After twists and turns, I finally found the method of SRC vulnerability mining [recommended collection]

0x01 information gathering

Google Hack Practical grammar

Quickly find information leaks 、 Manage vulnerabilities such as background exposure , for example ：

filetype:txt  Sign in 
filetype:xls  Sign in 
filetype:doc  Sign in 
intitle: Background management 
intitle:login
intitle: Background management   inurl:admin
intitle:index of /

Find the specified web site , Plus site:http://example.com, for example ：

site:example.com filetype:txt  Sign in 
site:example.com intitle: Background management 
site:example.com admin
site:example.com login
site:example.com system
site:example.com  management 
site:example.com  Sign in 
site:example.com  Inside 
site:example.com  System 

Keywords can be adjusted according to the actual situation , recommend Google、Bing, If the search content is deleted , Web page snapshots are generally still recorded .

Shodan、fofa Network asset search engine

Shodan、fofa、zoomeye、360quake And other network asset search engines can be used to search online devices in cyberspace , Very powerful , Equivalent to network security google：

Especially now support icon Icon 、logo Search for , That's a convenient ratio

For example, for someone IP Search for information , Click on view raw data：

find data.0.http.favicon.data Field ：

Search for the corresponding value to search by enterprise logo Query assets ：

http.favicon.hash:-1507567067

Recommended installation shodan chrome plug-in unit , Easy to view and use ：

https://chrome.google.com/webstore/detail/shodan/jjalcfnidlmpjhdfepjhjbhnhkbgleap

fofa It is a domestic cyberspace asset search engine , And shodan similar , Common search syntax ：

title="abc"  Search for... From the title abc. example ： There's a website in Beijing in the title 
header="abc"  from http Search in the head abc. example ：jboss The server 
body="abc"  from html Search the text for abc. example ： The text contains Hacked by
domain="qq.com"  Search the root domain with qq.com Website . example ：  The root domain name is qq.com Website 
host=".gov.cn"  from url Mid search .gov.cn, Pay attention to search with host As name . example ：  Government website ,  Education website 
port="443"  Find corresponding 443 Port assets . example ：  Find corresponding 443 Port assets 
...

Practical query statement ：

body=" key word 1" && country=CN&&title=" key word 2"

It can quickly locate the website information you want to search in China .

Subdomain collection

Recommend several easy-to-use tools ：

JSFinder

At the JS In file , There will be various contents that are helpful to the test ,JSFinder Can help us get JS Medium url And subdomain information , Expand our penetration . Crawling is divided into ordinary crawling and deep crawling , Deep crawling will go deep into the next page JS, It's going to take longer , The process is as follows ：

Sublist3r

Sublist3r It's a python Version tools , Its design principle is based on the use of search engines , So as to list the sub domain names of the station .Sublist3r The following search engines are currently supported ：Google, Yahoo, Bing, Baidu and Ask, More search engines will be supported in the future . at present ,Sublist3r Also through Netcraft as well as DNSdumpster Get subdomains .

Yun Xi

Yunxi can collect subdomain names online 、ip paragraph 、CMS Fingerprints and other information

0x02 WeChat official account capture skills

The WeChat official account can greatly widen our testing range. , Links to official account can be copied directly into browser. , Then, it shall be carried out according to the conventional penetration test method , But some links are copied to the browser , The picture below will appear

In this case , You can catch wechat packets through Android simulator 、 Real machine wechat packet capture solution , But they are relatively inconvenient , Share with you through SocksCap64 Directly grasp wechat PC End flow method .

SocksCap64 Is a very powerful proxy client , Support http/https、socks4/5、TCP、UDP Such agreement , It is often used in Intranet penetration , You can also use him to represent wechat PC Client traffic , And forward the traffic to burp in , You can perform packet capture analysis .

