2008年12月 的日志

我是一个渗透手–旁注攻击篇

2008/12/09 17:40 | 鬼仔 | 技术文章 | 4 个回复

作者:linzi

题记:

有很多人不会明白我的想法,但希望我个人的技术理念能对一些人有帮助.

把所学的东西上升为理论是为了更大限度的拓宽自已的思维,对于一个渗透者来说,思维比0day要重要多了.

渗透其实就是对已经掌握的各种技术加上自己的思维进行排列组合.

假说哪一天google被人入侵了,入侵的技术就是注射,很多人会说,这个我也会,没什么了不起的.
阅读全文 »

Tags: ,

IE7漏洞

2008/12/09 16:08 | 鬼仔 | 工具收集 | 8 个回复

# 鬼仔观望明天微软的补丁情况,是否会补上这个0DAY漏洞,如果没有补丁的话。。。八成不会补。360论坛还有一个

作者:greysign

好吧。被人发出来了。上周末还有人5000一小马。甚至一开始有12W出售的。

湛江那边更新了发出来了。我也发给吧。。。不分析。上代码。

360补完还是中的~
阅读全文 »

Tags: , , ,

利用wsc 来做一个asp后门

2008/12/05 19:21 | 鬼仔 | 工具收集 | 3 个回复

作者:lcx

ScriptCodingInfo.wsc代码如下,该文件可以改成任意后缀

<?xml version="1.0" encoding="gb2312" standalone="yes"?>

<?component error="true" debug="true"?>

<package>

<component id="haiyangtop">
 阅读全文 »
Tags:

Discuz! 1_modcp_editpost.tpl.php xss bug

2008/12/05 0:04 | 鬼仔 | 技术文章 | 5 个回复

author: ring04h
team:http://www.80vul.com

[该漏洞由ring04h发现并且投递,thx]
由于Discuz!的1_modcp_editpost.tpl.php里$orig[‘message’]未过滤,导致一个xss漏洞.

一 分析
阅读全文 »

Tags: , , ,

serv-u7 local exploit (php)

2008/12/02 18:26 | 鬼仔 | 工具收集 | 消灭0回复

# 鬼仔:前几天浪子发我测试过,今天放出来了。

by 空虚浪子心 http://www.inbreak.net

注:由于作者懒,没有提供日志清理功能,会留下日志:

一,su7是提权有几种方式?
 有两种形式去干掉su7。
1>,登陆管理员控制台的页面
==>获取OrganizationId,用于添加用户
==>获取全局用户的“下一个新用户ID”
==>添加用户
==>添加用户的权限 or 添加全局用户权限
==>用户登陆
==>执行系统命令添加系统账户。
阅读全文 »

Tags: ,

Browser Rider – a testing tool for browser exploitation

2008/12/02 16:23 | 鬼仔 | 工具收集 | 消灭0回复

What is this about?
“Browser Rider” is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.

Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there are unmainted, not updated and not documented. Browser Rider wants to fill those gaps by providing a better alternative.
阅读全文 »

Tags:

Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)

2008/12/02 16:03 | 鬼仔 | 工具收集 | 消灭0回复 
<%@ page import="java.util.*,java.io.*"%>
<%
%>

<%--
abysssec inc public material

just upload this file with abysssec.jsp and execute your command
your command will run as administrator . you can download sam file
add user or do anything you want .
note : please be gentle and don't obstructionism .
vulnerability discovered by : abysssec.com
 阅读全文 »
Tags: ,

Cain & Abel < = v4.9.24 .RDP Stack Overflow Exploit

2008/12/02 16:02 | 鬼仔 | 工具收集 | 1 个回复 
#!/usr/bin/perl
#
# Cain & Abel <= v4.9.24 .RDP Stack Overflow Exploit
# Exploit by SkD ([email protected])
# -----------------------------------------------
#
# Nothing much to say about this one. This works on
# an updated Windows XP SP3. On Vista this exploit is way easier
# the more challenging one was on XP, and here it is.
# Enjoy :). Also remember if you want to put your own shellcode
# there are a few character restrictions and using Alpha2 or
# Alpha Numerical won't work at all.
# To open the .RDP file in Cain & Abel, click the
# "Remote Password Decoder Dialog" icon.
# Credits to Encrypt3d.M!nd.
# {Author has no responsibility over the damage you do with this!}
 阅读全文 »
Tags: ,