{"id":1592,"date":"2019-09-08T15:48:11","date_gmt":"2019-09-08T07:48:11","guid":{"rendered":"http:\/\/www.eumz.com\/?p=1592"},"modified":"2019-09-08T15:48:11","modified_gmt":"2019-09-08T07:48:11","slug":"%e6%b8%97%e9%80%8f%e6%b5%8b%e8%af%95%e4%bf%a1%e6%81%af%e6%94%b6%e9%9b%86%e5%b7%a5%e5%85%b7%e7%af%87","status":"publish","type":"post","link":"https:\/\/www.wxcn.com\/?p=1592","title":{"rendered":"\u6e17\u900f\u6d4b\u8bd5\u4fe1\u606f\u6536\u96c6\u5de5\u5177\u7bc7"},"content":{"rendered":"\n

1\u3001whois \u67e5\u8be2\u7f51\u7ad9\u53ca\u670d\u52a1\u5668\u4fe1\u606f<\/strong><\/p>\n\n\n\n

\u5982\u679c\u77e5\u9053\u76ee\u6807\u7684\u57df\u540d\uff0c\u4f60\u9996\u5148\u8981\u505a\u7684\u5c31\u662f\u901a\u8fc7 Whois \u6570\u636e\u5e93\u67e5\u8be2\u57df\u540d\u7684\u6ce8\u518c\u4fe1\u606f\uff0cWhois \u6570\u636e\u5e93\u662f\u63d0\u4f9b\u57df\u540d\u7684\u6ce8\u518c\u4eba\u4fe1\u606f\uff0c\u5305\u62ec\u8054\u7cfb\u65b9\u5f0f\uff0c\u7ba1\u7406\u5458\u540d\u5b57\uff0c\u7ba1\u7406\u5458\u90ae\u7bb1\u7b49\u7b49\uff0c\u5176\u4e2d\u4e5f\u5305\u62ec DNS \u670d\u52a1\u5668\u7684\u4fe1\u606f\u3002<\/p>\n\n\n\n

\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cKali \u5df2\u7ecf\u5b89\u88c5\u4e86 Whois \u3002\u4f60\u53ea\u9700\u8981\u8f93\u5165\u8981\u67e5\u8be2\u7684\u57df\u540d\u5373\u53ef\uff1a<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u5229\u7528\u4ee5\u4e0a\u6536\u96c6\u5230\u7684\u90ae\u7bb1\u3001QQ\u3001\u7535\u8bdd\u53f7\u7801\u3001\u59d3\u540d\u3001\u4ee5\u53ca\u670d\u52a1\u5546\uff0c\u53ef\u4ee5\u9488\u5bf9\u6027\u8fdb\u884c\u653b\u51fb\uff0c\u5229\u7528\u793e\u5de5\u5e93\u8fdb\u884c\u67e5\u627e\u76f8\u5173\u7ba1\u7406\u5458\u4fe1\u606f\uff0c\u53e6\u5916\u4e5f\u53ef\u4ee5\u5bf9\u76f8\u5173 DNS \u670d\u52a1\u5546\u8fdb\u884c\u6e17\u900f\uff0c\u67e5\u770b\u662f\u5426\u6709\u6f0f\u6d1e\uff0c\u5229\u7528\u7b2c\u4e09\u65b9\u6f0f\u6d1e\u5e73\u53f0\uff0c\u67e5\u770b\u76f8\u5173\u6f0f\u6d1e\u3002<\/p>\n\n\n\n

2\u3001Dig \u4f7f\u7528<\/strong><\/h3>\n\n\n\n

\u53ef\u4ee5\u4f7f\u7528 dig \u547d\u4ee4\u5bf9 DNS \u670d\u52a1\u5668\u8fdb\u884c\u6316\u6398\uff0cDig \u547d\u4ee4\u540e\u9762\u76f4\u63a5\u8ddf\u57df\u540d\uff0c\u56de\u8f66\u5373\u53ef\uff0c\u5982\u56fe\uff1a<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u3010Dig\u5e38\u7528\u9009\u9879\u3011<\/strong><\/p>\n\n\n\n

1 -c \u9009\u9879\uff0c\u53ef\u4ee5\u8bbe\u7f6e\u534f\u8bae\u7c7b\u578b\uff08 class \uff09\uff0c\u5305\u62ec IN (\u9ed8\u8ba4)\u3001CH \u548c HS\u3002<\/p>\n\n\n\n

2 -f \u9009\u9879\uff0cdig \u652f\u6301\u4ece\u4e00\u4e2a\u6587\u4ef6\u91cc\u8bfb\u53d6\u5185\u5bb9\u8fdb\u884c\u6279\u91cf\u67e5\u8be2\uff0c\u8fd9\u4e2a\u975e\u5e38\u4f53\u8d34\u548c\u65b9\u4fbf\u3002\u6587\u4ef6\u7684\u5185\u5bb9\u8981\u6c42\u4e00\u884c\u4e3a\u4e00\u4e2a\u67e5\u8be2\u8bf7\u6c42\u3002\u6765\u4e2a\u5b9e\u9645\u4f8b\u5b50\u5427\uff1a<\/p>\n\n\n\n

3 -4 \u548c -6 \u4e24\u4e2a\u9009\u9879\uff0c\u7528\u4e8e\u8bbe\u7f6e\u4ec5\u9002\u7528\u54ea\u4e00\u79cd\u4f5c\u4e3a\u67e5\u8be2\u5305\u4f20\u8f93\u534f\u8bae\uff0c\u5206\u522b\u5bf9\u5e94\u7740 IPv4 \u548c IPv6\u3002<\/p>\n\n\n\n

4 -t \u9009\u9879\uff0c\u7528\u6765\u8bbe\u7f6e\u67e5\u8be2\u7c7b\u578b\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u662f A\uff0c\u4e5f\u53ef\u4ee5\u8bbe\u7f6e MX \u7b49\u7c7b\u578b\uff0c\u6765\u4e00\u4e2a\u4f8b\u5b50\uff1a<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

5 -q \u9009\u9879\uff0c\u5176\u5b9e\u5b83\u672c\u8eab\u662f\u4e00\u4e2a\u591a\u4f59\u7684\u9009\u9879\uff0c\u4f46\u662f\u5b83\u5728\u590d\u6742\u7684 dig \u547d\u4ee4\u4e2d\u53c8\u662f\u90a3\u4e48\u7684\u6709\u7528\u3002-q \u9009\u9879\u53ef\u4ee5\u663e\u5f0f\u8bbe\u7f6e\u4f60\u8981\u67e5\u8be2\u7684\u57df\u540d\uff0c\u8fd9\u6837\u53ef\u4ee5\u907f\u514d\u548c\u5176\u4ed6\u4f17\u591a\u7684\u53c2\u6570\u3001\u9009\u9879\u76f8\u6df7\u6dc6\uff0c\u63d0\u9ad8\u4e86\u547d\u4ee4\u7684\u53ef\u8bfb\u6027\uff0c\u6765\u4e2a\u4f8b\u5b50\uff1a<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

6 -x \u9009\u9879\uff0c\u662f\u9006\u5411\u67e5\u8be2\u9009\u9879\u3002\u53ef\u4ee5\u67e5\u8be2 IP \u5730\u5740\u5230\u57df\u540d\u7684\u6620\u5c04\u5173\u7cfb\u3002\u4e3e\u4e00\u4e2a\u4f8b\u5b50\uff1a<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u3010\u8ddf\u8e2a dig \u5168\u8fc7\u7a0b\u3011<\/strong><\/p>\n\n\n\n

dig \u975e\u5e38\u8457\u540d\u7684\u4e00\u4e2a\u67e5\u8be2\u9009\u9879\u5c31\u662f +trace\uff0c\u5f53\u4f7f\u7528\u8fd9\u4e2a\u67e5\u8be2\u9009\u9879\u540e\uff0cdig \u4f1a\u4ece\u6839\u57df\u67e5\u8be2\u4e00\u76f4\u8ddf\u8e2a\u76f4\u5230\u67e5\u8be2\u5230\u6700\u7ec8\u7ed3\u679c\uff0c\u5e76\u5c06\u6574\u4e2a\u8fc7\u7a0b\u4fe1\u606f\u8f93\u51fa\u51fa\u6765<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n
\"\"\/<\/figure>\n\n\n\n

