web123456

Xiaodi web security/penetration testing/network security 01 (basic introduction)------basic concepts

Web composition architecture modeling

Website source code:Division type, application direction
operating system:Windows Linux
Middleware (building platform):Apachelies Tomcat Nginx, etc.
Database: accessMySQL mssqloracle sybase db2 postsql, etc.

The corresponding vulnerabilities of the web:
SQL injection, upload, xss, code execution, variable overwrite, logic vulnerability, deserialization
Related vulnerabilities of web middleware:
Web database vulnerability:
Web system layer vulnerability:
Other third-party corresponding vulnerabilities:
APP or PC application combination category: Authorization detection: Open the website ---The website has many functions and many vulnerabilities ---The monitoring network-PC-analysis client (the data core is in the client) Illegal APP may not have a website - Reverse website ----The website attack and defense obtain data in the APP

Data encapsulation understanding

Data encapsulation understanding: Open the website, connect to the website server, showdatabase ---- use user name ---show tables—select * from user__----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
APP member login operation = web page login operation---send data to database-restore to web-analyze data

practise:

  1. Domain name query (added to resolve to use domain name) layer
  2. DNS resolution and modification analysis (local or service) Open – Generate backdoor address-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    Xiaoyao emulator----Modify the proxy server host name (network line: IP address where traffic passes), (command prompt—ipconfig—-------Ethernet adapter iPv4 address—-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  3. EXE backdoor function and hazards and similar web backdoors
  4. APP combines web protocol, PC combines web protocol

softwaredownload:

  2. /soft/
  3. /quaser/QuasarRAT/re
  4. /s/13_i1ExwEaA59GfMt1Rp0Hg Extraction code: 0b7b