🦑 Android-Apple Full Pentesting-

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 What is the difference between IPSec VPN and SSL VPN?
>SSL VPN is different from traditional IPSec VPN technology and has its own advantages.
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) SSL VPN is more suitable for remote access (Client-Site) for mobile users, while IPSec VPN has inherent advantages in Site-Site VPN connections.

2) These two products will coexist in the VPN market for a long time, with complementary advantages. In terms of product performance, the two have the following major differences:


A) IPsec VPN is mostly used for "net-net" connection, and SSL VPN is used for "mobile client-net" connection. SSL VPN mobile users use a standard browser and can access the internal network through the SSL VPN tunnel without installing a client program; while IPSec VPN mobile users need to install special IPSec client software.


B) SSL VPN is a VPN based on the application layer, and IPsec VPN is a VPN based on the network layer. IPsec VPN is transparent to all IP applications; SSL VPN protects Web-based applications with more advantages. Of course, good products also support TCP / UDP C / S applications such as file sharing, network neighbors, Ftp, Telnet, Oracle, etc. .

C) SSL VPN users are not restricted by Internet access methods. SSL VPN tunnels can penetrate Firewall; while IPSec clients need to support "NAT penetration" function to penetrate Firewall, and Firewall needs to open UDP500 port.

D) SSL VPN only needs to maintain the gateway device of the central node, and the client is maintenance-free, reducing deployment and support costs. The IPSec VPN needs to manage every node of the communication, and the network management is more professional.

E) SSL VPN is easier to provide fine-grained access control. It can control users' permissions, resources, services, and files more carefully, and it is more convenient to integrate with third-party authentication systems (such as radius, AD, etc.). The IPSec VPN mainly controls access to users based on IP groups.

🦑 In terms of implementation technology and application, it is discussed from the following four aspects:

1) The difference between SSL VPN and IPSec VPN in the underlying protocol

Simply put, both SSL and IPSec are encrypted communication protocols to protect IP-based data streams from any TCP network. Both communication protocols have their own unique characteristics and benefits.

2) IPSec protocol is a network layer protocol, which is a series of protocol suites provided to guarantee IP communication. The SSL protocol is a socket layer protocol, which is a protocol provided to guarantee the security of Web-based communication on the Internet.

3) IPSec designs a complete set of tunneling, encryption, and authentication schemes for data integrity, security, and legality when data passes through public networks. IPSec can provide an interoperable, high-quality, encryption-based security mechanism for IPv4 / IPv6 networks. Provide confidentiality services including access control, connectionless data integrity, data source authentication, prevention of retransmission attacks, encryption-based data confidentiality, and restricted data flow.

4) SSL uses public keys to encrypt data transmitted over SSL connections to work. SSL is a high-level security protocol built on the application layer. SSL VPN uses SSL protocol and proxy to provide end users with HTTP, client / server and shared file resource access authentication and access security SSL VPN pass-through user layer authentication. Ensure that only users authenticated by the security policy can access the specified resources.

5) SSL is specifically designed to protect the HTTP communication protocol. When both the browser and the web server are configured to support SSL, if the data stream transmitted through this communication protocol is encrypted, SSL will provide a secure "envelope" to protect the IP packets in the browser and web server .

6) There are some principle differences in the design of IPSec and SSL communication protocols. First, IPSec is centered on the network layer, while SSL is centered on the application layer. Second, IPSec requires special client software, and SSL uses any SSL-supported browser as the client. Finally, SSL was originally centered on mobility and IPSec was not.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Second, the difference in connection methods between SSL VPN and IPSec VPN
fb.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) In connection mode, SSL VPN and IPSec VPN are also very different. IPSec VPN was originally designed to provide site-to-site communication between various departments of an enterprise. As the enterprise expanded users to include remote access, they had to expand the standard of the IPSec protocol or modify the protocol implemented by the manufacturer.

