- 博客(151)
- 资源 (2)
- 收藏
- 关注
转载 KrbGuess – Guess/Enumerate Kerberos User Accounts
KrbGuess is a small and simple tool which can be used during security testing to guess valid usernames against a Kerberos environment. It allows you to do this by studying the response from a TGT requ
2009-10-30 09:27:00 889
转载 A Fuzzing Approach to Credentials Discovery using Burp Intruder
http://www.sans.org/reading_room/whitepapers/testing/rss/a_fuzzing_approach_to_credentials_discovery_using_burp_intruder_33214
2009-10-30 09:17:00 804
转载 Global Hauri ViRobot Server cookie overflow
DMA[2005-0614a] - Global Hauri ViRobot Server cookie overflowAuthor: Kevin FinisterreVendor: http://www.globalhauri.comProduct: ViRobot Linux (and Unix?) ServerReferences: http://www.dig
2009-10-29 16:05:00 893
转载 Username Enumeration Vulnerabilities
We all know what username enumeration vulnerabilities are about. In this post, I will talk about them within the context of web application pentesting and will discuss some of the common issues I’v
2009-10-29 14:45:00 1696
原创 default logins and password
http://www.governmentsecurity.org/articles/default-logins-and-passwords-for-networked-devices.html
2009-10-29 14:23:00 648
转载 WEB安全工具大收集
很多,非常多。Test sites / testing groundsSPI Dynamics (live) – http://zero.webappsecurity.com/Cenzic (live) – http://crackme.cenzic.com/Watchfire (live) – http://demo.testfire.net/Acunetix (live) – http
2009-10-29 13:37:00 2269
转载 linux swatch 使用笔记
http://hi.baidu.com/%BF%D5%C6%F8%C8%CB%B6%F9/blog/item/dedb06b1c26adc52092302e0.html
2009-10-28 19:03:00 929
转载 Yokoso! – Web Infrastructure Fingerprinting & Delivery Tool
Yokoso! is a project focused on creating fingerprinting code that is deliverable through some form of client attack. This can be used during penetration tests that combine network and web applications
2009-10-28 13:19:00 678
转载 Benchmarking Mail Relays and Forwarders
postal是一个不错的SMTP压力测试工具,作者还写了Bonnie++,他是一个测试磁盘IO的东西,也很不错。 Postal is a mail server benchmark that I wrote. The main components of it are postal for testing the delivery of mail via SMTP, rabid for t
2009-10-27 17:21:00 1101
转载 Linux下共享文件系统文件传输的简单设计(转载)
共享文件系统文件传输,是网络侦控项目中的一个实际操作。它是为了抵制入侵者进入内网而提出的一种安全解决方案。在实际传输过程中,拓扑图如下:实际环境均在Linux主机下进行。采用OCFS2文件集群的方式。外部主机A和内部主机B之间的通讯,均通过共享存储空间C进行接受和发送。这样即使入侵者拿下外部主机A,也无法渗透内网。这样可以确保内部主机B是安全的。在此“共享文件系统文件传输”设计中,主要是实
2009-10-27 10:51:00 1327
转载 跨域访问
简单说说跨域访问http://farthinker.cn/2007/12/22/cross-domain-visit/ 使用 window.name 解决跨域问题http://www.planabc.net/2008/09/01/window_name_transport/
2009-10-26 22:02:00 621
转载 Linux 静态路由
/etc/sysconfig/network-scripts/route-ethX 也能定义单个网卡的静态路由呀,我之前只知道/etc/sysconfig/static-route
2009-10-26 09:45:00 603
原创 《CISSP认证视频》(Shon Harris CISSP Training 2007 Platinum)CSH.CISSP.2007 铂金版 完结[ISO]
下载地址http://www.verycd.com/topics/241533/
2009-10-25 16:33:00 1152
转载 nginx dos
debian:~# uname -a Linux debian 2.6.18-6-686 #1 SMP Thu Aug 20 21:56:59 UTC2009 i686 GNU/Linuxdebian:~# cat /etc/issueDebian GNU/Linux 4.0 /n /ldebian:~# dpkg -l|grep nginxii nginx 0.4.13-
2009-10-24 17:30:00 866
转载 /proc filesystem allows bypassing directory permissions on Linux
Hi!This is forward from lkml, so no, I did not invent thishole. Unfortunately, I do not think lkml sees this as a security hole,so...Jamie Lokier said: a) the current permission
2009-10-24 17:27:00 790
转载 FastTrack Autopwn
http://www.securitytube.net/FastTrack-Autopwn-video.aspx
2009-10-24 12:17:00 743
转载 rhel5中管理swap空间
