Hackers will make these preparations before attacking!

Others 2023-07-15 17:33:55 views: null

General attack process:

Define the target→information collection→vulnerability detection→vulnerability verification→information analysis→obtain the required

1. Clear goals:

  • Confirm the scope: the scope of the test target, IP, domain name, internal and external network.
  • Confirmation rules: to what extent can be penetrated, time, whether to escalate rights, etc.
  • Confirmation requirements: Vulnerabilities in WEB applications (new online programs)? Business logic loopholes (for business)? Vulnerabilities in personnel authority management (for personnel, authority)? Wait, it needs to be three-dimensional and omni-directional.

2. Information collection:

  • Method: active scanning, open search: use search engines to obtain background, unauthorized pages, sensitive URLs, etc.
  • Basic information: real IP, network segment, domain name, port.
  • System Information: The version of the operating system.
  • Application information: the application of each port, such as WEB application, mail application, etc.
  • Version info: Versions of all these probes.
  • Personnel information: domain name registrant information, id of website poster in WEB application, name of administrator, etc.
  • Protective Information: Try to see if protective equipment can be detected.

3. Vulnerability detection:

  • Method: Use missing scan, for example: AWVS, IBM appscan, etc.
  • Combined with vulnerabilities, go to websites such as exploit-db to find exploits.
  • Look for verification pocs online.
  • Content: System Vulnerabilities: The system was not patched in time.
  • Websever vulnerability: Websever configuration problem.
  • Web Application Vulnerabilities: Web Application Development Issues.
  • Other Port Service Vulnerabilities
  • Communication safety

4. Vulnerability verification:

  • Automated Validation: Combines results from automated scanning tools.
  • Manual Validation: Validate against public sources.
  • Test verification: Build a simulation environment for verification.
  • Login guessing: Sometimes you can try to guess the login account password and other information.
  • Business vulnerability verification: If a business vulnerability is found, it must be verified.

5. Information analysis:

  • Precise strike: Prepare the exploit of the vulnerability detected in the previous step for precise strike.
  • Bypassing the defense mechanism: whether there are firewalls and other devices, and how to bypass them.
  • Customized attack path: the best tool path, based on weak entrances, high intranet authority locations, and final goals.
  • Bypass detection mechanism: whether there is a detection mechanism, traffic monitoring, anti-virus software, malicious code detection, etc. (anti-kill).
  • Attack code: code obtained through experiments, including but not limited to xss code, sql injection statement, etc.

6. Get what you need:

  • Implement the attack: carry out the attack according to the results of the previous steps.
  • Get internal information: infrastructure (network connections, routing, topology, etc.).
  • Further penetration: intranet intrusion, sensitive targets.
  • Persistent existence: Generally, we do not need to infiltrate customers. Rootkit, backdoor, add management account, etc.
  • Clean up traces: clean up related logs (access, operation), upload files, etc.

I also helped you sort out the tools you need to use in the entire attack process, and integrated excellent open source offensive and defensive weapon projects on the entire network, including:

  • Information collection tools (automated exploitation tools, asset discovery tools, directory scanning tools, subdomain name collection tools, fingerprinting tools, port scanning tools, various plug-ins...etc...)
  • Vulnerability utilization tools (major CMS utilization tools, middleware utilization tools, etc....)
  • Intranet penetration tools (tunnel proxy, password extraction...)
  • Emergency Response Tools
  • Party A's operation and maintenance tool
  • And other security attack and defense data sorting, for the use of both attack and defense.
Important reminder: The tools of this project come from the Internet, please check whether it contains Trojan horses and backdoors! ! Hvv is coming, please be vigilant! ! !

Due to space limitations, I can't show them all. If you need it, you can tell me in the comment area!

Guess you like

Origin blog.csdn.net/2301_77732591/article/details/130781194
Recommended
Ranking
element
The difference and advantages of video interview and traditional interview
Title【2002】
【Python pypinyin】--2019-08-06 16:16:55
docker pull image error: ‘invalid checksum digest format‘
ubuntu system: Install python on ubuntu22.04 and set system environment variables
October self-examination is the end and the beginning
Reptile error occurs gbk
The realization of the string function
--- CSS --- beautify the front page elements
Daily
More
2024-08-31(0)
2024-08-30(0)
2024-08-29(0)
2024-08-28(0)
2024-08-27(0)
2024-08-26(0)
2024-08-25(0)
2024-08-24(0)
2024-08-23(0)
2024-08-22(0)

Code World

© 2018 codetd.com