π¦Configuration example of proxy server and router part 4
Router configuration
(1) Network connection diagram:
Note: In the above figure, all computers in the unit communicate directly with the internal network card (192.168.0.4) on the proxy server through the switch, and then pass under the control of the proxy service software The router accesses the Internet.
(2) Configuration of the router
en
config t
int e0 / 0
ip address 211.90.139.41 255.255.255.252
exit
(set the IP address of the Ethernet port)
interface s0 / 0
ip address 211.90.137.25 255.255.255.252
exit
(set the IP address of the WAN port)
ip route 0.0.0.0 0.0.0.0 211.90.137.26
ip routing
(set the dynamic route and activate the route)
end
wr
(save the settings made)
Router configuration
(1) Network connection diagram:
Note: In the above figure, all computers in the unit communicate directly with the internal network card (192.168.0.4) on the proxy server through the switch, and then pass under the control of the proxy service software The router accesses the Internet.
(2) Configuration of the router
en
config t
int e0 / 0
ip address 211.90.139.41 255.255.255.252
exit
(set the IP address of the Ethernet port)
interface s0 / 0
ip address 211.90.137.25 255.255.255.252
exit
(set the IP address of the WAN port)
ip route 0.0.0.0 0.0.0.0 211.90.137.26
ip routing
(set the dynamic route and activate the route)
end
wr
(save the settings made)
π¦Configuration example of proxy server and router part 5
5) Proxy settings
> proxy server must be installed by two network cards, one for connection to the internal LAN, the IP address set for the internal private address (eg: 192.168.0.4 netmask 255.255.255.0) without providing a gateway. The other one is used to connect to the router, set the legal address assigned by Unicom (211.90.139.42 netmask 255.255.255.252), and set its gateway to: 211.90.139.41 (router Ethernet port).
> After setting up the network card according to the above method, install another set of agent software. (For example: MS PROXY SERVER 2.0, WINGATE, etc., please refer to other materials for the installation and debugging methods of the agent software)
6) Workstation setup
(1) INTERNET EXPLORER set
Tools menu -> internet options -> Connections -> LAN Settings -> Use a proxy server -> Address: 192.168.0.4 port: 80> OK
π¦Router configuration
en
config t
ip nat pool c2610 211.90.139.41 211.90.139.42 netmask 255.255.255.252
(define an address pool c2601, which contains two free legal IP addresses , For NAT conversion)
int e0 / 0
ip address 192.168.1.1 255.255.255.0
ip nat inside
exit
(set the Ethernet port's IP address and set it as the port to connect to the internal network)
interface s0 / 0
ip address 211.90.137.25 255.255.255.252
ip nat outside
exit
(set the WAN port IP address, and set it as the port to connect to the external network)
ip route 0.0.0.0 0.0.0.0 211.90.137.26
(set dynamic routing)
access-list 2 permit 192.168.0.1 0.0.0.255
(establish access control list)
! Dynamic NAT
!
ip nat inside source list 2 pool c2610 overload
(establish dynamic address translation)
line console 0
exec-timeout 0 0
!
line vty 0 4
end
wr
(save settings made)
5) Proxy settings
> proxy server must be installed by two network cards, one for connection to the internal LAN, the IP address set for the internal private address (eg: 192.168.0.4 netmask 255.255.255.0) without providing a gateway. The other one is used to connect to the router, set the legal address assigned by Unicom (211.90.139.42 netmask 255.255.255.252), and set its gateway to: 211.90.139.41 (router Ethernet port).
> After setting up the network card according to the above method, install another set of agent software. (For example: MS PROXY SERVER 2.0, WINGATE, etc., please refer to other materials for the installation and debugging methods of the agent software)
6) Workstation setup
(1) INTERNET EXPLORER set
Tools menu -> internet options -> Connections -> LAN Settings -> Use a proxy server -> Address: 192.168.0.4 port: 80> OK
π¦Router configuration
en
config t
ip nat pool c2610 211.90.139.41 211.90.139.42 netmask 255.255.255.252
(define an address pool c2601, which contains two free legal IP addresses , For NAT conversion)
int e0 / 0
ip address 192.168.1.1 255.255.255.0
ip nat inside
exit
(set the Ethernet port's IP address and set it as the port to connect to the internal network)
interface s0 / 0
ip address 211.90.137.25 255.255.255.252
ip nat outside
exit
(set the WAN port IP address, and set it as the port to connect to the external network)
ip route 0.0.0.0 0.0.0.0 211.90.137.26
(set dynamic routing)
access-list 2 permit 192.168.0.1 0.0.0.255
(establish access control list)
! Dynamic NAT
!
ip nat inside source list 2 pool c2610 overload
(establish dynamic address translation)
line console 0
exec-timeout 0 0
!
line vty 0 4
end
wr
(save settings made)
π¦Configuration example of proxy server and router part 6-final
1) Proxy server settings
> Two network cards are installed on the proxy server, and both network cards are connected to the switch. The network card 1 sets the IP address as 192.168.0.4 without a gateway; the network card 2 sets the IP address as 192.168.1.2 and sets its gateway as 192.168.1.1 (Router Ethernet port).
