sans pentest

BlindElephant is a Web Application Fingerprinter program. Of course, it is similar to WhatWeb. However, it seems that WhatWeb cannot scan the plug-in. (Qualys security researcher Patrick Thomas discussed the open-source Web application fingerprint engine BlindElephant at the Black Hat conference. BlindElephant is a tool that helps security experts and System Administrators identify all operations on servers, including any Web applications downloaded by users. It does not detect a vulnerability,

Conky screen problems-general Linux technology-Linux technology and application information. The following is a detailed description. I used conky to create a new one, because I had never been able to enable the effect under the effect tion, and it would overwrite the conky when I opened it, so I had to cancel the effect function. Now I try to change the settings in conkyrc, I would like to ask why there is one missing image on the right. I have added the width, but it is still useless. The foll

Use of DNS scanning toolsDNS scanning tools can be used to collect information including: domain name registration information, domain name resolution server (DNS server), valid sub-domain names(Information that can be used to collect: domain name registration information, name, phone number, email address, expiration time, valid subdomain name ....)1. WhoisUsage: whois top-level domain name (must be top-level domain name)Domain name status:The server group used to resolve DNS:Domain Name and Ne

format.# Do not modify the font format "-- *-% d-*-C.## Component font Mappings#Serif.0 =-B H-lucidabright-Medium-r-normal -- *-% d-*-p-*-iso8859-1Serif.1 =-MISC-simsun-Medium-r-normal -- *-% d-*-C-*-gb2312.1980-0Serif. italic.0 =-B H-lucidabright-Medium-I-normal -- *-% d-*-p-*-iso8859-1Serif. italic.1 =-MISC-simsun-Medium-r-normal -- *-% d-*-C-*-gb2312.1980-0Serif. bold.0 =-B H-lucidabright-demibold-r-normal -- *-% d-*-p-*-iso8859-1Serif. bold.1 =-MISC-simsun-Medium-r-normal -- *-% d-*-C-*-

In the Linux system environment, there are a lot of commands that we need to learn. The replacement of Java-related questions requires us to learn in detail. Next, let's take a look at the relevant editing code about Java in the Linux system environment. Replace the $ JRE/lib/font. properties file with the following content. #@(#)font.properties.zh.Turbo.Linux1.402/06/10 # #Copyright2002SunMicrosystems,Inc.Allrightsreserved. # #ComponentFontMappings # serif.0=-bh-lUCidabri

Html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite, Code,del,dfn,em,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li, Fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td,article,aside,canvas,details,embed,figure, figcaption,footer,header,hgroup,menu,nav,output,ruby,section,summary,time,mark,audio,video{margin:0;padding:0; border:0;font-size:100%;font:inherit;vertical-align:baseline;out

Font Display effect test 　　 This section is designed to test the display of italicized word, including the English fonts in the song body, "This is english,how does it looks like?". This line is a small print. The following words are bold in the song body . Punctuation ",. ：；！ " 　　 This section is designed to test the appearance of boldface characters, including the English fonts in boldface, "This is english,how does it looks like?". This line is a small print. punctuation ",. ：；！ ”。 What does

Editor's note: Fonts are designed to be as temperamental as people. Is good-natured, modest, polite, or lively bold, burning through a piece, are through the structure of the font to shape. Only understand the temperament of each font, you can put it to the right place, today this good article, with the students to popularize a little English font knowledge. Recently (before the exam) in reading "Font story", by the way the study of English font. I feel this is a fast promotion (beep) lattice o

. Incorrect results at http://nmap.org/submit/. Nmap done:1 IP Address (1 host up) scanned in 7.42 seconds server only open 80 ports, operating system is Linux 2.6.22 (Fedora Core 6) Now that we've got all the important information, let's do a bit of vulnerability testing, such as SQL injection, blinds, LFI,RFI,XSS,CSRF, etc. We use nikto.pl to get information and weaknesses: [Email protected]:/pentest/web/nikto# perl nikto.pl-h http:/

