#查看当前开放的端口
-$ netstat -pan
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 1 0 192.168.227.128:42728 192.99.200.113:80 CLOSE_WAIT -
tcp 0 0 192.168.227.128:36110 219.216.128.25:80 ESTABLISHED -
tcp6 0 0 127.0.0.1:39471 :::* LISTEN 3391/java
tcp6 0 0 127.0.0.1:8081 :::* LISTEN 3391/java
tcp6 32 0 192.168.227.128:49248 54.217.111.147:443 CLOSE_WAIT 3391/java
tcp6 0 0 192.168.227.128:49258 54.217.111.147:443 ESTABLISHED 3391/java
#显示进程和端口对应关系
─$ lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 3391 kali 38u IPv6 122685 0t0 TCP 192.168.227.128:49138->ec2-54-217-111-147.eu-west-1.compute.amazonaws.com:https (CLOSE_WAIT)
java 3391 kali 42u IPv6 26005 0t0 TCP localhost:39471 (LISTEN)
java 3391 kali 46u IPv6 28006 0t0 TCP localhost:tproxy (LISTEN)
java 3391 kali 47u IPv6 122686 0t0 TCP 192.168.227.128:49140->ec2-54-217-111-147.eu-west-1.compute.amazonaws.com:https (CLOSE_WAIT)
java 3391 kali 48u IPv6 122687 0t0 TCP 192.168.227.128:49142->ec2-54-217-111-147.eu-west-1.compute.amazonaws.com:https (CLOSE_WAIT)
java 3391 kali 49u IPv6 122688 0t0 TCP 192.168.227.128:49144->ec2-54-217-111-147.eu-west-1.compute.amazonaws.com:https (CLOSE_WAIT)
java 3391 kali 50u IPv6 122689 0t0 TCP 192.168.227.128:49146->ec2-54-217-111-147.eu-west-1.compute.amazonaws.com:https (CLOSE_WAIT)
java 3391 kali 51u IPv6 122690 0t0 TCP 192.168.227.128:49148->ec2-54-217-111-147.eu-west-1.compute.amazonaws.com:https (CLOSE_WAIT)
java 3391 kali 52u IPv6 122691 0t0 TCP 192.168.227.128:49150->ec2-54-217-111-147.eu-west-1.compute.amazonaws.com:https (CLOSE_WAIT)
#进程查看
└─$ ps -aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 164152 10536 ? Ss 09:32 0:03 /sbin/init splash
root 2 0.0 0.0 0 0 ? S 09:32 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? I< 09:32 0:00 [rcu_gp]
root 4 0.0 0.0 0 0 ? I< 09:32 0:00 [rcu_par_gp]
root 6 0.0 0.0 0 0 ? I< 09:32 0:00 [kworker/0:0H-events_highpri]
root 9 0.0 0.0 0 0 ? I< 09:32 0:00 [mm_percpu_wq]
root 10 0.0 0.0 0 0 ? S 09:32 0:00 [rcu_tasks_rude_]
root 11 0.0 0.0 0 0 ? S 09:32 0:00 [rcu_tasks_trace]
root 12 0.0 0.0 0 0 ? S 09:32 0:00 [ksoftirqd/0]
#服务信息查看
#各服务的启动脚本存放在/etc/init.d
─$ service --status-all 100 ⨯
[ - ] apache-htcacheclean
[ - ] apache2
[ - ] apparmor
[ - ] atftpd
[ - ] avahi-daemon
[ + ] binfmt-support
[ - ] bluetooth
[ - ] console-setup.sh
[ + ] cron
[ - ] cryptdisks
[ - ] cryptdisks-early
[ + ] dbus
[ - ] dns2tcp
[ + ] haveged
[ - ] hwclock.sh
[ - ] inetsim
[ - ] iodined
[ - ] ipsec
[ - ] keyboard-setup.sh
[ + ] kmod
[ + ] lightdm
#查看服务状态
─$ service ssh status
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:sshd(8)
man:sshd_config(5)
└─$ service udev status 1 ⨯
● systemd-udevd.service - Rule-based Manager for Device Events and Files
Loaded: loaded (/lib/systemd/system/systemd-udevd.service; static)
Active: active (running) since Fri 2021-12-24 17:58:29 EST; 3 months 3 days ago
TriggeredBy: ● systemd-udevd-kernel.socket
● systemd-udevd-control.socket
Docs: man:systemd-udevd.service(8)
man:udev(7)
Main PID: 395 (systemd-udevd)
Status: "Processing with 24 children at max"
Tasks: 1
Memory: 14.6M
CPU: 1.337s
CGroup: /system.slice/systemd-udevd.service
└─395 /lib/systemd/systemd-udevd
Dec 24 17:58:30 kali systemd-udevd[417]: Using default interface naming scheme 'v247'.
