鬼仔注:文中含一个web代码审计工具的列表。
作者:5up3rh3i
下面是一个Source Code Auditing tools的一个list [转于网络]
Name – [ language/s supported ] – web link:
阅读全文 »
Tags: Code Audits
Vulnerable:
Tru-Zone NukeET 3.4
FCKeditor FCKeditor 2.4.3
FCKeditor FCKeditor 2.0 rc3
FCKeditor FCKeditor 2.0 RC2
FCKeditor FCKeditor 2.3 beta
FCKeditor FCKeditor 2.2
阅读全文 »
Tags: Exploit,
FCKeditor
鬼仔注:看到TR那里放了几个链接,这里来个详细的,我英文很烂,就不翻译了。
一、OWASP WebScarab Project
a tool for performing all types of security testing on web applications and web services
下载地址:OWASP Source Code Center at Sourceforge
安装方法:
Linux: java -jar ./webscarab-selfcontained-[numbers].jar
Windows: double-click the installer jar file
A Mac OS X package of the latest version can usually be found on Corsaire’s download page.
You can also try the Java Web Start version, which was signed by Rogan Dawes.
阅读全文 »
Tags: OWASP,
WebGoat,
WebScarab
作者:SoBeIt
#include <stdio.h>
#include <winsock2.h>
#include <windows.h>
#pragma comment(lib, "ws2_32.lib")
#define NTSTATUS int
阅读全文 »
Tags: AFD.sys,
Exploit,
MS08-066,
提权
文章作者:Eros412
信息来源:邪恶八进制信息安全团队(www.eviloctal.com)
MS Bulletin : http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx
**********计算IoControlCode过程**********
阅读全文 »
Tags: AFD.sys,
Exploit,
MS08-066,
PoC,
提权
Hi,
I have just uploaded a k-plugin for Kartoffel, which exploits a flaw
patched in the recent MS08-066 bulletin.
http://kartoffel.reversemode.com/downloads.php
backup: http://milw0rm.com/sploits/2008-afd_plugin.zip
阅读全文 »
Tags: AFD.sys,
Exploit,
MS08-066,
提权
来源:3w417
p0f 是继Nmap和Xprobe2之后又一款远程操作系统被动判别工具。它支持:
1. 反连SYN 模式
2. 正连SYN+ACK 模式
3. 空连RST+ 模式
4. 碎片ACK模式
p0f比较有特色的是它还可以探测:
阅读全文 »
Tags: p0f
SCRT Webshag
IntroductionWebshag is a multi-threaded, multi-platform web server audit tool. Written in Python, it gathers commonly useful functionalities for web server auditing like website crawling, URL scanning or file fuzzing.
阅读全文 »
Tags: Python
