β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Why do you need to debug the linux kernel ?
t.me/UndercOdeTesting
> if you want to take this opportunity to sort out the file system.
> sdcardfs Although the amount of code is not very large, but for my current familiarity with Linux source code, there are still some difficulties.
> So you need to be able to debug with breakpoints to track the execution flow of the kernel. Through breakpoint debugging, you can view the value of the variable and the call stack.
> Sharpening the wood without accidentally cutting the woodworker, breakpoint debugging can be more effective for analyzing the kernel source code.
@UndercOdeofficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Why do you need to debug the linux kernel ?
t.me/UndercOdeTesting
> if you want to take this opportunity to sort out the file system.
> sdcardfs Although the amount of code is not very large, but for my current familiarity with Linux source code, there are still some difficulties.
> So you need to be able to debug with breakpoints to track the execution flow of the kernel. Through breakpoint debugging, you can view the value of the variable and the call stack.
> Sharpening the wood without accidentally cutting the woodworker, breakpoint debugging can be more effective for analyzing the kernel source code.
@UndercOdeofficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦debugg Using kgdb, kdb and the kernel debugger internals
t.me/UndercodeTesting
1) The kernel has two different debugger front ends (kdb and kgdb) which interface to the debug core. It is possible to use either of the debugger front ends and dynamically transition between them if you configure the kernel properly at compile and runtime.
2) Kdb is simplistic shell-style interface which you can use on a system console with a keyboard or serial console. You can use it to inspect memory, registers, process lists, dmesg, and even set breakpoints to stop in a certain location. Kdb is not a source level debugger, although you can set breakpoints and execute some basic kernel run control. Kdb is mainly aimed at doing some analysis to aid in development or diagnosing kernel problems. You can access some symbols by name in kernel built-ins or in kernel modules if the code was built with CONFIG_KALLSYMS.
3) Kgdb is intended to be used as a source level debugger for the Linux kernel.
4 It is used along with gdb to debug a Linux kernel. The expectation is that gdb can be used to βbreak inβ to the kernel to inspect memory, variables and look through call stack information similar to the way an application developer would use gdb to debug an application. It is possible to place breakpoints in kernel code and perform some limited execution stepping.
π¦ Requirements :
>Two machines are required for using kgdb.
1) One of these machines is a development machine and the other is the target machine.
2) The kernel to be debugged runs on the target machine. The development machine runs an instance of gdb against the vmlinux file which contains the symbols (not a boot image such as bzImage, zImage, uImage...). In gdb the developer specifies the connection parameters and connects to kgdb.
3) The type of connection a developer makes with gdb depends on the availability of kgdb I/O modules compiled as built-ins or loadable kernel modules in the test machineβs kernel.
π¦ Compiling a kernel
> In order to enable compilation of kdb, you must first enable kgdb
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦debugg Using kgdb, kdb and the kernel debugger internals
t.me/UndercodeTesting
1) The kernel has two different debugger front ends (kdb and kgdb) which interface to the debug core. It is possible to use either of the debugger front ends and dynamically transition between them if you configure the kernel properly at compile and runtime.
2) Kdb is simplistic shell-style interface which you can use on a system console with a keyboard or serial console. You can use it to inspect memory, registers, process lists, dmesg, and even set breakpoints to stop in a certain location. Kdb is not a source level debugger, although you can set breakpoints and execute some basic kernel run control. Kdb is mainly aimed at doing some analysis to aid in development or diagnosing kernel problems. You can access some symbols by name in kernel built-ins or in kernel modules if the code was built with CONFIG_KALLSYMS.
3) Kgdb is intended to be used as a source level debugger for the Linux kernel.
4 It is used along with gdb to debug a Linux kernel. The expectation is that gdb can be used to βbreak inβ to the kernel to inspect memory, variables and look through call stack information similar to the way an application developer would use gdb to debug an application. It is possible to place breakpoints in kernel code and perform some limited execution stepping.
π¦ Requirements :
>Two machines are required for using kgdb.
1) One of these machines is a development machine and the other is the target machine.
2) The kernel to be debugged runs on the target machine. The development machine runs an instance of gdb against the vmlinux file which contains the symbols (not a boot image such as bzImage, zImage, uImage...). In gdb the developer specifies the connection parameters and connects to kgdb.
3) The type of connection a developer makes with gdb depends on the availability of kgdb I/O modules compiled as built-ins or loadable kernel modules in the test machineβs kernel.
π¦ Compiling a kernel
> In order to enable compilation of kdb, you must first enable kgdb
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Lets start android debugging 2020
> Kernel config options for kgdb
fb.com/UndercOdeTestingCompany
1) To enable CONFIG_KGDB you should look under Kernel hacking β£ Kernel debugging and select KGDB: kernel debugger.
2) While it is not a hard requirement that you have symbols in your vmlinux file, gdb tends not to be very useful without the symbolic data, so you will want to turn on CONFIG_DEBUG_INFO which is called Compile the kernel with debug info in the config menu.
3) It is advised, but not required, that you turn on the CONFIG_FRAME_POINTER kernel option which is called Compile the kernel with frame pointers in the config menu.
4) This option inserts code to into the compiled executable which saves the frame information in registers or on the stack at different points which allows a debugger such as gdb to more accurately construct stack back traces while debugging the kernel.
5) If the architecture that you are using supports the kernel option CONFIG_STRICT_KERNEL_RWX, you should consider turning it off.
6) This option will prevent the use of software breakpoints because it marks certain regions of the kernelβs memory space as read-only. If kgdb supports it for the architecture you are using, you can use hardware breakpoints if you desire to run with the CONFIG_STRICT_KERNEL_RWX option turned on, else you need to turn off this option.
7) Next you should choose one of more I/O drivers to interconnect debugging host and debugged target. Early boot debugging requires a KGDB I/O driver that supports early debugging and the driver must be built into the kernel directly. Kgdb I/O driver configuration takes place via kernel or module parameters
π¦ Here is an example set of .config symbols to enable or disable for kgdb:
# CONFIG_STRICT_KERNEL_RWX is not set
CONFIG_FRAME_POINTER=y
CONFIG_KGDB=y
CONFIG_KGDB_SERIAL_CONSOLE=y
Kernel config options for kdb
Kdb is quite a bit more complex than the simple gdbstub sitting on top of the kernelβs debug core. Kdb must implement a shell, and also adds some helper functions in other parts of the kernel, responsible for printing out interesting data such as what you would see if you ran lsmod, or ps.
8) In order to build kdb into the kernel you follow the same steps as you would for kgdb.
9) The main config option for kdb is CONFIG_KGDB_KDB which is called KGDB_KDB: include kdb frontend for kgdb in the config menu. In theory you would have already also selected an I/O driver such as the CONFIG_KGDB_SERIAL_CONSOLE interface if you plan on using kdb on a serial port, when you were configuring kgdb.
