VMware, nmap, burpsuite installation tutorial

VMware BurpSuite

VMware, BurpSuite cracked version download address:

http://xiazai.jb51.net/202109/yuanma/vmware-workstation_jb51.rar

VMware, BurpSuite activation code:

F71R-DMX85-08DQY-8YMNC-PPHV8 activation code can be activated directly

1. Virtual machine image and VMware installation and use

• A virtual machine is a technology that simulates the computer software and hardware environment through software.
• VMware Workstation is a widely used virtual machine software.

2. Installation and use of nmap in virtual machines

Port scanning can not only be used by hackers, but it is also an essential tool for network security workers. By scanning ports, they can understand the vulnerabilities in the website and the openness of the ports, which makes an indispensable contribution to the security of the website. Currently, the main port scanning tools on the market are X_Scan, SuperScan, and nmap, among which nmap is the main one recommended here.

1.nmap contains four basic functions:

Host Discovery Port Scanning Version Detection Operating System Detection

2. nmap command usage:

# nmap [scan type] [options] {target description}

3. Common options of nmap:

Scan Option Name Function
-g specifies the source port to send packets using a specific source port –spoofmac Mac spoofing creates a fake mac and randomizes the mac address
-S source IP address forge source IP, or specify source IP
-e Select network port Select the network port to send and receive data
-F Fast scan The default scan in the nmp-services file is reduced to 100 ports
-p determines the port range and selects the scan port
-N NDS resolution performs a reverse lookup
-R reverse lookup Force reverse lookup
-A Aggressive mode enables many scanning options, such as version scanning and script scanning (use with caution)

4. Common scan types of nmap

Scan Type Name Function
-sA ACK scan checks if the port is open, which can be used to detect firewalls
-sP Ping scan to quickly discover the network
-sR PRC scans and locates PRC, and records the successfully scanned machines
-sS TCP SYN scan fast and stealthy scan, half-open scan
-sU UDP scan to determine if a specific UDP port is open
-sX XMAS scans stealth scans and scans firewalls with specific configurations
-sL lists the scan objects and lists the IPs to be scanned. Use the -n option to ensure that no data packets are sent to the network.
-sO IP protocol scan to find hosts using the IP protocol
-sM FIN/ACK Stealth scanning, suitable for Unix systems. Find RST packets
-sI Idle scan zombie host scan, very hidden

5. Output Format

Output format name function
-oA All searchable, regular and XML files
-oG Searchable searchable format
-oX XML XML format
-oN Normal format, suitable for human reading

3. Java environment configuration and burpsuite installation and use

Burp Suite is an integrated platform for attacking web applications. It is mainly used for security penetration testing. The tools in it:
1. Target - a function that displays the target directory structure
2.Proxy - is a proxy server that intercepts HTTP/S (packet capture), acting as a middleman between the browser and the target application, allowing you to intercept, view, and modify the original data flow in both directions.
3. Spider – is a web crawler with intelligent sensing that can fully enumerate the content and functionality of an application.
4. Scanner [Professional Edition only] - is an advanced tool that automatically finds security vulnerabilities in web applications when executed.
5. Intruder – is a custom, highly configurable tool that performs automated attacks on web applications, such as enumerating identifiers, collecting useful data, and detecting common vulnerabilities using fuzzing techniques.
6.Repeater - is a tool that manually resends individual HTTP requests and analyzes application responses.
7. Sequencer (Session) – is a tool for analyzing the randomness of unpredictable application session tokens and important data items.
8.Decoder – is a tool that performs manual or intelligent decoding of application data.
9. Comparer - is a practical tool that usually obtains a visual "difference" of two data through some related requests and responses.
10.Extender (Extension) - allows you to load Burp Suite extensions and use your own or third-party code to extend the functionality of Burp Suit.
11.Options (settings) - some settings for Burp Suite
Packet capture process:
1. First, you need to open the IE browser, find "Tools" and click Internet Options, set the browser proxy address to 127.0.0.1 and port 8080
2. Then open burpsuite and make sure the proxy address is consistent with the browser.
3. Then open the browser, and you will see that all the web browsing records you opened have passed through burpsuite.
4. When Intercept is on, it means that the interception function has been enabled.
5. In the place where you can enter data on the website, such as search, enter "2015", turn on the burpsuite interception function, you can see that it is a post request, and the last part is the submitted data.
6. Right-click and select send to repeater or use the shortcut key ctrl+r to move the intercepted data packet to the repeater item, modify the data directly, click go to submit, and the data responded back will be the modified page and information.

3. CTF Practice

1. Read the source code

You can right-click -> [View Page Source], or press F12 in Firefox and Google Chrome. Pressing F12 can modify the HTML source code to facilitate constructing some value submissions, but if you don't need it, it is more intuitive to directly right-click to view the source code. It is very convenient to view comments in the web page.

2. Packet capture

The packet capture I have come into contact with these days is generally done with burpsuite. If you want to try multiple times, you can right-click -> [send to Repeater]. This is a function of burpsuite that I often use.

3. Use nmap to penetrate and scan

You can use the nmap command to scan

This is the end of this article about the installation and use tutorials of VMware, nmap, and burpsuite. For more relevant VMware burpsuite installation and cracking content, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!