Server : https://support.microsoft.com/en-hk/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution Clients: https://support.microsoft.com/en-hk/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in omg~~ GG.. XD
Tool
Got some luck today(MS17-010)
read the news about US officially blame NK for WannaCry’s damage so i was wondering if I can still find some machines that are vulnerable to MS17-010 in clients network Just trying to see if I could got some luck for “old” exploit/vulnerability I did found some machines are still […]
crack MS office2003-2013 password with Hashcat
1. download Office2John 2. run office2john 3. download Hashcat 4. run hashcat we get hashed string from office2john s now we can start to crack it with hashcat ex: hashcat64.exe -a 3 -m 9600 “$office$*2013*100000*256*16*04fcfd77d02d20ce7a2203ad9fed844a*0a3c0c0ba3fbe431b4334253498aef6c*b6898f2ba067baa5a6fa20e07a1df4ba55a2c559cf60f21f0ac5c156633d5094” –force hashcat64.exe -a 3 -m 0 md5.txt -o result.txt ?1?1?1?1?1 -1 ?d –force hashcat64.exe -a […]
Setup XVWA Web Security Lab
XVWA is designed to understand following security issues. SQL Injection – Error Based SQL Injection – Blind OS Command Injection XPATH Injection Formula Injection PHP Object Injection Unrestricted File Upload Reflected Cross Site Scripting Stored Cross Site Scripting DOM Based Cross Site Scripting Server Side Request Forgery / Cross Site […]