网络黑客的工具包：侦察

因此，首先，我们想找出此Mossack Fonseca Web服务器的IP地址是什么。因此，我们可以做到这一点的一种简单方法就是ping网站，看看我们是否可以获得IP地址。是的，立即告诉我们它很活跃。您可以在此处看到顶部的IP地址，从这里变得非常简单。基本上，我想找出哪些端口是开放的，本质上是对该特定Web服务器打开的门口，最终我想找出正在运行的服务器，以便我们可以尝试利用其中一个。因此，我们使用了称为“ nmap”的小工具。

您可以看到它有各种各样的不同参数。我们输入“ NMAP”，然后输入我们试图实际攻击的目标的IP地址或Web服务器名称。我认为这是从记忆中来的。好的。因此，我们可以在此特定的Web服务器上从此处看到，有一系列不同的端口和不同的服务运行。您可以在这里看到。假设FTP在此示例中，端口21。它正在操作TCP协议，并且实际上处于开放状态。因此，从这里开始，我们将尝试找到更多信息。因此，我们实际上也可以看到其他服务也在运行。他们有一个网络服务器。

您可以在这里看到。这是在端口80上运行的。他们拥有看起来像是在端口25上运行的电子邮件服务器。还有许多其他。但是，让我们专注于FTP，因为这通常可能是一个较弱的协议。如果可以的话，让我们尝试了解更多信息。我们将在NMAP中尝试一些更复杂的参数，并查看我们还能找到什么。因此，我们在NMAP SV上，本质上是服务和脚本扫描。然后，我们将为我们的脚本[输入'sc']执行此操作，然后再次输入Web服务器名称。

And I think we said port 21 for FTP. And we’ll run that server and script scan against the FTP protocol on that particular website. So what else have we gathered here? Again we’ve got confirmation that we’ve got the FTP server software. We can see here another thing is allowing anonymous FTP logins, which is not always a great thing. The main thing is we want to find from here, which is going to be beneficial for us, is that the version of the FTP software, and that it’s actually in open state, and you can connect to it.

I think we’ve gathered enough information to push forward. We know now that FTP is running and it’s open. And we know what server software they’re actually using for that FTP. So that can be a particularly good weak point to gain access. So using this information we’ve gathered, let’s figure out how we can go ahead and move forward from here. So if we check out this particular website here, it’s a very popular one for security exploits. It’s called ‘www.exploit-db.com’. So let’s do a little search. This website basically lists all the new exploits that are out, pretty much every day if there’s a new one out, it’ll list the operating system, what server is it, what software it’s actually targeted against.

Ok, let’s do a little search for what we’ve discovered about this particular target machine we want to get into. I think that should do it. So we’ll go to an advanced search platform, and we’ll punch that into the search. And we want to get in remotely, so let’s go remote. Anything else we can fill in here– Author– Let’s go with Metasploit, essentially our framework that contains a library of different exploits. We can pick out and target against specific weaknesses in the system. Let’s let that search for a minute. So it brings us back a range of different exploits we can potentially use.

让我们浏览列表，看看是否有任何关系 - 我认为我们说VSFTPD。让我们看看我们是否可以在列表中找到它。

There we go. Vsftpd version 2.3.4. We’ll just click on that. It tells us everything about that, when it was published. We can download it if we want. Tells us more about the actual code behind the exploit, how it works there. So now you’ve seen from a hacker’s perspective how to do some reconnaissance and discover vulnerabilities in a particular system. These are things that the hacker will look for in order to exploit your systems. Thanks for watching.