CVE Feeds

Jul 29, 2014

CheatSheet: SQLMap from Packetstorm



Source: http://packetstorm.foofus.com/papers/cheatsheets/sqlmap-cheatsheet-1.0-SDB.pdf


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Jul 28, 2014

Article: บทวิเคราะห์ Instagram(เมื่อปี 2012)

Link:: https://db.tt/RJgoVhEJ

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Jul 27, 2014

News: Syscan360 Conference Slides has available for download.

http://www.syscan360.org/en/schedule.html




If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Jul 24, 2014

Tools: ip2map - A tool to mark your IPs on a map.

Debian, ElasticSearch, Kibana and bettermap rocks \m/
Setup:
chmod a+x install.sh
./install.sh
Usage:
ip2map < csv-file-path >
Instructions:
  1. The CSV file should first row as column identifier/name
  2. The column with IPs should be named IP
  3. Column names are case-specific
  4. Specifying the same index type name again, updates or appends to the previous data in the index type
  5. In case of files with IPs only, specify, IP, asthe tooltip field value
Examples CSV/s will be added soon.



Source: https://github.com/5pld3y/ip2map


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: Obfuscate SSH Traffic

38 lines of perl to obfuscate SSH traffic and make it immune to common DPI-based attempts of blocking SSH traffic 
 
This is a simple ssh obfuscating proxy -- it xors every byte of SSH traffic 
with 0x19. This is enough to defeat DPI systems that try to look at the SSH
handshake / version string to identify SSH traffic. Unlike all the other code 
i've seen that obfuscates SSH traffic, sshxor doesn't require root access or 
patching the SSH codebase.

The code in chunkssh.pl is not mine -- it's Brian Hatch's, and I used some of 
their code to avoid reimplementing the annoying bits like forking and opening
sockets. See http://insecure.org/stc/sti.html for the original copy of 
chunkssh.pl (you need to search for "chunkssh.pl", it's about halfway through 
the page).

It's possible to use other DPI methods to block SSH traffic xored with 0x19.
An easy way to do so is to look at packet sizes/timing or just to XOR some 
bytes of traffic with each other (A xor B = (A xor key) xor (B xor key), so 
the result of this calculation is not changed xoring each byte of traffic with
a constant), and see if they match the xor'd together values of what the DPI 
system is looking for.  
    
If you want more advanced obfuscation, use Tor's obfsproxy: 
https://gitweb.torproject.org/obfsproxy.git
 
Source: https://github.com/matildah/sshxor 


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: Android Network Mapper (network scanner original nmap for android)

Prerelease anmap.apk done.

There are some little bugs, as domain names resolving and unroot scanning.

Nmap data files is also too big for ordinary device memory, 5mb. In the future it would be moved to external memory. Application should be about 2mb.

The same way you may download compiled nmap with data files in this tar ball or this zip archive and keep it in one folder.

Than connect to localhost via ConnectBot, untar and start scanning:  


Source: https://code.google.com/p/anmap/

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: PHP Decoder


This tool will attempt to decode any PHP hidden code, including eval(base64_decode, eval(gzinflate, etc.

Very useful for webmasters trying to identify what a specific code is doing (from WordPress themes/plugins or Joomla templates).


Source: http://ddecode.com/phpdecoder/?results=f8474948890decd20c7be3b623894274


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Jul 23, 2014

Some Priviledge Escalation in Linux and Windows XP on 22/07/2014

Microsoft XP SP3 MQAC.sys - Arbitrary Write Privilege Escalation

http://www.exploit-db.com/exploits/34112/

 Microsoft XP SP3 - BthPan.sys Arbitrary Write Privilege Escalation

 http://www.exploit-db.com/exploits/34131/

Linux Kernel ptrace/sysret - Local Privilege Escalation

http://www.exploit-db.com/exploits/34134/

 




If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Video: Ruby Programming Tutorial

Youtube Link Channel: https://www.youtube.com/playlist?list=PLMK2xMz5H5Zv8eC8b4K6tMaE1-Z9FgSOp


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Jul 22, 2014

Article: ทดสอบแงะ Baidu แบบคร่าวๆ

บทความนี้ผมทำเล่นๆและใช้งานไม่นานอาจจะไม่ครบถ้วนครับ

https://db.tt/FmFb5KdT


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |