β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Website Hacking β The Most Common Techniques
SQL Injection attacks. SQL Injection attack is the most
common website hacking technique.
Cross Site Scripting (XSS)
Denial of Service (DoS/DDoS)
Cross-site request forgery (CSRF or XSRF)
DNS Spoofing (DNS cache poisoning)
Social engineering techniques.
Non-targeted website hacking.
#fastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Website Hacking β The Most Common Techniques
SQL Injection attacks. SQL Injection attack is the most
common website hacking technique.
Cross Site Scripting (XSS)
Denial of Service (DoS/DDoS)
Cross-site request forgery (CSRF or XSRF)
DNS Spoofing (DNS cache poisoning)
Social engineering techniques.
Non-targeted website hacking.
#fastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Exploitation of the blind command injection vulnerability
#FastTips
1) A command injection (also known as remote code execution) vulnerability allows commands to be executed at the operating system level. Such vulnerabilities can be found in web applications, routers.
2) A detailed description of this vulnerability and methods of exploitation are described in the article " OS Command Injection : Concept, Operation, Automated Vulnerability Search".
3) mentions the blind command injection vulnerability and shows examples of its exploitation. However, the blind vulnerability is harder to understand and slightly harder to exploit - instead of injecting a payload and watching the results right in a browser window or console, you need to use a third-party web server.
βββββββββββββββββββββββ-
π¦For training we need:
1) machine with web server and vulnerable web application
2) attacker's web server - it could be a second machine on the local network or your hosting
The following script will execute the role of the vulnerable application:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>undercode </title>
</head>
<body>
<form>
<input name="message" type="text" />
<input type="submit">
</form>
<?php
if (isset($_GET["message"])) {
exec ('echo ' . $_GET["message"] . ' >> /tmp/messages');
}
?>
</body>
</html>
written
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Exploitation of the blind command injection vulnerability
#FastTips
1) A command injection (also known as remote code execution) vulnerability allows commands to be executed at the operating system level. Such vulnerabilities can be found in web applications, routers.
2) A detailed description of this vulnerability and methods of exploitation are described in the article " OS Command Injection : Concept, Operation, Automated Vulnerability Search".
3) mentions the blind command injection vulnerability and shows examples of its exploitation. However, the blind vulnerability is harder to understand and slightly harder to exploit - instead of injecting a payload and watching the results right in a browser window or console, you need to use a third-party web server.
βββββββββββββββββββββββ-
π¦For training we need:
1) machine with web server and vulnerable web application
2) attacker's web server - it could be a second machine on the local network or your hosting
The following script will execute the role of the vulnerable application:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>undercode </title>
</head>
<body>
<form>
<input name="message" type="text" />
<input type="submit">
</form>
<?php
if (isset($_GET["message"])) {
exec ('echo ' . $_GET["message"] . ' >> /tmp/messages');
}
?>
</body>
</html>
written
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is Capture the Flag - CTF ?
#FastTips
-CTFβs (capture the ο¬ag) are computer security/hacking competitions which generally consist of participants breaking, investigating, reverse engineering and doing anything they can to reach the end goal, a βο¬agβ which is usually found as a string of text.
-DEF CON hosts what is the most widely known and ο¬rst major CTF, occuring annualy at the hacking conference in Las Vegas. Many different competitions have branched off since then, and numerous ones are available year round. One of the best places to see when CTFs are being scheduled is ctftime, an active website with calendars and team rankings.
wiki source
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is Capture the Flag - CTF ?
#FastTips
-CTFβs (capture the ο¬ag) are computer security/hacking competitions which generally consist of participants breaking, investigating, reverse engineering and doing anything they can to reach the end goal, a βο¬agβ which is usually found as a string of text.
-DEF CON hosts what is the most widely known and ο¬rst major CTF, occuring annualy at the hacking conference in Las Vegas. Many different competitions have branched off since then, and numerous ones are available year round. One of the best places to see when CTFs are being scheduled is ctftime, an active website with calendars and team rankings.
wiki source
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Finding a CTF :
If you ever wanted to start running, you were probably encouraged to sign up to a 5k to keep focused on a goal. The same principle applies here: pick a CTF in the near future that you want to compete in and come up with a practice schedule. Here are some CTFs that we can recommend:
1) PicoCTF and PlaidCTF by CMU
2) HSCTF is made for high school students
3) Ghost in the Shellcode (GitS)
4) CSAW CTF by NYU-Poly
5) UCSB iCTF is for academics only
6) Defcon CTF
#fastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Finding a CTF :
If you ever wanted to start running, you were probably encouraged to sign up to a 5k to keep focused on a goal. The same principle applies here: pick a CTF in the near future that you want to compete in and come up with a practice schedule. Here are some CTFs that we can recommend:
1) PicoCTF and PlaidCTF by CMU
2) HSCTF is made for high school students
3) Ghost in the Shellcode (GitS)
4) CSAW CTF by NYU-Poly
5) UCSB iCTF is for academics only
6) Defcon CTF
#fastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Overview of Android hierarchical security architecture and core components :
#FastTips
The Android system inherits the security features of the Linux open source operating system and uses a hierarchical approach to ensure system security. This article will introduce the Android hierarchical security architecture and its core components in detail.
