▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑TOPIC 2020 Free admin dashboard template based on Bootstrap 4

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣ DOWNLOAD : https://github.com/ColorlibHQ/AdminLTE/releases

2️⃣Command Line

> Via NPM

npm install admin-lte@^3.0 --save

> Via Yarn
yarn add admin-lte@^3.0

> Via Composer
composer require "almasaeed2010/adminlte=~3.0"

> Via Git
git clone https://github.com/ColorlibHQ/AdminLTE.gitAdminLTE can be installed using multiple methods. Pick your favorite method from the list below. Please be sure to check the dependencies section before continuing.

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑7 NETWORK SECURITY TIPS BY UNDERCODE
#Secure before hacked !


1. The log file inside the operating system is an important clue to detect whether there is a network intrusion. Of course, this assumes that your logfile is not damaged by the intruder. If you have a server connected directly to the Internet with a dedicated line, this means your IP The address is permanently fixed. You will find that many people make telnet/ftp login attempts to your system, try to run #more /var/log/secure | grep refused to check.

2. Limit the number of programs with the SUID permission flag. Programs with the permission flag run as root, which is a potential security hole. Of course, some programs must have the flag, like the passwd program.

3. BIOS security. Set the BIOS password and modify the boot sequence to prevent the system from booting from the floppy disk.

4. User password. User passwords are a basic starting point for Linux security. The user passwords used by many people are simple'passwords, which is equivalent to opening the door to intruders, although theoretically there are no user passwords that cannot be confirmed, as long as there are enough Time and resources are available. A good user password is a string of characters that only he can easily remember and understand, and never write it anywhere.

5. /etc/exports file. If you use the NFS network file system service, then make sure that your /etc/exports has the most restrictive access permission settings, which means do not use any wildcards, do not allow root write permissions, and mount into a read-only file system. Edit the file /etc/exports and add: for example:
　　/dir/to/export host1.mydomain.com(ro,root_squash)
　　/dir/to/export host2.mydomain.com(ro,root_squash)
　　/dir/to/export is the directory you want to output, host.mydomain.com Is the machine name for logging into this directory, ro means mount as a read-only system, and root_squash prohibits root from writing to this directory.
　　In order for the above changes to take effect, run /usr/sbin/exportfs -a

6. Make sure that the owner of /etc/inetd.conf is root and the file permissions are set to 600.
[root@deep]# chmod 600 /etc/inetd.conf
ENSURE that the owner is root.
[root@deep]# stat /etc/inetd.conf
File: "/etc/inetd.conf"
Size: 2869 Filetype: Regular File
Mode: (0600/-rw-------) Uid: (0/ root) Gid: (0/ root)
Device: 8,6 Inode: 18219 Links: 1
Access: Wed Sep 22 16:24: 16 1999(00000.00:10:44)
Modify: Mon Sep 20 10:22:44 1999(00002.06:12:16)
Change:Mon Sep 20 10:22:44 1999(00002.06:12:16)
Edit /etc/inetd.conf to prohibit the following services:
ftp, telnet, shell, login, exec, talk, ntalk, imap, pop-2, pop -3, finger, auth, etc. unless you really want to use it. Especially prohibit those r commands. If you use ssh/scp, then you can also disable telnet/ftp.
For the changes to take effect, run #killall -HUP inetd You can also run #chattr +i /etc/inetd.conf to make the file unchangeable. Only root can unlock it, use the command #chattr -i /etc/inetd.conf

7. TCP_WRAPPERS
By default, Redhat Linux allows all requests. Using TCP_WRAPPERS to enhance the security of your site is a handy effort. You can put
"ALL: ALL” to /etc/hosts.deny to prohibit all requests, and then put those explicitly allowed requests to /etc/hosts.allow, such as:
sshd: 192.168.1.10/255.255.255.0 gate.openarch.com
to the IP address 192.168.1.10 and the host name gate.openarch.com allow connection via ssh. After the configuration is complete, use tcpdchk to check
[root@deep]# tcpdchk
tcpchk is a TCP_Wrapper configuration check tool that checks your tcp wrapper configuration and reports any potential/existing problems found.

written by Undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑2020 TOPIC get Facebook data, and some Facebook bots, and extra tools found on Facebook Toolkit ++.

