Page 34-Safety Programming Tutorials: Learn Safety Online-php.cn

Article Tags

Safety

Home

Technical articles

Operation and Maintenance

Safety

What is a simple and secure API authorization mechanism based on signature algorithm?

When I was working on an advertising system, I found that the advertising systems of most of the platforms I connected to used tokens to authorize interfaces, and this token remained unchanged and was provided by advertisers. It can be said that this is a streaking interface, but this kind of The interface does not have high security requirements, which can only prevent malicious calls and verify the identity of the channel. Last year, the author wrote about an API unified authorization platform that provides unified authorization management for internal service open interfaces and third-party system calls. Apart from facilitating management interface authorization, it has no other purpose, but it costs money to deploy. This is probably the most pointless project I've ever done. The API authorization mechanism introduced today may also be a more widely used API interface authorization mechanism. I remember that the author used to do the WeChat payment function.

May 18, 2023 am 10:49 AM

API

How idaPro analyzes app decryption lua script

Through the previous idaPro debugging or hook, we can obtain the xxtea decryption key. For sign, we can directly open the original file: we can see the sign value: byds. Therefore, we can try to decrypt it with the xxtea decryption tool (which can be compiled from the source code on GitHub): Taking index.luac as an example, we see the changes before and after decryption of index.luac: We see that the lua script after decryption by xxtea is still not Plain text! We previously determined that the xxtea encryption was used based on the cocos2d framework source code and the master apk decoding result, and the Lua script of the app also has a signature value, which also confirms that it is the xxtea encryption method, but we

May 18, 2023 am 08:34 AM

AppluaidaPro

How to perform IP address analysis and application

1. IP address 1. IPV4 is composed of 32-bit binary number 2. IP address is composed of two parts: network bit + host bit 3. Classification of IP address: Category range network bit and host bit A1-126 network + main + main + Main B128-191 Network + Network + Main + Main C192-223 Network + Network + Network + Main D224-239 Multicast Address E240-254 Scientific Research 2. Private Network Address A10.0.0.0~10.255.255.255B172,16.0 .0~172.31.255.255C192.168.0.0~192.168.255.255 3. Subnet mask The subnet mask is used to distinguish the network bits and host bits of the IP address. The network bits are represented by consecutive 1's.

May 17, 2023 pm 10:55 PM

ip地址

How to conduct in-depth analysis of Vietnamese APT attack samples

1. Introduction APT has become a hot topic in the security field. Innovación ylaboratorio, a subsidiary of Eleven Paths, published the "Docless Vietnam APT" report in April: The above information states that we have detected that some malicious emails were sent to mailboxes belonging to the Vietnamese government. The date of this Vietnamese email is March 13, 2019. This email may have come from within the Vietnamese government. It cannot be ruled out that someone sent this email to the security department because there are suspicious elements in this email. TKCTquyInam2019.doc.lnk.malw sample information is as follows: Picture 1: TKCTquyInam2019.doc.lnk.m

May 17, 2023 pm 10:26 PM

apt

Example analysis of static analysis of APK files to discover leakage of hard-coded passwords in APP applications

The Writeup I share with you today is a static analysis of Android APP. Due to the problem of insecure storage and hard-coded password leakage in the APP, it is possible to log in to its SMS management system and hijack its SMS interface configuration. The following is the relevant analysis and research. . Getting Started Since the scope of the public testing project involves a certain Android APP from a relevant manufacturer, I downloaded this APP on my Android phone and took out its APK file for static analysis. Here are two native and fast APK download URLs recommended: https://apk.support/apk-downloader https://apkpure.com/ After obtaining the APK file, we need to process it

May 17, 2023 pm 09:16 PM

Appapk

Android basic reverse engineering is not implemented very well

0x01Activity jump demo is still the last demo. This time we change the Button logic and change it to jump. Build a new Activity Jump ActivityHere jump to our new Activity. Use Intent to jump, which is equivalent to a carrier. The specific code is as follows: Intenti=newIntent(MainActivity.this,Main2Activity.class);startActivity(i); set the logo to generate apk test 0x02Androidmanifest.xml description First let’s look at Androidm

May 17, 2023 pm 08:22 PM

Android

What are the Android MaterialDesign application methods?

