soapffz

MSF

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

nps_payload免杀三件套及常用渗透流程

事情起因# 跟着 Tidesec 团队的免杀系列做复现，只做 360，火绒，腾讯电脑管家都能过的免杀工具终于在免杀专题 19 成功，还是热乎的没有被这几大厂商封掉于是复现并走一遍常见渗透测试流程参考文章：远控免杀专题 (19)-nps_payload 免杀 (VT…

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

MongoDB未授权访问漏洞复现

事情起因# 持续整理笔记中参考文章： MongoDB 未授权访问漏洞复现常见未授权访问漏洞总结本来准备参考其他文章用docker自己搭建一个测试了，结果竟然让我搜到了shodan关键词 0x00 简介# MongoDB 是一个基于分布式文件存储的数据库。由 C…

cover

cover

cover

cover

cover

cover

cover

cover

cover

metasploitable2-演示常见漏洞

事情起因# 本篇文章毫无技术含量，仅仅为演示常见漏洞使用 (闲得发慌持续整理笔记中) metasploitable2的话，Rapid 7官方很久没有维护于是两位小哥自己设计了不能直接利用漏洞的metasploitable3 后面我也会演示…

漏洞利用1 min

cover

cover

cover

cover

cover

cover

msf配合ngrok远控基础

本文于 2019-03-19 创作，原标题为 “msf 生成远控木马及免杀初探” 2019-12-27 重写，删除了包括安卓的部分，只测试 win7 远控的效果介绍# 远控也就是远程控制，是通过使用户点击我们准备好的远控木马达到控制用户电脑的效果基础材料： Kali…

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

WinRAR目录穿越漏洞-CVE-2018-20250 复现

来自WinRAR 中国下载页面的内容来自 Check Point Software Technologies 公司的 Nadav Grossman 向我们介绍了 UNACEV2.DLL 库中的安全漏洞。上述漏洞可以在解压缩 ACE…

漏洞利用2 min

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

cover

永恒之蓝-ETERNALBLUE漏洞MS17-010利用过程

虽然距离上一次 WannaCry 席卷全球 (17-05-12) 已经过去一年多了，现在来复现有炒冷饭的嫌疑，但是还是有价值的参考文章： http://blog.51cto.com/chenxinjie/2092754 https://www.freebuf.com…

Ownership of this blog data is guaranteed by blockchain and smart contracts to the creator alone.

Blockchain ID
#58006
Owner
0xa75bc050d20393dc83b0a7bba2974521594cb660
Transaction Hash
Creation 0x3f2e7120...5c02390f46 Last Update 0xb140f483...f41654bf92
IPFS Address
ipfs://QmV1mnK12ZYuXj4BRQXmGcJa1C87ZiHxviiJ17k8gqLbPb