\u3010\u7cbe\u7b80 dig \u8f93\u51fa\u3011<\/strong><\/p>\n\n\n\n

\u4f7f\u7528 +nocmd \u7684\u8bdd\uff0c\u53ef\u4ee5\u8282\u7701\u8f93\u51fa dig \u7248\u672c\u4fe1\u606f\u3002<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

Dig \u53ef\u4ee5\u7528\u6765\u67e5\u57df\u4f20\u9001\u6f0f\u6d1e<\/p>\n\n\n\n

\u524d\u9762\u4ecb\u7ecd\u4e86 dig \u7684\u4f7f\u7528\uff0c\u82e5\u5c06\u67e5\u8be2\u7c7b\u578b\u8bbe\u5b9a\u4e3a axfr\uff0c\u5c31\u80fd\u5f97\u5230\u57df\u4f20\u9001\u6570\u636e\u3002\u8fd9\u4e5f\u662f\u6211\u4eec\u8981\u7528\u6765\u6d4b\u8bd5 DNS \u57df\u4f20\u9001\u6cc4\u9732\u7684\u547d\u4ee4<\/p>\n\n\n\n

3\u3001Nslookup \u7528\u6cd5<\/strong><\/h3>\n\n\n\n

nslookup \u662f\u7ad9\u957f\u8f83\u4e3a\u5e38\u7528\u7684\u5de5\u5177\u4e4b\u4e00\uff0c\u5b83\u751a\u81f3\u6bd4\u540c\u7c7b\u5de5\u5177 dig \u7684\u4f7f\u7528\u4eba\u6570\u66f4\u591a\uff0c\u539f\u56e0\u662f\u5b83\u7684\u8fd0\u884c\u73af\u5883\u662f windows \uff0c\u5e76\u4e14\u4e0d\u9700\u8981\u6211\u4eec\u518d\u53e6\u5916\u5b89\u88c5\u4ec0\u4e48\u4e1c\u897f\u3002dig \u662f\u5728 linux \u73af\u5883\u91cc\u8fd0\u884c\u7684\u547d\u4ee4\uff0c\u4e0d\u8fc7\u4e5f\u53ef\u4ee5\u5728 windows \u73af\u5883\u91cc\u4f7f\u7528\uff0c\u53ea\u662f\u9700\u8981\u5b89\u88c5 dig windows \u7248\u672c\u7684\u7a0b\u5e8f\u3002<\/p>\n\n\n\n

Nslookup \u547d\u4ee4\u4ee5\u4e24\u79cd\u65b9\u5f0f\u8fd0\u884c:\u975e\u4ea4\u4e92\u5f0f\u548c\u4ea4\u4e92\u5f0f\u3002\u672c\u6587\u7b2c\u4e00\u6b21\u63d0\u5230 \u201c\u4ea4\u4e92\u5f0f\u201d \u7684\u6982\u5ff5\uff0c\u7b80\u5355\u8bf4\u660e\uff1a\u4ea4\u4e92\u5f0f\u7cfb\u7edf\u662f\u6307\u6267\u884c\u8fc7\u7a0b\u4e2d\u5141\u8bb8\u7528\u6237\u8f93\u5165\u6570\u636e\u548c\u547d\u4ee4\u7684\u7cfb\u7edf\u3002\u800c\u975e\u4ea4\u4e92\u5f0f\u7cfb\u7edf\uff0c\u662f\u6307\u4e00\u65e6\u5f00\u59cb\u8fd0\u884c\uff0c\u4e0d\u9700\u8981\u4eba\u5e72\u9884\u5c31\u53ef\u4ee5\u81ea\u884c\u7ed3\u675f\u7684\u7cfb\u7edf\u3002\u56e0\u6b64\uff0cnslookup \u4ee5\u975e\u4ea4\u4e92\u5f0f\u65b9\u5f0f\u8fd0\u884c\uff0c\u5c31\u662f\u6307\u8fd0\u884c\u540e\u81ea\u884c\u7ed3\u675f\u3002\u800c \u201c\u4ea4\u4e92\u5f0f\u201d\uff0c\u662f\u6307\u5f00\u59cb\u8fd0\u884c\u540e\uff0c\u4f1a\u8981\u6c42\u4f7f\u7528\u8005\u8fdb\u4e00\u6b65\u8f93\u5165\u6570\u636e\u548c\u547d\u4ee4\u3002<\/p>\n\n\n\n

DNS \u8bb0\u5f55\u7c7b\u578b:<\/strong><\/p>\n\n\n\n

A \u5730\u5740\u8bb0\u5f55 \nAAAA \u5730\u5740\u8bb0\u5f55 \nAFSDB Andrew \u6587\u4ef6\u7cfb\u7edf\u6570\u636e\u5e93\u670d\u52a1\u5668\u8bb0\u5f55 \nATMA ATM \u5730\u5740\u8bb0\u5f55 \nCNAME \u522b\u540d\u8bb0\u5f55 \nHINFO \u786c\u4ef6\u914d\u7f6e\u8bb0\u5f55\uff0c\u5305\u62ec CPU \u3001\u64cd\u4f5c\u7cfb\u7edf\u4fe1\u606f \nISDN \u57df\u540d\u5bf9\u5e94\u7684 ISDN \u53f7\u7801 \nMB \u5b58\u653e\u6307\u5b9a\u90ae\u7bb1\u7684\u670d\u52a1\u5668 \nMG \u90ae\u4ef6\u7ec4\u8bb0\u5f55 \nMINFO \u90ae\u4ef6\u7ec4\u548c\u90ae\u7bb1\u7684\u4fe1\u606f\u8bb0\u5f55 \nMR \u6539\u540d\u7684\u90ae\u7bb1\u8bb0\u5f55 \nMX \u90ae\u4ef6\u670d\u52a1\u5668\u8bb0\u5f55 \nNS \u540d\u5b57\u670d\u52a1\u5668\u8bb0\u5f55 \nPTR \u53cd\u5411\u8bb0\u5f55 \nRP \u8d1f\u8d23\u4eba\u8bb0\u5f55 \nRT \u8def\u7531\u7a7f\u900f\u8bb0\u5f55 \nSRV TCP \u670d\u52a1\u5668\u4fe1\u606f\u8bb0\u5f55 \nTXT \u57df\u540d\u5bf9\u5e94\u7684\u6587\u672c\u4fe1\u606f \nX25 \u57df\u540d\u5bf9\u5e94\u7684 X.25 \u5730\u5740\u8bb0\u5f55<\/p><\/blockquote>\n\n\n\n

\u4e3e\u4f8b\u8bf4\u660e\uff1a<\/strong><\/p>\n\n\n\n

\u8bbe\u7f6e\u7c7b\u578b\u4e3a ns<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u4e0b\u9762\u7684\u4f8b\u5b50\u67e5\u8be2 baidu.com \u4f7f\u7528\u7684 DNS \u670d\u52a1\u5668\u540d\u79f0:<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u4e0b\u9762\u7684\u4f8b\u5b50\u5c55\u793a\u5982\u4f55\u67e5\u8be2 baidu.com \u7684\u90ae\u4ef6\u4ea4\u6362\u8bb0\u5f55\uff1a<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u67e5\u770b\u7f51\u7ad9 cname \u503c\u3002<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u67e5\u770b\u90ae\u4ef6\u670d\u52a1\u5668\u8bb0\u5f55\uff08 -qt=MX \uff09<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u540c\u6837 nslookup \u4e5f\u53ef\u4ee5\u9a8c\u8bc1\u662f\u5426\u5b58\u5728\u57df\u4f20\u9001\u6f0f\u6d1e\uff0c\u6b65\u9aa4\u5982\u4e0b\uff1a<\/p>\n\n\n\n

1) nslookup \u8fdb\u5165\u4ea4\u4e92\u5f0f\u6a21\u5f0f<\/p>\n\n\n\n

2) Server \u8bbe\u7f6e\u4f7f\u7528\u7684 DNS \u670d\u52a1\u5668<\/p>\n\n\n\n

3) ls \u547d\u4ee4\u5217\u51fa\u67d0\u4e2a\u57df\u4e2d\u7684\u6240\u6709\u57df\u540d<\/p>\n\n\n\n

