-
Notifications
You must be signed in to change notification settings - Fork 0
/
atom.xml
447 lines (244 loc) · 18.5 KB
/
atom.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>海上孤岛</title>
<subtitle>化身孤岛的鲸</subtitle>
<link href="https://iassas.com/atom.xml" rel="self"/>
<link href="https://iassas.com/"/>
<updated>2023-07-27T08:49:21.050Z</updated>
<id>https://iassas.com/</id>
<author>
<name>Hywell</name>
</author>
<generator uri="https://hexo.io/">Hexo</generator>
<entry>
<title>woodpecker插件编写</title>
<link href="https://iassas.com/archives/ec517011.html"/>
<id>https://iassas.com/archives/ec517011.html</id>
<published>2023-07-27T08:48:28.000Z</published>
<updated>2023-07-27T08:49:21.050Z</updated>
<summary type="html"><p>编写woodpecker帆软密码解密插件<br><img src="https://s2.loli.net/2023/07/27/Q2bSljkpq3OMdCV.jpg"></p></summary>
<category term="安全" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/"/>
<category term="渗透测试" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/"/>
<category term="woodpecker" scheme="https://iassas.com/tags/woodpecker/"/>
</entry>
<entry>
<title>CaptfEncoder编译</title>
<link href="https://iassas.com/archives/80d64a8d.html"/>
<id>https://iassas.com/archives/80d64a8d.html</id>
<published>2023-07-11T13:40:04.000Z</published>
<updated>2023-07-11T13:41:04.311Z</updated>
<summary type="html"><p>解决CaptfEncoder无法在MacOS上运行。<br><img src="https://s2.loli.net/2023/07/11/Sbd7FWLkODvZjU5.jpg"></p></summary>
<category term="瞎折腾" scheme="https://iassas.com/categories/%E7%9E%8E%E6%8A%98%E8%85%BE/"/>
</entry>
<entry>
<title>家庭组网-软路由</title>
<link href="https://iassas.com/archives/fb727318.html"/>
<id>https://iassas.com/archives/fb727318.html</id>
<published>2023-04-17T06:42:00.000Z</published>
<updated>2023-04-23T04:27:16.807Z</updated>
<summary type="html"><p>最近在折腾家庭组网,买了一个软路由:N5105+16G+256 SSD。pve+ikuai+openwrt。由于有两条宽带(移动+电信),因此,使用ikuai进行分流,op进行科学。</p>
<p><img src="https://s2.loli.net/2023/04/17/BEC6IzjXfFMT3PV.png" alt="测速"></p></summary>
<category term="瞎折腾" scheme="https://iassas.com/categories/%E7%9E%8E%E6%8A%98%E8%85%BE/"/>
</entry>
<entry>
<title>jar打包应用程序</title>
<link href="https://iassas.com/archives/18ca2507.html"/>
<id>https://iassas.com/archives/18ca2507.html</id>
<published>2023-04-07T01:24:26.000Z</published>
<updated>2023-04-17T06:47:05.914Z</updated>
<summary type="html"><p>之前写过一篇<a href="/archives/4afab831.html" title="jar文件打包成app">jar文件打包成app</a>的文章,使用的是jar2app的方式。之后发现更加优雅的方式,使用install4j并且可以实现将jar打包成多平台的应用程序。</p>
<p><img src="https://s2.loli.net/2023/04/07/MHXwTsbxJftidKy.png"></p></summary>
<category term="瞎折腾" scheme="https://iassas.com/categories/%E7%9E%8E%E6%8A%98%E8%85%BE/"/>
<category term="工具" scheme="https://iassas.com/categories/%E7%9E%8E%E6%8A%98%E8%85%BE/%E5%B7%A5%E5%85%B7/"/>
<category term="工具" scheme="https://iassas.com/tags/%E5%B7%A5%E5%85%B7/"/>
</entry>
<entry>
<title>Oracle-LOGON_AUDIT_TRIGGER限制</title>
<link href="https://iassas.com/archives/d36c1a86.html"/>
<id>https://iassas.com/archives/d36c1a86.html</id>
<published>2023-04-06T03:27:52.000Z</published>
<updated>2023-04-06T03:30:51.637Z</updated>
<summary type="html"><p>在某次红蓝演练中遇到Oracle用户、密码正确,但无法连接 提示没有权限。</p>
<p><img src="https://s2.loli.net/2023/04/06/oMhbv9KRZicGs4N.png"></p></summary>
<category term="安全" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/"/>
<category term="渗透测试" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/"/>
<category term="Oracle" scheme="https://iassas.com/tags/Oracle/"/>
</entry>
<entry>
<title>帆软数据库配置解密</title>
<link href="https://iassas.com/archives/df18668b.html"/>
<id>https://iassas.com/archives/df18668b.html</id>
<published>2023-04-05T11:29:26.000Z</published>
<updated>2023-04-06T01:21:42.290Z</updated>
<summary type="html"><p>在某次红蓝演练中,通过帆软反序列化拿下服务器之后,发现数据库的配置信息被加密,通过查看帆软源代码最终将其解密。</p>
<p><img src="https://s2.loli.net/2023/04/05/Fe9Z8yLAqGdrfnC.png" alt="decode"></p></summary>
<category term="安全" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/"/>
<category term="渗透测试" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/"/>
<category term="帆软" scheme="https://iassas.com/tags/%E5%B8%86%E8%BD%AF/"/>
</entry>
<entry>
<title>小米AX3600 TTL刷机</title>
<link href="https://iassas.com/archives/ed29cee2.html"/>
<id>https://iassas.com/archives/ed29cee2.html</id>
<published>2022-03-28T15:03:27.000Z</published>
<updated>2023-04-06T01:27:03.937Z</updated>
<summary type="html"><p>心血来潮把ax3600刷成openwrt 5.15内核,然后直接通过web界面(没清配置)降级到5.10,导致直接刷成砖。后面通过ttl成功救回来。</p>
<p><img src="https://s2.loli.net/2022/03/28/zBLkYT5yaWqoZX3.png" alt="AX3600-黄灯"></p></summary>
<category term="瞎折腾" scheme="https://iassas.com/categories/%E7%9E%8E%E6%8A%98%E8%85%BE/"/>
<category term="IOT" scheme="https://iassas.com/categories/%E7%9E%8E%E6%8A%98%E8%85%BE/IOT/"/>
<category term="路由器" scheme="https://iassas.com/tags/%E8%B7%AF%E7%94%B1%E5%99%A8/"/>
</entry>
<entry>
<title>某多重混淆应急响应</title>
<link href="https://iassas.com/archives/9bb5d45b.html"/>
<id>https://iassas.com/archives/9bb5d45b.html</id>
<published>2021-08-18T02:43:26.000Z</published>
<updated>2023-04-06T01:15:38.203Z</updated>
<summary type="html"><p>在一次攻防演练中,发现一个有趣的shell,文件做过多层混淆。</p>
<p><img src="https://i.loli.net/2021/08/18/4hfFrNpeTZxsYCn.png" alt="源文件"></p></summary>
<category term="安全" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/"/>
<category term="应急响应" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/"/>
<category term="应急响应" scheme="https://iassas.com/tags/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/"/>
</entry>
<entry>
<title>Webshell混淆-jsp类型</title>
<link href="https://iassas.com/archives/a5dc99c.html"/>
<id>https://iassas.com/archives/a5dc99c.html</id>
<published>2021-08-09T07:02:05.000Z</published>
<updated>2023-04-06T01:16:36.865Z</updated>
<summary type="html"><p>由于现在常见的shell(蚁剑、冰蝎、哥斯拉等),极其容易被一眼识破。因此,需要掌握一定的webshell混淆技巧用于对抗。</p>
<p><img src="https://i.loli.net/2021/08/09/hPnfXdBZYzTb7Es.png" alt="antUnicode"></p></summary>
<category term="安全" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/"/>
<category term="webshell" scheme="https://iassas.com/tags/webshell/"/>
</entry>
<entry>
<title>Struts2另类命令执行</title>
<link href="https://iassas.com/archives/be483e67.html"/>
<id>https://iassas.com/archives/be483e67.html</id>
<published>2021-08-07T14:16:40.000Z</published>
<updated>2023-04-06T01:15:18.538Z</updated>
<summary type="html"><p>在某次HW遇到了一个Struts2可以获取目录,但无法执行命令<br><img src="https://i.loli.net/2021/08/07/wUpI28ykAf7tKoz.png" alt="Struts2RCE"></p></summary>
<category term="安全" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/"/>
<category term="渗透测试" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/"/>
<category term="Struts2" scheme="https://iassas.com/tags/Struts2/"/>
</entry>
<entry>
<title>某擎应急响应</title>
<link href="https://iassas.com/archives/3f861046.html"/>
<id>https://iassas.com/archives/3f861046.html</id>
