小白KALI渗透(二)

2024-01-24 08:12:22

小白KALI渗透(二)

菜鸡下饭慢慢来——道爷低血糖

四、搭建vps

……危、略

五、DNS

1)DNS信息收集——nslookup

使用nslookup查看域名

root@kali:/# ping baidu.com
PING baidu.com (39.156.69.79) 56(84) bytes of data.
64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=1 ttl=46 time=87.1 ms
64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=2 ttl=46 time=83.0 ms
64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=3 ttl=46 time=74.4 ms
64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=4 ttl=46 time=69.5 ms
64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=5 ttl=46 time=79.0 ms
64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=6 ttl=46 time=75.2 ms
64 bytes from 39.156.69.79 (39.156.69.79): icmp_seq=7 ttl=46 time=69.4 ms
^C
--- baidu.com ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6026ms
rtt min/avg/max/mdev = 69.457/76.858/87.114/6.165 ms
root@kali:/# ^C
root@kali:/# nslookup www.baidu.com
Server:		192.168.0.1
Address:	192.168.0.1#53

Non-authoritative answer:
www.baidu.com	canonical name = www.a.shifen.com.
Name:	www.a.shifen.com
Address: 14.215.177.39
Name:	www.a.shifen.com
Address: 14.215.177.38

2)DNS信息收集——DIG

dig 查域名信息

dig xuegod.cn
dig @114.114.114.114 xuegod.cn
dig @114.114.114.114 xuegod.cn any #any表示查询所有

root@kali:/# dig xuegod.cn

; <<>> DiG 9.10.3-P4-Debian <<>> xuegod.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11807
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 19

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;xuegod.cn.			IN	A

;; ANSWER SECTION:
xuegod.cn.		600	IN	A	101.200.128.35

;; AUTHORITY SECTION:
xuegod.cn.		86399	IN	NS	dns7.hichina.com.
xuegod.cn.		86399	IN	NS	dns8.hichina.com.

;; ADDITIONAL SECTION:
dns8.hichina.com.	2406	IN	A	106.11.141.114
dns8.hichina.com.	2406	IN	A	106.11.141.124
dns8.hichina.com.	2406	IN	A	106.11.211.54
dns8.hichina.com.	2406	IN	A	106.11.211.64
dns8.hichina.com.	2406	IN	A	140.205.41.14
dns8.hichina.com.	2406	IN	A	140.205.41.24
dns8.hichina.com.	2406	IN	A	140.205.81.14
dns8.hichina.com.	2406	IN	A	140.205.81.24
dns7.hichina.com.	1426	IN	A	140.205.41.23
dns7.hichina.com.	1426	IN	A	140.205.81.13
dns7.hichina.com.	1426	IN	A	140.205.81.23
dns7.hichina.com.	1426	IN	A	106.11.141.113
dns7.hichina.com.	1426	IN	A	106.11.141.123
dns7.hichina.com.	1426	IN	A	106.11.211.53
dns7.hichina.com.	1426	IN	A	106.11.211.63
dns7.hichina.com.	1426	IN	A	140.205.41.13
dns8.hichina.com.	2815	IN	AAAA	2400:3200:2000:27::1
dns7.hichina.com.	715	IN	AAAA	2400:3200:2000:26::1

;; Query time: 48 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Feb 23 16:35:04 CST 2021
;; MSG SIZE  rcvd: 415

root@kali:/# dig @114.114.114.114 xuegod.cn

; <<>> DiG 9.10.3-P4-Debian <<>> @114.114.114.114 xuegod.cn
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62678
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;xuegod.cn.			IN	A

;; ANSWER SECTION:
xuegod.cn.		38	IN	A	101.200.128.35

;; Query time: 73 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Tue Feb 23 16:34:43 CST 2021
;; MSG SIZE  rcvd: 54


root@kali:/# dig @114.114.114.114 xuegod.cn any

; <<>> DiG 9.10.3-P4-Debian <<>> @114.114.114.114 xuegod.cn any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46432
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;xuegod.cn.			IN	ANY

;; ANSWER SECTION:
xuegod.cn.		600	IN	MX	10 mxbiz2.qq.com.
xuegod.cn.		600	IN	MX	5 mxbiz1.qq.com.
xuegod.cn.		484	IN	A	101.200.128.35
xuegod.cn.		2808	IN	NS	dns8.hichina.com.
xuegod.cn.		2808	IN	NS	dns7.hichina.com.

