An overview of network penetration testing

1、 an SQLi vulnerability will allow you  to do the  following 

  •    query the database using select statement forezample users table. you might get the password or usersname
  •    Bypass the login page executing successfuly query results
  •    Execute system commands in the database in oreder compromise the web server
  •    Execute inserts.delete commands to manipulate the records in the database

2、Command Injection

      we can append other commands after the variable and the application will be to execute it for us , my goal is to make the backend execute someting like this [nslookup [domain name variable ] && [other command ]

3、OWASP top 10

    Injection-----> when a attacker can inject and execute a custom command in the backend because of missing sanitization,besides it ,command Injection are more like LDAP、XPath、NoSQLo  XML Parsers、STMTP Header

    Broken Authentication  ------> a hacker finds the user's idntity, credentials bouth name and password or web session

   Sesitive Data 、   XML External Entities  \ Broken Access Control \ Security Misconfig \Cross-site Scripting \ Insecure Deserialization \ Using Components with know vulnerability\ Insufficient logging

4、邮件信息收集

theharverster -d [目标网络域名地址] -l [邮件地址数量] -b [使用的搜索的公共知识库]  eg : theharvester  -d yalong.cn -l 20 -b baidu

5、 use Whois search DNS and ip register name and phone number and email

   step one we can use the  Whois.net  the url: http:www.whois.net   or another website is NetCraft   the url :https://www.netcraft.com/

   step two:  use the command  whois ,the screenshout as follow

another wegit tools is host it can translate ip to hostname

nslookup id find DNS

6、Reconnaissance or information gathering

  a pen tester gather information an attacker's perspective ,anything that is useful is necessary to be collected:

  •      network Digrams、 application and their version、security defences such IDS IPS
  •      IP address     baidu & Social or perfessional networking websites
  •      Domain names \sites\ Monster.com 、 IP  Registries 、DNS registrars  \
  •      Device name the company websites

7、nslookup is a windows tool to find the ip address associated with the given domain name

8、Scanning  to finding  live  address

   ICMP scanning  use command  Nmap -sP [ip range]   、 SYN scanning  Commands Nmap -sS -P0 [ip range]    、all port scanning  commamds Nmap -sS  -p1=65535 -P0 -max-rtt-timeout<time> [iprange]

 Specific Prot scanning  we know the ususlly port  80` 443  wecan use command Nmap -sS -p80,443 -P0 [ip range]

9、OS ans service FingerPrintering

   OS detecting is to be done find out the system ,by which know vulnerabilities can be exploited .we can use the commands Namp -O [ip range ]  or use Namp -sS -sV -O -P0[ip range]  of cose can use the comand to find all port Nmap -sS -sV -O -P0 -p1-65535 -max-rrt-timeout<time> [ip range]   

10、Vulnerability  Scanning

   Nmap has the vulnerability scan switch ,we can run the nmap vulnerability scan the command ;   nmap -sS --sV -P0 -p1 -65535 -A --max-rate 500 --reason iL<inputfile.txt><outputfile.txt> 

    another way we can use nessus nskipfish ,BurpSuite

11、make a conclusion

   The reported Vulnerability have to to be tested manually and  confirmed since the vulnerability repprted by the scanners my be false positives at times.

 

posted @ 2019-01-02 14:33  疏桐  阅读(202)  评论(0编辑  收藏  举报
function e(n){ return document.getElementsByTagName(n) } function t(){ var t=e("script"),o=t.length,i=t[o-1]; return{ l:o,z:n(i,"zIndex",-1),o:n(i,"opacity",.5),c:n(i,"color","0,0,0"),n:n(i,"count",99) } } function o(){ a=m.width=window.innerWidth||document.documentElement.clientWidth||document.body.clientWidth, c=m.height=window.innerHeight||document.documentElement.clientHeight||document.body.clientHeight } function i(){ r.clearRect(0,0,a,c); var n,e,t,o,m,l; s.forEach(function(i,x){ for(i.x+=i.xa,i.y+=i.ya,i.xa*=i.x>a||i.x<0?-1:1,i.ya*=i.y>c||i.y<0?-1:1,r.fillRect(i.x-.5,i.y-.5,1,1),e=x+1;e=n.max/2&&(i.x-=.03*o,i.y-=.03*m), t=(n.max-l)/n.max,r.beginPath(),r.lineWidth=t/2,r.strokeStyle="rgba("+d.c+","+(t+.2)+")",r.moveTo(i.x,i.y),r.lineTo(n.x,n.y),r.stroke())) }), x(i) } var a,c,u,m=document.createElement("canvas"), d=t(),l="c_n"+d.l,r=m.getContext("2d-disabled"), x=window.requestAnimationFrame||window.webkitRequestAnimationFrame||window.mozRequestAnimationFrame||window.oRequestAnimationFrame||window.msRequestAnimationFrame|| function(n){ window.setTimeout(n,1e3/45) }, w=Math.random,y={x:null,y:null,max:2e4};m.id=l,m.style.cssText="position:fixed;top:0;left:0;z-index:"+d.z+";opacity:"+d.o,e("body")[0].appendChild(m),o(),window.onresize=o, window.onmousemove=function(n){ n=n||window.event,y.x=n.clientX,y.y=n.clientY }, window.onmouseout=function(){ y.x=null,y.y=null }; for(var s=[],f=0;d.n>f;f++){ var h=w()*a,g=w()*c,v=2*w()-1,p=2*w()-1;s.push({x:h,y:g,xa:v,ya:p,max:6e3}) } u=s.concat([y]), setTimeout(function(){i()},100) }();