3) Regardless of performance or security considerations, sendmail is not an ideal choice, and since qmail itself supports Maildir, it has become a basic development platform for commonly used Email software. However, it should be noted that qmail uses the GPL license for protection, so any changes based on qmail must in principle open source code, which has certain obstacles to the development of commercial applications. Of course, you can circumvent this problem by changing the related system library functions without changing qmail, or using plug-in methods. Another optional basic Email software is postfix, which itself has interfaces with LDAP and MySQL, and can be used as part of the mail system with almost no changes.
β Web client
1) what kind of script to use Web Email client program is not standard, but if the use of open source will save a lot of trouble.
2)Another important part of the Web interface Email system is the Web client. This part of the function will be like OutLook in the personal computer, which is responsible for providing users with the ability to access their own mail. Since Web access itself is connectionless, user security must be guaranteed. Basically, security can be guaranteed by the session ID, temporary directory established after login, and verification in the program.
3)The Web client must access the server in a unified manner. It can obtain the user's mail through direct file access, or through standard protocols such as POP3 and IMAP. For a system that uses a network file system to share user mail, the direct file access method is the most direct and convenient, and does not require additional consumption. The direct benefit of accessing the server through the POP3 and IMAP protocols is that the Web client and the Email server are separated, which improves system security.
4)At present, there are already quite mature open source web client software, in which IMP is implemented using PHP, and the web mail client software that accesses the server through the IMAP protocol; and WING is another web implemented using Perl Client software. These open source software are quite good, however, to integrate these software with your own system, you will need to make some changes. In addition, it should follow its licensing requirements and make the changed code public.
β load balancing
1)load balancing system will be a long-term problem, which determines the scalability of the system.
2)Due to the need to provide access to a large number of users, a single server cannot meet this need, and must use a multi-server approach. In addition to segmentation according to functionality, such as the separation of Web servers, Email servers, and file servers, it is also necessary to use multiple servers for load balancing for some resource-intensive services. Although some commercial manufacturers have also proposed some server cluster solutions, the commonly used simple and effective methods are DNS loop resolution, Web server relocation, and NAT load balancing.
3)DNS loop resolution is to assign multiple IP addresses to the same name. It is used on quite large sites such as Yahoo, and the actual effect is also quite good. The web server relocation is that the web server randomly generates real page URLs on different servers, so that different browsers load pages on different servers, and using it can only achieve load balancing of the web client. NAT load balancing uses a layer 4 switch to redirect the same request to different servers. In addition to expensive switches, there are also some software that can complete the NAT function. I have modified FreeBSD's natd to support load balancing, which is also an option for users who have to reduce performance requirements due to switch price issues.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β Web client
1) what kind of script to use Web Email client program is not standard, but if the use of open source will save a lot of trouble.
2)Another important part of the Web interface Email system is the Web client. This part of the function will be like OutLook in the personal computer, which is responsible for providing users with the ability to access their own mail. Since Web access itself is connectionless, user security must be guaranteed. Basically, security can be guaranteed by the session ID, temporary directory established after login, and verification in the program.
3)The Web client must access the server in a unified manner. It can obtain the user's mail through direct file access, or through standard protocols such as POP3 and IMAP. For a system that uses a network file system to share user mail, the direct file access method is the most direct and convenient, and does not require additional consumption. The direct benefit of accessing the server through the POP3 and IMAP protocols is that the Web client and the Email server are separated, which improves system security.
4)At present, there are already quite mature open source web client software, in which IMP is implemented using PHP, and the web mail client software that accesses the server through the IMAP protocol; and WING is another web implemented using Perl Client software. These open source software are quite good, however, to integrate these software with your own system, you will need to make some changes. In addition, it should follow its licensing requirements and make the changed code public.
β load balancing
1)load balancing system will be a long-term problem, which determines the scalability of the system.
