β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦There are 8 main ways to stay away from spam easily:
1. Use a mail filtering system
This should be a common method for many people, and large mail service providers will also provide such services, but it is still not precise enough.
2. Use a virus filtering system
A lot of spam emails use Trojan horse viruses. If you keep the virus out, the related spam emails will not be able to take advantage.
3. Protect your email address
Itβs best to separate mailboxes for different purposes. Register for unimportant website forums and the like. You can apply for a "Got Box". You donβt expose your email address everywhere. There is still little chance for spam to find you through guessing. of.
4. Test who is "throwing garbage" to you
If you suspect that some sites are sending you spam, you can use a different mailbox to register and try it, and block it after finding the source.
5. What to do after receiving spam
Do not open it first, because it may contain a virus, and then return the letter, which may make some spam servers think that your mailbox is no longer available.
6. Unsubscribe (Opt-out) letters
A bill in the United States is that users can opt-out for any commercial mail, and the company sending the commercial mail must clearly indicate that the mail is commercial or advertising in nature, and provide the recipient to opt-out Ways, including replyable addresses or accessible websites. Once the email sender receives the user's opt-out request, he must respond within 10 days and stop sending emails to the user. It may not work in China...
7. Pay attention to the registered name of the mail
One way to stay away from spam is to choose a suitable username. Many people like to use their own names or addresses like aaa123, which can be easily deciphered by the dictionary.
8. Keep away from dangerous areas
According to statistics, the three types of sites with the most mail viruses are gambling, gaming, and adult sites. Pay special attention to these sites.
The above 8 methods teach you the principles of spam easily. I hope everyone can refer to and learn together.
enjoyβ€οΈππ»
written by Undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦There are 8 main ways to stay away from spam easily:
1. Use a mail filtering system
This should be a common method for many people, and large mail service providers will also provide such services, but it is still not precise enough.
2. Use a virus filtering system
A lot of spam emails use Trojan horse viruses. If you keep the virus out, the related spam emails will not be able to take advantage.
3. Protect your email address
Itβs best to separate mailboxes for different purposes. Register for unimportant website forums and the like. You can apply for a "Got Box". You donβt expose your email address everywhere. There is still little chance for spam to find you through guessing. of.
4. Test who is "throwing garbage" to you
If you suspect that some sites are sending you spam, you can use a different mailbox to register and try it, and block it after finding the source.
5. What to do after receiving spam
Do not open it first, because it may contain a virus, and then return the letter, which may make some spam servers think that your mailbox is no longer available.
6. Unsubscribe (Opt-out) letters
A bill in the United States is that users can opt-out for any commercial mail, and the company sending the commercial mail must clearly indicate that the mail is commercial or advertising in nature, and provide the recipient to opt-out Ways, including replyable addresses or accessible websites. Once the email sender receives the user's opt-out request, he must respond within 10 days and stop sending emails to the user. It may not work in China...
7. Pay attention to the registered name of the mail
One way to stay away from spam is to choose a suitable username. Many people like to use their own names or addresses like aaa123, which can be easily deciphered by the dictionary.
8. Keep away from dangerous areas
According to statistics, the three types of sites with the most mail viruses are gambling, gaming, and adult sites. Pay special attention to these sites.
The above 8 methods teach you the principles of spam easily. I hope everyone can refer to and learn together.
enjoyβ€οΈππ»
written by Undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦PREMIUM PROXIES SUPER FRESH 1 MINUTES :
96.9.77.71 8080 1 min ago
4208 ms 12% (96) kh Cambodia - Phnom Penh Elite
81.201.60.130 80 11 min ago
1351 ms 98% (110) cz Czech Republic - Pilsen Elite
89.212.164.206 80 11 min ago
738 ms 54% (44) si Slovenia - Koper Elite
