'SECURITY/Web'에 해당되는 글 28건

  1. [자료] 바이패스 패이로드
  2. [자료] 웹기반 취약점 스캐너
  3. [Tool] 웹 기반 도구 모음
  4. [자료] How to: Install Fuzzbunch
  5. [자료] LFI 설명
  6. [정리] kali
  7. [자료] kali tools tutorial
  8. [자료] 모의해킹 자료, 도구 모음
  9. [자료] 취약한 VM이미지
  10. [정리] apache_request_headers / X-Powered-By, For

[자료] 바이패스 패이로드

https://github.com/swisskyrepo/PayloadsAllTheThings

'SECURITY > Web' 카테고리의 다른 글

[자료] 바이패스 패이로드  (0) 2018.09.03
[자료] 웹기반 취약점 스캐너  (0) 2017.10.12
[Tool] 웹 기반 도구 모음  (0) 2017.05.30
[자료] How to: Install Fuzzbunch  (0) 2017.04.24
[자료] LFI 설명  (0) 2017.04.24
[정리] kali  (0) 2017.03.27

[자료] 웹기반 취약점 스캐너

https://geekflare.com/online-scan-website-security-vulnerabilities/


https://pentest-tools.com/website-vulnerability-scanning/web-server-scanner

'SECURITY > Web' 카테고리의 다른 글

[자료] 바이패스 패이로드  (0) 2018.09.03
[자료] 웹기반 취약점 스캐너  (0) 2017.10.12
[Tool] 웹 기반 도구 모음  (0) 2017.05.30
[자료] How to: Install Fuzzbunch  (0) 2017.04.24
[자료] LFI 설명  (0) 2017.04.24
[정리] kali  (0) 2017.03.27

[Tool] 웹 기반 도구 모음

https://gchq.github.io/CyberChef/


cyberchef.htm


'SECURITY > Web' 카테고리의 다른 글

[자료] 바이패스 패이로드  (0) 2018.09.03
[자료] 웹기반 취약점 스캐너  (0) 2017.10.12
[Tool] 웹 기반 도구 모음  (0) 2017.05.30
[자료] How to: Install Fuzzbunch  (0) 2017.04.24
[자료] LFI 설명  (0) 2017.04.24
[정리] kali  (0) 2017.03.27

[자료] How to: Install Fuzzbunch

down : https://github.com/x0rz/EQGRP_Lost_in_Translation


What are Fuzzbunch & DanderSpritz?

Fuzzbunch is what Metasploit is to penetration testers. It is an an easy to use framework written in Python, that allows you to launch exploits and interact with different supported implants. DanderSpritz is a Java based management command & control console to administer compromised computers. Think of it is a Remote Access Trojan to control your “servers”.

EGRP-Windows
EGRP-Windows

This is how the decompressed files look and the ones marked are Fuzzbunch (fb.py) & DanderSpritz (start_lp.py). At first, I tried running it with Python 2.7.13, but was unable to do so. Later as I read the code, I found the following:

1
#!/usr/bin/python2.6

and

1
2
3
4
5
6
SUPPORTED_ARCH = {
    'win32':            'x86-Windows',
    'linux2-i686':      'i686-Linux',
    'linux2-x86_64':    'x86_64-Linux',
    'solaris':          'sparc-SunOS'
}

So, you see you need Python 2.6.x (I used Python 2.6.6) on either of the above mentioned operating systems in order to run Fuzzbunch. It is used to invoke various attack modules. The use of these modules tend to be automated, where the modules automatically share information. Modules can also be modified by modifying their related XML files to define their own parameters.

Further, the source code reveals this:

1
2
3
4
5
6
7
8
mswindows = (sys.platform == "win32")
 
if mswindows:
    import win32pipe
    import win32file
    import pywintypes
    import win32event
    import subprocess

So, you also need Python for Windows Extensions (PyWin32). I took a chance and downloaded the latest version pywin32-221.win32-py2.6.exe from here. Thinking that I had everything ready, I launched Fuzzbunch. I was greeted with a message about some directory not available. The answer to which is creating the following directory:

windows/listeningposts

Post all this on my Windows 7 test machine I got this:

Fuzzbunch
Fuzzbunch

Now, onto DanderSpritz – there are two ways to execute this C&C tool:

  1. Running Start.jar
  2. Running start_lp.py

The first time you execute DanderSpritz, you get a screen asking you for various configuration:

After you press “Go”, you are taken to a screen that looks like this:

DanderSpritz2
DanderSpritz GUI

The errors in red tell you what you are missing. So you can simply create a logging directory by running the configure_lb.py script.

One more of the errors – I think it has all the contents under “storage” – can be overcome by creating a dszopsdisk-x.zip archive.

That’s all for now folks!



'SECURITY > Web' 카테고리의 다른 글

[자료] 웹기반 취약점 스캐너  (0) 2017.10.12
[Tool] 웹 기반 도구 모음  (0) 2017.05.30
[자료] How to: Install Fuzzbunch  (0) 2017.04.24
[자료] LFI 설명  (0) 2017.04.24
[정리] kali  (0) 2017.03.27
[자료] kali tools tutorial  (0) 2017.03.24

[자료] LFI 설명

Introduction

The intent of this document is to help penetration testers and students identify and test LFI vulnerabilities on future pen testing engagements by consolidating research for local file inclusion LFI testing techniques. LFI vulnerabilities are typically discovered during web app pen tests using the techniques contained within this document. Additionally, some of the techniques mentioned in this paper are also commonly used in CTF style competitions.


What is a Local File Inclusion (LFI) vulnerability?

Local File Inclusion (LFI) allows an attacker to include files on a server through the web browser. This vulnerability exists when a web application includes a file without correctly sanitising the input, allowing and attacker to manipulate the input and inject path traversal characters and include other files from the web server.

The following is an example of PHP code vulnerable to local file inclusion.

<?php
   $file = $_GET['file'];
   if(isset($file))
   {
       include("pages/$file");
   }
   else
   {
       include("index.php");
   }
?>

Identifying LFI Vulnerabilities within Web Applications

LFI vulnerabilities are easy to identify and exploit. Any script that includes a file from a web server is a good candidate for further LFI testing, for example:

/script.php?page=index.html 

A penetration tester would attempt to exploit this vulnerability by manipulating the file location parameter, such as:

/script.php?page=../../../../../../../../etc/passwd

The above is an effort to display the contents of the /etc/passwd file on a UNIX / Linux based system.

Below is an example of a successful exploitation of an LFI vulnerability on a web application:

LFI Example of a /etc/passwd file being disclosed

PHP Wrappers

PHP has a number of wrappers that can often be abused to bypass various input filters.

PHP Expect Wrapper

PHP expect:// allows execution of system commands, unfortunately the expect PHP module is not enabled by default.

php?page=expect://ls

The payload is sent in a POST request to the server such as:

/fi/?page=php://input&cmd=ls

Example using php://input against DVWA:

Request:

LFI Burp Request

Image description: POST request using php://input

Web Application Response:

DVWA LFI Example

Image description: The output from the command “ls” is rendered above the DVWA banner.

PHP php://filter

php://filter allows a pen tester to include local files and base64 encodes the output. Therefore, any base64 output will need to be decoded to reveal the contents.

An example using DVWA:

vuln.php?page=php://filter/convert.base64-encode/resource=/etc/passwd  
DVWA Example Outpute

Image description: Image showing the base64 encoded text at the top of the rendered page

Base64 decoding the string provides the /etc/passwd file:

Base64 LFI Decoded String

Image description: An image showing the base64 decoded output from /etc/passwd on a UNIX / Linux system

php://filter can also be used without base64 encoding the output using:

?page=php://filter/resource=/etc/passwd
LFI PHP Filter Wrapper Output

Image description: An image showing the output from /etc/passwd on a UNIX / Linux system using php://filter

PHP ZIP Wrapper LFI

The zip wrapper processes uploaded .zip files server side allowing a penetration tester to upload a zip file using a vulnerable file upload function and leverage he zip filter via an LFI to execute. A typical attack example would look like:

  1. Create a PHP reverse shell
  2. Compress to a .zip file
  3. Upload the compressed shell payload to the server
  4. Use the zip wrapper to extract the payload using: php?page=zip://path/to/file.zip%23shell
  5. The above will extract the zip file to shell, if the server does not append .php rename it to shell.php instead

If the file upload function does not allow zip files to be uploaded, attempts can be made to bypass the file upload function (see: OWASP file upload testing document).

