β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Basic technology to realize system security
All ways for Login to your account = Authentication mechanism
1) Password
Confirm a user's identity symbol string of
security passwords: the brute-force attack is not feasible, the system restricts access to the plaintext password table, encrypted password file
2) Illegally obtaining passwords
exhaustive experience try search system password table, asking the user program interception, dictionary / A Probability search
< to select a password
character type, length, to avoid the conventional word, the secret password protection, one-time password
3) encryption password
for Password/password file encryption, traditional encryption method, one-way encryption method
4) Problems
with password authentication mechanism Trojan Horse (Trojan Horse)
Like malicious programs such as viruses and worms, Trojan Horses also delete or modify files, format hard drives, upload and download files, harass users, and expel other malicious programs. Program
Trojan horses also have their unique characteristics-stealing content, remote control-which makes them the most dangerous malware.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ Basic technology to realize system security
All ways for Login to your account = Authentication mechanism
1) Password
Confirm a user's identity symbol string of
security passwords: the brute-force attack is not feasible, the system restricts access to the plaintext password table, encrypted password file
2) Illegally obtaining passwords
exhaustive experience try search system password table, asking the user program interception, dictionary / A Probability search
< to select a password
character type, length, to avoid the conventional word, the secret password protection, one-time password
3) encryption password
for Password/password file encryption, traditional encryption method, one-way encryption method
4) Problems
with password authentication mechanism Trojan Horse (Trojan Horse)
Like malicious programs such as viruses and worms, Trojan Horses also delete or modify files, format hard drives, upload and download files, harass users, and expel other malicious programs. Program
Trojan horses also have their unique characteristics-stealing content, remote control-which makes them the most dangerous malware.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to detect a hidden Trojan ?
the status of the Trojan in communication
1) When you browse a website, it is normal that some advertisement windows pop up Things, but if you didn't open the browser at all, and the browser suddenly opened by itself and entered a certain website, then you have to be careful.
2) You are operating a computer, and suddenly a warning box or a question box pops up, asking some questions you have never touched on the computer.
3) Your Windows system configuration is always automatically and inexplicably changed. For example, the text displayed on the screensaver, time and date, sound size, mouse sensitivity, and CD-ROM automatic operation configuration.
4) The hard disk always reads the disk for no reason, the floppy drive light often turns on by itself, and the network connection and mouse screen appear abnormal.
π¦Emergency measures after infection
1) All accounts and passwords must be changed immediately, such as dial-up connection, ICQ, mIRC, FTP, your personal site, free email, etc., wherever a password is required, you must change the password Change it as soon as possible.
2) Delete all the things that did not exist on your hard disk.
3) Antivirus, check whether there is a virus on the hard disk once.
Written by
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to detect a hidden Trojan ?
the status of the Trojan in communication
1) When you browse a website, it is normal that some advertisement windows pop up Things, but if you didn't open the browser at all, and the browser suddenly opened by itself and entered a certain website, then you have to be careful.
2) You are operating a computer, and suddenly a warning box or a question box pops up, asking some questions you have never touched on the computer.
3) Your Windows system configuration is always automatically and inexplicably changed. For example, the text displayed on the screensaver, time and date, sound size, mouse sensitivity, and CD-ROM automatic operation configuration.
4) The hard disk always reads the disk for no reason, the floppy drive light often turns on by itself, and the network connection and mouse screen appear abnormal.
π¦Emergency measures after infection
1) All accounts and passwords must be changed immediately, such as dial-up connection, ICQ, mIRC, FTP, your personal site, free email, etc., wherever a password is required, you must change the password Change it as soon as possible.
2) Delete all the things that did not exist on your hard disk.
3) Antivirus, check whether there is a virus on the hard disk once.
Written by
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦IDEAs & NOTE FOR BEGINERS :
#forBeginers
1) Worms (Worms)
network worms spread from one system to another through a network connection
. The network mechanism used by the worm to complete its own replication.
E-mail mechanism.
Remote execution capability.
Remote login capability. The
process of worm reproduction.
