一个使用php通过tcp协议从远程dns服务器获取真实ip的小工具
地址：https://github.com/ilanyu/dnsproxy

- 阅读剩余部分 -

在 http://www.trinea.cn/android/android-java-execute-shell-commands/ 这里发现不错的库，转载下，避免失效等问题

主要介绍Android或Java应用中如何以默认用户或root用户执行Shell命令，ShellUtils的API介绍、使用及使用场景(如静默安装和卸载、修改hosts文件、拷贝文件)。使用纯Java实现，所以对Java程序同样适用。

- 阅读剩余部分 -

既然找到这篇文章，一般都是对dns有一些了解了，就不讲dns是干嘛的了
首先我们来了解下dns污染问题手工解决怎么解决。

- 阅读剩余部分 -

遇到的网站是用的PantoSchool .net，在数据库中发现大量非明文密码R2AKd+aZ0K4=，百度发现是123，打算分析下算法，下面是分析后给出算法

using System;
using System.IO;
using System.Security.Cryptography;

namespace DES
{
    public class DECEncrypt
    {
        private byte[] arrDESIV;
        private byte[] arrDESKey;

        public DECEncrypt()
        {
            this.arrDESKey = new byte[] { 0x2a, 0x10, 0x5d, 0x9c, 0x4e, 4, 0xda, 0x20 };
            this.arrDESIV = new byte[] { 0x37, 0x67, 0xf6, 0x4f, 0x24, 0x63, 0xa7, 3 };
        }

        public string Decrypt(string m_Need_Encode_String)
        {
            DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
            MemoryStream stream2 = new MemoryStream(Convert.FromBase64String(m_Need_Encode_String));
            CryptoStream stream = new CryptoStream(stream2, provider.CreateDecryptor(this.arrDESKey, this.arrDESIV), CryptoStreamMode.Read);
            StreamReader reader = new StreamReader(stream);
            return reader.ReadToEnd();
        }
        public string Encrypt(string m_Need_Encode_String)
        {
            DESCryptoServiceProvider provider = new DESCryptoServiceProvider();
            MemoryStream stream2 = new MemoryStream();
            CryptoStream stream = new CryptoStream(stream2, provider.CreateEncryptor(this.arrDESKey, this.arrDESIV), CryptoStreamMode.Write);
            StreamWriter writer = new StreamWriter(stream);
            writer.Write(m_Need_Encode_String);
            writer.Flush();
            stream.FlushFinalBlock();
            stream2.Flush();
            return Convert.ToBase64String(stream2.GetBuffer(), 0, (int)stream2.Length);
        }
    }

    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine(new DECEncrypt().Encrypt("123"));
            Console.ReadLine();
        }
    }
}

C#的代码，在vs2015调试通过，加密和解密方法，以及用到的key和iv都给了
另外批评下这套系统，存在大量漏洞就算了，密码还是用的可逆算法，这和直接储存明文有啥区别？另外还存在超简单的默认用户名和默认密码

网上找了好多都不能用，最后群里一朋友给了段代码可以用，记录下

public String exec(String xx) {
    Runtime ex = Runtime.getRuntime();
    String cmdBecomeSu = "/system/bin/sh -";
    String script = xx;
    try
    {
        java.lang.Process runsum = ex.exec(cmdBecomeSu);
        int exitVal = 0;
        final OutputStreamWriter out = new OutputStreamWriter(runsum.getOutputStream());
        BufferedReader in = new BufferedReader(new InputStreamReader(runsum.getInputStream()));
        out.write(script);
        out.write("\n");
        out.flush();
        out.write("exit\n");
        out.flush();
        out.close();
        String s = "";
        String line = null;
        while ((line = in.readLine()) != null) {
            s += line + "\n";
        }
        in.close();
        exitVal = runsum.waitFor();
        if (exitVal == 0)
        {
            Log.e("Debug", "Successfully to shell");
            return s;
        }
    }
    catch ( Exception e)
    {
        Log.e("Debug", "Fails to shell");
    }
    return cmdBecomeSu;
}