标签:iss moni one service restrict sip oracl 图片 题解
掌握信息搜集的最基础技能与常用工具的使用方法
各种搜索技巧的应用
DNS IP注册信息的查询
基本的扫描技术:主机发现、端口扫描、OS及服务版本探测、具体服务的查点
漏洞扫描:会扫,会看报告,会查漏洞说明,会修补漏洞
使用whois域名注册信息查询
msfconsole
msf > whois besti.edu.cn
msf > whois besti.edu.cn
查询结果如下:
Domain Name: BAIDU.COM
Registry Domain ID: 11181110_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2017-07-28T02:36:28Z
Creation Date: 1999-10-11T11:05:17Z
Registry Expiry Date: 2026-10-11T11:05:17Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: DNS.BAIDU.COM
Name Server: NS2.BAIDU.COM
Name Server: NS3.BAIDU.COM
Name Server: NS4.BAIDU.COM
Name Server: NS7.BAIDU.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
Last update of whois database: 2018-05-06T07:55:24ZFor more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar‘s sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant‘s agreement with the sponsoring
registrar. Users may consult the sponsoring registrar‘s Whois database to
view the registrar‘s reported date of expiration for this registration.TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services‘ ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: baidu.com
Registry Domain ID: 11181110_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2017-07-27T19:36:28-0700
Creation Date: 1999-10-11T04:05:17-0700
Registrar Registration Expiration Date: 2026-10-11T00:00:00-0700
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)
Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)
Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)
Domain Status: serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited)
Domain Status: serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited)
Domain Status: serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited)
Registry Registrant ID:
Registrant Name: Domain Admin
Registrant Organization: Beijing Baidu Netcom Science Technology Co., Ltd.
Registrant Street: 3F Baidu Campus No.10, Shangdi 10th Street Haidian District
Registrant City: Beijing
Registrant State/Province: Beijing
Registrant Postal Code: 100085
Registrant Country: CN
Registrant Phone: +86.1059928888
Registrant Phone Ext:
Registrant Fax: +86.1059928888
Registrant Fax Ext:
Registrant Email: domainmaster@baidu.com
Registry Admin ID:
Admin Name: Domain Admin
Admin Organization: Beijing Baidu Netcom Science Technology Co., Ltd.
Admin Street: 3F Baidu Campus No.10, Shangdi 10th Street Haidian District
Admin City: Beijing
Admin State/Province: Beijing
Admin Postal Code: 100085
Admin Country: CN
Admin Phone: +86.1059928888
Admin Phone Ext:
Admin Fax: +86.1059928888
Admin Fax Ext:
Admin Email: domainmaster@baidu.com
Registry Tech ID:
Tech Name: Domain Admin
Tech Organization: Beijing Baidu Netcom Science Technology Co., Ltd.
Tech Street: 3F Baidu Campus No.10, Shangdi 10th Street Haidian District
Tech City: Beijing
Tech State/Province: Beijing
Tech Postal Code: 100085
Tech Country: CN
Tech Phone: +86.1059928888
Tech Phone Ext:
Tech Fax: +86.1059928888
Tech Fax Ext:
Tech Email: domainmaster@baidu.com
Name Server: ns2.baidu.com
Name Server: ns3.baidu.com
Name Server: ns4.baidu.com
Name Server: dns.baidu.com
Name Server: ns7.baidu.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/Last update of WHOIS database: 2018-05-06T00:51:43-0700 <<<
The Data in MarkMonitor.com‘s WHOIS database is provided by MarkMonitor.com for
information purposes, and to assist persons in obtaining information about or
related to a domain name registration record. MarkMonitor.com does not guarantee
its accuracy. By submitting a WHOIS query, you agree that you will use this Data
only for lawful purposes and that, under no circumstances will you use this Data to:(1) allow, enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via e-mail (spam); or(2) enable high volume, automated, electronic processes that apply to
MarkMonitor.com (or its systems).
MarkMonitor.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by this policy.MarkMonitor is the Global Leader in Online Brand Protection.
