qzmjef 发表于 2024-10-3 05:32:25

像追女子同样去渗透之信息收集


    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://mmbiz.qpic.cn/mmbiz_jpg/ZS0VQrDMfGqFTibJEXXoedicpr5ZHhBDlYEic6bRYM1jT28QibqGfVPzfJvsOsaLlys6TZ43uvLeicJfBdTB2LsSPZg/640?wx_fmt=jpeg&amp;tp=webp&amp;wxfrom=5&amp;wx_lazy=1&amp;wx_co=1" style="width: 50%; margin-bottom: 20px;"></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp;像追<span style="color: black;">女子</span><span style="color: black;">同样</span>去渗透之信息收集</p>

    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp;在IT行业摸索了<span style="color: black;">非常多</span>年<span style="color: black;">最终</span>找到了<span style="color: black;">一辈子</span>所爱(信息安全),为了这份爱能传递下去,我将以这份脱单攻略来讲述我是<span style="color: black;">怎样</span>get挚爱shell!<span style="color: black;">期盼</span><span style="color: black;">大众</span>都能get到女神的shell</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">针对</span>追女神,<span style="color: black;">首要</span>要<span style="color: black;">晓得</span>女神是男还是女,<span style="color: black;">爱好</span>男还是<span style="color: black;">爱好</span>女,到底有<span style="color: black;">无</span>shell,我等石楠花<span style="color: black;">能够</span>远观还是亵玩焉,<span style="color: black;">那样</span><span style="color: black;">第1</span>步<span style="color: black;">便是</span>要去收集女神的信息!</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp;收集信息这个过程需要循序渐进,<span style="color: black;">亦</span><span style="color: black;">便是</span>要每走一步都要把信息进行归纳,当<span style="color: black;">咱们</span><span style="color: black;">把握</span>足够的信息的时候那就<span style="color: black;">能够</span>去进行下一步了,<span style="color: black;">亦</span><span style="color: black;">便是</span>怎么去追她啦(威胁建模)!</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp;<span style="color: black;">起始</span>收集!</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp;<span style="color: black;">首要</span>要<span style="color: black;">认识</span>女神的家庭住址,邮箱,手机号<span style="color: black;">那样</span><span style="color: black;">便是</span>这几个办法!</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Whois信息--注册人、<span style="color: black;">tel</span>、邮箱、DNS、地址</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;http://whois.chinaz.com/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;https://www.aizhan.com/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;whois 反查whois(<span style="color: black;">得到</span><span style="color: black;">相关</span>女神的信息)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">那样</span>女神名花有主那<span style="color: black;">咱们</span><span style="color: black;">亦</span>得想办法松土</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;找找她的小姐妹(子域名)们有<span style="color: black;">无</span>利用价值</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">此时</span>候<span style="color: black;">咱们</span><span style="color: black;">能够</span>利用 dig <span style="color: black;">倘若</span>有DNS域传送漏洞(Dns是<span style="color: black;">全部</span>互联网<span style="color: black;">机构</span>业务的<span style="color: black;">基本</span>,<span style="color: black;">日前</span>越来越多的互联网<span style="color: black;">机构</span><span style="color: black;">起始</span>自己搭建DNS服务器做解析服务,<span style="color: black;">同期</span><span style="color: black;">因为</span>DNS服务是<span style="color: black;">基本</span>性服务非常重要,<span style="color: black;">因此呢</span><span style="color: black;">非常多</span><span style="color: black;">机构</span>会对DNS服务器进行主备配置而DNS主备之间的数据同步就会用到dns域传送,但<span style="color: black;">倘若</span>配置<span style="color: black;">欠妥</span>,就会<span style="color: black;">引起</span>任何匿名用户都<span style="color: black;">能够</span>获取DNS服务器某一域的所有记录,将<span style="color: black;">全部</span>企业的<span style="color: black;">基本</span>业务以及网络架构对外暴露从而<span style="color: black;">导致</span>严重的信息<span style="color: black;">泄密</span>,<span style="color: black;">乃至</span><span style="color: black;">引起</span>企业网络被渗透)的话就更好啦!</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;dig @dns.xxx.edu.cn axfr xxx.edu.cn&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;ps:@指定域名服务器;axfr 为域传送指令;xxx.edu.cn<span style="color: black;">暗示</span>要<span style="color: black;">查找</span>的域名;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">https://www.imooc.com/article/26971?block_id=tuijian_wz</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;nslookup&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;用法 nslookup -qt=type domain </p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;其中,type<span style="color: black;">能够</span>是以下这些类型:</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; A <span style="color: black;">位置</span>记录&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">AAAA <span style="color: black;">位置</span>记录&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">AFSDB Andrew文件系统数据库服务器记录&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">ATMA ATM<span style="color: black;">位置</span>记录&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">CNAME 别名记录&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">HINFO 硬件配置记录,<span style="color: black;">包含</span>CPU、操作系统信息</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">ISDN 域名对应的ISDN号码&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">MB 存放指定邮箱的服务器&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">MG 邮件组记录&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">MINFO 