Kali安装Parallels Tools教程

作者:Secer 发布时间:May 30, 2013 分类:疑难杂症

Installing Parallels Tools on Kail

Now that Parallels have updated their Parallels Desktop 8 for Mac (Build 8.0.18483) software to support the Linux 3.7 Kernel here’s how you can install Parallels Tools on the latest Kali operating system.

· Power on your Kali VM and login as root #root用户登录

· Select Virtual Machine > Install Parallels Toolsfrom the Parallels menu bar once logged in

clip_image001

· Open up a Terminal window in Kali and run the following commands

cd /media/cdrom0
cp -r install installer/ kmods/ tools/ version /tmp
cd /tmp
./install


clip_image002

· Follow the Parallels Tools installation using the on-screen GUI installer

clip_image003

HTH, enjoy using your Kali VM with Parallels Tools installed.

Thanks http://redrise.wordpress.com/2013/04/04/installing-parallels-tools-on-kail-virtual-machine/ too...

Mac虚拟机Parallels Desktop安装渗透测试系统Kali教程

作者:Secer 发布时间:May 30, 2013 分类:疑难杂症

Installing Kali in Parallels Desktop 7

If like me you have tried installing the Kali operating system (http://www.kali.org/) on your Mac using Parallels Desktop 7, then you may have had some issues during the initial boot up after the installation has completed like the “Bug: soft lockup” issue shown below.

Mac虚拟机Parallels Desktop安装Kali时会报如下的错误:

clip_image001[4]

The solution to this is to disable the “Show Battery in Linux” setting under the virtual machines configuration settings.

Configure… > Options > Optimization > Setting highlighted red in screenshot below

解决方案:

image

 

HTH, enjoy playing with Kali on Parallels!

Thanks http://redrise.wordpress.com/2013/04/02/installing-kali-in-parallels-desktop-7/

XSS盲打成功案例

作者:Secer 发布时间:May 28, 2013 分类:Web安全

1、联想某分站XSS盲打成功案例

在问题反馈处存在XSS漏洞
clip_image001
clip_image002

2、xss盲打OPPO

阅读剩余部分...

Windows下Apache用户认证配置及相关技巧

作者:Secer 发布时间:May 27, 2013 分类:Linux笔记

Linux下同理。

Apache可以对某一目录下的文件进行安全认证,认证方式包括用户密码认证和IP过滤,下面我来一一说明。
首先要让Apache支持.htaccess才可使用认证控制,具体方法请参考:
如何让Apache支持.htaccess
然后编辑Apache2\conf\httpd.conf文件
标准密码认证方式

<Directory "D:\wwwroot">
Options Indexes FollowSymLinks
allowoverride authconfig
order allow,deny 
allow from all 
</Directory>
... 


解释:
“D:\wwwroot”为需要安全认证目标,请根据需要自行修改,可以设置为站点根目录,也可设置为站内子目录(比如管理目录)增强安全性
allowoverride authconfig 认证语句
此段代码的作用是对"D:\wwwroot”进行安全认证
在需要认证目录下建立 .htaccess 文件,在Windows下建立 .htaccess 文件有一个小技巧,正常情况下Windows文件命名规则是不允许建立“ .” 开头的文件,咱们可以编辑好之后另存为.htaccess文件,加入下列内容

AuthName "Login"
AuthType basic
AuthUserFile "D:\user.txt"
require valid-user 


用户密码信息保存在"D:\user.txt",不要将它放在网站目录,以防被下载。
下面我们来用Apache2\bin\htpasswd.exe 来生成密码,例如:

D:\Apache2\bin>htpasswd -cmdps d:\user.txt secer
New password: ***
Re-type new password: ***
Adding password for user secer 


建立名为 secer 的用户 密码是123
可以建立多个帐户
至此,我们已经完成对"D:\wwwroot"目录的密码认证设置,所有登录"D:\wwwroot"目录的用户都要求输出用户名和密码,针对任何地址。
下面举一个IP过滤认证的例子:

<Directory "D:\wwwroot">
Options Indexes FollowSymLinks
allowoverride authconfig
Order deny,allow    #顺序为先拒绝,后允许
Deny from all   #拒绝所有
Allow from 192.168.90.12    #允许某IP、IP段访问
Allow from  localhost   #允许本机访问
AuthName "Login"
AuthType basic
AuthUserFile "D:\user.txt"
require valid-user
</Directory> 
 
image