Penetration in the end we should scan what is useful information-vulnerability warning-the black bar safety net

ID MYHACK58:62200925339
Type myhack58
Reporter 佚名
Modified 2009-11-20T00:00:00


"T. S. T"the Information Security Team'blog

If the penetration we need to scan what information? Then the statement could be more, but the routine will scan the following information:

  1. The target on the network host IP address

  2. The host system can access the UDP or TCP port

  3. On the target systemOStype

Then as a professional penetration people will get what kind of information?

We previously described on the host reconnaissance is the permeability of the first part, also very important a portion, then we look at specific how to differentiate this!

The most easy to obtain of course is to take the initiative to obtain, such as: port scan, DNS query, zone transfer, PING scan, trace route, OS fingerprint detection, etc., these may be used by nmap to be achieved, but also by some of the offers related to the online service site to operate, but the Online website, the confidentiality of comparison is not very safe, or more to find a few turns to use the better

The second is the passive of the query, it says here that the passive is said from the open information in the collected information, such as conference system, web site, business partners, social engineering and other aspects to carry out information collection

So that we can get to a lot of information, but these information we also need for next to filter, and developed a perfect to obtain access to a program step, so that a more advantageous use us to carry out penetration work.