bt渗透常用命令（The penetration of BT commands）.docVIP

bt渗透常用命令（The penetration of BT commands） Whois domain name /ip to see the details of the domain name. Ping domain name /ip tests whether this machine is connected to the remote host or not. Dig domain name /ip to see detailed information about domain name resolution. Host -l domain name DNS server transfer zone. scanning Nmap: -sS half open scan, TCP and SYN scan. -sT full TCP connection scan. -sU UDP scan -PS syn packet probe (firewall probe) -PA ACK packet probe (firewall probe) -PN no, ping. -n not DNS parsing. -A, -O, and -sV. -O operating system identification. -sV service version information (banner) -p port scan. -T sets the time level (0-5) -iL import scan results. -oG output scan results. OS identification: P0f -i eth0 -U -p open promiscuous mode. Xprobe2 ip| domain name detection os. Banner access: NC IP port detects whether the port is open. Telnet IP port detects whether the port is open. WGet IP download home page. Cat index.html | more display page code. Q exits. Windows enumeration Nmap -sS -p 139445 IP scan windows. CD /pentest/enumeration/smb-enum Nbtscan, -f, targetIP detect netbios. Smbgetserverinfo, -i, targetIP scan, name, OS, group. Smbdumpusers -i targetIP lists users. Smbclient -L //targetIP lists shared. Using windows: Net use \\ip\ipc$ /u: opens the empty session. Net view \\ip displays shared information. Smbclient: Smbclient, -L, hostName, -I, targetIP, enumeration, sharing. Smbclient -L hostName/share -U connects with empty users. Smbclient, -L, hostName, -I, targetIP, -U, admin, common user connections. Rpcclient: Rpcclient targetIP -U opens an empty session. NetShareEnum enumeration sharing. Enumdomusers enumerates users. Lsaenumsid enumeration domain SID. Queryuser RID query user information. Createdomuser creates user access. ARP spoofing: Ettercap: Nano /usr/local/etc/etter.conf configuration file Sniff Unified sniffing Network interface: eth0 OK capture card set Hosts Scan for hosts (do this two times) scan network segment h