Web site infiltration Thinking of the whole aspects of the summary (detailed article)

For the new handwriting a little infiltration of small ideas, tips, mainly speaking of ideas, all not too detailed.

Often stroll some good blog or portal station, stick down, every day to learn a little ideas, you will accumulate a lot of things, remember: technology needs time to precipitate.

(a) for the website program, regardless of the server.

First, look for injection, note the database user rights and station library is the same service.

Second, find XSS, the recent blind hit very popular, regardless of our purpose is to enter the background.

Third, find and upload, some can upload pages, such as the application of friends, members Avatar, and some sensitive pages, and so on, pay attention to check whether the verification method can be bypassed, pay attention to the analysis of the characteristics of the server, such as the typical IIS6.0, Apache and so on.

Four, find the editor, compare typical ewebeditor, FCKeditor and so on.

Five, find phpMyAdmin and other management programs, you can try weak password, or find its vulnerability.

Six, Baidu, Google search procedures to open loopholes.

Seven, guess the file, such as know a file for admin_login.php, we can try admin_add.php, admin_upload.php file exists, also can Google search site:exehack.net inurl:edit and so on, There are many times when you can find sensitive files, and then see if you want to verify permissions or bypass validation.

VIII. member registration, modification, deletion, comment and so on all need to operate the database place remember to add single quotation marks and so on to see if there are insert, update and other types of injection.

Nine, members or low-privilege management after landing can capture packet analysis, try to modify the Super Administrator password, privilege elevation.

Ten, usually has the download function station We may attempt to modify under the URL file name, to see whether can download the site sensitive file, such as the database configuration file and so on, the database may not be able to connect the database password to log in the backstage, may also download uploads, the login verification and so on the code audit.

Xi. backup files and back door, some master sub-directories exist sub-stations, such as Www.exehack.net/software, we can try to www.exehack.net/software.zip/zip such as compressed files exist, may be the source of the sub-station. There are some stations like this www.exehack.net/old/, is usually the old station, often the old station will be more easy to take.

There is a database backup, the back door of the predecessor, and so on, the specific contents of these directories will look at your dictionary.

12, 0day loopholes, whether others give you, or dig their own, in short, so that the line.

13 、。。。

(ii) for server

First, usually sweep the server open port, and then consider the countermeasures.

Second, more common parsing vulnerabilities, such as IIS6.0, Apache, nginx/iis7.0 (PHP-FPM) parsing vulnerabilities, there is a CER, ASA, such as parsing,. htaccess file parsing configuration.

Third, weak password and Everyone permissions, first scan server open ports, such as 21 corresponding FTP, 1433 corresponding MSSQL, 3306 corresponding to the MySQL, 3389 corresponding to the Remote Desktop, 1521 corresponding to the Oracle and so on, usually can collect the dictionary more, Sometimes the effect is also good (usually in the Cain sniff, often can smell others constantly sweep ...) It's a sore egg.)

Four, overflow, this depends on the system patches and server use of software, such as FTP, such as tools, here unknown solution.

Five, for some server management programs, such as Tomcat, JBoss and so on, this is more common in large and medium-sized site servers.

Six, IIS, Apache and other loopholes, this should be more concerned about at ordinary times.

Vii. directory browsing, server configuration is inappropriate, you can browse the directory directly.

Eight, share ...
Nine...

(c) For people, social workers

Social workers in the infiltration can often play an astonishing effect, mainly the use of human weaknesses, broad and profound, here is not discussed in detail, pay attention to some social workers at ordinary times articles, learning some ideas, skills.

(iv) Roundabout tactics, marginal notes and C-sections

One, side note, for the side of the station, we can apply to the above mentioned method, there is not much to say.

Second, c paragraph, basically think of c paragraph will think of Cain, for the C segment of the site and server, combined with the above said to target stations, servers, people, side station ideas, a truth, of course, if your purpose is only black station, you may try Netfuke and so on.

Three...
(v) Common means of right of reference

First, the use of system overflow to extract the right exp, which is the most commonly used in the right, the use of most of the same method, such as the more common Brazilian barbecue, PR, etc., overflow right is usually used on Linux more, pay more attention to collect exp.

Second, the third party software to power, mainly using the server installed on the third-party software has higher permissions, or software overflow vulnerability, such as the typical MSSQL, MySQL, Serv-u, and so on, there are a variety of remote control software, such as pcanywhere, radmin such.

Third, the hijacking right, to this, presumably will think of Lpk.dll this kind of tool, sometimes in the egg ache how all add not to account, can try to hijack shift, add boot start and so on thinking.

Four, weak password skills, we can see what hack, or hidden accounts, such as the general user password is relatively simple, you can try the weak password, as well as the previous said a variety of databases, remote control software, FTP software weak password, no way to sweep the time to take a chance.

Five, information collection, attention to turn off the hard disk various documents, perhaps a variety of passwords in it. In the intranet infiltration, information collection is very important, remember to take the server get a clear password, Germany that Mimikatz good, there is a domain, ARP ... Seems to be a little more irrelevant.

Vi. Social workers ... Not much to say.

Temporarily summed up here, the infiltration of profound, not so few words can be said clearly, specific or to see the specific situation, to improvise.

Must form in the infiltration process information collection good habit, especially for large and medium-sized sites, pay attention to collect sub-station domain names, directories, passwords and other sensitive information, which is very useful for the infiltration behind us, the intranet often weak password, more than the password. A lot of times, maybe a main station died in a small hole in the sub-station

Web site infiltration Thinking of the whole aspects of the summary (detailed article)