参考 http://download.csdn.net/detail/jason571/8146587 一.操作系统原理,JavaScript,http/https的运行原理,Ajax,SQL等技术基础 HTML语法和网页运行原理 JavaScript CLI(命令行界面)的操作(Windows.Linux) SQL语法 有关网络操作命令(Telnet,Ping,nslookup,Tracert) 不同程序的下载及安装 脚步语言(Python,ruby,Perl,golang)…

OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to use. It can also be used for manual testing. This is the welcome page. Options Page Scan Policy Setting Page. Attack this target URL http://10.0.0.24…

SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(usernames, passwords ..etc.) Web application reads, updates and inserts data in the database. Interaction with DB done using SQL. WHY ARE THEY SO DANGEROUS…

1.启动wsaf工具,设置载入插件(攻击模型的插件),可以设置默认的攻击模型,也可以添加自己的plug. 2.在侦查的时候渗透邮箱需要知道,云行邮箱服务的托管服务器是什么类型,在之前的博客中我已近两提到过如何使用fierce 工具 3.使用 DIRBuster搜索网站目录 但凡出了404以外的都表示可以进行 4.webslayer密码字典…

1.国外使用的一款在线工具,对web的信息收集很有帮助 地址http://archive.org  , WayBack Machine 主界面如下:对百度存档的历史信息进行查询. 2.IP地址归属信息注册信息查找   (ARIN) , 该组织一共有五个,USA ,Canada 还有 Caribbean 地区,首先查看百度结果截图如下: 从搜索的结果中可以看到,百度不在这个范围之内,该在加勒比地区注册的  lancope,,,起作用跟另一个在线的工具差不多  www.whois.com  类似的还…

SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...etc. >sqlmap --help >sqlmap -u [target URL] Following are examples: sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&…

REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ANY server. Execute PHP files from other servers on the current server. Store PHP files on other servers as .txt. Pre-Condition: Set allow_url_include…

How to hack a website? An application installed on a computer. ->web application pen-testing A computer uses an OS + Other applications -> server-side attacks. Managed by humans -> client-side attacks Target: metastable VM…

WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. PHP, Python ...etc. Web application is executed here and not on the client's machine. How to hack a website? An application installed on a computer. -…

 CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories. Ex: target.com/directory plus.google.com/discover Target: Metasploitable2-Linux #!/usr/bin/env python import requests def request(url): try: return…