2009年10月_cnbird2008

转载 KrbGuess – Guess/Enumerate Kerberos User Accounts

KrbGuess is a small and simple tool which can be used during security testing to guess valid usernames against a Kerberos environment. It allows you to do this by studying the response from a TGT requ

2009-10-30 09:27:00 889

转载 A Fuzzing Approach to Credentials Discovery using Burp Intruder

http://www.sans.org/reading_room/whitepapers/testing/rss/a_fuzzing_approach_to_credentials_discovery_using_burp_intruder_33214

2009-10-30 09:17:00 804

转载 Global Hauri ViRobot Server cookie overflow

DMA[2005-0614a] - Global Hauri ViRobot Server cookie overflowAuthor: Kevin FinisterreVendor: http://www.globalhauri.comProduct: ViRobot Linux (and Unix?) ServerReferences: http://www.dig

2009-10-29 16:05:00 893

转载 Username Enumeration Vulnerabilities

We all know what username enumeration vulnerabilities are about. In this post, I will talk about them within the context of web application pentesting and will discuss some of the common issues I’v

2009-10-29 14:45:00 1696

原创 default logins and password

http://www.governmentsecurity.org/articles/default-logins-and-passwords-for-networked-devices.html

2009-10-29 14:23:00 648

原创 Apache Server GUI and Tools NetLoony

http://netloony.sourceforge.net/

2009-10-29 13:54:00 638

转载 WEB安全工具大收集

很多，非常多。Test sites / testing groundsSPI Dynamics (live) – http://zero.webappsecurity.com/Cenzic (live) – http://crackme.cenzic.com/Watchfire (live) – http://demo.testfire.net/Acunetix (live) – http

2009-10-29 13:37:00 2269

转载善用PGP加密工具的七大法宝

2009-10-29 10:37:00 681

转载 linux swatch 使用笔记

http://hi.baidu.com/%BF%D5%C6%F8%C8%CB%B6%F9/blog/item/dedb06b1c26adc52092302e0.html

2009-10-28 19:03:00 929

转载 Yokoso! – Web Infrastructure Fingerprinting & Delivery Tool

Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications

2009-10-28 13:19:00 678

转载 Benchmarking Mail Relays and Forwarders

postal是一个不错的SMTP压力测试工具，作者还写了Bonnie++，他是一个测试磁盘IO的东西，也很不错。 Postal is a mail server benchmark that I wrote. The main components of it are postal for testing the delivery of mail via SMTP, rabid for t

2009-10-27 17:21:00 1101

转载 Linux下共享文件系统文件传输的简单设计（转载）

共享文件系统文件传输，是网络侦控项目中的一个实际操作。它是为了抵制入侵者进入内网而提出的一种安全解决方案。在实际传输过程中，拓扑图如下：实际环境均在Linux主机下进行。采用OCFS2文件集群的方式。外部主机A和内部主机B之间的通讯，均通过共享存储空间C进行接受和发送。这样即使入侵者拿下外部主机A，也无法渗透内网。这样可以确保内部主机B是安全的。在此“共享文件系统文件传输”设计中，主要是实

2009-10-27 10:51:00 1327

原创 burp Suite help

http://portswigger.net/suite/help.html

2009-10-27 09:57:00 862 1

转载跨域访问

简单说说跨域访问http://farthinker.cn/2007/12/22/cross-domain-visit/ 使用 window.name 解决跨域问题http://www.planabc.net/2008/09/01/window_name_transport/

2009-10-26 22:02:00 621

转载 Linux 静态路由

/etc/sysconfig/network-scripts/route-ethX 也能定义单个网卡的静态路由呀，我之前只知道/etc/sysconfig/static-route

2009-10-26 09:45:00 603

原创《CISSP认证视频》(Shon Harris CISSP Training 2007 Platinum)CSH.CISSP.2007 铂金版完结[ISO]

下载地址http://www.verycd.com/topics/241533/

2009-10-25 16:33:00 1152

转载 nginx dos

debian:~# uname -a Linux debian 2.6.18-6-686 #1 SMP Thu Aug 20 21:56:59 UTC2009 i686 GNU/Linuxdebian:~# cat /etc/issueDebian GNU/Linux 4.0 /n /ldebian:~# dpkg -l|grep nginxii nginx 0.4.13-

2009-10-24 17:30:00 866

转载 /proc filesystem allows bypassing directory permissions on Linux

Hi!This is forward from lkml, so no, I did not invent thishole. Unfortunately, I do not think lkml sees this as a security hole,so...Jamie Lokier said: a) the current permission

2009-10-24 17:27:00 790

转载 FastTrack Autopwn

http://www.securitytube.net/FastTrack-Autopwn-video.aspx

2009-10-24 12:17:00 743

转载 rhel5中管理swap空间

一、添加swap空间：1、扩展一个现有的swap空间：、首先禁止正在使用的swap空间： [root@server4 ~]# swapoff /dev/mapper/tools-swap 、重新resize /dev/mapper/tools-swap: [root@server4 ~]# lvm lvresize /dev/tools/swap -L +300M

2009-10-23 16:10:00 641

转载 fast-track

http://trac.thepentest.com/wiki/FasttrackOverview http://trac.thepentest.com/wiki/Fast_Track_Movie_Tutorials视频

2009-10-23 15:56:00 593

转载不错的书籍

http://book.51cto.com/art/200710/58933.htmphp5与mysql5 web开发技术详解 http://book.51cto.com/art/200910/157013.htm监控 http://book.51cto.com/art/200908/147751.htm

2009-10-23 14:20:00 482

转载用host monitor简单监控系统指标(转载自baoz)

host monitor

2009-10-23 11:01:00 876

转载 AutoNessus v1.3.2 released

AutoNessus automates regular Nessus scans and provides delta reporting. The goal is to reduce the analysis time for subsequent scans of the same infrastructure by only reporting delta findings.Ver

2009-10-22 09:45:00 585

转载推荐 OWASP - Transport Layer Protection Cheat Sheet

昨天出来的一份传输层保护的Cheat Sheet实际上主要是 TLS 的正确部署指导原则，我仔细阅读了一遍，非常不错。(注：TLS 1.0 和 SSL 3.0 差别很小)Transport Layer Protection Cheat Sheet最近几年来， SSL方面的问题出的非常多，前不久的blackhat大会上就有两场非常精彩的talk。这方面的问题也越来越引起人们的关注，可以预见到

2009-10-22 09:12:00 790

转载 windows集群软件

MSCS,SAFEKIT,AUOTOSTART,LIFEKEEPER,ROSE

2009-10-21 12:02:00 1381

转载 Top IT management trends - the next 5 years

Computerworld reports that according to Gartners research, client virtualization, more data, less energy consumption, resource tracking, social networks in the workplace, unified communications, inex

2009-10-21 10:29:00 486

转载数据流0day原理+实践

首先作为我，gxm，很荣幸的与咔咔在23号的早上凌晨2点多共同研究了流数据这个课题。感谢咔咔的无私奉献。技术共享。才让这数据流充分发挥他的力量。一，原理首先说下，NTFS文件系统里存在数据流，这是N久以前的了。NTFS分区的数据流是一个子文件系统允许额外的数据连接到一个特别的文件中，现在的FAT文件系统格式是不支持数据

2009-10-20 16:51:00 632

转载 wapiti

http://sourceforge.net/projects/wapiti/

2009-10-20 14:04:00 733

转载 BitMeter 2 – bandwidth meter to calculate you total internet in and out

http://pentestit.com/2009/10/18/bitmeter-2-bandwidth-meter-calculate-total-internet/

2009-10-20 11:41:00 489

转载 2个好工具systrace和ttyrpld 转自baoz

systracettyrpld

2009-10-20 11:38:00 1163

转载 Longcat – multi-protocol stress testing tool

Longcat Flooder is a multi-protocol flooding tool written during the Subeta raids, by the same creator as the newer bandwidth raeping tool, BWRaeper.NET. It quickly became popular amongst Anonymous du

2009-10-20 11:04:00 655

转载 How to own a Windows Domain

Z (Z [at] wechall [dot] net) submitted this cool video to us. According to his submission:- I had to cut this video to a short one, so please use the pause button if something is too quick :) The miss

2009-10-20 11:00:00 682

原创 ISAAF-Penetration test framework

http://www.oissg.org/wiki/index.php?title=ISAAF-PENETRATION_TESTING_FRAMEWORK

2009-10-20 09:33:00 491

转载 nikto 2.1 coming

Its final time to stop procrastinating: Nikto 2.1.0 is here!(Available from http://cirt.net/nikto2)This version has gone through significant rewrites under the hood tohow Nikto works, to make it more

2009-10-20 09:26:00 526

转载真正理解ViewState

http://blog.csdn.net/sunchaohuang/archive/2007/07/01/1674731.aspxhttp://blog.csdn.net/alexjames_83/archive/2008/05/29/2492380.aspx

2009-10-20 09:23:00 489

转载两个linux性能测试程序LMbench和SysBench

http://www.bitmover.com/lmbench/http://sysbench.sourceforge.net/

2009-10-19 22:36:00 1111

转载 Linux dmesg中关于TCP: Treason uncloaked!信息

在debian Linux服务器的日志中，dmesg出现类似的信息：TCP: Treason uncloaked! Peer 202.106.38.7:57824/80 shrinks window 3573023813:3573023814. Repaired.TCP: Treason uncloaked! Peer 202.106.38.7:57824/80 shrinks window 35

2009-10-19 10:28:00 2679

原创 ettercap牛X视频

http://www.tudou.com/programs/view/xFqhBEYcgu0/http://linux.byexamples.com/archives/357/ettercap-what-can-be-done-after-arp-poisoning/

2009-10-18 18:06:00 597

原创渗透技巧不定期更新

1. 目录遍历漏洞绕过 1.1URL编码 . %2e / %2f / %5c 1.2 16位的unicode . %u002e / %u2215 / %u2216 1.3 双解码 . %252e / %252f / %255c 1.4 超长的UTF-8 uni

2009-10-18 13:38:00 1059

附件2 金融行业信息系统信息安全等级保护测评指南(报批稿)

ISO 27000中文系列

空空如也