第四部分
SMB工具
1.Samrdump
The Samrdump is an application that retrieves sensitive information about the specified target using Security Account Manager(SAM),a remote interface which is accessible under the Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) service.It lists out all the system shares,user accounts,and other useful information about target presence in the local network.(Samrdump用于访问(DCE/RPF)服务,能够列出所有的系统服务,用户帐号和其他有用的信息。)
root@bt:~# cd /pentest/python/impacket-examples/
root@bt:/pentest/python/impacket-examples# ./samrdump.py administrator:smoke520@10.1.1.1 445/SMB
Retrieving endpoint list from 10.1.1.1
Trying protocol 445/SMB...
Found domain(s):
. SMOKE
. Builtin
Looking up users in domain SMOKE
Found user: Administrator, uid = 500
Found user: Guest, uid = 501
Found user: IUSR_SMOKE, uid = 1013
Found user: IWAM_SMOKE, uid = 1014
Found user: SUPPORT_388945a0, uid = 1001
Administrator (500)/Enabled: true
Administrator (500)/Last Logon: Sat, 11 Apr 2015 09:08:55
Administrator (500)/Last Logoff:
Traceback (most recent call last):
File "./samrdump.py", line 182, in <module>
dumper.dump(address)
File "./samrdump.py", line 82, in dump
print base + '/Last Logoff:', user.get_logoff_time()
File "/usr/lib/pymodules/python2.6/impacket/dcerpc/samr.py", line 130, in get_logoff_time
return display_time(self._logoff_time_high, self._logoff_time_low)
File "/usr/lib/pymodules/python2.6/impacket/dcerpc/samr.py", line 33, in display_time
r = (strftime("%a, %d %b %Y %H:%M:%S",gmtime(d)), minutes_utc/60)[0]
ValueError: timestamp out of range for platform time_t
第五部分
综合漏洞发现工具Nessus
Nessus(1)
非常知名并且功能强大的综合漏洞发现工具,有免费与收费两种版本,本次介绍的主要的免费版本。
开启服务
登录页面:
root@bt:~# /etc/init.d/nessusd start
Starting Nessus : .
https://localhost:8834/
