netglub install.sh'Hacking' 카테고리의 다른 글
| wifi password cracker (0) | 2013.10.09 |
|---|---|
| Secure Coding (0) | 2013.09.21 |
| CVE-2013-2251 Apache Struts2 Remote Shell Exploit (1) | 2013.07.19 |
| unlock android password (0) | 2013.07.18 |
| salted password hashing (0) | 2013.07.11 |
Chinese Exploit Tool: http://www.blackxl.org/struts2-s2-016-exp-cve-2013-2251.html
July 17, 2013 is a safe operation and maintenance of many hackers sleepless nights… Struts2 risk vulnerabilities cause massive information leakage will affect countless Internet users (likely no one can escape ......) exploit vulnerabilities, hackers can initiate a remote attack , ranging from theft of website data, serious web server can obtain control over the composition and operation of information disclosure threats.
It clouds the current master of the situation: Struts vulnerability enormous impact, the affected site to electricity providers, banks, portals, government majority. And some automation, fool use tools began to appear, fill in the address server commands can be executed directly, or even directly read data off and other operations ...
The following is a National Computer Network Emergency Response Technical Team Coordination Center released on Apache Struts2 Remote Command Execution Vulnerability and open redirect high-risk high-risk vulnerabilities briefing:
The security bulletin number: CNTA-2013-0022
Recently, the center sponsored by the National Information Security Vulnerability Apache Struts sharing platform included the presence of a remote command execution vulnerability and an open redirect vulnerability (ID: CNVD-2013-28972, corresponding to the CVE-2013-2251; CNVD-2013-28979, corresponds to CVE-2013-2248). Exploited, can be initiated by remote attackers, ranging from websites to steal data, serious web server can obtain control over the composition and operation of information disclosure threats. The relevant information is as follows:
I. Analysis of Vulnerability
Struts2 is the second generation based on Model-View-Controller (MVC) model java enterprise-class web application framework. It is the WebWork and Struts communities merged product. Specific analysis is as follows:
1, Apache Struts Remote Command Execution Vulnerability
Because Apache Struts2 of action:, redirect: and redirect Action: Prefix parameter in achieving its function during the use of the Ognl expression and user submitted content to fight through the URL access Ognl expression, resulting in a malicious attacker can construct URL to execute arbitrary Java code, and then execute arbitrary commands.
2, Apache Struts open redirect vulnerabilities
Apache Struts 2DefaultActionMapper short path redirection parameters in dealing with the prefix "redirect:" or "redirect Action:" When there is an open redirect vulnerability allows remote attackers to exploit Operation "redirect:" or "redirect Action:" After the information, redirect URL to any location.
Second, the vulnerability assessment
CNVD for remote command execution vulnerability (CNVD-2013-28972) and an open redirect vulnerability (CNVD-2013-28979) is rated "high risk" due to redirect: and redirect Action: This two prefix Struts functionality enabled by default, so Apache Struts 2.3.15.1 The following versions affected by the vulnerability. The vulnerability to China in 2012 and important information systems within government departments, enterprises and institutions website pose a serious threat vulnerability (ID: CNVD-2013-25061, corresponding to the CVE-2013-1966) compared to the same technology and the affected rating releases.
Third, the proposed disposal loopholes
This blog is so popular, and I wanna say if you are interested in video conferencing, you can click the video conferencing or copy V2 video conference in the Google.
'Hacking' 카테고리의 다른 글
| Secure Coding (0) | 2013.09.21 |
|---|---|
| script (0) | 2013.07.24 |
| unlock android password (0) | 2013.07.18 |
| salted password hashing (0) | 2013.07.11 |
| Stealing saved passwords from your friend’s laptop (0) | 2013.07.11 |
[MOD][HOW-TO] Quick Unlock on Pin/Password with toggle
This will allow the PIN and Password unlock screens to be unlock as soon as the correct pin/password is input without having to press the enter key to submit.
We're going to be working with the following two files:
SecSettings.apk
android.policy.jar
KEY
REMOVE what's in BLUE
ADD what's in RED
SecSettings.apk
This will allow the PIN and Password unlock screens to be unlock as soon as the correct pin/password is input without having to press the enter key to submit.
We're going to be working with the following two files:
SecSettings.apk
android.policy.jar
KEY
REMOVE what's in BLUE
ADD what's in RED
SecSettings.apk
Navigate to /res/values/strings.xml
Add the following to the end of the file
Navigate to /xml/security_settings_password.xml
Navigate to /xml/security_settings_pin.xml
Navigate to /smali/com/android/settings/LockscreenMenuSettings.smali
.method private createPreferenceHierarchy()Landroid/preference/PreferenceScreen;
WAIT!
