▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Termux-Linux Topic 2020 :
WireSpy enables the automation of various WiFi attacks to conduct Man-In-The-Middle-Attacks (MITMAs).

> WireSpy allows attackers to set up quick honeypots to carry out MITMAs. Monitoring and logging functionality is implemented in order to keep records of the victims' traffic/activities. Other tools can be used together with Wirespy to conduct more advanced attacks.

> Two type of attacks are supported at the moment:

1-Evil twin: Force victims to auto-connect to the honeypot by spoofing a "trusted" hotspot (clone an existing access point and de-authenticate its users to force them to transparently connect to the spoofed honeypot).

2-Honeypot: Set up a simple rogue hotspot and wait for clients to connect.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/aress31/wirespy.git

2️⃣cd wirespy

3️⃣$ chmod +x wirespy.sh

4️⃣$ sudo ./wirespy.sh

5️⃣commands :
Attacks:
eviltwin > launch an evil twin attack
honeypot > launch a rogue access point attack

Commands:
clear > clear the terminal
help > list available commands
quit|exit > exit the program
apscan > show all wireless access points nearby
leases > display DHCP leases
powerup > power wireless interface up (may cause issues)
start capture > start packet capture (tcpdump)
stop capture > stop packet capture (tcpdump)
status > show modules status

🦑Features :

>Capture victims' traffic.
>MAC address spoofing.
>Set-up honeypot and evil twin attacks.
>Show the list of in range access points.
>Wireless adapter|card|dongle power amplification.

ENJOY❤️👍🏻
✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A security breach exposed more than 1 million DNA data in the genealogical database GEDmatch
#News

> According to the foreign media BuzzFeed News, on July 19, genealogist lovers who used the GEDmatch website to upload DNA information and find relatives to fill in their genealogy received an unpleasant news. Suddenly, more than 1 million pieces of DNA data that had been hidden were used by the police to find data that partially matched the DNA at the crime scene for the police to search.

> This news undermined the efforts of Verogen, the forensic genetics company that acquired GEDmatch in December, convinced users that it would protect their privacy while pursuing a business based on the use of genetic genealogy to help solve violent crimes.

> The second alert occurred on July 21, when MyHeritage, an Israeli-based genealogy website, announced that some of its users were under phishing attacks to obtain their login information on the site-apparently against the electronic data obtained when GEDmatch was attacked two days ago. Mail address.

> In a statement sent to BuzzFeed News via email and posted on Facebook, Verogen explained that the GEDmatch information that should have been hidden by law enforcement agencies was suddenly uncovered, which is "complicating one of our servers through existing user accounts." Planned for the attack".

"Due to this vulnerability, the permissions of all users were reset, allowing all users to see all files. This situation lasted for about three hours," the statement said. "During this period, users who did not choose to participate in law enforcement matching can perform law enforcement matching. On the contrary, all law enforcement files will be visible to GEDmatch users."

#News
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WeChat domain name anti-blocking technology WeChat domain name is always blocked and intercepted how to solve

#solutions
1) Reports by users and peers

This type of situation occurs most frequently, especially malicious reports made by peers. There is a team dedicated to reporting this section. Through a large number of reports on WeChat, the domain name was blocked.

Solution: Block the report button

If the report button is blocked through technical means, they will have no way to report. We have implemented this solution on WeChat/QQ. After comprehensive testing, customer feedback is still good!

2) There are induced sharing, compulsory attention, etc.

The blocking in this situation is also relatively high, because every link is published on WeChat, WeChat will have a crawler to grab the information of the current webpage. The webpage will be blocked if the above situation occurs.

Solution: detection interface + domain name rotation system

Configure your website, use multiple sets of domain names one and two. For example, if the shared domain name is number one, the number one is called the primary domain name. After clicking it, jump to number two. Before jumping, check if number two has been blocked. The number two inside is called the landing domain name. Usually, the second domain name of whereabouts needs to be prepared a little bit more, the detection interface is always automatically queried, and it is changed if it is sealed. Bulk wholesale domain names don’t cost much.

3) Third, the content on the page violates regulations or induces inTerception caused by being reported

This category means that your product belongs to the HS industry, and this category is also more sensitive in WeChat.

Solution: Jump system

The user clicks on the No. 1 page in WeChat and immediately automatically opens the mobile browser and jumps to your default page. In fact, it is very common for a domain name to be blocked. After all, WeChat is only software and cannot be so smart. There are often many misjudgments. After testing, there are still many ways to prevent domain names from being blocked. Many industries use anti-block codes to be stable for a long time.

