Ethical Hacking - Web Penetration Testing(2)
INFORMATION GATHERING
- IP address.
- Domain name Info.
- Technologies used.
- Other websites on the same server.
- DNS records.
- Unlisted files, sub-domains, directories.
1. Whois Lookup - Find info about the owner of the target. ()
-> http://whois.domaintools.com/ https://www.whois.net/ etc.
2. Netcraft Site Report - Shows technologies used on the target.
-> http://toolbar.netcraft.com/site_report
Such as :https://sitereport.netcraft.com/?url=https%3A%2F%2Fwww.hackthissite.org%2F
3. Robtex DNS lookup - Shows comprehensive info about the target website.
4. Discovering Websites On the Same Server
- One server can serve a number of websites.
- Gaining access to one can help gaining access to others.
To find websites on the same server:
(1) Use Robtex DNS lookup under"names pointing to same IP".
(2) Using bing.com, search for ip:[target ip]
5. Discovering subdomains
- Subdomain.target.com
- Ex:https://www.hackthissite.org/
Knock can be used to find subdomainings of target.
(1)Download > git clone https://github.com/guelfoweb/knock.git
(2)Navigate to knock.py >cd knock/knock.py
(3)Run it > python knock.py [target]
6. Discovering Sensitive Files
Find files&directories in target website
Tool: drib
dirb [target] [worlist] [options]
For more info run > man dirb
Analysing Discovered Files
---- Scanning URL: http://10.0.0.24/mutillidae/ ----
==> DIRECTORY: http://10.0.0.24/mutillidae/classes/
+ http://10.0.0.24/mutillidae/credits (CODE:200|SIZE:509)
==> DIRECTORY: http://10.0.0.24/mutillidae/documentation/
+ http://10.0.0.24/mutillidae/favicon.ico (CODE:200|SIZE:1150)
+ http://10.0.0.24/mutillidae/footer (CODE:200|SIZE:450)
+ http://10.0.0.24/mutillidae/header (CODE:200|SIZE:19879)
+ http://10.0.0.24/mutillidae/home (CODE:200|SIZE:2930)
==> DIRECTORY: http://10.0.0.24/mutillidae/images/
+ http://10.0.0.24/mutillidae/inc (CODE:200|SIZE:386260)
==> DIRECTORY: http://10.0.0.24/mutillidae/includes/
+ http://10.0.0.24/mutillidae/index (CODE:200|SIZE:24237)
+ http://10.0.0.24/mutillidae/index.php (CODE:200|SIZE:24237)
+ http://10.0.0.24/mutillidae/installation (CODE:200|SIZE:8138)
==> DIRECTORY: http://10.0.0.24/mutillidae/javascript/
+ http://10.0.0.24/mutillidae/login (CODE:200|SIZE:4102)
+ http://10.0.0.24/mutillidae/notes (CODE:200|SIZE:1721)
+ http://10.0.0.24/mutillidae/page-not-found (CODE:200|SIZE:705)
==> DIRECTORY: http://10.0.0.24/mutillidae/passwords/
+ http://10.0.0.24/mutillidae/phpinfo (CODE:200|SIZE:48828)
+ http://10.0.0.24/mutillidae/phpinfo.php (CODE:200|SIZE:48840)
+ http://10.0.0.24/mutillidae/phpMyAdmin (CODE:200|SIZE:174)
+ http://10.0.0.24/mutillidae/register (CODE:200|SIZE:1823)
+ http://10.0.0.24/mutillidae/robots (CODE:200|SIZE:160)
+ http://10.0.0.24/mutillidae/robots.txt (CODE:200|SIZE:160)
==> DIRECTORY: http://10.0.0.24/mutillidae/styles/ ---- Entering directory: http://10.0.0.24/mutillidae/classes/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://10.0.0.24/mutillidae/documentation/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://10.0.0.24/mutillidae/images/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://10.0.0.24/mutillidae/includes/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://10.0.0.24/mutillidae/javascript/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://10.0.0.24/mutillidae/passwords/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://10.0.0.24/mutillidae/styles/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway) -----------------
END_TIME: Fri Feb 7 16:46:55 2020
DOWNLOADED: 4612 - FOUND: 18
The URL in Red is useful to discove.
