kali linux Desktop Environemt types and kali linux install virualbox
1、we know the kali linux desktop environmet can also be costomized ,Desktop environmet can use GNOME(default) ,KDE (K Desktop Environmet) ,and LXDE(Loghtweight x11 Desktop Environmet)
we set command under windows: nbtstat -A [ip address] .we will get the NetBIOS remote Macine Name Tables
as we see in the picture ,if you do have a hex code <20> then you may have cause for concern now i will explain
if show code of <20> means you have file and printer sharing turned on ., aditional we cna use the command : net share to show the sharing file
2、OK let we san on the local computer who sharing the file ,we can use the command : net view [ip_address]
then we use the command :net use [ip_address] get the touch the victim computer
above all,this attack was called Netbios attack ,if you want to improved the security closed the sharing
3、 we nest to see the Trojans
for example: Netbus and SubSeven
how we can installl a Trojans file in another computer .we can use the joiner utility will combine the two files together and output one executable file call nice name executed file
another way to spread the Trojans by the Email and Unsafe web Sites and IRC(Internet Relay Chat 因特网中继聊天)、 Chat Sites
4、acceptable file
there is no reasno for any files to be sent to you in any of the above formats if they are text douments ,there is no reason a file should have a double extension ,such files you shoud ever receive them should be treated with suspicion .
5、who are Hackers
A port scanner is a handy tool that scans a computer lookinh for active ports ,with this utility ,a potential hacker can figure out what services are acilable on the target computer form the responses the port scanner receives take a look at the list for reference
for example start scan the target Host: www.shutongyaming.com.cn
we looked the Sub Seven Trojan:
the Sub Seven Trojan has many features and capabilities ,it is in my opinion by far the most advance Trojan I hace seen Take a look at some of the features of SubSeven
- address book
- WWP Page Retrierve Get Windows CD-KEY update vicitim from URL ICQ takeover FTP root floder
- retrieve dial-up passwords along with phone number and usernames prot redirect IRCbot for a list of commands
- UIIn2IP \reomte IP Scanner
6、SQL injection Question
While performing web application and penetration testing following scenario is very command and hides potential exploitable SQL injection scenario.
- We have SQL injection point but it is not throwing any error messages out as part of its response,Applicationg is sending customized erroe page ehich is not revealing any signature bu which we can deduce potential SQL flaw
- knowing SQL injectiong potin or loophole in web application xp_cmdshell seems to be worKing,but we can't say is it working or not since it doesn't return any meaningful signature tthis is blind xp_cmdShell
- FireWall don't allow outbound traffic so can't do ftp tftp ping etc from the box to the internet bu which you can confirm execution of the command on the target system
- we don't know the actual path to path to webroot so can't copy file to location whic can be accessed over Http or Https later to confirm the execution of the command
- if we know path to webroot adn directory structure but can't find execute permission on it so can't copy cmd.exe or any other binary and execute over HTTP/HTTPS
kali linux Desktop Environemt types and kali linux install virualbox的更多相关文章
- Running a Remote Desktop on a Windows Azure Linux VM (远程桌面到Windows Azure Linux )-摘自网络(试了,没成功 - -!)
A complete click-by-click, step-by-step video of this article is available ...
- Redis进阶实践之六Redis Desktop Manager连接Windows和Linux系统上的Redis服务
一.引言 今天本来没有打算写这篇文章,当初我感觉使用这个工具应该很简单,下载的过程也不复杂,也没有打算记录下来.但是在使用的过程中还是出现了一些问题,为了给第一次使用Redis Desktop Man ...
- Redis进阶实践之六Redis Desktop Manager连接Windows和Linux系统上的Redis服务(转载6)
Redis进阶实践之六Redis Desktop Manager连接Windows和Linux系统上的Redis服务 一.引言 今天本来没有打算写这篇文章,但是,今天测试Redis的时候发现了两个问题 ...
- 免费在线 Linux Desktop 环境
免费在线 Linux Desktop 环境 Run Linux OS Distributions online https://www.onworks.net/os-distributions 免费测 ...
- Linux学习总结(17)——Linux新手必须学会的12个命令
今天的用户可以根据自己的意愿选择是否使用作为Linux象征的命令行,确切的证明了Linux已经有了很大的发展.现在很多Linux发行版的图形用户界面已经非常强大,不再需要命令行. 但是命令行在Linu ...
- Linux 验证当前 Video0 不否是v4l设备 linux v4l 编程(1) Video 4 Linux 简介
#include <stdio.h> #include <string.h> #include <errno.h> #include <sys/types.h ...
- linux入门系列3--常见的linux远程登陆管理工具
服务器一般是云服务器或者放置在机房,我们日常工作中通过远程连接工具连接到服务器进行操作,这类工具很多(如SecureCRT.XShell.Putty.FinallShell.TeamViewer以及w ...
- Linux下ps命令详解 Linux下ps命令的详细使用方法
http://www.jb51.net/LINUXjishu/56578.html Linux下的ps命令比较常用 Linux下ps命令详解Linux上进程有5种状态:1. 运行(正在运行或在运行队列 ...
- Linux系统的理解及学习Linux内核的心得
作业列表 (点击作业跳转) linux内核分析作业:以一简单C程序为例,分析汇编代码理解计算机如何工作 linux内核分析作业:操作系统是如何工作的进行:完成一个简单的时间片轮转多道程序内核 ...
随机推荐
- KSQL Syntax Reference
KSQL Syntax Reference KSQL has similar semantics to SQL: Terminate KSQL statements with a semicolon ...
- ABAP DEMO so批量导入
*&---------------------------------------------------------------------* *& Report YDEMO_015 ...
- CSS控制元素背景透明度总结
方法一:CSS3的background rgba filter:progid:DXImageTransform.Microsoft.gradient(enabled='true',startColor ...
- 数据挖掘经典算法PrefixSpan的一个简单Python实现
前言 用python实现了一个没有库依赖的"纯" py-based PrefixSpan算法. Github 仓库 https://github.com/Holy-Shine/Pr ...
- docker 搭建私有 docker hub
查找registry 镜像 meiya@meiya:/etc/docker$ clear meiya@meiya:/etc/docker$ docker search registry NAME DE ...
- QuickTime专业版 pro 注册码
打开QuickTime Player下拉编辑菜单--选偏好设置--注册 Name: Dawn M Fredette Key: 4UJ2-5NLF-HFFA-9JW3-X2KV 重新启动 QuickTi ...
- fastai 2019 part1 数据集分享
链接:https://pan.baidu.com/s/1UuQ8gJ2qXLvPK2rdIqWCMQ 提取码:ghn9
- Java:session中的invalidate()的作用是什么呢?求解
手工杀会话.会话失效有2种可能:超时和手工杀会话.手工杀方便省时间,程序员都爱用. 比如我做一个程序需要登录,中间访问的页面有会话控制,如果没有登录则跳转到登录页面,退出时清会话信息. 这是有两个选择 ...
- input的小技巧 清除自动记录
input 消除自动记忆功能 在html里就可以直接清除了<input type="text" autocomplete="off"> input ...
- python 的django项目复制方法
python 的django项目复制方法 django_pyecharts_1修改为django_pyecharts_1_cs1.拷贝项目(确保原有项目是关闭状态下)2.粘贴项目并删除idea文件夹和 ...