渗透测试---被动信息收集详解

更新时间:2023-06-17 06:45:25 阅读: 评论:0

渗透测试---被动信息收集详解
被动信息收集
⼀、被动信息收集简介
1.被动信息收集
指通过公开渠道的可获得信息,与⽬标系统或者主机不产⽣直接的信息交互,以尽可能避免留下任何痕迹的信息收集⽅法。
2.信息收集的内容
IP地址段
域名信息
邮件地址
⽂档图⽚数据
公司地址
公司组织架构
联系电话/传真号码
⼈员姓名/职务
⽬标系统使⽤的技术架构
公开的商⽤信息
3.信息收集的⽬的
个⼈认为信息收集是为了获取⽬标系统的基础架构以及⽬标主机的ip地址段以及该对象的域名信息,以达到使⽤所收集的信息去描述⽬标系统或者主机的⽬的,并对之后的⼀些列扫描⼯作做准备,是渗透测试技术的第⼀个关键步骤。
⼆、被动信息收集⽅式
在这⾥我使⽤的系统环境是基于kali-linux-2018-W25-amd64的虚拟环境.
1.dig:域名解析查询
①直接查询
命令:dig 所要查询域名
root@yanxiao:~# dig
;<<>> DiG 9.11.3-1-Debian <<>>
;;global options:+cmd
;; Got answer:
;;->>HEADER<<- opcode: QUERY, status: NOERROR,id:21747
;; flags: qr rd ra; QUERY:1, ANSWER:4, AUTHORITY:0, ADDITIONAL:1
;; OPT PSEUDOSECTION:
; EDNS: version:0, flags:; MBZ:0x0005, udp:4096
;; QUESTION SECTION:
;
  IN A
;; ANSWER SECTION:
5 IN CNAME
5 IN
<5 IN A 221.204.241.188
<5 IN A 61.158.251.244
;; Query time:5 mc
;; SERVER:192.168.181.2#53(192.168.181.2)
;; WHEN: Wed Jun 2616:22:04 CST 2019
国际音标视频
;; MSG SIZE  rcvd:135
②按指定内容查询
命令:dig @<DNS服务器ip> <;所查询的域名> <;所查询的具体类型>
root@yanxiao:~# dig @8.8.8.8 mx
;<<>> DiG 9.11.3-1-Debian <<>> @8.8.8.8 mx
;(1 rver found)
;;global options:+cmd
;; Got answer:
;;->>HEADER<<- opcode: QUERY, status: NOERROR,id:40167
;; flags: qr rd ra; QUERY:1, ANSWER:2, AUTHORITY:1, ADDITIONAL:1
;; OPT PSEUDOSECTION:
; EDNS: version:0, flags:; udp:512
;; QUESTION SECTION:
;
  IN MX
;; ANSWER SECTION:
59 IN CNAME
59 IN
;; AUTHORITY SECTION:
<59 IN SOA 20100707108006060480060
英语歌曲排行榜;; Query time:144 mc
;; SERVER:8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jun 2616:36:47 CST 2019
;; MSG SIZE  rcvd:148
结合noall与answer只显⽰查询结果,摒弃⽆关信息。
root@yanxiao:~# dig @8.8.8.8 +noall +answer
<59 IN MX 5 freemx1.
<59 IN MX 10 freemx2.
<59 IN MX 10 freemx3.
③查新DNS版本信息
命令:dig +noall +answer txt chaos VERSION.BIND @ns3.所要查询的域名
root@yanxiao:~# dig +noall +answer txt chaos VERSION.BIND @
VERSION.BIND.0 CH TXT "  "
#注:这⾥DNS版本信息应该是在双引号下显⽰,⽽此时为空并不是因为命令有误,
#  ⽽是因为新浪将之版本信息隐藏
④DNS追踪,迭代/递归查询
命令:dig +trace 所要查询的域名
root@yanxiao:~# dig +trace +noall +
.5 IN -rvers.
.5 IN -rvers.
2017年5月13日
.5 IN -rvers.
different的用法
.5 IN -rvers.
高中一对一家教.5 IN -rvers.
.5 IN -rvers.
.5 IN -rvers.
.5 IN -rvers.
.5 IN -rvers.
.
陈冠希英文道歉5 IN -rvers.
.5 IN -rvers.
.5 IN -rvers.
.5 IN -rvers.
.5 IN RRSIG NS 80518400201907090500002019062604000025266. KzQL7eH1xUR1o5RWy/pKJAwhzZ+86CkW7uWRJo64plyhMNMo/afOnrFb 7sHf BJmkKlAAAAAFDePWxBL2zLyWaOX4Tj05yd3mbF5t3rfeP/75EIFA 5R3pqV+cxZSijW2EVrXNbL3KaNpsYH9sYujGKvYPuf/WNarUkLUx7Xn9 gcsOX3ZS6KfZ 8NIekE3+Bsuex+vnBhIlws1XlsvnUPGf/1hVXruAX2IB xlQIjT4zjLXEwuP4pgbpdRkbGlXOe7uWXtt2Ywja5+227DqrUuiA+wEF dKNFRX6T/0rZ3a/DPmKAy5d0 Xgq2obEt5M32jepblE8hWz6WnTq/5R8i m0AahA==
;; Received 525bytes from192.168.181.2#53(192.168.181.2) in 12 ms
;; Received 1196bytes from192.112.36.4#-rvers) in 93 ms
;; Received 723bytes from192.33.14.30#ld-rvers) in 24 ms
<60 IN A 66.102.251.33
;; Received 336bytes from180.149.138.199#53() in 22 ms
2.nslookup:诊断DNS基础结构
命令:nslookup -type=<;选择要查询的类型例如:a记录、ns记录、mx记录> 所要查询域名
root@yanxiao:~# nslookup -type=
Server:192.168.181.2
Address:192.168.181.2#53
Non-authoritative answer:
Name:
Address:66.102.251.33函授报名
# 注:-type=a  查询主机记录
root@yanxiao:~# nslookup -type=
Server:192.168.181.2
Address:192.168.181.2#53
# 注:-type=ns  查询域名服务器记录
Non-authoritative answer:
< namerver =
< namerver =
< namerver =
< namerver =
< namerver =
< namerver =
< namerver =
< namerver =
Authoritative answers can be found from:
# 注:-type=mx  查询邮件服务器记录
root@yanxiao:~# nslookup -type=
Server:192.168.181.2
Address:192.168.181.2#53
Non-authoritative answer:
< mail exchanger =10 freemx3.
< mail exchanger =10 freemx2.
< mail exchanger =5 freemx1.
Authoritative answers can be found from:
3.whois:注册信息查询grimes
命令:whois 所要查询的域名
root@yanxiao:~#
Domain Name: BAIDU
Registry Domain ID: 11181110_DOMAIN_COM-VRSN
Registrar WHOIS Server:
Registrar URL:
Updated Date:2019-05-09T04:30:46Z