10) If you want to use a PS/2-style keyboard with kdb, you would select CONFIG_KDB_KEYBOARD which is called KGDB_KDB: keyboard as input device in the config menu. The CONFIG_KDB_KEYBOARD option is not used for anything in the gdb interface to kgdb. The CONFIG_KDB_KEYBOARD option only works with kdb.
11) Here is an example set of .config symbols to enable/disable kdb:
# CONFIG_STRICT_KERNEL_RWX is not set
CONFIG_FRAME_POINTER=y
CONFIG_KGDB=y
CONFIG_KGDB_SERIAL_CONSOLE=y
CONFIG_KGDB_KDB=y
CONFIG_KDB_KEYBOARD=y
Kernel Debugger Boot Arguments
This section describes the various runtime kernel parameters that affect the configuration of the kernel debugger. T
12) Kernel parameter: kgdboc
The kgdboc driver was originally an abbreviation meant to stand for βkgdb over consoleβ. Today it is the primary mechanism to configure how to communicate from gdb to kgdb as well as the devices you want to use to interact with the kdb shell.
13) For kgdb/gdb, kgdboc is designed to work with a single serial port. It is intended to cover the circumstance where you want to use a serial console as your primary console as well as using it to perform kernel debugging. It is also possible to use kgdb on a serial port which is not designated as a system console. Kgdboc may be configured as a kernel built-in or a kernel loadable module.
14) You can only make use of kgdbwait and early debugging if you build kgdboc into the kernel as a built-in.
π¦ Lets start android debugging 2020
> Kernel config options for kgdb
fb.com/UndercOdeTestingCompany
1) To enable CONFIG_KGDB you should look under Kernel hacking β£ Kernel debugging and select KGDB: kernel debugger.
2) While it is not a hard requirement that you have symbols in your vmlinux file, gdb tends not to be very useful without the symbolic data, so you will want to turn on CONFIG_DEBUG_INFO which is called Compile the kernel with debug info in the config menu.
3) It is advised, but not required, that you turn on the CONFIG_FRAME_POINTER kernel option which is called Compile the kernel with frame pointers in the config menu.
4) This option inserts code to into the compiled executable which saves the frame information in registers or on the stack at different points which allows a debugger such as gdb to more accurately construct stack back traces while debugging the kernel.
5) If the architecture that you are using supports the kernel option CONFIG_STRICT_KERNEL_RWX, you should consider turning it off.
6) This option will prevent the use of software breakpoints because it marks certain regions of the kernelβs memory space as read-only. If kgdb supports it for the architecture you are using, you can use hardware breakpoints if you desire to run with the CONFIG_STRICT_KERNEL_RWX option turned on, else you need to turn off this option.
7) Next you should choose one of more I/O drivers to interconnect debugging host and debugged target. Early boot debugging requires a KGDB I/O driver that supports early debugging and the driver must be built into the kernel directly. Kgdb I/O driver configuration takes place via kernel or module parameters
π¦ Here is an example set of .config symbols to enable or disable for kgdb:
# CONFIG_STRICT_KERNEL_RWX is not set
CONFIG_FRAME_POINTER=y
CONFIG_KGDB=y
CONFIG_KGDB_SERIAL_CONSOLE=y
Kernel config options for kdb
Kdb is quite a bit more complex than the simple gdbstub sitting on top of the kernelβs debug core. Kdb must implement a shell, and also adds some helper functions in other parts of the kernel, responsible for printing out interesting data such as what you would see if you ran lsmod, or ps.
8) In order to build kdb into the kernel you follow the same steps as you would for kgdb.
9) The main config option for kdb is CONFIG_KGDB_KDB which is called KGDB_KDB: include kdb frontend for kgdb in the config menu. In theory you would have already also selected an I/O driver such as the CONFIG_KGDB_SERIAL_CONSOLE interface if you plan on using kdb on a serial port, when you were configuring kgdb.
10) If you want to use a PS/2-style keyboard with kdb, you would select CONFIG_KDB_KEYBOARD which is called KGDB_KDB: keyboard as input device in the config menu. The CONFIG_KDB_KEYBOARD option is not used for anything in the gdb interface to kgdb. The CONFIG_KDB_KEYBOARD option only works with kdb.
11) Here is an example set of .config symbols to enable/disable kdb:
# CONFIG_STRICT_KERNEL_RWX is not set
CONFIG_FRAME_POINTER=y
CONFIG_KGDB=y
CONFIG_KGDB_SERIAL_CONSOLE=y
CONFIG_KGDB_KDB=y
CONFIG_KDB_KEYBOARD=y
Kernel Debugger Boot Arguments
This section describes the various runtime kernel parameters that affect the configuration of the kernel debugger. T
12) Kernel parameter: kgdboc
The kgdboc driver was originally an abbreviation meant to stand for βkgdb over consoleβ. Today it is the primary mechanism to configure how to communicate from gdb to kgdb as well as the devices you want to use to interact with the kdb shell.
13) For kgdb/gdb, kgdboc is designed to work with a single serial port. It is intended to cover the circumstance where you want to use a serial console as your primary console as well as using it to perform kernel debugging. It is also possible to use kgdb on a serial port which is not designated as a system console. Kgdboc may be configured as a kernel built-in or a kernel loadable module.
14) You can only make use of kgdbwait and early debugging if you build kgdboc into the kernel as a built-in.
Optionally you can elect to activate kms (Kernel Mode Setting) integration. When you use kms with kgdboc and you have a video driver that has atomic mode setting hooks, it is possible to enter the debugger on the graphics console. When the kernel execution is resumed, the previous graphics mode will be restored. This integration can serve as a useful tool to aid in diagnosing crashes or doing analysis of memory with kdb while allowing the full graphics console applications to run.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Details for android debugg
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
a) kgdboc arguments
1) kgdboc=[kms][[,]kbd][[,]serial_device][,baud]
The order listed above must be observed if you use any of the optional configurations together.
Abbreviations:
kms = Kernel Mode Setting
kbd = Keyboard
You can configure kgdboc to use the keyboard, and/or a serial device depending on if you are using kdb and/or kgdb, in one of the following scenarios. The order listed above must be observed if you use any of the optional configurations together. Using kms + only gdb is generally not a useful combination.
2) Using loadable module or built-in
As a kernel built-in:
> Use the kernel boot argument:
kgdboc=<tty-device>,[baud]
As a kernel loadable module:
π¦ Use the command:
modprobe kgdboc kgdboc=<tty-device>,[baud]
Here are two examples of how you might format the kgdboc string. The first is for an x86 target using the first serial port. The second example is for the ARM Versatile AB using the second serial port.
kgdboc=ttyS0,115200
kgdboc=ttyAMA1,115200
Configure kgdboc at runtime with sysfs
At run time you can enable or disable kgdboc by echoing a parameters into the sysfs. Here are two examples:
π¦ Enable/disable
kgdboc on ttyS0:
1) enable :
> echo ttyS0 > /sys/module/kgdboc/parameters/kgdboc
2) Disable kgdboc:
> echo "" > /sys/module/kgdboc/parameters/kgdboc
π¦ More examples by UndercOde
1) You can configure kgdboc to use the keyboard, and/or a serial device depending on if you are using kdb and/or kgdb, in one of the following scenarios.
