最近2018中文字幕在日韩欧美国产成人片_国产日韩精品一区二区在线_在线观看成年美女黄网色视频_国产精品一区三区五区_国产精彩刺激乱对白_看黄色黄大色黄片免费_人人超碰自拍cao_国产高清av在线_亚洲精品电影av_日韩美女尤物视频网站

一、簡(jiǎn)介

創(chuàng)新互聯(lián)專注于企業(yè)成都全網(wǎng)營(yíng)銷推廣、網(wǎng)站重做改版、福安網(wǎng)站定制設(shè)計(jì)、自適應(yīng)品牌網(wǎng)站建設(shè)、H5網(wǎng)站設(shè)計(jì)、商城網(wǎng)站制作、集團(tuán)公司官網(wǎng)建設(shè)、成都外貿(mào)網(wǎng)站建設(shè)、高端網(wǎng)站制作、響應(yīng)式網(wǎng)頁(yè)設(shè)計(jì)等建站業(yè)務(wù)，價(jià)格優(yōu)惠性價(jià)比高，為福安等各大城市提供網(wǎng)站開發(fā)制作服務(wù)。

滲透測(cè)試是一種安全性測(cè)試，旨在發(fā)現(xiàn)和利用被測(cè)對(duì)象的安全漏洞。本文將針對(duì)單個(gè)網(wǎng)站進(jìn)行滲透，并以此來了解如何找出和利用目標(biāo)中存在的安全問題。

二、前期準(zhǔn)備工作

1. 目標(biāo)信息采集

（1）IP地址/子網(wǎng)/DNS名字

（2）Web應(yīng)用版本號(hào)

（3）開發(fā)語(yǔ)言/數(shù)據(jù)庫(kù)/Web服務(wù)器

2. 搜集相關(guān)信息

（1）Google Hacking Database (GHDB)

（2）Nmap掃描

3. 建立目錄樹圖

4. 進(jìn)行風(fēng)險(xiǎn)評(píng)估

5. 配置工作區(qū)域

6. 加固web應(yīng)用或者OS內(nèi)核(optional)

三、正式進(jìn)行測(cè)試 1. 端口掃描與服務(wù)掃描 Nmap是一個(gè)常用的端口掃描工具,能夠快速偵測(cè)出目標(biāo)上開啟的TCP / UDP端口,并嘗試判斷使用什么軟件或者協(xié)議。 2. Web應(yīng)用審計(jì) Web應(yīng)用審計(jì)是一個(gè)重要郵務(wù),從考察代理機(jī)制時(shí)間,調(diào)整HTTP Header ,Cookie ,URL Parameter ,Form Data ,Hidden Field 的方法來尋找SQL Injection XSS Cross Site Request Forgery CSRF File Inclusion Directory Traversal Local File Include LFI Remote File Include RFI Backdoor Command Execution CMDEXE . 3. 暴力破壞與帳戶暴力破壞 暴力破壞是嘗試不斷使?不同的?戶名與密?去達(dá)到“Brute Force” ?張去達(dá)到帳戶保障之愿愐。 4. 本地文件搜尋與命令泄露 本地文件搜尋包含了configuration file log files backup files source code etc.,考察特徵字省略特徵字然後再去grep search find command line tool to locate the sensitive information from the target system or web application server . 5《命令泄露》Command injection is a technique used by attackers to execute arbitrary commands on the host operating system via a vulnerable application . 6《XML 外郭緩衝區(qū)〃XML External Entity attack is an attack against an application that parses XML input and it can be used to perform Server Side Request Forgery SSRF XXE attacks are used to probe internal networks extract confidential data and even perform remote code execution 7《LDAP 波務(wù)泄露 LDAP injection is an attack used to exploit web based applications that construct LDAP statements based on user input 8 SQL Injection SQL injection is one of the most common web hacking techniques which allows attackers to send malicious SQL queries directly to backend databases 9 Cross-Site Scripting XSS Cross-site scripting also known as XSS is a type of computer security vulnerability typically found in web applications 10 Buffer Overflow A buffer overflow occurs when more data than expected has been sent into memory resulting in corruption or overwriting of existing data 11 Path Traversal Path traversal also known as directory traversal is an attack technique used for exploiting insufficient security validation and sanitization checks 12 Denial Of Service DoS A denial-of-service DOS attack occurs when legitimate users are unable to access network services due

網(wǎng)頁(yè)標(biāo)題：針對(duì)單個(gè)網(wǎng)站的滲透思路（精）
網(wǎng)址分享：http://fisionsoft.com.cn/article/djgscic.html