OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to use. It can also be used for manual testing. This is the welcome page. Options Page Scan Policy Setting Page. Attack this target URL http://10.0.0.24…

SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(usernames, passwords ..etc.) Web application reads, updates and inserts data in the database. Interaction with DB done using SQL. WHY ARE THEY SO DANGEROUS…

1.国外使用的一款在线工具,对web的信息收集很有帮助 地址http://archive.org  , WayBack Machine 主界面如下:对百度存档的历史信息进行查询. 2.IP地址归属信息注册信息查找   (ARIN) , 该组织一共有五个,USA ,Canada 还有 Caribbean 地区,首先查看百度结果截图如下: 从搜索的结果中可以看到,百度不在这个范围之内,该在加勒比地区注册的  lancope,,,起作用跟另一个在线的工具差不多  www.whois.com  类似的还…

SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...etc. >sqlmap --help >sqlmap -u [target URL] Following are examples: sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&…

REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ANY server. Execute PHP files from other servers on the current server. Store PHP files on other servers as .txt. Pre-Condition: Set allow_url_include…

How to hack a website? An application installed on a computer. ->web application pen-testing A computer uses an OS + Other applications -> server-side attacks. Managed by humans -> client-side attacks Target: metastable VM…

WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. PHP, Python ...etc. Web application is executed here and not on the client's machine. How to hack a website? An application installed on a computer. -…

 CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories. Ex: target.com/directory plus.google.com/discover Target: Metasploitable2-Linux #!/usr/bin/env python import requests def request(url): try: return…

参考 http://download.csdn.net/detail/jason571/8146587 一.操作系统原理,JavaScript,http/https的运行原理,Ajax,SQL等技术基础 HTML语法和网页运行原理 JavaScript CLI(命令行界面)的操作(Windows.Linux) SQL语法 有关网络操作命令(Telnet,Ping,nslookup,Tracert) 不同程序的下载及安装 脚步语言(Python,ruby,Perl,golang)…

1.启动wsaf工具,设置载入插件(攻击模型的插件),可以设置默认的攻击模型,也可以添加自己的plug. 2.在侦查的时候渗透邮箱需要知道,云行邮箱服务的托管服务器是什么类型,在之前的博客中我已近两提到过如何使用fierce 工具 3.使用 DIRBuster搜索网站目录 但凡出了404以外的都表示可以进行 4.webslayer密码字典…

XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page. The code is executed when the page loads. The code is executed on the client machine, not the server. Three main types: 1. Persistent/Stored XSS 2.…

SQL INJECTION Preventing SQLi Filters can be bypassed. Use a blacklist of commands? Still can be bypassed. Use whitelist? Same issue. -> Use parameterized statements, separate data from SQL code. <?php //$textbox1 = admin' union select # Select * fr…

SQL INJECTION Discovering SQLi in GET Inject by browser URL. Selecting Data From Database Change the number to a big one, then you can get a useful error message. And you can try different number to find the right column. Using “union select 1,2,3,4,…

VULNS MITIGATION 1. File Upload Vulns - Only allow safe files to be updated. 2. Code Execution Vulns: Don't use dangerous functions. Filter use input before execution. 3. File inclusion: Disable allow_url_fopen & allow_url_include. Use static file in…

LOCAL FILE INCLUSION Allows an attacker to read ANY file on the same server. Access files outside www directory. Try to read  /etc/passwd file. 1. We know the current file path from the following error. 2. Try to visit following URL: http://10.0.0.24…

CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be used to get a reverse shell. Or upload any file using wget command. Code execution commands attached in the resources. The following examples assums the…

EXPLOITATION -File Upload VULNS Simple type of vulnerabilities. Allow users to upload executable files such as PHP. Upload a PHP shell or backdoor, ex:weevly 1. Generate backdoor weevly generage [password] [file name] 2. Upload the generated file. 3.…

