β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ how to determine the first matching record, which is not based on the natural order of the records in the data table. definite. The priority of each record in each data table is arranged as follows:
#ProTips
(1) User table: Determined according to the order of host first and user. The search rules are as follows: records that do not contain wildcard characters, records that contain wildcard characters, and empty records. In the same host, continue to arrange according to user, the rules are the same as above.
(2) db table: the order of retrieval is determined by the host field: records that do not contain wildcards, records that contain wildcards, and empty records.
(3) Host table: The search order is determined according to the host field: records that do not contain wildcards, records that contain wildcards, and empty records. We use the following example to illustrate the rules for matching search:
Please remember that if you change these data tables, you must use mysqladmin reload to make it effective.
The following is how the system performs the search:
+-----------+---------+-
| Host | User | ...
+-----------+---------+-
|% | root | ...
|% | jeffrey | ...
| localhost | root | ...
| localhost | | ...
+-----------+---------+- The
π¦search order should be:
localhost/root
localhost/any
any/jeffrey
any/root
like this, if If the user jeffrey on localhost wants to connect to the database, his authorization should be based on the permissions specified in the localhost/"any" line instead of the permissions specified in the "any"/jeffrey line. Please pay attention to this point, because if the configuration is not appropriate It may make you unable to use this database system normally.
written by
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ how to determine the first matching record, which is not based on the natural order of the records in the data table. definite. The priority of each record in each data table is arranged as follows:
#ProTips
(1) User table: Determined according to the order of host first and user. The search rules are as follows: records that do not contain wildcard characters, records that contain wildcard characters, and empty records. In the same host, continue to arrange according to user, the rules are the same as above.
(2) db table: the order of retrieval is determined by the host field: records that do not contain wildcards, records that contain wildcards, and empty records.
(3) Host table: The search order is determined according to the host field: records that do not contain wildcards, records that contain wildcards, and empty records. We use the following example to illustrate the rules for matching search:
Please remember that if you change these data tables, you must use mysqladmin reload to make it effective.
The following is how the system performs the search:
+-----------+---------+-
| Host | User | ...
+-----------+---------+-
|% | root | ...
|% | jeffrey | ...
| localhost | root | ...
| localhost | | ...
+-----------+---------+- The
π¦search order should be:
localhost/root
localhost/any
any/jeffrey
any/root
like this, if If the user jeffrey on localhost wants to connect to the database, his authorization should be based on the permissions specified in the localhost/"any" line instead of the permissions specified in the "any"/jeffrey line. Please pay attention to this point, because if the configuration is not appropriate It may make you unable to use this database system normally.
written by
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Creating a Helpers File :
#protips
1) Problem
You have common functions you want available for every request.
But you donβt want to dirty up app\start\global.php with a bunch of functions.
2) Solution
Create a helpers.php file.
> First create the file app/helpers.php.
<?php
// My common functions
function somethingOrOther()
{
return (mtrand(1,2) == 1) ? 'something' : 'other';
}
?>
π¦ Then either load it at the bottom of app\start\global.php as follows :
// at the bottom of the file
require apppath().'/helpers.php';
Or change your composer.json file and dump the autoloader.
{
"autoload": {
"files":
"app/helpers.php"
}
}
3) $ composer dump-auto
4) some suggestions.
>app/helpers.php β For general purpose functions.
>app/composers.php β To initialize all your View composers in one place.
>app/listeners.php β To set up all your event listeners in one place.
>app/observers.php β Or, if you like observers better than listeners use this filename for event listeners.
> Itβs really up to you and the demands of your application
#protips
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Creating a Helpers File :
#protips
1) Problem
You have common functions you want available for every request.
But you donβt want to dirty up app\start\global.php with a bunch of functions.
2) Solution
Create a helpers.php file.
> First create the file app/helpers.php.
<?php
// My common functions
function somethingOrOther()
{
return (mtrand(1,2) == 1) ? 'something' : 'other';
}
?>
π¦ Then either load it at the bottom of app\start\global.php as follows :
// at the bottom of the file
require apppath().'/helpers.php';
Or change your composer.json file and dump the autoloader.