LFI via /proc/self/environ

If it’s possible to include /proc/self/environ via a local file inclusion vulnerability, then introducing source code via the User Agent header is a possible vector. Once code has been injected into the User Agent header a local file inclusion vulnerability can be leveraged to execute /proc/self/environ and reload the environment variables, executing your reverse shell.

Useful Shells

Useful tiny PHP back doors for the above techniques:

<? system('uname -a');?>

Null Byte Technique

Null byte injection bypasses application filtering within web applications by adding URL encoded “Null bytes” such as %00. Typically, this bypasses basic web application blacklist filters by adding additional null characters that are then allowed or not processed by the backend web application.

Some practical examples of null byte injection for LFI:

vuln.php?page=/etc/passwd%00
vuln.php?page=/etc/passwd%2500

Truncation LFI Bypass

Truncation is another blacklist bypass technique. By injecting long parameter into the vulnerable file inclusion mechanism, the web application may “cut it off” (truncate) the input parameter, which may bypass the input filter.

Log File Contamination

Log file contamination is the process of injecting source code into log files on the target system. This is achieved by introducing source code via other exposed services on the target system which the target operating system / service will store in log files. For example, injecting PHP reverse shell code into a URL, causing syslog to create an entry in the apache access log for a 404 page not found entry. The apache log file would then be parsed using a previously discovered file inclusion vulnerability, executing the injected PHP reverse shell.

After introducing source code to the target systems log file(s) the next step is identifying the location of the log file. During the recon and discovery stage of penetration testing the web server and likely the target operating system would have been identified, a good starting point would be looking up the default log paths for the identified operating system and web server (if they are not already known by the consultant). FuzzDB’s Burp LFI payload lists can be used in conjunction with Burp intruder to quickly identify valid log file locations on the target system.

Some commonly exposed services on a Linux / UNIX systems are listed below:

Apache / Nginx

Inject code into the web server access or error logs using netcat, after successful injection parse the server log file location by exploiting the previously discovered LFI vulnerability. If the web server access / error logs are long, it may take some time execute your injected code.

Email a Reverse Shell

If the target machine relays mail either directly or via another machine on the network and stores mail for the user www-data (or the apache user) on the system then it’s possible to email a reverse shell to the target. If no MX records exist for the domain but SMTP is exposed it’s possible to connect to the target mail server and send mail to the www-data / apache user. Mail is sent to the user running apache such as www-data to ensure file system permissions will allow read access the file /var/spool/mail/www-data containing the injected PHP reverse shell code.

First enumerate the target system using a list of known UNIX / Linux account names:

SMTP Enumerate Mail users

Image description: The above image uses the smtp-user-enum script confirming the www-data user exists on the system

The following screenshot shows the process of sending email via telnet to the www-data user:

Sending email to the www-data apache user via telnet

Image description: The above image shows the process of sending a reverse PHP shell via SMTP using telnet

Parse Log file LFI

Image description: The above image shows the inclusion of www-data mail spool file containing the emailed PHP reverse shell code

LFI Netcat Reverse Shell

Image description: The above image shows the emailed PHP reverse shell connecting to a netcat listener

References

Information sources used within this document:


'SECURITY > Web' 카테고리의 다른 글

[Tool] 웹 기반 도구 모음  (0) 2017.05.30
[자료] How to: Install Fuzzbunch  (0) 2017.04.24
[자료] LFI 설명  (0) 2017.04.24
[정리] kali  (0) 2017.03.27
[자료] kali tools tutorial  (0) 2017.03.24
[자료] 모의해킹 자료, 도구 모음  (0) 2015.01.15

