1、  Network Reconnaissance

first we can use the command to gather the site information by whois

eg : whois -i mnt-by YAHOO-MNT

2 、dig to gather the DNS informstion

Dig is the essentially a DNS lookup Swiss Army

Using the wiget such as      dnsmap    for example   :  dns baidu.com      besides it ,   we often use other arguments  such as  :  dnsmap doman  -w  (指定参数列表)、  dnsmap doman -r(指定保存的结果文件)、dnsmap domain -c (指定保存的文件类型使用CSV格式)、  dnsmap domian -i (指定要遍历的IP范围)

3  、Enumerating targets on the local network

we can use the namp  to gathering the system information

namp  -sn   (the   switch   -sn tell the Nmap to use the ICMP protocol to determine whether the hosts in the mentioned range reachable )

another wiget is metasploit

4、 Stealth scanning with Scapy

fisrt   to demonstrate has SYN scan is performed .we craft  a SYN request using Scapy ,and identify the response associated with open port , closed port ,and noresponse system ,to scan a TCP SYN request to any given port ,we first need to build the layer of this  request  ,the first layer that we can construct is the IP layer

>>> i=IP()
>>> i.display()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags=
  frag= 0
  ttl= 64
  proto= hopopt
  chksum= None
  src= 127.0.0.1
  dst= 127.0.0.1
  \options\

>>> i.dst="192.168.142.170"
>>> i.display()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags=
  frag= 0
  ttl= 64
  proto= hopopt
  chksum= None
  src= 192.168.142.181
  dst= 192.168.142.170
  \options\

>>> t=TCP()
>>> t.display()
###[ TCP ]###
  sport= ftp_data
  dport= http
  seq= 0
  ack= 0
  dataofs= None
  reserved= 0
  flags= S
  window= 8192
  chksum= None
  urgptr= 0
  options= []

>>> request=(i/t)
>>> request.display()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags=
  frag= 0
  ttl= 64
  proto= tcp
  chksum= None
  src= 192.168.142.181
  dst= 192.168.142.170
  \options\
###[ TCP ]###
     sport= ftp_data
     dport= http
     seq= 0
     ack= 0
     dataofs= None
     reserved= 0
     flags= S
     window= 8192
     chksum= None
     urgptr= 0
     options= []

>>> response=sr1(request)
Begin emission:
.Finished sending 1 packets.
*
Received 2 packets, got 1 answers, remaining 0 packets
>>> response.display()
###[ IP ]###
  version= 4
  ihl= 5
  tos= 0x0
  len= 44
  id= 0
  flags= DF
  frag= 0
  ttl= 64
  proto= tcp
  chksum= 0x9c1b
  src= 192.168.142.170
  dst= 192.168.142.181
  \options\
###[ TCP ]###
     sport= http
     dport= ftp_data
     seq= 383470489
     ack= 1
     dataofs= 6
     reserved= 0
     flags= SA
     window= 5840
     chksum= 0x7fbc
     urgptr= 0
     options= [('MSS', 1460)]
###[ Padding ]###
        load= '\x00\x00'

>>> sr1(IP(dst="192.168.142.170")/TCP(dport=80))
Begin emission:
Finished sending 1 packets.
*
Received 1 packets, got 1 answers, remaining 0 packets
<IP  version=4 ihl=5 tos=0x0 len=44 id=0 flags=DF frag=0 ttl=64 proto=tcp chksum=0x9c1b src=192.168.142.170 dst=192.168.142.181 options=[] |<TCP  sport=http dport=ftp_data seq=1571343895 ack=1 dataofs=6 reserved=0 flags=SA window=5840 chksum=0xb670 urgptr=0 options=[('MSS', 1460)] |<Padding  load='\x00\x00' |>>>
>>> response=sr1(IP(dst="192.168.142.170")/TCP(dport=4444))
Begin emission:
.Finished sending 1 packets.
*
Received 2 packets, got 1 answers, remaining 0 packets
>>> response.display()
###[ IP ]###
  version= 4
  ihl= 5
  tos= 0x0
  len= 40
  id= 0
  flags= DF
  frag= 0
  ttl= 64
  proto= tcp
  chksum= 0x9c1f
  src= 192.168.142.170
  dst= 192.168.142.181
  \options\
###[ TCP ]###
     sport= 4444
     dport= ftp_data
     seq= 0
     ack= 1
     dataofs= 5
     reserved= 0
     flags= RA
     window= 0
     chksum= 0xffae
     urgptr= 0
     options= []
###[ Padding ]###
        load= '\x00\x00\x00\x00\x00\x00'

>>>

Penettation testing with the bush Shell的更多相关文章

  1. Practical Web Penettation Testing (the first one Mutillidae 大黄蜂)

    1.now we looke at this book . I decide  to make a brief review the book covers as follows (I straigh ...