Dec 24 17:58:30 kali mtp-probe[502]: checking bus 1, device 2: "/sys/devices/pci0000:00/0000:00:11.0/0000:02:00.0/usb1/1-1"
Dec 24 17:58:30 kali mtp-probe[502]: bus: 1, device: 2 was not an MTP device
#开启、关闭、重启服务
service ssh start/stop/restart
#安装 sysv-rc-conf
apt-get install sysv-rc-conf
# 链接 chkconfig
cp /usr/sbin/sysv-rc-conf /usr/sbin/chkconfig
└─$ sudo chkconfig --list 13 ⨯
apache-htcac 0:off 1:off 2:off 3:off 4:off 5:off 6:off
apache2 0:off 1:off 2:off 3:off 4:off 5:off 6:off
apparmor S:on
atftpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
avahi-daemon 0:off 1:off 2:off 3:off 4:off 5:off 6:off
binfmt-suppo 2:on 3:on 4:on 5:on
bluetooth 0:off 1:off 2:off 3:off 4:off 5:off 6:off
cron 2:on 3:on 4:on 5:on
cryptdisks 0:off 6:off S:on
cryptdisks-e 0:off 6:off S:on
#查看当前运行级别
─$ who -r
run-level 5 2021-12-24 17:58
#对当关运行级别服务默认进行开关
sysv-rc-conf [ --level levels ] service <on|off>
#查看进程
└─$ pstree 1 ⨯
systemd─┬─ModemManager───2*[{ModemManager}]
├─NetworkManager───2*[{NetworkManager}]
├─agetty
├─blueman-tray───2*[{blueman-tray}]
├─colord───2*[{colord}]
├─cron
├─dbus-daemon
├─haveged
├─lightdm─┬─Xorg───{Xorg}
│ ├─lightdm─┬─xfce4-session─┬─Thunar───2*[{Thunar}]
│ │ │ ├─agent───2*[{agent}]
│ │ │ ├─blueman-applet───3*[{blueman-applet}]
│ │ │ ├─light-locker───3*[{light-locker}]
│ │ │ ├─nm-applet───3*[{nm-applet}]
│ │ │ ├─polkit-gnome-au───2*[{polkit-gnome-au}]
│ │ │ ├─ssh-agent
│ │ │ ├─xfce4-panel─┬─panel-1-whisker─┬─sh───burpsuite───java───55*[{java}]
│ │ │ │ │ └─2*[{panel-1-whisker}]
│ │ │ │ ├─panel-16-systra───2*[{panel-16-systra}]
│ │ │ │ ├─panel-17-pulsea───2*[{panel-17-pulsea}]
│ │ │ │ ├─panel-18-notifi───2*[{panel-18-notifi}]
│ │ │ │ ├─panel-19-power-───2*[{panel-19-power-}]
│ │ │ │ ├─panel-21-action───2*[{panel-21-action}]
│ │ │ │ └─2*[{xfce4-panel}]
│ │ │ ├─xfce4-power-man───2*[{xfce4-power-man}]
│ │ │ ├─xfdesktop───2*[{xfdesktop}]
│ │ │ ├─xfsettingsd───2*[{xfsettingsd}]
│ │ │ ├─xfwm4───2*[{xfwm4}]
│ │ │ ├─xiccd───2*[{xiccd}]
│ │ │ └─2*[{xfce4-session}]
│ │ └─2*[{lightdm}]
│ └─2*[{lightdm}]
├─polkitd───2*[{polkitd}]
└─$ ps ux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
kali 838 0.0 0.1 15476 9200 ? Ss 09:32 0:00 /lib/systemd/systemd --user
kali 839 0.0 0.0 101416 2784 ? S 09:32 0:00 (sd-pam)
kali 858 0.0 0.0 36568 6468 ? S<sl 09:32 0:00 /usr/bin/pipewire
kali 859 0.0 0.0 23228 7392 ? S<sl 09:32 0:01 /usr/bin/pipewire-media-session
kali 860 0.0 0.1 426908 10668 ? S<sl 09:32 0:00 /usr/bin/pulseaudio --daemonize=no --log-target=journal
kali 866 0.0 0.2 271060 23748 ? Ssl 09:32 0:00 xfce4-session
kali 869 0.0 0.0 8712 5196 ? Ss 09:32 0:14 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
kali 917 0.0 0.0 6008 472 ? Ss 09:32 0:00 /usr/bin/ssh-agent x-session-manager
kali 927 0.0 0.1 311808 9640 ? Ssl 09:32 0:00 /usr/libexec/at-spi-bus-launcher
kali 932 0.0 0.0 8212 4512 ? S 09:32 0:00 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3
kali 936 0.0 0.0 231384 6196 ? Sl 09:32 0:00 /usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
kali 941 0.0 0.1 167144 8068 ? Sl 09:32 0:01 /usr/libexec/at-spi2-registryd --use-gnome-session
kali 952 0.0 0.0 81076 3388 ? SLs 09:32 0:00 /usr/bin/gpg-agent --supervised
kali 954 0.4 0.9 402604 79780 ? Sl 09:32 3:09 xfwm4
kali 957 0.0 0.1 238300 8176 ? Ssl 09:32 0:00 /usr/libexec/gvfsd
kali 963 0.0 0.3 231300 25868 ? Sl 09:32 0:01 xfsettingsd
kali 971 0.0 0.5 327976 44964 ? Sl 09:32 0:08 xfce4-panel
kali 975 0.0 0.6 416336 54440 ? Rl 09:32 0:06 Thunar --daemon
#弱口令审计
john
Hydra | login -P /tmp/passlist 192.168.0.1 ftp
#login为要破解的用户名,passlist为密码字典库
#后门检测
chkrootkit
Rootkit Hunter
Linux指令
©著作权归作者所有,转载或内容合作请联系作者
- 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
- 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
- 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
推荐阅读更多精彩内容
- 问题背景 有时候会操作linux指令读取或修改文件,封装一个常用的Linux工具类比较方便 LinuxUtils工...
- 1、先看如下指令: cnpm i webpack -g 解释: cnpm 代表是cnpm指令,从淘宝镜像来的 i ...
