โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ How Setting Up a NFS Client
Twitter.com/UndercOdeTC
๐ฆ Setting Up a NFS Client
1) Declare the machine as a client without a drive or data. Before using SunInstall
2) Edit the file / etc / fstab and make sure that the paths to be mounted are in fstab
3) According to fstab Set the content, set Mount points on the client
(mount_points is the path exported by exports using mkdir)
4) Make sure that the path we want to mount is in / etc / exports
5) You can start the mount to link the directories on the server (mount -a)
/ etc / fstab Example of a file
โ syntax filesystem directory type options freq pass
oak: / export / root / boomer / nfs rw 0 0
^^^
Because the file is on the server, not on client,
the client setting is 0
oak: / export / exec / sun3 / usr nfs ro 0 0
oak: / export / exec / kvm / sun3 / usr / kvm nfs ro 0 0
oak: / usr / share / usr / share nfs ro 0 0
oak: / home / oak / home / oak nfs rw, bg 0 0
๐ฆ mount syntax
โ syntax: mount -t type [-rv] -o [option] server: pathname / mount_point
MOUNT:
mount -a mount all the paths listed in / etc / fstab
mount -o ro, soft, bg dancer : / usr / local / usr / local / dancer
to dancer server's / usr / local mount to the client
/ usr / local / dancer and is only the Read
-t of the type: you want to mount Type, such as nfs or 4.2
-r: The mounted path is set to read only
-v: For each action of the mount process, messages are returned to the screen.
Hard: Repeat the request until the server responds. Do not respond to
the server may be down!
Soft: When the client's request cannot be responded, an
error message is returned after retry one time.
Bg: When the first request is unsuccessful, the second mount will be executed in the background.
Fg: retries mount has been performing
intr under the prompt symbol : when an NFS request is in progress, allow the keyboard to interrupt
๐ฆ the message when the mount is successful
NFS server hostname ok
hard mount fail
NFS server hostname not responding, still trying
soft... hostname server not reponding: RPC: Timed out
ยง UNMOUNT:
umount mount_point
umount -a unmount all the paths already mounted
1) Declare the machine as a client without a drive or data. Before using SunInstall
2) Edit the file / etc / fstab and make sure that the paths to be mounted are in fstab
3) According to fstab Set the content, set Mount points on the client
(mount_points is the path exported by exports using mkdir)
4) Make sure that the path we want to mount is in / etc / exports
5) You can start the mount to link the directories on the server (mount -a)
/ etc / fstab Example of a file
โ syntax filesystem directory type options freq pass
oak: / export / root / boomer / nfs rw 0 0
^^^
Because the file is on the server, not on client,
the client setting is 0
oak: / export / exec / sun3 / usr nfs ro 0 0
oak: / export / exec / kvm / sun3 / usr / kvm nfs ro 0 0
oak: / usr / share / usr / share nfs ro 0 0
oak: / home / oak / home / oak nfs rw, bg 0 0
๐ฆ How NFS Work?
When we start the NFS file server, /etc/rc.local will automatically launch the exportfs program, specifying the files or directories that can be exported And we can only mount the specified directory.
โก NFS is built on top of the XDR / RPC protocol.
XDR: (eXternal Data Representation) External data representation
XDR (eXternal Data Representation) provides a way to data from one format to another data format standard notation to ensure that different computer, operating system and computer language, meaning that all data are represented by the same
RPC: (Remote procedure calls) remote procedure call
RPC (Remote Procedure Calls) Remote procedure calls, requesting the remote computer to provide service. The client will send RPC to the remote computer through the network, requesting service.
(General local machine: client remote machine: server)
Written by UndercOde
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ How Setting Up a NFS Client
Twitter.com/UndercOdeTC
๐ฆ Setting Up a NFS Client
1) Declare the machine as a client without a drive or data. Before using SunInstall
2) Edit the file / etc / fstab and make sure that the paths to be mounted are in fstab
3) According to fstab Set the content, set Mount points on the client
(mount_points is the path exported by exports using mkdir)
4) Make sure that the path we want to mount is in / etc / exports
5) You can start the mount to link the directories on the server (mount -a)
/ etc / fstab Example of a file
โ syntax filesystem directory type options freq pass
oak: / export / root / boomer / nfs rw 0 0
^^^
Because the file is on the server, not on client,
the client setting is 0
oak: / export / exec / sun3 / usr nfs ro 0 0
oak: / export / exec / kvm / sun3 / usr / kvm nfs ro 0 0
oak: / usr / share / usr / share nfs ro 0 0
oak: / home / oak / home / oak nfs rw, bg 0 0
๐ฆ mount syntax
โ syntax: mount -t type [-rv] -o [option] server: pathname / mount_point
MOUNT:
mount -a mount all the paths listed in / etc / fstab
mount -o ro, soft, bg dancer : / usr / local / usr / local / dancer
to dancer server's / usr / local mount to the client
/ usr / local / dancer and is only the Read
-t of the type: you want to mount Type, such as nfs or 4.2
-r: The mounted path is set to read only
-v: For each action of the mount process, messages are returned to the screen.
