0x50sec.org

The Operation Outbreak Attack

From:http://www.exploit-db.com/papers/15833/

|=——————————————————————–=|
|=—————-=[ The Operation OutBreak Attack ]=—————–=|
|=————————–=[ 26 Dec 2010 ]=————————-=|
|=———————-=[  By CWH Underground  ]=——————–=|
|=——————————————————————–=|

######
Info
######

Title    : The Operation OutBreak Attack
Author    : ZeQ3uL  (Prathan Phongthiproek)
Retool2 (Suttapong Wara-asawapati)
Team    : CWH Underground [http://www.exploit-db.com/author/?a=1275]
Website    : www.citecclub.org
Date    : 2010-12-26

##########
Contents
##########

[0x00] – Introduction

[0x01] – OutBreak Web Application

[0x02] – OutBreak MySQL Database

[0x03] – OutBreak with Autosploit.rc

[0x04] – Outbreak to Internal Server

[0x05] – References

[0x06] – Greetz To

#######################
[0x00] – Introduction
#######################

Hi all, in this paper, we will show you my hacking method (Logs) from real world case study on some company.
Moreover, we also show the ways to use the Best Exploitation tool, Metasploit Framework (Thank HD Moore and Rapid7) that powerful than day in the past with many exploit and auxiliary (We will see it ;D)

We recommend to read previous paper “The Operation Cloudburst Attack” that guide you about methods to hacking with Metasploit Framework.

###################################
[0x01] – OutBreak Web Application
###################################

First, I use nmap for scan open port on target and found information below
阅读全文…

来源:http://www.milw0rm.com/papers/283

ps:有些东西我也独立想出来过，虽然没有发到网上，但是我没有抄袭这位。

不错的文章。收藏一下。

PHP filesystem attack vectors

Name PHP filesystem attack vectors
Systems Affected PHP and PHP+Suhosin
Vendor http://www.php.net/
Advisory http://www.ush.it/team/ush/hack-phpfs/phpfs_mad.txt
Authors Francesco “ascii” Ongaro (ascii AT ush DOT it)
Giovanni “evilaliv3″ Pellerano (giovanni.pellerano AT
evilaliv3 DOT org)
Date 20090207

I) Introduction
II) The bugs in 50 words
III) PHP filesystem functions path normalization attack
IV) PHP filesystem functions path normalization attack details
V) PHP filesystem functions path truncation attack
VI) PHP filesystem functions path truncation attack details
VII) The facts
VIII) POC and attack code
IX) Conclusions
X) References

阅读全文…

From:http://www.milw0rm.com/papers/359
PHP filesystem attack vectors – Take Two

Name PHP filesystem attack vectors – Take Two
Systems Affected PHP and PHP+Suhosin
Vendor http://www.php.net/
Advisory http://www.ush.it/team/ush/hack-phpfs/phpfs_mad_2.txt
Authors Giovanni “evilaliv3″ Pellerano (evilaliv3 AT ush DOT it)
Antonio “s4tan” Parata (s4tan AT ush DOT it)
Francesco “ascii” Ongaro (ascii AT ush DOT it)
Alessandro “jekil” Tanasi (alessandro AT tanasi DOT it)
Date 20090725

I) Introduction
II) PHP arbitrary Local File Inclusion testing
III) PHP arbitrary Local File Inclusion results
IV) PHP arbitrary File Open testing
V) PHP arbitrary File Open results
VI) PHP arbitrary Remote File Upload testing
VII) PHP arbitrary Remote File Upload results
VIII) Conclusions
IX) References

阅读全文…