'보안'에 해당되는 글 20건

  1. 2008.09.29 Forensics Wiki
  2. 2008.09.03 sqlmap 0.6
  3. 2008.05.11 Database Security 관련 Site
  4. 2008.04.27 Windows를 위한 Third-Party 방화벽
  5. 2008.04.27 jar 파일 풀기 및 소스 decompile
  6. 2008.04.24 Apache 버전 숨기기
  7. 2008.04.20 Computer Security Video
  8. 2008.01.06 Site List
  9. 2007.11.25 Bruter 1.0Beta1 released
  10. 2007.11.18 penetrationtest.com

2008.09.29 22:19 보안

Forensics Wiki

Forensics 관련 Wiki

http://www.forensicswiki.org/


Posted by She쥐포s

2008.09.03 12:45 보안/Web

sqlmap 0.6

Introduction
============

sqlmap is an automatic SQL injection tool developed in Python. Its goal
is to detect and take advantage of SQL injection vulnerabilities on web
applications. Once it detects one or more SQL injections on the target
host, the user can choose among a variety of options to perform an
extensive back-end database management system fingerprint, retrieve DBMS
session user and database, enumerate users, password hashes, privileges,
databases, dump entire or user's specific DBMS tables/columns, run his
own SQL SELECT statement, read specific files on the file system and
much more.


Changes
=======

Some of the new features include:

* Added multithreading support to set the maximum number of concurrent
HTTP requests.

* Implemented SQL shell (--sql-shell) functionality and fixed SQL query
(--sql-query, before called -e) to be able to run whatever SELECT
statement and get its output in both inband and blind SQL injection attack.

* Added an option (--privileges) to retrieve DBMS users privileges, it
also notifies if the user is a DBMS administrator.

* Added support (-c) to read options from configuration file, an example
of valid INI file is sqlmap.conf and support (--save) to save command
line options on a configuration file.

* Implemented support for HTTPS requests over HTTP(S) proxy.

* Enhanced logging system: added three more levels of verbosity to show
also HTTP sent and received traffic.

Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog.


Download
========

You can download it in various formats:

* Source gzip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.tar.gz

* Source bzip2 compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.tar.bz2

* Source zip compressed,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6.zip

* DEB binary package,
http://downloads.sourceforge.net/sqlmap/sqlmap_0.6-1_all.deb

* RPM binary package,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6-1.noarch.rpm

* Portable executable for Windows that does not require the Python
interpreter to be installed on the operating system,
http://downloads.sourceforge.net/sqlmap/sqlmap-0.6_exe.zip

Note: the subversion repository is not accessible anymore so the only
way to get the new release is to download it from one of the above links.


Documentation
=============

* sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf

* sqlmap developer's documentation: http://sqlmap.sourceforge.net/dev/
Posted by She쥐포s
http://www.databasesecurity.com/index.htm
Posted by She쥐포s

- Windows 2000/XP/2003 지원
http://www.hsc.fr/ressources/outils/pktfilter/index.html.en

Posted by She쥐포s

* jar 파일을 푸는 방법을 모르고 있는 사람들이 있는 것 같아서 간단하게 정리함.
jar 파일은 tar 파일과 압축과 푸는 방법이 비슷하다. 다만 대상이 tar의 경우 일반 파일이라는 점과
jar의 경우 java의 class 파일이라는 점이다.

* jar 파일 풀기
jar -xvf filenameApp.jar
하게 되면 .class 파일이 풀려 나온다.

* 소스 Decompile 툴
http://www.program-transformation.org/Transform/JavaDecompilers
또는
http://www.kpdus.com/jad.html

를 이용하여 소스의 내용을 얻을 수 있다.

Posted by She쥐포s

vi httpd.conf

ServerTokens Prod 추가

apache 재시작


Posted by She쥐포s

2008.04.20 21:52 보안

Computer Security Video

2008.01.06 23:18 보안

Site List

○ Vulnerability
    - http://packetstormsecurity.org/
    - http://www.elsenot.com/
    - http://milw0rm.com/
    - http://www.osvdb.org/

○ Education & Study
    - http://www.hackerhighschool.org/

○ Tool
    - http://www.nagiosexchange.org/
    - http://www.ntop.org/
    - http://www.splintered.net/sw/flow-tools/
    - http://www.google.com/search?hl=en&q=prtg

○ Article for Log Level Security
    - http://support.microsoft.com/kb/282791/en-us
    - http://support.microsoft.com/kb/314980/en-us
    - http://support.microsoft.com/kb/300549/en-us
    - http://support.microsoft.com/kb/262177/en-us
    - http://support.microsoft.com/kb/310399/en-us
    - http://msdn2.microsoft.com/en-us/library/aa392285.aspx

○ Database Security
    - http://www.petefinnigan.com/

○ MS Security Info
    - http://securityadmin.info/

○ Security Videos
    - http://security-freak.net/videos.html

○ Other Sources
    - http://chaosreader.sourceforge.net/
    - http://gentoo-wiki.com/HOWTO_setup_a_gentoo_bridge
    - http://www.wireshark.org/
    - http://cmrr.ucsd.edu/people/Hughes/CmrrSecureEraseProtocols.pdf
    - http://tinyurl.com/24vuj8
    - http://tinyurl.com/35mbc9
    - http://www.nber.org/sys-admin/overwritten-data-guttman.html
    - http://www.DaveKleiman.com/Files
    - http://tinyurl.com/8zblp
    - http://tinyurl.com/iqx3
    - http://www.giac.net/certified_professionals/practicals/gcfa/265.php
    - http://www.payam.com.au/hard-disk-data-recovery.htm
    - http://ocw.mit.edu/OcwWeb/web/courses/courses/index.htm
    - http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
    - https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget-patches-in-ms07-048


    -
    -

Posted by She쥐포s
o Bruter 1.0Beta1 released
http://sourceforge.net/projects/worawita/


o BruteForce Tool
o Win32 플랫폼만 지원
Posted by She쥐포s

2007.11.18 23:42 보안

penetrationtest.com

o 아직은 많은 볼거리는 없지만 앞으로 기대해 볼만한 Site로 생각됨

o 특히 Tools-Software부분이 볼만하다. 각종 툴과 Train Resource가 있음.
http://www.penetrationtests.com/Tools-Software/


Posted by She쥐포s
이전버튼 1 2 이전버튼

블로그 이미지
She쥐포s
Yesterday15
Today0
Total233,767

달력

 « |  » 2018.11
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  

최근에 달린 댓글

글 보관함