去重查询:SELECT DISTINCT 字段名(可以有多个) from XXXX
备注:乱码问题,,SET NAMES GBK,因为cmd命令行字符编码的问题。
# MD5('string') 返回经过MD%加密后的字符串
主域名:test.com
子域名:abc.test.com aa.test.com
第一步:记录网址...
第二步:地址∶山东省德州市德城区东方红西路876号 邮编:253000 网站维护:信息中心 Email:[email protected]
德州市实验小学 版权所有 © 2000 - 2019 鲁ICP备12007957号 鲁公网安备 37140202000506号
第三步:whatweb www.dzsyxx.com 或者firefox f12
http://www.dzsyxx.com/ [200 OK] Country[HONG KONG][HK], Email[[email protected],[email protected]], HTTPServer[Microsoft-IIS/7.5], IP[39.107.110.165], JQuery, Microsoft-IIS[7.5], Script[text/javascript], Title[网站首页-德州市实验小学], X-Powered-By[ASP.NET]
第四步:/phpinfo.php
第五步:whois dzsyxx.com
Registrars.
Domain Name: dzsyxx.com
Registry Domain ID: 105178147_DOMAIN_COM-VRSN
Registrar WHOIS Server: grs-whois.hichina.com
Registrar URL: http://whois.aliyun.com
Updated Date: 2019-04-03T07:53:00Z
Creation Date: 2003-10-17T03:38:29Z
Registrar Registration Expiration Date: 2019-10-17T03:38:29Z
Registrar: Alibaba Cloud Computing (Beijing) Co., Ltd.
Registrar IANA ID: 420
Reseller:
Domain Status: ok https://icann.org/epp#ok
Registrant City:
Registrant State/Province: Shan Dong
Registry Registrant ID: Not Available From Registry
Name Server: DNS7.HICHINA.COM
Name Server: DNS8.HICHINA.COM
DNSSEC: unsigned
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +86.95187
第六步:nslookup www.dzsyxx.com
Server: 192.168.96.2
Address: 192.168.96.2#53
Non-authoritative answer:
Name: www.dzsyxx.com
Address: 39.107.110.165
第七步: nmap 39.107.110.165 -->rdesktop 39.107.110.165(查看操作系统) --->nmap 39.107.110.165 --script=vuln
PORT STATE SERVICE
21/tcp open ftp
80/tcp open http
443/tcp open https
902/tcp open iss-realsecure
912/tcp open apex-mesh
1433/tcp open ms-sql-s
3389/tcp open ms-wbt-server
第八步:子域名爆破http://z.zcjun.com/ 输入 dzsyxx.com