Hard: Repeat the request until the server responds. Do not respond to
the server may be down!
Soft: When the client's request cannot be responded, an
error message is returned after retry one time.
Bg: When the first request is unsuccessful, the second mount will be executed in the background.
Fg: retries mount has been performing
intr under the prompt symbol : when an NFS request is in progress, allow the keyboard to interrupt
๐ฆ the message when the mount is successful
NFS server hostname ok
hard mount fail
NFS server hostname not responding, still trying
soft... hostname server not reponding: RPC: Timed out
ยง UNMOUNT:
umount mount_point
umount -a unmount all the paths already mounted
1) Declare the machine as a client without a drive or data. Before using SunInstall
2) Edit the file / etc / fstab and make sure that the paths to be mounted are in fstab
3) According to fstab Set the content, set Mount points on the client
(mount_points is the path exported by exports using mkdir)
4) Make sure that the path we want to mount is in / etc / exports
5) You can start the mount to link the directories on the server (mount -a)
/ etc / fstab Example of a file
โ syntax filesystem directory type options freq pass
oak: / export / root / boomer / nfs rw 0 0
^^^
Because the file is on the server, not on client,
the client setting is 0
oak: / export / exec / sun3 / usr nfs ro 0 0
oak: / export / exec / kvm / sun3 / usr / kvm nfs ro 0 0
oak: / usr / share / usr / share nfs ro 0 0
oak: / home / oak / home / oak nfs rw, bg 0 0
๐ฆ How NFS Work?
When we start the NFS file server, /etc/rc.local will automatically launch the exportfs program, specifying the files or directories that can be exported And we can only mount the specified directory.
โก NFS is built on top of the XDR / RPC protocol.
XDR: (eXternal Data Representation) External data representation
XDR (eXternal Data Representation) provides a way to data from one format to another data format standard notation to ensure that different computer, operating system and computer language, meaning that all data are represented by the same
RPC: (Remote procedure calls) remote procedure call
RPC (Remote Procedure Calls) Remote procedure calls, requesting the remote computer to provide service. The client will send RPC to the remote computer through the network, requesting service.
(General local machine: client remote machine: server)
Written by UndercOde
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
This media is not supported in your browser
VIEW IN TELEGRAM
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆUPX Unpacking Process
T.me/UndercOdeTesting
๐ฆBefore we begin with unpacking exercise, lets try to understand the working of UPX.
1) When you pack any Executable with UPX, all existing sections (text, data, rsrc etc) are compressed.
2) Each of these sections are named as UPX0, UPX1 etc.
3) Then it adds new code section at the end of file which will actually decompress all the packed sections at execution time.
๐ฆHere is what happens during the execution of UPX packed EXE file..
1) Execution starts from new OEP (from newly added code section at the end of file)
2) First it saves the current Register Status using PUSHAD instruction
3) All the Packed Sections are Unpacked in memory
4) Resolve the import table of original executable file.
5) Restore the original Register Status using POPAD instruction
6) Finally Jumps to Original Entry point to begin the actual execution
๐ฆ Manual Unpacking of UPX
1) Here are the standard steps involved in any Unpacking operation
2) Debug the EXE to find the real OEP (Original Entry Point)
3) At OEP, Dump the fully Unpacked Program to Disk
4) Fix the Import Table
5) Based on type and complexity of Packer, unpacking operation may vary in terms of time and difficulty.
6) UPX is the basic Packer and serves as great example for anyone who wants to learn Unpacking.
๐ฆwe will use OllyDbg to debug & unpack the UPX packed EXE file.
> Although you can use any debugger, OllyDbg is one of the best ring 3 debugger for Reverse Engineering with its useful plugins.
@UndercOdeOfficial
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆUPX Unpacking Process
T.me/UndercOdeTesting
๐ฆBefore we begin with unpacking exercise, lets try to understand the working of UPX.
1) When you pack any Executable with UPX, all existing sections (text, data, rsrc etc) are compressed.
2) Each of these sections are named as UPX0, UPX1 etc.
