Penettation testing with the bush Shell
1、 Network Reconnaissance
first we can use the command to gather the site information by whois
eg : whois -i mnt-by YAHOO-MNT

2 、dig to gather the DNS informstion
Dig is the essentially a DNS lookup Swiss Army
Using the wiget such as dnsmap for example : dns baidu.com besides it , we often use other arguments such as : dnsmap doman -w (指定参数列表)、 dnsmap doman -r(指定保存的结果文件)、dnsmap domain -c (指定保存的文件类型使用CSV格式)、 dnsmap domian -i (指定要遍历的IP范围)

3 、Enumerating targets on the local network
we can use the namp to gathering the system information
namp -sn (the switch -sn tell the Nmap to use the ICMP protocol to determine whether the hosts in the mentioned range reachable )
another wiget is metasploit
4、 Stealth scanning with Scapy
fisrt to demonstrate has SYN scan is performed .we craft a SYN request using Scapy ,and identify the response associated with open port , closed port ,and noresponse system ,to scan a TCP SYN request to any given port ,we first need to build the layer of this request ,the first layer that we can construct is the IP layer
>>> i=IP()
>>> i.display()
###[ IP ]###
version= 4
ihl= None
tos= 0x0
len= None
id= 1
flags=
frag= 0
ttl= 64
proto= hopopt
chksum= None
src= 127.0.0.1
dst= 127.0.0.1
\options\
>>> i.dst="192.168.142.170"
>>> i.display()
###[ IP ]###
version= 4
ihl= None
tos= 0x0
len= None
id= 1
flags=
frag= 0
ttl= 64
proto= hopopt
chksum= None
src= 192.168.142.181
dst= 192.168.142.170
\options\
>>> t=TCP()
>>> t.display()
###[ TCP ]###
sport= ftp_data
dport= http
seq= 0
ack= 0
dataofs= None
reserved= 0
flags= S
window= 8192
chksum= None
urgptr= 0
options= []
>>> request=(i/t)
>>> request.display()
###[ IP ]###
version= 4
ihl= None
tos= 0x0
len= None
id= 1
flags=
frag= 0
ttl= 64
proto= tcp
chksum= None
src= 192.168.142.181
dst= 192.168.142.170
\options\
###[ TCP ]###
sport= ftp_data
dport= http
seq= 0
ack= 0
dataofs= None
reserved= 0
flags= S
window= 8192
chksum= None
urgptr= 0
options= []
>>> response=sr1(request)
Begin emission:
.Finished sending 1 packets.
*
Received 2 packets, got 1 answers, remaining 0 packets
>>> response.display()
###[ IP ]###
version= 4
ihl= 5
tos= 0x0
len= 44
id= 0
flags= DF
frag= 0
ttl= 64
proto= tcp
chksum= 0x9c1b
src= 192.168.142.170
dst= 192.168.142.181
\options\
###[ TCP ]###
sport= http
dport= ftp_data
seq= 383470489
ack= 1
dataofs= 6
reserved= 0
flags= SA
window= 5840
chksum= 0x7fbc
urgptr= 0
options= [('MSS', 1460)]
###[ Padding ]###
load= '\x00\x00'
>>> sr1(IP(dst="192.168.142.170")/TCP(dport=80))
Begin emission:
Finished sending 1 packets.
*
Received 1 packets, got 1 answers, remaining 0 packets
<IP version=4 ihl=5 tos=0x0 len=44 id=0 flags=DF frag=0 ttl=64 proto=tcp chksum=0x9c1b src=192.168.142.170 dst=192.168.142.181 options=[] |<TCP sport=http dport=ftp_data seq=1571343895 ack=1 dataofs=6 reserved=0 flags=SA window=5840 chksum=0xb670 urgptr=0 options=[('MSS', 1460)] |<Padding load='\x00\x00' |>>>
>>> response=sr1(IP(dst="192.168.142.170")/TCP(dport=4444))
Begin emission:
.Finished sending 1 packets.
*
Received 2 packets, got 1 answers, remaining 0 packets
>>> response.display()
###[ IP ]###
version= 4
ihl= 5
tos= 0x0
len= 40
id= 0
flags= DF
frag= 0
ttl= 64
proto= tcp
chksum= 0x9c1f
src= 192.168.142.170
dst= 192.168.142.181
\options\
###[ TCP ]###
sport= 4444
dport= ftp_data
seq= 0
ack= 1
dataofs= 5
reserved= 0
flags= RA
window= 0
chksum= 0xffae
urgptr= 0
options= []
###[ Padding ]###
load= '\x00\x00\x00\x00\x00\x00'
>>>
Penettation testing with the bush Shell的更多相关文章
- Practical Web Penettation Testing (the first one Mutillidae 大黄蜂)
1.now we looke at this book . I decide to make a brief review the book covers as follows (I straigh ...
