Execute php program
The above has entered into the httpdirectory, and found that there is a current directory server.phpof the file, we can command php server.phpexecution
The above has entered into the httpdirectory, and found that there is a current directory server.phpof the file, we can command php server.phpexecution
Browser running test
We open the server.phpfile, there is a line of code $http = new swoole_http_server("0.0.0.0", 9501);to open the swooleservice port 9501, then we can directly in the browser address bar 127.0.0.1:9501or localhost:9501and access, display Hello Swoole., then the Swooleinstallation was successful!
We open the server.phpfile, there is a line of code $http = new swoole_http_server("0.0.0.0", 9501);to open the swooleservice port 9501, then we can directly in the browser address bar 127.0.0.1:9501or localhost:9501and access, display Hello Swoole., then the Swooleinstallation was successful!
Full Graphic tutorial to install Cygwin on Windows system to build Swoole test environment > A small detailed example by undercode
Forwarded from Backup Legal Mega
π¦Linux Foundation Certified Engineer (2019) β3.24 GB
https://linuxacademy.com/course/linux-foundation-certified-engineer/
>Download<
https://linuxacademy.com/course/linux-foundation-certified-engineer/
>Download<
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack nEWS :
1) The Indian government has open sourced its contact tracking application Aarogya Setu under the Apache v2 license , and the source code is hosted on GitHub. The Indian government released Aarogya Setu in early April, and its installation exceeded 114 million in less than two months.
2) The Indian government first disclosed the source code of the Android version. The source code of the iOS and KaiOS (based on Firefox OS) versions will be released in the next few weeks.
3) Indian Minister of Electronics and Information Technology Ajay Prakash Sawhney said that open source code allows others to inspect and find vulnerabilities, and the government will provide up to $ 1,325 in rewards to those who discover and report vulnerabilities. Other countries have also released the source code of the official contact tracking application on GitHub, such as Australia .
@UndercodeNews
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack nEWS :
1) The Indian government has open sourced its contact tracking application Aarogya Setu under the Apache v2 license , and the source code is hosted on GitHub. The Indian government released Aarogya Setu in early April, and its installation exceeded 114 million in less than two months.
2) The Indian government first disclosed the source code of the Android version. The source code of the iOS and KaiOS (based on Firefox OS) versions will be released in the next few weeks.
3) Indian Minister of Electronics and Information Technology Ajay Prakash Sawhney said that open source code allows others to inspect and find vulnerabilities, and the government will provide up to $ 1,325 in rewards to those who discover and report vulnerabilities. Other countries have also released the source code of the official contact tracking application on GitHub, such as Australia .
@UndercodeNews
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ This tutorial is more of a tip than a tutorial. It just explains how to calculate offsets for jumps and calls within the program you are patching.
Types of Jumps/Calls
Here I will just describe the different types of jumps and calls which you will come across:
Short Jumps
Short jumps be they conditional or unconditional jumps are 2 bytes long (or 1 nibble if your Californian ;-). These are relative jumps taken from the first byte after the two bytes of the jump. Using short jumps you can jump a maximum of 127 bytes forward and 128 bytes backwards.
Long Jumps
Long jumps if they are relative are 6 bytes long for conditional jumps and are 5 bytes long for unconditional jumps. For conditional jumps 2 bytes are used to identify that it is a long jump and what type of jump (je, jg, jns etc) it is. The other 4 bytes are used to show how far away the target location is relative to the first byte after the jump. In an unconditional jump only 1 byte is used to identify it as a long unconditional jump and the other 4 are used to show it's target's relative position, as with the conditional jumps.
Calls
There are two different types of calls which we will use. The normal type of call works the same as the long jumps in that it is relative to it's current position. The other type gives a reference to a memory location, register or stack position which holds the memory location it will call. The position held by the later is direct e.g. the memory location referenced may contain 401036h which would be the exact position that you would call, not relative to the position of the call. The size of these types of calls depends on any calculations involved in the call i.e. you could do: 'call dword ptr eax * edx + 2'. Long jumps can also be made using this method, but I didn't say that earlier as to avoid repetition.