> kdb and kgdb over only a serial port:
kgdboc=<serial_device>[,baud]
2) Example:
kgdboc=ttyS0,115200
kdb and kgdb with keyboard and a serial port:
kgdboc=kbd,<serial_device>[,baud]
3) Example:
kgdboc=kbd,ttyS0,115200
kdb with a keyboard:
kgdboc=kbd
kdb with kernel mode setting:
kgdboc=kms,kbd
kdb with kernel mode setting and kgdb over a serial port:
kgdboc=kms,kbd,ttyS0,115200
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Details for android debugg
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
a) kgdboc arguments
1) kgdboc=[kms][[,]kbd][[,]serial_device][,baud]
The order listed above must be observed if you use any of the optional configurations together.
Abbreviations:
kms = Kernel Mode Setting
kbd = Keyboard
You can configure kgdboc to use the keyboard, and/or a serial device depending on if you are using kdb and/or kgdb, in one of the following scenarios. The order listed above must be observed if you use any of the optional configurations together. Using kms + only gdb is generally not a useful combination.
2) Using loadable module or built-in
As a kernel built-in:
> Use the kernel boot argument:
kgdboc=<tty-device>,[baud]
As a kernel loadable module:
π¦ Use the command:
modprobe kgdboc kgdboc=<tty-device>,[baud]
Here are two examples of how you might format the kgdboc string. The first is for an x86 target using the first serial port. The second example is for the ARM Versatile AB using the second serial port.
kgdboc=ttyS0,115200
kgdboc=ttyAMA1,115200
Configure kgdboc at runtime with sysfs
At run time you can enable or disable kgdboc by echoing a parameters into the sysfs. Here are two examples:
π¦ Enable/disable
kgdboc on ttyS0:
1) enable :
> echo ttyS0 > /sys/module/kgdboc/parameters/kgdboc
2) Disable kgdboc:
> echo "" > /sys/module/kgdboc/parameters/kgdboc
π¦ More examples by UndercOde
1) You can configure kgdboc to use the keyboard, and/or a serial device depending on if you are using kdb and/or kgdb, in one of the following scenarios.
> kdb and kgdb over only a serial port:
kgdboc=<serial_device>[,baud]
2) Example:
kgdboc=ttyS0,115200
kdb and kgdb with keyboard and a serial port:
kgdboc=kbd,<serial_device>[,baud]
3) Example:
kgdboc=kbd,ttyS0,115200
kdb with a keyboard:
kgdboc=kbd
kdb with kernel mode setting:
kgdboc=kms,kbd
kdb with kernel mode setting and kgdb over a serial port:
kgdboc=kms,kbd,ttyS0,115200
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Anti-DDOS project is an open source software project developed to protect against DOS and DDoS attacks.
> The project was written using bash programming language. By writing iptables rules into the Linux operating system.
> Takes the necessary defense configurations. And it only works on the linux operating system. 100% compatible for Linux operating systems. It does not provide 100% security, it will only help you to take the necessary measures.
t.me/UndercodeTesting
π¦ πβπππΈπππππΈπππβ & βπβ:
1) Cloning an Existing Repository ( Clone with HTTPS )
root@ismailtasdelen:~# git clone https://github.com/ismailtasdelen/
Anti-DDOS.git
> Cloning an Existing Repository ( Clone with SSH )
root@ismailtasdelen:~# git clone git@github.com:ismailtasdelen/Anti-DDOS.git
2) cd Anti-DDOS
3) RUN
root@ismailtasdelen:~# bash ./anti-ddos.sh
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Anti-DDOS project is an open source software project developed to protect against DOS and DDoS attacks.
> The project was written using bash programming language. By writing iptables rules into the Linux operating system.
> Takes the necessary defense configurations. And it only works on the linux operating system. 100% compatible for Linux operating systems. It does not provide 100% security, it will only help you to take the necessary measures.
t.me/UndercodeTesting
π¦ πβπππΈπππππΈπππβ & βπβ:
1) Cloning an Existing Repository ( Clone with HTTPS )
root@ismailtasdelen:~# git clone https://github.com/ismailtasdelen/
Anti-DDOS.git
> Cloning an Existing Repository ( Clone with SSH )
root@ismailtasdelen:~# git clone git@github.com:ismailtasdelen/Anti-DDOS.git
2) cd Anti-DDOS
3) RUN
root@ismailtasdelen:~# bash ./anti-ddos.sh
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦basic commun error fix : win10 denied access [application method]
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
> Because the computer system handles the problem of access denied by win10, many people will not operate, so I want to help you solve the problem of access denied by win10, so how should you specifically deal with access denied by win10?
1) Open the C drive, find windowsApps, right-click the property, click the security column, and edit permissions.
2) In the "Group and user name" column, select your current login account, if not, you can add it. (In the add account, select all object types, you can enter the object name, such as -PC / Administrator). Let's take a look at the idea of ββXiao Bian to solve the access denied in win10.
3) Open the C drive, find windowsApps, right-click properties, click the security column, and edit permissions.
4) In the "Group and user name" column, select your current login account, if not, you can add it. (Add account, select all object types, object name can be entered, such as -PC / Administrator)
5) Modify the corresponding permission operations as required
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦basic commun error fix : win10 denied access [application method]
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
> Because the computer system handles the problem of access denied by win10, many people will not operate, so I want to help you solve the problem of access denied by win10, so how should you specifically deal with access denied by win10?
1) Open the C drive, find windowsApps, right-click the property, click the security column, and edit permissions.
2) In the "Group and user name" column, select your current login account, if not, you can add it. (In the add account, select all object types, you can enter the object name, such as -PC / Administrator). Let's take a look at the idea of ββXiao Bian to solve the access denied in win10.
3) Open the C drive, find windowsApps, right-click properties, click the security column, and edit permissions.
4) In the "Group and user name" column, select your current login account, if not, you can add it. (Add account, select all object types, object name can be entered, such as -PC / Administrator)
5) Modify the corresponding permission operations as required
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Vulnerable Regex in online repositories Example :
twitter.com/UndercOdeTC
1) ReGexLib,id=1757 (email validation) - see bold part, which is an Evil Regex
^([a-zA-Z0-9])(([\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$
Input:
aaaaaaaaaaaaaaaaaaaaaaaa!
2) OWASP Validation Regex Repository, Java Classname - see bold part, which is an Evil Regex
^(([a-z])+.)+[A-Z]([a-z])+$
Input:
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
π¦ Web application attack
1) Open a JavaScript
2) find Evil Regex
3) Craft a malicious input for the found Regex
4) Submit a valid value via intercepting proxy
5) Change the request to contain a malicious input
You are done!
π¦ ReDoS via Regex Injection
> The following example checks if the username is part of the password entered by the user.
> String userName = textBox1.Text; String password = textBox2.Text;
>Regex testPassword = new Regex(userName); Match match = testPassword.Match(password); if (match.Success) {
> MessageBox.Show("Do not include name in password."); } else { MessageBox.Show("Good password."); }
> If an attacker enters ^(([a-z])+.)+[A-Z]([a-z])+$ as a username and aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! as a password, the program will hang.
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Vulnerable Regex in online repositories Example :
twitter.com/UndercOdeTC
1) ReGexLib,id=1757 (email validation) - see bold part, which is an Evil Regex
^([a-zA-Z0-9])(([\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$
Input:
aaaaaaaaaaaaaaaaaaaaaaaa!
2) OWASP Validation Regex Repository, Java Classname - see bold part, which is an Evil Regex
^(([a-z])+.)+[A-Z]([a-z])+$
Input:
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
π¦ Web application attack
1) Open a JavaScript
2) find Evil Regex
3) Craft a malicious input for the found Regex
4) Submit a valid value via intercepting proxy
5) Change the request to contain a malicious input
You are done!
π¦ ReDoS via Regex Injection
> The following example checks if the username is part of the password entered by the user.
> String userName = textBox1.Text; String password = textBox2.Text;
>Regex testPassword = new Regex(userName); Match match = testPassword.Match(password); if (match.Success) {
> MessageBox.Show("Do not include name in password."); } else { MessageBox.Show("Good password."); }
> If an attacker enters ^(([a-z])+.)+[A-Z]([a-z])+$ as a username and aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa! as a password, the program will hang.
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Linux SECURITY :
> Linux changes SSH default port 22 to prevent password cracking
twitter.com/UndercodeTC
π¦ ππΌππ πππΈβπ :
1) On Linux / Unix systems, many people use SSH + password to log in to the server. The default port 22 is the risk of being brute-forced. Random port number.
2) To be on the safe side, it is recommended to first add a random SSH port number and add the corresponding firewall rules, and then try to connect to the server with this new port. If it is OK, we will delete the default port 22.
3) The advantage of this is that if the newly modified port number fails to connect, you can still use the default 22 port to log in, otherwise, you may not be able to connect or you may not be able to connect to the server through SSH after some problems, which is miserable.
written by UNdercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Linux SECURITY :
> Linux changes SSH default port 22 to prevent password cracking
twitter.com/UndercodeTC
π¦ ππΌππ πππΈβπ :
1) On Linux / Unix systems, many people use SSH + password to log in to the server. The default port 22 is the risk of being brute-forced. Random port number.
2) To be on the safe side, it is recommended to first add a random SSH port number and add the corresponding firewall rules, and then try to connect to the server with this new port. If it is OK, we will delete the default port 22.
3) The advantage of this is that if the newly modified port number fails to connect, you can still use the default 22 port to log in, otherwise, you may not be able to connect or you may not be able to connect to the server through SSH after some problems, which is miserable.
written by UNdercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ First, modify the configuration file
T.me/UndercOdeTesting
1) Modify the configuration file / etc / ssh / sshd_config
vim / etc / ssh / sshd_config
modify
#Port 22
#ListenAddress 0.0.0.0
#ListenAddress ::
for
Port 22
Port 23456
#ListenAddress 0.0.0.0
#ListenAddress ::
2) As above, uncomment Port 22 and add a line below it Port 23456
3) The default listening port of SSH is 22, if it is not mandatory, "Port 22" is commented or uncommented, port 22 remote login will be opened by default.
> The above is uncommented and port 22 is reserved to prevent possible permissions and configuration problems that cause port 22 to be inaccessible, which is awkward.
4) Added a line of Port 23456, which is to replace the default port 22. When you modify the port, you should choose a port number between 10000 and 65535. Below 10000 is easy to be occupied by the system or some special software, or newly installed Applications may occupy this port, so do not use port numbers below 10000.
5) Make the sshd configuration take effect
> Execute the following command to make the sshd configuration take effect.
a) CentOS 7.x or above, execute the command
systemctl restart sshd.service
b) CentOS 6.x or below, execute the command
/etc/init.d/sshd restart
6) After taking effect, log in with the new port number
ssh root@47.106.126.167 -p 23456
# ssh root@47.106.126.167 -p 23456
root@47.106.126.167's password:
7) Enter password to login successfully
Note: At this time, both ports 22 and 23456 can successfully log in to ssh.
8) Confirm that the new port can log in, comment out port 22
vim / etc / ssh / sshd_config
Comment out port 22, the final configuration is as follows
#Port 22
Port 23456
#ListenAddress 0.0.0.0
#ListenAddress ::
10) Finally, do nβt forget to modify the configuration file to make it take effect
11 ) CentOS 7.x or above, execute the command
systemctl restart sshd.service
12) CentOS 6.x or below, execute the command
/etc/init.d/sshd restart
13) Third, the firewall allows new port numbers
When using Cloud example, prior to CentOS 7 and enabling the default firewall iptables, you should note that iptables does not block access by default
14) If you configured iptables rules, you need to execute the command to allow new ports:
iptables -A INPUT -p tcp --dport 23456 -j ACCEPT
15) Then execute the restart firewall command
service iptables restart
> Explanation :
16) Firewalld is installed by default after CentOS 7
First, check if the firewall has opened the port number 23456.
> firewall-cmd --permanent --query-port = 23456 / tcp
17) If the print result is no, it means that the 23456 port number is not open, then add the allow new port number and run the command
> firewall-cmd --permanent --add-port = 23456 / tcp
18) If the result is success, the TCP 23456 port number is released.
Next, reload the firewall policy for the configuration to take effect
> firewall-cmd --reload
19) Finally, check again if port 23456 is open
> firewall-cmd --permanent --add-port = 23456 / tcp
20) If a new port number is opened, yes will be printed at this time
> Fourth, the policy group allows new port numbers
21) any cloud server vendors such as Alibaba Cloud and Tencent Cloud have security group policies. If the firewall opens a new port number, but the security group does not open a new port number, it will not be possible to log in via ssh. Therefore, you need to open a new port number in the security group
21) Log in to the ECS Management Console , locate the instance, select Network and Security Group
22) On the Security Group Rule page, click Add Security Group Rule to define the security rule according to the actual usage scenario and allow the newly configured remote port to connect.
written by UNdercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ First, modify the configuration file
T.me/UndercOdeTesting
1) Modify the configuration file / etc / ssh / sshd_config
vim / etc / ssh / sshd_config
modify
#Port 22
#ListenAddress 0.0.0.0
#ListenAddress ::
for
Port 22
Port 23456
#ListenAddress 0.0.0.0
#ListenAddress ::
2) As above, uncomment Port 22 and add a line below it Port 23456
3) The default listening port of SSH is 22, if it is not mandatory, "Port 22" is commented or uncommented, port 22 remote login will be opened by default.
