Bug bounty学习笔记20230213-0216(searching for Target)

news2024/12/26 22:38:53
  1. www.bugcrowd.com
    Bug bounty program website

  2. 寻找email address
    Hunter.io
    Phonebook.cz
    www.voilanorbert.com
    – clearbit connect 在chrome里使用

Tools.verifyemailaddress.io
Email-checker.net/validate

确定邮箱地址是不是真的

  1. Dehashed.com
    Search for personal information

  2. Builtwith.com

  3. Wappalyzer to Firefox
    Whatweb in Linux

  4. Sublist3r

  5. Burp suite
    Setup in Firefox

  6. Kioptrix level 1

  7. nikto

  8. dirbuster

  9. Smbclient – is to connect fileshare

  10. SSH
    在这里插入图片描述
    Try to make the connection but failed

The Secure Shell Protocol is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based on a client–server architecture, connecting an SSH client instance with an SSH server.

the apache http server is a free and open-source cross-platform web server software, released under the terms of apache license 2.0. apache is developed and maintained by an open community of developers under the auspices of the apache software foundation

What does SSL mean?
Secure Sockets LayerSecure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook).

The Server Message Block (SMB) protocol is the standard DOS and Windows approach to network file and printer sharing. SMB is a client/server protocol that provides a mechanism for clients to access server filesystems (as well as printers and other

  1. Digging into the information to search for the vulnerability

  2. Making notes

在这里插入图片描述
在这里插入图片描述

  1. Nessus – vulnerability scanner

  2. 在这里插入图片描述

What Is a Reverse Shell?

Reverse Shell
A reverse shell or connect-back is a setup, where the attacker must first start the server on his machine, while the target machine will have to act as a client that connects to the server served by the attacker.
After the successful connection, the attacker can gain access to the shell of the target computer.To launch a Reverse shell, the attacker doesn’t need to know the IP address of the victim to access the target computer.

A reverse shell, also known as a remote shell or “connect-back shell,” takes advantage of the target system’s vulnerabilities to initiate a shell session and then access the victim’s computer.
The goal is to connect to a remote computer and redirect the input and output connections of the target system’s shell so the attacker can access it remotely.
Reverse shells allow attackers to open ports to the target machines, forcing communication and enabling a complete takeover of the target machine. Therefore it is a severe security threat. This method is also commonly used in penetration tests.

How Does a Reverse Shell Work?
In a standard remote shell attack, attackers connect a machine they control to the target’s remote network host, requesting a shell session. This tactic is known as a bind shell.

Attackers can use a reverse shell if a remote host is not publicly accessible (i.e., due to firewall protection or a non-public IP). The target machine initiates the outgoing connection in a reverse shell attack and establishes the shell session with the listening network host.

For hosts protected by a network address translation (NAT), a reverse shell may be necessary for performing maintenance remotely. Although there are legitimate uses for reverse shells, cybercriminals also use them to penetrate protected hosts and perform operating system commands. Reverse shells allow attackers to bypass network security mechanisms like firewalls.

Attackers can achieve reverse shell capabilities via phishing emails or malicious websites. If the victim installs the malware on a local workstation, it initiates an outgoing connection to the attacker’s command server. An outgoing connection often succeeds because firewalls generally filter incoming traffic.

An attacker may exploit command injection vulnerabilities on a server to compromise the system. In the injected code, a reverse shell script provides a command shell enabling additional malicious actions.

在这里插入图片描述

A bind shell is a sort of setup where remote consoles are established with other computers over the network.
In Bind shell, an attacker launches a service on the target computer, to which the attacker can connect. In a bind shell, an attacker can connect to the target computer and execute commands on the target computer.
To launch a bind shell, the attacker must have the IP address of the victim to access the target computer.

Port 21 for control,
20 for data transfer – FTP
Port 22 – SSH
Port 25 – SMTP
Port 80 – HTTP
Port 443 – HTTPS
Port 465 – SMTPS
Port 587 – SMTP
Port 993 – IMAP

Difference Between Bind Shell and Reverse Shell

Bind Shells have the listener running on the target and the attacker connects to the listener in order to gain remote access to the target system.

In the reverse shell, the attacker has the listener running on his/her machine and the target connects to the attacker with a shell. So that attacker can access the target system.

In Bind shell, the attacker finds an open port on the server/ target machine and then tries to bind his shell to that port.