For example:
Gethering information is important, while it is harder to get useful information than before.
Ethical Hacking - Web Penetration Testing(2)的更多相关文章
- Ethical Hacking - Web Penetration Testing(13)
OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to ...
- Ethical Hacking - Web Penetration Testing(8)
SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(userna ...
- Ethical Hacking - Web Penetration Testing(10)
SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...
- Ethical Hacking - Web Penetration Testing(6)
REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ...
- Ethical Hacking - Web Penetration Testing(1)
How to hack a website? An application installed on a computer. ->web application pen-testing A co ...
- Python Ethical Hacking - WEB PENETRATION TESTING(1)
WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. ...
- Python Ethical Hacking - WEB PENETRATION TESTING(2)
CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories ...
- Ethical Hacking - Web Penetration Testing(12)
XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page ...
- Ethical Hacking - Web Penetration Testing(11)
SQL INJECTION Preventing SQLi Filters can be bypassed. Use a blacklist of commands? Still can be byp ...
- Ethical Hacking - Web Penetration Testing(9)
SQL INJECTION Discovering SQLi in GET Inject by browser URL. Selecting Data From Database Change the ...
随机推荐
- vue+ajax的实现
html <tr> <td>用户名</td> <td id="t01"><input type="text" ...
- Mac App破解之路九 vscode插件破解
破解对象: luaide 破解目的:学习如何破解vscode插件 破解背景: vsscode用了这么多年,安装了很多插件,其中luaide插件是收费的. 说实话,100块并不贵, 我本来准备买的. ...
- Day7-微信小程序实战-引入iconfont(充分利用iconfont图标库的资源)
一.引入iconfont 首先在iconfont.com中注册登陆: 点击上方[图标管理]并进入我的项目 注意:如果没有项目的话,就点击右边的来创建项目 在官网中找到想要的图标之后,以SVG的形式下载 ...
- 项目实战:Qt手机模拟器拉伸旋转框架
若该文为原创文章,未经允许不得转载原博主博客地址:https://blog.csdn.net/qq21497936原博主博客导航:https://blog.csdn.net/qq21497936/ar ...
- SpringBoot读取application.properties中文乱码
[本文版权归微信公众号"代码艺术"(ID:onblog)所有,若是转载请务必保留本段原创声明,违者必究.若是文章有不足之处,欢迎关注微信公众号私信与我进行交流!] 解决方案 在ID ...
- React实战教程之从零开始手把手教你使用 React 最新特性Hooks API 打造一款计算机知识测验App
项目演示地址 项目演示地址 项目代码结构 前言 React 框架的优雅不言而喻,组件化的编程思想使得React框架开发的项目代码简洁,易懂,但早期 React 类组件的写法略显繁琐.React Hoo ...
- Django实现图片上传并前端页面显示
Django实现图片上传和图片显示 开始之前我们先确认环境中已经安装了Pillow,如果没有安装,可以通过pip install Pillow来安装,这个是python的图像处理库 数据库设置 我们创 ...
- Java是如何实现Future模式的?万字详解!
JDK1.8源码分析项目(中文注释)Github地址: https://github.com/yuanmabiji/jdk1.8-sourcecode-blogs 1 Future是什么? 先举个例子 ...
- 搭建hadoop伪集群
基础设置:jdk.ssh. 1.操作系统.环境.网络.必须软件 2.关闭防火墙 3.设置hosts映射 4.时间同步 5.安装jdk 6.设置ssh免秘钥部署配置:初始化运行:命令行使用:
- 小师妹学JVM之:JIT中的PrintAssembly续集
目录 简介 JDK8和JDK14中的PrintAssembly JDK8中使用Assembly JDK14中的Assembly 在JMH中使用Assembly 总结 简介 上篇文章和小师妹一起介绍了P ...