Xiaodi - network security notes (1)

domain name

1、 What is domain name ？
domain name （ English ：Domain Name）, Also known as domain , It's a string of names separated by dots Internet The name of a computer or computer unit , Used to locate and identify the computer during data transmission （ Sometimes it also refers to geographical location ）
because IP The address is not easy to remember and can not display the name and nature of the address organization , People designed domain names , And through the domain name system （DNS,Domain Name System） To combine the domain name with IP Addresses map to each other , Make it easier for people to access the Internet , Instead of remembering what can be read directly by the machine IP Address number string . such as www.baidu.com, This is a domain name , In a nutshell ip Not easy to remember , So there are domain names to facilitate memory . You can think of the relationship between address and longitude and latitude （ Shanghai ： longitude 121.48 latitude 31.22）

2、 Where is the domain name registered ？

Domain name registration is Internet A method used to solve the address correspondence problem in . According to the measures for the administration of Internet domain names in China , The domain name registration service organization and the domain name registration administration organization shall verify whether the domain name proposed by the applicant violates the rights of a third party and the true identity of the applicant . The secondary domain name registration in each same top-level domain name is unique , Non repeatable , But the secondary domain name in different top-level domain names can be the same , for example baidu This secondary domain name was once available in .com Register in , It can also be in .cn Register in , It can also be in .xyz And many other top-level domain names , And each domain name plays the same role . therefore , Domain name is a relatively limited resource on the Internet , Its value is gradually valued by people with the increase of registered enterprises and individual users

3、 What is a secondary domain name? A multi-level domain name ？

for example www.dns0755.net yes dns0755.net Subdomain , and dns0755.net again net Subdomain . The sub domain of international top-level domain name is called secondary domain name .  
Such as A.com It's a domain name ,A.B.com Is a secondary domain name . The first level domain name is higher than the second level domain name , The secondary domain name is the subdomain name attached to the primary domain name , That is, the secondary domain name is the subdivision level of the primary domain name .   
Through the website 【.】 Number to judge the domain name level , How many? 【.】 Just a few levels of domain names , Such as A.com It's a domain name ,A.B.com Is a secondary domain name .   
Such as ：baidu.com It's Baidu's top-level domain name ,zhidao.baidu.com It's a secondary domain name ,zhidao.zhidao.baidu.com It's three. （ many ） Level domain name ,*.baidu.com It's a pan domain name .

4、 Domain name discovery is of great significance for security testing ？

When conducting penetration tests , When the vulnerability cannot be found in its primary domain name , You can try to test the collected sub domain names , It is possible that there will be unintended effects when testing subdomain websites , Then you can go horizontally to the main website .

2.DNS
(1) Domain name resolution system
(2) And HOST The relationship between ：
First search locally HOST file , Can't find the same one on the Internet DNS
2.5 CDN
(1) Content distribution network , The purpose is to enable users to get the requested data faster , Simply put, it is used to accelerate , He is a nearby access technology
(2) And DNS The relationship between :CDN It is a nearby access technology , To assign users an optimal CDN node , Need to use DNS Service to locate
3.CDN Working process of
(1)DNS Request local local DNS
(2) Local local DNS Recursively query the server gslb（ Global load balancing ）
(3) Server according to local DNS Assign the best node , return IP
(4) Users get the best IP, Access the best nodes , If the node does not use the content that the user wants to get , Then access a session point through internal route , Until the file is found
(5)CDN The node caches the data , The next time you request this file, you can directly return
4. common DNS Types of security attacks
(1) Cache poisoning
(2)DNS hijacked
(3) Domain name hijacking
(4)DNS DDOS attack
(5) Radial DNS Enlarge the attack

3. Script
(1) Common scripting languages : Scripting language is also called extended language , Or dynamic language asp php aspx jsp javaweb p1 py cqi
(2). The relationship between different types and security vulnerabilities ？
  Different scripting languages have different rules , The vulnerabilities generated by the program are naturally different （ Code audit ）
(3) The relationship between vulnerability mining code and script type ?
  Many rules High safety performance Difficulty

4. back door
1. What is the back door ？ What are the back doors
  Backdoor programs generally refer to those program methods that bypass security control and obtain access to programs . type : Webpage ： Webpage Thread insertion Expand C/S back door
2. The practical significance of the back door in security testing ？
  The column is hidden on the web page like a back door , In the software , Attack the desired operation silently
3. What do you need to know about the back door ?
Well aware of attack and anti reconnaissance Prevent from being recognized by relevant software
How to play （ The purpose is to better hide yourself , Or direct control ）
No killing （ Detect the back door , Prevent the rear door from being detected by relevant ）

5.WEB 
1.WEB The composition architecture model
Website source code ： Divided into script types Sub application direction
operating system ：windows linux
middleware （ Build a platform ）: apache iis tomcat nginx etc.
database ：access mysql mssql oracle sybase db2
2. Brief introduction to architecture vulnerability security testing

3. Why from WEB Take the lead

WEB Wide usage Many source codes from WEB Raise the right Get the server and its intranet

WEB Related loopholes
1.WEB Source class corresponding vulnerabilities
sql Inject
Upload files
XSS
Code execution
Variable coverage
Logical loopholes
Deserialization etc.

2.WEB Vulnerabilities corresponding to middleware

Unauthorized access

3.WEB Database corresponding vulnerabilities

Kernel vulnerability

4.WEB System layer corresponding vulnerabilities

There are loopholes in rights raising Secure code execution

5. Other third-party corresponding vulnerabilities

Computer third-party software

6.APP or PC Application binding class

Mobile PC End Web side