Creation Date:1999-10-11T11:05:17Z
Registry Expiry Date:2026-10-11T11:05:17Z
Registrar: MarkMonitor Inc.
Registrar IANA ID:292
Registrar Abu Contact Email:
Registrar Abu Contact Phone:+1.2083895740
Domain Status: clientDeleteProhibited icann/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited icann/epp#clientTransferProhibited    Domain Status: clientUpdateProhibited icann/epp#clientUpdateProhibited
Domain Status: rverDeleteProhibited icann/epp#rverDeleteProhibited
Domain Status: rverTransferProhibited icann/epp#rverTransferProhibited    Domain Status: rverUpdateProhibited icann/epp#rverUpdateProhibited    Name Server: NS1.BAIDU
Name Server: NS2.BAIDU
Name Server: NS3.BAIDU
Name Server: NS3.BAIDU
Name Server: NS4.BAIDU
Name Server: NS7.BAIDU
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: www.icann/wicf/
>>> Last update of whois databa:2019-06-26T09:02:43Z <<<
For more information on Whois status codes, plea visit icann/epp
NOTICE: The expiration date displayed in this record is the date theanb
registrar's sponsorship of the domain name registration in the registry is
currently t to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Urs may consult the sponsoring registrar's Whois databa to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
kakedataba through the u of electronic process that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois databa is provided by VeriSign for
information purpos only,and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of u: You agree that you may u this Data only
for lawful purpos and that under no circumstances will you u this Data
to:(1) allow, enable,or otherwi support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile;or(2) enable high volume, automated, electronic process
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dismination or other u of this Data is expressly
prohibited without the prior written connt of VeriSign. You agree not to
u electronic process that are automated and high-volume to access or
query the Whois databa except as reasonably necessary to register
domain names or modify existing registrations. VeriSign rerves the right
to restrict your access to the Whois databa in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois databa for failure to abide by the terms of u. VeriSign
rerves the right to modify the terms at any time.
The Registry databa contains ONLY ,,.EDU domains and
Registrars.
Domain Name:
Registry Domain ID: 11181110_DOMAIN_COM-VRSN
Registrar WHOIS Server:
Registrar URL:
Updated Date:2019-05-08T20:59:33-0700
Creation Date:1999-10-11T04:05:17-0700
Registrar Registration Expiration Date:2026-10-11T00:00:00-0700
Registrar: MarkMonitor, Inc.
Registrar IANA ID:292
Registrar Abu Contact Email:
Registrar Abu Contact Phone:+1.2083895740
Domain Status: clientUpdateProhibited (www.icann/epp#clientUpdateProhibited) Domain Status: clientTransferProhibited (www.icann/epp#clientTransferProhibited) Domain Status: clientDeleteProhibited (www.icann/epp#clientDeleteProhibited) Domain Status: rverUpdateProhibited (www.icann/epp#rverUpdateProhibited) Domain Status: rverTransferProhibited (www.icann/epp#rverTransferProhibited) Domain Status: rverDeleteProhibited (www.icann/epp#rverDeleteProhibited) Registrant Organization: Beijing Baidu Netcom Science Technology Co., Ltd.
Registrant State/Province: Beijing
Registrant Country: CN
Admin Organization: Beijing Baidu Netcom Science Technology Co., Ltd.
Admin State/Province: Beijing
Admin Country: CN
Tech Organization: Beijing Baidu Netcom Science Technology Co., Ltd.

本文发布于:2023-06-17 06:45:25,感谢您对本站的认可!

本文链接:https://www.wtabcd.cn/fanwen/fan/90/147887.html

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。

标签:信息   查询   收集   域名   记录   被动
相关文章
留言与评论(共有 0 条评论)
   
验证码:
Copyright ©2019-2022 Comsenz Inc.Powered by © 专利检索| 网站地图