🦑FEATURES :

Get Access Token ✅ get access token your facebook account
Account Information ✅ view your account information
Dump ID ✅ retrieve all your friend's ID data
Dump Email ✅ retrieve all your friend's Email data
Dump Name ✅ retrieve all your friend's Name data
Dump Birthday ✅ retrieve all your friend's Birthday data
Dump Gender ✅ retrieve all your friend's Gender data
Dump Location ✅ retrieve all your friend's Location data
Dump URL Profile ✅ retrieve all your friend's url profile data
Dump Mobile Number ✅ retrieve all your friend's mobile number data
Dump Religion ✅ retrieve all your friend's religion data
Dump Username ✅ retrieve all your friend's username data
Dump Bio ✅ retrieve all your friend's bio data
Dump About ✅ retrieve all your friend's about data
Filter Yahoo Mail ✅ separate all Yahoo e-mails [yahoo.com]
Yahoo Mail Validation ✅ validate all Yahoo e-mails
Clean Result ✅ clean the result folder
Delete ALL Post ✅ clean all your posts
Unfriend ALL ✅ clean all your friends
Confirmation ALL ✅ confirm all friend requests
Confirmation ALL [Male] ✅ confirm all friend requests based on male sex
Confirmation ALL [Female] ✅ onfirm all friend requests based on female sex
View Data ✅ see your friends data based on your username or ID
Dump ID Member Group ✅ retrieve all ID member on group database
Dump Username Profile Member Group ✅ retrieve all username member on group database
Dump URL Profile Member Group ✅ retrieve all url profile member on group database
Brute Force ID ✅ brute force your friends by ID
Brute Force ID Member Group ✅ brute force Member Group by ID

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

TERMUX -LINUX

1️⃣pkg install php

2️⃣pkg install curl

3️⃣pkg update

4️⃣git clone https://github.com/warifp/FacebookToolkit

5️⃣Enough to execute the command :

php run.php
Cek list menu tools, use the command :

php run.php -m
Cek author, use the command :

php run.php -a
Cek version, use the command :

php run.php -v
Cek update, use the command :

php run.php -u
and help, use the command :

php run.php -h

✅Git 2020 sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑FASTEST WAY TRACKING IP ADRESS FOR NOOBS :
-Termux Linux new release :

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

apt update

apt install git -y

git clone https://github.com/rajkumardusad/IP-Tracer.git

cd IP-Tracer

chmod +x install

sh install or ./install

How to use IP-Tracer
trace -m to track your own ip address.

trace -t target-ip to track other's ip address for example ip-tracer -t 127.0.0.1

trace for more information.

OR

ip-tracer -m to track your own ip address.

ip-tracer -t target-ip to track other's ip address for example ip-tracer -t 127.0.0.1

✅git 2020 sources
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑NETFLIX CHECKER ON GITHUB

https://github.com/AbdeslemSmahi/NetflixChecker

🦑Features:

Python 3.x
Simple readable code
Mass Accounts checker
Combolist support
HTTP Proxy Support

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WIFI IN USA & UK NOW :

> In some countries it is not allowed to use the frequencies of some Wi-Fi channels (for example, in the USA you cannot use channels 12, 13 and 14).

