β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ALL YOU NEED TO KNOW ABOUT AMPLIFICATION IN DDOS :
t.me/UndercodeTesting
π¦ Vulnerability details
> About DDoS amplification :
1) As an attacker, you need to forge IP. Send a request for sea, quantity, and forged sources. The computer room (firewallrules and uRPF) without BCP38.
2) As a reflection service , two conditions need to be met. First, the udp protocol, which is easy to enlarge, is running on it. That is, using udp or improperly designed udp services can meet certain conditions, and the response packet is much larger than the request packet. Second, the agreement or service has certain use on the Internet, such as dns, ntp and other basic services.
3) Victims, due to the intention of ddos, the victims are generally ι, games, politics and other goals, or for the purpose of destruction, dazzling skills and so on.
π¦About Memcrashed :
1) Since Memcache monitors both TCP and UDP, it naturally meets the reflective DDoS conditions.
2) Memcache is established as an enterprise application, and its business characteristics ensure a high upload bandwidth.
3) Memcache can interact without authentication.
Many users monitor service errors during compilation and installation 0.0.0.0, and do not configure iptables rules or cloud security tenant configuration.
π¦Attack process :
Scan all network port services.
Perform fingerprint identification to obtain unauthenticated Memcache.
Filter all reflective UDP Memcache.
Insert the data state for reflection.
π¦ Attack effect : As previously stated by the 360 ββInformation Security Department 0kee Team in the community, the highest single transmission can be achieved 816200, and the lowest382099
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ALL YOU NEED TO KNOW ABOUT AMPLIFICATION IN DDOS :
t.me/UndercodeTesting
π¦ Vulnerability details
> About DDoS amplification :
1) As an attacker, you need to forge IP. Send a request for sea, quantity, and forged sources. The computer room (firewallrules and uRPF) without BCP38.
2) As a reflection service , two conditions need to be met. First, the udp protocol, which is easy to enlarge, is running on it. That is, using udp or improperly designed udp services can meet certain conditions, and the response packet is much larger than the request packet. Second, the agreement or service has certain use on the Internet, such as dns, ntp and other basic services.
3) Victims, due to the intention of ddos, the victims are generally ι, games, politics and other goals, or for the purpose of destruction, dazzling skills and so on.
π¦About Memcrashed :
1) Since Memcache monitors both TCP and UDP, it naturally meets the reflective DDoS conditions.
2) Memcache is established as an enterprise application, and its business characteristics ensure a high upload bandwidth.
3) Memcache can interact without authentication.
Many users monitor service errors during compilation and installation 0.0.0.0, and do not configure iptables rules or cloud security tenant configuration.
π¦Attack process :
Scan all network port services.
Perform fingerprint identification to obtain unauthenticated Memcache.
Filter all reflective UDP Memcache.
Insert the data state for reflection.
π¦ Attack effect : As previously stated by the 360 ββInformation Security Department 0kee Team in the community, the highest single transmission can be achieved 816200, and the lowest382099
written by undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦RSA ATTACKs :
twitter.com/UndercodeNews
A ) It enables you to test the RSA public key to understand the described vulnerability.
> currently supports the following main formats:
X509 certificate, DER encoding, one * .der, * .crt per file
X509 certificate, PEM encoding, more per file, * .pem
RSA PEM encode private key, public key, more per file, * .pem (must have correct title ----- BEGIN RSA ...)
SSH public key, * .pub, starting with "ssh-rsa", one per line
ASC encoded PGP keys, * .pgp, * .asc. Each file is more and must have the correct title ---- BEGIN PGP ...
APK android application, * .apk
One module * .txt for each line of text file, the module can be a) base64 coded number, b) hex coded number, c) decimal coded
JSON file with modulus, one record per line, supporting certificate with key "cert" with key "certificate" / key "mod" with certificate array (int, base64, hex, dec encoding support), base64 Encode DER.
LDIFF file-LDAP database dump. Any field ending in "; binary" will try to decode to X509 certificate
Java Key Store file (JKS). Try to use an empty password and some common ones, use --jks-pass-file to specify more passwords
PKCS7 signature and user certificate
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦RSA ATTACKs :
twitter.com/UndercodeNews
A ) It enables you to test the RSA public key to understand the described vulnerability.
> currently supports the following main formats:
X509 certificate, DER encoding, one * .der, * .crt per file
X509 certificate, PEM encoding, more per file, * .pem
RSA PEM encode private key, public key, more per file, * .pem (must have correct title ----- BEGIN RSA ...)
SSH public key, * .pub, starting with "ssh-rsa", one per line
ASC encoded PGP keys, * .pgp, * .asc. Each file is more and must have the correct title ---- BEGIN PGP ...
APK android application, * .apk
One module * .txt for each line of text file, the module can be a) base64 coded number, b) hex coded number, c) decimal coded
JSON file with modulus, one record per line, supporting certificate with key "cert" with key "certificate" / key "mod" with certificate array (int, base64, hex, dec encoding support), base64 Encode DER.
LDIFF file-LDAP database dump. Any field ending in "; binary" will try to decode to X509 certificate
Java Key Store file (JKS). Try to use an empty password and some common ones, use --jks-pass-file to specify more passwords
PKCS7 signature and user certificate
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
X (formerly Twitter)
UNDERCODE NEWS (@UndercodeNews) on X
π¦ Latest in Cyber & Tech News with AI-Powered Analysis and Fact Checking.
