1、  Network Reconnaissance

first we can use the command to gather the site information by whois

eg : whois -i mnt-by YAHOO-MNT

2 、dig to gather the DNS informstion

Dig is the essentially a DNS lookup Swiss Army

Using the wiget such as      dnsmap    for example   :  dns baidu.com      besides it ,   we often use other arguments  such as  :  dnsmap doman  -w  (指定参数列表)、  dnsmap doman -r(指定保存的结果文件)、dnsmap domain -c (指定保存的文件类型使用CSV格式)、  dnsmap domian -i (指定要遍历的IP范围)

3  、Enumerating targets on the local network

we can use the namp  to gathering the system information

namp  -sn   (the   switch   -sn tell the Nmap to use the ICMP protocol to determine whether the hosts in the mentioned range reachable )

another wiget is metasploit

4、 Stealth scanning with Scapy

fisrt   to demonstrate has SYN scan is performed .we craft  a SYN request using Scapy ,and identify the response associated with open port , closed port ,and noresponse system ,to scan a TCP SYN request to any given port ,we first need to build the layer of this  request  ,the first layer that we can construct is the IP layer

>>> i=IP()
>>> i.display()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags=
  frag= 0
  ttl= 64
  proto= hopopt
  chksum= None
  src= 127.0.0.1
  dst= 127.0.0.1
  \options\

>>> i.dst="192.168.142.170"
>>> i.display()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags=
  frag= 0
  ttl= 64
  proto= hopopt
  chksum= None
  src= 192.168.142.181
  dst= 192.168.142.170
  \options\

>>> t=TCP()
>>> t.display()
###[ TCP ]###
  sport= ftp_data
  dport= http
  seq= 0
  ack= 0
  dataofs= None
  reserved= 0
  flags= S
  window= 8192
  chksum= None
  urgptr= 0
  options= []

>>> request=(i/t)
>>> request.display()
###[ IP ]###
  version= 4
  ihl= None
  tos= 0x0
  len= None
  id= 1
  flags=
  frag= 0
  ttl= 64
  proto= tcp
  chksum= None
  src= 192.168.142.181
  dst= 192.168.142.170
  \options\
###[ TCP ]###
     sport= ftp_data
     dport= http
     seq= 0
     ack= 0
     dataofs= None
     reserved= 0
     flags= S
     window= 8192
     chksum= None
     urgptr= 0
     options= []

>>> response=sr1(request)
Begin emission:
.Finished sending 1 packets.
*
Received 2 packets, got 1 answers, remaining 0 packets
>>> response.display()
###[ IP ]###
  version= 4
  ihl= 5
  tos= 0x0
  len= 44
  id= 0
  flags= DF
  frag= 0
  ttl= 64
  proto= tcp
  chksum= 0x9c1b
  src= 192.168.142.170
  dst= 192.168.142.181
  \options\
###[ TCP ]###
     sport= http
     dport= ftp_data
     seq= 383470489
     ack= 1
     dataofs= 6
     reserved= 0
     flags= SA
     window= 5840
     chksum= 0x7fbc
     urgptr= 0
     options= [('MSS', 1460)]
###[ Padding ]###
        load= '\x00\x00'

>>> sr1(IP(dst="192.168.142.170")/TCP(dport=80))
Begin emission:
Finished sending 1 packets.
*
Received 1 packets, got 1 answers, remaining 0 packets
<IP  version=4 ihl=5 tos=0x0 len=44 id=0 flags=DF frag=0 ttl=64 proto=tcp chksum=0x9c1b src=192.168.142.170 dst=192.168.142.181 options=[] |<TCP  sport=http dport=ftp_data seq=1571343895 ack=1 dataofs=6 reserved=0 flags=SA window=5840 chksum=0xb670 urgptr=0 options=[('MSS', 1460)] |<Padding  load='\x00\x00' |>>>
>>> response=sr1(IP(dst="192.168.142.170")/TCP(dport=4444))
Begin emission:
.Finished sending 1 packets.
*
Received 2 packets, got 1 answers, remaining 0 packets
>>> response.display()
###[ IP ]###
  version= 4
  ihl= 5
  tos= 0x0
  len= 40
  id= 0
  flags= DF
  frag= 0
  ttl= 64
  proto= tcp
  chksum= 0x9c1f
  src= 192.168.142.170
  dst= 192.168.142.181
  \options\
###[ TCP ]###
     sport= 4444
     dport= ftp_data
     seq= 0
     ack= 1
     dataofs= 5
     reserved= 0
     flags= RA
     window= 0
     chksum= 0xffae
     urgptr= 0
     options= []
###[ Padding ]###
        load= '\x00\x00\x00\x00\x00\x00'

>>>

Penettation testing with the bush Shell的更多相关文章

  1. Practical Web Penettation Testing (the first one Mutillidae 大黄蜂)

    1.now we looke at this book . I decide  to make a brief review the book covers as follows (I straigh ...

