上一页 1 ··· 32 33 34 35 36 37 38 39 40 ··· 57 下一页
2020年2月8日
Ethical Hacking - Web Penetration Testing(7)
摘要: VULNS MITIGATION 1. File Upload Vulns - Only allow safe files to be updated. 2. Code Execution Vulns: Don't use dangerous functions. Filter use input 阅读全文
posted @ 2020-02-08 12:37 晨风_Eric 阅读(107) 评论(0) 推荐(0)
2020年2月7日
Ethical Hacking - Web Penetration Testing(6)
摘要: REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ANY server. Execute PHP files from other servers o 阅读全文
posted @ 2020-02-07 22:08 晨风_Eric 阅读(145) 评论(0) 推荐(0)
Ethical Hacking - Web Penetration Testing(5)
摘要: LOCAL FILE INCLUSION Allows an attacker to read ANY file on the same server. Access files outside www directory. Try to read /etc/passwd file. 1. We k 阅读全文
posted @ 2020-02-07 21:33 晨风_Eric 阅读(150) 评论(0) 推荐(0)
Ethical Hacking - Web Penetration Testing(4)
摘要: CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be used to get a reverse shell. Or upload any file usin 阅读全文
posted @ 2020-02-07 20:57 晨风_Eric 阅读(105) 评论(0) 推荐(0)
Ethical Hacking - Web Penetration Testing(3)
摘要: EXPLOITATION -File Upload VULNS Simple type of vulnerabilities. Allow users to upload executable files such as PHP. Upload a PHP shell or backdoor, ex 阅读全文
posted @ 2020-02-07 20:28 晨风_Eric 阅读(93) 评论(0) 推荐(0)
Ethical Hacking - Web Penetration Testing(2)
摘要: INFORMATION GATHERING IP address. Domain name Info. Technologies used. Other websites on the same server. DNS records. Unlisted files, sub-domains, di 阅读全文
posted @ 2020-02-07 16:57 晨风_Eric 阅读(180) 评论(0) 推荐(0)
Ethical Hacking - Web Penetration Testing(1)
摘要: How to hack a website? An application installed on a computer. ->web application pen-testing A computer uses an OS + Other applications -> server-side 阅读全文
posted @ 2020-02-07 14:45 晨风_Eric 阅读(132) 评论(0) 推荐(0)
Ethical Hacking - POST EXPLOITATION(4)
摘要: PIVOTING Use the hacked device as a pivot. Try to gain access to other devices in the network. Tool: Metasploit - AUTOROUTE Module Target: Metasploita 阅读全文
posted @ 2020-02-07 14:29 晨风_Eric 阅读(163) 评论(0) 推荐(0)
2020年2月6日
Ethical Hacking - POST EXPLOITATION(3)
摘要: Spying - Capturing Key Strikes & Taking Screen Shots Log all mouse/keyboard events > keyscan-start - show current working directory > keyscan-dump - l 阅读全文
posted @ 2020-02-06 20:04 晨风_Eric 阅读(87) 评论(0) 推荐(0)
Ethical Hacking - POST EXPLOITATION(2)
摘要: MAINTAINING ACCESS - Methods 1. Using a veil-evasion Rev_http_service Rev_tcp_service Use it instead of a normal backdoor. Or upload and execute from 阅读全文
posted @ 2020-02-06 19:50 晨风_Eric 阅读(127) 评论(0) 推荐(0)
上一页 1 ··· 32 33 34 35 36 37 38 39 40 ··· 57 下一页