β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ xss vulnerabilities everyone should know by undercode :
> When reading materials about XSS, we usually see the classic <script> alert (1) </ script> as proof of this vulnerability (PoC-Proof of Concept). Although it is correct, it does not go beyond this range, which allows novices in the field to find more solutions to deal with this situation. Therefore, this is something everyone should know and be able to exploit the 7 XSS vulnerabilitiesare :
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) At the beginning of the source code, there is an HTML comment with all the parameters used to trigger each case, and they apply to both GET and POST requests.
2) We can see that all cases are source-based, which means that the injection always appears in the source code retrieved by the HTTP response body. Independent of the types being reflected or stored, what matters here is the context in which they appear when displayed, so we will always use the reflected type as the main example. Some XSS flaws do not appear in the source code, and DOM-based flaws are not covered here.
> Remember to try the following example only in browsers without local XSS filtering (such as Mozilla Firefox ).
3) URL reflection
When the URL is reflected somehow in the source code, we can add our own XSS vector / payload to it. For PHP pages, you can use a slash (/) to add anything in the URL after the page name (no changes needed).
> check out undercode picture sended here
The leading label dash (">") needs to be used to break through the current label so that we can insert a new label.
>Although there are multiple reasons for using different languages ββ(reflection may also appear in path or URL parameters), for PHP, the reason is usually the global variable $ _SERVER ["PHP_SELF"] in the action field of the submit form
π¦ xss vulnerabilities everyone should know by undercode :
> When reading materials about XSS, we usually see the classic <script> alert (1) </ script> as proof of this vulnerability (PoC-Proof of Concept). Although it is correct, it does not go beyond this range, which allows novices in the field to find more solutions to deal with this situation. Therefore, this is something everyone should know and be able to exploit the 7 XSS vulnerabilitiesare :
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) At the beginning of the source code, there is an HTML comment with all the parameters used to trigger each case, and they apply to both GET and POST requests.
2) We can see that all cases are source-based, which means that the injection always appears in the source code retrieved by the HTTP response body. Independent of the types being reflected or stored, what matters here is the context in which they appear when displayed, so we will always use the reflected type as the main example. Some XSS flaws do not appear in the source code, and DOM-based flaws are not covered here.
> Remember to try the following example only in browsers without local XSS filtering (such as Mozilla Firefox ).
3) URL reflection
When the URL is reflected somehow in the source code, we can add our own XSS vector / payload to it. For PHP pages, you can use a slash (/) to add anything in the URL after the page name (no changes needed).
> check out undercode picture sended here
The leading label dash (">") needs to be used to break through the current label so that we can insert a new label.
>Although there are multiple reasons for using different languages ββ(reflection may also appear in path or URL parameters), for PHP, the reason is usually the global variable $ _SERVER ["PHP_SELF"] in the action field of the submit form
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
π¦2) Simple HTMLi (HTML injection)
The simplest input is reflected directly in the code between or after existing tags. No need to escape or break anything, any simple XSS vector (such as <tag handler = jsCode>) will do the job.
3)Inline HTMLi
Almost as simple as the previous one, but preceded by a lowercase ">" to break the current label.
4) Inline HTMLi: no broken tags
When the input is placed in an HTML attribute and the filter condition is greater than the character (>), the current tag cannot be broken as in the previous case.
The simplest input is reflected directly in the code between or after existing tags. No need to escape or break anything, any simple XSS vector (such as <tag handler = jsCode>) will do the job.
3)Inline HTMLi
Almost as simple as the previous one, but preceded by a lowercase ">" to break the current label.
4) Inline HTMLi: no broken tags
When the input is placed in an HTML attribute and the filter condition is greater than the character (>), the current tag cannot be broken as in the previous case.
This will turn the value off and provide space for inserting the onmouseover event handler. Point to alert (1) followed by double slashes to comment out the hanging quotes. When the victim points the mouse to the affected input field, a js popup window will be triggered.
π¦ will posts some from our hacking video tutorial later on youtube (more detailed )
5) Js (JavaScript) block in HTMLi
The input sometimes falls into a javascript block, usually the value of some variable in the code. However, because HTML tags have priority in the browser's parsing, we can simply terminate the block and insert a new tag.
The input sometimes falls into a javascript block, usually the value of some variable in the code. However, because HTML tags have priority in the browser's parsing, we can simply terminate the block and insert a new tag.
6) Simple Js injection
If script tags were filtered in some way, the previous method would fail.
If script tags were filtered in some way, the previous method would fail.
7) Escaped Js Injection
In the former case, if you escape the quotes (responsible for the breakthrough of the variable value) with a backslash (\), the injection will not work (the syntax is invalid).
> That's it for today. Recently, two-way foil security launched a practical class for vulnerability mining
In the former case, if you escape the quotes (responsible for the breakthrough of the variable value) with a backslash (\), the injection will not work (the syntax is invalid).
> That's it for today. Recently, two-way foil security launched a practical class for vulnerability mining
π¦those xss vulnerabilities everyone should know
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Universal Radio Hacker: investigate wireless protocols 2020 from few hours updated :
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
The Universal Radio Hacker (URH) is a software for investigating unknown wireless protocols. Features include
1) hardware interfaces for common Software Defined Radios
easy demodulation of signals
2) assigning participants to keep an overview of your data
customizable decodings to crack even sophisticated encodings like C1101 data whitening
3) assign labels to reveal the logic of the protocol
4) automatic reverse engineering of protocol fields
5) fuzzing component to find security leaks
6) modulation support to send the data back to the target
7)simulation environment to perform stateful attacks
π¦ Without installation
To execute the Universal Radio Hacker without installation, just run:
git clone https://github.com/jopohl/urh/
cd urh/src/urh
./main.py
Note, before first usage the C++ extensions will be built.
π¦ Installing from source
To install from source you need to have python-setuptools installed. You can get it e.g. with pip install setuptools. Once the setuptools are installed use:
git clone https://github.com/jopohl/urh/
cd urh
python setup.py install
π¦TESTED BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Universal Radio Hacker: investigate wireless protocols 2020 from few hours updated :
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
The Universal Radio Hacker (URH) is a software for investigating unknown wireless protocols. Features include
1) hardware interfaces for common Software Defined Radios
easy demodulation of signals
2) assigning participants to keep an overview of your data
customizable decodings to crack even sophisticated encodings like C1101 data whitening
3) assign labels to reveal the logic of the protocol
4) automatic reverse engineering of protocol fields
5) fuzzing component to find security leaks
6) modulation support to send the data back to the target
7)simulation environment to perform stateful attacks
π¦ Without installation
To execute the Universal Radio Hacker without installation, just run:
git clone https://github.com/jopohl/urh/
cd urh/src/urh
./main.py
Note, before first usage the C++ extensions will be built.
π¦ Installing from source
To install from source you need to have python-setuptools installed. You can get it e.g. with pip install setuptools. Once the setuptools are installed use:
git clone https://github.com/jopohl/urh/
cd urh
python setup.py install
π¦TESTED BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Analysis of DLink RCE Vulnerability CVE-2019-17621
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
> Environment construction
Before installing and configuring the operating environment, you must know the version of the Linux system you are using and the version of Qemu, because this directly affects your subsequent choice of installing various dependent packages, mips qemu images, etc., all versions correspond to . The RUN the To correctly & Final System of The Basic Environment for the this IS The Vulnerability Analysis and Machine The Virtual Previous Ubuntu18.04 Qemu Compiled and Runtime Environment based Installed The ON-QEMU 4.0.0 Source code:
1) QEMU Image at The debianmips the Download from Site at The https://people.debian.org/~aurel32/qemu/mips/ . Since at The Virtual Machine IS Ubuntu Linux, download debian_squeeze_mips_standard.qcow2 and vmlinux-2.6.32-5-4kc-malta
π¦ MIPS system network configuration
1) To use QEMU to run a MIPS system, you need to set the ubuntu virtual machine as a bridge, so that the ubuntu system can communicate with the QEMU virtual machine and transmit data (this operation is similar to configuring the VMware Workstation bridge to communicate with the physical machine).
2) To get the installation dependencies, execute the following command:
> sudo apt-get install bridge-utils uml-utilities
> Ubuntu modified host network configuration, the network interface
> ubuntu configuration file / etc / network / interfaces modified as follows and save it, close:
sudo gedit /etc/network/interfaces
3) Modified QEMU network interface startup script, reboot the network configuration to take effect, execute the following command:
sudo gedit /etc/qemu-ifup
π¦ Analysis of DLink RCE Vulnerability CVE-2019-17621
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
> Environment construction
Before installing and configuring the operating environment, you must know the version of the Linux system you are using and the version of Qemu, because this directly affects your subsequent choice of installing various dependent packages, mips qemu images, etc., all versions correspond to . The RUN the To correctly & Final System of The Basic Environment for the this IS The Vulnerability Analysis and Machine The Virtual Previous Ubuntu18.04 Qemu Compiled and Runtime Environment based Installed The ON-QEMU 4.0.0 Source code:
1) QEMU Image at The debianmips the Download from Site at The https://people.debian.org/~aurel32/qemu/mips/ . Since at The Virtual Machine IS Ubuntu Linux, download debian_squeeze_mips_standard.qcow2 and vmlinux-2.6.32-5-4kc-malta
π¦ MIPS system network configuration
1) To use QEMU to run a MIPS system, you need to set the ubuntu virtual machine as a bridge, so that the ubuntu system can communicate with the QEMU virtual machine and transmit data (this operation is similar to configuring the VMware Workstation bridge to communicate with the physical machine).