1) The Android system inherits the security features of the Linux open source operating system and uses a hierarchical approach to ensure system security.
Android uses Linux 2.6 as the operating system, Linux 2.6 is a standard technology, and Linux is also an open operating system. Android's use of the operating system includes two parts: the core and the driver. The Linux core of Android is the standard Linux 2.6 kernel. Android needs more drivers related to mobile devices.
π¦The main drivers are as follows:
Display driver (DisplayDriver): commonly used Linux-based frame buffer (Frame Buffer) driver
Flash memory driver (FlashMemory Driver)
Camera driver (CameraDriver): commonly used Linux-based v4l (Video for) driver.
Audio Driver (AudioDriver): commonly used based on ALSA (Advanced Linux Sound Arc..
2) Various libraries (Libraries) and Android runtime environment (RunTime)
This level corresponds to the general embedded system and is equivalent to the middleware level. This level of Android is divided into two parts, one is various libraries, and the other is the Android runtime environment. The content of this layer is mostly implemented in C++. Among them, various libraries include:
C library: The standard library of C language, which is also one of the lowest level libraries in the system.
3) Application Framework (ApplicationFramework)
The Android application framework provides APIs for developers at the application layer. It is actually an application framework. Since the upper-level application is built in JAVA, the first level provided by this level includes the various controls needed in the UI program: for example: Views (view components) include lists (list), grids (grid), textboxes Text box), buttons (buttons), etc., and even an embedded Web browser. An Android application can make use of the following parts in the application framework: Activity, Broadcast IntentReceiver, Service, Content Provider.
4) Application
Android applications are mainly user interface (UserInterface), usually written in JAVA program, which can also contain various resource files (placed in the res directory). After the JAVA program and related resources are compiled, an APK package will be generated. Android itself provides many core applications such as the home screen (Home), contacts (Contact), phone (Phone), browser (Browsers) and so on. At the same time, application developers can also use the API of the application framework layer to implement their own programs.
#FastTips
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Overview of Android hierarchical security architecture and core components :
#FastTips
The Android system inherits the security features of the Linux open source operating system and uses a hierarchical approach to ensure system security. This article will introduce the Android hierarchical security architecture and its core components in detail.
1) The Android system inherits the security features of the Linux open source operating system and uses a hierarchical approach to ensure system security.
Android uses Linux 2.6 as the operating system, Linux 2.6 is a standard technology, and Linux is also an open operating system. Android's use of the operating system includes two parts: the core and the driver. The Linux core of Android is the standard Linux 2.6 kernel. Android needs more drivers related to mobile devices.
π¦The main drivers are as follows:
Display driver (DisplayDriver): commonly used Linux-based frame buffer (Frame Buffer) driver
Flash memory driver (FlashMemory Driver)
Camera driver (CameraDriver): commonly used Linux-based v4l (Video for) driver.
Audio Driver (AudioDriver): commonly used based on ALSA (Advanced Linux Sound Arc..
2) Various libraries (Libraries) and Android runtime environment (RunTime)
This level corresponds to the general embedded system and is equivalent to the middleware level. This level of Android is divided into two parts, one is various libraries, and the other is the Android runtime environment. The content of this layer is mostly implemented in C++. Among them, various libraries include:
C library: The standard library of C language, which is also one of the lowest level libraries in the system.
3) Application Framework (ApplicationFramework)
The Android application framework provides APIs for developers at the application layer. It is actually an application framework. Since the upper-level application is built in JAVA, the first level provided by this level includes the various controls needed in the UI program: for example: Views (view components) include lists (list), grids (grid), textboxes Text box), buttons (buttons), etc., and even an embedded Web browser. An Android application can make use of the following parts in the application framework: Activity, Broadcast IntentReceiver, Service, Content Provider.
4) Application
Android applications are mainly user interface (UserInterface), usually written in JAVA program, which can also contain various resource files (placed in the res directory). After the JAVA program and related resources are compiled, an APK package will be generated. Android itself provides many core applications such as the home screen (Home), contacts (Contact), phone (Phone), browser (Browsers) and so on. At the same time, application developers can also use the API of the application framework layer to implement their own programs.
