zoukankan      html  css  js  c++  java
  • Penettation testing with the bush Shell

    1、  Network Reconnaissance

     first we can use the command to gather the site information by whois

          eg : whois -i mnt-by YAHOO-MNT

    2 、dig to gather the DNS informstion

            Dig is the essentially a DNS lookup Swiss Army

        Using the wiget such as      dnsmap    for example   :  dns baidu.com      besides it ,   we often use other arguments  such as  :  dnsmap doman  -w  (指定参数列表)、  dnsmap doman -r(指定保存的结果文件)、dnsmap domain -c (指定保存的文件类型使用CSV格式)、  dnsmap domian -i (指定要遍历的IP范围)

    3  、Enumerating targets on the local network

       we can use the namp  to gathering the system information

        namp  -sn   (the   switch   -sn tell the Nmap to use the ICMP protocol to determine whether the hosts in the mentioned range reachable )

       another wiget is metasploit 

    4、 Stealth scanning with Scapy 

           fisrt   to demonstrate has SYN scan is performed .we craft  a SYN request using Scapy ,and identify the response associated with open port , closed port ,and noresponse system ,to scan a TCP SYN request to any given port ,we first need to build the layer of this  request  ,the first layer that we can construct is the IP layer

        >>> i=IP()
    >>> i.display()
    ###[ IP ]###
      version= 4
      ihl= None
      tos= 0x0
      len= None
      id= 1
      flags=
      frag= 0
      ttl= 64
      proto= hopopt
      chksum= None
      src= 127.0.0.1
      dst= 127.0.0.1
      options

    >>> i.dst="192.168.142.170"
    >>> i.display()
    ###[ IP ]###
      version= 4
      ihl= None
      tos= 0x0
      len= None
      id= 1
      flags=
      frag= 0
      ttl= 64
      proto= hopopt
      chksum= None
      src= 192.168.142.181
      dst= 192.168.142.170
      options

    >>> t=TCP()
    >>> t.display()
    ###[ TCP ]###
      sport= ftp_data
      dport= http
      seq= 0
      ack= 0
      dataofs= None
      reserved= 0
      flags= S
      window= 8192
      chksum= None
      urgptr= 0
      options= []

    >>> request=(i/t)
    >>> request.display()
    ###[ IP ]###
      version= 4
      ihl= None
      tos= 0x0
      len= None
      id= 1
      flags=
      frag= 0
      ttl= 64
      proto= tcp
      chksum= None
      src= 192.168.142.181
      dst= 192.168.142.170
      options
    ###[ TCP ]###
         sport= ftp_data
         dport= http
         seq= 0
         ack= 0
         dataofs= None
         reserved= 0
         flags= S
         window= 8192
         chksum= None
         urgptr= 0
         options= []

    >>> response=sr1(request)
    Begin emission:
    .Finished sending 1 packets.
    *
    Received 2 packets, got 1 answers, remaining 0 packets
    >>> response.display()
    ###[ IP ]###
      version= 4
      ihl= 5
      tos= 0x0
      len= 44
      id= 0
      flags= DF
      frag= 0
      ttl= 64
      proto= tcp
      chksum= 0x9c1b
      src= 192.168.142.170
      dst= 192.168.142.181
      options
    ###[ TCP ]###
         sport= http
         dport= ftp_data
         seq= 383470489
         ack= 1
         dataofs= 6
         reserved= 0
         flags= SA
         window= 5840
         chksum= 0x7fbc
         urgptr= 0
         options= [('MSS', 1460)]
    ###[ Padding ]###
            load= 'x00x00'

    >>> sr1(IP(dst="192.168.142.170")/TCP(dport=80))
    Begin emission:
    Finished sending 1 packets.
    *
    Received 1 packets, got 1 answers, remaining 0 packets
    <IP  version=4 ihl=5 tos=0x0 len=44 id=0 flags=DF frag=0 ttl=64 proto=tcp chksum=0x9c1b src=192.168.142.170 dst=192.168.142.181 options=[] |<TCP  sport=http dport=ftp_data seq=1571343895 ack=1 dataofs=6 reserved=0 flags=SA window=5840 chksum=0xb670 urgptr=0 options=[('MSS', 1460)] |<Padding  load='x00x00' |>>>
    >>> response=sr1(IP(dst="192.168.142.170")/TCP(dport=4444))
    Begin emission:
    .Finished sending 1 packets.
    *
    Received 2 packets, got 1 answers, remaining 0 packets
    >>> response.display()
    ###[ IP ]###
      version= 4
      ihl= 5
      tos= 0x0
      len= 40
      id= 0
      flags= DF
      frag= 0
      ttl= 64
      proto= tcp
      chksum= 0x9c1f
      src= 192.168.142.170
      dst= 192.168.142.181
      options
    ###[ TCP ]###
         sport= 4444
         dport= ftp_data
         seq= 0
         ack= 1
         dataofs= 5
         reserved= 0
         flags= RA
         window= 0
         chksum= 0xffae
         urgptr= 0
         options= []
    ###[ Padding ]###
            load= 'x00x00x00x00x00x00'

    >>>

  • 相关阅读:
    C#规范整理·异常与自定义异常
    C#规范整理·资源管理和序列化
    C#规范整理·泛型委托事件
    C#规范整理·集合和Linq
    <抽象工厂>比<工厂方法>多了啥(区别)
    <工厂方法>比<简单工厂>多了啥(区别)
    Unable to start Ocelot because either a ReRoute or GlobalConfiguration
    MySQL服务安装
    mysql登录报错“Access denied for user 'root'@'localhost' (using password: YES”)的处理方法
    使用博客系统发生_STORAGE_WRITE_ERROR_错误
  • 原文地址:https://www.cnblogs.com/xinxianquan/p/10274515.html
Copyright © 2011-2022 走看看