- 博客(38)
- 资源 (2)
- 收藏
- 关注
RSS订阅转载 Attack Tools
http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/Sometimes, the best defense is a good offense. Bishop Fox’s attack tools level the playing field by allowing our client
2014-03-31 21:53:02
3573
翻译 Testing: Conduct search engine discovery/reconnaissance for information leakage (OTG-INFO-001)
https://www.owasp.org/index.php/Testing:_Search_engine_discovery/reconnaissance_(OWASP-IG-002)SummaryThere are direct and indirect elements to search engine discovery and reconnaissance. Direc
2014-03-30 22:11:24
1721
转载 C# Panel实现多窗口切换
实现方法如下:1.设计 首先在左侧放一个panel,右侧放一个panel(命名为pnlMain),调整大小,在左侧panel里放置两个按钮(多个按钮同理)2.在按钮里面写方法 在【命名规范检查】按钮(我写的代码测试工具)里写如下方法 private void btnNameCheck_Click(object sender, EventArgs e) {
2014-03-29 10:59:33
15168
1
翻译 Testing for SQL Injection
https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OWASP-DV-005)Brief SummaryA SQL injection attack consists of insertion or "injection" of either a partial or complete SQL query
2014-03-27 09:30:02
1941
翻译 Cross-site Scripting (XSS)
OverviewCross-Site Scripting (XSS) attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. XSS attacks occur when an attacke
2014-03-26 10:31:38
4927
翻译 Prepared statement
http://en.wikipedia.org/wiki/Prepared_statementIn database management systems, a prepared statement or parameterized statement is a feature used to execute the same or similar database statement
2014-03-25 09:46:43
3016
翻译 Blind SQL Injection
https://www.owasp.org/index.php/Blind_SQL_InjectionDescriptionBlind SQL (Structured Query Language) injection is a type of SQL Injection attack that asks the database true or false questions a
2014-03-24 21:43:37
4296
翻译 How to Avoid SQL Injection Vulnerabilities
https://www.owasp.org/index.php/Guide_to_SQL_InjectionThere are two complementary and successful methods of mitigating SQL Injection attacks:有两种互为补充的方法可以缓解SQL注入攻击:Parameterized queries usi
2014-03-24 13:13:00
1131
翻译 SQL Injection
https://www.owasp.org/index.php/SQL_InjectionOverviewA SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A succe
2014-03-23 22:40:25
2656
翻译 LDAP Injection (Lightweight Directory Access Protocol Injection)
http://projects.webappsec.org/w/page/13246947/LDAP%20InjectionLDAP InjectionLDAP Injection is an attack technique used to exploit web sites that construct LDAP statements from user-supplied in
2014-03-23 18:34:07
2252
原创 pygtk安装过程中出现configure.ac:80: error: possibly undefined macro: AC_MSG_ERROR
1、安装 pkg-config
2014-03-21 17:32:19
5057
转载 在安装PyGTK时总是提示python: ImportError: No module named bz2
转自:http://www.zhetenga.com/view/python%3A%20ImportError%3A%20No%20module%20named%20bz2-ae70dd55.html在安装node.js时提示ImportError: No module named bz2。很明显这个python中没有装bz2的库导致的。解决方法:yum install bzi
2014-03-21 16:10:22
2339
原创 RedHat 安装pyopenssl总提示在安装cryptography-0.2.2依赖时出错