[정리] kali

vmware tools 설치


1. apt update && apt -y full-upgrade 

2. cd ~/

3. apt-get install git gcc make linux-headers-$(uname -r)

4. git clone https://github.com/rasa/vmware-tools-patches.git

5. cd vmware-tools-patches/

6. vmware 메뉴에서  “Install VMware Tools” 클릭

7. cd ~/vmware-tools-patches/

8. cp /media/cdrom/VMwareTools-9.9.0-2304977.tar.gz downloads/

9. ./untar-and-patch-and-compile.sh

10. reboot


한글 설정


1. apt-get -y install fonts-nanum

2. apt-get -y install nabi im-switch

3. im-config -s nabi

4. im-config -c

5. 한글입력기 사용 스페이스바로 체크 후 ok

6. reboot


Shift + Space Bar 로 한/영 전환이 안될 때


1. apt-get install fcitx-hangul

2. apt-get install fcitx-lib*

3. reboot


metasploit 실행하기


1. service postgresql start

2. service metasploit start

2-1. (2번이 안될 경우) msfdb init

3. msfconsole

4. db_status (postgresql 연동 확인)


부팅시 postgresql와 metasploit 서비스를 자동으로 시작 시키려면


1. update-rc.d postgresql enable

2. update-rc.d metasploit enable


metasploitable 실행


1. metasploitable 다운

2. VMware에서 실행 msfadmin / msfadmin


FTP 설정


1. apt-get install vsftpd

2. /etc/vsftpd.conf 수정

2-1. local_enable=YES / write_enable=YES / local_umask=022

3. service vsftpd start


GPG파일 열기


1. apt-get install gpg

2. gpg --output [압축해제명] --decrypt sourcefile.gpg

3. input key


XZ파일 열기


1. apt-get install xz-utils

2. tar xf target.tar.xz or tar xJf myarchive.tar.xz or unxz myarchive.tar.xz



sudo apt purge virtualbox-guest-x11

sudo apt autoremove --purge

sudo reboot

sudo apt update

sudo apt dist-upgrade

sudo reboot

sudo apt update

sudo apt install -y virtualbox-guest-x11

sudo reboot

'SECURITY > Web' 카테고리의 다른 글

[자료] How to: Install Fuzzbunch  (0) 2017.04.24
[자료] LFI 설명  (0) 2017.04.24
[정리] kali  (0) 2017.03.27
[자료] kali tools tutorial  (0) 2017.03.24
[자료] 모의해킹 자료, 도구 모음  (0) 2015.01.15
[자료] 취약한 VM이미지  (0) 2014.12.11

[자료] kali tools tutorial

https://www.blackmoreops.com/

'SECURITY > Web' 카테고리의 다른 글

[자료] LFI 설명  (0) 2017.04.24
[정리] kali  (0) 2017.03.27
[자료] kali tools tutorial  (0) 2017.03.24
[자료] 모의해킹 자료, 도구 모음  (0) 2015.01.15
[자료] 취약한 VM이미지  (0) 2014.12.11
[정리] apache_request_headers / X-Powered-By, For  (0) 2014.11.23

[자료] 모의해킹 자료, 도구 모음

https://github.com/enaqx/awesome-pentest



A collection of awesome penetration testing resources, tools, books, confs, magazines and other shiny things

Online Resources

Penetration Testing Resources

  • Metasploit Unleashed - Free Offensive Security metasploit course
  • PTES - Penetration Testing Execution Standard
  • OWASP - Open Web Application Security Project
  • OSSTMM - Open Source Security Testing Methodology Manual

Shell Scripting Resources

  • LSST - Linux Shell Scripting Tutorial

Linux resources

  • Kernelnewbies - A community of aspiring Linux kernel developers who work to improve their Kernels

Shellcode development

Social Engineering Resources

Lock Picking Resources

Tools

Penetration Testing Distributions

  • Kali - A Linux distribution designed for digital forensics and penetration testing
  • NST - Network Security Toolkit distribution
  • Pentoo - security-focused livecd based on Gentoo
  • BackBox - Ubuntu-based distribution for penetration tests and security assessments