3) Then it adds new code section at the end of file which will actually decompress all the packed sections at execution time.
๐ฆHere is what happens during the execution of UPX packed EXE file..
1) Execution starts from new OEP (from newly added code section at the end of file)
2) First it saves the current Register Status using PUSHAD instruction
3) All the Packed Sections are Unpacked in memory
4) Resolve the import table of original executable file.
5) Restore the original Register Status using POPAD instruction
6) Finally Jumps to Original Entry point to begin the actual execution
๐ฆ Manual Unpacking of UPX
1) Here are the standard steps involved in any Unpacking operation
2) Debug the EXE to find the real OEP (Original Entry Point)
3) At OEP, Dump the fully Unpacked Program to Disk
4) Fix the Import Table
5) Based on type and complexity of Packer, unpacking operation may vary in terms of time and difficulty.
6) UPX is the basic Packer and serves as great example for anyone who wants to learn Unpacking.
๐ฆwe will use OllyDbg to debug & unpack the UPX packed EXE file.
> Although you can use any debugger, OllyDbg is one of the best ring 3 debugger for Reverse Engineering with its useful plugins.
@UndercOdeOfficial
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ Detailed usage of dumpsys command in android
Original
twitter.com/UndercOdeTC
> On an android phone, you can enter the android system shell by using the adb shell command. This shell supports some commonly used standard commands and other commands related to the android system. These commands can print the current status information of the system. . dumpsys is one such command.
๐ฆ ๐๐ผ๐๐ ๐๐๐ธโ๐
Currently running services:
SurfaceFlinger
accessibility
account
activity
alarm
android.security.keystore
appops
appwidget
assetatlas
audio
backup
battery
batterypropreg
batterystats
bluetooth_manager
clipboard
commontime_management
connectivity
consumer_ir
content
country_detector
cpuinfo
dbinfo
device_policy
devicestoragemonitor
diskstats
display
display.qservice
dreams
drm.drmManager
dropbox
entropy
gfxinfo
hardware
input
input_method
iphonesubinfo
isms
location
lock_settings
media.audio_flinger
media.audio_policy
media.camera
media.player
media_router
meminfo
mount
netpolicy
netstats
network_management
nfc
notification
package
permission
phone
power
print
procstats
samplingprofiler
scheduling_policy
search
sensorservice
serial
servicediscovery
simphonebook
sip
statusbar
telephony.registry
textservices
uimode
updatelock
usagestats
usb
user
vibrator
wallpaper
wifi
wifip2p
window
๐ฆ Detailed usage of dumpsys command in android
Original
twitter.com/UndercOdeTC
> On an android phone, you can enter the android system shell by using the adb shell command. This shell supports some commonly used standard commands and other commands related to the android system. These commands can print the current status information of the system. . dumpsys is one such command.
๐ฆ ๐๐ผ๐๐ ๐๐๐ธโ๐
Currently running services:
SurfaceFlinger
accessibility
account
activity
alarm
android.security.keystore
appops
appwidget
assetatlas
audio
backup
battery
batterypropreg
batterystats
bluetooth_manager
clipboard
commontime_management
connectivity
consumer_ir
content
country_detector
cpuinfo
dbinfo
device_policy
devicestoragemonitor
diskstats
display
display.qservice
dreams
drm.drmManager
dropbox
entropy
gfxinfo
hardware
input
input_method
iphonesubinfo
isms
location
lock_settings
media.audio_flinger
media.audio_policy
media.camera
media.player
media_router
meminfo
mount
netpolicy
netstats
network_management
nfc
notification
package
permission
phone
power
procstats
samplingprofiler
scheduling_policy
search
sensorservice
serial
servicediscovery
simphonebook
sip
statusbar
telephony.registry
textservices
uimode
updatelock
usagestats
usb
user
vibrator
wallpaper
wifi
wifip2p
window
Written by UndercOde
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โโ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆAnalysis of IP Fragmentation by UndercOde :
instagram.com/UndercOdeTestingCompany
๐ฆ ๐๐ผ๐๐ ๐๐๐ธโ๐
1) in TCP / IP layering, the data link layer uses MTU (Maximum Transmission Unit) to limit the size of the data packets that can be transmitted.
2) MTU refers to the maximum length of data transmitted at one time, excluding data at the data link layer The frame header, such as the MTU of Ethernet, is 1500 bytes.
3) In fact, the maximum length of a data frame is 1512 bytes, of which the frame header of an Ethernet data frame is 12 bytes.
4) When the size of the sent IP datagram exceeds the MTU, the IP layer needs to fragment the data, otherwise the data will not be sent successfully.
๐ฆAnalysis of IP Fragmentation by UndercOde :
instagram.com/UndercOdeTestingCompany
๐ฆ ๐๐ผ๐๐ ๐๐๐ธโ๐
1) in TCP / IP layering, the data link layer uses MTU (Maximum Transmission Unit) to limit the size of the data packets that can be transmitted.
2) MTU refers to the maximum length of data transmitted at one time, excluding data at the data link layer The frame header, such as the MTU of Ethernet, is 1500 bytes.
3) In fact, the maximum length of a data frame is 1512 bytes, of which the frame header of an Ethernet data frame is 12 bytes.
4) When the size of the sent IP datagram exceeds the MTU, the IP layer needs to fragment the data, otherwise the data will not be sent successfully.
Written by UndercOde
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โโ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ Implementation of IP fragmentation
t.me/UndercOdeTesting
๐ฆ ๐๐ผ๐๐ ๐๐๐ธโ๐
1) IP fragmentation occurs at the IP layer.
>Not only the source host will fragment, but intermediate routers may also fragment, because the MTU of different networks is different. If the MTU is small, the router may fragment the IP datagram again.
2) The reassembly of fragmented data can only occur at the IP layer of the destination.
3) There are 4 bytes in the IP header for fragmentation
> . The first 16 bits are the ID of the IP datagram.
4) The IDs of the fragments of the same datagram are the same.
5) The destination will determine whether the IP fragments belong to the same IP datagram based on this ID. The middle 3 bits are flag bits, of which 1 bit is used to indicate whether there are more fragments. If it is the last fragment, the flag bit is 0, otherwise it is 1.
6) The last 13 bits indicate the offset of the fragment in the original data. The original data here is the TCP or UDP data transmitted by the IP layer, and does not include the IP header.
๐ฆ Flag field: 16 bits. Used to uniquely identify each datagram sent by the host. Normally, every time a message is sent, its value is increased by 1.
> This is
the meaning of the three flag bits of IPID:
1) R: reserved unused;
2) DF: Don't Fragment, "No Fragment" bit. If this bit is set to 1, the IP layer will not fragment the datagram; instead, the data will be fragmented. discarding a packet and sends an ICMP error packet discarding and the source host causes
3) MF: more Fragment, "more on-chip", except the last one, the other piece of each constituent datagram should set the bit. 1;
4) Fragment Offset : The slice is offset from the beginning of the original packet. The number of bytes offset is the value multiplied by 8.
Written by UndercOde
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ Implementation of IP fragmentation
t.me/UndercOdeTesting
๐ฆ ๐๐ผ๐๐ ๐๐๐ธโ๐
1) IP fragmentation occurs at the IP layer.
>Not only the source host will fragment, but intermediate routers may also fragment, because the MTU of different networks is different. If the MTU is small, the router may fragment the IP datagram again.
2) The reassembly of fragmented data can only occur at the IP layer of the destination.
3) There are 4 bytes in the IP header for fragmentation
> . The first 16 bits are the ID of the IP datagram.
4) The IDs of the fragments of the same datagram are the same.
5) The destination will determine whether the IP fragments belong to the same IP datagram based on this ID. The middle 3 bits are flag bits, of which 1 bit is used to indicate whether there are more fragments. If it is the last fragment, the flag bit is 0, otherwise it is 1.
6) The last 13 bits indicate the offset of the fragment in the original data. The original data here is the TCP or UDP data transmitted by the IP layer, and does not include the IP header.
๐ฆ Flag field: 16 bits. Used to uniquely identify each datagram sent by the host. Normally, every time a message is sent, its value is increased by 1.
> This is
the meaning of the three flag bits of IPID:
1) R: reserved unused;
2) DF: Don't Fragment, "No Fragment" bit. If this bit is set to 1, the IP layer will not fragment the datagram; instead, the data will be fragmented. discarding a packet and sends an ICMP error packet discarding and the source host causes
3) MF: more Fragment, "more on-chip", except the last one, the other piece of each constituent datagram should set the bit. 1;
4) Fragment Offset : The slice is offset from the beginning of the original packet. The number of bytes offset is the value multiplied by 8.
Written by UndercOde
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆHow to Avoid IP Fragmentation
t.me/UndercOdeTesting
๐ฆ ๐๐ผ๐๐ ๐๐๐ธโ๐
> In network programming, we need to avoid IP fragmentation, so why should we avoid it?
1) The reason is that the IP layer does not have a timeout retransmission mechanism.
2) If the IP layer fragments a packet, as long as one fragment is lost, it can only rely on the transport layer to retransmit.
