Red and Black League video notes

Red and Black League study notes

1

Introductory Lesson:

Penetration testing: It is found that the risk point is fully found, to find all the loopholes, must be completely swept, to discover

Hacker testing: Just need to find some of the loopholes can get permission to

Attack Mode:

Web penetration is typically based on 80 port

SQL injection:

Upload vulnerability:

XSS: (The victim is a user, not a server) does not directly affect the server

Code execution vulnerability: Code execution vulnerability is relatively small

Contains vulnerability: (Contains script features) contains vulnerability to detect antivirus software

Combination vulnerability:

Learning Route:

Learning SQL injection must learn the database, regardless of the script, platform-Independent

SQL injection is not related to scripting, platform-Independent

Mysql

Sqlsever ASP with Sqlsever as the benchmark

ORACLE PHP

Access is typically used by small sites

If you want to go deep, learn the single-line function in injection must learn a single-line function in each database

Upload related languages asp php. Net

Parsing Vulnerability (upload to Mate Parsing vulnerability)

XSS must learn JS with the syntax is JS is the best to learn a

Html

Strongly typed Java

Weakly typed PHP

Contains PHP

Jsp

Asp

Combinatorial vulnerability cross-Library query Logic Vulnerability

Social workers are very exciting.

Section C

Overflow (requires C, the basis of compilation)

Service

Things to do:

1. Building a Web environment
2. Information detection
3. Vulnerability scanning NMAP contains many levels of vulnerability
4. Authentication Vulnerability Scan
5. Write a report

Environment Construction:

Common Popular Websites

Website structure:

1. ASP + Access (the most common configuration environment) may also be ASP + Sqlseverà dependent on IIS, which can be compiled directly
2. php + Mysqlàphpnow+lamp+wamp
3. Java + Oracle | | java + mysql | | java + sqlsever (Java ignores suffix)
4. ASP + sqlsever (very classic)--àiis

Add:

Lamp =linux + Apach +mysql+php

Wamp=windows+apach +mysql+php

JBOSS TOMCAT Web Container

Local Environment construction

1. ASP. NET Environment
2. PHP Environment
3. JSP Environment JBoss TOMCAT

2.1 Website Software Introduction

2.1.1B/S Architecture Introduction

b/S structure is a network structure model after the rise of web, Web browser is the most important application software for clients. This mode unifies the client, and the core part of the system function is centralized to the server, which simplifies the development, maintenance and use of the system. On the client computer, just install a browser, server installation database, browser via web Sever

Data interaction with the database.

b/S The biggest advantage is that you can operate in any place without installing any special software, as long as there is a computer can be in the Internet can be used, the client only need to install a browser, page display, the rest of the task to the server processing.

2.1.2 Static Website Introduction

Static Web site refers to all the HTML code format pages composed of Web sites, all content contained in the Web page file, the Web page can also appear a variety of visual dynamic effects, such as GIF animation, Flash animation, scrolling subtitles and so on.

Each static page has a fixed address, the filenames are in HTM, HTML, shtml and so on as the suffix;

When a static web page is posted to the server, it is a standalone file, regardless of whether it is accessed or not;

The content of static Web pages is relatively stable, does not contain special code, so it is easy to be searched by search engine; HTML is more suitable for SEO search engine optimization;

Static website is the biggest feature is no database support, in the site production and maintenance of large workload;

Because there is no need to work through the database, so the static Web page access speed is relatively fast;

2.1.3 Dynamic Website Introduction

Dynamic site and static site The biggest difference is that static Web site is unable to access the database, and Dynamic Web site can be accessed by the database, is people can interact, but static pages can only be viewed, can not do other operations, such as: User registration, information publishing, product display.

2.2web Server Introduction

Web server is also known as www (World wideweb) server, the main function is to provide online information browsing service.

Simply put, the Web server is the corresponding server requesting the URL, the server is a passive program, only when the browser makes a request, the server will respond, or the server will not actively communicate with the client.

The Web server communicates primarily with the client using the HTTP protocol.

2.3IIS Environment Construction

2.3.1 ISS Introduction

Internet Information Services (IIS, Internet Information Services) is a basic Internet service based on running MicrosoftWindows provided by Microsoft Corporation.

IIS belongs to the Web container, and he can explain the execution of asp,php,asp. NET and other languages, with some extended capabilities.

IIS is a Web (Web page) service component that includes Web servers, FTP servers, NNTP servers, and SMTP servers for Web browsing, file transfer, news services, and mail delivery, which makes it easy to publish information on the network, including the Internet and local area networks.

2.3.2 Installing IIS

This time the operating system is Windows 2003 Enterprise Edition, some systems are lite, the system will not bring the IIS software package, we need to manually download the installation package, the installation package has been included in the relevant disk.

1. First, go to the Control Panel, select Add/Remove Programs, add/Remove Windows components, remove the small tick before Internet information service (if any), and then follow the prompts again to complete the addition of the IIS components, including the Web, FTP , NNTP, and SMTP, all four services.
2. This file is missing from the system, so add this software locally (Windowsserver2003sp2enterpriseedition.iso) to the C drive, such as

   Now Tomcat is ready to be configured.

Red and Black League video notes