10 2020 档案

Penetration Test - Select Your Attacks(15)
摘要:Privilege Escalation(Windows) WINDOWS-SPECIFIC PRIVILEGE ESCALATION Cpassword - Group Policy Preference attribute that contains passwords SYSVOL folde 阅读全文
posted @ 2020-10-31 20:19 晨风_Eric 阅读(48) 评论(0) 推荐(0)
Penetration Test - Select Your Attacks(14)
摘要:Privilege Escalation(Linux) Linux user ID is 'root'. LINUX-SPECIFIC PRIVILEGE ESCALATION SUID/SGID programs Permission to execute a program as executa 阅读全文
posted @ 2020-10-31 17:28 晨风_Eric 阅读(62) 评论(0) 推荐(0)
Penetration Test - Select Your Attacks(13)
摘要:Local Host Vulnerabilities CVE(Common Vulnerabilities and Exposures) Database https://www.cvedetails.com/vendor.php Windows 10 Apple Linux Kernel Andr 阅读全文
posted @ 2020-10-29 20:30 晨风_Eric 阅读(51) 评论(0) 推荐(0)
Penetration Test - Select Your Attacks(12)
摘要:Code Vulnerabilities UNSECURE CODE PRACTICES Comments in source code Good for developers and technical personnel Bad for keeping secrets Lack of error 阅读全文
posted @ 2020-10-28 20:49 晨风_Eric 阅读(52) 评论(0) 推荐(0)
Penetration Test - Select Your Attacks(11)
摘要:Cross-Site Scripting Demo Given a scenario, exploit application-based vulnerabilities. Test Environment: DVWA Case 1 - Security Level: Low View the so 阅读全文
posted @ 2020-10-27 22:21 晨风_Eric 阅读(59) 评论(0) 推荐(0)
Penetration Test - Select Your Attacks(10)
摘要:Application Exploits, Part III CROSS-SITE SCRIPTING(XSS) Injection attack in which an attacker sends malicious code(client-side script) to a web appli 阅读全文
posted @ 2020-10-08 20:47 晨风_Eric 阅读(122) 评论(0) 推荐(0)
Penetration Test - Select Your Attacks(9)
摘要:Application Exploits, Part II AUTHENTICATION EXPLOITS Credential brute forcing Offline cracking(Hydra) Session hijacking Intercepting and using a sess 阅读全文
posted @ 2020-10-02 09:58 晨风_Eric 阅读(100) 评论(0) 推荐(0)