...

12/1.txt

@@ -0,0 +1,44 @@
+Używając polecenia `ethtool -k <interface>` możemy zobaczyć poniższe opcje (wyciąłem te fixed):
+Features for enp2s0f0:
+
+rx-checksumming: on
+
+tx-checksumming: on
+
+tx-checksum-ipv4: on
+
+tx-checksum-ipv6: on
+
+scatter-gather: on
+
+tx-scatter-gather: on
+
+tcp-segmentation-offload: on
+
+tx-tcp-segmentation: on
+
+tx-tcp-mangleid-segmentation: off
+
+tx-tcp6-segmentation: on
+
+generic-segmentation-offload: on
+
+generic-receive-offload: on
+
+large-receive-offload: off
+
+rx-vlan-offload: on
+
+tx-vlan-offload: on
+
+receive-hashing: on
+
+rx-vlan-filter: on
+
+tx-udp_tnl-segmentation: on
+
+tx-udp_tnl-csum-segmentation: on
+
+tx-gso-partial: on
+
+tx-nocache-copy: off

13/1.txt

@@ -3,21 +3,18 @@
 
 2. Dodawanie sygnatur
   a) HTML
-    ClamAV contains HTML normalization code which makes it easier to write signatures for HTML data that might differ based on white space, capitalization, and other insignificant differences. Running sigtool --html-normalise on a HTML file can be used to see what a file’s contents will look like after normalization. This command should generate the following files:
+    ClamAV zawiera znormalizowany dla ułatwienia HTML. Uruchomienie `sigtool --html-normalise <file.html>` pokaże nam jakby wyglądał znormalizowany. Ta komenda wyprodukuje:
 
       nocomment.html - znormalizowany, lower-case, wyrzucone komentarze i white-spaces
       notags.html - jak powyżej, ale tagi html są wyrzucone
-      javascript - any script contents are normalized and the results appended to this file
-
-    The code automatically decodes JScript.encode parts and char ref’s (e.g. &#102;). To create a successful signature for the input file type, the rule must match on the contents of one of the created files. Signatures matching on normalized HTML should have a target type of 3. For reference, see Target Types.
-
+      javascript - każdy skrypt jaki był załączony w html'u, również znormalizowany
 
   b) Pliki tekstowe
-    Similarly to HTML all ASCII text files get normalized (converted to lower-case, all superfluous white space and control characters removed, etc.) before scanning. Running sigtool --ascii-normalise on a text file will result in a normalized version being written to the file named ‘normalised_text’. Rules matching on normalized ASCII text should have a target type of 7. For reference, see Target Types.
+    Tak jak powyżej, znormalizowane pliki ASCII. Uruchomienie `sigtool --ascii-normalise <file.txt>` pokaże nam jakby wyglądał znormalizowany. Ta komenda wyprodukuje plik ‘normalised_text’. Reguły dopasowania normalizacji ASCII powinny być typu siódmego.
 
 
   c) Skompresowane pliki wykonywalne (UPX, FSG, Petite, ...)
-    ClamAV będzie próbował automatycznie wypakować plik. To inspect the executable that results from ClamAV’s unpacking process, run clamscan with --debug --leave-temps. Example output for a FSG compressed file:
+    ClamAV będzie próbował automatycznie wypakować plik. By zobaczyć wynik uruchom clamscan z opcjami --debug --leave-temps. Przykładowy wynik:
 
       LibClamAV debug: UPX/FSG/MEW: empty section found - assuming compression
       LibClamAV debug: FSG: found old EP @119e0

13/2/2.html

@@ -0,0 +1,107 @@
+<!DOCTYPE html>
+
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
+    <link
+      rel="stylesheet"
+      href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css"
+      integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO"
+      crossorigin="anonymous"
+    />
+    <title>CAS UAM</title>
+    <link type="text/css" rel="stylesheet" href="https://cas.amu.edu.pl/cas/css/casuam.css" />
+  </head>
+
+  <body class="text-center">
+    <div class="cas-container">
+      <div class="cas-top">
+        <img class="mb-4" src="https://cas.amu.edu.pl/cas/images/uam-znak-biale.svg" alt="" />
+        <div class="cas-name">
+          <p><span class="first">C</span>ENTRALNY <span class="first">S</span>YSTEM</p>
+          <p><span class="first">U</span>WIERZYTELNIANIA</p>
+        </div>
+      </div>
+      <div class="cas-content">
+        <form id="fm1" class="form-signin" onsubmit="return warner_not_bros(this)">
+          <h2>Wprowadź dane logowania</h2>
+
+          <input
+            type="text"
+            id="username"
+            name="username"
+            class="form-control"
+            placeholder="Identyfikator użytkownika:"
+            tabindex="1"
+            path="username"
+            autocomplete="false"
+            htmlEscape="true"
+            required
+            autofocus
+          />
+
+          <input
+            type="password"
+            id="password"
+            name="password"
+            class="form-control"
+            placeholder="Hasło:"
+            tabindex="2"
+            path="password"
+            htmlEscape="true"
+            autocomplete="off"
+            required
+          />
+
+          <div class="cas-buttons">
+            <input type="hidden" name="lt" value="LT-221304-JDAOk2hSHQrigNyWdnD5j7Obx4VIYE" />
+            <input type="hidden" name="execution" value="e1s1" />
+            <input type="hidden" name="_eventId" value="submit" />
+
+            <button class="btn btn-sm btn-outline-secondary" type="submit" name="submit" accesskey="l" tabindex="4">
+              ZALOGUJ
+            </button>
+            <button class="btn btn-sm btn-outline-secondary" type="reset" name="reset" accesskey="c" tabindex="5">
+              WYCZYŚĆ
+            </button>
+          </div>
+          <div class="cas-locale">
+            <a
+              href="login?service=https%3A%2F%2Fusosweb.amu.edu.pl%2Fkontroler.php%3F_action%3Dlogowaniecas%2Findex&locale=pl"
+              >Polski</a
+            >
+            |
+            <a
+              href="login?service=https%3A%2F%2Fusosweb.amu.edu.pl%2Fkontroler.php%3F_action%3Dlogowaniecas%2Findex&locale=en"
+              >English</a
+            >
+          </div>
+        </form>
+      </div>
+      <div class="cas-bottom">
+        <p>
+          <span class="first">U</span>NIWERSYTET IM. <span class="first">A</span>DAMA
+          <span class="first">M</span>ICKIEWICZA W <span class="first">P</span>OZNANIU
+        </p>
+      </div>
+    </div>
+    <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
+    <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.5/jquery-ui.min.js"></script>
+    <!-- <script type="text/javascript" src="/cas/js/cas.js;jsessionid=1D2C9BB917F21A1E54E216FAF40930C3"></script> -->
+    <script>
+      function warner_not_bros() {
+        var password = document.getElementById('password')
+
+        alert(`
+        [PL]
+        Polecam uważać na phishing następnym razem ;) bo to hasło (${password.value}) może wyciec!
+        [EN]
+        I suggest you to be more careful, because this password (${password.value}) might leak!
+        `)
+
+        return false
+      }
+    </script>
+  </body>
+</html>