- Practical Web Penettation Testing (the first one Mutillidae 大黄蜂 之二)
1.how to use dpkg cmmand first it can be used for list all software , dpkg -l (由于kali linux 没有启动所以 ...
- (转) [it-ebooks]电子书列表
[it-ebooks]电子书列表 [2014]: Learning Objective-C by Developing iPhone Games || Leverage Xcode and Obj ...
- libsvm 之 easy.py(流程化脚本)注释
鉴于该脚本的重要性,很有必要对该脚本做一个全面的注释,以便可以灵活的使用libsvm. #!/usr/bin/env python # 这种设置python路径的方法更为科学 import sys i ...
- build-your-first-mobile-app(第一个 PhoneGap cordova Coldfusion App)
摘自:http://www.adobe.com/devnet/coldfusion/articles/build-your-first-mobile-app.html Introduction Use ...
- Best Free Hacking E-Books 2017 In PDF Format
1.Best Free Hacking E-Books 2017 In PDF Format: 电子书籍下载地址 后续我会更新在我的百度云资源 上,需要的留言Black Belt Hacking &a ...
- 【译】msfvenom
原文链接:MSFvenom 1.使用MSFvenom命令行界面 msfvenom是Msfpayload和Msfencode的组合,将这两个工具集成在一个框架实例中. msfvenom的优点是: 一个单 ...
- Msfvenom 学习笔记与总结
平台:Android,可用Payload: android/meterpreter/reverse_http Run a meterpreter server on Android. Tunnel c ...
- swift-ios开发pod的使用(1)
MAC安裝CocoaPods http://www.cnblogs.com/surge/p/4436360.html 请注意我的环境,这个很重要 xcode版本7.3.2 mac 版本OS X ...
随机推荐
- Linux 默认连接数
Linux 默认连接数 - 国内版 Binghttps://cn.bing.com/search?FORM=U227DF&PC=U227&q=Linux+%E9%BB%98%E8%AE ...
- SpringMVC整合freeMarker实现页面静态化+SpringMVC配置多视图
一.背景 1.什么是FreeMarker FreeMarker是一个模板引擎,一个基于模板生成文本输出的通用工具,使用纯Java编写 FreeMarker被设计用来生成HTML Web页面,特别是基于 ...
- 【转】How to create a new user and grant permissions in MySQL
MySQL is one of the most popular database management systems. In this tutorial we will cover the ste ...
- VMware Workstation 10序列号:
VMware Workstation 10序列号:1Y0LW-4WJ9N-LZ5G9-Z81QP-92PN7
- 【XSY2921】yja 拉格朗日乘法
题目描述 在平面上找 \(n\) 个点,要求这 \(n\) 个点离原点的距离分别是 \(r_1,r_2,\ldots,r_n\),最大化这 \(n\) 个点构成的土包的面积.这些点的顺序任意. \(n ...
- MAGENTO for XAMPP install config -搬家配置与安装配置
MEGENTO . 2.2.3 . 支持 PHP version is 7.0.2|7.0.4|~7.0.6|~7.1.0 虚拟机主机配置 环境扩展配置 其他错误 httpd-conf —— ...
- 用Spring构建企业Java应用程序的方法
https://mp.weixin.qq.com/s?__biz=MzU0MDEwMjgwNA==&mid=2247484965&idx=1&sn=ca6b847c65e506 ...
- WS_TABSTOP 与 BS_DEFPUSHBUTTON 第一次使有
关于 WS_TABSTOP,我一直没搞明白,为何加了 WS_TABSTOP ,当按下 Tab 键时,窗口中的控件还是不能自动的切换焦点. 为何 SetFocus(hwnd); 后,虽然按钮已获得焦点, ...
- vue常用手册
1.搭建vue的开发环境: 1.必须要安装node.js 2.安装vue的脚手架工具 官方命令行工具 npm install --global vue-cli 3.新建项目 vue init webp ...
- Swagger - ui 学习
今天同组的打伙伴给介绍了 Swagger-ui 这个 自动生成 接口文档的 工具,感觉比较方便好用, 遂决定 学习一下, 开个随笔进行随时记录,同时也是提醒自己 先保存两篇感觉还不错的文章 : htt ...