In the reverse shell, the attacker opens his own port. So that victim can connect to that port for successful connection.
The attacker must know the IP address of the victim before launching the Bind Shell. The attacker doesn’t need to know the IP address of the victim, because the attacker is going to connect to our open port.

In Bind shell, the listener is ON on the target machine and the attacker connects to it.

The Reverse shell is opposite of the Bind Shell, in the reverse shell, the listener is ON on the Attacker machine and the target machine connects to it.

Bind Shell sometimes will fail, because modern firewalls don’t allow outsiders to connect to open ports.

Reverse Shell can bypass the firewall issues because this target machine tries to connect to the attacker, so the firewall doesn’t bother checking packets.

  1. The windows evaluation

Download the Grey corner — vulnserver
Immunity debugger
Install python

在这里插入图片描述

  1. 在这里插入图片描述
    在这里插入图片描述

在这里插入图片描述

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/350583.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

ChatGPT 最好的替代品

前两天我们邀请了微软工程师为我们揭秘 ChatGPT,直播期间有个读者问到:有了 ChatGPT,BERT 未来还有发展前途吗?我想起来最近读过的一篇博客“最好的 ChatGPT 替代品”。 不过聊到这俩模型,就不得不提到 Transformer。 …

夭寿啦!我的网站被攻击了了735200次还没崩

记得有一个看到鱼皮的网站被攻击,那时候我只是一个小小号,还在调侃,没想到我居然也有那么一天! 突袭 一个风和日丽中午,我正在和同事吃饭,一个内存oom,我的小破站崩溃了。 虽然天天被攻击吧&a…

Linux - iostat 命令详解(监视磁盘 I/O)

iostat 是最常用的磁盘 I/O 性能观测工具&#xff0c;它提供了每个磁盘的使用率、IOPS、吞吐量等各种常见的性能指标&#xff0c;这些指标实际上来自 /proc/diskstats。 使用方式说明 [rootizwz98ahlvpkv3l7551ud2z ~]# iostat -help 用法:iostat [ 选项 ] [ <时间间隔>…

QML Gradient(渐变)

在Rectangle中简单的介绍了渐变&#xff0c;但只介绍了一种&#xff0c;下面还会介绍几种。 注意&#xff1a;渐变&#xff08;Gradient&#xff09;的优先级大于普通颜色&#xff08;color&#xff09; 线性渐变&#xff1a; 默认&#xff08;从上到下&#xff09;垂直渐变&…

C++【map和set的基本使用】

文章目录1、关联式容器2、键值对3、树形结构的关联式容器3-1、set3-1-1、set的使用3-1-3、set的使用样例3-2、map3-2-1、map的使用3-2-2、map的使用样例3-3、multiset3-4、multimap4、总结1、关联式容器 在初阶阶段&#xff0c;我们已经接触过STL中的部分容器&#xff0c;比如…

使用IPV6+DDNS连接内网主机

0、前言 IPV6已经普及多年&#xff0c;但是作为互联网用户好像并没有在实用性上有更多感受&#xff0c;或者说IPV6并没有让普通用户感觉到改变。我作为网络从业者其实也没有过多关注。在工作中普遍遇到的还是基于IPV4的网络&#xff0c;比如各个行业的网络、单位的内网区域和互…

C语言赋值(关系)运算符和逗号运算符

一.赋值&#xff08;关系&#xff09;运算符 1.关系运算符 高优先级组 < 左边值小于右边值,则返回1。否则返回0 < 左边值小于等于右边值,则返回1。否则返回0 > 左边值大于右边值,则返回1。否则返回0 > 左边值大于等于右边值,则返回1。否则返回0 低优先级组…

React组件的用法和理解

React组件 函数式组件 <div id"test"></div><script type"text/babel">//1.创建函数式组件(必须大写&#xff0c;函数必须有返回值)function MyComponent(){console.log(this); //此处的this是undefined&#xff0c;因为babel编译后开…

自己实现 ChatGpt ?先学习 Pytorch 吧

最近 ChatGpt 的爆火&#xff0c;让人非常震撼&#xff0c;无论是知识问答、对话还是代码撰写&#xff0c;都非常符合人们的预期&#xff0c;让人不得不感慨机器学习的强大。不信&#xff1f;看下面&#xff1a; 图1 语言分析处理 图2 知识问答 图3 写故事 图4 写代码 体…

