kali linux Desktop Environemt types and kali linux install virualbox
1、we know the kali linux desktop environmet can also be costomized ,Desktop environmet can use GNOME(default) ,KDE (K Desktop Environmet) ,and LXDE(Loghtweight x11 Desktop Environmet)
we set command under windows: nbtstat -A [ip address] .we will get the NetBIOS remote Macine Name Tables
as we see in the picture ,if you do have a hex code <20> then you may have cause for concern now i will explain
if show code of <20> means you have file and printer sharing turned on ., aditional we cna use the command : net share to show the sharing file
2、OK let we san on the local computer who sharing the file ,we can use the command : net view [ip_address]
then we use the command :net use [ip_address] get the touch the victim computer
above all,this attack was called Netbios attack ,if you want to improved the security closed the sharing
3、 we nest to see the Trojans
for example: Netbus and SubSeven
how we can installl a Trojans file in another computer .we can use the joiner utility will combine the two files together and output one executable file call nice name executed file
another way to spread the Trojans by the Email and Unsafe web Sites and IRC(Internet Relay Chat 因特网中继聊天)、 Chat Sites
4、acceptable file
there is no reasno for any files to be sent to you in any of the above formats if they are text douments ,there is no reason a file should have a double extension ,such files you shoud ever receive them should be treated with suspicion .
5、who are Hackers
A port scanner is a handy tool that scans a computer lookinh for active ports ,with this utility ,a potential hacker can figure out what services are acilable on the target computer form the responses the port scanner receives take a look at the list for reference
for example start scan the target Host: www.shutongyaming.com.cn
we looked the Sub Seven Trojan:
the Sub Seven Trojan has many features and capabilities ,it is in my opinion by far the most advance Trojan I hace seen Take a look at some of the features of SubSeven
- address book
- WWP Page Retrierve Get Windows CD-KEY update vicitim from URL ICQ takeover FTP root floder
- retrieve dial-up passwords along with phone number and usernames prot redirect IRCbot for a list of commands
- UIIn2IP \reomte IP Scanner
6、SQL injection Question
While performing web application and penetration testing following scenario is very command and hides potential exploitable SQL injection scenario.
- We have SQL injection point but it is not throwing any error messages out as part of its response,Applicationg is sending customized erroe page ehich is not revealing any signature bu which we can deduce potential SQL flaw
- knowing SQL injectiong potin or loophole in web application xp_cmdshell seems to be worKing,but we can't say is it working or not since it doesn't return any meaningful signature tthis is blind xp_cmdShell
- FireWall don't allow outbound traffic so can't do ftp tftp ping etc from the box to the internet bu which you can confirm execution of the command on the target system
- we don't know the actual path to path to webroot so can't copy file to location whic can be accessed over Http or Https later to confirm the execution of the command
- if we know path to webroot adn directory structure but can't find execute permission on it so can't copy cmd.exe or any other binary and execute over HTTP/HTTPS
kali linux Desktop Environemt types and kali linux install virualbox的更多相关文章
- Running a Remote Desktop on a Windows Azure Linux VM (远程桌面到Windows Azure Linux )-摘自网络(试了,没成功 - -!)
A complete click-by-click, step-by-step video of this article is available ...
- Redis进阶实践之六Redis Desktop Manager连接Windows和Linux系统上的Redis服务
一.引言 今天本来没有打算写这篇文章,当初我感觉使用这个工具应该很简单,下载的过程也不复杂,也没有打算记录下来.但是在使用的过程中还是出现了一些问题,为了给第一次使用Redis Desktop Man ...
- Redis进阶实践之六Redis Desktop Manager连接Windows和Linux系统上的Redis服务(转载6)
Redis进阶实践之六Redis Desktop Manager连接Windows和Linux系统上的Redis服务 一.引言 今天本来没有打算写这篇文章,但是,今天测试Redis的时候发现了两个问题 ...
- 免费在线 Linux Desktop 环境
免费在线 Linux Desktop 环境 Run Linux OS Distributions online https://www.onworks.net/os-distributions 免费测 ...
