1 漏洞扫描
2 Web漏洞扫描器
3 AWVS
4 安装Linux Awvs
4.1 安装与激活
root@kali:~/awvs/acunetix_trial.sh# ./acunetix_trial.sh
Acunetix Installer Version: v_190325161, Copyright (c) Acunetix
------------------------------------------------------------
Checking os...
Checking for dependencies...
Please read the following License Agreement. You must accept the terms of this
agreement before continuing with the installation.
press ENTER to continue
>>>
END-USER LICENSE AGREEMENT
Definitions
"End-User License Agreement" ("EULA") or "License" means this End-User License
Agreement.
"You", or "Licensee", or "End-User" means an individual or a single entity,
corporate or other statutory body with legal personality that is granted a
License by Acunetix Ltd, and is deemed to hold that License.
U.S. Government exception for definition of "You", "Licensee" or "End-User":
In the event that the customer is a United States (U.S.) Government customer, as
per General Service Administration (GSA) Schedule contracts or similar
government frameworks, then "You", or "Licensee", or "End-User" is defined as an
"entity authorized to order under GSA Schedule contracts as defined in"
respective GSA Orders, "as may be revised from time to time" and the term
definition as an "individual" is strictly excluded. The Licensee cannot be an
individual because any implication of individual licensing triggers the
requirements for legal review by Federal Employee unions. Conversely, because of
competition rules, the contractor must be defined as a single entity even if the
contractor is part of a corporate group. The Government cannot contract with a
Accept the license terms? [yes|no]
[no] >>> yes
Configuring acunetix user...
Creating user acunetix.
By default the Acunetix will be installed to /home/acunetix/.acunetix_trial
Checking database port...
Checking backend port...
Configuring hostname...
Insert new hostname, or leave blank to use kali
Hostname [kali]:kali01
Configuring the master user...
Email: kali01@qq.com
Password:
Password again:
Passwords don't match
Password:
Password again:
Initializing file system...
Extracting files to /home/acunetix/.acunetix_trial....
Installing the database...
Starting the database process...
- Create database
- Populate database
- Add new vulnerability data
- Creating the master user
Stopping the database process...
Generating certificates...
Generating certificate authority & certificates
Generating Certificate Authority
Certificate Authority Generation Succesful
Generating Certificate....
Certification Geneation Succesful
Saving settings...
Creating the startup script...
Registering service...
Created symlink /etc/systemd/system/multi-user.target.wants/acunetix_trial.service → /etc/systemd/system/acunetix_trial.service.
Adding LSR shortcuts...
Creating uninstall...
Please visit https://kali01:13443/ to access Acunetix UI
root@kali:/home/acunetix/.acunetix_trial/v_190325161/scanner# chmod 777 patch_awvs
root@kali:/home/acunetix/.acunetix_trial/v_190325161/scanner# ./patch_awvs
< xs3c.co >
------------
\ ,__,
\ (oo)____
(__) )\
||--|| *
Crack by bigchan.Tested on v_190325161.
Usage: Copy me to the scanner folder and run as root.
Check environment.
Generating license.
Patch executable.
Jobs done, there you go.
root@kali:/home/acunetix/.acunetix_trial/v_190325161/scanner#
4.2 开放13443端口 kali ip访问(使用ufw)
一、首先需要安装ufw命令
# apt-get install ufw
二、ufw命令使用实例如下:
检查防火墙的状态(默认 inactive) # ufw status
防火墙版本 # ufw version
启动ufw防火墙 # ufw enable
关闭ufw防火墙 # ufw disable
默认禁止访问所有 # ufw default deny
开放22/TCP端口 # ufw allow 22/tcp
开放53端口(tcp/udp) # ufw allow 53
禁止外部访问 # ufw deny 3306
删除已经添加过的规则 # ufw delete allow 22
允许此IP访问所有的本机端口 # ufw allow from 192.168.1.100
删除上面的规则 # ufw delete allow from 192.168.1.100
查看规则,显示行号 # ufw status numbered
删除第三条规则 # ufw delete 3
关闭ufw # ufw disable
禁止对8888端口的访问 # ufw deny 8888
打开来自192.168.0.1的tcp请求的22端口 # ufw allow proto tcp from 192.168.0.1 to any port 22
扫描:
5 演示
以上图盲sql注入为例:
把id的值换成项目中给的值,测试即可
空页面 延迟为6s
确认注入点。
同时项目界面也会同步请求。
下一步可获取管理员账户和密码
6 修改密码
