上一页 1 ··· 27 28 29 30 31 32 33 34 35 ··· 51 下一页
2020年2月7日
Ethical Hacking - Web Penetration Testing(4)
摘要: CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be used to get a reverse shell. Or upload any file usin 阅读全文
posted @ 2020-02-07 20:57 晨风_Eric 阅读(97) 评论(0) 推荐(0) 编辑
Ethical Hacking - Web Penetration Testing(3)
摘要: EXPLOITATION -File Upload VULNS Simple type of vulnerabilities. Allow users to upload executable files such as PHP. Upload a PHP shell or backdoor, ex 阅读全文
posted @ 2020-02-07 20:28 晨风_Eric 阅读(86) 评论(0) 推荐(0) 编辑
Ethical Hacking - Web Penetration Testing(2)
摘要: INFORMATION GATHERING IP address. Domain name Info. Technologies used. Other websites on the same server. DNS records. Unlisted files, sub-domains, di 阅读全文
posted @ 2020-02-07 16:57 晨风_Eric 阅读(164) 评论(0) 推荐(0) 编辑
Ethical Hacking - Web Penetration Testing(1)
摘要: How to hack a website? An application installed on a computer. ->web application pen-testing A computer uses an OS + Other applications -> server-side 阅读全文
posted @ 2020-02-07 14:45 晨风_Eric 阅读(123) 评论(0) 推荐(0) 编辑
Ethical Hacking - POST EXPLOITATION(4)
摘要: PIVOTING Use the hacked device as a pivot. Try to gain access to other devices in the network. Tool: Metasploit - AUTOROUTE Module Target: Metasploita 阅读全文
posted @ 2020-02-07 14:29 晨风_Eric 阅读(137) 评论(0) 推荐(0) 编辑
2020年2月6日
Ethical Hacking - POST EXPLOITATION(3)
摘要: Spying - Capturing Key Strikes & Taking Screen Shots Log all mouse/keyboard events > keyscan-start - show current working directory > keyscan-dump - l 阅读全文
posted @ 2020-02-06 20:04 晨风_Eric 阅读(80) 评论(0) 推荐(0) 编辑
Ethical Hacking - POST EXPLOITATION(2)
摘要: MAINTAINING ACCESS - Methods 1. Using a veil-evasion Rev_http_service Rev_tcp_service Use it instead of a normal backdoor. Or upload and execute from 阅读全文
posted @ 2020-02-06 19:50 晨风_Eric 阅读(114) 评论(0) 推荐(0) 编辑
Ethical Hacking - POST EXPLOITATION(1)
摘要: METERPRETER BASICS >help - shows help >background - backgrounds current session >sessions -I - lists all sessions >session -i - interact with a certai 阅读全文
posted @ 2020-02-06 17:34 晨风_Eric 阅读(120) 评论(0) 推荐(0) 编辑
Ethical Hacking - GAINING ACCESS(24)
摘要: CLIENT SIDE ATTACKS - Detecting Trojan manually or using a sandbox Analyzing trojans Check the properties of the file. The file type of a trojan is ap 阅读全文
posted @ 2020-02-06 14:33 晨风_Eric 阅读(91) 评论(0) 推荐(0) 编辑
Ethical Hacking - GAINING ACCESS(23)
摘要: CLIENT SIDE ATTACK - BeEF Framework Hooking targets using MITMF Tools: MITMF and BeEF Start BeEF and execute the following commands: python2 mitmf.py 阅读全文
posted @ 2020-02-06 12:44 晨风_Eric 阅读(79) 评论(0) 推荐(0) 编辑
上一页 1 ··· 27 28 29 30 31 32 33 34 35 ··· 51 下一页