β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Some pentesters beginers-trainers-use win xp to test and see old Bugs how works :
but still your system down-slow net speed-
> Gone thru a lot of searches hope to get stuff from emule faster.
And here is one way to optimize the bandwidth for emule, which not on the manual.
π¦π»π΄π 'π π π π°π π :
CODE
With Windows 2000/XP:
Open "regedit.exe" and do the following:
HKEY_LOCAL_MACHINESYSTEM
CurrentControlSet
Services
Tcpip
Parameters
Set as: "GlobalMaxTcpWindowSize"=dword:00007fff
HKEY_USERS.DEFAULT
Software
Microsoft
Windows
CurrentVersion
Internet Settings
Set as: "MaxConnectionsPerServer"=dword:00000020
"MaxConnectionsPer10Server"=dword:00000020
[HKEYCURRENTUSER]
Software
Microsoft
Windows
CurrentVersion
Internet Settings
Set as: "MaxConnectionsPerServer"=dword:00000020
"MaxConnectionsPer10Server"=dword:00000020
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Some pentesters beginers-trainers-use win xp to test and see old Bugs how works :
but still your system down-slow net speed-
> Gone thru a lot of searches hope to get stuff from emule faster.
And here is one way to optimize the bandwidth for emule, which not on the manual.
π¦π»π΄π 'π π π π°π π :
CODE
With Windows 2000/XP:
Open "regedit.exe" and do the following:
HKEY_LOCAL_MACHINESYSTEM
CurrentControlSet
Services
Tcpip
Parameters
Set as: "GlobalMaxTcpWindowSize"=dword:00007fff
HKEY_USERS.DEFAULT
Software
Microsoft
Windows
CurrentVersion
Internet Settings
Set as: "MaxConnectionsPerServer"=dword:00000020
"MaxConnectionsPer10Server"=dword:00000020
[HKEYCURRENTUSER]
Software
Microsoft
Windows
CurrentVersion
Internet Settings
Set as: "MaxConnectionsPerServer"=dword:00000020
"MaxConnectionsPer10Server"=dword:00000020
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Add RDP Admin + Disable Firewall + Enable RDP.c
13.2 KB
2020-shellcode-verified by Undercode-Windows/x86 - MSVCRT System + Dynamic Null-free + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Establish a large-capacity Web-based Email system :
πππ'π πππππ:
β save messages
1)for bulk Email system, the most critical technical issue is how to handle mail storage, the manner in which to improve storage efficiency, we will determine the success of Email system or not.
2)Due to the large number of users, how to save the user's mail is a very important issue. Traditional Unix uses a single directory to store the mail of all users, which greatly reduces the performance of the file system when the number of users is large. Only by using multi-level directories, the number of files in each directory is limited, can the system consumption when opening files be reduced, or a simple file is no longer used to save mail, and a certain form of encapsulation is used. The form of database is used to store the mail completely. Because the user's mail operations are mostly file operations, and the size changes greatly, it will cause a large waste of performance and storage space.
3) Due to the huge number of users and the requirement to be accessed by multiple servers at the same time, servers or server clusters with large storage space must be used for storage, and the storage space must be shared through Fibre Channel or network file system NFS, so that each user's mail is stored. The path is the same for each server. Fibre Channel is a very expensive solution. It is more common to use NFS. You can use a dedicated NFS server, such as NetApp, or use a PC Unix server with RAID capabilities.
4) When using NFS to share storage space, you must pay attention to a very important problem: due to the lack of file locking mechanism in NFS, when using the traditional user mail storage format mailbox, because all mail is stored in the same file, so mail The operation must be locked to ensure that there is no access violation, which makes it unsuitable for NFS storage. In order to solve this problem, qmail proposed the Maildir storage method, each mail is stored as a separate file in the user's personal mail directory, to avoid locking. Therefore, common free mail servers generally use Maildir to save users' mail.
5) If you do not intend to use the shared file system to save user mail, but intend to let each server only access user mail on its own hard disk storage space, then both the Email server and the client need to be customized so that they can pass the user name To find the real server to which the user belongs and hand over the access task to this server. The shortcomings of this method, in addition to the required large changes and complex system structure, also because the server is divided according to users, is not conducive to sharing the load. Its advantage is also because it does not access other servers through the network, so it can use any mail storage format, including the use of a powerful cyrus system to save mail and provide services.
