{"id":163,"date":"2012-08-22T23:16:50","date_gmt":"2012-08-22T15:16:50","guid":{"rendered":"http:\/\/www.yeetrack.com\/?p=8"},"modified":"2013-04-20T17:35:33","modified_gmt":"2013-04-20T09:35:33","slug":"backtrack%e5%91%bd%e4%bb%a4%e8%a7%a3%e6%9e%90%ef%bc%88informationgathering%ef%bc%89","status":"publish","type":"post","link":"https:\/\/www.yeetrack.com\/?p=163","title":{"rendered":"Backtrack \u547d\u4ee4\u89e3\u6790\uff08information gathering\uff09"},"content":{"rendered":"<p>1\u3001 Dnstracer\uff1ainformation gathering\/networkanalysis\/dns analysis \u7528\u6765\u63a2\u6d4b\u89e3\u6790\u76ee\u6807\u57df\u540d\u7684dnsserver\u3002 dnstracer <a href=\"http:\/\/www.google.com\/\" target=\"_blank\">www.google.com<\/a><br \/>2\u3001 Dig\u5373domain information groper;\u7528\u6237\u63a2\u6d4b\u57df\u540d\u89e3\u6790\u7684\u8be6\u7ec6\u4fe1\u606f\u3002<br \/>3\u3001 Host\uff1a\u89e3\u6790\u57df\u540d\u7684\u8be6\u7ec6IP\u5730\u5740<!--more--><br \/>4\u3001 Sqlmap: information gathering\/database analysis\/mysql analysis\/ \u662f\u626b\u63cf\u670d\u52a1\u5668\u662f\u5426\u5b58\u5728sql\u6ce8\u5165\u6f0f\u6d1e\uff0c\u6ce8\u5165\u4e00\u822c\u6b65\u9aa4<br \/>Get\u65b9\u6cd5\uff1asqlmap \u2013u<a href=\"http:\/\/hostname.com\/?id=1\" target=\"_blank\">http:\/\/hostname.com?id=1<\/a> --dbs<br \/>Post\u65b9\u6cd5\uff1a<\/p>\n<ul><\/p>\n<li>\n<p>sqlmap \u2013u <a href=\"http:\/\/hostname.com\/\" target=\"_blank\">http:\/\/hostname.com<\/a> --data \u201cusername=name&amp;password=pass\u201d --dbs<\/p>\n<\/li>\n<p><\/ul>\n<p>\u5982\u679c\u8fd4\u56de\u7ed3\u679c\uff0c\u8bf4\u660e\u5b58\u5728sql\u6ce8\u5165\u6f0f\u6d1e\uff0c\u5e94\u8be5\u53ef\u4ee5\u770b\u5230\u6570\u636e\u5e93\u540d\u4e86\u3002<br \/>\u63a2\u67e5\u8868\u540d\uff1aSqlmap \u2013u<a href=\"http:\/\/hostname.com\/?id=1\" target=\"_blank\">http:\/\/hostname.com?id=1<\/a> \u2013D basename \u2013tables<br \/>\u63a2\u67e5\u5217\u540d\uff1asqlmap \u2013u<a href=\"http:\/\/hostname.com\/?id=1\" target=\"_blank\">http:\/\/hostname.com?id=1<\/a> \u2013D basename \u2013T tablename \u2013columns<br \/>\u67e5\u770b\u6570\u636e\uff1a<br \/>sqlmap \u2013u<a href=\"http:\/\/hostname.com\/?id=1\" target=\"_blank\">http:\/\/hostname.com?id=1<\/a> \u2013D basename \u2013T tablename \u2013Ccolumnsname \u2013dump<br \/>5\u3001 Dbpwaduit\uff1ainformation gathering\/databaseanalysis\u7528\u6765\u63a2\u6d4b\u6570\u636e\u5e93\u7528\u6237\u540d\u548c\u5bc6\u7801,\u652f\u6301mysql\u3001mssql\u3001DB2\u3002\u9700\u8981\u6307\u5b9a\u5b57\u5178\u6587\u4ef6\u3002<br \/>6\u3001 Dirb\uff1a\u662finformation gathering\/webapplication analysis \/web crawlers\/\u4e0b\u7684\u670d\u52a1\u5668\u76ee\u5f55\u3001\u6587\u4ef6\u63a2\u6d4b\u547d\u4ee4<br \/>dirb <a href=\"http:\/\/hostname.com\/\" target=\"_blank\">http:\/\/hostname.com<\/a> \u5176\u4e2d-X \u547d\u4ee4\u53ef\u4ee5\u5728\u6bcf\u6761\u5b57\u5178\u6570\u636e\u540e\u52a0\u540e\u7f00\uff0c\u5982\uff1a<br \/>dirb<a href=\"http:\/\/hostname.com\/\" target=\"_blank\">http:\/\/hostname.com<\/a> \u2013X .html<br \/>7\u3001 Webshag-gui\uff1ainformation gathering\/webapplication analysis \/web crawlers\/ \u662f\u670d\u52a1\u5668\u63a2\u6d4b\u5de5\u5177\uff0c\u53ef\u4ee5\u63a2\u6d4b\u670d\u52a1\u5668\u7684\u57fa\u672c\u4fe1\u606f\uff0c\u53ef\u4ee5\u63a2\u6d4b\u670d\u52a1\u5668\u76ee\u5f55\u6587\u4ef6\u3002<br \/>8\u3001 xprobe2: \/information gathering\/network analysis\/os fingerprinting\/ \u7528\u6765\u63a2\u6d4b\u76ee\u6807\u4f4f\u7684\u64cd\u4f5c\u7cfb\u7edf\u7c7b\u578b\u3002xprobe2 192.168.1.100, \u4f46\u662f\u597d\u50cf\u6570\u636e\u5e93\u5f88\u4e45\u6ca1\u6709\u66f4\u65b0\u4e86\uff0c\u7ed3\u679c\u4e0d\u662f\u5f88\u51c6\u786e\u3002<\/p>\n<p>9. &nbsp;&nbsp;autoscan: \/information gathering\/network analysis\/network scanners\/ \u5b83\u662f\u4e2a\u7528\u4e8e\u67e5\u627e\u5728\u7ebf\u4e3b\u673a\u7684\u56fe\u5f62\u5316\u7f51\u7edc\u626b\u63cf\u5de5\u5177\u3002\u7528\u6765\u786e\u5b9a\u76ee\u6807\u673a\u5668\u4e0a\u5f00\u653e\u7684\u7aef\u53e3\u548c\u64cd\u4f5c\u7cfb\u7edf\uff0c\u4e5f\u53ef\u4ee5\u8fde\u63a5\u5230\u4ee3\u7406\u670d\u52a1\u5668\u8fdb\u884c\u626b\u63cf\u3002<\/p>\n<p>10. &nbsp;netifera: \/information gathering\/network analysis\/network scanners\/ \u7528\u6765\u626b\u63cf\u7f51\u7edc\u4e2d\u4e3b\u673aTCP UDP DNS\u7684\u4fe1\u606f\uff0c\u56fe\u5f62\u5316\u754c\u9762\u3002<\/p>\n<p>11. &nbsp;Nmap : \/information gathering\/network analysis\/network scanners\/ \u662f\u4e2a\u4e00\u7efc\u5408\u7684 \u529f\u80fd\u5168\u9762\u7684\u7aef\u53e3\u626b\u63cf\u5de5\u5177\u3002\u7aef\u53e3\u626b\u63cf\uff0c\u4e3b\u673a\u53d1\u73b0\uff0c\u670d\u52a1\u7248\u672c\u8bc6\u522b\uff0c\u64cd\u4f5c\u7cfb\u7edf\u8bc6\u522b\uff0c\u7f51\u7edc\u8def\u7531\u8ddf\u8e2a\uff0cnmap\u811a\u672c\u5f15\u64ce\uff08\u68c0\u67e5\u7f51\u7edc\u670d\u52a1\u4e2d\u7684\u6f0f\u6d1e\uff0c\u679a\u4e3e\u76ee\u6807\u7cfb\u7edf\u8d44\u6e90\uff09\u3002\u9ed8\u8ba4\u547d\u4ee4 nmap 192.168.1.100, nmap 192.168.1.0\/24 \u3002<br \/> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;TCP\u626b\u63cf\u9009\u9879\uff1a -sT\uff08\u8fde\u7eed\u626b\u63cf\uff0c\u8fdb\u884c\u4e09\u6b21\u63e1\u624b\uff0c\u6162\uff0c\u4f1a\u88ab\u76ee\u6807\u4e3b\u673a\u8bb0\u5f55\uff09\uff0c -sS\uff08\u534a\u5f00\u8fde\u63a5\uff0cnmap\u53d1\u9001syn\u5305\u540e\uff0c\u7b49\u5f85\uff0c\u5982\u679c\u6709\u8fd4\u56desyn\/ack\u5305\uff0c\u5219\u7aef\u53e3\u5f00\u653e;RST\u5305\uff0c\u5219\u7aef\u53e3\u5173\u95ed\uff1b\u6ca1\u6709\u5305\u5219\u8bf4\u660e\u7aef\u53e3\u88ab\u8fc7\u6ee4\uff09\u3002<br \/> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;UDP\u626b\u63cf\u9009\u9879 : -sU .<br \/> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;nmap\u9ed8\u8ba4\u626b\u63cf1000\u4e2a\u5e38\u7528\u7aef\u53e3\uff0c -p\uff1a\u626b\u63cf1-1024\u4e2a\uff0c -p-\uff1a\u626b\u63cf1-65535\u4e2a\u3002<br \/> &nbsp;&nbsp;&nbsp;nmap &nbsp;-sN -p 22, 25, 80, 3306 192.168.1.100 \u7528TCP\uff08null\uff09\u7684\u65b9\u5f0f\u626b\u63cf22,25,80,3306\u7aef\u53e3\u3002<br \/> &nbsp;&nbsp;&nbsp;nmap -sC 192.168.1.100 \u4f7f\u7528\u9ed8\u8ba4\u5206\u7c7b\u811a\u672c\u63a2\u6d4b\u76ee\u6807\u4e3b\u673a\u3002<\/p>\n<p> &nbsp;&nbsp;&nbsp;zenmap\u662fnmap\u7684\u56fe\u5f62\u5316\u5de5\u5177\uff0c\u8def\u5f84\u548cnmap\u76f8\u540c\u3002<\/p>\n<p>12. unicornscan:\/information gathering\/network analysis\/network scanners\/ \u662f\u4e00\u4e2a\u4fe1\u606f\u6536\u96c6\u548c\u5bf9\u5e94\u5173\u7cfb\u5206\u6790\u5f15\u64ce\u5de5\u5177\uff0c\u5b83\u5bf9\u7ed9\u4e88TCP\/IP\u7684\u8bbe\u5907\u8fdb\u884c\u626b\u63cf\u3002<\/p>\n<p>13. amap: \/information gathering\/network analysis\/service fingerprinting\/ \u662f\u4e00\u4e2a\u670d\u52a1\u679a\u4e3e\u5de5\u5177\uff0c\u53ef\u4ee5\u8bc6\u522b\u76ee\u6807\u7cfb\u7edf\u6307\u5b9a\u7aef\u53e3\u4e0a\u8fd0\u884c\u7684\u670d\u52a1\u53ca\u5176\u7248\u672c\u3002\u7248\u672c\u4fe1\u606f\u5f88\u91cd\u8981\uff0c\u65b9\u4fbf\u67e5\u627e\u76f8\u5e94\u7248\u672c\u4e0a\u7684\u6f0f\u6d1e\u3002amap -bq 192.168.1.100 3306 80 &nbsp;\u63a2\u6d4b\u76ee\u6807\u4e3b\u673a3306\uff0c80\u7aef\u53e3\u4e0a\u8fd0\u884c\u7684\u670d\u52a1\u53ca\u5176\u7248\u672c\u3002-bq \u63a7\u5236\u83b7\u53d6\u6b22\u8fce\u4fe1\u606f\u65f6\uff0c\u4e0d\u62a5\u544a\u7aef\u53e3\u5173\u95ed\u6216\u8005\u4e0d\u53ef\u8bc6\u522b\u3002<\/p>\n<p>14. &nbsp;httprint: \/information gathering\/network analysis\/service fingerprinting\/\u662f\u4e00\u4e2a\u7528\u4e8e\u68c0\u6d4bHTTP\u670d\u52a1\u5668\u8f6f\u4ef6\u548c\u7248\u672c\u7684\u5e94\u7528\u7a0b\u5e8f\u3002<br \/> &nbsp;&nbsp;&nbsp;&nbsp;.