1. IP address
Internet Protocol address (in English: Internet Protocol Address, and translated into Internet Protocol addresses ), abbreviated as IP address (in English: IP Address), is assigned to the network using the Internet Protocol (English: Internet Protocol, IP) of digital label equipment. Common IPv4 and IPv6 IP address is divided into two categories, but there are other unusual small class.
2. VPS
Virtual Private Server (Virtual Private Server), is to divide a single server into multiple virtual servers exclusive service. Realization of VPS technology is divided into containers and virtual machine technology. In containers or virtual machines, each VPS can be assigned an independent public network IP address, operating system independent, to achieve isolation between different VPS configuration of disk space, memory, CPU resources, processes and systems, and applications for users to simulate " exclusive "use of computing resource.
3. Port
in the network technology, the port (Port) generally has two meanings: First, the interface ports on the physical meaning, such as, ADSL Modem, hubs, switches, routers are used to connect to other network devices, such as a RJ-45 port , SC port and the like; Second port logical sense, generally refers to the 80-port TCP / IP protocol port, port numbers range from 0 to 65535, for example, web browsing services, and services for FTP 21 port and so on.
4. Trojan word
line of code Trojans. Energetic, and powerful, hidden very well.
The Malaysian
relatively large size, typically more than 50K. Multi-function also generally include a reference to the right to command, disk management, database connection excuse to execute commands and even some mention the right to have own features and compression, decompression procedures of the site features. This horse hidden bad, and most of the code is not encrypted, then as many antivirus vendors began to kill such programs.
6. Webshell
in a command presence asp, php, jsp cgi or other web documents in the form of the execution environment, which may be referred to as a page back door. Hackers invaded after a site will usually asp or php backdoor file and web server directory under WEB mix normal web page file, then you can use the browser to access the asp or php back door, get a command execution environment, in order to achieve the purpose control web server.
7. URL
Uniform Resource Locator (English: Uniform Resource Locator, abbreviated: URL; also known as a Uniform Resource Locator, Locator, URL address [1], commonly known as web page address or URL for short) is the address on the Internet standard resource ( Address), as numbers on the network. It was originally developed by Tim Berners - Lee invented the World Wide Web is used as an address, and now it has been prepared for the World Wide Web Consortium Internet standard RFC 1738.
In the history of the Internet, the Uniform Resource Locator of the invention is a very basic step. Uniform Resource Locator syntax is general, scalable, which uses part of the American Standard Code for Information Interchange to indicate the address of the Internet. Start a Uniform Resource Locator, and usually marks the network protocol used by a computer network.
Uniform Resource Locator is the standard format is as follows:
[协议类型]://[服务器地址]:[端口号]/[资源层级UNIX文件路径][文件名]?[查询]#[片段ID]
Uniform Resource Locator complete format is as follows:
[协议类型]://[访问资源需要的凭证信息]@[服务器地址]:[端口号]/[资源层级UNIX文件路径][文件名]?[查询]#[片段ID]
Wherein [access credentials information], [port number], [Search], [fragment ID] are all optional.
8. mention the right
to improve their rights in the server, the main site for the invasion process, when the invasion of a Web site, through a variety of loopholes to enhance WEBSHELL won rights to the server permissions.
9. POC
Proof of Concept (English: Proof of concept, referred to as POC) is not complete implementation of some of the ideas of a short, to prove its feasibility demonstration of its principles, its purpose is to verify some of the concepts or theory. Proof of concept is often considered a prototype implementation of the landmark.
In computer security term, often used as a proof of concept 0day, exploit alias. (Usually refers to exploit and did not take advantage of this loophole)
10. EXP
exploit (English: Exploit, intended to "use") is a computer security terminology, refers to the use of certain loopholes in the program to get control of the computer (so I have written code that has bugs across the restrictions to obtain permission to run). In English, this word is a noun that means attack program to exploit written that exploits.
Often you can see a program called ExploitMe. Such a program is a program with a security breach intentional written, usually to practice writing Exploit program.
