Gifts intitle all user publications previous. How to set up user access to a new post on Facebook

In the article about I looked at examples and codes for displaying some additional information elements on post pages: coherent notes, tag/category names, etc. A similar feature is also links to previous and next WordPress posts. These links will be useful when navigating site visitors, and are also another way. That is why I try to add them to each of my projects.

Four functions will help us in implementing the task, which I will discuss below:

Since we are talking about a Post page, in 99% of cases you will need to edit the template file single.php(or one where your theme specifies the format for displaying single articles). Functions are used in a Loop. If you need to remove the following / previous posts in WordPress, then look for the corresponding code in the same template file and delete (or comment out) it.

next_post_link function

By default, a link is generated to a note that has a newer creation date immediately after the current one (since all posts are arranged in chronological order). Here's what it looks like in code and on the website:

Function syntax:

format(string) - defines the general format of the generated link, where using the %link variable you can specify some text before and after it. By default, this is just a link with an arrow: ‘%link »’
link(string) - anchor link to the next post in WordPress, the %title parameter substitutes its title.
in_same_term(boolean) - determines whether only elements from the current category will be considered in the work. Valid values are true / false (1 / 0), default is the second option.
excluded_terms(string or array) — specify the IDs of the blog categories whose posts will be excluded from the selection. Either array is allowed array(2, 5, 4) or writing it on a line separated by commas. Useful when working with GoGetLinks, when you need to prohibit the display of advertising posts in a given block.
taxonomy(string) - contains the name of the taxonomy from which the following entries are taken if the variable $in_same_term = true.

Judging by the screenshot above, it is clear that all these parameters are optional. Here's an example of using the function on one of my sites:

(next article)%link →","%title", FALSE, 152) ?>

Here I set my format for displaying the link + exclude from the selection all elements belonging to section ID = 152.

If you need to display the next post from the same category in WordPress, the code below will come in handy (ignoring the ID = 33 section):

When you want to work only with the current specific taxonomy, specify its name in the parameters (for example, testimonial):

>", TRUE, " ", "testimonial"); ?>

previous_post_link function

The principle of working with WordPress previous posts is similar to the description above, as is the syntax. Looks like this:

Relevant code:

format(string) - sets the format for which the %link variable is responsible (add text/tags before and after it). The default is '%link'.
link(string) - anchor link, to insert a title write %title.
in_same_term(boolean) - if true, then only objects from the same blog section will be displayed.
excluded_terms— remove unnecessary categories, specify the ID separated by commas (as a string) or in an array.
taxonomy(string) - Defines the taxonomy for selecting the previous post in WordPress if the $in_same_term parameter is active.

In one of my blogs I use:

%link", "<< Предыдущая", TRUE, "33"); ?>

Here we make a bold font + instead of the title of the element, a certain phrase is written (although it is better to use a title in linking). Only objects of the current category are displayed except for the one with ID = 33.

the_post_navigation function

This solution combines both previous and next WordPress post links. This is done for convenience; it replaces calling two functions with one. If you need to output HTML code without display, use get_the_post_navigation().

The_post_navigation syntax is as simple as possible:

Where $args is a set of various optional parameters:

$prev_text— anchor of the previous link (%title by default).
$next_text— similar link text but for the next post (initially %title).
$in_same_term(true/false) - allows you to show only articles from the current taxonomy.
$excluded_terms— excluded IDs separated by commas.
$taxonomy— the name of the taxonomy for the selection, if in_same_term = true.
$screen_reader_text— the title of the entire block (by default — Post navigation).

Thus, we see that here there are the same variables as in the previous “single” functions previous_post_link, next_post_link: anchors, selection by taxonomies, etc. Using the solution will simply make your code more compact, and there is no point in repeating the same parameters twice.

Let's consider the simplest situation when you need to display items from the same category:

"next: %title", "next_text" => "previous: %title", "in_same_term" => true, "taxonomy" => "category", "screen_reader_text" => "More reading",)); ?>

posts_nav_link function

If I understand correctly, then it can be used not only for display in a single post, but also in categories, monthly notes, etc. That is, in single.php it will be responsible for links to previous/next WordPress articles, and in archived ones - for page navigation.

Posts_nav_link syntax:

$sep— a separator displayed between links (used to be::, now -).
$prelabel— link text of previous elements (default: “Previous Page”).
$nxtlabel— text for the next page/posts (“Next Page”).

Here is an interesting example with pictures instead of text links:

" , "

" ) ; ?>

", ""); ?>

Just don't forget to upload the images. prev-img.png And next-img.png to the directory images in your . I think other HTML code is added in the same way if, for example, you need to use some kind of DIV or class for alignment.

Total. Navigating there are also a few other different functions that you can find in the code. I hope everything is more or less clear with these. As for posts_nav_link, to be honest, I’m not sure whether it allows you to display previous and next posts on a single page, because I haven’t tested it, although it is mentioned in the description. I think that in this case it is more effective and desirable to use the_post_navigation, which is newer and with a much larger number of parameters.

If you have any questions about navigation between posts or additions, write below.

Good day. Today we’ll talk about protection and access to CCTV cameras. There are quite a lot of them and they are used for different purposes. As always, we will use a standard database that will allow us to find such cameras and select passwords for them. Theory Most devices are not configured or updated after installation. Therefore, our target audience is located under the popular ports 8000, 8080 and 554. If you need to scan the network, it is better to immediately select these ports. Method No. 1 For a clear example, you can look at interesting queries in the Shodan and Sensys search engines. Let's look at some illustrative examples with simple queries. has_screenshot:true port:8000 // 183 results; has_screenshot:true port:8080 // 1025 results; has_screenshot:true port:554 // 694 results; In this simple way you can access a large number of open cameras, which are located in interesting places: shops, hospitals, gas stations, etc. Let's look at a few interesting options for clarity. A doctor's waiting room Private somewhere in the depths of Europe A class somewhere in Chelyabinsk A women's clothing store In this simple way you can find quite a lot of interesting objects to which access is open. Don't forget that you can use the country filter to get data by country. has_screenshot:true port:8000 country:ru has_screenshot:true port:8080 country:ru has_screenshot:true port:554 country:ru Method No. 2 You can use the search for standard social networks. To do this, it is better to use page headers when viewing images from cameras, here is a selection of the most interesting options: inurl:/view.shtml inurl:ViewerFrame?Mode= inurl:ViewerFrame?Mode=Refresh inurl:view/index.shtml inurl:view/ view.shtml intitle:”live view” intitle:axis intitle:liveapplet all in title:”Network Camera Network Camera” intitle:axis intitle:”video server” intitle:liveapplet inurl:LvAppl intitle:”EvoCam” inurl:”webcam. html” intitle:”Live NetSnap Cam-Server feed” intitle:”Live View / - AXIS 206M” intitle:”Live View / - AXIS 206W” intitle:”Live View / - AXIS 210″ inurl:indexFrame.shtml Axis intitle: start inurl:cgistart intitle:”WJ-NT104 Main Page” intitle:snc-z20 inurl:home/ intitle:snc-cs3 inurl:home/ intitle:snc-rz30 inurl:home/ intitle:”sony network camera snc-p1″ intitle:”sony network camera snc-m1″ intitle:”Toshiba Network Camera” user login intitle:”i-Catcher Console - Web Monitor” Reaping the benefits and finding the airport Company office Add another port to the collection and you can complete Method No. 3 This method is the target. It is used when we either have one point and need to guess a password, or we want to run a database using standard passwords and find valid results. Hydra is perfect for these purposes. To do this, you need to prepare a dictionary. You can go through and look for standard passwords for routers. Let's look at a specific example. There is a camera model, DCS-2103. It occurs quite often. It works through port 80. Let's use the corresponding data and find the necessary information in shadan. Next, we collect all the IPs of potential targets that are interesting to us. Next, we create a list. Let's collect a list of passwords and use it all using the hydra utility. To do this, we need to add a dictionary, a list of IPs to the folder and run the following command: hydra -l admin -P pass.txt -o good.txt -t 16 -vV -M targets.txt http-get There should be a file in the root folder pass.txt with passwords, login we use one admin with the -l parameter, if you need to set a dictionary for logins, then you need to add a file to the root directory and register it with the -L parameter. The selected results will be saved in the file good.txt. The list of IP addresses must be added to the root directory with the targets.txt file. The last phrase in the http-get command is responsible for connecting via port 80. Example of the program Entering the command and getting started At the end I would like to add some information about scanning. To get network numbers you can use an excellent service. Next, these meshes need to be checked for the presence of the ports we need. I won’t recommend scanners, but I will say that it’s worth moving towards such and similar scanners as masscan, vnc scanner and others. You can write it based on the well-known nmap utility. The main task is to scan the range and find active IPs with the necessary ports. Conclusion Remember that in addition to standard viewing, you can also take photos, record videos and download them for yourself. You can also control the camera and rotate it in the desired directions. And the most interesting thing is the ability to turn on sounds and speak on some cameras. What can I recommend here? Set a strong access password and be sure to forward ports.

Has a terrible habit of reminding you of everything you've ever posted. Most likely, in the dark corners of your Chronicle there are many entries that you no longer remember. It's time to remove them once and for all.

Checking the Chronicle

First and foremost, make sure you know how your Timeline is viewed by regular users (those who aren't your Facebook friends). To do this, go to your Timeline, click on the lock icon, in the “Who can see my materials?” select "View As" and you will see the following:

Look through everything well, and if you don’t like something, click on the date under your name, then on the globe icon, and change the “Shared to everyone” item to “Friends”, “Only me” or “User settings”. In addition, you can completely delete an entry by selecting the appropriate option after clicking on the arrow in the upper right corner.

Hide old public posts

If you want to hide many public posts at once, you will be surprised that Facebook has a special tool for this.

Click the privacy settings lock in the top right corner of the page, select "See other settings" and click "Limit access to past posts." Read the message that appears and click “Apply these restrictions to past posts” if you want only your friends to see all your old posts.

Change Timeline settings

Next, let's make sure your Timeline settings match your preferences. Click the privacy settings lock in the top right corner again, select See other settings, and click the Timeline & Tags tab in the left panel.

Make sure that the first, fourth, fifth and seventh items are set to “Friends” or whatever you choose:

A more thorough Facebook cleanup

If these tips aren't enough for you, you can use one of the Chrome browser extensions, such as Facebook Post Manager. However, such programs can be overly aggressive, so be careful when using them.

Ready! You have cleared your Timeline of old, forgotten publications. Now you can live in peace and not worry about someone coming across a compromising image or status you posted in 2009.

And today I will tell you about another search engine that is used by pentesters/hackers - Google, or more precisely about the hidden capabilities of Google.

What are Google Dorks?

Google Dork or Google Dork Queries (GDQ) is a set of queries for identifying the worst security holes. Anything that is not properly hidden from search robots.

For brevity, such requests are called Google dorks or simply dorks, like those admins whose resources were hacked using GDQ.

Google Operators

To begin with, I would like to provide a small list of useful Google commands. Among all the Google advanced search commands, we are mainly interested in these four:

site - search on a specific site;
inurl - indicate that the searched words should be part of the page/site address;
intitle - search operator in the title of the page itself;
ext or filetype - search for files of a specific type by extension.

Also, when creating Dork, you need to know several important operators, which are specified by special characters.

| - the OR operator, also known as a vertical slash (logical or), indicates that you need to display results containing at least one of the words listed in the query.
"" - The quote operator indicates an exact match.
— - the minus operator is used to exclude from displaying results with words specified after the minus.
* - the asterisk or asterisk operator is used as a mask and means “anything.”

Where to find Google Dorky

The most interesting dorks are the fresh ones, and the freshest ones are those that the pentester found himself. True, if you get too carried away with experiments, you will be banned from Google... before entering the captcha.

If you don’t have enough imagination, you can try to find fresh dorks on the Internet. The best site to find dorks is Exploit-DB.

The Exploit-DB online service is a non-profit Offensive Security project. If anyone is not aware, this company provides training in the field of information security and also provides pentesting services.

The Exploit-DB database contains a huge number of dorks and vulnerabilities. To search for dorks, go to the website and go to the “Google Hacking Database” tab.

The database is updated daily. At the top you can find the latest additions. On the left side is the date the dork was added, name and category.

Exploit-DB website

At the bottom you will find dorks sorted by category.

Exploit-DB website

Another good site is . There you can often find interesting, new dorks that don’t always end up on Exploit-DB.

Examples of using Google Dorks

Here are examples of dorks. When experimenting with dorks, do not forget about the disclaimer!

This material is for informational purposes only. It is addressed to information security specialists and those who are planning to become one. The information presented in this article is provided for informational purposes only. Neither the editors of the website www.site nor the author of the publication bear any responsibility for any harm caused by the material in this article.

Doors for finding website problems

Sometimes it is useful to study the structure of a site by obtaining a list of files on it. If the site is made on the WordPress engine, then the repair.php file stores the names of other PHP scripts.

The inurl tag tells Google to search for the first word in the body of the link. If we had written allinurl, the search would have occurred throughout the entire body of the link, and the search results would have been more cluttered. Therefore, it is enough to make a request like this:

inurl:/maint/repair.php?repair=1

As a result, you will receive a list of WP sites whose structure can be viewed via repair.php.

Studying the structure of a website on WP

WordPress causes a lot of problems for administrators with undetected configuration errors. From the open log you can find out at least the names of the scripts and downloaded files.

inurl:"wp-content/uploads/file-manager/log.txt"

In our experiment, a simple request allowed us to find a direct link to the backup in the log and download it.

