nessus penetration testing

Summary of password scanning and cracking in penetration testing0x00 preface a test always involves "password" and "encryption and decryption ". In the process of stepping on, attempts to use weak passwords are an essential process, from capturing chickens in xx to hashes in the Intranet, from personal PCs to network devices/industrial control facilities, password scanning will not be forgotten as long as password authentication is still performed in

, RES resource file, assets configuration file, Lib library file, We can search directly for Smali files and resource files to find links and so on.Use the app to find your website real IPIn addition to the app service side of the vulnerability, there is a more fun way to use, through the collection of sub-domain IP in the app to find the real IP of the target site, according to experience, most of the app's interface is not using services such as CDN.Embarrassing Encyclopedia Real IPSecond, Htt

attempt, of course, you can also brute force hack.16. Do not neglect XSS, do not neglect cookie,xss can steal cookies, but also a number of magical, learn to understand; Cookies can be forged, cookies can be injected, and cookies can be injected around the vast majority of firewalls.17. Usually do station more collect path Ah, source Ah, tools ah, enrich their "weapons" library; it is best to record their invasion steps, or after the reflection, I generally remember in txt, in addition to do ex

As more and more companies focus on data security when developing programs, they often encrypt database connections and encrypt some sensitive data in the database to prevent data from being easily stolen! Therefore, we often findSome encrypted connection strings are found during database connection. For those who have no adverse effects, it is possible thatWill be stopped here! However, we usually cannot meet this requirement, so we need to have some knowledge about reverse encryption and decry

the Kioptrix Web service, and we need to use instructions to get the returned information. Enter: And HEAD / HTTP 1.1 then press two times to enter to see the results of the output:　　 　　 Here the output of the content of the HTTP header, the above information indicates that the target machine ran apache/2.2.8, the system for the ubuntu;php version of Php/5.2.4-2.4.2 Using NCAT to get a flagThis process is similar to NC. Refer to the 4.1 content.4.3 using smbclient to get a flagTCP port 139 is a

further process the results.In addition, dig has some other valuable commands. List bind versions # dig +nocmd txt chaos VERSION.BIND @sn1.example.com +noall +answerThis command determines the BIND version information that is running on the server and is valuable for finding vulnerabilities. Reverse DNS LookupsResolves the IP address to a domain name, except Nslookup can also use the dig command to accomplish this task. # dig +nocmd +noall +answer -x 180.149.132.47

preceding content as waitalone. Reg, and double-click the import button to exit the trend-free antivirus software. 2. crack the password of the McAfee antivirus software The password for unlocking the McAfee antivirus software user interface is saved in the following registry path:HKEY_LOCAL_MACHINE \ SOFTWARE \ Mcafee \ protected topprotectionIn fact, the sub-key UIP is the password to be unlocked on the anti-virus software user interface. It is the MD5 ciphertext. You can directly decrypt

written by the other side, you can also use the above tools to identify whether the other side of the thinkphp and other frameworks. The enemy, Baizhanbudai.FB Netizen H4DE5 SupplementWell, let me add some of the tools I've used myself to:1, http://www.gpsspg.com/2, http://websth.com/3, http://www.showjigenzong.com/4, http://hd2001562.ourhost.cn/5, http://www.cz88.net/6, http://so.baiduyun.me/7, http://nmap.online-domain-tools.com/8, http://az0ne.lofter.com/post/31a51a_131960c This blog also ha

program has previously exposed the vulnerability. If it is written by the other side, you can also use the above tools to identify whether the other side of the thinkphp and other frameworks. The enemy, Baizhanbudai.?FB Netizen H4DE5 SupplementWell, let me add some of the tools I've used myself to:1,http://www.gpsspg.com/2,http://websth.com/3,http://www.showjigenzong.com/4,http://hd2001562.ourhost.cn/5,http://www.cz88.net/6,http://so.baiduyun.me/7,http://nmap.online-domain-tools.com/8,http://az

name.Please search the Apache server in the United States: App:apache Country:usPlease search the UK Sendmail server: App:sendmail country:ukFor a complete country code, see: Country code-Wikipedia IP AddressIP: Searches for a specified IP address.Google's public DNS server: ip:8.8.8.8 CIDRThe CIDR segment of the IP. Example: CIDR:8.8.8.8/244.web App Search Component NameApp: the component name.Ver: Component version.Apache httpd, version 2.2.16:app: "Apache httpd" ver: "2.2.16"Operating system

error, regardless of it, not a moment to slow down a bitA bunch of error messages, wait a while, the results come outNext look at the admin table what, 5 threads too fast, this time 3, continue to explodeThere are no known security devices or server performance issues, and 3 threads still have a connection reset.Burst 4 Columns with the following:Now, let's see what's in these columns.After a long wait, the data burst.You can see that the password is encrypted, 32-bit, should be MD5 encryption,

and recompile. and use Hex.hta to get 16 binary.1Mysql> Show variables like'%plugin%';2+---------------+-------------------------+3| variable_name | Value |4+---------------+-------------------------+5| Plugin_dir | /usr/lib64/mysql/plugin |6+---------------+-------------------------+7 1RowinchSet (0.00sec)8 9Mysql>Select*From func; #检查是否已经有人导出过了TenMysql>SelectUnhex ('Hexcode') into DumpFile'/usr/lib64/mysql/plugin/mysqludf.so'; OneQuery OK,1Row affected (0.01SEC) #需要有/usr/lib64/mysql/plugin/Wr