8οΈβ£Wi-Fi frame injection
Aireplay-ng is used to inject frames. Very often deauthentication is used to attack, the meaning of which is that they are sent, frames due to which clients are disconnected from the access point; after that, clients reconnect to their access point, as a result of which the attacker has the opportunity to grab a handshake.
>https://kali.tools/?p=483
9οΈβ£boopstrike - a program from the BoopSuite package for performing deauthentication attacks.
>https://kali.tools/?p=3409
Aireplay-ng is used to inject frames. Very often deauthentication is used to attack, the meaning of which is that they are sent, frames due to which clients are disconnected from the access point; after that, clients reconnect to their access point, as a result of which the attacker has the opportunity to grab a handshake.
>https://kali.tools/?p=483
9οΈβ£boopstrike - a program from the BoopSuite package for performing deauthentication attacks.
>https://kali.tools/?p=3409
π¦πHacking passwords from handshakes and WEP
Hashcat is the universal and fastest password cracker. Among others, it also can crack a password from Wi-Fi networks. The fastest thing is that it simultaneously uses video cards and a central processor to sort through possible password options.
> https://kali.tools/?p=578
Hashcat is the universal and fastest password cracker. Among others, it also can crack a password from Wi-Fi networks. The fastest thing is that it simultaneously uses video cards and a central processor to sort through possible password options.
> https://kali.tools/?p=578
enjoyβ€οΈππ» wifi hacking methodes & usage kali-parrot tools :
90 % OF GITHUB SCRIPTS clone a BIG PARTS FROM THOSE TOP 10 WIFI HACKING TOOLS :)
(except Fluxion/wifiphisher..)
90 % OF GITHUB SCRIPTS clone a BIG PARTS FROM THOSE TOP 10 WIFI HACKING TOOLS :)
(except Fluxion/wifiphisher..)
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Global Spam Settings
#foradvancedusers
>g_from_allow_ip β IP addresses to bypass local from check
This setting has no further documentation currently available
Syntax: g_from_allow_ip string
>g_from_allow_to β destination user to bypass local from check
This setting has no further documentation currently available
Syntax: g_from_allow_to string
>g_from_bl β Domain Based Blacklist Zones, lookups FROM domain in dns
The βfromβ domain is checked against the specified RBL which must be a special βFROMβ based rbl which lists spammers by from address. Most spammers fake from addresses so this is a fairly marginally useful method.
Syntax: g_from_bl name=string stamp=string
>g_from_body_bounce β Reject if local from header address is probably faked
Checks if the sender is authenticated or from an address that can relay, if not then the message is bounced if it claims to be from a local domain. One of the settings to prevent forgery
Syntax: g_from_body_bounce bool
>g_from_bounce β Bounce if from is probably faked
Bounce if from address is probably faked.
This check is activated for any mail with a local domain in the from address but not using SMTP authentcation, relay allow IP address or spam allow IP address.
Syntax: g_from_bounce bool
>g_from_check β Check from matches valid local domain
Check from domains match valid local domains if user is authenticated, or
>g_from_allow.Should be used with g_from_bounce βtrueβ which basically forces them to authenticate and then makes this setting work properly.
Syntax: g_from_check bool
>g_from_domain β Default domain for from envelope
Fixes the βfromβ envelope if the email client failed to specify a domain name, this doesnβt fix the from header currently but we may change that in future!
Syntax: g_from_domain string
>g_from_exact β Check from matches authenticated user
Check from matches authenticated user. If user is not authenticated the setting is skipped.
Should be used with g_from_bounce βtrueβ which basically forces them to authenticate and then makes this setting work properly.
Syntax: g_from_exact bool
>g_from_force β From address for all sent messages
Used when you want to make all messages use the same valid bounce address, reply-to header will contain original from if it doesnβt exist
Syntax: g_from_force string
>g_from_header β From header used in delivery bounces
From header used in delivery bounces.
Syntax: g_from_header string
>g_from_list_too β Also enforce from rules from lists
Doesnβt allow lists to bypass forge rules
Syntax: g_from_list_too bool
>g_from_must_exist β Require local from addresses to exist or reject mail
Can be useful in blocking dumb spam robots
Syntax: g_from_must_exist bool
>g_from_noforge β If envelope or from is local domain then the other must be too
This can prevent many common forms of forgery, this will bounce some real email, so probably better to use the noforgeme setting instead. One of the settings to prevent forgery
Syntax: g_from_noforge bool
>g_from_noforge_some β If from matches this then from/envelope must match
Prevent forgeries of important local addresses, e.g. *support*
Syntax: g_from_noforge_some string
> g_from_noforgeme β If to==from then from and env from must match
This can prevent many common forms of forgery, this is safer than the noforge setting above, and generally almost as effective. One of the settings to prevent forgery
Syntax: g_from_noforgeme bool
> g_from_noforgename β If from contains two addresses the domains must match
Prevents forgery where the descriptive name is a fake email address that doesnβt match the real address
Syntax: g_from_noforgename bool
> g_from_nofriend β If forge setting would bounce message then allow message but donβt allow friend match
This setting modifies the g_from_noforgeme behaviour so it doesnβt block the message but does prevent a friend match occurring
Syntax: g_from_nofriend bool
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Global Spam Settings
#foradvancedusers
>g_from_allow_ip β IP addresses to bypass local from check
This setting has no further documentation currently available
Syntax: g_from_allow_ip string
>g_from_allow_to β destination user to bypass local from check
This setting has no further documentation currently available
Syntax: g_from_allow_to string
>g_from_bl β Domain Based Blacklist Zones, lookups FROM domain in dns
The βfromβ domain is checked against the specified RBL which must be a special βFROMβ based rbl which lists spammers by from address. Most spammers fake from addresses so this is a fairly marginally useful method.
Syntax: g_from_bl name=string stamp=string
>g_from_body_bounce β Reject if local from header address is probably faked
Checks if the sender is authenticated or from an address that can relay, if not then the message is bounced if it claims to be from a local domain. One of the settings to prevent forgery
Syntax: g_from_body_bounce bool
>g_from_bounce β Bounce if from is probably faked
Bounce if from address is probably faked.
This check is activated for any mail with a local domain in the from address but not using SMTP authentcation, relay allow IP address or spam allow IP address.
Syntax: g_from_bounce bool
>g_from_check β Check from matches valid local domain
Check from domains match valid local domains if user is authenticated, or
>g_from_allow.Should be used with g_from_bounce βtrueβ which basically forces them to authenticate and then makes this setting work properly.
Syntax: g_from_check bool
>g_from_domain β Default domain for from envelope
Fixes the βfromβ envelope if the email client failed to specify a domain name, this doesnβt fix the from header currently but we may change that in future!
Syntax: g_from_domain string
>g_from_exact β Check from matches authenticated user
Check from matches authenticated user. If user is not authenticated the setting is skipped.
Should be used with g_from_bounce βtrueβ which basically forces them to authenticate and then makes this setting work properly.
Syntax: g_from_exact bool
>g_from_force β From address for all sent messages
Used when you want to make all messages use the same valid bounce address, reply-to header will contain original from if it doesnβt exist
Syntax: g_from_force string
>g_from_header β From header used in delivery bounces
From header used in delivery bounces.
Syntax: g_from_header string
>g_from_list_too β Also enforce from rules from lists
Doesnβt allow lists to bypass forge rules
Syntax: g_from_list_too bool
>g_from_must_exist β Require local from addresses to exist or reject mail
Can be useful in blocking dumb spam robots
Syntax: g_from_must_exist bool
>g_from_noforge β If envelope or from is local domain then the other must be too
This can prevent many common forms of forgery, this will bounce some real email, so probably better to use the noforgeme setting instead. One of the settings to prevent forgery
Syntax: g_from_noforge bool
>g_from_noforge_some β If from matches this then from/envelope must match
Prevent forgeries of important local addresses, e.g. *support*
Syntax: g_from_noforge_some string
> g_from_noforgeme β If to==from then from and env from must match
This can prevent many common forms of forgery, this is safer than the noforge setting above, and generally almost as effective. One of the settings to prevent forgery
Syntax: g_from_noforgeme bool
> g_from_noforgename β If from contains two addresses the domains must match
Prevents forgery where the descriptive name is a fake email address that doesnβt match the real address
Syntax: g_from_noforgename bool
> g_from_nofriend β If forge setting would bounce message then allow message but donβt allow friend match
This setting modifies the g_from_noforgeme behaviour so it doesnβt block the message but does prevent a friend match occurring
Syntax: g_from_nofriend bool
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Best 2020 sites To free share code/accounts...
