此次課程,強化了自己對Http method的認識,正常的情況下大都只會有post,get等;put可進上傳(網頁置換)。另外還有狀態碼資訊,可做為異常狀況的判讀,當然也是駭客最想了解的資訊之一。
額外在linux上的收獲是複習了原始碼編譯,以往習慣只藉由rpm/yum安裝。
------------------------------------
以下為摘要部份指令成產生結果。
select remote_host,count(*) as cnt from access_log group by remote_host order by count(*) desc
remote_host cnt
140.117.16.118 514
140.117.72.31 31
ip7231.cm.nsysu.edu.tw 7
47.52.5.89 1
54.144.89.15 1
select from_unixtime(time_stamp),status from mydirbaccess_log where remote_host="140.117.101.147"
網站列舉攻擊
from_unixtime( time_stamp ) status
2017-05-17 09:26:58 404
2017-05-17 09:26:58 404
2017-05-17 09:26:58 404
2017-05-17 09:26:58 404
2017-05-17 09:26:58 404
2017-05-17 09:26:58 404
2017-05-17 09:26:58 404
2017-05-17 09:26:58 404
2017-05-17 09:26:58 404
2017-05-17 09:26:58 404
2017-05-17 09:26:58 404
2017-05-17 09:26:58 403
2017-05-17 09:26:58 403
2017-05-17 09:26:58 403
2017-05-17 09:26:58 403
2017-05-17 09:26:58 403
2017-05-17 09:26:58 403
2017-05-17 09:26:58 404
2017-05-17 09:26:58 404
SELECT remote_host, request_uri, agent
FROM myniktoaccess_log
WHERE remote_host = '140.117.101.147'
AND agent LIKE '%nikto%'
LIMIT 0 , 30
SELECT remote_host, request_method, COUNT( * )
FROM myputaccess_log
WHERE remote_host = '140.117.101.147'
GROUP BY remote_host, request_method
LIMIT 0 , 30
remote_host request_method count( * )
140.117.101.147 DEBUG 1
140.117.101.147 GET 11620
140.117.101.147 HEAD 70
140.117.101.147 INDEX 1
140.117.101.147 OPTIONS 3
140.117.101.147 POST 13
140.117.101.147 PROPFIND 1
140.117.101.147 PUT 3005
140.117.101.147 SEARCH 1
140.117.101.147 TRACE 1
140.117.101.147 TRACK 2
除了get/post外method
SELECT request_method, COUNT( * )
FROM myputaccess_log
WHERE remote_host = '140.117.101.147'
GROUP BY request_method
LIMIT 0 , 30
DEBUG 1
GET 11620
HEAD 70
INDEX 1
OPTIONS 3
POST 13
PROPFIND 1
PUT 3005
SEARCH 1
TRACE 1
TRACK 2
SELECT DISTINCT remote_host, request_args
FROM mysqlmapaccess_log
LIMIT 0 , 30
目錄遊歷的動作,做目錄權限控管
SELECT DISTINCT remote_host, request_args
FROM dotdotaccess_log
WHERE request_args LIKE '%.%'
LIMIT 300 , 30
沒有留言:
張貼留言