52.179.231.206 80 12 min ago
679 ms 98% (295) us United States - Boydton Elite
51.254.237.77 3129 12 min ago
2327 ms 60% (102) nl Netherlands Elite
46.250.171.31 8080 12 min ago
668 ms 36% (123) pl Poland - Poznan Elite
23.101.2.247 81 13 min ago
636 ms 28% (192) hk Hong Kong - Central Elite
194.88.104.136 8888 13 min ago
605 ms 90% (52) nl Netherlands Elite
194.88.104.164 8888 13 min ago
599 ms 90% (52) nl Netherlands Elite
194.88.104.64 8888 13 min ago
587 ms 90% (52) nl Netherlands Elite
20.43.156.109 80 13 min ago
1120 ms 85% (123) sg Singapore - Singapore Elite
20.44.193.208 80 13 min ago
1178 ms 85% (105) sg Singapore - Singapore Elite
20.43.156.27 80 13 min ago
1112 ms 83% (128) sg Singapore - Singapore Elite
194.88.104.62 8888 13 min ago
607 ms 91% (57) nl Netherlands Elite
178.33.251.230 3129 13 min ago
1957 ms 63% (82) fr France Elite
181.118.167.104 80 13 min ago
1198 ms 98% (267) cl Chile - Santiago Elite
188.165.141.114 3129 13 min ago
2051 ms 63% (146) fi Finland Elite
178.128.211.134 6868 13 min ago
740 ms 7% (65) sg Singapore Elite
144.217.101.245 3129 13 min ago
706 ms 65% (70) ca Canada - Beauharnois Elite
18.132.3.81 80 13 min ago
565 ms 34% (32) us United States Elite
171.244.19.212 8080 13 min ago
1110 ms 100% (40) vn Vietnam - Hanoi Elite
103.216.51.210 8191 14 min ago
2086 ms 85% (103) kh Cambodia - Phnom Penh Elite
52.149.152.236 80 14 min ago
278 ms 33% (53) us United States - Washington Elite
102.67.19.132 8080 14 min ago
4053 ms 7% (56) ng Nigeria - Lagos Elite
118.126.105.133 83 16 min ago
1357 ms 100% (1) cn China - Beijing Elite
159.8.114.37 8123 17 min ago
1821 ms 63% (218) fr France - Clichy Elite
120.79.186.104 8118 20 min ago
1950 ms 16% (183) cn China - Hangzhou Elite
95.38.14.3 8080 43 min ago
4009 ms 21% (102) ir Iran Elite
88.99.10.254 1080 43 min ago
3523 ms 62% (113) de Germany Elite
88.99.10.252 1080 43 min ago
3571 ms 64% (93) de Germany Elite
88.99.10.255 1080 43 min ago
3364 ms 71% (119) de Germany Elite
88.99.10.253 1080 43 min ago
3425 ms 67% (109) de Germany Elite
82.200.233.4 3128 1 hour ago
4388 ms 50% (231) kz Kazakhstan Elite
85.10.219.102 1080 1 hour ago
3363 ms 50% (144) de Germany Elite
85.10.219.103 1080 1 hour ago
3426 ms 46% (136) de Germany Elite
enjoyβ€οΈππ»
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦PREMIUM PROXIES SUPER FRESH 1 MINUTES :
96.9.77.71 8080 1 min ago
4208 ms 12% (96) kh Cambodia - Phnom Penh Elite
81.201.60.130 80 11 min ago
1351 ms 98% (110) cz Czech Republic - Pilsen Elite
89.212.164.206 80 11 min ago
738 ms 54% (44) si Slovenia - Koper Elite
52.179.231.206 80 12 min ago
679 ms 98% (295) us United States - Boydton Elite
51.254.237.77 3129 12 min ago
2327 ms 60% (102) nl Netherlands Elite
46.250.171.31 8080 12 min ago
668 ms 36% (123) pl Poland - Poznan Elite
23.101.2.247 81 13 min ago
636 ms 28% (192) hk Hong Kong - Central Elite
194.88.104.136 8888 13 min ago
605 ms 90% (52) nl Netherlands Elite
194.88.104.164 8888 13 min ago
599 ms 90% (52) nl Netherlands Elite
194.88.104.64 8888 13 min ago
587 ms 90% (52) nl Netherlands Elite
20.43.156.109 80 13 min ago
1120 ms 85% (123) sg Singapore - Singapore Elite
20.44.193.208 80 13 min ago
1178 ms 85% (105) sg Singapore - Singapore Elite
20.43.156.27 80 13 min ago
1112 ms 83% (128) sg Singapore - Singapore Elite
194.88.104.62 8888 13 min ago
607 ms 91% (57) nl Netherlands Elite
178.33.251.230 3129 13 min ago
1957 ms 63% (82) fr France Elite
181.118.167.104 80 13 min ago
1198 ms 98% (267) cl Chile - Santiago Elite
188.165.141.114 3129 13 min ago
2051 ms 63% (146) fi Finland Elite
178.128.211.134 6868 13 min ago
740 ms 7% (65) sg Singapore Elite
144.217.101.245 3129 13 min ago
706 ms 65% (70) ca Canada - Beauharnois Elite
18.132.3.81 80 13 min ago
565 ms 34% (32) us United States Elite
171.244.19.212 8080 13 min ago
1110 ms 100% (40) vn Vietnam - Hanoi Elite
103.216.51.210 8191 14 min ago
2086 ms 85% (103) kh Cambodia - Phnom Penh Elite
52.149.152.236 80 14 min ago
278 ms 33% (53) us United States - Washington Elite
102.67.19.132 8080 14 min ago
4053 ms 7% (56) ng Nigeria - Lagos Elite
118.126.105.133 83 16 min ago
1357 ms 100% (1) cn China - Beijing Elite
159.8.114.37 8123 17 min ago
1821 ms 63% (218) fr France - Clichy Elite
120.79.186.104 8118 20 min ago
1950 ms 16% (183) cn China - Hangzhou Elite
95.38.14.3 8080 43 min ago
4009 ms 21% (102) ir Iran Elite
88.99.10.254 1080 43 min ago
3523 ms 62% (113) de Germany Elite
88.99.10.252 1080 43 min ago
3571 ms 64% (93) de Germany Elite
88.99.10.255 1080 43 min ago
3364 ms 71% (119) de Germany Elite
88.99.10.253 1080 43 min ago
3425 ms 67% (109) de Germany Elite
82.200.233.4 3128 1 hour ago
