- Mastering Kali Linux for Advanced Penetration Testing(Second Edition)
- Vijay Kumar Velu
- 203字
- 2021-07-02 21:04:22
Live host discovery
The first step is to run network ping sweeps against a target address space and look for responses that indicate that a particular target is live and capable of responding. Historically, pinging is referred to as the use of ICMP; however, TCP, UDP, ICMP, and ARP traffic can also be used to identify live hosts.
Various scanners can be run from remote locations across the internet to identify live hosts. Although the primary scanner is nmap, Kali provides several other applications that are also useful, as shown in the following table:
To penetration testers or attackers, the data returned from live host discovery will identify the targets for attack.
Run multiple host discovery scans while conducting a penetration test. Certain devices may be time-dependent. During one penetration test, it was discovered that the system administrator set up a game server after regular business hours. Because it was not an approved business system, the administrator did not follow the normal process for securing the server; multiple vulnerable services were present, and it had not received necessary security patches. Testers were able to compromise the game server and gain access to the underlying corporate network using vulnerabilities in the administrator's game server.
推薦閱讀
- Unity 2020 By Example
- Django+Vue.js商城項目實戰
- 深入理解Android(卷I)
- JavaScript全程指南
- 造個小程序:與微信一起干件正經事兒
- AWS Serverless架構:使用AWS從傳統部署方式向Serverless架構遷移
- 算法精粹:經典計算機科學問題的Java實現
- NativeScript for Angular Mobile Development
- Learning Salesforce Einstein
- Java:High-Performance Apps with Java 9
- Mastering Android Game Development
- Procedural Content Generation for C++ Game Development
- HTML+CSS+JavaScript網頁制作:從入門到精通(第4版)
- ASP.NET開發寶典
- 基于MATLAB的控制系統仿真及應用