09 2020 档案

摘要:SQL Injection Demo Tools: Kali Linux Target Application: DVWA(Damn Vulnerable Web App) Login the DVWA website:http://10.0.0.20/dvwa/login.php Set the 阅读全文
posted @ 2020-09-20 08:12 晨风_Eric 阅读(284) 评论(0) 推荐(0) 编辑
摘要:Application Exploits, Part I APPLICATION-BASED EXPLOITS Injection attack Inserting additional data into application beyond what is expected SQL (Struc 阅读全文
posted @ 2020-09-19 21:52 晨风_Eric 阅读(74) 评论(0) 推荐(0) 编辑
摘要:Wireless Exploits WIRELESS AND RF VULNERABILITIES Wireless and RF vulnerabilities Broadcast is wide open aircrack-ng Evil twin - rogue WAP used to eav 阅读全文
posted @ 2020-09-19 11:30 晨风_Eric 阅读(75) 评论(0) 推荐(0) 编辑
摘要:Man in the middle exploits ADDITIONAL NETWORK EXPLOITS Man-in-the-middle Family of attacks where the attack intercepts messages between a sender and r 阅读全文
posted @ 2020-09-17 21:13 晨风_Eric 阅读(88) 评论(0) 推荐(0) 编辑
摘要:FTP Exploit Demo Use Nmap to find the vulnerability. nmap --script vulscan --script-args vulscandb=exploitdb.csv -sV -p 21 10.0.0.19 Use metasploit-fr 阅读全文
posted @ 2020-09-16 21:06 晨风_Eric 阅读(108) 评论(0) 推荐(0) 编辑
摘要:Network-Based Exploits NAME RESOLUTION EXPLOITS NETBIOS name service(NBNS) Part of NetBIOS-over-TCP Similar functionality to DNS LLMNR(Link-local Mult 阅读全文
posted @ 2020-09-15 21:21 晨风_Eric 阅读(98) 评论(0) 推荐(0) 编辑
摘要:In-Person Social Engineering MORE ATTACKS AND EXPLOITS Elicitation Gathering info about a system from authorized users Interrogation Informal intervie 阅读全文
posted @ 2020-09-14 21:33 晨风_Eric 阅读(108) 评论(0) 推荐(0) 编辑
摘要:Remote Social Engineering SOCIAL ENGNEERING Tricking or coercing people into violating security policy Depends on willingness to be helpful Human weak 阅读全文
posted @ 2020-09-13 10:31 晨风_Eric 阅读(109) 评论(0) 推荐(0) 编辑
摘要:Weaknesses in Specialized Systems ICS(Industrial Control Systems) Environment conditions SCADA(Supervisory Control and Data Acquisition) - SCADA is th 阅读全文
posted @ 2020-09-12 12:09 晨风_Eric 阅读(128) 评论(0) 推荐(0) 编辑
摘要:Credential Attacks Hydra https://sectools.org/tool/hydra/ hydra -L username.txt -P password.txt ftp://10.0.0.19 Get bad web-usernames from the followi 阅读全文
posted @ 2020-09-09 22:10 晨风_Eric 阅读(110) 评论(0) 推荐(0) 编辑

点击右上角即可分享
微信分享提示