> After setting up the network card according to the above method, install another set of agent software. (For example: MS PROXY SERVER 2.0, WINGATE, etc., please refer to other materials for the installation and debugging methods of the agent software)
Note: When installing the agent software (using MS-PROXY 2.0 as an example), when specifying the LAT table, the address range should be 192.168 .0.0-192.168.255.255 is excluded, otherwise the proxy will not work properly.
2) The workstation is provided
under this configuration, the workstation may be provided by a proxy access may also be provided directly to the Internet through a gateway.
If you only access the Internet through a proxy, the setting method is exactly the same as
π¦Method 2.
1) If you want to access the Internet only through the gateway, the workstation must be set to a static IP address. The IP address should be set to 192.168.1.X, which
is on the same network segment as the router Ethernet port, and the gateway should be set to: 192.168.1.1, and DNS to be the access provider The address provided.
2) If you want the two methods to coexist, you need to set two static IP addresses in TCP / IP: 192.168.0.X and 192.168.1.X, and set the gateway to: 192.168.1.1, DNS is the address provided by the access provider . When in use, you only need to open or close the proxy settings in the browser and other software to switch between the proxy and the gateway.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
1) Proxy server settings
> Two network cards are installed on the proxy server, and both network cards are connected to the switch. The network card 1 sets the IP address as 192.168.0.4 without a gateway; the network card 2 sets the IP address as 192.168.1.2 and sets its gateway as 192.168.1.1 (Router Ethernet port).
> After setting up the network card according to the above method, install another set of agent software. (For example: MS PROXY SERVER 2.0, WINGATE, etc., please refer to other materials for the installation and debugging methods of the agent software)
Note: When installing the agent software (using MS-PROXY 2.0 as an example), when specifying the LAT table, the address range should be 192.168 .0.0-192.168.255.255 is excluded, otherwise the proxy will not work properly.
2) The workstation is provided
under this configuration, the workstation may be provided by a proxy access may also be provided directly to the Internet through a gateway.
If you only access the Internet through a proxy, the setting method is exactly the same as
π¦Method 2.
1) If you want to access the Internet only through the gateway, the workstation must be set to a static IP address. The IP address should be set to 192.168.1.X, which
is on the same network segment as the router Ethernet port, and the gateway should be set to: 192.168.1.1, and DNS to be the access provider The address provided.
2) If you want the two methods to coexist, you need to set two static IP addresses in TCP / IP: 192.168.0.X and 192.168.1.X, and set the gateway to: 192.168.1.1, DNS is the address provided by the access provider . When in use, you only need to open or close the proxy settings in the browser and other software to switch between the proxy and the gateway.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦top rated Apps to Get Followers on TikTok
t.me/UndercodeTesting
https://tokupgrade.com/
https://toksocial.com/
http://social-viral.net/
http://mediamister.net/
http://followersup.net/
https://play.google.com/store/apps/details?id=com.tiktokvideos.hotfunnyvideos&hl=en
https://freetiktok.com/
https://m.apkpure.com/followers-for-tiktok/us.TikTok.Followers.Likes.Fans
https://apkpure.com/free-tik-tok-followers/com.freefans.freefollower
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦top rated Apps to Get Followers on TikTok
t.me/UndercodeTesting
https://tokupgrade.com/
https://toksocial.com/
http://social-viral.net/
http://mediamister.net/
http://followersup.net/
https://play.google.com/store/apps/details?id=com.tiktokvideos.hotfunnyvideos&hl=en
https://freetiktok.com/
https://m.apkpure.com/followers-for-tiktok/us.TikTok.Followers.Likes.Fans
https://apkpure.com/free-tik-tok-followers/com.freefans.freefollower
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦SPEED UP YOUR HOST BY NSA - βοΈ
> DataWave is an ingest/query framework that leverages Apache Accumulo to provide fast, secure data access.
