Programming VIP

THE PLANETS:EARTH prepare Attacker: kali Target: the planes: Earth NAT 192.168.91.0 network segment Download connection [https://www.vulnhub.com/entry/the-planets-earth,755/] Information collection and utilization Host discovery https://github.com/czheisenberg/MyCode/blob/master/Scan/scapy/ping.py As shown in the figure, use python s ...

Refer to the connection of master Intranet penetration - complete domain penetration Some basic knowledge Domain: A computer domain is a collection of computers with security boundaries. Computers in the same domain have established a trust relationship with each other. Accessing other machines in the domain no longer requires the permi ...

Domain environment initialization DC IP: 10.10.10.10 OS: Windows 2012(64) Application: AD field WEB IP1: 10.10.10.80 IP2: 192.168.111.80 OS: Windows 2008(64) Application: Weblogic 10.3.6 MSSQL 2008 PC IP1: 10.10.10.201 IP2: 192.168.111.201 OS: Windows 7(32) Application: Attack aircraft IP: 192.168.111.5 OS: Kali weblogic exploit nm ...

preface Skip the installation of the environment. Please Baidu yourself for the installation of the environment This article is only for learning records. Please do not use it for illegal purposes The contents in brackets are variable values and need to be modified according to the actual situation Fastjson 1.2.24 Download Java comm ...

definition Cross site scripting attack is not confused with css, so cross site scripting attack is abbreviated as XSS. XSS is a security vulnerability of Web application, which is mainly caused by insufficient filtering of user input by Web application. The malicious attacker inserts the malicious script code into the Web page. When the user b ...

🌕 Write in front 🍊 Blog home page: Scorpio_m7🎉 Welcome to pay attention 🔎 give the thumbs-up 👍 Collection ⭐ Leave a message 📝🌟 This article is written by Scorpio_m7 original, CSDN first!📆 Starting time: 🌹 January 28, 2022 🌹✉️ Persistence and hard work will surely bring poetry and distance!🙏 The author's level is very limited. If y ...

Pre school instructions In MySQL version 5.0 and above, information is defined by default to facilitate management_ Schema database is used to store database meta information, including table schemata (database name), table (table name) and columns (field name and column name) Basic syntax learning of sql statements https://www.w3school.com.c ...

BossCMSV1.0 code audit preface The article originated in the prophet community BossCMSV1.0 code audit The following vulnerabilities have been submitted to CNVD and included Background arbitrary file upload Add the allowed upload type in the background security settings php Then upload the php Trojan horse file getshell through the attachm ...

ssrf is a security vulnerability in which an attacker constructs a request and the server initiates the request. Generally, the target of ssrf attack is the internal system that cannot be accessed by the external network Principle of ssrf vulnerability SSRF is mostly formed because the server provides the function of obtaining data from other ...

Strut2-001 Vulnerability description When the framework parses the JSP page tag, it will obtain the Value value entered by the user. In obtaining the corresponding Value value, it recursively parses% {,}, resulting in secondary parsing, and finally triggers the expression injection vulnerability to execute arbitrary code Impact version 2.0.1 ~ ...