一、添加swap空间:1、扩展一个现有的swap空间:、首先禁止正在使用的swap空间: [root@server4 ~]# swapoff /dev/mapper/tools-swap 、重新resize /dev/mapper/tools-swap: [root@server4 ~]# lvm lvresize /dev/tools/swap -L +300M
2009-10-23 16:10:00 641
转载 fast-track
http://trac.thepentest.com/wiki/FasttrackOverview http://trac.thepentest.com/wiki/Fast_Track_Movie_Tutorials视频
2009-10-23 15:56:00 593
转载 不错的书籍
http://book.51cto.com/art/200710/58933.htmphp5与mysql5 web开发技术详解 http://book.51cto.com/art/200910/157013.htm监控 http://book.51cto.com/art/200908/147751.htm
2009-10-23 14:20:00 482
转载 AutoNessus v1.3.2 released
AutoNessus automates regular Nessus scans and provides delta reporting. The goal is to reduce the analysis time for subsequent scans of the same infrastructure by only reporting delta findings.Ver
2009-10-22 09:45:00 585
转载 推荐 OWASP - Transport Layer Protection Cheat Sheet
昨天出来的一份传输层保护的Cheat Sheet实际上主要是 TLS 的正确部署指导原则,我仔细阅读了一遍,非常不错。(注:TLS 1.0 和 SSL 3.0 差别很小)Transport Layer Protection Cheat Sheet最近几年来, SSL方面的问题出的非常多,前不久的blackhat大会上就有两场非常精彩的talk。这方面的问题也越来越引起人们的关注,可以预见到
2009-10-22 09:12:00 790
转载 Top IT management trends - the next 5 years
Computerworld reports that according to Gartners research, client virtualization, more data, less energy consumption, resource tracking, social networks in the workplace, unified communications, inex
2009-10-21 10:29:00 486
转载 数据流0day原理+实践
首先作为我,gxm,很荣幸的与咔咔在23号的早上凌晨2点多共同研究了流数据这个课题。感谢咔咔的无私奉献。技术共享。才让这数据流充分发挥他的力量。 一,原理 首先说下,NTFS文件系统里存在数据流,这是N久以前的了。NTFS分区的数据流是一个子文件系统允许额外的数据连接到一个特别的文件中,现在的FAT文件系统格式是不支持数据
2009-10-20 16:51:00 632
转载 BitMeter 2 – bandwidth meter to calculate you total internet in and out
http://pentestit.com/2009/10/18/bitmeter-2-bandwidth-meter-calculate-total-internet/
2009-10-20 11:41:00 489
转载 Longcat – multi-protocol stress testing tool
Longcat Flooder is a multi-protocol flooding tool written during the Subeta raids, by the same creator as the newer bandwidth raeping tool, BWRaeper.NET. It quickly became popular amongst Anonymous du
2009-10-20 11:04:00 655
转载 How to own a Windows Domain
Z (Z [at] wechall [dot] net) submitted this cool video to us. According to his submission:- I had to cut this video to a short one, so please use the pause button if something is too quick :) The miss
2009-10-20 11:00:00 682
原创 ISAAF-Penetration test framework
http://www.oissg.org/wiki/index.php?title=ISAAF-PENETRATION_TESTING_FRAMEWORK
2009-10-20 09:33:00 491
转载 nikto 2.1 coming
Its final time to stop procrastinating: Nikto 2.1.0 is here!(Available from http://cirt.net/nikto2)This version has gone through significant rewrites under the hood tohow Nikto works, to make it more
2009-10-20 09:26:00 526
转载 真正理解ViewState
http://blog.csdn.net/sunchaohuang/archive/2007/07/01/1674731.aspxhttp://blog.csdn.net/alexjames_83/archive/2008/05/29/2492380.aspx
2009-10-20 09:23:00 489
转载 两个linux性能测试程序LMbench和SysBench
http://www.bitmover.com/lmbench/http://sysbench.sourceforge.net/
2009-10-19 22:36:00 1111
转载 Linux dmesg中关于TCP: Treason uncloaked!信息
在debian Linux服务器的日志中,dmesg出现类似的信息:TCP: Treason uncloaked! Peer 202.106.38.7:57824/80 shrinks window 3573023813:3573023814. Repaired.TCP: Treason uncloaked! Peer 202.106.38.7:57824/80 shrinks window 35
2009-10-19 10:28:00 2679
原创 ettercap牛X视频
http://www.tudou.com/programs/view/xFqhBEYcgu0/http://linux.byexamples.com/archives/357/ettercap-what-can-be-done-after-arp-poisoning/
2009-10-18 18:06:00 597
原创 渗透技巧不定期更新
1. 目录遍历漏洞绕过 1.1URL编码 . %2e / %2f / %5c 1.2 16位的unicode . %u002e / %u2215 / %u2216 1.3 双解码 . %252e / %252f / %255c 1.4 超长的UTF-8 uni
2009-10-18 13:38:00 1059
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人