Enviar búsqueda
Cargar
EV1LSHA - Misadventures in the land of Lua
•
Descargar como KEY, PDF
•
2 recomendaciones
•
1,894 vistas
Adam Baldwin
Seguir
RedisConf Lightning talk
Leer menos
Leer más
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 24
Descargar ahora
Recomendados
Programación funcional en Haskell
Programación funcional en Haskell
Roberto Bonvallet
Ejercicios resueltos Practica 4 informatica II
Ejercicios resueltos Practica 4 informatica II
Alvin Jacobs
Ppt fungsi komposisi
Ppt fungsi komposisi
Novi Komariyatiningsih
Kasus 3.3 akar
Kasus 3.3 akar
istwiariindri
DevOoops (Increase awareness around DevOps infra security) - VoxxedDays Ticin...
DevOoops (Increase awareness around DevOps infra security) - VoxxedDays Ticin...
Gianluca Varisco
Attacking open source using abandoned resources
Attacking open source using abandoned resources
Adam Baldwin
JavaScript Supply Chain Security
JavaScript Supply Chain Security
Adam Baldwin
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
Adam Baldwin
Recomendados
Programación funcional en Haskell
Programación funcional en Haskell
Roberto Bonvallet
Ejercicios resueltos Practica 4 informatica II
Ejercicios resueltos Practica 4 informatica II
Alvin Jacobs
Ppt fungsi komposisi
Ppt fungsi komposisi
Novi Komariyatiningsih
Kasus 3.3 akar
Kasus 3.3 akar
istwiariindri
DevOoops (Increase awareness around DevOps infra security) - VoxxedDays Ticin...
DevOoops (Increase awareness around DevOps infra security) - VoxxedDays Ticin...
Gianluca Varisco
Attacking open source using abandoned resources
Attacking open source using abandoned resources
Adam Baldwin
JavaScript Supply Chain Security
JavaScript Supply Chain Security
Adam Baldwin
Building a Threat Model & How npm Fits Into It
Building a Threat Model & How npm Fits Into It
Adam Baldwin
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
Adam Baldwin
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Adam Baldwin
Continuous Security
Continuous Security
Adam Baldwin
Nodevember 2015
Nodevember 2015
Adam Baldwin
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Adam Baldwin
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Adam Baldwin
Node Security Project - LXJS 2013
Node Security Project - LXJS 2013
Adam Baldwin
Security First - Adam Baldwin
Security First - Adam Baldwin
Adam Baldwin
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
Adam Baldwin
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
Adam Baldwin
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010
Adam Baldwin
Más contenido relacionado
Más de Adam Baldwin
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
Adam Baldwin
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Adam Baldwin
Continuous Security
Continuous Security
Adam Baldwin
Nodevember 2015
Nodevember 2015
Adam Baldwin
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Adam Baldwin
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Adam Baldwin
Node Security Project - LXJS 2013
Node Security Project - LXJS 2013
Adam Baldwin
Security First - Adam Baldwin
Security First - Adam Baldwin
Adam Baldwin
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
Adam Baldwin
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
Adam Baldwin
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010
Adam Baldwin
Más de Adam Baldwin
(11)
Hunting for malicious modules in npm - NodeSummit
Hunting for malicious modules in npm - NodeSummit
Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Continuous Security
Continuous Security
Nodevember 2015
Nodevember 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Node Day - Node.js Security in the Enterprise
Node Day - Node.js Security in the Enterprise
Node Security Project - LXJS 2013
Node Security Project - LXJS 2013
Security First - Adam Baldwin
Security First - Adam Baldwin
JSConf 2013 Builders vs Breakers
JSConf 2013 Builders vs Breakers
Writing an (in)secure webapp in 3 easy steps
Writing an (in)secure webapp in 3 easy steps
Pony Pwning Djangocon 2010
Pony Pwning Djangocon 2010
EV1LSHA - Misadventures in the land of Lua
1.
1 EV1 SHA Misadventures in
the land of Lua
2.
Hi. I’m Adam.
3.
4.
@adam_baldwin
5.
6.
&
7.
&
8.
9.
10.
2.6
11.
REDIS LUA ENV
IN _G.__redis__compare_helper() coroutine.status() math.frexp() redis.log() ARGV _G.assert() coroutine.wrap() math.ldexp() redis.pcall() KEYS _G.collectgarbage() coroutine.yield() math.log() redis.sha1hex() select _G.getfenv() debug.debug() math.log10() string.byte() gcinfo _G.getmetatable() debug.getfenv() math.max() string.char() pairs _G.newproxy() debug.gethook() math.min() string.dump() rawget _G.next() debug.getinfo() math.mod() string.find() loadstring _G.pcall() debug.getlocal() math.modf() string.format() ipairs _G.print() debug.getmetatable() math.pow() string.gfind() dofile _G.rawequal() debug.getregistry() math.rad() string.gmatch() setfenv _G.rawset() debug.getupvalue() math.random() string.gsub() load _G.setmetatable() debug.setfenv() math.randomseed() string.len() error _G.tonumber() debug.sethook() math.sin() string.lower() _G.tostring() debug.setlocal() math.sinh() string.match() _G.type() debug.setmetatable() math.sqrt() string.rep() _G.unpack() debug.setupvalue() math.tan() string.reverse() _G.xpcall() debug.traceback() math.tanh() string.sub() cjson.decode() math.abs() redis.LOG_DEBUG string.upper() cjson.encode() math.acos() redis.LOG_NOTICE struct.pack() cjson.encode_keep_buffer() math.asin() redis.LOG_VERBOSE struct.unpack() cjson.encode_max_depth() math.atan() redis.LOG_WARNING table.concat() cjson.encode_number_precision() math.atan2() cmsgpack._COPYRIGHT table.foreach() cjson.encode_sparse_array() math.ceil() cmsgpack._DESCRIPTION table.foreachi() cjson.refuse_invalid_numbers() math.cos() _VERSION table.getn() cmsgpack.pack() math.cosh() math.huge table.insert() cmsgpack.unpack() math.deg() cjson.null table.maxn() coroutine.create() math.exp() math.pi table.remove() coroutine.resume() math.floor() cjson.version table.setn() coroutine.running() math.fmod() redis.call() table.sort()
12.
Available Lua https://gist.github.com/3924845
13.
14.
redis.sh
15.
REDIS-SHA- https://github.com/evilpacket/redis-sha-crack
16.
2
6
17.
1805!
18.
111
| Version 2.4.8 105 | Version 2.4.15 102 | Version 2.4.17 96 | Version 2.2.12 93 | Version 2.4.10 75 | Version 2.4.16 74 | Version 2.4.14 65 | Version 2.4.13 51 | Version 2.2.11 46 | Version 2.4.2
19.
bind
20.
bind
21.
22.
Pure Lua MD5 https://gist.github.com/3647908
23.
loadfile() dofile() debug.d
24.
</ PRESENTATION @adam_baldwin
Notas del editor
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
Descargar ahora