4388 ms 50% (231) kz Kazakhstan Elite
85.10.219.102 1080 1 hour ago
3363 ms 50% (144) de Germany Elite
85.10.219.103 1080 1 hour ago
3426 ms 46% (136) de Germany Elite
enjoyβ€οΈππ»
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦NMAP TIPS :
#FastTips
> The NMAP script engine is the most powerful and flexible feature of NMAP. It allows users to write simple scripts to automate various network tasks, basically these scripts are written in lua language. Usually NMAP script engine can do many things, such as:
1) Network discovery
This is the basic function of NMAP. Examples include finding the whois information of the target domain name, querying the ownership of the target ip on ARIN, RIPE, or APNIC, finding open ports, SNMP query and listing available NFS/SMB/RPC shares and services .
2) Vulnerability detection
When a new vulnerability is discovered, you want to quickly scan the network to identify vulnerable systems before intruders. Although NMAP is not a comprehensive vulnerability scanner, NSE is powerful enough to handle demanding vulnerability checks. Many vulnerable scripts are already available, and more scripts are planned.
3) Backdoor detection
Many attackers and some automated worms will leave back doors so that they can be re-entered later. Some of them can be detected by NMAP based on regular expressions.
4) Exploit
As a scripting language, NSE can even exploit vulnerabilities, not just find them. The ability to add custom attack scripts may be valuable to some people (especially penetration testers), but it is not intended to develop NMAP into something like the metasploit framework.
5) Do not Ping
The -PN option instructs NMAP to skip the default discovery check and perform a full port scan of the target. This is very useful when scanning hosts protected by firewalls that prevent ping probes.
Syntax: NMAP -PN target
6) Ping scan only
The option -sP tells NMAP to ping only the host. It is very useful when you want to detect which of a batch of IP addresses are reachable. By specifying a specific target, you can get more information, such as the MAC address.
Command: NMAP -sP target
7) TCP SYN scan
Before we start, we must know what a SYN packet is.
Basically a syn package is used to initiate a connection between two hosts.
Send a SYN packet to the target system in TCP SYN ping and listen for the response. This alternative discovery method is useful for hosts that are configured to block standard ICMP ping messages.
8) TCP Ack Ping scan
This type of scan will only scan acknowledgement (ACK) packets.
Option -PA performs TCP Ack Ping scan on the specified host.
Command: NAMP -PA target
9) UDP Ping scan
Option -P performs UDP Ack Ping scan on the specified host
10) ICMP Echo ping
Option -PE will perform ICMP (Internet Control Message Protocol) echo Ping to the specified host.
Command: NMAP -PE target
11) ICMP address mask ping
Option -PM performs ICMP address mask ping.
Command: nmap --PM target
12) List scan
The option -sL will display a list and perform a reverse DNS lookup for the specified IP address.
Syntax: NMAP -sL target
#FastTips
ENJOYβ€οΈππ»
WRITTEN BY
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
The -PS option performs TCP SYN Ping.
Command: NMAP -PS host
π¦NMAP TIPS :
#FastTips
> The NMAP script engine is the most powerful and flexible feature of NMAP. It allows users to write simple scripts to automate various network tasks, basically these scripts are written in lua language. Usually NMAP script engine can do many things, such as:
1) Network discovery
This is the basic function of NMAP. Examples include finding the whois information of the target domain name, querying the ownership of the target ip on ARIN, RIPE, or APNIC, finding open ports, SNMP query and listing available NFS/SMB/RPC shares and services .
2) Vulnerability detection
When a new vulnerability is discovered, you want to quickly scan the network to identify vulnerable systems before intruders. Although NMAP is not a comprehensive vulnerability scanner, NSE is powerful enough to handle demanding vulnerability checks. Many vulnerable scripts are already available, and more scripts are planned.
3) Backdoor detection
Many attackers and some automated worms will leave back doors so that they can be re-entered later. Some of them can be detected by NMAP based on regular expressions.
4) Exploit
As a scripting language, NSE can even exploit vulnerabilities, not just find them. The ability to add custom attack scripts may be valuable to some people (especially penetration testers), but it is not intended to develop NMAP into something like the metasploit framework.
