Forwarded from Backup Legal Mega
1) Here we can see that our cookieeffective time is 14:04 on May 13th, indicating that our modified configuration is valid, and can be Cookiemodified through this parameter . As long as this time point is reached, it Cookiewill be invalid and the user You need to log in again.
π¦Validity period is Genesis
2) Here will be expiresset to the validity period is -1, you can observe that the cookie is used in 1970, which is the meta time of the UNIX era
local cookie = resty_cookie:new()
local ok, err = cookie:set({
key = "middle_session",
value = session,
path = "/",
secure = false,
httponly = true,
expires = ngx.cookie_time(-1),
domain = ngx.host,
})
π¦Validity period is Genesis
2) Here will be expiresset to the validity period is -1, you can observe that the cookie is used in 1970, which is the meta time of the UNIX era
local cookie = resty_cookie:new()
local ok, err = cookie:set({
key = "middle_session",
value = session,
path = "/",
secure = false,
httponly = true,
expires = ngx.cookie_time(-1),
domain = ngx.host,
})
Forwarded from Backup Legal Mega
π¦As you can see from the picture below, the Cookievalidity period is January 1, 1970. At this point in time, there is no suspense that is outdated. Of course, it is configured in a production environment. It is to be locked in a small black room to discuss the value of life. Users who encounter such a Cookieconfiguration cannot log in successfully anyway.
Forwarded from Backup Legal Mega
π¦The validity period is current :
Because it ngx.cookie_timewill return a formatted string that can be used as the Cookieexpiration time, we manually specify the expiration time. Through this method, you can test Cookiethe effect of the automatic removal mentioned above
local cookie = resty_cookie:new()
local ok, err = cookie:set({
key = "middle_session",
value = session,
path = "/",
secure = false,
httponly = true,
expires = -1,
domain = ngx.host,
})
Because it ngx.cookie_timewill return a formatted string that can be used as the Cookieexpiration time, we manually specify the expiration time. Through this method, you can test Cookiethe effect of the automatic removal mentioned above
local cookie = resty_cookie:new()
local ok, err = cookie:set({
key = "middle_session",
value = session,
path = "/",
secure = false,
httponly = true,
expires = -1,
domain = ngx.host,
})
Forwarded from Backup Legal Mega
π¦Specify expiration time to 0
local cookie = resty_cookie:new()
local ok, err = cookie:set({
key = "middle_session",
value = session,
path = "/",
secure = false,
httponly = true,
expires = 0,
domain = ngx.host,
})
π¦in conclusion
Here configuration -1, 0in a real sense with hives time is the same, but the benefits of that dark room without closing it. CookieOnly valid on the current page, once you close the browser, this Cookiewill be cleared by the browser, no longer need to consider security issues, support & share us t.me/UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
local cookie = resty_cookie:new()
local ok, err = cookie:set({
key = "middle_session",
value = session,
path = "/",
secure = false,
httponly = true,
expires = 0,
domain = ngx.host,
})
π¦in conclusion
Here configuration -1, 0in a real sense with hives time is the same, but the benefits of that dark room without closing it. CookieOnly valid on the current page, once you close the browser, this Cookiewill be cleared by the browser, no longer need to consider security issues, support & share us t.me/UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from Backup Legal Mega
Pastebin
VERIFIED PREMIUM NORDVPN - Pastebin.com
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 new phishing tool > Advanced Phishing tool for Linux & Termux
t.me/UndercodeTesting
A) install in one command :
apt update ; apt install git -y ; git clone git://github.com/htr-tech/nexphisher.git ; cd nβ β β ο½ππ»βΊπ«Δπ¬πβ β β β
exphisher ; bash setup ; bash nexphisher
B) apt update
> apt install git -y
>git clone git://github.com/htr-tech/nexphisher.git
> cd nexphisher
> SETUP : bash setup
> SETUP [TERMUX] : bash tmux_setup
> Run : bash nexphisher
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 new phishing tool > Advanced Phishing tool for Linux & Termux
t.me/UndercodeTesting
A) install in one command :
apt update ; apt install git -y ; git clone git://github.com/htr-tech/nexphisher.git ; cd nβ β β ο½ππ»βΊπ«Δπ¬πβ β β β
exphisher ; bash setup ; bash nexphisher
B) apt update
> apt install git -y
>git clone git://github.com/htr-tech/nexphisher.git
> cd nexphisher
> SETUP : bash setup
> SETUP [TERMUX] : bash tmux_setup
> Run : bash nexphisher
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦OWASP Joomla Vulnerability Scanner Project updated in 2019
π¦WHY OWASP JOOMSCAN ?
