Intelligence gathering
Including obtaining the whois information of domain name, querying the server site and subdomain site, checking the version of the server operating system, scanning the IP address port, scanning the directory structure of the website, and further detecting the website information through google hack.
Vulnerability scanning
Start to detect vulnerabilities, such as XSS, XSRF, sql injection, code execution, command execution, unauthorized access, directory reading, arbitrary file reading, downloading, file inclusion, remote command execution, weak passwords, uploading, editor vulnerabilities, brute force cracking, etc.
Vulnerability utilization
Use the above method to obtain webshell or other permissions.
Permission promotion
Power lifting servers, such as udf power lifting and serv-u power lifting of mysql under windows, vulnerabilities of lower versions of windows, such as iis6, pr, Brazilian barbecue, linux hidden cattle vulnerability, linux kernel version vulnerability power lifting, mysql system power lifting under linux and oracle low-authority power lifting.
Log cleaning
What do you need to do to end the penetration test and erase your own traces.
avoid risks
Do not carry out any attacks that may cause business interruption (including resource-exhausted DoS, malformed message attacks, and data destruction). The test and verification time should be at the time when the business volume is the least. Before testing, ensure that relevant data are backed up, and communicate with maintenance personnel for confirmation before all tests are conducted.