Ethical Hacking - Web Penetration Testing(2)
INFORMATION GATHERING
- IP address.
- Domain name Info.
- Technologies used.
- Other websites on the same server.
- DNS records.
- Unlisted files, sub-domains, directories.
1. Whois Lookup - Find info about the owner of the target. ()
-> http://whois.domaintools.com/ https://www.whois.net/ etc.
2. Netcraft Site Report - Shows technologies used on the target.
-> http://toolbar.netcraft.com/site_report
Such as :https://sitereport.netcraft.com/?url=https%3A%2F%2Fwww.hackthissite.org%2F
3. Robtex DNS lookup - Shows comprehensive info about the target website.
4. Discovering Websites On the Same Server
- One server can serve a number of websites.
- Gaining access to one can help gaining access to others.
To find websites on the same server:
(1) Use Robtex DNS lookup under"names pointing to same IP".
(2) Using bing.com, search for ip:[target ip]
5. Discovering subdomains
- Subdomain.target.com
- Ex:https://www.hackthissite.org/
Knock can be used to find subdomainings of target.
(1)Download > git clone https://github.com/guelfoweb/knock.git
(2)Navigate to knock.py >cd knock/knock.py
(3)Run it > python knock.py [target]
6. Discovering Sensitive Files
Find files&directories in target website
Tool: drib
dirb [target] [worlist] [options]
For more info run > man dirb
Analysing Discovered Files
---- Scanning URL: http://10.0.0.24/mutillidae/ ----
==> DIRECTORY: http://10.0.0.24/mutillidae/classes/
+ http://10.0.0.24/mutillidae/credits (CODE:200|SIZE:509)
==> DIRECTORY: http://10.0.0.24/mutillidae/documentation/
+ http://10.0.0.24/mutillidae/favicon.ico (CODE:200|SIZE:1150)
+ http://10.0.0.24/mutillidae/footer (CODE:200|SIZE:450)
+ http://10.0.0.24/mutillidae/header (CODE:200|SIZE:19879)
+ http://10.0.0.24/mutillidae/home (CODE:200|SIZE:2930)
==> DIRECTORY: http://10.0.0.24/mutillidae/images/
+ http://10.0.0.24/mutillidae/inc (CODE:200|SIZE:386260)
==> DIRECTORY: http://10.0.0.24/mutillidae/includes/
+ http://10.0.0.24/mutillidae/index (CODE:200|SIZE:24237)
+ http://10.0.0.24/mutillidae/index.php (CODE:200|SIZE:24237)
+ http://10.0.0.24/mutillidae/installation (CODE:200|SIZE:8138)
==> DIRECTORY: http://10.0.0.24/mutillidae/javascript/
+ http://10.0.0.24/mutillidae/login (CODE:200|SIZE:4102)
+ http://10.0.0.24/mutillidae/notes (CODE:200|SIZE:1721)
+ http://10.0.0.24/mutillidae/page-not-found (CODE:200|SIZE:705)
==> DIRECTORY: http://10.0.0.24/mutillidae/passwords/
+ http://10.0.0.24/mutillidae/phpinfo (CODE:200|SIZE:48828)
+ http://10.0.0.24/mutillidae/phpinfo.php (CODE:200|SIZE:48840)
+ http://10.0.0.24/mutillidae/phpMyAdmin (CODE:200|SIZE:174)
+ http://10.0.0.24/mutillidae/register (CODE:200|SIZE:1823)
+ http://10.0.0.24/mutillidae/robots (CODE:200|SIZE:160)
+ http://10.0.0.24/mutillidae/robots.txt (CODE:200|SIZE:160)
==> DIRECTORY: http://10.0.0.24/mutillidae/styles/ ---- Entering directory: http://10.0.0.24/mutillidae/classes/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://10.0.0.24/mutillidae/documentation/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://10.0.0.24/mutillidae/images/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://10.0.0.24/mutillidae/includes/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://10.0.0.24/mutillidae/javascript/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://10.0.0.24/mutillidae/passwords/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://10.0.0.24/mutillidae/styles/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway) -----------------
END_TIME: Fri Feb 7 16:46:55 2020
DOWNLOADED: 4612 - FOUND: 18
The URL in Red is useful to discove.
