1、 an SQLi vulnerability will allow you  to do the  following

  • query the database using select statement forezample users table. you might get the password or usersname
  • Bypass the login page executing successfuly query results
  • Execute system commands in the database in oreder compromise the web server
  • Execute inserts.delete commands to manipulate the records in the database

2、Command Injection

we can append other commands after the variable and the application will be to execute it for us , my goal is to make the backend execute someting like this [nslookup [domain name variable ] && [other command ]

3、OWASP top 10

Injection-----> when a attacker can inject and execute a custom command in the backend because of missing sanitization,besides it ,command Injection are more like LDAP、XPath、NoSQLo  XML Parsers、STMTP Header

Broken Authentication  ------> a hacker finds the user's idntity, credentials bouth name and password or web session

Sesitive Data 、   XML External Entities  \ Broken Access Control \ Security Misconfig \Cross-site Scripting \ Insecure Deserialization \ Using Components with know vulnerability\ Insufficient logging

4、邮件信息收集

theharverster -d [目标网络域名地址] -l [邮件地址数量] -b [使用的搜索的公共知识库]  eg : theharvester  -d yalong.cn -l 20 -b baidu

5、 use Whois search DNS and ip register name and phone number and email

step one we can use the  Whois.net  the url: http:www.whois.net   or another website is NetCraft   the url :https://www.netcraft.com/

step two:  use the command  whois ,the screenshout as follow

another wegit tools is host it can translate ip to hostname

nslookup id find DNS

6、Reconnaissance or information gathering

a pen tester gather information an attacker's perspective ,anything that is useful is necessary to be collected:

  • network Digrams、 application and their version、security defences such IDS IPS
  • IP address     baidu & Social or perfessional networking websites
  • Domain names \sites\ Monster.com 、 IP  Registries 、DNS registrars  \
  • Device name the company websites

7、nslookup is a windows tool to find the ip address associated with the given domain name

8、Scanning  to finding  live  address

ICMP scanning  use command  Nmap -sP [ip range]   、 SYN scanning  Commands Nmap -sS -P0 [ip range]    、all port scanning  commamds Nmap -sS  -p1=65535 -P0 -max-rtt-timeout<time> [iprange]

Specific Prot scanning  we know the ususlly port  80` 443  wecan use command Nmap -sS -p80,443 -P0 [ip range]

9、OS ans service FingerPrintering

OS detecting is to be done find out the system ,by which know vulnerabilities can be exploited .we can use the commands Namp -O [ip range ]  or use Namp -sS -sV -O -P0[ip range]  of cose can use the comand to find all port Nmap -sS -sV -O -P0 -p1-65535 -max-rrt-timeout<time> [ip range]

10、Vulnerability  Scanning

Nmap has the vulnerability scan switch ,we can run the nmap vulnerability scan the command ;   nmap -sS --sV -P0 -p1 -65535 -A --max-rate 500 --reason iL<inputfile.txt><outputfile.txt>

another way we can use nessus nskipfish ,BurpSuite

11、make a conclusion

The reported Vulnerability have to to be tested manually and  confirmed since the vulnerability repprted by the scanners my be false positives at times.

An overview of network penetration testing的更多相关文章

  1. Ethical Hacking - NETWORK PENETRATION TESTING(15)

    ARP Poisoning - arpspoof Arpspoof is a tool part of a suit called dsniff, which contains a number of ...

  2. Ethical Hacking - NETWORK PENETRATION TESTING(22)

    MITM - Wireshark WIreshark is a network protocol analyser that is designed to help network administa ...

  3. Ethical Hacking - NETWORK PENETRATION TESTING(14)

    MITM - ARP Poisoning Theory Man In The Middle Attacks - ARP Poisoning This is one of the most danger ...

  4. Ethical Hacking - NETWORK PENETRATION TESTING(13)

    Nmap Nmap is a network discovery tool that can be used to gather detailed information about any clie ...

  5. Ethical Hacking - NETWORK PENETRATION TESTING(12)

    Post Connection Attacks Sophisticated attacks that can be used after connecting to the target AP. Ga ...

  6. Ethical Hacking - NETWORK PENETRATION TESTING(11)

    Securing your Network From the Above Attacks. Now that we know how to test the security of all known ...

  7. Ethical Hacking - NETWORK PENETRATION TESTING(10)

    WPA Craking WPA was designed to address the issues in WEP and provide better encryption. The main is ...

  8. Ethical Hacking - NETWORK PENETRATION TESTING(8)

    WEP Cracking Basic case Run airdump-ng to log all traffic from the target network. airodump-ng --cha ...

  9. Ethical Hacking - NETWORK PENETRATION TESTING(7)

    Gaining Access to encrypted networks Three main encryption types: 1. WEP 2.WPA 3.WPA2 WEP Cracking W ...

随机推荐

  1. 软件工程(GZSD2015) 第二次作业小结

    第二次作业,从4月7号开始,陆续开始提交作业.根据同学们提交的作业报告,相比第一次作业,已经有了巨大改变,大家开始有了完整的实践,对那些抽象的名词也开始有了直观的感受,这很好.然后有一些普遍存在的问题 ...

  2. php如何解决中文乱码问题?

    为什么会出现中文乱码? 很多新手朋友学习PHP的时候,发现程序中的中文在输出的时候会出现乱码的问题,那么为什么会出现这种乱码的情况呢?一般来说,乱码的出现有2种原因,一种是由于编码(charset) ...

  3. Scanner和BufferReader的效率问题

    先给出一道题,测试平台是Acwing, 这道题是腾讯2019年春招提前批笔试第二题.题目不难,但是如果不注意细节,很容易TLE(超时) https://www.acwing.com/problem/c ...

  4. js 图片瀑布流效果实现

    /** * Created by wwtliu on 14/9/5. */$(document).ready(function(){ $(window).on("load",fun ...

  5. Civil 3D .NET二次开发第11章代码升级至2018版注意事项

    原来涉及2017的,均需要改为2018 原来的21改为22 代码中AeccXUiLand.AeccApplication.11.0"改为AeccXUiLand.AeccApplication ...

  6. Android查看联系人简单记录

    简单实现打印联系人信息,可以作为插入联系人的基础和主要代码块,作为个人记录的小逻辑 package com.lgqrlchinese.contactstest; import android.Mani ...

  7. 【CF1151F】Sonya and Informatics(动态规划,矩阵快速幂)

    [CF1151F]Sonya and Informatics(动态规划,矩阵快速幂) 题面 CF 题解 考虑一个暴力\(dp\).假设有\(m\)个\(0\),\(n-m\)个\(1\).设\(f[i ...

  8. Super Mario HDU - 4417 (主席树)

    Mario is world-famous plumber. His “burly” figure and amazing jumping ability reminded in our memory ...

  9. nginx安装访问

    依赖包安装: 安装gcc gcc-c++: yum -y install gcc gcc-c++ autoconf automake 安装pcre: yum -y install pcre pcre- ...

  10. Wannafly挑战赛23 T2游戏 SG函数

    哎,被卡科技了,想了三个小时,最后还是大佬给我说是\(SG\)函数. \(SG\)函数,用起来很简单,证明呢?(不可能的,这辈子都是不可能的) \(SG\)定理 游戏的\(SG\)函数就是各个子游戏的 ...