分类 ‘工具收集’ 下的日志

Blind SQL Injection by Dichotomy Function

2008/10/08 13:56 | 鬼仔 | 工具收集 | 消灭0回复

PHP二分法注射猜解

来源:Web安全手册

<?php

#  Name -> Blind SQL Injection by Dichotomy Function
#    Credits -> charles "real" F. <charlesfol[at]hotmail.fr>
#  Date -> 13-04-08
 阅读全文 »
Tags: ,

3389的SHIFT后门自动扫描[自动关闭错误连接]

2008/10/07 22:42 | 鬼仔 | 工具收集 | 消灭0回复

鬼仔注:3389的SHIFT后门自动扫描的补充

作者:cloie

#!/usr/bin/perl

use warnings;
use Win32::GUI;

use constant WM_CLOSE           => 16;

sub monitor {
my $handle = Win32::GUI::FindWindow('', '中断远程桌面连接');
Win32::GUI::SendMessage($handle, WM_CLOSE, 0, 0);
}
 阅读全文 »
Tags: ,

Scully: SQL DB interface and Brute Forcer

2008/10/07 22:33 | 鬼仔 | 工具收集 | 消灭0回复

Scully is a brute forcer and a simple client interface to MSSQL and MYSQL Database servers. No more need to install database client libraries or setup ODBC connections in windows

What Does Scully do?

Scully is a client interface to MSSQL and MySQL database servers. No more need for
MSSQL/MySQL client libraries to be installed and no more need to setup an ODBC connection
either. Simply add IP/Hostname, username, password, port and database name and SQL away.
阅读全文 »

Tags: , ,

reDuh: Re-inventing TCP like its 1973!

2008/10/07 21:10 | 鬼仔 | 工具收集 | 消灭0回复

reDuh was released as part of SensePost’s BlackHat USA 2008 talk on tunnelling data in and out of networks. Most external firewalls block all incoming sockets except for port 80/443. reDuh allows an attacker to use the compromised web server as a tunneling proxy into the internal network enviroment. reDuh encodes data into valid HTTP requests, which is then delivered to the server agent, decoded, and redirects the data to the various configured tunnels. reDuh is available in JSP/PHP/ASP.

主页:reDuh home page
下载地址:reDuhClient (the local proxy) | reDuhu Server Pages (JSP/PHP/ASP)

Way7T 那里看到的,原文题目为:超强的内网渗透跳板webshell。

Tags: ,

mIRC 6.34 Remote Buffer Overflow Exploit

2008/10/05 13:34 | 鬼仔 | 工具收集 | 1 个回复

#!/usr/bin/perl
#
#
# mIRC 6.34 Remote Buffer Overflow Exploit
# Exploit by SkD (skdrat <at> hotmail <.> com)
# —————————————-
# A day’s work of debugging and looking at mIRC.
#
# Tested on Windows XP SP3 English and Windows Vista SP0.
#
# Credits to securfrog for publishing the PoC.
#
# Author has no responsibility over the damage you do with this!
#
# Note: You might change the addresses for Vista ;)
#
# —————————————-
阅读全文 »

Tags: ,

mysqlhack

2008/10/05 13:33 | 鬼仔 | 工具收集 | 6 个回复

来源:T00LS

MySQL 利用工具.
连接对方的MySQL后,可以上传文件,执行dos命令.以及下载文件并运行.

软件需要 Microsoft .NET Framework 2.0 支持
无法打开软件请安装 Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 下载地址:
http://www.microsoft.com/downloads/details.aspx?FamilyID=0856eacb-4362-4b0d-8edd-aab15c5e04f5&displaylang=zh-cn
阅读全文 »

Tags:

lanker一句话PHP后门客户端3.0内部版

2008/10/05 13:29 | 鬼仔 | 工具收集 | 7 个回复

来源:T00LS

下载地址:lanker3.0.rar
阅读全文 »

Tags:

MS Windows GDI (EMR_COLORMATCHTOTARGETW) Exploit MS08-021

2008/10/03 18:25 | 鬼仔 | 工具收集 | 2 个回复

EMR_COLORMATCHTOTARGETW stack buffer overflow exploit
By Ac!dDrop

This is one of the 2 Vulnerabilities of MS08-021

Tested on Windows xp professional SP1
GDi32.dll 5.1.2600.1106
kernel32.dll 5.1.2600.1106
ws2_32.dll 5.1.2600.0
阅读全文 »

Tags: , ,