Mentioned before about penetration test , so take advantage at home on the Sunday.
Accordance with the general penetration testing steps, the first step is to gather information, the results of these two sites is not Home website, Domain name is registered in the company's internal DNS server, so the first trick taught Whois gather information, immediately block off:! {
One site (termed temporary system to A) also is retricted client's IP, and the entrance is Load Balance server, can not come into contact with the real Web Server, want to try the operation does not work at my home, alas! But the company has installed IDS ( Intrusion Detection System) and the WAF (Web firewall), For a beginner, it would be too tight defense it! So the second step, the first contact, use NMAP scans have all been dropped.
So the first day got full failure ! I couldn't collect useful information. The information may not be used is a kind of information it! At least know that these methods are not feasible.
沒有留言:
張貼留言