MarkMonitor Domain Management(TM)
MarkMonitor Brand Protection(TM)
MarkMonitor AntiPiracy(TM)
MarkMonitor AntiFraud(TM)
Professional and Managed ServicesVisit MarkMonitor at http://www.markmonitor.com
Contact us at +1.8007459229
In Europe, at +44.02032062220For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en
--
也可以通过域名Whois查询 - 站长之家进行查询
使用nslookup和dig进行域名查询
msfconsole
nslookup
set type=A
besti.edu.cn
baidu.com
根据查询结果使用ip地址访问网站,发现无法访问besti.edu.cn,但是可以访问baidu.com
msfconsole
dig @dns.baidu.com baidu.com 
查询结果如下:
;; QUESTION SECTION:
;baidu.com. IN A;; ANSWER SECTION:
baidu.com. 600 IN A 220.181.57.216
baidu.com. 600 IN A 123.125.115.110;; AUTHORITY SECTION:
baidu.com. 86400 IN NS ns7.baidu.com.
baidu.com. 86400 IN NS dns.baidu.com.
baidu.com. 86400 IN NS ns3.baidu.com.
baidu.com. 86400 IN NS ns2.baidu.com.
baidu.com. 86400 IN NS ns4.baidu.com.;; ADDITIONAL SECTION:
dns.baidu.com. 86400 IN A 202.108.22.220
ns2.baidu.com. 86400 IN A 61.135.165.235
ns3.baidu.com. 86400 IN A 220.181.37.10
ns4.baidu.com. 86400 IN A 220.181.38.10
ns7.baidu.com. 86400 IN A 180.76.76.92;; Query time: 109 msec
;; SERVER: 202.108.22.220#53(202.108.22.220)
;; WHEN: Sun May 06 16:08:49 CST 2018
;; MSG SIZE rcvd: 240
使用netcraft提供的信息查询服务
输入域名www.baidu.com进行站点查询
查看站点报告
可以看到netcraft提供的信息非常丰富
IP2反域名查询
对www.baidu.com进行查询
对besti.edu.cn进行查询
可以看到ip-adress.com提供的位置信息和百度地图提供的位置信息相符
对www.besti.edu.cn进行查询
对www.baidu.com进行查询
使用SiteDigger进行信息搜集
下载链接
SiteDigger v3.0 Released 12/01/2009
使用指南
搜索网址目录结构
msfconsole
use auxiliary/scanner/http/dir_scanner
set THREADS 50
set RHOSTS www.baidu.com
exploit
搜索特定类型的文件
site:edu.cn filetype:xls 成绩
site:edu.cn filetype:docx
搜索E-Mali
msfconsole
use auxiliary/gather/search_email_collector
set DOMAIN besti.edu.cn
exploit
出现错误是因为google在国内不可用
set SEARCH_GOOGLE false
exploit
IP路由侦查
tracert www.besti.edu.cn ICMP Ping命令
ping www.baidu.com
使用ARP请求枚举本地局域网的活跃主机
msfconsole
use auxiliary/scanner/discovery/arp_sweep
set RHOSTS 192.168.232.132/135
set THREADS 50
run 
Nmap探测
nmap 192.168.232.132
nmap -O 192.168.232.132
Telnet服务扫描
msfconsole
use auxiliary/scanner/telnet/telnet_versio
set RHOSTS 192.168.232.132-135
run 
SSH服务扫描
msfconsole
use auxiliary/scanner/ssh/ssh_version
set RHOSTS 192.168.232.132-135
run 
Oracle数据库服务查点
msfconsole
use auxiliary/scanner/oracle/tnslsnr_version
set RHOSTS 192.168.232.132-135
run 
口令猜测与嗅探
use auxiliary/scanner/ssh/ssh_login
set RHOSTS 192.168.232.132
set USERNAME Win720155228ver2
set PASS_FILE /root/password.txt
set THREADS 200
run
下载和安装OpenVAS
apt-get update
apt-get dist-upgrade
apt-get install openvas对OpenVAS进行检查
openvas-check-setup错误信息
openvas-check-setup 2.3.7
Test completeness and readiness of OpenVAS-9
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 5.1.1.
OK: redis-server is present in version v=4.0.7.
OK: scanner (kb_location setting) is configured properly using the redis-server socket: /tmp/redis.sock
ERROR: redis-server is not running or not listening on socket: /tmp/redis.sock
FIX: You should start the redis-server or configure it to listen on socket: /tmp/redis.sock
ERROR: Your OpenVAS-9 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
redis-server doesn‘t listen on
/tmp/redis.sockby default. Try adding the lineunixsocket /tmp/redis.sockto yourredis.confand running/etc/init.d/redis-server restart?
redis.conf文件
redis-server/etc/init.d/redis-server restart
再次执行
openvas-check-setup问题依然存在
2017-2018-2 20155228 《网络对抗技术》 实验六:信息搜集与漏洞扫描
标签:iss moni one service restrict sip oracl 图片 题解
原文地址:https://www.cnblogs.com/besti20155228/p/8999534.html
