JSP code running under Tomcat
This code is a simple web script written in JSP (JavaServer Pages). Its main function is to execute Windows system commands and return the output results to the web page. The following is a line-by-line explanation of the code:
Page directives:
This code is a simple web script written in JSP (JavaServer Pages). Its main function is to execute Windows system commands and return the output results to the web page. The following is a line-by-line explanation of the code:
Page directives:
Vulnerability Analysis of WebLogic Coherence UniversalExtractor Deserialization (CVE-2020-14645)
This vulnerability is a bypass of the patch for CVE-2020-2883. The patch for CVE-2020-2883 blacklists MvelExtractor and ReflectionExtractor, so we need to find another class that contains extract and malicious operations in its methods. The class used here is com.tangosol.util.extractor.UniversalExtractor, which is located in the Coherence component.
Essentially, it involves calling arbitrary methods through ReflectionExtractor to execute the exec method of the Runtime object to execute arbitrary commands. However, the patch has now blacklisted ReflectionExtractor, so we can only use UniversalExtractor to reconstruct an exploitation chain. Here, we use the entry point of the Commons Collections 4 chain in poc2 to construct it.
This vulnerability is a bypass of the patch for CVE-2020-2883. The patch for CVE-2020-2883 blacklists MvelExtractor and ReflectionExtractor, so we need to find another class that contains extract and malicious operations in its methods. The class used here is com.tangosol.util.extractor.UniversalExtractor, which is located in the Coherence component.
Essentially, it involves calling arbitrary methods through ReflectionExtractor to execute the exec method of the Runtime object to execute arbitrary commands. However, the patch has now blacklisted ReflectionExtractor, so we can only use UniversalExtractor to reconstruct an exploitation chain. Here, we use the entry point of the Commons Collections 4 chain in poc2 to construct it.
Hashcat is a popular open-source password cracking software that can crack various hashes using a variety of attack modes.
It utilizes the hardware acceleration of GPUs to perform computing tasks more efficiently than general CPUs.
The speed of the GPU directly affects the cracking speed, as a faster GPU can process more password guesses simultaneously, greatly reducing the time required to find the correct password.
Depending on the hash type, password complexity, and the GPU used, Hashcat can test up to millions of password combinations per second during a brute-force attack, far exceeding the capacity of CPUs.
It utilizes the hardware acceleration of GPUs to perform computing tasks more efficiently than general CPUs.
The speed of the GPU directly affects the cracking speed, as a faster GPU can process more password guesses simultaneously, greatly reducing the time required to find the correct password.
Depending on the hash type, password complexity, and the GPU used, Hashcat can test up to millions of password combinations per second during a brute-force attack, far exceeding the capacity of CPUs.
Aircrack-ng is the flagship tool in the Aircrack-ng suite, primarily used to crack the encryption keys of wireless networks such as WEP and WPA/WPA2. It employs various algorithms and techniques to recover encryption keys, enabling unauthorized access to wireless networks or verifying the security of your own network.
After capturing packets with airodump-ng and potentially manipulating traffic with aireplay-ng, aircrack-ng can be used. Once sufficient data (such as a WPA handshake or a sufficient number of WEP IVs) have been collected, aircrack-ng can attempt to recover the key using dictionary or brute-force attacks.
To use aircrack-ng, you need to provide the captured data (in .cap format) and specify attack parameters, such as a dictionary file or the key length for brute-force attacks. The tool will then analyze the captured data and attempt to recover the encryption key.
After capturing packets with airodump-ng and potentially manipulating traffic with aireplay-ng, aircrack-ng can be used. Once sufficient data (such as a WPA handshake or a sufficient number of WEP IVs) have been collected, aircrack-ng can attempt to recover the key using dictionary or brute-force attacks.
To use aircrack-ng, you need to provide the captured data (in .cap format) and specify attack parameters, such as a dictionary file or the key length for brute-force attacks. The tool will then analyze the captured data and attempt to recover the encryption key.
In TestActivity, both setAllowFileAccess and setJavaScriptEnable have been enabled, so the WebView can render the file because a soft link was established earlier. By navigating to TestActivity and rendering file:///data/data/com.bytectf.pwneasydroid/symlink.html, we can render /data/data/com.bytectf.easydroid/Cookies.
Send the entire content of the Cookies file as text via HTTP.
Send the entire content of the Cookies file as text via HTTP.
Comodo HackerProof is another leading vulnerability scanner with powerful features that enable IT departments to scan for vulnerabilities on a daily basis. Its unique PCI scanning option, which prevents drive-by attacks, and site checker technology help with next-generation website scanning.
Penetration technology teams can penetrate systems, gain access to backends, modify servers, and launch intrusions, etc.
Penetration technology teams can penetrate systems, gain access to backends, modify servers, and launch intrusions, etc.
Nikto is an open-source web server scanner that can conduct comprehensive tests on various aspects of a web server, including 3,500 potentially dangerous files/CGIs, over 900 server versions, and more than 250 version-specific issues on servers. Nikto can scan multiple ports of a server in a short time, and it is favored for its efficiency and server hardening capabilities.