详解ZabbixBSM是啥?业务服务监控达到全新高度

感谢本文译者赵广生 ! 欢迎更多资深用户&#xff0c;结合自己使用经验翻译原厂博文&#xff01; 赵广生 毕业于北京外国语大学&#xff08;信息管理与信息技术&#xff09;&#xff1b; 毕业后先后在多个公司从事信息化运维管理工作&#xff1b; 主要涉及虚拟化领域vmwa…

pytorch离线安装

windows下离线安装pytorch&#xff0c;很多内网机&#xff0c;无法连接外网&#xff0c;只能下载whl文件进行离线安装下载pytorch&#xff0c;地址https://download.pytorch.org/whl/torch_stable.html我是windows&#xff0c;Python37&#xff0c;没有gpu&#xff0c;所以选择…

如何利用知识库加强内部管理?

许多公司都知道需要有一个面向客户的知识库&#xff0c;以加强客户服务&#xff0c;提供更好的客户体验。 但是很多企业没有意识到的是&#xff0c;拥有一个内部知识库软件对于员工改善沟通和促进知识共享的重要性。 协作是组织成功的关键部分&#xff0c;通过明确的远景和使…

怎么看电脑显卡?3个步骤,1分钟学会

显卡作为电脑重要的组成部件&#xff0c;具有重要的作用。很多小伙伴买回来电脑后&#xff0c;想要查看电脑显卡&#xff0c;却不知道怎么看电脑显卡&#xff1f;别着急&#xff0c;今天小编就应各位小伙伴的要求&#xff0c;以图文的方式&#xff0c;3个步骤教你如何看电脑显卡…

C++设计模式(15)——代理模式

亦称&#xff1a; Proxy 意图 代理模式是一种结构型设计模式&#xff0c; 让你能够提供对象的替代品或其占位符。 代理控制着对于原对象的访问&#xff0c; 并允许在将请求提交给对象前后进行一些处理。 问题 为什么要控制对于某个对象的访问呢&#xff1f; 举个例子&…

分享117个HTML婚纱模板,总有一款适合您

分享117个HTML婚纱模板&#xff0c;总有一款适合您 117个HTML婚纱模板下载链接&#xff1a;https://pan.baidu.com/s/1cC3I5cfh91-KmQj4nfSoPA?pwd9hod 提取码&#xff1a;9hod Python采集代码下载链接&#xff1a;采集代码.zip - 蓝奏云 import os import shutil import …

懂九转大肠的微软New Bing 内测申请教程

最近微软的New Bing开放内测了&#xff0c;网上已经有拿到内测资格的大佬们对比了ChatGPT和New Bing。对比结果是New Bing比ChatGPT更强大。来看看具体对比例子吧 1.时效性更强 ChatGPT的库比较老&#xff0c;跟不上时事&#xff0c;比如你问它九转大肠的梗&#xff0c;ChatG…

初级调色转档CameraRaw

一级调色 还原-曝光-色彩-细节-质感 修图的范围 整体&#xff08;掌握基本面板&#xff09;——局部&#xff08;曲线&#xff09;——具象&#xff08;混色器&#xff09; 修片最开始的准备工作 看直方图:明暗跟色彩的数据表 分析图片是否存在以下问题&#xff1a; 1.曝光…

Linux权限概念

目录 Linux权限的概念 什么是权限 如何去操作权限 设置文件所属角色 设置文件属性 umask 粘滞位 Linux权限的概念 首先我们要了解到&#xff0c;在linux下有两种用户&#xff1a;超级用户(root)和普通用户。超级用户的命令提示符是“#”&#xff0c;普通用户的命令提示…

亚马逊测评自养号需要注意的五点

一.有自己的一套环境系统市场上有很多系统&#xff0c;但很多都是现成的或软件包&#xff0c;没有解决风控的能力&#xff0c;这个还需要大家自己甄别的哈&#xff0c;如果有需要建议大家自己学习一套&#xff0c;把技术掌握在自己手里&#xff0c;这样不会有依赖性&#xff0c…

零基础、学历无优势、逻辑能力一般”,能转行做程序员吗?

此前&#xff0c;拉勾数据研究院对程序员群体做了一次深入调查&#xff0c;并发布了《2022程序员群体职场洞察报告》&#xff0c;报告显示&#xff0c;“高薪”依然是程序员的职业标签之一。 在调查的程序员群体中&#xff0c;年薪在10-30万元之间的人数占比为66.7%&#xff0…