{
"autoload": {
"files":
"app/helpers.php"
}
}
3) $ composer dump-auto
4) some suggestions.
>app/helpers.php β For general purpose functions.
>app/composers.php β To initialize all your View composers in one place.
>app/listeners.php β To set up all your event listeners in one place.
>app/observers.php β Or, if you like observers better than listeners use this filename for event listeners.
> Itβs really up to you and the demands of your application
#protips
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The APP rankings you see are not necessarily true revealing mobile phone software malicious sweeping promotion :
#PROTIPS
1) Decrypt the sdk.data and image data in the assets directory. After decryption, sdk.data is a directory, including MainJson.txt, dexhostinjection.jar, libDaemonProcess.so, and image is an apk file;
2) Arouse PushDexService and PushJobService to complete the loading of dexhostinjection.jar, and execute the startExternalBody method of the com.hostinjectiondex.external.ExternalInterfaces class of dexhostinjection.jar. The subpackage downloads the "downloader" virus update and induces the user to install it.
3) Open the background service and use libgodlikelib.so to escalate root privileges. The privilege escalation successfully writes the libgodlikelib.so privilege escalation tool library into the system library file; the image decrypted apk file is implanted in the system directory, and the name AndroidDaemonFrame. "Zombie" virus;
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The APP rankings you see are not necessarily true revealing mobile phone software malicious sweeping promotion :
#PROTIPS
1) Decrypt the sdk.data and image data in the assets directory. After decryption, sdk.data is a directory, including MainJson.txt, dexhostinjection.jar, libDaemonProcess.so, and image is an apk file;
2) Arouse PushDexService and PushJobService to complete the loading of dexhostinjection.jar, and execute the startExternalBody method of the com.hostinjectiondex.external.ExternalInterfaces class of dexhostinjection.jar. The subpackage downloads the "downloader" virus update and induces the user to install it.
3) Open the background service and use libgodlikelib.so to escalate root privileges. The privilege escalation successfully writes the libgodlikelib.so privilege escalation tool library into the system library file; the image decrypted apk file is implanted in the system directory, and the name AndroidDaemonFrame. "Zombie" virus;
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦root escalation (OLD CVE, SO USEFUL FOR NOW)
#PROTIPS :
This sample is rewritten based on the open source RUN_ROOT_SHELL, which can root all devices before October 2015, mainly using the following vulnerabilities to raise rights:
(1) CVE-2012-4220
Affected devices: Android2.3ο½4.2
The Qualcomm Innovation Center (QuIC) Diagnostics kernel-mode driver diagcharcore.c used has an integer overflow vulnerability in its implementation. By passing specially crafted input to diagcharioctl, remote attackers can use this vulnerability to execute arbitrary code or cause a denial of service.
(2) /dev/graphics/fb0
mmap vulnerability in fb0 device (triggering parameter FBIOGETFSCREENINFO)
(3) /dev/hdcp
mmap vulnerabilities in hdcp devices
(4) CVE-2013-6282
Affected version: linux kernel 3.2.1, Linux kernel 3.2.2, Linux kernel 3.2.13
The Linux kernel lacks access permission checks for getuser/putuser on ARM. Local attackers can use this vulnerability to read and write kernel memory and gain privilege escalation.
(5) /dev/msmacdb
Qualcomm device vulnerability
(6) CVE-2013-2595
/dev/msmcamera/config0 Qualcomm device MMAP vulnerability.
(7) CVE-2013-2094
Affected version: devices with PERFEVENT enabled before linux kernel 3.8.9
By exploiting this vulnerability, local users can obtain the highest system privileges through the perfeventopen system call.
(8) CVE-2015-3636
pingpong This vulnerability is a Use-After-Free vulnerability in the ping socket of the Linux kernel.
(9) CVE-2014-3153
The vulnerability exploits the RELOCK and REQUEUE vulnerabilities in the three functions futexrequeue, futexlockpi, and futexwaitrequeuepi, resulting in data modification on the kernel stack.