WAIT!
You need to grab some ID's. Luckily they're already available so no need to compile, etc.!
There's only two.
WAIT!
WAIT!
Did you replace those two ID's in that last section? Good. Let's continue.
.method public onPreferenceTreeClick(Landroid/preference/PreferenceScreen;Landroid/preference/Preference
Z
.method public onResume()V
That's it for SecSettings. Compile.
Add the following to the end of the file
Code:
<string name="quick_unlock_title">Quick Unlock</string>
<string name="quick_unlock_summary">Unlock as soon as correct pin is entered</string>Navigate to /xml/security_settings_password.xml
Code:
<?xml version="1.0" encoding="utf-8"?>
<PreferenceScreen
xmlns:android="http://schemas.android.com/apk/res/android">
<PreferenceScreen android:persistent="false" android:title="@string/unlock_set_unlock_launch_picker_title" android:key="unlock_set_or_change" android:summary="@string/unlock_set_unlock_mode_password" />
<SwitchPreferenceScreen android:title="@string/dualclock_settings_title" android:key="dualclock_settings" android:summary="@string/dualclock_settings_summary" android:fragment="com.android.settings.dualclock.DualClockSetting" />
<CheckBoxPreference android:title="@string/with_cicle_title" android:key="with_circle" android:summary="@string/with_cicle_summary" android:defaultValue="false" />
<PreferenceScreen android:title="@string/lock_screen_options" android:key="lock_screen_options" android:summary="@string/lock_screen_options_summary" android:fragment="com.android.settings.LockScreenSettings" />
<CheckBoxPreference android:title="@string/quick_note_title" android:key="quick_note" android:summary="@string/quick_note_summary" android:defaultValue="false" />
<ListPreference android:persistent="false" android:entries="@array/lock_after_timeout_entries" android:title="@string/lock_after_timeout" android:key="lock_after_timeout" android:summary="@string/lock_after_timeout_summary" android:entryValues="@array/lock_after_timeout_values" />
<CheckBoxPreference android:title="@string/lockpattern_settings_enable_power_button_instantly_locks" android:key="power_button_instantly_locks" />
<CheckBoxPreference android:title="@string/quick_unlock_title" android:key="quick_unlock" android:summary="@string/quick_unlock_summary" />
<PreferenceScreen android:title="@string/owner_info_settings_title" android:key="owner_info_settings" android:summary="@string/owner_info_settings_summary" android:fragment="com.android.settings.OwnerInfoSettings" />
</PreferenceScreen>Navigate to /xml/security_settings_pin.xml
Code:
<?xml version="1.0" encoding="utf-8"?>
<PreferenceScreen
xmlns:android="http://schemas.android.com/apk/res/android">
<PreferenceScreen android:persistent="false" android:title="@string/unlock_set_unlock_launch_picker_title" android:key="unlock_set_or_change" android:summary="@string/unlock_set_unlock_mode_pin" />
<SwitchPreferenceScreen android:title="@string/dualclock_settings_title" android:key="dualclock_settings" android:summary="@string/dualclock_settings_summary" android:fragment="com.android.settings.dualclock.DualClockSetting" />
<CheckBoxPreference android:title="@string/with_cicle_title" android:key="with_circle" android:summary="@string/with_cicle_summary" android:defaultValue="false" />
<PreferenceScreen android:title="@string/lock_screen_options" android:key="lock_screen_options" android:summary="@string/lock_screen_options_summary" android:fragment="com.android.settings.LockScreenSettings" />
<CheckBoxPreference android:title="@string/quick_note_title" android:key="quick_note" android:summary="@string/quick_note_summary" android:defaultValue="false" />
<ListPreference android:persistent="false" android:entries="@array/lock_after_timeout_entries" android:title="@string/lock_after_timeout" android:key="lock_after_timeout" android:summary="@string/lock_after_timeout_summary" android:entryValues="@array/lock_after_timeout_values" />
<CheckBoxPreference android:title="@string/lockpattern_settings_enable_power_button_instantly_locks" android:key="power_button_instantly_locks" />
<CheckBoxPreference android:title="@string/lockpattern_settings_enable_tactile_feedback_title" android:key="unlock_tactile_feedback" />
<CheckBoxPreference android:title="@string/quick_unlock_title" android:key="quick_unlock" android:summary="@string/quick_unlock_summary" />
<PreferenceScreen android:title="@string/owner_info_settings_title" android:key="owner_info_settings" android:summary="@string/owner_info_settings_summary" android:fragment="com.android.settings.OwnerInfoSettings" />
</PreferenceScreen>Navigate to /smali/com/android/settings/LockscreenMenuSettings.smali
Code:
.field private mPowerButtonInstantlyLocks:Landroid/preference/CheckBoxPreference; .field private mQuicknote:Landroid/preference/CheckBoxPreference; .field private mQuickUnlock:Landroid/preference/CheckBoxPreference; .field private mSignatureVerificationLevel:Landroid/preference/ListPreference; .field private mTactileFeedback:Landroid/preference/CheckBoxPreference;
.method private createPreferenceHierarchy()Landroid/preference/PreferenceScreen;
WAIT!
WAIT!
You need to grab some ID's. Luckily they're already available so no need to compile, etc.!
There's only two.
Code:
:cond_5
const-string v4, "quick_note"
invoke-virtual {v3, v4}, Landroid/preference/PreferenceScreen;->findPreference(Ljava/lang/CharSequence;)Landroid/preference/Preference;
move-result-object v4
check-cast v4, Landroid/preference/CheckBoxPreference;
iput-object v4, p0, Lcom/android/settings/LockscreenMenuSettings;->mQuicknote:Landroid/preference/CheckBoxPreference;
.line 203
iget-object v4, p0, Lcom/android/settings/LockscreenMenuSettings;->mQuicknote:Landroid/preference/CheckBoxPreference;
if-eqz v4, :cond_6
const v4, 0x7f07004f
if-eq v2, v4, :cond_6
.line 205
iget-object v4, p0, Lcom/android/settings/LockscreenMenuSettings;->mQuicknote:Landroid/preference/CheckBoxPreference;
invoke-virtual {v3, v4}, Landroid/preference/PreferenceScreen;->removePreference(Landroid/preference/Preference;)Z
.line 208
:cond_6
const-string v4, "quick_unlock"
invoke-virtual {v3, v4}, Landroid/preference/PreferenceScreen;->findPreference(Ljava/lang/CharSequence;)Landroid/preference/Preference;
move-result-object v4
check-cast v4, Landroid/preference/CheckBoxPreference;
iput-object v4, p0, Lcom/android/settings/LockscreenMenuSettings;->mQuickUnlock:Landroid/preference/CheckBoxPreference;
.line 203
iget-object v4, p0, Lcom/android/settings/LockscreenMenuSettings;->mQuickUnlock:Landroid/preference/CheckBoxPreference;
if-eqz v4, :cond_next
const v4, 0x7f070051 # type="xml" name="security_settings_password"
if-eq v2, v4, :cond_next
const v4, 0x7f070054 # type="xml" name="security_settings_pin"
if-eq v2, v4, :cond_next
.line 205
iget-object v4, p0, Lcom/android/settings/LockscreenMenuSettings;->mQuickUnlock:Landroid/preference/CheckBoxPreference;
invoke-virtual {v3, v4}, Landroid/preference/PreferenceScreen;->removePreference(Landroid/preference/Preference;)Z
:cond_next
const-string v4, "visiblesignature"
invoke-virtual {v3, v4}, Landroid/preference/PreferenceScreen;->findPreference(Ljava/lang/CharSequence;)Landroid/preference/Preference;
move-result-object v4
check-cast v4, Landroid/preference/CheckBoxPreference;
iput-object v4, p0, Lcom/android/settings/LockscreenMenuSettings;->mVisibleSignature:Landroid/preference/CheckBoxPreference;WAIT!
WAIT!
Did you replace those two ID's in that last section? Good. Let's continue.
.method public onPreferenceTreeClick(Landroid/preference/PreferenceScreen;Landroid/preference/Preference
ZCode:
:cond_8
const-string v5, "quick_note"
invoke-virtual {v5, v1}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v5
if-eqz v5, :cond_a
.line 503
invoke-virtual {p0}, Lcom/android/settings/LockscreenMenuSettings;->getContentResolver()Landroid/content/ContentResolver;
move-result-object v5
const-string v6, "lock_screen_quick_note"
iget-object v7, p0, Lcom/android/settings/LockscreenMenuSettings;->mQuicknote:Landroid/preference/CheckBoxPreference;
invoke-virtual {v7}, Landroid/preference/CheckBoxPreference;->isChecked()Z
move-result v7
if-eqz v7, :cond_9
move v3, v4
:cond_9
invoke-static {v5, v6, v3}, Landroid/provider/Settings$Secure;->putInt(Landroid/content/ContentResolver;Ljava/lang/String;I)Z
goto/16 :goto_0
.line 504
:cond_a
const-string v5, "quick_unlock"
invoke-virtual {v5, v1}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v5
if-eqz v5, :cond_next
.line 503
invoke-virtual {p0}, Lcom/android/settings/LockscreenMenuSettings;->getContentResolver()Landroid/content/ContentResolver;
move-result-object v5
const-string v6, "quick_unlock"
iget-object v7, p0, Lcom/android/settings/LockscreenMenuSettings;->mQuickUnlock:Landroid/preference/CheckBoxPreference;
invoke-virtual {v7}, Landroid/preference/CheckBoxPreference;->isChecked()Z
move-result v7
if-eqz v7, :cond_quick
move v3, v4
:cond_quick
invoke-static {v5, v6, v3}, Landroid/provider/Settings$System;->putInt(Landroid/content/ContentResolver;Ljava/lang/String;I)Z
goto/16 :goto_0
.line 504
:cond_next
const-string v3, "visiblesignature"
invoke-virtual {v3, v1}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z
move-result v3
if-eqz v3, :cond_b.method public onResume()V
Code:
:cond_2
iget-object v1, p0, Lcom/android/settings/LockscreenMenuSettings;->mQuicknote:Landroid/preference/CheckBoxPreference;
if-eqz v1, :cond_3
.line 438
iget-object v1, p0, Lcom/android/settings/LockscreenMenuSettings;->mQuicknote:Landroid/preference/CheckBoxPreference;
invoke-virtual {p0}, Lcom/android/settings/LockscreenMenuSettings;->getContentResolver()Landroid/content/ContentResolver;
move-result-object v4
const-string v5, "lock_screen_quick_note"
invoke-static {v4, v5, v3}, Landroid/provider/Settings$Secure;->getInt(Landroid/content/ContentResolver;Ljava/lang/String;I)I
move-result v4
if-eqz v4, :cond_8
:goto_1
invoke-virtual {v1, v2}, Landroid/preference/CheckBoxPreference;->setChecked(Z)V
.line 440
:cond_3
iget-object v1, p0, Lcom/android/settings/LockscreenMenuSettings;->mQuickUnlock:Landroid/preference/CheckBoxPreference;
if-eqz v1, :cond_next
.line 438
iget-object v1, p0, Lcom/android/settings/LockscreenMenuSettings;->mQuickUnlock:Landroid/preference/CheckBoxPreference;
invoke-virtual {p0}, Lcom/android/settings/LockscreenMenuSettings;->getContentResolver()Landroid/content/ContentResolver;
move-result-object v4
const-string v5, "quick_unlock"
invoke-static {v4, v5, v3}, Landroid/provider/Settings$System;->getInt(Landroid/content/ContentResolver;Ljava/lang/String;I)I
move-result v4
if-eqz v4, :cond_quick
:goto_quick
invoke-virtual {v1, v2}, Landroid/preference/CheckBoxPreference;->setChecked(Z)V
.line 440
:cond_next
iget-object v1, p0, Lcom/android/settings/LockscreenMenuSettings;->mVisibleSignature:Landroid/preference/CheckBoxPreference;
if-eqz v1, :cond_4
.line 441
iget-object v1, p0, Lcom/android/settings/LockscreenMenuSettings;->mVisibleSignature:Landroid/preference/CheckBoxPreference;
invoke-virtual {v0}, Lcom/android/internal/widget/LockPatternUtils;->isVisibleSignatureEnabled()Z
move-result v2
invoke-virtual {v1, v2}, Landroid/preference/CheckBoxPreference;->setChecked(Z)VCode:
:cond_7
move v1, v3
.line 434
goto :goto_0
:cond_8
move v2, v3
.line 438
goto :goto_1
:cond_quick
move v2, v3
goto :goto_quick
.end methodThat's it for SecSettings. Compile.
S3Rx Samsung Galaxy S3
Do not PM me for help trying to get one of my mods to work.
That's what the threads are for. I posted the threads so you can see what I did, not as an advertisement that I will do it for you.
Do not PM me for help trying to get one of my mods to work.
That's what the threads are for. I posted the threads so you can see what I did, not as an advertisement that I will do it for you.
'Hacking' 카테고리의 다른 글
| script (0) | 2013.07.24 |
|---|---|
| CVE-2013-2251 Apache Struts2 Remote Shell Exploit (1) | 2013.07.19 |
| salted password hashing (0) | 2013.07.11 |
| Stealing saved passwords from your friend’s laptop (0) | 2013.07.11 |
| Cisco VoIP Hijacking (0) | 2013.06.04 |