邮件组和邮箱的信息记录&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">MR 改名的邮箱记录&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">MX 邮件服务器记录&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">NS 名字服务器记录&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">PTR 反向记录&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">RP 负责人记录&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">RT 路由穿透记录&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">SRV TCP服务器信息记录&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">TXT 域名对应的文本信息</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">X25 域名对应的X.25<span style="color: black;">位置</span>记录</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; 还<span style="color: black;">能够</span>用上nmap&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; 用法 nmap --script dns-zone-transfer --script-args dns-zone-transfer.domain=xxx.com -p 53 -Pn dns.xxx.com</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">ps:dns-zone-transfer.domain参数 指定要<span style="color: black;">查找</span>的域;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; dns.xxx.com 为指定的<span style="color: black;">查找</span>域名服务器</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">或</span>小兄弟们要是有点小钱,<span style="color: black;">能够</span>去&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; 云悉http://www.yunsee.cn/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; VirusTotal:https://www.virustotal.com</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">DNSdumpster:https://dnsdumpster.com/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; http://tool.chinaz.com/subdomain/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; http://z.zcjun.com/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; http://tools.bugscaner.com/subdomain/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; https://phpinfo.me/domain/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; 有些免费,有些<span style="color: black;">亦</span>可<span style="color: black;">以避免</span>费试试,效果不错就下次再来玩!</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">如果你非要<span style="color: black;">表现</span>那种过人的<span style="color: black;">浑厚</span>气质那就叫出你屡试不爽的蓝翔团队</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; Layer子域名挖掘机&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; subDomainsBrute</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; Sublist3r</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; https://github.com/ring04h/wydomain</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">还有<span style="color: black;">便是</span>动用全网人脉(全网DNS解析)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">下载<span style="color: black;">位置</span>:https://scans.io/study/sonar.rdns_v2</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; 这是Rapid7 Labs扫描的结果,<span style="color: black;">大众</span><span style="color: black;">能够</span>下载下来,搜索关键字,获取二级域名&nbsp;&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">女神要是有怪癖就<span style="color: black;">能够</span>用小蜘蛛爬</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; https://github.com/binux/pyspider</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">倘若</span>女神大部分时间都住在别人家(cdn)<span style="color: black;">或</span><span style="color: black;">便是</span>不告诉你她家在哪里<span style="color: black;">那样</span>就要<span style="color: black;">查询</span>DNS历史解析ip</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">查看 IP 与 域名绑定的历史记录,可能会存在<span style="color: black;">运用</span> CDN 前的记录,<span style="color: black;">关联</span><span style="color: black;">查找</span>网站有:</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; https://dnsdb.io/zh-cn/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; https://x.threatbook.cn/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; http://toolbar.netcraft.com/site_report?url=</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; http://viewdns.info/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">http://ip138.com</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">倘若</span>女神的小姐妹们在她同一个村就有可能说出她家在哪里哦!</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; <span style="color: black;">这儿</span>需要对cdn进行<span style="color: black;">有些</span><span style="color: black;">认识</span>,有些单位的女神不<span style="color: black;">必定</span>都在cdn上,会有<span style="color: black;">有些</span>小业务放在自己村里来节约开销!</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">还有<span style="color: black;">便是</span>查看女神的<span style="color: black;">保护</span>们邮件发送的源ip,<span style="color: black;">或</span><span style="color: black;">咱们</span>从国外给女神一个小小的请求<span style="color: black;">或</span>DNS解析(CDN有些在国外可能<span style="color: black;">无</span>节点)毕竟国外的香水更熏人!