-
I don't know so many of the more than a dozen cross-site upload vulnerabilities, injected blasting (database), sandblasting (server, provided that it is open remote), asp script errors (a few), are caused by social engineering, and more and vulnerabilities, psychological tactics are becoming more and more practical!
-
First, tell me about your server system.
-
There should be a lot of professionals, I think Tencent PC Manager doesn't have this function, like virus scanning, vulnerability fixing, web protection and the like. This should be a fundamental precaution.
-
The idea of hacking ** is actually similar to our thinking. First of all, start with the simple, if the simple way is broken, naturally you don't want to spend too much time researching, and hackers also want to spend more time challenging the high difficulty**.
So the average hacker starts with **:
First: **background, there should be a lot of open source systems now, so the background address is easy to ping. Most of them are admin and manage.
Therefore, the background password should not be too simple, many administrators are convenient to remember the password, most of them are admin123. Such a **, to scrap the **, a matter of minutes.
Then it's the database password. Therefore, if the database is not rigorous and thoughtful, then the database is also simply breached.
Therefore, you must find an experienced team to do it.
-
1.Information Collection.
1) Whois information - registrant, **, email address, DNS, address.
2) GoogleHack - sensitive directories, sensitive files, background addresses.
3) Server IP-NMAP scanning, port corresponding services. Paragraph C.
4) Sidenote-Bing query, script tool.
5) If you encounter CDN-Cloudflare, start from subdomain (mail, postfix), and DNS delivery domain vulnerabilities.
6) Server, Component (Fingerprint) - Operating System, Web Server, Scripting Language, Database Type.
2.Exploit mining.
1) Detect web application fingerprints.
2) xss, csrf, sollinjection, permission bypass, arbitrary file read, file containment.
3) Upload vulnerabilities - truncating, modifying, and parsing vulnerabilities
4) Whether there is a captcha or no - brute-force cracking.
3.Exploits.
1) Think purposefully.
2) Hidden Destructiveness - Find the corresponding EXP payload based on the detected application fingerprint or write it yourself.
3) Start the vulnerability attack and obtain the corresponding permissions.
4.Privilege escalation.
1) Select different attack payloads according to the server type for privilege escalation.
2) If the authority cannot be upgraded, the password guessing will be started based on the obtained data, and the information will be collected backtracked.
5.Implant the posterior door.
1) Concealment.
2) Check back regularly for updates and keep them periodic.
6.Log cleanup.
1) Camouflage, concealment, and avoid alarmsThey usually choose to delete the specified logs.
2) According to the time period, find the corresponding log file.
-
As it stands, all the ** on the Internet are in danger of being hacked. The best thing to do is to have defensive and security backups.
Use Anti-DDoS Pro server with multi-line support.
It is more secure to choose a space service provider of a well-known brand.
Make regular data backups, no worries.
Use the CDN acceleration function, and the payload function.
In addition, it is best to hire professional network maintenance technicians and SEO personnel to manage it professionally.
Python commonly used web framework recommendations:
1、flask >>>More
1. Surface cleaning: use deionization to clean the dust, black sediment, moss, etc. on the rock surface. The purpose of surface cleaning is in addition to cleaning. >>>More
First, interest attraction. Any organization should put the public interest first and attract the public, which is the method of interest attraction; Second, novelty attracts. The common psychology of the public is that they are very partial to the new and disgusted with the old. >>>More
The books that teach you the tactics of power and tactics include "32 Tricks of Strategy", "Leadership", "Modern Etiquette", and "Public Relations". These books can provide some guidance on power strategy, interpersonal communication, and gambling skills.
Intervening in the exchange rate is a fundamental measure for the protection of the national currency! Europe will intervene, Japan often intervenes, and the United States is also intervening in the exchange rate, which is a question of whether it can intervene! Therefore, the explanation made in this matter is not intentional. >>>More