2) IPSec VPN provides direct (non-proxy) access by creating a tunnel between the two sites to achieve transparent access to the entire network; once the tunnel is created, the user's PC is physically located in the corporate LAN. It requires hardware and software compatibility, and requires that both ends of the "tunnel" can only be software from the same vendor. With IPSec VPNs, enterprises have to specify the technology used at both ends of the "tunnel", but few companies can or are willing to force their partners or customers to also use this technology, which limits the application of establishing an enterprise extranet through IPSec VPN.

3) Compared with the traditional IPSec VPN, SSL allows enterprises to achieve more remote users to access in different locations, achieve more network resource access, and low requirements for client devices, thus reducing the cost of configuration and operation support. Many enterprise users adopt SSL VPN as the remote security access technology, and the main emphasis is on its convenient access capability.

4) SSL VPN provides enhanced remote security access functions. The access mode of IPSec VPN makes the user's PC as if it is physically in the corporate LAN. This brings a lot of security risks, especially when the access user authority is too large.

>SSL VPN provides a secure, proxyable connection, and only authenticated users can access resources, which is much safer. SSL VPN can subdivide the encrypted tunnel, so that end users can simultaneously access the Internet and access internal corporate network resources, that is to say,

5) SSL VPN is basically not restricted by access location, and can access network resources from numerous Internet access devices and any remote location. SSL VPN communication is based on the standard TCP / UDP protocol transmission, so it can traverse all NAT devices, proxy-based firewalls and status detection firewalls.

>This allows users to access from anywhere, whether behind a proxy-based firewall in another company's network or a broadband connection. IPSec VPN is difficult to implement in a slightly complicated network structure. In addition, SSL VPN can be accessed from manageable enterprise devices or non-managed devices, such as home PCs or public Internet access sites, while IPSec VPN clients can only be accessed from manageable or fixed devices.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Bypass Whatsapp image compression, create & send magic or malicious image without filtration...

🦑 Credit : Undercode Testing

https://www.youtube.com/watch?v=aFSbNwurJmQ&t=51s

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Termux Hacking 2020
t.me/undercode_Testing

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) git clone https://github.com/kuburan/txtool.git

2) cd txtool

3) apt install python2

4) ./install.py

6) txtool

7) for ssh backdoor access, txtool used paramiko python library that required PyNacl if you have an error installing PyNacl, follow my steps:

$ apt-get install --assume-yes libsodium libsodium-dev

$ SODIUM_INSTALL=system pip2 install pynacl

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑updated A powerful and useful hacker dictionary builder for a brute-force attack
instagram.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) git clone --depth=1 --branch=master https://www.github.com/landgrey/

2) pydictor.git

3) cd pydictor/

4) chmod +x pydictor.py

5) python pydictor.py

🦑 EXAMPLE USAGE :

type wordlist identifier description supported function
core base C1 basic wordlist F1 F2 F3 F4
core char C2 custom character wordlist F1 F2 F3 F4
core chunk C3 permutation and combination wordlist ALL
core conf C4 based on configuration file wordlist ALL
core extend C5 extend wordlist based on rules ALL
core sedb C6 social engineering wordlist ALL
tool combiner T1 combine the specify directory files tool
tool comparer T2 compare two file content difference tool ALL
tool counter T3 word frequency count tool ALL
tool handler T4 handle the input file tool ALL
tool uniqbiner T5 combine and unique the directory files tool ALL
tool uniqifer T6 unique the input file tool ALL
tool hybrider T7 hybrid couples word list tool F1 F2 F3 F4

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑A cross platform Python frequency scanning GUI for the OsmoSDR rtl-sdr library
pinterest.com/undercode_Testing

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Ubuntu

Press [CTRL][ALT][T] to open a command window and run the following command to install the libraries:

sudo apt-get install python python-wxgtk3.0 rtl-sdr

Install the software using:

sudo pip install -U rtlsdr_scanner

Now you should be able to run the program:

python -m rtlsdr_scanner

2) Windows

To see if it's working open a command prompt.

Then run:

rtl_test

You should see an output similar to this:

Found 1 device(s):
0: PROlectrix DV107669

Using device 0: PROlectrix DV107669
Found Fitipower FC0012 tuner
Supported gain values (5): -9.9 -4.0 7.1 17.9 19.2

Info: This tool will continuously read from the device, and report if
samples get lost. If you observe no further output, everything is fine.

Reading samples in async mode...
lost at least 12 bytes

If so your dongle and driver are now fully installed.

Potential Errors

'rtl_test' is not recognized as an internal or external command, operable program or batch file.
If you used the installer, first change to the installation directory, otherwise you're PATH hasn't been set properly, try step 2 again.
rtl_test reports 'No supported devices found.'
The driver has not been installed, try steps 3 to 7 again.
rtl_test keeps repeating 'lost at least'
Your machine may be too slow, try closing other programs and plug the dongle into a different USB port.

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 Weaponized web shell Termux :
fb.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

FEATURES :

Shell access to the target
SQL console pivoting on the target
HTTP/HTTPS proxy to browse through the target
Upload and download files
Spawn reverse and direct TCP shells
Audit remote target security
Port scan pivoting on target
Mount the remote filesystem
Bruteforce SQL accounts pivoting on the target

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/epinna/weevely3

2) cd weevely3

3) run as python
weevely generate <password> <path>
weevely <URL> <password> [cmd]

🦑Module Description
:audit_filesystem Audit the file system for weak permissions.
:audit_suidsgid Find files with SUID or SGID flags.
:audit_disablefunctionbypass Bypass disable_function restrictions with mod_cgi and .htaccess.
:audit_etcpasswd Read /etc/passwd with different techniques.
:audit_phpconf Audit PHP configuration.
:shell_sh Execute shell commands.
:shell_su Execute commands with su.
:shell_php Execute PHP commands.
:system_extensions Collect PHP and webserver extension list.
:system_info Collect system information.
:system_procs List running processes.
:backdoor_reversetcp Execute a reverse TCP shell.
:backdoor_tcp Spawn a shell on a TCP port.
:bruteforce_sql Bruteforce SQL database.
:file_gzip Compress or expand gzip files.
:file_clearlog Remove string from a file.
:file_check Get attributes and permissions of a file.
:file_upload Upload file to remote filesystem.
:file_webdownload Download an URL.
:file_tar Compress or expand tar archives.
:file_download Download file from remote filesystem.
:file_bzip2 Compress or expand bzip2 files.
:file_edit Edit remote file on a local editor.
:file_grep Print lines matching a pattern in multiple files.
:file_ls List directory content.
:file_cp Copy single file.
:file_rm Remove remote file.

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Complet termux wifi hacking tool
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

FEATURES :

1) WPS: The Offline Pixie-Dust attack

2) WPS: The Online Brute-Force PIN attack

3) WPA: The WPA Handshake Capture + offline crack.

4) WPA: The PMKID Hash Capture + offline crack.

5) WEP: Various known attacks against WEP, including fragmentation, chop-chop, aireplay, etc.

6) Run wifite, select your targets, and Wifite will automatically start trying to capture or crack the password.

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/derv82/wifite2.git

2) cd wifite2

3) sudo ./Wifite.py

🦑To install onto your computer (so you can just run wifite from any terminal), run:

1) sudo python setup.py install
This will install wifite to /usr/sbin/wifite which should be in your terminal path.