> Most countries have a Wi-Fi signal limit of 20.0 dBm. But there are countries in which there is a limit of 30.0 dBm. You can take advantage of this loophole (to make a Wi-Fi card think that it is in a country where 30.0 dBm is allowed) and raise its power (TX Power) to a value of 30.0 dBm.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BEST WIFI ADPATER FOR KALI 2020

> 5 GHz band support
Two band, including those with 5 GHz support, are, for example, cards:

1-Alfa AWUS051NH
http://rover.ebay.com/rover/1/711-53200-19255-0/1?icep_ff3=9&pub=5575132165&toolid=10001&campid=5337870315&customid=&icep_uq=Alfa+AWUS051NH&icep_sellerId=&icep_ex_kw=&icep_sortBy=12&icep_catId=&icep_minPrice=&icep_maxPrice=&ipn=psmain&icep_vectorid=229466&kwid=902099&mtid=824&kw=lg

2-Alfa AWUS052NH
http://rover.ebay.com/rover/1/711-53200-19255-0/1?icep_ff3=9&pub=5575132165&toolid=10001&campid=5337870315&customid=&icep_uq=Alfa+AWUS052NH&icep_sellerId=&icep_ex_kw=&icep_sortBy=12&icep_catId=&icep_minPrice=&icep_maxPrice=&ipn=psmain&icep_vectorid=229466&kwid=902099&mtid=824&kw=lg

🦑Intel's latest Wi-Fi adapters built into laptops

> They show 5 GHz APs and are capable of intercepting data.

However, when testing the ability to inject, different users receive different data. For some users, everything works, for some at 5 GHz it can only inject on channels 36 to 48. On others (52 to 116), where there is radar detection, there are some problems with the injection of deauthentication packets. In some, the injections do not work on all channels. I belong to the latter - my injection test failed on all tried and tested channels. It is possible that such a spread is associated with a bug in aireplay-ng , the author of the program on the forum confirmed its presence, at the moment the
error has not been fixed.

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑BASIC WIFI HACKING BY UNDERCODE

BSSID is the MAC address of the wireless card. Example MAC address: 50: 46: 5D: 6E: 8C: 20. They are described in more detail in the note “ How to find out the MAC address and How to find out the manufacturer by MAC address ”.

Handshake (also hendsheyk , handshake ) - data exchanged between the station and the access point at the time of the creation of Wi-Fi connection. This data contains information that allows you to select a password from a Wi-Fi network.

Brute-force (also full search ) is a method of attacking a password, which consists in enumerating all possible password options. It requires a lot of time and computing resources.

Dictionary search ( dictionary attack ) is a method of attacking a password, which consists in enumerating frequently occurring password options. It has a good ratio of resources spent to the results obtained.

Wi-Fi password brute force is a password guessing method that involves connecting to an Access Point with various password candidates. Practically not applicable due to the extremely low speed of search.

Offline Wi-Fi password guessing is a password guessing method that involves grabbing a Handshake and picking up a password that matches that handshake. This selection does not require connection to an Access Point and is performed many orders of magnitude faster than online search. It can also be performed on the computing power of video cards, which increases the speed of search by several orders of magnitude.

WPA and WPA2 - technology for secure access to Wi-Fi, has replaced the outdated technology of WEP.

A wireless Wi-Fi card (or a wireless Wi-Fi adapter ) is any network card that can connect to a Wi-Fi network. On laptops and phones, they are built into the case; on desktop computers, they usually represent an external device that connects via USB.

Monitor mode ( Monitor-Mode ) - the property of some wireless cards receive data packets, which are designed not only for them but also for other wireless devices.

Network interface - the name, symbol in Linux for network cards / adapters.

A Wi-Fi network channel is a conventional digital designation of the frequency at which the Access Point is currently operating.

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Wi-Fi Hacking Software list 4
This list Special for Kali Users


1️⃣airodump-ng is a tool for capturing wireless packets. Very often used to capture four-stage handshakes, which are later used to crack a Wi-Fi network password. It can capture any frames of wireless networks for further analysis.
https://kali.tools/?p=411

2️⃣airodump-ng is a tool for capturing wireless packets. Very often used to capture four-stage handshakes, which are later used to crack a Wi-Fi network password. It can capture any frames of wireless networks for further analysis.
https://kali.tools/?p=411

3️⃣boopsniff - a program from the BoopSuite package to show access points in the range of accessibility and capture handshakes.
https://kali.tools/?p=3409

4️⃣WPA2-HalfHandshake-Crack is a working concept to demonstrate the possibility of hacking a WPA2 network by grabbing a handshake from a user trying to connect to a fake AP. Those. grabs a half handshake.
https://kali.tools/?p=2794

5️⃣Reaver is designed to select the WPS (Wifi Protected Setup) pin by brute force. Reaver was created for a reliable and practical attack on WPS; it was tested on a large number of access points with different WPS implementations. On average, Reaver reveals the WPA / WPA2 password in plain text to the target access point (AP) for 4-10 hours, depending on the AP. In practice, he usually needs half this time to guess the WPS pin and guess the password.
https://kali.tools/?p=355

6️⃣Pixiewps is a tool written in C that is used to offline brute force the WPS pin by exploiting the low or nonexistent entropy of some access points (pixie dust attack).
> https://kali.tools/?p=351

🦑Those some from kali wifi hacking tools - Kali is a good hacking os

but don't even mind the Undercode Linux Os that we use their include more than those tools and more automation for wifi hacking ...

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Client installation under Windows
#Fast Tip
Let's look at what happens when you install the client on Windows. No matter how hidden the process of installing the server, some initial data will still have to be set, explicitly requesting it from the user or setting some default values.

During the installation process of the InterBase client, you need to specify the directory where InterBase will be installed

> let's call it <InterBase root>. Client installation includes the following steps:

1)Copy files included in the client.

2) Register files for sharing.

3) Create registry keys.

4)Registration of the TCP / IP service.

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑GuardMiner mining trojan has recently been active and has the ability to actively attack worms.

1️⃣The Trojan will scan and attack multiple server component vulnerabilities in Redis, Drupal, Hadoop, Spring, thinkphp, WebLogic, SQLServer, Elasticsearch, and Windows and Linux under attack.

2️⃣ The malicious scripts init.ps1 and init.sh are executed in the system, and the malicious script will further download the Monero mining trojan, remove the competitive mining trojan and perform local persistent operation. In the Linux system, use SSH connection and Redis weak password blasting to conduct intranet proliferation attacks.

3️⃣ Init.ps1 attacks the Windows system, downloads the mining process phpupdate.exe from the server, configuration file config.json, scans the attack process networkmanager.exe, persistent script newdat.ps1, mining daemon phpguard.exe, clean script clean .bat.

4️⃣ Init.sh attacks the Linux system, downloads the mining process phpupdate from the server, the configuration file config.json, the persistent script newdat.sh, scans the attack process networkmanager, and mining daemon phpuguard.

5️⃣The three sets of mining pools and wallets used for mining are as follows:
xmr.f2pool.com : 13531
43zqYTWj1JG1H1idZFQWwJZLTos3hbJ5iR3tJpEtwEi43UBbzPeaQxCRysdjYTtdc8aHao7csiWa5BTP9PfwozyfS520

xmr-eu2.nanopool.org:
14444 43zqYTWj1JG1H1idZFQWwJZLTos3hbJ5iR3tJpEtwEi43UBbzPeaQxCRysdjYTtdc8aHao7csiWa5BTP9PfNYzyfSbbrwoR.v520

randomxmonero.hk.nicehash.com:3380
3HVQkSGfvyyQ8ACpShBhegoKGLuTCMCiAr.v520

....
@UndercodeNews
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A Hackers framework topic git:

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

$ git clone https://github.com/Eitenne/roxysploit.git; cd roxysploit; sudo /bin/bash install

🦑OS :

Arch Linux Working
Kali Linux Working
Ubuntu Working
Debian Working
Centos Not Tested
MacOSX Needs porting
Windows Ha no.

