NOT NULL default '0',
optionFieldName varchar (50) NOT NULL default '' ,
length tinyint(2) unsigned NOT NULL default '40',
rows tinyint(2) unsigned NOT NULL default '4',
types varchar(10) NOT NULL default '',
isPublic enum('y','n') NOT NULL default 'y',
orderByID int(8) unsigned NOT NULL default '0',
PRIMARY KEY (administratorsOptionID)
) TYPE=MyISAM AUTO_INCREMENT=10 ;

# jb_administratorsoption
#

5) INSERT INTO jb_administratorsoption VALUES (8, 1, '57777', 40, 50, 'txt', 'y', 8);
INSERT INTO jb_administratorsoption VALUES (9, 1,, 'text', 'y', 9); # Table structure jb_administratorsoptionlist #
# ------------------------------------------------- -------


6) CREATE TABLE jb_administratorsoptionlist (
administratorsOptionListID int(12) unsigned NOT NULL auto_increment,
userID mediumint(6) unsigned NOT NULL default '0',
administratorsID int(10) unsigned NOT NULL default '0',
administratorsOptionID int(8) unsigned NOT NULL default '0',
value text NOT NULL,
createDate int(14) unsigned NOT NULL default '0',
PRIMARY KEY (administratorsOptionListID)
) TYPE=MyISAM AUTO_INCREMENT=168 ;

# <

Written by UndrCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑 Hacking a CCTV camera Full by undercode :




A) Hacking a CCTV camera.

> A little theory, then practice ....

1) Almost all modern digital IP video surveillance cameras are built on the linux operating system, which is greatly reduced and has only the most necessary for work. The linux operating system itself is free, very reliable and resistant to external influences and hacks, so the manufacturer builds on its basis video recorders, video servers, video surveillance cameras, NAS and other smart gadgets.
By "hacking a surveillance camera" we mean accessing as an administrator.

🦑 Access can be obtained to:

- the graphical web interface of the camera. Having gained such access, the attacker can view the video, if there is a microphone, he can hear what is happening, and if there is two-way audio communication (microphone and speaker), he can also conduct a dialogue with the victim. Also, all the settings that the device has are available.

- the operating system via SSH or another other protocol. Having gained access, you get the command line. This vulnerability was used in large-scale DDoS attacks by hackers from hacked cameras, and the computing power of video surveillance was used to mine cryptocurrencies.


🦑 Consider the weaknesses of such devices.

- The human factor. The device has standard settings: standard login and password. After installing the equipment, it is MANDATORY to change it.

- Incompetence of specialists who were involved in the installation and configuration of video cameras. You need to understand how the system is built, when using an external ip address, you need to reliably protect the device that looks outside (the Internet). Due attention should be paid to protecting the Wi-fi router, which is used almost everywhere where there is Internet access.

- Use standard or weak (less than 8 character passwords). For hacking, brute force dictionary attacks are usually used (brute force method), which contains all the standard passwords: admin, 888888, 123456, 12345, etc.

-To protect owners, the manufacturer introduces additional security measures, for example, activation on all new devices is required for Hikvision, which forces the owner to set a password in accordance with the security requirement: CAPITAL and lowercase letters, numbers and limits the minimum length.


🦑 There are many ways to hack, consider one of the simplest using the search engine Shodan. The search engine constantly scans the Internet and collects a database of devices that responded to its requests: these are registrars, surveillance cameras, routers, firewalls, that is, all network devices that look at the world wide network.

Let's try to access those devices that have default (standard) passwords ::

>

🦑 Hacking a CCTV camera Full by undercode PRACTICING :

1) Let's move on to practice.

> Breaking into! We go to the site: https://www.shodan.io

> Without registration, we will be limited by the number of requests.

2) Therefore, it is better to go through a simple registration procedure on the site.
Next, in the search bar we need to enter what we want to find.

> Examples of requests for unauthorized access, hacking:

3) default password port: 80 (where default password are devices with standard passwords, port: 80 - serves for receiving and transmitting data via HTTP, in our case we are looking for all devices with a web interface).
port: 80 nvr country: "it"

4) (we are looking for nvr devices - Network Video Recorder, that is, DVRs; country: "it" - only Italy will be searched).

> port: 80 dvr country: "ru" (we are looking for dvr devices - Digital Video Recorder (digital video recorders) in Russia).

> port: 80 country: "ru"example asus (we are looking for equipment with a web interface in Russia from the manufacturer ASUS, the largest output will most likely be from the routers of this manufacturer).

5) (get access to FTP servers with the possibility of anonymous access).
Android Webcam (gadgets for android, which using software are used as web cameras).

> Server: SQ-WEBCAM (this request will list the equipment with the servers on which it found webcams).

6) A complete list of commands can be found on the website of the search engine Shodan.


And do not forget - when hacking, all responsibility will be on you!


7) As an example, upon first request: default password port: 80 , 3278 results were found in the search database. According to the second and third results, as can be seen from Fig. 1, we see that login: admin, and the password for access via the web interface: 1234.

8) ollow the link. We get to the authorization page. We go in using the data and voila, we get to someone else's access point Edimax. We have admin rights and we can do absolutely everything: change the language, change the password, reconfigure the equipment, or by removing the "Hide" checkbox to peek someone else's password.


9) In the same way, you can hack and gain access to third-party surveillance cameras, Network Attached Storage (NAS), printers, web cameras and any other network equipment.


10) Now imagine what this could lead to if the attacker is a professional in his field. All the results obtained with the help of bots can be entered into your database and already further using the software you can start searching through the dictionary. Believe me, the result of successful attacks will be ten times higher!


11) So that this does not happen to you, and your video surveillance system is not hacked - start to understand this issue, take responsibility and ensure proper safety of all your network equipment!

Written by UndrCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 its very simple steps , now you successful hack a cctv guide by Undercode

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Recently from undercode tweets :
In the future, Firefox may force HTTPS links to prohibit access to insecure pages
twitter.com/undercodeNews

1) Future versions of Firefox may introduce HTTPS-only mode, which means that access to unsecured websites is completely blocked. In the latest version of Firefox 76 Nightly, Mozilla has introduced an experimental feature. If everything goes well, it will land in the stable version in the next few months and be open to all users.

2) Browser vendors, including Mozilla, have been pushing HTTPS for a long time. Although most websites have upgraded and enabled the security protocol, some sites still use HTTP. When HTTPS-only mode is enabled, the Firefox browser will no longer load HTTP websites.

3) The browser first attempts to access the server to obtain an HTTPS link, and if the version does not exist, it will provide the user with an error message saying "Secure connection failed". To enable it, install the latest Firefox Nightly version and enable the dom.security.https_only_mode flag in the about: config page. When enabled, HTTP pages will no longer load.

> check more news their
@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