hacking exposed 作业
来源:互联网 发布:安捷伦数据采集器软件 编辑:程序博客网 时间:2024/05/22 17:32
Homework CH10
0540170伏勁松
- (30 points) Google Dork
1) Using googledork to find atarget which can be injected.
2) Explain why this targetcan be injected.
3) Explain how to avoid it.
Solution:
1) find the googledork from GHDB
using inurl:"folderview?id="site:drive.google.com to search targets on google
the target is Google Drive
2)this is to findthe Finds people's private folders on Google Drive, which can Leakage personal information.whichjust google this,there will be large amount file to be exposed,it’s verydangerous.
3)Google Driveshould fix it by update patch in time.
- (30 points) Havij
1) Install Havij.
2) Explain how to use thistool.
3) Using Havij to crack adatabase.
1)
2)chooseone target with input request,then analyze it
Find thewebsite use mysql database
3)thenclick table àget Column ,it will show us the whole DB constructor.
- (60 points) SQL injection
1) Try to use SQL injectionto crack a web application.
2) Explain why this webapplication can be cracked.
3) Explain how to avoid it.
1)i could not find one web application which can be sql injected.
2) becauseprogram do not make judgement on the validity of user input data.
3) Usebind variables; Perform strict input validation on any input from the client;
Implement default error handling; Lockdown ODBC; Lock down the database server configuration; Use programmatic frameworks
- (30 points) Burp Suite
1) Install Burp Suite.
2) Explain how to use thistool.
3) Using Burp Suite to scan atarget, what kind of information can you get?
1)
2)
Step1:set brup and firefox proxy address127.0.0.1:8080
Step2:turn on the intercept
Step3:use firefox to search something on google oropen one page,the request info will be intercepted by brup
- (40 points) Browser plug-in
1) Introduce a Browserplug-in on chrome or firefox which can do web application hacking.
2) Explain how to use thistool, and show your results.
1) choose TamperData which is usedon firefox.The tool can intercept requests and modify the HTTP header orreponse.etc
2) Step1:install on firefox
Step2:open it onbrowser menuàTamperData
Step3:click StartTamper,then every request will be intercepted and show us a alert.
Step4: after click Tamper,there is a window show the request header,and can bemodified .Once modify,the request will be repeat by using the header specified.
- hacking exposed 作业
- Hacking Exposed Cisco Networks
- Hacking Exposed Wireless
- Hacking Exposed Linux
- hacking exposed VOIP: preface
- Hacking Exposed - 2nd Edition
- Hacking Exposed 5th Edition
- Hacking Exposed Windows: Microsoft Windows Security Secrets and, Solutions, Third Edition (Hacking Exposed) (Paperback)
- Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions
- Hacking Exposed Web 2.0: Web 2.0 Security Secrets and Solutions, (Hacking Exposed) (Paperback) Dec.2007.eBook-BBL
- Google Hacking作业
- Hacking Exposed Windows: Microsoft Windows Security Secrets and Solutions, Third Edition
- 推荐图书 中文名: 黑客大曝光:无线网络安全(Hacking Exposed Wireless,J Cache,J Wright, V Liu)
- hacking
- Astalavista.com Exposed
- exposed die attach pad
- 10 Winter Health Myths Exposed
- USB Exposed Port System Test
- Servlet的生命周期与浏览器访问Servlet
- 95. Unique Binary Search Trees II
- 微服务,微架构[五]之springboot读取properties文件
- View的测量
- |算法讨论|树链剖分 学习笔记
- hacking exposed 作业
- NSError和NSException的几点说明
- Maven 常用命令
- 轻松制作自己的词云,向心爱的ta表达一下浪漫的心意吧
- JavaScript中的Object.defineProperty 函数
- 离散题目7
- ssm:简单整合开发框架
- 【笔记】一个实现多连接的蓝牙BLE的简单封装
- LoadRunnet_Run-time Settings 的详细说明
