Skip to content

Latest commit

 

History

History
257 lines (193 loc) · 5.2 KB

Cheatsheet.md

File metadata and controls

257 lines (193 loc) · 5.2 KB
Raw

CheatSheet

  • 成功在于正确的任务分工和无序的反复尝试
  • Success lies in the right division of tasks and unstructured repetitive attempts

客户/对接人员提供信息 (Customer/sales staff provide information)

信息收集 (Info Gathering)

目标基本信息 (Public info gathering)

子域收集 (Domain Enum)

C 段收集 (Network)

端口信息 (Port Scan)

  • 利用常规端口扫描工具,对于部分特殊目标需采用非常规手段
  • The use of conventional port scanning tools, for some special targets need to use unconventional means.

有搞头的页面/目录/文件信息 (Interesting page/directory/file information)

  • 部分存在登录、查询、注册、修改等业务的页面和目录遍历、敏感信息等
  • Some of the pages where login, query, registration, modification and other services exist, as well as directory traversal and sensitive information.

目标业务信息 (Commercial activity recon)

新上线业务 (New Online Services)

合作方权限 (Partner permissions)

活动类 (Activities)

业务线信息 (Business Stream Information)

各平台客户端 (Client for each platform)

web:
windows:
linux:
mac:
android:
ios:
微信小程序:

漏洞利用 (Exploitation)

该站历史漏洞记录 (A record of the target's historical vulnerabilities)

查查各 src 平台这个业务或网站有没有哪个大哥提交过

漏扫工具输出情况 (DAST/SAST tool output)

服务/组件版本漏洞情况 (Service/component version vulnerabilities)

提权-权限维持 (Post Exploitation)

需要提权 (Privilege Escalation)

webshell/受限制的 shell

拿下机器 (Maintaining Access)

根据情况看是否需要做权限维持

目标资产盘点 (Loot)

在已拿下的机器上做进一步信息收集

收尾盘点 (Stocktaking)

存在漏洞一览 (List of Vulnerabilities)

战果(results)

暂未利用成功 (Not being utilized successfully)

少侠不要灰心,下次再战😜

渗透过程中留下痕迹、数据、文件 (Infiltration process leaves traces, data, files)

写清楚一点,不要被客户逮到,莫名其妙就成了"未授权"🤣

过程中日偏的网站 (Off-target results)

客户要求,例如:不允许做子域、不允许做旁站

support

phone number

11111111111

ID information

以下非现实生活中的身份证号码和真实姓名,仅供研究身份证号大全使用
The following non-real-life ID numbers and real names are for research purposes only.

    黎满全 211381199312124631
    王希妍 331023198904238133
    吕耀福 130703199206308957
    何佳健 320602197201119334
    何正军 341203198103266879
    朱晓伟 230231198602233616
    秦峰涛 211381198607272530
    吴明伟 230716198302149459
    夏蔚东 350402197209121775
    王立磊 340203198402112553
    徐克林 34020319851110777X
    张族隆 350122198110245173
    陈上春 130322199202014115
    郭万里 150428199106158730
    张胜强 230716197706097259
    李长宇 350122198705124055
    陆佳斌 320405198807275457
    胡云烁 34052219920410179X
    王宏鼎 350122199112211334
    邹铁峰 220181199211232879
    万传春 350122198312197237
    杨锡庸 211011198102195132
    朱文博 140424199402173030
    孙建平 130529198711286291

Temporary sms

https://miracletele.com/sms/
http://sms.sellaite.com/
https://catchsms.com/
https://www.freeonlinephone.org/
https://smsnumbersonline.com/
https://www.textnow.com/
https://www.receive-a-sms.com/
http://receive-sms-now.com/
https://receive-sms.com/
https://www.receive-sms-online.info/
https://sms-online.co/receive-free-sms
http://receive-sms-online.com/
http://receivefreesms.com/
https://www.receivesmsonline.net/
https://smsreceivefree.com/
https://receive-a-sms.com/
http://www.afreesms.com/freesms/
https://textfree.us/#/login
https://www.pdflibr.com/
https://sms-empfangen.com/
https://sms.cngrok.com/receiving-sms
https://yunduanxin.net/
https://shouduanxin.com/
https://www.becmd.com/
http://www.z-sms.com/
http://www.114sim.com/
https://shouduanxin.com/en/
http://www.345sms.com/
https://receiveasms.com/
https://www.gsmchecker.com/receive-sms-online
http://receivesmsverification.com/
http://smsget.net/en
https://hs3x.com/
https://www.receivesms.net/
http://receivesmsonline.com/
http://freesmsverification.com/
https://sms.ndtan.net/
https://receivefreesms.net/
http://freereceivesmsonline.com/
http://receivesmsonline.in/
https://www.visitorsms.com/

Temporary mailbox

http://www.yopmail.com/zh/
http://gfan.gvoice.men/
https://10minutemail.com/
https://10minutemail.net/
http://mail.bccto.me/
http://www.bccto.me/
https://www.guerrillamail.com/zh/inbox
http://www.fakemailgenerator.com/#/dayrep.com/Firly1970/
https://tutanota.com/
https://temp-mail.org/en/
https://www.guerrillamail.com/
http://tool.chacuo.net/mailsend
https://binmail.co/home
https://maildrop.cc/
https://www.mailinator.com/
http://tool.chacuo.net/mailanonymous
https://tempmail.altmails.com/