您正在查看 "hacking & security" 分类下的文章 2010-11-17 13:14 Remote exploits works in a way so you execute a program on your computer,
that program sends something to the other computer, exploiting a vunerebilety
and giving you access to the remote operating system.
The phf trick which I talked about in the beginning, uses a bug in the
remote system to gain information that you normally wouldent be allowed to get.
An exploit doesn't have to give you access to computer thought,
a DoS (Denial of Service) attack is also a |
2010-10-18 20:05 2010-07-07 10:30 2010-06-28 20:23 By using blind technique, you have to spend more time than normal injection.
You can obtain only one character while you send several queries to server.
We will give you an example of querying the first character of database name.
We assume that database name is member. Therefore, the first character is "m"
which the ascii value is 109. (At this point, we assume that you know ascii code)
Ok, first, we have to know that the results from requests have only 2 |
2010-06-25 14:20 airbase-ng -P -C 30 -e "PWND" -v mon0
nano /etc/dhcp3/dhcpd.conf
option domain-name-servers 10.0.0.1;
default-lease-time 60;
max-lease-time 72;
ddns-update-style none;
authoritative;
log-facility local7;
subnet 10.0.0.0 netmask 255.255.255.0 {
range 10.0.0.100 10.0.0.254;
option routers 10.0.0.1;
option domain-name-servers 10.0.0.1;
}
ifconfig at0 up 10.0.0.1 netmask 255.255.255.0
tarl -f /var/log/messqge
|
2010-05-26 19:44 IBM xt200
..WIFI 5100 for cracking wep
tip:
First run BT4 from your Usb, HDD or whatever and put the .tar file in your home directory then open a console and :
tar xjf compat-wireless-2.6.tar.bz2 (asuming you have downloaded comapt-wireless form the link provided)
cd compat-wireless-2009*
make -j4
make unload (root)
make install (root)
echo options iwlagn swcrypto=1 >> /etc/modprobe.d/options (root)
make load (root)
now then |
2010-05-17 23:19 # -*- coding: cp936 -*-
import time
import string
import httplib,sys
from socket import *
import re
import getopt
from urllib import urlopen
import urllib2
import os
print "\n------------------------------------------"
print "*Domain check Ver. 1.0b *"
print "*Coded by t-bag&b4che10r&Christian Martorella*"
print "*ydte |
2010-05-13 20:36 1.本地构造测试表
mysql> create table users(id int,name varchar(20),passwd varchar(32));
Query OK, 0 rows affected (0.04 sec)
mysql> insert into users value(1,’mickey’,'827ccb0eea8a706c4c34a16891f84e7b’);
Query OK, 1 row affected (0.00 sec)
mysql> create table news(is_admin int(1),id int(2),title varchar(100),date date);
Query OK, 0 rows affected (0.00 sec)
mysql> insert into news values(1,1,’hello,mickey’, |
2010-05-13 11:58 WebCruiser - Web Vulnerability Scanner V1.2.1.0206
运行平台:Windows with .Net FrameWork 2.0或以上。
界面语言:英文版
功能简介:
* 网站爬虫(目录及文件);
* 漏洞扫描(SQL注入,跨站脚本);
* 漏洞验证(SQL注入,跨站脚本);
* SQL S |
2010-05-08 18:29 First:
.........
CREATE TABLE tbl_upload (
id INT NOT NULL AUTO_INCREMENT,
name VARCHAR(30) NOT NULL,
type VARCHAR(30) NOT NULL,
size INT NOT NULL,
content MEDIUMBLOB NOT NULL,
PRIMARY KEY(id)
);....
then...............
<?php
if(isset($_POST['upload_file']) && $_FILES['file_name']['size'] > 0)
{
$originalName = $_FILES['file_name']['name'];
$tmpName = $_FILES['file_name']['tmp_name |
2010-05-05 0:26 # -*- coding: cp936 -*-
import time
import string
import httplib,sys
from socket import *
import re
import getopt
from urllib import urlopen
import urllib2
import os
print "\n------------------------------------------"
print "*Domain check Ver. 1.0b *"
print "*Coded by t-bag&b4che10r&Christian Martorella*"
print "*ydte |
2010-05-05 0:25 #!/usr/bin/python
import socket,re,urllib,urllib2,os,sys
def options():
sock=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((t_IP,t_port))
req = "OPTIONS / HTTP/1.1\r\n"
req += "Host: " + t_IP + "\r\n"
req += "Connection: close\r\n"
req += "\r\n\r\n"
#print req
sock.send(req)
data = sock.recv(1024)
sock.close()
r1 = re.compile('DAV')
result = |
2010-05-04 17:08 Well, it’s just a compilation of various security related tools found around the net.
All from NirSoft’s password recovery utilities, to PwDump7 and the Abel backdoor (?) from Cain & Abel.
And of course some other nifty tools (like netcat). I do not take credi |
2010-05-04 16:53 You know what a barcode is.
And at least I have thought about this a long time now.
Injections through barcodes.
So i came up with this scenario.
I believe the products of supermarkets, and loads of other stores, save their products in some kind of database.
If we then, could change that code to an inproper query, could we then be able to exploit the back-end database?
Actully, i got no clue. But in believe it would be possib |
2010-05-04 13:31 This Mysql OOB technique, seem to be getting out of control.
It didn’t exist in the wild (for as far as we know about), so we started to look into it even further.
Malware can use this SMB vulnerability (?) in order to spread itself to other locations.
To let’s say, all Windows boxes on the local network.
Rather easy too.
Windows got these nice, hard-coded folders, where it auto-starts applications once on every reboot.
So what happens |
| | |