  2. Practical Web Penettation Testing (the first one Mutillidae 大黄蜂 之二)

    1.how  to use dpkg cmmand first it can be used for list all software , dpkg -l  (由于kali linux 没有启动所以 ...

  3. (转) [it-ebooks]电子书列表

    [it-ebooks]电子书列表   [2014]: Learning Objective-C by Developing iPhone Games || Leverage Xcode and Obj ...

  4. libsvm 之 easy.py(流程化脚本)注释

    鉴于该脚本的重要性,很有必要对该脚本做一个全面的注释,以便可以灵活的使用libsvm. #!/usr/bin/env python # 这种设置python路径的方法更为科学 import sys i ...

  5. build-your-first-mobile-app(第一个 PhoneGap cordova Coldfusion App)

    摘自:http://www.adobe.com/devnet/coldfusion/articles/build-your-first-mobile-app.html Introduction Use ...

  6. Best Free Hacking E-Books 2017 In PDF Format

    1.Best Free Hacking E-Books 2017 In PDF Format: 电子书籍下载地址 后续我会更新在我的百度云资源 上,需要的留言Black Belt Hacking &a ...

  7. 【译】msfvenom

    原文链接:MSFvenom 1.使用MSFvenom命令行界面 msfvenom是Msfpayload和Msfencode的组合,将这两个工具集成在一个框架实例中. msfvenom的优点是: 一个单 ...

  8. Msfvenom 学习笔记与总结

    平台:Android,可用Payload: android/meterpreter/reverse_http Run a meterpreter server on Android. Tunnel c ...

  9. swift-ios开发pod的使用(1)

    MAC安裝CocoaPods   http://www.cnblogs.com/surge/p/4436360.html 请注意我的环境,这个很重要 xcode版本7.3.2   mac 版本OS X ...

随机推荐

  1. MySQL字符串进行加减乘除的运算

    原文链接:https://www.jianshu.com/p/2ab2c0dc3cb5 在mysql当中,字符串类型间进行加减乘除运算的时候,会截取字符串以数字开头的那一部分数字进行运算,如果字符串前 ...

  2. SpringMVC DispatcherServlet在配置Rest url-pattern的一点技巧

    SpringMVC的Controller中已经有了@RequestMapping(value = "detail.do", method = RequestMethod.GET)的 ...

  3. Python连接SQL Server数据库 - pymssql使用基础

    连接数据库 pymssql连接数据库的方式和使用sqlite的方式基本相同: 使用connect创建连接对象 connect.cursor创建游标对象,SQL语句的执行基本都在游标上进行 cursor ...

  4. DRF之频率限制、分页、解析器和渲染器

    一.频率限制 1.频率限制是做什么的 开放平台的API接口调用需要限制其频率,以节约服务器资源和避免恶意的频繁调用. 2.频率组件原理 DRF中的频率控制基本原理是基于访问次数和时间的,当然我们可以通 ...

  5. 安装 R 包报错 clang: error: unsupported option '-fopenmp' 的解决方法

    MacOS 上安装 R 包 install.packages("data.table") 后面提示是否安装需要编译的版本: Do you want to install from ...

  6. 题解 AT2390 【Games on DAG】

    题目大意 给出一个n个点m条边的DAG,记为G. 可以删掉若干条边成为G′,显然有 2m 种不同的G′. 连边保证:若有 (xi →yi​) 边,则 xi​ < yi . 初始点1和点2有一个标 ...

  7. 题解-洛谷P1303 A*B Problem(高精)

    https://www.luogu.org/problemnew/show/P1303(题目传送门) 看到数据范围,显然要用高精度算法(乘法). 首先用字符串读下这最多达10^2000的数,并判断符号 ...

  8. C# LINQ语法详解

    1.简单的linq语法 var ss = from r in db.Am_recProScheme select r; var ss1 = db.Am_recProScheme; string sss ...

  9. 分布式监控系统开发【day38】:报警自动升级代码解析及测试(八)

    一.报警自动升级代码解析 发送邮件代码 def action_email(self,action_obj,action_operation_obj,host_id,trigger_data): ''' ...

  10. Windows下配置eclipse写WordCount

    1 下载插件 hadoop-eclipse-plugin-2.7.2.jar github上下载源码后需要自己编译.这里使用已经编译好的插件即可 2 配置插件 把插件放到..\eclipse\plug ...