-https://pastebin.com/
- https://del.dog
- https://dpaste.org
- https://linkode.org
- https://hastebin.com
- https://bin.kv2.dev
-https://controlc.com/
-https://hastebin.com/
-https://justpaste.me/
-https://privatebin.net/
share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
-https://pastebin.com/
- https://del.dog
- https://dpaste.org
- https://linkode.org
- https://hastebin.com
- https://bin.kv2.dev
-https://controlc.com/
-https://hastebin.com/
-https://justpaste.me/
-https://privatebin.net/
share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
Pastebin
Pastebin.com - #1 paste tool since 2002!
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
β β β Uππ»βΊπ«6π¬πβ β β β
π¦powerful Dos tool for Termux-linux:
> The main difference from Python version layed in Golang architecture for concurrency: the goroutines. hulk.py runs a new thread for each connection in the connection pool so it uses hundreds and thousands of threads. hulk.go just uses lightweight goroutines that used only tens of threads (commonly golang runtime started one thread for CPU core + several service threads). This architecture allows golang version better consume resources and got much higher connection pool on the same hardware than Python version can.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/grafov/hulk.git
2οΈβ£cd hulk
3οΈβ£python hulk.py
4οΈβ£Examples :
1) $ hulk -site http://example.com/test/ 2>/dev/null
2) $HULKMAXPROCS=4096 hulk -site http://example.com 2>/tmp/errlog
π¦ Notes :
> GOMAXPROCS Set it to number of your CPUs or higher (no more actual for latest golang versions).
> HULKMAXPROCS Limit the connection pool (1024 by default).
Enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦powerful Dos tool for Termux-linux:
> The main difference from Python version layed in Golang architecture for concurrency: the goroutines. hulk.py runs a new thread for each connection in the connection pool so it uses hundreds and thousands of threads. hulk.go just uses lightweight goroutines that used only tens of threads (commonly golang runtime started one thread for CPU core + several service threads). This architecture allows golang version better consume resources and got much higher connection pool on the same hardware than Python version can.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/grafov/hulk.git
2οΈβ£cd hulk
3οΈβ£python hulk.py
4οΈβ£Examples :
1) $ hulk -site http://example.com/test/ 2>/dev/null
2) $HULKMAXPROCS=4096 hulk -site http://example.com 2>/tmp/errlog
π¦ Notes :
> GOMAXPROCS Set it to number of your CPUs or higher (no more actual for latest golang versions).
> HULKMAXPROCS Limit the connection pool (1024 by default).
Enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
GitHub
GitHub - grafov/hulk: HULK DoS tool ported to Go with some additional features.
HULK DoS tool ported to Go with some additional features. - grafov/hulk
Forwarded from UNDERCODE SECURITY
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦UBoat - Proof of the PoC HTTP Botnet Design Concept
TOOLS + INSTALL :
t.me/UndercodeTesting
1οΈβ£ UBoat is a PoC HTTP botnet designed to replicate a full combat commercial botnet, such as the famous large-scale infectors Festi, Grum, Zeus and SpyEye.
2οΈβ£Surveys of popular botnets have shown that HTTP-based botnets have a set of attributes that make them difficult to detect.
> On the other hand, the number of studies devoted to identifying HTTP-based botnets is relatively small (compared to the number of studies based on IRC and P2P botnets), especially in HTTP-based mobile botnets that run on mobile devices and networks. The main goal of creating UBoat was to help security researchers and improve their understanding of HTTP loader-style commercial botnets so that effective countermeasures can be developed.
3οΈβ£features :
> C ++ encoded without any dependencies Encrypted C&C
>Communications Persistence to prevent the loss of your control
>Connection redundancy (uses server backup address or domain) DDoS
>Methods (TCP & UDP Flood) Task creation system (changing the HWID
system, country, IP, OS. System)
>remote command Updating and removing other malware
> Download and execute other malware
> Active and passive keylogger
>Enable Windows RDP Plugin system for quick feature updates
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
> detailed tutorial + pictures https://github.com/UBoat-Botnet/UBoat/wiki/Panel-Setup
ENJOY β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦UBoat - Proof of the PoC HTTP Botnet Design Concept
TOOLS + INSTALL :
t.me/UndercodeTesting
1οΈβ£ UBoat is a PoC HTTP botnet designed to replicate a full combat commercial botnet, such as the famous large-scale infectors Festi, Grum, Zeus and SpyEye.
