본문 바로가기

모의해킹 (WAPT)179

Metasploit Framework 4.2.0 “The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.“ Official change log for Metasploit Framework 4.2.0: IPv6 Coverage: M.. 2012. 2. 23.
Apache httpOnly Cookie Disclosure // Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08 // Most browsers limit cookies to 4k characters, so we need multiple function setCookies (good) { // Construct string for cookie value var str = ""; for (var i=0; i 2012. 2. 3.
RainbowCrack Project UPDATE “RainbowCrack uses time-memory tradeoff algorithm to crack hashes. It differs from the hash crackers that use brute force algorithm. RainbowCrack is a general propose implementation of Philippe Oechslin’s faster time-memory trade-off technique. It crack hashes with rainbow tables.” Official change log for RainbowCrack 1.5: Support 64-bit Windows operating systems Support 32-bit Linux operating s.. 2012. 1. 13.
OWASP AJAX Crawling Tool (update) Enumerating AJAX Applications with ACT (AJAX Crawling Tool) This demo shows how the AJAX Crawling Tool can be used in conjunction with your favorite proxy to fully enumerate and test AJAX applications. The purpose of the video is to: 1) Demonstrate how traditional spidering tools do not enumerate entire applications 2) How to run a basic ACT session and attacking it's findings using a proxy 출처 .. 2012. 1. 6.
False SQL Injection and Advanced Blind SQL Injection ######################################################################### # # # Exploit Title: False SQL injection and advanced blind SQL injection # # Date: 21/12/2011 # # Author: wh1ant # # # ######################################################################### 이 문서는 SQL injection 공격이 웹 방화벽이나 기타 보안 솔루션 방어 우회가 가능하다는걸 공개하기 위해 작성하였다. 한국 웹 방화벽을 대상으로 테스트 한 결과 대부분의 SQL injection 필터링 우회가 가능하였다. 이.. 2011. 12. 30.
728x90