- Linux学习总结(17)——Linux新手必须学会的12个命令
今天的用户可以根据自己的意愿选择是否使用作为Linux象征的命令行,确切的证明了Linux已经有了很大的发展.现在很多Linux发行版的图形用户界面已经非常强大,不再需要命令行. 但是命令行在Linu ...
- Linux 验证当前 Video0 不否是v4l设备 linux v4l 编程(1) Video 4 Linux 简介
#include <stdio.h> #include <string.h> #include <errno.h> #include <sys/types.h ...
- linux入门系列3--常见的linux远程登陆管理工具
服务器一般是云服务器或者放置在机房,我们日常工作中通过远程连接工具连接到服务器进行操作,这类工具很多(如SecureCRT.XShell.Putty.FinallShell.TeamViewer以及w ...
- Linux下ps命令详解 Linux下ps命令的详细使用方法
http://www.jb51.net/LINUXjishu/56578.html Linux下的ps命令比较常用 Linux下ps命令详解Linux上进程有5种状态:1. 运行(正在运行或在运行队列 ...
- Linux系统的理解及学习Linux内核的心得
作业列表 (点击作业跳转) linux内核分析作业:以一简单C程序为例,分析汇编代码理解计算机如何工作 linux内核分析作业:操作系统是如何工作的进行:完成一个简单的时间片轮转多道程序内核 ...
随机推荐
- Spring Cloud Hystrix 服务容错保护 5.1
Spring Cloud Hystrix介绍 在微服务架构中,通常会存在多个服务层调用的情况,如果基础服务出现故障可能会发生级联传递,导致整个服务链上的服务不可用为了解决服务级联失败这种问题,在分布式 ...
- AD 常用策略
配置WSUS 配置NTPS 配置用户配置文件漫游 配置漫游区磁盘配额 配置修改本地管理员用户名 配置修改本地管理员密码 配置网络验证(提示是否联网错误) 配置允许开设永久共享 配置允许开设共享打印机 ...
- Swift编码总结1
1. fileprivate (set) var hasSetDiscount = false中fileprivate (set)表示什么意思: //设置setter私有,但是getter为publi ...
- Swift4.0复习错误处理
1.Swift中错误的表示: “在Swift中如果我们要定义一个表示错误的类型非常简单,只需遵循 Error 协议即可.我们通常用枚举或结构体类型来表示错误类型,当然枚举可能用得更多些,因为它能更直观 ...
- 13点睛Spring4.1-Spring EL
13.1 Spring EL Spring EL-Spring表达式语言,支持在xml和注解中使用表达式,类似jsp的EL表达式语言; 本教程关注于在注解中使用Spring EL; Spring EL ...
- Java基础教程:多线程杂谈——双重检查锁与Volatile
Java基础教程:多线程杂谈——双重检查锁与Volatile 双重检查锁 有时候可能需要推迟一些高开销的对象初始化操作,并且只有在使用这些对象时才进行初始化.此时程序员可能会采用延迟初始化.但要正确实 ...
- Xmanager教程
简介 Xmanager是市场上领先的PC X服务器,可将X应用程序的强大功能带入Windows环境. 提供了强大的会话管理控制台,易于使用的X应用程序启动器,X服务器配置文件管理工具,SSH模块和高性 ...
- 13、OpenCV实现图像的空间滤波——图像平滑
1.空间滤波基础概念 1.空间滤波基础 空间滤波一词中滤波取自数字信号处理,指接受或拒绝一定的频率成分,但是空间滤波学习内容实际上和通过傅里叶变换实现的频域的滤波是等效的,故而也称为滤波.空间滤波主要 ...
- js18位身份证验证(非原创)
原文链接 function check_id(value) { var arrExp = [7, 9, 10, 5, 8, 4, 2, 1, 6, 3, 7, 9, 10, 5, 8, 4, 2];/ ...
- Spring之22:DefaultListableBeanFactory
1. DefaultListableBeanFactory的作用: 默认实现了ListableBeanFactory和BeanDefinitionRegistry接口,基于bean definitio ...