  2. Practical Web Penettation Testing (the first one Mutillidae 大黄蜂 之二)

    1.how  to use dpkg cmmand first it can be used for list all software , dpkg -l  (由于kali linux 没有启动所以 ...

  3. (转) [it-ebooks]电子书列表

    [it-ebooks]电子书列表   [2014]: Learning Objective-C by Developing iPhone Games || Leverage Xcode and Obj ...

  4. libsvm 之 easy.py(流程化脚本)注释

    鉴于该脚本的重要性,很有必要对该脚本做一个全面的注释,以便可以灵活的使用libsvm. #!/usr/bin/env python # 这种设置python路径的方法更为科学 import sys i ...

  5. build-your-first-mobile-app(第一个 PhoneGap cordova Coldfusion App)

    摘自:http://www.adobe.com/devnet/coldfusion/articles/build-your-first-mobile-app.html Introduction Use ...

  6. Best Free Hacking E-Books 2017 In PDF Format

    1.Best Free Hacking E-Books 2017 In PDF Format: 电子书籍下载地址 后续我会更新在我的百度云资源 上,需要的留言Black Belt Hacking &a ...

  7. 【译】msfvenom

    原文链接:MSFvenom 1.使用MSFvenom命令行界面 msfvenom是Msfpayload和Msfencode的组合,将这两个工具集成在一个框架实例中. msfvenom的优点是: 一个单 ...

  8. Msfvenom 学习笔记与总结

    平台:Android,可用Payload: android/meterpreter/reverse_http Run a meterpreter server on Android. Tunnel c ...

  9. swift-ios开发pod的使用(1)

    MAC安裝CocoaPods   http://www.cnblogs.com/surge/p/4436360.html 请注意我的环境,这个很重要 xcode版本7.3.2   mac 版本OS X ...

随机推荐

  1. Linux 默认连接数

    Linux 默认连接数 - 国内版 Binghttps://cn.bing.com/search?FORM=U227DF&PC=U227&q=Linux+%E9%BB%98%E8%AE ...

  2. SpringMVC整合freeMarker实现页面静态化+SpringMVC配置多视图

    一.背景 1.什么是FreeMarker FreeMarker是一个模板引擎,一个基于模板生成文本输出的通用工具,使用纯Java编写 FreeMarker被设计用来生成HTML Web页面,特别是基于 ...

  3. 【转】How to create a new user and grant permissions in MySQL

    MySQL is one of the most popular database management systems. In this tutorial we will cover the ste ...

  4. VMware Workstation 10序列号:

    VMware Workstation 10序列号:1Y0LW-4WJ9N-LZ5G9-Z81QP-92PN7

  5. 【XSY2921】yja 拉格朗日乘法

    题目描述 在平面上找 \(n\) 个点,要求这 \(n\) 个点离原点的距离分别是 \(r_1,r_2,\ldots,r_n\),最大化这 \(n\) 个点构成的土包的面积.这些点的顺序任意. \(n ...

  6. MAGENTO for XAMPP install config -搬家配置与安装配置

    MEGENTO . 2.2.3 .   支持  PHP version is 7.0.2|7.0.4|~7.0.6|~7.1.0 虚拟机主机配置 环境扩展配置 其他错误 httpd-conf  ——  ...

  7. 用Spring构建企业Java应用程序的方法

    https://mp.weixin.qq.com/s?__biz=MzU0MDEwMjgwNA==&mid=2247484965&idx=1&sn=ca6b847c65e506 ...

  8. WS_TABSTOP 与 BS_DEFPUSHBUTTON 第一次使有

    关于 WS_TABSTOP,我一直没搞明白,为何加了 WS_TABSTOP ,当按下 Tab 键时,窗口中的控件还是不能自动的切换焦点. 为何 SetFocus(hwnd); 后,虽然按钮已获得焦点, ...

  9. vue常用手册

    1.搭建vue的开发环境: 1.必须要安装node.js 2.安装vue的脚手架工具 官方命令行工具 npm install --global vue-cli 3.新建项目 vue init webp ...

  10. Swagger - ui 学习

    今天同组的打伙伴给介绍了 Swagger-ui 这个 自动生成 接口文档的 工具,感觉比较方便好用, 遂决定 学习一下, 开个随笔进行随时记录,同时也是提醒自己 先保存两篇感觉还不错的文章 : htt ...