介绍:记录读书笔记
?? 书名:渗透测试 完全初学者指南
- kali Linux(
- windows XP sp2(未安装安全补丁,ip=192.168.159.132)
1.Nessus
1.1 启动Nessus
在这里插入代码片
2. Nmap 脚本引擎(NSE)
2.1 Nmap 脚本存放目录
cd /usr/share/nmap/scripts
ls
2.2 Nmap 查询default类脚本
nmap --script-help default
2.3 Nmap 默认脚本输出信息
nmap -sC 192.168.159.129-133
┌──(root💀kali)-[/home/kali]
└─nmap -sC 192.168.159.132 130 ?
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-31 20:39 EDT
Nmap scan report for 192.168.159.132
Host is up (0.00083s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 00:0C:29:1D:20:D1 (VMware)
Host script results:
|_clock-skew: mean: -4h00m01s, deviation: 5h39m23s, median: -8h00m01s
|_nbstat: NetBIOS name: YWL-34C3364B015, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:1d:20:d1 (VMware)
| smb-os-discovery:
| OS: Windows XP (Windows 2000 LAN Manager)
| OS CPE: cpe:/o:microsoft:windows_xp::-
| Computer name: ywl-34c3364b015
| NetBIOS computer name: YWL-34C3364B015\x00
| Workgroup: WORKGROUP\x00
|_ System time: 2021-04-01T08:39:54+08:00
| smb-security-mode:
| account_used: <blank>
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
|_smb2-time: Protocol negotiation failed (SMB2)
Nmap done: 1 IP address (1 host up) scanned in 53.91 seconds
2.4 运动单独的NSE脚本
2.4.1 查看Nmap的NFS-LS脚本信息
NSE服务可能存在漏洞
┌──(root💀kali)-[/home/kali]
└─# nmap --script-help nfs-ls
Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-02 06:18 EDT
nfs-ls
Categories: discovery safe
https://nmap.org/nsedoc/scripts/nfs-ls.html
Attempts to get useful information about files from NFS exports.
The output is intended to resemble the output of <code>ls</code>.
--snip--
3.Metasploit的扫描器摸块
3.1Metasploit的FTP匿名登录扫描摸块
在这里插入代码片
3.1Metasploit的漏洞检验功能
4.Web应用程序扫描
4.1 Nikto(Web应用程序漏洞扫描器)
4.2 攻击XAMPP(XAMPP的phpMyAdmin外部访问漏洞)
- XAMPP的phpMyAdmin外部访问漏洞
这是Windows xp
这是其他机器
4.3 默认登录帐号
- 操作WebDAV服务器
- 默认用户名:wampp
- 默认密码:xampp
- 操作WebDAV服务器
┌──(root💀kali)-[/home/kali]
└─# cadaver http://192.168.159.132/webdav
5.人工分析
5.1 检查非标准端口
http://192.168.159.132:3232
http://192.168.159.132:4616
......
- 当然这80,3306是常规的
-
访问
-
使用Netcat连接
5.2. 查找有效的登录名
利用SMTP协议的VRFY命令