1: The top background image slowly disappears when you slide up, and the title is suspended. 1.1: Set the previous added dependencies in CoordinatorLayout. I have already said it in the previous article, so I won’t repeat it here. A new one is added to the coordinator layout this time. Layout CollapsingToolbarLayout (Collapsing Toolbar Layout), it is obvious that the toolbar in the above rendering slides up and the picture is folded in. This is an animation effect. If it were not for the power of the MaterialDesign library, we would have written this ourselves. Let's analyze what is used in the renderings. Just look at the colored text, an Apple background image, and a floating button (adsorbed on Collapsin

May 17, 2023 pm 07:28 PM

AndroidMaterialDesign

How to solve Windows worm virus

0x00 Preface The worm is a very old computer virus. It is a self-contained program (or a set of programs) that usually spreads through the network. Every time it invades a new computer, it is on this computer. Makes a copy of itself and automatically executes its own program. Common worms: Panda Burning Incense Virus, Shock Wave/Shock Wave Virus, Conficker Virus, etc. 0x01 Emergency Scenario One morning, the administrator found at the egress firewall that the internal network server continued to initiate active connections to overseas IPs. The internal network environment was unable to connect to the external network, and there was no way to figure it out. 0x02 event analyzes the server's intranet IP seen on the egress firewall. First, disconnect the virus-infected host from the intranet, then log in to the server, open D-shield_web scan and check

May 17, 2023 pm 07:22 PM

window

How to classify IP addresses and divide subnets

IP is a 32-bit unsigned integer, and its range is 0.0.0.0-255.255.255.255. Specifically, an IP consists of two parts: network number + host number. If the network numbers are the same, it means that within a network segment, you can Direct communication using mac data frame. Given a network number, the host number is all 0, the ip represents the network address, the host number is all 1, the ip represents the broadcast address, the representation of the ip address: xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx|--net--| ---------host----------------|The network number of a class A address starts with 0, the network number of a class B address starts with 10, and the network number of a class C address starts with 10 is 11

May 17, 2023 pm 07:01 PM

ip地址

What is Django development and offensive and defensive testing like?

1. For basic Django development, I used to use 1.8.2 for my blog. I still installed it on my machine, so I took it over and used it. Of course, the new version will fix a lot of bugs. You should learn newer versions as much as possible. This article is about An introductory chapter. 1. Download, install and start #Download djangopipinstalldjango==1.8.2-ihttps://pypi.mirrors.ustc.edu.cn/simple/#Create a folder and activate the virtual environment virtualenvdjango_democddjango_demosourcebin/activate#Create a folder to store django files mkdi

May 17, 2023 pm 06:11 PM

django

How to implement Juniper JunOS PPPOE configuration

1) Select interface fe-0/0/1 as the physical interface of the PPPOE dial-up interface, and encapsulate it into pppoesesetinterfacesfe-0/0/1unit0encapsulationppp-over-ether2) Configure the PP0.0 parameters of the PPPOE interface setinterfacespp0unit0pppoe-optionsunderlying-interfacefe-0/ 0/1.0setinterfacespp0unit0pppoe-optionsidle-timeout0setinterfacespp0unit0pppoe-

May 17, 2023 pm 05:55 PM

juniperpppoejunos

How Codeql analyzes the problem of cookie not enabling httponly

Preface Today we use codeql to analyze security issues such as "cookie is not enabled httponly", thereby deepening our use of codeql. If the response is good, you can consider exploring other vulnerabilities in Vulnerability-goapp. When analyzing go programs, you must additionally download the codeql-go description audit object Vulnerability-goapp: VulnerablegolangWebapplicationforeducation. Modification: Because all cookies in this project are not set to http-only, there is no comparison, so we need to modify it first. in some cookies

May 17, 2023 pm 05:25 PM

cookiehttponlycodeql

DeRPnStiNK target machine penetration case analysis

DeRPnStiNK target machine penetration We found the DeRPnStiNK target machine from the Internet as an experimental environment. For beginners, we used this target machine to conduct penetration experiments. After downloading the target machine online, open it directly through the virtual machine. Just use the default bridge mode for the network card configuration. Note here that your kali attack machine must also be in bridge mode to ensure normal communication with the attacked server. First, if we are not sure about the address of the attacked server, we need to perform host discovery and check our own IP address: 192.168.50.76, as shown in the figure: Use nmap or netdiscover to perform network discovery. The command is as follows: nmap–sP192.168.50 .0/24(

May 17, 2023 pm 04:56 PM

DeRPnStiNK

How to upgrade NetScaler version

1. NetScaler version upgrade instructions requirements: Upgrade NetScaler through shell mode [Topology] 2. Preparation before upgrading Prepare the version files required for version upgrade Use a browser to open https://www.citrix.com/downloads/netscaler-adc/ to log in Then select the required upgrade package for DownLoad, select the tgz upgrade package, and prepare the necessary tools required for version upgrade. 3. During the upgrade process, use the SSH tool to log in to NetScaler to view the current version information. Use the SFTP tool to upload the upgrade package to NetScaler's /var/nsinstall/build- 11.1-54.14 Directory

May 17, 2023 pm 04:52 PM

netscaler