(3) Web security | penetration testing | basic knowledge of network security construction, IIS website construction, EXE backdoor generation tool quasar, basic use of

First, learn to use IIS Build a website

(6 Bar message ) windows In the open IIS function , And use IIS To build web The server , And provide test source code , Verify whether the setup is successful _ Black zone ( The rise of ) The blog of -CSDN Blog https://blog.csdn.net/qq_53079406/article/details/122901947?spm=1001.2014.3001.5501

Common build platform scripts are enabled

ASP,PHP,ASPX,JSP,PY,JAVAWEB Such as the environment

domain name IP Directory resolution security issues

① adopt IP Address access can find more information , Sometimes you can find program source code backup files and sensitive information

② Domain name access can only find all files in one folder ,ip Access is the upper level of domain name access .

③ Support when building the website IP Access and domain name access , Domain name access points to a directory ,IP Access points to the root directory .

Common file suffix resolution corresponds to security

Specifies that the suffix corresponds to a file , If you encounter a file that cannot be parsed when accessing the website, the middleware may default or add some settings, resulting in problems in parsing .

Set print processing specific program requests

Safety protection in common safety tests

Internal websites of schools and enterprises , Will restrict external access to internal websites , Limit IP Address , Regulate the permissions of visitors . Authentication and access control , User based restrictions , Limit IP Address access , Authorized access - Only specified IP The address can be accessed . Access denied - Appoint IP Address denied access .

WEB Back door and user and file permissions

exe Back door generation tool Quasar

link ：https://pan.baidu.com/s/15XpECQY8SKJwIBxsTy_F3Q 
Extraction code ：hj12

Usage method ：

(6 Bar message ) EXE Back door generation tool Quasar Configuration and simple usage _ Black zone ( The rise of ) The blog of -CSDN Blog https://blog.csdn.net/qq_53079406/article/details/122905870?spm=1001.2014.3001.5501

Folder settings related permissions , Disable guest user permissions , Cause the connected back door to see nothing , It's a protective skill , It is also a common problem in security testing

Brief identification based on middleware

The data packet returned by fetching , Query the platform information

service:nginx/1.8.0

web Summary of common middleware vulnerabilities

link ：https://pan.baidu.com/s/1NKejdCI_UY8syRIDfVZwEg 
Extraction code ：hj12