For example:
Gethering information is important, while it is harder to get useful information than before.
Ethical Hacking - Web Penetration Testing(2)的更多相关文章
- Ethical Hacking - Web Penetration Testing(13)
OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to ...
- Ethical Hacking - Web Penetration Testing(8)
SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(userna ...
- Ethical Hacking - Web Penetration Testing(10)
SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...
- Ethical Hacking - Web Penetration Testing(6)
REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ...
- Ethical Hacking - Web Penetration Testing(1)
How to hack a website? An application installed on a computer. ->web application pen-testing A co ...
- Python Ethical Hacking - WEB PENETRATION TESTING(1)
WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. ...
- Python Ethical Hacking - WEB PENETRATION TESTING(2)
CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories ...
- Ethical Hacking - Web Penetration Testing(12)
XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page ...
- Ethical Hacking - Web Penetration Testing(11)
SQL INJECTION Preventing SQLi Filters can be bypassed. Use a blacklist of commands? Still can be byp ...
- Ethical Hacking - Web Penetration Testing(9)
SQL INJECTION Discovering SQLi in GET Inject by browser URL. Selecting Data From Database Change the ...
随机推荐
- JAVA 经典算法 40 例
[程序 1] 题目:古典问题:有一对兔子,从出生后第 3 个月起每个月都生一对兔子,小兔子长到第四个月后每个月又生一对兔子,假如兔子都不死,问每个月的兔子总数为多少? 1.程序分析: 兔子的规律为数列 ...
- 专家解读:利用Angular项目与数据库融合实例
摘要:面对如何在现有的低版本的框架服务上,运行新版本的前端服务问题,华为云前端推出了一种融合方案,该方案能让独立的Angular项目整体运行在低版本的框架服务上,通过各种适配手段,让Angular项目 ...
- python多线程+生产者和消费者模型+queue使用
多线程简介 多线程:在一个进程内部,要同时干很多事情,就需要同时执行多个子任务,我们把进程内的这些子任务叫线程. 线程的内存空间是共享的,每个线程都共享同一个进程的资源 模块: 1._thread模块 ...
- 解决 React Native Android:app:validateSigningRelease FAILED 错误
RN 运行的时候报这个错这咋办:
- 新老单点的改造——-理解Cookie、Session、Token
近期参与了新老单点的改造,一直想总结一下,发现这篇文章比较贴切. 整理了如下: 随着交互式Web应用的兴起,像在线购物网站,需要登录的网站等等,马上就面临一个问题,那就是要管理会话,必须记住哪些人登录 ...
- springboot_自动配置原理
目录 1.1 @SpringBootApplication 2.1 @EnableAutoConfiguration 2.1.1 @AutoConfigurationPackage 2.1.2 @Im ...
- node.js/npm升级正确操作(windows和linux均有)
原文地址:https://www.wjcms.net/archives/nodejsnpm升级正确操作windows和linux均有 今天我们总结一下node.js以及npm升级的正确操作方法. 小编 ...
- 大场前端工程师常使用CSS3特性做跨域也是牛逼前端的开始之路
通过 CSS3 的 content 获取内容,很有意思的一个思路,实际场景中有可能用的到: CSST (CSS Text Transformation) 利用js动态创建一个link插入到文档中, 请 ...
- vue页面原样导出excel表格
github地址:https://github.com/wuzhiaite/vue-samples 1.excel导出 做过业务系统的知道,进行涉及到excel的导出,列表数据动则几十万,但是也有一部 ...
- 洛谷 P3694 邦邦的大合唱站队 状压DP
题目描述 输入输出样例 输入 #1 复制 12 4 1 3 2 4 2 1 2 3 1 1 3 4 输出 #1 复制 7 说明/提示 分析 首先要注意合唱队排好队之后不一定是按\(1.2.3..... ...