Exp6 Information Collection and Vulnerability Scanning
1. Query of DNS IP registration information
1. When performing whois query, remove the prefixes such as www, ftp, etc., otherwise it may not be queried in the whois server;
2. Use whois to query the geographic location of the IP;
2. Host detection and port scanning
1. Scan the active hosts in the LAN
2. Use the command to view the operating system of the host
3. Find a Windows system host
4. Scan to see if there is MS17_010 used in the last experiment, unfortunately there is no;
5. Check the smb version, and do not see the smb version, but see a very accurate and detailed operating system version
3. Find specific service vulnerabilities
1. Use nmap --script=vuln 172.16.167.207 to scan and find nothing of value;
4. Use the traceroute command for route detection, it will warn us: www.baidu.com has multiple addresses; use 61.135.169121
TraceRouter to www.a.shifen.com (61.135.169121), max 64 hops, 52 bytes packet
1. Openvas Vulnerability Scan
1. There is not enough free space on /var/cache/apt/archives/,
Solution: Use the command: sudo apt-get clean , then sudo apt-get update,
2. After the installation is complete, create a new task;
3. Start the scan (I don't know why my scan took most of the day, it's terrible, if you scan other people's computers, they would have left long ago);
4. At the end of the scan, open a view buffer overflow
5. Check another option with a high severity level;
The impact of an attack can be seen, and a successful development would allow a remote attacker to execute arbitrary code or cause a denial of service condition. Impact level: system/application;