当前位置:网站首页>内网渗透之内网信息收集(四)
内网渗透之内网信息收集(四)
2022-07-06 09:23:00 【不知名白帽】
目录
Metasploit内网信息收集
攻击机 kali 192.168.0.103
靶机 win7 192.168.0.105
09scraper
run scraper(将目标机器上的常见信息收集起来然后下载保存在本地)
/root/.msf4/logs/scripts/scraper
09winenum
run winenum(收集一些当前系统,用户组相关的信息)
/root/.msf4/logs/scripts/winenum
10msf主机发现
模块位于源码路径的modules/auxiliary/scanner/discovery/
主要有:
arp_sweep
ipv6_mulitcast_ping
ipv6_neighbor
ipv6_neighbor_router_advertisement
udp_probe
udp_sweep
11msf端口扫描
msf> search portscan
auxiliary/scanner/portscan/ack //通过ACK扫描的方式对防火墙上未被屏蔽的端口进行探测
auxiliary/scanner/portscan/ftpbounce //通过FTP bounce攻击的原理对TCP服务进行枚举,一些新的软件能很好的防范此攻击,但在旧的系统上仍可以被利用
auxiliary/scanner/portscan/syn //使用发送TCP SYN标志的方式探测开放端口
auxiliary/scanner/portscan/tcp //通过一次完整的TCP连接来判断端口是否开放,最准确但是最慢
auxiliary/scanner/portscan/xmas //一种更为隐秘的扫描方式,通过发送FIN·PSH·URG标志,能够躲避一些高级的TCP标记检测器的过滤
一般情况下推荐使用syn端口扫描器·速度较快·结果准确·不容易被对方察觉
syn扫描器的使用
use auxiliary/scanner/portscan/syn
set rhosts 192.168.0.105/24
set threads 20
exploit
12服务扫描与查点
确定开放端口后,对相应端口上所运行的服务信息进行挖掘
在Metasploit的Scanner辅助模块中,用于服务扫描和查点的工具常以[service_name]_version和[service_name]_login命名
[service_name]_version 可用于遍历网络中包含了某种服务的主机,并进一步确定服务的版本
[service_name]_login 可对某种服务进行口令探测攻击
在msf终端中可以输入
search name:_version
查看所有可用的服务查点模块
边栏推荐
- HackMyvm靶机系列(5)-warez
- 7-1 output all primes between 2 and n (PTA programming)
- 2022 Teddy cup data mining challenge question C idea and post game summary
- JS several ways to judge whether an object is an array
- [MySQL database learning]
- 实验九 输入输出流(节选)
- Matlab opens M file garbled solution
- Strengthen basic learning records
- 7-4 hash table search (PTA program design)
- 2. First knowledge of C language (2)
猜你喜欢
随机推荐
[insert, modify and delete data in the headsong educator data table]
【VMware异常问题】问题分析&解决办法
Poker game program - man machine confrontation
Interpretation of iterator related "itertools" module usage
Strengthen basic learning records
【黑马早报】上海市监局回应钟薛高烧不化;麦趣尔承认两批次纯牛奶不合格;微信内测一个手机可注册俩号;度小满回应存款变理财产品...
实验五 类和对象
【数据库 三大范式】一看就懂
7-5 staircase upgrade (PTA program design)
7-15 h0161. Find the greatest common divisor and the least common multiple (PTA program design)
HackMyvm靶机系列(1)-webmaster
Simply understand the promise of ES6
[three paradigms of database] you can understand it at a glance
Tencent map circle
[dark horse morning post] Shanghai Municipal Bureau of supervision responded that Zhong Xue had a high fever and did not melt; Michael admitted that two batches of pure milk were unqualified; Wechat i
"Gold, silver and four" job hopping needs to be cautious. Can an article solve the interview?
记一次,修改密码逻辑漏洞实战
HackMyvm靶机系列(4)-vulny
Intensive literature reading series (I): Courier routing and assignment for food delivery service using reinforcement learning
Implementation principle of automatic capacity expansion mechanism of ArrayList