=== DISTRIBUTION: How to obtain this document This document has been brought to you in part by CRAM, involved in the redistribution of valuable information to a wider USENET audience see
Trang 1via anonymous FTP to rsa.com:/pub/faq
Please send comments and corrections to faq-editor@rsa.com
===
DISTRIBUTION: How to obtain this document
This document has been brought to you in part by CRAM, involved in the redistribution of valuable information to a wider USENET audience (see below) The most recent version of this document can be obtained via
the author's instructions above The following directions apply to
retrieve the possibly less-current USENET FAQ version
FTP
-
This FAQ is available from the standard FAQ server rtfm.mit.edu via FTP in the directory /pub/usenet/news.answers/cryptography-faq/rsa/
-
Email requests for FAQs go to mail-server@rtfm.mit.edu with commands
on lines in the message body, e.g `help' and `index'
Usenet
-
This FAQ is posted every 21 days to the groups
sci.crypt
talk.politics.crypto
alt.security.ripem
sci.answers
talk.answers
alt.answers
news.answers
_ _, _ _ _, , _, _ _, _ _ _, _, _ _ _, , _, _ _ _ ,
| |\ | |_ / \ |_) |\/| / \ | | / \ |\ | | (_ |_) / \ | | |_ | )
| | \| | \ / | \ | | |~| | | \ / | \| | , ) | \ / |/\| | |~\
Trang 2~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~~~ ~ ~
===
CRAM: The Cyberspatial Reality Advancement Movement
In an effort to bring valuable information to the masses, and as a
service to motivated information compilers, a member of CRAM can help others unfamiliar with Usenet `publish' their documents for
widespread dissemination via the FAQ structure, and act as a
`sponsor' knowledgable in the submissions process This document is being distributed under this arrangement
We have found these compilations tend to appear on various mailing lists and are valuable enough to deserve wider distribution If you
know of an existing compilation of Internet information that is not
currently a FAQ, please contact us and we may `sponsor' it The
benefits to the author include:
- use of the existing FAQ infrastructure for distribution:
- automated mail server service
- FTP archival
- automated posting
- a far wider audience that can improve the quality, accuracy, and
coverage of the document enormously through email feedback
- potential professional inquiries for the use of your document in
other settings, such as newsletters, books, etc
- with us as your sponsor, we will also take care of the
technicalities in the proper format of the posted version and
updating procedures, leaving you free of the `overhead' to focus on the basic updates alone
The choice of who we `sponsor' is entirely arbitrary You always have the option of handling the submission process yourself See the FAQ submission guidelines FAQ in news.answers
For information, send mail to <tmp@netcom.com>
Trang 3\ \ \ \ \ \ \ \ \ | / / / / / / / / / /
_ _ _ _
/// \\\ ||| \\\ /// \\\ |||\\\///|||
||| ~~ ||| /// ||| ||| ||| \\// |||
||| |||~~~\\\ |||~~~||| ||| ~~ |||
\\\ /// ||| \\\ ||| ||| ||| |||
~~~~~~~ ~~~ ~~~ ~~~ ~~~ ~~~ ~~~
/ / / / / / / / / | \ \ \ \ \ \ \ \ \ \
C y b e r s p a t i a l R e a l i t y A d v a n c e m e n t M o v e m e n t
* CIVILIZING CYBERSPACE: send `info cypherwonks' to
majordomo@lists.eunet.fi *
Crypto Sites
http://www.cryptocracking.cjb.net
http://www.kanal23.knows.it ( QHQCrker)
http://cryptokg.cjb.net/
Tui copy cho bác kienmanowar nè :) :P :D
www.kanal23.knows.it - the site of the group who is closest to my heart www.tkm-squad.prv.pl - very good crypto site much to learn
www.witeg.prv.pl - homepage of THE crypto guy - WiTeG
www.cryptosig.prv.pl (*)- an usefull IDA signature by Cauchy
www.crackmes.de - tons of crackmes to test not only your crypto skillz www.bgrc.cjb.net - very nice cracking portal
www.krio.cjb.net - home page of an excellent cracker and friend of mine www.tymon.prv.pl - homepage of a very good crypto cracker
www.deamon.anticrack.de - site with tons of anti- tricks
www.exetools.com/forum - forum directed mostly on unpacking and related www.crackmes.prv.pl - site full of interesting and mostly crypto crackmes www.reteam.org - home page RET group.VERY nice papers and projects www.rsasecurity.com - RSA company
www.certicom.com - Certicom - ecc related papers and challenges
www.peid.has.it - PEiD homepage
Trang 4www.shoup.net - Victor Shoup's home page Great source of information
www.cryptokg.cjb.net - crypto keygenme's to test your skillz Dead atm
www.cacr.math.uwaterloo.ca - very interesting crypto papers
http://www.alpertron.com.ar/DILOG.HTM - fast DLP calculator
http://www.jmilne.org/math/ - a nice math web site J.S.Milne
http://www.cacr.math.uwaterloo.ca/hac/ (by benina)
http://pajhome.org.uk/crypt/index.html
http://www.members.shaw.ca/pccruiser s/digsigna.htm
(by zombie)
Something here:
http://www.fortunecity.com/skyscrape 79/lesson1.htm
http://www.cacr.math.uwaterloo.ca/hac/
google (by clarken)
Attack Server = WMF
Bài viết khá hay, các bạn newbie nên đọc qua, nếu nhai được thì lần sau mình sẽ post nhiều bài khác.Tools thì đã có key sẵn các bạn tự search nhé
Attack Server Bằng Phương Pháp Exploit Lõi Bảo Mật WMF
- Bài lab này chỉ được dùng cho mục đích học tập và nghiên cứu về bảo mật,
không được thực hiện trên các hệ thống mà không có thẩm quyền
Attack Server By Exploit WMF
Thực hiện bởi RedKomodo365
Chúng ta đã thực tập cách cài đặt và sử dụng Metasploit Framework với các
exploit sẳn có cũng như cách thức để cập nhật mã khai thác những lổ hổng mới của các hệ thống ứng dụng như wmf, createtextrange
Sau đây là một file video demo cách thức khai thác lổ hổng dựa trên lỗi bảo mật wmf mà chúng ta đã biết Đây là một lỗi nguy hiểm ảnh hưởng đến tất cả các hệ thống MS Windows
Trang 5Attacker boot máy bằng đĩa Attack Tool Ngòai ra Attacker có thể cài đặt
Metasploit Framework trên Windows như minh họa trong file video (Download source từ www.metasploit.com) Hình ảnh các bước tiến hành như sau:
1 Khởi động MSF
2.Kiểm tra IP của Attacker Machine (192.168.1.114):