table of Contents
Learning environment configuration
Website building configuration
Common terms
1. The script (asp, php, jsp) is not visible in the foreground
2. html (css, js, html) interpreted language, visible in the foreground (right click-check, F12)
3. HTTP protocol
4. CMS (B / S) content management system,
A content management system (CMS) is a software system located between the WEB front end (Web server) and the back-end office system or process (content creation, editing). Content creators, editors, and publishers use content management systems to submit, modify, approve, and publish content. The "content" referred to here may include files, tables, pictures, data in databases, and even videos, and everything you want to post to the Internet, intranet, and extranet websites.
Content management can also optionally provide content crawling tools to automatically capture third-party information sources, such as text files, HTML pages, Web services, and relational databases, and put them into their own content libraries after analysis and processing .
With the development of personalization, content management also assists the WEB front end to provide content to content users in a personalized manner, that is, to provide a personalized portal framework to better push content to the user's browser based on WEB technology .
Like if we write a web page by ourselves, it is impossible to write it by ourselves.
Common CMS:
- dedecms (weaving dreams) education hospital, better SU promotion, many loopholes
- dz (discuz) Forum
- 08cms cars, real estate
- south
- Empire Enterprise First Choice
- pageadmin enterprise
- wordpress blog type
- Cavalier cms recruitment
- Ocean videos
(We do penetration testing, we must analyze the cms used by the website, the corresponding cms will have corresponding vulnerabilities)
5 、 MD5
The passwords we grab on the website are generally a series of hash values (16-bit or 32-bit) encrypted with MD5
There are 20 bits of dedecms, and four bits are deleted (go three before go one)
6. Broiler (and the controlled host)
Catch the chicken (control the process of being host)
springboard:
7. In a word, ponies and horses (trojans) themselves are useless.
In a word:
<?php @eval($_POST['XX'])>
pony:
Upload Malaysia
Malaysia:
Full-featured
webshell backdoor
Elevation of authority, backdoor
8. Source code packaging (the source code of the entire website is packaged and downloaded), off pants (the sensitive information of the database is taken out, generally the user data (user table) is taken off)
9. Sniffing (capturing packets, analyzing the obtained network data), rookit (hidden backdoor)
10. Undisclosed vulnerabilities at 0day
(Caught chicken is particularly serious, you can buy it)
Penetration testing process:
Penetration test does not have a standard definition. A common saying reached by some foreign security organizations is that penetration test is an evaluation method that evaluates the security of computer network systems by simulating the attack method of malicious hackers . This process includes active analysis of any weaknesses, technical defects, or vulnerabilities in the system. This analysis is conducted from a location where an attacker may exist, and from this location, conditions are used to actively exploit security vulnerabilities.
In other words, penetration testing refers to the penetration of personnel to test a specific network in various locations (such as from the internal network, from the external network, etc.), with a view to discovering and digging the loopholes in the system, Then output the penetration test report and submit it to the network owner. Based on the penetration test report provided by the penetration personnel, the network owner can clearly know the security risks and problems in the system.
- Clear goals (website, system, network segment
- Information collection (60% to 80% of the entire test (cms background dns port ip whois)
- Vulnerability detection (sql injection xss file upload and download vulnerability variable coverage code execution weak password
- Vulnerability verification (esp poc poc is enough
Exp (Exploit) vulnerability exploit, generally a demo program
Poc. (Proof of Concept) vulnerability verification is generally a sample used to prove and reproduce
- write report
- Information collation
- Get what you need
- Information analysis
Learning environment configuration
Virtual machine application configuration
Test system installation
HTTP protocol
Hypertext Transfer Protocol (English: H yper T EXT T ransfer P rotocol, abbreviation: HTTP) is an application layer protocol distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication on the World Wide Web.
http response code
200: Successful client request, the most common state
302: Redirect
404: The requested resource does not exist, the most common state
400: The client request has a syntax error that cannot be understood by the server
401: Unauthorized request
403: The server receives the request, but refuses to provide the service
500: Internal server error, the most common state
503: The server is currently unable to process the client's request, and it can return to normal after a period of time
http url
The uniform resource locator (uniform resource locator; URL) is a representation method for specifying the location of information on the World Wide Web service program on the Internet.
E.g:
Standard format: https://www.cracer.com:80/ admin / index.php
Determine the operating system of the server
Windows is not case sensitive
Case Sensitive
https://www.baidu.com/index.phP
Return to normal, it is win, responsible for linux
Pseudo-static
Generally it can be tested by index.asp index.jsp index.php
http header
http request method:
GET
POST
PUT
MOVE
Potential security risks in HTTP headers
Note: The security dog obtains the client ip through the three-way handshake of tcp
HTTPS protocol
HTTPS protocol is a network protocol that can be encrypted transmission and identity authentication constructed by HTTP plus TLS / SSL protocol, mainly through digital certificates , encryption algorithms , asymmetric keys and other technologies to complete Internet data transmission encryption to achieve Internet transmission security protection.
Website building configuration
ip
port
domain name
Same IP, same port, different domain name
All the technical theories involved in this article are only used for technical research, please do not use them as malicious means
Technology innocence