twitter.com/UndercodenEWS
π¦FEATURES :
> Data fusion across structured and unstructured datasets
> Construction and analysis of distributed graphs
> Multi-tenant data architectures, with tenants having distinct security requirements and data access patterns
> Fine-grained control over data access, integrated easily with existing user-authorization services and PKI
π¦ππΌπ'π πππΈβπ :
1) clone https://github.com/NationalSecurityAgency/datawave.git
2) echo "source DW_SOURCE/contrib/datawave-quickstart/bin/env.sh" >> ~/.bashrc # Step 1
$ source ~/.bashrc # Step 2
$ allInstall # Step 3
$ datawaveWebStart && datawaveWebTest # Step 4
# Setup is now complete
3) The four commands above will complete the entire quickstart installation. However, itβs a good idea to at least skim over the sections below to get an idea of how the setup works and how to customize it for your own preferences.
4) To keep things simple, DataWave, Hadoop, Accumulo, ZooKeeper, and Wildfly will be installed under your DW_SOURCE/contrib/datawave-quickstart directory, and all will be owned by / executed as the current user.
π¦Important: If you currently have any of the above installed locally under any user account, you should ensure that all are stopped/disabled before proceeding
1: Update ~/.bashrc
2: Bootstrap the Environment
3: Install Services
4: Start Wildfly & Run Tests
Step 1: Update ~/.bashrc
1.1 Add the Quickstart Environment
This step ensures that your DataWave environment and all its services will remain configured correctly across bash sessions.
5) $ echo "source DW_SOURCE/contrib/datawave-quickstart/bin/env.sh" >> ~/.bashrc # Step
The env.sh script is a wrapper that bootstraps each service in turn by sourcing its respective {servicename}/boostrap.sh script. These scripts define supporting bash variables and functions, encapsulating configuration and functionality consistently for all services.
π¦ Override Default Binaries
1) To override the quickstartβs default version of a particular binary, simply override the desired DW_*_DIST_URI value as shown below. URIs may be local or remote. Local file URI values must be prefixed with file://
$ vi ~/.bashrc
...
> export DW_HADOOP_DIST_URI=file:///my/local/binaries/hadoop-x.y.z.tar.gz
> export DW_ACCUMULO_DIST_URI=http://some.apache.mirror/accumulo/1.x/accumulo-1.x-bin.tar.gz
> export DW_ZOOKEEPER_DIST_URI=http://some.apache.mirror/zookeeper/x.y/zookeeper-x.y.z.tar.gz
> export DW_WILDFLY_DIST_URI=file:///my/local/binaries/wildfly-10.x.tar.gz
> export DW_MAVEN_DIST_URI=file:///my/local/binaries/apache-maven-x.y.z.tar.gz
5) source DW_SOURCE/contrib/datawave-quickstart/bin/env.sh
# If building the quickstart docker image, you only need the exports, no need to source env.sh
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦SPEED UP YOUR HOST BY NSA - βοΈ
> DataWave is an ingest/query framework that leverages Apache Accumulo to provide fast, secure data access.
twitter.com/UndercodenEWS
π¦FEATURES :
> Data fusion across structured and unstructured datasets
> Construction and analysis of distributed graphs
> Multi-tenant data architectures, with tenants having distinct security requirements and data access patterns
> Fine-grained control over data access, integrated easily with existing user-authorization services and PKI
π¦ππΌπ'π πππΈβπ :
1) clone https://github.com/NationalSecurityAgency/datawave.git
2) echo "source DW_SOURCE/contrib/datawave-quickstart/bin/env.sh" >> ~/.bashrc # Step 1
$ source ~/.bashrc # Step 2
$ allInstall # Step 3
$ datawaveWebStart && datawaveWebTest # Step 4
# Setup is now complete
3) The four commands above will complete the entire quickstart installation. However, itβs a good idea to at least skim over the sections below to get an idea of how the setup works and how to customize it for your own preferences.
4) To keep things simple, DataWave, Hadoop, Accumulo, ZooKeeper, and Wildfly will be installed under your DW_SOURCE/contrib/datawave-quickstart directory, and all will be owned by / executed as the current user.
π¦Important: If you currently have any of the above installed locally under any user account, you should ensure that all are stopped/disabled before proceeding
1: Update ~/.bashrc
2: Bootstrap the Environment
3: Install Services
4: Start Wildfly & Run Tests
Step 1: Update ~/.bashrc
1.1 Add the Quickstart Environment
This step ensures that your DataWave environment and all its services will remain configured correctly across bash sessions.
