β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 4
> FOR Set up FTP server with wu-ftpd : FULL BY UNDERCODE
fb.com/UndercodeTestingCompany
Can be a host name or IP address of the
root refers to the root directory of the ftp, banner is a welcome message, logfile refers to the log file of the virtual platform
The following are some examples:
Virtual virtual.com.bj root / Home / ftp2
Virtual Virtual. com.bj banner /etc/vftpbanner.2
virtual virtual.com.bj logfile /etc/viftplog.2
virtual
<letter> The
user can find the hostname and the administrator email. Here are some examples:
virtual 210.62.146.50 hostname virtual.site .com.bj
virtual vritual.site.com.bj email ftpown@virtual.site.com.bj
virtual
allow <user> [<user> ...]
virtual
deny <user> [<user> ...]
Obviously, the above the two options are to set whether to allow the connection, the following are some examples:
virtual virtual.site.com.bj the allow *
virtual virtual.site.com.bj deny badman
virtual
Private
this virtual platform reject anonymous users
defaultserver deny <user> [<user> ...]
defaultserver allow <user> [<user> ...]
When we use a virtual host, the original deny and allow settings do not know which server to set, so it will be invalid. Use defaultserver represents the original host
defaultserver private
master station rejects anonymous users
passive address--translated IP value
passive address <external IP> / cidr
passive ports--passive ports range
passive ports
pasv-allow--allows the use of pasv
pasv-allow [ <Address> ...]
port-allow
--allow port port-allow [<address> ...]
mailserver--specify the mail server
for upload notification
incmail--specify the email notification address for anonymous upload virtual incmail--specify the virtual host anonymous upload email notification address
defaultserver incmail--specified default email notification address for anonymous upload
mailfrom--notified sender upload
virtual mailfrom--virtual host upload notification sender
defaultserver mailfrom--the sender of the default host upload notification
chmod--set whether the file permissions can be changed
delete--set whether the file can be deleted
overwrite--overwrite the file
rename--rename the file
umask--allow umask
passwd -check--Set the password check level of anonymous FTP, the usage is as follows:
passwd-check ()
sets whether to check the password of anonymous FTP users, none means not check, trivial is any password containing @, rfc822 means the password is required Following the RFC822 format, enforce indicates that the password check is not allowed, and warn indicates that the password check is only a warning message.
deny = email--Reject specific emails as password
path-filer--Determine which file names are not available
path-filer <error message file> <allowed characters> <not allowed characters>
upload--Set upload permissions
upload [absloute /relative][class=]...[-]<set directory>> [dirs / nodirs] [d_mode] is
used to set permissions on the directory we want to set:
absoulte / relative uses absolute or relative paths
class = Specify a class
root-dir to which root-dir people, which is the login directory after chroot, apply this rule
The set directory refers to the directory we want to restrict.
Yes / no indicates whether it is possible to open a new file
owner in this directory , group indicates the opened file owner and group
Mode refers to the file permissions
dirs / nodirs Refers to whether it is possible to open a new directory.
D_mode sets the permissions of the directory when creating a new directory. If it is not set, it will be set according to mode--
control the download speed
thoughput <subdirectory list> <file> <remote address list>
For the remote address, control the speed when he grabs some files in a subdirectory, for example:
thoughput / e / ftp * *
oo- * thoughput / e / ftp / sw * * 1024 0.5 *
thoughput / e / ftp sw * readme
oo- * thoughput / e / ftp sw * * oo-* .foo.com
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 4
> FOR Set up FTP server with wu-ftpd : FULL BY UNDERCODE
fb.com/UndercodeTestingCompany
Can be a host name or IP address of the
root refers to the root directory of the ftp, banner is a welcome message, logfile refers to the log file of the virtual platform
The following are some examples:
Virtual virtual.com.bj root / Home / ftp2
Virtual Virtual. com.bj banner /etc/vftpbanner.2
virtual virtual.com.bj logfile /etc/viftplog.2
virtual
<letter> The
user can find the hostname and the administrator email. Here are some examples:
virtual 210.62.146.50 hostname virtual.site .com.bj
virtual vritual.site.com.bj email ftpown@virtual.site.com.bj
virtual
allow <user> [<user> ...]
virtual
deny <user> [<user> ...]
Obviously, the above the two options are to set whether to allow the connection, the following are some examples:
virtual virtual.site.com.bj the allow *
virtual virtual.site.com.bj deny badman
virtual
Private
this virtual platform reject anonymous users
defaultserver deny <user> [<user> ...]
defaultserver allow <user> [<user> ...]
When we use a virtual host, the original deny and allow settings do not know which server to set, so it will be invalid. Use defaultserver represents the original host
defaultserver private
master station rejects anonymous users
passive address--translated IP value
passive address <external IP> / cidr
passive ports--passive ports range
passive ports
pasv-allow--allows the use of pasv
pasv-allow [ <Address> ...]
port-allow
--allow port port-allow [<address> ...]
mailserver--specify the mail server
for upload notification
incmail--specify the email notification address for anonymous upload virtual incmail--specify the virtual host anonymous upload email notification address
defaultserver incmail--specified default email notification address for anonymous upload
mailfrom--notified sender upload
virtual mailfrom--virtual host upload notification sender
defaultserver mailfrom--the sender of the default host upload notification
chmod--set whether the file permissions can be changed
delete--set whether the file can be deleted
overwrite--overwrite the file
rename--rename the file
umask--allow umask
passwd -check--Set the password check level of anonymous FTP, the usage is as follows:
passwd-check ()
sets whether to check the password of anonymous FTP users, none means not check, trivial is any password containing @, rfc822 means the password is required Following the RFC822 format, enforce indicates that the password check is not allowed, and warn indicates that the password check is only a warning message.
deny = email--Reject specific emails as password
path-filer--Determine which file names are not available
path-filer <error message file> <allowed characters> <not allowed characters>
upload--Set upload permissions
upload [absloute /relative][class=]...[-]<set directory>> [dirs / nodirs] [d_mode] is
used to set permissions on the directory we want to set:
absoulte / relative uses absolute or relative paths
class = Specify a class
root-dir to which root-dir people, which is the login directory after chroot, apply this rule
The set directory refers to the directory we want to restrict.
Yes / no indicates whether it is possible to open a new file
owner in this directory , group indicates the opened file owner and group
Mode refers to the file permissions
dirs / nodirs Refers to whether it is possible to open a new directory.
D_mode sets the permissions of the directory when creating a new directory. If it is not set, it will be set according to mode--
control the download speed
thoughput <subdirectory list> <file> <remote address list>
For the remote address, control the speed when he grabs some files in a subdirectory, for example:
thoughput / e / ftp * *
oo- * thoughput / e / ftp / sw * * 1024 0.5 *
thoughput / e / ftp sw * readme
oo- * thoughput / e / ftp sw * * oo-* .foo.com
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
UndercOde Testing Company
UndercOde Testing Company. 94 likes Β· 6 talking about this. Local service
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 5
> FOR Set up FTP server with wu-ftpd : FULL BY UNDERCODE
fb.com/UndercodeTestingCompany
Can you see the above settings? "Oo" means unlimited bytes / sec, "-" or "1.0" means double. The first line means that the files under / e / ftp do not limit the download speed; the second line says that any files under / sw * are limited to 1024bytes / sec *
0.5 = 512bytes / sec; the third line The speed limit of the readme file is cancelled again; the last line is open to full speed for * .foo.com.
anonymous-root--Sets the anonymous user's root directory for a class
anonymous-root []
guest-root--Presets a guest user's root directory
guest-root []
where used to specify the uid range
deny-uid, deny-gid--reject a certain range of UID (GID) range
allow-uid, allow-gid--allow a certain range of UID (GID) range
restricted-uid, restricted-gid--restricted user cannot leave his login directory
unrestricted-uid, unrestricted-gid--user can leave his login directory
dns refuse_mismatch--set the action that
DNS finds that the name does not match the user setting dns refuse_mismatch <message File> [override]
When the user uses an unregistered IP, he refuses his connection. Override ignores the error and lets him connect. The information file is for the user.
dns refuse_no_reverse--Sets the connection to be rejected without anti-checking records.
dns refuse_no_reverse <information file> [override]
When the user's IP check is not checked, the connection is rejected.
dns resolveoptions--Set DNS resolution options
dns resolveoptions [options ]
DNS resolution options can be set here.
/ Etc / ftphosts The
ftphosts file is actually similar to the access in ftpaccess, which is very similar to deny. It is used to set up certain ID connections. It has no class definition, so it must be a real user .
allow | deny <user> <address> [<address>
Here are some examples:
allow rose 140.0.0 / 8
deny jack 140.123.0.0:255.255.0.0
allow rose to come in from 140. *. *. *, Deny jack to come up from 140.123. *. *
β / etc / ftpservers
this file control When you have different IP / hostname, which configuration file to use for incoming connections. For example:
10.196.145.10 /etc/ftpd/ftpaccess.somedomain/
10.196.145.200 /etc/ftpd/ftpaccess.someotherdomain/
some.domain internal
10.196.145.20 /etc/ftpd/config/faqs.org/
ftp.some.domain / etc / ftpd / config / faqs.org /
β / etc / ftpusers
The users recorded in this file are prohibited from using FTP
β / etc / ftpgroups
for the SITE GROUP command, and switch groups online. SITE EXEC is prone to security vulnerabilities, and we are generally not open.