#FastTips
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦VECTOR IN C++:
#FastTips
1) Assigning a Vector during Construction
During construction, an empty vector can be created while another one is assigned to it, as follows:
vector <float> vtr1{1.1, 2.2, 3.3, 4.4};
vector <float> vtr2 =vtr1;
2) The second statement is equivalent to:
vector <float> vtr2 = {1.1, 2.2, 3.3, 4.4};
const Vector
3) A const vector is a vector whose elements cannot be changed. The values in this vector are read-only. When created, the vector appears as follows:
const vector <float> vtr{1.1, 2.2, 3.3, 4.4};
4) In this vector type, no element can be added or removed. Moreover, no value can be changed.
π¦Constructing with Iterator
1) A template provides a generic representation for a data type. An iterator provides a generic representation of scanning through the values of a container. The syntax to create a vector with an iterator is as follows:
template<class InputIterator>
vector(InputIterator first, InputIterator last,const Allocator& = Allocator());
2) This constructs a vector for the range [first, last) using the specified allocator, which will be discussed later in this article.
3) Destroying a Vector
To destroy a vector, simply allow it to go out of scope and destroy is handled automatically.
Vector Capacity
size_type capacity() const noexcept
4) The total number of elements the vector can hold without requiring reallocation is returned by the capacity member function. A code segment for this is as follows:
vector <float> vtr(4);
int num = vtr.capacity();
cout << num << '\n';
The output is 4.
reserve(n)
5) Memory space is not always freely available. Extra space can be reserved in advance. Consider the following code segment:
vector <float> vtr(4);
vtr.reserve(6);
cout << vtr.capacity() << '\n';
6) The output is 6. So, the extra space reserved is 6 β 4 = 2 elements. The function returns void.
size() const noexcept
This returns the number of elements in the vector. The following code illustrates this function:
vector <float> vtr(4);
float sz = vtr.size();
cout << sz << '\n';
The output is 4.
shrink_to_fit()
After giving extra capacity to a vector with the reserve() function, the vector can be sized down to fit to its original size. The following code illustrates this:
vector <float> vtr(4);
vtr.reserve(6);
vtr.shrink_to_fit();
int sz = vtr.size();
cout << sz << '\n';
The output is 4 and not 6. The function returns void.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦VECTOR IN C++:
#FastTips
1) Assigning a Vector during Construction
During construction, an empty vector can be created while another one is assigned to it, as follows:
vector <float> vtr1{1.1, 2.2, 3.3, 4.4};
vector <float> vtr2 =vtr1;
2) The second statement is equivalent to:
vector <float> vtr2 = {1.1, 2.2, 3.3, 4.4};
const Vector
3) A const vector is a vector whose elements cannot be changed. The values in this vector are read-only. When created, the vector appears as follows:
const vector <float> vtr{1.1, 2.2, 3.3, 4.4};
4) In this vector type, no element can be added or removed. Moreover, no value can be changed.
π¦Constructing with Iterator
1) A template provides a generic representation for a data type. An iterator provides a generic representation of scanning through the values of a container. The syntax to create a vector with an iterator is as follows:
template<class InputIterator>
vector(InputIterator first, InputIterator last,const Allocator& = Allocator());
2) This constructs a vector for the range [first, last) using the specified allocator, which will be discussed later in this article.
3) Destroying a Vector
To destroy a vector, simply allow it to go out of scope and destroy is handled automatically.
Vector Capacity
size_type capacity() const noexcept
4) The total number of elements the vector can hold without requiring reallocation is returned by the capacity member function. A code segment for this is as follows:
vector <float> vtr(4);
int num = vtr.capacity();
cout << num << '\n';
The output is 4.
reserve(n)
5) Memory space is not always freely available. Extra space can be reserved in advance. Consider the following code segment:
vector <float> vtr(4);
vtr.reserve(6);
cout << vtr.capacity() << '\n';
6) The output is 6. So, the extra space reserved is 6 β 4 = 2 elements. The function returns void.
size() const noexcept
This returns the number of elements in the vector. The following code illustrates this function:
vector <float> vtr(4);
float sz = vtr.size();
cout << sz << '\n';
The output is 4.
shrink_to_fit()
After giving extra capacity to a vector with the reserve() function, the vector can be sized down to fit to its original size. The following code illustrates this:
vector <float> vtr(4);
vtr.reserve(6);
vtr.shrink_to_fit();
int sz = vtr.size();
cout << sz << '\n';
The output is 4 and not 6. The function returns void.
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦https encryption is also cracked HEIST attack to obtain plaintext from encrypted data :
#fastTips
we know the difference between http and https. For encrypted https, we always think it is relatively safe, but today we are going to talk about a web attack that bypasses HTTPS encryption to obtain plaintext information. I donβt know this. The news is happy or sad for you
1) The conditions for the use of the HEIST attack are very simple, requiring only a few lines of simple javascript code, and no man-in-the-middle attack is required. First, the transmitted sensitive data will be captured and saved. This attack method can obtain private sensitive information such as bank card number, real name, phone number, and social security number.
2) But as we all know, most of these data are encrypted by HTTPS. Then make a probe on the size and length of the encrypted data. Many websites use file compression technology to increase the loading speed of web pages, and attackers can just use the design flaws to decrypt the data payload (similar to BREACH attacks and CRIME attacks).
3) HEIST technology can use new APIs (Resource Timing and Fetch) to calculate the number of transmission frames and windows sent by the target host. Throughout the process, researchers can use a piece of JavaScript code to determine the actual size of the HTTPS response message. Then, the malicious HEIST code can cooperate with the BREACH technology to extract the encrypted information from the user's request data.
4) security researchers will demonstrate how to use malicious advertisements on the New York Times official website to accurately measure the size of the encrypted response information. Throughout the process, security researchers will use a virtual third-party website (targetwebsite.com) to send encrypted information. In addition, they will also demonstrate how to infer data information from security tokens used to prevent cross-site request forgery attacks.
5) Although some websites currently deploy basic security measures, most of them cannot prevent HEIST attacks, so this type of attack may become more frequent in recent years. The current prevention methods for HEIST attacks are to either disable third-party cookies or javascript scripts. But third-party cookies and javascript are the basic requirements for ordinary users to access the web, so the two researchers also hope to find and develop a reasonable and effective solution together through the Black Hat conference.
#FastTips
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦https encryption is also cracked HEIST attack to obtain plaintext from encrypted data :
#fastTips
we know the difference between http and https. For encrypted https, we always think it is relatively safe, but today we are going to talk about a web attack that bypasses HTTPS encryption to obtain plaintext information. I donβt know this. The news is happy or sad for you
1) The conditions for the use of the HEIST attack are very simple, requiring only a few lines of simple javascript code, and no man-in-the-middle attack is required. First, the transmitted sensitive data will be captured and saved. This attack method can obtain private sensitive information such as bank card number, real name, phone number, and social security number.
2) But as we all know, most of these data are encrypted by HTTPS. Then make a probe on the size and length of the encrypted data. Many websites use file compression technology to increase the loading speed of web pages, and attackers can just use the design flaws to decrypt the data payload (similar to BREACH attacks and CRIME attacks).
3) HEIST technology can use new APIs (Resource Timing and Fetch) to calculate the number of transmission frames and windows sent by the target host. Throughout the process, researchers can use a piece of JavaScript code to determine the actual size of the HTTPS response message. Then, the malicious HEIST code can cooperate with the BREACH technology to extract the encrypted information from the user's request data.
4) security researchers will demonstrate how to use malicious advertisements on the New York Times official website to accurately measure the size of the encrypted response information. Throughout the process, security researchers will use a virtual third-party website (targetwebsite.com) to send encrypted information. In addition, they will also demonstrate how to infer data information from security tokens used to prevent cross-site request forgery attacks.
5) Although some websites currently deploy basic security measures, most of them cannot prevent HEIST attacks, so this type of attack may become more frequent in recent years. The current prevention methods for HEIST attacks are to either disable third-party cookies or javascript scripts. But third-party cookies and javascript are the basic requirements for ordinary users to access the web, so the two researchers also hope to find and develop a reasonable and effective solution together through the Black Hat conference.
#FastTips
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The connotation of safety :
#fAStTips
The security of the system includes the following aspects:
β Protect various resources in the system from natural and man-made damage;
β‘ Estimate various threats in the operating system and its special
problems;
β’ Effective development and implementation security policies to minimize the risks faced by the system;
β£ prepare appropriate contingency measures to enable the system to return to normal as soon as the destruction or attacks;
β€ regularly check the implementation of various security management measures.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The connotation of safety :
#fAStTips
The security of the system includes the following aspects:
β Protect various resources in the system from natural and man-made damage;
β‘ Estimate various threats in the operating system and its special
problems;
β’ Effective development and implementation security policies to minimize the risks faced by the system;
β£ prepare appropriate contingency measures to enable the system to return to normal as soon as the destruction or attacks;
β€ regularly check the implementation of various security management measures.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Communication line and network security
#FastTips
Such as:
- destroy or delete the message,
- read the message, watch the message and its transmission mode
- change, delay, reorder or copy, forge the message
π¦System security features
Different computer operating systems have different security requirements, but in general the system should have the following characteristics:
(1) Confidentiality (Security) is accessed by authorized persons
(2) Integrity is changed by authorized persons
(3) ) Availability (Availability) Available to authorized persons
(3) Reliability (Authenticity) Can verify the user's identity
π¦Security threats-threat source
The threats to the security of computer systems mainly come from the following three aspects:
(1) accidental
(2) natural disasters
(3) man-made attacks-active threats
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Communication line and network security
#FastTips
Such as:
- destroy or delete the message,
- read the message, watch the message and its transmission mode
- change, delay, reorder or copy, forge the message
π¦System security features
Different computer operating systems have different security requirements, but in general the system should have the following characteristics:
(1) Confidentiality (Security) is accessed by authorized persons
(2) Integrity is changed by authorized persons
(3) ) Availability (Availability) Available to authorized persons
(3) Reliability (Authenticity) Can verify the user's identity
π¦Security threats-threat source
The threats to the security of computer systems mainly come from the following three aspects:
(1) accidental
(2) natural disasters
(3) man-made attacks-active threats
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Use Azure Functions to play serverless :
#Fasttips
Serverless&Azure Functions
1) With serverless computing, developers do not need to manage the infrastructure, so they can build applications faster. With serverless applications, the cloud service provider will automatically provision, scale, and manage the infrastructure required to run the code.
