1、  Network Reconnaissance

first we can use the command to gather the site information by whois

eg : whois -i mnt-by YAHOO-MNT

2 、dig to gather the DNS informstion

Dig is the essentially a DNS lookup Swiss Army

Using the wiget such as      dnsmap    for example   :  dns baidu.com      besides it ,   we often use other arguments  such as  :  dnsmap doman  -w  (指定参数列表)、  dnsmap doman -r(指定保存的结果文件)、dnsmap domain -c (指定保存的文件类型使用CSV格式)、  dnsmap domian -i (指定要遍历的IP范围)

3  、Enumerating targets on the local network

we can use the namp  to gathering the system information

namp  -sn   (the   switch   -sn tell the Nmap to use the ICMP protocol to determine whether the hosts in the mentioned range reachable )

another wiget is metasploit

4、 Stealth scanning with Scapy

fisrt   to demonstrate has SYN scan is performed .we craft  a SYN request using Scapy ,and identify the response associated with open port , closed port ,and noresponse system ,to scan a TCP SYN request to any given port ,we first need to build the layer of this  request  ,the first layer that we can construct is the IP layer

>>> i=IP()
>>> i.display()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags=
  frag= 0
  ttl= 64
  proto= hopopt
  chksum= None
  src= 127.0.0.1
  dst= 127.0.0.1
  \options\

>>> i.dst="192.168.142.170"
>>> i.display()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags=
  frag= 0
  ttl= 64
  proto= hopopt
  chksum= None
  src= 192.168.142.181
  dst= 192.168.142.170
  \options\

>>> t=TCP()
>>> t.display()
###[ TCP ]###
  sport= ftp_data
  dport= http
  seq= 0
  ack= 0
  dataofs= None
  reserved= 0
  flags= S
  window= 8192
  chksum= None
  urgptr= 0
  options= []

>>> request=(i/t)
>>> request.display()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags=
  frag= 0
  ttl= 64
  proto= tcp
  chksum= None
  src= 192.168.142.181
  dst= 192.168.142.170
  \options\
###[ TCP ]###
     sport= ftp_data
     dport= http
     seq= 0
     ack= 0
     dataofs= None
     reserved= 0
     flags= S
     window= 8192
     chksum= None
     urgptr= 0
     options= []

>>> response=sr1(request)
Begin emission:
.Finished sending 1 packets.
*
Received 2 packets, got 1 answers, remaining 0 packets
>>> response.display()
###[ IP ]###
  version= 4
  ihl= 5
  tos= 0x0
  len= 44
  id= 0
  flags= DF
  frag= 0
  ttl= 64
  proto= tcp
  chksum= 0x9c1b
  src= 192.168.142.170
  dst= 192.168.142.181
  \options\
###[ TCP ]###
     sport= http
     dport= ftp_data
     seq= 383470489
     ack= 1
     dataofs= 6
     reserved= 0
     flags= SA
     window= 5840
     chksum= 0x7fbc
     urgptr= 0
     options= [('MSS', 1460)]
###[ Padding ]###
        load= '\x00\x00'

>>> sr1(IP(dst="192.168.142.170")/TCP(dport=80))
Begin emission:
Finished sending 1 packets.
*
Received 1 packets, got 1 answers, remaining 0 packets
<IP  version=4 ihl=5 tos=0x0 len=44 id=0 flags=DF frag=0 ttl=64 proto=tcp chksum=0x9c1b src=192.168.142.170 dst=192.168.142.181 options=[] |<TCP  sport=http dport=ftp_data seq=1571343895 ack=1 dataofs=6 reserved=0 flags=SA window=5840 chksum=0xb670 urgptr=0 options=[('MSS', 1460)] |<Padding  load='\x00\x00' |>>>
>>> response=sr1(IP(dst="192.168.142.170")/TCP(dport=4444))
Begin emission:
.Finished sending 1 packets.
*
Received 2 packets, got 1 answers, remaining 0 packets
>>> response.display()
###[ IP ]###
  version= 4
  ihl= 5
  tos= 0x0
  len= 40
  id= 0
  flags= DF
  frag= 0
  ttl= 64
  proto= tcp
  chksum= 0x9c1f
  src= 192.168.142.170
  dst= 192.168.142.181
  \options\
###[ TCP ]###
     sport= 4444
     dport= ftp_data
     seq= 0
     ack= 1
     dataofs= 5
     reserved= 0
     flags= RA
     window= 0
     chksum= 0xffae
     urgptr= 0
     options= []
###[ Padding ]###
        load= '\x00\x00\x00\x00\x00\x00'

>>>

Penettation testing with the bush Shell的更多相关文章

  1. Practical Web Penettation Testing (the first one Mutillidae 大黄蜂)

    1.now we looke at this book . I decide  to make a brief review the book covers as follows (I straigh ...