After the device is successfully upgraded, the decrypted image will be implanted in the /system/priv-app directory and named AndroidDaemonFrame.apk, and libgodlikelib.so will be implanted in the /system/lib directory. The following figure escalates rights and implants malicious files into the system directory.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦root escalation (OLD CVE, SO USEFUL FOR NOW)
#PROTIPS :
This sample is rewritten based on the open source RUN_ROOT_SHELL, which can root all devices before October 2015, mainly using the following vulnerabilities to raise rights:
(1) CVE-2012-4220
Affected devices: Android2.3ο½4.2
The Qualcomm Innovation Center (QuIC) Diagnostics kernel-mode driver diagcharcore.c used has an integer overflow vulnerability in its implementation. By passing specially crafted input to diagcharioctl, remote attackers can use this vulnerability to execute arbitrary code or cause a denial of service.
(2) /dev/graphics/fb0
mmap vulnerability in fb0 device (triggering parameter FBIOGETFSCREENINFO)
(3) /dev/hdcp
mmap vulnerabilities in hdcp devices
(4) CVE-2013-6282
Affected version: linux kernel 3.2.1, Linux kernel 3.2.2, Linux kernel 3.2.13
The Linux kernel lacks access permission checks for getuser/putuser on ARM. Local attackers can use this vulnerability to read and write kernel memory and gain privilege escalation.
(5) /dev/msmacdb
Qualcomm device vulnerability
(6) CVE-2013-2595
/dev/msmcamera/config0 Qualcomm device MMAP vulnerability.
(7) CVE-2013-2094
Affected version: devices with PERFEVENT enabled before linux kernel 3.8.9
By exploiting this vulnerability, local users can obtain the highest system privileges through the perfeventopen system call.
(8) CVE-2015-3636
pingpong This vulnerability is a Use-After-Free vulnerability in the ping socket of the Linux kernel.
(9) CVE-2014-3153
The vulnerability exploits the RELOCK and REQUEUE vulnerabilities in the three functions futexrequeue, futexlockpi, and futexwaitrequeuepi, resulting in data modification on the kernel stack.
After the device is successfully upgraded, the decrypted image will be implanted in the /system/priv-app directory and named AndroidDaemonFrame.apk, and libgodlikelib.so will be implanted in the /system/lib directory. The following figure escalates rights and implants malicious files into the system directory.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from WEB UNDERCODE - PRIVATE
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Determining if the Current User is Authenticated :
#ProTips
1) Use Auth::check().
The Auth::check() method returns true or false.
if (Auth::check())
{
echo "Yay! You're logged in.";
}
2) Several things happen behind the scenes when you do this.
> First Laravel checks if the current session has the id of a user. If so, then an attempt is made to retrieve the user from the database.
3) If that fails, then Laravel checks for the βremember meβ cookie. If thatβs present then once again an attempt is made to retrieve the user from the database.
4) Only if a valid user is retrieved from the database is true returned.
5) The βguestβ filter uses this method
Laravel provides a default implementation of the guest filter in app/filters.php.
Route::filter('guest', function()
{
if (Auth::check()) return Redirect::to('/');
});
6) This default implementation is used when you want to add a filter to a route that is only accessible by guests (aka users who are not logged in). If a user is logged in then they are redirected to the home page.
Unixforu
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Determining if the Current User is Authenticated :
#ProTips
1) Use Auth::check().
The Auth::check() method returns true or false.
if (Auth::check())
{
echo "Yay! You're logged in.";
}
2) Several things happen behind the scenes when you do this.
> First Laravel checks if the current session has the id of a user. If so, then an attempt is made to retrieve the user from the database.
3) If that fails, then Laravel checks for the βremember meβ cookie. If thatβs present then once again an attempt is made to retrieve the user from the database.
4) Only if a valid user is retrieved from the database is true returned.
5) The βguestβ filter uses this method
Laravel provides a default implementation of the guest filter in app/filters.php.