Etc / etc / ftpconversions is
used to configure the configuration files of tar, compress, gzip and other action instructions. Just use the presets. If you do not enable instant compression and packaging, you can also clear the content.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 5
> FOR Set up FTP server with wu-ftpd : FULL BY UNDERCODE
fb.com/UndercodeTestingCompany
Can you see the above settings? "Oo" means unlimited bytes / sec, "-" or "1.0" means double. The first line means that the files under / e / ftp do not limit the download speed; the second line says that any files under / sw * are limited to 1024bytes / sec *
0.5 = 512bytes / sec; the third line The speed limit of the readme file is cancelled again; the last line is open to full speed for * .foo.com.
anonymous-root--Sets the anonymous user's root directory for a class
anonymous-root []
guest-root--Presets a guest user's root directory
guest-root []
where used to specify the uid range
deny-uid, deny-gid--reject a certain range of UID (GID) range
allow-uid, allow-gid--allow a certain range of UID (GID) range
restricted-uid, restricted-gid--restricted user cannot leave his login directory
unrestricted-uid, unrestricted-gid--user can leave his login directory
dns refuse_mismatch--set the action that
DNS finds that the name does not match the user setting dns refuse_mismatch <message File> [override]
When the user uses an unregistered IP, he refuses his connection. Override ignores the error and lets him connect. The information file is for the user.
dns refuse_no_reverse--Sets the connection to be rejected without anti-checking records.
dns refuse_no_reverse <information file> [override]
When the user's IP check is not checked, the connection is rejected.
dns resolveoptions--Set DNS resolution options
dns resolveoptions [options ]
DNS resolution options can be set here.
/ Etc / ftphosts The
ftphosts file is actually similar to the access in ftpaccess, which is very similar to deny. It is used to set up certain ID connections. It has no class definition, so it must be a real user .
allow | deny <user> <address> [<address>
Here are some examples:
allow rose 140.0.0 / 8
deny jack 140.123.0.0:255.255.0.0
allow rose to come in from 140. *. *. *, Deny jack to come up from 140.123. *. *
β / etc / ftpservers
this file control When you have different IP / hostname, which configuration file to use for incoming connections. For example:
10.196.145.10 /etc/ftpd/ftpaccess.somedomain/
10.196.145.200 /etc/ftpd/ftpaccess.someotherdomain/
some.domain internal
10.196.145.20 /etc/ftpd/config/faqs.org/
ftp.some.domain / etc / ftpd / config / faqs.org /
β / etc / ftpusers
The users recorded in this file are prohibited from using FTP
β / etc / ftpgroups
for the SITE GROUP command, and switch groups online. SITE EXEC is prone to security vulnerabilities, and we are generally not open.
Etc / etc / ftpconversions is
used to configure the configuration files of tar, compress, gzip and other action instructions. Just use the presets. If you do not enable instant compression and packaging, you can also clear the content.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
UndercOde Testing Company
UndercOde Testing Company. 94 likes Β· 6 talking about this. Local service
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
DON T CLONE UNDERCODE TUTORIALS WITHOUT PERMISSION
β πΏ
DON T CLONE UNDERCODE TUTORIALS WITHOUT PERMISSION
β πΏ
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Kernel IP Masquerading Has Security Vulnerability :
> T.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) There are serious security vulnerabilities in the IP masquerading implementation of the Linux system 2.2.x kernel. Lack of careful checking of the connection in the relevant core code. An attacker can rewrite the UDP masquerading entries in the kernel so that theKernel IP Masquerading Has Security Vulnerability
There are serious security vulnerabilities in the IP masquerading implementation of the Linux system 2.2.x kernel. Lack of careful checking of the connection in the relevant core code. An attacker can rewrite the UDP masquerading entries in the kernel so that the attacker's UDP packets can be routed to the internal machine.
2) When an internal IP wants to access the DNS server of the external network, when the UDP packet sent passes through the IP masquerading gateway, the kernel will add an entry to record the connection. For example, a UDP packet connected from internal host A's 1035 port to external host C's 53 port. The kernel replaces the source address of this packet with the IP of the masquerading gateway (B), and the source port is set to the one assigned on the gateway for this connection. Port, the default is from port 61000 to port 65096, so theoretically the core can handle 4096 TCP / UDP masquerading connections simultaneously.
Host A: 1035-> GW B: 63767-> Host C: 53
3) When an external network sends a UDP packet to the masquerading gateway, Linux IP masquerading only determines whether the UDP packet should be forwarded to the internal network based on the destination port. If the destination port has a corresponding entry in the
> will send more vulnerabilities & bugs on @UndercOdeTesting
established masquerade connection table, it will update the source IP and source port in this packet with the remote host IP and port of the corresponding entry. As long as the attacker determines the port of the masquerading gateway, he may use his own IP and port to rewrite the masquerading connection table. The range of ports used by masquerading gateways to service masquerading connections is usually from 61000 to 65096, so external attackers can easily determine which ports have been used to establish a connection. An attacker can send UDP detection packets to these ports spoofing the gateway, and then check the IP ID of the ICMP response packet of the port. Each host sends a packet, and the IP ID in its TCP / IP stack is incremented by one. Therefore, the ICMP response sent by the port used for ip masquerading will have the IP ID of the internal host.
4) This ID is usually much different from the current IP ID of the gateway host, usually more than 1000. The following example shows the process of using the vulnerability to attack:
Host A is the internal host (192.168.1.100) and
Host B is the masquerading gateway (192.168.1.1 / 10.0.0.1)
Host C is an external DNS server (10.0.0.25)
Host X is an external attacker's IP (10.10.187.13)
5) Before detection, execute the command on the masquerading gateway: ipchains -L -M -n to display the current masquerade connection table The situation:
> UDP 03: 39.21 192.168.1.100 10.0.0.25 1035 (63767)-> 53
is currently a connection sent from port 1035 of 192.168.1.100 to port 53 of 10.0.0.25, and the masquerade port is 63767
[from the attacker Results from tcpdump on the machine]
(To make it easier to see the problem, here we set the source port of all packets used for detection to 12345)
[Our detection will start from port 61000, we have omitted some of the previous results]
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63762 unreachable [tos 0xd8] (ttl 245, id 13135)
10.10.187.13.12345> 10.0.0.1.63763: udp 0 (DF) [tos 0x18] (tos 0x18) ( ttl 254, id 23069)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63763 unreachable [tos 0xd8] (ttl 245, id 13136)
10.10.187.13.12345> 10.0.0.1.63764: udp 0 (DF ) [tos 0x18] (ttl 254, id 23070)
π¦ Kernel IP Masquerading Has Security Vulnerability :
> T.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) There are serious security vulnerabilities in the IP masquerading implementation of the Linux system 2.2.x kernel. Lack of careful checking of the connection in the relevant core code. An attacker can rewrite the UDP masquerading entries in the kernel so that theKernel IP Masquerading Has Security Vulnerability
There are serious security vulnerabilities in the IP masquerading implementation of the Linux system 2.2.x kernel. Lack of careful checking of the connection in the relevant core code. An attacker can rewrite the UDP masquerading entries in the kernel so that the attacker's UDP packets can be routed to the internal machine.
2) When an internal IP wants to access the DNS server of the external network, when the UDP packet sent passes through the IP masquerading gateway, the kernel will add an entry to record the connection. For example, a UDP packet connected from internal host A's 1035 port to external host C's 53 port. The kernel replaces the source address of this packet with the IP of the masquerading gateway (B), and the source port is set to the one assigned on the gateway for this connection. Port, the default is from port 61000 to port 65096, so theoretically the core can handle 4096 TCP / UDP masquerading connections simultaneously.
Host A: 1035-> GW B: 63767-> Host C: 53
3) When an external network sends a UDP packet to the masquerading gateway, Linux IP masquerading only determines whether the UDP packet should be forwarded to the internal network based on the destination port. If the destination port has a corresponding entry in the
> will send more vulnerabilities & bugs on @UndercOdeTesting
established masquerade connection table, it will update the source IP and source port in this packet with the remote host IP and port of the corresponding entry. As long as the attacker determines the port of the masquerading gateway, he may use his own IP and port to rewrite the masquerading connection table. The range of ports used by masquerading gateways to service masquerading connections is usually from 61000 to 65096, so external attackers can easily determine which ports have been used to establish a connection. An attacker can send UDP detection packets to these ports spoofing the gateway, and then check the IP ID of the ICMP response packet of the port. Each host sends a packet, and the IP ID in its TCP / IP stack is incremented by one. Therefore, the ICMP response sent by the port used for ip masquerading will have the IP ID of the internal host.
4) This ID is usually much different from the current IP ID of the gateway host, usually more than 1000. The following example shows the process of using the vulnerability to attack:
Host A is the internal host (192.168.1.100) and
Host B is the masquerading gateway (192.168.1.1 / 10.0.0.1)
Host C is an external DNS server (10.0.0.25)
Host X is an external attacker's IP (10.10.187.13)
5) Before detection, execute the command on the masquerading gateway: ipchains -L -M -n to display the current masquerade connection table The situation:
> UDP 03: 39.21 192.168.1.100 10.0.0.25 1035 (63767)-> 53
is currently a connection sent from port 1035 of 192.168.1.100 to port 53 of 10.0.0.25, and the masquerade port is 63767
[from the attacker Results from tcpdump on the machine]
(To make it easier to see the problem, here we set the source port of all packets used for detection to 12345)
[Our detection will start from port 61000, we have omitted some of the previous results]
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63762 unreachable [tos 0xd8] (ttl 245, id 13135)
10.10.187.13.12345> 10.0.0.1.63763: udp 0 (DF) [tos 0x18] (tos 0x18) ( ttl 254, id 23069)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63763 unreachable [tos 0xd8] (ttl 245, id 13136)
10.10.187.13.12345> 10.0.0.1.63764: udp 0 (DF ) [tos 0x18] (ttl 254, id 23070)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63764 unreachable [tos 0xd8] (ttl 245, id 13137)
10.10.187.13.12345> 10.0.0.1.63765: udp 0 (DF) [tos 0x18] (tos 0x18) ( ttl 254, id 23071)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63765 unreachable [tos 0xd8] (ttl 245, id 13138)
10.10.187.13.12345> 10.0.0.1.63766: udp 0 (DF ) [tos 0x18] (ttl 254, id 23074)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63766 unreachable [tos 0xd8] (ttl 245, id 13139)
10.10.187.13.12345> 10.0.0.1. 63 767: 0 UDP (the DF) [TOS 0x18] (TTL 254, ID 23083)
10.0.0.1> 10.10.187.13: ICMP: 10.0.0.1 unreachable The UDP Port 63767 [TOS 0xD8] (TTL 244, ID 17205)
attacker's UDP packets can be routed to the internal machine.