> The above is uncommented and port 22 is reserved to prevent possible permissions and configuration problems that cause port 22 to be inaccessible, which is awkward.
4) Added a line of Port 23456, which is to replace the default port 22. When you modify the port, you should choose a port number between 10000 and 65535. Below 10000 is easy to be occupied by the system or some special software, or newly installed Applications may occupy this port, so do not use port numbers below 10000.
5) Make the sshd configuration take effect
> Execute the following command to make the sshd configuration take effect.
a) CentOS 7.x or above, execute the command
systemctl restart sshd.service
b) CentOS 6.x or below, execute the command
/etc/init.d/sshd restart
6) After taking effect, log in with the new port number
ssh root@47.106.126.167 -p 23456
# ssh root@47.106.126.167 -p 23456
root@47.106.126.167's password:
7) Enter password to login successfully
Note: At this time, both ports 22 and 23456 can successfully log in to ssh.
8) Confirm that the new port can log in, comment out port 22
vim / etc / ssh / sshd_config
Comment out port 22, the final configuration is as follows
#Port 22
Port 23456
#ListenAddress 0.0.0.0
#ListenAddress ::
10) Finally, do nβt forget to modify the configuration file to make it take effect
11 ) CentOS 7.x or above, execute the command
systemctl restart sshd.service
12) CentOS 6.x or below, execute the command
/etc/init.d/sshd restart
13) Third, the firewall allows new port numbers
When using Cloud example, prior to CentOS 7 and enabling the default firewall iptables, you should note that iptables does not block access by default
14) If you configured iptables rules, you need to execute the command to allow new ports:
iptables -A INPUT -p tcp --dport 23456 -j ACCEPT
15) Then execute the restart firewall command
service iptables restart
> Explanation :
16) Firewalld is installed by default after CentOS 7
First, check if the firewall has opened the port number 23456.
> firewall-cmd --permanent --query-port = 23456 / tcp
17) If the print result is no, it means that the 23456 port number is not open, then add the allow new port number and run the command
> firewall-cmd --permanent --add-port = 23456 / tcp
18) If the result is success, the TCP 23456 port number is released.
Next, reload the firewall policy for the configuration to take effect
> firewall-cmd --reload
19) Finally, check again if port 23456 is open
> firewall-cmd --permanent --add-port = 23456 / tcp
20) If a new port number is opened, yes will be printed at this time
> Fourth, the policy group allows new port numbers
21) any cloud server vendors such as Alibaba Cloud and Tencent Cloud have security group policies. If the firewall opens a new port number, but the security group does not open a new port number, it will not be possible to log in via ssh. Therefore, you need to open a new port number in the security group
21) Log in to the ECS Management Console , locate the instance, select Network and Security Group
22) On the Security Group Rule page, click Add Security Group Rule to define the security rule according to the actual usage scenario and allow the newly configured remote port to connect.
written by UNdercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ from yesterday,NEW BUG
> Guardicore's security researchers have revealed a sophisticated malware attack that successfully destroyed more than 800 devices belonging to mid-sized companies in the medical technology industry. The malware masquerades as a WAV file and contains a Monero mining software that uses the infamous EternalBlue vulnerability to compromise devices on the network.
> The only bug in this malware was that it eventually caused the Blue Screen of Death (BSOD) of the infected computer and displayed the relevant error code, which eventually caused the victim to suspect and triggered an in-depth investigation of the incident.
> Researchers said that BSOD was first discovered on October 14 when the machine at the time of the fatal crash was trying to execute a long command line (actually a base-64 encoded PowerShell script). After decoding the script, the researchers obtained a readable Powershell script that was used to deploy the malware. The script first checks the system architecture (based on pointer size). It then reads the value stored in the above registry subkey and loads the value into memory using the Windows API function WriteProcessMemory. The researchers noted that the malware payload is executed by obtaining and calling function pointer delegates.
> The malware tried to spread to other devices on the network using an EternalBlue-based vulnerability, which is the same vulnerability used by WannaCry in 2017 and infected thousands of computers worldwide. After reverse engineering the malware, the researchers found that the malware actually hides the Monero mining module disguised as a WAV file and uses the CryptonightR algorithm to mine the Monero virtual currency. In addition, the malware utilizes steganography and hides its malicious modules in a clear-looking WAV file. "
> Researchers found that the complete removal of malware, including termination of malicious processes, prevented BSOD from occurring on the victim device.
π¦this post from twitter.com/UndercOdeTC, you can get more updates from their
written by UNdercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ from yesterday,NEW BUG
> Guardicore's security researchers have revealed a sophisticated malware attack that successfully destroyed more than 800 devices belonging to mid-sized companies in the medical technology industry. The malware masquerades as a WAV file and contains a Monero mining software that uses the infamous EternalBlue vulnerability to compromise devices on the network.
> The only bug in this malware was that it eventually caused the Blue Screen of Death (BSOD) of the infected computer and displayed the relevant error code, which eventually caused the victim to suspect and triggered an in-depth investigation of the incident.
> Researchers said that BSOD was first discovered on October 14 when the machine at the time of the fatal crash was trying to execute a long command line (actually a base-64 encoded PowerShell script). After decoding the script, the researchers obtained a readable Powershell script that was used to deploy the malware. The script first checks the system architecture (based on pointer size). It then reads the value stored in the above registry subkey and loads the value into memory using the Windows API function WriteProcessMemory. The researchers noted that the malware payload is executed by obtaining and calling function pointer delegates.
> The malware tried to spread to other devices on the network using an EternalBlue-based vulnerability, which is the same vulnerability used by WannaCry in 2017 and infected thousands of computers worldwide. After reverse engineering the malware, the researchers found that the malware actually hides the Monero mining module disguised as a WAV file and uses the CryptonightR algorithm to mine the Monero virtual currency. In addition, the malware utilizes steganography and hides its malicious modules in a clear-looking WAV file. "
> Researchers found that the complete removal of malware, including termination of malicious processes, prevented BSOD from occurring on the victim device.
π¦this post from twitter.com/UndercOdeTC, you can get more updates from their
written by UNdercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How install ubuntu server On pc full :
pinterest.com/UndercOdeOfficial
π¦ ππΌππ πππΈβπ :
1) go to the the official Ubuntu mirror download page on a separate computer. (Not the one you are turning into a server)
2) Make sure you are under the βServer Install Imageβ section and download either the 32-bit or 64-bit version of Ubuntu Server.