经google发现了:http://www.cnblogs.com/sharpstill/archive/2012/05/26/2519654.html这个帖子,其中提到了相同的问题,只需要easy_install http://pypi.python.org/packages/source/p/pyOpenSSL/pyOpenSSL-0.12.tar.gz 即可以完成一键安装
2014-03-21 15:46:38
4220
转载 Linux(RedHat,Centos)上scrapy详尽安装笔记
转自:http://www.cnblogs.com/sharpstill/archive/2012/05/26/2519654.html Scrapy是一款非常成熟的爬虫框架,可以抓取网页数据并抽取结构化数据,目前已经有很多企业用于生产环境。对于它的更多介绍,可以查阅相关资料(官方网站:www.scrapy.org)。我们根据官网提供的安装指南,来一步步安装,主要参考了ht
2014-03-21 15:43:45
1146
转载 RedHat 安装w3af,安装pyopenssl时总会出现Package libffi was not found in the pkg-config search path错误
经google发现需要安装liffi-devel 依赖包,可是yum install liffi-devel总提示找不到这个包,在下面的链接下,找个了一个解决方案:转自:https://gist.github.com/rderoldan1/5920539The problemWhile I was configuring Ruby on Rails in a Red
2014-03-21 14:39:05
4220
原创 pip install 出现UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 73: ordinal not i
RedHat 操作系统中使用pip install中出现UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 73: ordinal not in range(128),经查阅资料发现可能编码的问题使用echo $LANG命令:[root@localhost tools]# echo $LANGen_U
2014-03-20 09:47:31
12032
转载 37 Powerful Penetration Testing Tools For Every Penetration Tester
Wouldn’t it be fun if a company hired you to hack its website/ network/ Server? Well, Yeah!!!Penetration testing, commonly called as pen-testing is a on a roll in the testing circle these days. The
2014-03-19 22:26:56
2349
原创 wfuzz 在 RedHat OS 上试用(一)
1、https://code.google.com/p/wfuzz/downloads/list 下载wfuzz,解压2、运行命令:[root@localhost wfuzz-read-only]# python wfuzz.py -z file -f wordlist/general/common.txt --hc 404 http://192.168.65.155/FUZZTr
2014-03-19 13:45:44
5301
转载 解决Mysql不能保存中文的问题
解决Mysql不能保存中文的问题。最经在做项目的时候遇到了一个很头痛的问题,就是Mysql不能保存中文,一保存就显示为??,本来我用是数据库是MSSql,但由于业务的需求,改用Mysql数据库,经过几天的探索,我终于找到了解决Mysql不能保存中文的方法第一:在建表的时候需要在字段的后面指定字符集,例如下边这张表:CREATE TABLE admin(pkId varchar (5
2014-03-18 13:35:28
3639
转载 populate-treeview-from-database-using-c#
转自:http://sharp-coders.com/microsoft-net/c-sharp/populate-treeview-from-database-using-csharpTreeView Control is most important and useful control. Basically TreeView control allows you to display
2014-03-18 09:46:58
1553
转载 Connect C# to MySQL 程序中对数据库备份和还原
http://www.codeproject.com/Articles/43438/Connect-C-to-MySQL
2014-03-17 15:32:22
816
原创 python 学习 1
https://pythonmonk.com/定义函数计算传入参数中数字的个数def count_digits(n): """Counts the number of digits in the given number. >>> count_digits(5) 1 >>> count_digits(42)
2014-03-17 10:21:29
1860
原创 RedHat 安装Burp Suite
安装java:http://www.java.com/zh_CN/download/help/linux_install.xmlStep 1 :sudo -sHcd /optmkdir burpsuitecd /opt/burpsuitewget http://portswigger.net/burp/burpsuite_free_v1.5.jarSte
2014-03-16 22:34:40
1905
转载 解决Redhat Linux5 yum出现This system is not registered with RHN的方案
转自:http://www.huangkeye.cn/linux/517.html最近博主在学习Linux,菜鸟级别的的选手连装个Chrome都觉得难,悲了个催的……百度了很多教程,大多是类似的。博主的配置是在VM8下搭建的RHEL5.3 (Tikanga)版本,不知道什么原因,每次在输入yum install google-chrome-stable之后就会出现“This system
2014-03-16 19:56:56
2007
转载 WebApp Pentesting Web渗透演练平台