4) Four, Tencent and other regular inspections

As mentioned above, when each link is published on WeChat, Tencent will have web page information crawled by a crawler. Some links with relatively large traffic are usually repeatedly crawled by Tencent, because the frequency is too high to lead to the domain name link Blocked.

Solution: Block detection

In layman's terms, we found that Tencent's IP had come in, so we filtered it out and led him to another place, where we showed them normal content. This workload is also very huge, because Tencent's computer rooms are widely distributed.

Well, the above are some anti-sealing strategies and methods organized here.

Here are a few protection platforms for everyone to choose from, because our two levels of advertising are too big, and we have also found many anti-seal and anti-red on the Internet. These are all cooperative,

>Booker Anti-Red Short URL

>Paparazzi domain name anti-blocking

> Jingyun Anti-Red Short Link

> Pegasus Red

ENJOY❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 Updates
> NodeXP is an intergrated tool, written in Python 2.7, capable of detecting possible vulnerabilities on Node.js services as well as exploiting them in an automated way, based on S(erver)S(ide)J(avascript)I(njection) attack!


🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣Download NodeXP by cloning the Git repository:

> git clone https://github.com/esmog/nodexp

2️⃣To get a list of all options run:

>python2.7 nodexp -h

3️⃣Examples for POST and GET cases accordingly:

> python2.7 nodexp.py --url="http://nodegoat.herokuapp.com/contributions" --pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"
python2.7 nodexp.py --url="http://nodegoat.herokuapp.com/contributions" --pdata="preTax=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" --tech=blind

> python2.7 nodexp.py --url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA"
python2.7 nodexp.py --url="http://192.168.64.30/?name=[INJECT_HERE]" -c="connect.sid=s:i6fKU7kSLPX1l00WkOxDmEfncptcZP1v.fy9whjYW0fGAvbavzYSBz1C2ZhheDuQ1SU5qpgVzbTA" --tech=blind

4️⃣Setting up and Use Testbeds
In order get familiar with NodeXP you might need to set the Node.js testing services provided (/testbeds) and start using the tool. A local machine running Node.js server will be necessary.

5️⃣Firstly, you should install 'body-parser' and 'express' packages, in the GET and POST directories.

6️⃣Go to 'testbeds/GET' directory on your local machine and paste the command below in terminal:

npm install express --save
Go to 'testbeds/POST' directory and paste the commands below in terminal:

> npm install body-parser --save

> nmp install express --save

> After the correct installment of the packages you could run each service by running the command 'node' and the desirable js file (ex. node eval.js).

7️⃣After you server is up and running, you are ready to run NodeXP and test it upon those services!

Example for GET case shown below:

> python2.7 nodexp.py --url=http://localiprunningnodejsserver:3001/?name=[INJECT_HERE]

8️⃣Example for POST case shown below:

python2.7 nodexp.py --url=http://localiprunningnodejsserver:3001/post.js --pdata=username=[INJECT_HERE]

enjoy❤️👍🏻
✅git 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

ACTIVATE ANY WINDOWS/OFFICE OFFICIAL NEW 2020 UPDATE

> TURN OF ANTI-VIRUS & RUN
> safe 100%

12345 Password

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Google AdSense allows modification of Western Union’s phonetic name
#FastTips

The modification steps are very simple:

1) Log in to your AdSense account and click on the link to my account.

2) Click the edit link next to the payment details.

3) Select Set up Western Union Quick Cash, and then click Continue.

4) Then you will see the page to modify the pinyin name: you only need to fill in the pinyin of your name in the corresponding box, the case of the pinyin has no effect, but do not add spaces between the names.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PROGRAMMING 2020 —19,4 GB— :

https://mega.nz/folder/FzQRgCDb#BBa50R1bHBi-zFbyljkJzg

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑virus prevention for any Linux platform :


(1) Do a good job in system reinforcement.

(2) Pay attention to security announcements and correct loopholes in time.

(3) Do not use root privileges for daily operations.

(4) Don't just install various device drivers from unknown sources.

(5) Do not run some executable programs or scripts of unknown origin on important servers.

(6) Install anti-virus software as much as possible, and regularly upgrade the virus code base.

(7) For Linux servers connected to the Internet, Linux viruses should be checked regularly. Whether worms and Trojan horses exist.

(8) For Linux servers that provide file services, it is best to deploy a software that can check and kill Windows and Linux viruses at the same time.

(9) For Linux servers that provide mail services, it is best to use an E-mail virus scanner.

