old/Web
[자료] 웹기반 취약점 스캐너
https://geekflare.com/online-scan-website-security-vulnerabilities/ https://pentest-tools.com/website-vulnerability-scanning/web-server-scanner
[자료] How to: Install Fuzzbunch
down : https://github.com/x0rz/EQGRP_Lost_in_Translation What are Fuzzbunch & DanderSpritz?Fuzzbunch is what Metasploit is to penetration testers. It is an an easy to use framework written in Python, that allows you to launch exploits and interact with different supported implants. DanderSpritz is a Java based management command & control console to administer compromised computers. Think of it ..
[자료] LFI 설명
IntroductionThe intent of this document is to help penetration testers and students identify and test LFI vulnerabilities on future pen testing engagements by consolidating research for local file inclusion LFI testing techniques. LFI vulnerabilities are typically discovered during web app pen tests using the techniques contained within this document. Additionally, some of the techniques mention..
[정리] kali
vmware tools 설치 1. apt update && apt -y full-upgrade 2. cd ~/3. apt-get install git gcc make linux-headers-$(uname -r)4. git clone https://github.com/rasa/vmware-tools-patches.git5. cd vmware-tools-patches/6. vmware 메뉴에서 “Install VMware Tools” 클릭7. cd ~/vmware-tools-patches/8. cp /media/cdrom/VMwareTools-9.9.0-2304977.tar.gz downloads/9. ./untar-and-patch-and-compile.sh10. reboot 한글 설정 1. apt-ge..
[자료] 모의해킹 자료, 도구 모음
https://github.com/enaqx/awesome-pentest A collection of awesome penetration testing resources, tools, books, confs, magazines and other shiny thingsOnline ResourcesPenetration Testing ResourcesShell Scripting ResourcesLinux ResourcesShellcode developmentSocial Engineering ResourcesLock Picking ResourcesToolsPenetration Testing DistributionsBasic Penetration Testing ToolsVulnerability ScannersNe..
[정리] apache_request_headers / X-Powered-By, For
웹 문제 풀다가 정리. http://php.net/manual/kr/function.apache-request-headers.phpapache_request_headers - http request 헤더를 가져와 반환한다. http://opennaru.tistory.com/76X-Powered-By - 버전 정보 표시 http://en.wikipedia.org/wiki/X-Forwarded-Forhttp://lesstif.com/pages/viewpage.action?pageId=20775886X-Forwarded-For - 프록시등으로 인해 클라이언트의 실제 IP를 알 수 없는 경우 사용
