Article Tags
-
All
-
web3.0
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Backend Development
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Web Front-end
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Database
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Operation and Maintenance
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Development Tools
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
PHP Framework
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Common Problem
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Other
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Tech
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
CMS Tutorial
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Java
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
System Tutorial
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Computer Tutorials
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Hardware Tutorial
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Mobile Tutorial
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Software Tutorial
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
-
Mobile Game Tutorial
-
Mac OS
-
Linux Operation and Maintenance
-
Apache
-
Nginx
-
CentOS
-
Docker
-
LVS
-
vagrant
-
debian
-
zabbix
-
kubernetes
-
ssh
-
fabric
-
How to troubleshoot SolarWinds supply chain APT attacks with one click
The SolarWinds supply chain APT attack was revealed. Recently, the SolarWinds supply chain APT attack has attracted the attention of the industry. SolarWinds officially announced that there is malicious code with highly complex backdoor behavior in the affected versions of SolarWinds Orion Platform from 2019.4HF5 to 2020.2.1 and its related patch packages. It is reported that the backdoor contains the ability to transfer files, execute files, analyze the system, restart the machine, and disable system services, thus putting users who have installed the contaminated package at risk of data leakage. Since the module has a SolarWinds digital signature certificate, it has a whitelist effect against anti-virus software and is highly concealable.
May 11, 2023 pm 09:31 PM
How to solve dde in word
In word, use the shortcut key ctrl+f9 to open it. After opening, there are curly brackets. You can enter system commands inside to execute them. You can do a lot of things with powershell. Phenomenon (1) Phenomenon (2) Successful execution Solution (1): In the word options, check the box to display field codes instead of field values. This way you can see the field code directly in the open document. Solution (2): Turn off automatic update links Solution (3): Completely disable the registry From: https://gist.github.com/wdormann/732bb88d9b5dd5a66c9f1e1498f31a1bDisableDDEAUTOforOutlook,Word
May 11, 2023 pm 09:25 PM
How to escalate privileges by injecting soap into a sql2008 server and combining it with msf
In the actual successful penetration process, the exploitation of vulnerabilities is the integration of multiple technologies and the practice of the latest technology. This penetration uses sqlmap to confirm the injection point, obtains the webshell through sqlmap, and combines msf to elevate the rights of ms16-075. Finally, the system permissions of the target server were obtained. This article is a new extension of vulnerability exploitation. When conventional Nday privilege escalation fails, a classic case of ms16-075 successful privilege escalation is combined with msf. 1.1.1 Scan for soap injection vulnerabilities 1. Use webservicesscanner in awvs to scan for vulnerabilities. Open awvs and select webservicesscanner to scan for vulnerabilities.
May 11, 2023 pm 09:25 PM
How to use hyphens in javascript
Note 1. The range of matching characters using a hyphen (-) is not limited to letters. Can also match a range of numbers. 2. A series of letters and numbers can be combined in a single character set. In the = character set, the hyphen (-) defines the range of characters to match. The example requires matching all letters in the string quoteSample. Note: Be sure to match both uppercase and lowercase letters. letquoteSample="Thequickbrownfoxjumpsoverthelazydog.";letalphabetRegex=/change/;//Modify this line letresult=alphabetRegex;/
May 11, 2023 pm 08:55 PM
What is the core defense mechanism of Web Application?
To protect against malicious input, applications implement a number of security mechanisms that are conceptually similar. These security mechanisms consist of the following aspects: 1. Processing the data and functions of users accessing web applications (preventing unauthorized access) 2. Processing data input by users to web application functions (preventing the construction of malicious data) 3. Responding to attacks (Handling unexpected errors, automatically blocking obvious attacks, automatically sending alerts to administrators, and maintaining program access logs) 4. Management and maintenance of application processing access. Usually there are different types of users for an application, such as ordinary users, logins Authenticate users, administrators. Different permissions are given to different user web applications so that they can only access different data and functions. w
May 11, 2023 pm 08:46 PM
How are wide area network, metropolitan area network and local area network divided?
WAN, MAN and LAN are divided based on "coverage". The coverage of LAN is generally within a few kilometers. Its characteristics such as convenient installation, cost saving, and convenient expansion make it widely used in various offices. A wide area network is a long-distance network that connects computer communications in local area networks or metropolitan area networks in different areas, covering a range from dozens to thousands of kilometers. A metropolitan area network is a computer communication network established within a city. Computer networks are divided into wide area networks, metropolitan area networks and local area networks. The main basis for their division is: the function (coverage) scope of the network. Computer network refers to the connection of multiple computers and their external devices with independent functions in different geographical locations through communication lines. In the network operating system, network management software and network communication
May 11, 2023 pm 08:19 PM
CNNVD report example analysis on Apache Struts2 S2-057 security vulnerability
Currently, Apache has officially released a version update to fix the vulnerability. It is recommended that users confirm the Apache Struts product version in time. If affected, please take timely patching measures. 1. Vulnerability introduction ApacheStruts2 is a sub-project of the Jakarta project under the American Apache Software Foundation. It is a Web application framework based on MVC design. On August 22, 2018, Apache officially released the Apache Struts2S2-057 security vulnerability (CNNVD-201808-740, CVE-2018-11776). When enabling the pan-namespace function in the struts2 development framework
May 11, 2023 pm 08:04 PM
How Turla uses watering hole attacks to plant backdoors
Target website Turla compromised at least four Armenian websites, including two government websites. Therefore, targets may include government officials and politicians. The following websites were compromised: armconsul[.]ru: Consular Section of the Embassy of Armenia in Russia mnp.nkr[.]am: Ministry of Conservation and Natural Resources of the Republic of Artsakh aiisa[.]am: Armenian Institute of International and Security Affairs adgf[. ]am: These Armenian Deposit Guarantee Fund websites have been compromised since at least the beginning of 2019. Turla uses illegal access to insert malicious JavaScript code into websites. For example, for mnp.nkr[.]am, in jquery-mi
May 11, 2023 pm 08:04 PM
How to analyze the objects and thresholds monitored by nrpe
nrpe monitoring objects and thresholds: Monitoring objects Monitoring thresholds Host resources Host survival: check_ping-w3000.0, 80%-c5000.0, 100%-p5 (3000 milliseconds response time, if the packet loss rate exceeds 80%, a warning will be reported, 5000 milliseconds Within the response time, if the packet loss rate exceeds 100%, it will be reported as critical, and a total of 5 packets will be sent) Login user: check_user-w5-c10 (w means warning, c means critical) System load: check_load-w15,10,5-c30,25 ,20 (1 minute, 5 minutes, 15 minutes is a warning or critical if it is greater than the corresponding number of waiting processes) Disk usage: check_disk-w20%-c10%-p
May 11, 2023 pm 07:31 PM
How to analyze the specific differences between the two addresses 224.0.0.5 and 224.0.0.6 in OSPF
224.0.0.6 refers to the multicast receiving address of DR and BDR in a multi-access network, and 224.0.0.5 refers to all interfaces running the OSPF process in any network that belong to this group, so all multicast data of 224.0.0.5 are received. Bag. Focus on understanding what kind of multicast data packets belong to a certain group and what kind of multicast data packets are received. For example, DR/BDR belongs to the group (Group) with the multicast address 224.0.0.6, so it receives multicast data packets with the destination address 224.0.0.6. You can understand why multi-channel access can prevent excessive processing of information by setting DR/BDR (because the receivers belonging to a certain group (referring to the OSPF interface) will only be stripped to the second layer without further processing, thus eliminating the need for very
May 11, 2023 pm 07:04 PM
How to analyze SQLMap and SQLi injection defense
Part One: Using Sqlmap 1.1 Introduction to sqlmap 1. I mentioned some basic statements of sql injection, but manual injection is very troublesome. We can use sqlmap, a powerful sql injection tool, to obtain data. 2. Introduction to sqlmap (1)# sqlmap is an open source penetration testing tool that can automatically detect and exploit SQL injection vulnerabilities and servers connected to the database. It has a very powerful detection engine, a penetration tester with multiple features, access the underlying file system through database fingerprinting and execute commands over an out-of-band connection. Official website: sqlmap.org(2)#Supported databases: MySQL, Oracle, PostgreS
May 11, 2023 pm 06:37 PM
What are the knowledge points for web security testing?
What is security testing? Security testing is about providing evidence that the application can still adequately meet its requirements in the face of hostile and malicious input. a. How to provide evidence? We use a set of failed security test case execution results to prove that the web application does not meet security requirements. b. How do you view the need for security testing? Security testing is more dependent on requirements than functional testing because it has more possible inputs and outputs to sift through. True software security actually refers to risk management, that is, we can ensure that the security level of the software meets business needs. How to conduct security testing? Adding security test cases based on common attacks and vulnerabilities combined with actual practice is how to turn security testing into a simple and common part of daily functional testing.
May 11, 2023 pm 06:34 PM
How to easily bypass human-machine authentication Captcha
The Writeup shared today is a simple human-computer authentication (Captcha) bypass method discovered by the author during vulnerability testing of the target website. Captcha bypass was achieved by simply editing elements on the login page of the target website using Chrome developer tools. Pass. Human-machine authentication (Captcha) usually appears on the registration, login and password reset pages of the website. The following is the Captcha mechanism arranged by the target website in the login page. As you can see from the picture above, only after the user checks "I'mnotarobot" of the Captcha verification mechanism, the login button (Sign-IN) will be enabled and displayed for the user to click. So based on this, I right clicked on Si
May 11, 2023 pm 05:55 PM
What is the implementation path for the evolution from IPv4 to IPv6?
Technical Model for Transformation from IPv4 to IPv6 The industry provides three solutions for the transformation from IPv4 to IPv6, namely dual-stack technology mode, tunnel technology mode, and address translation mode. 1. Dual-stack technology model: Run two independent planes on the same network: an IPv4 network plane and an IPv6 network plane, each maintaining its own IGP/EGP status and routing. In this mode, IPv4 and IPv6 coexist, which does not affect existing IPv4 services and can also meet the new needs of IPv6. However, the implementation cost in this mode is relatively high. Firstly, it requires the support of network equipment of the entire network. Secondly, it is difficult to adjust IGP/EGP of the entire network equipment. If it is only implemented in a small area, this is a better choice. mold
May 11, 2023 pm 05:52 PM
Hot tools Tags
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
vc9-vc14 (32+64 bit) runtime library collection (link below)
Download the collection of runtime libraries required for phpStudy installation
VC9 32-bit
VC9 32-bit phpstudy integrated installation environment runtime library
PHP programmer toolbox full version
Programmer Toolbox v1.0 PHP Integrated Environment
VC11 32-bit
VC11 32-bit phpstudy integrated installation environment runtime library
SublimeText3 Chinese version
Chinese version, very easy to use
Hot Topics
1658
14
1415
52
1309
25
1257
29
1231
24