▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑updated 2020 topic Minimal Linux Live (MLL) is a tiny educational Linux distribution, which is designed to be built from scratch by using a collection of automated shell scripts. Minimal Linux Live offers a core environment with just the Linux kernel, GNU C library, and Busybox userland utilities.
instagram.com/UndercOdeTestingCompany

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

>The generated ISO image file contains Linux kernel, GNU C library compiled with default options, Busybox compiled with default options, quite simple initramfs structure and some "overlay bundles" (the default build process provides few overlay bundles). You don't get Windows support out of the box, nor you get any fancy desktop environment (refer to the Debootstrap Live project if you need minimal system with network and UI). All you get is a simple shell console with default Busybox applets, network support via DHCP and... well, that's all. This is why it's called "minimal".


1) git clone https://github.com/ivandavidov/minimal/

2) go to dir then
>The section below is for Ubuntu and other Debian based distros.

# Resolve build dependencies

3) sudo apt install wget make gawk gcc bc bison flex xorriso libelf-dev libssl-dev

# Build everything and produce ISO image.

4) ./build_minimal_linux_live.sh

5) The default build process uses some custom provided CFLAGS. They can be found in the .config file. Some of these additional flags were introduced in order to fix different issues which were reported during the development phase.

🦑 How to build all overlay bundles.

1) cd minimal_overlay

2) ./overlay_build.sh
# How to build specific overlay bundle. The example is for 'Open JDK'
# which depends on many GNU C libraries and on ZLIB. All dependencies
# are handled automatically by the overlay bundle system.

cd minimal_overlay
./overlay_build.sh openjdk

E N J O Y
Posted by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 top Shell script compiler
twitter.com/UndercOdeTC

> A generic shell script compiler. Shc takes a script, which is specified on the command line and produces C source code. The generated source code is then compiled and linked to produce a stripped binary executable.

> The compiled binary will still be dependent on the shell specified in the first line of the shell code (i.e shebang) (i.e. #!/bin/sh), thus shc does not create completely independent binaries.

> shc itself is not a compiler such as cc, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. It then uses the system compiler to compile a stripped binary which behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shell -c option.

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/neurobin/shc

2) cd shc

3) ./configure

4) make

5) sudo make install

6) If make fails due to automake version, run ./autogen.sh before running the above commands.

🦑 Ubuntu-specific

1) sudo add-apt-repository ppa:neurobin/ppa

2) sudo apt-get update

3) sudo apt-get install shc

4) If the above installation method seems like too much work, then just download a compiled binary package from release page and copy the shc binary to /usr/bin and shc.1 file to /usr/share/man/man1.

🦑 Usage

1) shc [options]

2) shc -f script.sh -o binary

3) shc -U -f script.sh -o binary # Untraceable binary (prevent strace, ptrace etc..)

4) shc -H -f script.sh -o binary # Untraceable binary, does not require root (only bourne shell (sh) scripts with no parameter)

🦑 The hardening flag -H

> This flag is currently in an experimental state and may not work in all systems. This flag only works for default shell. For example, if you compile a bash script with -H flag then the resultant executable will only work in systems where the default shell is bash. You may change the default shell which generally is /bin/sh which further is just a link to another shell like bash or dash etc.

> Also -H does not work with positional parameters (yet)

🦑 Testing :

./configure
make
make check
./configure
make
make check

🦑 If you want to edit the manual, please edit the man.md file (available in the master branch) instead and then generate the manual file from it with the command (requires pandoc to be installed):


> pandoc -s man.md -t man -o shc.1
#also run this command to generate the html manual

> pandoc -s man.md -t html -o man.html

E N J O Y
Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Updated 2019 Search API docs offline, in terminal or browser :
>dasht is a collection of shell scripts for searching, browsing, and managing API documentation (in the form of 150+ offline documentation sets, courtesy of Dash for OS X) all from the comfort of your own terminal!
T.me/UndercOdeTesting

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/sunaku/dasht

2) Add the bin/ folder to your PATH environment variable:

3)> export PATH=$PATH:location_where_you_cloned_or_downloaded_dasht/bin

4) Add the man/ folder to your MANPATH environment variable:

> export MANPATH=location_where_you_cloned_or_downloaded_dasht/man:$MANPATH

5) Source this file in ZSH to activate TAB completion for dasht:

>source location_where_you_cloned_or_downloaded_dasht/etc/zsh/completions.zsh
Or simply add the completions/ directory to your ZSH $fpath if you've
already set up ZSH's completion system elsewhere:

> fpath+=location_where_you_cloned_or_downloaded_dasht/etc/zsh/completions/

🦑 TO RUN

1) dasht-docsets-install bash

2) Next, perform a direct search from the terminal using dasht(1):

dasht 'c - x'

3) Then, repeat the search in a web browser using dasht-server(1):

dasht-server

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Researchers manage to steal data by manipulating computer screen brightness
Recently from undercode tweets twitter.com/UndercOdeTC

> Computers in government, banks, businesses, industry, and military institutions often operate in a strictly controlled environment, are disconnected from the Internet, and are subject to strict supervision. Although these security measures make them more difficult to crack, several secret channels have been explored in the past, using computer sounds, heat, and even hard drive activity indicators to steal encoded data. The latest attempts include secretly changing the brightness of the display, then capturing video streams with surveillance cameras, and finally decoding through image processing.

> Researchers have been able to extract data from computers by simply changing the brightness level of the computer screen as part of a new type of optically concealed channel that relies on human vision to limit it. According to Hacker News, Dr Mordechai Guri, head of the Cyber ​​Security Research Center at Ben Gurion University in Israel, conducted the study with two scholars.
@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 CVE-2017-0199 Vulnerability Exploit Sample Analysis BY UndercOde
instagram.com/UNdercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> md5: 0087AA25E20070186AC171BE6C528DA6

> File size: 31752 bytes (31kb)

> File type: PDF

sample The initial file is disguised as a PDF file, hidden in its PDF data stream segment, a word file, and a JS hidden in its PDF Code. When the PDF is opened, the JS code will be executed. Then, the software that opens the word file by default on the computer will be called to open the word file. Then, if the software that is associated with the computer to open the word file by default is the office in the vulnerability version, it will execute by default Download the malicious link in word. Use PDFstreamDumper to view the data of each segment of this PDF, this is a Word file with embedded data stream segments

🦑 Attack Load

File MD5: AAFD0EBFE1AFBCAE1834430FEEBD5A31
File Type: of Bi nExecute / Microsoft.EXE [: the X86]

> compiled language: NSIS Packer sample description; the sample is The NSIS packaging program. After running the sample, the sample will successively call [collages.dll Corticoid.cab System.dll] ( where System.dl is harmless ) in its resource file, and then call the LoadLibraryExA function to load System.dll after System. dll will continue to call collages.dll address and call LoadLibraryA function to load collages.dll, collages.dll will Corticoid.cab compressed file decryption core sample shellcode decrypt it, then

> collages.dll uses process injection technology to create a child process that injects the decrypted shellcode data into the child process and executes the shellcode to execute malicious code for camouflage purposes. After finding that it is nsis packaged software, use 7-zip to decompress it, and you can see its related resource files. The cab file is a corrupted file, the cabinet compressed file size and its file type and it is suspected to be a shellcode resource file

🦑Note Loaded the resource file, analyzed the two dlls at the beginning, found no malicious code, focused on the cab file, and turned it around for a long time in the packaging program. A lot of time wasted)

by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑JavaScript has npm, Ruby has Gems, Python has pip and now Shell has bpkg, automated 2020 updated script for kali-debian-ubanto
instagram.com/UndercOdeTestingCompany

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) curl -Lo- "https://raw.githubusercontent.com/bpkg/bpkg/master/setup.sh" | bash

2) clib install bpkg/bpkg

🦑 1) git clone https://github.com/bpkg/bpkg.git

2) cd bpkg

3) ./setup.sh # Will install bpkg in $HOME/.local/bin

4) sudo ./setup.sh # Will install bpkg in /usr/local/bin.

5) PREFIX=/my/custom/directory ./setup.sh # Will install bpkg in a custom directory.

6) global install for the current user

> $ bpkg install term -g

7) term

8) local install:

> $ bpkg install term

> $ ./deps/term/term.sh

9) After a local install the term.sh script is copied as term to the deps/bin directory, you can add this directory to the PATH with

> export PATH=$PATH:/path_to_bkpg/deps/bin
As a bonus, you can specify a specific version:

> $ bpkg install jwerle/suggest.sh@0.0.1 -g

10) For example you could install git-standup with an omitted package.json because of the Makefile and the install target found in it.