5) Do not Ping
The -PN option instructs NMAP to skip the default discovery check and perform a full port scan of the target. This is very useful when scanning hosts protected by firewalls that prevent ping probes.
Syntax: NMAP -PN target
6) Ping scan only
The option -sP tells NMAP to ping only the host. It is very useful when you want to detect which of a batch of IP addresses are reachable. By specifying a specific target, you can get more information, such as the MAC address.
Command: NMAP -sP target
7) TCP SYN scan
Before we start, we must know what a SYN packet is.
Basically a syn package is used to initiate a connection between two hosts.
Send a SYN packet to the target system in TCP SYN ping and listen for the response. This alternative discovery method is useful for hosts that are configured to block standard ICMP ping messages.
8) TCP Ack Ping scan
This type of scan will only scan acknowledgement (ACK) packets.
Option -PA performs TCP Ack Ping scan on the specified host.
Command: NAMP -PA target
9) UDP Ping scan
Option -P performs UDP Ack Ping scan on the specified host
10) ICMP Echo ping
Option -PE will perform ICMP (Internet Control Message Protocol) echo Ping to the specified host.
Command: NMAP -PE target
11) ICMP address mask ping
Option -PM performs ICMP address mask ping.
Command: nmap --PM target
12) List scan
The option -sL will display a list and perform a reverse DNS lookup for the specified IP address.
Syntax: NMAP -sL target
#FastTips
ENJOYβ€οΈππ»
WRITTEN BY
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
The -PS option performs TCP SYN Ping.
Command: NMAP -PS host
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Change PHP's default Fastcgi mode to ISAPI mode (only run in Windows environment)
#FastTips
1) Download the ZIP file package of PHP, the download address is http://www.php.net (note that the version must correspond)
2) Copy the php4isapi.dll in the sapi directory to the c:\php directory
3) Enter the virtual host "Website Management"-"Virtual Host" of the management platform--In the server settings, modify the PHP mapping to change the original:
.php,C:\PHP\php.exe,5,GET,HEAD,POST,TRACE|
Change Into:
.php,C:\PHP\php4isapi.dll,5,GET,HEAD,POST,TRACE|
4) (Required only for IIS 6) Open the IIS manager, click Web service extension, click the properties of php, "Required File"---Timing--Select "C:\PHP\php4isapi.dll", after confirming, PHP can call.
enjoyβ€οΈππ»
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to Change PHP's default Fastcgi mode to ISAPI mode (only run in Windows environment)
#FastTips
1) Download the ZIP file package of PHP, the download address is http://www.php.net (note that the version must correspond)
2) Copy the php4isapi.dll in the sapi directory to the c:\php directory
3) Enter the virtual host "Website Management"-"Virtual Host" of the management platform--In the server settings, modify the PHP mapping to change the original:
.php,C:\PHP\php.exe,5,GET,HEAD,POST,TRACE|
Change Into:
.php,C:\PHP\php4isapi.dll,5,GET,HEAD,POST,TRACE|
4) (Required only for IIS 6) Open the IIS manager, click Web service extension, click the properties of php, "Required File"---Timing--Select "C:\PHP\php4isapi.dll", after confirming, PHP can call.
enjoyβ€οΈππ»
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Nine practical methods to break through IDS intrusion detection system
The first trick: "/./" string insertion method
In view of the special role of "./", we can insert it into the URL to achieve URL transformation. For example, for /msadc/msadcs.dll, we can rewrite it as /././msadc/././msadcs.dll, /./msadc/.//./msadcs.dll and other forms to disrupt IDS The identification mark analysis engine realizes the purpose of deceiving IDS. Moreover, the URL after the rewrite is equivalent to the unmodified URL. The author has shown through experiments that this method can bypass IDS such as Snort.
The second trick: "00" ASCII code
Some time ago, the Internet upload vulnerability was used to exploit this feature, and everyone must be familiar with it. Its principle is that when the computer processes the string, it automatically truncates at the ASCII code 00. We can rewrite /msadc/msadcs.dll to /msadc/msadcs.dll Iloveheikefangxian, use Winhex to change the space between .dll and Ilove to the ASCII code of 00, save it, and submit it with NC and pipe. In this way, in the view of some IDS, the /msadc/msadcs.dll Iloveheikefangxian is not the same as the string of attack intent specified in its rule set file, so it will be indifferent to the behavior of the attacker. Look! How extensive is the application of the principle of "automatically truncating at ASCII code 00 when the computer processes a string"! From a philosophical point of view, things are related to each other. We should think more and dig out the internal laws, so There will be new discoveries.