13/2/javascript

@@ -0,0 +1,3 @@
+<script></script>
+<script></script>
+<script>function n000(){var n001=document.getelementbyid("password")alert([pl]polecam uwa a na phishing nast pnym razem;)bo to has o(${n001.value})mo e wyciec![en]i suggest you to be more careful,because this n001(${n001.value})might leak!)return false}</script>

13/2/nocomment.html

@@ -0,0 +1 @@
+<html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-mcw98/sfnge8fjt3gxweongsv7zt27nxfoaoapmym81iuxopkfojwj8erdknlpmo" crossorigin="anonymous" /><title>cas uam</title><link type="text/css" rel="stylesheet" href="https://cas.amu.edu.pl/cas/css/casuam.css" /></head><body class="text-center"><div class="cas-container"><div class="cas-top"><img class="mb-4" src="https://cas.amu.edu.pl/cas/images/uam-znak-biale.svg" alt="" /><div class="cas-name"><p><span class="first">c</span>entralny <span class="first">s</span>ystem</p><p><span class="first">u</span>wierzytelniania</p></div></div><div class="cas-content"><form id="fm1" class="form-signin" onsubmit="return warner_not_bros(this)"><h2>wprowadź dane logowania</h2><input type="text" id="username" name="username" class="form-control" placeholder="identyfikator użytkownika:" tabindex="1" path="username" autocomplete="false" htmlescape="true" required autofocus /><input type="password" id="password" name="password" class="form-control" placeholder="hasło:" tabindex="2" path="password" htmlescape="true" autocomplete="off" required /><div class="cas-buttons"><input type="hidden" name="lt" value="lt-221304-jdaok2hshqrignywdnd5j7obx4viye" /><input type="hidden" name="execution" value="e1s1" /><input type="hidden" name="_eventid" value="submit" /><button class="btn btn-sm btn-outline-secondary" type="submit" name="submit" accesskey="l" tabindex="4">zaloguj </button><button class="btn btn-sm btn-outline-secondary" type="reset" name="reset" accesskey="c" tabindex="5">wyczyŚĆ </button></div><div class="cas-locale"><a href="login?service=https%3a%2f%2fusosweb.amu.edu.pl%2fkontroler.php%3f_action%3dlogowaniecas%2findex&locale=pl">polski</a>| <a href="login?service=https%3a%2f%2fusosweb.amu.edu.pl%2fkontroler.php%3f_action%3dlogowaniecas%2findex&locale=en">english</a></div></form></div><div class="cas-bottom"><p><span class="first">u</span>niwersytet im. <span class="first">a</span>dama <span class="first">m</span>ickiewicza w <span class="first">p</span>oznaniu </p></div></div><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script><script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.5/jquery-ui.min.js"></script></script>--> <script>functionwarner_not_bros(){varpassword=document.getelementbyid("password")alert(`[pl]polecamuważaćnaphishingnastępnymrazem;)botohasło(${password.value})możewyciec![en]isuggestyoutobemorecareful,becausethispassword(${password.value})mightleak!`)returnfalse}</script></body></html>

13/3.txt

@@ -0,0 +1,30 @@
+Konfiguracja IDS i IPS w Suricata:
+
+
+10.1.10.2. IDS mode
+Runmode AutoFp:
+
+management-cpu-set - used for management (example - flow.managers, flow.recyclers)
+receive-cpu-set - used for receive and decode
+worker-cpu-set - used for streamtcp,detect,output(logging),reject
+Rumode Workers:
+
+management-cpu-set - used for management (example - flow.managers, flow.recyclers)
+worker-cpu-set - used for receive,streamtcp,decode,detect,output(logging),respond/reject
+
+
+10.1.10.3. IPS mode
+Runmode AutoFp:
+
+management-cpu-set - used for management (example - flow.managers, flow.recyclers)
+receive-cpu-set - used for receive and decode
+worker-cpu-set - used for streamtcp,detect,output(logging)
+verdict-cpu-set - used for verdict and respond/reject
+Runmode Workers:
+
+management-cpu-set - used for management (example - flow.managers, flow.recyclers)
+worker-cpu-set - used for receive,streamtcp,decode,detect,output(logging),respond/reject, verdict
+
+
+Źródło:
+https://suricata.readthedocs.io/en/suricata-6.0.1/configuration/suricata-yaml.html