Notice:
Any unauthorized penetration testing is illegal!
Any unauthorized penetration testing is illegal!
Any unauthorized penetration testing is illegal!
How long it takes to dig holes varies from person to person. First, let’s talk about the theoretical basics of hole digging:
- Principles of computer composition, computer network, computer architecture, computer operating system, cryptography, multimedia technology, etc. All of these need to be mastered. In a word, it is the basic course of university computer.
- Programming: Common language foundations such as HTML, CSS, JavaScript, PHP, Java, Python, sql, C, C++, shell, assembly, nosql. Study for two weeks to two or three months!
- In terms of vulnerabilities, there are many types of vulnerabilities, and there will be intersections according to different standards. Hackers must master the formation principles, detection methods, utilization methods, and repair methods of most vulnerabilities. Common website vulnerabilities include sq| injection, XSS, file inclusion, Directory traversal, file upload, information leakage, CSRF, account blasting, various privileges, etc. Common binary vulnerabilities include buffer overflow, heap overflow, integer overflow, format string, etc., and bypass operations are required during analysis System protection mechanism. There are also loopholes in the protocol, such as denial of service of TCP and UDP, DNS hijacking, ARP spoofing, etc. Now industrial control, Internet of Things, AI, etc. also have various loopholes.
- There are too many tools to master. Basically, the current mainstream customer tools must be used proficiently. There should be dozens of them. Here are just a few, nmap, burpsuite, sqlmap, msf, IDA, ollydbg, hydra, rainbow Table, hashid, various scanners such as openvas, awvs, etc.
- There are also websites and communication protocols, client and server, the user enters the URL and clicks to access the server to return the webpage, which involves knowledge, such as JavaScript, http request, web server, database server, system architecture, load balancing, DNS, etc. It is necessary to be proficient, and then talk about the mainstream website development framework. Among them, the three major frameworks of SSH in Java need to know what loopholes, and the mainstream framework of PHP and CMS must be understood. It is best to master the above frameworks, such as weaving dreams. thinkPHP, etc. In addition, you need to understand mainstream database servers such as MySQL, sql server, etc.
If exploiting vulnerabilities involves programming such as TCP, you must know TCP programming. For communication security, you must master the current mainstream encryption algorithms, such as AES, RSA, 3DES and other encryption algorithms. If you want to brute force crack the port , It is necessary to master port blasting techniques, such as the selection and use of dictionaries.
Also, you need to understand how the software runs in the operating system when it is running, how it is loaded from the computer disk file to the memory, how it is laid out, code segments, data segments, stack segments, etc., code parameters are in the stack layout, memory addresses, etc. , In addition, we must understand the protection mechanism of the system such as code execution protection and so on.
There are many things that hackers need to learn, many of which are critical. How far you can go depends on your execution and interest.
Today I will teach you how to dig edu vulnerabilities in batches
0x01
First, we collect links through search engines
site: http://edu.cn payment
I am very greedy for money, so the keyword is "payment"
Here you can see a UESTC payment platform
url: http://cwjf.uestc.edu.cn/payment UESTC payment platform
0x02
Here I registered two accounts
Account 1 user=vcevce pass=vce123~!
Account 2 user=vcevce1 pass=vce123~!
After logging in, click to modify personal information and then capture the packet, you can see that the parameters include our account number?
Try to modify it, change the account number to vcevce1, change the ID number to test and then put the package
Prompt that the modification is successful or prompt 1 means that the modification is successful and indeed there is an ultra vires
After putting the package, switch to vcevce1 to see
You can see the success of the ultra vires
0x03
Now look at the forgotten password interface
You can see that if you forget your password, you only need your ID number and user name to forget your password
Here you can use the unauthorized loophole to modify the ID number of the specified account and then forget the password
Unauthorized Vulnerability -> Reproduce any account and reset password -> High Risk
0x04
Since this link has parallel overreach + arbitrary account reset password
So let's try batches?
site: http://edu.cn inurl:/payment intitle: University payment platform
Use this syntax to search in search engines
You can see many such stations, and then check each one to see if this vulnerability still exists
Achieve batch
Zero-Basic Introduction to Network Security
For students who have never been exposed to network security, I have prepared a detailed learning and growth roadmap for you. It can be said that it is the most scientific and systematic learning route. It is no problem for everyone to follow this general direction. If you need it, you can tell me in the comment area.