This will turn the value off and provide space for inserting the onmouseover event handler. Point to alert (1) followed by double slashes to comment out the hanging quotes. When the victim points the mouse to the affected input field, a js popup window will be triggered.

🦑 will posts some from our hacking video tutorial later on youtube (more detailed )

5) Js (JavaScript) block in HTMLi
The input sometimes falls into a javascript block, usually the value of some variable in the code. However, because HTML tags have priority in the browser's parsing, we can simply terminate the block and insert a new tag.

6) Simple Js injection
If script tags were filtered in some way, the previous method would fail.

7) Escaped Js Injection
In the former case, if you escape the quotes (responsible for the breakthrough of the variable value) with a backslash (\), the injection will not work (the syntax is invalid).

> That's it for today. Recently, two-way foil security launched a practical class for vulnerability mining

🦑those xss vulnerabilities everyone should know

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Universal Radio Hacker: investigate wireless protocols 2020 from few hours updated :
fb.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

The Universal Radio Hacker (URH) is a software for investigating unknown wireless protocols. Features include

1) hardware interfaces for common Software Defined Radios
easy demodulation of signals

2) assigning participants to keep an overview of your data
customizable decodings to crack even sophisticated encodings like C1101 data whitening

3) assign labels to reveal the logic of the protocol

4) automatic reverse engineering of protocol fields

5) fuzzing component to find security leaks

6) modulation support to send the data back to the target

7)simulation environment to perform stateful attacks

🦑 Without installation
To execute the Universal Radio Hacker without installation, just run:

git clone https://github.com/jopohl/urh/
cd urh/src/urh
./main.py
Note, before first usage the C++ extensions will be built.

🦑 Installing from source
To install from source you need to have python-setuptools installed. You can get it e.g. with pip install setuptools. Once the setuptools are installed use:

git clone https://github.com/jopohl/urh/
cd urh
python setup.py install

🦑TESTED BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Analysis of DLink RCE Vulnerability CVE-2019-17621
fb.com/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> Environment construction
Before installing and configuring the operating environment, you must know the version of the Linux system you are using and the version of Qemu, because this directly affects your subsequent choice of installing various dependent packages, mips qemu images, etc., all versions correspond to . The RUN the To correctly & Final System of The Basic Environment for the this IS The Vulnerability Analysis and Machine The Virtual Previous Ubuntu18.04 Qemu Compiled and Runtime Environment based Installed The ON-QEMU 4.0.0 Source code:

1) QEMU Image at The debianmips the Download from Site at The https://people.debian.org/~aurel32/qemu/mips/ . Since at The Virtual Machine IS Ubuntu Linux, download debian_squeeze_mips_standard.qcow2 and vmlinux-2.6.32-5-4kc-malta

🦑 MIPS system network configuration

1) To use QEMU to run a MIPS system, you need to set the ubuntu virtual machine as a bridge, so that the ubuntu system can communicate with the QEMU virtual machine and transmit data (this operation is similar to configuring the VMware Workstation bridge to communicate with the physical machine).

2) To get the installation dependencies, execute the following command:

> sudo apt-get install bridge-utils uml-utilities

> Ubuntu modified host network configuration, the network interface

> ubuntu configuration file / etc / network / interfaces modified as follows and save it, close:
sudo gedit /etc/network/interfaces

3) Modified QEMU network interface startup script, reboot the network configuration to take effect, execute the following command:

sudo gedit /etc/qemu-ifup

🦑Save the file / etc / qemu-ifup later, given executable permissions, and then restart all network configurations take effect:

> sudo chmod a + x / etc / qemu-ifup

> sudo /etc/init.d/networking restart

🦑 QEMU launch configuration
Before Qemu run to start bridging network, execute the following command in the local ubuntu command line terminal (Note: ens33 as the default ubuntu NIC):

> sudo ifdown ens33

> sudo ifup br0

>QEMU MIPS virtual machine starts
Mips into the front of a mirror download directory, execute the following command:

sudo qemu-system-mips -M malta -kernelvmlinux-2.6.32-5-4kc-malta -hda debian_

> Input root / root sign can mips QEMU virtual machine, the operation will be more mips to the virtual machine, it may open a new unbuntu terminal, connected to the SSH qemu mips:

🦑 Firmware simulation run
fb.com/undercodetesting
At The Router Firmware containing at The the Download Vulnerable Version from DLink at The Official Website: ftp://ftp2.dlink.com/PRODUCTS/DIR-859/DIR-859_REVA_FIRMWARE_v1.05B03.zip , to use binwalk-Me Directly at The Firmware to Decompress at The GET file system file:

> The firmware simulation operation can be considered in two ways:

1) upload the file system to the qemu mips virtual machine to run; ② run the firmware with the firmadyne tool (of course, you can also try AttifyOS VM):

2) Use the scp command to upload the squashfs-root directory to the qemu mips virtual machine:

3) chroot / root / squashfs-root sh

4) Run firmware with the help of firmadyne tool

Firmadyne is an automated analytical framework can be cut and firmware for embedded Linux systems, it supports reverse QEMU system firmware embedded system simulation execution, use it to simulate router firmware, perform router. Installation and use methods detailed https://github.com/ firmadyne / firmadyne . Note: Firmadyne Before installation, install firmware-analysis-toolkit, installation methods are detailed in https://github.com/attify/firmware-analysis-toolkit , after the installation is complete directories created firmadyne in firmware-analysis -toolkit directory and download installation Firmadyne.After completion of all of the respective mounting as follows (note that two tools to be installed in full in accordance with the steps, or subsequent firmware will run error):

5) Fat.py first move files in and reset.py firmware-analysis-toolkit firmadyne directory to the directory; proceed to set the path firmadyne.config firmadyne modified as follows:

6) The firmware files copied to the bin directory firmadyne continue to execute the following command:

rm -rf images*

python3 reset.py

sudo -u postgres createdb -O firmadyne firmware

sudo -u postgres psql -d firmware < ./database/schema

./sources/extractor/extractor.py -b Dlink -sql 127.0.0.1 -np-nk "DIR859Ax_FW105b03.bin" images

./scripts/getArch.sh ./images/1.tar.gz

./scripts/makeImage.sh 1

./scripts/inferNetwork.sh 1

./scratch/1/run.sh

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

2) Remote debugging
At The Router Firmware has been successfully RUN, and the then at The target Program CAN BE debugged. At the this Time, Remote the debugging CAN BE Performed with at The Help of IDA in at The PHYSICAL Machine (of Course,, IDA CAN Also BE Installed in Ubuntu). There are still two ideas for debugging:

3) In the qemu mips virtual machine, use the static gdbserver and remote IDA's "remote GDB debugger" function to dynamically debug the target mips program. It should be noted here that the static gdbserver file format must correspond to the big / small end of the . mips system You can use the file command to view information about the firmware:

4) Therefore, you must first cross-compile to obtain a static gdbserver file in 32-bit MSB format. You can choose Openwrt or Buildroot for cross-compilation, which is omitted here.

After > in ubuntu solving firmware file system, use the chroot command, with qemu-mips-static run target file (cgibin object files), then Accessories IDA dynamic remote debugging, first perform the following command in ubuntu in:

> chroot ../qemu-mips-static -g 1235./htdocs/cgibin
...

END OF TUTORIAL
WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Fast Tutorial For beginers + Pictures Bugs Wifi
Analysis of DLink RCE Vulnerability CVE-2019-17621

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 Optimize script, High-Performance Monitoring System :
t.me/undercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) mkdir -p $GOPATH/src/github.com/didi

2) cd $GOPATH/src/github.com/didi

3) git clone https://github.com/didi/nightingale.git

4) cd nightingale

# export env[GOPROXY] if your network is not good

# export GOPROXY=https://mirrors.aliyun.com/goproxy/

5) ./control build

🦑FEATURES :

Scalability
Scalable monitoring system is necessary to support rapid business growth. Each module of Nightingale is super easy to scale horizontally.

