Remote attack classic analysis

zhaozj2021-02-16  95

There is a name that meets your own name on the target Internet, just like everyone has a proper name, called the domain name; however, a person may have several names, the domain name is also the same The situation, can truly identify the host on the Internet, the domain name is just the name of the host specified by IP. Of course, you can use the domain name and IP address to find the host smoothly (unless your network is not performed).

To attack who first want to determine the target, you must know the domain name or IP address of this host, for example: www.yahoo.com, 1.1.1.1, etc. I know that the location of the target to attack the target is still very enough, but also understand the system type, operating system, providing services, etc., in order to do "know each other and know each other, hundred battles,", how to obtain relevant information, let's take a detailed introduction, If the network domain name and IP address are unclear, turn over the book! And now practice the ping command! I believe it will be used in actual combat! What is the use? How do you continue when the Ping target host returns too long or you go to the target host! (Goal is not within your range)

Second, the service analysis of the hosts on the internet offer network information services such as WWW, Mail, FTP, BBS. Basically, each host provides several services, why can a host offer so many services? UNIX system is a multi-user multitasking system that divides a number of different ports, each with a different service, and a service will have a program time monitoring port activity, and gives a response. And the definition of the port has become a standard, for example: The port of the FTP service is 21, the port of the Telent Service is 23, the port of the WWW service is 80, etc. If you still want to know more: Go to MS-DOS PROMPT C: / windows> Edit Services (Enter) Slowly Read it! However, there is nothing over there, you don't have to remember them!

How do we know what services have the target host? It is very simple to try it with a application for different services. For example, use the Telnet, FTP and other user software to apply for a service to the target host. If the host has a response, the host provides this service, open this port service. But now you only need to know if the service port of the target host is "live", but this is more troublesome and the information is not full. I will often use some tools such as portscan to scan the target host. This can all grasp the port of the target host. Now introduce a good tool, lack of good tools, you can't work well. Haktek is a very practical tool software that integrates many applications, including: ping, IP scan, target host port scan, email bombs, filtration, finger hosts, etc. are very practical tools.

Complete the target host scan task, first tell the Haktek's location, namely domain name, or IP address. Then select a port scan, enter the scan range, start scanning, and the screen will return to the "live" port number and the corresponding service. The collection of information is very rapidly and complete. Why master the target's service information? If the service of several critical ports on the target host is not available, or give up the offense plan, don't waste too much time on this winning target, hurry to choose the next goal. See a scan example: scanning host xx.xx.xx, ports 0 to 1000 port 7 found. Desc = 'echo' port 21 found. Desc = 'ftp' port 23 found. Desc = 'telnet' Port 25 Found. Desc = 'SMTP' Port 53 Found. Desc = 'Domain / Nameserver' Port 79 Found. Desc = 'Finger' Port 80 Found. Desc = 'www' Port 90 Found. Port 111 Found. Desc = 'Portmap / SunRPC' Port 512 DESC = 'Biff / Exec' Port 513 Found. Desc = 'login / WHO' Port 514 Found. Desc = 'shell / syslog' Port 515 Found. Desc = 'printer' DONE! If the main port of the system is "live" Don't be happy too early, because the system may add some restrictions, not allowing any user remote connection or not allowing ROOT remote connections, or after entering the user can only do the specified activity, it is forced to be interrupted. Telnet service is in fact, there will be a lot of complicated situations. Here, only the target host has an open port, and we still don't know what the target host is using, what version of the system is used by the service program, don't worry, please contact the Haktek tool! No, go to download it! Third, the system analysis is now explaining how to understand the system, what is the operating system used by the target host, is actually very simple, first open the Wi N95 RUN window, then enter the command: telnet xx.xx.xx.xx (Target host) and then [ Determine], look at what your screen will appear? Digital UNIX (TTYP1) Login: Don't tell you that you will know what your target host and operating system are! Yes, of course, the DEC machine is used, which is Digital UNIX! Ok, let's take another: unix? System v release 4.0 (xx.xx.xx) Login: What is this?

May be a Sun host, Sun OS or Solaris, what is the specific? I also say it! This method is not useful for all systems, such as the case below, it is not good to determine what system: xxxx os (xx.xx.xx) (TTYP1) Login: Some systems have changed the information, so It is not good to determine the information of its system, but according to some experience, it may be a preliminary judgment, which may be HP UNIX. Also use the tool Haktek described above, using the finger function of the target host can also leak information. Establishing Real-Time UserList ... (only Works if the sysadmin is a moron) --- [finger session] --------------------------- ----------- Welcome to Linux Version 2.0.30 at xx.xx.xx ...

The above sentence is already enough!

How do you know what services are using other ports in the system? For example, 23, 25, 80 and other ports. With the same way, use Telnet and its own application tool, FTP, etc.

Using Telnet is the port number as a command line parameter, for example: Telnet XX.xx.xx 25 will have the following information to you: 220 xx.xx.xx sendmail 5.65V3.2 (1.1.8.2/31jan97- 1019AM) WED, 3 JUN 1998 13:50:47 0900 This is clear from the version of the target host Sendmail.

Of course, it is not used at a number of ports and different systems. Therefore, the corresponding application tool is required to obtain the corresponding information. For example: Connected to xx.xx.xx.220 xx.xx.xx FTP Server (Digital Unix Version 5.60) Ready. User (xx.xx.xx none): Most of the Internet is the WWW host, how to know the target master What kind of web server, introduce a page's query tool, as long as you tell the address of the target host and the web service break, it will tell you about information.

转载请注明原文地址:https://www.9cbs.com/read-13664.html

New Post(0)