Note: Uninstalling is not as easy. The only way to uninstall is to record the files installed by the above command and remove those files:

2) sudo python setup.py install --record files.txt \
&& cat files.txt | xargs sudo rm \
&& rm -f files.txt

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Termux - CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
t.me/undercodeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :


1) git clone https://github.com/Dionach/CMSmap
Then you need to configure the edbtype and edbpath settings in the cmsmap.conf. Use GIT if you have a local Git repository of Exploit-db :

2) [exploitdb]
edbtype = GIT
edbpath = /opt/exploitdb/

3) Alternatively, use APT if you have installed the debian exploitdb package. For Kali, use the following settings :

[exploitdb]
edbtype = APT
edbpath = /usr/share/exploitdb/

4) If you would like to run cmsmap from anywhere in your system you can install it with pip3 :

>cd CMSmap

>pip3 install .

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑New acounts- Login With given Proxies Express Vpn Tested :
t.me/undercodeTesting



rodrigozepeda55@gmail.com:267165Rz, Account is Valid. Try logging in App to find out Status., Proxy: 113.166.121.42:4145

matt_lee88@hotmail.com:donkeytea88, Account is Valid. Try logging in App to find out Status., Proxy: 213.32.48.42:52576

ethanbco@gmail.com:hannah@68, Account is Valid. Try logging in App to find out Status.Proxy: 180.92.233.82:4145

mduboef@aol.com:zzzzzz10, Account is Valid. Try logging in App to find out Status. Proxy: 195.206.4.16:48006

grahamrgreenhill@gmail.com:4288Michelle!, Account is Valid. Try logging in App to find out Status. Proxy: 167.99.72.55:8080

stressedcorgi58@gmail.com:Sueshe123, Account is Valid. Try logging in App to find out Status., Proxy: 190.196.20.166:44907

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Premium Proxies _New :

195.158.109.248:50330 elite Apr-12, 10:25 Malta Valletta GO P.L.C.
187.188.182.107:43687 elite Apr-13, 01:23 Mexico Chetumal Iusacell
41.73.128.190:36226 elite Apr-12, 12:28 Nigeria Lagos IS InternetSolu...
217.64.109.231:45282 elite Apr-12, 22:21 Mali Bamako SOTELMA
41.217.219.53:31398 elite Apr-12, 04:12 Malawi Skyband Corpora...
41.217.217.60:36120 elite Apr-12, 22:17 Malawi Skyband Corpora...
41.87.29.130:8080 elite Apr-12, 19:11 Malawi Malawi Telecomm...
146.255.68.166:51329 elite Apr-13, 00:14 Macedonia Skopje Telesmart Telek...
94.242.213.33:8118 elite Apr-12, 10:10 Luxembourg root SA
92.114.234.206:46685 elite Apr-12, 22:27 Moldova, Republic of Chisinau Moldtelecom SA
202.131.234.142:51702 elite Apr-12, 12:10 Mongolia Mobinet LLC
202.179.7.182:56506 elite Apr-12, 19:09 Mongolia Mongolia Telecom
155.93.108.170:30348 elite Apr-12, 06:00 Nigeria Lagos
196.1.184.6:52963 elite Apr-13, 01:04 Nigeria Lagos Nigerian Teleco...
165.98.53.38:35332 elite Apr-12, 18:57 Nicaragua Centro De Admin...
114.134.172.50:60664 elite Apr-12, 19:08 New Zealand Auckland New Zealand Tec...
134.19.181.28:80 elite Apr-13, 00:37 Netherlands Hilversum Global Layer B.V.
202.166.207.195:8080 elite Apr-12, 21:24 Nepal Kathmandu SingNet Pte

@UndercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Best 2020 Tempory Mail-No Login Required :
pinterest.com/undercode_Testing



http://www.20minutemail.com/

https://burnermail.io/

http://10minutemail.com/10MinuteMail/error.html

https://www.spamgourmet.com/index.pl

http://www.yopmail.com/en/

http://boun.cr/

https://tempmailo.com/

https://www.guerrillamail.com/

https://getnada.com/

http://temp-mail.org/

http://generator.email/

https://maildrop.cc/

http://www.e4ward.com/

http://www.throwawaymail.com/

http://mailinator.com/

https://mytemp.email/

https://tempemailco.com/

https://grouplist.io/

https://www.crazymailing.com/

https://mailtemp.top/

https://www.guerrillamail.com/

https://www.emailondeck.com/

https://ihazspam.ca/

http://www.fakemailgenerator.com/

https://10minutemail.net/

https://tempmail.io/

http://getairmail.com/

http://mailnull.com/


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ACCESS ANY PC VIA HACK SSH Full by Undercode :
What can I do on someone else’s PC using SSH ?
instagram.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

