# vi /etc/ssh/sshd_config


주석처리 : #HostKey /etc/ssh/ssh_host_ecdsa_key


내용추가 : KexAlgorithms, ciphers, macs 각 1줄씩


KexAlgorithms diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,curve25519-sha256@libssh.org
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
macs umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com


# service sshd restart

Posted by She쥐포s

2008.09.29 22:19 보안

Forensics Wiki

Forensics 관련 Wiki


Posted by She쥐포s

2008.09.03 12:45 보안/Web

sqlmap 0.6


sqlmap is an automatic SQL injection tool developed in Python. Its goal
is to detect and take advantage of SQL injection vulnerabilities on web
applications. Once it detects one or more SQL injections on the target
host, the user can choose among a variety of options to perform an
extensive back-end database management system fingerprint, retrieve DBMS
session user and database, enumerate users, password hashes, privileges,
databases, dump entire or user's specific DBMS tables/columns, run his
own SQL SELECT statement, read specific files on the file system and
much more.


Some of the new features include:

* Added multithreading support to set the maximum number of concurrent
HTTP requests.

* Implemented SQL shell (--sql-shell) functionality and fixed SQL query
(--sql-query, before called -e) to be able to run whatever SELECT
statement and get its output in both inband and blind SQL injection attack.

* Added an option (--privileges) to retrieve DBMS users privileges, it
also notifies if the user is a DBMS administrator.

* Added support (-c) to read options from configuration file, an example
of valid INI file is sqlmap.conf and support (--save) to save command
line options on a configuration file.

* Implemented support for HTTPS requests over HTTP(S) proxy.

* Enhanced logging system: added three more levels of verbosity to show
also HTTP sent and received traffic.

Complete list of changes at http://sqlmap.sourceforge.net/doc/ChangeLog.


You can download it in various formats:

* Source gzip compressed,

* Source bzip2 compressed,

* Source zip compressed,

* DEB binary package,

* RPM binary package,

* Portable executable for Windows that does not require the Python
interpreter to be installed on the operating system,

Note: the subversion repository is not accessible anymore so the only
way to get the new release is to download it from one of the above links.


* sqlmap user's manual: http://sqlmap.sourceforge.net/doc/README.pdf

* sqlmap developer's documentation: http://sqlmap.sourceforge.net/dev/
Posted by She쥐포s
Posted by She쥐포s

- Windows 2000/XP/2003 지원

Posted by She쥐포s

* jar 파일을 푸는 방법을 모르고 있는 사람들이 있는 것 같아서 간단하게 정리함.
jar 파일은 tar 파일과 압축과 푸는 방법이 비슷하다. 다만 대상이 tar의 경우 일반 파일이라는 점과
jar의 경우 java의 class 파일이라는 점이다.

* jar 파일 풀기
jar -xvf filenameApp.jar
하게 되면 .class 파일이 풀려 나온다.

* 소스 Decompile 툴

를 이용하여 소스의 내용을 얻을 수 있다.

Posted by She쥐포s

vi httpd.conf

ServerTokens Prod 추가

apache 재시작

Posted by She쥐포s

2008.04.20 21:52 보안

Computer Security Video

2008.01.06 23:18 보안

Site List

○ Vulnerability
    - http://packetstormsecurity.org/
    - http://www.elsenot.com/
    - http://milw0rm.com/
    - http://www.osvdb.org/

○ Education & Study
    - http://www.hackerhighschool.org/

○ Tool
    - http://www.nagiosexchange.org/
    - http://www.ntop.org/
    - http://www.splintered.net/sw/flow-tools/
    - http://www.google.com/search?hl=en&q=prtg

○ Article for Log Level Security
    - http://support.microsoft.com/kb/282791/en-us
    - http://support.microsoft.com/kb/314980/en-us
    - http://support.microsoft.com/kb/300549/en-us
    - http://support.microsoft.com/kb/262177/en-us
    - http://support.microsoft.com/kb/310399/en-us
    - http://msdn2.microsoft.com/en-us/library/aa392285.aspx

○ Database Security
    - http://www.petefinnigan.com/

○ MS Security Info
    - http://securityadmin.info/

○ Security Videos
    - http://security-freak.net/videos.html

○ Other Sources
    - http://chaosreader.sourceforge.net/
    - http://gentoo-wiki.com/HOWTO_setup_a_gentoo_bridge
    - http://www.wireshark.org/
    - http://cmrr.ucsd.edu/people/Hughes/CmrrSecureEraseProtocols.pdf
    - http://tinyurl.com/24vuj8
    - http://tinyurl.com/35mbc9
    - http://www.nber.org/sys-admin/overwritten-data-guttman.html
    - http://www.DaveKleiman.com/Files
    - http://tinyurl.com/8zblp
    - http://tinyurl.com/iqx3
    - http://www.giac.net/certified_professionals/practicals/gcfa/265.php
    - http://www.payam.com.au/hard-disk-data-recovery.htm
    - http://ocw.mit.edu/OcwWeb/web/courses/courses/index.htm
    - http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
    - https://strikecenter.bpointsys.com/articles/2007/08/26/vista-gadget-patches-in-ms07-048


Posted by She쥐포s
o Bruter 1.0Beta1 released

o BruteForce Tool
o Win32 플랫폼만 지원
Posted by She쥐포s
이전버튼 1 2 3 이전버튼

블로그 이미지


 « |  » 2019.8
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

최근에 달린 댓글

글 보관함