▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 FACEBOOK HACKING :

🦑FEATURES :

Facebook friend info fetcher
Get ID from friend
Get ID friend from friend
Get group member ID
Get email friend
Get email friend from friend
Get a friend's phone number
Get a friend's phone number from friend
Mini Hack Facebook(Target)
Multi Bruteforce Facebook
Super Multi Bruteforce Facebook
BruteForce(Target)
Yahoo Checker
Bot Reactions Target Post
Bot Reactions group Post
BOT COMMENT Target Post
BOT COMMENT group Post
Mass delete Post
Mass accept friends
Mass delete friend
ACreate Post
Create Wordlist
Account Checker
See my group list
Profile Guard

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) $ git clone https://github.com/mkdirlove/FBTOOL

2) $ cd FBTOOL
USAGE

3) $ sudo python2 fbtool.py
or

$ python2 fbtool.py
or
$ sudo python2 fbtool-v2.py

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑APACHE CONFIGURATION :

[root@localhost opt]# tar zxvf apr-1.7.0.tar.gz -C /opt
[root@localhost opt]# tar zxvf apr-util-1.6.1.tar.gz -C /opt
[root@localhost opt]# tar zxvf httpd-2.4.25.tar.gz -C /opt
[root@localhost opt]# mv apr-1.7.0/ httpd-2.4.25/srclib/apr
[root@localhost opt]# mv apr-util-1.6.1/ httpd-2.4.25/srclib/apr-util
[root@localhost opt]# yum -y install gcc gcc-c++ make pcre-devel expat-devel perl

[root@localhost opt]# yum -y install zlib-devel /
[root@localhost httpd-2.4.25]# ./configure \
>--prefix=/usr/local/httpd \
>--enable-so--enable-rewrite\
>--enable-charset-lite\
>--enable-cgi
>--enable-deflate
[root@localhost httpd-2.4.25]#make
[root@localhost httpd-2.4.25]#make install
[root@localhost httpd-2.4.25]# cd /usr/local/
[root@localhost local]# cd httpd/
[root@localhost httpd]# cd conf/
[root@promote bin]# cp /usr/local/httpd/bin/apachectl /etc/init.d/httpd
[root@promote bin]# ls /etc/init.d
functions httpd netconsole network README
[root@promote bin]# vim /etc/init.d
[root@promote bin]# vim /etc/init.d/httpd

#!/bin/sh
#description:Apache is a World Wide Web server

[root@promote local]# chkconfig --add httpd
[root@promote /]# ln -s /usr/local/httpd/conf/httpd.conf /etc/httpd.conf

[root@promote local]# cd /usr/local/httpd/conf

[root@promote conf]# vim httpd.conf

Listen 192.168.75.134:80 /
#Listen 80
#ServerName www.kgc.com:80 //

[root@promote /]# ln -s /usr/local/httpd//bin/* /usr/local/bin /

/usr/local/bin
[root@promote /]# ls /usr/local/httpd//bin
ab checkgid htcacheclean httxt2dbm
apachectl dbmmanage htdbm logresolve
apr-1-config envvars htdigest rotatelogs
apu-1-config envvars-std htpasswd
apxs fcgistarter httpd
[root@promote /]# service httpd start
httpd (pid 66785) already running

[root@promote /]# httpd -t
Syntax OK
[root@promote /]# netstat -ntap | grep 80
tcp 0 0 192.168.75.134:80 0.0.0.0:* LISTEN 66785/httpd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 8031/dnsmasq
[root@promote /]#
[root@promote /]# iptables -F
[root@promote /]# setenforce 0

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑File Systems types :

A file system is a type of database used for storing, updating, and retrieving files or several numbers of files. It is a way in which files are archived logically and named for archiving and recovery. There are different types of File systems mentioned below :

Windows file system: Microsoft Windows uses only two types of FAT and NTFS.

1) FAT, which means ‘file allocation table’, is the simplest type of file system containing a boot sector, a file allocation table, and a simple storage space for storing files and folders. Recently, FAT came in FAT16, FAT12, and FAT32. FAT32 is compatible with Windows-based storage devices. Windows cannot create a FAT32 file system with a file bigger than 32 GB.

2) NTFS, abbreviation of “New Technology File System,” is now a default file system for files greater than 32 GB. Encryption and Access control are some main properties of this file system.
Linux file system: Linux is a widely used, open-source operating system, and was developed for testing and development. This OS was intended to use different file system concepts. In Linux, there are several types of file systems.

3) Ext2, Ext3, Ext4 – This is the local, or default, Linux file system. The root filesystem is generally mcapped to the entire Linux distribution. The Ext3 file system is an excellent update of the previously used Ext2 file system; it uses the transactional file writing operation. Ext4 is an extension file that supports Ext3 information and file attribution.

4) ReiserFS – The file system problem is solved by saving a lot of small files at once. There is a good laugh by the file manager, and the permission of the compatible file, the storage of the file code, the file contains metadata in the mode of not using the large file system due to its size.

5) XFS – The XFS file system works well and is widely used for file archiving. This file system type is popular on IRIX servers.


6) JFS – IBM developed this file system, and it has become a file system that is used on almost all Linux distributions

enjoy❤️👍🏻
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 FULL WIFI EXPLOIT-USING PYTHON3 SCAPY

✅VERIFIED BY UNDERCODE

https://pastebin.com/Jp4Pizbq

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Best 2020 youtube downloader apps for android :

https://www.snaptubeapp.com/

https://instube.com/

https://www.yt3dl.net/

https://keepvid.com/

https://tubemate.net/

https://www.videoder.net/

https://play.google.com/store/apps/details?id=com.google.android.apps.youtube.mango

https://apkpure.com/youtube-downloader/com.tubeone3.ramzy

their is much more but those top working apps


🦑The best free YouTube downloader for windows

https://www.4kdownload.com/products/product-videodownloader


https://www.winxdvd.com/youtube-downloader/?__c=1

https://www.any-video-converter.com/products/for_video_free/?__c=1

https://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm

https://www.atube.me/


E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Researchers demonstrated 4 new variants of HTTP request smuggling attacks
#NEWS

> A new study identified four new variants of HTTP request smuggling attacks, which can target various commercial off-the-shelf Web servers and HTTP proxy servers.

> Amit Klein, vice president of security research at SafeBreach , presented the findings at the Black Hat security conference on August 5. He said this attack highlights that web servers and HTTP proxy servers are still vulnerable to HTTP request smuggling (even since the first record It has been 15 years since).

🦑What is HTTP request smuggling?

> HTTP request smuggling (or HTTP asynchronous) is a technique used to interfere with the way a website processes a sequence of HTTP requests received from one or more users.

> When the front-end server (load balancer or proxy) and the back-end server interpret the boundaries of HTTP requests in different ways, there are usually vulnerabilities related to HTTP request smuggling, so that bad actors can send (or "smuggle") obscure requests , This takes precedence over the next legitimate user request. Such asynchrony of requests can be used to hijack credentials, inject responses to users, or even steal data from victims' requests and leak information to servers controlled by the attacker.

#news
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Speed Up windows via registry :

A quick tweak to speed up Aero Peek.
Windows 7's Aero Peek lets you see the desktop when you move your mouse cursor over to the "show desktop" button at the end of the taskbar. The standard delay time for the Aero Peek preview is 500 milliseconds, or half a second. Here's how to speed it up:
(https://www.softpedia.com/get/System/OS-Enhancements/AeroPeek.shtml download )

1) Open the Registry Editor and go to HKEYCURRENTUSER > Software > Microsoft > Windows > CurrentVersion > Explorer > Advanced.

2) Right-click on the right pane and click New > DWORD (32-bit) Value. Name the new DWORD "DesktopLivePreviewHoverTime."

3) Double-click on DesktopLivePreviewHoverTime to open it. Under "Base," click Decimal and then enter the delay time (in milliseconds) in the "Value data" field. Click OK, and your Aero Peek time will be set. You can set the value to higher (a longer delay time) if you're activating it too often by accident, or to lower (a shorter delay time) if half a second is just too long.

4) Log off and log back on for the change to take effect.

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑LOOKING FOR BEST PHISHING SCRIPTS FOR HACK FCB-INSTA-TWITTER ,,,2020

https://github.com/DarkSecDevelopers/HiddenEye

https://github.com/suljot/shellphish

https://github.com/htr-tech/nexphisher

https://github.com/MuhammadSheehab/FB-Phishing

https://github.com/topics/phishing?l=html

https://getgophish.com/

http://phishing-server.com/

https://github.com/sptorg/sptoolkit

https://github.com/pentestgeek/phishing-frenzy

https://github.com/securestate/king-phisher

E N J O Y ❤️👍🏻
USE FOR LEARN
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How Configure dns service ?

root@localhost /# yum -y install bind

root@localhost /# vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };

root@localhost /#vim /etc/named.rfc1912.zones
zone "kgc.com" IN {
type master;
file "kgc.com.zone";
allow-update { none; };

root@localhost /# cd /var/named/

root@localhost named# cp -p named.localhost kgc.com.zone

root@localhost named# vim kgc.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
www IN A 192.168.75.134

root@localhost named#systemctl restart named


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

24/24 posts enjoy & share us ❤️👍🏻

T.me/UndercodeTesting

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑some file carving terminologies to remember:

Block – The smallest size of data units that can be written to storage

Header – The starting point of the file.

Footer – The last bytes of the file.

Fragment – One or several blocks are belonging to a single file.

Base-fragment – First fragment of file container, the header of the file.

Fragmentation point – The last block just before fragmentation takes place. Multiple fragments in any file results in several fragmentation points.

