General idea of penetration testing
- Investigate
- collect message
- Vulnerability scanning
- Exploit
- Elevated privileges
- Stay connected
The experiment uses only information gathering, vulnerability scanning and exploits
Attack: Kali2.0 64 Wei (192.168.41.131)
Target: Win7 64 bit (192.168.41.137)
Knowledge used in this experiment
Nmap:
-A detailed scan OS fingerprinting and version detection
-sS the SYN scan (scan semijoins)
-sT full connection scan
-sV detection service version
-p -sN 21,22,80,1433,3360 192.168.1.3 -oX ports listed dk.html scan and save it as dk.html
Nessus:
Configure a custom scan policy
Metasploit:
search exploit code to view details of the exploit code
use NameDescription select attack
rhost the SET dstIP set the target host ip
lhost SET srcIP provided local ip
exploit the use of
step:
First, the use Nmap scan
Scan takes too long, directly on the results of the scan in addition to the two hosts outside of Kali: 192.168.41.137,192.168.43.112
Two, Nessus scan
2.1, configure the scan name, description and objectives
2.2, start scanning, view scan results
2.3, select a host as a target and view the target host vulnerability
Details 2.4, see loopholes
Three, Metasploit exploit
3.1、打开Metasploit,查看M12-020漏洞的两个描述信息:
normal MS12-020 Microsoft Remote Desktop Use-After-Free DoS(正常的MS12—020微软远程桌面免费使用后的DoS)
normal MS12-020 Microsoft Remote Desktop Checker(正常的MS12020微软远程桌面检查器)
3.2、我选用第一种,会导致目标机蓝屏,设置目标主机IP,攻击机IP,然后exploit利用
3.4、观察目标机,已经蓝屏