First of all, it's in burp Set monitor in ：

And then in SocksCap64 Set the proxy server as burp The address and port of , Agency mode HTTP：

Test it , The success of ：

And then use it SocksCap64 Start wechat ：

You can successfully catch wechat PC End flow ：

0x03 Login interface ideas

0x04 SMS & Mail bombing bypass

During website testing , The mobile phone number often appears when the user registers and logs in / Email registration , Text messages may appear here & Mail explosion vulnerability , Such vulnerability testing is convenient , Although some sites are protected , But there are some ways around it .

Here is a collection of some popular websites that receive short messages temporarily , Convenient for testing ：

https://www.pdflibr.com/

http://www.z-sms.com/

https://www.receive-sms-online.info/

[ At home ] http://www.smszk.com/

[ Abroad ] http://receive-sms-online.com/

[ Abroad ] https://smsnumbersonline.com/

[ Abroad ] https://www.freeonlinephone.org/

[ Abroad ] https://sms-online.co/receive-free-sms

Mobile number in app / When mailbox and verification code are used as user login credentials , Generally, the website function points involved mainly include ：

Account registration User identity verification when setting password for the first time To login Reset password Bind the phone / mailbox Modify bound mobile phone / mailbox Free trial / Activity collection / Feedback Department …

Common test and bypass methods ：

0x05 Logical loopholes

With the increasing security awareness of developers ,IPS/IDS、WAF、 Continuous deployment of full flow detection and other protective equipment , Conventional SQL Inject holes 、 Vulnerabilities such as command execution are becoming less and less , Or it's getting harder and harder to dig （ Need to bypass various defense devices ）. But business logic vulnerabilities can almost bypass All traditional safety protection equipment , At present, there is no very effective defense means . meanwhile , Business logic is complex , Even the most experienced programmer may dig a hole , So as long as the foundation is solid , Strong logical thinking ability , Patient and careful , Don't let go of any step , Such loopholes are easy to dig .

1、 Unauthorized modification of returned package

scene 1： Change the phone number

The general modification logic is ： Certified original mobile phone number -> Fill in the new mobile phone number -> Commit changes

If you are in the next step , Failed to verify whether the previous authentication is successful , There will be logical defects . For example, when authenticating the original mobile phone number in the first step , Now that we've landed successfully , take response Modify the relevant fields in the package , such as 0 Change to 1,false Change to true, You can bypass the first step of verification , Enter the interface of filling in new mobile phone number , If the result of step 1 is not verified when submitting the modification in step 3 , Will cause logical loopholes .

scene 2： Login bypass

The authentication of some websites is put on the front end , So just put response Modify the relevant fields in the package , such as 0 Change to 1,false Change to true, You can log in to any user account .

2、 The level is beyond authority

scene 1： Traverse ID In some requests ,GET or POST There are obvious id Digital parameters （ cell-phone number 、 Employee number 、 Bill number 、 Bank card number 、 Order number, etc ）, You can try traversal , If the program does not judge the current permission , There will be the problem of horizontal ultra vires .

scene 2：ID Replace If the program changes the user ID hash Or encryption , And can't crack what encryption method is used , You can't go through traversal ID To get other user information . You can try to register two accounts at this time , By replacing two ID Encrypted value , Determine whether the program has verified the permission , without , There will also be ultra vires .

3、 Vertical ultra vires

Observe cookie Medium session Field , Guess modification , Find out ： level=1： admin level=2： vip user level=3： normal user

Safety suggestion ：

One 、 Method for preventing virus or Trojan horse attack ：

1． Install antivirus software for your computer , Periodic scanning system 、 Kill the virus ;

2． Update virus database in time 、 Update system patches ;

3． When downloading software, try to go to the official website or large software download website , Antivirus before installing or opening software or files of unknown origin ;

4． Don't open unknown Web links at will , Especially links to bad websites , Strangers pass QQ When you send yourself a link , Try not to open ;

5． Do not casually receive files from strangers when using network communication tools , If received, it can be cancelled “ Hide known file type extensions “ Function to view file types ;

6． Strengthen permission management for public disk space , Check and kill the virus regularly ;

7． Check with anti-virus software before opening the mobile memory , A file named autorun.inf Folder （ Preventable U Disk virus startup ）;

8． When it is necessary to download data from public networks such as the Internet and transfer it to intranet computers , Realize transfer storage by burning cd ;

9． Password shall be set for each account of the computer system , Delete or disable expired accounts in time ;

10． Regular backup , It can be repaired quickly when it is seriously damaged by the virus .

Two 、 The prevention of QQ、 WeChat 、 Methods of account theft on social platforms such as microblog

1． Try not to have the same account and password , Change your password regularly , Increase password complexity , Don't use birthday directly 、 Phone number 、 The number of personal information such as certificate number is used as the password ;

2． Passwords should be in uppercase and lowercase letters as much as possible 、 A mixture of numbers and other characters , Increase the length of the password appropriately and change it frequently ;

3． Network applications for different purposes , Different user names and passwords should be set ;

4． Restart the machine before using the computer in the Internet cafe , Beware of being peeked when entering the account password ; To prevent the account from being intercepted , You can enter some account names first 、 Partial password , Then enter the remaining account names 、 password ;

5． When involving online transactions , Pay attention to confirm with the trading partner by telephone .

3、 ... and 、 Precautions for safe use of e-mail

1． Don't click on links in unknown emails 、 Pictures and documents ;

2． When using the email address as the user name registered for the website , You should set a website password that is different from the original mailbox login password ;

3． If there is an initial password , Password should be changed ;

4． Set the prompt for retrieving the password appropriately ;

5． When receiving information related to personal information and money （ If you win 、 Fund raising, etc ） Be vigilant when sending emails .

Four 、 Phishing website prevention methods

1． Verify the authenticity of the website qualification by querying the website filing information ;

2． Install security software ;

3． Be wary of winning 、 Notification email for modifying online banking password 、 SMS , Don't lightly click on unverified unfamiliar links ;

4． Don't be in an Internet cafe 、 Log in personal account or conduct financial business on public computers such as hotels .

5、 ... and 、 Prevent information leakage of social networking sites

1． Use the security and privacy settings of social networking sites to protect sensitive information ;

2． Don't click on unverified links easily ;

3． Carefully publish personal information on social networking sites ;

4． Register according to your own needs for the website .

6、 ... and 、 Methods of preventing personal information disclosure

1. Handle personal sensitive information in physical or logical areas with high security level ;

2. Sensitive personal information needs to be encrypted ;

3. Don't use U Disk storage interactive personal sensitive information ;

4. Try not to save or process personal sensitive information on Internet accessible devices ;

5. Transfer personal information only to legitimate recipients ;

6. Prevent personal sensitive information from being stolen when it needs to be taken out of the company 、 The loss of ;

7. Encrypt email when sending , And be careful not to send it wrong ;

8. When sending a parcel, choose a reliable mailing company , And ask for a receipt ;

9. Avoid fax error sending ;

10. Paper materials shall be destroyed by paper shredder ;

11. Discarded discs 、U disc 、 Computers should be degaussed or completely destroyed .

7、 ... and 、 Methods of preventing fake websites

1. Directly enter the URL of the website to log in , Do not enter through other links ;

2. After logging in the website, check whether the registered website is consistent with the official website ;

3. Log in to the official website to identify the authenticity ;

4. Install protection software , Update system patches in time ;

5. When mail is received 、 SMS 、 Telephone, etc. require to change the password to the specified web page , Or notify the winner and ask to pay taxes before receiving the bonus 、 Postage, etc , Be on your guard .