6) When an internal IP wants to access the DNS server of the external network, when the UDP packet sent passes through the IP masquerading gateway, the kernel will add an entry to record the connection. For example, a UDP packet connected from internal host A's 1035 port to external host C's 53 port. The kernel replaces the source address of this packet with the IP of the masquerading gateway (B), and the source port is set to the one assigned on the gateway for this connection. Port, the default is from port 61000 to port 65096, so theoretically the core can handle 4096 TCP / UDP masquerading connections simultaneously.
Host A: 1035-> GW B: 63767-> Host C: 53
7) When an external network sends a UDP packet to the masquerading gateway, Linux IP masquerading only determines whether the UDP packet should be forwarded to the internal network based on the destination port. If the destination port has a corresponding entry in the established masquerade connection table, it will update the source IP and source port in this packet with the remote host IP and port of the corresponding entry. As long as the attacker determines the port of the masquerading gateway, he may use his own IP and port to rewrite the masquerading connection table. The range of ports used by masquerading gateways to service masquerading connections is usually from 61000 to 65096, so external attackers can easily determine which ports have been used to establish a connection. An attacker can send UDP detection packets to these ports spoofing the gateway, and then check the IP ID of the ICMP response packet of the port. Each host sends a packet, and the IP ID in its TCP / IP stack is incremented by one. Therefore, the ICMP response sent by the port used for ip masquerading will have the IP ID of the internal host.
This ID is usually much different from the current IP ID of the gateway host, usually more than 1000. The following example shows the process of using the vulnerability to attack:
Host A is the internal host (192.168.1.100) and
Host B is the masquerading gateway (192.168.1.1 / 10.0.0.1)
Host C is an external DNS server (10.0.0.25)
Host X is an external attacker's IP (10.10.187.13)
Before detection, execute the command on the masquerading gateway: ipchains -L -M -n to display the current masquerade connection table The situation:
> UDP 03: 39.21 192.168.1.100 10.0.0.25 1035 (63767)-> 53
is currently a connection sent from port 1035 of 192.168.1.100 to port 53 of 10.0.0.25, and the masquerade port is 63767
[from the attacker Results from tcpdump on the machine]
(To make it easier to see the problem, here we set the source port of all packets used for detection to 12345)
[Our detection will start from port 61000, we have omitted some of the previous results]
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63762 unreachable [tos 0xd8] (ttl 245, id 13135)
10.10.187.13.12345> 10.0.0.1.63763: udp 0 (DF) [tos 0x18] (tos 0x18) ( ttl 254, id 23069)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63763 unreachable [tos 0xd8] (ttl 245, id 13136)
10.10.187.13.12345> 10.0.0.1.63764: udp 0 (DF ) [tos 0x18] (ttl 254, id 23070)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63764 unreachable [tos 0xd8] (ttl 245, id 13137)
10.10.187.13.12345> 10.0.0.1.63765: udp 0 (DF) [tos 0x18] (tos 0x18) ( ttl 254, id 23071)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63765 unreachable [tos 0xd8] (ttl 245, id 13138)
10.10.187.13.12345> 10.0.0.1.63766: udp 0 (DF ) [tos 0x18] (ttl 254, id 23074)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63766 unreachable [tos 0xd8] (ttl 245, id 13139)
10.10.187.13.12345> 10.0.0.1. 63 767: 0 UDP (the DF) [TOS 0x18] (TTL 254, ID 23083)
10.0.0.1> 10.10.187.13: ICMP: 10.0.0.1 unreachable The UDP Port 63767 [TOS 0xD8] (TTL 244, ID 17205)
attacker's UDP packets can be routed to the internal machine.
6) When an internal IP wants to access the DNS server of the external network, when the UDP packet sent passes through the IP masquerading gateway, the kernel will add an entry to record the connection. For example, a UDP packet connected from internal host A's 1035 port to external host C's 53 port. The kernel replaces the source address of this packet with the IP of the masquerading gateway (B), and the source port is set to the one assigned on the gateway for this connection. Port, the default is from port 61000 to port 65096, so theoretically the core can handle 4096 TCP / UDP masquerading connections simultaneously.
Host A: 1035-> GW B: 63767-> Host C: 53
7) When an external network sends a UDP packet to the masquerading gateway, Linux IP masquerading only determines whether the UDP packet should be forwarded to the internal network based on the destination port. If the destination port has a corresponding entry in the established masquerade connection table, it will update the source IP and source port in this packet with the remote host IP and port of the corresponding entry. As long as the attacker determines the port of the masquerading gateway, he may use his own IP and port to rewrite the masquerading connection table. The range of ports used by masquerading gateways to service masquerading connections is usually from 61000 to 65096, so external attackers can easily determine which ports have been used to establish a connection. An attacker can send UDP detection packets to these ports spoofing the gateway, and then check the IP ID of the ICMP response packet of the port. Each host sends a packet, and the IP ID in its TCP / IP stack is incremented by one. Therefore, the ICMP response sent by the port used for ip masquerading will have the IP ID of the internal host.
This ID is usually much different from the current IP ID of the gateway host, usually more than 1000. The following example shows the process of using the vulnerability to attack:
Host A is the internal host (192.168.1.100) and
Host B is the masquerading gateway (192.168.1.1 / 10.0.0.1)
Host C is an external DNS server (10.0.0.25)
Host X is an external attacker's IP (10.10.187.13)
Before detection, execute the command on the masquerading gateway: ipchains -L -M -n to display the current masquerade connection table The situation:
> UDP 03: 39.21 192.168.1.100 10.0.0.25 1035 (63767)-> 53
is currently a connection sent from port 1035 of 192.168.1.100 to port 53 of 10.0.0.25, and the masquerade port is 63767
[from the attacker Results from tcpdump on the machine]
(To make it easier to see the problem, here we set the source port of all packets used for detection to 12345)
[Our detection will start from port 61000, we have omitted some of the previous results]
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63762 unreachable [tos 0xd8] (ttl 245, id 13135)
10.10.187.13.12345> 10.0.0.1.63763: udp 0 (DF) [tos 0x18] (tos 0x18) ( ttl 254, id 23069)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63763 unreachable [tos 0xd8] (ttl 245, id 13136)
10.10.187.13.12345> 10.0.0.1.63764: udp 0 (DF ) [tos 0x18] (ttl 254, id 23070)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63764 unreachable [tos 0xd8] (ttl 245, id 13137)
10.10.187.13.12345> 10.0.0.1.63765: udp 0 (DF) [tos 0x18] (tos 0x18) ( ttl 254, id 23071)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63765 unreachable [tos 0xd8] (ttl 245, id 13138)
10.10.187.13.12345> 10.0.0.1.63766: udp 0 (DF ) [tos 0x18] (ttl 254, id 23074)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63766 unreachable [tos 0xd8] (ttl 245, id 13139)
10.10.187.13.12345> 10.0.0.1. 63 767: 0 UDP (the DF) [TOS 0x18] (TTL 254, ID 23083)
10.0.0.1> 10.10.187.13: ICMP: 10.0.0.1 unreachable The UDP Port 63767 [TOS 0xD8] (TTL 244, ID 17205)
>
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63765 unreachable [tos 0xd8] (ttl 245, id 13138)
10.10.187.13.12345> 10.0.0.1.63766: udp 0 (DF ) [tos 0x18] (ttl 254, id 23074)
10.0.0.1> 10.10.187.13: icmp: 10.0.0.1 udp port 63766 unreachable [tos 0xd8] (ttl 245, id 13139)
10.10.187.13.12345> 10.0.0.1. 63 767: 0 UDP (the DF) [TOS 0x18] (TTL 254, ID 23083)
10.0.0.1> 10.10.187.13: ICMP: 10.0.0.1 unreachable The UDP Port 63767 [TOS 0xD8] (TTL 244, ID 17205)
>
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ BEST ANTIVIRUS applications For Windows FROM UNDERCODE REPORTS 2020:
> T.me/UndercOdeTesting
1) Windows Def
> only if windows activated by product key
2) Kaspery
> we ve heard a fake news about fbi and kaspery
but still best
> https://me.kaspersky.com
3)Malwarebyte
https://www.malwarebytes.com/
> for any details or doubt feel free to ask
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ BEST ANTIVIRUS applications For Windows FROM UNDERCODE REPORTS 2020:
> T.me/UndercOdeTesting
1) Windows Def
> only if windows activated by product key
2) Kaspery
> we ve heard a fake news about fbi and kaspery
but still best
> https://me.kaspersky.com
3)Malwarebyte
https://www.malwarebytes.com/
> for any details or doubt feel free to ask
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Bruteforce Ftp Servers updated 2019
t.me/UndercOdeTesting
1) git clone https://github.com/GitHackTools/FTPBruter
2) cd FTPBruter
3) docker build -t xshuden/ftpbruter
4) docker run --rm -it xshuden/ftpbruter
5) docker run --rm -it -v '$(pwd):/tmp/' xshuden/ftpbruter
π¦ Install Python 3 on Arch Linux and its distros: sudo pacman -S python3
> Install Python 3 on Debian and its distros: sudo apt install python3
> git clone https://github.com/GitHackTools/FTPBruter
> cd FTPBruter
> python3 ftpbruter.py
π¦For WINDOWS :
1) Download and run Python 3.7.x setup file from Python.org. On Install Python 3.7, enable Add Python 3.7 to PATH.
2) Download and run Git setup file from Git-scm.com and choose Use Git from Windows Command Propmt.
3)After that, open PowerShell or Command Propmt and enter these commands:
4) git clone https://github.com/GitHackTools/FTPBruter
5) cd FTPBruter
6) python3 ftpbruter.py
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Bruteforce Ftp Servers updated 2019
t.me/UndercOdeTesting
1) git clone https://github.com/GitHackTools/FTPBruter
2) cd FTPBruter
3) docker build -t xshuden/ftpbruter
4) docker run --rm -it xshuden/ftpbruter
5) docker run --rm -it -v '$(pwd):/tmp/' xshuden/ftpbruter
π¦ Install Python 3 on Arch Linux and its distros: sudo pacman -S python3
> Install Python 3 on Debian and its distros: sudo apt install python3
> git clone https://github.com/GitHackTools/FTPBruter
> cd FTPBruter
> python3 ftpbruter.py
π¦For WINDOWS :
1) Download and run Python 3.7.x setup file from Python.org. On Install Python 3.7, enable Add Python 3.7 to PATH.
2) Download and run Git setup file from Git-scm.com and choose Use Git from Windows Command Propmt.
3)After that, open PowerShell or Command Propmt and enter these commands:
4) git clone https://github.com/GitHackTools/FTPBruter
5) cd FTPBruter
6) python3 ftpbruter.py
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What is FTP ?
twitter.com/UndercOdeTC
> FTP is short for File Transfer Protocol.
> A protocol is a set of rules that networked computers use to talk to one another. And FTP is the language that computers on a TCP/IP network (such as the internet) use to transfer files to and from each other.
> Youβve probably encountered FTP out there on the net already. Ever downloaded a fresh nightly build of Firefox or grabbed MP3s from some kidβs personal server in Sweden?
Then you have probably used FTP without even knowing it.
> Todayβs web browsers allow you to download files via FTP from within the browser window. Itβs very convenient, and itβs great for those times you need to download a file or two, but the browser-download method does not offer much in the realm of flexibility.
> You canβt upload, force a particular transfer mode, or ask the server any questions. And donβt even get me started on the security issue. But if you are doing any sort of web development, you need all this functionality.
> The best way to pursue file transfers is with a bona fide FTP client. You use an FTP client to log into an FTP server, navigate the serverβs folder structure, and exchange files
π¦ Logging In
Connecting to an FTP server is very similar to connecting to just about any other server on the Web. When you log in to your Hotmail account or a secure shopping cart system (such as the one at Amazon.com), you have to provide a server address, a user name, and a password before you can exchange information with the server.
Letβs take a look at an example login set for an FTP server.
site:ftp.fakesite.org login:mcalore pass:h4x0r4lyfe port:21
powered by wiki
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What is FTP ?
twitter.com/UndercOdeTC
> FTP is short for File Transfer Protocol.
> A protocol is a set of rules that networked computers use to talk to one another. And FTP is the language that computers on a TCP/IP network (such as the internet) use to transfer files to and from each other.
> Youβve probably encountered FTP out there on the net already. Ever downloaded a fresh nightly build of Firefox or grabbed MP3s from some kidβs personal server in Sweden?
Then you have probably used FTP without even knowing it.
> Todayβs web browsers allow you to download files via FTP from within the browser window. Itβs very convenient, and itβs great for those times you need to download a file or two, but the browser-download method does not offer much in the realm of flexibility.
> You canβt upload, force a particular transfer mode, or ask the server any questions. And donβt even get me started on the security issue. But if you are doing any sort of web development, you need all this functionality.
> The best way to pursue file transfers is with a bona fide FTP client. You use an FTP client to log into an FTP server, navigate the serverβs folder structure, and exchange files
π¦ Logging In
Connecting to an FTP server is very similar to connecting to just about any other server on the Web. When you log in to your Hotmail account or a secure shopping cart system (such as the one at Amazon.com), you have to provide a server address, a user name, and a password before you can exchange information with the server.
Letβs take a look at an example login set for an FTP server.
site:ftp.fakesite.org login:mcalore pass:h4x0r4lyfe port:21
powered by wiki
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ how you can protect your information when using Open Wi-Fi:
> t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) When using a hotspot, log in or send personal information only to websites you know are fully encrypted. To be secure, your entire visit to each site should be encrypted β from the time you log in to the site until you log out. If you think youβre logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
2) Donβt stay permanently signed in to accounts. When youβve finished using an account, log out.
3) Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
4) Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date.
5) Consider changing the settings on your mobile device so it doesnβt automatically connect to nearby Wi-Fi. That way, you have more control over when and how your device uses public Wi-Fi.
6) If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can get a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees. Whatβs more, VPN options are available for mobile devices; they can encrypt information you send through mobile apps.
7) Some Wi-Fi networks use encryption: WEP and WPA are common, but they might not protect you against all hacking programs. WPA2 is the strongest.
8) Installing browser add-ons or plug-ins can help. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren't encrypted. They donβt protect you on all websites β look for https in the URL to know a site is secure.
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ how you can protect your information when using Open Wi-Fi:
> t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) When using a hotspot, log in or send personal information only to websites you know are fully encrypted. To be secure, your entire visit to each site should be encrypted β from the time you log in to the site until you log out. If you think youβre logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
2) Donβt stay permanently signed in to accounts. When youβve finished using an account, log out.
3) Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
4) Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date.
5) Consider changing the settings on your mobile device so it doesnβt automatically connect to nearby Wi-Fi. That way, you have more control over when and how your device uses public Wi-Fi.
6) If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can get a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees. Whatβs more, VPN options are available for mobile devices; they can encrypt information you send through mobile apps.
7) Some Wi-Fi networks use encryption: WEP and WPA are common, but they might not protect you against all hacking programs. WPA2 is the strongest.
8) Installing browser add-ons or plug-ins can help. For example, Force-TLS and HTTPS-Everywhere are free Firefox add-ons that force the browser to use encryption on popular websites that usually aren't encrypted. They donβt protect you on all websites β look for https in the URL to know a site is secure.
@UndercOdeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Reprint a regular expressions i n Php tutorial :
t.me/UndercOdeTesting
> Part 1
π¦ ππΌππ πππΈβπ :
1) PHP inherits the tradition of * NIX and fully supports the processing of regular expressions. Regular expressions provide an advanced, but not intuitive, method of string matching and processing. Friends who have used the regular expressions of PERL know that regular expressions are very powerful, but they are not easy to learn.
For example:
^. + @. + \\ .. + $
2) This valid but difficult to understand code is enough to cause some programmers a headache (I am) or to let them give up on using regular expressions. I believe that after you read this tutorial, you can understand the meaning of this code.
3) Basic pattern matching
Everything starts from the most basic. Patterns are the most basic elements of regular expressions. They are a set of characters that describe the characteristics of a string. Patterns can be simple, composed of ordinary strings, or very complex, often using special characters to represent a range of characters, repeated occurrences, or context. For example:
^ once
4) This pattern contains a special character ^, which means that the pattern matches only those strings that begin with once. For example, the pattern matches the string "once upon a time" and does not match "There once was a man from NewYork". Just like the ^ sign indicates the beginning, the $ sign is used to match strings that end with a given pattern.
The bucket $
5) pattern matches "Who kept all of this cash in a bucket" and not "buckets". When the characters ^ and $ are used at the same time, it means an exact match (the string is the same as the pattern). For example:
^ bucket $
6) Matches only the string "bucket". If a pattern does not include ^ and $, it matches any string that contains the pattern. For example: the pattern
once
matches the string
7) There once was a man from NewYork
Who kept all of his cash in a bucket
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Reprint a regular expressions i n Php tutorial :
t.me/UndercOdeTesting
> Part 1
π¦ ππΌππ πππΈβπ :
1) PHP inherits the tradition of * NIX and fully supports the processing of regular expressions. Regular expressions provide an advanced, but not intuitive, method of string matching and processing. Friends who have used the regular expressions of PERL know that regular expressions are very powerful, but they are not easy to learn.
For example:
^. + @. + \\ .. + $
2) This valid but difficult to understand code is enough to cause some programmers a headache (I am) or to let them give up on using regular expressions. I believe that after you read this tutorial, you can understand the meaning of this code.
3) Basic pattern matching
Everything starts from the most basic. Patterns are the most basic elements of regular expressions. They are a set of characters that describe the characteristics of a string. Patterns can be simple, composed of ordinary strings, or very complex, often using special characters to represent a range of characters, repeated occurrences, or context. For example:
^ once
4) This pattern contains a special character ^, which means that the pattern matches only those strings that begin with once. For example, the pattern matches the string "once upon a time" and does not match "There once was a man from NewYork". Just like the ^ sign indicates the beginning, the $ sign is used to match strings that end with a given pattern.
The bucket $
5) pattern matches "Who kept all of this cash in a bucket" and not "buckets". When the characters ^ and $ are used at the same time, it means an exact match (the string is the same as the pattern). For example:
^ bucket $
6) Matches only the string "bucket". If a pattern does not include ^ and $, it matches any string that contains the pattern. For example: the pattern
once
matches the string
7) There once was a man from NewYork
Who kept all of his cash in a bucket
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Reprint a regular expressions i n Php tutorial :
t.me/UndercOdeTesting
> Part 2:
1) The letters in this mode are literal characters, that is, they represent the letter itself, and the numbers are the same.
2) Other slightly more complex characters, such as punctuation and white characters (spaces, tabs, etc.) require escape sequences. All escape sequences begin with a backslash (\). The escape sequence for tab characters is: \ t. So if we want to check if a string starts with a tab character, we can use this pattern:
^ \ t
3) Similarly, use \ n for "new line" and \ r for carriage return. Other special symbols can be preceded by a backslash. For example, the backslash itself is represented by \\, the period. Is represented by \., And so on.
Character Clusters
4) In Internet programs, regular expressions are often used to validate user input. After the user submits a FORM, to determine whether the entered phone number, address, email address, credit card number, etc. are valid, ordinary literal-based characters are not enough.