$ bpkg install stephenmathieson/git-standup -g

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 The "Reverse Resource Zone"- and required tools for Cracking Softwares by UNdercOde
t.me/UndercOdeTesting

> [ Android Tools ] Relevant tools used by Android program reverse

> [ Debuggers ] Dynamic debugging tools

> [ Disassemblers ] Decompiler tools (static analysis (Main)

> [ PEtools ] PE file analysis and shell checking related tools

> [ Packers ] Shell related tools

> [ Patchers ] Patch related tools

> [ Editors ] Program resource editing, text manipulation related tools

> [ Cryptography ] Algorithm related tools

> [Unpackers ] Shelling machine related

> [ Dongle ] Dongle related

> [ .NET ] Microsoft .Net program reverse related tool

> [ OllyScript ] OllyDbg shelling script, program button event lookup script

> [ OllyDbg 1.x Plugin ] Dynamic debugging tool OllyDbg 1. Plug-in program for x

> [ OllyDbg 2.x Plugin ] Plug-in program for OllyDbg 2.x

> [ x64dbg Plugin ] Plug-in program for dynamic debugging tool x64dbg

> [ IDA Plugin ] Plug-in program for decompiler IDA

> [ Mac OSX ] Mac OSX system Program Reverse Related Tools

> [ Other ] Other related programs

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Why do you need to debug the linux kernel ?
t.me/UndercOdeTesting

> if you want to take this opportunity to sort out the file system.

> sdcardfs Although the amount of code is not very large, but for my current familiarity with Linux source code, there are still some difficulties.

> So you need to be able to debug with breakpoints to track the execution flow of the kernel. Through breakpoint debugging, you can view the value of the variable and the call stack.

> Sharpening the wood without accidentally cutting the woodworker, breakpoint debugging can be more effective for analyzing the kernel source code.


@UndercOdeofficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑debugg Using kgdb, kdb and the kernel debugger internals
t.me/UndercodeTesting

1) The kernel has two different debugger front ends (kdb and kgdb) which interface to the debug core. It is possible to use either of the debugger front ends and dynamically transition between them if you configure the kernel properly at compile and runtime.

2) Kdb is simplistic shell-style interface which you can use on a system console with a keyboard or serial console. You can use it to inspect memory, registers, process lists, dmesg, and even set breakpoints to stop in a certain location. Kdb is not a source level debugger, although you can set breakpoints and execute some basic kernel run control. Kdb is mainly aimed at doing some analysis to aid in development or diagnosing kernel problems. You can access some symbols by name in kernel built-ins or in kernel modules if the code was built with CONFIG_KALLSYMS.

3) Kgdb is intended to be used as a source level debugger for the Linux kernel.

4 It is used along with gdb to debug a Linux kernel. The expectation is that gdb can be used to “break in” to the kernel to inspect memory, variables and look through call stack information similar to the way an application developer would use gdb to debug an application. It is possible to place breakpoints in kernel code and perform some limited execution stepping.

🦑 Requirements :

>Two machines are required for using kgdb.

1) One of these machines is a development machine and the other is the target machine.

2) The kernel to be debugged runs on the target machine. The development machine runs an instance of gdb against the vmlinux file which contains the symbols (not a boot image such as bzImage, zImage, uImage...). In gdb the developer specifies the connection parameters and connects to kgdb.

3) The type of connection a developer makes with gdb depends on the availability of kgdb I/O modules compiled as built-ins or loadable kernel modules in the test machine’s kernel.

🦑 Compiling a kernel

> In order to enable compilation of kdb, you must first enable kgdb

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑 Lets start android debugging 2020
> Kernel config options for kgdb
fb.com/UndercOdeTestingCompany

1) To enable CONFIG_KGDB you should look under Kernel hacking ‣ Kernel debugging and select KGDB: kernel debugger.

2) While it is not a hard requirement that you have symbols in your vmlinux file, gdb tends not to be very useful without the symbolic data, so you will want to turn on CONFIG_DEBUG_INFO which is called Compile the kernel with debug info in the config menu.

3) It is advised, but not required, that you turn on the CONFIG_FRAME_POINTER kernel option which is called Compile the kernel with frame pointers in the config menu.