4\u3001fierce \u5de5\u5177<\/strong><\/h3>\n\n\n\n

\u5728\u8fdb\u884c\u4e86\u57fa\u672c\u57df\u540d\u6536\u96c6\u4ee5\u540e\uff0c\u5982\u679c\u80fd\u901a\u8fc7\u4e3b\u57df\u540d\u5f97\u5230\u6240\u6709\u5b50\u57df\u540d\u4fe1\u606f\uff0c\u518d\u901a\u8fc7\u5b50\u57df\u540d\u67e5\u8be2\u5176\u5bf9\u5e94\u7684\u4e3b\u673a IP\uff0c\u8fd9\u6837\u6211\u4eec\u80fd\u5f97\u5230\u4e00\u4e2a\u8f83\u4e3a\u5b8c\u6574\u7684\u4fe1\u606f\u3002\u9664\u4e86\u9ed8\u8ba4\u4f7f\u7528\uff0c\u6211\u4eec\u8fd8\u53ef\u4ee5\u81ea\u5df1\u5b9a\u4e49\u5b57\u5178\u6765\u8fdb\u884c\u57df\u540d\u7206\u7834\u3002<\/p>\n\n\n\n

\u4f7f\u7528 fierce \u5de5\u5177\uff0c\u53ef\u4ee5\u8fdb\u884c\u57df\u540d\u5217\u8868\u67e5\u8be2\uff1afierce -dns domainName<\/code><\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u8f93\u51fa\u7ed3\u679c\u8868\u660e\uff0c\u7a0b\u5e8f\u9996\u5148\u8fdb\u884c\u4e86\u57df\u4f20\u9001\u6d4b\u8bd5\uff0c\u57df\u4f20\u9001\u901a\u8fc7\u4e00\u6761\u547d\u4ee4\u5c31\u80fd\u83b7\u53d6\u670d\u52a1\u5668\u4e0a\u6240\u6709\u7684\u57df\u540d\u4fe1\u606f\u3002\u5982\u679c\u4e00\u6b21\u5c31\u80fd\u7b80\u5355\u83b7\u53d6\u670d\u52a1\u5668\u4e0a\u6240\u6709\u8bb0\u5f55\u57df\u540d\u4fe1\u606f,\u5c31\u4e0d\u518d\u66b4\u529b\u7834\u89e3\u3002 <\/p>\n\n\n\n

\u4f46\u4ece\u7ed3\u679c\u4e0a\u770b\uff0c\u201cUnsucessful in zone transfer\u201d , \u57df\u4f20\u9001\u6d4b\u8bd5\u662f\u5931\u8d25\u4e86\u3002\u63a5\u7740\u6267\u884c\u66b4\u529b\u7834\u89e3\uff0c\u6d4b\u8bd5\u7684\u6570\u91cf\u53d6\u51b3\u4e8e\u5b57\u5178\u4e2d\u63d0\u4f9b\u7684\u5b57\u7b26\u4e32\u6570\u91cf\uff0c\u4e0a\u4f8b\u4e2d\u6ca1\u6709\u6307\u5b9a\u5b57\u5178\uff0c\u5728\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u5728 Kali \u4e2d\u4f7f\u7528 \/usr\/share\/fierce\/hosts.txt<\/code>\u3002\u4e00\u4e2a\u5185\u90e8\u7f51\u7edc\u7684 DNS \u57df\u540d\u670d\u52a1\u5668\u53ef\u4ee5\u63d0\u4f9b\u5927\u91cf\u4fe1\u606f\uff0c\u8fd9\u4e9b\u4fe1\u606f\u53ef\u4ee5\u5728\u4ee5\u540e\u8bc4\u4f30\u7f51\u7edc\u6f0f\u6d1e\u3002 <\/p>\n\n\n\n

5\u3001theHarvester \u7684\u4f7f\u7528<\/strong><\/h3>\n\n\n\n

theHarvester \u662f\u4e00\u4e2a\u793e\u4f1a\u5de5\u7a0b\u5b66\u5de5\u5177\uff0c\u5b83\u901a\u8fc7\u641c\u7d22\u5f15\u64ce\u3001PGP \u670d\u52a1\u5668\u4ee5\u53ca SHODAN \u6570\u636e\u5e93\u6536\u96c6\u7528\u6237\u7684 email \uff0c\u5b50\u57df\u540d\uff0c\u4e3b\u673a\uff0c\u96c7\u5458\u540d\uff0c\u5f00\u653e\u7aef\u53e3\u548c banner \u4fe1\u606f\u3002<\/p>\n\n\n\n

-d \u670d\u52a1\u5668\u57df\u540d \n-l \u9650\u5236\u663e\u793a\u6570\u76ee \n-b \u8c03\u7528\u641c\u7d22\u5f15\u64ce\uff08baidu,google,bing,bingapi,pgp,linkedin,googleplus,jigsaw,all\uff09\n-f \u7ed3\u679c\u4fdd\u5b58\u4e3aHTML\u548cXML\u6587\u4ef6\n-h \u4f7f\u7528\u50bb\u86cb\u6570\u636e\u5e93\u67e5\u8be2\u53d1\u73b0\u4e3b\u673a\u4fe1\u606f<\/p><\/blockquote>\n\n\n\n

\u5b9e\u4f8b1\uff1a<\/strong><\/p>\n\n\n\n

theHarvester -d sec-redclub.com -l 100 -b baidu<\/p><\/blockquote>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u5b9e\u4f8b2\uff1a<\/strong><\/p>\n\n\n\n

\u8f93\u51fa\u5230 html \u6587\u4ef6\u4e2d\uff0c\u53ef\u4ee5\u66f4\u6e05\u6670\u7684\u770b\u5230\u641c\u7d22\u7684\u7f51\u7ad9\u4fe1\u606f\u7684\u6a21\u578b\u3002<\/p>\n\n\n\n

theHarvester -d sec-redclub.com -l 100 -b baidu -fmyresults.html<\/p><\/blockquote>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

6\u3001DNS \u679a\u4e3e\u5de5\u5177 DNSenum<\/strong><\/h3>\n\n\n\n

DNSenum \u662f\u4e00\u6b3e\u975e\u5e38\u5f3a\u5927\u7684\u57df\u540d\u4fe1\u606f\u6536\u96c6\u5de5\u5177\u3002\u5b83\u80fd\u591f\u901a\u8fc7\u8c37\u6b4c\u6216\u8005\u5b57\u5178\u6587\u4ef6\u731c\u6d4b\u53ef\u80fd\u5b58\u5728\u7684\u57df\u540d\uff0c\u5e76\u5bf9\u4e00\u4e2a\u7f51\u6bb5\u8fdb\u884c\u53cd\u5411\u67e5\u8be2\u3002\u5b83\u4e0d\u4ec5\u53ef\u4ee5\u67e5\u8be2\u7f51\u7ad9\u7684\u4e3b\u673a\u5730\u5740\u4fe1\u606f\u3001\u57df\u540d\u670d\u52a1\u5668\u548c\u90ae\u4ef6\u4ea4\u6362\u8bb0\u5f55\uff0c\u8fd8\u53ef\u4ee5\u5728\u57df\u540d\u670d\u52a1\u5668\u4e0a\u6267\u884c axfr \u8bf7\u6c42\uff0c\u7136\u540e\u901a\u8fc7\u8c37\u6b4c\u811a\u672c\u5f97\u5230\u6269\u5c55\u57df\u540d\u4fe1\u606f\uff0c\u63d0\u53d6\u5b50\u57df\u540d\u5e76\u67e5\u8be2\uff0c\u6700\u540e\u8ba1\u7b97 C \u7c7b\u5730\u5740\u5e76\u6267\u884c whois \u67e5\u8be2\uff0c\u6267\u884c\u53cd\u5411\u67e5\u8be2\uff0c\u628a\u5730\u5740\u6bb5\u5199\u5165\u6587\u4ef6\u3002\u672c\u5c0f\u8282\u5c06\u4ecb\u7ecd\u4f7f\u7528 DNSenum \u5de5\u5177\u68c0\u67e5 DNS \u679a\u4e3e\u3002\u5728\u7ec8\u7aef\u6267\u884c\u5982\u4e0b\u6240\u793a\u7684\u547d\u4ee4\uff1a<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n
\"\"\/<\/figure>\n\n\n\n

\u8f93\u51fa\u7684\u4fe1\u606f\u663e\u793a\u4e86 DNS \u670d\u52a1\u7684\u8be6\u7ec6\u4fe1\u606f\u3002\u5176\u4e2d\uff0c\u5305\u62ec\u4e3b\u673a\u5730\u5740\u3001\u57df\u540d\u670d\u52a1\u5730\u5740\u548c\u90ae\u4ef6\u670d\u52a1\u5730\u5740\uff0c\u6700\u540e\u4f1a\u5c1d\u8bd5\u662f\u5426\u5b58\u5728\u57df\u4f20\u9001\u6f0f\u6d1e\u3002<\/p>\n\n\n\n

\u4f7f\u7528 DNSenum \u5de5\u5177\u68c0\u67e5 DNS \u679a\u4e3e\u65f6\uff0c\u53ef\u4ee5\u4f7f\u7528 dnsenum \u7684\u4e00\u4e9b\u9644\u52a0\u9009\u9879\uff0c\u5982\u4e0b\u6240\u793a\u3002<\/p>\n\n\n\n

–threads[number]\uff1a\u8bbe\u7f6e\u7528\u6237\u540c\u65f6\u8fd0\u884c\u591a\u4e2a\u8fdb\u7a0b\u6570\u3002\n-r\uff1a\u5141\u8bb8\u7528\u6237\u542f\u7528\u9012\u5f52\u67e5\u8be2\u3002\n-d\uff1a\u5141\u8bb8\u7528\u6237\u8bbe\u7f6e WHOIS \u8bf7\u6c42\u4e4b\u95f4\u65f6\u95f4\u5ef6\u8fdf\u6570\uff08\u5355\u4f4d\u4e3a\u79d2\uff09\u3002\n-o\uff1a\u5141\u8bb8\u7528\u6237\u6307\u5b9a\u8f93\u51fa\u4f4d\u7f6e\u3002\n-w\uff1a\u5141\u8bb8\u7528\u6237\u542f\u7528 WHOIS \u8bf7\u6c42\u3002<\/p><\/blockquote>\n\n\n\n

7\u3001subDomainsbrute \u4e8c\u7ea7\u57df\u540d\u6536\u96c6<\/strong><\/h3>\n\n\n\n

\u4e8c\u7ea7\u57df\u540d\u662f\u6307\u9876\u7ea7\u57df\u540d\u4e4b\u4e0b\u7684\u57df\u540d\uff0c\u5728\u56fd\u9645\u9876\u7ea7\u57df\u540d\u4e0b\uff0c\u5b83\u662f\u6307\u57df\u540d\u6ce8\u518c<\/a>\u4eba\u7684\u7f51\u4e0a\u540d\u79f0\uff1b\u5728\u56fd\u5bb6\u9876\u7ea7\u57df\u540d\u4e0b\uff0c\u5b83\u662f\u8868\u793a\u6ce8\u518c\u4f01\u4e1a\u7c7b\u522b\u7684\u7b26\u53f7\u3002\u6211\u56fd\u5728\u56fd\u9645\u4e92\u8054\u7f51\u7edc\u4fe1\u606f\u4e2d\u5fc3\uff08Inter NIC\uff09 \u6b63\u5f0f\u6ce8\u518c\u5e76\u8fd0\u884c\u7684\u9876\u7ea7\u57df\u540d\u662fCN\uff0c\u8fd9\u4e5f\u662f\u6211\u56fd\u7684\u4e00\u7ea7\u57df\u540d\u3002\u5728\u9876\u7ea7\u57df\u540d\u4e4b\u4e0b\uff0c\u6211\u56fd\u7684\u4e8c\u7ea7\u57df\u540d\u53c8\u5206\u4e3a\u7c7b\u522b\u57df\u540d\u548c\u884c\u653f\u533a\u57df\u540d\u4e24\u7c7b\u3002\u7c7b\u522b\u57df\u540d\u51717\u4e2a\uff0c\u5305\u62ec\u7528\u4e8e\u79d1\u7814\u673a\u6784\u7684ac\uff1b\u56fd\u9645\u901a\u7528\u57df\u540dcom\u3001top\uff1b\u7528\u4e8e\u6559\u80b2\u673a\u6784\u7684edu\uff1b\u7528\u4e8e\u653f\u5e9c\u90e8\u95e8\u7684gov\uff1b\u7528\u4e8e\u4e92\u8054\u7f51\u7edc\u4fe1\u606f\u4e2d\u5fc3\u548c\u8fd0\u884c\u4e2d\u5fc3\u7684net\uff1b\u7528\u4e8e\u975e\u76c8\u5229\u7ec4\u7ec7\u7684org\u3002\u800c\u884c\u653f\u533a\u57df\u540d\u670934\u4e2a\uff0c\u5206\u522b\u5bf9\u5e94\u4e8e\u6211\u56fd\u5404\u7701\u3001\u81ea\u6cbb\u533a\u548c\u76f4\u8f96\u5e02\u3002\uff08\u6458\u81ea\u767e\u5ea6\u767e\u79d1<\/strong>\uff09<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u4ee5\u4e0a\u4e3a\u5de5\u5177\u9ed8\u8ba4\u53c2\u6570\uff0c\u5982\u679c\u662f\u65b0\u624b\uff0c\u8bf7\u76f4\u63a5\u8ddf\u4e3b\u57df\u540d\u5373\u53ef\uff0c\u4e0d\u7528\u8fdb\u884c\u5176\u5b83\u8bbe\u7f6e\u3002<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

python subDomainsbrute.py sec-redclub.com<\/p><\/blockquote>\n\n\n\n

\u5c31\u53ef\u4ee5\u76f4\u63a5\u8fd0\u884c\uff0c\u7b49\u5f85\u7ed3\u679c\uff0c\u6700\u540e\u5728\u5de5\u5177\u6587\u4ef6\u5939\u4e0b\u9762\u5b58\u5728txt\u6587\u4ef6\uff0c\u76f4\u63a5\u5bfc\u5165\u626b\u63cf\u5de5\u5177\u5c31\u53ef\u4ee5\u8fdb\u884c\u626b\u63cf\u4e86\u3002<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

8\u3001layer\u5b50\u57df\u540d\u68c0\u6d4b\u5de5\u5177<\/strong><\/p>\n\n\n\n

layer\u5b50\u57df\u540d\u68c0\u6d4b\u5de5\u5177\u4e3b\u8981\u662fwindows\u4e00\u6b3e\u4e8c\u7ea7\u57df\u540d\u68c0\u6d4b\u5de5\u5177\uff0c\u5229\u7528\u7206\u7834\u5f62\u5f0f\u3002<\/p>\n\n\n\n

\u5de5\u5177\u4f5c\u8005\uff1ahttp:\/\/www.cnseay.com\/4193\/<\/code><\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u57df\u540d\u5bf9\u8bdd\u6846\u76f4\u63a5\u8f93\u5165\u57df\u540d\u5c31\u53ef\u4ee5\u8fdb\u884c\u626b\u63cf\u4e86\uff0c\u5de5\u5177\u663e\u793a\u6bd4\u8f83\u7ec6\u81f4\uff0c\u6709\u57df\u540d\u3001\u89e3\u6790 ip\u3001cnd \u5217\u8868\u3001web \u670d\u52a1\u5668\u548c\u7f51\u7ad9\u72b6\u6001\uff0c\u8fd9\u4e9b\u5bf9\u4e8e\u4e00\u4e2a\u5b89\u5168\u6d4b\u8bd5\u4eba\u5458\uff0c\u975e\u5e38\u91cd\u8981\u3002\u5982\u4e0b\u64cd\u4f5c\uff1a<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u56de\u663e\u793a\u5927\u90e8\u5206\u4e3b\u8981\u4e8c\u7ea7\u57df\u540d\u3002<\/p>\n\n\n\n

