| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 |
- ㅁㅇㅂ??ㅇㅈㄷ ㅎㅇㅌ...
- Database
- reversing.kr
- SessionAttribute
- frontend
- mysql
- 소프트웨어 개발보안 경진대회
- 3단계 지역 DB
- 소개딩
- webhacking 처음
- react
- 방명록 만들기
- 인턴 지원
- EER
- restapi
- 인턴 후기
- 행정지역 DB
- DBMS
- riceteacatpanda
- jsp
- 정보보호병 후기
- JSTL
- Django
- 네이버 인턴
- spring
- Forensic 절차
- 동읍면 DB
- PyAmdecoder
- Layered Architecture
- 메모리 포랜식
- Today
- Total
웹찢남
Webhacking 도움되는 사이트 본문
요즘은 안그러지만 한창 웹해킹에 빠져있을 때 사이트 참조를 많이 했어요.
문제를 풀때 마다 구글링을 엄청나게 하는데
아래 사이트들은 인상깊기도하고 제가 많이 사용했던 사이트들 모음이에요!!
다들 공부하시면서 이렇게 정리해두시면 좋을거에요
1. .DS_Store file disclosure exploit.
github.com/lijiejie/ds_store_exp
lijiejie/ds_store_exp
A .DS_Store file disclosure exploit. It parses .DS_Store file and downloads files recursively. - lijiejie/ds_store_exp
github.com
2. php wrapper exploit
rootable.tistory.com/entry/PHP-wrapper?category=621913
PHP wrapper
1. 이론 (1) expect:// : system command 실행 가능 ex) www.test.com?page=expect://ls (2) php://filter : I/O 스트림을 다루는데 사용하는 wrapper로 encode/decode를 이용하여 서버 내 파일을 읽을 수 있..
rootable.tistory.com
3. 디코딩 겁나 안될때 decoding
CrackStation - Online Password Hash Cracking - MD5, SHA1, Linux, Rainbow Tables, etc.
Free Password Hash Cracker Enter up to 20 non-salted hashes, one per line: Supports: LM, NTLM, md2, md4, md5, md5(md5_hex), md5-half, sha1, sha224, sha256, sha384, sha512, ripeMD160, whirlpool, MySQL 4.1+ (sha1(sha1_bin)), QubesV3.1BackupDefaults How Crack
crackstation.net
Modular conversion, encoding and encryption online
Web app offering modular conversion, encoding and encryption online. Translations are done in the browser without any server interaction. This is an Open Source project, code licensed MIT.
cryptii.com
Encoding & Decoding Online Tools - DenCode
Encoding and Decoding site. e.g. HTML Escape / URL Encoding / Base64 / MD5 / SHA-1 / CRC32 / and many other String, Number, DateTime, Color, Hash formats!
dencode.com
4. anagram solver
Anagram Solver - solves any anagram!
Featuring 17,694,287 possible answersNew! Updated for 2018 with millions of new answers! What does this thing do? The Universal Anagram Solver uses a massive database of everything to solve anagram puzzles regarding any conceivable topic. Simply put the ju
anagram-solver.net
5. hex decoder
DDecode - Hex,Octal,HTML Decoder
ddecode.com
6. sql cheatsheet
pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
MySQL SQL Injection Cheat Sheet | pentestmonkey
MySQL SQL Injection Cheat Sheet Some useful syntax reminders for SQL Injection into MySQL databases… This post is part of a series of SQL Injection Cheat Sheets. In this series, I’ve endevoured to tabulate the data to make it easier to read and to us
pentestmonkey.net
7. rsa decoder
RSA Encryption Decryption tool, Online RSA key generator
RSA Encryption Decryption Thanks for using this software, for Cofee/Beer/Amazon bill and further development of this project please Share. Any private key value that you enter or we generate is not stored on this site, this tool is provided via an HTTPS UR
8gwifi.org
8. firewall bypass
github.com/SpiderLabs/owasp-modsecurity-crs/issues/1181
Bypass the latest CRS v3.1.0 rules of SQL injection · Issue #1181 · SpiderLabs/owasp-modsecurity-crs
Type of Issue False Negative Description Per #1167, I wanna raise more FNs in this thread. Before getting into other FNs, I want to give out more information to #1167 so as to help the maintainers ...
github.com
9. ascii converter
www.branah.com/ascii-converter
ASCII Converter - Hex, decimal, binary, base64, and ASCII converter
Convert ASCII characters to their hex, decimal and binary representations and vice versa. In addition, base64 encode/decode binary data. The converter happens automatically.
www.branah.com
10. sql bypass
웹해킹 SQLI 우회기법 정리 - Webhacking SQL Injection Bypass Honey Tips
지금까지 웹해킹 워게임을 풀면서 깨달은(?) 우회기법을 정리하려 합니다. 모두 수기로 기억나는대로 작성하다보니 빠진 부분도 있을 것 같습니다. 기억나는대로 추가해서 수정하겠습니다. - o
ar9ang3.tistory.com
11. blind sql injection ( 블라인드 sqlinjection 할 때 저는 이만한 사이트는 없다 봅니다...bb)
crattack.tistory.com/entry/WEB-Blind-SQL-Injection-%EA%B3%B5%EA%B2%A9-%EB%B0%A9%EB%B2%95
[WEB] Blind SQL Injection 공격 방법
참고 - http://blog.naver.com/funny303/220778035079 - http://pypie.tistory.com/entry/Blind-SQL-Injection - http://www.securityidiots.com/Web-Pentest/SQL-Injection/Blind-SQL-Injection.html 1. SQL Inje..
crattack.tistory.com
12. web compiler site
codepad
codepad was created by Steven Hazel, one of the founders of Sauce Labs.
codepad.org
'WEB_HACKING > 이론 정리' 카테고리의 다른 글
| arpsniffing (0) | 2020.05.25 |
|---|---|
| CSS - Injection (0) | 2020.02.29 |