<published>2021-04-11T11:55:31.000Z</published>
<updated>2023-04-06T01:15:36.396Z</updated>
<summary type="html">由于内容敏感,因此加密处理</summary>
<category term="安全" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/"/>
<category term="应急响应" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/"/>
<category term="应急响应" scheme="https://iassas.com/tags/%E5%BA%94%E6%80%A5%E5%93%8D%E5%BA%94/"/>
</entry>
<entry>
<title>Apereo CAS反序列化漏洞分析</title>
<link href="https://iassas.com/archives/ab2213f4.html"/>
<id>https://iassas.com/archives/ab2213f4.html</id>
<published>2021-04-09T10:52:27.000Z</published>
<updated>2023-04-06T01:20:13.010Z</updated>
<summary type="html"><p>在项目上遇到CAS,因此对CAS反序列化做一下复现及分析。</p>
<p><img src="https://i.loli.net/2021/04/19/1GDpOiHLNCwl6go.png" alt="CAS漏洞利用"></p></summary>
<category term="安全" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/"/>
<category term="漏洞分析" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"/>
<category term="漏洞分析" scheme="https://iassas.com/tags/%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"/>
</entry>
<entry>
<title>Fastjson漏洞复现</title>
<link href="https://iassas.com/archives/87c00e88.html"/>
<id>https://iassas.com/archives/87c00e88.html</id>
<published>2020-11-28T12:09:35.000Z</published>
<updated>2023-04-06T01:20:39.839Z</updated>
<summary type="html"><p>前些日子遇到了Fastjson1.2.35,该版本存在反序列化漏洞。但由于服务器不出网,只能验证dnslog。通过网上搜索发现bytecode的方式,但是payload无法成功将命令执行从异常带回来。因此,尝试自己复现了解一下是何情况。</p>
<p><img src="https://i.loli.net/2020/11/28/PiB82h3X1qLUtA6.jpg" alt="fastjson-error"></p></summary>
<category term="安全" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/"/>
<category term="漏洞分析" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"/>
<category term="漏洞分析" scheme="https://iassas.com/tags/%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"/>
<category term="fastjson" scheme="https://iassas.com/tags/fastjson/"/>
</entry>
<entry>
<title>weblogic-ssrf-redis</title>
<link href="https://iassas.com/archives/6201c371.html"/>
<id>https://iassas.com/archives/6201c371.html</id>
<published>2020-11-22T13:08:27.000Z</published>
<updated>2023-04-06T01:15:21.110Z</updated>
<summary type="html"><p>最近遇到weblogic的目标,大部分漏洞都修复了,发现了存在ssrf,但是部署了WAF。无法直接利用,后面通过脏数据的方式绕过waf。对内网进行探测,发现redis,通过定时任务方式,但反弹失败。</p></summary>
<category term="安全" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/"/>
<category term="渗透测试" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/"/>
<category term="ssrf" scheme="https://iassas.com/tags/ssrf/"/>
</entry>
<entry>
<title>Python多线程&&多进程&&协程</title>
<link href="https://iassas.com/archives/f4423a86.html"/>
<id>https://iassas.com/archives/f4423a86.html</id>
<published>2020-11-22T12:57:59.000Z</published>
<updated>2023-04-05T11:42:53.791Z</updated>
<summary type="html"><p>针对Python的多线程、多进程、协程等进行学习。</p></summary>
<category term="Code" scheme="https://iassas.com/categories/Code/"/>
<category term="Python3" scheme="https://iassas.com/categories/Code/Python3/"/>
<category term="Code" scheme="https://iassas.com/tags/Code/"/>
<category term="Python3" scheme="https://iassas.com/tags/Python3/"/>
</entry>
<entry>
<title>CVE-2020-0796复现</title>
<link href="https://iassas.com/archives/852991fb.html"/>
<id>https://iassas.com/archives/852991fb.html</id>
<published>2020-06-08T06:50:57.000Z</published>
<updated>2023-04-06T01:20:38.040Z</updated>
<summary type="html"><p>看到GitHub上面有对应的exp,就复现看看。</p>
<p><img src="https://s2.loli.net/2023/04/05/RFg1XrTl2G37EjK.png" alt="image-20200608145057355"></p></summary>
