[題目]
The purpose of this challenge is to demonstrate the Use of Externally-Controlled Format String, MITRE Top 25 vulnerability.
[題目]
The purpose of this challenge is to demonstrate the Use of Externally-Controlled Format String, MITRE Top 25 vulnerability.
[題目]
The purpose of this challenge is to demonstrate the programming flaw: "Improper Restriction of XML External Entity Reference ('XXE')".
[題目]
The purpose of this challenge is to demonstrate the following MITRE Top 25 programming flaw: 'Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')'.
[題目]
The purpose of this challenge is to demonstrate the #2 MITRE Top 25 programming flaw: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').
[題目]
The purpose of this challenge is to demonstrate the MITRE Top 25 programming flaw: 'Incorrect Authorization'.
[題目]
The purpose of this challenge is to demonstrate the MITRE Top 25 programming flaw: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')".
[題目]
The purpose of this challenge is to demonstrate the MITRE Top 25 programming flaw: "Unrestricted Upload of File with Dangerous Type".
[題目]
The purpose of this challenge is to demonstrate the MITRE Top 25 programming flaw: "Cross-Site Request Forgery (CSRF)".
[題目]
The purpose of this challenge is to demonstrate the MITRE Top 25 programming flaw: 'URL Redirection to Untrusted Site ('Open Redirect')'.
[題目]
The purpose of this challenge is to demonstrate the MITRE Top 25 programming flaw: 'Download of Code Without Integrity Check'.
[題目]
The purpose of this challenge is to demonstrate the MITRE Top 25 programming error: Integer Overflow or Wraparound.
[題目]
The purpose of this challenge is to demonstrate password guessing attacks. are made possible by MITRE Top 25 programming flaws such as:.
[題目]
The purpose of this challenge is to demonstrate the MITRE Top 25 programming flaw: 'Use of a One-Way Hash without a Salt'.
[題目]
The purpose of this challenge is to demonstrate the MITRE Top 25 programming flaw: 'Use of a Broken or Risky Cryptographic Algorithm'.
[題目]
The purpose of this challenge is to demonstrate the MITRE Top 25 programming flaw: 'Missing Encryption of Sensitive Data'.
[題目]
The purpose of this challenge is to demonstrate the MITRE Top 25 programming flaw: 'Missing Authorization'.
[題目]
The developer of the vulnerable application has implemented a logged in page but has forgotten to add an important check. Find a way to bypass the login page.
NetCat 是一網路Telnet工具,其程式名稱為nc( windows下為nc.exe),素有網路瑞士軍刀之稱,由於可以拿來作一些網路伺服器偵測等任務,也可以遠端透過nc來執行shell command,所以一般被防毒軟體視作後門程式。
-d 後台模式
-e prog 程序重定向,一旦連接,就執行 [危險!!]
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h 幫助信息
-i secs 延時的間隔
-l 監聽模式,用於入站連接
-L 連接關閉後,仍然繼續監聽
-n 指定數字的IP地址,不能用hostname
-o file 記錄16進制的傳輸
-p port 本地端口號
-r 隨機本地及遠程端口
-s addr 本地源地址
-t 使用TELNET交互方式
-u UDP模式
-v 詳細輸出--用兩個-v可得到更詳細的內容
-w secs timeout的時間
-z 將輸入輸出關掉--用於掃瞄時
端口的表示方法可寫為M-N的範圍格式。