Penetration Test - Survey the Target(1)
阿新 • • 發佈:2020-07-30
Scanning and Enumeration
INFORMATION GATHERING
- Scanning
- Process of looking at some number of "things" to determine characteristics
- Commonly used in pen testing to uncover target vulnerabilities
- Many types of scan targets
- Networks
- Network devices
- Computers
- Applications/services
Enumeration
- Counting the detected instances of some target class
- Pen testing target classes
- Hosts
- Networks
- Domains
- Users
- Groups
- Network shares
- Web pages
- Applications
- Services
- Tokens
- Social networking sites
QUICK REVIEW
- Scanning helps to determine what is "out there"
- Don't just scan for computers - look for all devices and services
- Start collecting and classifying target information
- Use more than just utilities that scan networks
Demo
Target 1: Metasploitable VM
Target 2: DVWA VM
Attacker: Kali Linux VM
Scan Method 1 - nmap
nmap -sP 10.0.0.0/24
Scan Method 2 - ARP
arp-scan 10.0.0.0/24
Scan Method 3 - Whois Lookup http://whois.domaintools.com/
QUICK REVIEW
- nmap is the most common tool you'll see
- Know how to use nmap and what the main options do
- Be able to explain nmap output