3) A rule of thumb: If your computer has over 2gb of RAM, the 64 bit version will work fine. You can also check to see if your processor is a 64-bit processor. Most made within the last 8 years are fine. If not, use the 32 bit version which will be slower, but it works with almost all machines.
4) (WINDOWS ONLY) Once downloaded, you burn the Ubuntu Server image file to either a USB drive or a CD
5) Download Rufus to write the iso file to a USB drive.
In Rufus, leave everything as is except change βCreate bootable disk usingβ to βIso Imageβ and click the disk icon to select the Ubuntu Server image you downloaded.
6) Click Start to begin writing the image. Agree to all downloads and press OK if a dialog pops up.
7) Download ImgBurn to burn the iso file to a DVD.
8) After going through the installation wizard, open ImgBurn and File >
9) Open the Ubuntu Server iso file. Make sure you have the right drive selected, and click the big button on the bottom to burn to the DVD.
(LINUX ONLY) If you are running Linux, you should already know what youβre doingβ¦ Just use dd or Brasero to burn the image.
(OSX ONLY) Use Disk Utility to burn to a DVD.
10) Now that you have you have the Ubuntu Disk on your USB drive or DVD, safely eject from your computer.
11) Plug in the computer, monitor, the keyboard (and the USB drive) to back side of the the old computer. Often the USB drive cannot boot when in the front USB ports.
12) Turn on the computer. When it first turns on, a screen should flash that will give you a key to press to enter into the BIOS/startup menu. Some common keys are ESC, F2, F3, F10, F12. Repeatedly press the keys to enter the BIOS.
13) Often times, you have to go to extra lengths to enable the USB boot. Look for βHard Drive Boot Sequenceβ or βEnable USB Drive Bootβ or something similar. If you have no luck booting from a USB device, switch to DVD.
14) After saving your changes, the computer will probably restart and boot into Ubuntu this time
15) now install like any linux os
choose partitions and install
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How install ubuntu server On pc full :
pinterest.com/UndercOdeOfficial
π¦ ππΌππ πππΈβπ :
1) go to the the official Ubuntu mirror download page on a separate computer. (Not the one you are turning into a server)
2) Make sure you are under the βServer Install Imageβ section and download either the 32-bit or 64-bit version of Ubuntu Server.
3) A rule of thumb: If your computer has over 2gb of RAM, the 64 bit version will work fine. You can also check to see if your processor is a 64-bit processor. Most made within the last 8 years are fine. If not, use the 32 bit version which will be slower, but it works with almost all machines.
4) (WINDOWS ONLY) Once downloaded, you burn the Ubuntu Server image file to either a USB drive or a CD
5) Download Rufus to write the iso file to a USB drive.
In Rufus, leave everything as is except change βCreate bootable disk usingβ to βIso Imageβ and click the disk icon to select the Ubuntu Server image you downloaded.
6) Click Start to begin writing the image. Agree to all downloads and press OK if a dialog pops up.
7) Download ImgBurn to burn the iso file to a DVD.
8) After going through the installation wizard, open ImgBurn and File >
9) Open the Ubuntu Server iso file. Make sure you have the right drive selected, and click the big button on the bottom to burn to the DVD.
(LINUX ONLY) If you are running Linux, you should already know what youβre doingβ¦ Just use dd or Brasero to burn the image.
(OSX ONLY) Use Disk Utility to burn to a DVD.
10) Now that you have you have the Ubuntu Disk on your USB drive or DVD, safely eject from your computer.
11) Plug in the computer, monitor, the keyboard (and the USB drive) to back side of the the old computer. Often the USB drive cannot boot when in the front USB ports.
12) Turn on the computer. When it first turns on, a screen should flash that will give you a key to press to enter into the BIOS/startup menu. Some common keys are ESC, F2, F3, F10, F12. Repeatedly press the keys to enter the BIOS.
13) Often times, you have to go to extra lengths to enable the USB boot. Look for βHard Drive Boot Sequenceβ or βEnable USB Drive Bootβ or something similar. If you have no luck booting from a USB device, switch to DVD.
14) After saving your changes, the computer will probably restart and boot into Ubuntu this time
15) now install like any linux os
choose partitions and install
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to Install Nginx on Ubuntu :
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) Install Nginx on Your Ubuntu Server
Nginx is available in the Ubuntu package repositories simple. First, update the apt cache with the following command:
sudo apt update
and install Nginx by issuing:
sudo apt install nginx
Once the installation is completed Nginx will be automatically started.
You can make sure that Nginx service is running with the following command:
sudo systemctl status nginx
The output should look like below:
β nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-03-31 01:50:44 CDT; 8s ago
Main PID: 716 (nginx)
CGroup: /system.slice/nginx.service
ββ716 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
ββ717 nginx: worker process
ββ718 nginx: worker process
ββ719 nginx: worker process
ββ720 nginx: worker process
2) Open Firewall Ports
If you are using ufw you need to open HTTP port 80 and/or HTTPS port 433. Ufw comes with profiles based on the default ports of most common daemons and programs.
To open both Nginx ports run the following command:
sudo ufw allow 'Nginx Full'
To verify the change run:
sudo ufw status
The output should look like below:
Status: active
To Action From
-- ------ ----
Nginx Full ALLOW Anywhere
Nginx Full (v6) ALLOW Anywhere (v6)
You can now open your browser, enter your server IP address into your browser address bar and you should see the default Nginx page.
3) Managing Nginx Service
You can manage the Nginx service same as any other systemd unit.
Start the nginx service with the following command:
sudo systemctl start nginx
Stop the service with:
sudo systemctl stop nginx
Restart the service with:
sudo systemctl restart nginx
Check the status of the service with:
sudo systemctl status nginx
Enable the service on system boot with:
sudo systemctl enable nginx
Disable the service on system boot with:
sudo systemctl disable nginx
4) Create a New Server Block
The default Nginx installation will have one server block enabled with a document root set to /var/www/html.
In this guide, we will create a new server block for the domain example.com and set the document root to /var/www/example.com.
First, create the domain document root with the following command:
sudo mkdir -p /var/www/example.com
and then create an index.html file with the following content:
sudo vim /var/www/example.com/index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>example.com</title>
</head>
<body>
<h1>example.com server block</h1>
</body>
</html>
Next, create a new server block with the following content:
sudo vim /etc/nginx/sites-available/example.com.conf
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
root /var/www/example.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Activate the server block by creating a symbolic link :
sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/example.com.conf
5) Restart Nginx
Test the Nginx configuration and restart nginx:
sudo nginx -t
sudo systemctl restart nginx
6) Now if you enter example.com into your browser address bar you should see example.com server block.
this post Powered by Wiki
Tested by UndercOde on Lastest Version of Ubuntu
e n j o y
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How to Install Nginx on Ubuntu :
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) Install Nginx on Your Ubuntu Server
Nginx is available in the Ubuntu package repositories simple. First, update the apt cache with the following command:
sudo apt update
and install Nginx by issuing:
sudo apt install nginx
Once the installation is completed Nginx will be automatically started.
You can make sure that Nginx service is running with the following command:
sudo systemctl status nginx
The output should look like below:
β nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-03-31 01:50:44 CDT; 8s ago
Main PID: 716 (nginx)
CGroup: /system.slice/nginx.service
ββ716 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
ββ717 nginx: worker process
ββ718 nginx: worker process
ββ719 nginx: worker process
ββ720 nginx: worker process
2) Open Firewall Ports
If you are using ufw you need to open HTTP port 80 and/or HTTPS port 433. Ufw comes with profiles based on the default ports of most common daemons and programs.
To open both Nginx ports run the following command:
sudo ufw allow 'Nginx Full'
To verify the change run:
sudo ufw status
The output should look like below:
Status: active
To Action From
-- ------ ----
Nginx Full ALLOW Anywhere
Nginx Full (v6) ALLOW Anywhere (v6)
You can now open your browser, enter your server IP address into your browser address bar and you should see the default Nginx page.
3) Managing Nginx Service
You can manage the Nginx service same as any other systemd unit.
Start the nginx service with the following command:
sudo systemctl start nginx
Stop the service with:
sudo systemctl stop nginx
Restart the service with:
sudo systemctl restart nginx
Check the status of the service with:
sudo systemctl status nginx
Enable the service on system boot with:
sudo systemctl enable nginx
Disable the service on system boot with:
sudo systemctl disable nginx
4) Create a New Server Block
The default Nginx installation will have one server block enabled with a document root set to /var/www/html.
In this guide, we will create a new server block for the domain example.com and set the document root to /var/www/example.com.
First, create the domain document root with the following command:
sudo mkdir -p /var/www/example.com
and then create an index.html file with the following content:
sudo vim /var/www/example.com/index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>example.com</title>
</head>
<body>
<h1>example.com server block</h1>
</body>
</html>
Next, create a new server block with the following content:
sudo vim /etc/nginx/sites-available/example.com.conf
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
root /var/www/example.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Activate the server block by creating a symbolic link :
sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/example.com.conf
5) Restart Nginx
Test the Nginx configuration and restart nginx:
sudo nginx -t
sudo systemctl restart nginx
6) Now if you enter example.com into your browser address bar you should see example.com server block.
this post Powered by Wiki
Tested by UndercOde on Lastest Version of Ubuntu
e n j o y
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Securing ubuntu server System
Setting up the Firewall
instagram.com/UnderCodeTestingCompany
π¦ Reference: "IPTables :
1) Linux has a built-in Firewall called netfilter, which works via the iptables tool. It uses 3 so-called iptables:
the filter table for filtering the IP packets,
the nat table for network address translation, and
the mangle table for modifying the IP packets.
2) Each table contains a set of chains. Each chain has rules.
3) For the filter table, there are 3 chains (of rules): INPUT (applied to incoming packets), OUTPUT (applied to the outgoing packets), and FORWARD (applied to incoming packets destined for another system). You can list all the current filter rules via the following command:
$ sudo iptables -L // -L to list the current filtering rules.
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
// The filter table has 3 chains with no rules
4) The iptables tool is complex. But, we are only concerned about the incoming IP packets, i.e., the INPUT chain of the filter table. To setup incoming packet-filtering via Webmin:
5) Goto "Webmin" β "Networking" β "Linux Firewall" β Select the option "Allow all traffic" and check "Enable firewall at boot time" β "Setup Firewall".
6) Select the iptable "Packet filtering (filter)". On a fresh installation, there shall be no rules under all the 3 chains: INPUT, OUTPUT and FORWARD.
}
7) Add the following rules, which are necessary for proper operations of the network interface.
8) Under "Incoming packets (INPUT)":
"Add Rule" β Set "Action to take" to "Accept" β For "Connection states", select "Equals" for both "Established" and "Related" β "Create".
9) This rule is necessary to allow incoming packets that are part of an already established IP connection. We will set the rules for new connection later.
10 ) The corresponding Unix command is:
$ sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
// -A INPUT: append this rule to the INPUT chain
// -m conntrack:
// -ctstate ESTABLISHED,RELATED: connection state
// -j ACCEPT: accept the packet
11) "Add Rule" β Set "Action to take" to "Accept" β For "Network protocol", select "Equals" for "ICMP" β "Create".
12) This rule allows incoming packets for ICMP diagnostics such as ping and traceroute.
13) "Add Rule" β Set "Action to take" to "Accept" β For "Incoming interface", select "Equals" for "lo" (local) β "Create".
14) This rule allows incoming packets for local loopback interface (or, localhost).
15)Next, create rules for each of the protocol services that are permitted to access the server. This depends on your specific environment.
Under "Incoming packets (INPUT)":
16) To allow incoming SSH connection, which runs on TCP port 22 by default: "Add Rule" β Set "Action to take" to "Accept" β For "Network protocol", select "Equals" for "TCP" β For "Destination TCP or UDP port", select "Equals" and set "Port(s)" to 22 β For "Connection states", select "Equals" for "NEW".
17) The corresponding Unix command is:
$ sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
// -A INPUT: append this rule to INPUT chain
// -p tcp: network protocol of tcp
// --dport ssh: ssh default port number (22)
// -j ACCEPT: accept the packet
π¦ Securing ubuntu server System
Setting up the Firewall
instagram.com/UnderCodeTestingCompany
π¦ Reference: "IPTables :
1) Linux has a built-in Firewall called netfilter, which works via the iptables tool. It uses 3 so-called iptables:
the filter table for filtering the IP packets,
the nat table for network address translation, and
the mangle table for modifying the IP packets.
2) Each table contains a set of chains. Each chain has rules.
3) For the filter table, there are 3 chains (of rules): INPUT (applied to incoming packets), OUTPUT (applied to the outgoing packets), and FORWARD (applied to incoming packets destined for another system). You can list all the current filter rules via the following command:
$ sudo iptables -L // -L to list the current filtering rules.
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
// The filter table has 3 chains with no rules
4) The iptables tool is complex. But, we are only concerned about the incoming IP packets, i.e., the INPUT chain of the filter table. To setup incoming packet-filtering via Webmin:
5) Goto "Webmin" β "Networking" β "Linux Firewall" β Select the option "Allow all traffic" and check "Enable firewall at boot time" β "Setup Firewall".
6) Select the iptable "Packet filtering (filter)". On a fresh installation, there shall be no rules under all the 3 chains: INPUT, OUTPUT and FORWARD.
