iT邦幫忙

2018 iT 邦幫忙鐵人賽
DAY 23
0
Security

CEH 之越挫越勇系列 第 24

[Day23]入侵主機-概念篇

  • 分享至 

  • xImage
  •  

從這個章節之後,就是複習之前的章節內容的進階應用了。
教材最初的內容都是講在企業內網的應用,後續進階則是會提到外網應用的部份。
一樣的步驟 XD
資訊蒐集(Footprinting) > 網路掃瞄(Scanning) > 列舉攻擊(Enumeration) >系統入侵(Hacking)

  • Hacking Webservers => Business Logic Flaws Technical Vulnerabilites
  • Custom Web Application => Open Source / Commercial
  • Third Party Componets => Oracle / MySQL / MS SQL
  • Database => Apache / Micrsoft IIS
  • Operating System => Windows / Linux / OS X
  • Network => Router / Switch
  • Security => IPS / IDS

攻擊內容

Webserver Attacks
Attack Methodology
Webserver Attack Tools
Counter measures
Patch Management
Webserver Security Tools
Webserver Pen Testing

攻擊方式

(1) Dos/DDos
(2) DNS Server Hijacking
(3) DNS Amplification Attack
(4) Directory Traversal Attacks
(5) Man in the Middle / Sniffing Attack
(6) Phishing Attacks
(7) Website Defacements
(8) Web Server Misconfiguation
>> httpd.conf @Apache
>> php.ini
(9) HTTP Response Splitting Attack
(10) Web Cache Poisoning Attack
(11) SSH Bruteforce Attack
(12) Webserver Password Cracking
SMTP servers
Web form authentication
Web shares
Cracking
SSH Tunnels
FTP servers

  • Guessing
  • Dictionary Attacks
  • Brute Force Attacks
  • Hybrid Attacks

攻擊步驟

Information Gathering
Webserver Footprinting
Mirroring Website
Vulnerability Scanning
Session Hijacking
Hacking Webserver Passwords


上一篇
[Day22]連線劫持-實作篇
下一篇
[Day24]入侵主機-實作篇
系列文
CEH 之越挫越勇34
圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

尚未有邦友留言

立即登入留言