Tables
Here is a brief list of all the different types of jumps/calls and their appropriate op-codes. Where different jumps have the same Op-Codes I have grouped them:
Jump Description Short Op-Code Long Op-Code
call procedure call E8xxxxxxxx N/A
jmp u nconditional jump EBxx E9xxxxxxxx
ja/jnbe jump if above 77xx 0F87xxxxxxxx
jae/jnb/jnc jump if above or equal 73xx 0F83xxxxxxxx
jb/jc/jnae jump if below 72xx 0F82xxxxxxxx
jbe/jna jump if below or equal 76xx 0F86xxxxxxxx
jcxz/jecxz jump if cx/ecx equals zero E3xx N/A
je/jz jump if equal/zero 74xx 0F84xxxxxxxx
jne/jnz jump if not equal/zero 75xx 0F85xxxxxxxx
jg/jnle jump if greater 7Fxx 0F8Fxxxxxxxx
jge/jnl jump if greater or equal 7Dxx 0F8Dxxxxxxxx
jl/jnge jump if less 7Cxx 0F8Cxxxxxxxx
jle/jng jump if less or equal 7Exx 0F8Exxxxxxxx
jno jump if not overflow 71xx 0F81xxxxxxxx
jnp/jpo jump if no parity/parity odd 7Bxx 0F8Bxxxxxxxx
jns jump if not signed 79xx 0F89xxxxxxxx
jo jump if overflow 70xx 0F80xxxxxxxx
jp/jpe jump if parity/parity even 7Axx 0F8Axxxxxxxx
js jump if sign 78xx 0F88xxxxxxxx
Calculating Offsets (finding in the xx's in table)
You will need to be able to calculate offsets when you add jumps and make calls within and to the code you have added. If you choose to do this by hand instead of using a tool then here are the basics:
For jumps and calls further on in memory from your current position you take the address where you want to jump/call and subtract from it the memory location of the next instruction after your call/jump i.e.:
(target mem address) - (mem location of next instruction after call/jump)
Example
If we wanted to jump to 4020d0 and the next instruction after the jump is at location 401093 then we would use the following calculation:
4020d0 - 401093 = 103d
We then write the jump instruction in hex as e93d100000 where e9 is the hex op-code for a long relative jump and 3d100000 is the result of our calculation expanded to dword size and reversed.
π¦ This tutorial is more of a tip than a tutorial. It just explains how to calculate offsets for jumps and calls within the program you are patching.
Types of Jumps/Calls
Here I will just describe the different types of jumps and calls which you will come across:
Short Jumps
Short jumps be they conditional or unconditional jumps are 2 bytes long (or 1 nibble if your Californian ;-). These are relative jumps taken from the first byte after the two bytes of the jump. Using short jumps you can jump a maximum of 127 bytes forward and 128 bytes backwards.
Long Jumps
Long jumps if they are relative are 6 bytes long for conditional jumps and are 5 bytes long for unconditional jumps. For conditional jumps 2 bytes are used to identify that it is a long jump and what type of jump (je, jg, jns etc) it is. The other 4 bytes are used to show how far away the target location is relative to the first byte after the jump. In an unconditional jump only 1 byte is used to identify it as a long unconditional jump and the other 4 are used to show it's target's relative position, as with the conditional jumps.
Calls
There are two different types of calls which we will use. The normal type of call works the same as the long jumps in that it is relative to it's current position. The other type gives a reference to a memory location, register or stack position which holds the memory location it will call. The position held by the later is direct e.g. the memory location referenced may contain 401036h which would be the exact position that you would call, not relative to the position of the call. The size of these types of calls depends on any calculations involved in the call i.e. you could do: 'call dword ptr eax * edx + 2'. Long jumps can also be made using this method, but I didn't say that earlier as to avoid repetition.