5) $ echo "source DW_SOURCE/contrib/datawave-quickstart/bin/env.sh" >> ~/.bashrc # Step
The env.sh script is a wrapper that bootstraps each service in turn by sourcing its respective {servicename}/boostrap.sh script. These scripts define supporting bash variables and functions, encapsulating configuration and functionality consistently for all services.
π¦ Override Default Binaries
1) To override the quickstartβs default version of a particular binary, simply override the desired DW_*_DIST_URI value as shown below. URIs may be local or remote. Local file URI values must be prefixed with file://
$ vi ~/.bashrc
...
> export DW_HADOOP_DIST_URI=file:///my/local/binaries/hadoop-x.y.z.tar.gz
> export DW_ACCUMULO_DIST_URI=http://some.apache.mirror/accumulo/1.x/accumulo-1.x-bin.tar.gz
> export DW_ZOOKEEPER_DIST_URI=http://some.apache.mirror/zookeeper/x.y/zookeeper-x.y.z.tar.gz
> export DW_WILDFLY_DIST_URI=file:///my/local/binaries/wildfly-10.x.tar.gz
> export DW_MAVEN_DIST_URI=file:///my/local/binaries/apache-maven-x.y.z.tar.gz
5) source DW_SOURCE/contrib/datawave-quickstart/bin/env.sh
# If building the quickstart docker image, you only need the exports, no need to source env.sh
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Twitter
UNDERCODE TESTING NEWS (@UndercodeNews) | Twitter
The latest Tweets from UNDERCODE TESTING NEWS (@UndercodeNews). EXPERT HACKING | SECURITY | TRAINING & MUCH MORE ...@UndercodeNews @DailyCVE. Lebanon-North
π¦ Many fakes & forks vault 7 cia tools this the official one :
https://github.com/xiaoyanguoke/CIAHackingTools
https://github.com/xiaoyanguoke/CIAHackingTools
GitHub
GitHub - xiaoyanguoke/CIAHackingTools: WikiLeaks Vault 7 CIA Hacking Tools
WikiLeaks Vault 7 CIA Hacking Tools . Contribute to xiaoyanguoke/CIAHackingTools development by creating an account on GitHub.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦important if you have website:
A) Determine if there is an injection point
This is very simple. The most common thing we see is the format of the page: index.php? Id = 2. We know that PHP is often used with the MYSQL database. There must be a table in the MYSQL database, such as setting_table When we submit the above address, the program generally handles it like this:
1.Use GET or POST to get the id = 1 we submitted and pass this value to a variable id.
2. Query: select * from setting_table where id = $ id
The above statement is the query statement, we substitute $ id = 1 is:
select * from setting_table where id = 1
π¦There is no problem with this statement, the information with id 1 will be taken out and displayed to us, so we can see the normal page.
See how we judge:
1. We submit id = 1 and 1 = 1
Let's see what this effect is. The $ id here is 1 and 1 = 1. Let's see what it looks like:
select * from setting_table where id = 1 and 1 = 1
This statement adds an and statement, followed by 1 = 1 is definitely true, so it does not affect the establishment of the above statement, it will also take out the information of id = 1 to display to us, so we see the original normal page.
2. We submit id = 1 and 1 = 2
Take a look at what this effect is. The $ id here is 1 and 1 = 2.
select * from setting_table where id = 1 and 1 = 2
Analyzing this statement, the previous is still the same, except that at the end, and 1 = 2, this is naturally not true! And because it is connected with and, so naturally can not find the conditions! It can only echo us back to an error Or blank page pull ~ !!
The above is the basic reason that we generally use and 1 = 1 & and 1 = 2 to judge, but here we should pay attention to a few points, as follows:
1. When the program is processed, it must be where id = $ id instead of where id = $ id, this single quote is very different, how is it different, I will talk about it later.
2. The program did not process the parameters we submitted or did not handle them well, which led us to submit directly. If the program has more parameters we submitted for processing, it will be different, and it will be later!
π¦important if you have website:
A) Determine if there is an injection point
This is very simple. The most common thing we see is the format of the page: index.php? Id = 2. We know that PHP is often used with the MYSQL database. There must be a table in the MYSQL database, such as setting_table When we submit the above address, the program generally handles it like this:
1.Use GET or POST to get the id = 1 we submitted and pass this value to a variable id.
2. Query: select * from setting_table where id = $ id
The above statement is the query statement, we substitute $ id = 1 is:
select * from setting_table where id = 1
π¦There is no problem with this statement, the information with id 1 will be taken out and displayed to us, so we can see the normal page.
See how we judge:
1. We submit id = 1 and 1 = 1
Let's see what this effect is. The $ id here is 1 and 1 = 1. Let's see what it looks like:
select * from setting_table where id = 1 and 1 = 1
This statement adds an and statement, followed by 1 = 1 is definitely true, so it does not affect the establishment of the above statement, it will also take out the information of id = 1 to display to us, so we see the original normal page.
2. We submit id = 1 and 1 = 2
Take a look at what this effect is. The $ id here is 1 and 1 = 2.
select * from setting_table where id = 1 and 1 = 2
Analyzing this statement, the previous is still the same, except that at the end, and 1 = 2, this is naturally not true! And because it is connected with and, so naturally can not find the conditions! It can only echo us back to an error Or blank page pull ~ !!
The above is the basic reason that we generally use and 1 = 1 & and 1 = 2 to judge, but here we should pay attention to a few points, as follows:
1. When the program is processed, it must be where id = $ id instead of where id = $ id, this single quote is very different, how is it different, I will talk about it later.
2. The program did not process the parameters we submitted or did not handle them well, which led us to submit directly. If the program has more parameters we submitted for processing, it will be different, and it will be later!
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦important if you have website 2 :
Quickly determine the MYSQL version
Premise: You get an injection point, for example: news.php? Id = 1
This point is what you found. Submitting and 1 = 1 and and 1 = 2 are different.
We can guess the version of MYSQL like this. . Proceed as follows:
1. Submit /news.php?id=1/*!40000%20s*/ If it returns to normal, it means that the MYSQL version is below the 4000 version, you can adjust the highest digit in turn, for example, I changed to 39000, if it is normal , Submit 38000 ... until the error message is returned, the last fixed one is the MYSQL version.
The following is the process when I submit the test (only write MYSQL version)
40000 (+)-39000 (+)-38000 (+)-370000 (-)-37900 (+)-37800 (+)-37700 (-)-End !!
The MYSQL version is 37700.
2. In general, we do nβt guess the specific version. We only care whether MYSQL is above 4.0. I think that only MYSQL above 4.0 supports UNION query. The following is not supported, so we often only use / *! 40000% 20s * / See if it is version 4.0 or higher.
PS: / *! 40000% 20s * / here /*!......*/ is a special way of commenting in mysql, there is nothing strange, remember how to use it ~
Lecture 3: How to get the table name by PHP injection.
Ready to write, see someone asked, sum it up, let's count to the third lecture!
Quote:
Originally posted by spirit at 2006-5-16 05:57 PM:
I read a lot of articles ... the eyes are all spent
The things involved are more comprehensive
But I still don't know how to make a table
You can't go directly to the field .. ??
Come one by one
Database table field values ...
I think this logic is correct ...
By the way, I still feel ...
The table is really not easy to do, unlike ASP may be directly exposed, PHP is still not available, we generally have two methods:
1. Guess by experience: For example, admin, user, news, vote, wenzhang, guanliyuan, etc., which are commonly used by everyone, there is no way.
2. Exploit code view: Use Load_file to explode the file code, you can see what table and what field the data is interpolated into, this is very clear, but load_file is also very skillful. . I'll talk about it later.
π¦To be specific:
1. There is nothing to say about this, just guess directly. For example, if you see an injection point, similar to news.php? Id = 1, you can get specific fields by union query, such as: news.php? Id = 1 and 1 = 2 union select 1,2,3,4 is established,
You can guess this: news.php? Id = 1 and 1 = 2 union select 1,2,3,4 from admin / * If there is an admin table, it will return true, otherwise there will be no table admin, other and this the same.
2. This is a bit ultimate. For example, if you get his absolute path, you can load_file (file path) the code of the file. For example, if you violently log in to the administrator's login page, you can see the SQL statement in him Which table did he take the value from, right? "
The principle is like this, think a lot, what you have learned, I hope to share.
π¦ The difference between quotation marks
Many friends do not understand the role of that quote, and think that adding quotes is the same as not adding.
The quotation marks (including single and double) have a great influence on our injection. Here is mainly related to the state of magic. When the magic is off, it has no effect. When the magic is on, it is very different Too. .
Tips: When magic is on, it is the single quote ('), double quote ("), (\), space (), etc. that are automatically submitted for us, plus the escape symbol \, so that the upper ones become (\' ), (\ β), (\\), etc., this is too troublesome for us to inject, examples are as follows.
1. The first example (without quotes)
If the statement is as follows:
QUOTE:
select * from news where newsid = $ id
1. The situation when magic is off
When it is off, the data information submitted by us will not be processed, assuming that an SQL statement is like this;
We can submit the value of $ id in the URL, as we said before to give $ id:
$ id = 1 union select 1,2,3,4 from admin
π¦important if you have website 2 :
Quickly determine the MYSQL version
Premise: You get an injection point, for example: news.php? Id = 1
This point is what you found. Submitting and 1 = 1 and and 1 = 2 are different.