INFORMATION GATHERING IP address. Domain name Info. Technologies used. Other websites on the same server. DNS records. Unlisted files, sub-domains, directories. 1. Whois Lookup - Find info about the owner of the target. () -> http://whois.domaintools…

Guessing Login Information on Login Pages Our target website: http://10.0.0.45/dvwa/login.php #!/usr/bin/env python import requests target_url = "http://10.0.0.45/dvwa/login.php" data_dict = {"username": "dfdfddfd", "pas…

CRAWING SPIDER Goal -> Recursively list all links starting from a base URL. 1. Read page HTML. 2. Extract all links. 3. Repeat for each new link that is not already on the list. #!/usr/bin/env python import re import requests from urllib.parse import…

CRAWLING SUMMARY Our crawler so far can guess: Subdomains. Directories. Files. Advantages: ->Discover "hidden" paths/paths admin does not want us to know. Disadvantages: -> Will does not discover everything. Solution: -> Analyse discove…

Web Application Penetration Testing Local File Inclusion (LFI) Testing Techniques Jan 04, 2017, Version 1.0 Contents What is a Local File Inclusion (LFI) vulnerability? Example of Vulnerable Code Identifying LFI Vulnerabilities within Web Application…

相关学习资料 http://www.cnblogs.com/LittleHann/p/3823513.html http://www.cnblogs.com/LittleHann/p/3828927.html http://www.searchsecurity.com.cn/showcontent_56011.htm https://www.owasp.org/index.php/File:OWASP_Testing_Guide_Presentation.zip information syst…

http://www.ivizsecurity.com/blog/penetration-testing/live-cd-penetration-testing-pen/ Yesterday I was researching for some of the other lesser known live CDs for penetration testing.  While I’m an avid user and a fan of backtrack, someone mentioned t…

1.now we looke at this book . I decide  to make a brief review the book covers as follows (I straight-forward copy here):Chapter 1, Building a Vulnerable Web Application Lab, will help us to get andinstall the vulnerable application Mutillidae using…

Responsive Web Design is regarded as being the approach which suggests that web design and development should respond to the end-user’s behavior and environment based on their screen size, platform and orientation. Responsiveness consists of a mix of…

第一部分 渗透测试步骤 ---参考资料  Ethical Hacking: The Value of Controlled Penetration Tests  下载地址  链接:https://pan.baidu.com/s/1ELFGTEnVx5d15eWHSmHzrQ  提取码:wd8l 复制这段内容后打开百度网盘手机App,操作更方便哦 1.Snort软件可以安装的操作系统的 Unix /Linux and windows .WinSinff可以安装的额操作系统 Windows 2.扫描…

1.Metasploit整体框架: Shell中直接输入msfconsole启动PostgreSQL数据库服务 :service postgresql start 监听5432端口初始化Metasploit数据库 :msfdb init查看数据库联接情况 :msfconsole db_status建立数据库缓存 :msfconsole db_rebuild_cache 专业术语 – Exploit,攻击工具/代码– Payload,攻击载荷– Shellcode– Module,模块– List…

此文转载 XXE VALID USE CASE This is a nonmalicious example of how external entities are used: <?xml version="1.0" standalone="no" ?> <!DOCTYPE copyright [ <!ELEMENT copyright (#PCDATA)> <!ENTITY c SYSTEM "http://www.…

常用渗透性测试工具 原文:http://hi.baidu.com/limpid/item/14a2df166adfa8cb38cb3068 对一个应用项目进行渗透性测试一般要经过三个步骤.  第一步,用一些侦测工具进行踩点,获得目标的基本信息.       第二步通过漏洞扫描工具这类自动化测试工具获取目标的漏洞列表,从而缩小测试的范围.       第三步利用一些灵活的代理,请求伪造和重放工具,根据测试人员的经验和技术去验证或发现应用的漏洞. 在此过程中需要利用一些工具,这些工具包括: 1.Me…