The third trick: use the path separator "\"
For web servers like Microsoft's IIS, "\" can also be used as a path separator like "/". Some IDS did not consider the non-standard path separator "\" when setting the rule set file. If we rewrite /msadc/msadcs.dll to \msadc\ msadcs.dll, we can escape snort, because there is no identification mark of \msadc\ msadcs.dll in the snort rule set file. It is worth mentioning that the path separator "\" also has a magical effect, which is the "%5c" violent library method mentioned in the "Hacker Line of Defense" some time ago. "%5c" is the hexadecimal representation of "\".
Fourth trick: hexadecimal encoding
For a character, we can use the escape symbol "%" plus its hexadecimal ASCII code to represent it. For example, the first character "/" in /msadc/msadcs.dll can be expressed as %2F, and the following characters can be expressed by their corresponding hexadecimal ASCII code combined with "%". The URL encoded by this method It is no longer what it was before, and there may be no encoded string in the IDS rule set file, so IDS can be bypassed. But this method is invalid for IDS that uses HTTP preprocessing technology.
The fifth trick. Illegal Unicode encoding
UTF-8 encoding allows the character set to contain more than 256 characters, so it also allows more than 8 bits of encoding. The hexadecimal ASCII code of the "/" character is 2F, and the binary number is 00101111. The standard method for representing 2F in UTF-8 format is still 2F, but multi-byte UTF-8 can also be used to represent 2F. The character "/" can be represented by single-byte, double-byte, and three-byte UTF-8 encoding as shown in the following table:
"/" character representation binary hexadecimal
Single byte 0xxxxxxx 00101111 2F
Double byte 110xxxxx 10xxxxxx 11000000 10101111 C0 AF
Three bytes 1110xxxx 10xxxxxx 10xxxxxx 11100000 10000000 10101111 E0 80 AF
According to this method, we can encode the entire string accordingly. Although the resources that the encoded URLs ultimately point to are all the same, their expressions are different, and the filter string may not exist in the IDS rule set file, thus achieving the goal of breaking IDS.
Sixth trick: redundant coding method
π¦Nine practical methods to break through IDS intrusion detection system
The first trick: "/./" string insertion method
In view of the special role of "./", we can insert it into the URL to achieve URL transformation. For example, for /msadc/msadcs.dll, we can rewrite it as /././msadc/././msadcs.dll, /./msadc/.//./msadcs.dll and other forms to disrupt IDS The identification mark analysis engine realizes the purpose of deceiving IDS. Moreover, the URL after the rewrite is equivalent to the unmodified URL. The author has shown through experiments that this method can bypass IDS such as Snort.
The second trick: "00" ASCII code
Some time ago, the Internet upload vulnerability was used to exploit this feature, and everyone must be familiar with it. Its principle is that when the computer processes the string, it automatically truncates at the ASCII code 00. We can rewrite /msadc/msadcs.dll to /msadc/msadcs.dll Iloveheikefangxian, use Winhex to change the space between .dll and Ilove to the ASCII code of 00, save it, and submit it with NC and pipe. In this way, in the view of some IDS, the /msadc/msadcs.dll Iloveheikefangxian is not the same as the string of attack intent specified in its rule set file, so it will be indifferent to the behavior of the attacker. Look! How extensive is the application of the principle of "automatically truncating at ASCII code 00 when the computer processes a string"! From a philosophical point of view, things are related to each other. We should think more and dig out the internal laws, so There will be new discoveries.
The third trick: use the path separator "\"
For web servers like Microsoft's IIS, "\" can also be used as a path separator like "/". Some IDS did not consider the non-standard path separator "\" when setting the rule set file. If we rewrite /msadc/msadcs.dll to \msadc\ msadcs.dll, we can escape snort, because there is no identification mark of \msadc\ msadcs.dll in the snort rule set file. It is worth mentioning that the path separator "\" also has a magical effect, which is the "%5c" violent library method mentioned in the "Hacker Line of Defense" some time ago. "%5c" is the hexadecimal representation of "\".
Fourth trick: hexadecimal encoding
For a character, we can use the escape symbol "%" plus its hexadecimal ASCII code to represent it. For example, the first character "/" in /msadc/msadcs.dll can be expressed as %2F, and the following characters can be expressed by their corresponding hexadecimal ASCII code combined with "%". The URL encoded by this method It is no longer what it was before, and there may be no encoded string in the IDS rule set file, so IDS can be bypassed. But this method is invalid for IDS that uses HTTP preprocessing technology.