STEP1:
1) Configure Access and Launch Basic Applications
First you need to register a command so that everything we do appears on the remote computer that we logged in through SSH, and not on the local computer on which we logged in. Configure the display path with the following command:

export DISPLAY =: 0.0
Now, by writing a simple firefox command via SSH, you will open a Firefox browser window on the remote computer.

2) But for our first example, let's open the xterm window , displaying network data that looks pretty troubling for a beginner. To make the situation worse, we will do it 10 times. Accordingly, there will be 10 open windows.

4) To do this, we will execute the command in a loop:

for i in {1..10}; do sudo xterm -maximize -e sudo tcpdump; done
In this case, we open the terminal window of the maximum size, and the -e command means that we execute sudo tcpdump in the xterm window that we run.


Step 2 - Calling, Whistling and Speech

1) Before we can reproduce any noise, we need to execute the following command in order to be able to control the speakers remotely.

2) sudo modprobe pcspkr
Now we have many options! First, we can say any phrase through the computer using the say or espeak command .

> say "I am a canadian randomware, I have not encrypted any files but would appreciate some change"
espeak "please give me quarters sorry to bother you"
We can schedule such messages so that they periodically go to chrontab.

4) We can use the beep to drive the user crazy. To use beep , install it with > apt install beep .

🦑 After installation, look at the manual using man beep to evaluate its capabilities:

BEEP(1) General Commands Manual BEEP(1)

NAME
beep - beep the pc speaker any number of ways

SYNOPSIS
beep [--verbose | --debug] [-e device | --device device] [-f
N] [-l N] [-r N] [-d N] [-D N] [-s] [-c]

beep [ OPTIONS ] [-n] [--new] [ OPTIONS ]

beep [-h] [--help]

beep [-v] [-V] [--version]

🦑 We can generate almost any noise with Beep. The following table with frequencies may come in handy:

Note Frequency
C 261.6
C# 277.2
D 293.7
D# 311.1
E 329.6
F 349.2
F# 370.0
G 392.0
G# 415.3
A 440.0
A# 466.2
B 493.9
C 523.2

🦑Step 3 - Awesome Error Messages
Confusing or disturbing error messages is fun, as users usually trust them until they become too absurd. Such messages can be completely different.

> We can call small messages using the notify-send command , with the header and body of the message.

>notify-send 'WARNING' 'I AM CALLING THE INTERNET POLICE'
This message will pop up in the corner. Kinda boring. Instead, we can display a large bold alarm message with the whiptail command and run it in a full-screen window.

xterm -maximized -fullscreen -fa 'Monospace' -fs 19.31 -e whiptail --title "CRITICAL: ACTION CANNOT BE UNDONE" --msgbox "UNAUTHORIZED LOGIN! DATA SAFEGUARD SYSTEM WILL DESTROY THIS TERMINAL IN 10 SECONDS, STAY 30 FEET CLEAR TO AVOID BLAST" --topleft 23 79
You can replace it with your own message, this is how it will look.

Step 4 - Cron Tasks from Hell
Now we can start combining tasks and plan their automatic launch. We can check if there are any existing jobs in crontab with the -l flag, and then add a new job with the -e flag.

crontab -l
crontab -e
In the configuration window that opens, you can add a task for execution every 60 seconds according to the following formula.

* * * * * (your code here)
In order for the computer to beep every 60 seconds, we can add this record and then press ctrl x and y to save the file.