转自:http://hi.baidu.com/oracledba/item/9f7be51ee6a7fbe45e53b16d1、 什么是WebApp PentestingWebApp Pentesting,由PentesterLab出品。官方给自己的定义是一个简单又十分有效学习渗透测试的演练平台。它提供诸多的漏洞系统以供网络安全发烧友进行测试和让黑阔们更加深刻地且透彻理解“漏洞”。
2014-03-14 23:20:23
2415
转载 C# treeview右键添加,删除,重名字树节点
首先在Form上添加右键菜单,ConTextMenuStrip设置好菜单的右键弹出项的名字,之后在Treeview设置MouceDown事件,判断是不是右键点击,是的话,在判断是不是选中节点,都满足弹出右键选择菜单。我的TreeView因为需要设置成的只能有一个节点被选中。 代码如下:1234567
2014-03-14 15:33:47
10004
转载 Introducing 35 Pentesting Tools Used for Web Vulnerability Assessment
转自:http://blog.rootcon.org/2012/03/introducing-35-pentesting-tools-used.html1. w3afw3af or Web Application Attack and Audit Framework is an open source penetration testing tool for finding
2014-03-13 21:59:45
2525
转载 expect 脚本本地单独调用可以执行,apache 服务器调用不能正常执行
转自 http://www.lnmp100.com/347为了定时执行脚本,研究了下expect+crontab+scp 来实现自动化。但难免会碰到一些问题,在此记录下。也是折腾了半个下午,写了个脚本直接运行正常,在加入到crontab下始终没有反应。不多说,上代码。也希望对有同样问题的兄弟们有所帮助!脚本内容:#!/usr/expect/bin/expectset d
2014-03-12 15:51:02
1383
原创 RegRipper plugins 介绍
http://journeyintoir.blogspot.com/2013/04/plugins-softrun-userrun.html
2014-03-11 15:35:00
2106
转载 mysql命令方式创建表
转自:http://www.isstudy.com/mysql/436.html创建数据表可以使用CREATE TABLE语句,其语法格式如下:CREATE [TEMPORARY] TABEL [IF NOT EXISTS] table_name[(create_definition,…)][table_options] [select_statement]TEMPORARY关
2014-03-09 15:32:00
2629
原创 linux下单独执行命令有输出,CGI调用shell脚本,无输出
在shell脚本中调用 volatility,在本地测试时, volatility调用正常,但是在CGI程序调用shell脚本时,没有结果输出???why?分析可能有两方面的原因:(1)权限问题(2)python 版本混乱导致的问题第一个问题因为脚本运行过程中涉及到其他文件输出正常,而且在/etc/sudoers中对apache的访问做了sudo nopasswd的设置,所以基本排除了权限
2014-03-08 12:21:48
2687
2
原创 pefile under python 2.4 (centos os ) EnvironmentError: [Errno 22] Invalid argument
Centos 5 下Python 2.4 环境中运行pefile module 总是提示参数出错,在python命令行中运行出现以下错误信息:>>> import pefile>>> pe=pefile.PE('/forensics/exes/003gangsir.exe')Traceback (most recent call last): File "", line 1, i
2014-03-06 22:10:41
2576
原创 centos 下安装 python 模块
(1)已安装pefile为例,在 https://code.google.com/p/pefile/ 处 下载tar.gz文件(2)解压缩,tar -zxvf pefile-1.2.10-139.tar.gz (3) cd pefile-1.2.1 python setup.py install 可能会出现 error: Python.
2014-03-06 16:04:46
2806
原创 TWMAN+ 流程分析
http://sourceforge.net/projects/twmanplus/files/TWMAN%2B%40Beta_20120125-AutoInstall/ 中2012-01-25发布的TWMAN流程分析:(1)客户端安装exes(这些exes负责从服务器端获取恶意代码[wget程序完成],并执行[sandnet.exe],然后dd出整个硬盘映像img[dd.exe])
2014-03-04 16:33:29
1247
原创 pxe windows img under linux 客户端启动时出现 PXE-E51 "No DHCP or DHCP Proxy Offers received" error
1、检查dhcp服务是否启动2、可以将客户端的MAC地址和固定IP写入 /etc/dhcpd.conf 的文件中类似:allow booting;allow bootp;option routers 10.10.10.1;option subnet-mask 255.255.255.0;option domain-n
2014-03-04 10:23:59
9206
转载 TreeView读取数据库
效果:数据库:思路:利用for遍历,然后创建父节点,再根据父节点创建出子节点。代码: 1 using System; 2 using System.Collections.Generic; 3 using System.Linq; 4 using System.Web; 5 using System.Web.UI; 6 using Sy
2014-03-03 21:04:24
3593
1
驱动开发资料
2012-07-06
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人