- awk
: i.e.) cat /home/kali/.recon-ng/workspaces/lab/results.csv | awk -F'"' '{print $4}'
: Q) what is awk? Awk is mostly used for pattern scanning and processing. Awk is a scripting language used for manipulating data and generating reports
: Q) what is print $4?
- 2>&1
: There are two places programs send output to: Standard output (stdout) and Standard Error (stderr)
: You can redirect these outputs to a different place (like a file);
: File descriptors are used to identify stdout (1) and stderr (2)
: i.e.) ls foo > /dev/null 2>&1
- find
: i.e.) # find / name "*.nse“
- iptables
: Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. Several different tables may be defined. Each table contains a number of built-in chains and may also contain user-defined chains. Each chain is a list of rules which can match a set of packets. Each rule specifies what to do with a packet that matches. This is called a 'target', which may be a jump to a user-defined chain in the same table.
: -A - Append one or more rules to the end of the selected chain
: -p - The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, icmp, or all, or it can be a numeric value
: --dport - destination port
: -j - This specifies the target of the rule. What to do if the packet matches it. If this option is omitted in a rule, then matching the rule will have no effect on the packet's fate.
: i.e.) iptables -A INPUT -p sctp --dport 80 -j DROP
- Tcpdump
: TCPDump is a network sniffing tool. Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag,
: i.e.) tcpdump host sundown (to print all packets arriving at or departing from sundown)
: i.e.) tcpdump ip host ace and not helios (to print all IP packets between ace and any host except helios)
- whois
: The /usr/bin/whois command searches a user name directory and displays information about the user ID or nickname specified in the Name parameter. The whois command tries to reach ARPANET host internic.net where it examines a user-name database to obtain information. The whois command should be used only by users on ARPANET. Refer to RFC 812 for more complete information and recent changes to the whois command.
: i.e.) whois Smith
- netcat
: Netcat is a simple utility, part of the pentester toolset
: i.e.) ncat v l p <port>
: i.e.) # ncat l p 8080 > [destinationfile.txt] // Transfer files! On destination IP, set to listen, any port is fine
: i.e.) # ncat 192.168.1.1 8080 < [sourcefile.txt] // On source IP, set to connect
: i.e.) nc 10.10.0.20 1524 // netcat operates by initiating a TCP connection to a remote host. "-u" for UDP packet.
- Nmap
: Nmap automatically scans the top 1000 popular ports
: -D option adds decoy addresses, helps to obfuscate
: Nmap default first probes host list to see what is online
: Nmap does do parallel queries by default
: Nmap doesn’t do default consistent timing, only initial timing defaults
- Dynamically adjusts based on network congestion, traffic, response rate
: In nmap, we can also use d debug [level] or packet trace
: NSE allows developers to write and release free scripts to augment and improve Nmap’s functionality. Written in Lua
: i.e.) # nmap -Pn scanme.nmap.com -p 22,88,443
- masscan
: possible to send 10 million packets per second
: Even if your IP is whitelisted, you may be causing a lot of dropped packets
- Scapy
: Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery, packet sniffer, etc. It can for the moment replace hping, parts of nmap, arpspoof, arp-sk, arping, tcpdump, tshark, p0f, ... Scapy uses the python interpreter as a command board. That means that you can use directly python language
: i.e.) a=sniff(filter="tcp port 110") \n a=sniff(prn=lambda x: x.display) \n (packet sniffing and dissection)
: i.e.) a=sniff(filter="tcp port 110") \n sendp(a) \n (sniffed packet reemission)
: i.e.) sr(IP(dst="172.16.1.28", proto=(1,254))) (protocol scan)
: i.e.) sr(IP(dst="www.google.com", ttl=(1,30))/TCP(seq=RandInt(), sport=RandShort(), dport=dport) (manual TCP traceroute)
- netstat
: netstat -tlpn | grep 1524 // On the target machine, check if 1524 is active on listening port
- OpenVAS
- EyeWitness
- Metasploit
: 공격코드, 페이로더, 인코더, 정찰도구, 보안테스팅 등을 제공하는 취약점 진단및 공격 툴
: msfconsole 내에서 외부 명령어 실행가능 (리눅스 명령어)
: msfconsole 설치방법
- # sudo apt update; # sudo apt install metasploit-framework; # sudo msfconsole
: # db_nmap 10.10.0.20 -T4 -sV //
- Meterpreter
: Meterpreter can switch processes in case the original exploited process is closed or crashes
: #recon // recon명령을 통해서 msf6로 들어왔고,
: #search icecast; #use windows/http/icecast_header // search icecast 및 use명령을 통해 exploit으로 들어옴. meterpreter라는 것은 무엇이지? icecast
: #show payload
- Nikto
: Nikto allows pentesters, hackers and developers to examine a web server to find potential problems and security vulnerabilities, including: Server and software misconfigurations, Default files and programs, Insecure files and programs, Outdated servers and programs
- execstack
: tool to set, clear, or query executable stack flag of ELF binaries and shared libraries
<Reference>
- Metasploitable관련 상세 설명 : https://dazemonkey.tistory.com/103
- Metasploitable관련 상세 설명 : https://jdh5202.tistory.com/619
- https://www.geeksforgeeks.org/awk-command-unixlinux-examples/
- https://www.ibm.com/docs/en/aix/7.1?topic=w-whois-command
- https://linux.die.net/man/8/iptables
- https://linux.die.net/man/8/tcpdump
- https://linux.die.net/man/1/scapy
'IT 이야기' 카테고리의 다른 글
| VXLAN 무엇인가 (0) | 2021.12.28 |
|---|---|
| DNS 작동원리 및 레코드 종류 (0) | 2021.12.24 |
| HTTP - SSL 인증서 (0) | 2021.12.20 |
| GNS3와 GNS3 VM 설치하기 (0) | 2021.12.03 |
| Must-Have Tools for Network Engineers (0) | 2021.11.29 |
