How to conduct a network penetration or attack?

In summer internship in network security laboratory, interest dictates of network security aspects of the study, in network penetration in the general procedures and common tools for this record, this is only a summary.

Internet penetration process

Network permeate divided into three phases, the preparation phase, the implementation phase and recovery phase, three phases are essential, are essential part of any part of it can not be ignored.

Osmotic environment: Kali Linux (recommended ten stars, comes with a lot of hack tools, and many related shell under inux environment with very comfortable)

Preparation Phase

Preparation phase is the entire premise of the success of network penetration. In this process, as far as possible to collect information about the website site, a detailed process in another blog post "Seat Management penetration" in the not be listed here, just to mention the need to gather the tools and information.

Information gathering

  • Information Website domain names (including valuable information registered person, place, time registration, etc.)
  • Information Website server (location, registration, registered time, phone, etc.)
  • Gathering system information including OS version, Linux kernel version
  • Using the version information and server software (Apache, Nginx, Tomcat, etc.)
  • Server open ports (80,443,3306,3389, etc.)
  • Whether the site was detected by the firewall WA
  • What site use before and after the end of the frame (MVC or MVVM, or specific information, Django, laravel, Vue, jQuery, flask, etc.,) track: before and after the detection of the end of debug mode is enabled
  • Read the front-end website source code, to find relevant information from the source code

Common vulnerability scanning and analysis

After making information gathering, analysis to find loopholes to begin

Scan the Common Vulnerabilities include, but are not limited to:

  • XSS Cross Site Scripting attacks (when there is a request can attempt to enter or request, mostly using the cookie)
  • CSRF request forgery (conditions more difficult, requiring users to click on malicious links)
  • Clickjacking clickjacking (requires the user to click on a malicious link)
  • SQL injection attacks (you can try, but many now use the framework, vulnerability less)
  • File upload vulnerability (if there are loopholes, it is very cool, direct upload Trojans)
  • Access control, bypassing administrator privileges (certification time)
  • Crack the encryption algorithm (more difficult to understand a little lower)
  • Brute force password ...... (certainly a more violent, but to prevent bad site more useful for some)
  • Various versions of the problem, OS, version of the server software, server language version, if older, you can find vulnerabilities that can be utilized in the related vulnerability database
  • The use of open ports, some servers open extra ports can be utilized (not particularly aware of some specific ports, are experiencing this specific port, please google)
  • Code audit ...... reading can get to the part of the source code to penetrate, if there is more than one site is the same team may be able to read the code for the specific person or team to write code in order to take advantage of speculation style

Attack

  • So many loopholes mentioned above, can be utilized
  • Other attacks:
  • Buffer overflow (and no chance tried)

Buffer overflows are a very common and very dangerous loophole in a variety of operating systems , application software widespread. The use of buffer overflow attacks , can cause the program to fail, system downtime, restart other consequences. More seriously, you can use it to execute unauthorized commands, the system can even get the privilege, and then carry out various illegal operations.

  • DOS, DDOS denial of service attacks (if you have chicken .. or server can use, I do not have access this attack)
  • Trojans, viruses, worms ... (to see if you need to)

Rehabilitation stage

Rehabilitation stage is hidden trail, not to be found webmasters, etc., mainly in two ways.

Springboard technology

During penetration when using a direct attack on their host another device more stupid. It relies on ramp, for example, using its own linked to a host outside the VPN (not branded .. mail and other information), and 3389 broiler remote desktop connection port, using broilers, Xshell connect to remote servers, and then in the shell penetration, the more layers springboard, the more complex to trace them.

Of course, you can also buy an old computer in the secondary market, where there is no camera connected to public wifi penetration, ha ha, then lost on the trip computer.

Modify log

After the invasion of host intrusion of logging operation will certainly be relevant, it needs to be modified to hide the traces of the log, introduce better way to see two

The first is to upload the log removal tool

The second is a backup in case the invasion of all possible modifications of the logs, and then restore the log when you leave, you can write yourself a shell more convenient, custom

How to say the phrase poem:

Sky without leaving traces of birds, but I have flown

Easy to use tool

  • Who.is query DNS records

  • Sameip.org query binding domain server

  • Similar SuperScan namp scanning OS, port, WAS, etc., X-scan

  • DirBuster to scan file that contains the vulnerability of the site, gathering information about files and folders

  • OWASP ZAP and Nikto tools, common vulnerability scanning

  • sqlmap SQL injection scans

  • Hydra password brute

  • antSword be connected webshell

  • Burp Suite packet capture analysis

Tools are just tools, not to be shackled tools, some tools do not do a thing ...... as permeated with, we must learn to respect from every point of possible vulnerabilities, know ourselves victorious.

Come on.

Guess you like

Origin www.cnblogs.com/veeupup/p/12547576.html