<category term="安全" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/"/>
<category term="漏洞分析" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"/>
<category term="漏洞分析" scheme="https://iassas.com/tags/%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"/>
</entry>
<entry>
<title>泛微E-cology任意文件上传</title>
<link href="https://iassas.com/archives/be5ece47.html"/>
<id>https://iassas.com/archives/be5ece47.html</id>
<published>2020-05-20T19:18:14.000Z</published>
<updated>2023-04-06T01:14:52.555Z</updated>
<summary type="html"><p>这是一个“偶遇”泛微任意文件上传的故事。</p>
<p><img src="https://s2.loli.net/2023/04/05/AuXVyHvI1tJF2q4.png"></p></summary>
<category term="安全" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/"/>
<category term="渗透测试" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/%E6%B8%97%E9%80%8F%E6%B5%8B%E8%AF%95/"/>
<category term="漏洞分析" scheme="https://iassas.com/tags/%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/"/>
<category term="泛微" scheme="https://iassas.com/tags/%E6%B3%9B%E5%BE%AE/"/>
</entry>
<entry>
<title>IDA动态调试-ELF</title>
<link href="https://iassas.com/archives/260d9dca.html"/>
<id>https://iassas.com/archives/260d9dca.html</id>
<published>2020-05-14T14:34:17.000Z</published>
<updated>2023-04-06T01:16:54.209Z</updated>
<summary type="html"><p>使用IDA对ELF文件进行简单的动态调试。</p>
<p><img src="https://i.loli.net/2020/05/14/lmWx6FuG83Meqz4.png" alt="hero"></p></summary>
<category term="安全" scheme="https://iassas.com/categories/%E5%AE%89%E5%85%A8/"/>
<category term="工具" scheme="https://iassas.com/tags/%E5%B7%A5%E5%85%B7/"/>
</entry>
<entry>
<title>BurpSuitePro 2.1及之后版本通杀加载器</title>
<link href="https://iassas.com/archives/c5863b38.html"/>
<id>https://iassas.com/archives/c5863b38.html</id>
<published>2020-03-28T01:11:48.000Z</published>
<updated>2023-04-06T03:30:05.906Z</updated>
<summary type="html"><p>直接看图。</p>
<p><img src="https://i.loli.net/2020/03/28/UQFCOg8EhKqejGo.gif" alt="BpLoad"></p></summary>
<category term="瞎折腾" scheme="https://iassas.com/categories/%E7%9E%8E%E6%8A%98%E8%85%BE/"/>
<category term="工具环境" scheme="https://iassas.com/categories/%E7%9E%8E%E6%8A%98%E8%85%BE/%E5%B7%A5%E5%85%B7%E7%8E%AF%E5%A2%83/"/>
<category term="工具" scheme="https://iassas.com/tags/%E5%B7%A5%E5%85%B7/"/>
</entry>
<entry>
<title>AWIScan编写之路</title>
<link href="https://iassas.com/archives/84cd09d9.html"/>
<id>https://iassas.com/archives/84cd09d9.html</id>
<published>2019-10-23T07:45:53.000Z</published>
<updated>2023-04-06T03:30:00.657Z</updated>
<summary type="html"><p>红队评估、渗透测试等安全工作最为重要的就是信息收集,信息收集工作需要对目标多方面、多维度进行收集、梳理。相信大家也用过许多信息收集的工具,例如:nmap、msscan、subdomainBrute、whatweb、dirscan、dirsearch、wydomain等等。当对一个目标群体(多ip段 or 多域名)进行信息收集时,往往需要不断在各个工具之间来回切换。通过寻找发现了一款工具:<a href="https://github.com/TideSec/FuzzScanner">FuzzScaner</a>,该工具整合了子域名、端口、指纹、c段等信息收集。但FuzzScaner存在几点问题:1.长期不维护&amp;更新,上次提交为2019.04;2.使用python2,python2马上不被官方支持;3.只做了简单整合,多工具调度之间容易出问题。因此,自己动手造了一个轮子:<a href="https://github.com/HyWell/AWIScan">AWIScan</a>——All Web Info Scan。</p>
<p><img src="https://i.loli.net/2019/10/23/lLGJKfo2j1Wdvyk.png" alt="AWIScan.png"></p></summary>
<category term="瞎折腾" scheme="https://iassas.com/categories/%E7%9E%8E%E6%8A%98%E8%85%BE/"/>
<category term="工具环境" scheme="https://iassas.com/categories/%E7%9E%8E%E6%8A%98%E8%85%BE/%E5%B7%A5%E5%85%B7%E7%8E%AF%E5%A2%83/"/>
<category term="AWIScan" scheme="https://iassas.com/tags/AWIScan/"/>
</entry>
</feed>