3) It's a bit expensive to retransmit. It can be seen that IP fragmentation will greatly reduce the success rate of data transmission at the transport layer, so we must avoid IP fragmentation.
4) For UDP packets, we need to limit the size of each packet at the application layer, and generally do not exceed 1472 bytes, that is, Ethernet MTU (1500)-UDP header (8)-IP header (20).
5) For TCP data, the application layer does not need to consider this issue, because the transport layer has already done it for us.
6) During the three-way handshake of establishing a connection, both parties of the connection will notify each other of the MSS (Maximum Segment Size).
7) The MSS is generally MTUโIP header (20) โTCP header (20). The data does not exceed the minimum value of MSS on both sides, so it is guaranteed that the IP datagram does not exceed the MTU, and IP fragmentation is avoided.
Written by UndercOde
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆHow to Avoid IP Fragmentation
t.me/UndercOdeTesting
๐ฆ ๐๐ผ๐๐ ๐๐๐ธโ๐
> In network programming, we need to avoid IP fragmentation, so why should we avoid it?
1) The reason is that the IP layer does not have a timeout retransmission mechanism.
2) If the IP layer fragments a packet, as long as one fragment is lost, it can only rely on the transport layer to retransmit.
3) It's a bit expensive to retransmit. It can be seen that IP fragmentation will greatly reduce the success rate of data transmission at the transport layer, so we must avoid IP fragmentation.
4) For UDP packets, we need to limit the size of each packet at the application layer, and generally do not exceed 1472 bytes, that is, Ethernet MTU (1500)-UDP header (8)-IP header (20).
5) For TCP data, the application layer does not need to consider this issue, because the transport layer has already done it for us.
6) During the three-way handshake of establishing a connection, both parties of the connection will notify each other of the MSS (Maximum Segment Size).
7) The MSS is generally MTUโIP header (20) โTCP header (20). The data does not exceed the minimum value of MSS on both sides, so it is guaranteed that the IP datagram does not exceed the MTU, and IP fragmentation is avoided.
Written by UndercOde
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ IP fragmentation example by UndercOde Support
UDP
1) Send 3,000 bytes of UDP data from 10.224.142.166 to 10.137.133.101. The result of packet capture is shown below.
2) , this UDP data packet is divided into 3 IP fragments.
3) From the offset of each fragment, it can be seen that the size of the UDP data contained in the 3 fragments is 1480, 1480, 48 (plus the UDP header 8). Bytes), the size of each fragment plus the IP header is 1500, 1500, and 68 respectively, and the total UDP data size transmitted is 3008. It can also be seen that only one fragment contains the UDP header.
UDP
1) Send 3,000 bytes of UDP data from 10.224.142.166 to 10.137.133.101. The result of packet capture is shown below.
2) , this UDP data packet is divided into 3 IP fragments.
3) From the offset of each fragment, it can be seen that the size of the UDP data contained in the 3 fragments is 1480, 1480, 48 (plus the UDP header 8). Bytes), the size of each fragment plus the IP header is 1500, 1500, and 68 respectively, and the total UDP data size transmitted is 3008. It can also be seen that only one fragment contains the UDP header.
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ What About TCP ?
t.me/UndercOdeTesting
๐ฆ Send 2000 bytes of TCP data from 10.224.142.166 to 10.137.133.101. The result of packet capture is shown in Next Pi by UndercOde Support
> It can be seen from the figure that the TCP data is divided into 2 IP fragments, and the data sizes are 1448 and 552 respectively.
> From the three-way handshake, it can be seen that the MSS announced by both parties is 1460 bytes, which is exactly MTU (1500)-IP. Header (20)-TCP header (20), but in fact why the first fragment only sent 1448 bytes,
<> personally think it should be the TCP header and some options occupy 12 bytes. Please also know the master explain.
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ
๐ฆ What About TCP ?
t.me/UndercOdeTesting
๐ฆ Send 2000 bytes of TCP data from 10.224.142.166 to 10.137.133.101. The result of packet capture is shown in Next Pi by UndercOde Support
> It can be seen from the figure that the TCP data is divided into 2 IP fragments, and the data sizes are 1448 and 552 respectively.
> From the three-way handshake, it can be seen that the MSS announced by both parties is 1460 bytes, which is exactly MTU (1500)-IP. Header (20)-TCP header (20), but in fact why the first fragment only sent 1448 bytes,
<> personally think it should be the TCP header and some options occupy 12 bytes. Please also know the master explain.
โ โ โ ๏ฝ๐๐ปโบ๐ซฤ๐ฌ๐โ โ โ โ