  2. Practical Web Penettation Testing (the first one Mutillidae 大黄蜂 之二)

    1.how  to use dpkg cmmand first it can be used for list all software , dpkg -l  (由于kali linux 没有启动所以 ...

  3. (转) [it-ebooks]电子书列表

    [it-ebooks]电子书列表   [2014]: Learning Objective-C by Developing iPhone Games || Leverage Xcode and Obj ...

  4. libsvm 之 easy.py(流程化脚本)注释

    鉴于该脚本的重要性,很有必要对该脚本做一个全面的注释,以便可以灵活的使用libsvm. #!/usr/bin/env python # 这种设置python路径的方法更为科学 import sys i ...

  5. build-your-first-mobile-app(第一个 PhoneGap cordova Coldfusion App)

    摘自:http://www.adobe.com/devnet/coldfusion/articles/build-your-first-mobile-app.html Introduction Use ...

  6. Best Free Hacking E-Books 2017 In PDF Format

    1.Best Free Hacking E-Books 2017 In PDF Format: 电子书籍下载地址 后续我会更新在我的百度云资源 上,需要的留言Black Belt Hacking &a ...

  7. 【译】msfvenom

    原文链接:MSFvenom 1.使用MSFvenom命令行界面 msfvenom是Msfpayload和Msfencode的组合,将这两个工具集成在一个框架实例中. msfvenom的优点是: 一个单 ...

  8. Msfvenom 学习笔记与总结

    平台:Android,可用Payload: android/meterpreter/reverse_http Run a meterpreter server on Android. Tunnel c ...

  9. swift-ios开发pod的使用(1)

    MAC安裝CocoaPods   http://www.cnblogs.com/surge/p/4436360.html 请注意我的环境,这个很重要 xcode版本7.3.2   mac 版本OS X ...

随机推荐

  1. es6可变参数-扩展运算符

    es5中参数不确定个数的情况下: //求参数和 function f(){ var a = Array.prototype.slice.call(arguments); var sum = 0; a. ...

  2. 最简单的 springboot 发送邮件,使用thymeleaf模板

    1,导入需要的包 <dependency> <groupId>org.springframework.boot</groupId> <artifactId&g ...

  3. java多线程2

    今日大部分时间花在了C语言的链表上了,以下是我今日所学习的java多线程内容,今天学习的是多线程里的其他命令,wait,notify,nofityAll,分别是等待,唤醒,全部唤醒. 附今日敲的代码: ...

  4. 对Datatable中过长内容实行省略话

    , 16) + '...</a>' } // 点击跳转的实现 else { return '<a id="taskFocus" href="/task_ ...

  5. idea下创建maven聚合(子父级)项目,多模块项目

    IDEA下Maven多模块项目介绍和搭建 idea 创建maven聚合项目简洁教程(手把手入门,通俗易懂) 本人使用的是: intelj idea 创建聚合项目(典型web项目,包括子项目util.d ...

  6. How to Build a Chat Bot Using Azure Bot Service and Train It with LUIS

    Introduction If you haven’t had much programming experience before, building a conversational bot an ...

  7. Loj #528. 「LibreOJ β Round #4」求和 (莫比乌斯反演)

    题目链接:https://loj.ac/problem/528 题目:给定两个正整数N,M,你需要计算ΣΣu(gcd(i,j))^2 mod 998244353 ,其中i属于[1,N],j属于[1,M ...

  8. Calendar 使用

    Calendar 类是一个抽象类,在java.util.Calendar包中,它为特定瞬间与一组诸如 YEAR.MONTH.DAY_OF_MONTH.HOUR 等 日历字段之间的转换提供了一些方法,并 ...

  9. (二)Qt窗口应用程序Widget

    QMainWindow,QWidget,QDialog,这三基类都可以作为顶层窗口 QWidget:是所有窗口类的父类,功能最简单 QMainWindow:如果窗口需要菜单栏,工具栏,状态栏,就需要Q ...

  10. ElasticSearch6.5.0 【Java客户端之REST Client】

    说明 High Level Client 是基于 Low Level Client 的.官方文档如下: * https://www.elastic.co/guide/en/elasticsearch/ ...