1.工具介绍

两款工具都是国人制作，pydictory可以生成各种字典，并且提供的合并字典、比较字典、词频统计等常用功能。
cupper根据提供信息生成社工字典，同样包括一些常用功能。cupper作者对自己手中密码库分析和提取，构建了一个神经网络分析密码结构并分类，而且对密码按照权重排序，提高破解效率。

1.1pydictory

你可以用pydictor生成普通爆破字典、基于网站内容的自定义字典、社会工程学字典等等一系列高级字典；
你可以使用pydictor的内置工具，对字典进行安全删除、合并、去重、合并并去重、高频词筛选,
除此之外，你还可以输入自己的字典，然后使用handler工具，对字典进行各种筛选，编码或加密操作；

你可以通过修改多个配置文件、加入自己的字典、选用leet mode 模式、长度选择、
各类字符数量筛选、各类字符种类数筛选、正则表达式筛选，甚至可通过修改
/lib/fun/encode.py文件，自定义加密方法等高级操作；按照API编写标准，在/plugins/文件夹下添加自己的插件脚本，在/tools/目录下添加自己的工具脚本等。
生成独一无二的高度定制、高效率和复杂字典，生成密码字典的好坏和你的自定义规则、能不能熟练使用pydictor有很大关系；

1.2cupper

cupper可以实现的功能如下：

• 根据目标的信息，生成目标可能使用的密码列表（核心功能）
• 对各种密码字典进行各式各样的处理，包括检查并删除重复密码、为每一行密码添加新的内容、大小写转换、合并密码字典、分析密码字典、按照一定规则对密码进行排序以提高破解效率
• 下载作者提供的常用密码字典

PHP留言板结构

1.新建Message类

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

class Message{
	public $name;
	public $time;
	public $content;

	function __construct($n,$t,$c){
		$this->name=$n;
		$this->time=$t;
		$this->content=$c;
	}

	function show(){
		echo "Name: ".$this->name."<br />";
		echo "Time: ".$this->time."<br />";
		echo "Content: ".$this->content."<br />";
		echo "==========================================="."<br />";
	}
}

Message对象包含3个属性，name、time、content，分别是留言用户名，留言时间、留言内容。
在创建对象时，构造函数使将值赋给对象的3个属性。
show()方法则是显示留言内容。

2.新建MessageBoard类

1.shellinabox介绍

Shellinabox 是一个利用 Ajax 技术构建的基于 Web 浏览器的远程终端模拟器，安装该软件后，服务器端不需要开启 ssh服务，通过 Web 浏览器就可以对远程主机进行操作。使用来登录到系统http://IP:4200，在启用了SSL/TLS证书，需要用http://IP:4200来登录。默认情况下shellinabox使用的是4200端口。

2.shellinabox安装

使用的是系统是Kali Linux 2019，在终端输入

1

apt install shellinabox

如果提示无法找到包，请添加国内更新源

1
2
3
4
5
6
7
8
9

gedit /etc/apt/sources.list
//添加下列更新源
#清华大学 [更新源]
deb http://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free 
deb-src https://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free 

#浙江大学[更新源]
deb http://mirrors.zju.edu.cn/kali kali-rolling main contrib non-free 
deb-src http://mirrors.zju.edu.cn/kali kali-rolling main contrib non-free

1.介绍

1.1Hydra

Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.

THIS TOOL IS FOR LEGAL PURPOSES ONLY!

There are already several login hacker tools available, however, none does either support more than one protocol to attack or support parallized connects.

It was tested to compile cleanly on Linux, Windows/Cygwin, Solaris, FreeBSD/OpenBSD, QNX (Blackberry 10) and MacOS.

Currently this tool supports the following protocols: Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MEMCACHED, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, RTSP, SAP/R3, SIP, SMB, SMTP, SMTP Enum, SNMP v1+v2+v3, SOCKS5, SSH (v1 and v2), SSHKEY, Subversion, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.

However the module engine for new services is very easy so it won’t take a long time until even more services are supported. Your help in writing, enhancing or fixing modules is highly appreciated!! :-)

1.2Medusa

Medusa is a speedy, parallel, and modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application:

• Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
• Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
• Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.
• Multiple protocols supported. Many services are currently supported (e.g. SMB, HTTP, POP3, MS-SQL, SSHv2, among others).
• Application stability. Maybe I’m just lame, but Hydra frequently crashed on me. I was no longer confident that Hydra was actually doing what it claimed to be. Rather than fix Hydra, I decided to create my own buggy application which could crash in new and exciting ways.

1.漏洞细节

https://research.checkpoint.com/extracting-code-execution-from-winrar/

2.漏洞影响版本

WinRAR < 5.70 Beta 1

Bandizip < = 6.2.0.0

好压(2345压缩) < = 5.9.8.10907

360压缩 < = 4.0.0.1170

3.漏洞复现环境

exp下载：https://github.com/WyAtu/CVE-2018-20250/

1.安装环境

1.安装Node.js：在Node.js官网下载最新版本

2.安装Git for Windows：在git官网下载，选择Windows

3.安装cmder：在cmder官网下载，Git Bash并不好用，所以选择使用cmder

4.配置环境变量：需要配置环境变量的有cmder、Git、Node.js。找到安装地址复制路径，右击我的电脑-属性-点击左边高级系统设置-点击环境变量-在下方系统变量中找到Path点击编辑，然后新建-添加环境变量，三个环境变量都添加之后点击确定。
这里提供添加完环境变量的图片

2.创建GitHub博客

新建一个名为 用户名.github.io的仓库。例如，我的GitHub用户名是ChireC，那么我创建的仓库名就是ChireC.github.io，将来的Blog地址就是https://chirec.github.io/。

注意，Username和name并不一样。