We can guess the version of MYSQL like this. . Proceed as follows:
1. Submit /news.php?id=1/*!40000%20s*/ If it returns to normal, it means that the MYSQL version is below the 4000 version, you can adjust the highest digit in turn, for example, I changed to 39000, if it is normal , Submit 38000 ... until the error message is returned, the last fixed one is the MYSQL version.
The following is the process when I submit the test (only write MYSQL version)
40000 (+)-39000 (+)-38000 (+)-370000 (-)-37900 (+)-37800 (+)-37700 (-)-End !!
The MYSQL version is 37700.
2. In general, we do nβt guess the specific version. We only care whether MYSQL is above 4.0. I think that only MYSQL above 4.0 supports UNION query. The following is not supported, so we often only use / *! 40000% 20s * / See if it is version 4.0 or higher.
PS: / *! 40000% 20s * / here /*!......*/ is a special way of commenting in mysql, there is nothing strange, remember how to use it ~
Lecture 3: How to get the table name by PHP injection.
Ready to write, see someone asked, sum it up, let's count to the third lecture!
Quote:
Originally posted by spirit at 2006-5-16 05:57 PM:
I read a lot of articles ... the eyes are all spent
The things involved are more comprehensive
But I still don't know how to make a table
You can't go directly to the field .. ??
Come one by one
Database table field values ...
I think this logic is correct ...
By the way, I still feel ...
The table is really not easy to do, unlike ASP may be directly exposed, PHP is still not available, we generally have two methods:
1. Guess by experience: For example, admin, user, news, vote, wenzhang, guanliyuan, etc., which are commonly used by everyone, there is no way.
2. Exploit code view: Use Load_file to explode the file code, you can see what table and what field the data is interpolated into, this is very clear, but load_file is also very skillful. . I'll talk about it later.
π¦To be specific:
1. There is nothing to say about this, just guess directly. For example, if you see an injection point, similar to news.php? Id = 1, you can get specific fields by union query, such as: news.php? Id = 1 and 1 = 2 union select 1,2,3,4 is established,
You can guess this: news.php? Id = 1 and 1 = 2 union select 1,2,3,4 from admin / * If there is an admin table, it will return true, otherwise there will be no table admin, other and this the same.
2. This is a bit ultimate. For example, if you get his absolute path, you can load_file (file path) the code of the file. For example, if you violently log in to the administrator's login page, you can see the SQL statement in him Which table did he take the value from, right? "
The principle is like this, think a lot, what you have learned, I hope to share.
π¦ The difference between quotation marks
Many friends do not understand the role of that quote, and think that adding quotes is the same as not adding.
The quotation marks (including single and double) have a great influence on our injection. Here is mainly related to the state of magic. When the magic is off, it has no effect. When the magic is on, it is very different Too. .
Tips: When magic is on, it is the single quote ('), double quote ("), (\), space (), etc. that are automatically submitted for us, plus the escape symbol \, so that the upper ones become (\' ), (\ β), (\\), etc., this is too troublesome for us to inject, examples are as follows.
1. The first example (without quotes)
If the statement is as follows:
QUOTE:
select * from news where newsid = $ id
1. The situation when magic is off
When it is off, the data information submitted by us will not be processed, assuming that an SQL statement is like this;
We can submit the value of $ id in the URL, as we said before to give $ id:
$ id = 1 union select 1,2,3,4 from admin
You can basically get the data we want.
2. The situation when magic is on
There is no difference at this time because we did not submit sensitive characters
Second, the second example looks at the SQL statement it processes:
QUOTE:
select * from news where newsid = $ id
At this time, to successfully use the unfiltered parameter $ id, we can submit as follows:
$ id = 1 'union select 1,2,3,4 from admin / *
There must be a () to close the front, and then add a / * to comment out the back
1. The situation when magic is off
If magic is off, we can submit it directly and use it successfully
2. The situation when magic is on
If magic is on, then the statement we submitted becomes:
$ id = 1 \ 'union select 1,2,3,4 from admin / *
Look, there is no way to use it (although there are loopholes)
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
2. The situation when magic is on
There is no difference at this time because we did not submit sensitive characters
Second, the second example looks at the SQL statement it processes:
QUOTE:
select * from news where newsid = $ id
At this time, to successfully use the unfiltered parameter $ id, we can submit as follows:
$ id = 1 'union select 1,2,3,4 from admin / *
There must be a () to close the front, and then add a / * to comment out the back
1. The situation when magic is off
If magic is off, we can submit it directly and use it successfully
2. The situation when magic is on
If magic is on, then the statement we submitted becomes:
$ id = 1 \ 'union select 1,2,3,4 from admin / *
Look, there is no way to use it (although there are loopholes)
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 2020 instagram topic
> Free Instagram scripts, bots and Python API wrapper. Get free instagram followers with our auto like, auto follow and other scripts!
