首页 > TAG信息列表 > penetration
sqlmap的基本使用
sqlmap简介 sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate pene渗透测试-Z宝典(Penetration-Zbook)
内容大纲: 01-攻击流程 01-攻击路径 02-信息收集-IP资源 02-信息收集-域名发现 02-信息收集-服务器与人力资源情报收集 02-信息收集-网站关键信息收集 03-漏洞分析-Web漏洞扫描 03-漏洞分析-弱口令扫描 03-漏洞分析-漏洞研究 03-漏洞分析-系统漏洞扫描 04-web渗透测试-CMS漏洞什么是“***”?******有效吗?
***是***者常用的一种***手段,也是一种综合的高级***技术,同时***也是安全工作者所研究的一个课题,在他们口中通常被称为”***测试(Penetration Test)”。 无论是网络***(Network Penetration)还是***测试(Penetration Test),其实际上所指的都是同一内容,也就是研究如何Penetration Test - Using_Scripting_in_Pen_Testing(6)
Python Scripts DEMO portscan.py import sys, socket target = sys.argv[1] minport = int(sys.argv[2]) maxport = int(sys.argv[3]) def porttry(cur_target, port): try: s.connect((cur_target, port)) return True except: return NoPenetration Test - Select Your Attacks(20)
Persistence and Stealth PERSISTENCE Scheduled jobs Cron or Task Manager Scheduled Task Same as above Daemons Background processes or services Back doors Bypass standard security controls Trojan Malware that looks like it does something usefuPenetration Test - Select Your Attacks(15)
Privilege Escalation(Windows) WINDOWS-SPECIFIC PRIVILEGE ESCALATION Cpassword - Group Policy Preference attribute that contains passwords SYSVOL folder of the Domain Controller (encrypted XML) Clear text credentials in LDAP(Lightweight Directory AccesPenetration Test - Select Your Attacks(14)
Privilege Escalation(Linux) Linux user ID is 'root'. LINUX-SPECIFIC PRIVILEGE ESCALATION SUID/SGID programs Permission to execute a program as executable's owner/group ls shows 's' in executable bit of permissions -r-sr-sr-x(SUPenetration Test - Select Your Attacks(9)
Application Exploits, Part II AUTHENTICATION EXPLOITS Credential brute forcing Offline cracking(Hydra) Session hijacking Intercepting and using a session token(generally) to take over a valid distributed (web) session Redirect Sending the user toPenetration Test - Select Your Attacks(8)
SQL Injection Demo Tools: Kali Linux Target Application: DVWA(Damn Vulnerable Web App) Login the DVWA website:http://10.0.0.20/dvwa/login.php Set the Security Level to low and submit. If the application's not sanitizing input, you can use single quPenetration Test - Select Your Attacks(1)
Remote Social Engineering SOCIAL ENGNEERING Tricking or coercing people into violating security policy Depends on willingness to be helpful Human weaknesses can be leveraged May rely on technical aspects Bypasses access controls and most detection controPenetration Test - Survey the Target(7)
Target Considerations Given a scenario, perform a vulnerability scan. CONTRAINER Lightweight instance of a VM Runs on to of host OS Docker, Puppet, Vagrant Applications Application scan Dynamic Analysis -target environment is running and responds toPenetration Test - Planning and Scoping(2)
Penetration Test - Planning and Scoping(2) TARGET AUDIENCE AND ROE Know your target audience Who is sponsoring the pen test? What is the purpose of the test? Rules of engagement - governs the pen tester's activities Schedule - start, stop, temp