Tables
Here is a brief list of all the different types of jumps/calls and their appropriate op-codes. Where different jumps have the same Op-Codes I have grouped them:
Jump Description Short Op-Code Long Op-Code
call procedure call E8xxxxxxxx N/A
jmp u nconditional jump EBxx E9xxxxxxxx
ja/jnbe jump if above 77xx 0F87xxxxxxxx
jae/jnb/jnc jump if above or equal 73xx 0F83xxxxxxxx
jb/jc/jnae jump if below 72xx 0F82xxxxxxxx
jbe/jna jump if below or equal 76xx 0F86xxxxxxxx
jcxz/jecxz jump if cx/ecx equals zero E3xx N/A
je/jz jump if equal/zero 74xx 0F84xxxxxxxx
jne/jnz jump if not equal/zero 75xx 0F85xxxxxxxx
jg/jnle jump if greater 7Fxx 0F8Fxxxxxxxx
jge/jnl jump if greater or equal 7Dxx 0F8Dxxxxxxxx
jl/jnge jump if less 7Cxx 0F8Cxxxxxxxx
jle/jng jump if less or equal 7Exx 0F8Exxxxxxxx
jno jump if not overflow 71xx 0F81xxxxxxxx
jnp/jpo jump if no parity/parity odd 7Bxx 0F8Bxxxxxxxx
jns jump if not signed 79xx 0F89xxxxxxxx
jo jump if overflow 70xx 0F80xxxxxxxx
jp/jpe jump if parity/parity even 7Axx 0F8Axxxxxxxx
js jump if sign 78xx 0F88xxxxxxxx
Calculating Offsets (finding in the xx's in table)
You will need to be able to calculate offsets when you add jumps and make calls within and to the code you have added. If you choose to do this by hand instead of using a tool then here are the basics:
For jumps and calls further on in memory from your current position you take the address where you want to jump/call and subtract from it the memory location of the next instruction after your call/jump i.e.:
(target mem address) - (mem location of next instruction after call/jump)
Example
If we wanted to jump to 4020d0 and the next instruction after the jump is at location 401093 then we would use the following calculation:
4020d0 - 401093 = 103d
We then write the jump instruction in hex as e93d100000 where e9 is the hex op-code for a long relative jump and 3d100000 is the result of our calculation expanded to dword size and reversed.
For jumps and calls to locations before the current location in memory you take the address you want to call/jump to and subtract it from the memory location of the next instruction after your call/jump, then subtract 1 and finally perform a logical NOT on the result i.e.
NOT(mem address of next instruction - target mem address - 1)
Example
If we wanted to call location 401184 and the address of the next instruction after the call is 402190 then we do the following calculation:
NOT(402190 - 401184 - 1 ) = ffffeff4
We can then write our call instruction in hex as e8f4efffff where e8 is the hex op-code for relative call and f4efffff is the result of the calculation in reverse order.
If you want to practice with different examples then the best way to do this is to use a disassembler like WDASM which shows you the op-codes and try and work out the results yourself. Also as an end note you don't have to perform these calculations if you have enough room to make your jump or call instruction into an absolute jump call by doing the following as represented in assembler:
mov eax, 4020d0
call eax (or jmp eax)
Final Notes
Make life easier and use a program to do this ;-)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
NOT(mem address of next instruction - target mem address - 1)
Example
If we wanted to call location 401184 and the address of the next instruction after the call is 402190 then we do the following calculation:
NOT(402190 - 401184 - 1 ) = ffffeff4
We can then write our call instruction in hex as e8f4efffff where e8 is the hex op-code for relative call and f4efffff is the result of the calculation in reverse order.
If you want to practice with different examples then the best way to do this is to use a disassembler like WDASM which shows you the op-codes and try and work out the results yourself. Also as an end note you don't have to perform these calculations if you have enough room to make your jump or call instruction into an absolute jump call by doing the following as represented in assembler:
mov eax, 4020d0
call eax (or jmp eax)
Final Notes
Make life easier and use a program to do this ;-)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Forwarded from Backup Legal Mega
π¦Detailed Duolingo Premium Accounts x534 β
β
β
pastebin.com/eDWsT1pz
for more send screnahoats after login to @Undercode_bot π
pastebin.com/eDWsT1pz
for more send screnahoats after login to @Undercode_bot π
Pastebin
Detailed Duolingo Premium Accounts x534 - Pastebin.com
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Some pentesters beginers-trainers-use win xp to test and see old Bugs how works :
but still your system down-slow net speed-
> Gone thru a lot of searches hope to get stuff from emule faster.
