2008年5月 的日志

Nmap Techniques

2008/05/15 22:15 | 鬼仔 | 技术文章 | 消灭0回复

一些Nmap的技巧

来源:Tr4c3’s blog

by d3hydr8 > www.darkc0de.com
date: 01/20/08

Use nmap as a host discovery tool.
阅读全文 »

Tags: ,

defeating google dork limit

2008/05/15 22:10 | 鬼仔 | 技术文章 | 3 个回复

update:
隐身会员:it can not work.
Tr4c3:I have checkd , it can work well.
鬼仔:抱歉,我当时没测试。
鬼仔注:相信这个提示大家遇到的不少吧?

来源:Tr4c3’s blog

well… if you have ever used google dorks you have probably gotten the following 403 forbidden error:
阅读全文 »

Tags: ,

PHP安全《PHP Security》

2008/05/15 22:06 | 鬼仔 | 技术文章 | 1 个回复

来源:Tr4c3’s blog

[ 原书信息 ]
《SAMS Teach Yourself PHP in 10 Minutes》
Author: Chris Newman
Publisher : Sams Publishing
Pub Date : March 29, 2005
ISBN : 0-672-32762-7
Pages : 264

[ 翻译信息 ]
翻译人员:heiyeluren
翻译时间:2006-3-15
翻译章节:《Lesson 24. PHP Security》
中文名称:PHP安全
阅读全文 »

Tags:

PHP security analysis

2008/05/15 22:03 | 鬼仔 | 工具收集 | 消灭0回复

来源:Tr4c3’s blog

There are many tools out in market for security analysis of PHP codes.
Some of them are mentioned below:

1. PHP Security Scanner:
Desc: PHP Security Scanner is a tool written in PHP intended to search
PHP code for vulnarabilities. MySQL DB stores patterns to search for
as well as the results from the search. The tool can scan any
directory on the file system.
License: GPL
More Information: http://securityscanner.lostfiles.de/
阅读全文 »

Tags:

php源码审计工具–PHP Source Auditor 4 released

2008/05/15 22:01 | 鬼仔 | 工具收集 | 消灭0回复

一个用perl写的php源码审计工具
注释by:Neeao

from:http://iron.randombase.com/2008/05/13/php-source-auditor-4-released/

All packed up & ready for your enjoyment: PHP Source Auditor 4! So, if you have (most likely) never heard of it, this is the deal:

PSA4 is a Perl script that connects to your local webhost and scans all files (recursively) in the www root, for vulnerabilities. It scans for:
阅读全文 »

Tags:

PHP Underground Security

2008/05/15 21:58 | 鬼仔 | 技术文章 | 消灭0回复

来源:Tr4c3’s blog

/================================================================================\
———————————[ PLAYHACK.net ]———————————
\================================================================================/

-[ INFOS ]———————————————————————–

Title: “PHP Undergroud Security”
Author: Omnipresent
E-Mail: [email protected][email protected]
Website: http://omni.playhack.net – http://www.playhack.net
Date: 2007-04-12

———————————————————————————

-[ SUMMARY ]———————————————————————

0x00: Let’s start..
0x01: Global Variables, look it carefully
[*] Patching
0x02: File Inclusion
[*] Patching
0x03: XSS
0x04: SQL Injection
\_ 0x04a: Login Bypass
\_ 0x04b: 1 Query? No.. 2 one!
[*] Patching
0x05: File Traverse
[*] Patching
0x05: Conclusion
阅读全文 »

Tags:

Pentest – Tools

2008/05/15 21:51 | 鬼仔 | 工具收集 | 消灭0回复

来源:Tr4c3’s blog

Packet Shaper:
Nemesis: a command line packet shaper
Packit: The Packet Toolkit – A network packet shaper.
Hping by Antirez: a command line TCP/IP packet shaper
Sing: stands for ‘Send ICMP Nasty Garbage’; sends fully customizeable ICMP packets
Scapy: a new python-based packet generator
阅读全文 »

Tags:

Aviv Raff的IE0day,公布了

2008/05/14 23:46 | 鬼仔 | 工具收集 | 8 个回复

来源:Sowhat的blog

前两天提到Aviv搞得这个“找”0day活动(http://hi.baidu.com/secway/blog/item/f21ad28b6bd86c7a9e2fb454.html),今天他公布细节了。
阅读全文 »

Tags: