?????????????????tips
???????????? ???????[ 2014/1/24 10:49:26 ] ??????????????? ???????
???????????????????????????????????????????sql????XSS?????Щ???????????????????????????????????????????????????????????д??????~
?????????????~
?????????????????????tips
????---byyd0str
????1.BT5VM?汾
??????/pentest/web???棬????penetrationtest????
?????????????
??????1??w3af?????Щ????????Ч???????
?????????????????????????????????????????DVWA???????web.spider????????????????????????????????????????
???????????????????崠?裺
1auth--detailed
username??admin
password??admin
method??POST
auth_url??http://192.168.184.141/dvwa/login.php
username_field:user(???????????????Σ???????????????name?м??????????д?????????)
password_field:pass
check_url:http://192.168.184.141/dvwa/index.php
check_string:admin
data_format:username=%U&password=%P&Login=Login
????????????????auth???????????web.spider????????????????
??????https://www.owasp.org/index.php/Automated_Audit_using_W3AF
????http://w3af.org/howtos/authenticated-scans
????http://www.91ri.org/5782.html
????http://www.91ri.org/3117.html??
??????2??burpsuite(?????е????汾?????????BT?2????????????????)
??????????????????????????????????????????????????????????????????
??????3??skipfish????????д????????Ч?????????
???????????????skipfish???dvwa??????????????????????????????????裬Ч??????
????./skipfish-odvwa-C"security=high;PHPSESSID=taj2jhiqba3j0fs50pa7f1rb20"-S"dictionaries/complete.wl"-W"dictionaries/webgoat.wl"http://192.168.184.141/dvwa/vulnerabilities/
??????4??zap???????в????????????????????????????????????
????????XSS??????
??????5??xsser(http://www.91ri.org/2740.html)????????????в?????URL
??????????????в?????????????
??????6??beef???????????????????beef???????????????????????????????????????????https://github.com/beefproject/beef??
????BT5?μ??????????
???????????BT5?????beef???????£???
/root/beef/core/loader.rb:18:in`require':nosuchfiletoload--bundler/setup(LoadError)
from/root/beef/core/loader.rb:18:in`<top(required)>'
from./beef:42:in`require'
from./beef:42:in`<main>'
??????????????£???????????????????
?????????·????????bundler
????geminstall-–user-installbundler
????????????У?????????????
root@bt:/pentest/web/beef#./beef
Couldnotfindgem'eventmachine(=0.12.10)ruby'inthegemsavailableonthismachine.
Run`bundleinstall`toinstallmissinggems.
?????????????У?bundleinstall
????????????beef
??????http://m.blog.csdn.net/blog/xihuanqiqi/17091067????????????xsser.meforSAE??
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com