当前位置:网站首页>What is web penetration testing_ Infiltration practice
What is web penetration testing_ Infiltration practice
2022-07-06 23:59:00 【Java architects must see】
Learn a whole set of web Penetration test experiment is very helpful for future testing , So I write down the realization in the learning environment , Provide experience in testing the entire website .
Purpose : (1) Learn how hackers invade websites through vulnerabilities , And obtain server permissions ; (2) Learn the whole process of penetration testing principle : Hackers exploit the injection vulnerability of the website , Then get the administrator account and password to go into the background , Through database backup , Get webshell; Then the hacker logs in shell, adopt 2003 The right of the server exp Take down the permissions of the server .
1. Check website security
Enter the test website http://192.168.1.3 Interface
Looking for loopholes , Let's scan with software first , Then find the link to test , Open in browser http://192.168.1.3/see.asp?ID=461&titleID=86 This link
Add ‘ , Page error reporting
It can be seen from the above figure that the database error interface is directly prompted , Judge that there may be injection vulnerabilities . We type in the browser http://192.168.1.3/see.asp?ID=461&titleID=86 and 1=
Let's enter in the browser http://192.168.1.3/see.asp?ID=461&titleID=86 and 1=2
Return to error page , Enter at the end of the link and 1=1 and and 1=2 Returning to the page is different , From this we can judge the existence of this site SQL Inject holes .
2. Use the tool to activate the successful tutorial administrator user 、 password
Open it D Injection tool
Put the existing injection point URL Copy to D In the injection tool , Choose the one on the left SQL Injection detection , Click detection , At the bottom of the database, we will be prompted about the type of database
Click the detection table segment , It is to detect all table names in the database
We click admin surface , Then click the detection field
choice password and admin Field , Then click the detection content , If the field content is exposed, the user name and password of the successful tutorial will be activated
3. Use the tool to activate the successful tutorial MD5 password
The password we got is MD5 Encrypted , We go through MD5 Activate the success tutorial software to activate the success tutorial
thus , We get the account password of the website administrator as linhai 123456
4. Log in to the website management background
We use software to detect the background of website management , Open Yujian background scanning tool
Put the website URL http://192.168.1.3 Input in the tool , Click to start scanning
Through the scanning results , We guess that the background login URL by http://192.168.1.3/admin/Login.asp
Use the administrator account to activate the successful tutorial linhai And password 123456 Successfully logged into the background
5. Get the website webshell
We enter the website management background , We need to get webshell, In this example, open system management first , Choose article management , Open the upload map
We upload directly asp Try the Trojan horse
We changed the suffix of the Trojan horse to mm.jpg
After successful upload , Right click photo properties , Take a look at the location of its upload and record it ,http://192.168.1.3/admin/Upfiles/201873091139.jpg
After we upload successfully , Because what you upload is pictures , It cannot be parsed into Trojan script , It happens that our website has the function of backing up the database , We can backup data , Rename the script file , Enable it to be executed as a Trojan script . We click data management on the left , Choose backup / Recover database
In the backup database , After the database path , Fill in the address of the picture we just uploaded :../admin/Upfiles/201873091139.jpg; Fill in after the backup database path ../db/1.aspx. The purpose of this is to upload our jpg Suffix Trojan horse , Back up as aspx file , Make our Trojan horse run normally .
After we click backup , visit http://192.168.1.3/db/1.aspx It's our Trojan horse address , The password of the Trojan horse is 77169, thus , We got the website webshell
6. Get the server permissions
Get into webshell after , We need to implement dos Command to add an administrator . Click on webshell The upper command line , Enter the execute command mode
Trying to perform whoami command , Check our permissions
We found that network service jurisdiction , You cannot directly add an administrator account under this permission , When we add accounts , Echo is blank , Prove that we can't add users
Click port scan , Then click Scan , Found the system open 43958 port , namely server-u service
Click on SU Raise the right , stay cmdshell Enter command in net user aaa 123456 /add, Then click execute
stay cmdshell Enter command in net localgroup administrators aaa /add, Then click execute
stay cmdshell Enter command in net user, Then click execute , see aaa Whether the user is successfully added
stay cmdshell Enter command in net user aaa, Then click execute , see aaa The user belongs to administrators User group
Click Start -> function ->mstsc->192.168.1.3-> Enter account aaa And password 123456, Click login
That's the end of today's article , Thank you for reading ,Java Architects must see I wish you a promotion and a raise , Good luck every year .
边栏推荐
- 【212】php发送post请求有哪三种方法
- Pinia module division
- 【CVPR 2022】半监督目标检测:Dense Learning based Semi-Supervised Object Detection
- DAY FOUR
- [OFDM communication] OFDM system signal detection based on deep learning with matlab code
- Gradle知識概括
- Huawei mate8 battery price_ Huawei mate8 charges very slowly after replacing the battery
- 【CVPR 2022】目标检测SOTA:DINO: DETR with Improved DeNoising Anchor Boxes for End-to-End Object Detection
- What is a responsive object? How to create a responsive object?
- How to find out if the U disk file of the computer reinstallation system is hidden
猜你喜欢
Yaduo Sangu IPO
MVC and MVVM
Newsletter L Huobi ventures is in-depth contact with genesis public chain
从外企离开,我才知道什么叫尊重跟合规…
I've been laid off, and I'll lose money for everything. The days when I once made a monthly salary of 20000 are not coming back
Gold three silver four, don't change jobs
The programmer refused the offer because of low salary, HR became angry and netizens exploded
Automatic test tool katalon (WEB) test operation instructions
刘永鑫报告|微生物组数据分析与科学传播(晚7点半)
DAY TWO
随机推荐
DAY ONE
谁说新消费品牌大溃败?背后有人赢麻了
Automatic test tool katalon (WEB) test operation instructions
The programmer refused the offer because of low salary, HR became angry and netizens exploded
刘永鑫报告|微生物组数据分析与科学传播(晚7点半)
Use source code compilation to install postgresql13.3 database
[unmanned aerial vehicle] multi unmanned cooperative task allocation program platform, including Matlab code
《LaTex》LaTex数学公式简介「建议收藏」
SuperSocket 1.6 创建一个简易的报文长度在头部的Socket服务器
How to find out if the U disk file of the computer reinstallation system is hidden
openresty ngx_lua子请求
Unity color palette | color palette | stepless color change function
The "white paper on the panorama of the digital economy" has been released with great emphasis on the digitalization of insurance
Use Yum or up2date to install the postgresql13.3 database
17、 MySQL - high availability + read / write separation + gtid + semi synchronous master-slave replication cluster
app通用功能測試用例
编译logisim
The best sister won the big factory offer of 8 test posts at one go, which made me very proud
DAY SIX
DAY SIX