}
7) Add the following rules, which are necessary for proper operations of the network interface.
8) Under "Incoming packets (INPUT)":
"Add Rule" β Set "Action to take" to "Accept" β For "Connection states", select "Equals" for both "Established" and "Related" β "Create".
9) This rule is necessary to allow incoming packets that are part of an already established IP connection. We will set the rules for new connection later.
10 ) The corresponding Unix command is:
$ sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
// -A INPUT: append this rule to the INPUT chain
// -m conntrack:
// -ctstate ESTABLISHED,RELATED: connection state
// -j ACCEPT: accept the packet
11) "Add Rule" β Set "Action to take" to "Accept" β For "Network protocol", select "Equals" for "ICMP" β "Create".
12) This rule allows incoming packets for ICMP diagnostics such as ping and traceroute.
13) "Add Rule" β Set "Action to take" to "Accept" β For "Incoming interface", select "Equals" for "lo" (local) β "Create".
14) This rule allows incoming packets for local loopback interface (or, localhost).
15)Next, create rules for each of the protocol services that are permitted to access the server. This depends on your specific environment.
Under "Incoming packets (INPUT)":
16) To allow incoming SSH connection, which runs on TCP port 22 by default: "Add Rule" β Set "Action to take" to "Accept" β For "Network protocol", select "Equals" for "TCP" β For "Destination TCP or UDP port", select "Equals" and set "Port(s)" to 22 β For "Connection states", select "Equals" for "NEW".
17) The corresponding Unix command is:
$ sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
// -A INPUT: append this rule to INPUT chain
// -p tcp: network protocol of tcp
// --dport ssh: ssh default port number (22)
// -j ACCEPT: accept the packet
18) To allow incoming Webmin connection, which runs on TCP port 10000 by default: repeat the above, but choose port 10000.
19) Similarly, you can allow incoming connection for services such as HTTP (default on TCP port 80), HTTPS (default on TCP port 443), Usermin (default on TCP port 20000) Samba (UDP Ports 137-139, TCP ports 137, 139 and 445), PhpMyAdmin (...) ...
20) Finally, set the INPUT chain's default policy to drop packets that don't match any rules.
21) Select "Default action" to "Drop", and click "Set Default Action To" button.
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
19) Similarly, you can allow incoming connection for services such as HTTP (default on TCP port 80), HTTPS (default on TCP port 443), Usermin (default on TCP port 20000) Samba (UDP Ports 137-139, TCP ports 137, 139 and 445), PhpMyAdmin (...) ...
20) Finally, set the INPUT chain's default policy to drop packets that don't match any rules.
21) Select "Default action" to "Drop", and click "Set Default Action To" button.
@UndercOdeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Speed ββoptimization-enable hard disk DMA support Enabling hard-ssd disk DMA support
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
> DMA support is not enabled after the anonymous system is installed. In order to improve efficiency, you can enable it.
1) /etc/rc.d/rc.local Add a line / sbin / hdparm -d1 -c3 -m16 / dev / hda
If your hard disk supports ATA33, you can add -X66, ATA66 is -X68.
2) For example, ATA66 is: / sbin / hdparm -d1 -X68 -c3 -m16 / dev / hda
We can use hdparm -Tt / dev / hda to test the effect before and after joining.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Speed ββoptimization-enable hard disk DMA support Enabling hard-ssd disk DMA support
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
> DMA support is not enabled after the anonymous system is installed. In order to improve efficiency, you can enable it.
1) /etc/rc.d/rc.local Add a line / sbin / hdparm -d1 -c3 -m16 / dev / hda
If your hard disk supports ATA33, you can add -X66, ATA66 is -X68.
2) For example, ATA66 is: / sbin / hdparm -d1 -X68 -c3 -m16 / dev / hda
We can use hdparm -Tt / dev / hda to test the effect before and after joining.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Malware collection gd list by UNdercOde
pinterest.com/UndercodeOfficial
π¦ ππΌππ πππΈβπ :
> Capture and collect your own samples
1) Conpot -ICS / SCADA Honeypot
2) Cowrie -Kippo-based SSH honeypot
3) Dionaea -Honeypot to catch malware
4) Glastopf -Web Application Honeypot
5) Honeyd -Create a virtual honeypot
6) HoneyDrive -Linux distribution for honeypot packages
Mnemosyne -Honeypot data standardization supported by Dinoaea
7) Thug -Low-interaction honeypot for investigating malicious websites
Malware Sample Library
π¦ Collect malware samples for analysis
1) Clean MX -Real-time database of malware and malicious domains
2 )Contagio -Collection of recent malware samples and analysis
3) Exploit Database -Exploit and shellcode samples
4) Malshare -A large library of malicious samples obtained on malicious websites.
5) MalwareDB -Malware sample library
6) Open Malware Project -Sample Information and Download
7)-Ragpicker -A plugin based on the malware crawler.
8) the Zoo -Real-time malicious sample library for analysts
9) Tracker h3x -Agregator's malware tracking and download address
V
10) iruSign -Database of malware detected by anti-virus programs other than ClamAV
11) VirusShare -Malware library
12) VX Vault -Active Collection of Malware Samples
13) Zeltser's Sources -List of malware sample sources compiled by Lenny Zeltser
14) Zeus Source Code -Zeus source code leaked in 2011
π¦ Will write tutorial for each one
written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Malware collection gd list by UNdercOde
pinterest.com/UndercodeOfficial
π¦ ππΌππ πππΈβπ :
> Capture and collect your own samples
1) Conpot -ICS / SCADA Honeypot
2) Cowrie -Kippo-based SSH honeypot
3) Dionaea -Honeypot to catch malware
4) Glastopf -Web Application Honeypot
5) Honeyd -Create a virtual honeypot
6) HoneyDrive -Linux distribution for honeypot packages
Mnemosyne -Honeypot data standardization supported by Dinoaea
7) Thug -Low-interaction honeypot for investigating malicious websites
Malware Sample Library
π¦ Collect malware samples for analysis
1) Clean MX -Real-time database of malware and malicious domains
2 )Contagio -Collection of recent malware samples and analysis
3) Exploit Database -Exploit and shellcode samples
4) Malshare -A large library of malicious samples obtained on malicious websites.
5) MalwareDB -Malware sample library
6) Open Malware Project -Sample Information and Download
7)-Ragpicker -A plugin based on the malware crawler.
8) the Zoo -Real-time malicious sample library for analysts
9) Tracker h3x -Agregator's malware tracking and download address
V
10) iruSign -Database of malware detected by anti-virus programs other than ClamAV
11) VirusShare -Malware library
12) VX Vault -Active Collection of Malware Samples
13) Zeltser's Sources -List of malware sample sources compiled by Lenny Zeltser
14) Zeus Source Code -Zeus source code leaked in 2011
π¦ Will write tutorial for each one
written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β