摘要:
REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ANY server. Execute PHP files from other servers o 阅读全文
posted @ 2020-02-07 22:08
晨风_Eric
阅读(145)
评论(0)
推荐(0)
摘要:
LOCAL FILE INCLUSION Allows an attacker to read ANY file on the same server. Access files outside www directory. Try to read /etc/passwd file. 1. We k 阅读全文
posted @ 2020-02-07 21:33
晨风_Eric
阅读(150)
评论(0)
推荐(0)
摘要:
CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be used to get a reverse shell. Or upload any file usin 阅读全文
posted @ 2020-02-07 20:57
晨风_Eric
阅读(105)
评论(0)
推荐(0)
摘要:
EXPLOITATION -File Upload VULNS Simple type of vulnerabilities. Allow users to upload executable files such as PHP. Upload a PHP shell or backdoor, ex 阅读全文
posted @ 2020-02-07 20:28
晨风_Eric
阅读(93)
评论(0)
推荐(0)
摘要:
INFORMATION GATHERING IP address. Domain name Info. Technologies used. Other websites on the same server. DNS records. Unlisted files, sub-domains, di 阅读全文
posted @ 2020-02-07 16:57
晨风_Eric
阅读(180)
评论(0)
推荐(0)
摘要:
How to hack a website? An application installed on a computer. ->web application pen-testing A computer uses an OS + Other applications -> server-side 阅读全文
posted @ 2020-02-07 14:45
晨风_Eric
阅读(132)
评论(0)
推荐(0)
摘要:
PIVOTING Use the hacked device as a pivot. Try to gain access to other devices in the network. Tool: Metasploit - AUTOROUTE Module Target: Metasploita 阅读全文
posted @ 2020-02-07 14:29
晨风_Eric
阅读(163)
评论(0)
推荐(0)
浙公网安备 33010602011771号