cdxy.me
Cyber Security / Data Science / Trading

Penetration Testing

Exploit with PHP Protocols / Wrappers

2016-12-15 19:17:57 cdxy File Inclusion,PHP
wrapper or protocol controllable function allow_url_include vulnerability type remark file:// - Off LFI / File Manipulation glob:// - Off Directory Traversal php://filter/read include Off File ... Read More
CTF

pwnhub 又一个要被黑掉的网站(web) writeup

2016-12-14 21:45:33 cdxy CTF,pwnhub,Web
Orz终于赶上一次pwnhub,题目如下 访问后view-source,发现图中选中部分是唯一明显疑点: 点入这个链接,显示如下: 最初fuzz SSRF未果,细看一眼才发现update success,于是验证上传的文件是否可访问,改上传名为cdxy.jpg 看效果 ... Read More
Penetration Testing

Python Security Auditing (V): Runtime Code Analysis Tool

2016-11-16 17:02:45 cdxy python,code analysis,Dynamic,Runtime
参考Skywolf原理构建Python审计工具,运行时动态获取底层函数的IO数据,并以类似WAF的规则匹配来判断漏洞是否触发。 Hook Functions 比如这样一段存在SSRF的代码: from urllib import request request.urlopen(input("url >")) ... Read More
Misc

Build Mirai botnet (III): Traffic and Fingerprint

2016-11-10 22:32:51 cdxy Mirai,botnet,malware,DoS
前两篇文章介绍了Mirai Botnet环境搭配、源码编译及修正、使用说明等。 Build Mirai botnet (I): Compile Mirai Source Build Mirai botnet (II): Bruteforce and DDoS Attack 本篇从流量和源码两个方面分析并提取Mirai各组件指纹。 Bot上线 发送方 协议 数据 bot telnet ... Read More
Misc

Build Mirai botnet (II): Bruteforce and DDoS Attack

2016-11-08 14:07:46 cdxy Mirai,botnet,malware,DoS
登入CNC 首先看一下CNC部分的源码。 入口 /Mirai/mirai/cnc/main.go line 18 func main() { tel, err := net.Listen("tcp", "0.0.0.0:23") if err != nil { fmt.Println(err) return } api, err := net.Listen("tcp", ... Read More
Penetration Testing

Python Security Auditing (IV): Command Execution

2016-11-07 18:11:23 cdxy python,Command Execution,pickle,yaml,eval
This article summarizes unsafe functions and exploits in Python command/code execution. os Unsafe functions os.system os.popen os.popen2 os.popen3 os.popen4 Exploit >>> import os >>> ... Read More
Misc

Build Mirai botnet (I): Compile Mirai Source

2016-11-04 19:02:04 cdxy Mirai,botnet,malware
An installation guide has been given by Mirai's author: https://github.com/jgamblin/Mirai-Source-Code/blob/master/ForumPost.md Here provides detailed installation commands. Install requirements ... Read More
Penetration Testing

Python Security Auditing (III): Server Side Request

2016-11-02 19:11:19 cdxy requests,urllib,pycurl,SSRF
CMS某些需求导致服务器主动向外发起请求,比如从外部URL添加资源: 目前很多成熟cms并不能有效控制该接口风险,我的第一个CVE就由它而来。 技术细节不再叙述,建议先阅读P神的文章,其中给出了非常棒的Python解决方案。 谈一谈如何在Python开发中拒绝SSRF漏洞 防御策略 使用计数器确保30x跳转不会进入死循环 ... Read More
Misc

Linux全自动代(fan)理(qiang)方案

2016-10-31 23:24:12 cdxy Shadowsocks,linux,Proxy
1 购买或搭建服务 可以自己购买海外服务器搭建,或者付费向服务商索取shadowsocks的登录凭证,一般包含如下字段: {"server":"xxx.xxx.xxx","server_port":xxx,"password":"xxx","method":"xxx"} 我们把这段json代码存储为/etc/shadowsocks/jp.json 2 下载客户端 下载:pip ... Read More
Penetration Testing

Python Security Auditing (II): SSTI

2016-10-30 17:28:19 cdxy SSTI,模板注入,Flask,Django
Template Injection 之前两篇曝光率很高的文章中指出了Flask SSTI成因及利用方式 exploring-ssti-in-flask-jinja2 exploring-ssti-in-flask-jinja2-part-ii 文中已指出利用方式,事实上使用__class__.__base__.subclasses__可以直接执行命令。 {% for c in ... Read More
Recent Posts
Categories