随笔分类 - 艺术
摘要:SQL INJECTIONWHAT IS SQL?Most websites use a database to store data.Most data stored in it(usernames, passwords ..etc.)Web application reads, updates and inserts data in the database.Interaction with ...
阅读全文
摘要:VULNS MITIGATION 1. File Upload Vulns - Only allow safe files to be updated. 2. Code Execution Vulns: Don't use dangerous functions. Filter use input
阅读全文
摘要:REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ANY server. Execute PHP files from other servers o
阅读全文
摘要:LOCAL FILE INCLUSION Allows an attacker to read ANY file on the same server. Access files outside www directory. Try to read /etc/passwd file. 1. We k
阅读全文
摘要:CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be used to get a reverse shell. Or upload any file usin
阅读全文
摘要:EXPLOITATION -File Upload VULNS Simple type of vulnerabilities. Allow users to upload executable files such as PHP. Upload a PHP shell or backdoor, ex
阅读全文
摘要:INFORMATION GATHERING IP address. Domain name Info. Technologies used. Other websites on the same server. DNS records. Unlisted files, sub-domains, di
阅读全文
摘要:How to hack a website? An application installed on a computer. ->web application pen-testing A computer uses an OS + Other applications -> server-side
阅读全文
摘要:PIVOTING Use the hacked device as a pivot. Try to gain access to other devices in the network. Tool: Metasploit - AUTOROUTE Module Target: Metasploita
阅读全文
摘要:Spying - Capturing Key Strikes & Taking Screen Shots Log all mouse/keyboard events > keyscan-start - show current working directory > keyscan-dump - l
阅读全文
摘要:MAINTAINING ACCESS - Methods 1. Using a veil-evasion Rev_http_service Rev_tcp_service Use it instead of a normal backdoor. Or upload and execute from
阅读全文
摘要:METERPRETER BASICS >help - shows help >background - backgrounds current session >sessions -I - lists all sessions >session -i - interact with a certai
阅读全文
摘要:CLIENT SIDE ATTACKS - Detecting Trojan manually or using a sandbox Analyzing trojans Check the properties of the file. The file type of a trojan is ap
阅读全文
摘要:CLIENT SIDE ATTACK - BeEF Framework Hooking targets using MITMF Tools: MITMF and BeEF Start BeEF and execute the following commands: python2 mitmf.py
阅读全文
摘要:CLIENT SIDE ATTACKS - BeEf Framework Browser Exploitation Framework allowing us to launch a number of attacks on a hooked target. Targets are hooked o
阅读全文
摘要:CLIENT SIDE ATTACKS - Trojan delivery method - using email spoofing Use gathered info to contract targets. (e.g. Maltego, Google ... etc.) Send an ema
阅读全文
摘要:CLIENT SIDE ATTACKS - Spoofing backdoor extension Change the extension of the trojan from exe to a suitable one. Make the trojan even more trustable.
阅读全文
摘要:Client-Side Attacks - Social Engineering Tool: The FAT RAT Just like Veil, it generates Undetectable Metasploit backdoors. Uses a different method to
阅读全文
摘要:WMI filtering Setting - Differentiating Installation Between Operations and Architecture. WMI SQL General script: 64-bit select * from Win32_Operating
阅读全文
摘要:CLIENT SIDE ATTACKS Backdooring ANY file Combine backdoor with any file - Generic solution. Users are more likely to run a pdf, image or audio file th
阅读全文
浙公网安备 33010602011771号