Finding valuable information in WP logs

A lot of valuable information can be gleaned from logs. It is enough to know what they look like and how they differ from the mass of other files. For example, an open source database interface called pgAdmin creates a service file pgadmin.log. It often contains usernames, database column names, internal addresses, and the like.

The log is found with a simple query:

ext:log inurl:"/pgadmin"

There is an opinion that open source is safe code. However, the openness of source codes in itself only means the opportunity to explore them, and the goals of such research are not always good.

For example, Symfony Standard Edition is popular among frameworks for developing web applications. When deployed, it automatically creates a parameters.yml file in the /app/config/ directory, where it stores the database name, as well as login and password.

You can find this file using the following query:

inurl:app/config/ intext:parameters.yml intitle:index.of

f Another file with passwords

Of course, the password could then be changed, but most often it remains the same as it was set at the deployment stage.

The open source UniFi API browser tool is increasingly used in corporate environments. It is used to manage segments of wireless networks created according to the “seamless Wi-Fi” principle. That is, in an enterprise network deployment scheme in which many access points are controlled from a single controller.

The utility is designed to display data requested through Ubiquiti's UniFi Controller API. With its help, it is easy to view statistics, information about connected clients, and other information about the server’s operation via the UniFi API.

The developer honestly warns: “Please do keep in mind this tool exposes A LOT OF the information available in your controller, so you should somehow restrict access to it! There are no security controls built into the tool...". But many people don't seem to take these warnings seriously.

Knowing about this feature and asking another specific request, you will see a lot of service data, including application keys and passphrases.

inurl:"/api/index.php" intitle:UniFi

General search rule: first we determine the most specific words that characterize the selected target. If this is a log file, then what distinguishes it from other logs? If this is a file with passwords, then where and in what form can they be stored? Marker words are always found in some specific place - for example, in the title of a web page or its address. By limiting your search area and specifying precise markers, you will get raw search results. Then clean it of debris, clarifying the request.

Doors for searching open NAS

Home and office network storage is popular nowadays. The NAS function is supported by many external drives and routers. Most of their owners don’t bother with security and don’t even change default passwords like admin/admin. You can find popular NAS by the typical titles of their web pages. For example, the request:

intitle:"Welcome to QNAP Turbo NAS"

will display a list of NAS IPs made by QNAP. All that remains is to find the weakest one among them.

The QNAP cloud service (like many others) has the function of providing file sharing via a private link. The problem is that it's not that closed.

inurl:share.cgi?ssid=

Finding shared files

This simple query shows files shared through the QNAP cloud. They can be viewed directly from the browser or downloaded for more detailed information.

Doors for searching IP cameras, media servers and web admin panels

In addition to NAS, you can find a ton of other web-managed network devices with advanced Google queries.

The most common way to do this is CGI scripts, so the main.cgi file is a promising target. However, he can meet anywhere, so it is better to clarify the request.

For example, by adding a standard call to it?next_file. As a result, we get a dork like:

inurl:"img/main.cgi?next_file"

In addition to cameras, there are similarly media servers that are open to anyone and everyone. This is especially true for Twonky servers manufactured by Lynx Technology. They have a very recognizable name and default port 9000.

For cleaner search results, it is better to indicate the port number in the URL and exclude it from the text part of web pages. The request takes the form

intitle:"twonky server" inurl:"9000" -intext:"9000"

Video library by year

Typically, a Twonky server is a huge media library that shares content via UPnP. Authorization for them is often disabled “for convenience.”

Doors for searching for vulnerabilities

Big data is a buzzword now: it is believed that if you add Big Data to anything, it will magically begin to work better. In reality, there are very few real experts on this topic, and with the default configuration, big data leads to large vulnerabilities.

Hadoop is one of the simplest ways to compromise tera- and even petabytes of data. This open-source platform contains well-known headers, port numbers and service pages that make it easy to find the nodes it manages.

intitle:"Namenode information" AND inurl:":50070/dfshealth.html"

Big Data? Big vulnerabilities!

With this concatenation query we get search results with a list of vulnerable Hadoop-based systems. You can browse the HDFS file system directly from your browser and download any file.

Google Dorks is a powerful tool for any penetration tester, which not only an information security specialist, but also an ordinary network user should know about.

Additional Google search engine commands allow you to achieve much better results. With their help, you can limit the scope of your search, and also indicate to the search engine that you do not need to view all pages.