The fifth trick. Illegal Unicode encoding
UTF-8 encoding allows the character set to contain more than 256 characters, so it also allows more than 8 bits of encoding. The hexadecimal ASCII code of the "/" character is 2F, and the binary number is 00101111. The standard method for representing 2F in UTF-8 format is still 2F, but multi-byte UTF-8 can also be used to represent 2F. The character "/" can be represented by single-byte, double-byte, and three-byte UTF-8 encoding as shown in the following table:
"/" character representation binary hexadecimal
Single byte 0xxxxxxx 00101111 2F
Double byte 110xxxxx 10xxxxxx 11000000 10101111 C0 AF
Three bytes 1110xxxx 10xxxxxx 10xxxxxx 11100000 10000000 10101111 E0 80 AF
According to this method, we can encode the entire string accordingly. Although the resources that the encoded URLs ultimately point to are all the same, their expressions are different, and the filter string may not exist in the IDS rule set file, thus achieving the goal of breaking IDS.
Sixth trick: redundant coding method
The redundant coding is also called double decoding. I still remember that the Unicode decoding vulnerabilities and the double decoding vulnerabilities of IIS in 2000-2001 were making a lot of noise. At that time, many friends were confused and thought that the Unicode decoding vulnerabilities were double decoding vulnerabilities. In fact, the two of them are two different things. The author of the former has been mentioned above. Is described in "Illegal Unicode Encoding". The redundant encoding refers to encoding a character multiple times. For example, the "/" character can be represented by %2f, and the "%", "2", and "f" characters in "%2f" can be represented by its ASCII code hexadecimal. According to the mathematical According to the knowledge of permutation and combination, the encoding form is 2 to the 3rd power, so "%2f" can be rewritten as: "%25%32%66", "%252f" and so on to realize the polymorphism of URL. After encoding, The string may not be collected in the IDS rule set file, which can fool some IDS.
Seventh trick. Add false paths
After adding the string "../" to the URL, the directory after the string has no meaning and becomes invalid. Therefore, using the "../" character string can disrupt the identification mark analysis engine and break through the IDS!
Eighth trick: insert multiple slashes
We can use multiple "/" instead of a single "/". The replaced URL will still work as before. For example, the request for /msadc/msadcs.dll can be changed to ////msadc////msadcs.dll. After the author has experimented, this method can bypass some IDS.
Ninth trick: Comprehensive polymorphic coding
Smart, you will know when you read this subtitle. The so-called synthesis is to combine the several polymorphic coding techniques introduced above. In this way, the effect will be better.
> I hope this turirial will learn from you.
written By Undercode
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
Seventh trick. Add false paths
After adding the string "../" to the URL, the directory after the string has no meaning and becomes invalid. Therefore, using the "../" character string can disrupt the identification mark analysis engine and break through the IDS!
Eighth trick: insert multiple slashes
We can use multiple "/" instead of a single "/". The replaced URL will still work as before. For example, the request for /msadc/msadcs.dll can be changed to ////msadc////msadcs.dll. After the author has experimented, this method can bypass some IDS.
Ninth trick: Comprehensive polymorphic coding
Smart, you will know when you read this subtitle. The so-called synthesis is to combine the several polymorphic coding techniques introduced above. In this way, the effect will be better.
> I hope this turirial will learn from you.
written By Undercode
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Nine practical methods to break through IDS intrusion detection system
π¦ALL TERMUX LINUX TOOLS ARE POSTED HERE,
you can search chats
> AND WE POST UPDATED ABOUT THAT
you can search chats
> AND WE POST UPDATED ABOUT THAT
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Termux-Linux Topic 2020 :
WireSpy enables the automation of various WiFi attacks to conduct Man-In-The-Middle-Attacks (MITMAs).
> WireSpy allows attackers to set up quick honeypots to carry out MITMAs. Monitoring and logging functionality is implemented in order to keep records of the victims' traffic/activities. Other tools can be used together with Wirespy to conduct more advanced attacks.
> Two type of attacks are supported at the moment:
1-Evil twin: Force victims to auto-connect to the honeypot by spoofing a "trusted" hotspot (clone an existing access point and de-authenticate its users to force them to transparently connect to the spoofed honeypot).
2-Honeypot: Set up a simple rogue hotspot and wait for clients to connect.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/aress31/wirespy.git
2οΈβ£cd wirespy
3οΈβ£$ chmod +x wirespy.sh
4οΈβ£$ sudo ./wirespy.sh
5οΈβ£commands :
Attacks:
eviltwin > launch an evil twin attack
honeypot > launch a rogue access point attack
Commands:
clear > clear the terminal
help > list available commands
quit|exit > exit the program
apscan > show all wireless access points nearby
leases > display DHCP leases
powerup > power wireless interface up (may cause issues)
start capture > start packet capture (tcpdump)
stop capture > stop packet capture (tcpdump)
status > show modules status
π¦Features :
>Capture victims' traffic.
>MAC address spoofing.
>Set-up honeypot and evil twin attacks.
>Show the list of in range access points.
>Wireless adapter|card|dongle power amplification.