</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">还<span style="color: black;">能够</span><span style="color: black;">经过</span>以下<span style="color: black;">有些</span>办法<span style="color: black;">认识</span>到女神的<span style="color: black;">状况</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; xcdn</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; https://github.com/3xp10it/xcdn</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; 破解CDN服务账户</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; ssrf漏洞 (这个真的挖到就赚到,真的是任你摆布,话说要是能直接挖到我还追个屁)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">app客户端&nbsp; <span style="color: black;">微X</span>小程序(<span style="color: black;">这儿</span>可能女神不<span style="color: black;">重视</span><span style="color: black;">咱们</span>就<span style="color: black;">能够</span>在她留下来的<span style="color: black;">有些</span>东东中<span style="color: black;">经过</span>抓流量<span style="color: black;">或</span>逆向的方式得到真实的IP<span style="color: black;">位置</span>)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; CloudFlare(hatcloud)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; https://github.com/HatBashBR/HatCloud</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; https://censys.io等网络空间引擎<span style="color: black;">查询</span>关键字</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; 查企业的备案信息</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">天眼查:https://www.tianyancha.com/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; ICP备案<span style="color: black;">查找</span>网:http://www.beianbeian.com/&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; 国家企业信用信息公示系统:http://www.gsxt.gov.cn/index.html</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">倘若</span>女神<span style="color: black;">敏锐</span>信息<span style="color: black;">泄密</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; <span style="color: black;">那样</span><span style="color: black;">咱们</span><span style="color: black;">瞧瞧</span>她是不是gay片影迷</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; github信息<span style="color: black;">泄密</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; 邮箱、qq、主机等用户名</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">工具:https://github.com/FeeiCN/GSIL</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; .git文件&nbsp; https://github.com/lijiejie/GitHack&nbsp; &nbsp;&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">https://github.com/MiSecurity/x-patrol</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; (我<span style="color: black;">便是</span>看gay片看到了好多女神的隐私,最后任我蹂躏)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">robots.txt 不解释 有时候<span style="color: black;">便是</span>勾引你的哦</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; DS_store<span style="color: black;">引起</span>文件<span style="color: black;">泄密</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; https://github.com/lijiejie/ds_store_exp</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; 备份文件</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; zip,rar,bak</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; <span style="color: black;">这儿</span>就<span style="color: black;">能够</span>完全用google hacker 的<span style="color: black;">办法</span>来获取&nbsp;&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; site:女神 filetype:zip,rar,bak</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; googlehack<span style="color: black;">认识</span>一下</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">找一下女神的身体构造</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; 目录扫描:</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">wwwscan</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">御剑、DirBuster&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">dirb</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">iis_shortname_scanner(扫windows服务器目录<span style="color: black;">举荐</span>优先用它)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Fuzz</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> https://github.com/maK-/parameth</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">https://github.com/xmendez/wfuzz</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">倘若</span>她<span style="color: black;">运用</span><span style="color: black;">有些</span>cms bbs 博客等物件都是<span style="color: black;">能够</span>找到源码的那就<span style="color: black;">能够</span>省去扫描了!</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; 例如 <span style="color: black;">运用</span>的是修罗cms(随便举例)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; <span style="color: black;">那样</span>就<span style="color: black;">能够</span>直接去看https://gitee.com/xiuno/xiunobbs 里面的目录结构了</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">有些<span style="color: black;">重点</span>配置(连接数据库,用户,<span style="color: black;">秘码</span>等<span style="color: black;">敏锐</span>信息文件只要<span style="color: black;">无</span>做deny就差不多<span style="color: black;">不消</span>扫目录了)<span style="color: black;">无</span>403 <span style="color: black;">或</span>删除掉就<span style="color: black;">能够</span>节约<span style="color: black;">非常多</span>时间!</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; WEB-INF/web.xml<span style="color: black;">泄密</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;WEB-INF是Java的WEB应用的安全目录。<span style="color: black;">倘若</span>想在页面中直接<span style="color: black;">拜访</span>其中的文件,必须<span style="color: black;">经过</span>web.xml文件对要<span style="color: black;">拜访</span>的文件进行相应映射<span style="color: black;">才可</span><span style="color: black;">拜访</span>。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; svn<span style="color: black;">泄密</span></p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">svn文件是subversion的版本<span style="color: black;">掌控</span>信息文件 当某个目录<span style="color: black;">处在</span>subversion的版本<span style="color: black;">掌控</span>时,在这个目录中就会.svn这个文件夹,这个.svn文件夹中的文件<span style="color: black;">便是</span><span style="color: black;">有些</span>版本信息文件,供subversion<span style="color: black;">运用</span>。