And here is one way to optimize the bandwidth for emule, which not on the manual.
π¦π»π΄π 'π π π π°π π :
CODE
With Windows 2000/XP:
Open "regedit.exe" and do the following:
HKEY_LOCAL_MACHINESYSTEM
CurrentControlSet
Services
Tcpip
Parameters
Set as: "GlobalMaxTcpWindowSize"=dword:00007fff
HKEY_USERS.DEFAULT
Software
Microsoft
Windows
CurrentVersion
Internet Settings
Set as: "MaxConnectionsPerServer"=dword:00000020
"MaxConnectionsPer10Server"=dword:00000020
[HKEYCURRENTUSER]
Software
Microsoft
Windows
CurrentVersion
Internet Settings
Set as: "MaxConnectionsPerServer"=dword:00000020
"MaxConnectionsPer10Server"=dword:00000020
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Some pentesters beginers-trainers-use win xp to test and see old Bugs how works :
but still your system down-slow net speed-
> Gone thru a lot of searches hope to get stuff from emule faster.
And here is one way to optimize the bandwidth for emule, which not on the manual.
π¦π»π΄π 'π π π π°π π :
CODE
With Windows 2000/XP:
Open "regedit.exe" and do the following:
HKEY_LOCAL_MACHINESYSTEM
CurrentControlSet
Services
Tcpip
Parameters
Set as: "GlobalMaxTcpWindowSize"=dword:00007fff
HKEY_USERS.DEFAULT
Software
Microsoft
Windows
CurrentVersion
Internet Settings
Set as: "MaxConnectionsPerServer"=dword:00000020
"MaxConnectionsPer10Server"=dword:00000020
[HKEYCURRENTUSER]
Software
Microsoft
Windows
CurrentVersion
Internet Settings
Set as: "MaxConnectionsPerServer"=dword:00000020
"MaxConnectionsPer10Server"=dword:00000020
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Add RDP Admin + Disable Firewall + Enable RDP.c
13.2 KB
2020-shellcode-verified by Undercode-Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Establish a large-capacity Web-based Email system :
πππ'π πππππ:
β save messages
1)for bulk Email system, the most critical technical issue is how to handle mail storage, the manner in which to improve storage efficiency, we will determine the success of Email system or not.
2)Due to the large number of users, how to save the user's mail is a very important issue. Traditional Unix uses a single directory to store the mail of all users, which greatly reduces the performance of the file system when the number of users is large. Only by using multi-level directories, the number of files in each directory is limited, can the system consumption when opening files be reduced, or a simple file is no longer used to save mail, and a certain form of encapsulation is used. The form of database is used to store the mail completely. Because the user's mail operations are mostly file operations, and the size changes greatly, it will cause a large waste of performance and storage space.
3) Due to the huge number of users and the requirement to be accessed by multiple servers at the same time, servers or server clusters with large storage space must be used for storage, and the storage space must be shared through Fibre Channel or network file system NFS, so that each user's mail is stored. The path is the same for each server. Fibre Channel is a very expensive solution. It is more common to use NFS. You can use a dedicated NFS server, such as NetApp, or use a PC Unix server with RAID capabilities.
4) When using NFS to share storage space, you must pay attention to a very important problem: due to the lack of file locking mechanism in NFS, when using the traditional user mail storage format mailbox, because all mail is stored in the same file, so mail The operation must be locked to ensure that there is no access violation, which makes it unsuitable for NFS storage. In order to solve this problem, qmail proposed the Maildir storage method, each mail is stored as a separate file in the user's personal mail directory, to avoid locking. Therefore, common free mail servers generally use Maildir to save users' mail.
5) If you do not intend to use the shared file system to save user mail, but intend to let each server only access user mail on its own hard disk storage space, then both the Email server and the client need to be customized so that they can pass the user name To find the real server to which the user belongs and hand over the access task to this server. The shortcomings of this method, in addition to the required large changes and complex system structure, also because the server is divided according to users, is not conducive to sharing the load. Its advantage is also because it does not access other servers through the network, so it can use any mail storage format, including the use of a powerful cyrus system to save mail and provide services.
β mail server software
1) what kind of Email server software will ultimately affect the performance of the system, their own set of Email server may outweigh the benefits, now have two options: Sendmail and Qmail.
2) Standard Email software, such as sendmail, also provides some methods including aliases to support users of non-Unix systems, but these capabilities are not enough to implement this Email system. In order to support these Email users, they must use their own Email server software. However, since the existing Email software is quite mature, and it is also open source software, the usual practice is to modify the original Email software, such as sendmail, qmail, etc., to support specific Email users. Completely rewriting an Email service software is not desirable in terms of maturity and stability.
π¦Establish a large-capacity Web-based Email system :
πππ'π πππππ:
β save messages
1)for bulk Email system, the most critical technical issue is how to handle mail storage, the manner in which to improve storage efficiency, we will determine the success of Email system or not.
2)Due to the large number of users, how to save the user's mail is a very important issue. Traditional Unix uses a single directory to store the mail of all users, which greatly reduces the performance of the file system when the number of users is large. Only by using multi-level directories, the number of files in each directory is limited, can the system consumption when opening files be reduced, or a simple file is no longer used to save mail, and a certain form of encapsulation is used. The form of database is used to store the mail completely. Because the user's mail operations are mostly file operations, and the size changes greatly, it will cause a large waste of performance and storage space.
3) Due to the huge number of users and the requirement to be accessed by multiple servers at the same time, servers or server clusters with large storage space must be used for storage, and the storage space must be shared through Fibre Channel or network file system NFS, so that each user's mail is stored. The path is the same for each server. Fibre Channel is a very expensive solution. It is more common to use NFS. You can use a dedicated NFS server, such as NetApp, or use a PC Unix server with RAID capabilities.
4) When using NFS to share storage space, you must pay attention to a very important problem: due to the lack of file locking mechanism in NFS, when using the traditional user mail storage format mailbox, because all mail is stored in the same file, so mail The operation must be locked to ensure that there is no access violation, which makes it unsuitable for NFS storage. In order to solve this problem, qmail proposed the Maildir storage method, each mail is stored as a separate file in the user's personal mail directory, to avoid locking. Therefore, common free mail servers generally use Maildir to save users' mail.
5) If you do not intend to use the shared file system to save user mail, but intend to let each server only access user mail on its own hard disk storage space, then both the Email server and the client need to be customized so that they can pass the user name To find the real server to which the user belongs and hand over the access task to this server. The shortcomings of this method, in addition to the required large changes and complex system structure, also because the server is divided according to users, is not conducive to sharing the load. Its advantage is also because it does not access other servers through the network, so it can use any mail storage format, including the use of a powerful cyrus system to save mail and provide services.
β mail server software
1) what kind of Email server software will ultimately affect the performance of the system, their own set of Email server may outweigh the benefits, now have two options: Sendmail and Qmail.
2) Standard Email software, such as sendmail, also provides some methods including aliases to support users of non-Unix systems, but these capabilities are not enough to implement this Email system. In order to support these Email users, they must use their own Email server software. However, since the existing Email software is quite mature, and it is also open source software, the usual practice is to modify the original Email software, such as sendmail, qmail, etc., to support specific Email users. Completely rewriting an Email service software is not desirable in terms of maturity and stability.
3) Regardless of performance or security considerations, sendmail is not an ideal choice, and since qmail itself supports Maildir, it has become a basic development platform for commonly used Email software. However, it should be noted that qmail uses the GPL license for protection, so any changes based on qmail must in principle open source code, which has certain obstacles to the development of commercial applications. Of course, you can circumvent this problem by changing the related system library functions without changing qmail, or using plug-in methods. Another optional basic Email software is postfix, which itself has interfaces with LDAP and MySQL, and can be used as part of the mail system with almost no changes.
β Web client
1) what kind of script to use Web Email client program is not standard, but if the use of open source will save a lot of trouble.
2)Another important part of the Web interface Email system is the Web client. This part of the function will be like OutLook in the personal computer, which is responsible for providing users with the ability to access their own mail. Since Web access itself is connectionless, user security must be guaranteed. Basically, security can be guaranteed by the session ID, temporary directory established after login, and verification in the program.
