02 2020 档案
摘要:Interacting with Metasploit msf.go package rpc import ( "bytes" "fmt" "gopkg.in/vmihailenco/msgpack.v2" "net/http" ) // Build the Go types to handle b
阅读全文
摘要:Interacting with Metasploit Early-stage Preparation: Setting up your environment - start the Metasploit console as well as the RPC listener through th
阅读全文
摘要:Building an HTTP Client That Interacts with Shodan Shadon(URL:https://www.shodan.io/) is the world's first search engine for Internet-connected device
阅读全文
摘要:Building HTTP Clients that interact with a variety of security tools and resources. Basic Preparation: Go's net/HTTP standard package contains several
阅读全文
摘要:Building a TCP Proxy Using io.Reader and io.Writer Essentially all input/output(I/O). package main import ( "fmt" "log" "os" ) // FooReader defines an
阅读全文
摘要:Simple Port Scanner with Golang Use Go‘s net package: net.Dial(network, address string) package main import ( "fmt" "net" ) func main() { _, err := ne
阅读全文
摘要:Preparation of the Lab Environment: Download and Install Pan-OS from the following website https://docs.gns3.com/appliances/pan-vm-fw.html or https://
阅读全文
摘要:OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to use. It can also be used for manual testing. This
阅读全文
摘要:XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page. The code is executed when the page loads. The co
阅读全文
摘要:SQL INJECTION Preventing SQLi Filters can be bypassed. Use a blacklist of commands? Still can be bypassed. Use whitelist? Same issue. -> Use parameter
阅读全文
摘要:SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...etc. >sqlmap --help >sqlmap -u [target URL] Fo
阅读全文
摘要:SQL INJECTION Discovering SQLi in GET Inject by browser URL. Selecting Data From Database Change the number to a big one, then you can get a useful er
阅读全文
摘要:SQL INJECTIONWHAT IS SQL?Most websites use a database to store data.Most data stored in it(usernames, passwords ..etc.)Web application reads, updates and inserts data in the database.Interaction with ...
阅读全文
摘要:VULNS MITIGATION 1. File Upload Vulns - Only allow safe files to be updated. 2. Code Execution Vulns: Don't use dangerous functions. Filter use input
阅读全文
摘要:REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ANY server. Execute PHP files from other servers o
阅读全文
摘要:LOCAL FILE INCLUSION Allows an attacker to read ANY file on the same server. Access files outside www directory. Try to read /etc/passwd file. 1. We k
阅读全文
摘要:CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be used to get a reverse shell. Or upload any file usin
阅读全文
摘要:EXPLOITATION -File Upload VULNS Simple type of vulnerabilities. Allow users to upload executable files such as PHP. Upload a PHP shell or backdoor, ex
阅读全文
摘要:INFORMATION GATHERING IP address. Domain name Info. Technologies used. Other websites on the same server. DNS records. Unlisted files, sub-domains, di
阅读全文
摘要:How to hack a website? An application installed on a computer. ->web application pen-testing A computer uses an OS + Other applications -> server-side
阅读全文
摘要:PIVOTING Use the hacked device as a pivot. Try to gain access to other devices in the network. Tool: Metasploit - AUTOROUTE Module Target: Metasploita
阅读全文
摘要:Spying - Capturing Key Strikes & Taking Screen Shots Log all mouse/keyboard events > keyscan-start - show current working directory > keyscan-dump - l
阅读全文
摘要:MAINTAINING ACCESS - Methods 1. Using a veil-evasion Rev_http_service Rev_tcp_service Use it instead of a normal backdoor. Or upload and execute from
阅读全文
摘要:METERPRETER BASICS >help - shows help >background - backgrounds current session >sessions -I - lists all sessions >session -i - interact with a certai
阅读全文
摘要:CLIENT SIDE ATTACKS - Detecting Trojan manually or using a sandbox Analyzing trojans Check the properties of the file. The file type of a trojan is ap
阅读全文
摘要:CLIENT SIDE ATTACK - BeEF Framework Hooking targets using MITMF Tools: MITMF and BeEF Start BeEF and execute the following commands: python2 mitmf.py
阅读全文
摘要:CLIENT SIDE ATTACKS - BeEf Framework Browser Exploitation Framework allowing us to launch a number of attacks on a hooked target. Targets are hooked o
阅读全文
摘要:CLIENT SIDE ATTACKS - Trojan delivery method - using email spoofing Use gathered info to contract targets. (e.g. Maltego, Google ... etc.) Send an ema
阅读全文
摘要:CLIENT SIDE ATTACKS - Spoofing backdoor extension Change the extension of the trojan from exe to a suitable one. Make the trojan even more trustable.
阅读全文
摘要:Creating disk space usage quotas: File Screening Generate Storage Report, including file edit audit. You can configure a scheduled report here.
阅读全文
摘要:Windows Server Update Services Configuration Wizard: Approve procedure of these updates is very tiring and time consuming. The simple way to do this i
阅读全文
摘要:For Windows Update, the limitation normally is a time window, disk space, network bandwidth. Create a GPO - Windows Update Configuration
阅读全文
摘要:Delegate proper right to some user: Login/Logout Audit - GPO Setting - Event Viewer File Auditing Modify audit settings of the folder.
阅读全文
摘要:Windows Admin Center: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-admin-center Remote Server Administration Tools for Windows 10 https
阅读全文
