1.now we looke at this book . I decide  to make a brief review the book covers as follows (I straight-forward copy here):Chapter 1, Building a Vulnerable Web Application Lab, will help us to get andinstall the vulnerable application Mutillidae using…

1.how  to use dpkg cmmand first it can be used for list all software , dpkg -l  (由于kali linux 没有启动所以先拿 Ubuntu说一下,基本上一样) 查看之前已经安装的软件 dpkg -l | grep [application ] 安装一个下载的软件 格式后缀 .deb   使用命令 dpkg -i [path\filename.deb] 卸载一个已经安装的软件 dpkg -r [application…

Responsive Web Design is regarded as being the approach which suggests that web design and development should respond to the end-user’s behavior and environment based on their screen size, platform and orientation. Responsiveness consists of a mix of…

OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to use. It can also be used for manual testing. This is the welcome page. Options Page Scan Policy Setting Page. Attack this target URL http://10.0.0.24…

SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...etc. >sqlmap --help >sqlmap -u [target URL] Following are examples: sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&…

SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(usernames, passwords ..etc.) Web application reads, updates and inserts data in the database. Interaction with DB done using SQL. WHY ARE THEY SO DANGEROUS…

 CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories. Ex: target.com/directory plus.google.com/discover Target: Metasploitable2-Linux #!/usr/bin/env python import requests def request(url): try: return…

1.国外使用的一款在线工具,对web的信息收集很有帮助 地址http://archive.org  , WayBack Machine 主界面如下:对百度存档的历史信息进行查询. 2.IP地址归属信息注册信息查找   (ARIN) , 该组织一共有五个,USA ,Canada 还有 Caribbean 地区,首先查看百度结果截图如下: 从搜索的结果中可以看到,百度不在这个范围之内,该在加勒比地区注册的  lancope,,,起作用跟另一个在线的工具差不多  www.whois.com  类似的还…

REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ANY server. Execute PHP files from other servers on the current server. Store PHP files on other servers as .txt. Pre-Condition: Set allow_url_include…

INFORMATION GATHERING IP address. Domain name Info. Technologies used. Other websites on the same server. DNS records. Unlisted files, sub-domains, directories. 1. Whois Lookup - Find info about the owner of the target. () -> http://whois.domaintools…

How to hack a website? An application installed on a computer. ->web application pen-testing A computer uses an OS + Other applications -> server-side attacks. Managed by humans -> client-side attacks Target: metastable VM…

WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. PHP, Python ...etc. Web application is executed here and not on the client's machine. How to hack a website? An application installed on a computer. -…

CRAWING SPIDER Goal -> Recursively list all links starting from a base URL. 1. Read page HTML. 2. Extract all links. 3. Repeat for each new link that is not already on the list. #!/usr/bin/env python import re import requests from urllib.parse import…

CRAWLING SUMMARY Our crawler so far can guess: Subdomains. Directories. Files. Advantages: ->Discover "hidden" paths/paths admin does not want us to know. Disadvantages: -> Will does not discover everything. Solution: -> Analyse discove…

参考 http://download.csdn.net/detail/jason571/8146587 一.操作系统原理,JavaScript,http/https的运行原理,Ajax,SQL等技术基础 HTML语法和网页运行原理 JavaScript CLI(命令行界面)的操作(Windows.Linux) SQL语法 有关网络操作命令(Telnet,Ping,nslookup,Tracert) 不同程序的下载及安装 脚步语言(Python,ruby,Perl,golang)…

1.  Network Reconnaissance first we can use the command to gather the site information by whois eg : whois -i mnt-by YAHOO-MNT 2 .dig to gather the DNS informstion Dig is the essentially a DNS lookup Swiss Army Using the wiget such as      dnsmap   …

1.启动wsaf工具,设置载入插件(攻击模型的插件),可以设置默认的攻击模型,也可以添加自己的plug. 2.在侦查的时候渗透邮箱需要知道,云行邮箱服务的托管服务器是什么类型,在之前的博客中我已近两提到过如何使用fierce 工具 3.使用 DIRBuster搜索网站目录 但凡出了404以外的都表示可以进行 4.webslayer密码字典…