\/httprint -h 192.168.1.100 -s signatures.txt\uff0c\u63a2\u6d4b\u4e3b\u673a\u4e0a\u8fd0\u884c\u7684web\u670d\u52a1\u5668\uff0c-h -s\u8bbe\u7f6e\u4e3b\u673aIP\u5730\u5740\u7b7e\u540d\u6587\u4ef6\u3002<\/p>\n<p>15. httpsqash: \/information gathering\/network analysis\/service fingerprinting\/ &nbsp;\u626b\u63cfhttp\u670d\u52a1\u5668\u3002<br \/> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;.\/httpsqash -r www.hostname.com<\/p>\n<p>\u672c\u6587\u662f\u7531<a title=\"youthflies\" href=\"https:\/\/www.yeetrack.com\">youthflies<\/a>\u53d1\u8868\u5728<a title=\"\u6613\u8e2a\u7f51\" href=\"https:\/\/www.yeetrack.com\">\u6613\u8e2a\u7f51(yeetrack.com)<\/a>\u4e0a\u7684\u539f\u521b\u6587\u7ae0\uff0c\u539f\u6587\u5730\u5740\uff1a<a title=\"Backtrack \u547d\u4ee4\u89e3\u6790\uff08information gathering\uff09\" href=\"https:\/\/www.yeetrack.com\/?p=8\">https:\/\/www.yeetrack.com\/?p=8<\/a><\/p>\n<p><a title=\"Backtrack \u547d\u4ee4\u89e3\u6790\uff08information gathering\uff09\" href=\"https:\/\/www.yeetrack.com\/?p=8\">Backtrack \u547d\u4ee4\u89e3\u6790\uff08information gathering\uff09<\/a><br \/><a title=\"Backtrack\u547d\u4ee4\u89e3\u6790(Vulnerability assessment)\" href=\"https:\/\/www.yeetrack.com\/?p=11\">Backtrack\u547d\u4ee4\u89e3\u6790(Vulnerability assessment)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>1\u3001 Dnstracer\uff1ainformation gathering\/networkanalysis\/dns analysis \u7528\u6765\u63a2\u6d4b\u89e3\u6790\u76ee\u6807\u57df\u540d\u7684dnsserver\u3002 dnstracer www.&#46;&#46;&#46;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"pgc_sgb_lightbox_settings":"","footnotes":""},"categories":[35],"tags":[27,29],"class_list":["post-163","post","type-post","status-publish","format-standard","hentry","category-hacking","tag-backtrack","tag-29"],"views":3604,"_links":{"self":[{"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/posts\/163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=163"}],"version-history":[{"count":2,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/posts\/163\/revisions"}],"predecessor-version":[{"id":476,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=\/wp\/v2\/posts\/163\/revisions\/476"}],"wp:attachment":[{"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=163"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=163"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yeetrack.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}