• Ethical Hacking


    Server Side Attacks - INFORMATION GATHERING

    • Need an IP address.
    • Very simple if target is on the same network (netdiscover or zenmap).
    • If target has a domain, then a simple ping will return its IP.

      > ping www.XXXX.com

    • Getting the IP is tricker if the target is a personal computer, might be useless if the target is accessing the internet through a network as the IP will be the router IP and not the targets, client side attacks are more effective in this case as reverse connetcion can be use.

    INFORMATION GATHERING

    • Try default password(ssh iPad case).
    • Services might be mis-configured, such as the "r" service. Ports 512, 513, 514
    • Some might even contain a back door!
    • Code execution vulnerabilites.

    CASE:

    Target - Server Metasploitable

    Tool - Zenmap on Kali Linux

    Start the metasploit server first.(The same network with Kali Linux)

     Input the target IP  and click start button.

    After scan is finished, we need to analyse the scan result.

     We find netkit-rsh and google it. It maybe interesting.

    Install rsh-client firstly.

     We login the target server with default account - root.

     We have the root right now, so can find many useful information about this target server.

    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    [HNOI2002]营业额统计 (Splay)
    [POJ1664] 放苹果 (动态规划,组合数学)
    [AHOI2009]维护序列 (线段树)
    类型转换求和
    懒人创造方法
    编程的精义
    10-instanceof
    9-接口
    6-SUPER关键字
    5-重写与重载
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/12070582.html
Copyright © 2020-2023  润新知