kali

1 minute read

一、安装kali

sudo su
passwd root

sudo apt-get install net-tools
sudo ifconfig -a

vi /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.3.90
gateway 192.168.3.1
netmask 255.255.255.0

/etc/init.d/networking restart

mount /dev/sr0 /media/

vi /etc/apt/sources.list

#阿里云
deb http://mirrors.aliyun.com/kali kali-rolling main non-free contrib
deb-src http://mirrors.aliyun.com/kali kali-rolling main non-free contrib
 
#清华大学
deb http://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free
deb-src https://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free

#东软大学
deb http://mirrors.neusoft.edu.cn/kali kali-rolling/main non-free contrib
deb-src http://mirrors.neusoft.edu.cn/kali kali-rolling/main non-free contrib
 
#官方源
deb http://http.kali.org/kali kali-rolling main non-free contrib
deb-src http://http.kali.org/kali kali-rolling main non-free contrib

apt-get update
apt-get install vega

二、配置ssh

安装
apt list openssh-server
apt install openssh-server
备份原始密钥
mkdir /etc/ssh/default_keys
mv /etc/ssh/ssh_host_* /etc/ssh/default_keys/
重写生成密钥
dpkg-reconfigure openssh-server

vi /etc/ssh/sshd_config.d/baiy.conf
Port 2222
PasswordAuthentication yes
PermitRootLogin yes

netstat -tlnp 

systemctl start ssh.service
systemctl stop ssh.service
systemctl enable ssh.service
systemctl status ssh.service

ssh连接时,要注意工具的版本,支持最新aes128-ctr等加密算法。

三、信息收集

1.robots.txt

2.whois

whois xxxx.com

3.DNS

dnsenum shimenrock.com

AXFR 区域文件传输漏洞

fierce 对子域名进行扫描收集。

fierce -dns xxxx.com 获取其他域名 –wordlist 指定字典 fierce -dns ns9.baidu.com –wordlist host.txt /tmp/12.txt

dig xxxxx.com dig -t ns xxxxx.com 找解析域名的授权dns dig axfr @ ns1.dns.net xxxx.com

4.敏感目录

dirb http://xxxxx.com dirb http://xxxxx.com /usr/wordlist.txt

图形界面 dirbuster

FOCA网站元素搜索工具(xml),需要访问谷歌

5.端口探测

nmap

6.整站识别

whatweb 识别网站cms平台环境 whatweb -v https://xxxx.com

7.waf探测

wafw00f 识别硬件waf 不准确

语句识别 id=1 and 1=1

8.工具网站&Google

shodan.io 搜索网站接口

搜索shodan使用说明 搜索比如网络摄像头设备,华为设备接口

9.综合扫描

DMitry (Deepmagic information Gathening Tool)

  • 端口扫描
  • whois
  • 从Netcraft.com获取主机信息
  • 子域名
  • 域名中包含的邮件地址

dmitry -wnpb xxxx.com dmitry -winse xxxx.com dmitry -p cracer.com -f -b 主机开放端口



You may also enjoy

how to install wekan on Centos 7

4 minute read

官网:https://wekan.github.io/ GITHUB:https://github.com/wekan/wekan 1.root 登陆 基础配置 # hostnamectl set-hostname wekan225 # yum install net-tools -y # vi /etc/...