当前位置:网站首页>Secondary vocational network security skills competition P100 vulnerability detection
Secondary vocational network security skills competition P100 vulnerability detection
2022-07-25 03:22:00 【Beluga】
There are three methods of vulnerability detection , Respectively :
Direct tests (Test): Direct testing refers to the method of using vulnerability characteristics to find system vulnerabilities . To find out the common vulnerabilities in the system , The most obvious way is to try to penetrate the loophole . Penetration testing refers to the use of scripts or programs designed for vulnerability characteristics to detect vulnerabilities . According to the different infiltration methods , Tests can be divided into two different types : Tests that can be observed directly and tests that can only be observed indirectly .
infer (Inference): Inference refers to the method of judging whether a vulnerability exists without taking advantage of system vulnerabilities . It does not directly penetrate vulnerabilities , Just indirectly looking for evidence of the existence of vulnerabilities . The detection methods using inference methods mainly include version checking ( VersionCheck)、 Program behavior analysis 、 Operating system stack fingerprint analysis and timing analysis .
Test with certificate (TestwithCredentials): Voucher refers to visit Ask the user name or password required by the service , Include UNIX Login permission and call from the network WindowsNT Of API The ability of . The test definition with credentials is : In addition to the target host IP Out of address , Neither direct testing nor inference requires any other information .
Vulnerability detection
1. Via local PC Medium penetration test platform Kali For the server scenario p100_win03-20 In a semi open manner ping Scan mode and cooperate with a, The output format of scanning information is required to be xml File format , Get local area network information from the generated scan results ( for example 172.16.101.0/24) Medium survival target , With xml Format to output information to the specified file ( Using tools NMAP, Use the parameters that must be used ), And will xml Format direction
边栏推荐
- Using one stack to sort another stack
- Leetcode programming practice -- Tencent selected 50 questions (I)
- Test question C: question brushing statistics
- Leetcode.745. prefix and suffix search____ Double dictionary tree + double pointer
- Analysis of DNS domain name resolution process
- Time formatting
- Stm32cubemx quadrature encoder
- Download the jar package of jsqlparser and PageHelper
- Select sort / cardinality sort
- Common methods of array
猜你喜欢
Question D: pruning shrubs
FLASH read / write problem of stm32cubemx
The relationship between private domain traffic and fission marketing. What is super app? Can our enterprise own it?
Swagger key configuration items
Merge sort / quick sort
Decoding webp static pictures using libwebp
Solution: owner's smart site supervision cloud platform
292. Nim game
Task02 | EDA initial experience
Stm32cubemx quadrature encoder
随机推荐
Electronic bidding procurement mall system: optimize traditional procurement business and speed up enterprise digital upgrading
Resolve the error: org.apache.ibatis.binding.bindingexception
What is technical support| Daily anecdotes
Banana pie bpi-m5 toss record (2) -- compile u-boot
Chrome process architecture
NC | progress has been made in the study of the ecological network relationship between dissolved organic carbon and microorganisms in the context of global change
Image processing based on hog feature
Learning record 10
Solve mysql5.6 database specified key was too long; Max key length is 767 bytes
Color space (1) - RGB
The difference between abstract classes and interfaces
Openlayers draw deletes the last point when drawing
Record once C # extract audio files with ffmempeg
C. Mark and His Unfinished Essay
Learning Record V
MySQL configuration in CDH installation
Why does the legend of superstar (Jay Chou) not constitute pyramid selling? What is the difference between distribution and pyramid selling?
Imeta | ggclusternet microbial network analysis and visualization nanny level tutorial
Review all frames before sum of SSM frames
Analysis of cascading relation operation examples of cascade