9\u3001Nmap<\/strong><\/h3>\n\n\n\n

Nmap \u662f\u4e00\u4e2a\u7f51\u7edc\u8fde\u63a5\u7aef\u53e3\u626b\u63cf\u8f6f\u4ef6\uff0c\u7528\u6765\u626b\u63cf\u7f51\u4e0a\u7535\u8111\u5f00\u653e\u7684\u7f51\u7edc\u8fde\u63a5\u7aef\u53e3\u3002\u786e\u5b9a\u54ea\u4e9b\u670d\u52a1\u8fd0\u884c\u5728\u54ea\u4e9b\u8fde\u63a5\u7aef\u53e3\uff0c\u5e76\u4e14\u63a8\u65ad\u8ba1\u7b97\u673a\u8fd0\u884c\u54ea\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002\u5b83\u662f\u7f51\u7edc\u7ba1\u7406\u5458\u5fc5\u7528\u7684\u8f6f\u4ef6\u4e4b\u4e00\uff0c\u4ee5\u53ca\u7528\u4ee5\u8bc4\u4f30\u7f51\u7edc\u7cfb\u7edf\u5b89\u5168\u3002<\/p>\n\n\n\n

\u529f\u80fd:<\/strong><\/p>\n\n\n\n

1\u3001 \u4e3b\u673a\u53d1\u73b0<\/p>\n\n\n\n

2\u3001 \u7aef\u53e3\u626b\u63cf<\/p>\n\n\n\n

3\u3001 \u7248\u672c\u4fa6\u6d4b<\/p>\n\n\n\n

4\u3001 OS\u4fa6\u6d4b<\/p>\n\n\n\n

\u51e0\u79cd\u90e8\u7f72\u65b9\u5f0f\uff1a<\/strong><\/p>\n\n\n\n

1\u3001Kail \u96c6\u6210\u73af\u5883<\/p>\n\n\n\n

2\u3001\u5355\u72ec\u5b89\u88c5\uff08\u4f7f\u7528 yum \u5de5\u5177\u76f4\u63a5\u5b89\u88c5\uff09<\/p>\n\n\n\n

3\u3001PentestBox \u73af\u5883<\/p>\n\n\n\n

4\u3001Windows \u7248\u7b49\u7b49<\/p>\n\n\n\n

Nmap \u7684\u53c2\u6570\u548c\u9009\u9879\u7e41\u591a\uff0c\u529f\u80fd\u975e\u5e38\u4e30\u5bcc\u3002\u6211\u4eec\u5148\u6765\u770b\u4e00\u4e0b Nmap \u7684\u901a\u7528\u547d\u4ee4\u683c\u5f0f\uff1a\uff08\u8be6\u7ec6\u6559\u7a0b\u53ca\u4e0b\u8f7d\u65b9\u5f0f\u53c2\u89c1\uff1ahttp:\/\/nmap.org\/<\/code>\uff09<\/p>\n\n\n\n

Nmap < \u626b\u63cf\u9009\u9879 > < \u626b\u63cf\u76ee\u6807 ><\/p><\/blockquote>\n\n\n\n

\u4e3b\u673a\u53d1\u73b0\u7684\u539f\u7406\u4e0e Ping \u547d\u4ee4\u7c7b\u4f3c\uff0c\u53d1\u9001\u63a2\u6d4b\u5305\u5230\u76ee\u6807\u4e3b\u673a\uff0c\u5982\u679c\u6536\u5230\u56de\u590d\uff0c\u90a3\u4e48\u8bf4\u660e\u76ee\u6807\u4e3b\u673a\u662f\u5f00\u542f\u7684\u3002Nmap \u652f\u6301\u5341\u591a\u79cd\u4e0d\u540c\u7684\u4e3b\u673a\u63a2\u6d4b\u65b9\u5f0f\uff0c\u6bd4\u5982\u53d1\u9001 ICMP ECHO\/TIMESTAMP\/NETMASK<\/code> \u62a5\u6587\u3001\u53d1\u9001 TCPSYN\/ACK<\/code> \u5305\u3001\u53d1\u9001 SCTP INIT\/COOKIE-ECHO<\/code> \u5305\uff0c\u7528\u6237\u53ef\u4ee5\u5728\u4e0d\u540c\u7684\u6761\u4ef6\u4e0b\u7075\u6d3b\u9009\u7528\u4e0d\u540c\u7684\u65b9\u5f0f\u6765\u63a2\u6d4b\u76ee\u6807\u673a\u3002<\/p>\n\n\n\n

\u4e3b\u673a\u53d1\u73b0\u7684\u57fa\u672c\u7528\u6cd5:<\/strong><\/p>\n\n\n\n

-sL: List Scan \u5217\u8868\u626b\u63cf\uff0c\u4ec5\u5c06\u6307\u5b9a\u7684\u76ee\u6807\u7684IP\u5217\u4e3e\u51fa\u6765\uff0c\u4e0d\u8fdb\u884c\u4e3b\u673a\u53d1\u73b0\u3002 \n -sn: Ping Scan \u53ea\u8fdb\u884c\u4e3b\u673a\u53d1\u73b0\uff0c\u4e0d\u8fdb\u884c\u7aef\u53e3\u626b\u63cf\u3002 \n -Pn: \u5c06\u6240\u6709\u6307\u5b9a\u7684\u4e3b\u673a\u89c6\u4f5c\u5f00\u542f\u7684\uff0c\u8df3\u8fc7\u4e3b\u673a\u53d1\u73b0\u7684\u8fc7\u7a0b\u3002 \n -PS\/PA\/PU\/PY[portlist]: \u4f7f\u7528TCPSYN\/ACK\u6216SCTP INIT\/ECHO\u65b9\u5f0f\u8fdb\u884c\u53d1\u73b0\u3002 \n -PE\/PP\/PM: \u4f7f\u7528ICMP echo,timestamp, and netmask \u8bf7\u6c42\u5305\u53d1\u73b0\u4e3b\u673a\u3002\n -PO[protocollist]: \u4f7f\u7528IP\u534f\u8bae\u5305\u63a2\u6d4b\u5bf9\u65b9\u4e3b\u673a\u662f\u5426\u5f00\u542f\u3002\n -sP:Ping \u6307\u5b9a\u8303\u56f4\u5185\u7684 IP \u5730\u5740\n -n\/-R: -n\u8868\u793a\u4e0d\u8fdb\u884cDNS\u89e3\u6790\uff1b-R\u8868\u793a\u603b\u662f\u8fdb\u884cDNS\u89e3\u6790\u3002 \n –dns-servers <serv1[,serv2],…>: \u6307\u5b9aDNS\u670d\u52a1\u5668\u3002 \n –system-dns: \u6307\u5b9a\u4f7f\u7528\u7cfb\u7edf\u7684DNS\u670d\u52a1\u5668 \n –traceroute: \u8ffd\u8e2a\u6bcf\u4e2a\u8def\u7531\u8282\u70b9 <\/p><\/blockquote>\n\n\n\n

\u626b\u63cf\u5c40\u57df\u7f51 192.168.80.1\/24<\/code> \u8303\u56f4\u5185\u54ea\u4e9b IP \u7684\u4e3b\u673a\u662f\u6d3b\u52a8\u7684\u3002<\/p>\n\n\n\n

\u547d\u4ee4\u5982\u4e0b\uff1a<\/p>\n\n\n\n

nmap \u2013sn 192.168.80.1\/24<\/p><\/blockquote>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u7531\u56fe\u53ef\u77e5\uff1a192.168.80.1\u3001192.168.80.254\u3001192.168.80.166<\/code> \u4e09\u53f0\u4e3b\u673a\u5904\u4e8e\u5b58\u6d3b\u72b6\u6001\u3002<\/p>\n\n\n\n

\u626b\u63cf\u5c40\u57df\u7f51 192.168.80.100-200<\/code> \u8303\u56f4\u5185\u54ea\u4e9b IP \u7684\u4e3b\u673a\u662f\u6d3b\u52a8\u7684\u3002<\/p>\n\n\n\n

