🦑JavaScript email attachments may carry malicious code/ example coded @UndercodeTesting


https://pastebin.com/49GMLJ3X

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑New Features & update for phishing script hiddeneye :


🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽:

Work's on any linux/termux root

git clone https://github.com/DarkSecDevelopers/HiddenEye.git

3) chmod 777 HiddenEye

4) sudo apt install python3-pip

5) cd HiddenEye

6) sudo pip3 install -r requirements.txt

7) python3 HiddenEye.py

OR

./HiddenEye.py

ENJOY ❤️👍🏻
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑10 ways smartphones can get your location :

1. The GPS

global positioning system was developed by the US Department of Defense and first appeared in mobile phones in the 1990s. It is still The most well-known method for outdoor positioning. GPS sends location and time data directly to the user's mobile phone via satellite. If the mobile phone can obtain the signals of three satellites, it can display the user's position on the flat map, and if it is four satellites, it can also display your altitude.

Other countries have also developed systems similar to GPS, but they do not conflict with GPS. In fact, these systems can make outdoor positioning easier. Russia's GLONASS has been put into use, and China's Compass is also in the trial phase. Galileo in Europe and Quasi-Zenith satellite systems in Japan are also under development. Mobile phone chip manufacturers are developing processors that can use multiple satellites to obtain positioning information faster.

2. Assisted GPS technology

Although GPS works well, it may take a long time, and you will not be able to accurately locate when you are indoors or in buildings that reflect satellite signals. AssistedGPS is a combination of tools to help solve this problem. One of the reasons for the longer GPS waiting time is that when a satellite is found, the mobile phone needs to download the satellite's position information in the next four hours to track the satellite.

After the information reaches the mobile phone, the complete GPS service will be activated. Operators can now send these data via cellular or wireless networks, which is much faster than satellite links. Positioning technology company RXNetworks CEO Guylain Roy-Mac Habee said that this can help shorten the GPS startup time from 45 seconds to 15 seconds or less, which is currently unpredictable.

3. Synthetic GPS The

above-mentioned assisted GPS technology still needs an available data network and time to transmit satellite information. Synthetic GPS uses computing power to predict satellite positioning days or weeks in advance. Through the cached satellite data, Want Want Mobile can identify the satellite position within two seconds.

4. Cell ID

However, the aforementioned GPS acceleration technology still needs to find three satellites to locate. Operators already know how to locate mobile phones without GPS. Operators use a technology called CellID to determine the Cell base station users are using and the distance between them and neighboring base stations. After determining the base station that the mobile phone is using, using the base station identification number and location database, the operator can know the location of the mobile phone. This technology is more suitable for urban areas with wide coverage of base stations.

5.Wi-Fi

Wi-Fi and CellID positioning technology are somewhat similar, but more accurate, because Wi-Fi access points cover a smaller area. There are actually two ways to determine the location through Wi-Fi. The most common method is RSSI (Signal Strength Indication), which uses the signal detected by the user’s mobile phone from a nearby access point and reflects it to the Wi-Fi network database. The signal strength is used to determine the distance, and the RSSI uses the distance of the known access point to determine the user distance.

6. The inertial sensor

if you are in a place where there is no Wi-Fi, inertial sensors can still track your location. Most smartphones currently have three inertial sensors: a compass (or magnetometer) to determine the direction; an accelerometer to report your speed in that direction; and a gyroscope to determine the steering action. These sensors can determine your location without external data, but only for a limited time, such as a few minutes.

The classic example is when driving into a tunnel: if your mobile phone knows where you are before entering the tunnel, it can judge your location based on your speed and direction. These tools are usually combined with other positioning systems.

7. barometer

on the sidewalk or street outdoor navigation is either straight, either turn left or turn right. But for indoors, GPS is difficult to make correct positioning. One of the methods to determine altitude is the barometer, which uses the principle that the higher the altitude, the thinner the air.

Some smart phones already have a chip that can detect air pressure. However, to use the air pressure function, the phone needs to download local weather data as a reference number for measuring air pressure, and the air conditioning flow in the building will also affect the accuracy of the sensor. The barometer is best used in combination with other tools, such as GPS, Wi-Fi, and short-range systems.

The ultrasonic

sometimes detect whether a person enters a certain area can explain what they are doing. This can be achieved by short-range wireless systems, such as RFID (Radio Frequency Identification). NFC (Near Field Communication) began to appear in mobile phones and can be used for checkpoints, but the main purpose of manufacturers installing NFC is to pay.

Shopkick, a customer loyalty company, has begun to use a short-distance system to determine whether a customer walks into a store. Instead of using radio frequency, Shopkick uses an ultrasonic device inside the store door. If the customer is running the Shopkick application, when they enter the store door, the application will tell Shopkick. After a shopper enters the store, the phone will immediately show that they can earn points, redeem gift cards and other prizes.

9. Bluetooth signal

using a beacon signal sent by the Bluetooth in a particular region (e.g. at a retail store) can achieve very precise positioning. These beacons, which are smaller than mobile phones, are placed every few meters and can communicate with all mobile devices equipped with Bluetooth 4.0 (the latest version).

Broadcom's Abraham said that venue owners can use signals from a dense network of transmitters to determine the location of the space. For example, a store can determine that a customer is close to a specific product on a shelf and offer discounts.

10. ground transmitter

Australian startup Locata is trying to GPS brought to the surface to overcome the limitations of GPS. The company made a positioning transmitter with the same principles as GPS, but installed on buildings and base station towers. Because this kind of transmitter is fixed and provides a stronger signal than satellites, Locata can provide very accurate positioning. The company’s CEO Nunzio Gambale said that the Locata network is also more reliable than GPS.

ENJOY ❤️👍🏻
WRITTEN BY
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Share several IDS open source systems :

1)) Prelude IDS

From the perspective of design, it is positioned to meet the needs of large-scale networks, and implements network detectors, log analyzers, and alarm information centralized viewing and analysis tools. The network detector part is basically a copy of Snort's functions and is fully compatible with Snort's rule set. ( http://www.prelude-ids.org/ )

2)) Firestorm

It is a very high-performance network intrusion detection system (NIDS). Currently it only implements the detector part and is fully compatible with Snort's rule set, but plans include real support for analysis, reporting, remote console and real-time sensor configuration. It is completely pluggable, so it is very flexible. It can record alarm information to the Prelude IDS manager. It claims to be much better than Snort in performance. http://www.scaramanga.co.uk/firestorm/

3)) NetSTAT

Based on the research results of STAT (State Transition Analysis Technique) describing the attack, using the unique STATL language to describe the attack, the attack description text is converted into C++ code by the STATL interpretation tool and compiled into the detection engine to realize the detection function. It has been released. STATL language interpretation conversion tool and a basic example network detector part (a few examples of detection functions). To be proficient in using this IDS tool requires relatively strong programming skills, but with this IDS, very complex detection functions can be achieved.

http://www.cs.ucsb.edu/~rsg/STAT/

4)) Bro

It is a real-time network intrusion detection software implemented by Vern Paxson. It was released in 1998 under the BSD license. Its original design goal was to achieve a real-time alarm, separation of mechanism and strategy, and high scalability in a 100M network. Monitor the audit system.

https://www.bro.org/

5)) Suricata

It is a system that supports IDS, IPS, and NSM. The system has a Snort-like architecture and relies on signatures like Snort. It can even use the same Emerging Threat rule set used by VRT Snort rules and Snort itself. Suricata is newer than Snort, and it will have a chance to overtake Snort. https://suricata-ids.org/

6)) OSSEC

OSSEC open source security information management system (OPEN SOURCE SECURITY INFORMATION MANAGEMENT) is an open source host-based intrusion detection system, which can be referred to as HIDS for short. It has log analysis, file integrity check, policy monitoring, rootkit detection, real-time alarm, and linkage response. https://ossec.github.io/

ENJOY ❤️👍🏻
WRITTEN BY
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Run Kali Linux XFCE-desk :
Install XFCE

1) step to install XFCE and run it in Kali Linux. Enter the following command to install XFCE.

$ sudo apt install xfce4

2) Install XRDP
XRDP provides an easy remote desktop experience. It is open-source but does not work for Microsoft Windows.

$ sudo apt install xrdp

3) After installation, issue the following command to continue the procedure.

$ sudo /etc/init.d/xrdp start

4) Connect to Kali Linux
For this purpose, you can use the remote desktop connection that usually comes with the windows. Next, enter your user name and password.

5) Possible Problem
If port 3380 is active, rather than port 3389, you may encounter an error that says that your computer is not able to connect to another console.

6) Change the Port
First, open the XRDP configuration file and type the following command to change the port.