在测试工作中经常遇到测试同一控件功能的情景,这样几年下来也积累了各种测试功能控件的checklist,过年期间抽空整理分享出来.通过下面的清单,任何测试新手都可以快速写出媲美工作好几年的测试老鸟的测试用例出来. 使用测试清单进行测试的重要性: 1)维护应用程序的可复用测试用例的标准库将确保最常见的bug将被更迅速的发现.2)清单有助于快速完成应用程序的新版本测试用例的编写.3)重用测试用例有助于在编写重复测试用例上节约资源. 4)重要的测试用例将总是被覆盖,从而使它几乎不可能忘记 5)测试清单可…

XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page. The code is executed when the page loads. The code is executed on the client machine, not the server. Three main types: 1. Persistent/Stored XSS 2.…

SQL INJECTION Preventing SQLi Filters can be bypassed. Use a blacklist of commands? Still can be bypassed. Use whitelist? Same issue. -> Use parameterized statements, separate data from SQL code. <?php //$textbox1 = admin' union select # Select * fr…

SQL INJECTION Discovering SQLi in GET Inject by browser URL. Selecting Data From Database Change the number to a big one, then you can get a useful error message. And you can try different number to find the right column. Using “union select 1,2,3,4,…

VULNS MITIGATION 1. File Upload Vulns - Only allow safe files to be updated. 2. Code Execution Vulns: Don't use dangerous functions. Filter use input before execution. 3. File inclusion: Disable allow_url_fopen & allow_url_include. Use static file in…

LOCAL FILE INCLUSION Allows an attacker to read ANY file on the same server. Access files outside www directory. Try to read  /etc/passwd file. 1. We know the current file path from the following error. 2. Try to visit following URL: http://10.0.0.24…

CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be used to get a reverse shell. Or upload any file using wget command. Code execution commands attached in the resources. The following examples assums the…

EXPLOITATION -File Upload VULNS Simple type of vulnerabilities. Allow users to upload executable files such as PHP. Upload a PHP shell or backdoor, ex:weevly 1. Generate backdoor weevly generage [password] [file name] 2. Upload the generated file. 3.…

Guessing Login Information on Login Pages Our target website: http://10.0.0.45/dvwa/login.php #!/usr/bin/env python import requests target_url = "http://10.0.0.45/dvwa/login.php" data_dict = {"username": "dfdfddfd", "pas…

1.Summaize the book  Practical  Web Penetration Testing first  nmap tools is important for gather information of servers nmap -sn [ip]     ping scan Netdiscover -r [ip] nmap -sS -sC -sV --version-all -O --osscan-guess -T4 --reason --open -p- -Pn -v 1…

[前言]最近负责的一次迭代发布中,一个小需求涉及前端JS改动,在测试这个需求的过程中忽略了浏览器兼容性测试,导致了一个线上bug.恶补下web测试,<36Days of web testing>是之前看到有人推荐的,翻了翻,觉得挺不错的,决定利用业余时间把它翻译完,希望自己能坚持住,保证每周更新. Day1: Cross Browser - 跨浏览器兼容性测试 为什么要做有浏览器兼容性测试? 如今,市面上的浏览器种类越来越多(尤其是在平板和移动设备上),这就意味着你所测试的站点需要在这些你声称…

实际上,如果时间安排合理的话,大概需要六个月左右,有些基础好,自学能力强的朋友,甚至在四个月左右就开始找工作了.大三的时候,我萌生了放弃本专业的念头,断断续续学 Java Web 累计一年半左右,总算是学完了,找工作对你来说或许还有些距离,而我已经有了自己喜欢的工作,从一个自学狂人的角度,我只能给你比较实用但有限的建议: 如果 .Net 你是刚入门, 建议转学 JavaWeb 或 Android, 我对学习何种平台并无偏见,而是自学需要大量的参考资料, Java 的学习资料,无论是视频还是电子书…

响应式网页设计是根据设备的屏幕尺寸,平台和方向来开发的网页,是一种对最终用户的行为和环境作出反应的方法.响应式设计使用灵活的网格和布局,图像和智能使用 CSS 媒体查询的组合.当从它们在不同设备使用的时候,网站能够自动切换到容纳该特定分辨率,图像尺寸和脚本的能力. 在这篇文章中,我们想向大家介绍几个这样的工具,通过它来检测网站的响应式设计.尽情享受吧! 您可能感兴趣的相关文章 期待已久的2013年度最佳 jQuery 插件揭晓 小伙伴们都惊呆了!8个超炫的 Web 效果 10大流行的 Metro…