\u547d\u4ee4\u5982\u4e0b\uff1a<\/p>\n\n\n\n

nmap \u2013sP 192.168.80.100-200<\/p><\/blockquote>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u7aef\u53e3\u626b\u63cf\u662f Nmap \u6700\u57fa\u672c\u6700\u6838\u5fc3\u7684\u529f\u80fd\uff0c\u7528\u4e8e\u786e\u5b9a\u76ee\u6807\u4e3b\u673a\u7684 TCP\/UDP \u7aef\u53e3\u7684\u5f00\u653e\u60c5\u51b5\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cNmap \u4f1a\u626b\u63cf 1000 \u4e2a\u6700\u6709\u53ef\u80fd\u5f00\u653e\u7684 TCP \u7aef\u53e3\u3002Nmap \u901a\u8fc7\u63a2\u6d4b\u5c06\u7aef\u53e3\u5212\u5206\u4e3a 6 \u4e2a\u72b6\u6001\uff1a<\/p>\n\n\n\n

open\uff1a\u7aef\u53e3\u662f\u5f00\u653e\u7684\u3002\nclosed\uff1a\u7aef\u53e3\u662f\u5173\u95ed\u7684\u3002\nfiltered\uff1a\u7aef\u53e3\u88ab\u9632\u706b\u5899 IDS\/IPS \u5c4f\u853d\uff0c\u65e0\u6cd5\u786e\u5b9a\u5176\u72b6\u6001\u3002\nunfiltered\uff1a\u7aef\u53e3\u6ca1\u6709\u88ab\u5c4f\u853d\uff0c\u4f46\u662f\u5426\u5f00\u653e\u9700\u8981\u8fdb\u4e00\u6b65\u786e\u5b9a\u3002\nopen|filtered\uff1a\u7aef\u53e3\u662f\u5f00\u653e\u7684\u6216\u88ab\u5c4f\u853d\u3002\nclosed|filtered \uff1a\u7aef\u53e3\u662f\u5173\u95ed\u7684\u6216\u88ab\u5c4f\u853d\u3002<\/p><\/blockquote>\n\n\n\n

\u7aef\u53e3\u626b\u63cf\u65b9\u9762\u975e\u5e38\u5f3a\u5927\uff0c\u63d0\u4f9b\u4e86\u5f88\u591a\u7684\u63a2\u6d4b\u65b9\u5f0f\uff1a<\/p>\n\n\n\n

TCP SYN scanning\n TCP connect scanning\n TCP ACK scanning\n TCP FIN\/Xmas\/NULL scanning\n UDP scanning<\/p><\/blockquote>\n\n\n\n

\u5176\u4ed6\u65b9\u5f0f<\/strong><\/p>\n\n\n\n

-sS\/sT\/sA\/sW\/sM: \u6307\u5b9a\u4f7f\u7528 TCPSYN\/Connect()\/ACK\/Window\/Maimon scans \u7684\u65b9\u5f0f\u6765\u5bf9\u76ee\u6807\u4e3b\u673a\u8fdb\u884c\u626b\u63cf\u3002 \n -sU: \u6307\u5b9a\u4f7f\u7528 UDP \u626b\u63cf\u65b9\u5f0f\u786e\u5b9a\u76ee\u6807\u4e3b\u673a\u7684UDP\u7aef\u53e3\u72b6\u51b5\u3002 \n -sN\/sF\/sX: \u6307\u5b9a\u4f7f\u7528 TCP Null,FIN, and Xmas scans \u79d8\u5bc6\u626b\u63cf\u65b9\u5f0f\u6765\u534f\u52a9\u63a2\u6d4b\u5bf9\u65b9\u7684 TCP \u7aef\u53e3\u72b6\u6001\u3002 \n –scanflags <flags>: \u5b9a\u5236 TCP \u5305\u7684 flags\u3002 \n -sI zombiehost[:probeport]: \u6307\u5b9a\u4f7f\u7528 idle scan \u65b9\u5f0f\u6765\u626b\u63cf\u76ee\u6807\u4e3b\u673a\uff08\u524d\u63d0\u9700\u8981\u627e\u5230\u5408\u9002\u7684 zombie host \uff09\n -sY\/sZ: \u4f7f\u7528 SCTPINIT\/COOKIE-ECHO \u6765\u626b\u63cf SCTP \u534f\u8bae\u7aef\u53e3\u7684\u5f00\u653e\u7684\u60c5\u51b5\u3002 \n -sO: \u4f7f\u7528 IP protocol \u626b\u63cf\u786e\u5b9a\u76ee\u6807\u673a\u652f\u6301\u7684\u534f\u8bae\u7c7b\u578b\u3002\n -b <FTP relay host>: \u4f7f\u7528 FTPbounce scan \u626b\u63cf\u65b9\u5f0f \n -p \u6307\u5b9a\u7aef\u53e3\u626b\u63cf<\/p><\/blockquote>\n\n\n\n

\u5728\u6b64\uff0c\u6211\u4eec\u4ee5\u4e3b\u673a 192.168.80.166<\/code> \u4e3a\u4f8b\u3002\u547d\u4ee4\u5982\u4e0b\uff1a<\/p>\n\n\n\n

nmap-sS -p0-65535 -T4 192.168.80.166<\/p><\/blockquote>\n\n\n\n

\u53c2\u6570 -sS \u8868\u793a\u4f7f\u7528 TCP SYN \u65b9\u5f0f\u626b\u63cf TCP \u7aef\u53e3\uff1b-p0-65535 \u8868\u793a\u626b\u63cf\u6240\u6709\u7aef\u53e3\uff1b-T4 \u8868\u793a\u65f6\u95f4\u7ea7\u522b\u914d\u7f6e 4 \u7ea7\uff1b <\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u626b\u63cf\u7279\u5b9a\u7aef\u53e3\u662f\u5426\u5f00\u653e<\/p>\n\n\n\n

nmap -p21,80,445,3306 192.168.80.166<\/p><\/blockquote>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u7b80\u8981\u7684\u4ecb\u7ecd\u7248\u672c\u7684\u4fa6\u6d4b\u539f\u7406\u3002\u7248\u672c\u4fa6\u6d4b\u4e3b\u8981\u5206\u4e3a\u4ee5\u4e0b\u51e0\u4e2a\u6b65\u9aa4\uff1a<\/strong><\/p>\n\n\n\n

1\u3001\u9996\u5148\u68c0\u67e5 open \u4e0e open|filtered \u72b6\u6001\u7684\u7aef\u53e3\u662f\u5426\u5728\u6392\u9664\u7aef\u53e3\u5217\u8868\u5185\u3002\u5982\u679c\u5728\u6392\u9664\u5217\u8868\uff0c\u5c06\u8be5\u7aef\u53e3\u5254\u9664\u3002<\/p>\n\n\n\n

2\u3001\u5982\u679c\u662f TCP \u7aef\u53e3\uff0c\u5c1d\u8bd5\u5efa\u7acb TCP \u8fde\u63a5\u3002\u5c1d\u8bd5\u7b49\u5f85\u7247\u523b\uff08\u901a\u5e38 6 \u79d2\u6216\u66f4\u591a\uff0c\u5177\u4f53\u65f6\u95f4\u53ef\u4ee5\u67e5\u8be2\u6587\u4ef6 nmap-services-probes<\/code> \u4e2d Probe TCP NULL q||<\/code> \u5bf9\u5e94\u7684 totalwaitms \uff09\u3002\u901a\u5e38\u5728\u7b49\u5f85\u65f6\u95f4\u5185\uff0c\u4f1a\u63a5\u6536\u5230\u76ee\u6807\u673a\u53d1\u9001\u7684 \u201cWelcomeBanner\u201d \u4fe1\u606f\u3002nmap \u5c06\u63a5\u6536\u5230\u7684 Banner \u4e0e nmap-services-probes<\/code> \u4e2d NULL probe<\/code> \u4e2d\u7684\u7b7e\u540d\u8fdb\u884c\u5bf9\u6bd4\u3002\u67e5\u627e\u5bf9\u5e94\u5e94\u7528\u7a0b\u5e8f\u7684\u540d\u5b57\u4e0e\u7248\u672c\u4fe1\u606f\u3002<\/p>\n\n\n\n

3\u3001\u5982\u679c\u901a\u8fc7 \u201cWelcome Banner\u201d \u65e0\u6cd5\u786e\u5b9a\u5e94\u7528\u7a0b\u5e8f\u7248\u672c\uff0c\u90a3\u4e48 nmap \u518d\u5c1d\u8bd5\u53d1\u9001\u5176\u4ed6\u7684\u63a2\u6d4b\u5305\uff08\u5373\u4ece nmap-services-probes<\/code> \u4e2d\u6311\u9009\u5408\u9002\u7684 probe \uff09\uff0c\u5c06 probe \u5f97\u5230\u56de\u590d\u5305\u4e0e\u6570\u636e\u5e93\u4e2d\u7684\u7b7e\u540d\u8fdb\u884c\u5bf9\u6bd4\u3002\u5982\u679c\u53cd\u590d\u63a2\u6d4b\u90fd\u65e0\u6cd5\u5f97\u51fa\u5177\u4f53\u5e94\u7528\uff0c\u90a3\u4e48\u6253\u5370\u51fa\u5e94\u7528\u8fd4\u56de\u62a5\u6587\uff0c\u8ba9\u7528\u6237\u81ea\u884c\u8fdb\u4e00\u6b65\u5224\u5b9a\u3002<\/p>\n\n\n\n

