当前位置:网站首页>Intranet information collection of Intranet penetration (4)
Intranet information collection of Intranet penetration (4)
2022-07-06 14:17:00 【Unknown white hat】
Catalog
Metasploit Intranet information collection
12 Service scanning and checking
Metasploit Intranet information collection
attack kali 192.168.0.103
Drone aircraft win7 192.168.0.105
09scraper
run scraper( Collect the common information on the target machine, download and save it locally )
/root/.msf4/logs/scripts/scraper
09winenum
run winenum( Collect some current systems , User group related information )
/root/.msf4/logs/scripts/winenum
10msf The host found
The module is located in the source code path modules/auxiliary/scanner/discovery/
There are mainly :
arp_sweep
ipv6_mulitcast_ping
ipv6_neighbor
ipv6_neighbor_router_advertisement
udp_probe
udp_sweep
11msf Port scanning
msf> search portscan
auxiliary/scanner/portscan/ack // adopt ACK Scan the way on the firewall is not shielded port detection
auxiliary/scanner/portscan/ftpbounce // adopt FTP bounce The principle of attack is right TCP Services , Some new software can prevent this attack well , But it can still be used on the old system
auxiliary/scanner/portscan/syn // Use send TCP SYN Flag to detect open ports
auxiliary/scanner/portscan/tcp // Through a complete TCP Connect to determine whether the port is open , The most accurate but the slowest
auxiliary/scanner/portscan/xmas // A more secretive scanning method , By sending FIN·PSH·URG sign , Can avoid some advanced TCP Filtering of tag detector
In general, it is recommended to use syn Port scanner · Faster · The results are accurate · Not easy to be noticed by the other party
syn The use of scanners
use auxiliary/scanner/portscan/syn
set rhosts 192.168.0.105/24
set threads 20
exploit
12 Service scanning and checking
After determining the open port , Mining the service information running on the corresponding port
stay Metasploit Of Scanner In auxiliary module , Tools for service scanning and enumeration are often used in [service_name]_version and [service_name]_login name
[service_name]_version It can be used to traverse hosts that contain certain services in the network , And further determine the version of the service
[service_name]_login Password detection attacks can be carried out on certain services
stay msf The terminal can input
search name:_version
View all available service enumeration modules
边栏推荐
- 《英特尔 oneAPI—打开异构新纪元》
- 7-3 construction hash table (PTA program design)
- 7-9 制作门牌号3.0(PTA程序设计)
- Intranet information collection of Intranet penetration (5)
- Intensive literature reading series (I): Courier routing and assignment for food delivery service using reinforcement learning
- Experiment 8 exception handling
- 实验九 输入输出流(节选)
- Spot gold prices rose amid volatility, and the rise in U.S. prices is likely to become the key to the future
- 内网渗透之内网信息收集(一)
- Nuxtjs quick start (nuxt2)
猜你喜欢
![[paper reproduction] cyclegan (based on pytorch framework) {unfinished}](/img/16/43d8929d1a37c1c68e959d5854e18c.jpg)
随机推荐
AQS details
7-15 h0161. Find the greatest common divisor and the least common multiple (PTA program design)
Meituan dynamic thread pool practice ideas, open source
7-11 mechanic mustadio (PTA program design)
. How to upload XMIND files to Jinshan document sharing online editing?
浅谈漏洞发现思路
The United States has repeatedly revealed that the yield of interest rate hiked treasury bonds continued to rise
【VMware异常问题】问题分析&解决办法
List and data frame of R language experiment III
Tencent map circle
[data processing of numpy and pytoch]
Nuxtjs quick start (nuxt2)
Hackmyvm target series (2) -warrior
7-3 construction hash table (PTA program design)
7-7 7003 combination lock (PTA program design)
Intranet information collection of Intranet penetration (I)
图书管理系统
[err] 1055 - expression 1 of order by clause is not in group by clause MySQL
Force deduction 152 question multiplier maximum subarray
实验七 常用类的使用(修正帖)