June 2020
Intermediate to advanced
423 pages
7h 58m
Chinese
Content preview from Kali Linux学习手册
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
160
|
第
4
章
审查设备
我们要做的第一件事是使用工具对网络上的思科设备进行一些基本的审查。
思科审核工具(
Cisco Auditing Tool
,
CAT
)用于尝试登录你提供的设备。它
提供了一个单词列表来尝试登录。使用此工具的缺点是它使用
Telenet
协议尝
试连接,而不是
SSH
,这在安全性较高的网络上更常见。
Telent
上的任何管
理都可以被截获并以纯文本的形式读取,因为它就是以这种格式传输的。由
于网络设备的管理会涉及密码,因此使用
SSH
加密协议进行管理更为常见。
CAT
还可以使用简单网络管理协议(
Simple Network Management Protocol
,
SNMP
)访问系统。
CAT
使用的
SNMP
协议版本已经过时。这并不是说某些
设备不会使用过时的
SNMP
协议版本。
SNMP
可以用于收集配置和系统状态
的相关信息。旧版本的
SNMP
采用共享字符串进行身份验证,并且是以明文
的方式提供,因为第一版的
SNMP
协议并没有采用加密。
CAT
使用潜在的共
享字符串的单词列表,不过只读共享字符串是公开的,而可读写共享字符串
长期是私有的。在许多情况下,它们是默认值,除非系统的配置发生变化,
否则这就是你需要提供的配置。
CAT
程序简单易用。它是一个
Perl
脚本,可以调用
SNMP
和暴力破解的各种
模块。如前所述,它需要你提供主机。你可以提供单个主机或包含主机列表
的文本文件。示例
4-6
展示了
CAT
的辅助输出以及如何使用它检测思科设备。
示例
4-6
:
CAT
输出结果
root@rosebud:~# CAT
Cisco Auditing ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.