β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Interpretation of apache configuration file http.conf
1) interpretation apache configuration file http.conf
recently wanted to do with their own server machines, because I know enough about the contents of http.conf, as well as their own path detours. Now explain the meaning of several options that need to be modified frequently in this file, I hope it will be helpful to everyone.
2) Bindaddress 127.0.0.1, this option means to bind your own IP address. If you are a stand-alone, this is your IP address; if your machine is online, then Bindaddress is followed by your IP address (I wasted a lot of time because I did not change the IP address here to my own IP address ).
3) Servername localhost, this option is the domain name of your machine. If you are a stand-alone computer, the domain name is localhost; if you are connected to the Internet, you should connect the domain name behind Servername, and if you do not have a domain name, connect your own IP address.
Port 80, this option is to indicate the port the server is listening on, generally defaults to 80, and can be changed to 80 or 8080.
ScriptAlias ββ/ php4 / \ "C: / php4 / \"
AddType application / x-httpd-php4 .php
AddType application / x-httpd-php4 .php3
AddType application / x-httpd-php4 .php4
Action application / x-httpd- php4 \ "/ php4 / php.exe \" The
above options allow your APACHE to support PHP4.
About the default startup document: Apache's default startup document is index.html DirectoryIndex index.html Change it to the default startup document you want. Want to support more documents like this:
DirectoryIndex index.htm
DirectoryIndex index.php
DirectoryIndex index.php3
DirectoryIndex index.php4
Well, with these options APACHE should basically be able to run normally!
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Interpretation of apache configuration file http.conf
1) interpretation apache configuration file http.conf
recently wanted to do with their own server machines, because I know enough about the contents of http.conf, as well as their own path detours. Now explain the meaning of several options that need to be modified frequently in this file, I hope it will be helpful to everyone.
2) Bindaddress 127.0.0.1, this option means to bind your own IP address. If you are a stand-alone, this is your IP address; if your machine is online, then Bindaddress is followed by your IP address (I wasted a lot of time because I did not change the IP address here to my own IP address ).
3) Servername localhost, this option is the domain name of your machine. If you are a stand-alone computer, the domain name is localhost; if you are connected to the Internet, you should connect the domain name behind Servername, and if you do not have a domain name, connect your own IP address.
Port 80, this option is to indicate the port the server is listening on, generally defaults to 80, and can be changed to 80 or 8080.
ScriptAlias ββ/ php4 / \ "C: / php4 / \"
AddType application / x-httpd-php4 .php
AddType application / x-httpd-php4 .php3
AddType application / x-httpd-php4 .php4
Action application / x-httpd- php4 \ "/ php4 / php.exe \" The
above options allow your APACHE to support PHP4.
About the default startup document: Apache's default startup document is index.html DirectoryIndex index.html Change it to the default startup document you want. Want to support more documents like this:
DirectoryIndex index.htm
DirectoryIndex index.php
DirectoryIndex index.php3
DirectoryIndex index.php4
Well, with these options APACHE should basically be able to run normally!
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦BugBounty: How I Cracked 2FA (Two-Factor Authentication) with Simple Factor Brute-force !!! π
1) Generally, OTP is a combination of 4 digits starting from 0000 to 9999. If we count there 10,000 combinations. In the age of powerful computer 10,000 combinations take only a few minutes to process. If OTP verification is not properly managed, anyone can bypass this with a simple brute force.
Why I was able to bypass the 2FA?
No rate limiting on an unsuccessful attempt
No new OTP policy on X unsuccessful attempt
π¦Few prerequisites:
1) Web Browser
2) Burp Suite
Now let's see how I was able to bypass the 2FA with burp suite:-
Step 01: Logged into the website using the mobile number and entered the wrong OTP to intercept on burp suite
π¦BugBounty: How I Cracked 2FA (Two-Factor Authentication) with Simple Factor Brute-force !!! π
1) Generally, OTP is a combination of 4 digits starting from 0000 to 9999. If we count there 10,000 combinations. In the age of powerful computer 10,000 combinations take only a few minutes to process. If OTP verification is not properly managed, anyone can bypass this with a simple brute force.
Why I was able to bypass the 2FA?
No rate limiting on an unsuccessful attempt
No new OTP policy on X unsuccessful attempt
π¦Few prerequisites:
1) Web Browser
2) Burp Suite
Now let's see how I was able to bypass the 2FA with burp suite:-
Step 01: Logged into the website using the mobile number and entered the wrong OTP to intercept on burp suite
Step 03: Selecting the OTP placeholder and add it for simple brute force.