Route::filter('guest', function()
{
if (Auth::check()) return Redirect::to('/');
});
6) This default implementation is used when you want to add a filter to a route that is only accessible by guests (aka users who are not logged in). If a user is logged in then they are redirected to the home page.
Unixforu
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MySQL data is synchronized to ES search engine in full and incremental mode :
#ProTips
configuration full text by Undercode
/usr/local/logstash/sync-config/cicadaes.conf
input {
stdin {}
jdbc {
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/cicada?characterEncoding=utf8"
jdbc_user => "root"
jdbc_password => "root123"
jdbc_driver_library => "/usr/local/logstash/sync-config/mysql-connector-java-5.1.13.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_paging_enabled => "true"
jdbc_page_size => "50000"
jdbc_default_timezone => "Asia/Shanghai"
statement_filepath => "/usr/local/logstash/sync-config/user_sql.sql"
schedule => "* * * * *"
type => "User"
lowercase_column_names => false
record_last_run => true
use_column_value => true
tracking_column => "updateTime"
tracking_column_type => "timestamp"
last_run_metadata_path => "/usr/local/logstash/sync-config/user_last_time"
clean_run => false
}
jdbc {
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/cicada?characterEncoding=utf8"
jdbc_user => "root"
jdbc_password => "root123"
jdbc_driver_library => "/usr/local/logstash/sync-config/mysql-connector-java-5.1.13.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_paging_enabled => "true"
jdbc_page_size => "50000"
jdbc_default_timezone => "Asia/undercode"
statement_filepath => "/usr/local/logstash/sync-config/log_sql.sql"
schedule => "* * * * *"
type => "Log"
lowercase_column_names => false
record_last_run => true
use_column_value => true
tracking_column => "updateTime"
tracking_column_type => "timestamp"
last_run_metadata_path => "/usr/local/logstash/sync-config/log_last_time"
clean_run => false
}
}
filter {
json {
source => "message"
remove_field => ["message"]
}
}
output {
if [type] == "User" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "cicada_user_search"
document_type => "user_search_index"
}
}
if [type] == "Log" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "cicada_log_search"
document_type => "log_search_index"
}
}
}
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MySQL data is synchronized to ES search engine in full and incremental mode :
#ProTips
configuration full text by Undercode
/usr/local/logstash/sync-config/cicadaes.conf
input {
stdin {}
jdbc {
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/cicada?characterEncoding=utf8"
jdbc_user => "root"
jdbc_password => "root123"
jdbc_driver_library => "/usr/local/logstash/sync-config/mysql-connector-java-5.1.13.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_paging_enabled => "true"
jdbc_page_size => "50000"
jdbc_default_timezone => "Asia/Shanghai"
statement_filepath => "/usr/local/logstash/sync-config/user_sql.sql"
schedule => "* * * * *"
type => "User"
lowercase_column_names => false
record_last_run => true
use_column_value => true
tracking_column => "updateTime"
tracking_column_type => "timestamp"
last_run_metadata_path => "/usr/local/logstash/sync-config/user_last_time"
clean_run => false
}
jdbc {
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/cicada?characterEncoding=utf8"
jdbc_user => "root"
jdbc_password => "root123"
jdbc_driver_library => "/usr/local/logstash/sync-config/mysql-connector-java-5.1.13.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_paging_enabled => "true"
jdbc_page_size => "50000"
jdbc_default_timezone => "Asia/undercode"
statement_filepath => "/usr/local/logstash/sync-config/log_sql.sql"
schedule => "* * * * *"
type => "Log"
lowercase_column_names => false
record_last_run => true
use_column_value => true
tracking_column => "updateTime"
tracking_column_type => "timestamp"
last_run_metadata_path => "/usr/local/logstash/sync-config/log_last_time"
clean_run => false
}
}
filter {
json {
source => "message"
remove_field => ["message"]
}
}
output {
if [type] == "User" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "cicada_user_search"
document_type => "user_search_index"
}
}
if [type] == "Log" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "cicada_log_search"
document_type => "log_search_index"
}
}
}
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β