| {url:'stun:stun01.sipphone.com'}, | |
| {url:'stun:stun.ekiga.net'}, | |
| {url:'stun:stun.fwdnet.net'}, | |
| {url:'stun:stun.ideasip.com'}, | |
| {url:'stun:stun.iptel.org'}, | |
| {url:'stun:stun.rixtelecom.se'}, | |
| {url:'stun:stun.schlund.de'}, | |
| {url:'stun:stun.l.google.com:19302'}, | |
| {url:'stun:stun1.l.google.com:19302'}, | |
| {url:'stun:stun2.l.google.com:19302'}, |
##ss-redir 的 iptables 配置(透明代理)
透明代理指对客户端透明,客户端不需要进行任何设置就使用了网管设置的代理规则
创建 /etc/ss-redir.json 本地监听 7777
运行ss-redir -v -c /etc/ss-redir.json
iptables -t nat -N SHADOWSOCKS
# 在 nat 表中创建新链
iptables -t nat -A SHADOWSOCKS -p tcp --dport 23596 -j RETURN
# 23596 是 ss 代理服务器的端口,即远程 shadowsocks 服务器提供服务的端口,如果你有多个 ip 可用,但端口一致,就设置这个
Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.
While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid to subtly allow them to execute a root shell from any user account from the system (including www-data, which you might not even know if compromised).
If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur
| #!/usr/bin/env python2 | |
| """ | |
| Author: takeshix <takeshix@adversec.com> | |
| PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org). | |
| Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP. | |
| """ | |
| import sys,struct,socket | |
| from argparse import ArgumentParser |
| #!/bin/sh | |
| set -e | |
| set -x | |
| for package in $(npm -g outdated --parseable --depth=0 | cut -d: -f3) | |
| do | |
| npm -g install "$package" | |
| done |
Full blog post can be found here: http://pnommensen.com/2014/09/07/high-performance-ghost-configuration-with-nginx/
Ghost is an open source platform for blogging founded by John O'Nolan and Hannah Wolfe. It's a node.js application and therefore works great in conjunction with nginx. This guide will will help you create a high performance nginx virtual host configuration for Ghost.
"Don't use #nodejs for static content" - @trevnorris. If #nginx isn't sitting in front of your node server, you're probably doing it wrong.
— Bryan Hughes (@nebrius) August 30, 2014The node.js application runs on a port on your server
This howto describes setting up a LT2P over IPsec VPN server on your router with TomatoUSB firmware. This should allow you to connect using the built-in client to your Mac, iPhone or Android device. (Not sure about Windows.)
At the end of this tutorial, you should have a L2TP/IPsec VPN server that starts automatically on boot. Mac/iPhone/Android devices can connect with their native client and will be assigned an IP address within your LAN subnet. They should be able to talk to other devices on your LAN and should be able to contact hosts on the Internet NAT'd behind your WAN IP address.
| # Download latest archlinux bootstrap package, see https://www.archlinux.org/download/ | |
| wget 'ftp://ftp.nluug.nl/pub/os/Linux/distr/archlinux/iso/latest/archlinux-bootstrap-*-x86_64.tar.gz' | |
| # Make sure you'll have enough entropy for pacman-key later. | |
| apt-get install haveged | |
| # Install the arch bootstrap image in a tmpfs. | |
| mount -t tmpfs none /mnt | |
| cd /mnt | |
| tar xvf ~/archlinux-bootstrap-*-x86_64.tar.gz --strip-components=1 |
| #!/bin/sh | |
| ############################################################################## | |
| # This code known is distributed under the following terms: | |
| # | |
| # Copyright (c) 2013 Isaac (.ike) Levy <ike@blackskyresearch.net>. | |
| # All rights reserved. | |
| # | |
| # Redistribution and use in source and binary forms, with or without | |
| # modification, are permitted provided that the following conditions |
| # This configuration file is provided on an "as is" basis, | |
| # with no warranties or representations, and any use of it | |
| # is at the user's own risk. | |
| # | |
| # You will need to edit domain name information, IP addresses for | |
| # redirection (at the bottom), SSL certificate and key paths, and | |
| # the "Public-Key-Pins" header. Search for any instance of "TODO". | |
| user www-data; | |
| worker_processes 4; |