Post-penetration (1)

Others 2020-04-15 21:26:50 views: null

I. Introduction

This article and the following series are limited to the learning of Xiaobai. First of all, let ’s first understand what we want to do. The penetration includes but is not limited to front-end penetration (web security), post-penetration and intranet penetration. Introductory explanation.

 

2. What is post-infiltration

We understand that front-end security includes SQL injection, arbitrary file uploads, XSS, CSRF, logic vulnerabilities, cross-domain vulnerabilities, etc. We know that we all want to exploit or combine these vulnerabilities for getshell. Here we distinguish the difference between getshell and webshell. Webshell is more about obtaining the permissions of the front end. As the name implies, it is generally limited to the addition, deletion and modification of the front end or files; then getshell is to obtain greater permissions. The general idea is to mine vulnerabilities, combine the vulnerabilities or use them to further obtain webshell or background permissions or greater permissions, and then further expand the "fighting results" to getshell.

as follows:

Vulnerability ----》 Background ----》 getshell

or

Vulnerability ----- "getshell

 

3. Several permissions for penetration

1) Background permissions 2) Shell permissions 3) Server permissions 4) Domain control permissions

1), 2) belongs to front-end penetration, 3) 4) belongs to intranet penetration, 2) 3) 4) belongs to post-penetration

 

Four. Trojan classification

Trojans cannot be expanded without expanding the "champions". Below we classify them according to language and Trojan type

1. Classified by language:

We know that the language is basically divided into the following types: php, jsp, jspx, aspx, ashx, asp, asa, cer, cdx

Here we popularize the service environment corresponding to the language:

php: Nginx and Apache

jsp ,jspx :Tomcat(java)

aspx, ashx, asp, asa, athletics, CDX those

2. Classified by Trojan:

In a word Trojan: the code can be only one line, small size

Pony: strong concealment, smaller

Malaysia: Strong functionality, larger

In actual penetration testing, we often encounter a variety of waf interception, and to prevent someone from maliciously using the Trojan, we often confuse our Trojan, and we will not describe the confusion in detail here.

 

5. Know yourselves and know each other, you can't be beaten-system permissions (windows)

Taking into account the object-oriented reasons, Windows is introduced here first, and the knowledge for Linux will be introduced in the future red and blue confrontation.

1. Authority division:

System: system authority; Administrator: management authority (elevation of authority); User: guest authority (administrator can be granted authority)

2. User division:

Administrator: Administrator; Users: ordinary users

3. Permission inheritance factors:

That is, what permissions are used to open some commands or applications, and those commands or applications perform tasks with this permission.

4. Unique IIS permissions (below User):

The picture on the left is for setting the permissions of the iis application in the win host. The picture on the right is the command interface of the simulated kitchen knife. We can find the following unique permissions

IIS apppool\defeatapppool

nt authority\local service

nt authority\network service

nt authority\system

 

Six. Common cmd commands (view and add user permissions) (please pay attention to this article and keep updating):

whoami: current permission

net user: View the user

net user username / password: add user and corresponding password (password is generally letters + numbers + symbols)

net localgroup user group name user name / add: add the specified user to the specified user group

tasklist / svc: View the services corresponding to the programs currently running on the computer

taskkill / f / im program name: end a program with a specified name

taskkill / f / PID ID: End a specified PID process

netstat -ano: Query the communication status of the network connection in the current computer. LISTENING indicates that the port opened by the current computer is in the listening state; ESTABLISHED indicates that the port is in working (communication) state

tasklist / svc | find "port": find the content specified in the output

systeminfo: View detailed information on the current computer

quser: query the current online administrator

logoff: log off the ID of a specified user

shutdown -r: Restart the current computer

 

 

YYK [17 | 6]
Published 25 original articles · Liked 14 · Visits 5445
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_40568770/article/details/89317049
Recommended
The first anniversary of open source, a new version of Qing Language is released
Ranking
Force "git push" to overwrite remote files
flutter cmdline-tools component is missing possible issue.
How Java control project progress?
Notes Python (Python Comments) Detailed usage
The Art of Unit Testing Understanding Why it‘s Importa
Heavy! GitHub releases GLB, an open source load balancing component
Print out the html structure ul li
3.Redis生产环境启动方案
nginx Access 封 IP
Linux shell understanding
Daily
More
2024-06-01(1)
2024-05-31(1)
2024-05-30(0)
2024-05-29(1)
2024-05-28(1)
2024-05-27(1)
2024-05-26(0)
2024-05-25(3)
2024-05-24(12)
2024-05-23(35)

Code World

© 2018 codetd.com