The springboard machine was a tool used to manage and access remote computers. Its principle was to establish a transit machine to connect the local computer to the remote computer, thereby achieving remote access and control. To be specific, the springboard machine worked based on the secure Shell protocol, which was a secure remote login protocol that could transmit data in an encrypted manner to ensure security. The springboard machine mainly had the following steps: 1. Configures the Shh service: Installs and constructs the Shh service on the springboard machine so that it can accept connection requests from remote computers. 2. Connection to the target server via Shh: Use the Shh command on the springboard to connect to the target server and establish an encrypted channel with the target server. 3. Port Forwarding: Set the port forward rules on the springboard machine to forward the remote access request to the target server, achieving the purpose of remote access to the target server. 4. " authentication and authorization: Set authentication and authorization rules on the springboard machine to realize user identity verification and authorization management to ensure system security. Through the springboard machine, users could operate remotely without exposing the target server, which improved the security and management efficiency of the system. At the same time, it could also achieve multi-level jump and connect multiple springboards to achieve more complex remote access and management operations. While watching the Olympics, you can also read the wonderful novels related to the Olympics!
The springboard principles included the following: - In terms of organizational management with strict hierarchy, the Fayol springboard principle meant that in an organization with strict hierarchy, in order to improve work efficiency, when two departments belonging to different systems encountered problems that could only be solved through cooperation, they could first discuss and solve them themselves. Only when the negotiation failed could they report to the higher authorities for solution. This principle allowed the departments that needed to communicate to discuss directly without violating the hierarchy and the principle of unified command by establishing special communication channels. Then, they would report the situation separately, which would shorten the information communication route and maintain management order. - In terms of network attacks, the springboard attack principle refers to the attacker using multiple " springboard hosts ", that is, by controlling multiple hosts to forward attack packets. The attacker controlled multiple springboard hosts in advance and used the springboard to forward the attack packet. The purpose was to hide the attacker, so that the victim host could only see that the attack packet came from the host of the last hop. It was difficult to identify the real attacker, and the longer the springboard path, the harder it was to track. - In the field of space exploration, the Moon was seen as a springboard for human exploration of the universe. By developing the Moon first, the advantages of the Moon's special location and resources could be used as a transition foundation for further exploration of the universe. While watching the Olympics, you can also read the wonderful novels related to the Olympics!
The springboard principle, also known as Fayol's springboard principle, was proposed by Fayol in 1916. Under certain conditions, allowing direct horizontal communication across the power line could overcome the delay in information transmission caused by unified command. If the two parties could not coordinate, they would report to their superiors and be coordinated by their superiors (that is, they would report to the higher authorities). This principle was to resolve general affairs quickly and in a timely manner while maintaining the unity of orders, so that the upper echelons of the organization could get rid of complicated matters and focus on major issues. For example, in the management of an organization, when horizontal communication was needed, if the organization had relevant rules, departments could directly cooperate. This reflected the concept of improving efficiency on the basis of respecting the hierarchy. Although the hierarchy was the order of power and the way to transmit information, it was not the fastest way to manage according to the hierarchy. The springboard principle was a supplementary optimization. While watching the Olympics, you can also read the wonderful novels related to the Olympics!
The springboard machine was generally used as a transit station between different networks. For example, in a network environment, the firewall only gave the user the permission to access one server. The user could not access other hosts in the local area network, but the server that the user could access had the permission to access other hosts, so this server could be used as a springboard for the network (sometimes called a pre-processor). In the Windows system, the built-in IP Helper service had a port forward function. This function could be used as a springboard to access the services of other hosts. You can run services. sco to check if the IP Helper service is started, because the port forward of Windows is provided by this service. While watching the Olympics, you can also read the wonderful novels related to the Olympics!
The following is a tutorial for building a springboard machine: * * 1. System environment preparation (CentOS as an example)** 1. * * Shut down the defense mechanism ** - Execution order: - `setenforce 0` - Use `sed-i '7s/enforcing/disabled/'/etc/selinux/configuration` to modify the configuration file. - `systemvl stop firewall` Stop firewall service - `systemvl disable firewall` prevents the firewall from starting up automatically. 2. * * Modifies character set (to prevent input/output error)** - Execution order: - `localedef -c -f UTF - 8 -i zh_CN zh_CN.UTF - 8` - `export LC_ALL = zh_CN.UTF - 8` - Write `LANG ="zh_GN. UTF-8" into the``/etc/locale.conf `file. 3. * * Installs the dependent package ** - Execution order: - `yum -y install epel - release` - `yum -y update` - `yum -y install git python - pip mysql - devel gcc automake autoconf python - devel vim sshpass lrzsz readline - devel` * * 2. Installs Jumpserver (Jumpserver 3.0 as an example)** 1. * * Unzip the installation package ** - Assuming that the installation package is `jumpserver 3.0.tar.gz`, execute the command `tar-zvxf jumpserver 3.0.tar.gz-C/usr/Src`, and then enter the unzipped `CD jumpserver` and the `install/`. 2. * * Use Quick Installment Script ** - Execute the command `pip install--upgrade pip-r requirements.txt-https://pypi.tuna.tsinghua.edu.conn/simple`. After that, you can use `pip freeze` to check all the installed software. * * Third, install and start MariaDB (Database-related configuration)** 1. * * Installs and starts ** - Execute the command `yum-y install mariadb mariadb-server` - Start service: `systemvl start mariadb` - Set the boot-up function: `systemvl enable mariadb` 2. * * Simple configuration of MariaDB (password setting)** - Execute `mysql-secure-installation` and follow the prompts: Enter directly, enter `Y-enter to set the password (follow the prompts), enter whether to delete anonymous users, enter whether to prohibit root remote login (set according to the situation), enter whether to delete the test database, enter whether to reload the permission table. 3. * * Test login ** - Assuming the password is 123456, execute the command `mysql-uroot-p123456`. 4. * * Configures the character set of MariaDB ** - For the `/etc/my.cnf `file (added under the`(mysqld)`tag): - Back up `ep/etc/my. ckf {,. bak}` first. - Added content: - `init_connect =‘SET collation_connection = utf8_unicode_ci’` - `init_connect =‘SET NAMES utf8’` - `character - set - server = utf8` - `collation - server = utf8_unicode_ci` - `skip - character - set - client - handshake` - For the `/etc/my.cnf.d/client.cnf `file (add in`(client)`): - Back up `CP/etc/my.cnf.d/client.cnf {,. bak}` first - Add `default-character-set = utf8`. - For the configuration file `/etc/my.cnf. d/mysql-clients.cnf `(add relevant content in`(mysql)`). * * 4. User settings of the springboard console (CentOS6.7 as an example)** 1. * * Create a springboard machine user and group ** - First, create a user and a group. For example, create a `tiaobanji` user and a `tiaobanji` group. Then, execute the command: - `useradd tiaobanji` - `username-s/sbin/nologin tiaobanji`(For security reasons, the user is not allowed to log into the system). - You can also create a springboard machine user through the script that comes with the project (such as `add_user. sh `) and perform operations such as initialisation. In addition, if it involves connecting to the springboard machine through Pagant (PuTTY authentication agent): 1. * * Prerequisite ** - Make sure that Pagant is installed with the PuTTY suite and that you have saved at least one Shh key on your local computer. 2. * * Add the secret key to Pagant ** - Start Pagant from the PuTTY folder. By default, Pagant will be minimized in the system tray. - Right-click its icon and select `Add Key` or `View Key` to open the `Pagant Key List` window, where you can view, add, and delete keys. When adding the key, select a file with the extension `. ppk`. If the key is password-protected, you need to enter the password. 3. * * Landing the springboard machine through Putty ** - These keys will be available when you connect to any server during a PuTTY session. Enter the host name or IP address, as well as the ssh user, and select the "Allow agent shipping" option under the SSH-Auth folder on the left. This option will allow the ssh client on the springboard to communicate with the local ssh-agent of the management terminal to complete the subsequent operations.> While watching the Olympics, you can also read the wonderful novels related to the Olympics!
The springboard machine was a server. During the maintenance process, the operation and maintenance personnel had to log in to this server and then log in to the target device for maintenance and operation. For example, in tencent, the springboard console was the only way for developers to log in to the server. The developer had to log in to the springboard console first, and then log in to the application server through the springboard console. The verification method could be a fixed password or a certificate + fixed password + dynamic Captcha. Bastion Host also known as the Operation and Safety Assessment System. Its concept originated from the Springboard Machine. It is a security protection device located between the internal network and the external network. It is usually deployed in the Demilitarized Zone as a security barrier between the external network and the internal network. All remote access to the internal network resources must be done through the Bastion Host. Bastion Host management was the premise, identity management was the foundation, access control was the means, operation audit was the guarantee, and automaton was the goal. Its core functions included single sign-on, account management, identity authentication, etc. It could realize functions such as automatic password change, unified account management, and multiple identity authentication modes, which could play the role of core system operation and security audit control, filtering and blocking illegal access, malicious attacks, blocking illegal orders, audit monitoring, alarm, responsibility tracking, etc. While watching the Olympics, you can also read the wonderful novels related to the Olympics!
