http://www.ivizsecurity.com/blog/penetration-testing/live-cd-penetration-testing-pen/ Yesterday I was researching for some of the other lesser known live CDs for penetration testing.  While I’m an avid user and a fan of backtrack, someone mentioned t…

Web Application Penetration Testing Local File Inclusion (LFI) Testing Techniques Jan 04, 2017, Version 1.0 Contents What is a Local File Inclusion (LFI) vulnerability? Example of Vulnerable Code Identifying LFI Vulnerabilities within Web Application…

相关学习资料 http://www.cnblogs.com/LittleHann/p/3823513.html http://www.cnblogs.com/LittleHann/p/3828927.html http://www.searchsecurity.com.cn/showcontent_56011.htm https://www.owasp.org/index.php/File:OWASP_Testing_Guide_Presentation.zip information syst…

第一部分 渗透测试步骤 ---参考资料  Ethical Hacking: The Value of Controlled Penetration Tests  下载地址  链接:https://pan.baidu.com/s/1ELFGTEnVx5d15eWHSmHzrQ  提取码:wd8l 复制这段内容后打开百度网盘手机App,操作更方便哦 1.Snort软件可以安装的操作系统的 Unix /Linux and windows .WinSinff可以安装的额操作系统 Windows 2.扫描…

MITM - ARP Poisoning Theory Man In The Middle Attacks - ARP Poisoning This is one of the most dangerous and effective attacks that can be used, it is used to redirect packets to and from any client to our device, and since we have the network key, we…

此文转载 XXE VALID USE CASE This is a nonmalicious example of how external entities are used: <?xml version="1.0" standalone="no" ?> <!DOCTYPE copyright [ <!ELEMENT copyright (#PCDATA)> <!ENTITY c SYSTEM "http://www.…

1. an SQLi vulnerability will allow you  to do the  following query the database using select statement forezample users table. you might get the password or usersname Bypass the login page executing successfuly query results Execute system commands…

1.本博客记载的是这本书的学习笔记,还有出现的一些不懂的单词 我也将会记载这篇博客中.记载顺序是按照本书的章节顺序来记载的.最喜欢本书中的一句   you havae no idea how good you have it 哈哈哈哈 需要经常光顾的安全网站   BugTrap    AstaLaVista   X-Force PacketStorm   woowoo    SecurityFocus penetration 渗透测试, 洞察力·     liability   责任,债务.倾向…

                PowerSploit: The Easiest Shell You'll Ever Get - Pentest... Sometimes you just want a shell. You dont want to worry about compiling a binary, testing it against antivirus, figuring out how to upload it to the box and finally...   View…

1.Metasploit整体框架: Shell中直接输入msfconsole启动PostgreSQL数据库服务 :service postgresql start 监听5432端口初始化Metasploit数据库 :msfdb init查看数据库联接情况 :msfconsole db_status建立数据库缓存 :msfconsole db_rebuild_cache 专业术语 – Exploit,攻击工具/代码– Payload,攻击载荷– Shellcode– Module,模块– List…

OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to use. It can also be used for manual testing. This is the welcome page. Options Page Scan Policy Setting Page. Attack this target URL http://10.0.0.24…

SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...etc. >sqlmap --help >sqlmap -u [target URL] Following are examples: sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&…

SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(usernames, passwords ..etc.) Web application reads, updates and inserts data in the database. Interaction with DB done using SQL. WHY ARE THEY SO DANGEROUS…

ARP Poisoning - arpspoof Arpspoof is a tool part of a suit called dsniff, which contains a number of network penetration tools. Arpspoof can be used to launch a MITM attack and redirect traffic to flow through our device. 1. Tell the target client th…

…

Remember to consturct your test environment. Kali Linux & Metasploitable2 & Windows XP…

参考 http://download.csdn.net/detail/jason571/8146587 一.操作系统原理,JavaScript,http/https的运行原理,Ajax,SQL等技术基础 HTML语法和网页运行原理 JavaScript CLI(命令行界面)的操作(Windows.Linux) SQL语法 有关网络操作命令(Telnet,Ping,nslookup,Tracert) 不同程序的下载及安装 脚步语言(Python,ruby,Perl,golang)…

