hihi hôm nay minh viết 1 bài tổng quan về các phương pháp để hack 1 web ứng dụng
mục đích của hack thường có mục đích chung sau:
1. phá vỡ bên trong các hệ thống và chiếm quyền điều khiển của hệ thống hay nói cách khác là lấy quyền admin của cả hệ thống.
trước khi hack 1 web các bạn cần thực hiện những bước sau :
mục đích của hack thường có mục đích chung sau:
1. phá vỡ bên trong các hệ thống và chiếm quyền điều khiển của hệ thống hay nói cách khác là lấy quyền admin của cả hệ thống.
2.lấy những dự liệu thông tin nhạy cảm về dự liệu như thẻ tín dụng,trộm cắp ..etc..
Và đề làm cái gì đó hiệu quả chuyên nghiệp bạn phải có dụng cụ chứ nhì :D 1 trong những bộ công cụ tuyệt vời nhất mà thường được các hack hay dùng là 2 hệ điều hành : backtrack và kali linux nó 2 phiên bản của linux, nó là collection tool về security và hacking. các bạn có thể 2 hệ điều hành trên từ trang chủ của nó .
*link dowload backtrack: http://www.backtrack-linux.org/downloads/
video hướng dẫn cài backtrack 5 :
http://www.youtube.com/watch?v=WM4EDNG97pk
video hướng dẫn cài backtrack 5 :
http://www.youtube.com/watch?v=WM4EDNG97pk
*link dowload kalilinux: http://www.kali.org/
đây là bài viết hướng dẫn cài kali linux
http://funhackingofme.blogspot.com/2014/01/huong-dan-cai-at-he-ieu-hanh-kali-linux.html
đây là bài viết hướng dẫn cài kali linux
http://funhackingofme.blogspot.com/2014/01/huong-dan-cai-at-he-ieu-hanh-kali-linux.html
trước khi hack 1 web các bạn cần thực hiện những bước sau :
1. Reconnaissance (footprinting)
2. Scanning
3. Ports & Services Enumeration
4. Vulnerability Assessment
5. Vulnerability Exploitation
3. Ports & Services Enumeration
4. Vulnerability Assessment
5. Vulnerability Exploitation
6. Penetration and Access
7. Privilege Escalation & owning the box 8. Erase tracks
9. Maintaining access
7. Privilege Escalation & owning the box 8. Erase tracks
9. Maintaining access
Parameter manipulation
* Arbitary File Deletion
* Code Execution
* Cookie Manipulation ( meta http-equiv & crlf injection )
* CRLF Injection ( HTTP response splitting )
* Cross Frame Scripting ( XFS )
* Cross-Site Scripting ( XSS )
* Code Execution
* Cookie Manipulation ( meta http-equiv & crlf injection )
* CRLF Injection ( HTTP response splitting )
* Cross Frame Scripting ( XFS )
* Cross-Site Scripting ( XSS )
- Complete XSS Tutorial - 1234HotMaster
- Cross Site Scripting(XSS) for Beginners - KoKoKrants
- Basic xss tutorial - Anima Tempai
* Directory traversal
* Email Injection
* File inclusion
* Email Injection
* File inclusion
[TUT]RFI ( Remote File Inclusion ) - 123HotMaster
[TUT]LFI ( Local File Inclusion ) - EvilKing
* Full path disclosure
* LDAP Injection
* PHP code injection
* PHP curl_exec() url is controlled by user
* PHP invalid data type error message
* PHP preg_replace used on user input
* PHP unserialize() used on user input
* Remote XSL inclusion
* LDAP Injection
* PHP code injection
* PHP curl_exec() url is controlled by user
* PHP invalid data type error message
* PHP preg_replace used on user input
* PHP unserialize() used on user input
* Remote XSL inclusion
* Script source code disclosure
* Server-Side Includes (SSI) Injection
* SQL injection
* URL redirection
* XPath Injection vulnerability
* EXIF
* Server-Side Includes (SSI) Injection
* SQL injection
* URL redirection
* XPath Injection vulnerability
* EXIF
Format String Vulnerabilities
JSON Injection
Parameter Tampering (which I see is already covered, just the topic names are divided)
Iframe Injection
ASP ViewState
Padding Oracle
ASP Forms Authentication
JSON Injection
Parameter Tampering (which I see is already covered, just the topic names are divided)
Iframe Injection
ASP ViewState
Padding Oracle
ASP Forms Authentication
*Buffer Overflows
*Clickjacking
*Dangling Pointers
*Format String Attack
*FTP Bounce Attack
*Symlinking
*Dangling Pointers
*Format String Attack
*FTP Bounce Attack
*Symlinking
This list below fits in category MultiRequest parameter manipulation
* Blind SQL injection (timing)
* Blind SQL/XPath injection (many types)
* Blind SQL/XPath injection (many types)
Blind based SQL Injection with SQL map - insecure5082
This list below fits in category File checks
* 8.3 DOS filename source code disclosure
* Search for Backup files
* Cross Site Scripting in URI
* PHP super-globals-overwrite
* Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )
* Search for Backup files
* Cross Site Scripting in URI
* PHP super-globals-overwrite
* Script errors ( such as the Microsoft IIS Cookie Variable Information Disclosure )
This list below fits in category Directory checks
* Cross Site Scripting in path
* Cross Site Scripting in Referer
* Directory permissions ( mostly for IIS )
* HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
* Possible sensitive files
* Possible sensitive files
* Session fixation ( jsessionid & PHPSESSID session fixation )
* Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
* WebDAV ( very vulnerable component of IIS servers )
* Cross Site Scripting in Referer
* Directory permissions ( mostly for IIS )
* HTTP Verb Tampering ( HTTP Verb POST & HTTP Verb WVS )
* Possible sensitive files
* Possible sensitive files
* Session fixation ( jsessionid & PHPSESSID session fixation )
* Vulnerabilities ( e.g. Apache Tomcat Directory Traversal, ASP.NET error message etc )
* WebDAV ( very vulnerable component of IIS servers )
* DNN (Dot Net Nuke)
[*]Complete DNN (Dot Net Nuke) - numan_malik999
This list below fits in category Text Search Disclosure
* Application error message
* Check for common files
* Directory Listing
* Email address found
* Local path disclosure
* Possible sensitive files
* Microsoft Office possible sensitive information
* Possible internal IP address disclosure
* Possible server path disclosure ( Unix and Windows )
* Possible username or password disclosure
* Sensitive data not encrypted
* Source code disclosure
* Trojan shell ( r57,c99,crystal shell etc )
* ( IF ANY )Wordpress database credentials disclosure
* Check for common files
* Directory Listing
* Email address found
* Local path disclosure
* Possible sensitive files
* Microsoft Office possible sensitive information
* Possible internal IP address disclosure
* Possible server path disclosure ( Unix and Windows )
* Possible username or password disclosure
* Sensitive data not encrypted
* Source code disclosure
* Trojan shell ( r57,c99,crystal shell etc )
* ( IF ANY )Wordpress database credentials disclosure
This list below fits in category File Uploads
* Unrestricted File Upload
This list below fits in category Authentication
* Microsoft IIS WebDAV Authentication Bypass
* SQL injection in the authentication header
* Weak Password
* GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )
* SQL injection in the authentication header
* Weak Password
* GHDB - Google hacking database ( using dorks to find what google crawlers have found like passwords etc )
This list below fits in category Web Services - Parameter manipulation & with multirequest
* Application Error Message ( testing with empty, NULL, negative, big hex etc )
* Code Execution
* SQL Injection
* Code Execution
* SQL Injection
[SQLMap]SQL injection + Database takeover - pt. 1 - 1llusion
SQL Injection Tutorial - Solixious
SQLi Complete Noob Guide with video - c0d3rinj3ct0r
My SQL injection complete tutorial - V1P3R
SQL Injection Tutorial - Solixious
SQLi Complete Noob Guide with video - c0d3rinj3ct0r
My SQL injection complete tutorial - V1P3R
* XPath Injection
* Blind SQL/XPath injection ( test for numeric,string,number inputs etc )
* Stored Cross-Site Scripting ( XSS )
* Cross-Site Request Forgery ( CSRF )
* Blind SQL/XPath injection ( test for numeric,string,number inputs etc )
* Stored Cross-Site Scripting ( XSS )
* Cross-Site Request Forgery ( CSRF )
Cross-Site Request Forgery ( CSRF ) - Shining White
Không có nhận xét nào:
Đăng nhận xét