β mail server software
1) what kind of Email server software will ultimately affect the performance of the system, their own set of Email server may outweigh the benefits, now have two options: Sendmail and Qmail.
2) Standard Email software, such as sendmail, also provides some methods including aliases to support users of non-Unix systems, but these capabilities are not enough to implement this Email system. In order to support these Email users, they must use their own Email server software. However, since the existing Email software is quite mature, and it is also open source software, the usual practice is to modify the original Email software, such as sendmail, qmail, etc., to support specific Email users. Completely rewriting an Email service software is not desirable in terms of maturity and stability.
π¦Establish a large-capacity Web-based Email system :
πππ'π πππππ:
β save messages
1)for bulk Email system, the most critical technical issue is how to handle mail storage, the manner in which to improve storage efficiency, we will determine the success of Email system or not.
2)Due to the large number of users, how to save the user's mail is a very important issue. Traditional Unix uses a single directory to store the mail of all users, which greatly reduces the performance of the file system when the number of users is large. Only by using multi-level directories, the number of files in each directory is limited, can the system consumption when opening files be reduced, or a simple file is no longer used to save mail, and a certain form of encapsulation is used. The form of database is used to store the mail completely. Because the user's mail operations are mostly file operations, and the size changes greatly, it will cause a large waste of performance and storage space.
3) Due to the huge number of users and the requirement to be accessed by multiple servers at the same time, servers or server clusters with large storage space must be used for storage, and the storage space must be shared through Fibre Channel or network file system NFS, so that each user's mail is stored. The path is the same for each server. Fibre Channel is a very expensive solution. It is more common to use NFS. You can use a dedicated NFS server, such as NetApp, or use a PC Unix server with RAID capabilities.
4) When using NFS to share storage space, you must pay attention to a very important problem: due to the lack of file locking mechanism in NFS, when using the traditional user mail storage format mailbox, because all mail is stored in the same file, so mail The operation must be locked to ensure that there is no access violation, which makes it unsuitable for NFS storage. In order to solve this problem, qmail proposed the Maildir storage method, each mail is stored as a separate file in the user's personal mail directory, to avoid locking. Therefore, common free mail servers generally use Maildir to save users' mail.
5) If you do not intend to use the shared file system to save user mail, but intend to let each server only access user mail on its own hard disk storage space, then both the Email server and the client need to be customized so that they can pass the user name To find the real server to which the user belongs and hand over the access task to this server. The shortcomings of this method, in addition to the required large changes and complex system structure, also because the server is divided according to users, is not conducive to sharing the load. Its advantage is also because it does not access other servers through the network, so it can use any mail storage format, including the use of a powerful cyrus system to save mail and provide services.
β mail server software
1) what kind of Email server software will ultimately affect the performance of the system, their own set of Email server may outweigh the benefits, now have two options: Sendmail and Qmail.
2) Standard Email software, such as sendmail, also provides some methods including aliases to support users of non-Unix systems, but these capabilities are not enough to implement this Email system. In order to support these Email users, they must use their own Email server software. However, since the existing Email software is quite mature, and it is also open source software, the usual practice is to modify the original Email software, such as sendmail, qmail, etc., to support specific Email users. Completely rewriting an Email service software is not desirable in terms of maturity and stability.
3) Regardless of performance or security considerations, sendmail is not an ideal choice, and since qmail itself supports Maildir, it has become a basic development platform for commonly used Email software. However, it should be noted that qmail uses the GPL license for protection, so any changes based on qmail must in principle open source code, which has certain obstacles to the development of commercial applications. Of course, you can circumvent this problem by changing the related system library functions without changing qmail, or using plug-in methods. Another optional basic Email software is postfix, which itself has interfaces with LDAP and MySQL, and can be used as part of the mail system with almost no changes.
β Web client
1) what kind of script to use Web Email client program is not standard, but if the use of open source will save a lot of trouble.
2)Another important part of the Web interface Email system is the Web client. This part of the function will be like OutLook in the personal computer, which is responsible for providing users with the ability to access their own mail. Since Web access itself is connectionless, user security must be guaranteed. Basically, security can be guaranteed by the session ID, temporary directory established after login, and verification in the program.