Step 04: Select the Payload tab, changed the payload type to Numbers and change the payload options as desired and clicked on the attack.
Step 05: As the brute force was in progress I could see length for one of the OTP value is changed from 617 to 2250. Lets check:
π¦Cracking Otp-with pic-
> not written by undercode
> wiki source
> not written by undercode
> wiki source
π¦Stone River eLearning - Common PHP Errors You Will Encounter β165 MB
https://www.oreilly.com/library/view/common-php-errors/100000006A0493/
>Download<
https://www.oreilly.com/library/view/common-php-errors/100000006A0493/
>Download<
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including (latitude, longitude , region , country ...)
> termux-linux
π¦ πβπππΈπππππΈπππβ & βπβ :
1)git clone https://github.com/medbenali/CyberScan.git
2)cd CyberScan/
3)python CyberScan.py -v
ARP Ping
$ CyberScan -s 192.168.1.0/24 -p arp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.
Received 0 packets, got 0 answers, remaining 256 packets
ICMP Ping
In other cases we can use ICMP ping:
$ CyberScan -s 192.168.1.1-254 -p icmp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.
Received 0 packets, got 0 answers, remaining 256 packets
TCP Ping
In case when ICMP echo requests are blocked, we can still use TCP:
$ CyberScan -s 192.168.1.1-254 -p tcp -d 80
UDP Ping
Or even UDP (which produces ICMP port unreachable errors from live hosts). We can pick any port which is most likely to be closed, such as port 0:
$ CyberScan -s 192.168..... -p udp
β @undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including (latitude, longitude , region , country ...)
> termux-linux
π¦ πβπππΈπππππΈπππβ & βπβ :
1)git clone https://github.com/medbenali/CyberScan.git
2)cd CyberScan/
3)python CyberScan.py -v
ARP Ping
$ CyberScan -s 192.168.1.0/24 -p arp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.
Received 0 packets, got 0 answers, remaining 256 packets
ICMP Ping
In other cases we can use ICMP ping:
$ CyberScan -s 192.168.1.1-254 -p icmp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.
Received 0 packets, got 0 answers, remaining 256 packets
TCP Ping
In case when ICMP echo requests are blocked, we can still use TCP:
$ CyberScan -s 192.168.1.1-254 -p tcp -d 80
UDP Ping
Or even UDP (which produces ICMP port unreachable errors from live hosts). We can pick any port which is most likely to be closed, such as port 0:
$ CyberScan -s 192.168..... -p udp
β @undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including (latitude, longitude , region , country ...)
> termux-linux
π¦ πβπππΈπππππΈπππβ & βπβ :
1)git clone https://github.com/medbenali/CyberScan.git
2)cd CyberScan/
3)python CyberScan.py -v
ARP Ping
$ CyberScan -s 192.168.1.0/24 -p arp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.
Received 0 packets, got 0 answers, remaining 256 packets
ICMP Ping
In other cases we can use ICMP ping:
$ CyberScan -s 192.168.1.1-254 -p icmp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.
Received 0 packets, got 0 answers, remaining 256 packets
TCP Ping
In case when ICMP echo requests are blocked, we can still use TCP:
$ CyberScan -s 192.168.1.1-254 -p tcp -d 80
UDP Ping
Or even UDP (which produces ICMP port unreachable errors from live hosts). We can pick any port which is most likely to be closed, such as port 0:
$ CyberScan -s 192.168..... -p udp
β @undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including (latitude, longitude , region , country ...)
> termux-linux
π¦ πβπππΈπππππΈπππβ & βπβ :
1)git clone https://github.com/medbenali/CyberScan.git
2)cd CyberScan/
3)python CyberScan.py -v
ARP Ping
$ CyberScan -s 192.168.1.0/24 -p arp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.
Received 0 packets, got 0 answers, remaining 256 packets
ICMP Ping
In other cases we can use ICMP ping:
$ CyberScan -s 192.168.1.1-254 -p icmp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.
Received 0 packets, got 0 answers, remaining 256 packets
TCP Ping
In case when ICMP echo requests are blocked, we can still use TCP:
$ CyberScan -s 192.168.1.1-254 -p tcp -d 80
UDP Ping
Or even UDP (which produces ICMP port unreachable errors from live hosts). We can pick any port which is most likely to be closed, such as port 0:
$ CyberScan -s 192.168..... -p udp
β @undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β