2) To understand the definition of serverless computing, it is important to note that the server is still running code.
3) The server name comes from the fact that the tasks associated with infrastructure provisioning and management are not visible to developers.
4) This approach allows developers to focus more on business logic and deliver more value to the core of the business. Serverless computing can help teams increase productivity, bring products to market faster, and allow organizations to better optimize resources and stay focused on innovation.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Use Azure Functions to play serverless :
#Fasttips
Serverless&Azure Functions
1) With serverless computing, developers do not need to manage the infrastructure, so they can build applications faster. With serverless applications, the cloud service provider will automatically provision, scale, and manage the infrastructure required to run the code.
2) To understand the definition of serverless computing, it is important to note that the server is still running code.
3) The server name comes from the fact that the tasks associated with infrastructure provisioning and management are not visible to developers.
4) This approach allows developers to focus more on business logic and deliver more value to the core of the business. Serverless computing can help teams increase productivity, bring products to market faster, and allow organizations to better optimize resources and stay focused on innovation.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to install Social Engineering Toolkit in Termux ?
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) pkg update && pkg upgrade -y
2) apt install curl -y
3) curl -LO https://raw.githubusercontent.com/Hax4us/setoolkit/master/setoolkit.sh
4) sh setoolkit.sh
5) cd setoolkit
6) ./setup.py install
7) ./setoolkit
#fastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to install Social Engineering Toolkit in Termux ?
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) pkg update && pkg upgrade -y
2) apt install curl -y
3) curl -LO https://raw.githubusercontent.com/Hax4us/setoolkit/master/setoolkit.sh
4) sh setoolkit.sh
5) cd setoolkit
6) ./setup.py install
7) ./setoolkit
#fastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦RocketMQ transaction message :
#fastTips
RocketMQ began to support distributed transaction messages in version 4.3, using the idea of ββ2PC to implement the commit transaction message, and at the same time adding a compensation logic to handle the two-stage timeout or failure message,
1.1 Send and submit
(1) Send a message (half message, that is, sent but not consumed);
(2) The server responds to the message writing result;
(3) Execute local transactions according to the sent results. If the write fails, the half message is not visible to the business at this time, and the local logic is not executed;
(4) Execute Commit or Rollback according to the local transaction status (Commit operation generates a message index, and the message is visible to consumers)
1.1 Compensation process
(1) For transaction messages without Commit/Rollback (messages in the pending state), initiate a "back check" from the server;
(2) Producer receives the check-back message and checks the status of the local transaction corresponding to the check-back message;
(3) Re Commit or Rollback according to the local transaction status;
Among them, the compensation phase is used to resolve the timeout or failure of the message Commit or Rollback.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦RocketMQ transaction message :
#fastTips
RocketMQ began to support distributed transaction messages in version 4.3, using the idea of ββ2PC to implement the commit transaction message, and at the same time adding a compensation logic to handle the two-stage timeout or failure message,
1.1 Send and submit
(1) Send a message (half message, that is, sent but not consumed);
(2) The server responds to the message writing result;
(3) Execute local transactions according to the sent results. If the write fails, the half message is not visible to the business at this time, and the local logic is not executed;
(4) Execute Commit or Rollback according to the local transaction status (Commit operation generates a message index, and the message is visible to consumers)
1.1 Compensation process
(1) For transaction messages without Commit/Rollback (messages in the pending state), initiate a "back check" from the server;
(2) Producer receives the check-back message and checks the status of the local transaction corresponding to the check-back message;
(3) Re Commit or Rollback according to the local transaction status;
Among them, the compensation phase is used to resolve the timeout or failure of the message Commit or Rollback.