2) To get the installation dependencies, execute the following command:
> sudo apt-get install bridge-utils uml-utilities
> Ubuntu modified host network configuration, the network interface
> ubuntu configuration file / etc / network / interfaces modified as follows and save it, close:
sudo gedit /etc/network/interfaces
3) Modified QEMU network interface startup script, reboot the network configuration to take effect, execute the following command:
sudo gedit /etc/qemu-ifup
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
π¦Save the file / etc / qemu-ifup later, given executable permissions, and then restart all network configurations take effect:
> sudo chmod a + x / etc / qemu-ifup
> sudo /etc/init.d/networking restart
> sudo chmod a + x / etc / qemu-ifup
> sudo /etc/init.d/networking restart
π¦ QEMU launch configuration
Before Qemu run to start bridging network, execute the following command in the local ubuntu command line terminal (Note: ens33 as the default ubuntu NIC):
> sudo ifdown ens33
> sudo ifup br0
>QEMU MIPS virtual machine starts
Mips into the front of a mirror download directory, execute the following command:
sudo qemu-system-mips -M malta -kernelvmlinux-2.6.32-5-4kc-malta -hda debian_
> Input root / root sign can mips QEMU virtual machine, the operation will be more mips to the virtual machine, it may open a new unbuntu terminal, connected to the SSH qemu mips:
Before Qemu run to start bridging network, execute the following command in the local ubuntu command line terminal (Note: ens33 as the default ubuntu NIC):
> sudo ifdown ens33
> sudo ifup br0
>QEMU MIPS virtual machine starts
Mips into the front of a mirror download directory, execute the following command:
sudo qemu-system-mips -M malta -kernelvmlinux-2.6.32-5-4kc-malta -hda debian_
> Input root / root sign can mips QEMU virtual machine, the operation will be more mips to the virtual machine, it may open a new unbuntu terminal, connected to the SSH qemu mips:
π¦ Firmware simulation run
fb.com/undercodetesting
At The Router Firmware containing at The the Download Vulnerable Version from DLink at The Official Website: ftp://ftp2.dlink.com/PRODUCTS/DIR-859/DIR-859_REVA_FIRMWARE_v1.05B03.zip , to use binwalk-Me Directly at The Firmware to Decompress at The GET file system file:
> The firmware simulation operation can be considered in two ways:
1) upload the file system to the qemu mips virtual machine to run; β‘ run the firmware with the firmadyne tool (of course, you can also try AttifyOS VM):
2) Use the scp command to upload the squashfs-root directory to the qemu mips virtual machine:
3) chroot / root / squashfs-root sh
4) Run firmware with the help of firmadyne tool
Firmadyne is an automated analytical framework can be cut and firmware for embedded Linux systems, it supports reverse QEMU system firmware embedded system simulation execution, use it to simulate router firmware, perform router. Installation and use methods detailed https://github.com/ firmadyne / firmadyne . Note: Firmadyne Before installation, install firmware-analysis-toolkit, installation methods are detailed in https://github.com/attify/firmware-analysis-toolkit , after the installation is complete directories created firmadyne in firmware-analysis -toolkit directory and download installation Firmadyne.After completion of all of the respective mounting as follows (note that two tools to be installed in full in accordance with the steps, or subsequent firmware will run error):
5) Fat.py first move files in and reset.py firmware-analysis-toolkit firmadyne directory to the directory; proceed to set the path firmadyne.config firmadyne modified as follows:
6) The firmware files copied to the bin directory firmadyne continue to execute the following command:
rm -rf images*
python3 reset.py
sudo -u postgres createdb -O firmadyne firmware
sudo -u postgres psql -d firmware < ./database/schema
./sources/extractor/extractor.py -b Dlink -sql 127.0.0.1 -np-nk "DIR859Ax_FW105b03.bin" images
./scripts/getArch.sh ./images/1.tar.gz
./scripts/makeImage.sh 1
./scripts/inferNetwork.sh 1
./scratch/1/run.sh
fb.com/undercodetesting
At The Router Firmware containing at The the Download Vulnerable Version from DLink at The Official Website: ftp://ftp2.dlink.com/PRODUCTS/DIR-859/DIR-859_REVA_FIRMWARE_v1.05B03.zip , to use binwalk-Me Directly at The Firmware to Decompress at The GET file system file:
> The firmware simulation operation can be considered in two ways:
1) upload the file system to the qemu mips virtual machine to run; β‘ run the firmware with the firmadyne tool (of course, you can also try AttifyOS VM):
2) Use the scp command to upload the squashfs-root directory to the qemu mips virtual machine:
3) chroot / root / squashfs-root sh
4) Run firmware with the help of firmadyne tool
Firmadyne is an automated analytical framework can be cut and firmware for embedded Linux systems, it supports reverse QEMU system firmware embedded system simulation execution, use it to simulate router firmware, perform router. Installation and use methods detailed https://github.com/ firmadyne / firmadyne . Note: Firmadyne Before installation, install firmware-analysis-toolkit, installation methods are detailed in https://github.com/attify/firmware-analysis-toolkit , after the installation is complete directories created firmadyne in firmware-analysis -toolkit directory and download installation Firmadyne.After completion of all of the respective mounting as follows (note that two tools to be installed in full in accordance with the steps, or subsequent firmware will run error):
5) Fat.py first move files in and reset.py firmware-analysis-toolkit firmadyne directory to the directory; proceed to set the path firmadyne.config firmadyne modified as follows:
6) The firmware files copied to the bin directory firmadyne continue to execute the following command:
rm -rf images*
python3 reset.py
sudo -u postgres createdb -O firmadyne firmware
sudo -u postgres psql -d firmware < ./database/schema
./sources/extractor/extractor.py -b Dlink -sql 127.0.0.1 -np-nk "DIR859Ax_FW105b03.bin" images
./scripts/getArch.sh ./images/1.tar.gz
./scripts/makeImage.sh 1
./scripts/inferNetwork.sh 1
./scratch/1/run.sh
Facebook
UndercOde Testing Company
UndercOde Testing Company. 97 likes Β· 2 talking about this. Programming, Hacking,Security, Web & Applications Developpements, Fix Errors , Hosts, Server Security, Hacking Pentest, Phone softwares &...
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
2) Remote debugging
At The Router Firmware has been successfully RUN, and the then at The target Program CAN BE debugged. At the this Time, Remote the debugging CAN BE Performed with at The Help of IDA in at The PHYSICAL Machine (of Course,, IDA CAN Also BE Installed in Ubuntu). There are still two ideas for debugging:
3) In the qemu mips virtual machine, use the static gdbserver and remote IDA's "remote GDB debugger" function to dynamically debug the target mips program. It should be noted here that the static gdbserver file format must correspond to the big / small end of the . mips system You can use the file command to view information about the firmware:
4) Therefore, you must first cross-compile to obtain a static gdbserver file in 32-bit MSB format. You can choose Openwrt or Buildroot for cross-compilation, which is omitted here.
After > in ubuntu solving firmware file system, use the chroot command, with qemu-mips-static run target file (cgibin object files), then Accessories IDA dynamic remote debugging, first perform the following command in ubuntu in:
> chroot ../qemu-mips-static -g 1235./htdocs/cgibin
...
END OF TUTORIAL
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
2) Remote debugging
At The Router Firmware has been successfully RUN, and the then at The target Program CAN BE debugged. At the this Time, Remote the debugging CAN BE Performed with at The Help of IDA in at The PHYSICAL Machine (of Course,, IDA CAN Also BE Installed in Ubuntu). There are still two ideas for debugging:
3) In the qemu mips virtual machine, use the static gdbserver and remote IDA's "remote GDB debugger" function to dynamically debug the target mips program. It should be noted here that the static gdbserver file format must correspond to the big / small end of the . mips system You can use the file command to view information about the firmware:
4) Therefore, you must first cross-compile to obtain a static gdbserver file in 32-bit MSB format. You can choose Openwrt or Buildroot for cross-compilation, which is omitted here.
After > in ubuntu solving firmware file system, use the chroot command, with qemu-mips-static run target file (cgibin object files), then Accessories IDA dynamic remote debugging, first perform the following command in ubuntu in:
> chroot ../qemu-mips-static -g 1235./htdocs/cgibin
...
END OF TUTORIAL
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β