分类 ‘工具收集’ 下的日志

PHP168 X-Forwarded-For的漏洞利用

2008/05/22 2:41 | 鬼仔 | 工具收集 | 消灭0回复

作者:amxku
来源:amxku’s blog

漏洞本身的成因没什么好说的,老掉牙的x-forwarded-for的问题,我想这个漏洞很多人都找到了。
因为这个漏洞也有些时间了,当时只是在pc上测试了一下,可能有些错误,有兴趣的同学可以自己研究一下。

<?php
print_r("
+------------------------------------------------------------------+
Create New Admin Exploit For php168 v4.0SP\n
amxku.net
+------------------------------------------------------------------+
 阅读全文 »
Tags: , ,

Sandman–读取Windows休眠文件的工具

2008/05/20 13:09 | 鬼仔 | 工具收集 | 消灭0回复

Sandman – Read the Windows Hibernation File

This is a pretty new tool and a very cool one, Hibernation is a fairly new feature for Windows so it’s good to see a new tool targeting that.

Microsoft provides a feature called Hibernation also know as suspend to disk that aims to save the system state into an undocumented file called hiberfil.sys. This file contains all the physical memory saved by the Operating System and aims to be restored by the user the next time the computer is powered on. Live forensics analysis is used to use physical memory dump to recover information on the targeted machine.
阅读全文 »

Tags: ,

开源兰飞破解补丁代码

2008/05/17 22:05 | 鬼仔 | 工具收集 | 1 个回复

鬼仔:赏月写的,结果被人说绑了东西,然后他就给公布源码了。具体情况到这里看,我这里就不写了,直接发源码。

这是当初赏月发布的:http://www.langke.org/down/兰飞.rar

源码:16_213854_1.rar | 备用

Tags: , ,

Dedecms getip()的漏洞利用

2008/05/17 21:57 | 鬼仔 | 工具收集 | 3 个回复

author: superhei
team:http://www.ph4nt0m.org
blog:http://superhei.blogbus.com

flyh4t在非安全发布了dedecms getip()的注射漏洞,漏洞本身的成因没什么好说的老掉牙的X-Forwarded-For的问题,我想这个漏洞很多人都找到了,不过这个漏洞的利用有个地方还是可以说说的,可以直接得到shell:

在用户登陆后把用户信息写如了缓存:\include\inc_memberlogin.php
阅读全文 »

Tags: , ,

PHP security analysis

2008/05/15 22:03 | 鬼仔 | 工具收集 | 消灭0回复

来源:Tr4c3’s blog

There are many tools out in market for security analysis of PHP codes.
Some of them are mentioned below:

1. PHP Security Scanner:
Desc: PHP Security Scanner is a tool written in PHP intended to search
PHP code for vulnarabilities. MySQL DB stores patterns to search for
as well as the results from the search. The tool can scan any
directory on the file system.
License: GPL
More Information: http://securityscanner.lostfiles.de/
阅读全文 »

Tags:

php源码审计工具–PHP Source Auditor 4 released

2008/05/15 22:01 | 鬼仔 | 工具收集 | 消灭0回复

一个用perl写的php源码审计工具
注释by:Neeao

from:http://iron.randombase.com/2008/05/13/php-source-auditor-4-released/

All packed up & ready for your enjoyment: PHP Source Auditor 4! So, if you have (most likely) never heard of it, this is the deal:

PSA4 is a Perl script that connects to your local webhost and scans all files (recursively) in the www root, for vulnerabilities. It scans for:
阅读全文 »

Tags:

Pentest – Tools

2008/05/15 21:51 | 鬼仔 | 工具收集 | 消灭0回复

来源:Tr4c3’s blog

Packet Shaper:
Nemesis: a command line packet shaper
Packit: The Packet Toolkit – A network packet shaper.
Hping by Antirez: a command line TCP/IP packet shaper
Sing: stands for ‘Send ICMP Nasty Garbage’; sends fully customizeable ICMP packets
Scapy: a new python-based packet generator
阅读全文 »

Tags:

Aviv Raff的IE0day,公布了

2008/05/14 23:46 | 鬼仔 | 工具收集 | 8 个回复

来源:Sowhat的blog

前两天提到Aviv搞得这个“找”0day活动(http://hi.baidu.com/secway/blog/item/f21ad28b6bd86c7a9e2fb454.html),今天他公布细节了。
阅读全文 »

Tags: