当前位置:网站首页>Intranet information collection of Intranet penetration (4)
Intranet information collection of Intranet penetration (4)
2022-07-06 14:17:00 【Unknown white hat】
Catalog
Metasploit Intranet information collection
12 Service scanning and checking
Metasploit Intranet information collection
attack kali 192.168.0.103
Drone aircraft win7 192.168.0.105
09scraper
run scraper( Collect the common information on the target machine, download and save it locally )
/root/.msf4/logs/scripts/scraper
09winenum
run winenum( Collect some current systems , User group related information )
/root/.msf4/logs/scripts/winenum
10msf The host found
The module is located in the source code path modules/auxiliary/scanner/discovery/
There are mainly :
arp_sweep
ipv6_mulitcast_ping
ipv6_neighbor
ipv6_neighbor_router_advertisement
udp_probe
udp_sweep
11msf Port scanning
msf> search portscan
auxiliary/scanner/portscan/ack // adopt ACK Scan the way on the firewall is not shielded port detection
auxiliary/scanner/portscan/ftpbounce // adopt FTP bounce The principle of attack is right TCP Services , Some new software can prevent this attack well , But it can still be used on the old system
auxiliary/scanner/portscan/syn // Use send TCP SYN Flag to detect open ports
auxiliary/scanner/portscan/tcp // Through a complete TCP Connect to determine whether the port is open , The most accurate but the slowest
auxiliary/scanner/portscan/xmas // A more secretive scanning method , By sending FIN·PSH·URG sign , Can avoid some advanced TCP Filtering of tag detector
In general, it is recommended to use syn Port scanner · Faster · The results are accurate · Not easy to be noticed by the other party
syn The use of scanners
use auxiliary/scanner/portscan/syn
set rhosts 192.168.0.105/24
set threads 20
exploit
12 Service scanning and checking
After determining the open port , Mining the service information running on the corresponding port
stay Metasploit Of Scanner In auxiliary module , Tools for service scanning and enumeration are often used in [service_name]_version and [service_name]_login name
[service_name]_version It can be used to traverse hosts that contain certain services in the network , And further determine the version of the service
[service_name]_login Password detection attacks can be carried out on certain services
stay msf The terminal can input
search name:_version
View all available service enumeration modules
边栏推荐
- Data mining - a discussion on sample imbalance in classification problems
- Wei Shen of Peking University revealed the current situation: his class is not very good, and there are only 5 or 6 middle-term students left after leaving class
- The difference between layer 3 switch and router
- Strengthen basic learning records
- HackMyvm靶机系列(7)-Tron
- 7-11 机工士姆斯塔迪奥(PTA程序设计)
- 记一次edu,SQL注入实战
- Applet Web Capture -fiddler
- 安全面试之XSS(跨站脚本攻击)
- 力扣152题乘数最大子数组
猜你喜欢
Sqqyw (indifferent dot icon system) vulnerability recurrence and 74cms vulnerability recurrence
链队实现(C语言)
Hackmyvm target series (1) -webmaster
《英特尔 oneAPI—打开异构新纪元》
Attach the simplified sample database to the SQLSERVER database instance
Hackmyvm target series (4) -vulny
记一次,修改密码逻辑漏洞实战
7-5 走楼梯升级版(PTA程序设计)
强化学习基础记录
7-7 7003 组合锁(PTA程序设计)
随机推荐
UGUI—Text
循环队列(C语言)
Analysis of penetration test learning and actual combat stage
Xray and burp linkage mining
Detailed explanation of three ways of HTTP caching
7-8 7104 Joseph problem (PTA program design)
Hackmyvm target series (4) -vulny
HackMyvm靶机系列(4)-vulny
7-7 7003 组合锁(PTA程序设计)
【VMware异常问题】问题分析&解决办法
What language should I learn from zero foundation. Suggestions
记一次api接口SQL注入实战
Yugu p1012 spelling +p1019 word Solitaire (string)
Which is more advantageous in short-term or long-term spot gold investment?
7-7 7003 combination lock (PTA program design)
C language file operation
Force deduction 152 question multiplier maximum subarray
Data mining - a discussion on sample imbalance in classification problems
Interpretation of iterator related "itertools" module usage
强化学习基础记录