Network相关工具和命令（Netcat 等）

[WDavid404]

查看本地ip

hostname -I

检测开放的ports

https://www.cyberciti.biz/faq/how-to-check-open-ports-in-linux-using-the-cli/#:~:text=Open%20a%20Linux%20terminal%20application,ports%20on%20Linux%20based%20system.

在Mac PC的terminal上检测opening的ports

• sudo lsof -i -P -n | grep LISTEN (在Mac上可用)
• sudo nmap -sT -O localhost

  Linux OS:

• sudo lsof -i -P -n | grep LISTEN (必须有sudo，否则返回为空)
• netstat -tnlp|grep LISTEN --color=auto
• sudo netstat -tulpn | grep LISTEN (u: all UDP ports, t: all TCP ports)
• sudo nmap -sT -O localhost

[WDavid404]

Proxy

squid

https://genchan.net/it/virtualization/docker/11334/

把squid.conf下载下来，然后在跟他同一个目录下执行下面的docker命令就可以在3128端口起一个proxy docker run -d --restart=always --name squid-container -v ./squid.conf:/etc/squid/squid.conf -e TZ=UTC -p 3128:3128 ubuntu/squid:5.2-22.04_beta

测试： curl --proxy http://localhost:3128 https://www.google.com/

查看log docker exec -it squid-container /bin/bash 然后输入 cat /var/log/squid/access.log

[WDavid404]

建立DNS

systemd-resolve --interface breachad --set-dns $THMDCIP --set-domain za.tryhackme.com You can test that DNS is working by running: nslookup thmdc.za.tryhackme.com

[WDavid404]

netcat

netstat -a: shows all listening ports and established connections.
netstat -at or netstat -au : list TCP or UDP protocols respectively.
netstat -l: list ports in “listening” mode
netstat -s: list network usage statistics by protocol (below) This can also be used with the -t or -u options to limit the output to a specific protocol.
netstat -tp: list connections with the service name and PID information.
netstat -tlp:   list listening ports 
netstat -i: Shows interface statistics.
netstat -ano which could be broken down as follows; -a: Display all sockets. -n: Do not resolve names. -o: Display timers

https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/

Netcat Bind Shell

Netcat Reverse Shells

[WDavid404]

Network enumuration

netstat -na: arp -a : list the ARP table

[WDavid404]

Find port for a specific service (e.g. THM service)

1. net start|findstr THM
2.  查找其path名称

   PS C:\Users\kkidd> wmic service where "name like 'THM Service'" get Name,PathName
   Name         PathName
   THM Service  c:\Windows\thm-service.exe

3. 根据path名称查找PID

   
   PS C:\Users\kkidd> Get-Process -Name thm-service

Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName

---

 78       9    12660       5688              2728   0 thm-service

4.在netstat里利用PID，查找port信息

PS C:\Users\kkidd> netstat -noa|findstr "2728" TCP 0.0.0.0:13337 0.0.0.0:0 LISTENING 2728 TCP [::]:13337 [::]:0 LISTENING 2728 UDP [::]:52728 : 2720