[Penetration Test One]: Basic

Others 2020-04-18 11:53:15 views: null

 

table of Contents

Common terms

Penetration testing process:

Learning environment configuration

HTTP protocol

Website building configuration

 

Common terms

1. The script (asp, php, jsp) is not visible in the foreground

2. html (css, js, html) interpreted language, visible in the foreground (right click-check, F12)

3. HTTP protocol

4. CMS (B / S) content management system,

A content management system (CMS) is a software system located between the WEB front end (Web server) and the back-end office system or process (content creation, editing). Content creators, editors, and publishers use content management systems to submit, modify, approve, and publish content. The "content" referred to here may include files, tables, pictures, data in databases, and even videos, and everything you want to post to the Internet, intranet, and extranet websites.

Content management can also optionally provide content crawling tools to automatically capture third-party information sources, such as text files, HTML pages, Web services, and relational databases, and put them into their own content libraries after analysis and processing .

With the development of personalization, content management also assists the WEB front end to provide content to content users in a personalized manner, that is, to provide a personalized portal framework to better push content to the user's browser based on WEB technology .

Like if we write a web page by ourselves, it is impossible to write it by ourselves.

Common CMS:

  • dedecms (weaving dreams) education hospital, better SU promotion, many loopholes
  • dz (discuz) Forum
  • 08cms cars, real estate
  • south
  • Empire Enterprise First Choice
  • pageadmin enterprise
  • wordpress blog type
  • Cavalier cms recruitment
  • Ocean videos

(We do penetration testing, we must analyze the cms used by the website, the corresponding cms will have corresponding vulnerabilities)

5 、 MD5

The passwords we grab on the website are generally a series of hash values ​​(16-bit or 32-bit) encrypted with MD5

There are 20 bits of dedecms, and four bits are deleted (go three before go one)

https://www.cmd5.com/

6. Broiler (and the controlled host)

Catch the chicken (control the process of being host)

springboard:

7. In a word, ponies and horses (trojans) themselves are useless.

 In a word:

<?php @eval($_POST['XX'])>

pony:

Upload Malaysia

Malaysia:

Full-featured

webshell backdoor

Elevation of authority, backdoor

8. Source code packaging (the source code of the entire website is packaged and downloaded), off pants (the sensitive information of the database is taken out, generally the user data (user table) is taken off)

9. Sniffing (capturing packets, analyzing the obtained network data), rookit (hidden backdoor)

10. Undisclosed vulnerabilities at 0day

(Caught chicken is particularly serious, you can buy it)

 

Penetration testing process:

Penetration test does not have a standard definition. A common saying reached by some foreign security organizations is that penetration test is an evaluation method that evaluates the security of computer network systems by simulating the attack method of malicious hackers . This process includes active analysis of any weaknesses, technical defects, or vulnerabilities in the system. This analysis is conducted from a location where an attacker may exist, and from this location, conditions are used to actively exploit security vulnerabilities.

In other words, penetration testing refers to the penetration of personnel to test a specific network in various locations (such as from the internal network, from the external network, etc.), with a view to discovering and digging the loopholes in the system, Then output the penetration test report and submit it to the network owner. Based on the penetration test report provided by the penetration personnel, the network owner can clearly know the security risks and problems in the system.

  • Clear goals (website, system, network segment
  • Information collection (60% to 80% of the entire test (cms background dns port ip whois)
  • Vulnerability detection (sql injection xss file upload and download vulnerability variable coverage code execution weak password 
  • Vulnerability verification (esp poc poc is enough

Exp (Exploit) vulnerability exploit, generally a demo program

Poc. (Proof of Concept) vulnerability verification is generally a sample used to prove and reproduce

  • write report
  • Information collation
  • Get what you need
  • Information analysis

 

Learning environment configuration

 

Virtual machine application configuration

Test system installation

HTTP protocol

Hypertext Transfer Protocol (English: H yper T EXT  T ransfer  P rotocol, abbreviation: HTTP) is an application layer protocol distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication on the World Wide Web.

http response code

200: Successful client request, the most common state

302: Redirect

404: The requested resource does not exist, the most common state

400: The client request has a syntax error that cannot be understood by the server

401: Unauthorized request

403: The server receives the request, but refuses to provide the service

500: Internal server error, the most common state

503: The server is currently unable to process the client's request, and it can return to normal after a period of time

 

http url

The uniform resource locator (uniform resource locator; URL) is a representation method for specifying the location of information on the World Wide Web service program on the Internet.

E.g:

Standard format: https://www.cracer.com:80/ admin / index.php

Determine the operating system of the server

Windows is not case sensitive

Case Sensitive 

https://www.baidu.com/index.phP

Return to normal, it is win, responsible for linux

Pseudo-static

Generally it can be tested by index.asp index.jsp index.php

http header

http request method:

GET

POST

PUT

MOVE

Potential security risks in HTTP headers

Note: The security dog ​​obtains the client ip through the three-way handshake of tcp

HTTPS protocol

HTTPS protocol is  a network protocol that can be encrypted transmission and identity authentication constructed by HTTP plus  TLS / SSL protocol, mainly through digital certificates , encryption algorithms , asymmetric keys and other technologies to complete Internet data transmission encryption to achieve Internet transmission security protection.

Website building configuration

ip

port

domain name

Same IP, same port, different domain name

All the technical theories involved in this article are only used for technical research, please do not use them as malicious means

Technology innocence

 

Companion
Published 58 original articles · Like 28 · Visits 3714
Private letter concerns

Guess you like

Origin blog.csdn.net/weixin_43252204/article/details/105555882
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com