kali_notes
2016-03-26 09:04
253 查看
Kali Linux notes
compile the code:make clean make make install
update the dependencies:
depmod -a
Find loaded modules:
lsmod
Update the local package index with the latest changes made in the repositories:
apt-get update
Upgrade the existing packages:
apt-get upgrade
Upgrade to the latest version(if available):
apt-get dist-upgrade
Install nessuss and squid3
Setting up ProxyChains
open the proxychains configuration file:
vim /etc/proxychains.conf
uncomment the chaining type we want to use;
dynamic_chain
add some proxy servers to the list
proxyresolv www.targethost.com
proxychains msfconsole
install virtualbox
http://www.distrowatch.com
http://www.turnkeylinux.org ->to download for test
wpscan to attack wordpress-sites
Information Gathering
Service enumeraion:DNS enumeration:
dnsdnum
SNMP enumeration:
snmpwalk -c public 192.168.10.200 -v 2c snmpwalk -c public 192.168.10.200 -v 1| grep hrSWInstalledName for tcp port scan:snmpwalk -c public 192.168.10.200 -v 1| grep tcpConnState | cut -d "." -f6 | sort -nu
snmpcheck(get information via SNMP protocols):
snmpcheck -t 192.168.10.200
domain scan with fierce:
fierce -dns internet.com fierce -dns internet.com -wordlist hosts.txt -file /tmp/output.txt
to start an smtp enumeration of the users on smtp server:
smtp-user-enum -M VRFY -U /tmp/users.txt -t 192.168.10.200
Determining network range
Deepmagic Information Gathering Tool**dmitry**:
dmitry -wnspb targethost.com -o /root/Desktop/dmitry-result
to issue an ICMP netmask request:
netmask -s targethost.com
scapy
Identifying active machines
nmap -sP 216.27.130.162
nping(Nmap suite):
nping --echo-client "public" echo.nmap.org
send some hex data to a specified port:
nping -tcp -p 445 -data AF56A43D 216.27.130.162
Finding open ports
nmap 192.168.56.101
explicitly specify the ports to scan:
nmap -p 1-1000 192.168.56.101
scan all the organization’s network on TCP port 22:
Nmap -p 22 192.168.56.*
explicitly - to output a file:
Nmap -p 22 192.168.56.* -oG /tmp/Nmap-targethost-tcp445.txt
Zenmap
Operating system fingerprinting:
nmap -o 192.168.56.102
Use p0f to analyze a Wireshark capture file:
p0f -s /tmp/targethost.pcap -0 p0f-result.log -l
Service fingerprinting
nmap -sV IPadderss
Using amap to idenfity the application running a specific port or a range of ports:
amap -bq 192.168.10.200 200-300
Threat assessment with Maltego
an account is required in order to use Maltego:”https://www.paterva.com/web6/community/”
Mapping the network
casefile
Vulnerability Assessment
install nessuss(8843 port)install openvas(9392 port)
Exploiting Vulnerabilities
download a Linux-based operating system named metasploitable2 .Escalating Privileges
use incognito in meterpreter of metasploituse getsystem in meterpreter of metasploit
setoolkit
Cleaning up the tracks
use irb in metasploit
Create a persistent backdoor
-
run persistence -hin metasploit
MITM attack
Password attack
hydrabrute-force attack using Medusa
Password profiling:
configure Ettercap:
locate etter.conf vi /etc/etterconf
use auxiliary/gather/search_email_collector in metasploit
cracking a windows password using john the ripper
utilize Crunch to generate own password dictionary
using rainbow tables to crack:
cd /usr/share/rainbowcrack/ ./rtgen md5 loweralpha-numeric 1 5 0 3800 33554422 0(rtgen to generate an MD5-based rainbow table )
cracking passwords with GPU using 0calhashcat
sucrack:allows for brute-force cracking of local accounts via su;it will fill up the log files rather quickly so please be sure to clean the log files after completion.
Wireless Attacks
Cracking wep with aircrack-suite:airmon-ng /*need to stop the wlan0 interface and take it down so that changes MAC address */ airmon-ng stop ifconfig wlan0 down /*change the MAC address of interface.the MAC adderss of machine idenfity you on any network*/ macchanger --mac 00:11:22:33:44:55 wlan0 airmon-ng start wlan0 airodump-ng wlan0 aireplay-ng aircrack-ng -b MACaddress wirelessattack.capture
Automating wireless network cracking:
Gerix
Accessing clients using a fake AP:
Gerix
URL traffic manipulation:
sudo echo 1 >>/proc/sys/net/ipv4/ip_forward #configure IP tables that allow our machine to route traffic /*arpspoof attack*/ arpspoof -i wlan0 -t(target) 192.168.10.115 192.168.10.1 arpspoof -i wlan0 -t 192.168.10.115 192.168.10.1
相关文章推荐
- Java图形化界面开发
- tools:replace的前缀 tools未绑定
- Struts2访问Servlet API
- STLvector的内存问题
- jQuery常用的一些技巧汇总
- Mysql To Charts(三)--读写Mysql
- Android日历(Calendar,dataPicker)
- hibernate问题总结。
- Eclipse导入项目
- 【机器学习实验】使用朴素贝叶斯进行文本的分类
- spring配置tomcat jdbc pool数据库连接池
- ----------------学习进度表---------------------------------
- Unity怎样在Editor下运行协程(coroutine)
- Spark作业调度阶段分析
- IAR新建一个工程的补充
- 解决问题, 才是首要目的
- Python——sys.argv
- 对经济的一些认识
- MySQL中concat函数(连接字符串)
- 使用注解来构造IOC容器