Penettation testing with the bush Shell
1、 Network Reconnaissance
first we can use the command to gather the site information by whois
eg : whois -i mnt-by YAHOO-MNT
2 、dig to gather the DNS informstion
Dig is the essentially a DNS lookup Swiss Army
Using the wiget such as dnsmap for example : dns baidu.com besides it , we often use other arguments such as : dnsmap doman -w (指定参数列表)、 dnsmap doman -r(指定保存的结果文件)、dnsmap domain -c (指定保存的文件类型使用CSV格式)、 dnsmap domian -i (指定要遍历的IP范围)
3 、Enumerating targets on the local network
we can use the namp to gathering the system information
namp -sn (the switch -sn tell the Nmap to use the ICMP protocol to determine whether the hosts in the mentioned range reachable )
another wiget is metasploit
4、 Stealth scanning with Scapy
fisrt to demonstrate has SYN scan is performed .we craft a SYN request using Scapy ,and identify the response associated with open port , closed port ,and noresponse system ,to scan a TCP SYN request to any given port ,we first need to build the layer of this request ,the first layer that we can construct is the IP layer
>>> i=IP()
>>> i.display()
###[ IP ]###
version= 4
ihl= None
tos= 0x0
len= None
id= 1
flags=
frag= 0
ttl= 64
proto= hopopt
chksum= None
src= 127.0.0.1
dst= 127.0.0.1
\options\
>>> i.dst="192.168.142.170"
>>> i.display()
###[ IP ]###
version= 4
ihl= None
tos= 0x0
len= None
id= 1
flags=
frag= 0
ttl= 64
proto= hopopt
chksum= None
src= 192.168.142.181
dst= 192.168.142.170
\options\
>>> t=TCP()
>>> t.display()
###[ TCP ]###
sport= ftp_data
dport= http
seq= 0
ack= 0
dataofs= None
reserved= 0
flags= S
window= 8192
chksum= None
urgptr= 0
options= []
>>> request=(i/t)
>>> request.display()
###[ IP ]###
version= 4
ihl= None
tos= 0x0
len= None
id= 1
flags=
frag= 0
ttl= 64
proto= tcp
chksum= None
src= 192.168.142.181
dst= 192.168.142.170
\options\
###[ TCP ]###
sport= ftp_data
dport= http
seq= 0
ack= 0
dataofs= None
reserved= 0
flags= S
window= 8192
chksum= None
urgptr= 0
options= []
>>> response=sr1(request)
Begin emission:
.Finished sending 1 packets.
*
Received 2 packets, got 1 answers, remaining 0 packets
>>> response.display()
###[ IP ]###
version= 4
ihl= 5
tos= 0x0
len= 44
id= 0
flags= DF
frag= 0
ttl= 64
proto= tcp
chksum= 0x9c1b
src= 192.168.142.170
dst= 192.168.142.181
\options\
###[ TCP ]###
sport= http
dport= ftp_data
seq= 383470489
ack= 1
dataofs= 6
reserved= 0
flags= SA
window= 5840
chksum= 0x7fbc
urgptr= 0
options= [('MSS', 1460)]
###[ Padding ]###
load= '\x00\x00'
>>> sr1(IP(dst="192.168.142.170")/TCP(dport=80))
Begin emission:
Finished sending 1 packets.
*
Received 1 packets, got 1 answers, remaining 0 packets
<IP version=4 ihl=5 tos=0x0 len=44 id=0 flags=DF frag=0 ttl=64 proto=tcp chksum=0x9c1b src=192.168.142.170 dst=192.168.142.181 options=[] |<TCP sport=http dport=ftp_data seq=1571343895 ack=1 dataofs=6 reserved=0 flags=SA window=5840 chksum=0xb670 urgptr=0 options=[('MSS', 1460)] |<Padding load='\x00\x00' |>>>
>>> response=sr1(IP(dst="192.168.142.170")/TCP(dport=4444))
Begin emission:
.Finished sending 1 packets.
*
Received 2 packets, got 1 answers, remaining 0 packets
>>> response.display()
###[ IP ]###
version= 4
ihl= 5
tos= 0x0
len= 40
id= 0
flags= DF
frag= 0
ttl= 64
proto= tcp
chksum= 0x9c1f
src= 192.168.142.170
dst= 192.168.142.181
\options\
###[ TCP ]###
sport= 4444
dport= ftp_data
seq= 0
ack= 1
dataofs= 5
reserved= 0
flags= RA
window= 0
chksum= 0xffae
urgptr= 0
options= []
###[ Padding ]###
load= '\x00\x00\x00\x00\x00\x00'
>>>
Penettation testing with the bush Shell的更多相关文章
- Practical Web Penettation Testing (the first one Mutillidae 大黄蜂)
1.now we looke at this book . I decide to make a brief review the book covers as follows (I straigh ...
- Practical Web Penettation Testing (the first one Mutillidae 大黄蜂 之二)
1.how to use dpkg cmmand first it can be used for list all software , dpkg -l (由于kali linux 没有启动所以 ...
- (转) [it-ebooks]电子书列表
[it-ebooks]电子书列表 [2014]: Learning Objective-C by Developing iPhone Games || Leverage Xcode and Obj ...
- libsvm 之 easy.py(流程化脚本)注释
鉴于该脚本的重要性,很有必要对该脚本做一个全面的注释,以便可以灵活的使用libsvm. #!/usr/bin/env python # 这种设置python路径的方法更为科学 import sys i ...
- build-your-first-mobile-app(第一个 PhoneGap cordova Coldfusion App)
摘自:http://www.adobe.com/devnet/coldfusion/articles/build-your-first-mobile-app.html Introduction Use ...
- Best Free Hacking E-Books 2017 In PDF Format
1.Best Free Hacking E-Books 2017 In PDF Format: 电子书籍下载地址 后续我会更新在我的百度云资源 上,需要的留言Black Belt Hacking &a ...
- 【译】msfvenom
原文链接:MSFvenom 1.使用MSFvenom命令行界面 msfvenom是Msfpayload和Msfencode的组合,将这两个工具集成在一个框架实例中. msfvenom的优点是: 一个单 ...
- Msfvenom 学习笔记与总结
平台:Android,可用Payload: android/meterpreter/reverse_http Run a meterpreter server on Android. Tunnel c ...
- swift-ios开发pod的使用(1)
MAC安裝CocoaPods http://www.cnblogs.com/surge/p/4436360.html 请注意我的环境,这个很重要 xcode版本7.3.2 mac 版本OS X ...
随机推荐
- Python中的可视化神器:pyecharts
pyecharts是一款将python与echarts结合的强大的数据可视化工具,本文将为你阐述pyecharts的使用细则 前言 我们都知道python上的一款可视化工具matplotlib,而前些 ...
- Scanner和BufferReader的效率问题
先给出一道题,测试平台是Acwing, 这道题是腾讯2019年春招提前批笔试第二题.题目不难,但是如果不注意细节,很容易TLE(超时) https://www.acwing.com/problem/c ...
- Monkey简介
Monkey简介 在Android的官方自动化测试领域有一只非常著名的“猴子”叫Monkey,这只“猴子”一旦启动,就会让被测的Android应用程序像猴子一样活蹦乱跳,到处乱跑.人们常用这只“猴子” ...
- Docker Online - Web Lab
直接使用浏览器来用Docker http://play-with-docker.cn/
- Codeforces Round #513 总结
首次正式的$Codeforces$比赛啊,虽然滚粗了,然而终于有$rating$了…… #A Phone Numbers 签到题,然而我第一次写挂了(因为把11看成8了……) 只需要判断一下有多少个 ...
- LOJ#2553 暴力写挂
题意:给定两棵树T1,T2,求d1[x] + d1[y] - d1[lca1(x, y)] - d2[lca2(x, y)]的最大值. 解:考虑把上面这个毒瘤东西化一下.发现它就是T1中x,y到根的路 ...
- django-url的分发
1)url的分发: 1,首先在全局的url里面的路径中写好,你要分发的路径名. 2,并且在你要分发的路径下,创好新的url文件. 在分发的路径名里面,把全局url里面的代码,复制过来 3,最后在浏览器 ...
- [Android] 免费天气预报接口
[Android] 免费天气预报接口 这是 国家气象局提供的天气预报接口 [免费] 当然,网上有很多的收费API或者每天定次数的接口 使用 国家气象局 的步骤如下: 1.首先获取城市ID号 北京:10 ...
- fstat函数
一.函数原型 #include<sys/stat.h> #include<unistd.h> int fstat(int fildes,struct stat *buf); 返 ...
- docker学习-----docker服务的安装
docker 以下观点个人理解,只做参考 一.docker本身的优势 1.docker他本身是一个容器,用来方便我们项目打包,做服务器虚拟化,统一开发者环境等多种优势:运行于docker上的项目可以快 ...