=================================================================================================================
Account: savic4430:44302004
URL: http://steamcommunity.com/profiles/76561197994393506
Balance: 0 RUB
Level: 0
Email: Unverified
KT: False
VAC: False
Limit: True
<================================================>
[#1] ->: RACE 07 Demo] - [Played: 0.32 hrs.] - [Recently played: 0.0 hrs.]
=================================================================================================================
Account: malaybhadury:9126135378
URL: http://steamcommunity.com/profiles/76561198052397081
Balance: 0 RUB
Level: 0
Email: Unverified
KT: False
VAC: False
Limit: True
<================================================>
[#1] ->Counter-Strike: Global Offensive] - [Played: 0.4 hrs.] - [Recently played: 0.4 hrs.]
=================================================================================================================
Account: mohmmed580:123147159.mohmmed
URL: http://steamcommunity.com/profiles/76561198208343797
Balance: 0 RUB
Level: 0
Email: Unverified
KT: False
VAC: False
Limit: True
<================================================>
[#1] - >Counter-Strike: Global Offensive] - [Played: 7.56 hrs.] - [Recently played: 0.0 hrs.]
[#2] -> Call of Duty: Modern Warfare 3 - Dedicated Server] - [Played: 0.1 hrs.] - [Recently played: 0.0 hrs.]
=================================================================================================================
Account: tu21922:tu550126
URL: http://steamcommunity.com/profiles/76561198215034251
Balance: 0 RUB
Level: 0
Email: Unverified
KT: False
VAC: False
Limit: True
<================================================>
[#1] - > Teeworlds] - [Played: 0.36 hrs.] - [Recently played: 0.0 hrs.]
[#2] - >: Mitos.is: The> - [Played: 0.12 hrs.] - [Recently played: 0.0 hrs.]
=================================================================================================================
Account: ruyj6xu6123:a26841379
URL: http://steamcommunity.com/profiles/76561198202832390
Balance: 0 RUB
Level: 0
Email: Verified
KT: False
VAC: False
Limit: True
<================================================>
[#1] >Counter-Strike: Global Offensive] - [Played: 8.34 hrs.] - [Recently played: 0.0 hrs.]
=================================================================================================================
Account: shynobii:schmitt00
URL: http://steamcommunity.com/profiles/76561197999686172
Balance: 0 RUB
Level: 0
Email: Unverified
KT: False
VAC: False
Limit: True
<================================================>
[#1] - ?> Counter-Strike: Global Offensive] - [Played: 10.2 hrs.] - [Recently played: 0.0 hrs.]
=================================================================================================================
Account: guigui9518:stargate
URL: http://steamcommunity.com/profiles/76561198051912519
Balance: 0 RUB
Level: 0
Email: Unverified
KT: False
VAC: False
Limit: True
<================================================>
[#1] - >: Counter-Strike: Global Offensive] - [Played: 28.13 hrs.] - [Recently played: 0.36 hrs.]
=================================================================================================================
Account: ridhin_or:GILLETTE
URL: http://steamcommunity.com/profiles/76561198001718835
Balance: 0 RUB
Level: 6
Email: Unverified
KT: True
VAC: False
Limit: False
<================================================>
[#1] - [>: Half-Life Deathmatch: Source] - [Played: 1.4 hrs.] - [Recently played: 0.0 hrs.]
[#2] - [> Half-Life 2: Episode One] - [Played: 1.32 hrs.] - [Recently played: 0.0 hrs.]
[#3] -> Counter-Strike: Global Offensive] - [Played: 22.39 hrs.] - [Recently played: 1.3 hrs.]

[#4] ->: Dota 2] - [Played: 0.6 hrs.] - [Recently played: 0.1 hrs.]
[#5] -> Zombie Panic! Source] - [Played: 2.28 hrs.] - [Recently played: 0.0 hrs.]
=================================================================================================================
Account: mirpahithos:693959
URL: http://steamcommunity.com/profiles/76561198034010951
Balance: 0 RUB
Level: 0
Email: Unverified
KT: False
VAC: False
Limit: True
<=================================== Game=============>
[#1] - : Counter-Strike: Global Offensive] - [Played: 0.0 hrs.] - [Recently played: 0.1 hrs.]
=================================================================================================================
Account: jessie5538:pock4221
URL: http://steamcommunity.com/profiles/76561197991703498
Balance: 0 RUB
Level: 0
Email: Unverified
KT: True
VAC: False
Limit: True
<================================================>
[#1] - [> Counter-Strike: Global Offensive] - [Played: 37.8 hrs.] - [Recently played: 0.0 hrs.]
[#2] >: Z1 Battle Royale] - [Played: 0.2 hrs.] - [Recently played: 0.0 hrs.]
=================================================================================================================
Account: terucore:6149451986
URL: http://steamcommunity.com/profiles/76561198142756088
Balance: 0 RUB
Level: 0
Email: Unverified
KT: True
VAC: False
Limit: True
<================================================>
[#1] - >Dota 2] - [Played: 0.22 hrs.] - [Recently played: 0.0 hrs.]
=================================================================================================================
Account: jagkapol:02320232
URL: http://steamcommunity.com/profiles/76561198040530005
Balance: 0 RUB
Level: 0
Email: Unverified
KT: False
VAC: False
Limit: True
<================================================>
[#1] - > Counter-Strike: Global Offensive] - [Played: 299.57 hrs.] - [Recently played: 0.57 hrs.]
=================================================================================================================
Account: aslokilo:aslokilo
URL: http://steamcommunity.com/profiles/76561198015261330
Balance: 0 RUB
Level: 0
Email: Unverified
KT: True
VAC: False
Limit: True
<================================================>
[#1] - >: Counter-Strike: Global Offensive] - [Played: 51.42 hrs.] - [Recently played: 0.28 hrs.]
=================================================================================================================
Account: cooler91:rchsea49lor
URL: http://steamcommunity.com/profiles/76561197988174161
Balance: 0 RUB
Level: 7
Email: Unverified
KT: True
VAC: False
Limit: False
<================================================>
[#1] -> Counter-Strike: Global Offensive] - [Played: 176.55 hrs.] - [Recently played: 45.40 hrs.]
[#2] - >: Left 4 Dead Dedicated Server] - [Played: 0.1 hrs.] - [Recently played: 0.0 hrs.]
[#3] -> Dota 2] - [Played: 14.3 hrs.] - [Recently played: 0.1 hrs.]
=================================================================================================================
Account: alakesh_143:alligator
URL: http://steamcommunity.com/profiles/76561198078544767
Balance: 0 RUB
Level: 0
Email: Unverified
KT: False
VAC: False
Limit: True
<================================================>
[#1] - >Counter-Strike: Global Offensive] - [Played: 0.16 hrs.] - [Recently played: 0.16 hrs.]
=================================================================================================================
Account: skidcrusher:5tq11aszx
URL: http://steamcommunity.com/profiles/76561198028161143
Balance: 0 RUB
Level: 0
Email: Unverified
KT: True
VAC: False
Limit: True
<================================================>
[#1] - > Counter-Strike: Global Offensive] - [Played: 118.3 hrs.] - [Recently played: 0.39 hrs.]

🦑 After login send screanshoats to @Undercode_Testing

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 BYPASS OTP
> Generally speaking, OTP is a 4-digit combination from 0000 to 9999. If OTP has 10,000 possible combinations, in today's powerful computer era, it takes only a few minutes to process 10,000 combinations. So, if OTP's authentication mechanism is improper, anyone can bypass it by simple brute force enumeration.
T.me/UndercodeTesting

🦑𝕃𝔼𝕋' 𝕊 𝕊𝕋𝔸ℝ𝕋 :

> Why can I bypass 2FA?

The target system does not rate limit unsuccessful request attempts

> The target system has no new dynamic password measures for unsuccessful request attempts

🦑vPrerequisite preparation:

1) Web browser, BurpSuite.

2) Bypass 2FA's recurring process

3) Bypass 2FA's recurring process

🦑1) Open BurpSuite, use the mobile phone number to log in to the target system website, here, deliberately enter the wrong system to send the dynamic OTP to your mobile phone (here we randomly enter 1234), and then use BurpSuite to capture the traffic;

2) From BurpSuite we can see the relevant information of OTP API – verifyOTP? Otp =:

3) Right-click Send to intruder for the OTP sending process:

3) Select the otp = 1234 placeholder and set it as a simple brute force enumeration variable method:

5) Select the Payload tab item, modify it to any combination, and then click attack:

6) The attack begins. From the results of the enumeration response, we can see an abnormal response with a length of 2250. Unsurprisingly, it is it:

7)Log in with this OTP, it can be successful and effective!

> this trick not working for some services providers due to new patches, still get luck in some

> use for learn & security only !!!
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 otp bypass

🦑 Let's send some great hacking tools

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 tracking tools updated :
Pinterest.com/Undercode_Testing

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

First unload the tool.

1)git clone https://github.com/jofpin/trape.git

2) cd trape

3) python2 trape.py -h
If it does not work, try to install all the libraries that are located in the file requirements.txt

4) python2 -m pip install -r requirements.txt
Example of execution

🦑 COMMNADS Example: python2 trape.py --url http://example.com --port 8080
HELP AND OPTIONS

user:~$ python2 trape.py --help
usage: python trape.py -u <> -p <> [-h] [-v] [-u URL] [-p PORT]
[-ak ACCESSKEY] [-l LOCAL]
[--update] [-n] [-ic INJC]

🦑 optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-u URL, --url URL Put the web page url to clone
-p PORT, --port PORT Insert your port
-ak ACCESSKEY, --accesskey ACCESSKEY
Insert your custom key access
-l LOCAL, --local LOCAL
Insert your home file
-n, --ngrok Insert your ngrok Authtoken
-ic INJC, --injectcode INJC
Insert your custom REST API path
-ud UPDATE, --update UPDATE
Update trape to the latest version
--url In this option you add the URL you want to clone, which works as a decoy.

--port Here you insert the port, where you are going to run the trape server.

--accesskey You enter a custom key for the trape panel, if you do not insert it will generate an automatic key.

--injectcode trape contains a REST API to play anywhere, using this option you can customize the name of the file to include, if it does not, generates a random name allusive to a token.

--local Using this option you can call a local HTML file, this is the replacement of the --url option made to run a local lure in trape.

--ngrok In this option you can enter a token, to run at the time of a process. This would replace the token saved in configurations.

--version You can see the version number of trape.

--update Option used to upgrade to the latest version of trape.

--help It is used to see all the above options, from the executable.


🦑 Tested by Undercode :

> on root termux

> ubuntu

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 An advanced network scan and attack script based on GUI. 2nd version of no-GUI netattack.
fb.com/UndercodeTesting

🦑 FEATURES :

1) SCANNING
Scan your network for active hosts, their operating system, open ports and way more.
Scan for Access-Points and figure out encryption type, WPS and other useful data.

2) SPOOFING/SNIFFING
Simple ARP Spoofing
DNS Sniffing by ARP Spoofing the target and listening to DNS-Queries
KICKING
Kicking hosts off your internet using ARP-Spoof attack

3) DEAUTHING
Send deauthentication packets to Access Points in your area (DoS)
Deauth-All, basically does the same but it scans for networks and attacks them periodically.


🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/chrizator/netattack2

2)cd netattack2

3) python netattack2.py

🦑 E N J O Y
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 UPDATED Remote Desktop Protocol in Twisted Python
twitter.com/UndercodeNews
🦑 FEATURES:

RDPY provides the following RDP and VNC binaries :

1) RDP Man In The Middle proxy which record session

2) RDP Honeypot

3) RDP screenshoter

4) RDP client

5) VNC client

6) VNC screenshoter

7) RSS Player

🦑Dependencies are only needed for pyqt4 binaries :

rdpy-rdpclient
rdpy-rdpscreenshot
rdpy-vncclient
rdpy-vncscreenshot
rdpy-rssplayer

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

> Linux
Example for Debian based systems :

sudo apt-get install python-qt4

🦑 Build
$ git clone https://github.com/citronneur/rdpy.git rdpy
$ pip install twisted pyopenssl qt4reactor service_identity rsa pyasn1
$ python rdpy/setup.py install
Or use PIP:

$ pip install rdpy
For virtualenv, you will need to link the qt4 library to it:

$ ln -s /usr/lib/python2.7/dist-packages/PyQt4/ $VIRTUAL_ENV/lib/python2.7/site-packages/
$ ln -s /usr/lib/python2.7/dist-packages/sip.so $VIRTUAL_ENV/lib/python2.7/site-packages/

🦑 COMMANDS :

rdpy-rdpclient
rdpy-rdpclient is a simple RDP Qt4 client.

$ rdpy-rdpclient.py [-u username] [-p password] [-d domain] [-r rss_ouput_file] [...] XXX.XXX.XXX.XXX[:3389]
You can use rdpy-rdpclient in a Recorder Session Scenario, used in rdpy-rdphoneypot.

rdpy-vncclient
rdpy-vncclient is a simple VNC Qt4 client .

$ rdpy-vncclient.py [-p password] XXX.XXX.XXX.XXX[:5900]
rdpy-rdpscreenshot
rdpy-rdpscreenshot saves login screen in file.

$ rdpy-rdpscreenshot.py [-w width] [-l height] [-o output_file_path] XXX.XXX.XXX.XXX[:3389]
rdpy-vncscreenshot
rdpy-vncscreenshot saves the first screen update in file.

$ rdpy-vncscreenshot.py [-p password] [-o output_file_path] XXX.XXX.XXX.XXX[:5900]
rdpy-rdpmitm
rdpy-rdpmitm is a RDP proxy allows you to do a Man In The Middle attack on RDP protocol. Record Session Scenario into rss file which can be replayed by rdpy-rssplayer.

$ rdpy-rdpmitm.py -o output_dir [-l listen_port] [-k private_key_file_path] [-c certificate_file_path] [-r (for XP or server 2003 client)] target_host[:target_port]
Output directory is used to save the rss file with following format (YYYYMMDDHHMMSS_ip_index.rss) The private key file and the certificate file are classic cryptographic files for SSL connections. The RDP protocol can negotiate its own security layer If one of both parameters are omitted, the server use standard RDP as security layer.

rdpy-rdphoneypot
rdpy-rdphoneypot is an RDP honey Pot. Use Recorded Session Scenario to replay scenario through RDP Protocol.

$ rdpy-rdphoneypot.py [-l listen_port] [-k private_key_file_path] [-c certificate_file_path] rss_file_path_1 ... rss_file_path_N
The private key file and the certificate file are classic cryptographic files for SSL connections. The RDP protocol can negotiate its own security layer. If one of both parameters are omitted, the server use standard RDP as security layer. You can specify more than one files to match more common screen size.

rdpy-rssplayer
rdpy-rssplayer is use to replay Record Session Scenario (rss) files generates by either rdpy-rdpmitm or rdpy-rdpclient binaries.

$ rdpy-rssplayer.py rss_file_path


🦑Tested by Undercode on

> parrot os


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Simple VNC Client > full code :
t.me/UndercodeTesting

from rdpy.protocol.rfb import rfb

class MyRFBFactory(rfb.ClientFactory):

def clientConnectionLost(self, connector, reason):
reactor.stop()

def clientConnectionFailed(self, connector, reason):
reactor.stop()

def buildObserver(self, controller, addr):
class MyObserver(rfb.RFBClientObserver):

def onReady(self):
"""
@summary: Event when network stack is ready to receive or send event
"""

def onUpdate(self, width, height, x, y, pixelFormat, encoding, data):
"""
@summary: Implement RFBClientObserver interface
@param width: width of new image
@param height: height of new image
@param x: x position of new image
@param y: y position of new image
@param pixelFormat: pixefFormat structure in rfb.message.PixelFormat
@param encoding: encoding type rfb.message.Encoding
@param data: image data in accordance with pixel format and encoding
"""

def onCutText(self, text):
"""
@summary: event when server send cut text event
@param text: text received
"""

def onBell(self):
"""
@summary: event when server send biiip
"""

def onClose(self):
"""
@summary: Call when stack is close
"""

return MyObserver(controller)

from twisted.internet import reactor
reactor.connectTCP("XXX.XXX.XXX.XXX", 3389, MyRFBFactory())
reactor.run()


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