当前位置:网站首页>Intranet information collection of Intranet penetration (4)
Intranet information collection of Intranet penetration (4)
2022-07-06 14:17:00 【Unknown white hat】
Catalog
Metasploit Intranet information collection
12 Service scanning and checking
Metasploit Intranet information collection
attack kali 192.168.0.103
Drone aircraft win7 192.168.0.105
09scraper
run scraper( Collect the common information on the target machine, download and save it locally )
/root/.msf4/logs/scripts/scraper
09winenum
run winenum( Collect some current systems , User group related information )
/root/.msf4/logs/scripts/winenum
10msf The host found
The module is located in the source code path modules/auxiliary/scanner/discovery/
There are mainly :
arp_sweep
ipv6_mulitcast_ping
ipv6_neighbor
ipv6_neighbor_router_advertisement
udp_probe
udp_sweep
11msf Port scanning
msf> search portscan
auxiliary/scanner/portscan/ack // adopt ACK Scan the way on the firewall is not shielded port detection
auxiliary/scanner/portscan/ftpbounce // adopt FTP bounce The principle of attack is right TCP Services , Some new software can prevent this attack well , But it can still be used on the old system
auxiliary/scanner/portscan/syn // Use send TCP SYN Flag to detect open ports
auxiliary/scanner/portscan/tcp // Through a complete TCP Connect to determine whether the port is open , The most accurate but the slowest
auxiliary/scanner/portscan/xmas // A more secretive scanning method , By sending FIN·PSH·URG sign , Can avoid some advanced TCP Filtering of tag detector
In general, it is recommended to use syn Port scanner · Faster · The results are accurate · Not easy to be noticed by the other party
syn The use of scanners
use auxiliary/scanner/portscan/syn
set rhosts 192.168.0.105/24
set threads 20
exploit
12 Service scanning and checking
After determining the open port , Mining the service information running on the corresponding port
stay Metasploit Of Scanner In auxiliary module , Tools for service scanning and enumeration are often used in [service_name]_version and [service_name]_login name
[service_name]_version It can be used to traverse hosts that contain certain services in the network , And further determine the version of the service
[service_name]_login Password detection attacks can be carried out on certain services
stay msf The terminal can input
search name:_version
View all available service enumeration modules
边栏推荐
- A complete collection of papers on text recognition
- Data mining - a discussion on sample imbalance in classification problems
- Network layer - simple ARP disconnection
- 浅谈漏洞发现思路
- Canvas foundation 1 - draw a straight line (easy to understand)
- 7-11 mechanic mustadio (PTA program design)
- List and data frame of R language experiment III
- . How to upload XMIND files to Jinshan document sharing online editing?
- Hackmyvm target series (2) -warrior
- Strengthen basic learning records
猜你喜欢
Xray and Burp linked Mining
HackMyvm靶機系列(3)-visions
7-5 staircase upgrade (PTA program design)
内网渗透之内网信息收集(一)
Package bedding of components
Hackmyvm target series (7) -tron
HackMyvm靶机系列(5)-warez
Programme de jeu de cartes - confrontation homme - machine
Mixlab unbounded community white paper officially released
How to turn wechat applet into uniapp
随机推荐
7-4 hash table search (PTA program design)
How to understand the difference between technical thinking and business thinking in Bi?
Nuxtjs quick start (nuxt2)
[three paradigms of database] you can understand it at a glance
记一次api接口SQL注入实战
WEB漏洞-文件操作之文件包含漏洞
内网渗透之内网信息收集(二)
HackMyvm靶机系列(1)-webmaster
Tencent map circle
7-3 construction hash table (PTA program design)
强化学习基础记录
Canvas foundation 2 - arc - draw arc
实验四 数组
Network layer - simple ARP disconnection
7-9 制作门牌号3.0(PTA程序设计)
[VMware abnormal problems] problem analysis & Solutions
How to turn wechat applet into uniapp
【MySQL-表结构与完整性约束的修改(ALTER)】
Analysis of penetration test learning and actual combat stage
内网渗透之内网信息收集(四)