Basic Penetration Testing Tools

  • Metasploit - World's most used penetration testing software
  • Burp - An integrated platform for performing security testing of web applications

Vulnerability Scanners

  • Netsparker - Web Application Security Scanner
  • Nexpose - Vulnerability Management & Risk Management Software
  • Nessus - Vulnerability, configuration, and compliance assessment
  • Nikto - Web application vulnerability scanner
  • OpenVAS - Open Source vulnerability scanner and manager
  • OWASP Zed Attack Proxy - Penetration testing tool for web applications
  • w3af - Web application attack and audit framework
  • Wapiti - Web application vulnerability scanner

Networks Tools

  • nmap - Free Security Scanner For Network Exploration & Security Audits
  • tcpdump/libpcap - A common packet analyzer that runs under the command line
  • Wireshark - A network protocol analyzer for Unix and Windows
  • Network Tools - Different network tools: ping, lookup, whois, etc
  • netsniff-ng - A Swiss army knife for for network sniffing
  • Intercepter-NG - a multifunctional network toolkit

SSL Analysis Tools

  • SSLyze - SSL configuration scanner

Hex Editors

Crackers

Windows Utils

DDoS Tools

  • LOIC - An open source network stress tool for Windows
  • JS LOIC - JavaScript in-browser version of LOIC

Social Engineering Tools

  • SET - The Social-Engineer Toolkit from TrustedSec

Anonimity Tools

  • Tor - The free software for enabling onion routing online anonymity
  • I2P - The Invisible Internet Project

Reverse Engineering Tools

  • IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
  • WDK/WinDbg - Windows Driver Kit and WinDbg
  • OllyDbg - An x86 debugger that emphasizes binary code analysis

Books

Penetration Testing Books

Hackers Handbook Series

Network Analysis Books

Reverse Engineering Books

Malware Analysis Books

Windows Books

Social Engineering Books

Lock Picking Books

Vulnerability Databases

Security Courses

Information Security Conferences

  • DEF CON - An annual hacker convention in Las Vegas
  • Black Hat - An annual security conference in Las Vegas
  • BSides - A framework for organising and holding security conferences
  • CCC - An annual meeting of the international hacker scene in Germany
  • DerbyCon - An annual hacker conference based in Louisville
  • PhreakNIC - A technology conference held annually in middle Tennessee
  • ShmooCon - An annual US east coast hacker convention
  • CarolinaCon - An infosec conference, held annually in North Carolina
  • HOPE - A conference series sponsored by the hacker magazine 2600
  • SummerCon - One of the oldest hacker conventions, held during Summer
  • Hack.lu - An annual conference held in Luxembourg
  • HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
  • Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
  • Hack3rCon - An annual US hacker conference
  • ThotCon - An annual US hacker conference held in Chicago
  • LayerOne - An annual US security conerence held every spring in Los Angeles
  • DeepSec - Security Conference in Vienna, Austria
  • SkyDogCon - A technology conference in Nashville

Information Security Magazines

Awesome Lists

http://www.kahusecurity.com/tools/


Tools

Disclaimer: All tools have been tested on 32-bit/64-bit Windows 7 but work on Windows 8.1/10 as well. They are available free for personal or business use. These tools have been compressed with UPX or Confuser and used to analyze malicious content so anti-virus software may falsely identify them as infected or suspicious. No warranties expressed or implied; use at your own risk!

