Daily Content Details
Date: 2020/01/09
learned knowledge today:
Morning:
1. Continue to learn to find loopholes weak passwords, query on fofa on search engines zoomeye and, finally succeeded with a weak password into a website background, but is a dmob website, a bit uncomfortable.
2. Learn how to use Firefox proxy, download a foxyproxy standard that Firefox proxy plug-ins.
3. Learn the virus total through this site detects your own files with the virus did not bring, can also be used to test their own to avoid killing files, URL: https://www.virustotal.com/ .
4. know next station, is a Web site to hang more than one website, there are links between each other, c segment is a segment containing a plurality of different ip addresses. It can be as https://phpinfo.me/bing.php to query link.
Afternoon:
1. Using nmap to scan the site to find information that can be collected using a router scan settings for a port on the ip query more detailed information. nmap command format:
1.-sT ip address: tcp way to scan through, the other port is enabled only when the return value information. When the other party has a firewall blocking the whole package might be filtered out, can not return information.
2.-sS: This is a synchronous packet by sending a SYN, when the other ports open will return SYN / ACK message, the scan is little to be included in the host log information, but it will be blocked by the firewall.
3.-sP: ping command scans carried out, the other host to send ICMP packets, it will respond if the host is running, most host-based firewalls also block the scanning.
4.-sU: udp port of the target host to send data packets udp = 0, if the other party does not return to port unreachable packet is closed, otherwise it is open, of course, this may be a firewall filter.
5.-R: This method is used for various other ports and nmap scanning method of binding. Select all the ports are open, and determine whether they are RPC ports, you can determine the version information.
6.-PA: transmitting ACK confirmation code to the server, the server returns other RTs packet, to confirm the status of the port open.
7.-P: select the port number you want to scan, when to scan all ports nmap default, this parameter can be set to, to save time.
2. Use github tool to download from the site leaked source code, in order to analyze the vulnerability of the site, primarily Download https://github.com/lijiejie/GitHack
3. recognize CDN allows users to quickly access the site and its really differentiation ip, ip address can hide its own website, let others difficult to find its ip address.
Use 4.hao7188 tools for query ip address of the home information it can also be said for the IP address a localization. Address https://www.hao7188.com/
5. Creating a github users can log in, and found the first useful penetration of plug-in it.
6. Use online tools to query fingerprint recognition site is what development, what version, to find the corresponding vulnerability.
7.dirsearch is blasting on the website directory for software, blasting logs are stored in the reports, according to the state code to check whether there are pages to find out if burst error by returning a packet size. The basic syntax is: -u Specifies the url -e designated site language -w can add your own dictionary (belt path) -r recursively run (found in a directory, the directory after repeated run, very slow, not recommended ) 8. for a domain name by blasting Sword background document scanning software, directly enter the domain name can begin scanning, and this feature requires a large dictionary, to find a little better, I did not find it embarrassing. Error summary: nmap scan method forgot to turn off the firewall, filtering has been very embarrassing, and later learned that Baidu forgot to turn off the firewall. Personal summary:
Today's talking about the content or information collection, learned how to use a lot of software to port to the site and back office document scanning, this day still a little harvest, when each major class software did not take long, not too familiar with, by tonight deepened, I believe can still be harvested.