t.me/UndercodeTesting
π¦ππΌπ'π πππΈβπ :
1) git clone https://github.com/instagrambot/instabot.git
2) cd instabot
3) pip install -U instabot
π¦You will NOT run the code provided in this repo
> You will NOT use this API for marketing purposes (spam, botting, harassment, massive bulk messaging...).
> We do NOT give support to anyone who wants to use this API to send spam or commit other crimes.
β verified by under code as topic insta bot tools
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ 2020 instagram topic
> Free Instagram scripts, bots and Python API wrapper. Get free instagram followers with our auto like, auto follow and other scripts!
t.me/UndercodeTesting
π¦ππΌπ'π πππΈβπ :
1) git clone https://github.com/instagrambot/instabot.git
2) cd instabot
3) pip install -U instabot
π¦You will NOT run the code provided in this repo
> You will NOT use this API for marketing purposes (spam, botting, harassment, massive bulk messaging...).
> We do NOT give support to anyone who wants to use this API to send spam or commit other crimes.
β verified by under code as topic insta bot tools
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 twitter followers& Tools apps :
https://itunes.apple.com/us/app/crowdfire-for-twitter-instagram/id528626975?mt=8
https://itunes.apple.com/us/app/followers-for-instagram-get/id597077652?mt=8
https://mytoptweet.com/
http://www.socialbro.com/
http://crowdriff.com/riffle/
http://www.twitonomy.com/
https://klout.com/#/overview
http://bluenod.com/
http://twchat.com/
http://www.swayy.co/#content
http://blog.digg.com/post/91454524841/digg-deeper
http://twurly.org/
https://unfollowers.com/
http://doesfollow.com/
»»»»choosed the popular one for more https://buffer.com/library/free-twitter-tools
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 twitter followers& Tools apps :
https://itunes.apple.com/us/app/crowdfire-for-twitter-instagram/id528626975?mt=8
https://itunes.apple.com/us/app/followers-for-instagram-get/id597077652?mt=8
https://mytoptweet.com/
http://www.socialbro.com/
http://crowdriff.com/riffle/
http://www.twitonomy.com/
https://klout.com/#/overview
http://bluenod.com/
http://twchat.com/
http://www.swayy.co/#content
http://blog.digg.com/post/91454524841/digg-deeper
http://twurly.org/
https://unfollowers.com/
http://doesfollow.com/
»»»»choosed the popular one for more https://buffer.com/library/free-twitter-tools
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
App Store
Crowdfire
Crowdfire is the super smart Social Media Manager thatβs helping you grow online everyday. Save tons of time by managing all your social accounts from one place. Let Crowdfire do the hard work of finding and sharing content, so you have more time to focusβ¦
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems
t.me/UndercodeTesting
π¦ππΌπ'π πππΈβπ :
1) Clone or download the project files (no compilation nor installation is required) ;
git clone https://github.com/CISOfy/lynis
Execute:
2) cd lynis; ./lynis audit system
> If you want to run the software as root, we suggest changing the ownership of the files. Use chown -R 0:0 to recursively alter the owner and group and set it to user ID 0 (root).
π¦FEATURES :
System administrators
Auditors
Security officers
Penetration testers
Security professionals
Automated security auditing
Compliance testing (e.g. ISO27001, PCI-DSS, HIPAA)
Vulnerability detection
β VERIFIED
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems
t.me/UndercodeTesting
π¦ππΌπ'π πππΈβπ :
1) Clone or download the project files (no compilation nor installation is required) ;
git clone https://github.com/CISOfy/lynis
Execute:
2) cd lynis; ./lynis audit system
> If you want to run the software as root, we suggest changing the ownership of the files. Use chown -R 0:0 to recursively alter the owner and group and set it to user ID 0 (root).