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is SSH and what port does it use?
1) SSH or Secure Shell is most familiar to Linux users, but ssh has many features that users can use.
2)SSH is designed to create a secure tunnel between devices, be they systems, switches, thermostats, toasters, etc.
3)SSH also has the unique ability to tunnel other programs through it, similar to the VPN concept, so even unsafe programs or programs that run on unsecured connections can be used in a secure state if configured correctly. SSH runs over TCP port 22.
#FastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is SSH and what port does it use?
1) SSH or Secure Shell is most familiar to Linux users, but ssh has many features that users can use.
2)SSH is designed to create a secure tunnel between devices, be they systems, switches, thermostats, toasters, etc.
3)SSH also has the unique ability to tunnel other programs through it, similar to the VPN concept, so even unsafe programs or programs that run on unsecured connections can be used in a secure state if configured correctly. SSH runs over TCP port 22.
#FastTips
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to transfer landline calls :
1) When you're out of your incoming calls can be transferred to a landline phone on their mobile phone or other landline phone does not ensure bobble.
γγ
2) Second, set the
γγ
> application: * 57 * TN #; Cancel: # 57 #. (TN stands for the phone number or mobile phone you want to set) I have tested that both Telecom and Tietong landlines are suitable. Because there is no Netcom landline installed, I did not test it myself!
γγ
3) Third, Tips
γγ
This function can not be transferred to a long distance number
γγ
four charges
γγ
no monthly transfer once counted a fee; (cost of landline perform call transfer call transfer fee of numbers)
4) Fifth, for dial 10000 apply in person at the Telecommunications Business Office processing. Normal dial 10086 in the north (Netcom)
#FastTips
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to transfer landline calls :
1) When you're out of your incoming calls can be transferred to a landline phone on their mobile phone or other landline phone does not ensure bobble.
γγ
2) Second, set the
γγ
> application: * 57 * TN #; Cancel: # 57 #. (TN stands for the phone number or mobile phone you want to set) I have tested that both Telecom and Tietong landlines are suitable. Because there is no Netcom landline installed, I did not test it myself!
γγ
3) Third, Tips
γγ
This function can not be transferred to a long distance number
γγ
four charges
γγ
no monthly transfer once counted a fee; (cost of landline perform call transfer call transfer fee of numbers)
4) Fifth, for dial 10000 apply in person at the Telecommunications Business Office processing. Normal dial 10086 in the north (Netcom)
#FastTips
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is FTP and what port does it use?
1) FTP or File Transfer Protocol is one of the oldest protocols and should probably be removed.
2) FTP is primarily intended for transferring large files, with the ability to resume downloads if they are interrupted.
3)The FTP server can be accessed in two different ways: anonymous access and standard login.
4)They are both basically the same, except that anonymous access does not require an active user login, while standard login does.
5)However, this is the big problem with FTP - user credentials are transmitted in clear text, which means that anyone listening over the wire can eavesdrop on the credentials extremely easily.
6)Two competing FTP implementations that solve this problem are SFTP (FTP over SSH) and FTPS (FTP over SSL). FTP uses TCP ports 20 and 21.
#FastTips
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦What is FTP and what port does it use?
1) FTP or File Transfer Protocol is one of the oldest protocols and should probably be removed.
2) FTP is primarily intended for transferring large files, with the ability to resume downloads if they are interrupted.
3)The FTP server can be accessed in two different ways: anonymous access and standard login.
4)They are both basically the same, except that anonymous access does not require an active user login, while standard login does.
5)However, this is the big problem with FTP - user credentials are transmitted in clear text, which means that anyone listening over the wire can eavesdrop on the credentials extremely easily.
6)Two competing FTP implementations that solve this problem are SFTP (FTP over SSH) and FTPS (FTP over SSL). FTP uses TCP ports 20 and 21.
#FastTips
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to create your own service What Is My IP :
#FastTips
1) Python, Web Hosting and PHP
For this tutorial, we are going to use Python and assume we already have our own web hosting environment.
2) This is necessary as we need our own online server that will return our external IP address.
π¦Python
1) The Python code you see below will get the page that was set as 'URL', and then it will filter out the H1 header and the end of the H1 header, just like between the header HTML, we will output the external IP address.
import requests
url = 'https://UndercodeNews.com/getip.php'
r = requests.get(url)
r.text
ip = r.text.split('<h1>')[1].split('</h1>')[0]
print(ip)
π¦Web hosting
In your web hosting environment, you will need to host a PHP file containing some code, this code will return the page as shown in the picture below.
