1.now we looke at this book . I decide to make a brief review the book covers as follows (I straight-forward copy here):Chapter 1, Building a Vulnerable Web Application Lab, will help us to get andinstall the vulnerable application Mutillidae using…
1.how to use dpkg cmmand first it can be used for list all software , dpkg -l (由于kali linux 没有启动所以先拿 Ubuntu说一下,基本上一样) 查看之前已经安装的软件 dpkg -l | grep [application ] 安装一个下载的软件 格式后缀 .deb 使用命令 dpkg -i [path\filename.deb] 卸载一个已经安装的软件 dpkg -r [application…
Responsive Web Design is regarded as being the approach which suggests that web design and development should respond to the end-user’s behavior and environment based on their screen size, platform and orientation. Responsiveness consists of a mix of…
OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to use. It can also be used for manual testing. This is the welcome page. Options Page Scan Policy Setting Page. Attack this target URL http://10.0.0.24…
SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...etc. >sqlmap --help >sqlmap -u [target URL] Following are examples: sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&…
SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(usernames, passwords ..etc.) Web application reads, updates and inserts data in the database. Interaction with DB done using SQL. WHY ARE THEY SO DANGEROUS…
REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ANY server. Execute PHP files from other servers on the current server. Store PHP files on other servers as .txt. Pre-Condition: Set allow_url_include…
INFORMATION GATHERING IP address. Domain name Info. Technologies used. Other websites on the same server. DNS records. Unlisted files, sub-domains, directories. 1. Whois Lookup - Find info about the owner of the target. () -> http://whois.domaintools…