;; Query time: 82 msec
;; SERVER: 114.114.114.114#53(114.114.114.114)
;; WHEN: Tue Feb 23 16:36:40 CST 2021
;; MSG SIZE  rcvd: 141

利用-x参数IP反查域名

root@kali:/# dig -x 114.114.114.114

; <<>> DiG 9.10.3-P4-Debian <<>> -x 114.114.114.114
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16515
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:
;114.114.114.114.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
114.114.114.114.in-addr.arpa. 600 IN	PTR	public1.114dns.com.

;; AUTHORITY SECTION:
114.114.114.in-addr.arpa. 57806	IN	NS	ns100.114dns.com.
114.114.114.in-addr.arpa. 57806	IN	NS	ns100.114dns.net.

;; ADDITIONAL SECTION:
ns100.114dns.net.	169	IN	A	58.217.249.158
ns100.114dns.net.	169	IN	A	114.114.119.119
ns100.114dns.com.	169	IN	A	114.114.118.118
ns100.114dns.com.	169	IN	A	60.215.138.254

;; Query time: 166 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Feb 23 16:29:16 CST 2021
;; MSG SIZE  rcvd: 192

验证

root@kali:/# ping public1.114dns.com
PING public1.114dns.com (114.114.114.114) 56(84) bytes of data.
64 bytes from public1.114dns.com (114.114.114.114): icmp_seq=1 ttl=65 time=60.6 ms
64 bytes from public1.114dns.com (114.114.114.114): icmp_seq=2 ttl=90 time=61.8 ms
64 bytes from public1.114dns.com (114.114.114.114): icmp_seq=3 ttl=67 time=60.6 ms
64 bytes from public1.114dns.com (114.114.114.114): icmp_seq=4 ttl=93 time=58.4 ms
64 bytes from public1.114dns.com (114.114.114.114): icmp_seq=5 ttl=65 time=59.7 ms
64 bytes from public1.114dns.com (114.114.114.114): icmp_seq=6 ttl=62 time=58.6 ms
64 bytes from public1.114dns.com (114.114.114.114): icmp_seq=7 ttl=66 time=68.2 ms
64 bytes from public1.114dns.com (114.114.114.114): icmp_seq=8 ttl=69 time=59.3 ms
^C
--- public1.114dns.com ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 7029ms
rtt min/avg/max/mdev = 58.496/60.954/68.253/2.969 ms

```bash
root@kali:/# dig public1.114dns.com

; <<>> DiG 9.10.3-P4-Debian <<>> public1.114dns.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16467
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:
;public1.114dns.com.		IN	A

;; ANSWER SECTION:
public1.114dns.com.	600	IN	A	114.114.114.114

;; AUTHORITY SECTION:
114dns.com.		55809	IN	NS	ns1000.114dns.com.
114dns.com.		55809	IN	NS	ns1000.114dns.net.

;; ADDITIONAL SECTION:
ns1000.114dns.com.	71	IN	A	114.114.116.116
ns1000.114dns.com.	71	IN	A	60.215.138.254
ns1000.114dns.net.	71	IN	A	114.114.117.117
ns1000.114dns.net.	71	IN	A	58.217.249.158

;; Query time: 49 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Feb 23 16:31:42 CST 2021
;; MSG SIZE  rcvd: 168

查询DNS服务器bind版本信息

root@kali:/# dig txt chaos VERSION.BIND @ns3.dnsv4.com
;; Warning: query response not set
;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.10.3-P4-Debian <<>> txt chaos VERSION.BIND @ns3.dnsv4.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54463
;; flags: rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;VERSION.BIND.			CH	TXT

;; ANSWER SECTION:
VERSION.BIND.		0	CH	TXT	"DNSPod AUTHORITY DNS 6.0.2011.00 patch1"

;; Query time: 72 msec
;; SERVER: 61.129.8.140#53(61.129.8.140)
;; WHEN: Tue Feb 23 17:00:53 CST 2021
;; MSG SIZE  rcvd: 93

小白KALI渗透(二)
查询网站的域名注册信息和备案信息

网站
whois

root@kali:/# whois xuegod.cn
Domain Name: xuegod.cn
ROID: 20140908s10001s72166376-cn
Domain Status: ok
Registrant: 北京学神科技有限公司
Registrant Contact Email: jianmingbasic@163.com
Sponsoring Registrar: 阿里云计算有限公司(万网)
Name Server: dns7.hichina.com
Name Server: dns8.hichina.com
Registration Time: 2014-09-08 10:52:31
Expiration Time: 2021-09-08 10:52:31
DNSSEC: unsigned

备案信息
beianbeian.com
天眼查

上一篇:诊断4 -网络排错步骤


下一篇:Proteus-中英文对照