3)The Web client must access the server in a unified manner. It can obtain the user's mail through direct file access, or through standard protocols such as POP3 and IMAP. For a system that uses a network file system to share user mail, the direct file access method is the most direct and convenient, and does not require additional consumption. The direct benefit of accessing the server through the POP3 and IMAP protocols is that the Web client and the Email server are separated, which improves system security.
4)At present, there are already quite mature open source web client software, in which IMP is implemented using PHP, and the web mail client software that accesses the server through the IMAP protocol; and WING is another web implemented using Perl Client software. These open source software are quite good, however, to integrate these software with your own system, you will need to make some changes. In addition, it should follow its licensing requirements and make the changed code public.
β load balancing
1)load balancing system will be a long-term problem, which determines the scalability of the system.
2)Due to the need to provide access to a large number of users, a single server cannot meet this need, and must use a multi-server approach. In addition to segmentation according to functionality, such as the separation of Web servers, Email servers, and file servers, it is also necessary to use multiple servers for load balancing for some resource-intensive services. Although some commercial manufacturers have also proposed some server cluster solutions, the commonly used simple and effective methods are DNS loop resolution, Web server relocation, and NAT load balancing.
3)DNS loop resolution is to assign multiple IP addresses to the same name. It is used on quite large sites such as Yahoo, and the actual effect is also quite good. The web server relocation is that the web server randomly generates real page URLs on different servers, so that different browsers load pages on different servers, and using it can only achieve load balancing of the web client. NAT load balancing uses a layer 4 switch to redirect the same request to different servers. In addition to expensive switches, there are also some software that can complete the NAT function. I have modified FreeBSD's natd to support load balancing, which is also an option for users who have to reduce performance requirements due to switch price issues.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β Web client
1) what kind of script to use Web Email client program is not standard, but if the use of open source will save a lot of trouble.
2)Another important part of the Web interface Email system is the Web client. This part of the function will be like OutLook in the personal computer, which is responsible for providing users with the ability to access their own mail. Since Web access itself is connectionless, user security must be guaranteed. Basically, security can be guaranteed by the session ID, temporary directory established after login, and verification in the program.
3)The Web client must access the server in a unified manner. It can obtain the user's mail through direct file access, or through standard protocols such as POP3 and IMAP. For a system that uses a network file system to share user mail, the direct file access method is the most direct and convenient, and does not require additional consumption. The direct benefit of accessing the server through the POP3 and IMAP protocols is that the Web client and the Email server are separated, which improves system security.
4)At present, there are already quite mature open source web client software, in which IMP is implemented using PHP, and the web mail client software that accesses the server through the IMAP protocol; and WING is another web implemented using Perl Client software. These open source software are quite good, however, to integrate these software with your own system, you will need to make some changes. In addition, it should follow its licensing requirements and make the changed code public.
β load balancing
1)load balancing system will be a long-term problem, which determines the scalability of the system.
2)Due to the need to provide access to a large number of users, a single server cannot meet this need, and must use a multi-server approach. In addition to segmentation according to functionality, such as the separation of Web servers, Email servers, and file servers, it is also necessary to use multiple servers for load balancing for some resource-intensive services. Although some commercial manufacturers have also proposed some server cluster solutions, the commonly used simple and effective methods are DNS loop resolution, Web server relocation, and NAT load balancing.
3)DNS loop resolution is to assign multiple IP addresses to the same name. It is used on quite large sites such as Yahoo, and the actual effect is also quite good. The web server relocation is that the web server randomly generates real page URLs on different servers, so that different browsers load pages on different servers, and using it can only achieve load balancing of the web client. NAT load balancing uses a layer 4 switch to redirect the same request to different servers. In addition to expensive switches, there are also some software that can complete the NAT function. I have modified FreeBSD's natd to support load balancing, which is also an option for users who have to reduce performance requirements due to switch price issues.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Interpretation of apache configuration file http.conf
1) interpretation apache configuration file http.conf
recently wanted to do with their own server machines, because I know enough about the contents of http.conf, as well as their own path detours. Now explain the meaning of several options that need to be modified frequently in this file, I hope it will be helpful to everyone.
2) Bindaddress 127.0.0.1, this option means to bind your own IP address. If you are a stand-alone, this is your IP address; if your machine is online, then Bindaddress is followed by your IP address (I wasted a lot of time because I did not change the IP address here to my own IP address ).
