kali_notes
来源:互联网 发布:网络博客大全 编辑:程序博客网 时间:2024/06/05 05:01
Kali Linux notes
- compile the code:
make cleanmakemake install
- update the dependencies:
depmod -a
- Find loaded modules:
lsmod
- Update the local package index with the latest changes made in the repositories:
apt-get update
- Upgrade the existing packages:
apt-get upgrade
- Upgrade to the latest version(if available):
apt-get dist-upgrade
- Install nessuss and squid3
Setting up ProxyChains
- open the proxychains configuration file:
vim /etc/proxychains.conf
- uncomment the chaining type we want to use;
dynamic_chain
- add some proxy servers to the list
- proxyresolv www.targethost.com
- proxychains msfconsole
- open the proxychains configuration file:
install virtualbox
http://www.distrowatch.com
http://www.turnkeylinux.org ->to download for test
- wpscan to attack wordpress-sites
Information Gathering
Service enumeraion:
- DNS enumeration:
dnsdnum
- SNMP enumeration:
snmpwalk -c public 192.168.10.200 -v 2c
snmpwalk -c public 192.168.10.200 -v 1| grep hrSWInstalledName
for tcp port scan:snmpwalk -c public 192.168.10.200 -v 1| grep tcpConnState | cut -d "." -f6 | sort -nu - snmpcheck(get information via SNMP protocols):
snmpcheck -t 192.168.10.200
domain scan with fierce:
fierce -dns internet.comfierce -dns internet.com -wordlist hosts.txt -file /tmp/output.txt
to start an smtp enumeration of the users on smtp server:
smtp-user-enum -M VRFY -U /tmp/users.txt -t 192.168.10.200
Determining network range
- Deepmagic Information Gathering Tool**dmitry**:
dmitry -wnspb targethost.com -o /root/Desktop/dmitry-result
- to issue an ICMP netmask request:
netmask -s targethost.com
scapy
Identifying active machines
- nmap -sP 216.27.130.162
- nping(Nmap suite):
nping --echo-client "public" echo.nmap.org
send some hex data to a specified port:
nping -tcp -p 445 -data AF56A43D 216.27.130.162
Finding open ports
- nmap 192.168.56.101
- explicitly specify the ports to scan:
nmap -p 1-1000 192.168.56.101
- scan all the organization’s network on TCP port 22:
Nmap -p 22 192.168.56.*
- explicitly - to output a file:
Nmap -p 22 192.168.56.* -oG /tmp/Nmap-targethost-tcp445.txt
Zenmap
Operating system fingerprinting:
- nmap -o 192.168.56.102
Use p0f to analyze a Wireshark capture file:
p0f -s /tmp/targethost.pcap -0 p0f-result.log -l
Service fingerprinting
- nmap -sV IPadderss
Using amap to idenfity the application running a specific port or a range of ports:
amap -bq 192.168.10.200 200-300
Threat assessment with Maltego
- an account is required in order to use Maltego:”https://www.paterva.com/web6/community/”
- Mapping the network
- casefile
- DNS enumeration:
Vulnerability Assessment
- install nessuss(8843 port)
- install openvas(9392 port)
Exploiting Vulnerabilities
- download a Linux-based operating system named metasploitable2 .
Escalating Privileges
use incognito in meterpreter of metasploit
- use getsystem in meterpreter of metasploit
- setoolkit
- Cleaning up the tracks
use irb in metasploit
Create a persistent backdoor
-run persistence -h
in metasploitMITM attack
Password attack
- hydra
brute-force attack using Medusa
- Password profiling:
- configure Ettercap:
locate etter.conf
vi /etc/etterconf use auxiliary/gather/search_email_collector in metasploit
cracking a windows password using john the ripper
- utilize Crunch to generate own password dictionary
using rainbow tables to crack:
cd /usr/share/rainbowcrack/./rtgen md5 loweralpha-numeric 1 5 0 3800 33554422 0(rtgen to generate an MD5-based rainbow table )
cracking passwords with GPU using 0calhashcat
- sucrack:allows for brute-force cracking of local accounts via su;it will fill up the log files rather quickly so please be sure to clean the log files after completion.
Wireless Attacks
Cracking wep with aircrack-suite:
airmon-ng/*need to stop the wlan0 interface and take it down so that changes MAC address */airmon-ng stopifconfig wlan0 down/*change the MAC address of interface.the MAC adderss of machine idenfity you on any network*/macchanger --mac 00:11:22:33:44:55 wlan0airmon-ng start wlan0airodump-ng wlan0aireplay-ngaircrack-ng -b MACaddress wirelessattack.capture
Automating wireless network cracking:
Gerix
- Accessing clients using a fake AP:
Gerix
- URL traffic manipulation:
sudo echo 1 >>/proc/sys/net/ipv4/ip_forward #configure IP tables that allow our machine to route traffic/*arpspoof attack*/arpspoof -i wlan0 -t(target) 192.168.10.115 192.168.10.1arpspoof -i wlan0 -t 192.168.10.115 192.168.10.1
- Accessing clients using a fake AP:
- kali_notes
- Spring IOC原理之Java反射机制
- hibernate问题总结。
- Mysql To Charts(三)--读写Mysql
- Struts2访问Servlet API
- STLvector的内存问题
- kali_notes
- tools:replace的前缀 tools未绑定
- https是如何保证数据传输的安全
- Android 关于inflate
- $.fn.extend 与$.extend
- php异步发送请求
- hdoj 1576 A/B
- 105. Construct Binary Tree from Preorder and Inorder Traversal
- 利用UIStoryboard实现从一个视图控制器界面跳到另一个视图控制器界面