Performance
With RRA(Round Robin Archive) mechanism and memory TSDB, the one-year history data of 100+ metrics could be returned in just one second.

High Availability
No critical single point of failure, easy to operate and deploy. The system will not be affected if any machine is hung up.

Flexibility
Nightingale collector is compatible with falcon-agent. Plugin mechanism and log collector are built-in.

Efficiency
Integrated with object tree, Nightingale supports strategy inheritance, multiple alerting method, and callback for recovery.

Easy Deployment
All modules have been rewritten in go, which reduces the number of modules and greatly reduces the difficulty of deployment.

🦑Tested by UnderCode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 TOPIC Flutter makes it easy and fast to build beautiful mobile apps :
twitter.com/UnderCodeNews

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> System requirements
To install and run Flutter, your development environment must meet these minimum requirements:

> Operating Systems: Windows 7 SP1 or later (64-bit)
Disk Space: 400 MB (does not include disk space for IDE/tools).
Tools: Flutter depends on these tools being available in your environment.

🦑 Windows PowerShell 5.0 or newer (this is pre-installed with Windows 10)
Git for Windows 2.x, with the Use Git from the Windows Command Prompt option.

> If Git for Windows is already installed, make sure you can run git commands from the command prompt or PowerShell.

🦑 Get the Flutter SDK
Download the following installation bundle to get the latest stable release of the Flutter SDK:

1) For other release channels, and older builds, see the SDK archive page.

2) Extract the zip file and place the contained flutter in the desired installation location for the Flutter SDK (for example, C:\src\flutter; do not install Flutter in a directory like C:\Program Files\ that requires elevated privileges).

3) If you don’t want to install a fixed version of the installation bundle, you can skip steps 1 and 2. Instead, get the source code from the Flutter repo on GitHub, and change branches or tags as needed. For example:

4) content_copy
C:\src>git clone https://github.com/flutter/flutter.git -b stable
You are now ready to run Flutter commands in the Flutter Console!

5) Update your path
If you wish to run Flutter commands in the regular Windows console, take these steps to add Flutter to the PATH environment variable:

6) From the Start search bar, enter ‘env’ and select Edit environment variables for your account.
Under User variables check if there is an entry called Path:

7) If the entry exists, append the full path to flutter\bin using ; as a separator from existing values.
If the entry doesn’t exist, create a new user variable named Path with the full path to flutter\bin as its value.
Note that you have to close and reopen any existing console windows for these changes to take effect.

🦑 Run flutter doctor

1) From a console window that has the Flutter directory in the path (see above), run the following command to see if there are any platform dependencies you need to complete the setup:

2) content_copy

> C:\src\flutter>flutter doctor

3) This command checks your environment and displays a report of the status of your Flutter installation. Check the output carefully for other software you might need to install or further tasks to perform (shown in bold text).

🦑 For example:

content_copy
[-] Android toolchain - develop for Android devices
• Android SDK at D:\Android\sdk
✗ Android SDK is missing command line tools; download from https://goo.gl/XxQghQ
• Try re-installing or updating your Android SDK,
visit https://flutter.dev/setup/#android-setup for detailed instructions.

🦑 LINUX INSTALL :

System requirements
>To install and run Flutter, your development environment must meet these minimum requirements:

🦑Operating Systems: Linux (64-bit)
Disk Space: 600 MB (does not include disk space for IDE/tools).
Tools: Flutter depends on these command-line tools being available in your environment.
bash
curl
git 2.x
mkdir
rm
unzip
which
xz-utils
zip
Shared libraries: Flutter test command depends on this library being available in your environment.
libGLU.so.1 - provided by mesa packages such as libglu1-mesa on Ubuntu/Debian

1) Get the Flutter SDK

2) Download the following installation bundle to get the latest stable release of the Flutter SDK:

3) For other release channels, and older builds, see the SDK archive page.

4) Extract the file in the desired location, for example:

content_copy
5) cd ~/development

6) tar xf ~/Downloads/flutter_linux_v1.12.13+hotfix.8-stable.tar.xz