当前位置:网站首页>Intranet information collection of Intranet penetration (4)
Intranet information collection of Intranet penetration (4)
2022-07-06 14:17:00 【Unknown white hat】
Catalog
Metasploit Intranet information collection
12 Service scanning and checking
Metasploit Intranet information collection
attack kali 192.168.0.103
Drone aircraft win7 192.168.0.105
09scraper
run scraper( Collect the common information on the target machine, download and save it locally )
/root/.msf4/logs/scripts/scraper
09winenum
run winenum( Collect some current systems , User group related information )
/root/.msf4/logs/scripts/winenum
10msf The host found
The module is located in the source code path modules/auxiliary/scanner/discovery/
There are mainly :
arp_sweep
ipv6_mulitcast_ping
ipv6_neighbor
ipv6_neighbor_router_advertisement
udp_probe
udp_sweep
11msf Port scanning
msf> search portscan
auxiliary/scanner/portscan/ack // adopt ACK Scan the way on the firewall is not shielded port detection
auxiliary/scanner/portscan/ftpbounce // adopt FTP bounce The principle of attack is right TCP Services , Some new software can prevent this attack well , But it can still be used on the old system
auxiliary/scanner/portscan/syn // Use send TCP SYN Flag to detect open ports
auxiliary/scanner/portscan/tcp // Through a complete TCP Connect to determine whether the port is open , The most accurate but the slowest
auxiliary/scanner/portscan/xmas // A more secretive scanning method , By sending FIN·PSH·URG sign , Can avoid some advanced TCP Filtering of tag detector
In general, it is recommended to use syn Port scanner · Faster · The results are accurate · Not easy to be noticed by the other party
syn The use of scanners
use auxiliary/scanner/portscan/syn
set rhosts 192.168.0.105/24
set threads 20
exploit
12 Service scanning and checking
After determining the open port , Mining the service information running on the corresponding port
stay Metasploit Of Scanner In auxiliary module , Tools for service scanning and enumeration are often used in [service_name]_version and [service_name]_login name
[service_name]_version It can be used to traverse hosts that contain certain services in the network , And further determine the version of the service
[service_name]_login Password detection attacks can be carried out on certain services
stay msf The terminal can input
search name:_version
View all available service enumeration modules
边栏推荐
- Wei Shen of Peking University revealed the current situation: his class is not very good, and there are only 5 or 6 middle-term students left after leaving class
- Network layer - simple ARP disconnection
- 7-15 h0161. 求最大公约数和最小公倍数(PTA程序设计)
- Record an API interface SQL injection practice
- 【MySQL数据库的学习】
- Poker game program - man machine confrontation
- MSF generate payload Encyclopedia
- Windows platform mongodb database installation
- Canvas foundation 1 - draw a straight line (easy to understand)
- 撲克牌遊戲程序——人機對抗
猜你喜欢
Internet Management (Information Collection)
Package bedding of components
7-5 staircase upgrade (PTA program design)
Record an API interface SQL injection practice
Attach the simplified sample database to the SQLSERVER database instance
Interpretation of iterator related "itertools" module usage
Canvas foundation 1 - draw a straight line (easy to understand)
Hackmyvm target series (5) -warez
WEB漏洞-文件操作之文件包含漏洞
循环队列(C语言)
随机推荐
DVWA (5th week)
Record an edu, SQL injection practice
Strengthen basic learning records
HackMyvm靶机系列(1)-webmaster
Internet Management (Information Collection)
Spot gold prices rose amid volatility, and the rise in U.S. prices is likely to become the key to the future
[experiment index of educator database]
[MySQL database learning]
实验九 输入输出流(节选)
[dark horse morning post] Shanghai Municipal Bureau of supervision responded that Zhong Xue had a high fever and did not melt; Michael admitted that two batches of pure milk were unqualified; Wechat i
How to turn wechat applet into uniapp
Experiment 9 input and output stream (excerpt)
【Numpy和Pytorch的数据处理】
内网渗透之内网信息收集(五)
Low income from doing we media? 90% of people make mistakes in these three points
内网渗透之内网信息收集(四)
[VMware abnormal problems] problem analysis & Solutions
Hackmyvm Target Series (3) - vues
7-8 7104 Joseph problem (PTA program design)
强化學習基礎記錄