How to communicate with a random service after a successful netcat connection?

Let’s say I perform a nmap scan and discovery a list of open ports.

It port 80 is opened, I will do this :

nc IP_ADRESS 80 GET / HTTP1.0 

This will be a simple HTTP protocol request.

But what about other ports ? Let’s say I found a random pour like 51236 is open. How do I communicate with it after a successful netcat connection ?

Webhook sending Purchase Details to handling Purchases from a Third Pary Service Secure?

I’m developing a mobile application for a client that sells digital courses on a service called Teachable that hosts their website and handles the purchase process for them. My client wants to keep using this service for the purchase process and when a user bought a course, he should have access to it on my app.

Now I did some research on Teachable. To my knowledge, it does not a provide a API or some sort of oAuth provider. However it does offer webhooks.

I though about a way to implement this behaviour but I have some concerns about my idea, so I would like to hear opinions from more experienced developers in the security field. My Idea goes like this:

  1. Lets assume Alice buys a course called “Awesome Course 1”.
  2. The Teachable webhooks sends me a json object to my server, that include the following properties: { email: Alice@gmail.com, courseName: Awesome Course 1, courseId: 123}
  3. Now In my Database, I create a random Id and add this json object to it. So I have something like this: RandomKey987: { email: Alice@gmail.com, courseName: Awesome Course 1, courseId: 123}
  4. I send Alice a mail that contains the Id RandomKey987
  5. Alice goes to my app, creates an account/logs into her account (that is completely independent of the Teachable Mail/Account she used to buy the course) and enters the Id RandomKey987 in a form, to unlock her course in my app
  6. On my Server, I create a Database entry under Alice’s field to mark that she bought the course associated with the Database Entry RandomKey987, which in this case is the course “Awesome Course 1”
  7. I delete the Database Entry RandomKey987, so no one can unlock this course a second time.

Now my concers are:

  1. An Adverary could just send a similar Json Object to like in Step 2., that doesn’t come from Teachable. The Attacker would need to know the http endpoint of my webhook and a valid courseId, wich I’m not sure if I can keep these private. Teachable does not provide an API where I could make a request, to validate, that the Json Object indeed refers to a valid purchase. Would be an imaginable solution, to just keep the http enpoint and the courseIDs private?

  2. It won’t be possible to guess the Id for a purchase in my database but could there be another way to get the key I send via email? Assuming no other person then Alice can read this email, this should not be a problem right?

Whats your opinion on this? Did I overlook an imporant security apect? Is there a better way to handle this problem?

How do I configure the Calculator web service sample code in netbeans to use x509 certificates for authentication?

I have successfully followed the steps outlined here: https://netbeans.org/kb/docs/websvc/jax-ws.html

Everything works correctly (i.e. I can run a client jar file from terminal and have it send two numbers to add; the calculator web service receives them and returns the correct sum in the SOAP response).

I now wish to add authentication using x509 certificates, but I am unable to find specific documentation on how to do so. The closest link I found is a secure calculator here:

https://netbeans.org/kb/docs/websvc/wsit.html#Exercise_2_2

But this appears to be using “Username Authentication with Symmetric Keys”, which is not what I am looking for.

I am looking for the calculator client to send its x509 certificate over to the calculator web service. The calculator web service authenticates the x509 certificate it just received from the client. If authentication is successful, it will proceed to add the two numbers sent by the client. Otherwise it returns “invalid cert”.

This seems like a simple thing to do, but I am not able to find any documentation or a sample netbeans project that does this.

This website seems promising: https://docs.oracle.com/cd/E17802_01/webservices/webservices/reference/tutorials/wsit/doc/WSIT_Security9.html#wp162511

Specifically the Example: Mutual Certificates Security (MCS) . However, when I get to the step in the “Securing the Example Web Service Client Application (MCS) section that says:

Select the WSIT Configuration tab of the CalculatorWSService dialog.

Netbeans does not have a WSIT Configuration tab. So this appears to be outdated since I am running Netbeans 8.2.

Would appreciate all / any help from the community.

Anti-Captcha service doesn`t work in GSA SER

Hi there!

Can you help me please with captcha?

I used to use Anti-Captcha on my GSA SER and it worked fine. Then I decided to change it on Xevil and CapMonster (I`ve swiched off Anti-Captcha for those period). And now when I`d like to try one more time Anti-Captcha service – it can`t be connected with GSA.

My actions:
– tried to check the balance (it gives me an unknown reply)

– tried to test (it shows me missing data..)

Could you advice me something?

Thank you for your time.

Service tools for promotion in instagram

Without installing software, for mobile and PC.

The functionality of the service:

1. Posting on a timer (storis, posts)
2. Mailing lists in direct – mass and automatic settings
3. Notifications about new subscribers and those who unsubscribed
4. Automatic direct messages to new subscribers. Very effective function, I recommend.
5. web chat window direct all connected instagram accounts. You can correspond in the web browser window

The website oxosms.com

At the site oxosms.com there are…

Service tools for promotion in instagram