<span style="color: black;">因为</span><span style="color: black;">安排</span>上线的时候<span style="color: black;">无</span>删除这个文件夹,<span style="color: black;">引起</span>代码泄漏</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Seay-Svn源代码<span style="color: black;">泄密</span>漏洞利用工具</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">管理后台</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">工具:弱文件扫描器 https://github.com/ring04h/weakfilescan</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; phpinfo()</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; 在安装完php环境之后,正常<span style="color: black;">状况</span>下都会创建一个代码为&lt;?php phpinfo(); ?&gt;的文件,查看系统的配置<span style="color: black;">状况</span>,有的时候在上线<span style="color: black;">安排</span>的时候<span style="color: black;">无</span>删除该文件<span style="color: black;">引起</span>信息泄漏。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; 最骚的<span style="color: black;">便是</span>百度网盘了</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">https://www.lingfengyun.com/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">还有<span style="color: black;">便是</span>自己造轮子</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">利用python针对特定<span style="color: black;">目的</span>写脚本</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Email收集</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">(<span style="color: black;">经过</span> teemo,metago,burpusit,awvs,netspker <span style="color: black;">或</span> google 语法收集。&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp;收集对方的邮箱账号命名习惯(<span style="color: black;">由于</span>好多官方后台都是用内部邮箱账号登录的)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">可用来进行爆破<span style="color: black;">或</span>弱口令登录以及撞裤攻击。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">工具:theharester</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">收集账号信息</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">经过</span>说明文档以及 google<span style="color: black;">或</span>网站这个页面收集,<span style="color: black;">或</span>网站<span style="color: black;">发布</span>者以及留言板信息处收集账号,可对 oa,erp,um,sso 等系统账号进行爆破。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; 搜索<span style="color: black;">关联</span> QQ 群收集<span style="color: black;">关联</span>企业员工的社交账号。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp;安装页面&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">能够</span>二次安装<span style="color: black;">从而</span>绕过(不<span style="color: black;">意见</span><span style="color: black;">运用</span>,破坏性极强女神可能就不爱你了)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">接下来<span style="color: black;">不可</span>忘记收集女神的指纹</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; web指纹</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; 例如phpmyadmin zabbix cacti等等 有的时候一打眼就看出什么了 之后就去<span style="color: black;">经过</span>得到bannar信息去翻阅<span style="color: black;">咱们</span>最爱的https://www.exploit-db.com</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; 总会有机会,<span style="color: black;">举荐</span>seebug exploit-db 等等</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; 端口</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">需要<span style="color: black;">晓得</span><span style="color: black;">目的</span>服务器开放了<span style="color: black;">那些</span>端口,<span style="color: black;">平常</span>的如 135 、137 、138 、139 、445,这几个端口经常爆发漏洞。以下是<span style="color: black;">有些</span>服务端口的漏洞:</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">22——&gt;ssh弱口令</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">873——&gt;rsync 未授权<span style="color: black;">拜访</span>漏洞</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">3306——&gt;mysql弱口令</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">6379——&gt;redis未授权<span style="color: black;">拜访</span>漏洞</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; 8080--<span style="color: black;">通常</span>都是java容器的(tomcat jetty)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">7001--微博老贼可</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; 9200--一拉屎忒渴</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; 等等(<span style="color: black;">意见</span>多<span style="color: black;">认识</span>web中间件,数据库,mq,dfs等应用服务)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; ip</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; C段(和<span style="color: black;">目的</span><span style="color: black;">设备</span>ip处在同一个C段的其它<span style="color: black;">设备</span>,即都在同一个交换机下)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; 服务器操作系统类型</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; 开放端口和服务识别</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; <span style="color: black;">目的</span>网络结构</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; tracart</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; 工具:nmap (扫的时候<span style="color: black;">重视</span>安全,被墙了就要慢慢来换个姿势)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">旁站&nbsp;&nbsp;</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">工具:http://www.webscan.cc/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">倘若</span>有cms</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp;<span style="color: black;">能够</span><span style="color: black;">按照</span>网站特有 URL 判断<span style="color: black;">经过</span><span style="color: black;">有些</span>文件的 MD5 值,有时候<span style="color: black;">亦</span><span style="color: black;">能够</span>判断 CMS 类型(<span style="color: black;">例如</span> /favicon.ico )<span style="color: black;">检测</span> response 头 <span style="color: black;">或</span>页面中 Power by</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">博客类:Wordpress、Emlog、Typecho、Z-blog、More…,</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">社区类:Discuz、PHPwind、StartBBS、Mybb等等。