一蓑烟雨

摘要： Miscellaneous Local Host Vulnerabilities LOCAL HOST VULNERABILITIES Default account settings - disable accounts that are not being used. Sandbox escap 阅读全文

摘要： Miscellaneous privilege escalation EXPLOITABLE SERVICES Unquoted service paths Allow abbreviated attack paths(without spaces) PRIVILEGE ESCALATION Uns 阅读全文

摘要： Privilege Escalation(Windows) WINDOWS-SPECIFIC PRIVILEGE ESCALATION Cpassword - Group Policy Preference attribute that contains passwords SYSVOL folde 阅读全文

摘要： Privilege Escalation(Linux) Linux user ID is 'root'. LINUX-SPECIFIC PRIVILEGE ESCALATION SUID/SGID programs Permission to execute a program as executa 阅读全文

摘要： Local Host Vulnerabilities CVE(Common Vulnerabilities and Exposures) Database https://www.cvedetails.com/vendor.php Windows 10 Apple Linux Kernel Andr 阅读全文

摘要： Code Vulnerabilities UNSECURE CODE PRACTICES Comments in source code Good for developers and technical personnel Bad for keeping secrets Lack of error 阅读全文

摘要： Cross-Site Scripting Demo Given a scenario, exploit application-based vulnerabilities. Test Environment: DVWA Case 1 - Security Level: Low View the so 阅读全文

摘要： Application Exploits, Part III CROSS-SITE SCRIPTING(XSS) Injection attack in which an attacker sends malicious code(client-side script) to a web appli 阅读全文

摘要： Application Exploits, Part II AUTHENTICATION EXPLOITS Credential brute forcing Offline cracking(Hydra) Session hijacking Intercepting and using a sess 阅读全文

摘要： SQL Injection Demo Tools: Kali Linux Target Application: DVWA(Damn Vulnerable Web App) Login the DVWA website:http://10.0.0.20/dvwa/login.php Set the 阅读全文