为什么要信息收集?(信息打点)
在我们对目标进行渗透测试时,往往信息收集是我们的第一步,但是刚入门的小伙伴可能会有疑问,就是为什么要进行信息收集呢?我直接渗透不好吗?这一步感觉好没意思... 诸如此类。其实不然,信息收集是非常作为渗透测试中非常关键的一步。他直接决定了我们是否能够对目标渗透成功。
举个例子,当你知道渗透的目标是Linux系统时,你就可以查看目标的系统版本,然后去查阅一些资料看看有没有对应系统版本的漏洞,如果有的话,你就可以尝试用这个现成漏洞去尝试,看看能否渗透成功。如果渗透成功那么你就完成了渗透,不需要你自己再去挖掘什么漏洞。但如果你没有做好信息收集,你不知道该目标的操作系统,你可能就没有通过别人已经发现的该版本的系统漏洞的思路,也就丧失了可以通向渗透成功的路。
再举个例子,当你挖掘漏洞是发现一个网站是java web应用的,相对来说挖掘漏洞会比较难,但是你在信息收集的时候,发现他的有些域名是使用的php应用。这时你从php上入手,难度就会下降很多,这也大大的降低了渗透的难度,提升了渗透的成功率。如果你没信息收集傻傻的在那里死啃java,但是别人通过信息收集知道了有些域名下有php的应用,别人已经提交了漏洞,而你还在苦苦的死啃。
所以说信息收集越充分,你的渗透思路也就越明朗,你后续的渗透工作也就会越顺畅。当然这也不是说信息收集做的好,就一定能成功。
在后续的文章中也会继如何收集信息,收集什么样的信息,并且就该信息简单的讲一下渗透的思路。
希望我的文章能够对你有所帮助 🙂
13人评论了“为什么要信息收集?(信息打点)”
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?
Nice post. I learn something more challenging on different blogs everyday. It will always be stimulating to read content from other writers and practice a little something from their store. I’d prefer to use some with the content on my blog whether you don’t mind. Natually I’ll give you a link on your web blog. Thanks for sharing.
Greetings from Idaho! I’m bored to tears at work
so I decided to check out your website on my iphone during lunch break.
I really like the info you provide here and can’t wait
to take a look when I get home. I’m shocked at how quick your blog
loaded on my mobile .. I’m not even using WIFI, just 3G .. Anyhow, fantastic site!
Your article helped me a lot, is there any more related content? Thanks!
Your point of view caught my eye and was very interesting. Thanks. I have a question for you. https://www.binance.com/es-MX/register?ref=JHQQKNKN
BWER Company stands as a trusted name in Iraq’s weighbridge industry, offering innovative designs, reliable installations, and comprehensive support for all weighing requirements.
BWER leads the way in weighbridge technology in Iraq, delivering customized weighing solutions that are accurate, efficient, and ideal for heavy-duty use in any environment.
Hello my family member! I want to say that this article is awesome, nice written and include approximately all important infos. I would like to peer extra posts like this .
I don’t think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article. https://accounts.binance.com/en-IN/register?ref=UM6SMJM3
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
I don’t think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article.
Your article helped me a lot, is there any more related content? Thanks!
I don’t think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article.