Check the host table or similar place where the remote system address is stored. Search for the system to be infected,
establish a connection with the remote host,
copy yourself into the remote system and run the copy of the
2) computer virus (Viruses), the
biological concept of a virus,
small DNA or RNA gene segments
According to statistics, as of 2000.11, there are a total of more than 55,000
viruses with the characteristics of
viruses.
Antivirus methods
π§ββοΈComputer viruses (referred to as viruses) are programs that can infect other programs. The main characteristics of viruses are as follows:
β Dependence.
β‘ The virus is contagious.
β’ The virus is latent.
β£ Viruses are destructive.
β€ The virus is targeted.
π§ββοΈThe structural :
-boot module of the virus is responsible for guiding the virus to the memory, protecting the corresponding storage space to prevent it from being overwritten by other programs, and modifying some necessary system parameters to prepare for the activation of the virus.
-The infection module is responsible for infecting viruses to other computer programs. It is the core of the entire virus program and consists of two parts: one part judges whether the infection conditions are met, and the other part implements the infection.
-The performance module virus trigger condition determines
the specific performance part of some viruses.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦IDEAs & NOTE FOR BEGINERS :
#forBeginers
1) Worms (Worms)
network worms spread from one system to another through a network connection
. The network mechanism used by the worm to complete its own replication.
E-mail mechanism.
Remote execution capability.
Remote login capability. The
process of worm reproduction.
Check the host table or similar place where the remote system address is stored. Search for the system to be infected,
establish a connection with the remote host,
copy yourself into the remote system and run the copy of the
2) computer virus (Viruses), the
biological concept of a virus,
small DNA or RNA gene segments
According to statistics, as of 2000.11, there are a total of more than 55,000
viruses with the characteristics of
viruses.
Antivirus methods
π§ββοΈComputer viruses (referred to as viruses) are programs that can infect other programs. The main characteristics of viruses are as follows:
β Dependence.
β‘ The virus is contagious.
β’ The virus is latent.
β£ Viruses are destructive.
β€ The virus is targeted.
π§ββοΈThe structural :
-boot module of the virus is responsible for guiding the virus to the memory, protecting the corresponding storage space to prevent it from being overwritten by other programs, and modifying some necessary system parameters to prepare for the activation of the virus.
-The infection module is responsible for infecting viruses to other computer programs. It is the core of the entire virus program and consists of two parts: one part judges whether the infection conditions are met, and the other part implements the infection.
-The performance module virus trigger condition determines
the specific performance part of some viruses.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME 2020 ANDROID/IOS HACKING APPS :
https://github.com/wszf/androrat
https://www.zimperium.com/zanti-mobile-penetration-testing
https://f-droid.org/en/packages/org.csploit.android/
https://www.cydiahacks.net/xsellize-repo-source.html
(ios cracked cydia repo)
https://github.com/BishopFox/iSpy
https://github.com/GeoSn0w/Myriam
https://github.com/S3Jensen/iRET
https://extigy.github.io/repo/
https://itunes.apple.com/us/app/iweppro-wifi-passwords-generator/id578135585?mt=8
https://github.com/GeoSn0w/Myriam
https://github.com/BishopFox/iSpy
https://github.com/BishopFox/firecat
https://www.highsterspyapp.com/
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦SOME 2020 ANDROID/IOS HACKING APPS :
https://github.com/wszf/androrat
https://www.zimperium.com/zanti-mobile-penetration-testing
https://f-droid.org/en/packages/org.csploit.android/
https://www.cydiahacks.net/xsellize-repo-source.html
(ios cracked cydia repo)
https://github.com/BishopFox/iSpy
https://github.com/GeoSn0w/Myriam
https://github.com/S3Jensen/iRET
https://extigy.github.io/repo/
https://itunes.apple.com/us/app/iweppro-wifi-passwords-generator/id578135585?mt=8
https://github.com/GeoSn0w/Myriam
https://github.com/BishopFox/iSpy
https://github.com/BishopFox/firecat
https://www.highsterspyapp.com/
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - wszf/androrat: androrat
androrat. Contribute to wszf/androrat development by creating an account on GitHub.
