弱口令检测John the Ripper
下载John the Ripper 用xfps软件把John the Ripper放到/opt目录下
然后tar解压
[root@localhost opt]# tar zxvf john-1.8.0.tar.gz
解压完查看一下john
[root@localhost opt]# cd john-1.8.0/
[root@localhost john-1.8.0]# ll
total 4
drwxr-xr-x. 2 root root 208 Jul 22 12:00 doc
lrwxrwxrwx. 1 root root 10 May 30 2013 README -> doc/README
drwxr-xr-x. 2 root root 143 Jul 22 12:00 run
drwxr-xr-x. 2 root root 4096 Jul 22 12:00 src
进入src子目录
[root@localhost john-1.8.0]# cd src/
然后make进行编译
[root@localhost src]# make clean linux-x86-64
确认生成了可执行文件john
[root@localhost src]# ls ../run/john
../run/john
然后拷贝要破解的密码存放文件shadow文件到/root下命名为shadow.txt
[root@localhost src]# cp /etc/shadow /root/shadow.txt
进入run
[root@localhost src]# cd ../run
执行破解
[root@localhost src]# cd ../run
[root@localhost run]# ./john /root/shadow.txt
Loaded 2 password hashes with 2 different salts (crypt, generic crypt(3) [?/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
Abc123 (yuheng)
Abc123 (root)
2g 0:00:00:32 100% 2/3 0.06075g/s 291.1p/s 404.9c/s 404.9C/s skeeter..Patrick
Use the "--show" option to display all of the cracked passwords reliably
Session completed
查看刚刚创建的shadow.txt文件
[root@localhost run]# ./john --show /root/shadow.txt
root:Abc123::0:99999:7:::
yuheng:Abc123::0:99999:7:::
2 password hashes cracked, 0 left
网络扫描nmap
挂载光盘到/mnt下
[root@localhost ~]# mount /dev/cdrom /mnt
安装依赖环境
[root@localhost ~]# rpm -ivh /mnt/Packages/nmap-6.40-7.el7.x86_64.rpm
NMAP扫描程序位于/usr/bin/nmap目录下
格式
nmap [扫描类型] [选项] <扫描目标>
-p 指定扫描端口
-n 禁用反向dns解析
-sS tcp,syn扫描(半开扫描)
-sT tcp连接扫描
-sF tcp,fin扫描
-sU udp扫描
-sP icmp扫描
- P0 跳过ping检测
示例
针对本机扫描查看开放了哪些常用tcp端口
[root@localhost ~]# nmap 127.0.0.1 #扫描常用的tcp端口
Starting Nmap 6.40 ( http://nmap.org ) at 2020-07-22 13:48 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000050s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
631/tcp open ipp
[root@localhost ~]# nmap -sU 127.0.0.1
Starting Nmap 6.40 ( http://nmap.org ) at 2020-07-22 13:49 CST #扫描常用udp端口
Stats: 0:00:23 elapsed; 0 hosts completed (1 up), 1 undergoing UDP Scan
UDP Scan Timing: About 54.07% done; ETC: 13:50 (0:00:20 remaining)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000097s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
5353/udp open|filtered zeroconf
检查192.168.1.0 /24网段中有哪些主机提供ftp服务
先把网络改成桥接模式
在进入虚拟网络适配器改成Fammily有线连接
进入ifcfg编辑网络地址
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens33
把IP地址IPADDR改成192.168.1.0段的
网关GATEWAY改为192.168.1.1
wq保存然后刷新网卡
[root@localhost ~]# systemctl restart network
ping一下百度和局域网网关确认已经连上局域网
[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (36.152.44.95) 56(84) bytes of data.
64 bytes from 36.152.44.95 (36.152.44.95): icmp_seq=1 ttl=58 time=4.04 ms
64 bytes from 36.152.44.95 (36.152.44.95): icmp_seq=2 ttl=58 time=4.63 ms
[root@localhost ~]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.863 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=1.51 ms
检索192.168.1.1 /24网段中哪些主机提供21端口(ftp)服务
[root@promote ~]# nmap -p 21 192.168.1.0/24
Starting Nmap 6.40 ( http://nmap.org ) at 2020-07-22 14:19 CST
Nmap scan report for 192.168.1.1
Host is up (0.0011s latency).
PORT STATE SERVICE
21/tcp closed ftp
MAC Address: 74:05:A5:82:F7:A2 (Unknown)
Nmap scan report for promote.cache-dns.local (192.168.1.245)
Host is up (0.0018s latency).
PORT STATE SERVICE
21/tcp closed ftp
MAC Address: 00:E0:4C:87:9F:B0 (Realtek Semiconductor)
检测192.168.1.0/24 网段中有哪些主机存活
[root@promote ~]# nmap -n -sP 192.168.1.0/24
Starting Nmap 6.40 ( http://nmap.org ) at 2020-07-22 14:24 CST
Nmap scan report for 192.168.1.1
Host is up (0.00095s latency).
MAC Address: 74:05:A5:82:F7:A2 (Unknown)
Nmap scan report for 192.168.1.3
检测IP地址位于192.168.1.100-200主机是否开启文件共享
[root@promote ~]# nmap -p 139,445 192.168.1.100-200
Starting Nmap 6.40 ( http://nmap.org ) at 2020-07-22 14:26 CST
Nmap scan report for 192.168.1.100
Host is up (0.0016s latency).
PORT STATE SERVICE
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
MAC Address: 00:E0:4C:87:79:5C (Realtek Semicond