π¦FEATURES :
System administrators
Auditors
Security officers
Penetration testers
Security professionals
Automated security auditing
Compliance testing (e.g. ISO27001, PCI-DSS, HIPAA)
Vulnerability detection
β VERIFIED
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ NETFLIX PREM AFTER LOGIN SEND SC
semhartekle53@gmail.com:mskdwx12
nadams@winterscott.co.uk:qwdsdw
jeanphi.pernin@orange.fr:ac;lmsci8a12
justinepalacio95@gmail.com:nsdavil12
semhartekle53@gmail.com:mskdwx12
nadams@winterscott.co.uk:qwdsdw
jeanphi.pernin@orange.fr:ac;lmsci8a12
justinepalacio95@gmail.com:nsdavil12
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to check if the website if vulnerable of clickjacking
> and create a poc-termux-linux
t.me/UndercodeTesting
π¦ππΌπ'π πππΈβπ :
1) git clone https://github.com/D4Vinci/Clickjacking-Tester.git
2) cd Clickjacking-Tester
3) python(3) clickjacking_tester.py <file_name>
4) Example
Input
> python clickjacking_tester.py sites.txt
sites.txt
www.google.com
www.turkhackteam.com
5) Output
[*] Checking www.google.com
[-] Website is not vulnerable!
[*] Checking www.turkhackteam.org
[+] Website is vulnerable!
[*] Created a poc and saved to <URL>.html
β verified
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦How to check if the website if vulnerable of clickjacking
> and create a poc-termux-linux
t.me/UndercodeTesting
π¦ππΌπ'π πππΈβπ :
1) git clone https://github.com/D4Vinci/Clickjacking-Tester.git
2) cd Clickjacking-Tester
3) python(3) clickjacking_tester.py <file_name>
4) Example
Input
> python clickjacking_tester.py sites.txt
sites.txt
www.google.com
www.turkhackteam.com
5) Output
[*] Checking www.google.com
[-] Website is not vulnerable!
[*] Checking www.turkhackteam.org
[+] Website is vulnerable!
[*] Created a poc and saved to <URL>.html
β verified
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦nsa leak tool
> Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg
t.me/UndercodeTesting
π¦ππΌπ'π πππΈβπ :
π¦sha256 hashes
> Original archives
7c19a67d728bc700d18d2ed389a80de495681b7097222d9b8f1d696f0986f9a2 odd.tar.xz.gpg
78b89b2c4b129400150c7b60a426ff469aaea31da1588d2abc4180feaa9c41d3 swift.tar.xz.gpg
c28d5c10ec78bc66d3868e4862c7f801ffd561e2116b529e0782bf78f3ef3255 windows.tar.xz.gpg
>Decrypted archives
85e03866ae7eaaedd9462054b62a10f2180983bdfd086b29631173ae4422f524 odd.tar.xz
df468f01e65f3f1bc18f844d7f7bac8f8eec3664a131e2fb67ae3a55f8523004 swift.tar.xz
5bb9ddfbcefb75d017a9e745b83729390617b16f4079356579ef00e5e6b5fbd0 windows.tar.xz
π¦1) DOWNLOAD : https://github.com/x0rz/EQGRP_Lost_in_Translationhttps://github.com/x0rz/EQGRP_Lost_in_Translation
> 3 folders :
Windows: contains Windows exploits, implants and payloads
swift: contains operational notes from banking attacks
oddjob: docs related to the ODDJOB backdoor
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦nsa leak tool
> Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg
t.me/UndercodeTesting
π¦ππΌπ'π πππΈβπ :
π¦sha256 hashes
> Original archives
7c19a67d728bc700d18d2ed389a80de495681b7097222d9b8f1d696f0986f9a2 odd.tar.xz.gpg
78b89b2c4b129400150c7b60a426ff469aaea31da1588d2abc4180feaa9c41d3 swift.tar.xz.gpg
c28d5c10ec78bc66d3868e4862c7f801ffd561e2116b529e0782bf78f3ef3255 windows.tar.xz.gpg
>Decrypted archives
85e03866ae7eaaedd9462054b62a10f2180983bdfd086b29631173ae4422f524 odd.tar.xz
df468f01e65f3f1bc18f844d7f7bac8f8eec3664a131e2fb67ae3a55f8523004 swift.tar.xz
5bb9ddfbcefb75d017a9e745b83729390617b16f4079356579ef00e5e6b5fbd0 windows.tar.xz
π¦1) DOWNLOAD : https://github.com/x0rz/EQGRP_Lost_in_Translationhttps://github.com/x0rz/EQGRP_Lost_in_Translation
> 3 folders :
Windows: contains Windows exploits, implants and payloads
swift: contains operational notes from banking attacks
oddjob: docs related to the ODDJOB backdoor
β β β ο½ππ»βΊπ«Δπ¬πβ β β β