Các lệnh cơ bản dùng trong BackTrack
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (92.51 KB, 23 trang )
Các lệnh cơ bản dùng trong BackTrack
Networking
dhcpcd
Renew dynamic IP address:
dhcpcd -k
ifconfig eth0 up
dhcpcd
Static IP address:
ifconfig eth0 192.168.0.100/24
route add default gw 192.168.0.1
echo nameserver 192.168.0.1 > /etc/resolv.conf
Services
Apache server:
apachectl start
apachectl stop
SSH server:
sshd-generate
/usr/sbin/sshd
pkill sshd
ssh user@targetIP
TFTP server:
atftpd --daemon --port 69 /tmp/
pkill tftpd
VNC server:
vncserver
pkill Xvnc
Basics
Mount a local hard drive:
mount /dev/hda1 /mnt/hda1
ls -l /mnt/hda1
Mount a Windows network share:
share <user> <targetIP> <remote share>
share admin 10.1.1.2 c$
Enter a password for the remote share.
ls -l /mnt/share/
umount /mnt/share
Edit a file:
nano test.sh
<ctrl> x
y
<enter>
chmod 755 test.sh
./test.sh
Compile a program:
gcc -o newname exploit.c
gcc -o dcom 66.c
./dcom
Install a new program:
tar zxvf program.tar.gz
cd to the new program folder
./configure
make
su root
make install
Footprinting
Whois:
whois target.com
ping www.target.com
whois targetIP
DNS:
dig target.com any
A
PTR
NS
SOA
SRV
MX
host -l target.com <name server>
1.
Bullet CentralOps
2.
Bullet DNSstuff
3.
Bullet ServerSniff
4.
Bullet Netcraft
Exploits
cd /pentest/exploits/milw0rm
cat sploitlist.txt | grep -i [exploit]
Some exploits may be written for compilation under Windows, while others for Linux.
You can identify the environment by inspecting the headers.
cat exploit | grep "#include"
Windows: process.h, string.h, winbase.h, windows.h, winsock2.h
Linux: arpa/inet.h, fcntl.h, netdb.h, netinet/in.h, sys/sockt.h, sys/types.h, unistd.h
Grep out Windows headers, to leave only Linux based exploits:
cat sploitlist.txt | grep -i exploit | cut -d " " -f1 | xargs grep sys | cut -d ":" -f1 | sort -u
Scanning
scanrand -b10M targetIP:quick
nmap:
-sS
-sT
-sU
-PS
-PA
-PN
-n
-A
-O
-sV
-p
-T
-iL
-oG
nmap -sS -PN -n targetIP
nmap -sU -PN -n targetIP
nmap -sT -PN -n targetIP -A -p open ports -T5 -oG scan.txt
nmap -sS -p 135,139,445 targetIP
nmap -sS -p T:1433,U:1434 targetIP
amap:
Take the results from nmap and check for services on uncommon ports.
amap -i scan.txt
1.
OS Fingerprinting
p0f -i eth0 -U -p
point a browser to the targetIP
xprobe2 targetIP
1.
Bullet Banner Grabbing
nc targetIP port
nc 10.1.1.2 80
telnet targetIP port
HEAD /HTTP/1.0
<enter 2x>
wget targetIP
cat index.html | more
q
Exploits
cd /pentest/exploits/milw0rm
cat sploitlist.txt | grep -i [exploit]
Some exploits may be written for compilation under Windows, while others for Linux.
You can identify the environment by inspecting the headers.
cat exploit | grep "#include"
Windows: process.h, string.h, winbase.h, windows.h, winsock2.h
Linux: arpa/inet.h, fcntl.h, netdb.h, netinet/in.h, sys/sockt.h, sys/types.h, unistd.h
Grep out Windows headers, to leave only Linux based exploits:
cat sploitlist.txt | grep -i exploit | cut -d " " -f1 | xargs grep sys | cut -d ":" -f1 | sort -u
1.
Windows Enumeration
nmap -sS -p 139,445 targetIP
cd /pentest/enumeration/smb-enum
nbtscan -f targetIP
smbgetserverinfo -i targetIP
smbdumpusers -i targetIP
smbclient -L //targetIP
Bullet Using Windows
net use \\targetIP\ipc$ "" /u:""
net view \\targetIP
smbclient:
smbclient -L hostName -I targetIP
smbclient -L hostName/share -U ""
smbclient -L hostName -I targetIP -U admin
rpcclient:
rpcclient targetIP -U “”
netshareenum
enumdomusers
lsaenumsid
queryuser RID
createdomuser
ARP Spoofing
ettercap:
nano /usr/local/etc/etter.conf
Under the Linux section, uncomment both lines under iptables.
Sniff > Unified sniffing > Network interface: eth0 > OK
Hosts > Scan for hosts (do this two times)
Hosts > Hosts list
Select the default gateway > Add to Target 1
Select the target > Add to Target 2
Mitm > Arp poisoning > Sniff remote connections > OK
Start > Start sniffing
dsniff -i eth0
urlsnarf -i eth0
msgsnarf -i eth0
driftnet -i eth0
dns spoofing:
nano /usr/local/share/ettercap/etter.dns
Edit the Microsoft lines (target URL) to redirect to the attacker.
Plugins > Manage the plugins > dns_spoof
Mitm > Arp poisoning > Sniff remote connections > OK
Start > Start sniffing
Exploits
cd /pentest/exploits/milw0rm
cat sploitlist.txt | grep -i [exploit]
Some exploits may be written for compilation under Windows, while others for Linux.
You can identify the environment by inspecting the headers.
cat exploit | grep "#include"
Windows: process.h, string.h, winbase.h, windows.h, winsock2.h
