▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Previously-0day exploit from the Hacking Team leak, written by Eugene Ching/Qavar.
t.me/UndercodeTesting

🦑Exploit "raw bytes".

1) We ultimately want to inject the exploit into the target's memory, and directly run it. In order to do that, we need to inject only the relevant instructions (opcodes) and the necessary data.

2) Hence, we extract the code segment (the opcodes) from PIC.exe, and append the necessary data (the malformed font, font-data.bin) into a sequence of bytes.

3) This produces the "raw bytes" that we can directly inject into the target and call CreateRemoteThread() on.

4) This process is automated through the Python script named make-raw-bytes.py. The output is raw-bytes.bin.

🦑Injection into target.
To convert the "raw bytes" into an .exe that actually injects the "raw bytes" into a target, we need to call WriteProcessMemory() & CreateRemoteThread().

1) This process is handled by make-injector-cpp.py. The output is injector.cpp, a piece of code which, when compiled, takes a target PID and executes the exploit.

2) Convenience wrapper.
As a convenience, make.bat will produce injector.exe directly by performing the steps described above.

> In other words, make.bat will:

make-raw-bytes.py
make-injector-cpp.py
build injector.exe

🦑download :
> https://github.com/vlad902/hacking-team-windows-kernel-lpe

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WEBSITES TO DOWNLOAD ANYTHING CRACKED :


https://profreecrack.com.

https://www.ask4pc.net.

https://crackingpatching.com.

https://getintopc.com.

https://crackhomes.com.

https://www.piratecity.net.

https://www.onhaxcrack.me.


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 torrents websites 2020-most popular :

#1 YTS.am

#2 ThePirateBay.org

#3 1337x.to

#4 Rutracker.org

#5 Rarbg.to

#6 Nyaa.si

#7 Torrentz2.eu

#8 eztv.io

#9 torrent9.uno (torrent9.nz)

#10 limetorrents.info

#11 Zooqle.com

#12 katcr.co

#13 Torrentdownloads.me

#14 Magnetdl.com

#15 torlock.com

#16 pcgamestorrents.com

#17 arenabg.com

#18 torrentgalaxy.org

#19 ettv.tv (ettv.to)

#20 torrentfunk.com

#21 seedpeer.me

#22 btdig.com

#23 yourbittorrent.com

#24 monova.org

#25 idope.se


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁\

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Marketplace Commercial Services .onion deep web- for tor browser :
2020 - 7/24 and 24/24

http://6w6vcynl6dumn67c.onion/ – Tor Market Board – Anonymous Marketplace Forums
http://wvk32thojln4gpp4.onion/ – Project Evil
http://5mvm7cg6bgklfjtp.onion/ – Discounted electronics goods
http://lw4ipk5choakk5ze.onion/raw/evbLewgkDSVkifzv8zAo/ – Unfriendlysolution – Legit hitman service
http://nr6juudpp4as4gjg.onion/torgirls.html – Tor Girls
http://tuu66yxvrnn3of7l.onion/ – UK Guns and Ammo
http://nr6juudpp4as4gjg.onion/torguns.htm – Used Tor Guns
http://ucx7bkbi2dtia36r.onion/ – Amazon Business
http://nr6juudpp4as4gjg.onion/tor.html – Tor Technology
http://hbetshipq5yhhrsd.onion/ – Hidden BetCoin
http://cstoreav7i44h2lr.onion/ – CStore Carded Store
http://tfwdi3izigxllure.onion/ – Apples 4 Bitcoin
http://e2qizoerj4d6ldif.onion/ – Carded Store
http://jvrnuue4bvbftiby.onion/ – Data-Bay
http://bgkitnugq5ef2cpi.onion/ – Hackintosh
http://vlp4uw5ui22ljlg7.onion/ – EuroArms
http://b4vqxw2j36wf2bqa.onion/ – Advantage Products
http://ybp4oezfhk24hxmb.onion/ – Hitman Network
http://mts7hqqqeogujc5e.onion/ – Marianic Technology Services
http://mobil7rab6nuf7vx.onion/ – Mobile Store
http://54flq67kqr5wvjqf.onion/ – MSR Shop
http://yth5q7zdmqlycbcz.onion/ – Old Man Fixer’s Fixing Services
http://matrixtxri745dfw.onion/neo/uploads/MATRIXtxri745dfwONION_130827231336IPA_pc.png – PC Shop
http://storegsq3o5mfxiz.onion/ – Samsung StorE
http://sheep5u64fi457aw.onion/ – Sheep Marketplace
http://nr6juudpp4as4gjg.onion/betcoin.htm – Tor BetCoin
http://qizriixqwmeq4p5b.onion/ – Tor Web Developer
http://vfqnd6mieccqyiit.onion/ – UK Passports
http://en35tuzqmn4lofbk.onion/ – US Fake ID Store
http://xfnwyig7olypdq5r.onion/ – USA Citizenship
http://uybu3melulmoljnd.onion/ – iLike Help Guy
http://dbmv53j45pcv534x.onion/ – Network Consulting and Software Development
http://lw4ipk5choakk5ze.onion/raw/4585/ – Quick Solution (Hitman)
http://nr6juudpp4as4gjg.onion/tynermsr.htm – Tyner MSR Store

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Bugs
What makes bWAPP, our extremely buggy web application, so unique?

> SQL, HTML, iFrame, SSI, OS Command, PHP, XML, XPath, LDAP, Host Header and SMTP injections

> Cross-Site Scripting (XSS), Cross-Site Tracing (XST) and Cross-Site

>Request Forgery (CSRF)

> AJAX and Web Services issues (jQuery/JSON/XML/SOAP/WSDL)

> Authentication, authorization and session issues, file upload flaws and backdoor files

>Arbitrary file access, directory traversals, local and remote file inclusions (LFI/RFI)

> Configuration issues: Man-in-the-Middle, cross-domain policy files, information disclosures,...

> HTTP parameter pollution, HTTP response splitting and HTTP verb tampering

> Insecure DistCC, FTP, NTP, Samba, SNMP, VNC and WebDAV configurations

> HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS) and web storage issues

> XML External Entity attacks (XXE) and Server Side Request Forgery (SSRF)

> Heartbleed and Shellshock vulnerability (OpenSSL), Denial-of-Service (DoS) attacks

> Parameter tampering, cookie and password reset poisoning

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑IndexedDB vs LocalStorage :


1) Both IndexedDB and LocalStorage are used to store data in the browser, but they use different technologies and have different uses.

2) You need to choose which one to use according to your situation. LocalStorage stores data in key-value mode, but unlike IndexedDB, its data is not stored in object form. The data it stores is in the form of strings. If you want LocalStorage to store objects, you need to use the JSON.stringify()ability to turn the object into a string form, and then use JSON.parse()the string to restore the object. But if you want to store a lot of complex data, this is not a good solution. After all, localstorage is specifically designed for small amounts of data, and its APIs are synchronized.

3) IndexedDB is very suitable for storing large amounts of data, and its API is called asynchronously. IndexedDB uses indexes to store data, and various database operations are performed in transactions. IndexedDB even supports simple data types. IndexedDB is much more powerful than local storage, but its API is also relatively complex.

4) For simple data, you should continue to use local storage, but when you want to store a large amount of data, IndexedDB will obviously be more suitable. IndexedDB can provide you with a more complicated way to query data.

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑This specification introduces a set of APIs to manipulate client-side databases using SQL.> ANONYMOUSLY ! :

🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋:


1) This specification introduces a set of APIs to manipulate client-side databases using SQL.

2) The API is asynchronous, so authors are likely to find anonymous functions (lambdas) very useful in using this API.

3) Here is an example of a script using this API. First, a function prepareDatabase() is defined. This function returns a handle to the database, first creating the database if necessary. The example then calls the function to do the actual work, in this case showDocCount().

function prepareDatabase(ready, error) {
return openDatabase('documents', '1.0', 'Offline document storage', 5*1024*1024, function (db) {
db.changeVersion('', '1.0', function (t) {
t.executeSql('CREATE TABLE docids (id, name)');
}, error);
});
}

function showDocCount(db, span) {
db.readTransaction(function (t) {
t.executeSql('SELECT COUNT(*) AS c FROM docids', [], function (t, r) {
span.textContent = r.rows[0].c;
}, function (t, e) {
// couldn't read database
span.textContent = '(unknown: ' + e.message + ')';
});
});
}

prepareDatabase(function(db) {
// got database
var span = document.getElementById('doc-count');
showDocCount(db, span);
}, function (e) {
// error getting database
alert(e.message);
});

🦑The executeSql() method has an argument intended to allow variables to be substituted into statements without risking SQL injection vulnerabilities:

db.readTransaction(function (t) {
t.executeSql('SELECT title, author FROM docs WHERE id=?', [id], function (t, data) {
report(data.rows[0].title, data.rows[0].author);
});
});
Sometimes, there might be an arbitrary number of variables to substitute in. Even in these case, the right solution is to construct the query using only "?" characters, and then to pass the variables in as the second argument:

function findDocs(db, resultCallback) {
var q = "";
for each (var i in labels)
q += (q == "" ? "" : ", ") + "?";
db.readTransaction(function (t) {
t.executeSql('SELECT id FROM docs WHERE label IN (' + q + ')', labels, function (t, data) {
resultCallback(data);
});
});
}

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 specification introduces a set of APIs to manipulate client-side databases using SQL.> ANONYMOUSLY ! FULL CODE

#Support & Share :

T.me/UndercodeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑 Common hacker software usage classification :
Pinterest.com/Undercode_Testing
🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋:

1) Prevention:
This is from From the perspective of security, a type of software involved, such as firewalls, virus checking software, system process monitors, port management programs, etc., are all such software .

> This type of software can ensure the safety and personal privacy of computer users to the greatest extent, and will not be destroyed by hackers. The network server also attaches great importance to the needs of such software, such as log analysis software and system intrusion software, which can help administrators maintain the server and track hackers who invade the system.

2) Information collection:
There are many types of information collection software, including scanning software such as port scanning, vulnerability scanning, weak password scanning, etc.; And spyware such as interception and interception of information packets. Most of them are software that is right and wrong.

> That is to say, no matter whether it is a decent hacker, an evil hacker, a system administrator, or a general computer user, user software can accomplish different purposes. In most cases, the frequency of hacker user software is higher because they need to rely on such software to scan the server in an all-round way to obtain as much information about the server as possible. After having a full understanding of the server In order to hack.

3) Third, Trojans and worms:
These are two types of software, but they work on the same principle, both are hidden and destructive by viruses. In addition, such software can also be operated by people with control rights, or by prior A well- designed program completes certain work. Of course, this type of software can also be used by system administrators as a tool for remote management of servers.

4) Flood: The
so-called "flood" is an information spam bomb. A large number of spam requests can cause the target server to overload and collapse. In recent years, DOS distributed attacks have become popular on the network. Simply put, it can also be classified here. Software. The flood software can also be used as a mail bomb or a chat bomb. These are simplified and fool-proof software programmed by cybersecurity enthusiasts, and are often used in the hands of “pseudo hackers” accused at the beginning of this book .

5) Password cracking:
The most practical way to guarantee network security is to rely on a password system with various encryption algorithms. A hacker may easily obtain a cipher password file, but without an encryption algorithm, it still cannot obtain a real password. Therefore, the use of password cracking software is imperative. Taking advantage of the high-speed computing power of the computer, such software can restore encrypted ciphertext using a password dictionary or exhaustive methods.

6) Deception:
If you want to obtain the plaintext password mentioned above, the hacker needs to restore the encryption algorithm of the ciphertext, but if it is a complex password, it is not so simple to crack. But is it more convenient for someone who knows the password to tell the hacker the prototype of the password directly? Deceptive software is designed for this purpose.

7) Disguise:
Various operations performed on the network will be recorded by the ISP and the server. If hacking is performed without good disguise, it will be easily traced to the hacker ’s location by anti-tracking technology, so disguise his own IP Address and identity are a very important compulsory course for hackers, but camouflage technology requires deep network knowledge. This kind of software will be used at the beginning without a solid foundation.

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The classification of network security software
twitter.com/UndercodeNews

🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋:

> Now let's take a look at the classification of network security software, because learning hacker knowledge is two interrelated processes: both learning how to hack, but also learn how to prevent hacking.


1) Firewall:

> This is the most common security mechanism software on the network. There are hardware and software in the firewall. Most readers may see software firewalls. Its functions are mainly to filter spam (to ensure that the system will not be attacked by bombs), prevent worm intrusion, prevent hacker intrusion, increase system privacy (protect sensitive data),

> monitor system resources in real time, prevent system crashes, and regularly maintain databases Back up the main information ... The firewall can patch the loopholes of the system itself, so that hackers have no chance to start. In addition, for enterprises with LANs, firewalls can restrict the opening of system ports and prohibit certain network services (to prevent Trojans).

2) Detection software:
There are tools on the Internet specifically for the removal of a hacker program, but this type of software is more integrated in antivirus software or firewall software. It can detect and remove Trojans and worms in the system.

> Software In order to protect the system from infringement, it will automatically protect the hard disk data, automatically maintain the registry file, detect the content and code, and monitor the open state of the system port. If the user needs, the software can also write relevant scripts to block the specified port (the firewall also has this function).

3) Backup tool: a tool
specifically used to back up data can help the server regularly back up the data and update the data at a set time, so that even if a hacker destroys the database on the server, the software can completely repair the received data in a short time .

> In addition, for individual users, this type of software can perform a full image backup of the hard disk. Once the system crashes, users can use this type of software to restore the system to its original state. For example, Ghost is the leader in this type of software.

4) Log recording and analysis tools:
For the server, log files are indispensable. Administrators can understand the server's request type and request source through the log, and judge whether the system has been hacked according to the log.

> Through the log analysis software, the administrator can easily trace back the invading hackers, find the source of the hackers' attacks, and then catch the hackers. This is why hackers often use IP address masquerading, server jumps when attacking, and clear log files after invading the server.

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑PREMIUM PROXIES :

168.227.229.96 8888
2825 ms 12% (61) br Brazil - Aguai Elite -
159.8.114.37 8123
438 ms 88% (41) fr France - Clichy Elite -
103.119.54.188 8888
4571 ms 12% (68) cn China Elite -
88.198.33.232 1080
3626 ms 33% (68) de Germany - Unterfoehring Elite -
58.96.135.93 8080
4807 ms 6% (78) au Australia Elite -
85.90.215.111 3128
3317 ms 15% (70) ua Ukraine - Kharkiv Elite -
85.172.104.162 8000
697 ms 54% (56) ru Russia - Gelendzhik Elite -
80.187.140.26 8080
671 ms 100% (57) de Germany Elite -
64.225.112.121 8080
1654 ms 54% (58) us United States - New York Elite -
222.93.72.121 8118
3004 ms 13% (62) cn China - Suzhou Elite -
175.100.30.156 25
3506 ms 33% (56) kh Cambodia Elite -
139.199.201.249 1080
4022 ms 14% (69) cn China - Beijing Elite -
120.79.48.160 8080
2751 ms 30% (61) cn China Elite -
193.112.113.26 1080
3580 ms 12% (70) cn China Elite -
157.119.207.36 6666
3954 ms 15% (71) in India - Satara Elite -
159.138.1.185 80
3702 ms 21% (64) hk Hong Kong Elite -
103.70.162.181 8080
3344 ms 7% (72) in India - New Delhi Elite -
155.93.240.101 8080
2575 ms 22% (61) za South Africa - Brackenfell Elite -
134.249.141.148 8080
4769 ms 15% (64) ua Ukraine - Lviv Elite -
144.76.214.156 1080
3011 ms 44% (53) de Germany Elite -
118.24.89.206 1080
4111 ms 11% (59) cn China Elite -
182.253.31.82 8080
3877 ms 7% (73) id Indonesia - Surabaya Elite -
91.192.4.162 8090
3998 ms 10% (76) iq Iraq - Baghdad Elite -
101.4.136.34 80
1057 ms 48% (55) cn China Elite -
103.216.51.210 8080
1126 ms 12% (71) kh Cambodia - Phnom Penh Elite -
46.99.255.235 8080
3266 ms 8% (69) al Albania Elite -
91.207.61.196 1182
849 ms 5% (88) ua Ukraine Elite -
91.209.25.157 8080
2292 ms 16% (65) fr France - Maurepas Elite -
79.115.245.227 8080
2917 ms 17% (62) ro Romania - Oradea Elite -
78.46.40.156 8118
1262 ms 18% (70) de Germany - Nuremberg Elite -
46.28.229.78 3128
644 ms 3% (84) ru Russia - St Petersburg Elite -
200.70.22.74 8080
3349 ms 8% (67) ar Argentina - Rosario Elite -
200.108.183.2 8080
3065 ms 20% (77) uy Uruguay Elite -
145.239.121.218 3129
1739 ms 84% (48) gb United Kingdom Elite -
176.114.128.131 3128
4622 ms 3% (69) ru Russia - Bratsk Elite

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑LEAKED ON GITHUB FRON NSA (as they say) :
> The goal of this project is to examine, reverse, and document the different modules available in the Equation Group's DanderSpritz post-exploitation framework leaked by the ShadowBrokers

🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋:

> get all doc and exploits > https://github.com/francisck/DanderSpritz_docs

> The sub-directories in the "Resources" directory contain different modules which are used by DanderSpirtz to provide capabilities such as packet capture, memory dumps, etc.

🦑 Below are the codenames that correspond to the different modules and the potential capabilities based on examining the python code, comments, XML, available "command" txt files

> Folder Code Name Description / Functionality

DSky Darkskyline PacketCapture tool

DaPu DarkPulsar Appears to be a legacy implant, similar to PeddleCheap but older

Darkskyline DarkSkyline Contains tools to parse and filter traffic captured by DarkSkylin... and much more on

> https://github.com/francisck/DanderSpritz_docs
@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

new 60 K PrEMIUM pROXIES

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 best shorten url services for earning 2020 :

1. Linkvertise
2. Adshrink.it
3. Shrinkme
4. Shrinkearn.com
5. Clk.sh
6. Smoner
7. ouo.io
8. Bc.vc
9. Shorte.st
10. Payskip.me
11. LinkBucks.com
12. Al.ly
13. AdF.ly
14. Oke.io
15. CPMlink.net
16. PowClick
17. Adyou.me
18. Fas.li
19. Link.TL
20. CutWin.com
21. Binbucks.com
22. DZ4Link.com
23. AdHy.pe
24. Spaste.com
25. Adfoc.us
26. URLCash.Net
27. Short.am
28. Shink.in
29. Linkrex.net
30. Wi.cr
31. Uii.io
32. Rom.io
33. Urle.co
34. Shrtfly
URL Shorteners That Does Not Exist
35. SkipLink.pw
36. Excel.Li
37. Blv.me
38. Petty.link
39. Dwindly
40. Uskip.me
41. VivAds
42. ClicksFly
43. Link-earn.com
44. P.PW
45. URLF.LY
46. Admy.link

- powered by wiki
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