When running a virtual machine, you may be prompted that the CPU cannot be virtualized. This situation generally has the following three reasons:
The CPU is indeed unable to be virtualized (which cannot be resolved)
The CPU is not enabled in the BIOS settings
Hyper-V is enabled, preventing VMware from directly accessing the physical layer (this was the reason for me. I previously used WSL and enabled Hyper-V, which resulted in CPU virtualization not being possible in VMware)
When the emulator starts, the following error will occur. If you do not modify the ADB_PORT in the startup script, it will lead to an inability to establish an HTTP connection after obtaining the flag.
The CPU is indeed unable to be virtualized (which cannot be resolved)
The CPU is not enabled in the BIOS settings
Hyper-V is enabled, preventing VMware from directly accessing the physical layer (this was the reason for me. I previously used WSL and enabled Hyper-V, which resulted in CPU virtualization not being possible in VMware)
When the emulator starts, the following error will occur. If you do not modify the ADB_PORT in the startup script, it will lead to an inability to establish an HTTP connection after obtaining the flag.
OWASP ZAP is pre-installed on Kali Linux, so make sure to update it using the following commands in your terminal:
sudo apt update
sudo apt upgrade
From the application menu or by entering "zaproxy" in the terminal, launch the application and configure necessary settings, such as the target URL and proxy settings (consider using plugins like FoxyProxy to easily change proxies).
Scan the target web application:
Click the "Attack" button or select the "Spider" option from the "Tools" menu to start the scan. This will initiate the process of crawling the web application and identifying potential vulnerabilities.
View the results:
After the scan completes, OWASP ZAP will display a list of identified vulnerabilities in the "Alerts" tab. You can click on each alert to view more details, such as the vulnerability type, severity (easily visualized with color-coded flags), and a brief description.
sudo apt update
sudo apt upgrade
From the application menu or by entering "zaproxy" in the terminal, launch the application and configure necessary settings, such as the target URL and proxy settings (consider using plugins like FoxyProxy to easily change proxies).
Scan the target web application:
Click the "Attack" button or select the "Spider" option from the "Tools" menu to start the scan. This will initiate the process of crawling the web application and identifying potential vulnerabilities.
View the results:
After the scan completes, OWASP ZAP will display a list of identified vulnerabilities in the "Alerts" tab. You can click on each alert to view more details, such as the vulnerability type, severity (easily visualized with color-coded flags), and a brief description.
JSP code running under Tomcat
This code is a simple web script written in JSP (JavaServer Pages). Its main function is to execute Windows system commands and return the output results to the web page. The following is a line-by-line explanation of the code:
Page directives:
This code is a simple web script written in JSP (JavaServer Pages). Its main function is to execute Windows system commands and return the output results to the web page. The following is a line-by-line explanation of the code:
Page directives:
Vulnerability Analysis of WebLogic Coherence UniversalExtractor Deserialization (CVE-2020-14645)
This vulnerability is a bypass of the patch for CVE-2020-2883. The patch for CVE-2020-2883 blacklists MvelExtractor and ReflectionExtractor, so we need to find another class that contains extract and malicious operations in its methods. The class used here is com.tangosol.util.extractor.UniversalExtractor, which is located in the Coherence component.
Essentially, it involves calling arbitrary methods through ReflectionExtractor to execute the exec method of the Runtime object to execute arbitrary commands. However, the patch has now blacklisted ReflectionExtractor, so we can only use UniversalExtractor to reconstruct an exploitation chain. Here, we use the entry point of the Commons Collections 4 chain in poc2 to construct it.
This vulnerability is a bypass of the patch for CVE-2020-2883. The patch for CVE-2020-2883 blacklists MvelExtractor and ReflectionExtractor, so we need to find another class that contains extract and malicious operations in its methods. The class used here is com.tangosol.util.extractor.UniversalExtractor, which is located in the Coherence component.
Essentially, it involves calling arbitrary methods through ReflectionExtractor to execute the exec method of the Runtime object to execute arbitrary commands. However, the patch has now blacklisted ReflectionExtractor, so we can only use UniversalExtractor to reconstruct an exploitation chain. Here, we use the entry point of the Commons Collections 4 chain in poc2 to construct it.
Hashcat is a popular open-source password cracking software that can crack various hashes using a variety of attack modes.
It utilizes the hardware acceleration of GPUs to perform computing tasks more efficiently than general CPUs.