4) This option inserts code to into the compiled executable which saves the frame information in registers or on the stack at different points which allows a debugger such as gdb to more accurately construct stack back traces while debugging the kernel.

5) If the architecture that you are using supports the kernel option CONFIG_STRICT_KERNEL_RWX, you should consider turning it off.

6) This option will prevent the use of software breakpoints because it marks certain regions of the kernel’s memory space as read-only. If kgdb supports it for the architecture you are using, you can use hardware breakpoints if you desire to run with the CONFIG_STRICT_KERNEL_RWX option turned on, else you need to turn off this option.

7) Next you should choose one of more I/O drivers to interconnect debugging host and debugged target. Early boot debugging requires a KGDB I/O driver that supports early debugging and the driver must be built into the kernel directly. Kgdb I/O driver configuration takes place via kernel or module parameters

🦑 Here is an example set of .config symbols to enable or disable for kgdb:

# CONFIG_STRICT_KERNEL_RWX is not set
CONFIG_FRAME_POINTER=y
CONFIG_KGDB=y
CONFIG_KGDB_SERIAL_CONSOLE=y
Kernel config options for kdb
Kdb is quite a bit more complex than the simple gdbstub sitting on top of the kernel’s debug core. Kdb must implement a shell, and also adds some helper functions in other parts of the kernel, responsible for printing out interesting data such as what you would see if you ran lsmod, or ps.

8) In order to build kdb into the kernel you follow the same steps as you would for kgdb.

9) The main config option for kdb is CONFIG_KGDB_KDB which is called KGDB_KDB: include kdb frontend for kgdb in the config menu. In theory you would have already also selected an I/O driver such as the CONFIG_KGDB_SERIAL_CONSOLE interface if you plan on using kdb on a serial port, when you were configuring kgdb.

10) If you want to use a PS/2-style keyboard with kdb, you would select CONFIG_KDB_KEYBOARD which is called KGDB_KDB: keyboard as input device in the config menu. The CONFIG_KDB_KEYBOARD option is not used for anything in the gdb interface to kgdb. The CONFIG_KDB_KEYBOARD option only works with kdb.

11) Here is an example set of .config symbols to enable/disable kdb:

# CONFIG_STRICT_KERNEL_RWX is not set
CONFIG_FRAME_POINTER=y
CONFIG_KGDB=y
CONFIG_KGDB_SERIAL_CONSOLE=y
CONFIG_KGDB_KDB=y
CONFIG_KDB_KEYBOARD=y
Kernel Debugger Boot Arguments
This section describes the various runtime kernel parameters that affect the configuration of the kernel debugger. T

12) Kernel parameter: kgdboc
The kgdboc driver was originally an abbreviation meant to stand for “kgdb over console”. Today it is the primary mechanism to configure how to communicate from gdb to kgdb as well as the devices you want to use to interact with the kdb shell.

13) For kgdb/gdb, kgdboc is designed to work with a single serial port. It is intended to cover the circumstance where you want to use a serial console as your primary console as well as using it to perform kernel debugging. It is also possible to use kgdb on a serial port which is not designated as a system console. Kgdboc may be configured as a kernel built-in or a kernel loadable module.

14) You can only make use of kgdbwait and early debugging if you build kgdboc into the kernel as a built-in.

Optionally you can elect to activate kms (Kernel Mode Setting) integration. When you use kms with kgdboc and you have a video driver that has atomic mode setting hooks, it is possible to enter the debugger on the graphics console. When the kernel execution is resumed, the previous graphics mode will be restored. This integration can serve as a useful tool to aid in diagnosing crashes or doing analysis of memory with kdb while allowing the full graphics console applications to run.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Details for android debugg
twitter.com/UndercOdeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

a) kgdboc arguments


1) kgdboc=[kms][[,]kbd][[,]serial_device][,baud]
The order listed above must be observed if you use any of the optional configurations together.

Abbreviations:

kms = Kernel Mode Setting
kbd = Keyboard
You can configure kgdboc to use the keyboard, and/or a serial device depending on if you are using kdb and/or kgdb, in one of the following scenarios. The order listed above must be observed if you use any of the optional configurations together. Using kms + only gdb is generally not a useful combination.