4\u3001\u5982\u679c\u662f UDP \u7aef\u53e3\uff0c\u90a3\u4e48\u76f4\u63a5\u4f7f\u7528 nmap-services-probes<\/code> \u4e2d\u63a2\u6d4b\u5305\u8fdb\u884c\u63a2\u6d4b\u5339\u914d\u3002\u6839\u636e\u7ed3\u679c\u5bf9\u6bd4\u5206\u6790\u51fa UDP \u5e94\u7528\u670d\u52a1\u7c7b\u578b\u3002<\/p>\n\n\n\n

5\u3001\u5982\u679c\u63a2\u6d4b\u5230\u5e94\u7528\u7a0b\u5e8f\u662f SSL\uff0c\u90a3\u4e48\u8c03\u7528 openSSL \u8fdb\u4e00\u6b65\u7684\u4fa6\u67e5\u8fd0\u884c\u5728 SSL \u4e4b\u4e0a\u7684\u5177\u4f53\u7684\u5e94\u7528\u7c7b\u578b\u3002<\/p>\n\n\n\n

6\u3001\u5982\u679c\u63a2\u6d4b\u5230\u5e94\u7528\u7a0b\u5e8f\u662f SunRPC\uff0c\u90a3\u4e48\u8c03\u7528 brute-force RPC grinder<\/code> \u8fdb\u4e00\u6b65\u63a2\u6d4b\u5177\u4f53\u670d\u52a1\u3002<\/p>\n\n\n\n

\u5177\u4f53\u53c2\u6570\u89e3\u91ca<\/strong><\/p>\n\n\n\n

-sV: \u6307\u5b9a\u8ba9 Nmap \u8fdb\u884c\u7248\u672c\u4fa6\u6d4b \n –version-intensity <level>: \u6307\u5b9a\u7248\u672c\u4fa6\u6d4b\u5f3a\u5ea6 \uff08 0-9 \uff09\uff0c\u9ed8\u8ba4\u4e3a 7 \u3002\u6570\u503c\u8d8a\u9ad8\uff0c\u63a2\u6d4b\u51fa\u7684\u670d\u52a1\u8d8a\u51c6\u786e\uff0c\u4f46\u662f\u8fd0\u884c\u65f6\u95f4\u4f1a\u6bd4\u8f83\u957f\u3002 \n –version-light: \u6307\u5b9a\u4f7f\u7528\u8f7b\u91cf\u4fa6\u6d4b\u65b9\u5f0f ( intensity 2 ) \n –version-all: \u5c1d\u8bd5\u4f7f\u7528\u6240\u6709\u7684probes\u8fdb\u884c\u4fa6\u6d4b ( intensity 9 ) \n –version-trace: \u663e\u793a\u51fa\u8be6\u7ec6\u7684\u7248\u672c\u4fa6\u6d4b\u8fc7\u7a0b\u4fe1\u606f\u3002 <\/p><\/blockquote>\n\n\n\n

\u5bf9\u4e3b\u673a 192.168.80.166 \u8fdb\u884c\u7248\u672c\u4fa6\u6d4b\u3002<\/p>\n\n\n\n

\u547d\u4ee4\u5982\u4e0b\uff1a<\/p>\n\n\n\n

nmap -sV -p0-65535 -T4 192.168.80.166<\/p><\/blockquote>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

Nmap \u4f7f\u7528 TCP\/IP \u534f\u8bae\u6808\u6307\u7eb9\u6765\u8bc6\u522b\u4e0d\u540c\u7684\u64cd\u4f5c\u7cfb\u7edf\u548c\u8bbe\u5907\u3002\u5728 RFC \u89c4\u8303\u4e2d\uff0c\u6709\u4e9b\u5730\u65b9\u5bf9 TCP\/IP \u7684\u5b9e\u73b0\u5e76\u6ca1\u6709\u5f3a\u5236\u89c4\u5b9a\uff0c\u7531\u6b64\u4e0d\u540c\u7684 TCP\/IP \u65b9\u6848\u4e2d\u53ef\u80fd\u90fd\u6709\u81ea\u5df1\u7684\u7279\u5b9a\u65b9\u5f0f\u3002Nmap \u4e3b\u8981\u662f\u6839\u636e\u8fd9\u4e9b\u7ec6\u8282\u4e0a\u7684\u5dee\u5f02\u6765\u5224\u65ad\u64cd\u4f5c\u7cfb\u7edf\u7684\u7c7b\u578b\u7684\u3002<\/p>\n\n\n\n

\u5177\u4f53\u5b9e\u73b0\u65b9\u5f0f\u5982\u4e0b\uff1a<\/strong><\/p>\n\n\n\n

Nmap \u5185\u90e8\u5305\u542b\u4e86 2600 \u591a\u5df2\u77e5\u7cfb\u7edf\u7684\u6307\u7eb9\u7279\u5f81\uff08\u5728\u6587\u4ef6 nmap-os-db \u6587\u4ef6\u4e2d\uff09\u3002\u5c06\u6b64\u6307\u7eb9\u6570\u636e\u5e93\u4f5c\u4e3a\u8fdb\u884c\u6307\u7eb9\u5bf9\u6bd4\u7684\u6837\u672c\u5e93\u3002\u5206\u522b\u6311\u9009\u4e00\u4e2a open \u548c closed \u7684\u7aef\u53e3\uff0c\u5411\u5176\u53d1\u9001\u7ecf\u8fc7\u7cbe\u5fc3\u8bbe\u8ba1\u7684 TCP\/UDP\/ICMP \u6570\u636e\u5305\uff0c\u6839\u636e\u8fd4\u56de\u7684\u6570\u636e\u5305\u751f\u6210\u4e00\u4efd\u7cfb\u7edf\u6307\u7eb9\u3002\u5c06\u63a2\u6d4b\u751f\u6210\u7684\u6307\u7eb9\u4e0e nmap-os-db \u4e2d\u6307\u7eb9\u8fdb\u884c\u5bf9\u6bd4\uff0c\u67e5\u627e\u5339\u914d\u7684\u7cfb\u7edf\u3002\u5982\u679c\u65e0\u6cd5\u5339\u914d\uff0c\u4ee5\u6982\u7387\u5f62\u5f0f\u5217\u4e3e\u51fa\u53ef\u80fd\u7684\u7cfb\u7edf\u3002<\/p>\n\n\n\n

-O: \u6307\u5b9a Nmap \u8fdb\u884c OS \u4fa6\u6d4b\u3002 \n –osscan-limit: \u9650\u5236 Nmap \u53ea\u5bf9\u786e\u5b9a\u7684\u4e3b\u673a\u7684\u8fdb\u884c OS \u63a2\u6d4b\uff08\u81f3\u5c11\u9700\u786e\u77e5\u8be5\u4e3b\u673a\u5206\u522b\u6709\u4e00\u4e2a open \u548c closed \u7684\u7aef\u53e3\uff09\u3002 \n –osscan-guess: \u5927\u80c6\u731c\u6d4b\u5bf9\u65b9\u7684\u4e3b\u673a\u7684\u7cfb\u7edf\u7c7b\u578b\u3002\u7531\u6b64\u51c6\u786e\u6027\u4f1a\u4e0b\u964d\u4e0d\u5c11\uff0c\u4f46\u4f1a\u5c3d\u53ef\u80fd\u591a\u4e3a\u7528\u6237\u63d0\u4f9b\u6f5c\u5728\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002 <\/p><\/blockquote>\n\n\n\n

\u547d\u4ee4\u5982\u4e0b\uff1a <\/p>\n\n\n\n

nmap \u2013O 192.168.80.166<\/p><\/blockquote>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