The speed of the GPU directly affects the cracking speed, as a faster GPU can process more password guesses simultaneously, greatly reducing the time required to find the correct password.
Depending on the hash type, password complexity, and the GPU used, Hashcat can test up to millions of password combinations per second during a brute-force attack, far exceeding the capacity of CPUs.
It utilizes the hardware acceleration of GPUs to perform computing tasks more efficiently than general CPUs.
The speed of the GPU directly affects the cracking speed, as a faster GPU can process more password guesses simultaneously, greatly reducing the time required to find the correct password.
Depending on the hash type, password complexity, and the GPU used, Hashcat can test up to millions of password combinations per second during a brute-force attack, far exceeding the capacity of CPUs.
Aircrack-ng is the flagship tool in the Aircrack-ng suite, primarily used to crack the encryption keys of wireless networks such as WEP and WPA/WPA2. It employs various algorithms and techniques to recover encryption keys, enabling unauthorized access to wireless networks or verifying the security of your own network.
After capturing packets with airodump-ng and potentially manipulating traffic with aireplay-ng, aircrack-ng can be used. Once sufficient data (such as a WPA handshake or a sufficient number of WEP IVs) have been collected, aircrack-ng can attempt to recover the key using dictionary or brute-force attacks.
To use aircrack-ng, you need to provide the captured data (in .cap format) and specify attack parameters, such as a dictionary file or the key length for brute-force attacks. The tool will then analyze the captured data and attempt to recover the encryption key.
After capturing packets with airodump-ng and potentially manipulating traffic with aireplay-ng, aircrack-ng can be used. Once sufficient data (such as a WPA handshake or a sufficient number of WEP IVs) have been collected, aircrack-ng can attempt to recover the key using dictionary or brute-force attacks.
To use aircrack-ng, you need to provide the captured data (in .cap format) and specify attack parameters, such as a dictionary file or the key length for brute-force attacks. The tool will then analyze the captured data and attempt to recover the encryption key.
In TestActivity, both setAllowFileAccess and setJavaScriptEnable have been enabled, so the WebView can render the file because a soft link was established earlier. By navigating to TestActivity and rendering file:///data/data/com.bytectf.pwneasydroid/symlink.html, we can render /data/data/com.bytectf.easydroid/Cookies.
Send the entire content of the Cookies file as text via HTTP.
Send the entire content of the Cookies file as text via HTTP.
Comodo HackerProof is another leading vulnerability scanner with powerful features that enable IT departments to scan for vulnerabilities on a daily basis. Its unique PCI scanning option, which prevents drive-by attacks, and site checker technology help with next-generation website scanning.
Penetration technology teams can penetrate systems, gain access to backends, modify servers, and launch intrusions, etc.
Penetration technology teams can penetrate systems, gain access to backends, modify servers, and launch intrusions, etc.
Nikto is an open-source web server scanner that can conduct comprehensive tests on various aspects of a web server, including 3,500 potentially dangerous files/CGIs, over 900 server versions, and more than 250 version-specific issues on servers. Nikto can scan multiple ports of a server in a short time, and it is favored for its efficiency and server hardening capabilities.
联系;@PipiShrimp
联系;@PipiShrimp
Import beacon.h and replace the BOF-defined writing style. For the function prototype, we can use a BOF_HELPER project, which automatically helps us generate the BOF-defined function prototype and writing style. For example, we can change GetProcAddress to KERNEL32$GetProcAddress. Here, we directly use the tool, and we also need to change the output function to the function exported by beacon.
After LSPosed announced that it would stop updating, several other well-known Android tools such as Zygisk Next, Shamiko, and KernelSU have also ceased updating.
Among them, the GitHub repositories of the open-source Zygisk Next and KernelSU have been set to archived status, and Shamiko, which is not open-source, has also been discontinued by its developers.
联系;@PipiShrimp
Among them, the GitHub repositories of the open-source Zygisk Next and KernelSU have been set to archived status, and Shamiko, which is not open-source, has also been discontinued by its developers.
联系;@PipiShrimp
We accept all illegal attacks. Targets include: websites/servers/apps/chess games/private servers/fund-raising schemes/payment interfaces/S-websites/servers/attacking websites. Hourly, daily, and monthly packages are available. Monopoly projects are also offered. Additionally, we sell attack traffic software that hits its target with precision. Welcome inquiries from business owners. (No inquiries from those lacking capability - it's a waste of time.)