Day 6: Web Architecture & Domain Name & Language & Middleware & Database & System & Source Code Acquisition

Tip: After the article is finished, the directory can be automatically generated. How to generate it can refer to the help document on the right

Operating system level

• Common ways to identify operating systems
  Websites through websites or scan tools have no impact on uppercase and uppercase cases, and are generally judged as Windows system
• You can also use TTL to determine the operating system category
• Availablenmap -o ipAddress to determine the operating system

Briefly describe the difference between the two and the significance of identification

• The applicability of network path, upper case, and file type between two systems. When determining which operating system is, starts from the vulnerability supported by the operating system.

Corresponding significance of vulnerability types at the operating system level

• SQL injection vulnerability
  It is a security vulnerability that occurs at the database level. It is widely used to illegally obtain control of the website. It ignores the check of the input characters with SQL statements and is executed as a normal SQL command, resulting in the database being attacked, the database is added, deleted, modified and checked, and the backdoor loading.

• Cross-site scripting vulnerability
  xss occurs on the client, used to obtain private information, phish websites, and spread malicious attack code. Although xss is not harmful to the server, it can use the website to spread it, which can cause user information under the server to leak. This leads to the stolen website user accounts, which also causes serious harm to the website.

• Weak password loophole
  It is easy to be recognized by others. Weak passwords (weak passwords) do not have strict and accurate definitions. The passwords that are guessed or cracked by cracking tools are all weak passwords. Setting up a password usually follows the following principles:

• HTTP header tracking vulnerability
  It is mainly used by the client to test or obtain diagnostic information by submitting a TRACE request to the web server. When TRACE is enabled on the web server, the submitted request header will be returned in the content of the server response (Body), where the HTTP header is likely to include Session Tokens, Cookies, or other authentication information. Attackers can exploit this vulnerability to trick legitimate users and get their private information. This vulnerability is often used in cooperation with other methods to effectively attack. Since HTTP TRACE requests can be initiated through client browser scripts (such as XMLHttpRequest) and can be accessed through the DOM interface, it is easily exploited by attackers.

• File upload vulnerability
  The file upload vulnerability is mainly caused by the lack of strict filtering of file path variables. If the file upload function implementation code does not strictly limit the file suffix and file type uploaded by users, the attacker can upload any file, including the website backdoor file (webshell) through the directory accessed by the web, and then remotely control the website server. Therefore, during the development of websites and applications, uploaded files need to be strictly restricted and verified, and uploaded malicious code files are prohibited. At the same time, restrict the execution permissions of related directories to prevent webshell attacks.

Database level

Common methods for identifying database types (1) Database classification

     Small Database Access
     Medium Database MySQL

     Large database Oracle, SQL Server

• 1
• 2
• 3
• 4
• 5
• 6

AI writing code

• Identification through website and operating system

ASP+Access，sql server （windows）
PHP+Mysql(linux, windows) Port: 3306

ASPX+Mssql(windows) Port: 1433
     Jsp+Mssql (windows), oracle (linux, windows) port: 1521

• 1
• 2

AI writing code

Notice:
Access and mssql do not support linux operating systems

• Use nmap tool to scan to view port openness

  sql server--------------------------------------------------------------------------------------------------------------------------
    Mysql---------------------------------------------------------------------------------------------------------------------------
  
    Oracle------------------------------------------------------------------------------------------------------------------------------
    Mongodb---------------------------------------------------------------------------------------------------------------------------
  

  • 1
  • 2
  • 3
  • 4
  • 5
  AI writing code

• Database TypeDifference and identification significance

  The security mechanism and internal structure of each database are slightly different, and the vulnerabilities that are generated are also different. Different databases have different attack methods, vulnerability types and impacts.

• Common vulnerabilities and attacks in databases

  Weak password attack: log in to the database through weak password, get the website administrator data information, log in to the website background, and make modifications

• Briefly describe the scope of impact of vulnerabilities at the database level

  Through vulnerabilities, attacks can also obtain relevant permissions of the database and perform a series of operations

Third-party level

Common third partiessoftware：
Jboss, PHPmyadmin, vsftpd, teamview, etc.

• If the website cannot be explored, then perform a port scan
  For example, the judgment of phpmyadmin
• Scan the directory of the website to determine if the website cannot detect it, then scan it through the port. Multi-level judgments cannot be limited to port scanning, and different methods should be adopted according to different applications.
• If nmap cannot be scanned, it may be intercepted by third-party protection software (safety dog) or other methods. It is also possible that the other party’s services are deployed on the intranet.