For example, in Apache, you would need to store content in the following directory:
/var/www/html/getip.php
#FastTips
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π How to create your own service What Is My IP :
#FastTips
1) Python, Web Hosting and PHP
For this tutorial, we are going to use Python and assume we already have our own web hosting environment.
2) This is necessary as we need our own online server that will return our external IP address.
π¦Python
1) The Python code you see below will get the page that was set as 'URL', and then it will filter out the H1 header and the end of the H1 header, just like between the header HTML, we will output the external IP address.
import requests
url = 'https://UndercodeNews.com/getip.php'
r = requests.get(url)
r.text
ip = r.text.split('<h1>')[1].split('</h1>')[0]
print(ip)
π¦Web hosting
In your web hosting environment, you will need to host a PHP file containing some code, this code will return the page as shown in the picture below.
For example, in Apache, you would need to store content in the following directory:
/var/www/html/getip.php
#FastTips
don't copy our tutorials
@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦no root Social Engineering Toolkit on Termux
#FastTips
1) pkg update && pkg upgrade -y
2) apt install curl -y
3) curl -LO https://raw.githubusercontent.com/Hax4us/setoolkit/master/setoolkit.sh
4) sh setoolkit.sh
5) After finishing the above process type the following command
6) cd setoolkit
7) ./setup.py install
8) ./setoolkit
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦no root Social Engineering Toolkit on Termux
#FastTips
1) pkg update && pkg upgrade -y
2) apt install curl -y
3) curl -LO https://raw.githubusercontent.com/Hax4us/setoolkit/master/setoolkit.sh
4) sh setoolkit.sh
5) After finishing the above process type the following command
6) cd setoolkit
7) ./setup.py install
8) ./setoolkit
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Everything you need to know about Google Stadia :
#FastTips
1) On June 12, Google fixed one of the main shortcomings of the Stadia service: it is now available on any Android device, whether it is on the official support list or not. In addition, all OnePlus models from OnePlus 5 will support Stadia.
2) To use Stadia on a device without official support, you need to download the Stadia app, open the βExperimentsβ tab, click βPlayβ. The service should work without problems.
3) Last year Google announced the Stream project. This was a limited test built around Assassin's Creed Odyssey. After a short period of testing in January, the project ended and Google said nothing about its future plans to stream games. Stadia was announced at GDC 2019.
4) The idea of ββstreaming is far from new. However, Google's service may turn out to be one of the most ambitious.
Google Stadia is a game streaming service to any user's device. It can be a TV, smartphone, laptop, tablet. In any case, you will be able to access the most advanced games.
How is this possible? Google servers process the image of the games and broadcast it. The user only needs a device with a screen. This gives everyone access to high quality games with high system requirements. Including those who cannot afford to buy an expensive gaming computer or console.
π¦Supported platforms
The cloud service works with a Chromecast Ultra device when connected to a TV. Chrome browser is supported on computers, laptops and tablets, including Chrome OS. Among smartphones, Google Pixel 2, Pixel 3, Pixel 3a and Pixel 4 are supported.
In February, support for the following smartphones appeared:
Samsung Galaxy S8
Samsung Galaxy S8 Plus
Samsung Galaxy S8 Active
Samsung Galaxy Note 8
Samsung Galaxy S9
Samsung Galaxy S9 Plus
..../.......
5) in June it was announced that all Android smartphones will be able to work with Stadia. Even those that are not included in the above list. You can install the Stadia application on them, open the "Experiments" tab and click "Play".
6) Since this is a cloud service, all the heavy processing is done by other people's computers remotely. You can work with a smartphone, tablet or even a weak computer, the quality will be equally high. Users of the service will receive the computing power of a custom AMD 2.7 GHz x86 processor, 16 GB of RAM, data transfer rates up to 484 GB / s and a GPU with a capacity of 10.7 teraflops.
This makes Google's platform more powerful than any game console on the market. In addition, Google will be responsible for updates and users will not have to do anything.
Of course, the quality of the games will depend on your internet connection. Playing on Chromecast Ultra, you can get 4K support with HDR and 5.1 surround sound if you have a TV, sound system, and fast enough internet to support it all.
π¦Can I try Stadia for free?
Yes. Google has announced a two-month free trial for Stadia Pro. Any owner of supported devices can play several games on the service for free. They can buy additional games to play and stream. After the trial period ends, you can renew your Stadia Pro subscription for $ 9.99 per month. You can unsubscribe at any time before the end of the trial period.
Your not allowed to copy our tutorials
!@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Everything you need to know about Google Stadia :
#FastTips
1) On June 12, Google fixed one of the main shortcomings of the Stadia service: it is now available on any Android device, whether it is on the official support list or not. In addition, all OnePlus models from OnePlus 5 will support Stadia.