Today, I want to learn how to install PostgreSQL8.4 in Ubuntu9.10. After executing the following command, linuxidc @ pentest :~ $ The sudoapt-getinstallpostgresql-8.4postgresql-client-8.4postgresql-contrib-8.4 returns the following: update-alternatives: Using/usr/share/postgresql I want to install PostgreSQL 9.10 on Ubuntu 8.4 today. After executing the following command Linuxidc @ pentest :~ $ Sudo apt-get

SQL injection, blinds, LFI,RFI,XSS,CSRF, etc.We use nikto.pl to get information and weaknesses:[Email protected]:/pentest/web/nikto# perl nikto.pl-h http://hashlinux.com-Nikto v2.1.4---------------------------------------------------------------------------+ Target ip:192.168.1.2+ Target Hostname:hashlinux.com+ Target port:80+ Start time:2011-12-29 06:50:03---------------------------------------------------------------------------+ server:apache/2.2.

SCTF2016 the painful infiltration of the road 0x00 Preface This time the CTF play very sour, a total of 7 web penetration of the topic, this is the beginning of pain. A good jury, for him so many high door threshold. 0x01 pentest-homework-200 http://homework.sctf.xctf.org.cn/ Open full, is the landing page, entered the registration. Name, age, upload pictures. After landing, a picture was displayed. There's also a homework link. Click Homework

1. The previous analysis of Main and Execve, with the "Basic Shellcode extraction method" in the corresponding part of the explanation. If the EXECVE () call fails, the program will continue to fetch the instruction from the stack and execute it, while the data in the stack is random, usually the program will be core dump. If we want the program to still exit gracefully when the EXECVE () call fails, we must add an exit system call after the EXECVE () call. Its C language program is as follows:

, embed, figure, figcaption, footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video {Margin: 0;Padding: 0;Border: 0;Font-size: 100%;Font: inherit;Vertical-align: baseline;Outline: none;-Webkit-box-sizing: border-box;-Moz-box-sizing: border-box;Box-sizing: border-box;}Html {height: 101% ;}Body {font-size: 62.5%; line-height: 1; font-family: Arial, Tahoma, sans-serif ;}Article, aside, details, figcaption, figure, foo

Information Detection: Target Site: http://www.sixxf.itServer IP Address: 192.232.2xx.97 (USA)Environment platform: PHPServer System: ApacheThis time, I used a webpage to detect that the information on this site is not complete. Go to the topic, open the website background, and enter a 'in the login account text. The returned result is as follows:After the execution of ', the SQL statement reports an error, indicating that there may be injection. Use the Sqlmap tool in the Back Track system to t

An nginx egg DAY has been generated in recent days. Some people always ask how to judge the Web server, and ask the scanner that has a sudden menstruation. Such as nmap nc nikto .... What should we do with so many scanners? NMAP is enough! Method N: a few more examples! Nmap Pentest @ yinyin :~ $ Nmap-sV-p 80 www.xxoo.com Starting Nmap 5.00 (http://nmap.org) at 2010-05-24 CSTInteresting ports on 203. xxx. xxx.1 × 1:PORT STATE SERVICE VERSION80/tcp ope

Injection–blind SQL INJECTION–LFI–RFI–XSS–CSRF and so on.We will use Nikto to collect vulnerability information:[Email protected]:/pentest/web/nikto# perl nikto.pl-h hack-test.comWe will also use the W3AF tool in backtrack 5 R1:[Email protected]:/pentest/web/w3af#./w3af_guiWe enter the address of the website to be detected and select the Complete security audit option.Wait a moment, and you'll see the resu

for multi-lingual web pages, designers are not allowed to consider a language when choosing a font.2, font-familyMost of the introduction to font-family is simply that he can set the font name sequence in the text. In fact, the real function of font-family is to make a list of approximate fonts in order of precedence, and the browser starts with the first item and finds the first available font to display the text.Font-family:times New Roman, "Open-sans