Home > Developer > Web Develop

Web Security Learning Notes-collecting information manually

Source: Internet
Author: User
Tags website ip
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

1, attack target: http://duwei19921019.vicp.cc:8881/

Note Points for information collection:

Site is static/dynamic

Which scripting languages are developed

Types of Web servers

is CMS, if so, what is the name of the CMS?

Whether CDN is turned on

Website Real IP

Do you have a robots.txt file

Port/Server Open condition

2, Random point open a picture link, http://duwei19921019.vicp.cc:8881/affiche.php?ad_id=32&uri=

See a Dynamic Web site developed by PHP.

3, randomly enter a nonexistent address. Http://duwei19921019.vicp.cc:8881/go

Appeared 404, also feedback out the website used to the nginx

can also be passed, http://fuwuqixitongshibie.51240.com/

4, the site query, directly in the query box input http://duwei19921019.vicp.cc:8881/query now has expired

5, can be through http://whatweb.bugscaner.com/

Online CMS recognition can be identified, such as www.freebuf.com for WordPress.

Some of them are ecshop.

6. Detect the presence of robots.txt files Http://duwei19921019.vicp.cc:8881/robots.txt

Verify the existence of cdn:ping this domain name, see the address and domain name is not the original ping itself, such as our 51cto is enabled CDN

C:\users\li>ping www.51cto.com

Pinging web.dns.51cto.com [118.144.78.52] with 32 bytes of

Reply from 118.144.78.52: Byte =32 time =21ms ttl=51

Reply from 118.144.78.52: Byte =32 time =22ms ttl=51

Reply from 118.144.78.52: Byte =32 time =23ms ttl=51

7. Online Port scan: http://tool.chinaz.com/port/default.aspx

or locally with Nmap scan

Example: Nmap-n-pn www.51cto.com

Starting Nmap 6.46 (http://nmap.org) at 2015-09-21 23:47 China Standard Time

Nmap Scan Report for www.51cto.com (118.144.78.54)

Host is up (0.039s latency).

Other addresses-www.51cto.com (not scanned): 118.144.78.52

Not shown:986 closed ports

PORT State SERVICE

80/TCP Open http

111/TCP Open Rpcbind

135/tcp Filtered Msrpc

139/tcp Filtered NETBIOS-SSN

256/tcp Filtered Fw1-secureremote

445/tcp Filtered Microsoft-ds

593/tcp Filtered Http-rpc-epmap

1025/tcp Filtered Nfs-or-iis

3268/tcp Filtered Globalcatldap

3269/tcp Filtered Globalcatldapssl

3283/tcp Filtered Netassistant

3333/TCP Open Dec-notes

4444/tcp Filtered krb524

6129/tcp Filtered Unknown

Nmap done:1 IP Address (1 host up) scanned in 2.88 seconds


Do not easily use large tools to go directly to the power scan or some scan frequently scanning tool, it is likely to be directly to the website IP

Either the agent or the online scan.


After the information is collected, the classification is stored.

There is no useless information, only a momentary useless information.

More simulated attacks can better derive a more realistic defensive approach.

This article is from the "love to Learn bear children" blog, please be sure to keep this source http://molilinzi.blog.51cto.com/8282931/1696935

Web Security Learning Notes-collecting information manually

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
information system security notes web information acxiom information security services information security cover letter information security threats list information security books context information security

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More