11. payload
in the field of computer science and telecommunications, the load (English: Payload) is the actual data transmission information to be transmitted is usually also referred to the actual data or data thereof. Header metadata, otherwise known as overhead data, only for transmission of auxiliary data. [1] [2]
In the field of computer viruses or computer worms, the load refers to a part of harmful actions, for example: data destruction, such as spamming.
The shellcode 12.
the shellcode is a piece of software vulnerabilities for which exploit code is executed, shellcode in hexadecimal code of the machine, with its often allow an attacker to gain shell named. shellcode often written in machine language. After eip register can overflow, stuffed some shellcode that allows the CPU to execute machine code, so that the computer can execute arbitrary code of the attacker (payload).
13. CMS
content management system (English: content management system, abbreviated as CMS) means that in a cooperative mode, a system for managing workflow. The system can be applied manually, or may be applied to a computer or network. As a central storage (central repository), the content management system can store the content and having a focus group management, version control and other functions. Version control is a content management system's main advantage.
Content management system in the article or copy or store the data, control, revision (inventory), enrich the language aspects, document publishing and so has a wide range of applications available. Now popular open source CMS system WordPress, Joomla!, Drupal, Xoops , CmsTop and so on.
14. Serialization and deserialization
serialization (serialization) in computer science data processing means to convert the data structure or object state to a desirable format (e.g., a separate file, stored in a buffer, or sent via a network) to be left to a subsequent process in the same or another computer environment, can restore the original state. When re-acquisition result byte sequence in accordance with the format, it can be used to produce a copy of the original object with the same semantics. For many objects, such as the use of large amounts of complex object reference, such a sequence of reconstruction process is not easy. Object-oriented object serialization, no generalization relationship function before the original object. This process is also called marshalling objects (marshalling). Extracting from the data structure of a reverse operation of a series of bytes, it is deserialized (also called marshalling solution, deserialization, unmarshalling).
Serialization in computer science usually have the following definitions:
For synchronous control, express to force a single visit at the same time.
In the data storage and transmission means is part of an object stored in a storage medium such as a file or memory buffer and the like, or a process of encoding transmission data transmitted through the network, may be a byte or XML format. And byte coding format or XML object can be restored exactly equal. This application program is transmitted between different application objects, and the server to store the object files or databases. The reverse process is also known as deserialization.
15. Fuzz Test
fuzz (fuzz testing, fuzzing) is a software testing techniques. Its core idea is to generate automatic or semiautomatic input random data into a program, and the monitoring program exceptions, such as a crash, the assertion (the assertion) fails to detect possible bugs, such as a memory leak. Fuzz testing is often used for security vulnerability detection software or computer system.
Fuzzing was first proposed by Barton Miller at the University of Wisconsin in 1988. [1] [2] Their work not only unstructured random test data, the system also utilizes a range of tools to analyze a variety of software on different platforms, and the errors found by the test were analyzed system. In addition, they also disclosed the source code, test procedures and the results of the original data.
Fuzzing tools are mainly divided into two categories, test variation (mutation-based) and generate test (generation-based). Fuzzy white box tests may be used, gray or dark test cartridge. [3] file formats and network protocols is the most common test target, but any program input can be used as test subjects. Common environment variables have input, mouse and keyboard events and API call sequence. Even not normally be considered as an object to be tested can also be input, such as data or the shared memory database.
For safety-related test, those credible data across borders is the most interesting. For example, those fuzzy test code that handles any user to upload a file is more important than the code test to resolve the server configuration file. Often because the server configuration file can be changed only certain privileged users.
16. chopper
" Chinese chopper " is a technology developed by Taiwan's large cattle web shell back door. On the only technical, "Chinese chopper" Configuration is simple, powerful, easy to use, can be said to be a powerful easy to use "web management tool."
0day 17. The
0DAY vulnerability first crack is designed for software, called WAREZ, later developed into other content games, music, film and the like. 0day of 0 means zero, early 0day represent the cracked version will appear within 24 hours after the release of the software, and now we've extended this meaning, as long as after the release of software or other things, related to the crack appeared in the shortest time , can be called 0day. 0day is a general term, all of the crack can be called 0day.
