A man's martial arts: the idea of Intranet penetration testing (2)
Web penetration (previous article)Http://www.bkjia.com/Article/201412/357403.htmlDifferent, Intranet penetration requires more randomness and breakthrough, and the situation is more complicated. When encountering obstacles, sometimes you can use different ideas to break through. In many cases, you can only stop here. Here are some of my summ
How to use Linux bots to penetrate a small Intranet
The shell method in the case is relatively simple. We only focus on the limited space, starting from obtaining permissions.Install BackdoorAfter entering the system, my RP was so lucky that it turned out to be the root permission...View passwd account informationDirectory tree structure:Because Intranet penetration is required and permissions may be lost a
Today to tell you how to use the port mapping, not through the Gateway Open intranet method.
First: The use of the premise
Need to have a public network of IP. If we now have a public network of ip:210.210.21.21
II: Tools to use
1.lcx.exe
2.vdic
Three: Method explanation
Method One: Use Lcx.exe to map.
(1) We will upload the Lcx.exe to the public network IP, in the public IP on the DOS environment in the implementation of Lcx–listen Port 1 Por
Guide
As we all know, SSH is a secure transport protocol, which is more used in connecting servers. But in addition to this function, its tunnel forwarding function is more attractive.
If the two intranet between the Linux server need to log in with each other, or need to access a port in the intranet, worry that there is no public network IP, you can use the method has Ngrok (https://ngrok.co
One: Software solutionsSoftware:Https://ngrok.com/downloadNgrok-stable-windows-amd64.zipUse:CMD---CD: Switch to the software catalogNgrok.exeIn the pop-up box, enter: Ngrok HTTP 80 (80 or other port number, depending on the situation)Two: Cisco routes do the mappingSteps are as follows
Login Cisco
En, config
View Configuration Show Run
Fixed IP:IP nat inside source static TCP 10.10.1.253 8080 101.81.232.101 8080
Dynamic IP: Access to
In the development, sometimes we need to send remotely, or through 3G and 4G, or other WiFi environment to send a small amount of data, and do not want to spend so much cost to develop a cloud server, this time the emergence of a router to expose an intranet IP for external network access. In fact, the implementation name of this method is called port mapping .
Next we implement this way ready you want to expose the
Environment Description:The router is assigned a dynamic public IP, and has router login administrative rights, and the Web server is deployed in the router's internal network. How to publish the intranet website to the extranet for public access?Solution:Intranet use nat123 dynamic Domain name resolution, real-time domain name fixed to the routing public IP, and then on the router to do site port mapping. When an extranet accesses a Web site, it uses
This is a creation in
Article, where the information may have evolved or changed.
Article keywords
Go/golang
Gopacket
Grab Bag
Pcap/libpcap
Arp
Nbns
MDNs
Manuf
Program
Description
This article for the go language itself is not too much to explain, want to spend more time on a few network protocol explanation, I hope this article on the plan or are using go for TCP/IP programming and grasping the package of friends to bring help.GitHub Address: Https://github.com/t
Bkjia.com integrated message: at present, network boundary security protection cannot effectively protect network security. Only border security and Intranet Security Management three-dimensional control is the way out.
Intranet security focuses on internal network users, application environments, application environment boundaries, and Intranet Communication Se
The nst bounce backdoor cannot be used for su interaction after connecting to nc. the following error is returned:Standard in must be a ttySolution:Python-c import pty; pty. spawn ("/bin/sh ")The shell can be used for su interaction.
Ps: Several noteworthy cases encountered in the recent penetration test, which are recorded as follows:
1. history is not recorded:Unset history histfile histsave histzone history histlog; export HISTFILE =/dev/null; export HISTSIZE = 0; export HISTFILESIZE = 0
2. h
We recommendProgramDedicated search engine-http://www.openso.net
Point-to-point technology has been widely used in recent years, mainly represented by QQ, Skype, BT, Thunder, PPStream, PPLIVE, qvod. We can see that as long as the data volume is large, and the use of transit servers requires a certain amount of input applications, we can consider using P2P technology. There are two benefits: 1. It can reduce costs and investment. 2. Improve transmission performance. There are a lot of materi
Practice of SSH Intranet port forwardingGuideAs we all know, SSH is a secure transmission protocol, which is used on many connected servers. However, in addition to this function, its tunnel forwarding function is even more attractive.
If the linux servers between the two Intranets need to log on to each other, or need to access a port in the Intranet, worry that there is no public IP address, you can use n
Use OPENVPN to implement Intranet mutual access between two locations (1) master server configurationMaster Server Configuration
Functions to be implemented:
Shenzhen:Master VPN Server: dns.dog.comInternet ip-eth1: 192.168.68.71Intranet ip-eth0: 10.1.1.254Guangzhou:VPN Server: lvs1.dog.comInternet ip-eth1: 192.168.68.73Intranet ip-eth0: 10.1.2.1Clients outside China:192.168.68.79Shenzhen-Guangzhou tunnel uses virtual IP addresses 10.8.0.1 and 10.8.0.
Front-facing conditionsTo achieve the purpose: to develop the local computer needs to connect with no network address of the RDS, through the ECS forwarding connection to the RDS databaseClient PC terminal can SSH login to the ECS server with public network.ECS servers with a public network can access other intranet ECS servers through the intranet.ECS Server with public network can access RDS via intranet
Intranet Infiltration some commands to collect and organize
=====
Some command to gather information
=====
@ Query Some of the circumstances of this machine
Ipconfig/all
@ Query machines with relationships
Net View
@ Query has several fields
Nei view/damin
@ View the list of computers in the TestDomain domain
NET View/domain:testdomain
@ query groups within a field
NET Group/domain
@ Divide Network Segment
dsquery subnet
@ query users in the domain
N
Many programs in the local area network can be applicable, but between the external network and intranet and between intranet and intranet is not feasible. The problem is NAT, this article will introduce the next 5 Nat penetration method, solve the internal and external network exchange. 1. Fully conical (full Cone) NAT
Host A and Host B in different
The author of the school through ADSL set up routes to share the Internet. The extranet gateway and DNS are 10.0.0.138, the external network port IP address is 10.0 0.1, and the subnet mask is 255.255.255.0. Self-built sites are placed on the server, on the server has been
IIS is installed and set up, and the "Default Web site" IP address points to 10.0.0.1.
In the default state, you can access the extranet, but you cannot access the intranet. If yo
How to use "mathematical modeling-graph theory model" for automated intranet penetration testing
Privilege escalation in the Active Directory domain is an important part of the struggle between most intruders and the Intranet administrator. Although obtaining the permissions of the domain or enterprise intranet administrator is not the ultimate goal of evaluation
Using dnsmasq to build a small Intranet DNS dnsmasq is a very small dns server that can solve small-scale dns query problems, such as the Intranet of the IDC. The general idea of www.2cto.com is as follows: Configure dnsmasq as the DNS Cache Server and add local Intranet resolution to the/etc/hosts file, when querying an intr
Reference address: www. nat123.comPages _ 8_266.jsp: (1) install and enable nat123 on the Intranet, add ing, and use other application types. The Intranet address port is the Intranet MSSQL address port, which is customized by the Internet address port. (2) After the ing is successful, access the Internet to connect to MSSQL using the mapped Internet address doma
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.