2)Due to the need to provide access to a large number of users, a single server cannot meet this need, and must use a multi-server approach. In addition to segmentation according to functionality, such as the separation of Web servers, Email servers, and file servers, it is also necessary to use multiple servers for load balancing for some resource-intensive services. Although some commercial manufacturers have also proposed some server cluster solutions, the commonly used simple and effective methods are DNS loop resolution, Web server relocation, and NAT load balancing.
3)DNS loop resolution is to assign multiple IP addresses to the same name. It is used on quite large sites such as Yahoo, and the actual effect is also quite good. The web server relocation is that the web server randomly generates real page URLs on different servers, so that different browsers load pages on different servers, and using it can only achieve load balancing of the web client. NAT load balancing uses a layer 4 switch to redirect the same request to different servers. In addition to expensive switches, there are also some software that can complete the NAT function. I have modified FreeBSD's natd to support load balancing, which is also an option for users who have to reduce performance requirements due to switch price issues.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Interpretation of apache configuration file http.conf
1) interpretation apache configuration file http.conf
recently wanted to do with their own server machines, because I know enough about the contents of http.conf, as well as their own path detours. Now explain the meaning of several options that need to be modified frequently in this file, I hope it will be helpful to everyone.
2) Bindaddress 127.0.0.1, this option means to bind your own IP address. If you are a stand-alone, this is your IP address; if your machine is online, then Bindaddress is followed by your IP address (I wasted a lot of time because I did not change the IP address here to my own IP address ).
3) Servername localhost, this option is the domain name of your machine. If you are a stand-alone computer, the domain name is localhost; if you are connected to the Internet, you should connect the domain name behind Servername, and if you do not have a domain name, connect your own IP address.
Port 80, this option is to indicate the port the server is listening on, generally defaults to 80, and can be changed to 80 or 8080.
ScriptAlias ββ/ php4 / \ "C: / php4 / \"
AddType application / x-httpd-php4 .php
AddType application / x-httpd-php4 .php3
AddType application / x-httpd-php4 .php4
Action application / x-httpd- php4 \ "/ php4 / php.exe \" The
above options allow your APACHE to support PHP4.
About the default startup document: Apache's default startup document is index.html DirectoryIndex index.html Change it to the default startup document you want. Want to support more documents like this:
DirectoryIndex index.htm
DirectoryIndex index.php
DirectoryIndex index.php3
DirectoryIndex index.php4
Well, with these options APACHE should basically be able to run normally!
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Interpretation of apache configuration file http.conf
1) interpretation apache configuration file http.conf
recently wanted to do with their own server machines, because I know enough about the contents of http.conf, as well as their own path detours. Now explain the meaning of several options that need to be modified frequently in this file, I hope it will be helpful to everyone.
2) Bindaddress 127.0.0.1, this option means to bind your own IP address. If you are a stand-alone, this is your IP address; if your machine is online, then Bindaddress is followed by your IP address (I wasted a lot of time because I did not change the IP address here to my own IP address ).
3) Servername localhost, this option is the domain name of your machine. If you are a stand-alone computer, the domain name is localhost; if you are connected to the Internet, you should connect the domain name behind Servername, and if you do not have a domain name, connect your own IP address.
Port 80, this option is to indicate the port the server is listening on, generally defaults to 80, and can be changed to 80 or 8080.
ScriptAlias ββ/ php4 / \ "C: / php4 / \"
AddType application / x-httpd-php4 .php
AddType application / x-httpd-php4 .php3
AddType application / x-httpd-php4 .php4
Action application / x-httpd- php4 \ "/ php4 / php.exe \" The
above options allow your APACHE to support PHP4.
About the default startup document: Apache's default startup document is index.html DirectoryIndex index.html Change it to the default startup document you want. Want to support more documents like this:
DirectoryIndex index.htm
DirectoryIndex index.php
DirectoryIndex index.php3
DirectoryIndex index.php4
Well, with these options APACHE should basically be able to run normally!
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦BugBounty: How I Cracked 2FA (Two-Factor Authentication) with Simple Factor Brute-force !!! π
1) Generally, OTP is a combination of 4 digits starting from 0000 to 9999. If we count there 10,000 combinations. In the age of powerful computer 10,000 combinations take only a few minutes to process. If OTP verification is not properly managed, anyone can bypass this with a simple brute force.