γjoin us: https://t.co/YVv330UsjQ
More: @DailyCve @UndercodeUpdate
γjoin us: https://t.co/YVv330UsjQ
More: @DailyCve @UndercodeUpdate
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦RSA key security vulnerability detection tool
> kali-parrot-ubuntu...
t.me/UndercodeTesting
π¦ INSTALLISATION & RUN :
> Clone https://github.com/crocs-muni/roca
1) Pip installation
> Install with pip (install all dependencies)
2) pip install roca-detect
Local installation
3) Execute in the root folder of the package:
pip install --upgrade --find-links=. .
rely
4) You may need to install other dependencies, so pip you can install encryption packages, for example.
π¦ CentOS / RHELοΌ
> sudo yum install python-devel python-pip gcc gcc-c++ make automake
> autoreconf libtool openssl-devel libffi-devel dialog
π¦ UbuntuηοΌ
sudo apt-get install python-pip python-dev build-essential libssl-dev libffi-dev swig
usage
π¦ Basic usage of printing:
1) If installed with pip / manually
roca-detect --help
2) Without installation (can miss dependencies)
python fingerprint/detect.py
3) The test tool accepts multiple file names / directories as input parameters. It returns a report showing how many files have been fingerprinted (and which files).
π¦ Example:
Run recursively on all SSH keys and known_hosts:
$> roca-detect ~/.ssh
2017-10-16 13:39:21 [51272] INFO ### SUMMARY ####################
2020 13:39:21 [51272] INFO Records tested: 92
2020 13:39:21 [51272] INFO .. PEM certs :. . . 0
202013:39:21 [51272] INFO .. DER certs :. . . 0
2020 13:39:21 [51272] INFO .. RSA key files: . 16
...
π¦ PGP key
1) To test your PGP key, you can export it from your email client or download it from the PGP key server, for example https://pgp.mit.edu/
2) You can also use the gpg command line utility to export your public key:
gpg --armor --export your@email.com > mykey.asc
π¦ ADVANCED CASES
1) The detection tool extracts displayable keyword information:
> roca-detect.py --dump --flatten --indent ~/.ssh/
Advanced installation method
2) Virtual environment
It is generally recommended to create a new python virtual environment for the project:
virtualenv ~/pyenv
source ~/pyenv/bin/activate
pip install --upgrade pip
pip install --upgrade --find-links=. .
Separate Python 2.7.13
3) It will not work with lower Python versions. Use to pyenv install a new Python version. It downloads the Python source internally and installs it ~/.pyenv.
git clone https://github.com/pyenv/pyenv.git ~/.pyenv
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(pyenv init -)"' >> ~/.bashrc
exec $SHELL
pyenv install ..v
pyenv local ..v
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦RSA key security vulnerability detection tool
> kali-parrot-ubuntu...
t.me/UndercodeTesting
π¦ INSTALLISATION & RUN :
> Clone https://github.com/crocs-muni/roca
1) Pip installation
> Install with pip (install all dependencies)
2) pip install roca-detect
Local installation
3) Execute in the root folder of the package:
pip install --upgrade --find-links=. .
rely
4) You may need to install other dependencies, so pip you can install encryption packages, for example.
π¦ CentOS / RHELοΌ
> sudo yum install python-devel python-pip gcc gcc-c++ make automake
> autoreconf libtool openssl-devel libffi-devel dialog
π¦ UbuntuηοΌ
sudo apt-get install python-pip python-dev build-essential libssl-dev libffi-dev swig
usage
π¦ Basic usage of printing:
1) If installed with pip / manually
roca-detect --help
2) Without installation (can miss dependencies)
python fingerprint/detect.py
3) The test tool accepts multiple file names / directories as input parameters. It returns a report showing how many files have been fingerprinted (and which files).
π¦ Example:
Run recursively on all SSH keys and known_hosts:
$> roca-detect ~/.ssh
2017-10-16 13:39:21 [51272] INFO ### SUMMARY ####################
2020 13:39:21 [51272] INFO Records tested: 92
2020 13:39:21 [51272] INFO .. PEM certs :. . . 0
202013:39:21 [51272] INFO .. DER certs :. . . 0
2020 13:39:21 [51272] INFO .. RSA key files: . 16
...
π¦ PGP key
1) To test your PGP key, you can export it from your email client or download it from the PGP key server, for example https://pgp.mit.edu/
2) You can also use the gpg command line utility to export your public key:
gpg --armor --export your@email.com > mykey.asc
π¦ ADVANCED CASES
1) The detection tool extracts displayable keyword information:
> roca-detect.py --dump --flatten --indent ~/.ssh/
Advanced installation method
2) Virtual environment
It is generally recommended to create a new python virtual environment for the project:
virtualenv ~/pyenv
source ~/pyenv/bin/activate
pip install --upgrade pip
pip install --upgrade --find-links=. .
Separate Python 2.7.13
3) It will not work with lower Python versions. Use to pyenv install a new Python version. It downloads the Python source internally and installs it ~/.pyenv.
git clone https://github.com/pyenv/pyenv.git ~/.pyenv
echo 'export PYENV_ROOT="$HOME/.pyenv"' >> ~/.bashrc
echo 'export PATH="$PYENV_ROOT/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(pyenv init -)"' >> ~/.bashrc
exec $SHELL
pyenv install ..v
pyenv local ..v
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β