3)The Web client must access the server in a unified manner. It can obtain the user's mail through direct file access, or through standard protocols such as POP3 and IMAP. For a system that uses a network file system to share user mail, the direct file access method is the most direct and convenient, and does not require additional consumption. The direct benefit of accessing the server through the POP3 and IMAP protocols is that the Web client and the Email server are separated, which improves system security.
4)At present, there are already quite mature open source web client software, in which IMP is implemented using PHP, and the web mail client software that accesses the server through the IMAP protocol; and WING is another web implemented using Perl Client software. These open source software are quite good, however, to integrate these software with your own system, you will need to make some changes. In addition, it should follow its licensing requirements and make the changed code public.
β load balancing
1)load balancing system will be a long-term problem, which determines the scalability of the system.
2)Due to the need to provide access to a large number of users, a single server cannot meet this need, and must use a multi-server approach. In addition to segmentation according to functionality, such as the separation of Web servers, Email servers, and file servers, it is also necessary to use multiple servers for load balancing for some resource-intensive services. Although some commercial manufacturers have also proposed some server cluster solutions, the commonly used simple and effective methods are DNS loop resolution, Web server relocation, and NAT load balancing.
3)DNS loop resolution is to assign multiple IP addresses to the same name. It is used on quite large sites such as Yahoo, and the actual effect is also quite good. The web server relocation is that the web server randomly generates real page URLs on different servers, so that different browsers load pages on different servers, and using it can only achieve load balancing of the web client. NAT load balancing uses a layer 4 switch to redirect the same request to different servers. In addition to expensive switches, there are also some software that can complete the NAT function. I have modified FreeBSD's natd to support load balancing, which is also an option for users who have to reduce performance requirements due to switch price issues.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β Web client
1) what kind of script to use Web Email client program is not standard, but if the use of open source will save a lot of trouble.
2)Another important part of the Web interface Email system is the Web client. This part of the function will be like OutLook in the personal computer, which is responsible for providing users with the ability to access their own mail. Since Web access itself is connectionless, user security must be guaranteed. Basically, security can be guaranteed by the session ID, temporary directory established after login, and verification in the program.
3)The Web client must access the server in a unified manner. It can obtain the user's mail through direct file access, or through standard protocols such as POP3 and IMAP. For a system that uses a network file system to share user mail, the direct file access method is the most direct and convenient, and does not require additional consumption. The direct benefit of accessing the server through the POP3 and IMAP protocols is that the Web client and the Email server are separated, which improves system security.
4)At present, there are already quite mature open source web client software, in which IMP is implemented using PHP, and the web mail client software that accesses the server through the IMAP protocol; and WING is another web implemented using Perl Client software. These open source software are quite good, however, to integrate these software with your own system, you will need to make some changes. In addition, it should follow its licensing requirements and make the changed code public.
β load balancing
1)load balancing system will be a long-term problem, which determines the scalability of the system.
2)Due to the need to provide access to a large number of users, a single server cannot meet this need, and must use a multi-server approach. In addition to segmentation according to functionality, such as the separation of Web servers, Email servers, and file servers, it is also necessary to use multiple servers for load balancing for some resource-intensive services. Although some commercial manufacturers have also proposed some server cluster solutions, the commonly used simple and effective methods are DNS loop resolution, Web server relocation, and NAT load balancing.
3)DNS loop resolution is to assign multiple IP addresses to the same name. It is used on quite large sites such as Yahoo, and the actual effect is also quite good. The web server relocation is that the web server randomly generates real page URLs on different servers, so that different browsers load pages on different servers, and using it can only achieve load balancing of the web client. NAT load balancing uses a layer 4 switch to redirect the same request to different servers. In addition to expensive switches, there are also some software that can complete the NAT function. I have modified FreeBSD's natd to support load balancing, which is also an option for users who have to reduce performance requirements due to switch price issues.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Interpretation of apache configuration file http.conf
1) interpretation apache configuration file http.conf
recently wanted to do with their own server machines, because I know enough about the contents of http.conf, as well as their own path detours. Now explain the meaning of several options that need to be modified frequently in this file, I hope it will be helpful to everyone.
