2008年11月 的日志

无线安全破解专用WPA-PSK Hash Table DVD下载地址汇总 – [Wireless Hack]

版权声明:转载时请以超链接形式标明文章原始出处和作者信息及本声明
http://bigpack.blogbus.com/logs/31359696.html

此次由ZerOne安全团队制作的无线安全破解专用DVD光盘,其中包含的WPA 破解 Hash Table已全部经过测试可用,所含SSID均为ZerOne安全团队在对多个省会城市进行多次实地War-Driving无线探测基础上,从汇总数据中精心挑选出国内使用频率最高的前62个SSID整理而成。光盘里除了包含多达40余种8位以上生日类密码组合外,还包括了8位以上普通用户常用密码组合,总容量达4.4GB。实为无线安全密码破解测试、无线渗透测试及安全评估之必备利器。
阅读全文 »

Tags: , ,

Oracle Pwnage Part 3

Posted by CG

Sorry no metasploit for this one.

But

I did get asked how to get the SCOTT/TIGER username and pass. I left a (hint) in the first blog post. But by request here is the link:
http://www.petefinnigan.com/default/default_password_checker.htm

Second thing was that you may find yourself with some oracle hashes after some crafty (well not realy) sql queries. Something that probably looks like this:

[*] DBSNMP,E066D214D5421CCC
[*] SCOTT,F894844C34402B67
[*] XDB,88D8364765FCE6AF
阅读全文 »

Tags: ,

Oracle Pwnage with the Metasploit Oracle Modules Part 2

Posted by CG

Last post we got to where we could execute SQL queries on the box and were able to see Scott’s permissions.

Let’s use the SQLI auxiliary modules to see if we can add the DBA privilege to Scott’s account.

As you recall….

msf auxiliary(oracle_sql) > run

[*] Sending SQL…
[*] SCOTT,CONNECT,NO,YES,NO
[*] SCOTT,RESOURCE,NO,YES,NO
[*] Done…
[*] Auxiliary module execution completed
阅读全文 »

Tags: , ,

Oracle Pwnage with the Metasploit Oracle Modules Part 1

Posted by CG

Every so often you come across an open 1521 on a pentest.

1521/tcp open oracle

But what to do? There aren’t a ton of what I consider usable Oracle exploits out there, and the ones that are there involve installing a bunch of extra libraries, and we know thats “tough” to do. Thankfully MC has done all the work for us and created the metasploit mixin and modules. **Need help getting the mixin installed? See my file format post.
阅读全文 »

Tags: , ,

SmbRelay3 NTLM Replay Attack Tool/Exploit (MS08-068)

* SMBRELAY 3 – NTLM replay attack (version 1.0 ) public version
* (c) 2008 Andres Tarasco Acuña ( atarasco _at_ gmail.com )
* URL: http://tarasco.org/Web/tools.html

http://milw0rm.com/sploits/2008-smbrelay3.zip

# milw0rm.com [2008-11-14]

Tags: , ,

打造XP下可运行的微型PE文件(292字节)

# 鬼仔:该文作者是《疯狂的程序员》的作者,现在《疯狂的程序员》已经写完了,还没来得及看。

作者:hitetoshi

前几天和朋友交流技术,提到手工打造微型PE文件,他说现在网上流传的大部分版本在XP SP3下都不能运行,于是心血来潮,拍着胸脯说:“你放心,忙完了帮你做一个。”
后来花了半天时间,终于打造出一个XP下可运行的微型PE,弹出一个对话框,292字节,当然这离极限也许还差得远,不过自己做了一次,还是有些心得,贴出来和大家分享一下。本文介绍的这个MiniPE可以在下载:http://download.csdn.net/source/774041

第一步 准备PE文件
先创建一个PE文件,为了尽可能地小,我们用汇编语言来编写。代码如下:
阅读全文 »

Tags: ,

Foundstone终极黑客培训实记

# 鬼仔:很老的文章了,tr4c3推荐的,以前没看过。放在这里存档,原始链接找不到了,只有作者的名字。

作者:新加坡国家图书馆管理局-傅梦(CISSP,CCNP,MCSE)

2004年11月我参加了Foundstone在新加坡举办的终极黑客实战培训。
培训前据老师介绍,这是Foundstone第一次在新加坡举办这样高级别的黑客攻防培训,而本次培训的主要对象是新加坡警察部队,电脑局,电信局等这类国家级重点信息机构,所以这次对外招生只准备了很少的几个照顾班,也主要是针对大型企业的安全管理人员。由于Foundstone终极黑客培训的实战性极强,所以新加坡政府要求前来参加培训的所有学员不仅必须是电脑安全行业的正式员工,而且还需要提供所有个人详细资料备案。不过,即便是这么苛刻的条件,前来报名要参加培训的人还是络绎不绝。

这次培训除了可以让自己有机会系统性的学习黑客技术,我还从讲师那里得知该培训可以为我的CISSP认证增加32个教育学分(要知道,到目前位置还没有别的什么培训可以象Ultimate Hacking这样一次性给CISSP加那么多教育分的),更是开心不已。
阅读全文 »

Tags: ,

.NET Framework Rootkits

原文:.NET Framework Rootkits

This page covers a new method that enables an attacker to change the .NET language, and to hide malicious code inside its core.

The whitepaper .NET Framework rootkits – backdoors inside your frameworkcovers various ways to develop rootkits for the .NET framework, so that every EXE/DLL that runs on a modified Framework will behave differently than what it’s supposed to do. Code reviews will not detect backdoors installed inside the Framework since the payload is not in the code itself, but rather it is inside the Framework implementation. Writing Framework rootkits will enable the attacker to install a reverse shell inside the framework, to steal valuable information, to fixate encryption keys, disable security checks and to perform other nasty things as described in this paper.
阅读全文 »

Tags: ,