5) So a more free way to describe the pattern we want is character clusters. To create a cluster of characters that represent all vowel characters, put all vowel characters in square brackets:
[AaEeIiOoUu]
6) This pattern matches any vowel character, but can only represent one character. A hyphen can represent a range of characters, such as:
[az] // Match all lowercase letters
[AZ] // Match all uppercase letters
[a-zA-Z] // Match all letters
[0-9] // Match all numbers
[0-9 \. \-] // Match all numbers, periods and minus signs
[\ f \ r \ t \ n] // match all the white characters
7) Similarly, these only represent a character, this is a very important. To match a string consisting of a lowercase letter and a number, such as "z2", "t6" or "g7", but not "ab2", "r2d3" or "b52", use this pattern:
^ [az] [0-9] $
8) Although [az] represents a range of 26 letters, here it can only match a string whose first character is a lowercase letter.
As mentioned earlier, ^ means the beginning of a string, but it has another meaning. When using ^ in a set of square brackets, it means "not" or "exclude", and is often used to remove a character. Using the previous example, we require that the first character cannot be a number:
^ [^ 0-9] [0-9] $
9) This pattern matches "& 5", "g7", and "-2", but with "12" and "66" do not match. Here are a few examples of excluding specific characters:
[^ az] // All characters except lowercase letters
[^ \\\ / \ ^] // All characters except (\) (/) (^)
[ ^ \ '\'] // except double quotes ( ") and single quotes ( ') all the characters other than
special character". "(dot, full stop) in regular expressions used to indicate addition to the" new line " All characters. So the pattern "^ .5 $" Matches any two-character string that ends with the number 5 and begins with other non- "newline" characters. The pattern "." Can match any string, except for empty strings and strings that include only a "new line".
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Reprint a regular expressions i n Php tutorial :
t.me/UndercOdeTesting
> Part 2:
1) The letters in this mode are literal characters, that is, they represent the letter itself, and the numbers are the same.
2) Other slightly more complex characters, such as punctuation and white characters (spaces, tabs, etc.) require escape sequences. All escape sequences begin with a backslash (\). The escape sequence for tab characters is: \ t. So if we want to check if a string starts with a tab character, we can use this pattern:
^ \ t
3) Similarly, use \ n for "new line" and \ r for carriage return. Other special symbols can be preceded by a backslash. For example, the backslash itself is represented by \\, the period. Is represented by \., And so on.
Character Clusters
4) In Internet programs, regular expressions are often used to validate user input. After the user submits a FORM, to determine whether the entered phone number, address, email address, credit card number, etc. are valid, ordinary literal-based characters are not enough.
5) So a more free way to describe the pattern we want is character clusters. To create a cluster of characters that represent all vowel characters, put all vowel characters in square brackets:
[AaEeIiOoUu]
6) This pattern matches any vowel character, but can only represent one character. A hyphen can represent a range of characters, such as:
[az] // Match all lowercase letters
[AZ] // Match all uppercase letters
[a-zA-Z] // Match all letters
[0-9] // Match all numbers
[0-9 \. \-] // Match all numbers, periods and minus signs
[\ f \ r \ t \ n] // match all the white characters
7) Similarly, these only represent a character, this is a very important. To match a string consisting of a lowercase letter and a number, such as "z2", "t6" or "g7", but not "ab2", "r2d3" or "b52", use this pattern:
^ [az] [0-9] $
8) Although [az] represents a range of 26 letters, here it can only match a string whose first character is a lowercase letter.
As mentioned earlier, ^ means the beginning of a string, but it has another meaning. When using ^ in a set of square brackets, it means "not" or "exclude", and is often used to remove a character. Using the previous example, we require that the first character cannot be a number:
^ [^ 0-9] [0-9] $
9) This pattern matches "& 5", "g7", and "-2", but with "12" and "66" do not match. Here are a few examples of excluding specific characters:
[^ az] // All characters except lowercase letters
[^ \\\ / \ ^] // All characters except (\) (/) (^)
[ ^ \ '\'] // except double quotes ( ") and single quotes ( ') all the characters other than
special character". "(dot, full stop) in regular expressions used to indicate addition to the" new line " All characters. So the pattern "^ .5 $" Matches any two-character string that ends with the number 5 and begins with other non- "newline" characters. The pattern "." Can match any string, except for empty strings and strings that include only a "new line".
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Reprint a regular expressions i n Php tutorial :
t.me/UndercOdeTesting
> Part 3:
1) PHP regular expressions have some built-in common character clusters, the list is as follows:
character cluster meaning
[[: alpha:]] any letter
[[: digit:]] any number
[[: alnum:]] any letter and number
[[: space:]] any white character
[[: upper:]] any capital letter
[ [: lower:]] Any lowercase letter
[[: punct:]] Any punctuation
[[: xdigit:]] Any hexadecimal number, equivalent to [0-9a-fA-F]
2) until now, you already know how to match a letter or number, but more In some cases, you might want to match a word or a group of numbers. A word consists of several letters, and a group of numbers consists of several singular numbers. The curly braces ({}) that follow the character or cluster of characters are used to determine the number of times the previous content repeats.
3) Meaning of character clusters
^ [a-zA-Z _] $ All letters and underscores
^ [[: alpha:]] {3} $ All 3-letter words
^ a $ letter a
^ a {4} $ aaaa
^ a {2,4} $ aa, aaa or aaaa
^ a {1,3} $ a, aa or aaa
^ a {2,} $ A string containing more than two a
^ a {2,} For example: aardvark and aaab, but apple does not work
a {2,} such as: baad and aaa, but Nantucket does not
\ T {2} two tabs
. {2} of the two characters in all
4) of these examples describe @UndercOdeTesting join us, the three different braces usage. A number, {x} means "the previous character or character cluster appears only x times"; a number plus a comma, {x,} means "the previous content appears x or more times"; two use A comma-separated number, {x, y} means "the previous content appears at least x times, but no more than y times". We can expand the pattern to more words or numbers:
^ [a-zA-Z0-9 _] {1,} $ // all strings containing more than one letter, number or underscore
^ [0-9] { 1,} $ // All positive numbers
^ \-{0,1} [0-9] {1,} $ // All integers
^ \-{0,1} [0-9] {0,} \ {0,1} [0-9] {0,} $ // all decimal
π¦ the last example is not well understood, is not it? Think of it this way: with all starting with an optional minus sign (\-{0,1}) (^), followed by 0 or more digits ([0-9] {0,}), and an optional The chosen decimal point (\. {0,1}) is followed by 0 or more digits ([0-9] {0,}), and nothing else ($). Below you will know the simpler methods that can be used.
> The special characters "?" Are equivalent to {0,1}, and they all represent: "0 or 1 preceding content" or "The preceding content is optional". So the previous example can be simplified to:
^ \-? [0-9] {0,} \.? [0-9] {0,} $ The
> special characters "*" are equal to {0,}, they are both Represents "0 or more of the preceding content." Finally, the characters "+" and {1,} are equal, meaning "1 or more of the previous content", so the above 4 examples can be written as:
^ [a-zA-Z0-9 _] + $ // All strings containing more than one letter, number or underscore
^ [0-9] + $ // all positive numbers
^ \ -? [0-9] + $ // all integers
^ \ -?.? [0-9] * \ [0-9] * $ // all fractional
Of course, this does not fundamentally reduce the formal technical
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Reprint a regular expressions i n Php tutorial :
t.me/UndercOdeTesting
> Part 3:
1) PHP regular expressions have some built-in common character clusters, the list is as follows:
character cluster meaning
[[: alpha:]] any letter
[[: digit:]] any number
[[: alnum:]] any letter and number
[[: space:]] any white character
[[: upper:]] any capital letter
[ [: lower:]] Any lowercase letter
[[: punct:]] Any punctuation
[[: xdigit:]] Any hexadecimal number, equivalent to [0-9a-fA-F]
2) until now, you already know how to match a letter or number, but more In some cases, you might want to match a word or a group of numbers. A word consists of several letters, and a group of numbers consists of several singular numbers. The curly braces ({}) that follow the character or cluster of characters are used to determine the number of times the previous content repeats.
3) Meaning of character clusters
^ [a-zA-Z _] $ All letters and underscores
^ [[: alpha:]] {3} $ All 3-letter words
^ a $ letter a
^ a {4} $ aaaa
^ a {2,4} $ aa, aaa or aaaa
^ a {1,3} $ a, aa or aaa
^ a {2,} $ A string containing more than two a
^ a {2,} For example: aardvark and aaab, but apple does not work
a {2,} such as: baad and aaa, but Nantucket does not
\ T {2} two tabs
. {2} of the two characters in all
4) of these examples describe @UndercOdeTesting join us, the three different braces usage. A number, {x} means "the previous character or character cluster appears only x times"; a number plus a comma, {x,} means "the previous content appears x or more times"; two use A comma-separated number, {x, y} means "the previous content appears at least x times, but no more than y times". We can expand the pattern to more words or numbers:
^ [a-zA-Z0-9 _] {1,} $ // all strings containing more than one letter, number or underscore
^ [0-9] { 1,} $ // All positive numbers
^ \-{0,1} [0-9] {1,} $ // All integers
^ \-{0,1} [0-9] {0,} \ {0,1} [0-9] {0,} $ // all decimal
π¦ the last example is not well understood, is not it? Think of it this way: with all starting with an optional minus sign (\-{0,1}) (^), followed by 0 or more digits ([0-9] {0,}), and an optional The chosen decimal point (\. {0,1}) is followed by 0 or more digits ([0-9] {0,}), and nothing else ($). Below you will know the simpler methods that can be used.
> The special characters "?" Are equivalent to {0,1}, and they all represent: "0 or 1 preceding content" or "The preceding content is optional". So the previous example can be simplified to:
^ \-? [0-9] {0,} \.? [0-9] {0,} $ The
> special characters "*" are equal to {0,}, they are both Represents "0 or more of the preceding content." Finally, the characters "+" and {1,} are equal, meaning "1 or more of the previous content", so the above 4 examples can be written as:
^ [a-zA-Z0-9 _] + $ // All strings containing more than one letter, number or underscore
^ [0-9] + $ // all positive numbers
^ \ -? [0-9] + $ // all integers
^ \ -?.? [0-9] * \ [0-9] * $ // all fractional
Of course, this does not fundamentally reduce the formal technical
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Repost a mobile development post (from the developer club) Code by UndercOde
> PART 1
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) At present, the application of mobile phone short messages is becoming more and more widespread. There are more and more sites, but the services of some sites are not satisfactory, and often send short messages to the sea. The most reliable way to send is of course the mobile phone in your hand. If you set a status report, you can know more accurately whether the other party has received this message.
2) Although mobile phone sending is more reliable, there are also problems of troublesome input and low efficiency. This article introduces a method. As long as the mobile phone can be connected to the computer (through an infrared port or a serial port with a mobile phone data cable, and the mobile phone supports the GSM AT instruction set), the software can be sent by self-programmed short message sending software to achieve send.
3) Most mobile phones on the market now support a GSM AT instruction set similar to Modem control. This instruction set was jointly developed by manufacturers such as Nokia, Ericsson, Motorola, and HP for the GSM system, which includes SMS (Short Message Service) control.
Introduction of the GSM AT commands related to
the GSM AT commands related to SMS As shown in Table 1:
π¦ Table 1 relating to the GSM AT commands
SMS control There are three ways to realize:
Block Mode;
the Text Mode AT command based;
AT command based PDU Mode.
> Text Mode is relatively simple, and many Nokia phones support this mode. Most of Siemens' mobile phones only support the PDU mode. The PDU mode is a method for sending or receiving SMS messages from mobile phones. The text of the short message is transmitted after hex encoding. Currently, PDU has replaced Block Mode, so this article mainly discusses the sending of PDU mode.
Computer and mobile communication
2) This article uses Siemens S3568i old = easy example as an example to introduce how to realize the sending of short messages.
π¦ ππΌππ πππΈβπ :
1) Data lines connected to connected by S35 / 25 data lines mobile phone and computer serial ports. Then, open the HyperTerminal and select the direct serial port connection. The port parameters are set to 19200 rate, no parity, data bit 8, stop bit 1.
Infrared connection
2) computer if used with an infrared port, you can set the phone's wireless connection. First make sure that the computer's infrared port is turned on, and turn on the infrared and fax / data functions of the mobile phone. To connect the infrared port, an infrared device Siemens S35 should appear on the computer system tray (if no infrared monitor is installed, it will not be displayed). Then, open HyperTerminal and
3) select the serial port on IrDa.
Connection Test
4) Click HyperTerminal call button on the toolbar, type AT and press Enter, OK appears on the screen if you're connected computer and cell phone, then you can enter the various types of GSM AT commands.
For example: query the mobile phone manufacturer, enter AT οΌ CGMI = <CR>, the screen displays Siemens.
5) Under normal circumstances, execute the test command AT οΌ CMGS =? <CR>. If it returns OK, the mobile phone supports this command. The complete syntax format of this instruction is as follows:
If PDU mode (+ CMGF = 0) + CMGS = <length> <CR> PDU is given <ctrl-Z / ESC>
6) if the short message format instruction AT + CMGF returns 0, the SMS format is PDU Mode, and then execute the AT + CMGS = <data length> command, the phone returns to the ">" symbol and waits for input. Enter the PDU data and end with ^ Z or Esc.
If the message is sent successfully, it returns OK, and the message number is displayed:
+ CMGS: <mr>
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Repost a mobile development post (from the developer club) Code by UndercOde
> PART 1
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) At present, the application of mobile phone short messages is becoming more and more widespread. There are more and more sites, but the services of some sites are not satisfactory, and often send short messages to the sea. The most reliable way to send is of course the mobile phone in your hand. If you set a status report, you can know more accurately whether the other party has received this message.
2) Although mobile phone sending is more reliable, there are also problems of troublesome input and low efficiency. This article introduces a method. As long as the mobile phone can be connected to the computer (through an infrared port or a serial port with a mobile phone data cable, and the mobile phone supports the GSM AT instruction set), the software can be sent by self-programmed short message sending software to achieve send.
3) Most mobile phones on the market now support a GSM AT instruction set similar to Modem control. This instruction set was jointly developed by manufacturers such as Nokia, Ericsson, Motorola, and HP for the GSM system, which includes SMS (Short Message Service) control.
Introduction of the GSM AT commands related to
the GSM AT commands related to SMS As shown in Table 1:
π¦ Table 1 relating to the GSM AT commands
SMS control There are three ways to realize:
Block Mode;
the Text Mode AT command based;
AT command based PDU Mode.
> Text Mode is relatively simple, and many Nokia phones support this mode. Most of Siemens' mobile phones only support the PDU mode. The PDU mode is a method for sending or receiving SMS messages from mobile phones. The text of the short message is transmitted after hex encoding. Currently, PDU has replaced Block Mode, so this article mainly discusses the sending of PDU mode.
Computer and mobile communication
2) This article uses Siemens S3568i old = easy example as an example to introduce how to realize the sending of short messages.
π¦ ππΌππ πππΈβπ :
1) Data lines connected to connected by S35 / 25 data lines mobile phone and computer serial ports. Then, open the HyperTerminal and select the direct serial port connection. The port parameters are set to 19200 rate, no parity, data bit 8, stop bit 1.
Infrared connection
2) computer if used with an infrared port, you can set the phone's wireless connection. First make sure that the computer's infrared port is turned on, and turn on the infrared and fax / data functions of the mobile phone. To connect the infrared port, an infrared device Siemens S35 should appear on the computer system tray (if no infrared monitor is installed, it will not be displayed). Then, open HyperTerminal and
3) select the serial port on IrDa.
Connection Test
4) Click HyperTerminal call button on the toolbar, type AT and press Enter, OK appears on the screen if you're connected computer and cell phone, then you can enter the various types of GSM AT commands.
For example: query the mobile phone manufacturer, enter AT οΌ CGMI = <CR>, the screen displays Siemens.
5) Under normal circumstances, execute the test command AT οΌ CMGS =? <CR>. If it returns OK, the mobile phone supports this command. The complete syntax format of this instruction is as follows:
If PDU mode (+ CMGF = 0) + CMGS = <length> <CR> PDU is given <ctrl-Z / ESC>
6) if the short message format instruction AT + CMGF returns 0, the SMS format is PDU Mode, and then execute the AT + CMGS = <data length> command, the phone returns to the ">" symbol and waits for input. Enter the PDU data and end with ^ Z or Esc.
If the message is sent successfully, it returns OK, and the message number is displayed:
+ CMGS: <mr>
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Repost a mobile development post (from the developer club) Code by UndercOde
> PART 2
instagram.com/UndercOdeTestingCompany
1) If the message fails to send, the following message is returned:
Data analysis PDU format
below to go through the analysis of information stored in the phone, and to introduce SMS PDU data format. First, write a short message with your mobile phone, and send the mobile phone number 13605690631, and the content of the message is "Hello World!". This information can be read out by executing AT + CMGL = 2.
The operation process is as follows (italic characters are response messages, {} are comments):
AT
OK
AT οΌ CMGL = 2 {read
unsent short messages} + CMGL: 1,2,, 24 {1 indicates the number of messages, 2 indicates no messages, 24 indicates the total capacity of the message}
08 91 683108501505F0 11 00 0B 81 3106656930F1 0000A7 0B E8329BFD06DDDF723619
OKγ
2) This information is analyzed below:
08: short message center address length.
91: short message center number type, 91 is TON / NPI. TON / NPI complies with the International / E.164 standard, which means a '+' sign must be added before the number; other values ββare also possible, but 91 is the most commonly used.
683108501505F0: The short message number is the address of the service center used. Due to slight processing on the location, the actual number should be: 8613805515500 (the letter F means the length minus
> which is the number of the GSM short message center where the author is located.
11: file header byte (header byte, is a bitmask). Here 11 refers to sending short messages normally.
00: Information type.
0B: called number length.
81: called number type.
3106656930F1: The called number has also been shifted. The actual number is 13605696031.
0000A7: GSM Default Alphabet, or 000010 for Chinese.
0B: short message length.
E8329BFD06DDDF723619: The content of the short message "Hello World!"
> Coding and programming SMS implementation
Here we introduce the method to encode information in plain English and Chinese are pure. Through testing, we found that the front part of each short message sent was the same, except that the called number and the content of the short message changed.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Repost a mobile development post (from the developer club) Code by UndercOde
> PART 2
instagram.com/UndercOdeTestingCompany
1) If the message fails to send, the following message is returned:
Data analysis PDU format
below to go through the analysis of information stored in the phone, and to introduce SMS PDU data format. First, write a short message with your mobile phone, and send the mobile phone number 13605690631, and the content of the message is "Hello World!". This information can be read out by executing AT + CMGL = 2.
The operation process is as follows (italic characters are response messages, {} are comments):
AT
OK
AT οΌ CMGL = 2 {read
unsent short messages} + CMGL: 1,2,, 24 {1 indicates the number of messages, 2 indicates no messages, 24 indicates the total capacity of the message}
08 91 683108501505F0 11 00 0B 81 3106656930F1 0000A7 0B E8329BFD06DDDF723619
OKγ
2) This information is analyzed below:
08: short message center address length.
91: short message center number type, 91 is TON / NPI. TON / NPI complies with the International / E.164 standard, which means a '+' sign must be added before the number; other values ββare also possible, but 91 is the most commonly used.
683108501505F0: The short message number is the address of the service center used. Due to slight processing on the location, the actual number should be: 8613805515500 (the letter F means the length minus
> which is the number of the GSM short message center where the author is located.
