这是我学习扫描器扫描、路径穿越攻击、CC攻击特征的一些笔记。
扫描器扫描特征
常见扫描器(Awvs,Appscan,Webinspect,Rsas(绿盟极光),Nessus,WebReaver,Sqlmap)的特征:
Awvs(Acunetix Web Vulnerability Scanner)
URL信息
acunetix-wvs-test-for-some-inexistent-file
by_wvs
acunetix_wvs_security_test
acunetix
acunetix_wvs
acunetix_test
Headers信息
Acunetix-Aspect-Password:
Cookie: acunetixCookie
Location: acunetix_wvs_security_test
X-Forwarded-Host: acunetix_wvs_security_test
X-Forwarded-For: acunetix_wvs_security_test
Host: acunetix_wvs_security_test
Cookie: acunetix_wvs_security_test
Cookie: acunetix
Accept: acunetix/wvs
Origin: acunetix_wvs_security_test
Referer: acunetix_wvs_security_test
Via: acunetix_wvs_security_test
Accept-Language: acunetix_wvs_security_test
Client-IP: acunetix_wvs_security_test
HTTP_AUTH_PASSWD: acunetix
User-Agent: acunetix_wvs_security_test
Acunetix-Aspect-Queries:任意值
Acunetix-Aspect:任意值
Body(POST信息)
acunetix_wvs_security_test
acunetix
Appscan
URL信息
Appscan
Headers信息
Content-Type: Appscan
Content-Type: AppScanHeader
Accept: Appscan
User-Agent:Appscan
Body(POST信息)
Appscan
Webinspect
URL信息
HP404
Headers信息
User-Agent: HP ASC
Cookie: webinspect
X-WIPP: 任意值
X-Request-Memo: 任意值
X-Scan-Memo: 任意值
Cookie: CustomCookie
X-RequestManager-Memo: 任意值
Body(POST信息)
Webinspect
Rsas(绿盟极光)
URL信息
nsfocus
Headers信息
User-Agent: Rsas
Nessus
URL信息
nessus
Nessus
Headers信息
x_forwarded_for: nessus
referer: nessus
host: nessus
Body(POST信息)
nessus
Nessus
WebReaver
Headers信息
User-Agent: WebReaver
Sqlmap
URL信息
sqlmap
Headers信息
User-Agent: sqlmap+version()
Body(POST信息)
sqlmap
路径穿越攻击特征
举个Wordpress5.0的路径穿越漏洞利用的例子:
POST /wordpress/wp-admin/post.php HTTP/1.1
Host: localhost
Connection: close
⋮
...
&action=editpost
&meta_input[_wp_attached_file]=2019/03/demo.jpeg
#/../../../../themes/twentynineteen/demo.jpeg
可见../这个访问上级目录的特征字符串。
CC攻击特征
同一IP短时间内多次请求一个URI(统一资源标识符)。
Comments | NOTHING