3) Servername localhost, this option is the domain name of your machine. If you are a stand-alone computer, the domain name is localhost; if you are connected to the Internet, you should connect the domain name behind Servername, and if you do not have a domain name, connect your own IP address.
Port 80, this option is to indicate the port the server is listening on, generally defaults to 80, and can be changed to 80 or 8080.
ScriptAlias ββ/ php4 / \ "C: / php4 / \"
AddType application / x-httpd-php4 .php
AddType application / x-httpd-php4 .php3
AddType application / x-httpd-php4 .php4
Action application / x-httpd- php4 \ "/ php4 / php.exe \" The
above options allow your APACHE to support PHP4.
About the default startup document: Apache's default startup document is index.html DirectoryIndex index.html Change it to the default startup document you want. Want to support more documents like this:
DirectoryIndex index.htm
DirectoryIndex index.php
DirectoryIndex index.php3
DirectoryIndex index.php4
Well, with these options APACHE should basically be able to run normally!
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Interpretation of apache configuration file http.conf
1) interpretation apache configuration file http.conf
recently wanted to do with their own server machines, because I know enough about the contents of http.conf, as well as their own path detours. Now explain the meaning of several options that need to be modified frequently in this file, I hope it will be helpful to everyone.
2) Bindaddress 127.0.0.1, this option means to bind your own IP address. If you are a stand-alone, this is your IP address; if your machine is online, then Bindaddress is followed by your IP address (I wasted a lot of time because I did not change the IP address here to my own IP address ).
3) Servername localhost, this option is the domain name of your machine. If you are a stand-alone computer, the domain name is localhost; if you are connected to the Internet, you should connect the domain name behind Servername, and if you do not have a domain name, connect your own IP address.
Port 80, this option is to indicate the port the server is listening on, generally defaults to 80, and can be changed to 80 or 8080.
ScriptAlias ββ/ php4 / \ "C: / php4 / \"
AddType application / x-httpd-php4 .php
AddType application / x-httpd-php4 .php3
AddType application / x-httpd-php4 .php4
Action application / x-httpd- php4 \ "/ php4 / php.exe \" The
above options allow your APACHE to support PHP4.
About the default startup document: Apache's default startup document is index.html DirectoryIndex index.html Change it to the default startup document you want. Want to support more documents like this:
DirectoryIndex index.htm
DirectoryIndex index.php
DirectoryIndex index.php3
DirectoryIndex index.php4
Well, with these options APACHE should basically be able to run normally!
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦BugBounty: How I Cracked 2FA (Two-Factor Authentication) with Simple Factor Brute-force !!! π
1) Generally, OTP is a combination of 4 digits starting from 0000 to 9999. If we count there 10,000 combinations. In the age of powerful computer 10,000 combinations take only a few minutes to process. If OTP verification is not properly managed, anyone can bypass this with a simple brute force.
Why I was able to bypass the 2FA?
No rate limiting on an unsuccessful attempt
No new OTP policy on X unsuccessful attempt
π¦Few prerequisites:
1) Web Browser
2) Burp Suite
Now let's see how I was able to bypass the 2FA with burp suite:-
Step 01: Logged into the website using the mobile number and entered the wrong OTP to intercept on burp suite
π¦BugBounty: How I Cracked 2FA (Two-Factor Authentication) with Simple Factor Brute-force !!! π
1) Generally, OTP is a combination of 4 digits starting from 0000 to 9999. If we count there 10,000 combinations. In the age of powerful computer 10,000 combinations take only a few minutes to process. If OTP verification is not properly managed, anyone can bypass this with a simple brute force.
Why I was able to bypass the 2FA?
No rate limiting on an unsuccessful attempt
No new OTP policy on X unsuccessful attempt
π¦Few prerequisites:
1) Web Browser
2) Burp Suite
Now let's see how I was able to bypass the 2FA with burp suite:-
Step 01: Logged into the website using the mobile number and entered the wrong OTP to intercept on burp suite
Step 03: Selecting the OTP placeholder and add it for simple brute force.
Step 04: Select the Payload tab, changed the payload type to Numbers and change the payload options as desired and clicked on the attack.
Step 05: As the brute force was in progress I could see length for one of the OTP value is changed from 617 to 2250. Lets check:
π¦Cracking Otp-with pic-
> not written by undercode
> wiki source
> not written by undercode
> wiki source