-vv \u8be6\u7ec6\u663e\u793a\u626b\u63cf\u72b6\u6001<\/p>\n\n\n\n

nmap -p21,80,445,3306 -vv 192.168.80.166<\/p><\/blockquote>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

–script \u4f7f\u7528 nse \u811a\u672c\uff0c\u4e5f\u53ef\u81ea\u884c\u7f16\u5199 nse \u811a\u672c\uff0cnmap \u6709 580 \u591a\u4e2a\u811a\u672c<\/p>\n\n\n\n

nmap –script=auth 192.168.80.166<\/p><\/blockquote>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

–script=brute \u5bf9\u5f31\u53e3\u4ee4\u8fdb\u884c\u66b4\u529b\u7834\u89e3<\/p>\n\n\n\n

nmap –script=brute 192.168.80.166<\/p><\/blockquote>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

–script=default \u4f7f\u7528\u9ed8\u8ba4 nse \u811a\u672c\u641c\u96c6\u5e94\u7528\u7684\u4fe1\u606f<\/p>\n\n\n\n

nmap –script=default 192.168.80.166<\/p><\/blockquote>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

–script=vuln \u68c0\u6d4b\u5e38\u89c1\u6f0f\u6d1e<\/p>\n\n\n\n

nmap –script=vuln 192.168.80.166<\/p><\/blockquote>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

\u4f18\u52bf\uff1a<\/strong><\/p>\n\n\n\n

1\u3001\u529f\u80fd\u7075\u6d3b\u5f3a\u5927\uff0c\u652f\u6301\u591a\u79cd\u76ee\u6807\uff0c\u5927\u91cf\u8ba1\u7b97\u673a\u7684\u540c\u65f6\u626b\u63cf\uff1b<\/p>\n\n\n\n

2\u3001\u5f00\u6e90\uff0c\u76f8\u5173\u5e2e\u52a9\u6587\u6863\u5341\u5206\u8be6\u7ec6\uff1b<\/p>\n\n\n\n

3\u3001\u6d41\u884c\uff0c\u7531\u4e8e\u5176\u5177\u6709\u5f3a\u5927\u7684\u626b\u63cf\u673a\u63a2\u6d4b\u529f\u80fd\uff0c\uff0c\u5df2\u88ab\u6210\u5343\u4e0a\u4e07\u5b89\u5168\u4e13\u5bb6\u4f7f\u7528\u3002<\/p>\n\n\n\n

\u52a3\u52bf\uff1a<\/strong> <\/p>\n\n\n\n

Nmap \u53c2\u6570\u4f17\u591a\uff0c\u96be\u4ee5\u4e00\u4e00\u8bb0\u5fc6\uff1b<\/p>\n\n\n\n

10\u3001DirBuster<\/strong><\/h3>\n\n\n\n

DirBuster \u662f\u4e00\u6b3e\u8def\u5f84\u53ca\u7f51\u9875\u66b4\u529b\u7834\u89e3\u7684\u5de5\u5177,\u53ef\u4ee5\u7834\u89e3\u51fa\u4e00\u76f4\u6ca1\u6709\u8bbf\u95ee\u8fc7\u6216\u8005\u7ba1\u7406\u5458\u540e\u53f0\u7684\u754c\u9762\u8def\u5f84\u3002<\/p>\n\n\n\n

\u5b89\u88c5\u65b9\u5f0f\uff1a<\/strong><\/p>\n\n\n\n

Java \u8fd0\u884c\u73af\u5883 + DirBuster \u7a0b\u5e8f\u5305<\/p><\/blockquote>\n\n\n\n

\u4f7f\u7528\u65b9\u5f0f\uff1a<\/strong> <\/p>\n\n\n\n

1\u3001\u76f4\u63a5\u53cc\u51fb DirBuster.jar \u6253\u5f00\u8f6f\u4ef6\uff0c\u5728 URL \u4e2d\u8f93\u5165\u76ee\u6807 URL \u6216\u8005\u4e3b\u673a IP \u5730\u5740<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

2\u3001\u5728 file with list of dirs\/files \u680f\u540e\u70b9\u51fb browse\uff0c\u9009\u62e9\u7834\u89e3\u7684\u5b57\u5178\u5e93\u4e3a directory-list-2.3-small.txt<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

3\u3001\u5c06 File extension \u4e2d\u586b\u5165\u6b63\u786e\u7684\u6587\u4ef6\u540e\u7f00\uff0c\u9ed8\u8ba4\u4e3a php \uff0c\u5982\u679c\u4e3a jsp\u3001asp\u3001aspx \u9875\u9762\uff0c\u9700\u8981\u586b\u5165 jsp\u3001asp\u3001aspx \u540c\u6837\u53ef\u4ee5\u9009\u62e9\u81ea\u5df1\u8bbe\u7f6e\u5b57\u5178\uff0c\u7ebf\u7a0b\u7b49\u7b49<\/p>\n\n\n\n

4\u3001\u5176\u4ed6\u9009\u9879\u4e0d\u53d8\uff0c\u70b9\u51fb\u53f3\u4e0b\u89d2\u7684 start\uff0c\u542f\u52a8\u76ee\u5f55\u67e5\u627e<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

5\u3001\u89c2\u5bdf\u8fd4\u56de\u7ed3\u679c\uff0c\u53ef\u70b9\u51fb\u53f3\u4e0b\u89d2\u7684 report\uff0c\u751f\u6210\u76ee\u5f55\u62a5\u544a<\/p>\n\n\n\n

\u4f18\u70b9\uff1a<\/strong><\/p>\n\n\n\n

1\u3001\u654f\u611f\u76ee\u5f55\u53d1\u6398\u80fd\u529b\u5f3a<\/p>\n\n\n\n

2\u3001OWASP\u5b89\u5168\u673a\u6784\u6781\u529b\u63a8\u8350<\/p>\n\n\n\n

\u7f3a\u70b9\uff1a<\/strong> <\/p>\n\n\n\n

\u63a2\u6d4b\u76ee\u5f55\u4f9d\u8d56\u5b57\u5178\u6587\u4ef6\uff08\u53ef\u4ee5\u8bf4\u5de5\u5177\u53ea\u662f\u8f85\u52a9\uff0c\u5728\u4e0d\u540c\u7684\u4eba\u624b\u91cc\uff0c\u5de5\u5177\u6709\u4e0d\u540c\u7684\u529f\u6548\uff0c\u4e3a\u4ec0\u4e48\u5462\uff1f\u56e0\u4e3a\u6838\u5fc3\u662f\u5b57\u5178\uff0c\u725b\u903c\u7684\u4eba\u7ecf\u8fc7\u5e38\u5e74\u7684\u6e17\u900f\u6d4b\u8bd5\u6536\u96c6\u5230\u7684\u5b57\u5178\u8db3\u591f\u7cbe\u51c6\u8db3\u591f\u5168\u9762\uff0c\u6240\u4ee5\u65b0\u624b\u53ef\u4ee5\u5148\u5b66\u4e60\u5de5\u5177\uff0c\u60f3\u8981\u6210\u957f\u8fd8\u662f\u8981\u641e\u6e05\u695a\u539f\u7406\u3002\uff09<\/p>\n","protected":false},"excerpt":{"rendered":"

1\u3001whois \u67e5\u8be2\u7f51\u7ad9\u53ca\u670d\u52a1\u5668\u4fe1\u606f \u5982\u679c\u77e5\u9053\u76ee\u6807\u7684\u57df\u540d\uff0c\u4f60\u9996\u5148\u8981\u505a\u7684\u5c31\u662f\u901a\u8fc7 Whois \u6570\u636e\u5e93\u67e5\u8be2\u57df\u540d\u7684\u6ce8 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,7],"tags":[183,204,414,505],"class_list":["post-1592","post","type-post","status-publish","format-standard","hentry","category-sec","category-tech","tag-linux-2","tag-nmap","tag-414","tag-505"],"_links":{"self":[{"href":"https:\/\/www.wxcn.com\/index.php?rest_route=\/wp\/v2\/posts\/1592","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wxcn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wxcn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wxcn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wxcn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1592"}],"version-history":[{"count":0,"href":"https:\/\/www.wxcn.com\/index.php?rest_route=\/wp\/v2\/posts\/1592\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wxcn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wxcn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wxcn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}