laitimes

Web Security Summary

author:AILX10

Recently, I am going to spend a little time, reorganize my technology stack, I can't let the experiments I did before, I have forgotten it, I recently interviewed several AI security interdisciplinary researchers, and the model of multi-field flowering is indeed very innovative and eye-catching, but I found that some CTF award-winning job seekers, obviously less than 2 years have passed, and they don't remember what they have done at all, leaving only the resume on the previous information security capture the flag competition x prize, as an ordinary person, it is indeed a very difficult thing to make achievements in the cross-field, and I can finally empathize with it at this time。

Web Security Summary

AILX10

Excellent answerer in cybersecurity

Master's in Cybersecurity

Go to consult

Manual SQL injection: error injection, Boolean injection, Union injection, and blind betting

Automatic SQL injection: The use of SQLMap

  • ailx10:萌新の入:Web Security Lab Class-4(sql injection)
  • ailx10: [Web-CST CTF] Web-CTF Beginner Day 3
  • ailx10: [Web-CST CTF] Web-CTF Introductory Day 6
  • ailx10:sqlmap探瓜001
  • ailx10: Step-by-step to learn SQLMAP
  • ailx10: Getting Started with SQLMap: Infiltrating the Range
Web Security Summary

Manual XSS injection: reflective and storage pop-ups

Automatic XSS injection: The use of the BeEF framework

  • ailx10:萌新の入:Web Security Lab Class-2(xss & csrf)
  • ailx10:【前端黑客】XSS入门
  • ailx10: Reflective XSS
Web Security Summary

BurpSuite fiddler (agent intercepts packets)

  • ailx10:手把手带你学习BurpSuite
  • ailx10:手机抓包改包神器Fiddler简介

Online brute-force attack on Hydra Medisa (Weak password brute-force attack successful)

  • Get started with web security

Offline brute-force attack fcrackzip join (Weak password brute-force attack successful)

  • ailx10: ZIP encrypted file cracker: introduction to fcrackzip
  • ailx10:ZIP加密文件破解:john简介

Denial of Service LOIC AnonymousDoser Slowloris rudy (Test Single Point of Denial of Service)

  • ailx10: LOIC low-orbit ion denial of service attack
  • ailx10: Rudy slow HTTP denial of service attack
  • ailx10: DDoS Testing Tool Research-1

漏扫 AWVS nessus nikto zgrab (测试漏洞扫描工具)

  • ailx10: AWVS13 out-of-the-box experience
  • ailx10: Nessus Missed Scan Software Installation
  • ailx10: Introduction to Nikto vulnerability scanning tools
  • AILx10: A simple application of ZGRAB scanning artifact

Webshell Chinese Kitchen Knife Ant Sword (Test Connection Webshell)

  • ailx10: PHP semantic engine design
  • AILx10: Webshell Ant Sword User Experience

蜜罐 HFish Glastopf (搭建蜜罐)

  • ailx10: HFish open-source honeypot framework system
  • ailx10:手把手搭建Web蜜罐Glass Pot
Web Security Summary

In the end, I also tried it gently, and a little achievement in the hole mining slowly refueled~

Submit one vulnerability on the Sky Patching Vulnerability platform:

  • XSS vulnerability in a Zhihu community: QTVA-2018-867959 (Medium Risk)

Submit 2 vulnerabilities on the vulnerability box platform:

  • 合肥 乡倁-H3C 弱口令 可 导致断网:vulbox-2019-0200423(Song危)
  • Remote Desktop Protocol RDP Access Denied Vulnerability (MS12-020): vulbox-2019-0191084 (high-risk)

Read on