Hack DDoS protection by Cloudflare

Some website try to protected their site by using DDoS protection by Cloudflare. If we look into below url: “http://www.jlotto.kr/keno.aspx?method=kenoWinNoList” 1. The cloudflare will checking for the browser information, then will redirect the page into the jlotto.kr. DDoSProtectionCloudFlare DDoSBreakCloudflare   2. After we see this, we turn on the fiddler to capture what happen, we will see that the step. 503, 302, 200 HttpStatus. DDoSBreakFiddler Then we need to investigate the more details like what information that parse from 503 -> 302 -> 200. 3. When we look into the last request 200 success we can identify, that it required “cf_clearance” to be set on the cookie. 4. Continue to trace back, the 2nd request is “http://www.jlotto.kr/cdn-cgi/l/chk_jschl?jschl_vc={0}&pass={1}&jschl_answer={2}” How the value jschl_vc, pass & jschl_answer it get the value from the first request. jschl_vs & pass we can get from the innerHtml jschl_answer we need to use javascript to calculate it.

After we apply this rule into the code we will able to crawler the official site.

Advertisements

A request to allocate an ephemeral port number from the global UDP port space has failed due to all such ports being in use

Such a long title of error message, I got this error on the Win Server 2012, The server is running for more than 2 years and suddenly all my apps is hang.

The first things we want to check is what is the UDP Port is currently using there is 2 ways to check it.
1. Is using TCPView
2. Is using Command Prompt (netstat) it.

Open the Command Prompt “netstat -anob -p UDP > 20150414_1521.txt” It will save in this file.

We will see there is alot of list of “Dnscache” which is using PPID 3312

[svchost.exe]
UDP    [::]:49656             *:*                                    3312
Dnscache

Moving forward we want to know what is the PPID 3312.
tasklist /svc /fi “pid eq 3312”

svchost.exe 3312 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc, WinRM

Based on this article it said to turn off the LLMNR Listener, on the last comment

https://social.technet.microsoft.com/Forums/en-US/89364046-7fd1-4c20-bab0-f0138447901f/port-exhaustion-with-dnscache?forum=winserverPN

From what we capture the network traffic we saw that .48 is calling LLMNR destination 224.0.0.252 which is also state in this article:

http://www.schoolleader.com/Documentation/Disabling_LLMNR_Causing_Slow_Networks.pdf

To fix this issue I use the last article “Disabling LLMNR Causing Slow Network” and it work.

Anonymously Surf the Web

1. Download Vidalia from
http://www.torproject.org/easy-download.html.en
2. Install Vidalia – a TOR client with GUI.
3. Wait until Vidalia tells you that Tor is working.
4. Start Google Chrome.
5. Using the Tools menus (it looks like a wrench), choose options, “Under the hood”. Scroll down to “Network” and click the “Change Proxy Setting” button.
6. Under the “Connections” tab, choose “LAN Setting” – Select Use Proxy server and enter “Localhost” and port 8118.
7. Save your work and return to the Chrome web browser. Check that you are using TOR by going to
http://check.torproject.org/
A Green message will indicate that TOR is operating correctly. A Red message will indicate that TOR is not set up correctly.
8. Continue to surf using TOR

.Net Web Developer Should Know?

1. Remove the HTTP Headers

By removing the header “X-Powered-By” you make a save around 29bytes for each requests, another reason as well you doesn’t want exposing stack trace.

Server: Microsoft-IIS/8.5
X-AspNet-Version:4.0.30319
X-AspNetMvc-Version:5.0
X-Powered-By:ASP.NET

<httpRuntime targetFramework="4.5.1" enableVersionHeader="false" />

    <httpProtocol>
      <customHeaders>
        <clear />
        <remove name="X-Powered-By" />
      </customHeaders>
    </httpProtocol>

 

//In Global put this
MvcHandler.DisableMvcResponseHeader = true;

Continue reading

Pre-release MVC 5

Before upgrading your MVC project to the pre-release version, it’s a recommendation you should back-up your project before proceed it.

Encounter this error message after finish upgrade the project.

“[A]System.Web.WebPages.Razor.Configuration.HostSection cannot be cast to [B]System.Web.WebPages.Razor.Configuration.HostSection. Type A originates from ‘System.Web.WebPages.Razor, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ in the context ‘Default’ at location ‘C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Web.WebPages.Razor\v4.0_2.0.0.0__31bf3856ad364e35\System.Web.WebPages.Razor.dll’. Type B originates from ‘System.Web.WebPages.Razor, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ in the context ‘Default’ at location ‘C:\Users\HermanTho\AppData\Local\Temp\Temporary ASP.NET Files\root\7c2a18d0\1c44d5af\assembly\dl3\c10d1615\dd169753_c0c7ce01\System.Web.WebPages.Razor.dll’.”

Razor-Error Continue reading

Dark Inspector Google Chrome

When you writing the code at night, probably your eyes is getting tired easier because of the brightness from the computer. Turn your browser inspection to dark style.

Get the css.

Win: Go to

C:\Users\[Your Username]\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

Mac: Go to

~/Library/Application Support/Google/Chrome/Default/User StyleSheets/Custom.css

ChromeCSS