当前位置:网站首页>Simple process of penetration test
Simple process of penetration test
2022-07-05 13:54:00 【Cwxh0125】
Simple process
One . information gathering
nslookup whois
Two . Scan for leaks
namp=IP Range port 80 (iss,apache, What website )
Advanced scanning : Such as iss Loophole Scanning for website vulnerabilities
3、 ... and . Exploit
Four . Raise the right (shell Environmental Science , Desktop Environment , Highest authority ))
Manually test port number open : talent IP Address Test port
5、 ... and . Destroy the bodies
6、 ... and . leave oneself a way out
7、 ... and . Penetration test report
Practice
Open two virtual machines
win2003 The server 10.1.1.2
winxp staff 10.1.1.1
use xp attack 2003
First, two virtual machines should be able to communicate To configure IP In the same LAN
After the configuration is completed, try xp On ping once 2003 ping success
Next The attack
attack 445 attack ( Shared port )
First step : Port scanning
Manual scanning
telnet IP port The following situations represent that the corresponding port is open
Automatic scanning Use scanport
You can see xp and 2003 Both virtual machines are turned on 445 port
445 One of the exploits ipc$:
net use Used to connect your computer to shared resources ( Establish disk mapping ), Or disconnect the computer from shared resources ( Delete disk mapping ), When using this command without options , It lists the computer connections .
1) Make an empty connection :
net use \\IP\ipc$ "" /user:"" ( Be sure to pay attention to : This line of command contains 3 A space )
2) Establish a non empty connection :
net use \\IP\ipc$ " password " /user:" user name " ( There are also 3 A space )
3) Map default share :
net use z: \\IP\c$ " password " /user:" user name " ( You can put the other party's c The disk maps to its own z disc , And so on )
If you've established a goal ipc$, You can use IP+ Disk character +$ visit , Specific commands net use z: \\IP\c$
4) Delete one ipc$ Connect
net use \\IP\ipc$ /del
5) Delete shared mapping
net use c: /del Delete mapped c disc , And so on
net use * /del Delete all , There will be a prompt to press y confirm
3 View the shared resources of the remote host ( But you don't see the default share )
net view \\IP
Brutally crack the system password 445
Using tools ntscan
take user And the password burst out You can go through net use \\IP\ipc$ " password " /user:" user name " To make a connection
After successful connection, the back door can be left
Make a Trojan
copy Implant Trojans
边栏推荐
- When using Tencent cloud for the first time, you can only use webshell connection instead of SSH connection.
- :: ffff:192.168.31.101 what address is it?
- When there are too many input boxes such as input transmitted at one time in the form, the post data is intercepted
- Simple PHP paging implementation
- matlab学习2022.7.4
- Aspx simple user login
- Kotlin collaboration uses coroutinecontext to implement the retry logic after a network request fails
- Redis6 master-slave replication and clustering
- Zibll theme external chain redirection go page beautification tutorial
- LeetCode_69(x 的平方根 )
猜你喜欢
Data Lake (VII): Iceberg concept and review what is a data Lake
荐号 | 有趣的人都在看什么?
Kotlin collaboration uses coroutinecontext to implement the retry logic after a network request fails
Scientific running robot pancakeswap clip robot latest detailed tutorial
[cloud resources] what software is good for cloud resource security management? Why?
Xampp configuring multiple items
How to deal with the Yellow Icon during the installation of wampserver
Win10 - lightweight gadget
Liar report query collection network PHP source code
法国学者:最优传输理论下对抗攻击可解释性探讨
随机推荐
laravel-dompdf导出pdf,中文乱码问题解决
The development of speech recognition app with uni app is simple and fast.
Integer = = the comparison will unpack automatically. This variable cannot be assigned empty
Matlab learning 2022.7.4
:: ffff:192.168.31.101 what address is it?
【公开课预告】:视频质量评价基础与实践
RK3566添加LED
French scholars: the explicability of counter attack under optimal transmission theory
什么叫做信息安全?包含哪些内容?与网络安全有什么区别?
Kotlin collaboration uses coroutinecontext to implement the retry logic after a network request fails
Laravel dompdf exports PDF, and the problem of Chinese garbled code is solved
How to apply the updated fluent 3.0 to applet development
UE源码阅读[1]---由问题入手UE中的延迟渲染
Intranet penetration tool NetApp
2022年机修钳工(高级)考试题模拟考试题库模拟考试平台操作
Set up a website with a sense of ceremony, and post it to the public 2/2 through the intranet
Laravel generate entity
When using Tencent cloud for the first time, you can only use webshell connection instead of SSH connection.
Wonderful express | Tencent cloud database June issue
Ordering system based on wechat applet