联系;@PipiShrimp
联系;@PipiShrimp
Import beacon.h and replace the BOF-defined writing style. For the function prototype, we can use a BOF_HELPER project, which automatically helps us generate the BOF-defined function prototype and writing style. For example, we can change GetProcAddress to KERNEL32$GetProcAddress. Here, we directly use the tool, and we also need to change the output function to the function exported by beacon.
After LSPosed announced that it would stop updating, several other well-known Android tools such as Zygisk Next, Shamiko, and KernelSU have also ceased updating.
Among them, the GitHub repositories of the open-source Zygisk Next and KernelSU have been set to archived status, and Shamiko, which is not open-source, has also been discontinued by its developers.
联系;@PipiShrimp
Among them, the GitHub repositories of the open-source Zygisk Next and KernelSU have been set to archived status, and Shamiko, which is not open-source, has also been discontinued by its developers.
联系;@PipiShrimp
We accept all illegal attacks. Targets include: websites/servers/apps/chess games/private servers/fund-raising schemes/payment interfaces/S-websites/servers/attacking websites. Hourly, daily, and monthly packages are available. Monopoly projects are also offered. Additionally, we sell attack traffic software that hits its target with precision. Welcome inquiries from business owners. (No inquiries from those lacking capability - it's a waste of time.)
I want to emphasize to all the bosses that you shouldn't submit too many orders at once. Our efficiency is limited. No matter how high the price you offer, we can only coordinate with other bosses to expedite your orders. We apologize for any inconvenience this may cause. Thank you for your long-term trust and support. We are also continuously optimizing our internal processing efficiency.
Data from various industries at home and abroad
Sdk. Dpi. SMS hijacking, actively recruiting agents
First-hand penetration data from abroad, global cryptocurrency market, global stock investors, global overseas Chinese, global investors, global luxury goods, global high-income client groups. Screened through WS, TG, and empty numbers, with after-sales service included.
First-hand penetration data
Sdk. Dpi. SMS hijacking, actively recruiting agents
First-hand penetration data from abroad, global cryptocurrency market, global stock investors, global overseas Chinese, global investors, global luxury goods, global high-income client groups. Screened through WS, TG, and empty numbers, with after-sales service included.
First-hand penetration data
This type of DDoS attack method, such as SYN Flood, involves sending TCP connection requests to the server but deliberately blocking the TCP three-way handshake, causing the server to continuously send requests and wait for responses, leading to resource exhaustion and preventing normal users from using the service. If the IP source of the request in the SYN Flood attack is set to the address of the attacked party, the system will continuously respond to itself until the resources are exhausted, which is a common LAND attack method. In addition, there are also CC attacks that use a large number of servers to send simulated normal HTTP requests to the attacked party, as well as network zombie attacks, all of which aim to exhaust the server's resources.
Microsoft continues to hype up Windows 11. According to the images posted by netizens, Microsoft has released Windows 11 to the Windows 10 Release Preview channel and automatically prompts users in the system update whether their current devices meet the upgrade requirements for Windows 11. This is achieved through Microsoft's telemetry technology to collect and feedback information. Of course, users can also directly use Microsoft's newly launched health check tool to verify the device's compatibility.
name they want to access, the DNS server will search the DNS database to find the IP address corresponding to that domain name and return the result to the user. When the DNS server searches the DNS database, if the IP address corresponding to the domain name is modified, domain name hijacking will occur. Simply put, a domain name originally corresponds to one IP address, but when it is mapped to a different IP address, it is called domain name hijacking. If you know the real IP address of the domain name, you can directly use this IP address instead of the domain name to access it.
联系;@PipiShrimp
联系;@PipiShrimp
Principle and Practice of Domain Name Hijacking
DNS (Domain Name System)
DNS is a distributed database on the Internet that maps domain names to IP addresses, making it easier for users to access the Internet without having to remember long strings of IP numbers that can be directly read by machines.
The process of obtaining the IP address corresponding to a hostname is called domain name resolution (or hostname resolution).
Domain Name Hijacking
Domain name hijacking is a common type of internet attack. Attackers either attack DNS servers or forge DNS records to redirect users to other addresses when they visit a target site.
Within the hijacked network, requests for domain name resolution are intercepted. The requested domain name is analyzed, and requests outside the censorship scope are allowed through. Otherwise, a fake IP address is returned or no response is given, resulting in the inaccessibility of specific websites or the display of fake content when users attempt to access them.
联系;@PipiShrimp
DNS (Domain Name System)
DNS is a distributed database on the Internet that maps domain names to IP addresses, making it easier for users to access the Internet without having to remember long strings of IP numbers that can be directly read by machines.
The process of obtaining the IP address corresponding to a hostname is called domain name resolution (or hostname resolution).
Domain Name Hijacking
Domain name hijacking is a common type of internet attack. Attackers either attack DNS servers or forge DNS records to redirect users to other addresses when they visit a target site.
Within the hijacked network, requests for domain name resolution are intercepted. The requested domain name is analyzed, and requests outside the censorship scope are allowed through. Otherwise, a fake IP address is returned or no response is given, resulting in the inaccessibility of specific websites or the display of fake content when users attempt to access them.
联系;@PipiShrimp
❤1