Penetration testing foundation

Others 2019-11-20 13:02:06 views: null

Penetration testing foundation

  1. Knowledge of science

    • Script (asp, php, jsp)

    • html(css,js,html)

    • HTTP protocol

    • cms(B/S)

    • MD5

    • Broiler

    • Catching chickens

    • Webshell

    • Loophole

    • Word [Trojan]

    • Put right

    • back door

    • springboard

    • Standing-invasion

    • C segment invasion

      1. 1-255 scan all network sites CMS case
        • To choose their own good at the invasion of CMS, in order to achieve more rapid invasion of segment C
          1. 1-255 scan all ports open case segment
        • First query port, select the site they are good to mention the right to invade, the pain had to mention the right port
        • Use the tools coconut, A D Web Toolkit,
        • Black box testing
          1. Unlike hacking black box testing, the station does not mean black. Black Box Testing is a comprehensive test of the ability of (OS, Datebase, Script, code, ideas, social workers)

    • White-box testing: relative to the black box testing white box is basically initiated from within

    • Gray box testing: between one product based on the white box and black box

  2. Penetration Testing Introduction

    1. Penetration Testing Process

      • clear goal

        • Determine the scope
        • Determination rule
        • Identify needs

      • collect message

        • basic information
        • system message
        • Application Information
        • Version Information
        • Service Information
        • Personnel information
        • Information Protection

      • Vulnerability detection

        • System vulnerabilities
        • Websever Vulnerability
        • web application vulnerabilities
        • Other services Port Vulnerability
        • Communication safety

      • Vulnerability verification

        • Automatic verification
        • Manual verification
        • Login guess
        • Business vulnerability verification
        • The use of public resources

      • Report form

        • Finishing on demand
        • Additional information on
        • Repair recommendations

      • Organize information

      • To obtain the required

        • Finishing penetration tool

        • Collating information

        • Finishing vulnerability information

      • Information Analysis

        • Precision strike

        • Bypass the defense mechanisms

        • Custom attack paths

        • Bypass the detection mechanism

        • Attack code

          Information gathering is the key

          Do not be too impatient to do things

          To learn more, see the source code

          Usually pay attention to gathering 0day

          Ideas are important

  3. Test environment security configuration

Guess you like

Origin www.cnblogs.com/qq2972665955/p/11896906.html
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com