Remove Banciyuan Image Watermark and Download Limit

Monday, July 30, 2018

Preface Lately I’ve been scrolling Banciyuan during meals. The Cosplay section is full of great photos, but unfortunately many images have watermarks, and some can’t be downloaded. It’s hard to save them for later, which really ruins the mood. …

Data Forwarding Techniques in Penetration Testing

Wednesday, April 4, 2018

Approach In penetration testing, you almost always need a proxy server, so let’s start by assuming we have a server with a public IP as the attacker machine. …

Linux Post-Exploitation Notes: PAM Backdoor

Sunday, March 25, 2018

Preface Linux-PAM (Pluggable Authentication Modules) is a pluggable authentication framework. PAM uses configuration files under /etc/pam.d/ to manage how programs perform authentication. …

Sangfor SSL VPN Port ACL Bypass in Practice

Saturday, March 24, 2018

Preface First, a disclaimer: this is an old issue. To fix it, you only need to upgrade to M7.5. Some time ago, I happened to see someone in a security chat talking about bypassing the ACL of Sangfor SSL VPN. I’d wanted to try it myself, but the only reference I could find online was this post from two years prior: Bypassing Sangfor SSL VPN access control with Burp. Unfortunately, the author heavily mosaicked the screenshots, leaving very little useful information, and I could barely understand what they were doing. …

eSIM Notes

Sunday, December 10, 2017

Introduction SIM (Subscriber Identification Module) is an IC that can securely store mobile communication configuration. …

Subdomain Enumeration Notes

Tuesday, December 5, 2017

Preface The idea is as follows: …

Hardware Repair Notes

Sunday, November 12, 2017

Soldering Station …

Approaches to Finding the Origin Server Behind a CDN

Saturday, October 28, 2017

Approaches to Bypassing a CDN There are many approaches online for bypassing a CDN, but many of them have issues. Below is a collection and summary of commonly used ideas. From a site owner’s perspective, not every site will always be behind a CDN. From a DNS provider’s perspective, historical DNS records may not be controlled by the CDN provider. From a CDN provider’s perspective, there are limitations on covered regions, and CDN traffic can also be limited. …

Getting Root Access on Verizon FIOS-G1100

Friday, September 1, 2017

Preface I wrote this post in September last year. Back in July, our team lead brought in a router and handed it to an intern to work on. He couldn’t crack it and eventually stopped. Later, when I had some free time, I continued, but the decryption part still wasn’t finished—halfway through I got pulled onto other work. So this is an unfinished post. …

HackRF GPS Spoofing Notes

Sunday, July 30, 2017

Preface Leader lent me two HackRF Ones to play with, and I planned to use them for GPS spoofing experiments. It was my first time working with software-defined radio; I got interested immediately and decided to learn it seriously. …