11: file header byte (header byte, is a bitmask). Here 11 refers to sending short messages normally.
00: Information type.
0B: called number length.
81: called number type.
3106656930F1: The called number has also been shifted. The actual number is 13605696031.
0000A7: GSM Default Alphabet, or 000010 for Chinese.
0B: short message length.
E8329BFD06DDDF723619: The content of the short message "Hello World!"
> Coding and programming SMS implementation
Here we introduce the method to encode information in plain English and Chinese are pure. Through testing, we found that the front part of each short message sent was the same, except that the called number and the content of the short message changed.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Repost a mobile development post (from the developer club) Code by UndercOde
> PART 3
instagram.com/UndercOdeTestingCompany
1) English coding
Table 2, set short message content is "Hello World!". The default GSM character set is a 7-bit encoding, which can be simply understood as ASCII (the ASCII value is less than 80Hex, so Bit8 is ignored), and the last few digits of the next 7-bit encoding are moved to the front one by one to form a new one. 8-bit code, see Table 2 for arrow indication. It should be noted that in the ninth line, the shift count has reached 7 bits, then directly add 0 before this encoding. GSM does not support all ASCII character displays.
> Table 2 English coding implementation
Here is the English coding portion codes Delphi 5:
// English format encoding, s is a String
function Encode1 (var S: String): String;
var
I, J, len: Integer;
CUR: Integer ;
t: String;
begin
Result: = '';
len: = Length (s);
// j is used to shift the count
i: = 1; j: = 0;
while i <= len do
begin
if i <len then
// data transformation
cur: = (ord (s [i]) shr j) or ( (ord (s [i + 1]) shl (7-j)) and οΌ ff)
else
cur: = (ord (s [i]) shr j) and οΌ 7f;
FmtStr (t, '% 2.2X', [cur ]);
Result: = Result οΌ t;
inc (i);
// Special processing for shift count up to 7 bits
j: = (j + 1) mod 7; if j = 0 then inc (i);
end;
end;
2> Chinese coding
see Table 3, set short message content is "Chinese short message." The realization of Chinese short message is relatively simple, just need to convert the Chinese encoding of ?????? into the Unicode encoding of code page CP936.
Table 3 Chinese encoding process implemented
by the Delphi WideString type conversion, cleverly realized ?????? Unicode code conversion (Note that the code page and associated operating system) to. Here are some Delphi 5 codes that implement Chinese encoding:
// Chinese format encoding, s is Unicode String
function Encode2 (var s: WideString): String;
var
i, len: Integer;
cur: Integer;
t: String;
begin
Result: = '';
len: = Length (s);
i: = 1;
while i <= len do
begin
cur: = ord (s [i] );
// convert the BCD
FmtStr (T, '% 4.4x', [CUR]);
the Result: the Result = T +;
inc is (I);
End;
End;
Summary
above described encoding PDU format short message. It is recommended that the length of the English message does not exceed 140 characters, and the Chinese message does not exceed 54 Chinese characters. If you use a mobile phone that supports text mode for sending, it is easier to implement. To send "Hello World!", Use the following AT command:
AT οΌ CGMF = 1 <CR> AT οΌ CGMS = "136056960
ENJOY BY UNDERCODE
<TUTORIAL BY AND FOR EXPERT HACKERS >
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Repost a mobile development post (from the developer club) Code by UndercOde
> PART 3
instagram.com/UndercOdeTestingCompany
1) English coding
Table 2, set short message content is "Hello World!". The default GSM character set is a 7-bit encoding, which can be simply understood as ASCII (the ASCII value is less than 80Hex, so Bit8 is ignored), and the last few digits of the next 7-bit encoding are moved to the front one by one to form a new one. 8-bit code, see Table 2 for arrow indication. It should be noted that in the ninth line, the shift count has reached 7 bits, then directly add 0 before this encoding. GSM does not support all ASCII character displays.
> Table 2 English coding implementation
Here is the English coding portion codes Delphi 5:
// English format encoding, s is a String
function Encode1 (var S: String): String;
var
I, J, len: Integer;
CUR: Integer ;
t: String;
begin
Result: = '';
len: = Length (s);
// j is used to shift the count
i: = 1; j: = 0;
while i <= len do
begin
if i <len then
// data transformation
cur: = (ord (s [i]) shr j) or ( (ord (s [i + 1]) shl (7-j)) and οΌ ff)
else
cur: = (ord (s [i]) shr j) and οΌ 7f;
FmtStr (t, '% 2.2X', [cur ]);
Result: = Result οΌ t;
inc (i);
// Special processing for shift count up to 7 bits
j: = (j + 1) mod 7; if j = 0 then inc (i);
end;
end;
2> Chinese coding
see Table 3, set short message content is "Chinese short message." The realization of Chinese short message is relatively simple, just need to convert the Chinese encoding of ?????? into the Unicode encoding of code page CP936.
Table 3 Chinese encoding process implemented
by the Delphi WideString type conversion, cleverly realized ?????? Unicode code conversion (Note that the code page and associated operating system) to. Here are some Delphi 5 codes that implement Chinese encoding:
// Chinese format encoding, s is Unicode String
function Encode2 (var s: WideString): String;
var
i, len: Integer;
cur: Integer;
t: String;
begin
Result: = '';
len: = Length (s);
i: = 1;
while i <= len do
begin
cur: = ord (s [i] );
// convert the BCD
FmtStr (T, '% 4.4x', [CUR]);
the Result: the Result = T +;
inc is (I);
End;
End;
Summary
above described encoding PDU format short message. It is recommended that the length of the English message does not exceed 140 characters, and the Chinese message does not exceed 54 Chinese characters. If you use a mobile phone that supports text mode for sending, it is easier to implement. To send "Hello World!", Use the following AT command:
AT οΌ CGMF = 1 <CR> AT οΌ CGMS = "136056960
ENJOY BY UNDERCODE
<TUTORIAL BY AND FOR EXPERT HACKERS >
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Set up a complete DHCP strategy Full @UndercOdeOfficial
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) The benefits of DHCP, I have spent a lot of time in the "DHCP Protocol" of "Network Basics", you should know, so I won't go into details here. Don't think that I
> set up DHCP
so complicated in "Network Basics", but setting up DHCP under Linux is not complicated at all. All you have to do is one file: /etc/dhcpd.conf.
2) Below, I use my own settings file to explain how to modify this file.
Default-lease-time 259200;
max-lease-time 777600;
option domain-name "" siyongc "";
3) I put these lines at the beginning of the file Part. In the first and second lines, I define the default period and maximum period of the lease. The value is calculated in seconds, that is, 'three days' and 'nine days'.
Then I specified the domain name used by the network.
Next is οΉ
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.21 192.168.0.30;
range 192.168.0.121 192.168.0.230;
option broadcast-address 192.168.0.255;
option routers 192.168.0.17;
option domain-name-servers 192.168 .0.17, 203.56.8.1;
}
subnet 203.30.35.128 netmask 255.255.255.224 {
range 203.30.35.140 203.30.35.157;
option broadcast-address 203.30.35.159;
option routers 203.30.35.134
option domain-name-servers 203.30.35.134 203.56.8.1;
}
4) Here, I have two The block NIC provides DHCP services to both networks. Under the first network (192.168.0.0), I specified two scopes, which are the IP ranges used to allocate DHCP: 192.168.0.21 to 192.168.0.30 and 192.168.0.121 to 192.168.0.230. I also specified 'broadcast address', 'router address', and 'DNS address'.
Because the second network uses a 27-bit netmask, the Net ID is οΉ 203.30.35.128 and the broadcast address is οΉ 203.30.35.159.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Set up a complete DHCP strategy Full @UndercOdeOfficial
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) The benefits of DHCP, I have spent a lot of time in the "DHCP Protocol" of "Network Basics", you should know, so I won't go into details here. Don't think that I
> set up DHCP
so complicated in "Network Basics", but setting up DHCP under Linux is not complicated at all. All you have to do is one file: /etc/dhcpd.conf.
2) Below, I use my own settings file to explain how to modify this file.
Default-lease-time 259200;
max-lease-time 777600;
option domain-name "" siyongc "";
3) I put these lines at the beginning of the file Part. In the first and second lines, I define the default period and maximum period of the lease. The value is calculated in seconds, that is, 'three days' and 'nine days'.
Then I specified the domain name used by the network.
Next is οΉ
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.21 192.168.0.30;
range 192.168.0.121 192.168.0.230;
option broadcast-address 192.168.0.255;
option routers 192.168.0.17;
option domain-name-servers 192.168 .0.17, 203.56.8.1;
}
subnet 203.30.35.128 netmask 255.255.255.224 {
range 203.30.35.140 203.30.35.157;
option broadcast-address 203.30.35.159;
option routers 203.30.35.134
option domain-name-servers 203.30.35.134 203.56.8.1;
}
4) Here, I have two The block NIC provides DHCP services to both networks. Under the first network (192.168.0.0), I specified two scopes, which are the IP ranges used to allocate DHCP: 192.168.0.21 to 192.168.0.30 and 192.168.0.121 to 192.168.0.230. I also specified 'broadcast address', 'router address', and 'DNS address'.
Because the second network uses a 27-bit netmask, the Net ID is οΉ 203.30.35.128 and the broadcast address is οΉ 203.30.35.159.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Set up a complete DHCP strategy Full PART 2
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
host pii266 {
hardware ethernet 48: 54: E8: 27: 75: 77;
fixed-address 192.168.0.15;
}
1) As we know, the client machine that obtains IP through DHCP may lose its original IP if its lease has expired. However, I think that my pii266 host will always use a fixed IP address. The sentence above is for this purpose. First of all, I have to find the interface type and hardware address of the network that is connected to my network on the pii266 machine. 0.15 This IP that is not in DHCP scopes is assigned to pii266.
