外围信息收集

七彩葫芦娃儿

DNS信息

whois查询

whois testfire.netwhois+域名



image-20220521153915991



image-20220521154245169



image-20220521154156768

whois反查





image-20220521154353571



image-20220521154321375

子域名查询

https://searchdns.netcraft.com/



image-20220521154640505



image-20220521154834793

https://www.t00ls.net/domain.html



image-20220521154948428



image-20220521155036387

利用搜索引擎
site:testfire.net



image-20220521155129308

利用HTTPS证书



image-20220521155533021



image-20220521155550822



image-20220521155558995

域传送漏洞

就是把主DNS数据库同步给备份DNS
vulhub启动漏洞环境
sudo apt-get install dnsutils
dig axfr @192.168.1.15 vulhub.org



image-20220521160229173



image-20220521160303735



image-20220521160750992

他把子域名信息和对应IP地址都显示出来了，漏洞复现成功。
子域名爆破

https://github.com/knownsec/ksubdomain
点击Releases下载二进制文件



image-20220521160610841



image-20220521160815235



image-20220521160842272

使用内置字典爆破域名



image-20220521161022802

DNSIP

ping

ping www.testfire.net



image-20220521161228292

nslookup

nslookup www.testfire.net



image-20220521161255397

dig

dig www.testfire.net



image-20220521161415227

dnsenum

git config -l : 查看相关配置文件



image-20220521161519938

dnsenum testfire.net



image-20220521161742637

同时做域名解析和域传送漏洞检测、子域名爆破、



image-20220521161848858

网站工具

站长之家：http://tool.chinaz.com/dns/?type=1&host=testfire.net&ip=



image-20220521162222845

http://ipip.net：https://www.ipip.net/ip.html



image-20220521162314057

CDN问题

CDN：Content Delivery Network，即内容分发网络
镜像（缓存）服务器



image-20220521162912371

https://www.fujieace.com/penetration-test/cdn-find-ip.html
参考文章IP信息

IP查询

http://ip.tool.chinaz.com



image-20220521163119652

https://www.ip138.com



image-20220521163246980

IP whois查询

http://tool.chinaz.com/ipwhois



image-20220521163550239

https://www.abuseipdb.com/whois



image-20220521163711183



image-20220521163733070

https://ipinfo.io



image-20220521163851015

旁站查询

同IP的其他网站查询
http://stool.chinaz.com



image-20220521164023034



image-20220521164038426

IP2Location

通过IP地址定位到物理地址
查询IP地址经纬度

https://www.maxmind.com/



image-20220521164239438



image-20220521164250999

GPS定位

https://www.zoomeye.org/



image-20220521164340200



image-20220521164351351

利用搜索引擎收集信息

传统搜索引擎

Google Hacking

parent directory site:testfire.net
副目录       查询  域名



image-20220521164755814

index of site:testfire.net



image-20220521165244389

site:testfire.net inurl:login
查询 域名       url  登录



image-20220521165454053



image-20220521165508454

site:testfire.net intext:login
在网页正文中去搜索



image-20220521165545618



image-20220521165608969

site:testfire.net filetype:pdf



image-20220521165752502

intext:PHP Version ext:php intext:apache2handler intext:allow_url_include intext:php.ini



image-20220521165816531



image-20220521165937042

Google 语法网站
https://www.exploit-db.com/google-hacking-database网络空间搜索引擎

ZoomEye

https://www.zoomeye.org/shodan

https://www.shodan.io/fofa

https://fofa.info网站信息

网站报告

netcraft

https://sitereport.netcraft.com/



image-20220521170747564



image-20220521170759089

火狐插件
Netcraft Extension



image-20220521170852458



image-20220521170918383

Zoomeye

https://www.zoomeye.org/



image-20220521171010223



image-20220521171046147

技术架构

操作系统+Web服务器+中间件+数据库
*AMP
*NMP
Windows+IIS+{ASP|.NET(.aspx)}+{ACCESS|MSSQL(SQL Server)}
...套件

phpstudy
xampp
宝塔
...
网站部署方式





image-20220521171443190