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">工具</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">http://whatweb.bugscaner.com</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">云悉</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">网站架构</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">操作系统</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">web容器</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">数据库</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">脚本语言</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">第三方组件</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">struts thinkphp jboss ganglia zabbix cacti</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">工具:chrome插件--wappalyzer、nmap识别、whatweb</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">在线工具:云悉http://www.yunsee.cn/ (哪里都有它)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">网站服务</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">oa gitlab jenkins wiki Jira VPN SSO 后台</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">有<span style="color: black;">保护</span>天使怎么整?</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; waf识别</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">工具:https://github.com/EnableSecurity/wafw00f</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">还有的<span style="color: black;">便是</span><span style="color: black;">大众</span>把妹常用的办法</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; 舆情业务信息监控</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; 利用第三方以及自己的脚本来监控其他企业的业务,企业的舆情,<span style="color: black;">能够</span>添加关键字来监控,以及URL监控,这些都是<span style="color: black;">能够</span>监控很关键的信息,<span style="color: black;">例如</span>我监控关键字为,xxxx上新xxx<span style="color: black;">制品</span>,一旦这个<span style="color: black;">制品</span>被<span style="color: black;">媒介</span>号写出<span style="color: black;">揭发</span>就能<span style="color: black;">第1</span>时间被我监控到。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">第三方平台业务信息收集</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; <span style="color: black;">微X</span>信息收集,公众号,小程序,其中<span style="color: black;">能够</span>找到<span style="color: black;">非常多</span>有用的信息,收集所有公众号,在公众号的功能中<span style="color: black;">能够</span>找到<span style="color: black;">非常多</span>接口,子域名,还有小程序中能够找出非常多的信息,搜索某些大厂商的小程序,在小程序中<span style="color: black;">能够</span>看到<span style="color: black;">更加多</span>信息处有非常之多的子域名信息</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; 其他网络第三方平台</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">阿里与百度的第三方统计平台信息收集,因为第三方统计中<span style="color: black;">能够</span><span style="color: black;">知道</span>的记录<span style="color: black;">非常多</span>的信息,域名,还有页面后台,这些信息的记录,<span style="color: black;">非常多</span>厂商有几百个业务,<span style="color: black;">然则</span>这些业务都有做统计,在这些统计中<span style="color: black;">能够</span>爆破他的统计<span style="color: black;">秘码</span><span style="color: black;">而后</span>找出许多的域名信息,<span style="color: black;">由于</span>cnzz在之前是<span style="color: black;">能够</span>被爆破的,如今<span style="color: black;">好似</span>给加了验证码,只能试试看弱口令这些了,爆破以及不可实现了。</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; 第三方未公开数据</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">社工库”是运用社会工程学进行攻击的时候<span style="color: black;">累积</span>的各方面数据的结构化数据库。这个数据库里有<span style="color: black;">海量</span>信息,<span style="color: black;">乃至</span><span style="color: black;">能够</span>找到<span style="color: black;">每一个</span>人的<span style="color: black;">各样</span><span style="color: black;">行径</span>记录,<span style="color: black;">例如</span>酒店开房记录、个人身份证、姓名和<span style="color: black;">tel</span>号码。例如<span style="color: black;">查找</span>某QQ号老<span style="color: black;">秘码</span>。findmima.com(要爬墙)</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; &nbsp; &nbsp; <span style="color: black;">更加多</span>的社工库需要花钱<span style="color: black;">或</span>自己搜索整理了</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">&nbsp; &nbsp; 空间搜索引擎</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">工具:theHarvester</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">https://www.shodan.io/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">https://fofa.so/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">https://www.zoomeye.org/</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">这些办法都用了 估计你<span style="color: black;">亦</span>会有<span style="color: black;">许多</span>女神的信息,那就去追吧,估计能走进女神,牵住她的手get她的shell,去女神家里串门(后渗透测试),领证结婚(报告<span style="color: black;">意见</span>)!只要不是女神之泪就好好享受每一个过程!加油,小弟没对象,以上都是|译|音,师傅们轻点</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">github有脑图</p>
    <p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">https://github.com/hack-umbrella/CIS</p>




nqkk58 发表于 2024-11-7 19:51:39

“沙发”(SF,第一个回帖的人)‌
页: [1]
查看完整版本: 像追女子同样去渗透之信息收集