###FTP协议:
下载: apt install ftp -y
使用:ftp -h:
ftp -h
Usage: { ftp | pftp }[-46pinegvtd] [ hostname]
-4: use IPv4 addresses only
-6: use IPv6,nothing else
-p: enable passive mode ( default for pftp) -i: turn off prompting during mget
-n: inhibit auto-login
-e: disable readline support,if present-g: disable filename globbing
-v: verbose mode
-t: enable packet tracing [nonfunctional] -d: enable debugging
连接:ftp {target_ip}
运行FTP服务的典型错误配置允许匿名帐户像任何其他经过身份验证的用户一样访问该服务。anonymous户名可以在提示符出现时输入,以任何密码作为后缀,因为服务将忽略此特定帐户的密码。
连接后使用help可以查看可用的命令,用get下载目标文件
###SMB协议:
SMB是Server Message Block的缩写,是一种用于在计算机之间共享文件、打印机和其他资源的协议。SMB协议最初是由IBM开发的,现在由微软维护。SMB协议可以运行在TCP/IP协议上,并支持文件和打印机的共享。在计算机网络中,SMB协议通常用于在不同操作系统之间进行文件共享,如Windows、Linux和Mac OS等。
下载客户端:
apt-get install smbclient
尝试查看可用的域名:
[-L|--list=HOST] : Selecting the targeted host for the connection request.
其中:
- ADMIN$ - Administrative shares are hidden network shares created by the Windows NT family of operating systems that allow system administrators to have remote access to every disk volume on a network-connected system. These shares may not be permanently deleted but may be disabled.
- C$ - Administrative share for the C:\ disk volume. This is where the operating system is hosted.
- IPC$ - The inter-process communication share. Used for inter-process communication via named pipes and is not part of the file system.
- WorkShares - Custom share.
连接:
smbclient \\\\ {target_ip}\\{target_host}
smbsilent是一个工具,用于枚举 SMB 服务器共享和共享内的文件夹,其中:
-N表示进行无认证的 SMB 网络浏览-L表示执行网络浏览(查看可用共享)而
\\\\{ip}\\则是需要执行网络浏览的目标主机地址,其中ip是目标主机的 IP 地址。该命令用于枚举指定主机上的 SMB 共享。
关于这些\
在Windows系统的命令行中,反斜杠
\被用作转义字符,所以要在命令中输入反斜杠本身,需要使用两个反斜杠\\来转义。在这个命令中,输入的\\表示一个反斜杠字符。因此\\\\表示两个反斜杠字符,后面紧接着的{ip}是要替换成目标主机的 IP 地址。
连接后的一些操作:
ls : listing contents of the directories within the share
cd : changing current directories within the share
get : downloading the contents of the directories within the share
exit : exiting the smb shell
Redis:
Redis是一个开源的内存数据存储系统,也被称为数据结构服务器。它支持各种数据结构,如字符串、哈希表、列表、集合等,并提供了广泛的客户端支持,可用于多种编程语言。Redis可以用作数据库、缓存、消息代理和排行榜等应用。它以速度和灵活性著称,并具有很高的可用性和可扩展性。Redis也支持数据持久化,可以将数据写入磁盘以便于重启后恢复数据。
下载 redis-cli:
sudo apt install redis-tools
用法:
redis-cli –help
Usage: redis-cli [OPTIONS] [cmd [arg [arg …]]]
-h Server hostname (default: 127.0.0.1).
-p Server port (default: 6379).
-s Server socket (overrides hostname and port).
-a Password to use when connecting to the server.
-r Execute specified command N times.
-i When -r is used, waits seconds per command.
It is possible to specify sub-second times like -i 0.1.
-n Database number.
-x Read last argument from STDIN.
-d Multi-bulk delimiter in for raw formatting (default: \n).
-c Enable cluster mode (follow -ASK and -MOVED redirections).
–raw Use raw formatting for replies (default when STDOUT is
not a tty).
–no-raw Force formatted output even when STDOUT is not a tty.
–csv Output in CSV format.
–stat Print rolling stats about server: mem, clients, …
In our case, we will only need to use the following switch for specifying the host that we need to connect to :
Let us connect to the redis server using the following command :
Upon a successful connection with the Redis server, we should be able to see a prompt in the terminal as
shown in the image above.
One of the basic Redis enumeration commands is info which returns information and statistics about the
Redis server. Since the output of this command is pretty long, I have snipped out the less-relevant
information :
–latency Enter a special mode continuously sampling latency.
–latency-history Like –latency but tracking latency changes over time.
Default time interval is 15 sec. Change it using -i.
–latency-dist Shows latency as a spectrum, requires xterm 256 colors.
Default time interval is 1 sec. Change it using -i.
–lru-test Simulate a cache workload with an 80-20 distribution.
–slave Simulate a slave showing commands received from the master.
–rdb Transfer an RDB dump from remote server to local file.
–pipe Transfer raw Redis protocol from stdin to server.
–pipe-timeout In –pipe mode, abort with error if after sending all data.
no reply is received within seconds.
Default timeout: 30. Use 0 to wait forever.
–bigkeys Sample Redis keys looking for big keys.
–scan List all keys using the SCAN command.
–pattern Useful with –scan to specify a SCAN pattern.
–intrinsic-latency Run a test to measure intrinsic system latency.
The test will run for the specified amount of seconds.
–eval Send an EVAL command using the Lua script at .
–help Output this help and exit.
–version Output version and exit.
连接:redis-cli -h {target_ip}
登录后的一些操作:
info:查看当前信息,在keysapce中可以看到存在的数据库及其索引
select {index}:输入要选择进入的数据库索引号
keys *:列出数据库中的所有键
get <key> : 获取键对应的值