常用渗透性测试工具 原文:http://hi.baidu.com/limpid/item/14a2df166adfa8cb38cb3068 对一个应用项目进行渗透性测试一般要经过三个步骤.  第一步,用一些侦测工具进行踩点,获得目标的基本信息.       第二步通过漏洞扫描工具这类自动化测试工具获取目标的漏洞列表,从而缩小测试的范围.       第三步利用一些灵活的代理,请求伪造和重放工具,根据测试人员的经验和技术去验证或发现应用的漏洞. 在此过程中需要利用一些工具,这些工具包括: 1.Me…

重新记一遍 ,在捕获握手数据包的时候不容易获取,所以使用ARP请求.使用自己的无线网卡的地址发送请求,会容易使得无线开启端掉线,迫使重新连接. 1.使用命令   aireplay-ng -3 -b aa:aa:aa:aa:aa:aa -h 目标无线MAC地址  wlanmon   其中-3表示使用APR请求 2.如何攻击加速捕获数据包的速度   使用命令   aireplay-ng --deauth 1 -a  目标MAC地址 wanmon 打开刚才捕获的数据包 3.使用工具 genpkm工具生…

1.启动wsaf工具,设置载入插件(攻击模型的插件),可以设置默认的攻击模型,也可以添加自己的plug. 2.在侦查的时候渗透邮箱需要知道,云行邮箱服务的托管服务器是什么类型,在之前的博客中我已近两提到过如何使用fierce 工具 3.使用 DIRBuster搜索网站目录 但凡出了404以外的都表示可以进行 4.webslayer密码字典…

1.国外使用的一款在线工具,对web的信息收集很有帮助 地址http://archive.org  , WayBack Machine 主界面如下:对百度存档的历史信息进行查询. 2.IP地址归属信息注册信息查找   (ARIN) , 该组织一共有五个,USA ,Canada 还有 Caribbean 地区,首先查看百度结果截图如下: 从搜索的结果中可以看到,百度不在这个范围之内,该在加勒比地区注册的  lancope,,,起作用跟另一个在线的工具差不多  www.whois.com  类似的还…

1.对本书出现的无线网络涉及的命令做一总结 查看无线网卡( Create a monitor mode interface using your card as shown in the following screenshot ) ifconfig -a ifconfig wlan0   (开启无线网卡)    airmon-ng start wlan0(开启混杂&监听模式) 扫描无线端口 接入点,(Ensure that channel hopping happens across bout…

1.AP-less WPA-Personal cracking 创建一个honeypoint  等待链接,特点在于不需要攻击致使链接的客户端掉线,直接获取了流量的握手包. 2.Man-in-the-Middle attack(中间人攻击) Eavesdropping and Session Hijacking(窃听和会话劫持) 中间人攻击是强有力的一种攻击方式再 WlAN system 中,不同的配置结构,使用最多的一种方式,创建一个fake client card ,或者强迫附近Ap端链接到此…

Ax_Download www.tenable.com/products/nessus-home,need sent email. Bx_Install su ls dpkg -i [filename] Xx_Start /etc/init.d/nessusd start open firefox enter https://www.[your ip address]:8834 enter name and email enter your user and password Cx_use Ne…

XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page. The code is executed when the page loads. The code is executed on the client machine, not the server. Three main types: 1. Persistent/Stored XSS 2.…

SQL INJECTION Preventing SQLi Filters can be bypassed. Use a blacklist of commands? Still can be bypassed. Use whitelist? Same issue. -> Use parameterized statements, separate data from SQL code. <?php //$textbox1 = admin' union select # Select * fr…

SQL INJECTION Discovering SQLi in GET Inject by browser URL. Selecting Data From Database Change the number to a big one, then you can get a useful error message. And you can try different number to find the right column. Using “union select 1,2,3,4,…

VULNS MITIGATION 1. File Upload Vulns - Only allow safe files to be updated. 2. Code Execution Vulns: Don't use dangerous functions. Filter use input before execution. 3. File inclusion: Disable allow_url_fopen & allow_url_include. Use static file in…

REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ANY server. Execute PHP files from other servers on the current server. Store PHP files on other servers as .txt. Pre-Condition: Set allow_url_include…

LOCAL FILE INCLUSION Allows an attacker to read ANY file on the same server. Access files outside www directory. Try to read  /etc/passwd file. 1. We know the current file path from the following error. 2. Try to visit following URL: http://10.0.0.24…