2) Bindaddress 127.0.0.1, this option means to bind your own IP address. If you are a stand-alone, this is your IP address; if your machine is online, then Bindaddress is followed by your IP address (I wasted a lot of time because I did not change the IP address here to my own IP address ).
3) Servername localhost, this option is the domain name of your machine. If you are a stand-alone computer, the domain name is localhost; if you are connected to the Internet, you should connect the domain name behind Servername, and if you do not have a domain name, connect your own IP address.
Port 80, this option is to indicate the port the server is listening on, generally defaults to 80, and can be changed to 80 or 8080.
ScriptAlias ββ/ php4 / \ "C: / php4 / \"
AddType application / x-httpd-php4 .php
AddType application / x-httpd-php4 .php3
AddType application / x-httpd-php4 .php4
Action application / x-httpd- php4 \ "/ php4 / php.exe \" The
above options allow your APACHE to support PHP4.
About the default startup document: Apache's default startup document is index.html DirectoryIndex index.html Change it to the default startup document you want. Want to support more documents like this:
DirectoryIndex index.htm
DirectoryIndex index.php
DirectoryIndex index.php3
DirectoryIndex index.php4
Well, with these options APACHE should basically be able to run normally!
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Interpretation of apache configuration file http.conf
1) interpretation apache configuration file http.conf
recently wanted to do with their own server machines, because I know enough about the contents of http.conf, as well as their own path detours. Now explain the meaning of several options that need to be modified frequently in this file, I hope it will be helpful to everyone.
2) Bindaddress 127.0.0.1, this option means to bind your own IP address. If you are a stand-alone, this is your IP address; if your machine is online, then Bindaddress is followed by your IP address (I wasted a lot of time because I did not change the IP address here to my own IP address ).
3) Servername localhost, this option is the domain name of your machine. If you are a stand-alone computer, the domain name is localhost; if you are connected to the Internet, you should connect the domain name behind Servername, and if you do not have a domain name, connect your own IP address.
Port 80, this option is to indicate the port the server is listening on, generally defaults to 80, and can be changed to 80 or 8080.
ScriptAlias ββ/ php4 / \ "C: / php4 / \"
AddType application / x-httpd-php4 .php
AddType application / x-httpd-php4 .php3
AddType application / x-httpd-php4 .php4
Action application / x-httpd- php4 \ "/ php4 / php.exe \" The
above options allow your APACHE to support PHP4.
About the default startup document: Apache's default startup document is index.html DirectoryIndex index.html Change it to the default startup document you want. Want to support more documents like this:
DirectoryIndex index.htm
DirectoryIndex index.php
DirectoryIndex index.php3
DirectoryIndex index.php4
Well, with these options APACHE should basically be able to run normally!
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦BugBounty: How I Cracked 2FA (Two-Factor Authentication) with Simple Factor Brute-force !!! π
1) Generally, OTP is a combination of 4 digits starting from 0000 to 9999. If we count there 10,000 combinations. In the age of powerful computer 10,000 combinations take only a few minutes to process. If OTP verification is not properly managed, anyone can bypass this with a simple brute force.
Why I was able to bypass the 2FA?
No rate limiting on an unsuccessful attempt
No new OTP policy on X unsuccessful attempt
π¦Few prerequisites:
1) Web Browser
2) Burp Suite
Now let's see how I was able to bypass the 2FA with burp suite:-
Step 01: Logged into the website using the mobile number and entered the wrong OTP to intercept on burp suite
π¦BugBounty: How I Cracked 2FA (Two-Factor Authentication) with Simple Factor Brute-force !!! π
1) Generally, OTP is a combination of 4 digits starting from 0000 to 9999. If we count there 10,000 combinations. In the age of powerful computer 10,000 combinations take only a few minutes to process. If OTP verification is not properly managed, anyone can bypass this with a simple brute force.
Why I was able to bypass the 2FA?
No rate limiting on an unsuccessful attempt
No new OTP policy on X unsuccessful attempt
π¦Few prerequisites:
1) Web Browser
2) Burp Suite
Now let's see how I was able to bypass the 2FA with burp suite:-
Step 01: Logged into the website using the mobile number and entered the wrong OTP to intercept on burp suite