2) If you refer to the above file for your settings, please pay attention to each punctuation mark. Some numbers are separated by ',', and some are separated by space. (Same as perl script), otherwise, the next line will be treated as a continuation of the line, and will not be treated as a new line.
3) After the /etc/dhcpd.conf file is set, you also need to create a blank file /etc/dhcp.leases with the following command:
touch /etc/dhcp.leases
Note: You should not try to modify this file yourself. If there is a problem with the file, delete or rename it, and then create it with the touch command.
4) We already know in "Network Basics" that in the early stage of DHCP operation, the client used the broadcast method to query DHCP information. The problem is that I have two network cards here. When DHCP responds to the client βs query, it is difficult to determine which network to pass to. Because the client has not yet been assigned an IP address at the beginning, so I am in my / etc / Added such a line in hosts οΉ
255.255.255.255 all-ones all-ones
5) Then, I also added this description in /etc/rc.d/rc.local οΉ
# Lines added by netman,
# for enabling DHCP routing on multi-nics environement:
echo "" Adding IP routing for DHCP server .. . ""
route add -host 255.255.255.255 dev eth0
route add -host 255.255.255.255 dev eth1
6) This way, when the machine is activated, the DHCP route is set. However, it seems that the new version of Linux no longer needs to worry about this problem. If you find that DHCP fails to provide services, consider using this method again.
7) The last thing you need to do is to reactivate the DHCP service:
/etc/rc.d/init.d/dhcpd restart
Note if there is any error message, make appropriate changes, and try to activate dhcpd (use start instead of restart).
8) Setting up DHCP for IP Alias
In some cases, we may use IP Alias to connect to the network. At this time, we can also provide DHCP service for the network where alias is located? However, it should be noted that you can only provide one sub-net service for one interface, even if the interface is bundled with several aliases.
9) The setting is also quite simple. οΉ
Set the network where alias is located.
Then cancel /etc/dhcpd.conf about the subnet where the original IP is located.
Just leave the range of the network where alias is on.
In my tests, /etc/dhcpd.conf is not the most important. I still need to make sure that the ip alias is successfully activated when shutting down, and the routing must be set up.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Set up a complete DHCP strategy Full PART 2
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
host pii266 {
hardware ethernet 48: 54: E8: 27: 75: 77;
fixed-address 192.168.0.15;
}
1) As we know, the client machine that obtains IP through DHCP may lose its original IP if its lease has expired. However, I think that my pii266 host will always use a fixed IP address. The sentence above is for this purpose. First of all, I have to find the interface type and hardware address of the network that is connected to my network on the pii266 machine. 0.15 This IP that is not in DHCP scopes is assigned to pii266.
2) If you refer to the above file for your settings, please pay attention to each punctuation mark. Some numbers are separated by ',', and some are separated by space. (Same as perl script), otherwise, the next line will be treated as a continuation of the line, and will not be treated as a new line.
3) After the /etc/dhcpd.conf file is set, you also need to create a blank file /etc/dhcp.leases with the following command:
touch /etc/dhcp.leases
Note: You should not try to modify this file yourself. If there is a problem with the file, delete or rename it, and then create it with the touch command.
4) We already know in "Network Basics" that in the early stage of DHCP operation, the client used the broadcast method to query DHCP information. The problem is that I have two network cards here. When DHCP responds to the client βs query, it is difficult to determine which network to pass to. Because the client has not yet been assigned an IP address at the beginning, so I am in my / etc / Added such a line in hosts οΉ
255.255.255.255 all-ones all-ones
5) Then, I also added this description in /etc/rc.d/rc.local οΉ
# Lines added by netman,
# for enabling DHCP routing on multi-nics environement:
echo "" Adding IP routing for DHCP server .. . ""
route add -host 255.255.255.255 dev eth0
route add -host 255.255.255.255 dev eth1
6) This way, when the machine is activated, the DHCP route is set. However, it seems that the new version of Linux no longer needs to worry about this problem. If you find that DHCP fails to provide services, consider using this method again.
7) The last thing you need to do is to reactivate the DHCP service:
/etc/rc.d/init.d/dhcpd restart
Note if there is any error message, make appropriate changes, and try to activate dhcpd (use start instead of restart).
8) Setting up DHCP for IP Alias
In some cases, we may use IP Alias to connect to the network. At this time, we can also provide DHCP service for the network where alias is located? However, it should be noted that you can only provide one sub-net service for one interface, even if the interface is bundled with several aliases.
9) The setting is also quite simple. οΉ
Set the network where alias is located.
Then cancel /etc/dhcpd.conf about the subnet where the original IP is located.
Just leave the range of the network where alias is on.
In my tests, /etc/dhcpd.conf is not the most important. I still need to make sure that the ip alias is successfully activated when shutting down, and the routing must be set up.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Set up a complete DHCP strategy Full PART 3 THE PROCESS
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) activate dhcpd:
If you have any interface has been up
&&
and routing has been set {
if the original interface sub-net has been
declared good { ## then whether you are delcare good alias The sub-net
dhcpd can be activated successfully.
}
Otherly {#If the original interface sub-net is not declared,
if the sub-net where the alias is located is already declared {
if the sub-net where the alias is located has been routed {
dhcpd can be successfully activated
}
Otherwise {#if the sub-net where the alias is still Not set routing
When you activate dhcpd, you should get οΉ
No subnet declaration for ethx (the original IP network)
and fail.
}
}
Else {# If the alias does not declare the case where the subnet
will get No subnet declaration for ethx error
}
}
}
2) , the operation dhcpd
When you have successfully activated the dhcpd {
If you have the original declear The sub-net where the interface is located {
with range settings {
## Then no matter whether you set the sub-net and range
dhcpd where alias is located, it will only offer the sub-net of the original interface
}
otherwise {# ζ range Settings
## Then whether you Whether the sub-net where the alias is located and the range
dhcpd after receiving the DHCPDISCOVER will respond οΉ
no free leases on subnet (sub-net of the original interface)
}
otherwise {#If you have not cleared the sub-net where the original interface is located
If there alias where the sub-net {# if no dhcpd failed to activate when
there is range set {
dhcpd will offer alias host-NET Sub
}
Otherwise {# no range setting
dhcpd will respond after receiving DHCPDISCOVER οΉ
no free leases on subnet (alias is in the sub-net)
}
}
}
e n j o y by U N D E R C O D E
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Set up a complete DHCP strategy Full PART 3 THE PROCESS
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) activate dhcpd:
If you have any interface has been up
&&
and routing has been set {
if the original interface sub-net has been
declared good { ## then whether you are delcare good alias The sub-net
dhcpd can be activated successfully.
}
Otherly {#If the original interface sub-net is not declared,
if the sub-net where the alias is located is already declared {
if the sub-net where the alias is located has been routed {
dhcpd can be successfully activated
}
Otherwise {#if the sub-net where the alias is still Not set routing
When you activate dhcpd, you should get οΉ
No subnet declaration for ethx (the original IP network)
and fail.
}
}
Else {# If the alias does not declare the case where the subnet
will get No subnet declaration for ethx error
}
}
}
2) , the operation dhcpd
When you have successfully activated the dhcpd {
If you have the original declear The sub-net where the interface is located {
with range settings {
## Then no matter whether you set the sub-net and range
dhcpd where alias is located, it will only offer the sub-net of the original interface
}
otherwise {# ζ range Settings
## Then whether you Whether the sub-net where the alias is located and the range
dhcpd after receiving the DHCPDISCOVER will respond οΉ
no free leases on subnet (sub-net of the original interface)
}
otherwise {#If you have not cleared the sub-net where the original interface is located
If there alias where the sub-net {# if no dhcpd failed to activate when
there is range set {
dhcpd will offer alias host-NET Sub
}
Otherwise {# no range setting
dhcpd will respond after receiving DHCPDISCOVER οΉ
no free leases on subnet (alias is in the sub-net)
}
}
}
e n j o y by U N D E R C O D E
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ HOW to Test DHCP AFTER SETTING UP
twitter.com/UNDERCODETC
π¦ ππΌππ πππΈβπ :
1) to test whether HDCP works is not easy Just find a Linux machine on the same network and change its interface to use DHCP. For example, modify the file / etc / sysconfig / network-scripts / ifcfg-eth0 so that it looks like this:
DEVICE = "" eth0 ""
IPADDR = "" ""
NETMASK = "" ""
ONBOOT = "" yes ""
BOOTPROTO = "" dhcp ""
2) If you are using a Windows system, then οΉ Start-> Settings-> Control Panel-> Network-> 'TCP / IP-> Network Card'-> IP address-> Obtain an IP address automatically-> OK-> OK-> Reactivate the machine. After logging in, execute οΉ Start-> Run-> winipcfg-> There is still information. You can verify the DHCP settings immediately. If you want to change the settings on the DHCP server side, you can click "Update All" to see if the new settings take effect
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ HOW to Test DHCP AFTER SETTING UP
twitter.com/UNDERCODETC
π¦ ππΌππ πππΈβπ :
1) to test whether HDCP works is not easy Just find a Linux machine on the same network and change its interface to use DHCP. For example, modify the file / etc / sysconfig / network-scripts / ifcfg-eth0 so that it looks like this:
DEVICE = "" eth0 ""
IPADDR = "" ""
NETMASK = "" ""
ONBOOT = "" yes ""
BOOTPROTO = "" dhcp ""
2) If you are using a Windows system, then οΉ Start-> Settings-> Control Panel-> Network-> 'TCP / IP-> Network Card'-> IP address-> Obtain an IP address automatically-> OK-> OK-> Reactivate the machine. After logging in, execute οΉ Start-> Run-> winipcfg-> There is still information. You can verify the DHCP settings immediately. If you want to change the settings on the DHCP server side, you can click "Update All" to see if the new settings take effect
β β β ο½ππ»βΊπ«Δπ¬πβ β β β