分类 ‘工具收集’ 下的日志

Php Code Audits的方向

鬼仔注:文中含一个web代码审计工具的列表。

作者:5up3rh3i

下面是一个Source Code Auditing tools的一个list [转于网络]

Name – [ language/s supported ] – web link:
阅读全文 »

Tags:

Nuke ET < = 3.4 (fckeditor) Remote Arbitrary File Upload Exploit

Vulnerable:
Tru-Zone NukeET 3.4
FCKeditor FCKeditor 2.4.3
FCKeditor FCKeditor 2.0 rc3
FCKeditor FCKeditor 2.0 RC2
FCKeditor FCKeditor 2.3 beta
FCKeditor FCKeditor 2.2
阅读全文 »

Tags: ,

OWASP WebGoat + WebScarab

鬼仔注:看到TR那里放了几个链接,这里来个详细的,我英文很烂,就不翻译了。

一、OWASP WebScarab Project
a tool for performing all types of security testing on web applications and web services

下载地址:OWASP Source Code Center at Sourceforge

安装方法:
Linux: java -jar ./webscarab-selfcontained-[numbers].jar
Windows: double-click the installer jar file

A Mac OS X package of the latest version can usually be found on Corsaire’s download page.

You can also try the Java Web Start version, which was signed by Rogan Dawes.
阅读全文 »

Tags: , ,

ms08-066

作者:SoBeIt

#include <stdio.h>
#include <winsock2.h>
#include <windows.h>

#pragma comment(lib, "ws2_32.lib")

#define NTSTATUS        int
 阅读全文 »
Tags: , , ,

MS08-066 AFD.sys Local Privilege Escalation Exploit (POC)

文章作者:Eros412
信息来源:邪恶八进制信息安全团队(www.eviloctal.com)

MS Bulletin : http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx

**********计算IoControlCode过程**********
阅读全文 »

Tags: , , , ,

MS Windows XP/2003 AFD.sys Privilege Escalation Exploit (K-plugin)

Hi,

I have just uploaded a k-plugin for Kartoffel, which exploits a flaw
patched in the recent MS08-066 bulletin.

http://kartoffel.reversemode.com/downloads.php
backup: http://milw0rm.com/sploits/2008-afd_plugin.zip
阅读全文 »

Tags: , , ,

新的远程OS指纹被动判别工具-p0f

来源:3w417

p0f 是继Nmap和Xprobe2之后又一款远程操作系统被动判别工具。它支持:

1. 反连SYN 模式
2. 正连SYN+ACK 模式
3. 空连RST+ 模式
4. 碎片ACK模式

p0f比较有特色的是它还可以探测:
阅读全文 »

Tags:

SCRT Webshag–Python写的web服务器审计工具

SCRT Webshag
IntroductionWebshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.
阅读全文 »

Tags: