On several methods of searching the backstage of the website

Objective:

It is possible that you will encounter a problem in the penetration testing process: The target station exists SQL injection, but can not find the background, this is not very painful? So this is the purpose of writing this article: How to find the website backstage

1. Dictionary Scan

principle : Using a sensitive URL (commonly known as a dictionary of many URLs) to contract the site, using the return packet status code to distinguish, common such as 200 (existence), 403 (existence but no access), 404 (Not Present)

More status code please self Baidu or Google, here no longer detailed

representative Tool : Sword Dirbuster

The sword will not say, simple and easy to operate, fill out the target URL, and then 200,403 are checked on, almost

Dirbuster installation use please refer to https://www.cnblogs.com/anka9080/p/mlsm.html

2, Directory crawling

principle : Use the tool to crawl the site's links, pictures, and so on, and then list the directory. This is the chance to see more and more functions, the more information you get

Representative Tool : WVS

3.CMS Identification method

Perhaps the target site uses an open-source CMS program, this time, the use of fingerprint identification tools to identify the CMS, and then Baidu or Google, there are online. For the less well-known CMS, to its official website to download the source code, and then local build, view backstage

4. Backup files

In order to insure or careless, many stationmaster the website source code, the backup source code, the SQL execution file and so on forgot to clean up, so the first kind of field scan may sweep out

Common such as: Www.root.rar source code, RAR xx.sql

5 . Sub-domain name method

It is possible that you use a lot of the above methods can not find the site backstage, this time changed the idea, is the dictionary is not strong enough, need to prepare a strong dictionary, or because the thread is too large to be the IP, need to adjust the thread, or the site is not in the domain?

such as Target url:www.aaa.com and site backstage in admin.aaa.com this URL? Of course not just admin this subdomain, I just give an example

Representative Tool : Layer

online tool : http://tool.chinaz.com/subdomain/

How to use : Layer and some online tools directly fill in a domain name on the line ·

Summary :

This is only I can think of some methods, penetration testing is the use of ideas, as long as can achieve the goal, not all is a good way? Comments or other methods of welcome to point out, mutual encouragement!

On several methods of searching the backstage of the website