Operator "Plus" (+):
For a situation where you need to force some mandatory word into the text. To do this, use the “+” operator before the required word. Suppose, if we have a request for Terminator 2, as a result of the request we will have information about the film Terminator, Terminator 2, Terminator 3. To leave only information about the film Terminator 2, we put a “plus sign” in front of the two: just a little about “Home Alone” I". If we have a request like Terminator +2.

For example:
Magazine +Murzilka
+Bernoulli equation

Site operator:

For example:
Music site:www.site
Books site:ru

Link operator:

For example:
link:www.site
Friends link:www.site

Range operator (..):
For those who have to work with numbers, Google has made it possible to search for ranges between numbers. In order to find all pages containing numbers in a certain range “from - to”, you need to put two dots (..) between these extreme values, that is, the range operator.

For example:
Buy a book $100..$150

Excluding words from the query. Logical NOT (-):
To exclude any words, the minus (-) exclusion operators are used. That is, a logical “NOT”. Useful in cases where direct search results are too cluttered

For example:
Aquarium group - we are looking for everything about the aquarium excluding the "Aquarium" group

Search for exact phrase (""):
Useful for searching for a specific text (an entire article based on a quote). To do this, you need to enclose the query in quotes (double quotes).

For example:
“And the dungeon is cramped, and there is only one freedom And we always trust in it” - we are looking for Vysotsky’s ballad one line at a time

Note: Google allows you to enter a maximum of 32 words per search string.

Word truncation (*):
Sometimes you need to look for information about a word combination in which one or more words are unknown. For these purposes, the “*” operator is used instead of unknown words. Those. “*” is any word or group of words.

For example:
Master and *
Leonardo * Vinci

cache operator:
The search engine stores the version of the text that is indexed by the search spider in a special storage format called a cache. A cached version of a page can be retrieved if the original page is unavailable (for example, the server on which it is stored is down). A cached page is shown as it is stored in the search engine's database and is accompanied by a notice at the top of the page indicating that it is a cached page. It also contains information about the time the cached version was created. On the page from the cache, the query keywords are highlighted, and each word is highlighted in a different color for user convenience. You can create a request that will immediately return a cached version of a page with a specific address: cache:page_address, where instead of “page_address” is the address of the page saved in the cache. If you need to find any information in a cached page, you need to write a request for this information separated by a space after the page address.

For example:
cache:www.site
cache:www.site tournaments

We must remember that there should not be a space between “:” and the page address!

filetype operator:
As you know, Google indexes not only html pages. If, for example, you needed to find some information in a file type other than html, you can use the filetype operator, which allows you to search for information in a specific file type (html, pdf, doc, rtf...).

For example:
Specification html filetype:pdf
Essays filetype:rtf

Operator info:
The info operator lets you see information that Google knows about that page.

For example:
info:www.site
info:www.site

Site operator:
This operator limits the search to a specific domain or site. That is, if you make a request: marketing intelligence site:www.site, then the results will be obtained from pages containing the words “marketing” and “intelligence” on the site “www..

For example:
Music site:www.site
Books site:ru

Link operator:
This operator allows you to see all the pages that link to the page for which the request was made. Thus, the request link:www.google.com will return pages that contain links to google.com.

For example:
link:www.site
Friends link:www.site

allintitle operator:
If you start a query with the allintitle operator, which translates as “everything is in the title,” then Google will return texts in which all the words of the query are contained in the titles (inside the TITLE tag in HTML).

For example:
allintitle:Free software
allintitle:Download music albums

intitle operator:
Shows pages where only the word immediately following the intitle statement is in the title, and all other query words can appear anywhere in the text. Putting the intitle operator before each word of the query is equivalent to using the allintitle operator.

For example:
Programs intitle:Download
intitle:Free intitle:download software

allinurl operator:
If the query begins with the allinurl operator, then the search is limited to those documents in which all the query words are contained only in the page address, that is, in the url.

For example:
allinurl:rus games
allinurl:books fantasy

inurl operator:
The word that is located directly together with the inurl operator will be found only in the address of the Internet page, and the remaining words will be found anywhere in such a page.

For example:
inurl:books download
inurl:games crack

Operator related:
This operator describes pages that are "similar" to a specific page. Thus, the query related:www.google.com will return pages with similar topics to Google.

For example:
related:www.site
related:www.site

define statement:
This operator acts as a kind of explanatory dictionary, allowing you to quickly get a definition of the word that is entered after the operator.

For example:
define:Kangaroo
define:Motherboard

Synonym search operator (~):
If you want to find texts containing not only your keywords, but also their synonyms, then you can use the “~” operator before the word for which you want to find synonyms.

For example:
Types of ~metamorphoses
~Object orientation

For example:
Buy a book $100..$150
Population 1913..1935