1. ssh (secure shell) – encrypted remote login to the management server, encrypted data transmission SSH is the abbreviation of SecureShell, which was developed by the Network Working Group of IETF; SSH is a security protocol based on the application layer and transport layer. SSH is currently the most reliable protocol designed to provide security […]
Tag: tail
Detailed analysis of Java dynamic proxy implementation and principles
Detailed analysis of Java dynamic proxy implementation and principles Regarding dynamic proxies in Java, the first thing we need to understand is a common design pattern-the proxy pattern. For proxies, according to the method of creating proxy classes Time points can be divided into static agents and dynamic agents. 1. Proxy mode The agent pattern […]
K8s cluster installation-the most detailed
1. Introduction I have personally practiced it and can follow it. If the network speed is good, a k8s cluster can be installed in ten minutes. I use container as the container environment. 2. Installation 0 Environment preparation Number of nodes: 3 virtual machines centos7 Hardware configuration: 2G or more RAM, 2 CPUs or more […]
Detailed analysis of thread pool (underlying implementation version)
Article directory 1. What is a thread pool? 2. What problems does the thread pool solve? 3. ThreadPoolExecutor, the core implementation class of the thread pool 4. Three major methods, seven major parameters, and four rejection strategies 1. What is a thread pool? Thread pool is a tool for managing threads based on the idea […]
Haproxy load balancing cluster super detailed (with deployment examples)
Haproxy 1. Web cluster scheduler 1.1 Commonly used Web cluster schedulers 1.2 Advantages and disadvantages of commonly used cluster schedulers (LVS, Nginx, Haproxy) 1.2.1 Nginx 1.2.2 LVS 1.2.3 Haproxy 1.3 Differences between LVS, Nginx, and Haproxy 2. Haproxy 2.1 Introduction 2.2 Main features of Haproxy 2.3 Haproxy application analysis 2.4 Haproxy’s scheduling algorithm (load balancing […]
The whole process of actual SRC vulnerability mining, detailed process [Network Security]
Foreword RecordacompleteactualcombatofminingacertainSRCvulnerability,whichlastedformorethanaweek.Thearticleisabitlong,pleasereaditpatiently.ItrecordsthecompleteactualcombatofSRCvulnerabilitymining. Penetrationprocess Becausethechosenluckypersondidnotplanthetestscope,thereisnoscopethistime. Firsttakealookatthemaindomainnametoseewhateffectiveinformationcanbecollected: Foundasearchbox: Testpoint+1 Ilookedthroughthepagesandfoundnothinguseful. Aftergrabbingthepacket,IfoundthatthewebsitehasaCDNandspecialfiles: Difficulty+1,Information+1 GoogleitandyouwillfindthatSitecoreisaCMS.IfyoucandeterminetheversionofthisCMS,itbecomesawhite-boxaudit.However,aftertryingit,youcan’tdeterminetheversionandyoucanonlytestitwithCMSvulnerabilitiesdisclosedontheInternet. OnlyoneCVE-2021-42237(SitecoreXPremotecodeexecutionvulnerability)wasfoundonline.FindaPOCtotry: Aftersearchingforalongtime,Icouldonlyfindthesefew.ItmaybebecausethisCMShasrelativelyfewusersorbecauseitiswell-writtenandhasnoloopholes. Testwithoneofthese: POCutilizationfailed,promptingaconnectionerror.AnalysisofPOCcode: ThePOCaddressofthediscoveryrequestis: AftermanuallyrequestingtheURLaddress,Ifoundthataccesswasdeniedbytheserver,andtheotherpartyrestrictedaccesstosensitiveaddresses: AftersearchingforCMSinformation,welearnedthat/SitecoreisthebackendaddressdirectoryofSitecoreCMS,whichmakessense.Wecantrytobypassrestrictedaccessinthefuture. Testpoint+1. Runaportscanonittoseewhatservicesareexposed.Youcanusenmaporothermethods,butIprefertousenmapforportscanning. Accessthecollectedportsonebyone.Onlyport443canbeaccessed.ThiswebsitehasaMySQLservice.Port1723hasaVPNserviceusedbyinternalstaff,butitcannotbeaccessed.Thesameistrueforotherports. Usepubliconlineplatformstoscan: Iconfirmedtheinformationcollectedearlierandfoundafewmoretestpoints. Thesimpleinformationcollectionofthisdomainnameiscompleted.Let’sseewhatloopholesthereare.Youcandoasmalltestontheloopholes: Youcanseethatthewebsitedoesnotfilterspecialsymbols,sotheremaybeSQLorXSSinjectionhere. Lookingatthesourcecodeofthepage,Ifoundthatthestatementshereseemtobeveryunsafeandmaynothavebeentranslated. ThetestfoundthatthereisaWAF.YoucantrytobypasstheWAFhere,butyouwillnotbypassitfornow.Pickingthehardpersimmonsatthebeginningofthepenetrationtestmayleadtoabadstart. Thengoonlinetoseewhatvulnerabilitiesthecollectedplug-insmayhave.Aftersearching,IonlyfoundthattheVueframeworkhasatemplateinjectionvulnerabilitythatmaybeuseful: Butunfortunately,Vueisafront-endframework,andtheimpactofVue’svulnerabilitiesisboundtonotbetoogreat.UsuallyVue.jsdataisdataboundthroughdoublecurlybraces{{}}orv-textdirective.Vue.jswillautomaticallycompilethecorrespondingtemplateintoJScode.Butitssourcecodedoesnotfiltertheinputdata.TestwithpublicPOC: Sureenough,itwasinterceptedbyWAF. Tryinganotherwaytotestitalsodoesn’twork: Theremaybeadditionalbenefitstovisitingrobots.txt: MakesuretheCMSisSitecore,access/apiis403,accessSitemap: Continuejumping: ItisanXMLconfigurationfileusedwhendevelopingawebsite.Itisconsideredaninformationleak,butitisnotharmful. Youcanalsotry403byass.Thespecificbypassprocesswillnotbedemonstratedhere.ThebypassisachievedbycoveringthepathwithX-Rewrite-URL: ButwhenIwenttothepage,Ifoundthatitwasbypassed,butnotcompletelybypassed.Itwasstillredirectedtothemainpage. Thencollectsidesitesandsubdomains.YoucanusetoolslikeLayerordarkengineslikeFOFAandSHODAN.TheauthorusedFOFAheretocollect: Asthesayinggoes,acigarette,aglassofwine,andawebsitecanbetestedforaday.Icollecteditforaday,andalsotesteditforaday.Iusedvariousmissingscanningtools,andtheIPwasblockedafterscanning.Whetherit’sdelayingorhookingupaproxy,afterall,thereareloopholesthatthemissedscantoolcannotscan.Besides,Icanonlyusethemissedscantool,soI’mstillamonkeywhocanclickthemouse.Inordertosuccessfullyeatthewatermelonthistime,Wehadnochoicebuttousemanualtestingforthemostpart. Ofcourse,itisimpossibletogainnothinginoneday,becausethecompanytestedthistimeisalarge-scalecompany(aleaderintheindustry),sotheirexposurewillberelativelywider: Wehavecollectedseveralrelativelyusefulsites: Thesesitesareveryinteresting.TheyusethesameCMS,havethesamecontent,andhavethesamefunctions.Thereisnodifference.Itmaybeatestpageusedwhenbuildingthewebsite. ThereisalsoawebsitetitledProjectManagementWebsite,butwhenIclickonit,ithasnofunctions.Eventhebackgroundscanandthemissingscanningtoolscannothing(isn’tthisjustascam?). ButthisiswhenIdiscoveredthatawebsiteisblankanddisplaysnothing.Generallyspeaking,thiskindofblankwebsitemayhaveunexpectedgains,becauseitmaybeawebsitethatthedeveloperhasmissed. Iscanneditwiththebackgroundscanningtoolandfoundtwofiles: visit Thedevelopmentfilesofthewebsitewereleakedandwegotthespecificversionofthewebsiteplugin TheotherisaGIFpicture: Thereisnothingspecialaboutthepage.Right-clicktoviewthesourcecodeofthepageandseethatthedeveloperIDvalueisleaked: However,thetwodiscoveredvulnerabilitieshavenosubstantiveeffectandmaybeexploitedlaterwithothervulnerabilities.Inactualcombatsituations,it’ssofrustrating Thentestthepreviouslydiscoveredwebsitewiththesametemplate,andalsousethePOCofVue’stemplateinjectionvulnerability: Thepageoutputstheresultofthemultiplicationoperation,furtherverificationconfirmsthatthereisaVuetemplateinjectionvulnerability,andasuccessfulpop-upwindowappears: Afterverification,thisvulnerabilityalsoexistsintheothertwowebsites.WecanfindoutthatthisvulnerabilityexistsbecausethesetestwebsitesdidnotbuildWAF.Itmaybeasitethatthedevelopermissed.Therefore,youhavetobepickyaboutthesoftpersimmons.Youcan’tjusttestafortresswithheavydefensesfromthebeginning.Thatmaywastealongtimewithoutanygains. Sonowwecanknowthatthisvulnerabilitymustalsoexistonthemaindomainname,andwhatneedstobedoneistobypasstheWAF.Therearetutorialsonhowtobypassthis,soIwon’tgointotoomuchdetailhere.Thisisthefinalresult: Payload:{<!—->{constructor.constructor […]
Detailed use of RecyclerView
Directory Original link 1. Advantages of RecyclerView 2. LayoutManager class 1. LinearLayoutManager: Linear layout manager 2. GridLayoutManager: Grid layout manager 3. StaggeredGridLayoutManager: waterfall flow layout manager 3. Adapter class 4. ViewHolder class 5. Configure different LayoutManagers 1. LinearLayoutManager 2. GridLayoutManager 3. StaggeredGridLayoutManager 6. Configure click events for items 1. Declare the interface 2. Declare an […]
6. Hive transactions for Hive data warehouse application (super detailed step-by-step guidance, WIN10, VMware Workstation 15.5 PRO, CentOS-6.7)
Hive remote mode deployment reference: 1. Hive deployment of Hive data warehouse application (super detailed step-by-step guidance, WIN10, VMware Workstation 15.5 PRO, CentOS-6.7) Article directory 1. Design and characteristics of affairs 1. Characteristics of affairs 2. Business design 3. Implementation of transactions 2. Operation of transaction table 1. Opening of business 2. Creation of transaction […]
Details of setting up Maven private server with neuxs
First, let’s log in and see the homepage: (1) Default warehouse description: maven-central: maven central library, which pulls jars from https://repo1.maven.org/maven2/ by default maven-releases: Private library release jar. For initial installation, please set the Deployment policy to Allow redeploy. maven-snapshots: private library snapshot (debug version) jar maven-public: Warehouse grouping, combines the above three warehouses to […]
20 lines of Python code to crawl Pinduoduo product details data api
Pinduoduo gets product details API based on ID pinduoduo.item_get Get product details pinduoduo.item_get_app Get app product details public parameters Request address: https://api-TEST.cn/pinduoduo/item_get_app Name Type Required Description key String is call key (must be spliced into the URL in GET mode) secret String is call key api_name String is API interface name (included in the request […]