#fastTips
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to check email adress validity ?

Let's try to check if the someuser@gmail.com address exists or not. First, we need to find the MX records associated with the recipient's domain, in our case, gmail.com. We will be using a DNS lookup utility called dig, which is installed on most Linux systems . At the command prompt, enter the following command:

> dig gmail.com MX


2) The output should look like this:

; << >> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 << >> gmail.com MX @ 8.8.8.8
;; global options: + cmd
;; Got answer:
;; ->> HEADER <<- opcode: QUERY, status: NOERROR, id: 32294
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

🦑 QUESTION SECTION:
; gmail.com. IN MX

3) ;; ANSWER SECTION:
gmail.com. 3599 IN MX 10 alt1.gmail-smtp-in.l.google.com.
gmail.com. 3599 IN MX 20 alt2.gmail-smtp-in.l.google.com.
gmail.com. 3599 IN MX 30 alt3.gmail-smtp-in.l.google.com.
gmail.com. 3599 IN MX 40 alt4.gmail-smtp-in.l.google.com.
gmail.com. 3599 IN MX 5 gmail-smtp-in.l.google.com.

4) ;; Query time: 20 msec
;; SERVER: 8.8.8.8 # 53 (8.8.8.8)
;; WHEN: Fri Aug 26 10:13:19 2016
;; MSG SIZE rcvd: 150
;


5) We can notice that there are several MX records each with a different preference value, the lower the value, the higher the priority. The sending server will first try to deliver the email to the server with the highest priority, which in our case is 'gmail-smtp-in.l.google.com'

Next, we need to connect to the 'gmail-smtp-in.l.google.com' mail server on port 25 (SMTP) to confirm that the someuser@gmail.com email address is correct. For this we can use either Telnet or Netcat. Both tools are available from software for most Linux distributions.

$ nc gmail-smtp-in.l.google.com 25 # or telent gmail-smtp-in.l.google.com 25
220 mx.google.com ESMTP a12si21630825itb.5 - gsmtp


6) To start a conversation like HELO. Some servers also accept EHLO instead of HELO.

HELO mydomain.com
250 mx.google.com at your service


7) Type: mail from: <name@mydomain.com>

mail from: <name@mydomain.com>
250 2.1.0 OK v72si21823782itb.85 - gsmtp


If the server responds with “250”, it means we can move on. Next, enter: rcpt to: <someuser@gmail.com>

rcpt to: <someuser@gmail.com>
250 2.1.5 OK v72si21823782itb.85 - gsmtp


8) The server response will tell us if the email address “someuser@gmail.com” is valid or not.
If you get “250 OK” it means that the email address exists.

If you receive a “550” response as shown below, it means that the email account you were trying to reach does not exist.

rcpt to: <someuser2345@gmail.com>
550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 https://support.google.com/mail/answer/6596 y18si12470464ioi.55 - gsmtp


That's all! We hope you found this as helpful as we did.

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Disable SSH Password Authentication in linux :

»Disabling password authentication adds an extra layer of security to your server.

Before disabling SSH password authentication, make sure you can log into your server without a password, and the user you log in with has sudo privileges .

1) Login to your remote server:

ssh sudouser @ serveripaddress


2) Open the SSH configuration file in a text editor :

sudo nano / etc / ssh / sshdconfig


3) Find the following directives and change them as follows:

/ etc / ssh / sshd_config
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

4)After that save the file and restart the SSH service by typing:

sudo systemctl restart ssh


5) At this point, password-based authentication is disabled.

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

HA Rudra_ Vulnhub Walkthrough
FULL WITH PICTURES

Initial Compromise
LFI
Established Foothold
Netcat session
Internal Recon
Access Mysql database
Data Exfiltration
Steganography
Lateral Movement
Connect to ssh
Privilege Escalation
Sudo rights

E N J O Y❤️👍🏻

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Checking tool for Hash codes, Passwords, and Emails leaked, using leakz module from Aidan Holland, which uses API from Aurelius Wendelken.

🦑F E A T U R E S :

-Grabb email passwords NEW!
-Check passwords leaked.
-Check hash code leaked.
-Check email leaked!

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) sudo apt update && sudo apt install python3 python3-pip

2) git clone https://github.com/GitHackTools/Leaked

3) cd Leaked

4) bash install_update.sh

5) python3 leaked.py

🦑Install and Run on Windows

1) Download and run Python 3 setup file from Python.org. In Install Python 3 , enable Add Python 3.7 to PATH and For all users

2) Download and run Git setup file from Git-scm.com, choose Use Git from Windows Command Propmt.

3) After that, Run Command Propmt or PowerShell and enter these commands:

4) git clone https://github.com/GitHackTools/Leaked

5) cd Leaked

6) ./install_update.bat

7) python leaked.py

8) choose options via numbers

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Respecting Lebanon & Lebanese here...