Shulou(Shulou.com)06/01 Report--

1. * * Target: http://duwei19921019.vicp.cc:8881/

Attention points for information collection:

The website is static / dynamic

Which scripting language was developed?

Type of web server

Is it cms, and if so, what is the name of cms?

Whether cdn is enabled or not

Real IP of the website

Is there a robots.txt file?

Port / server opening

2. Click on a picture link at random, http://duwei19921019.vicp.cc:8881/affiche.php?ad_id=32&uri=

See a dynamic website developed by php.

3. Enter a non-existent address at will. Http://duwei19921019.vicp.cc:8881/go

With the appearance of 404, it is also reported that the website uses nginx.

You can also pass http://fuwuqixitongshibie.51240.com/.

4. To query the website, enter http://duwei19921019.vicp.cc:8881/ directly in the query box to query. Now it is invalid.

5. You can use http://whatweb.bugscaner.com/

Through online cms identification, it can be recognized that, for example, www.freebuf.com is wordpress.

Some are ecshop.

6. Check whether the robots.txt file http://duwei19921019.vicp.cc:8881/robots.txt exists.

Verify whether there is a cdn:ping for this domain name. We can see that the resolved address and domain name are not the ones of our own ping. For example, our 51cto is cdn enabled.

C:\ Users\ li > ping www.51cto.com

The Ping web.dns.51cto.com [118.144.78.52] has 32 bytes of

Reply from 118.144.78.52: byte = 32 time = 21ms TTL=51

Reply from 118.144.78.52: byte = 32 time = 22ms TTL=51

Reply from 118.144.78.52: byte = 32 time = 23ms TTL=51

7. Online port scan: http://tool.chinaz.com/port/default.aspx

Or scan locally with nmap

For example: nmap-n-Pn www.51cto.com

Starting Nmap 6.46 (http://nmap.org) at 2015-09-21 23:47 China Standard time

Nmap scan report for www.51cto.com (118.144.78.54)

Host is up (0.039s latency).

Other addresses for www.51cto.com (not scanned): 118.144.78.52

Not shown: 986 closed ports

PORT STATE SERVICE

80/tcp open http

111/tcp open rpcbind

135/tcp filtered msrpc

139/tcp filtered netbios-ssn

256/tcp filtered fw1-secureremote

445/tcp filtered microsoft-ds

593/tcp filtered http-rpc-epmap

1025/tcp filtered NFS-or-IIS

3268/tcp filtered globalcatLDAP

3269/tcp filtered globalcatLDAPssl

3283/tcp filtered netassistant

3333/tcp open dec-notes

4444/tcp filtered krb524

6129/tcp filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 2.88 seconds

Do not easily use large tools to scan directly or some tools that scan frequently, it is likely to be blocked by the website ip directly.

Either use an agent or scan online.

The information is collected and classified and stored.

There is no useless information, only information that is not used for a while.

More simulations can better derive more realistic defenses.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.