20155334 Exp6 Information Collection and Vulnerability Scanning

20155334 Exp6 Information Collection and Vulnerability Scanning

1. Answers to experimental questions

1. Which organizations are responsible for DNS, IP management?
   A: The Internet Corporation for Assigned Names and Numbers ICANN, which determines the assignment of domain names and IP addresses. Responsible for coordinating the technical elements of DNS to ensure universal resolvability so that all Internet users can find valid addresses. There are three support organizations under it, among which the address support organization ASOis responsible for the management of the IP address system; the domain name support organization DNSOis responsible for the management of the domain name system on the Internet. ICANNIt is a non-profit organization established to undertake the functions of domain name system management, IP address allocation, protocol parameter configuration, and main server system management.

2. What is 3R information?
   Answer: The 3Rs refer to: registrant Registrant, registrar Registrar, official registryRegistry

2. Experimental summary and experience

Third, the practice process record

1. Information collection

1. whois
   can use whois to query the domain name registration information of the website. Here is my favorite Qin Shimingyue website for testing: directly enter: whois qinsmoon.com, the following is the query result:
   

2. nslookup, dig domain name query, take qinsmoon.comas an example to experiment:
   1. nslookup
      
   2. you
      
3. IP2Location Geolocation Query
   Log in to www.maxmind.com to query the geographic location by IP:
   
4. You can also look up IP addresses on this website
   
   . Well, it's actually in Beihai.

5. IP2 anti-domain name query
   In the shodan search engine, anti-domain name query can be performed. This shodan is not particularly familiar with, but after all, we have to do an experiment, so we have to check it. The result is a bit scary:
   

6. Tracert Routing Probe
   Enter on Windows and kali respectively:Tracert 地址
   
   

7. Detect specific types of files
   Some websites will link sensitive files such as address books, orders, etc., which can be searched in a targeted manner, such as inputting on Baidufiletype:xls 统计表 site:edu.cn
   
   

8. Use of nmap
   1. Exploring active hosts
      Enter the kali command line to nmap -sn 192.168.1.*scan the entire network segment and get:
      
   2. Use nmap -O 192.168.1.100to get information such as the operating system of the target machine:
      
   3. Use the nmap -sS -Pn 192.168.1.100command to do a TCP SYN scan, where -sS is the TCP SYN scan and -Pn is before the scan:
      
   4. Use the nmap -sV -Pn 192.168.1.100command , where -sV is used to view the detailed service information of the target machine:
      
9. Network service scan
   1. Telnet service scan
      
   2. SSH service scan
      
   3. Oracle Database Service Enumeration
      
   4. Password guessing and sniffing
      use auxiliary/scanner/ssh/ssh_loginEnter the ssh_login module
      set RHOSTS 192.168.1.0/24Set the target IP or IP segment
      set USERNAME rootSet the administrator account of the target system
      set PASS_FILE /root/password.txtSet the cracked dictionary
      set THREADS 200Improve query speed
      

2. Vulnerability Scanning

1. Check the installation status, open the VAS, use openvas-check-setupit, and the result is an error:
   

2. Follow FIX's guidance, step by step:

   openvasmd --migrate
   openvas-manage-certs -a
   openvas-manage-certs -a -f
   openvasmd
   openvas-check-setup

   Repair done: