当前位置:网站首页>Intranet information collection of Intranet penetration (4)
Intranet information collection of Intranet penetration (4)
2022-07-06 14:17:00 【Unknown white hat】
Catalog
Metasploit Intranet information collection
12 Service scanning and checking
Metasploit Intranet information collection
attack kali 192.168.0.103
Drone aircraft win7 192.168.0.105
09scraper
run scraper( Collect the common information on the target machine, download and save it locally )
/root/.msf4/logs/scripts/scraper
09winenum
run winenum( Collect some current systems , User group related information )
/root/.msf4/logs/scripts/winenum
10msf The host found
The module is located in the source code path modules/auxiliary/scanner/discovery/
There are mainly :
arp_sweep
ipv6_mulitcast_ping
ipv6_neighbor
ipv6_neighbor_router_advertisement
udp_probe
udp_sweep
11msf Port scanning
msf> search portscan
auxiliary/scanner/portscan/ack // adopt ACK Scan the way on the firewall is not shielded port detection
auxiliary/scanner/portscan/ftpbounce // adopt FTP bounce The principle of attack is right TCP Services , Some new software can prevent this attack well , But it can still be used on the old system
auxiliary/scanner/portscan/syn // Use send TCP SYN Flag to detect open ports
auxiliary/scanner/portscan/tcp // Through a complete TCP Connect to determine whether the port is open , The most accurate but the slowest
auxiliary/scanner/portscan/xmas // A more secretive scanning method , By sending FIN·PSH·URG sign , Can avoid some advanced TCP Filtering of tag detector
In general, it is recommended to use syn Port scanner · Faster · The results are accurate · Not easy to be noticed by the other party
syn The use of scanners
use auxiliary/scanner/portscan/syn
set rhosts 192.168.0.105/24
set threads 20
exploit
12 Service scanning and checking
After determining the open port , Mining the service information running on the corresponding port
stay Metasploit Of Scanner In auxiliary module , Tools for service scanning and enumeration are often used in [service_name]_version and [service_name]_login name
[service_name]_version It can be used to traverse hosts that contain certain services in the network , And further determine the version of the service
[service_name]_login Password detection attacks can be carried out on certain services
stay msf The terminal can input
search name:_version
View all available service enumeration modules
边栏推荐
- 7-4 hash table search (PTA program design)
- [experiment index of educator database]
- Network layer - simple ARP disconnection
- 1143_ SiCp learning notes_ Tree recursion
- Only 40% of the articles are original? Here comes the modification method
- 内网渗透之内网信息收集(五)
- How to understand the difference between technical thinking and business thinking in Bi?
- Interpretation of iterator related "itertools" module usage
- Hackmyvm Target Series (3) - vues
- Intel oneapi - opening a new era of heterogeneity
猜你喜欢
Package bedding of components
循环队列(C语言)
Hackmyvm target series (1) -webmaster
Attach the simplified sample database to the SQLSERVER database instance
xray与burp联动 挖掘
Data mining - a discussion on sample imbalance in classification problems
How to understand the difference between technical thinking and business thinking in Bi?
网络层—简单的arp断网
SRC mining ideas and methods
Applet Web Capture -fiddler
随机推荐
7-1 输出2到n之间的全部素数(PTA程序设计)
【MySQL数据库的学习】
A complete collection of papers on text recognition
Record once, modify password logic vulnerability actual combat
内网渗透之内网信息收集(四)
SQL injection
HackMyvm靶机系列(3)-visions
Sqqyw (indifferent dot icon system) vulnerability recurrence and 74cms vulnerability recurrence
The difference between layer 3 switch and router
2022华中杯数学建模思路
外网打点(信息收集)
Xray and burp linkage mining
Yugu p1012 spelling +p1019 word Solitaire (string)
【educoder数据库实验 索引】
HackMyvm靶機系列(3)-visions
7-5 走楼梯升级版(PTA程序设计)
实验四 数组
Programme de jeu de cartes - confrontation homme - machine
7-4 hash table search (PTA program design)
网络层—简单的arp断网