鬼仔’s Blog

by axis
2008-05-16
http://www.ph4nt0m.org

Debian OpenSSL包里的算法有问题，random number生成居然是在process pid里选取，导致生成key可穷举

以下摘自metasploit的blog
The Bug
On May 13th, 2008 the Debian project announced that Luciano Bello found an interesting vulnerability in the OpenSSL package they were distributing. The bug in question was caused by the removal of the following line of code from md_rand.c
阅读全文 »

一些Nmap的技巧

来源：Tr4c3’s blog

by d3hydr8 > www.darkc0de.com
date: 01/20/08

Use nmap as a host discovery tool.
阅读全文 »

鬼仔注：相信这个提示大家遇到的不少吧？

来源：Tr4c3’s blog

well… if you have ever used google dorks you have probably gotten the following 403 forbidden error:
阅读全文 »

来源：Tr4c3’s blog

[ 原书信息 ]
《SAMS Teach Yourself PHP in 10 Minutes》
Author: Chris Newman
Publisher : Sams Publishing
Pub Date : March 29, 2005
ISBN : 0-672-32762-7
Pages : 264

[ 翻译信息 ]
翻译人员：heiyeluren
翻译时间：2006-3-15
翻译章节：《Lesson 24. PHP Security》
中文名称：PHP安全
阅读全文 »

来源：Tr4c3’s blog

There are many tools out in market for security analysis of PHP codes.
Some of them are mentioned below:

1. PHP Security Scanner:
Desc: PHP Security Scanner is a tool written in PHP intended to search
PHP code for vulnarabilities. MySQL DB stores patterns to search for
as well as the results from the search. The tool can scan any
directory on the file system.
License: GPL
More Information: http://securityscanner.lostfiles.de/
阅读全文 »

一个用perl写的php源码审计工具
注释by：Neeao

from：http://iron.randombase.com/2008/05/13/php-source-auditor-4-released/

All packed up & ready for your enjoyment: PHP Source Auditor 4! So, if you have (most likely) never heard of it, this is the deal:

PSA4 is a Perl script that connects to your local webhost and scans all files (recursively) in the www root, for vulnerabilities. It scans for:
阅读全文 »

来源：Tr4c3’s blog

/================================================================================\
———————————[ PLAYHACK.net ]———————————
\================================================================================/

-[ INFOS ]———————————————————————–

Title: “PHP Undergroud Security”
Author: Omnipresent
E-Mail: omnipresent@email.it - omni@playhack.net
Website: http://omni.playhack.net - http://www.playhack.net
Date: 2007-04-12

———————————————————————————

-[ SUMMARY ]———————————————————————

0×00: Let’s start..
0×01: Global Variables, look it carefully
[*] Patching
0×02: File Inclusion
[*] Patching
0×03: XSS
0×04: SQL Injection
\_ 0×04a: Login Bypass
\_ 0×04b: 1 Query? No.. 2 one!
[*] Patching
0×05: File Traverse
[*] Patching
0×05: Conclusion
阅读全文 »

来源：Tr4c3’s blog

Packet Shaper:
Nemesis: a command line packet shaper
Packit: The Packet Toolkit - A network packet shaper.
Hping by Antirez: a command line TCP/IP packet shaper
Sing: stands for ‘Send ICMP Nasty Garbage’; sends fully customizeable ICMP packets
Scapy: a new python-based packet generator
阅读全文 »