2οΈβ£Surveys of popular botnets have shown that HTTP-based botnets have a set of attributes that make them difficult to detect.
> On the other hand, the number of studies devoted to identifying HTTP-based botnets is relatively small (compared to the number of studies based on IRC and P2P botnets), especially in HTTP-based mobile botnets that run on mobile devices and networks. The main goal of creating UBoat was to help security researchers and improve their understanding of HTTP loader-style commercial botnets so that effective countermeasures can be developed.
3οΈβ£features :
> C ++ encoded without any dependencies Encrypted C&C
>Communications Persistence to prevent the loss of your control
>Connection redundancy (uses server backup address or domain) DDoS
>Methods (TCP & UDP Flood) Task creation system (changing the HWID
system, country, IP, OS. System)
>remote command Updating and removing other malware
> Download and execute other malware
> Active and passive keylogger
>Enable Windows RDP Plugin system for quick feature updates
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
> detailed tutorial + pictures https://github.com/UBoat-Botnet/UBoat/wiki/Panel-Setup
ENJOY β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Interesting useful hacking tools 2020
- KsDumper - Dumping Processes Using The Power Of Kernel Space
- YARASAFE - Automatic Binary Function Similarity Checks with Yara
- AlertResponder - Automatic Security Alert Response Framework By AWS Serverless Application Model
- TAS - A Tiny Framework For Easily Manipulate The Tty And Create Fake Binaries
- Corsy v1.0 - CORS Misconfiguration Scanner
- TeleGram-Scraper - Telegram Group Scraper Tool (Fetch All Information About Group Members)
- Grouper2 - Find Vulnerabilities In AD Group Policy
- Gophish - Open-Source Phishing Toolkit
- Aaia - AWS Identity And Access Management Visualizer And Anomaly Finder
- Scallion - GPU-based Onion Addresses Hash Generator
- Bluewall - A Firewall Framework Designed For Offensive And Defensive Cyber Professionals
- AntiCheat-Testing-Framework - Framework To Test Any Anti-Cheat
- Gowitness - A Golang, Web Screenshot Utility Using Chrome Headless
- Lsassy - Extract Credentials From Lsass Remotely
- LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol
- Shell Backdoor List - PHP / ASP Shell Backdoor List
- Hakrawler - Simple, Fast Web Crawler Designed For Easy, Quick Discovery Of Endpoints And Assets Within A Web Application
- Gtfo - Search For Unix Binaries That Can Be Exploited To Bypass System Security Restrictions
Enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
π¦Interesting useful hacking tools 2020
- KsDumper - Dumping Processes Using The Power Of Kernel Space
- YARASAFE - Automatic Binary Function Similarity Checks with Yara
- AlertResponder - Automatic Security Alert Response Framework By AWS Serverless Application Model
- TAS - A Tiny Framework For Easily Manipulate The Tty And Create Fake Binaries
- Corsy v1.0 - CORS Misconfiguration Scanner
- TeleGram-Scraper - Telegram Group Scraper Tool (Fetch All Information About Group Members)
- Grouper2 - Find Vulnerabilities In AD Group Policy
- Gophish - Open-Source Phishing Toolkit
- Aaia - AWS Identity And Access Management Visualizer And Anomaly Finder
- Scallion - GPU-based Onion Addresses Hash Generator
- Bluewall - A Firewall Framework Designed For Offensive And Defensive Cyber Professionals
- AntiCheat-Testing-Framework - Framework To Test Any Anti-Cheat
- Gowitness - A Golang, Web Screenshot Utility Using Chrome Headless
- Lsassy - Extract Credentials From Lsass Remotely
- LOLBITS - C# Reverse Shell Using Background Intelligent Transfer Service (BITS) As Communication Protocol
- Shell Backdoor List - PHP / ASP Shell Backdoor List
- Hakrawler - Simple, Fast Web Crawler Designed For Easy, Quick Discovery Of Endpoints And Assets Within A Web Application
- Gtfo - Search For Unix Binaries That Can Be Exploited To Bypass System Security Restrictions
Enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«6π¬πβ β β β
KitPloit - PenTest & Hacking Tools
KsDumper - Dumping Processes Using The Power Of Kernel Space