#BugBounty_β_API_keys_leakage,Source_code_disclosure_in_Indiaβslargest.pdf
313.9 KB
Back with a long pending vulnerability that I found during my bug bounty hunt, though a late blog but I found it worth sharing. I have found this vulnerability in Indiaβs largest online health platform website.
By this vulnerability, I was able to read source code of the application , sensitive les like webcong where I got APIs key of mail server, sms, payment gateway etc and further I was also able to use these mail server key to send mail from thei..
By this vulnerability, I was able to read source code of the application , sensitive les like webcong where I got APIs key of mail server, sms, payment gateway etc and further I was also able to use these mail server key to send mail from thei..
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦anti-virus software development process :
A) Simple Scanners
1)Use virus signatures to identify viruses.
2) Use signature string scanning to detect
3) changes in file lengths of known viruses.
B) Second generation: Heuristic Scanners
1) Use heuristic rules to search for possible virus infections.
Search for code segments that are often related to viruses, such as the beginning part of the encryption cycle used in deformed viruses.
Integrity checking: program checksum (checksum), the
2) third generation of Hash function οΌActivity Traps
3) TSR to identify the virus infection through behavioral rather than structural program
4) does not require the development of a large number of virus signatures and heuristic rules, so long as the behavior of the virus to identify a small set of
5) fourth generation: full protection (Full-featured Protection)
various anti Comprehensive application of virus technology
scanning
> behavior capture
> access control
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦anti-virus software development process :
A) Simple Scanners
1)Use virus signatures to identify viruses.
2) Use signature string scanning to detect
3) changes in file lengths of known viruses.
B) Second generation: Heuristic Scanners
1) Use heuristic rules to search for possible virus infections.
Search for code segments that are often related to viruses, such as the beginning part of the encryption cycle used in deformed viruses.
Integrity checking: program checksum (checksum), the
2) third generation of Hash function οΌActivity Traps
3) TSR to identify the virus infection through behavioral rather than structural program
4) does not require the development of a large number of virus signatures and heuristic rules, so long as the behavior of the virus to identify a small set of
5) fourth generation: full protection (Full-featured Protection)
various anti Comprehensive application of virus technology
scanning
> behavior capture
> access control
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Use Azure Functions to play serverless :
#Fasttips
Serverless&Azure Functions
1) With serverless computing, developers do not need to manage the infrastructure, so they can build applications faster. With serverless applications, the cloud service provider will automatically provision, scale, and manage the infrastructure required to run the code.
2) To understand the definition of serverless computing, it is important to note that the server is still running code.
3) The server name comes from the fact that the tasks associated with infrastructure provisioning and management are not visible to developers.
4) This approach allows developers to focus more on business logic and deliver more value to the core of the business. Serverless computing can help teams increase productivity, bring products to market faster, and allow organizations to better optimize resources and stay focused on innovation.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Use Azure Functions to play serverless :
#Fasttips
Serverless&Azure Functions
1) With serverless computing, developers do not need to manage the infrastructure, so they can build applications faster. With serverless applications, the cloud service provider will automatically provision, scale, and manage the infrastructure required to run the code.
2) To understand the definition of serverless computing, it is important to note that the server is still running code.
3) The server name comes from the fact that the tasks associated with infrastructure provisioning and management are not visible to developers.
4) This approach allows developers to focus more on business logic and deliver more value to the core of the business. Serverless computing can help teams increase productivity, bring products to market faster, and allow organizations to better optimize resources and stay focused on innovation.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Access control
1) Each file in the directory has a unique file owner, which has most access permissions, and can also authorize and revoke files.
2) In order to prevent forged access to files, the system does not allow any user to write to the file directory. All file directories can only be maintained through the operating system controlled by the main file command. Users can perform reasonable directory operations through the system, but users are prohibited from directly accessing the directories.
3) Access Control List An access control list is a type of data structure used to record all subjects and access methods that can access the entity.
Each entity corresponds to an access control table, which lists all the subjects and access methods that can access the entity.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Access control
1) Each file in the directory has a unique file owner, which has most access permissions, and can also authorize and revoke files.
2) In order to prevent forged access to files, the system does not allow any user to write to the file directory. All file directories can only be maintained through the operating system controlled by the main file command. Users can perform reasonable directory operations through the system, but users are prohibited from directly accessing the directories.
3) Access Control List An access control list is a type of data structure used to record all subjects and access methods that can access the entity.
Each entity corresponds to an access control table, which lists all the subjects and access methods that can access the entity.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦basic Shell commands
1) Basic commands
View relevant Shell operation commands under Hadoop.
[root@hop01 hadoop2.7]# bin/hadoop fs
[root@hop01 hadoop2.7]# bin/hdfs dfs
dfs is the implementation class of fs
2) View the command description
[root@hop01 hadoop2.7]# hadoop fs -help ls
3) Recursively create directories
[root@hop01 hadoop2.7]# hadoop fs -mkdir -p /hopdir/myfile
4) View the catalog
[root@hop01 hadoop2.7]# hadoop fs -ls /
[root@hop01 hadoop2.7]# hadoop fs -ls /hopdir
5) Cut and paste files
hadoop fs -moveFromLocal /opt/hopfile/java.txt /hopdir/myfile
hadoop fs -ls /hopdir/myfile
6) ew file content
hadoop fs -cat /hopdir/myfile/java.txt
hadoop fs -tail /hopdir/myfile/java.txt
7) Append file content
hadoop fs -appendToFile /opt/hopfile/c++.txt /hopdir/myfile/java.txt
8) Copy files
The copyFromLocal command is the same as the put command
hadoop fs -copyFromLocal /opt/hopfile/c++.txt /hopdir
9) Copy HDFS files to local
hadoop fs -copyToLocal /hopdir/myfile/java.txt /opt/hopfile/
10) Copy files in HDFS
hadoop fs -cp /hopdir/myfile/java.txt /hopdir
11) Move files in HDFS
hadoop fs -mv /hopdir/c++.txt /hopdir/myfile
12) Merge and download multiple files
The basic commands get and copyToLocal commands have the same effect.
hadoop fs -getmerge /hopdir/myfile/* /opt/merge.txt
13) delete files
hadoop fs -rm /hopdir/myfile/java.txt
14) View folder information
hadoop fs -du -s -h /hopdir/myfile
15) delete the folder
bin/hdfs dfs -rm -r /hopdir/file0703
written by
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦basic Shell commands
1) Basic commands
View relevant Shell operation commands under Hadoop.
[root@hop01 hadoop2.7]# bin/hadoop fs
[root@hop01 hadoop2.7]# bin/hdfs dfs
dfs is the implementation class of fs
2) View the command description
[root@hop01 hadoop2.7]# hadoop fs -help ls
3) Recursively create directories
[root@hop01 hadoop2.7]# hadoop fs -mkdir -p /hopdir/myfile
4) View the catalog
[root@hop01 hadoop2.7]# hadoop fs -ls /
[root@hop01 hadoop2.7]# hadoop fs -ls /hopdir
5) Cut and paste files
hadoop fs -moveFromLocal /opt/hopfile/java.txt /hopdir/myfile
hadoop fs -ls /hopdir/myfile
6) ew file content
hadoop fs -cat /hopdir/myfile/java.txt
hadoop fs -tail /hopdir/myfile/java.txt
7) Append file content
hadoop fs -appendToFile /opt/hopfile/c++.txt /hopdir/myfile/java.txt
8) Copy files
The copyFromLocal command is the same as the put command
hadoop fs -copyFromLocal /opt/hopfile/c++.txt /hopdir
9) Copy HDFS files to local
hadoop fs -copyToLocal /hopdir/myfile/java.txt /opt/hopfile/
10) Copy files in HDFS
hadoop fs -cp /hopdir/myfile/java.txt /hopdir
11) Move files in HDFS
hadoop fs -mv /hopdir/c++.txt /hopdir/myfile
12) Merge and download multiple files
The basic commands get and copyToLocal commands have the same effect.