The following is the content related to the construction of the springboard machine and the infiltration of the intranet: ** 1. Basic Principles and Network Topologies ** 1. ** Network Topologies ** - When infiltrating the internal network, the network's structure was an important foundation. For example, when the CS (Cobalt Strike) console was deployed on a public network VPS (Virtual Private Server), the intranet springboard machine could connect to both the public network and the intranet at the same time, while the lost host could only connect to the springboard machine and could not access the public network. 2. ** Position of springboard machine ** - The springboard machine played the role of an intermediary in the infiltration of the intranet. For the lost host that could only be connected to the intranet springboard machine, the CS client on it had to be forwarded online through the port of the springboard machine. ** 2. Port Forwarding of the Jumping Board Machine (Take the Jumping Board Machine of the Linux-based system as an example)** 1. ** Tools and installation ** - You can use rinetd for port forward. pkgs.org/search/? installation method can be found at: q = rinetd query. - After installation, edit the/etc/rinetd.conf file to set the port forward rules. For example, if you want to forward traffic from any IP address (0.0.0.0) to the local monitoring port (such as 8444) to the destination IP (such as 39.*.*.*) can be set in the file as 0.0.0.0 8444 39.*.*.* 8444。 2. ** Port Forwarding Running ** - After saving the settings, use the command rinetd - c /etc/rinetd. conf. In order to test whether the port forward is successful, you can open a web service on the destination port (such as port 8444 of the vps) and access port 8444 of the springboard machine from the lost host. If you can successfully access the vps web service, the port forward is successful. ** 3. Set up a private network forward platform (after controlling a host)** 1. ** Tool Usage ** - After successfully controlling a host in a network, since the other hosts in the network could not be accessed, an agent could be built on the springboard machine to access other hosts in the network. portfwd was a powerful port forward tool that supported both IP, IP, and IP. It was also built into Meterpreter. ** 4. Security and access control ** 1. ** Safety Protection of the Springboard Machine ** - The springboard machine system could ensure the safety of data transmission and the convenience of system management through the multi-layer protection of the firewall, the fortress system, and the workstation. - The security of data transmission between the local computer and the fortress system was ensured through the use of the Hypertext Packet Broker, and the real IP address was concealed. - When connecting to a remote server, only the IP address of the fortress system could be seen. The restriction allowed only the IP address of the fortress system to connect to prevent unauthorized login to the server. - The fortress system could regularly clean up server logs and connection records to ensure operational security and privacy. - By enabling strict access control on the fortress system, all connection records only showed the agent's IP address, protecting user identity and behavior privacy. - The Fortress System supported binding domain names and using tools such as CDA or Pagoda to limit access rights. Only specific regions or whitelisted IPs were allowed to access, improving the control and security of network access. While watching the Olympics, you can also read the wonderful novels related to the Olympics!
The price of the springboard machine varied. For example, there was a springboard machine package that included a 4C/8G/40G-JumpServer for 1080 RMB, and there was also a springboard machine that only cost 2999 RMB to enjoy the relevant security and management protection functions. However, the price of the springboard machine varied according to the configuration, function, and service content. While watching the Olympics, you can also read the wonderful novels related to the Olympics!
The principle of the automatic pig slaughtering machine was to achieve the process of killing pigs through the operation of mechanical devices or assembly lines. He could see the description and process of mechanized pig slaughtering. Among them, the principle of using carbon dioxide to cause airsickness was to drive the pig into the machine, inject high concentration of carbon dioxide, make the pig lose consciousness due to lack of oxygen, and then slaughter it. In addition, there was also a fully automatic assembly line method of killing pigs. By driving the pigs into the passage and using the door to push the pigs to move and slaughter them. In addition, there was also a mention of the method of killing pigs by electrocuting them. In general, the principle of the automatic pig slaughtering machine was to use mechanical devices, carbon dioxide stun, electric shock, and other methods to achieve the slaughtering process of pigs to improve efficiency and reduce the pain of pigs.
The working principle of the automatic rice machine in the canteen was to put the rice into the rice storage warehouse, and then scatter the rice through the scattering mechanism before entering the rice distribution mechanism. The rice enters the mold cavity on the rice distribution wheel. When the rice needs to be served, the mold cavity filled with rice is turned to the rice outlet, and the rice falls from the rice outlet to the plate. The specific operation process may vary depending on the automatic rice dispenser.