▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#webhacking another Wordpress XMLRPC System Multicall Brute Force Exploit :

HOW IT WORK'S ?

This is an exploit for Wordpress xmlrpc.php System Multicall function affecting the most current version of Wordpress (3.5.1). The exploit works by sending 1,000+ auth attempts per request to xmlrpc.php in order to "brute force" valid Wordpress users and will iterate through whole wordlists until a valid user response is acquired. It will then selectively acquire and display the valid username and password to login.


🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/1N3/Wordpress-XMLRPC-Brute-Force-Exploit.git

2) ./wp-xml-brute http://target.com/xmlrpc.php passwords.txt username1 username2 username3...

THAT'S ALL :)

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Oracle Database 12c Program with PL SQL Ed 1.1 D87462GC11 (Video Tutorial) NEW

https://mega.nz/folder/lRQAySQZ#vafqVuq3dd6ohFvVdmYxjA

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST TORRENTS SITES LIST :

https://1337x.to/

https://www.limetorrents.cc/

https://torrentz2.is/

https://www.torlock.com/

https://eztv.ag/

https://rarbg.to/index31.php

https://www.torrentdownloads.me/

https://torrentgalaxy.to/

https://www.torrentfunk.com/

https://www.skytorrents.to/

https://iptorrents.com/login.php

https://passthepopcorn.me/

https://broadcasthe.net/

https://redacted.ch/

https://bibliotik.me/

https://gazellegames.net/login.php

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#PAYLOAD #EXPLOIT

W HA T I S S E C L I S T S:

SecLists is the security tester's tool. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) wget -c https://github.com/danielmiessler/SecLists/archive/master.zip -O SecList.zip

2) unzip SecList.zip

3) rm -f SecList.zip

4) -h

NOTE: Downloading this repository is likely to cause a false-positive alarm by your anti-virus or anti-malware software, the filepath should be whitelisted. There is nothing in SecLists that can harm your computer as-is, however it's not recommended to store these files on a server or other important system due to the risk of local file include attacks.

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Photoshop Top Secrets —18.5GB—
2019

https://www.amazon.co.uk/PHOTOSHOP-SECRET-PROFESSIONAL-TRAINING-COURSE/dp/B002NLOQC2

https://mega.nz/#F!LFpFGAwJ!yAOrxm-6FI3syLmw5XwuNg

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Postfix mail forwarding

Postfix is the most commonly used MTA program that can deliver, receive, or route emails. So, if you want to forward emails with your server and domain then using the postfix program, you can set up email forwarding configurations on the domain like kbuzdar@mydomain.com. This article will guide you about how to set up a postfix mail forwarding method on the CentOS server. For all other distributions like Ubuntu and Debian, almost all the steps are the same.


1) Install Postfix
First, ensure that postfix is installed on your system or not.using the following command you can check the installation of postfix:

$ rpm -qa | grep postfix

2) Otherwise, you will install postfix using the following command:

$ sudo dnf install postfix
Once the installation of postfix is complete, now using the following command, you can check the postfix service status:

$ sudo service postfix status
The following output should display on your system.

3) As you can see in the above screenshot, postfix services are active on this system. Now, we can further verify with the help of netstat command that postfix services are running on port 25. Type the following command to do this:

$ sudo netstat -ltnp | grep 25

4) Configuration for postfix email forwarding
Now, start the configuration of postfix for forwarding emails. It is a simple task. First, we need to find the postfix configuration directory path by using the postconf command.

$ postconf | grep config_directory

5) Now, we have an idea that all postfix configuration files located in the directory /etc/postfix, so move inside the directory and edit the ‘main.cf’ configuration file.

Open the file in your favorite text editor or which is installed on your system. Here, we are using a vim editor to modify the configuration files.

$ vi /etc/postfix/main.cf

6) Now, you need to add the following lines at the end of the ‘main.cf’ file.

virtual_alias_domains = mydomain.com theanotherdomain.com
virtual_alias_maps = hash:/etc/postfix/virtual

7) Reload the postfix

After doing some necessary changes in the postfix configuration files, reload or restart the postfix configurations by using the following command:

$ sudo /etc/init.d/postfix reload
# or
$ sudo service postfix reload

@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Blind Attacking Framework :

F E A T U R E S :

- blind attacking makes every vulnerable & exposed host to the internet a targeted one , hence increases the awareness of potential threats

- the best way to prevent knowlege abuse under the hood is sharing it with everyone

- it will always add new to the community and will never be a replica

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) fire up a terminal and sudo apt-get update && apt-get upgrade && apt-get dist-upgrade

2) install [ requests , httplib , urllib , time , bs4 "BeautifulSoup" , colored , selenium , sys ] python modules
python BAF_0.1.0.py

3) use BAF authentication to atomatically authenticate with shodan via premium account to get access to all search results or enter your shodan's account username and pass for custom account login

4) choose 1 , let it do it's job , press y , close the previous tab , press y ,close the previous tabs ...etc till u have the vulnerable cams only

5) choose 2 , enter what do u want to search for (ie: NSA) , when it's done , refer to the targets text file , it will contain the targets ip:port
that's all

6) DON'T close a loading webpage
beta versions will make automated browser open for better understanding ,but you can close the webcam tabs freely

enjoy❤️👍🏻
✅git TOPIC
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

updated 2019-2020 list

🦑FREE LIMITED 4,6 STARS COURSE


-ES6 JavaScript features like arrow functions, the spread operator, const and let, and template literal string

-how to use the Fetch API to load trivia questions from an API

-how to store high scores in Local Storage

-how to use Flexbox, Animations, and REM units in CSS

_how to create a progress bar from scratch

-how to create a spinning loader icon from scratch

DOWNLOAD-watch
https://www.udemy.com/course/build-a-quiz-app-with-html-css-and-javascript/

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Session Hijacking Attacks :
#forbeginers

- Session hijacking attacks exploit a valid web session to gain access to a computer network or system. Session hijacking is also informally known as cookie hijacking.

- Since there are several TCP connections involved in HTTP networking, there is often a method involved in the identification of web users. Whether a particular method is suitable is determined by a session token sent by a web server to the user’s browser following successful authentication. A session ID or session token is a string of varying lengths given to a visitor upon their first visit to a site. There are many ways to incorporate a session ID; it can be worked into the URL or the header of the https request received, or stored as a cookie.

S p e c i f i c a l l y :

1) Most browser sessions and web applications are susceptible to session ID attacks, though most can be used to hijack just about any system out there.

2) Session hijacking attacks, or cookie hijacking attacks, steal or imitate a session token to gain access to a system.

M E T H O D E S :

There are several different ways to compromise a session token:


1) By predicting a weak session token

2) Through session sniffing

3) By means of client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc.)

4) Through man-in-the-middle (MITM) attacks (phishing, etc.)

ubuntu forum
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Passive vulnerability auditor :

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/AeonDave/doork doork
doork works with Python version 2.6.x and 2.7.x on any platform. You have also to install

2) pip install beautifulsoup4

3) pip install requests

4) pip install Django

5)cd doork

6) python doork.py

#fastTips
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