If you find these tools helpful, please consider donating: 1D2149DqK33asrbwTvSLgQLbk1kXjJCui (BTC)

All files are compressed using 7-Zip with the password: kahusecurity

Binary File Converter
Version: 0.1
Download: Link
MD5: 4E3154C6F96DE47D068686DEC35AF565
Description: Converts small binary files into text and vice versa which enables you to move content into and out of locked-down, remote hosts via VPN, RDC, SecureDesktop, etc as long as access to the clipboard is allowed.
Credits: Tom Moran (textbox), Rocky Mountain Computer Consulting (ctrl-a select)
Last Update: 07/27/13
 

Converter
Version: 0.14
Download: Link
MD5: B8F5BD1766ECCC344006ABBBD1831CB6
Description: Convert data to/from many different formats, format data, search/replace data, extract data, find XOR/ROT/SFT keys, import/export/split/join/convert files, and more. This tool was originally made for analyzing and deobfuscating malicious scripts so it wasn’t designed to handle large datasets.
Credits: Sebatian L. (XOR), James Johnston of TechKnow Professional Services (cZLIB). This program also contains cryptography software by David Ireland of DI Management Services Pty Ltd (Radix 64, MD5), Karim Wafi (Hash class), Shawn Stugart (VBS encoder), Jean-Luc Antoine (VBS decoder), David Zimmer of Sandsprite (sc2exe, Beautify), Einar Lielmanis (JSBeautifier), Paul Mather (splitter), Tom Moran (textbox), Rocky Mountain Computer Consulting (ctrl-a select)
Last Update: 09/30/16
 

Cover Fire
Version: 0.1
Download: Link
MD5: 1ED40D3D1F799D0BF33555050AAB5803
Description: Generates web requests to fill up log files with misleading information. This tool requires .NET Framework 4.5.
Last Update: 10/03/15
 

Data Converter
Version: 0.10
Download: Link
MD5: C7AD8E5CE78D8D93A1ED4766554BD170
Description: Converts text, hex, or decimal values using XOR, ROTate, and ShiFT methods. You can do an XOR keyword search or enumerate all keys to a file. You can import a binary file, perform add/subtracts before/after an XOR/ROT/SFT action, and write out the results to a text or binary file.
Credits: Sebatian L. (XOR), Tom Moran (textbox), Rocky Mountain Computer Consulting (ctrl-a select)
Last Update: 10/05/14
 

Difference Calculator
Version: 0.1
Download: Link
MD5: FD9D901E7FB772B8E0A7DBF413F4D605
Description: Calculates the difference between two sets of strings based on the user-defined method (e.g. subtraction, addition, etc). Right-clicking in each text box brings up a context menu and offers the ability to read/save files (binary file reads are limited to 1KB to save time).
Last Update: 10/22/16
 

File Converter
Version: 0.7
Download: Link
MD5: FC9A55F0532CE086AB58D670955F2E7D
Description: Converts large binary files to/from hex files with or without XOR encryption/decryption. Supports hex and decimal XOR keys.
Credits: Sebatian L. (XOR), Rocky Mountain Computer Consulting (ctrl-a select)
Last Update: 02/17/14
 

Javascript Deobfuscator
Version: 0.3
Download: Link
MD5: A8DA1D3596BAC763C29518851813C290
Description: Deobfuscate simple Javascript quickly and easily. Includes text highlighting and script beautification. This tool requires .NET Framework 4.5.
Credits: David Zimmer (MSScriptControl), Einar Lielmanis (JSBeautifier)
Last Update: 01/09/16
 

JS Packer
Version: 0.1
Download: Link
MD5: 8A15DFA39AE7CEE1056538950D9AE251
Description: Pack and unpack Javascript from DOS using Dean Edwards Packer and PhantomJS. This script requires PhantomJS.
Credits: Dean Edwards (Packer), Ariya Hidayat (PhantomJS)
Last Update: 02/06/16
 

PHP Converter
Version: 0.3
Download: Link
MD5: 0AF4562D8A8BDBB2F615AF17F00B47BF
Description: Deobfuscates/obfuscates PHP scripts.
Credits: James Johnston of TechKnow Professional Services (cZLIB). This program also contains cryptography software by David Ireland of DI Management Services Pty Ltd (Radix 64), Tom Moran (textbox), Rocky Mountain Computer Consulting (ctrl-a select)
Last Update: 07/11/14
 

PHP Script Decoder
Version: 0.1
Download: Link
MD5: A597D34D3B5D44EE96127B48F7B6C3BE
Description: Provides functionality to perform custom search/replace methods to deobfuscate PHP scripts.
Credits: Tom Moran (textbox), Rocky Mountain Computer Consulting (ctrl-a select)
Last Update: 06/01/14
 

Pinpoint
Version: 0.2
Download: Link
MD5: F8467093A63A89DC419795196F41A0DF
Description: Fetches a webpage and then enumerates and analyzes its components to help identify any infected files. Pinpoint gives you various options when making an HTTP request including spoofing the user-agent string and referer. Pinpoint will not render any of the content.
Last Update: 02/08/14
 

Registry Dumper
Version: 0.2
Download: Link
MD5: E17377257421F2A94BFC4F85B0E175BB
Description: With Registry Dumper, you can scan for null characters in registry keys and dump them to a text file. You can also create and delete hidden keys by inserting the word “[null]” into the keyname. This tool requires .NET Framework 4.5.
Credits: Hoang Khanh Nguyen (NTRegistry.DLL)
Last Update: 09/30/16
 

Revelo
Version: 0.6
Download: Link
Alternate: Link
MD5: 78311BC107613ADF3C9A32EC8A242C26
Description: Deobfuscate Javascript using a variety of different methods; includes a built-in JS beautifier, DOM walker, firewall, packet sniffer, and proxy. Note: If analyzing malicious content, please use in a virtual machine. If the script calls Java, Acrobat, or some other plug-in, Revelo won’t protect you.
Credits: Eric Wolcott (firewall), Michael D. (proxy), Einar Lielmanis (JSBeautifier), David Zimmer (Beautify), James Crowley (cookies), Tom Moran (textbox), Rocky Mountain Computer Consulting (ctrl-a select)
Last Update: 02/15/15
 

Sandbox Tester
Version: 0.1
Download: Link
MD5: 3FE44D098469DD06BD2C79671DDCD0DF
Description: Creates a dropper that deploys several methods to get past automated malware analysis tools. The dropper safely drops an Eicar file and pops up a message upon execution.
Last Update: 08/16/12
 

Scout
Version: 0.2
Download: Link
MD5: 6AE5AF75365B58AB2CD9A21A8B87E29B
Description: Uses the Pinpoint engine to download and analyze webpage components to identify infected files. This function works fine in 32-bit Windows. Scout has a built-in HTTP Request Simulator that will render user-specified HTML files, catch the resulting HTTP requests, then drop the responses. Scout includes the ability to screenshot the webpage using PhantomJS (download PhantomJS and copy the .exe to the same folder as Scout). Use Scout in a VM since it could potentially cause your computer to become infected.
Credits: Michael D. (proxy), Tom Moran (textbox), Rocky Mountain Computer Consulting (ctrl-a select)
Last Update: 10/05/14
 

Script Decoder
Version: 0.1
Download: Link
MD5: 6035692452FC88B90CF71AA6FBD357D6
Description: Decodes data that has been encoded using Microsoft Script Encoder (ScrEnc).
Credits: Lewis E. Moten III (Script Decoder Program)
Last Update: 12/06/14
 

Script Deobfuscator
Version: 0.2
Download: Link
MD5: A3F20818F64FC67FDE046A7AECDD970C
Description: Helps you conduct static analysis by performing a series of search/replaces to deobfuscate PHP, Javascript, VBA, and VBS scripts. This tool requires .NET Framework 4.5.
Credits: David Zimmer (MSScriptControl)
Last Update: 02/22/16
 

Secret Decoder Ring
Version: 0.1
Download: Link
MD5: 5646D0EC95CFE15BF7412F549439BBC2
Description: Performs character substitution and position-based character lookups. Several exploit packs use this technique to hide URLs. Now you can analyze, decode, and encode URLs.
Last Update: 11/17/12
 

Sounder
Version: 0.2
Download: Link
MD5: 5473C6A96F8525BC9D3EF077E03BAAC2
Description: Analyzes web server logs to find possible phishing sites via URLs left behind in referers. It also checks the potential websites for phishing keywords and takes screenshots. Sounder requires PhantomJS if you wish to take screenshots (download PhantomJS and copy the .exe to the same folder as Sounder).
Credits: Rocky Mountain Computer Consulting (ctrl-a select), Rocky Mountain Computer Consulting (ini read/write)
Last Update: 10/05/14
 

Text Decoder Toolkit
Version: 0.2
Download: Link
MD5: B703C0BB8F54BB4747D8A4EBD285F160
Description: Convert, transform, and decode text in a number of ways. Provides three different methods to help you determine what the XOR/shift value is. This tool requires .NET Framework 4.5.
Credits: Sam Allen (AlphanumComparatorFast class), ProgramFOX (arithmetic functions), Hans Passant (sync scrollbar class)
Last Update: 09/30/16
 

URL Revealer
Version: 0.2
Download: Link
MD5: E317D668710967D6C2591C98001DE8EF
Description: This is a web proxy that collects and displays the URLs from downloaders then drops the request automatically. This tool requires .NET Framework 2.0.
Credits: matt-dot-net (proxy class)
Last Update: 09/30/16
 

Welcome Mat
Version: 0.1
Download: Link
MD5: 1099C8F48637DEAE306140B336003F8E
Description: Opens listening ports on the host to spoof running services. This tool
requires .NET Framework 4.5.
Last Update: 10/03/15
 

Word to Decimal
Version: 0.1
Download: Link
MD5: 204253B6D3D9515F444AE76B78595BED
Description: Converts Qword, Dword, and Word values to decimal. It can also perform basic XOR decoding.
Credits: Tom Moran (textbox), Rocky Mountain Computer Consulting (ctrl-a select)
Last Update: 05/23/14
 

ZeuS ENC Decrypter
Version: 0.1
Download: Link
MD5: 35821DB452F71F1731A82264039B6DAE
Description: Automatically finds the four-byte XOR key then XOR-decrypts and LZNT1-decompresses GameOver ZeuS’ .enc files into PE files.
Credits: ALex Ionescu (NZNT1), Rocky Mountain Computer Consulting (ctrl-a select)

Last Update: 02/11/14

'SECURITY > Web' 카테고리의 다른 글

[정리] kali  (0) 2017.03.27
[자료] kali tools tutorial  (0) 2017.03.24
[자료] 모의해킹 자료, 도구 모음  (0) 2015.01.15
[자료] 취약한 VM이미지  (0) 2014.12.11
[정리] apache_request_headers / X-Powered-By, For  (0) 2014.11.23
[자료] cache-control 옵션  (0) 2014.11.04

[자료] 취약한 VM이미지

https://www.vulnhub.com/

'SECURITY > Web' 카테고리의 다른 글

[자료] kali tools tutorial  (0) 2017.03.24
[자료] 모의해킹 자료, 도구 모음  (0) 2015.01.15
[자료] 취약한 VM이미지  (0) 2014.12.11
[정리] apache_request_headers / X-Powered-By, For  (0) 2014.11.23
[자료] cache-control 옵션  (0) 2014.11.04
[정리] CR / LF  (0) 2014.10.27

[정리] apache_request_headers / X-Powered-By, For

웹 문제 풀다가 정리.


http://php.net/manual/kr/function.apache-request-headers.php

apache_request_headers - http request 헤더를 가져와 반환한다.


http://opennaru.tistory.com/76

X-Powered-By - 버전 정보 표시


http://en.wikipedia.org/wiki/X-Forwarded-For

http://lesstif.com/pages/viewpage.action?pageId=20775886

X-Forwarded-For - 프록시등으로 인해 클라이언트의 실제 IP를 알 수 없는 경우 사용 

'SECURITY > Web' 카테고리의 다른 글

[자료] 모의해킹 자료, 도구 모음  (0) 2015.01.15
[자료] 취약한 VM이미지  (0) 2014.12.11
[정리] apache_request_headers / X-Powered-By, For  (0) 2014.11.23
[자료] cache-control 옵션  (0) 2014.11.04
[정리] CR / LF  (0) 2014.10.27
[자료] HTTP/2  (0) 2014.10.23