Automated ...
*Version enumerator
*Vulnerability enumerator (based on version)
*Components enumerator (1209 most popular by default)
*Components vulnerability enumerator (based on version)(+1030 exploit)
*Firewall detector
*Reporting to Text & HTML output
*Finding common log files
*Finding common backup files
π¦πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/rezasp/joomscan.git
2) cd joomscan
3) perl joomscan.pl
π¦For Docker installation and usage
# Build the docker image
docker build -t rezasp/joomscan .
# Run a new docker container with reports directory mounted at the host
docker run -it -v /path/to/reports:/home/joomscan/reports --name joomscan_cli rezasp/joomscan
# For accessing the docker container you can run the following command
docker run -it -v /path/to/reports:/home/joomscan/reports --name joomscan_cli --entrypoint /bin/bash rezasp/joomscan
β verified by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦OWASP Joomla Vulnerability Scanner Project updated in 2019
π¦WHY OWASP JOOMSCAN ?
Automated ...
*Version enumerator
*Vulnerability enumerator (based on version)
*Components enumerator (1209 most popular by default)
*Components vulnerability enumerator (based on version)(+1030 exploit)
*Firewall detector
*Reporting to Text & HTML output
*Finding common log files
*Finding common backup files
π¦πβπππΈπππππΈπππβ & βπβ :
1) git clone https://github.com/rezasp/joomscan.git
2) cd joomscan
3) perl joomscan.pl
π¦For Docker installation and usage
# Build the docker image
docker build -t rezasp/joomscan .
# Run a new docker container with reports directory mounted at the host
docker run -it -v /path/to/reports:/home/joomscan/reports --name joomscan_cli rezasp/joomscan
# For accessing the docker container you can run the following command
docker run -it -v /path/to/reports:/home/joomscan/reports --name joomscan_cli --entrypoint /bin/bash rezasp/joomscan
β verified by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - OWASP/joomscan: OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/
OWASP Joomla Vulnerability Scanner Project https://www.secologist.com/ - OWASP/joomscan
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦pro users Analysis of the difference between the units px, rem, em, vh, vw in CSS
1) Absolute length
px
px is the pixel value, is a fixed length, such as our meters, centimeters.
2) Relative length
π¦Why do we need relative length rem em etc?
The fixed length can no longer meet our current needs.
Example: For example, when we shrink our screen, we not only need to reduce the width and height of our box, we also want to reduce our font size, so that the user experience will be better.
rem
π¦The calculation relationship between rem and px
The value of rem is a multiple of px
By default font-size = 16px, then 1rem = 16px
rem how to modify the relative calculation relationship with px
We can modify the font-size: 32px in and only in the html tag (because the html node is the root node, which is r: root in rem), so 1rem = 32px
Code
<div class="div-rem">rem</div>
/* remηη¨ζ³ */
html{
font-size:16px; // 1rem = 16px
}
.div-rem{
width: 10rem; // 10rem = 10 x 16 = 160px
height: 10rem; // 10rem = 10 x 16 = 160px
font-size: 1rem; // 1rem = 16px
background-color: #a58778;
}
in
π¦The calculation relationship between em and px
The value of em is a multiple of px
By default font-size = 16px, then 1em = 16px
em how to modify the relative calculation relationship with px
We can modify the font-size: 32px on our own elements, so that 1em = 32px
If the font-size is not set on our own element, we can also set the font-size on the parent element to affect the em value used by our own element (child element).
The difference between rem and em
written by undercoder
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦pro users Analysis of the difference between the units px, rem, em, vh, vw in CSS
1) Absolute length
px
px is the pixel value, is a fixed length, such as our meters, centimeters.
