STARDUSTSKY.NET
Stardustsky个人博客_Everytime Is Worth Yearning!网络安全爱好者……
http://www.stardustsky.net/
网络安全爱好者……
http://www.stardustsky.net/
TODAY'S RATING
>1,000,000
Date Range
HIGHEST TRAFFIC ON
Saturday
LOAD TIME
1.8 seconds
16x16
32x32
DOMAIN WHOIS PROTECTION SERVICE
WHOIS AGENT
3/F.,HiChina Mansion,No.27 G●●●●●●●●●●●●●●●●●●●●●●●●●●●●strict,Beijing 100120,China,
Be●●ng , Beijing, 100120
CN
View this contact
DOMAIN WHOIS PROTECTION SERVICE
WHOIS AGENT
3/F.,HiChina Mansion,No.27 G●●●●●●●●●●●●●●●●●●●●●●●●●●●●strict,Beijing 100120,China,
Be●●ng , Beijing, 100120
CN
View this contact
DOMAIN WHOIS PROTECTION SERVICE
WHOIS AGENT
3/F.,HiChina Mansion,No.27 G●●●●●●●●●●●●●●●●●●●●●●●●●●●●strict,Beijing 100120,China,
Be●●ng , Beijing, 100120
CN
View this contact
DOMAIN WHOIS PROTECTION SERVICE
WHOIS AGENT
3/F.,HiChina Mansion,No.27 G●●●●●●●●●●●●●●●●●●●●●●●●●●●●strict,Beijing 100120,China,
Be●●ng , Beijing, 100120
CN
View this contact
BUY YOUR DOMAIN
11
YEARS
6
MONTHS
4
DAYS
HICHINA ZHICHENG TECHNOLOGY LTD.
WHOIS : grs-whois.hichina.com
REFERRED : http://www.net.cn
PAGES IN
THIS WEBSITE
19
SSL
EXTERNAL LINKS
14
SITE IP
115.28.85.23
LOAD TIME
1.782 sec
SCORE
6.2
Stardustsky个人博客_Everytime Is Worth Yearning! | stardustsky.net Reviews
https://stardustsky.net
网络安全爱好者……
stardustsky.net
Bootstrap学习-页面排版_编程之路_Stardustsky个人博客
http://www.stardustsky.net/post/26.html
Bootstrap和普通的HTML页面一样,定义标题都是使用标签 h1 到 h6 ,只不过Bootstrap覆盖了其默认的样式,使用其在所有浏览器下显示的效果一样,具体定义的规则可以如下表所示. 1、重新设置了margin-top和margin-bottom的值, h1 h3重置后的值都是20px h4 h6重置后的值都是10px。 2、所有标题的行高都是1.1 也就是font-size的1.1倍 ,而且文本颜色和字体都继承父元素的颜色和字体。 1、行高都是1,而且font-weight设置了normal变成了常规效果 不加粗 ,同时颜色被设置为灰色 #999。 2、由于 small 内的文本字体在h1 h3内,其大小都设置为当前字号的65% 而在h4 h6内的字号都设置为当前字号的75%. 2、行高为1.42857143 line-height ,大约是20px(大家看到一串的小数或许会有疑惑,其实他是通过LESS编译器计算出来的,当然Sass也有这样的功能)。 该设置都定义在 body 元素上,由于这几个属性都是继承属性,所以Web页面中文本 包括段落p元素 如无重置都会具有这些样式效果。
XSS_Stardustsky个人博客_第1页
http://www.stardustsky.net/tags-15.html
0 01常用编码URL编码 一个百分号和该字符的ASCII编码所对应的2位十六进制数字,例如 / 的URL编码. 首先了解一下概念,字节字符的区别 http:/ baike.baidu.com/view/60408.htm? SaiProbe V1.0 内网渗透辅助脚本.
关于_Stardustsky个人博客_Everytime Is Worth Yearning!
http://www.stardustsky.net/3.html
2015年6月_Stardustsky个人博客_第1页
http://www.stardustsky.net/date-2015-6.html
SaiProbe V1.0 内网渗透辅助脚本.
网络安全_Stardustsky个人博客_第1页
http://www.stardustsky.net/category-2.html
官网 http:/ www.elasticsearch.org它对外提供一系列基于java和http的api,用于索引、检索、修改大多数配置。 0x00前言 在我们进行内网渗透中,经常会遇到一些蛋疼的环境问题,比如拿下的目标机和自身的机器均处于内网之中,这时候想要对目标机内网进行渗透就会遇到一系列的问题.比如我如何用扫描器扫对方的内网? Redis 未授权访问配合 SSH key 文件利用分析. 简单来说这个漏洞的利用步骤就是 redis未授权访问- 本地生成ssh密钥对- 利用redis的config将公钥部署到服务器/root/.ssh/authotrized keys. SaiProbe V1.0 内网渗透辅助脚本.
TOTAL PAGES IN THIS WEBSITE
19
逆向路由器固件之SQL注入 | xd_xd's blog
http://xdxd.love/2016/09/20/逆向路由器固件之SQL注入
發表於 Sep 20 2016. Rootfs git:(master) find . -name my cgi .cgi. Usr/bin/my cgi .cgi. Rootfs git:(master) file ./usr/bin/my cgi .cgi. Usr/bin/my cgi .cgi. Bit LSB executable, MIPS, MIPS-II version 1. SYSV), dynamically linked (uses shared libs), stripped. 查询 select level from user where user name 字符串,可以定位到do login函数。 Or level = ( select.
一个简单的mips架构缓冲区溢出分析 | xd_xd's blog
http://xdxd.love/2016/11/19/一个简单的mips架构缓冲区溢出分析
發表於 Nov 19 2016. NPlease input your Password: ". Welcome to the new world n". Bin/mipsel-linux-gcc secret.c -o secret - static. Signal 11 (Segmentation fault) - core dumped Segmentation fault. 0x88 var 4( $sp. 0x88 var 8( $sp. 0x88 var 78( $sp. 0x47 # ' G. APleaseInputYou - 0x470000) # " nPlease input your Password: ". Printf nop lw $gp. 0x88 var 78( $fp. 0x47 # ' G. AS 2 - 0x470000) # "%s". 0x88 var 70 move. Isoc99 scanf nop lw $gp. 0x88 var 78( $fp. 0x88 var 70 move. 0x88 var 4( $sp. 0x88 var 8( $sp.
小脚本之监控论坛帖子更新并发送邮件通知 | xd_xd's blog
http://xdxd.love/2016/09/26/小脚本之监控论坛帖子更新并发送邮件通知
發表於 Sep 26 2016. Url = 'http:/ www.test.net/forum.php? Headers = { 'user-agent'. Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.76 Mobile Safari/537.36'. R = requests.get(url, headers=headers) soup = BeautifulSoup(r.text) newest = soup.find( 'span'. While True: try: thenexttitle = getnewesttitle. Print newesttitle. encode. Print thenexttitle. encode. Newesttitle: newesttitle = thenexttitle send mail. Pass except RuntimeError: print.
逆向路由器固件之动态调试 | xd_xd's blog
http://xdxd.love/2016/09/20/逆向路由器固件之动态调试
發表於 Sep 20 2016. 本文根据devttyS0的教程 Exploiting Embedded Systems Part 2. 和 Exploiting Embedded Systems Part 3. 存在漏洞的固件 下载地址FW TEW-654TR v1.0R(1.10.12).zip. 在my cgi.cgi中查找user name和user pwd两个参数。 Select level from user where user name=%s and user pwd=%s. 查询 select level from user where user name 字符串,可以定位到do login函数。 Wc -c) PORT= "1234". Qemu-mipsel-static) ./qemu echo. Chroot . qemu -E REQUEST METHOD= "POST". E CONTENT LENGTH= $LEN. E CONTENT TYPE= "multipart/x-form-data". E REMOTE ADDR= "1.1.1.100".
discuz最新版20160601 SSRF漏洞分析及修复方案 | xd_xd's blog
http://xdxd.love/2016/10/19/discuz最新版20160601-SSRF漏洞分析
發表於 Oct 19 2016. Mod=ajax&action=downremoteimg&message=[img=1,1] http:/ 23.88.58.149/1.jpg[/img]&inajax=1&fid=2&wysiwyg=1&formhash=ead1f9a6. Preg match all( "/ [img ] s*([ [ r n]? S* [ /img ] [img= d{1,4}[x ,] d{1,4} ] s*([ [ r n]? S* [ /img ]/is". PREG SET ORDER); preg match all( "/ img. src=(' " )? PREG SET ORDER); $temp. Discuz upload(); $attachaids. Is image ext( $attach. Preg match( '/ (http: / / .)/i'. If(function exists( 'curl init'. Function exists( 'curl exec'. Curl init(); $httpheader.
xd_xd's blog
http://xdxd.love/page/12
测试方式漏洞来源 http:/ www.wooyun.org/bugs/wooyun-2010-065513先说一下这个漏洞的利用过程吧。 1,访问 http:/ localhost/Discuz X3.1 SC UTF8/upload/. 官方说明: Note a difference between 5.2 and 5.3 versions echo (int)strcmp(pending,array() ; will output -1 in PHP 5.2.16 (probably in all ver. Mysql的几个小特性在sql注入中的应用 # #参考资料 https:/ websec.wordpress.com/2008/09/09/mysql-authentication-bypass/ http:/ bugs.mysql.com/bug.php? Ecshop前台任意用户登录漏洞分析记录 漏洞详情参考 http:/ www.wooyun.org/bugs/wooyun-2014-063655 这里比较坑的是ecshop的架构设计不是很好。
一个mips栈溢出利用 | xd_xd's blog
http://xdxd.love/2016/12/09/一个mips栈溢出利用
發表於 Dec 9 2016. 翻译自 http:/ www.devttys0.com/2012/10/exploiting-a-mips-stack-overflow/. DIR-605L路由器存在一个登陆处的栈溢出.登录时候的表单中存在一个FILECODE的参数,这个参数是用来识别登录窗口显示的验证码图片.服务端获取这个参数之后存在了$s1寄存器中. AFilecode - 0x4A0000) # FILECODE" lw $gp. 0x290 var 280( $sp. Loc 455FF0: la $t9. GetAuthCode # load address. GetAuthCode # run getAuthCode. 0xC0 var 8( $sp. 0xC0 var C( $sp. 0xC0 var 10( $sp. 0xC0 var 14( $sp. 0xC0 var 18( $sp. 0xC0 var B0( $sp. 0xC0 var A8 move. AIg smtp email # "ig.smtp email addr". Sprintf nop jalr $t9.
unicode同形字引起的安全问题 | xd_xd's blog
http://xdxd.love/2016/10/17/unicode同形字引起的安全问题
發表於 Oct 17 2016. 创建一个账户名为 ᴮᴵᴳᴮᴵᴿᴰ (in python this is the string u’ u1d2e u1d35 u1d33 u1d2e u1d35 u1d3f u1d30 )。 Https:/ bounty.github.com/researchers/jagracey.html? 假设有 mike@example.org vs mıke@example.org 两个邮箱。 Github在处理邮箱名字的时候,会把mıke@example.org标准化成mike@example.org,从而把mike@example.org用户的密码重置token发送到了mıke@example.org的邮箱。 Http:/ www.freebuf.com/articles/web/25623.html. Http:/ www.irongeek.com/homoglyph-attack-generator.php. Https:/ www.peterbe.com/plog/unicode-to-ascii.
对称NAT穿透的一种新方法 | xd_xd's blog
http://xdxd.love/2016/10/18/对称NAT穿透的一种新方法
發表於 Oct 18 2016. 整理翻译自 A New Method for Symmetric NAT Traversal in UDP and TCP. 2外部Tuple 指内部Tuple经过NAT的源地址/端口转换之后,所获得的外部地址、端口所构成的二元组,即外部主机收到经NAT转换之后的报文时,它所看到的该报文的源地址 通常是NAT设备的地址 和源端口. Full Cone NAT 所有来自同一 个内部Tuple X的请求均被NAT转换至同一个外部Tuple Y,而不管这些请求是不是属于同一个应用或者是多个应用的。 Restricted Cone NAT 它是Full Cone的受限版本 所有来自同一个内部Tuple X的请求均被NAT转换至同一个外部Tuple Y,这与Full Cone相同,但不同的是,只有当内部主机曾经发送过报文给外部主机 假设其IP地址为Z 后,外部主机才能以Y中的信息作为目标地址和目标端口,向内部 主机发送UDP请求报文,这意味着,NAT设备只向内转发 目标地址/端口转换 那些来自于当前已知的外部主机的UDP报文,从而保障了外部请求来源的安 全性.
TOTAL LINKS TO THIS WEBSITE
14
StardustSketch (Kozioł) - DeviantArt
Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')" class="mi". Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')". Join DeviantArt for FREE. Forgot Password or Username? 9697;‿◡✿). Traditional Art / Student. Deviant for 2 Years. This deviant's full pageview. 9697;‿◡✿). By moving, adding and personalizing widgets.
Coming Soon - Stardust Skies Gallery - An Art Experience
stardustskittles.deviantart.com
StardustSkittles (new account) - DeviantArt
Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) " class="mi". Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ". Join DeviantArt for FREE. Forgot Password or Username? Digital Art / Student. Deviant for 5 Years. This deviant's full pageview. Last Visit: 11 weeks ago. This is the place where you can personalize your profile! By moving, adding and personalizing widgets. Window...
StardustSkull (Star) - DeviantArt
Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')" class="mi". Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')". Join DeviantArt for FREE. Forgot Password or Username? Digital Art / Hobbyist. Deviant for 3 Years. This deviant's full pageview. Last Visit: 84 weeks ago. By moving, adding and personalizing widgets.
Site Maintenance
We’ll be back soon! Sorry for the inconvenience but we’re performing some maintenance at the moment, we’ll be back online shortly! Mdash; The Team.
Stardustsky个人博客_Everytime Is Worth Yearning!
小站共有文章 24 篇 / 标签 30 个 / 总评论 5 次. 一、标题Bootstrap和普通的HTML页面一样,定义标题都是使用标签 h1 到 h6 ,只不过Bootstrap覆盖了其默认的样式,使用其在所有浏览器下显示的效果一样,具体定义的规则可以如下表所示通过比较可以发现,Bootstrap标题样式进行了以下显著的优化重置 1、重新设置了margin-top和margin-bottom的值.
StardustsNight - DeviantArt
Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')" class="mi". Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')". Join DeviantArt for FREE. Forgot Password or Username? Digital Art / Hobbyist. Deviant for 2 Years. This deviant's full pageview. February 7, 1997. Last Visit: 1 hour ago. Why," you ask? Jan 2, 2017.
Home
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Sed ac dui porttitor wisi vulputate feugiat. Ut tortor mauris, tincidunt quis, interdum imperdiet, faucibus non, arcu. At Stardust Soap, we make some wonderful soaps in a wide variety of scents and styles. We make unscented soaps as well for those who are especially sensitive to chemicals and scents. Our Philosophy of Soap. Etiam at neque ac magna dapibus lobortis. Soap for the Greater Good. Etiam at neque ac magna dapibus lobortis. Lorem ipsum do...
stardustsodapaws.deviantart.com
StarDustSodaPaws (StarDustSodaPaws) - DeviantArt
Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')" class="mi". Window.devicePixelRatio*screen.width 'x' window.devicePixelRatio*screen.height) :(screen.width 'x' screen.height) ; this.removeAttribute('onclick')". Join DeviantArt for FREE. Forgot Password or Username? Deviant for 5 Months. This deviant's full pageview. Last Visit: 3 days ago. This is the place where you can personalize your profile! Has start...
Stardustsoft | Shoot the mouse
탐욕에 눈이 먼 프리먼 박사와. 그의 돌연변이 마우스 군단을 막아라! 슈팅과 디펜스의 절묘한 조화! 화면을 가득 채운 돌연변이 마우스들을 총격하여 몰살하는 쾌감 액션! 작전 수행 중 사랑하는 연인을 잃은 과거 때문에 특수 요원직을 그만두었다가 돌연변이 마우스들의 습격으로 슛더마우스팀에 합류한다. 끈질긴 정신력을 바탕으로 임무를 수행한다. 과거 특수요원 시절 미스터 본즈의 파트너였으며, 암살요원 출신이다. 특히 권총류와 얼음 폭발형 무기를 잘 다룬다. 전투에 돌입하면 냉혹하지만, 평상시엔 따뜻한 마음을 가진 소녀이다. 실비아 박사가 슛더마우스팀에 데리고 온 과거를 알 수 없는 수수께끼 소녀. 항상 차분하게 임무를 수행하는 것과는 달리 샷건으로 마우스들을 몰살시키는 것을 좋아한다. 스파이출신 요원으로 최고의 실력을 갖추고 있다. 밝고 쾌활한 성격이지만 임무 수행 중엔 냉철하고 정확한 상황판단을 한다. 기관총류에 능숙하여 누구보다 빠르게 사격할 수 있다. 저희의 첫번째 게임인 슛더마우스.
