web123456

2024 Cybersecurity Shandong Province Competition-SMB Information Collection Analysis (Intermediate Group)_Use the access tool to the server service access, the contents of the text file of the administrator's desktop in the server as flag

2021network securityShandong Province Sai-SMB Information Collection Analysis

I. Competition time
180 minutes Total 3 hours
II. Competition phase
Competition Stage Task Stage Competition Task Competition Time Points
1. Use brute-force cracking tools to brute-force crack the server information block protocol of the server, the dictionary on the home page of the server's website, and submit the obtained password as fag
2. Use the access tool to access the server service and submit the name of the last shared file viewed as a flag;
3. Use the access tool to access the server service and submit the contents of the text file on the administrator's desktop in the server as a flag;
4. Use the access tool to access the server service and submit the address of DNS2 in the server as a flag;
5. Use the access tool to access the server service and submit the last username in the server as a flag;

III. Contents of the competition mission statement
(i) Topology map
在这里插入图片描述

Mission Environment Statement:
server (computer)Scenario: Server1

How to Teach Yourself Hacking & Cyber Security

Hacking zero-based introductory learning route & planning

rudimentary hacker
1. Theoretical knowledge of network security (2 days)
① Understand the industry-related background, prospects, and determine the direction of development.
② Study laws and regulations related to network security.
(iii) The concept of cybersecurity operations.
④ Introduction to equipoise, equipoise regulations, processes and norms. (Very important)

2. Fundamentals of penetration testing (one week)
① Penetration testing process, classification, standards
② Information gathering techniques: active/passive information gathering, Nmap tool, Google Hacking
③ Vulnerability scanning, vulnerability exploitation, principles, exploitation methods, tools (MSF), bypassing IDS and anti-virus reconnaissance
④ Mainframe attack and defense drills: MS17-010, MS08-067, MS10-046, MS12-20, etc.

3. Operating system fundamentals (one week)
WindowsCommon system functions and commands
②Kali LinuxCommon system functions and commands
③ Operating System Security (System Intrusion Detection/System Hardening Fundamentals)

4. Computer network fundamentals (one week)
① Computer network fundamentals, protocols and architecture
② Network communication principles, OSI model, data forwarding process
③ Common protocol parsing (HTTP, TCP/IP, ARP, etc.)
④ Network Attack Techniques and Network Security Defense Techniques
⑤ Web Vulnerability Principles and Defense: Active/Passive Attacks, DDOS Attacks, CVE Vulnerability Replication

5. Basic database operations (2 days)
①Database Basics
②Basics of SQL language
③Database security hardening

6. Web penetration (1 week)
① HTML, CSS andJavaScriptsynopsis
②OWASP Top10
③Web Vulnerability Scanning Tool
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (chopper, leaky sweep, etc.)
Congratulations, if you learn here, you can basically work in a network security-related jobs, such as penetration testing, Web penetration, security services, security analysis and other positions; if the equipoise module is learned well, you can also be engaged in equipoise engineer. Salary range 6k-15k

At this point in time, about 1 month has passed. You've become a "script kiddie". Do you want to explore further?

If you want to get into the pit of hacking & cybersecurity, the author has prepared a: 282G the network's most complete cybersecurity packet comment section to leave a message to receive!

7. Script programming (beginner/intermediate/advanced)
In the field of network security. Whether or not the ability to program is the essential difference between "script kiddies" and real hackers. In the actual penetration testing process, in the face of the complex and changing network environment, when the commonly used tools can not meet the actual needs of the time, often need to expand the existing tools, or write tools that meet our requirements, automation scripts, this time you need to have a certain degree of programming ability. In the CTF competition where every second counts, it is even more important to have programming skills if you want to efficiently use homemade scripting tools to realize various purposes.

If you zero basis to start, I recommend choosing a scripting language Python/PHP/Go/Java in one of the commonly used libraries for programming to learn; build the development environment and select IDE, PHP environment recommended Wamp and XAMPP, IDE strongly recommended Sublime; -Python ProgrammingLearning, learning content contains: syntax, regular, file, network, multi-threading and other commonly used libraries, recommended "Python Core Programming", do not read the whole ;- use Python to write the vulnerability of the exp,and then write a simple web crawler ;- PHP basic syntax to learn and write a simple blog system; familiar with the MVC architecture, and try to learn a PHP framework or Python framework (optional); - Understand Bootstrap layout or CSS.

8. Super Hacker
This part of the content for students with zero foundation is still relatively distant, so I will not expand the details, attached to the study route.
img

Network Security Engineer Enterprise Learning Track

img
If the image is too large to be compressed by the platform and makes it hard to see, like it in the comments section and leave a comment in the comments section to get it. I will reply.

Video Supporting Materials & Domestic and International Network Security Books, Documents & Tools

In addition to the accompanying videos, of course, various documents and book materials & tools have also been organized for you and have been classified for you.

img
Some video tutorials that the author bought himself and couldn't whittle down on other platforms.
img

Online learning materials a whole lot, but if the knowledge learned is not systematic, when encountering problems only superficial, no longer in-depth study, then it is difficult to do a real technology to improve.

For those who need this systematized information, you can get it by clicking here

A person can go very fast, but a group of people can go farther! Whether you are engaged in the IT industry old bird or newcomers interested in the IT industry, are welcome to join our circle (technical exchanges, learning resources, workplace trolling, large factories push, interview coaching), let us learn and grow together!