Ashamed to say, rookie Xiaobai has been working for three years in the testing of security products, but he has not had a good understanding of penetration testing, and has been stuck in the exploration of basic functional testing and automated testing. Just as our group internal organization penetration test of the full set of courses, will start from the most basic content, learning content rookie xiaobai will sort out and share.

Let’s take a look at some basic concepts today.

Basic concept

1. Script (ASP, PHP, JSP)

ASP: ASP is Active Server Pages, Microsoft development of server-side scripting environment, which can be used to create dynamic interactive web Pages and establish powerful Web applications. When the server receives a request for an ASP file, it processes the server-side script code contained in the HTML (Hyper Text Markup Language) Web page file that is sent to the browser. In addition to server-side script code, ASP files can also contain text, HTML (including associated client-side scripts), and COM component calls.

PHP: PHP, or “hypertext preprocessor,” is a common open source scripting language. PHP is a scripting language executed on the server side. Similar to C, PHP is a common website programming language.

JSP: JSP (JavaServer Pages) is a dynamic web page technology standard created by Sun Microsystems. Deployed on a Web server, JSP can respond to requests sent by clients and dynamically generate Web pages of HTML, XML, or other format documents based on the request content, and then return them to the requester.

2. HTML (CSS, JS, HTML)

HTML: HTML, known as hypertext Markup Language (HTML), is an identifier language. It includes a series of tags. These tags unify the format of documents on the network and connect scattered Internet resources into a logical whole. HTML text is descriptive text composed of HTML commands that describe text, graphics, animations, sounds, tables, links, etc.

3. HTTP protocol

HTTP: HTTP is a simple request-response protocol that typically runs on top of TCP. It specifies what messages the client might send to the server and what responses it might get. The headers of the request and response messages are given in ASCII; The message content has a MIME-like format.

4. CMS (B/S)

CMS: Content Management System (CMS), we generally use the B/S architecture, that is, browser access. Another C/S architecture is through application access.

5, MD5

MD5: MD5 message-digest Algorithm, a widely used password hash function that generates a 128-bit (16-byte) hash value to ensure complete and consistent transmission of information. The decoding of general ciphers is required for penetration testing.

6. Other concepts

Chicken: a computer or server that has been hacked and is permanently stationed

Chicken catching: Using automated methods to capture the behavior of chickens by exploiting vulnerabilities in heavily used programs

Webshell: A scripting tool that uses web intrusion to provide a degree of control over web site services

Vulnerabilities: Security defects such as hardware, software, and protocols that can be exploited by attackers to tamper with or control data.

One-word Trojan: A Trojan that implements Webshell functions with the local client by submitting a short code to the server. For example:

<%eval request("pass")%>

<%execute(request("pass"))%>
Copy the code

Request (“pass”) receives the data submitted by the client. Pass is the parameter value of the command.

The eval/execute function executes the contents of the client command

Another example: PHP a word Trojan horse

<? php eval($_POST[123]); ? >Copy the code

The following code can use POST to submit PHP statements, using the various functions of PHP scripts, you can implement system commands, modify the database, add, delete, change, check, and other functions.

<form method=post action= http://phpinfo () <textarea name=123> </textarea> <input type=submit> </form>Copy the code

Rights promotion: This method is used by users with low operating system permissions to promote themselves to administrator rights.

4. A piece of program or “portal” that is not planted on a machine by a hacker in order to gain long-term control of the host.

Springboard: Use broiler IP to attack other targets, in order to better hide their identity information

Sideline: Multiple websites built under the same physical server. For example, there are three websites A, B and C under the server. B and C are the side stations of A.

Side site invasion: that is, under the same server url invasion, after the invasion can get the target url permissions by means of cross-directory and so on. The common side site query tools are: WebRobot, Imperial Sword, Ming Boy and Web online query.

Segment C: Indicates the same segment C server intrusion. For example, the target IP address is 192.168.1.253 to invade any machine 192.168.1.*, and then use some hacking tools to sniff and obtain all kinds of information transmitted on the network. Common tools include Cain (Windows), Sniffit (UNIX), Snoop, tcpdump, and Dsniffing

Penetration testing

Black box test: in the unauthorized situation, simulate the attack method and thinking mode of hackers, to evaluate the possible security risks of computer network system. Black box testing tests comprehensive abilities (OS, Database, Script, code, ideas, and social work).

White-box testing: Initiated internally with a bias towards code audits

APT attack: Advanced Persistent Threat refers to an attack form in which organizations (especially the government) or small groups use Advanced attack means to carry out long-term Persistent network attacks on specific targets, which has the following characteristics:

1. Strong concealment

2. Long incubation period and strong persistence

3. Be goal-oriented

Characteristics of penetration testing

Full of challenges and stimulation;

Thinking and experience often determine success or failure;

The flow of penetration testing

Penetration testing: more comprehensive identification of server problems, more protective

Clear objectives — information collection — vulnerability detection — vulnerability verification — information analysis — acquisition — information collation — report formation

Define objectives: scope, rules, requirements

Information collection: basic, system, application, version (version vulnerability), service, personnel (password guessing), defense

Vulnerability detection: system vulnerability, Webserver vulnerability, Web application vulnerability, other port service vulnerability, communication security

Vulnerability verification: automatic verification, manual verification, experimental verification, login speculation, business vulnerability verification, the use of open resources

Information analysis: precision strike, bypass defense mechanism, customize attack path, bypass detection mechanism, bypass code

Get what you need: attack, get inside information, further infiltrate, persist *, clean up

Information collation: collate infiltration tools, collate collect information, collate

Report formation: organize, supplement and repair suggestions as needed

Study alone — alone

A group of people learning – happiness