Why I was able to bypass the 2FA?
No rate limiting on an unsuccessful attempt
No new OTP policy on X unsuccessful attempt
π¦Few prerequisites:
1) Web Browser
2) Burp Suite
Now let's see how I was able to bypass the 2FA with burp suite:-
Step 01: Logged into the website using the mobile number and entered the wrong OTP to intercept on burp suite
π¦BugBounty: How I Cracked 2FA (Two-Factor Authentication) with Simple Factor Brute-force !!! π
1) Generally, OTP is a combination of 4 digits starting from 0000 to 9999. If we count there 10,000 combinations. In the age of powerful computer 10,000 combinations take only a few minutes to process. If OTP verification is not properly managed, anyone can bypass this with a simple brute force.
Why I was able to bypass the 2FA?
No rate limiting on an unsuccessful attempt
No new OTP policy on X unsuccessful attempt
π¦Few prerequisites:
1) Web Browser
2) Burp Suite
Now let's see how I was able to bypass the 2FA with burp suite:-
Step 01: Logged into the website using the mobile number and entered the wrong OTP to intercept on burp suite
Step 03: Selecting the OTP placeholder and add it for simple brute force.
Step 04: Select the Payload tab, changed the payload type to Numbers and change the payload options as desired and clicked on the attack.
Step 05: As the brute force was in progress I could see length for one of the OTP value is changed from 617 to 2250. Lets check:
π¦Cracking Otp-with pic-
> not written by undercode
> wiki source
> not written by undercode
> wiki source
π¦Stone River eLearning - Common PHP Errors You Will Encounter β165 MB
https://www.oreilly.com/library/view/common-php-errors/100000006A0493/
>Download<
https://www.oreilly.com/library/view/common-php-errors/100000006A0493/
>Download<
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including (latitude, longitude , region , country ...)
> termux-linux
π¦ πβπππΈπππππΈπππβ & βπβ :
1)git clone https://github.com/medbenali/CyberScan.git
2)cd CyberScan/
3)python CyberScan.py -v
ARP Ping
$ CyberScan -s 192.168.1.0/24 -p arp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.
Received 0 packets, got 0 answers, remaining 256 packets
ICMP Ping
In other cases we can use ICMP ping:
$ CyberScan -s 192.168.1.1-254 -p icmp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.
Received 0 packets, got 0 answers, remaining 256 packets
TCP Ping
In case when ICMP echo requests are blocked, we can still use TCP:
$ CyberScan -s 192.168.1.1-254 -p tcp -d 80
UDP Ping
Or even UDP (which produces ICMP port unreachable errors from live hosts). We can pick any port which is most likely to be closed, such as port 0:
$ CyberScan -s 192.168..... -p udp
β @undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦CyberScan is an open source penetration testing tool that can analyse packets , decoding , scanning ports, pinging and geolocation of an IP including (latitude, longitude , region , country ...)
> termux-linux
π¦ πβπππΈπππππΈπππβ & βπβ :
1)git clone https://github.com/medbenali/CyberScan.git
2)cd CyberScan/
3)python CyberScan.py -v
ARP Ping
$ CyberScan -s 192.168.1.0/24 -p arp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.
Received 0 packets, got 0 answers, remaining 256 packets
ICMP Ping
In other cases we can use ICMP ping:
$ CyberScan -s 192.168.1.1-254 -p icmp
* Starting Ping ARP for 192.168.1.0/24
Begin emission:
Finished to send 256 packets.
Received 0 packets, got 0 answers, remaining 256 packets
TCP Ping
In case when ICMP echo requests are blocked, we can still use TCP:
$ CyberScan -s 192.168.1.1-254 -p tcp -d 80
UDP Ping
Or even UDP (which produces ICMP port unreachable errors from live hosts). We can pick any port which is most likely to be closed, such as port 0:
$ CyberScan -s 192.168..... -p udp
β @undercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β