渗透测试的报告

目录

0x1概述

1.1渗透范围

1.2渗透测试主要内容

0x2脆弱性分析方法

0x3渗透测试过程描述

3.1遍历目录测试

3.2弱口令测试

3.3 Sql注入测试

3.4内网渗透

3.5内网嗅探

0x4分析结果与建议0x1概述

某时段接到xx网络公司授权对该公司网络进行模拟黑客攻击渗透，在XX年xx月XX日-xx年xx月xx日.对xx网络公司的外网服务器和内网集群精心全面脆弱性黑盒测试•完成测试得到此

份网络渗透测试报告。

3.3 sql 注入测试

通过手工配合工具检测 sql 注入得到反馈结果 如下图

~ C VWIMDOWS\5¥steni32

-

>.€qniis !.cn

-inixi

W K leone to the rea1 world?

wwwscan u3.0 Euild 0&1007

http ：//WWW ■算■QFS

Hesoluingr Ip of wuu.cqns .cn.... OK- MV Connectingr -80... Succeed?

Ti*ying ( Tn Giet Server Type 4 ». Succeedf Server Type £ Microsoft-I[S/& *0

Testing If There Is A Def ault Turning Page..

Not Found!

Found ； /../adninZ f f T

Found ： /. ./adnijn/log'in/ ??!

Checking ： /_uti_bin/.

3.2用户口令猜解

Nmap 收集到外网服务器ftp.使用默认的账号无

法连接,于是对web 和能登陆的界面进行弱口令 测试,具体如下图

Acunetix Threat Level 3

One or more high-severity type vulnerabilities have been discovered by the seanner. A malicious user can exploitthese vulnerabilities and compromise the backend database and/or deface your website.

aneciea iiems /piejistaspx Details

URL encoded GET input id was set to 1416; waitfor delay '0:0:4' - Request

GET /picklist.aspx?id=%24%7binjecthere%7d&jiugou=75&newsort=65&parent=60 HI Host: www.cqms ・cn:80

Connection: Keep-alive

Accept-Encoding: gzip r deflate

Us er-Agent: Mozilla/4・0 (coinpatible; NS IE 8・0; Windows NT 6・0) Response

HTTP/1・1 500 Internal Server Error Date: Fri r 25 Feb 2011 02:14:45 GKT Server: Microsoft-IIS/6 ・ 0 X-Powered-By: X-AspNet-version: 2.0.50727 Cache-Control: private

Content-Type: text/html; charset=utf-8 Content-Length: 10273 /piejistaspx Details

URL encoded GET input id was set to 141R ： waitfnr dplsy '0-0-4'— Request

GET /pic lis 匸.aspx?id=%24%7biniecthere%7d&newsozrt:=65&parmnt:=60 HTTP/1 ・ 1

Alerts distribution

Total alerts found O High O Medium O Low O Informational

78 2 I

5cAft :tuasarr

details EHnd

SQL :nj^tion Application trror sttsai ASP. NET

dtb^ccinc en«bl< • Locxn &«ce pairrord-ruei Fossxblt sen«:tive d:r«< Session Cookie cthout i t- Croken links Bzail found CKDB: Typical lovAsc;lpt eval () usage Fassvoxd type Inp^jt ・g ・indovs S«xvle<

Threat level

(7 应用程序中的服务器错误口

潼入字蒔串的搭式不疋礁=

说时：PM亍当u辭巾谓求则间■岀现求处翻埠百.L祂豆増桜舉诉inja・以丁解有关tsis盘皿代码中歸幡融岀畑屈日佰同.

界冨订细怎直占Syfiltfn F^-rnKF^MiJiCin.拥|.扎手持母的耦式不正H・

int id ■ i nt - Par£t(Rr<]ue5t a Querylgtri ng [r,i dTI ^TQStri ng()); pbreivt ■ i nft»Par^efRequest. (feueryStrl m [H D«r e«rt H J. TeStri ng<)>: nje^is-ortidl 鼻parent 曾CCXTfl-dltl d«-

呼甌50W MpX Ct I TS25

[FormatExcefiti on: SftA宇荷！|5的箱式不正・・]|

System. WytilMr-,stringToNuivbw'tStrieg str, Nu«berStylt5 cp-tKxis- Nu^be^Bixfferi n站I MF NwbtrForfliatInfo iinfo, ftoolean parstDeciftal) *278221?

System, Mu«lHr,iPar5eInt32C5t^in^ 5, Nywberstyles styl«i iM«iHrFor™trinfo ifffo) *11Z

System.I«t32.ParseC5trino 5} +20 亠 ____ _ 亠

Ahqut_^h^«-Pjhge_L<]Jid([]bje£^ KMidAr, Ev^ntArgs e) "in g巩E"一■的血」1亡护棚二lw 45

Systerr, Web. llti 1. Cal 1 i Mel per EventArgFuntti wiCil 1 er (I ntPtr fp. Object 口. Dbjcct t. EwentArgis e) rlS

Systerr. W«b. Lti 1. Cal 1 i EventHandl er Del e^atePraxy-Cal 1 back(Db ject sendier. EwentArgs e) +5J

System. Web. Ul^ Contr口1-01111口曲〔它7亡毗气0呂e-)十勺9

Systerr. W-eb. Ul. £an±ro1 b LuadRecurs-ive ?

SystefF. Weh-ll』-P JI#已.F「口!^匕$只亡口11已各1:胃员韦」(吕[»"1匕曰门"in匚1口日亡生1:阳芒£日亡卩五厂85>丫川七円<]"{祇.Bool can ireel udeStagitEAf^terAsyncPoT nt) +1061

康車庚£L耕心M旗iMETFy応心“JS车2.0.^0727 i3Sd\直驴HE「压斗2Q剖72丁.馆番

根据漏洞类别进行统计，如下所示：

漏洞类别高中低风险值

网站结构分析

3目录遍历探测

4

隐藏文件探测3

e-i: _-