内网&外网渗透思路2014
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
1、先重点对以下的服务端口进行扫描:
21,1433,3128,3306,1521,80,81,443,8080,7001,8000,23,22,53,445,3389,580 0,5900,4899,5631,2100,2121,7778,4443,5560
7,9,13,19,21,22,23,25,53,79,80,81,110,111,119,135,139,143,443,445,465 ,512,513514,554,563,585,636,808,990,995,1025,1027,1080,1352,1433,1521 ,1525,1900,1935,2049,2121,2401,3306,3128,3389,4899,5000,5556(Oracle Weblogic 10.3.2 Node
Manager)5631,5800,5900,5901,6000-6009,7001,8000,8080-8090,8181,65301, 8455,8888,8989,2121,50000,7778,4443,5560,3128,9060,9443,9080,9090,800 9,5432(postgresql)
//整理的常见单个端口列表:
21,22,23,25,53,79,80,81,82,83,84,85,110,111,119,135,139,143,443,445,4 65,512,513,514,554,563,585,636,808,873,990,995,1025,1027,1080,1352,14 33,1521,1525,1900,1935,2049,2100,2121,2401,3128,3306,3389,4443,4899,5 000,5432,5556,5560,5631,5800,5900,5901,6000,6009,7001,7778,8000,8009, 8080,8081,8082,8083,8084,8085,8090,8091,8092,8181,8455,8888,8989,9060 ,9080,9090,9443,28017,50000,65301
1.1 F:\pt007\f\security\端口扫描类软件专题:
scan TCP 10.72.63.130
21,22,23,25,53,79,80,81,82,83,84,85,110,111,119,135,139,143,443,445,4 65,512,513,514,554,563,585,636,808,873,990,995,1025,1027,1080,1352,14 33,1521,1525,1900,1935,2049,2100,2121,2401,3128,3306,3389,4443,4899,5 000,5432,5556,5560,5631,5800,5900,5901,6000,6009,7001,7778,8000,8009, 8080,8081,8082,8083,8084,8085,8090,8091,8092,8181,8455,8888,8989,9060 ,9080,9090,9443,28017,50000,65301 100 /save
1.2 for wvs扫描用端口:
21,873,1433,3128,3306,1521,80,81,443,8080,7001,8000,23,22,53,445,3389 ,5800,5900,4899,5631,2100,2121,7778,4443,5560,22,23,25,53,79,110,111, 119,135,139,143,465,512,513514,554,563,585,636,808,990,995,1025,1027, 1080,1352,1433,1521,1525,1900,1935,2049,2121,2401,3306,3128,3389,4899 ,5000,5556,5631,5800,5900,5901,6000,6001,6002,6003,6009,7001,8000,808 0,8081,8082,8083,8084,8085,8090,8181,65301,8455,8888,8989,2121,50000, 7778,4443,5560,3128,9060,9443,9080,9090,8009
1.3 LINUX下扫描指定IP段和端口的python小程序
F:\temp\2006年下载\Python相关\源码收集\Python端口扫描可指定IP段
1.4 其它端口扫描软件整理:
Iisputscanner //扫描指定端口,F:\pt007\f\2000hole\IIS写权限利用相关工具\iisputscanner
F:\pt007\f\2000hole\桂林老兵工具\桂林老兵的+新WEBTOOL+V4.2 //扫描整个网段的80-5000端口
superscaner,扫描部分端口
F:\pt007\f\security\IPBook(internal) //内网主机发现软件
2、常用的WEB与系统扫描类软件整理:
2.1 综合类安全扫描软件
nessus5/retina/NeXpose,综合安全扫描,MSF可以利用nessus的扫描结果进行批量溢出
F:\pt007\e\scanner\OpenVAS扫描软件
xscan3.3 //用内网渗透中获得的密码来生成一个字典文件进行测试
流光5.0 //用内网渗透中获得的密码来生成一个字典文件进行测试
F:\pt007\e\scanner\X-way2.5\X-way.exe //端口扫描与密码快速暴破
HScan v1.20,系统安全渗透测试 //用内网渗透中获得的密码来生成一个字典文件进行测试,F:\pt007\e\scanner\H-ScanV1.20网络漏洞扫描工具,不好用,会死机
2.2 WEB类漏洞扫描与利用软件:F:\pt007\e\scanner
WVS9,对WEB类服务进行深度扫描
SQL注入与XSS漏洞扫描 //F:\pt007\f\2000hole\sql注入相关工具\Safe3 SQL注入安全测试v9.0 中英文破解版 _Safe3SI_9.0_Crack_By_Lkou[LCG]
Netsparker 对WEB服务进行扫描
AppScan 对WEB服务进行扫描
JSKY,对WEB服务进行扫描
WebInspect,对WEB服务进行扫描
啊D工具包2.02--D贺专用免杀版中的肉机查找和开telnet服务功能,F:\pt007\f\security\啊D工具包2.02--D贺专用免杀版 //ping,共享扫描,网络主机发现
2.3下面是SQL注入与XSS漏洞利用工具:
f:\pangolin,最好SQL注入测试工具, F:\pangolin\pangolin 3.2.1.1021破解版 //有bug,不支持SQL2008
F:\pt007\f\2000hole\sql注入相关工具\WebCruiser0.60中文版 //完美支持sql2008,可以扫描网站的SQL注入漏洞
F:\pt007\f\2000hole\sql注入相关工具\NBSI注入工具集
F:\pt007\f\2000hole\sql注入相关工具\Havij注入工具收集
F:\pt007\f\2000hole\php注入相关工具\sqlmap软件收集
F:\pt007\f\2000hole\sql注入相关工具\JCZ3 //有BUG,记录只能取一条 F:\pt007\f\2000hole\php注入相关工具
F:\pt007\f\2000hole\php注入相关工具\SQL Helper注入软件收集与整理//MYSQL注入支持的较好
Arachni head注入扫描 //F:\无线破解专题\bt5安装文件\Arachni漏洞扫