Penetration testing process of "safety science" web security

　　

　　Familiar with the infiltration process, the attack will be as simple as building blocks!

　　First Step: Information collection

Collecting site information is very important to penetration testing, and the information you collect is often an unexpected surprise in your infiltration.

1. Website structure

You can use the Scan tool to scan the directory, mainly sweep out the site administrator portal, some sensitive files (. mdb,.excel,.word)

Determine the language in which the system is written (php,jsp,asp), depending on the language, subsequent tests can use different techniques

It is also a kind of technique to judge whether there is a subsystem and the infiltration subsystem.

2. Directory of crawling Sites

Use crawling tools to crawl directories and scan with directory Scan Tool again

Crawling tools here use crawlers to grab the links that exist in the web, so the results are not very reliable

Reptiles do not crawl robots.txt, we can manually view the file (for example, Niang: baidu.com/robots.txt) may be found in the backstage entrance.

3. Collection of site whois information

Use Baidu, Google (link not on the students themselves to solve OH ~) to inquire about the site information

or a dedicated Whios query site, recommend Toolbar.netcraft.com/site_report, or record-searching site

This is to use multi-mode query, multi-collection Web container, Os,email ... This information is useful to social workers.

4. Collecting Web Container information

Iis,apache,tomcat,nginx on the web to find out if there is a corresponding version of the exploit code.

5. Collect all sub-domains

such as Baidu.com sub-domain has youxi.baidu.com,pan.baidu.com,tieba.baid.com

Of course, www.baidu.com is also a subdomain of Baidu, the sub-domain name again for information detection.

6. Collection of site-side station information

Many websites are hosted on a cloud host, and multiple sites can be run on one server

When the target site is impregnable, the side station may be vulnerable, we can also achieve the purpose

Search for websites with IP: s.tool.chinaz.com

7. Collect host Open ports

Using the scan King Nmap to scan all ports, service and security are always proportional to the service more threats

　　Step Two: Vulnerability scanning

Main scan SQL injection, XSS, file contains, command execution and other high-risk vulnerabilities. Beginners can use the automated Scanning Tool to scan,

Note: The results of the tool scan are not perfect, and some bugs cannot be swept out.

1. Automated Scanning Tools

burpsuit--Integrated agent, crawling directory, leak sweep, form crack, encoding and decoding, absolute artifact!

awvs--can and burp exchange, the effect will be better!

APPSCAN--IBM produced, used to be a fire scanning tool!

2. Manual Testing

Need Patience!

Scanners do not sweep out logical vulnerabilities, some storage-type XSS, and SQL injection vulnerabilities, all of which require manual testing.

　　Step three: Vulnerability verification

Borrow Grandpa Mao's sentence "practice is the only standard to test the truth", not to mention the results of the scan may not be correct

This part of the content is the focus, is not an article two can be said to finish

Common high-risk vulnerability types:

"SQL injection"

"Store XSS"

"CSRF"

"Upload Vulnerability"

"Command Execution"

"File contains"

Write here today, I will be each of them in a separate opening introduction!

I am Anka9080, welcome small partners to my blog Hut, interested in a communication ~

In addition: I skin rough meat thick immune all kinds of spit groove, shoot bricks, lost rotten eggs @#

Penetration testing process of "safety science" web security