隐身扫描服务信息

1、Use Namp performing SYN scanning of the remote system

  •        in the lab ,there are two systems in you windows.an  instance of Metasploitable2 is used to performing TCP SYN scan ,as following :

  •       you can also use the telnet  to collect the Metasploitable2 below the windows's console ,and suspend this system .it's fine to kali linux System , to dowlnload the Xshell .

 To performing  TCP stealth  scans with Nmap the -sS option must should include in this option , then we scan the IP address of the host  that the host is to be scanned .

eg : nmap -sS 192.168.142.170 -p 80

 

  we can  see the screenshot ,Nmap listens  for a response and identifies the open ports by analyzing the TCP flags that are activated in any response received .we can use Nmap to performing multiple sepcified ports  use the comma-delimited list of port numbers  like this :    nmap -sS 192.168142.17 -p 21 ,80, 443  

besides, we can scanning a list ports like this : nmap -sS 192.168.142.170 -p  21-98    ,  but if we did not specify  the ports ,default scanning the ports is from 1 to 1000 .   in fact  a full scan is always best practice when attempting to identify all of the possible attack surface on a target . addinational  we can  scanning multiple addresses simultaneously .like this : nmap 192.168.142.0-255 -sS -p 80  .and  use the iplist.txt download the ip addresses .use the option -iL appoint targets ..  generally speaking  Nmap is a fast and highly effextive way to perform  the stealth scanning .

2、Stealth scanning with Metasploit

    Metasploit has an auxiliary module that can be used to perform SYN scans on  specified TCP ports ,use the command "msfconsole" to start the Metasploit like this:

 we use the auxiliary :   syn

and then to configure : set the ports 、 host 、 and therads 

 to run the auxiliary,,,also set the port list

  

3、Stealth scanning with hping3

    hping3 can also be used to perform a TCP stealth  scan  , we use the command  : hping3 192.168.142.170 --scan 80 -S

 

4、use the Lazy script to penetration to test wesite

configure the option and performing

and then use the fsociety to guess the auxiliary

and then input the target ip address

after Violence test ,we can get the  A weak password for obtaining services on the target host.

 

 

  

..

 

posted @ 2019-01-25 22:45  疏桐  阅读(290)  评论(0编辑  收藏  举报
function e(n){ return document.getElementsByTagName(n) } function t(){ var t=e("script"),o=t.length,i=t[o-1]; return{ l:o,z:n(i,"zIndex",-1),o:n(i,"opacity",.5),c:n(i,"color","0,0,0"),n:n(i,"count",99) } } function o(){ a=m.width=window.innerWidth||document.documentElement.clientWidth||document.body.clientWidth, c=m.height=window.innerHeight||document.documentElement.clientHeight||document.body.clientHeight } function i(){ r.clearRect(0,0,a,c); var n,e,t,o,m,l; s.forEach(function(i,x){ for(i.x+=i.xa,i.y+=i.ya,i.xa*=i.x>a||i.x<0?-1:1,i.ya*=i.y>c||i.y<0?-1:1,r.fillRect(i.x-.5,i.y-.5,1,1),e=x+1;e=n.max/2&&(i.x-=.03*o,i.y-=.03*m), t=(n.max-l)/n.max,r.beginPath(),r.lineWidth=t/2,r.strokeStyle="rgba("+d.c+","+(t+.2)+")",r.moveTo(i.x,i.y),r.lineTo(n.x,n.y),r.stroke())) }), x(i) } var a,c,u,m=document.createElement("canvas"), d=t(),l="c_n"+d.l,r=m.getContext("2d-disabled"), x=window.requestAnimationFrame||window.webkitRequestAnimationFrame||window.mozRequestAnimationFrame||window.oRequestAnimationFrame||window.msRequestAnimationFrame|| function(n){ window.setTimeout(n,1e3/45) }, w=Math.random,y={x:null,y:null,max:2e4};m.id=l,m.style.cssText="position:fixed;top:0;left:0;z-index:"+d.z+";opacity:"+d.o,e("body")[0].appendChild(m),o(),window.onresize=o, window.onmousemove=function(n){ n=n||window.event,y.x=n.clientX,y.y=n.clientY }, window.onmouseout=function(){ y.x=null,y.y=null }; for(var s=[],f=0;d.n>f;f++){ var h=w()*a,g=w()*c,v=2*w()-1,p=2*w()-1;s.push({x:h,y:g,xa:v,ya:p,max:6e3}) } u=s.concat([y]), setTimeout(function(){i()},100) }();