-
1. Information Collection.
WHOIS information – registrant, **, email address, DNS, address.
Server IP--nmap scanning, services corresponding to ports, and C-segment.
Side note - bing query, scripting tool.
If you encounter CDN--Cloudflare (bypass), start from subdomain (mail, postfix), or DNS delivery domain vulnerabilities.
Server, Component (Fingerprint) – Operating System, Web Server (Apache, Nginx, IIS), Scripting Language.
more.2. Vulnerability mining.
Detect web application fingerprints -- discuz, phpwind, dedecms, ecshop....
xss, csrf, xsio, sqlinjection, permission bypass, arbitrary file read, file containment.
Upload vulnerabilities - truncate, modify, and parse vulnerabilities.
Whether there is a captcha or no - brute-force cracking.
more..
3. Exploitation.
Think about purposefulness – what kind of effect to achieve.
Hidden, Destructive - Look for the corresponding EXP payload based on the detected application fingerprint or write it yourself.
Start a vulnerability attack, obtain the corresponding permissions, and obtain the webshell according to different scenarios
-
Pre-Attack:Collect information and make further attack decisions Content: Obtain domain name and IP distribution, obtain topology and OS, etc., obtain ports and services, obtain application system status, and track new vulnerability releases.
Attack:
Carry out an attack and obtain certain permissions of the system Content: Obtain remote permissions, enter the remote system, elevate local permissions, further expand permissions, and perform substantive operations.
Post-Attack:Clear traces and maintain certain permissions for a long time Content: Implant backdoor Trojans, delete logs, patch obvious vulnerabilities, and further infiltrate and expand.
-
。Intrusion detection is the process of detecting unauthorized use or intrusion into a computer or network. An intrusion detection system is a software or hardware system that implements a detection function.
The Intrusion Detection System (IDS) can detect attacks that undermine the integrity, confidentiality, and availability of a computer or network.
Intrusion detection technology and intrusion detection system are two different concepts. Intrusion detection technology mainly refers to the study of what kind of methods are used to detect intrusion behavior, while intrusion detection system refers to a system that performs detection tasks based on a certain monitoring object. Intrusion detection technology is mainly divided into two types: anomaly detection technology and misuse detection, and the detection system is mainly divided into host-based intrusion detection system and network-based inbound detection system.
Each technology can be applied to any inspection system, and each inspection system can be used with any inspection technology.
The answer is supplemented. 3。Cryptographic algorithms are mathematical functions used for encryption and decryption, and cryptographic algorithms are the basis of cryptographic protocols. The current cryptographic algorithms mainly include sequential ciphers, block ciphers, public key ciphers, hash functions, etc., which are used to ensure the security of information and provide services such as identification, integrity, and anti-repudiation.
Suppose we want to send a message P over the network (P is usually a plaintext packet), and using a cryptographic algorithm to hide the content of P can convert P into ciphertext, and this conversion process is called encryption. The ciphertext c corresponding to the plaintext p is obtained by an additional parameter k, called the key. In order to recover the plaintext, the receiver of ciphertext c needs another key k-1 (superscript) to complete the operation in the opposite direction.
The current cryptographic algorithms mainly include sequential ciphers, block ciphers, public key ciphers, hash functions, etc., which are used to ensure the security of information and provide services such as identification, integrity, and anti-repudiation. Suppose we want to send a message P over the network (P is usually a plaintext packet), and using a cryptographic algorithm to hide the content of P can convert P into ciphertext, and this conversion process is called encryption. The ciphertext c corresponding to the plaintext p is obtained by an additional parameter k, called the key.
In order to recover the plaintext, the receiver of ciphertext c needs another key k-1 (superscript) to complete the operation in the opposite direction. This reverse process is called decryption. The general process of encryption and decryption is shown in the diagram
-
Once the IP address conflicts, the first thing is that the two computers in the conflict cannot access the Internet, and occasionally one can be connected and the other cannot be accessed; If the IP address conflicts with the IP address of servers, switches, routers, and other critical network devices, the entire network will be paralyzed.
In this case, the network administrator will find the user of the computer according to the signature characteristics of the computer, such as the computer name, the physical address of the network card (MAC address), etc., and notify him to change the IP address of the computer.
The mobility of the laptop is relatively large, so it adopts the dynamic allocation of IP address, which generally will not cause IP address conflict, unless the IP address is manually set, or the computer is poisoned, and the name of the computer does not correspond to the user, so once the computer is poisoned, it is difficult to find the poisoned computer, just like the above situation.
-
Install a Kingsoft ARP firewall.
-
Scan the network IP segment, analyze the activation of the network port, send the test**Analyze the returned data, filter the data to obtain the list of controllable ports of the broiler, implant the control**, obtain administrator permissions.
-
Intrusion detection technology (IDS) can be defined as a system that identifies and handles malicious use of computer and network resources. Including the intrusion outside the system and the unauthorized behavior of internal users, it is a technology designed and configured to ensure the security of the computer system, which can timely detect and report unauthorized or abnormal phenomena in the system, and is a technology used to detect the violation of security policies in the computer network.
The basic idea is that exchange and control are separated.
At the beginning of Shakyamuni's teachings, he put forward the most basic idea of "three seals": "All actions are impermanent, all laws have no self, and everything is suffering." Among them, the theory of "selflessness" is the pivotal link. >>>More
Confucius and Mencius are representatives of Confucianism, and the essence of Confucius and Mencius thought is to advocate benevolence and righteousness. >>>More
The ICP license is the license to operate, and the business must apply for the ICP license. >>>More
How to say it, first of all, remember, don't think that if I'm good to her, she will always like me, don't think that she will always know what I pay to her, think about it, the current situation is obvious, she doesn't like you anymore, you should recover as soon as possible and live well, now the more you pester her, the more annoying she is, the more she wants to avoid you, your commitment is based on your love for each other, there is no love between you, and there is no commitment anymore, don't think about what to pay for her, promise for her, divide it, divide it, Be generous, why bother pestering her again.