sans penetration testing

subdomain information for google.com --------------------------------- Searching google.com:80 ... HostName:www.google.com hostip:173.194.127.51 Searching altavista.com:80 ... Found 1 Possible subdomain (s) for host google.com, searched 0 pages containing 0 results All scans completed, exiting From the output information, you can see the search to a subdomain. The subdomain has a Www.google.com,IP address of 173.194.127.51. the command is searched from the googl

Bkjia.com exclusive Article] When we conduct a Security penetration test, the first thing we need to do is to collect as much information as possible for the target application. Therefore, information collection is an essential step for penetration testing. This task can be completed in different ways, By using search engines, scanners, simple HTTP requests, or s

Summary of password scanning and cracking in penetration testing0x00 preface a test always involves "password" and "encryption and decryption ". In the process of stepping on, attempts to use weak passwords are an essential process, from capturing chickens in xx to hashes in the Intranet, from personal PCs to network devices/industrial control facilities, password scanning will not be forgotten as long as password authentication is still performed in

, RES resource file, assets configuration file, Lib library file, We can search directly for Smali files and resource files to find links and so on.Use the app to find your website real IPIn addition to the app service side of the vulnerability, there is a more fun way to use, through the collection of sub-domain IP in the app to find the real IP of the target site, according to experience, most of the app's interface is not using services such as CDN.Embarrassing Encyclopedia Real IPSecond, Htt

. List all users of SQL ServerVi. Database account and passwordVii. listing tables in a databaseParameters:-D: Specify the database name--tables: List TablesResults:The results reflect a total of 34 tables.Viii. listing fields in a tableParameters:-D: Specify the database name-T: Specify a table to list fields--columns: Specify list fieldsResults:The results show that the UserB table contains 23 fields.Nine, the Storm field contentParameters:-C: Specify the field to be burst--dump: Export the re

1. Brief descriptionFor the purpose of learning, penetration testing is not necessary to be a real environment, we can build an internal network, the installation of virtual machines on their own host can complete the experimental requirements, but also more convenient.2. Installing virtual machines and related softwareIn order to add a host to our virtual network, we need to build several virtual machines,

attempt, of course, you can also brute force hack.16. Do not neglect XSS, do not neglect cookie,xss can steal cookies, but also a number of magical, learn to understand; Cookies can be forged, cookies can be injected, and cookies can be injected around the vast majority of firewalls.17. Usually do station more collect path Ah, source Ah, tools ah, enrich their "weapons" library; it is best to record their invasion steps, or after the reflection, I generally remember in txt, in addition to do ex

As more and more companies focus on data security when developing programs, they often encrypt database connections and encrypt some sensitive data in the database to prevent data from being easily stolen! Therefore, we often findSome encrypted connection strings are found during database connection. For those who have no adverse effects, it is possible thatWill be stopped here! However, we usually cannot meet this requirement, so we need to have some knowledge about reverse encryption and decry

the Kioptrix Web service, and we need to use instructions to get the returned information. Enter: And HEAD / HTTP 1.1 then press two times to enter to see the results of the output:　　 　　 Here the output of the content of the HTTP header, the above information indicates that the target machine ran apache/2.2.8, the system for the ubuntu;php version of Php/5.2.4-2.4.2 Using NCAT to get a flagThis process is similar to NC. Refer to the 4.1 content.4.3 using smbclient to get a flagTCP port 139 is a

further process the results.In addition, dig has some other valuable commands. List bind versions # dig +nocmd txt chaos VERSION.BIND @sn1.example.com +noall +answerThis command determines the BIND version information that is running on the server and is valuable for finding vulnerabilities. Reverse DNS LookupsResolves the IP address to a domain name, except Nslookup can also use the dig command to accomplish this task. # dig +nocmd +noall +answer -x 180.149.132.47

preceding content as waitalone. Reg, and double-click the import button to exit the trend-free antivirus software. 2. crack the password of the McAfee antivirus software The password for unlocking the McAfee antivirus software user interface is saved in the following registry path:HKEY_LOCAL_MACHINE \ SOFTWARE \ Mcafee \ protected topprotectionIn fact, the sub-key UIP is the password to be unlocked on the anti-virus software user interface. It is the MD5 ciphertext. You can directly decrypt