One. Common terms
1. Script (asp, php, jsp) (dynamic scripting language)
2. html (scc, js, html) (static scripting language)
The difference between dynamic and static scripts:
Static script does not interact with the database, it runs directly on the local browser, and the speed is very fast, but you can directly view the source code;
Dynamic scripts will interact with the database, run on the web server, and display the execution results (you can also run in the browser, the source code can be seen)
3. HTTP protocol
4、 CMS(B/S)
5. MD5 (irreversible, the common MD5 decryption website actually encrypts some plaintext to form a library, collides the ciphertext with the information in the library during query, and finally gets the plaintext)
6. Broiler chicken, claw chicken, springboard
7. In a word, pony, malaysia, webshell, privilege escalation, backdoor, springboard
Here, "sentence, pony, malaysia" is collectively called webshell;
Elevation of power is a process in which we obtain the management power of the target;
The springboard is when we penetrate the target machine to prevent tracking to our local IP. We control the broiler to penetrate the target machine. This broiler is a springboard.
8. Source code packaging, off-site
9. Sniffing, rookit
10 、 little
Simply put, it is a testing process
For example, to check the SQL injection of a website:
?id=1’
?id=1 and 1=1
?id=1 and 1=2
This process is a poc, he is just a verification process without results.
11、exp
It is to realize the attack and get what we want. Unlike poc, there must be a result in the end.
Second, penetration testing
渗透测试 (penetration test)并没有一个标准的定义,国外一些安全组织达成共识的通用说法是:渗透测试是通过模拟恶意黑客的攻击方法,来评估计算机网络系统安全的一种评估方法。这个过程包括对系统的任何弱点、技术缺陷或漏洞的主动分析,这个分析是从一个攻击者可能存在的位置来进行的,并且从这个位置有条件主动利用安全漏洞。
换句话来说,渗透测试是指渗透人员在不同的位置(比如从内网、从外网等位置)利用各种手段对某个特定网络进行测试,以期发现和挖掘系统中存在的漏洞,然后输出渗透测试报告,并提交给网络所有者。网络所有者根据渗透人员提供的渗透测试报告,可以清晰知晓系统中存在的安全隐患和问题。
我们通常认为渗透测试还具有的两个显著特点是:渗透测试是一个渐进的并且逐步深入的过程。渗透测试是选择不影响业务系统正常运行的攻击方法进行的测试。(源自百度百科)说的直白点,就是入侵,目的是发现网络隐患。
3. Process
Clear target information collection Vulnerability detection Vulnerability verification
Write report information and organize to obtain required information analysis
4. Environment
The installation of HTTP target website for the installation of virtual machine target target system
Five, HTTP protocol
超文本传输协议(HTTP,HyperText Transfer Protocol)是互联网上应用最为广泛的一种网络协议。所有的WWW文件都必须遵守这个标准。设计HTTP最初的目的是为了提供一种发布和接收HTML页面的方法。(源自百度百科)说得直白点就是一种规则,公认的约束,要想上网就必须遵循这种规则。
把域名翻译成IP地址的软件称为域名系统,即DNS。它是一种管理名字的方法。这种方法是:分不同的组来负责各子系统的名字。系统中的每一层叫做一个域,每个域用一个点分开。所谓域名服务器(即Domain Name Server,简称Name Server)实际上就是装有域名系统的主机。它是一种能够实现名字解析(name resolution)的分层结构数据库。在我们上网的过程中,会在地址栏里输入地址然后点击确定,就可以连接到相应的页面。在这个过程中,我们输入的那一串字符其实并没有什么意义,重点是将那串字符解析成的IP地址才是重点,那一串字符仅仅是为了方便人们记忆,如果在地址栏里输入相应的IP也一样可以连接到我们想去的网页。
There are 13 DNS root servers worldwide, distributed as follows:
2 units of VeriSign, USA
1 network management organization IANA (Internet Assigned Number Authority)
1 RIPE-NCC (Resource IP Europeens Network Coordination Centre)
1 unit of American PSINet
US ISI (Information Sciences Institute) 1
US ISC (Internet Software Consortium) 1
1 University of Maryland
1 NASA
1 US Department of Defense
1 US Army Research Institute
Norway NORDUnet 1
Japan WIDE (Widely Integrated Distributed Environments) research project 1
1. http response status code
2. http URL
Url is a uniform resource locator, which is what we often refer to as a URL. It is a concise representation of the location and access method of resources available on the Internet, and is the address of a standard resource on the Internet. Each file on the Internet has a unique URL, which contains information indicating the location of the file and how the browser should handle it.
We can judge the operating system type of its server by address
E.g:
http://www.xxx.xxx.com/admin/index.php
For Windows, the case of the file name will not be distinguished. If you enter index.php and index.PHP, no error will be reported;
But for the Linux system, it is case-sensitive. Entering index.php will not report an error, and index.PHP will report an error.
3. http header
200 response code
date
content-type type
Accept-charset The character set acceptable by the browser
Content-length indicates the length of the body of the request message
Cookie is one of the important information
http ?/www.xxx.xxx.com/IPsot=373
4. http request
GET Pass the value by the URL. The value is clear and unsafe.
POST
OPTIONS
PUT
MOVE
DELETE
TRACE
5. HTTP misconfiguration will lead to security holes
There are PUT and MOVE methods on the server. At this time, you can transfer a webshell.txt through PUT and then use the MOVE method to resolve the vulnerability to get the webshell. (MOVE the same file in the same folder is to change the name)
6. Security risks in HTTP header files
Usually used in PHP _SERVER [" HTTP_X_FORWARDED_FOR "] to obtain IP.
So you can attack by modifying X-Forwarded-For: and client-ip: in the http header.
Break through the server access limit IP
http header injection attack
注入 X-Forwarded-For:1.1.1.1’
In the transmission of ip, the insert into update method is used to transmit the modified information. Using the above method, it is possible to form an injection attack by reporting an error.
7. https protocol
https is actually composed of two parts: http + ssl / TLS
Added a layer to HTTP to process encrypted information
8. Environment construction
Windows:
Iis+asp/aspx/php/+mysql/sqlserver/access
