Aggregator

Summary A new vulnerability named ProxyToken has been disclosed by the Zero-Day Initiative Blog. Like ProxyShell, this vulnerability targets Microsoft Exchange servers. Overview A new vulnerability in Microsoft Exchange named ProxyToken has been observed by researchers and disclosed to the Zero-Day Initiative program. The vulnerability allows attackers to skip authentication and change an Exchange server's backend configuration. According to Le Xuan Tuyen, the original researcher credited for discovering th

Backdoor users on Linux with uid=0

Embrace The Red

4 years 6 months ago

On Unix/Linux users with a uid=0 are root. This means any security checks are bypassed for them.

An adversary might go ahead and create a new account, or set an existing account’s user identifier (uid) or group identifier to zero.

A simple way to do this is to update /etc/passwd of an account, or use usermod -u 0 -o mallory.

Let’s create a new user named mallory:

wuzzi@saturn:/$ sudo adduser mallory [...] wuzzi@saturn:/$ cat /etc/passwd | grep mallory mallory:x:1001:1001::/home/mallory:/bin/sh

Observe that the user has the uid 1001.

以太坊EIP-1559总结

Exploit的小站~

4 years 6 months ago

一、概要 EIP-1559主要提出了区块BaseFee的概念，有以下特点：（1）basefee是动态变化的，用来指定gas的基础费用（2）变化幅度和方向由一个公式算出，和之前区块的gas实际消耗以及gas target值（gasLimit / ELASTICITY_MULTIPLIER 乘数）决定（3）当区块的gas目标值变大时，basefee会变大，否则会变小（4）basefee的手续费会销毁，不会给矿工（5）交易规定了用户愿意支付给矿工的每个gas的最高费用，以便于让矿工优先打包自

u011721501

宋宝华：为了不忘却的纪念，评Linux 5.13内核

宋宝华

4 years 6 months ago

Linux 5.14于14小时之前发布了，而我5.13的总结还没有写出，我早觉得有写一点东西的必要了，这虽然于搬砖的码农毫不相干，但在追求进步的工程师那里，却大抵只能如此而已。为了不忘却的...

21cnbao

Aggregator

Managed ad