【五】信息收集
介绍:记录读书笔记
❤️ 书名:渗透测试 完全初学者指南
- kali Linux(带Metasploit)
- windows XP sp2(未安装安全补丁,ip=192.168.159.132)
1. 开源情报收集(OSINT)
1.1 Netcraft
- 通过netcraft查询一个网站的服务信息
netcraft官网
netcraft情报收集入囗
- 输入网址进行搜索
- 得到结果报告
1.2 whois
┌──(root💀kali)-[/home/kali/Desktop]
└─# whois bulbsecurity.com
1.3 DNS侦查
- DNS服务器将域名转成相应的IP
1.3.1 nslookup
- nslookup 查询某个域名
┌──(root💀kali)-[/home/kali/Desktop]
└─# nslookup www.bulbsecurity.com
Server: 192.168.159.2
Address: 192.168.159.2#53
Non-authoritative answer:
www.bulbsecurity.com canonical name = bulbsecurity.com.
Name: bulbsecurity.com
Address: 50.63.212.67
- nslookup查询收信服务器
1.3.2 Host
- Host查询DNS服务器(域名解析服务器)
┌──(root💀kali)-[/home/kali/Desktop]
└─# host -t ns zoneedit.com
- Host下载整个域的全部DNS记录
┌──(root💀kali)-[/home/kali/Desktop]
└─# host -l zoneedit.com ns2.zoneedit.com
1.4 收集邮件地址
- theHarvester搜索邮件地址
theHarvester : 是Kali自带的一款由python开发多搜索工具
┌──(root💀kali)-[/home/kali/Desktop]
└─theHarvester -d bulbsecurity.com -l 500 -b all
1.5 Maltego(互联网情报挖掘工具)
- 启动Maltego
┌──(root💀kali)-[/home/kali/Desktop]
└─maltego
- 注册账号
- 参考教程(登录要爬墙,so…)
Maltego详细使用教程
2. 端口扫描
1.手动扫描
- 使用Telnet,Netcat等,这里用Netcat
2. Namp
2.1 Namp进行SYN扫描
SYN扫描是一种模拟tcp三握手的端口扫描技术
-sS
nmap -sS 192.168.159.132 -oA booknmap
──(root💀kali)-[/home/kali/mydirectory/nmap]
└─# nmap -sS 192.168.159.132 -oA booknmap
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-31 06:49 EDT
Nmap scan report for 192.168.159.132
Host is up (0.0019s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 00:0C:29:1D:20:D1 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 1.83 seconds
┌──(root💀kali)-[/home/kali/mydirectory/nmap]
└─# ls
booknmap.gnmap booknmap.nmap booknmap.xml
┌──(root💀kali)-[/home/kali/mydirectory/nmap]
└─# cut booknmap.nmap
cut: you must specify a list of bytes, characters, or fields
Try 'cut --help' for more information.
┌──(root💀kali)-[/home/kali/mydirectory/nmap]
└─cut booknmap.gnmap 1 ⨯
cut: you must specify a list of bytes, characters, or fields
Try 'cut --help' for more information.
┌──(root💀kali)-[/home/kali/mydirectory/nmap]
└─cut booknmap.xml 1 ⨯
cut: you must specify a list of bytes, characters, or fields
Try 'cut --help' for more information.
2.2 Namp进行版本扫描
nmap -sU 192.168.159.132 -oA booknmap
┌──(root💀kali)-[/home/kali/mydirectory/nmap]
└─nmap -sU 192.168.159.132 -oA booknmap 1 ⨯
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-31 06:56 EDT
Nmap scan report for 192.168.159.132
Host is up (0.0026s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
123/udp open|filtered ntp
137/udp open netbios-ns
138/udp open|filtered netbios-dgm
445/udp open|filtered microsoft-ds
500/udp open|filtered isakmp
1900/udp open|filtered upnp
4500/udp open|filtered nat-t-ike
MAC Address: 00:0C:29:1D:20:D1 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 1.95 seconds
2.3 Namp扫描指定端口
nmap -sS 192.168.159.132 -p 445
┌──(root💀kali)-[/home/kali/mydirectory/nmap]
└─# nmap -sS 192.168.159.132 -p 445
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-31 07:00 EDT
Nmap scan report for 192.168.159.132
Host is up (0.00051s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
MAC Address: 00:0C:29:1D:20:D1 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.32 seconds
2.4 Namp扫描指定端口的程序版本
nmap -sV 192.168.159.132 -p 445
┌──(root💀kali)-[/home/kali/mydirectory/nmap]
└─# nmap -sV 192.168.159.132 -p 445
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-31 07:01 EDT
Nmap scan report for 192.168.159.132
Host is up (0.00046s latency).
PORT STATE SERVICE VERSION
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
MAC Address: 00:0C:29:1D:20:D1 (VMware)
Service Info: OS: Windows XP; CPE: cpe:/o:microsoft:windows_xp
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.48 seconds
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。
文章由极客之音整理,本文链接:https://www.bmabk.com/index.php/post/92695.html
