Ch6 Flashcards
whois command
whois nino.com -h [who-is-server-ip]
Netcraft 是干什么的
https://www.netcraft.com/
可以看到所用的tech,whois info
Opensource search
Google -
gitleaks - 找寻aws keys - https://github.com/zricethezav/gitleaks
Security Headers & SSL
https://securityheaders.com/
https://www.ssllabs.com/ssltest/
DNS Enumeration
host nino.com
host -t mx nino.com
nslookup -type=TXT nino.com 192.168.1.40
DNS Enumeration Automation
dnsrecon -d nino.com -t std
dnsenum nino.com
自带字典:
dnsenum -f dns.txt nino.com
netcat
-n: no DNS
nc -nv -z -w 1 192.168.1.123 3388-3900
-u: UDP
nc -nv -u -z -w 1 192.168.50.149 120-123
nmap 最快的scan 方式
SYN scan
-sS
nmap 的scan方式
-sT
-sS
-sU
-sn: host discovery. 发送ICMP, 再发SYN到443, ACK到80
-O: OS fingerprint, 后加–osscan-guess,会强制让nmap猜OS version
-sV: version scan
-A: 大包围
nmap NSE的位置
script 的帮助
/usr/share/nmap/scripts
搜索script - ls -1 /usr/share/nmap/scripts/smb*
nmap –script-help http-title
nmap 扫面文件的IP
nmap -sS -iL /path/to/file.txt
nmap 扫 whois server
whois server port是443
nmap -sS -p 443 -iL ip.txt
nc connect to a port
nc -v 192.168.1.123 8080
当nmap没有结果,尝试使用
-Pn, -T4
SMTP VRFY command
- 先用nc 连过去
nc -v 192.168.1.123 25 - 发送 VRFY root
SNMP - TCP or UDP? Port?
UDP, port 161
Query snmp tool?
snmpwalk
snmpwalk -c public -v1 -t 10 192.168.1.123
Bruteforce snmp tool?
onesixtyone - 161
echo public»_space; community
onesixtyone -c community -i ips
SMB port
Port 137 is for providing name services over TCP or UDP for SMB over NetBIOS.
Port 139 is for providing session services over TCP or UDP for SMB over NetBIOS.
Port 445 is for directly-hosted SMB over TCP or UDP without the need of NetBIOS.
SMB scanning tool - Linux
sudo nbtscan -r 192.168.50.1-254
-r表示 port 137
nmap -v -p 139,445 –script smb-os-discovery 192.168.50.152
SMP scanning tool windows
net view \dc01 /all