2) Relative length
π¦Why do we need relative length rem em etc?
The fixed length can no longer meet our current needs.
Example: For example, when we shrink our screen, we not only need to reduce the width and height of our box, we also want to reduce our font size, so that the user experience will be better.
rem
π¦The calculation relationship between rem and px
The value of rem is a multiple of px
By default font-size = 16px, then 1rem = 16px
rem how to modify the relative calculation relationship with px
We can modify the font-size: 32px in and only in the html tag (because the html node is the root node, which is r: root in rem), so 1rem = 32px
Code
<div class="div-rem">rem</div>
/* remηη¨ζ³ */
html{
font-size:16px; // 1rem = 16px
}
.div-rem{
width: 10rem; // 10rem = 10 x 16 = 160px
height: 10rem; // 10rem = 10 x 16 = 160px
font-size: 1rem; // 1rem = 16px
background-color: #a58778;
}
in
π¦The calculation relationship between em and px
The value of em is a multiple of px
By default font-size = 16px, then 1em = 16px
em how to modify the relative calculation relationship with px
We can modify the font-size: 32px on our own elements, so that 1em = 32px
If the font-size is not set on our own element, we can also set the font-size on the parent element to affect the em value used by our own element (child element).
The difference between rem and em
written by undercoder
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦recently from undercode tweets :
twitter.com/UndercodeNews
> Encrypted files add .Cov19 extension, FushenKingdee ransomware is active
1) Tencent Security Threat Intelligence Center has detected that a ransomware virus called Fushen Kingdee is active, and existing enterprises have been attacked. This virus is a variant of Scarab ransomware, which uses RSA + AES to encrypt files.
2) The virus will not only encrypt the content of the file, but also use RC4 + non-standard Base64 to encrypt and encode the file name. After being attacked, the file in the system will be modified to the "fixed name encoded data.cov19" format.
2) The attacker left a blackmail letter and asked to contact FushenKingdee@protonmail.com to purchase the decryption tool. The files damaged by the virus encryption cannot be decrypted and restored at the moment. Tencent security experts remind users to handle unknown emails carefully. Government and enterprise users must strengthen network security management measures to avoid damage.
3) The author of FushenKingdee ransomware is suspected to be from the Russian region. When the virus is encrypted, Russia, Belarus, and Ukraine will be excluded. Based on tools such as processhacker (a security analysis tool) and NetworkShare v.2.exe (network sharing scan) that the attacker left on the victim computer, Tencent security experts speculate that the attacker is not limited to encrypting a computer, but also conducts network scanning horizontally With the intention of spreading, an attacker may try to invade by phishing email, weak password blasting, or vulnerability intrusion, and then release the ransomware virus.
3) At present, Tencent computer housekeeper and Tencent T-Sec terminal security management system can kill and kill Fushen Kingdee ransomware virus.
π¦recently from undercode tweets :
twitter.com/UndercodeNews
> Encrypted files add .Cov19 extension, FushenKingdee ransomware is active
1) Tencent Security Threat Intelligence Center has detected that a ransomware virus called Fushen Kingdee is active, and existing enterprises have been attacked. This virus is a variant of Scarab ransomware, which uses RSA + AES to encrypt files.
2) The virus will not only encrypt the content of the file, but also use RC4 + non-standard Base64 to encrypt and encode the file name. After being attacked, the file in the system will be modified to the "fixed name encoded data.cov19" format.
2) The attacker left a blackmail letter and asked to contact FushenKingdee@protonmail.com to purchase the decryption tool. The files damaged by the virus encryption cannot be decrypted and restored at the moment. Tencent security experts remind users to handle unknown emails carefully. Government and enterprise users must strengthen network security management measures to avoid damage.
3) The author of FushenKingdee ransomware is suspected to be from the Russian region. When the virus is encrypted, Russia, Belarus, and Ukraine will be excluded. Based on tools such as processhacker (a security analysis tool) and NetworkShare v.2.exe (network sharing scan) that the attacker left on the victim computer, Tencent security experts speculate that the attacker is not limited to encrypting a computer, but also conducts network scanning horizontally With the intention of spreading, an attacker may try to invade by phishing email, weak password blasting, or vulnerability intrusion, and then release the ransomware virus.
3) At present, Tencent computer housekeeper and Tencent T-Sec terminal security management system can kill and kill Fushen Kingdee ransomware virus.
X (formerly Twitter)
UNDERCODE NEWS (@UndercodeNews) on X
π¦ Latest in Cyber & Tech News with AI-Powered Analysis and Fact Checking.
γjoin us: https://t.co/YVv330UsjQ
More: @DailyCve @UndercodeUpdate
γjoin us: https://t.co/YVv330UsjQ
More: @DailyCve @UndercodeUpdate
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Second, security recommendations and solutions
Tencent security experts advise users to take necessary measures to improve network security and avoid being subjected to ransomware virus attacks.
Business users
1) Close unnecessary ports as much as possible, such as 445, 135, 139, etc. White ports can be configured for ports 3389, 5900, etc. Only IP connections in the white list are allowed to log in;
2) Try to turn off unnecessary file sharing. If necessary, use ACL and strong password protection to limit access and disable anonymous access to shared folders;
3) Use strong passwords to avoid weak passwords, and Replace regularly. It is recommended to use high-strength and irregular passwords for server passwords, and it is mandatory to use different password management for each server;
4) Set corresponding controls on internal access to servers / workstations that do not require interconnection, to prevent servers that can be connected to external networks from being used as springboards to further attack Attack other servers;
5) Regularly back up important files and data (databases and other data), and keep at least one non-local backup;
6) It is recommended that enterprise end users handle cautious email attachments with caution. If not necessary, the Office macro code should be prohibited ;
7) the deployment of professional security software in the terminal / server, Web server may consider deploying in the cloud such as Tencent have professional security capabilities of cloud services platform. .
8) It is recommended to install the Tencent T-Sce terminal security management system
by
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Second, security recommendations and solutions
Tencent security experts advise users to take necessary measures to improve network security and avoid being subjected to ransomware virus attacks.
Business users
1) Close unnecessary ports as much as possible, such as 445, 135, 139, etc. White ports can be configured for ports 3389, 5900, etc. Only IP connections in the white list are allowed to log in;
2) Try to turn off unnecessary file sharing. If necessary, use ACL and strong password protection to limit access and disable anonymous access to shared folders;
3) Use strong passwords to avoid weak passwords, and Replace regularly. It is recommended to use high-strength and irregular passwords for server passwords, and it is mandatory to use different password management for each server;
4) Set corresponding controls on internal access to servers / workstations that do not require interconnection, to prevent servers that can be connected to external networks from being used as springboards to further attack Attack other servers;
5) Regularly back up important files and data (databases and other data), and keep at least one non-local backup;
6) It is recommended that enterprise end users handle cautious email attachments with caution. If not necessary, the Office macro code should be prohibited ;
7) the deployment of professional security software in the terminal / server, Web server may consider deploying in the cloud such as Tencent have professional security capabilities of cloud services platform. .
8) It is recommended to install the Tencent T-Sce terminal security management system
by
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦personal user
1) It is recommended to enable Tencent computer housekeeper, do not open strange mails at will, close Office to execute macro code;
2) Turn on the computer housekeeper's document guardian function, and use disk redundant space to automatically back up data files, even if an accident occurs, the data can be prepared.> those recommendations must applied for all members in undercode
1) It is recommended to enable Tencent computer housekeeper, do not open strange mails at will, close Office to execute macro code;
2) Turn on the computer housekeeper's document guardian function, and use disk redundant space to automatically back up data files, even if an accident occurs, the data can be prepared.> those recommendations must applied for all members in undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Analysis of encryption part
After the virus runs, first use ZLib to decompress a large amount of plain text string information to be used from the memory, which contains hard-coded RSA 2048 public key information
> Encrypted files add .Cov19 extension, FushenKingdee ransomware is active
π¦Analysis of encryption part
After the virus runs, first use ZLib to decompress a large amount of plain text string information to be used from the memory, which contains hard-coded RSA 2048 public key information
> Encrypted files add .Cov19 extension, FushenKingdee ransomware is active