20155330 "Network Confrontation" Exp6 Information Collection and Vulnerability Scanning

Others 2022-04-22 23:13:15 views: 0

20155330 "Network Confrontation" Exp6 Information Collection and Vulnerability Scanning

basic question answer

  • Which organizations are responsible for DNS, IP management?

    The Internet Corporation for Assigne-Names an-Numbers (ICANN) has the functions of domain name system management, IP address allocation, protocol parameter configuration, and main server system management.

    Responsible for coordinating the technical elements of DNS to ensure universal resolvability so that all Internet users can find valid addresses.

    Three supporting organizations are established:
    • Address Supporting Organization (ASO): Responsible for the management of the IP address system.
    • Domain Name Supporting Organization (DNSO): Responsible for the management of the Domain Name System (DNS) on the Internet.
    • Protocol Supporting Organization (PSO): Responsible for the assignment of unique parameters involving Internet protocols.

  • What is 3R information?

    Registrant, Registrar, Official Registry.

    Practical content

    Information collection

    whois query

  • Take Baidu website as an example, use the whoisquery domain name registration information to get the 3R registration information (including the registrant's name, organization, city, etc.):

    dig/nslookup query

    you

  • First, take Baidu as an example to digquery to get the IP address corresponding to the URL:

  • Use the shodan search engine to query and get some registration information:

  • Geolocation query using IP2Location :

  • IP anti-domain name query through shodan :

    nslookup

  • Unlike dig, nslookup can get the buffer results saved by the DNS resolution server, but not necessarily accurate, while dig can query the exact results from the official DNS server:

    tracert route detection

  • Use the traceroutecommand to detect the route that Baidu passes through

  • Due to hardware reasons, the virtual machine can only use NAT to connect to the network, and the TTL exceeded message returned by traceroute cannot be mapped to the source IP address, source port, destination IP address, destination port, and protocol, so the message cannot be routed back to the host.

  • tracertUse the command to re-detect under Windows, query the location of the route through the ip query tool on the Internet , and analyze the route taken by the data packet:


    search engine query technology

  • 信息搜集Use search engines such as Baidu to query information, and search for relevant doc documents on the site scope of edu.cn :

    netdiscover

  • netdiscoverDirectly perform host detection on the private network segment by executing the command:

    nmap scan

  • nmap –snScan for active hosts with the command:

  • Use the TCP SYN method to scan the target host 192.168.1.129. You can see that the host has 988 closed ports in the default 1000 TCP ports scanned. The list shows the open 2 TCP ports:

  • Scan port information using UDP protocol:

  • Scan the operating system and you can see that the operating system used by the target host is Linux:

  • Scan the version information of the specific service of the target machine:

smb service enumeration

  • Use the msfconsolecommand to enter msf, and then enter search _versionthe command to query the available enumeration auxiliary modules:

  • Enter the use auxiliary/scanner/smb/smb_versioncommand to use the auxiliary module to view the parameters that need to be configured:

  • After configuring the RHOSTS parameters, use the exploit command to start scanning, and you can find the smb version information of the target host:

    Vulnerability Scan

  • First enter the command to openvas-check-setupcheck the installation status and prompt an error:

  • Run the command according to the error message to fix it until the security status shows normal:


  • Use the command to openvasmd --user=admin --new-password=20155330add the admin user, and then enter to openvas-startopen openvas:

  • To access in the browser, you https://127.0.0.1:9392/need to click Advancedto add trust to the webpage to enter. Enter the username and password you just set to log in:


  • View the scanned hosts in the Task list:

  • Select the first host whose IP is 192.168.211.133, click done to view the vulnerability level and quantity, and you can see that there are 4 high-risk vulnerabilities and 5 medium-level vulnerabilities:

  • Click on one of the vulnerabilities to view it. The vulnerability is a high-severity MS10-012 vulnerability on port 445 that could allow remote code execution if an attacker has created a specially crafted SMB packet and sent the packet to an affected system. The solution is to do a patch on Windows Update or download and update the patch.

    Experiment summary and experience

    Through this experiment, I have a certain understanding of the information collection method of the Linux operating system.

At the same time, the protection of personal information from this experiment has generated a wake-up call. In addition to not releasing personal information freely on the Internet, some official websites should also strengthen the privacy protection of website user information.

In addition, from the vulnerability inspection results of the operating system, we can also know that the operating system should be updated in time to prevent attackers from attacking their own machines through vulnerabilities, resulting in information leakage or more serious accidents. .

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325317271&siteId=291194637
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com