ENJOYβ€οΈππ»
β git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Termux-Linux Topic 2020 :
WireSpy enables the automation of various WiFi attacks to conduct Man-In-The-Middle-Attacks (MITMAs).
> WireSpy allows attackers to set up quick honeypots to carry out MITMAs. Monitoring and logging functionality is implemented in order to keep records of the victims' traffic/activities. Other tools can be used together with Wirespy to conduct more advanced attacks.
> Two type of attacks are supported at the moment:
1-Evil twin: Force victims to auto-connect to the honeypot by spoofing a "trusted" hotspot (clone an existing access point and de-authenticate its users to force them to transparently connect to the spoofed honeypot).
2-Honeypot: Set up a simple rogue hotspot and wait for clients to connect.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1οΈβ£git clone https://github.com/aress31/wirespy.git
2οΈβ£cd wirespy
3οΈβ£$ chmod +x wirespy.sh
4οΈβ£$ sudo ./wirespy.sh
5οΈβ£commands :
Attacks:
eviltwin > launch an evil twin attack
honeypot > launch a rogue access point attack
Commands:
clear > clear the terminal
help > list available commands
quit|exit > exit the program
apscan > show all wireless access points nearby
leases > display DHCP leases
powerup > power wireless interface up (may cause issues)
start capture > start packet capture (tcpdump)
stop capture > stop packet capture (tcpdump)
status > show modules status
π¦Features :
>Capture victims' traffic.
>MAC address spoofing.
>Set-up honeypot and evil twin attacks.
>Show the list of in range access points.
>Wireless adapter|card|dongle power amplification.
ENJOYβ€οΈππ»
β git topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - aress31/wirespy: Framework designed to automate various wireless networks attacks (the project was presented on Pentesterβ¦
Framework designed to automate various wireless networks attacks (the project was presented on Pentester Academy TV's toolbox in 2017). - aress31/wirespy
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A security breach exposed more than 1 million DNA data in the genealogical database GEDmatch
#News
> According to the foreign media BuzzFeed News, on July 19, genealogist lovers who used the GEDmatch website to upload DNA information and find relatives to fill in their genealogy received an unpleasant news. Suddenly, more than 1 million pieces of DNA data that had been hidden were used by the police to find data that partially matched the DNA at the crime scene for the police to search.
> This news undermined the efforts of Verogen, the forensic genetics company that acquired GEDmatch in December, convinced users that it would protect their privacy while pursuing a business based on the use of genetic genealogy to help solve violent crimes.
> The second alert occurred on July 21, when MyHeritage, an Israeli-based genealogy website, announced that some of its users were under phishing attacks to obtain their login information on the site-apparently against the electronic data obtained when GEDmatch was attacked two days ago. Mail address.
> In a statement sent to BuzzFeed News via email and posted on Facebook, Verogen explained that the GEDmatch information that should have been hidden by law enforcement agencies was suddenly uncovered, which is "complicating one of our servers through existing user accounts." Planned for the attack".
"Due to this vulnerability, the permissions of all users were reset, allowing all users to see all files. This situation lasted for about three hours," the statement said. "During this period, users who did not choose to participate in law enforcement matching can perform law enforcement matching. On the contrary, all law enforcement files will be visible to GEDmatch users."
#News
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦A security breach exposed more than 1 million DNA data in the genealogical database GEDmatch
#News
> According to the foreign media BuzzFeed News, on July 19, genealogist lovers who used the GEDmatch website to upload DNA information and find relatives to fill in their genealogy received an unpleasant news. Suddenly, more than 1 million pieces of DNA data that had been hidden were used by the police to find data that partially matched the DNA at the crime scene for the police to search.
> This news undermined the efforts of Verogen, the forensic genetics company that acquired GEDmatch in December, convinced users that it would protect their privacy while pursuing a business based on the use of genetic genealogy to help solve violent crimes.
> The second alert occurred on July 21, when MyHeritage, an Israeli-based genealogy website, announced that some of its users were under phishing attacks to obtain their login information on the site-apparently against the electronic data obtained when GEDmatch was attacked two days ago. Mail address.
> In a statement sent to BuzzFeed News via email and posted on Facebook, Verogen explained that the GEDmatch information that should have been hidden by law enforcement agencies was suddenly uncovered, which is "complicating one of our servers through existing user accounts." Planned for the attack".
"Due to this vulnerability, the permissions of all users were reset, allowing all users to see all files. This situation lasted for about three hours," the statement said. "During this period, users who did not choose to participate in law enforcement matching can perform law enforcement matching. On the contrary, all law enforcement files will be visible to GEDmatch users."
#News
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WeChat domain name anti-blocking technology WeChat domain name is always blocked and intercepted how to solve
#solutions
1) Reports by users and peers
This type of situation occurs most frequently, especially malicious reports made by peers. There is a team dedicated to reporting this section. Through a large number of reports on WeChat, the domain name was blocked.
Solution: Block the report button
If the report button is blocked through technical means, they will have no way to report. We have implemented this solution on WeChat/QQ. After comprehensive testing, customer feedback is still good!
2) There are induced sharing, compulsory attention, etc.
The blocking in this situation is also relatively high, because every link is published on WeChat, WeChat will have a crawler to grab the information of the current webpage. The webpage will be blocked if the above situation occurs.
Solution: detection interface + domain name rotation system
Configure your website, use multiple sets of domain names one and two. For example, if the shared domain name is number one, the number one is called the primary domain name. After clicking it, jump to number two. Before jumping, check if number two has been blocked. The number two inside is called the landing domain name. Usually, the second domain name of whereabouts needs to be prepared a little bit more, the detection interface is always automatically queried, and it is changed if it is sealed. Bulk wholesale domain names donβt cost much.
3) Third, the content on the page violates regulations or induces inTerception caused by being reported
This category means that your product belongs to the HS industry, and this category is also more sensitive in WeChat.
Solution: Jump system
The user clicks on the No. 1 page in WeChat and immediately automatically opens the mobile browser and jumps to your default page. In fact, it is very common for a domain name to be blocked. After all, WeChat is only software and cannot be so smart. There are often many misjudgments. After testing, there are still many ways to prevent domain names from being blocked. Many industries use anti-block codes to be stable for a long time.
4) Four, Tencent and other regular inspections
As mentioned above, when each link is published on WeChat, Tencent will have web page information crawled by a crawler. Some links with relatively large traffic are usually repeatedly crawled by Tencent, because the frequency is too high to lead to the domain name link Blocked.
Solution: Block detection
In layman's terms, we found that Tencent's IP had come in, so we filtered it out and led him to another place, where we showed them normal content. This workload is also very huge, because Tencent's computer rooms are widely distributed.
Well, the above are some anti-sealing strategies and methods organized here.
Here are a few protection platforms for everyone to choose from, because our two levels of advertising are too big, and we have also found many anti-seal and anti-red on the Internet. These are all cooperative,
>Booker Anti-Red Short URL
>Paparazzi domain name anti-blocking
> Jingyun Anti-Red Short Link
> Pegasus Red
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦WeChat domain name anti-blocking technology WeChat domain name is always blocked and intercepted how to solve
#solutions
1) Reports by users and peers
This type of situation occurs most frequently, especially malicious reports made by peers. There is a team dedicated to reporting this section. Through a large number of reports on WeChat, the domain name was blocked.
Solution: Block the report button
If the report button is blocked through technical means, they will have no way to report. We have implemented this solution on WeChat/QQ. After comprehensive testing, customer feedback is still good!
2) There are induced sharing, compulsory attention, etc.
The blocking in this situation is also relatively high, because every link is published on WeChat, WeChat will have a crawler to grab the information of the current webpage. The webpage will be blocked if the above situation occurs.
Solution: detection interface + domain name rotation system
Configure your website, use multiple sets of domain names one and two. For example, if the shared domain name is number one, the number one is called the primary domain name. After clicking it, jump to number two. Before jumping, check if number two has been blocked. The number two inside is called the landing domain name. Usually, the second domain name of whereabouts needs to be prepared a little bit more, the detection interface is always automatically queried, and it is changed if it is sealed. Bulk wholesale domain names donβt cost much.
3) Third, the content on the page violates regulations or induces inTerception caused by being reported
This category means that your product belongs to the HS industry, and this category is also more sensitive in WeChat.
Solution: Jump system
The user clicks on the No. 1 page in WeChat and immediately automatically opens the mobile browser and jumps to your default page. In fact, it is very common for a domain name to be blocked. After all, WeChat is only software and cannot be so smart. There are often many misjudgments. After testing, there are still many ways to prevent domain names from being blocked. Many industries use anti-block codes to be stable for a long time.
4) Four, Tencent and other regular inspections
As mentioned above, when each link is published on WeChat, Tencent will have web page information crawled by a crawler. Some links with relatively large traffic are usually repeatedly crawled by Tencent, because the frequency is too high to lead to the domain name link Blocked.
Solution: Block detection
In layman's terms, we found that Tencent's IP had come in, so we filtered it out and led him to another place, where we showed them normal content. This workload is also very huge, because Tencent's computer rooms are widely distributed.
Well, the above are some anti-sealing strategies and methods organized here.
Here are a few protection platforms for everyone to choose from, because our two levels of advertising are too big, and we have also found many anti-seal and anti-red on the Internet. These are all cooperative,
>Booker Anti-Red Short URL
>Paparazzi domain name anti-blocking
> Jingyun Anti-Red Short Link
> Pegasus Red
ENJOYβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β