8、 ... and 、 Methods of protecting online shopping security

1. Verify the authenticity of website qualification and website contact information , Try to shop in the famous and authoritative online mall ;

2. Try to trade through the online third-party payment platform , Do not deal directly with the seller privately ;

3. Pay attention to the reputation of merchants when shopping 、 Evaluation and contact information ;

4． After the transaction is completed, the transaction order and other information shall be completely saved ;

5. When filling in payment information , Be sure to check the authenticity of the payment website ;

6. Pay attention to personal privacy , Direct use of personal bank account 、 Be careful when using sensitive information such as passwords and ID numbers ;

7. Don't trust online advertising at low prices , Don't click on unverified unfamiliar links .

Nine 、 Methods of preventing network MLM

1. In the face of relevant Entrepreneurship 、 When investing in a project , Carefully study its business model . Whatever the banner , If the project does not create any wealth , But he promised to join the club as long as he paid , Development personnel can get “ Return ”, Please be alert .

2. Overcome greed , Don't fantasize “ Get rich overnight ”. If you participate with luck , You'll end up with nothing 、 dissipate one's fortune , Even on the road to crime .

Ten 、 The safe use WI-Fi Methods

1. Don't see free WI-Fi Just use , Use reliable WI-Fi Access point , Turn off the automatic wireless network connection function of devices such as mobile phones and tablets , Open only when required ;

2. Beware of fishing traps set by free wireless signals in public places for criminals , In particular, some and public places have been opened WI-Fi Signal with the same name . When using unfamiliar wireless networks in public places , Try not to make bank transfers and payments related to funds ;

3. Modify the default administrator user and password of the wireless router , Set the password of your home wireless router more complex , And use strong password , Preferably letters 、 Combination of numbers and special symbols ;

4. When not in use , Turn off the wireless router .

11、 ... and 、 Methods to ensure the safety of using smart phones

1. Setting the access password for the mobile phone is the first line of defense to protect the security of the mobile phone , In case the smartphone is lost , Criminals may have access to address books 、 Documents and other important information ;

2. Don't easily open the links and files sent by strangers through their mobile phones ;

3． Set lock screen password for mobile phone , And take your mobile phone with you ;

4. stay QQ、 Turn off the geolocation function in wechat and other applications , And turn on Bluetooth only when needed ;

5． Often backup mobile phone data ;

6． Install safety protection software , And often scan the mobile phone system ;

7． Download mobile application software from authoritative websites , And carefully select relevant permissions during installation ;

8. Don't try to crack your phone , To ensure the security of the application .

Twelve 、 Method for protecting mobile payment security

It is recommended that the mobile payment client be bound to the mobile phone , Using digital certificates , Open real name authentication ;

It is best to download the mobile payment client and online mall application from the official website ;

Before using mobile payment service , Install security plug-ins on your phone as required ;

Login mobile payment application 、 Online mall , Don't choose “ Forget the password ” Options ;

Check the mobile task manager frequently , Check whether there are malicious programs running in the background , And regularly use the mobile phone security system software to scan the mobile phone system ;

For whatever reason, you are required to put money into a stranger's account 、 All acts of security accounts are crimes of fraud . Don't be fooled ！

13、 ... and 、 Identification method of network fraud type

1． utilize QQ Number theft and online game transactions , Posing as a friend to borrow money ;

2． Online shopping scam , Collect deposit to cheat money ;

3． Online winning fraud , It means that criminals use communication software to communicate to the Internet at will QQ user 、 mailbox user 、 Online game users 、 Taobao users publish winning tips ;

4．“ phishing ” fraud , Use deceptive e-mail and forged Internet sites for fraud , Obtain the financial information of the cheated and steal funds ;

fourteen 、 Prevent network fraud 、 Harmful information method

1． Report similar rumors in time ;

2． Don't make a rumor , Don't believe in rumors , Don't tale ;

3． Pay attention to identifying the source and reliability of information , To obtain information through a website certified by a third-party trusted website ;

4． Be careful “ get rich ”“ Popularizing science ”, Teach “ New technology ” And so on ;