Pre-use preparation
- Enable/Disable HTTP service
Service apache2 Start/stop
Auto-Start HTTP service: UPDATE-RC.D apache2 defaults
- Turn MySQL on/off
Service MySQL Start/stop
Test Mysql:mysql-u Root-p
Start MySQL service automatically: update-rc.d mysql defaults
- Enable/disable SSH
Service SSH Start/stop
Auto-start SSH service: update-rc.d ssh defaults
- Installing additional Kits
Apt-catch search< Package Name >
Apt-catch show< Package Name >
Apt-get Install < package name >
- Installing Nessus
Http://www.nessus.org/products/nessus/ness-download-agreement Download Install package = Dpkg-i Install package name
/etc/init.d/nessus start
- Installing the Cisco password cracking tool
Download source code = Compile: gcc name-o name
Information collection
- Query Domain name registration information
Whois xxx.com
- DNS record analysis
Host xxx.com IP address query
Host-l xxx.com Server (ex: ns1.isp.com) for domain transfer
Dig xxx.com any (for type setting) query host IP
Dig @ server (ns1.isp.com) xxx.com AXFR
Dnsenum xxx.com Collecting DNS data
Dnsenum-f dns.txt xxx.com blasting the site subdomain
DNSDICT6 xxx.com Enumerating IPv6 subdomains
Dnsdict6-d-4 xxx.com Enumerate IPv4 subdomains and collect DNS and NS information
Fierce-dns xxx.com-threads 3 (thread) to query information about a domain
Dmitry-iwnse Targethost carries out WHOIS queries, obtains relevant information from netcraft.com, searches all possible subdomains, search all possible email addresses
Dmitry-p Targethost-f-B for simple port scanning
Maltego Start Maltego
Routing information
- Tcptraceroute
Tcptraceroute xxx.com using SYN packets for routing information detection
- Tctrace
Tctrace-i Nic-D target host gets routing information
- Search engine collects relevant information
- Theharvester
theharvester-d Xxx.com-l Digital-B Google (browser)
theharvester-d Xxx.com-l Digital-B LinkedIn Collect additional information
B. Metagoofli
Metagoofli-d Xxx.com-l Digital (e.g)-t doc,pdf-n number (e.g 5)-F Test.html-o test from the target domain to collect files and save to the test directory, for each type of file to be collected 20, I hope this Program to download only five files and save the final processing results in test.html
Target recognition
1. Identify the target host
1. Ping
-C Count: The total number of Echo Request packets sent
-I interface address: Set source and network interface (ping Ipv6)
-S Packet Size: sizes per packet (default = 56)
2. Arping
Arping IP Address-C number: detects if a host for a MAC address is online
01.arping-d-I network card IP address-c number 02.echo $? Detects if the IP is occupied by someone else
- Fping
fping IP IP IP to detect multiple IPs
FPING-G ip/Network Segment Detection network segment
Fping-r count-G IP detects the IP: Number
Fping-s XXX View Statistics results for multiple targets
- Nping
Nping-c IP segment sends IMCP echo request to multiple destinations
Nping---tcp-c number of times-p port IP sends n TCP packets to a port on that IP
- Alive6
Alive6-p network card in IPv6 to find the host online
Ip6tables-a input-p ipv6-icmp--type icmpv6-type 128-j DROP masks echo requests from icmpV6 to prevent other hosts from detecting their own IPv6 hosts
- Detect-new-ip6
DETECT-NEW-IP6 NIC detects new join host
- Passive_discovery6
PASSIVE_DISCOVERY6 network card to find the host's IPv6 address by listening network card
- Nbtscan
Nbtscan Network Segment detects the NetBIOS name of each host in the LAN
NBTSCAN-HV network segment detects which services are running on these hosts
Identify the operating system
- p0f
P0f-f/etc/p0f/p0f.fp-o P0f.log Identify host operating system
- Nmap
Nmap-o IP Detection Host system
Service Enumeration
- Port scan
Nmap IP (tcpdump-nnx TCP and host IP listener packet)
-st TCP connection Scan
-ss SYN Connection Scan
-SN-SF-SX (TCP null,fin,xmas Scan)
-SM (TCP Maimon Scan)
-SA (TCP ACK Scan)
-si (TCP idle Scan)
NMAP-SU ip-p Port detects which UDP ports are turned on
-p Set port (scan range)
-F Quick Scan (to scan 100 common ports)
-R sequential Scan (from small to large scan port)
--top-ports <lor great> Scan the port of the front n of the Namp-services
-on outputs the results to the device, excluding the warning information and runtime information
-ox Generating XML Format files
-og generating files that are easy to use with grep
NAMP-SV ip-p 22 Detection target version
Nmap-o IP Get target operating system information
NMAP-PN Disabling ping for host detection
Nmap-a Strength Detection Options
Nmap-6 IPv6 address scan host in IPv6 environment
Unicornscan
Unicornscan-m U-iv ip:1-65535
Unicornscan-m U-iv ip:1-65535-r Digitally adjust the packet rate
2.SMB Enumeration
Nbtscan IP Segment
3.SNMP Enumeration
A) Onesixtyone
Onesixtyone IP (more detail +-D)
b) Snmpcheck
Snmpcheck-t IP collects information about SNMP devices
4.vpn Enumeration
Ike-scan-m-a-pike-hashkey IP
psk-crack-d rockyou.txt Ike-hashkey cracked Hash
ike-scan-m--trans=5,2,1,2--showbackoff IP Identification VPN server (requires constant change of parameters)
Kali Tool Learning