[read together] Web penetration attack and defense practice (I)

The first 1 Chapter 3 basic knowledge of vulnerability scanning ：

Vulnerability scanning is a key link in network penetration , Used to discover vulnerabilities in the target server , Let's introduce the basic concepts of vulnerability scanning and analysis .

1.1 Overview of vulnerability scanning, utilization and sharing ：

Network attack and defense confrontation , Get through vulnerability scanning , Directory schema 、 Known vulnerabilities and other information , Perform penetration tests on targets through known vulnerabilities , Combined with personal experience , It is very likely to take the backstage management authority . Therefore, vulnerability scanning, utilization and analysis are very key technologies in attack defense confrontation . Mastering these technologies can quickly improve their own penetration level .

1.1.1 information gathering ：

1. Basic information collection ：

Basic information collection mainly aims to collect all kinds of information , Collect more , The more perfect the penetration plan is , Mainly collect the following information ：

1） Server status

2） The server IP Place of ownership

3） Website information

4） Website protection

2. Port information collection ：

Port information mainly refers to the open ports of the server where the target master station and its sub stations are located , Collect port and service information provided externally .

3. Target website information collection ：

Collect the vulnerability information that has been disclosed by the target through some open vulnerability channels , It is helpful for later scanning and penetration .

1.1.2. Vulnerability scanning ：

Vulnerability scanning is a general concept , General vulnerability scanning refers to scanning the target website through vulnerability scanning tools .

1.1.3. Analysis and utilization of scanning results ：

The analysis and utilization of scanning results are mainly divided into test vulnerabilities 、 Vulnerability analysis 、 Vulnerability reuse and vulnerability utilization summary 4 In terms of .

1.1.4Web Basic concept of vulnerability ：

1. Common vulnerability scoring system

2. General vulnerability disclosure

3.OVAL

4.CWE

5.SCAP

1.1.5 Open online vulnerability testing site ：

1.Acunetix web Vulnerability Scanner Test site ：

1）html5 type ：http://testhtml5.vulnweb.com2)  php type ：http://testphp.vulnweb.com3)  asp type ：http://testasp.vulnweb.com4) aspnet type ：http://testaspnet.vulnweb.com

2. Other site addresses available for testing ：

1）webappsec:http://zero.webappsecurity.com/2)  watchfire:https://demo.testfire.net/

1.2. Introduction to network scanning technology ：

With the rapid development of network technology , It also brings huge network security risks , How to before an attack occurs “ Enemy and know yourself ” Effective prevention , instead of “ Mend the fold after the sheep have been stolen ”, The scanner is “ you can fight a hundred battles with no danger of defeat ” The sharp weapon of .

1.2.1 The basic concept of scanner ：

Scanner is the main means to collect system information , It is an important tool for detecting system security .

1.2.2 Functions of the scanner ：

1） Find a host or network

2） Discover what services the host is running （ For example, open those ports ）

3） By testing these services , Discover its inherent loopholes

1.2.3 How the scanner works ：

The scanner remotely detects the target host TCP/IP Services on different ports , Record goals and give answers

1.2.4 The main technology used by the scanner ：

1) Host scanning technology

2） Port scanning technology

3） System scanning technology

4） Vulnerability scanning technology

5） Script scanning technology

1.2.5 Classification of scanners ：

There are two types ： Host vulnerability scanner （host Scanner) And network distributed vulnerability scanner （Network Scanner).

1.3WAMP Test environment construction ：

1.3.1Wampserver install ：

Click Install Package , Start installing these options in English （English）

Choose me to accept the agreement

Then lift the installation VC Environmental Science , Search online VC The runtime collection can be installed

Select the installation directory

Select the program version you want to install

Click on Install Start installation

The installation process will improve the use of IE As default browser , After installation, you can use .

Follow up the detailed installation tutorial and usage .

1.3.2XAMPP Environment building ：

Click Install Package , Installation

Then enter the installation wizard

Select the program to be installed and the installation path

Then go to the next step until the installation is completed

Follow up the detailed installation tutorial and usage .

1.3.3AppServ Environment building ：

Follow up the detailed installation tutorial and usage .

1.3.4phpStudy Environment building ：

Follow up the detailed installation tutorial and usage .

1.4 build DVWA Vulnerability testing and scanning environment ：

Follow up the detailed installation tutorial and usage .

1.5 build Vulhub Vulnerability testing environment ：

Follow up the detailed installation tutorial and usage .

The introduction of this chapter ends , Follow up update slowly .