2) Using loadable module or built-in
As a kernel built-in:

> Use the kernel boot argument:

kgdboc=<tty-device>,[baud]
As a kernel loadable module:

🦑 Use the command:

modprobe kgdboc kgdboc=<tty-device>,[baud]
Here are two examples of how you might format the kgdboc string. The first is for an x86 target using the first serial port. The second example is for the ARM Versatile AB using the second serial port.

kgdboc=ttyS0,115200
kgdboc=ttyAMA1,115200
Configure kgdboc at runtime with sysfs
At run time you can enable or disable kgdboc by echoing a parameters into the sysfs. Here are two examples:

🦑 Enable/disable

kgdboc on ttyS0:

1) enable :

> echo ttyS0 > /sys/module/kgdboc/parameters/kgdboc

2) Disable kgdboc:

> echo "" > /sys/module/kgdboc/parameters/kgdboc

🦑 More examples by UndercOde

1) You can configure kgdboc to use the keyboard, and/or a serial device depending on if you are using kdb and/or kgdb, in one of the following scenarios.

> kdb and kgdb over only a serial port:

kgdboc=<serial_device>[,baud]

2) Example:

kgdboc=ttyS0,115200
kdb and kgdb with keyboard and a serial port:

kgdboc=kbd,<serial_device>[,baud]

3) Example:

kgdboc=kbd,ttyS0,115200
kdb with a keyboard:

kgdboc=kbd
kdb with kernel mode setting:

kgdboc=kms,kbd
kdb with kernel mode setting and kgdb over a serial port:

kgdboc=kms,kbd,ttyS0,115200

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Anti-DDOS project is an open source software project developed to protect against DOS and DDoS attacks.
> The project was written using bash programming language. By writing iptables rules into the Linux operating system.
> Takes the necessary defense configurations. And it only works on the linux operating system. 100% compatible for Linux operating systems. It does not provide 100% security, it will only help you to take the necessary measures.
t.me/UndercodeTesting

🦑 𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) Cloning an Existing Repository ( Clone with HTTPS )

root@ismailtasdelen:~# git clone https://github.com/ismailtasdelen/
Anti-DDOS.git

> Cloning an Existing Repository ( Clone with SSH )
root@ismailtasdelen:~# git clone git@github.com:ismailtasdelen/Anti-DDOS.git

2) cd Anti-DDOS

3) RUN
root@ismailtasdelen:~# bash ./anti-ddos.sh

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑basic commun error fix : win10 denied access [application method]
instagram.com/UndercOdeTestingCompany

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> Because the computer system handles the problem of access denied by win10, many people will not operate, so I want to help you solve the problem of access denied by win10, so how should you specifically deal with access denied by win10?

1) Open the C drive, find windowsApps, right-click the property, click the security column, and edit permissions.

2) In the "Group and user name" column, select your current login account, if not, you can add it. (In the add account, select all object types, you can enter the object name, such as -PC / Administrator). Let's take a look at the idea of ​​Xiao Bian to solve the access denied in win10.

3) Open the C drive, find windowsApps, right-click properties, click the security column, and edit permissions.

4) In the "Group and user name" column, select your current login account, if not, you can add it. (Add account, select all object types, object name can be entered, such as -PC / Administrator)

5) Modify the corresponding permission operations as required

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Vulnerable Regex in online repositories Example :
twitter.com/UndercOdeTC

1) ReGexLib,id=1757 (email validation) - see bold part, which is an Evil Regex

^([a-zA-Z0-9])(([\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$

Input:

aaaaaaaaaaaaaaaaaaaaaaaa!

2) OWASP Validation Regex Repository, Java Classname - see bold part, which is an Evil Regex

^(([a-z])+.)+[A-Z]([a-z])+$

Input:

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!

🦑 Web application attack

1) Open a JavaScript

2) find Evil Regex

3) Craft a malicious input for the found Regex

4) Submit a valid value via intercepting proxy

5) Change the request to contain a malicious input
You are done!

🦑 ReDoS via Regex Injection

> The following example checks if the username is part of the password entered by the user.

> String userName = textBox1.Text; String password = textBox2.Text;

>Regex testPassword = new Regex(userName); Match match = testPassword.Match(password); if (match.Success) {

> MessageBox.Show("Do not include name in password."); } else { MessageBox.Show("Good password."); }

> If an attacker enters ^(([a-z])+.)+[A-Z]([a-z])+$ as a username and aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! as a password, the program will hang.

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