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

1 K New NordVpn ✅

https://pastebin.com/raw/PGgaY027

send sc @Undercode_Bot

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑445 port intrusion reason detailed analysis :
#fASTtIPS

In Windows NT 4.0, a challenge response protocol is used to establish a session with a remote machine. The successful session will become a secure tunnel through which the two parties can exchange information. The general sequence of this process is as follows:

1) The session requester (client) transmits a data packet to the session receiver (server) to request the establishment of a secure tunnel;

2) The server generates a random 64-digit number (implementation challenge) and sends it back to the client;

3) The client obtains the 64-digit number generated by the server, disrupts it with the password of the account trying to establish the session, and returns the result to the server (response);

4) After the server accepts the response, it sends it to the local security authentication (LSA). The LSA verifies the response by using the user's correct password to confirm the identity of the requester. If the account of the requester is a local account of the server, the verification occurs locally; if the account requested is a domain account, the response is sent to the domain controller for verification. When the response to the challenge is verified as correct, an access token is generated and then sent to the client. The client uses this access token to connect to the resource on the server until the proposed session is terminated.

WRITTEN BY UNDERCODE
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑VULNERABLE SOFTWARES :

Http://www.oldapps.com/

Http://www.oldversion.com/

Http://www.exploit-db.com/webapps/

Http://code.google.com/p/wavsep/downloads/list

http://www.owasp.org/index.php/Owasp_SiteGenerator

Http://www.mcafee.com/us/downloads/free-tools/
hacmebooks.aspx

Http://www.mcafee.com/us/downloads/free-tools/hacme-
casino.aspx

Http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx

Http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx


enjoy❤️👍🏻
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WEB-Hacking #resources :

Http://www.bindshell.net/tools/beef

Http://blindelephant.sourceforge.net/

Http://xsser.sourceforge.net/

Http://sourceforge.net/projects/rips-scanner/

Http://www.divineinvasion.net/authforce/

Http://andlabs.org/tools.html#sotf

http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf

Http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html

Http://code.google.com/p/pinata-csrf-tool/

Http://xsser.sourceforge.net/#intro

Http://www.contextis.co.uk/resources/tools/clickjacking-tool/

Http://packetstormsecurity.org/files/view/69896/unicode-fun.txt

Http://sourceforge.net/projects/ws-attacker/files/

Https://github.com/koto/squid-imposter


enjoy❤️👍🏻
✅git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Support & Share ❤️👍🏻

T.me/UndercodeSecurity

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PROXIES Burp :


Http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214

Http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/

Http://sourceforge.net/projects/belch/files/

Http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools

Http://blog.ombrepixel.com/

Http://andlabs.org/tools.html#dser

Http://feoh.tistory.com/22

Http://www.sensepost.com/labs/tools/pentest/reduh

http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project

Http://intrepidusgroup.com/insight/mallory/

Http://www.fiddler2.com/fiddler2/

http://websecuritytool.codeplex.com/documentation?referringTitle=Home

http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1

enjoy❤️👍🏻
✅git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Full Tutorial

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PASSWORD HACK/EXPLOIT TOOLS :

Http://nmap.org/ncrack/

Http://www.foofus.net/~jmk/medusa/medusa.html

Http://www.openwall.com/john/

Http://ophcrack.sourceforge.net/

Http://blog.0x3f.net/tool/keimpx-in-action/

Http://code.google.com/p/keimpx/

Http://sourceforge.net/projects/hashkill/

enjoy❤️👍🏻
✅git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑METASPLOIT Exploits/ basic & Advanced tutorials :

Http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html

http://code.google.com/p/msf-hack/wiki/WmapNikto

Http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html

Http://seclists.org/metasploit/

Http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html

Http://meterpreter.illegalguy.hostzi.com/

Http://blog.metasploit.com/2010/03/automating-metasploit-
console.html

Http://www.workrobot.com/sansfire2009/561.html

Http://www.securitytube.net/video/711

http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download

Http://vimeo.com/16852783

Http://milo2012.wordpress.com/2009/09/27/xlsinjector/

Http://www.fastandeasyhacking.com/

Http://trac.happypacket.net/

http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf

http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf

http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training

Http://www.irongeek.com/i.php?page=videos/metasploit-class

Http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/

Http://vimeo.com/16925188

Http://www.ustream.tv/recorded/13396511

Http://www.ustream.tv/recorded/13397426

Http://www.ustream.tv/recorded/13398740

enjoy❤️👍🏻
✅git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Penetration Testing on X11 Server Full tutorial
enjoy❤️👍🏻