2) To use Stadia on a device without official support, you need to download the Stadia app, open the βExperimentsβ tab, click βPlayβ. The service should work without problems.
3) Last year Google announced the Stream project. This was a limited test built around Assassin's Creed Odyssey. After a short period of testing in January, the project ended and Google said nothing about its future plans to stream games. Stadia was announced at GDC 2019.
4) The idea of ββstreaming is far from new. However, Google's service may turn out to be one of the most ambitious.
Google Stadia is a game streaming service to any user's device. It can be a TV, smartphone, laptop, tablet. In any case, you will be able to access the most advanced games.
How is this possible? Google servers process the image of the games and broadcast it. The user only needs a device with a screen. This gives everyone access to high quality games with high system requirements. Including those who cannot afford to buy an expensive gaming computer or console.
π¦Supported platforms
The cloud service works with a Chromecast Ultra device when connected to a TV. Chrome browser is supported on computers, laptops and tablets, including Chrome OS. Among smartphones, Google Pixel 2, Pixel 3, Pixel 3a and Pixel 4 are supported.
In February, support for the following smartphones appeared:
Samsung Galaxy S8
Samsung Galaxy S8 Plus
Samsung Galaxy S8 Active
Samsung Galaxy Note 8
Samsung Galaxy S9
Samsung Galaxy S9 Plus
..../.......
5) in June it was announced that all Android smartphones will be able to work with Stadia. Even those that are not included in the above list. You can install the Stadia application on them, open the "Experiments" tab and click "Play".
6) Since this is a cloud service, all the heavy processing is done by other people's computers remotely. You can work with a smartphone, tablet or even a weak computer, the quality will be equally high. Users of the service will receive the computing power of a custom AMD 2.7 GHz x86 processor, 16 GB of RAM, data transfer rates up to 484 GB / s and a GPU with a capacity of 10.7 teraflops.
This makes Google's platform more powerful than any game console on the market. In addition, Google will be responsible for updates and users will not have to do anything.
Of course, the quality of the games will depend on your internet connection. Playing on Chromecast Ultra, you can get 4K support with HDR and 5.1 surround sound if you have a TV, sound system, and fast enough internet to support it all.
π¦Can I try Stadia for free?
Yes. Google has announced a two-month free trial for Stadia Pro. Any owner of supported devices can play several games on the service for free. They can buy additional games to play and stream. After the trial period ends, you can renew your Stadia Pro subscription for $ 9.99 per month. You can unsubscribe at any time before the end of the trial period.
Your not allowed to copy our tutorials
!@UndercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack wifi with gerix on linux :
#FastTips
1) download or clone https://github.com/kimocoder/gerix-wifi-cracker/archive/master.zip
2) apt-get install qt4-dev-tools
3) Running Gerix Wireless 802.11 Hacking Tool
$ python gerix.py
4) it gui interface appears now click at scan and attack
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack wifi with gerix on linux :
#FastTips
1) download or clone https://github.com/kimocoder/gerix-wifi-cracker/archive/master.zip
2) apt-get install qt4-dev-tools
3) Running Gerix Wireless 802.11 Hacking Tool
$ python gerix.py
4) it gui interface appears now click at scan and attack
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Network security
#FastTips
is essentially the information security on the network. In a broad sense, all relevant technologies and theories related to the confidentiality, integrity, availability, authenticity and controllability of information on the network are the field of network security research. Ensuring the information security of the network system is the goal of network security. Information security includes two aspects: the security of information storage and the security of information transmission. Information storage security refers to the security of information in a static storage state, such as whether it will be used without authorization, etc. The transmission security of information refers to the safety of information in the dynamic transmission process. In order to ensure the security of network information transmission, there are the following issues:
γγ(1) The monitoring of information on the network
γγ(2) The impersonation of the user's identity
γγ(3) The tampering of information on the network
γγ(4) The denial of the information sent
γγ(5) The retransmission of the information
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Network security
#FastTips
is essentially the information security on the network. In a broad sense, all relevant technologies and theories related to the confidentiality, integrity, availability, authenticity and controllability of information on the network are the field of network security research. Ensuring the information security of the network system is the goal of network security. Information security includes two aspects: the security of information storage and the security of information transmission. Information storage security refers to the security of information in a static storage state, such as whether it will be used without authorization, etc. The transmission security of information refers to the safety of information in the dynamic transmission process. In order to ensure the security of network information transmission, there are the following issues:
γγ(1) The monitoring of information on the network
γγ(2) The impersonation of the user's identity
γγ(3) The tampering of information on the network
γγ(4) The denial of the information sent
γγ(5) The retransmission of the information
@UndercodeTesting
β β β Uππ»βΊπ«Δπ¬πβ β β β