09 2020 档案
摘要:SQL Injection Demo Tools: Kali Linux Target Application: DVWA(Damn Vulnerable Web App) Login the DVWA website:http://10.0.0.20/dvwa/login.php Set the
阅读全文
摘要:Application Exploits, Part I APPLICATION-BASED EXPLOITS Injection attack Inserting additional data into application beyond what is expected SQL (Struc
阅读全文
摘要:Wireless Exploits WIRELESS AND RF VULNERABILITIES Wireless and RF vulnerabilities Broadcast is wide open aircrack-ng Evil twin - rogue WAP used to eav
阅读全文
摘要:Man in the middle exploits ADDITIONAL NETWORK EXPLOITS Man-in-the-middle Family of attacks where the attack intercepts messages between a sender and r
阅读全文
摘要:FTP Exploit Demo Use Nmap to find the vulnerability. nmap --script vulscan --script-args vulscandb=exploitdb.csv -sV -p 21 10.0.0.19 Use metasploit-fr
阅读全文
摘要:Network-Based Exploits NAME RESOLUTION EXPLOITS NETBIOS name service(NBNS) Part of NetBIOS-over-TCP Similar functionality to DNS LLMNR(Link-local Mult
阅读全文
摘要:In-Person Social Engineering MORE ATTACKS AND EXPLOITS Elicitation Gathering info about a system from authorized users Interrogation Informal intervie
阅读全文
摘要:Remote Social Engineering SOCIAL ENGNEERING Tricking or coercing people into violating security policy Depends on willingness to be helpful Human weak
阅读全文
摘要:Weaknesses in Specialized Systems ICS(Industrial Control Systems) Environment conditions SCADA(Supervisory Control and Data Acquisition) - SCADA is th
阅读全文
摘要:Credential Attacks Hydra https://sectools.org/tool/hydra/ hydra -L username.txt -P password.txt ftp://10.0.0.19 Get bad web-usernames from the followi
阅读全文