$ sudo nano /etc/xrdp/xrdp.ini

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/j3ssie/Osmedeus

2) cd Osmedeus

3) ./install.sh

4) ./osmedeus.py -t example.com

5) # normal routine
./osmedeus.py -t example.com
./osmedeus.py -T list_of_target.txt

# normal routine but slow speed on all moddule
./osmedeus.py -t example.com --slow 'all'

# normal routine but exclude some modules
./osmedeus.py -t example.com -x 'linkfinding,dirb'

# direct mode examples
./osmedeus.py -m subdomain -t example.com
./osmedeus.py -m portscan -i "1.2.3.4/24"

./osmedeus.py -m "portscan,vulnscan" -i "1.2.3.4/24" -w result_folder

# direct list mode examples
./osmedeus.py -m portscan -I list_of_targets.txt
./osmedeus.py -m portscan,vulnscan -I list_of_targets.txt
./osmedeus.py -m screen -I list_of_targets.txt -w result_folder

# report mode
./osmedeus.py -t example.com --report list
./osmedeus.py -t example.com --report export
./osmedeus.py -t example.com --report sum
./osmedeus.py -t example.com --report short
./osmedeus.py -t example.com --report full

🦑F E A T U R E S :

Subdomain Scan.
Subdomain TakeOver Scan.
Screenshot the target.
Basic recon like Whois, Dig info.
Web Technology detection.
IP Discovery.
CORS Scan.
SSL Scan.
Wayback Machine Discovery.
URL Discovery.
Headers Scan.
Port Scan.
Vulnerable Scan.
Seperate workspaces to store all scan output and details logging.
REST API.
Slack notific React Web UI.
Support Continuous Scan.
ations.
Easily view report from commnad line.

enjoy❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SQL injection vulnerability solutions:

1. The key to solving SQL injection vulnerabilities is to strictly check all data input from users and use the principle of least privilege for database configuration

2. All query statements use the parameterized query interface provided by the database, and the parameterized statements use parameters instead of embedding user input variables into the SQL statement.

3. The special characters ('"\<>&*; etc.) entering the database are escaped or coded.

4. Confirm the type of each data. For example, numeric data must be numeric, and the storage field in the database must correspond to int type.

5. The length of the data should be strictly regulated to prevent the relatively long SQL injection statement from being executed correctly to a certain extent.

6. The coding of each data layer of the website is unified. It is recommended to use UTF-8 coding. Inconsistent upper and lower coding may cause some filtering models to be bypassed.

7. Strictly restrict the operation authority of the website user's database, and provide this user with only the authority that can satisfy his work, thereby minimizing the harm of the injection attack to the database.

8. Avoid websites displaying SQL error messages, such as type errors, field mismatches, etc., to prevent attackers from using these error messages to make some judgments.

9. Before the website is released, it is recommended to use some professional SQL injection detection tools to detect and patch these SQL injection vulnerabilities in time.

ENJOY ❤️👍🏻
WRITTEN BY
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

1) !address List all memory segments in the process with their permissions and memory type. This is similar to the Memory Map in x64dbg.

2) !address [virtual address] List information about the memory segment that contains the virtual address. For example !address 400000 would show information about the section that contains address 0x40000. This is a quick way to find the start and end of a memory segment if you want to dump it.
.writemem [file name] [start address] [end address] Dump memory range to file. For example, .writemem C:

3) \dump.bin 400000 401000 would dump memory starting at 0x40000 and ending at 0x401000 to the dump.bin file.
eb [address] [byte] Enter one byte into memory at the address. For example, eb 400000 0xff would change the byte at address 0x400000 to 0xff. For a full list of enter commands (string, word, etc.) see the Microsoft docs here.

#full with video

🦑Detailed Proxies Lists :

https://pastebin.com/UHthr8WD

Support & Share ❤️👍🏻


T.me/UndercodeTesting

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑X Attacker Tool, Website Vulnerability Scanner & Auto Exploiter

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

on termux install :

1) git clone https://github.com/Moham3dRiahi/XAttacker.git

2) cd XAttacker

3) chmod +x termux-install.sh

4) bash termux-install.sh

🦑Installation Windows alt tag

1) Download Perl

2) Download XAttacker

3) Extract XAttacker into Desktop

4) Open CMD and type the following commands:

5) cd Desktop/XAttacker-master/

6) perl XAttacker.pl

🦑SOME FEATURES :

blocktestimonial Exploit
• Rightnow Theme Exploit
• Konzept Exploit
• Omni Secure Files Exploit
• Pitchprint Exploit
• Satoshi Exploit
• Pinboard Exploit
• Barclaycart Exploit
• Com Facileforms Exploit
• Com Jwallpapers Exploit
• Com Extplorer Exploit
• Com Rokdownloads Exploit
• Com Sexycontactform Exploit
• Com Jbcatalog Exploit
• Com Blog Exploit
• Com Foxcontact Exploit
• Drupal Geddon Exploit


@UndercodeTesting
✅verified
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