1. Experimental project name

Post-infiltration log analysis experiment

2. The purpose of the experiment

1. Master the method of port forwarding by meterpreter

2. Master the analysis methods of website logs

3. Experimental content

Forward the port of the ssh service of the target website server to the local port, log in by connecting to the local port, and analyze the website log of the target website server.

4. Experimental environment

1. Experimental platform: CSIITR platform

2. Experiment target: 172.18.206.15 X

3. Tools：kali、metasploit framework

5. Experimental steps

1. Exit the shell session in MSF and return to the meterpreter session and set up port forwarding

2. Open a new terminal and connect to the local port 8022 through ssh , check the authority, the authority is successfully elevated, and the root authority is obtained.

3. After obtaining root authority, search for log files inside the system , and seek for a breakthrough in the intranet

6. Experimental results

1. Storage path of website logs (absolute path): /var/log/httpd

2. The authority of the user logged in by ssh is (the result of executing the id): uid=0(firefart) gid=0(root) groups=0(root)

7. Experimental summary

1. What is the principle of port forwarding?

Port forwarding is a method used by SSH for secure communication over the network. SSH can use port forwarding technology to transmit packets of other TCP/IP protocols . When using this method, SSH establishes a secure transmission channel between the client and server for other services. Port forwarding works by mapping the client port to the server port. SSH can map all server ports to local ports, but root user authority is required to set ports below 1024.

2. Why is port forwarding required in this experiment?

You need to use port forwarding to forward the internal network address to the external network address before you can do log analysis.

Post-infiltration log analysis experiment