Pivoting

1. Edit the virtual network settings of the Vmware.

2. Set the Network Adapter(s) of Kali Linux, IE8-Win7 and Kioptrix Level 1 as showed in the following screenshoots.

The Kali Linux should only talk to IE8-Win7 machine, and can not talk to Kioptrix Level 1.

The  Kioptrix Level 1 should only talk to IE8-Win7 machine, and can not talk to Kali Linux.

3.Confirm the IP addresses of the Vmware machines.

The IP address of Kali Linux is 10.1.10.129.

There are two IP addresses of IE8-Win7, one is 192.168.134.128 and the other one is 10.1.10.128.

The IP address of Kioptrix Level 1 is 192.168.134.2.

4.Set the Java Security Panel on IE8-Win7 to Medium and add the IP of Kali to the Exception site list.

5. Use setoolkit and metasploit to exploit the target server.

Open Issue:https://github.com/trustedsec/social-engineer-toolkit/issues/593

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

5. Try to see the routes.

run autoroute -p

ipconfig

arp -a

netstat -ano

route

run autoroute -s 192.168.134.0/

run autoroute -p

6. Start the Metasploit and choose proper module.

use auxiliary/scanner/portscan/tcp
show options
set ports 139
set rhosts 192.168.134.131

Run the exploit now.

When exiting the session,  we can not scan the target server now...

OSCP Learning Notes - Post Exploitation(4)的更多相关文章

  1. OSCP Learning Notes - Post Exploitation(2)

    Windows Post Exploitation Target Server: IE8-Win 7 VM 1. Download and upload the fgdump, PwDump7, wc ...

  2. OSCP Learning Notes - Post Exploitation(1)

    Linux Post Exploitation Target Sever: Kioptrix Level 1 1. Search the payloads types. msfvenom -l pay ...

  3. OSCP Learning Notes - Post Exploitation(3)

    Post-Exploit Password Attacks 1. Crack using the tool - john (Too slow in real world) Locate the roc ...

  4. OSCP Learning Notes - WebApp Exploitation(5)

    Remote File Inclusion[RFI] Prepare: Download the DVWA from the following website and deploy it on yo ...

  5. OSCP Learning Notes - WebApp Exploitation(4)

    Local File Inclusion[LFI] Target Pentester Lab: Download from the following website: https://www.vul ...

  6. OSCP Learning Notes - WebApp Exploitation(3)

    SQL Injection[SQLi] Refrence: SQL Injection Authentication Bypass Cheat Sheet https://pentestlab.blo ...

  7. OSCP Learning Notes - WebApp Exploitation(2)

    Cross-Site Scripting(XSS) 1. Using the tool - netdiscover to find the IP of target server. netdiscov ...

  8. OSCP Learning Notes - WebApp Exploitation(1)

    Installing XSS&MySQL FILE Download the Pentester Lab: XSS and MySQL FILE from the following webs ...

  9. OSCP Learning Notes - Overview

    Prerequisites: Knowledge of scripting languages(Bash/Pyhon) Understanding of basic networking concep ...

随机推荐

  1. 【01JMeter基础】测试计划

    测试计划 整个脚本的集合根目录,所有线程组集合的承载,可以添加线程组.测试片段.非测试元件.配置元件.监听器.定时器.前置/后置处理起器.断言等 一.用户自定义变量 可以使用在所有的线程组中,通过${ ...

  2. vue事件修饰符与按钮修饰符

    事件修饰符:(当事件无需传参数时可直接写成以下形式,有参数时则为@click.stop="handleLiClick($event)") stop:阻止事件冒泡行为(子元素被点击, ...

  3. Rust 数据类型

    Rust中的每个值都具有特定的数据类型. 基础类型: 整数,浮点数,布尔值和字符 i8,i16,i32,i64,i64,i128,isize, u8,u16,u32,u64,u64,u128,usiz ...

  4. TensorFlow中读取图像数据的三种方式

    本文面对三种常常遇到的情况,总结三种读取数据的方式,分别用于处理单张图片.大量图片,和TFRecorder读取方式.并且还补充了功能相近的tf函数. 1.处理单张图片 我们训练完模型之后,常常要用图片 ...

  5. -手写Spring注解版本&事务传播行为

    视频参考C:\Users\Administrator\Desktop\蚂蚁3期\[www.zxit8.com] 0018-(每特教育&每特学院&蚂蚁课堂)-3期-源码分析-手写Spri ...

  6. java 中的线程池

    1.实现下面的一个需求,控制一个执行函数只能被五个线程访问 package www.weiyuan.test; public class Test { public static void main( ...

  7. xutils工具上传日志文件--后台服务器的搭建

    在上一篇文章中使用xutils将手机上保存的日志上传到后台服务器中,现在我们来讲后台服务器是如何搭建的 后台服务器采用jsp+sevlet+mysql的框架 首先讲mysql数据库的表的建立 在fil ...

  8. Python3-collections模块-容器数据类型

    Python3中的collections模块实现了一些专业的容器数据类型 最常用的容器数据类型 字典.列表和元组.集合都已经被Python默认导入,但在实现一些特定的业务时,collections模块 ...

  9. JAVA设计模式 3【创建型】理解工厂模式与抽象工厂模式

    上一节我们已经学习了原型模式,稍微复习一下:通过重写Object 类的clone() 方法实现浅克隆,浅克隆也要实现Cloneable 标记接口.而深克隆则是将对象通过序列化和反序列化 的方式进行创建 ...

  10. git常用命令(部分)

    git常用命令 1.git init 初始化一个新本地仓库,它在工作目录下生成一个名为.git的隐藏文件夹. 安装好git的,新建一个文件夹,在空文件夹中鼠标右击点击Git Bash Here 2.g ...