> RUN :

rsf > use Picklock
rsf (plugins/picklock) > help


✅Git TOPIC sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑information gathering :
AngryFuzz3r is a collection of tools for pentesting to gather information and discover vulnerabilities of the targets based on Fuzzedb

🦑FEATURES :

-Fuzz url set from an input file
-Concurrent relative path search
-Configurable number of fuzzing workers
-Fuzz CMS ==> Wordpress,Durpal,Joomla
-Generate reports of the valid paths

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/ihebski/angryFuzzer.git

2️⃣ cd angryFuzzer

3️⃣$ python angryFuzzer.py -h
Usage: angryFuzzer.py options

4️⃣Examples :

> Fuzzing an url with default dictionary

 angryFuzzer.py -u http://127.0.0.1 

> Fuzzing CMS (wp: in this exemple !)

 angryFuzzer.py -u http://127.0.0.1 --cms wp 

> Fuzzing a custom Wordlist

python angryFuzzer.py -u http://127.0.0.1 -w fuzzdb/discovery/predictable-filepaths/php/PHP.txt

✅git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

TOR FRONTING WRITTEN TUTORIAL PDF

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WINDOWS EXPLOITS TUTORIALS SOURCES :

+ Bypassing DEP by returning into HeapCreate - by Toto

+ First public ASLR bypass exploit by using partial overwrite - by Skape

+ Heap spray and bypassing DEP - by Skylined

+ First public exploit that used ROP for bypassing DEP in adobe lib TIFF vulnerability

+ Exploit codes of bypassing browsers memory protections

+ PoC’s on Tokken TokenKidnapping . PoC for 2k3 -part 1 - by Cesar Cerrudo
+ PoC’s on Tokken TokenKidnapping . PoC for 2k8 -part 2 - by Cesar Cerrudo

+ An exploit works from win 3.1 to win 7 - by Tavis Ormandy KiTra0d

+ Old ms08-067 metasploit module multi-target and DEP bypass

+ PHP 6.0 Dev str_transliterate() Buffer overflow – NX + ASLR Bypass

+ SMBv2 Exploit - by Stephen Fewer

+ Microsoft IIS 7.5 remote heap buffer overflow - by redpantz

+ Browser Exploitation Case Study for Internet Explorer 11

✅git 2020 sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Game Character Animation in Maya and Unity —1.4 GB—

https://www.pluralsight.com/courses/unity-maya-game-character-animation

https://mega.nz/#F!lE9kDKJY!UTn1ILXl0KygetHERPgGQA

🦑MCSD 70-483 C# Complete Preparation Course + Practice Exams —3.9 GB


https://mega.nz/#F!1INGiAzA!mwuqgGIlzibovFuZ4aGm4w

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑RANSOMWARE 2020 :


FEATURES :

Generate a ransomware payload
With or without GUI payload
FUD (Fully Undetectable by Anti-Virus)
Works on Windows, MacOS and Linux
Super fast encryption with PyCrypto
Compile to EXE, APP or Unix/Linux executable
Custom icon for your EXE payload
Receive keys of victims
Decrypt files
Demo mode (payload won't encrypt anything)
Fullscreen mode (Warning takes over the screen)
Custom warning message for your victim
Custom image in your payload
Ghost mode (Rename by adding .DEMON extention instead of encrypting the files)
Multiple encryption methods
Select file extentions to target
Decide if payload should self-destruct (Console mode feature only)
Decide wich drive to target for encryption (working directory)
Verified server access through port forwarding VPN

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

 clone https://github.com/leonv024/RAASNet.git

2️⃣pip3 install -r requirements.txt

3️⃣python3 RAASNet.py

On Linux, you might need to install these packages:

 apt install python3-tk python3-pil python3-pil.imagetk

Testing connection with remote server:

 Change the host and port in test_socket.py, default is 127.0.0.1 on port 8989
python3 test_socket.py

> for More free tutorials for beginers about it :

https://github.com/leonv024/RAASNet/blob/master/demo/PyCrypto-vs-PyAES_demo_10fps.gif

ENJOY 👍🏻

✅git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