hadoop fs -getmerge /hopdir/myfile/* /opt/merge.txt
13) delete files
hadoop fs -rm /hopdir/myfile/java.txt
14) View folder information
hadoop fs -du -s -h /hopdir/myfile
15) delete the folder
bin/hdfs dfs -rm -r /hopdir/file0703
written by
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MySQL data is synchronized to ES search engine in full and incremental mode :
#ProTips
configuration full text by Undercode
/usr/local/logstash/sync-config/cicadaes.conf
input {
stdin {}
jdbc {
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/cicada?characterEncoding=utf8"
jdbc_user => "root"
jdbc_password => "root123"
jdbc_driver_library => "/usr/local/logstash/sync-config/mysql-connector-java-5.1.13.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_paging_enabled => "true"
jdbc_page_size => "50000"
jdbc_default_timezone => "Asia/Shanghai"
statement_filepath => "/usr/local/logstash/sync-config/user_sql.sql"
schedule => "* * * * *"
type => "User"
lowercase_column_names => false
record_last_run => true
use_column_value => true
tracking_column => "updateTime"
tracking_column_type => "timestamp"
last_run_metadata_path => "/usr/local/logstash/sync-config/user_last_time"
clean_run => false
}
jdbc {
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/cicada?characterEncoding=utf8"
jdbc_user => "root"
jdbc_password => "root123"
jdbc_driver_library => "/usr/local/logstash/sync-config/mysql-connector-java-5.1.13.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_paging_enabled => "true"
jdbc_page_size => "50000"
jdbc_default_timezone => "Asia/undercode"
statement_filepath => "/usr/local/logstash/sync-config/log_sql.sql"
schedule => "* * * * *"
type => "Log"
lowercase_column_names => false
record_last_run => true
use_column_value => true
tracking_column => "updateTime"
tracking_column_type => "timestamp"
last_run_metadata_path => "/usr/local/logstash/sync-config/log_last_time"
clean_run => false
}
}
filter {
json {
source => "message"
remove_field => ["message"]
}
}
output {
if [type] == "User" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "cicada_user_search"
document_type => "user_search_index"
}
}
if [type] == "Log" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "cicada_log_search"
document_type => "log_search_index"
}
}
}
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦MySQL data is synchronized to ES search engine in full and incremental mode :
#ProTips
configuration full text by Undercode
/usr/local/logstash/sync-config/cicadaes.conf
input {
stdin {}
jdbc {
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/cicada?characterEncoding=utf8"
jdbc_user => "root"
jdbc_password => "root123"
jdbc_driver_library => "/usr/local/logstash/sync-config/mysql-connector-java-5.1.13.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_paging_enabled => "true"
jdbc_page_size => "50000"
jdbc_default_timezone => "Asia/Shanghai"
statement_filepath => "/usr/local/logstash/sync-config/user_sql.sql"
schedule => "* * * * *"
type => "User"
lowercase_column_names => false
record_last_run => true
use_column_value => true
tracking_column => "updateTime"
tracking_column_type => "timestamp"
last_run_metadata_path => "/usr/local/logstash/sync-config/user_last_time"
clean_run => false
}
jdbc {
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/cicada?characterEncoding=utf8"
jdbc_user => "root"
jdbc_password => "root123"
jdbc_driver_library => "/usr/local/logstash/sync-config/mysql-connector-java-5.1.13.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_paging_enabled => "true"
jdbc_page_size => "50000"
jdbc_default_timezone => "Asia/undercode"
statement_filepath => "/usr/local/logstash/sync-config/log_sql.sql"
schedule => "* * * * *"
type => "Log"
lowercase_column_names => false
record_last_run => true
use_column_value => true
tracking_column => "updateTime"
tracking_column_type => "timestamp"
last_run_metadata_path => "/usr/local/logstash/sync-config/log_last_time"
clean_run => false
}
}
filter {
json {
source => "message"
remove_field => ["message"]
}
}
output {
if [type] == "User" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "cicada_user_search"
document_type => "user_search_index"
}
}
if [type] == "Log" {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "cicada_log_search"
document_type => "log_search_index"
}
}
}
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β