School No. 201 721 460 001
Chinese People's Public Security University
Chinese people’ public security university
Network Warfare Technology
experimental report
| experiment one |
| Network Reconnaissance and network scanning |
| student name |
Bai Hongyu |
| grade |
2017 |
| District Team |
Six districts Network Security |
| mentor |
Your opinion |
Institute of Technology and Information Network Security
2017 Nian 7 Yue 7 Ri
Master experimental task
2017-2018 school year, Di Yi semester
First, the purpose of the experiment
1 . Deepen and digest this course lectures, review what they have learned through the Internet search techniques, methods and techniques;
2 . Understand and are familiar with popular search engines, scan tools, social networking sites and other Internet resources, given the task of searching, correlation, analysis;
3 . The purpose of the consolidation of curriculum knowledge and practical application.
Second, the experimental requirements
1 . Carefully read the contents of each experiment, we need to capture the title, to be clear screenshots and annotate screenshots and descriptions.
2 . Documentation Requirements clear structure, graphic expression accurate labeling specifications. Reasoning was objective, reasonable and logical.
3 . Software tools can be used office2003 or 2007 , Nmap , and so on.
4 . After the experiment, to retain electronic documents.
Third, the experimental procedures
1 . ready
Experimental preparation well in advance, should learn more about the purpose of the experiment, test requirements and test content before the experiment, familiar with the software tools and ready with a good experiment, in accordance with the requirements of experimental content and experimental content ready ahead of time.
2 . lab environment
Describes the hardware and software environment used in the experiment (including a variety of software tools);
Boot and start the software office2003 or 2007 , browsers, scanning software.
3 . experiment procedure
1 ) Start the system and start-up tool environment.
2 ) realization of experimental content using software tools.
4 . experimental report
Write lab reports in accordance with the standard requirements of the test report format. The document prepared in accordance with the format template embedded test report document, the document written in accordance with the provisions of the written format, the form must be said that the graphics have a table Illustrated.
Experimental task (a)
Network Reconnaissance refers to the hackers in order to more effectively carry out attacks and all exploration activities on the target host before the attack or attack the course. Network Reconnaissance sometimes referred to as " check out the location " . Usually " Capitol " include the following: the domain name of the target host, IP address, operating system type, open ports, and which ports are running behind these kind of applications, these applications have no loopholes. So how do you collect this information? You can use technology-independent " social engineering " , the search engine as well as a scan tool.
Question one:
With Baidu or google search www.ppsuc.edu.cn all included " Network Security " pages. (Screenshot attached)
Question two:
With Baidu or google search all contain " network security " in the pdf document (attached screenshot)
11111
Question three:
Mary is a professional undergraduate pharmacy, pharmacy has been engaged in professional work, now she would like to obtain a certificate, but the registration conditions required to work for three years. So, what Mary wanted to obtain the certificate. (Please answer and attach screenshots to prove.)
Licensed pharmacist qualification certificate
Question 4:
6 Yue 28 Day is Amy's birthday, he is Chinese People's Public Security University 2008 school the following undergraduate students. In a senior this year to celebrate his birthday, he and his friends watched a birthday that day just released domestically fantasy movie together. In this movie, she played " alchemy master " role of actor once a monk, I ask what his Buddhist name was that? (Screenshot attached)
Set free
Question 5:
210.31.48.31 , which IP address belongs to which unit (attached screenshot)
Chinese People's Public Security University
Question six:
In one case, the suspect gained a MAC address: 40-16-9F-4E-7F-B4 , please check the MAC address of the corresponding vendor is (attached screenshot)
TP-LINK TECHNOLOGIES CO.,LTD.
Question seven:
In one case, the suspect gained LAC is 41064 , CID is 16811 , this person may be in any place? (Screenshot attached)
Daxing District, American sister city Needham Liaison Office in Beijing
Question eight:
Get www.zzz.gov.cn when domain name registration, the registrant's email is (attached screenshot)
Nine on:
By a person's QQ number, from the Internet to expand clues. The network nickname, MSN number and other information.
You can also choose a virtual network identity ( QQ , Mail , Tel ), virtual identity through the acquisition of other Internet search relevant information. (Please explain the reasoning process, with a search screenshot)
For example: nickname -> Mailbox -> QQ number -> telephone number, name -> Micro channel -> physical address ...................
Question 10:
Please check the machine's IP address and subnet mask, and scans all hosts on the segment of survival in LAN (Screenshot attached search)
IP:218.241.190.206
Subnet Mask : 255.255.255.0
Search Screenshot :
Question 11:
Select a survival IP addresses, scanning open ports (respectively ping scan, the SYN scan attempts), and query the corresponding common port services and operating system information.
Familiar nmap related commands (search attached screenshot)
Ping Scan:
Syn scanning :
操作系统信息:Windows Server 2008 R2 or Windows 8.1, Microsoft Windows 7 Professional or Windows 8, Microsoft Windows Embedded Standard 7, Microsoft Windows Phone 7.5 or 8.0, Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008 (Windows操作系统)
Problem 12:
Internet in the laboratory building of local area network, please scanned, the machine which opened ftp service, which the machine is turned on Remote Desktop Connection service, along with screenshots to prove.
Open the FTP service (scanning 21 ports) :
Open the Remote Desktop Connection service (scanning 3389 ports):
Problems thirteen:
For full port scan, the port scan program used
参考:
include "stdafx.h"
#include "stdafx.h"
#include "stdio.h"
#include <string.h>
#include <Winsock2.h>
#pragma comment(lib, "ws2_32.lib")
#define DEST_IP "127.0.0.1"
#define DEST_PORT 135
int main()
{
//初始化WinSock
WORD wVersionRequested = MAKEWORD(2,2);
WSADATA wsaData;
if(WSAStartup(wVersionRequested,&wsaData) != 0)
{
printf("初始化WinSock失败!\n") ;
return 0 ;
}
int sockfd,n;
struct sockaddr_in dest_addr;
sockfd = socket(AF_INET, SOCK_STREAM, 0);
dest_addr.sin_family = AF_INET;
dest_addr.sin_port = htons(DEST_PORT);
dest_addr.sin_addr.s_addr = inet_addr(DEST_IP);
//bzero(&(dest_addr.sin_zero));
n-= Connect (sockfd, (struct the sockaddr *) & dest_addr, the sizeof (struct the sockaddr));
IF (n-== -. 1) {
the printf ( " port is not open ");
} the else {
the printf ( " port open ");
}
}
Code :
#include "stdio.h"
#include <string.h>
#include <Winsock2.h>
#pragma comment(lib, "ws2_32.lib")
#define DEST_IP "192.168.31.167"
int main ()
{
// initialize WinSock
WORD wVersionRequested = MAKEWORD(2,2);
WSAData wsaData;
if(WSAStartup(wVersionRequested,&wsaData) != 0)
{
printf ( " initialize WinSock failed! \ the n-");
return 0 ;
}
int sockfd,n;
struct sockaddr_in dest_addr;
sockfd = socket (AF_INET, SOCK_STREAM, 0);
dest_addr.sin_family = AF_INET;
for (int DEST_PORT = 0; DEST_PORT <6335; DEST_PORT ++)
{
dest_addr.sin_port = HTO (DEST_PORT);
dest_addr.sin_addr.s_addr = inet_addr(DEST_IP);
n=connect(sockfd, (struct sockaddr *)&dest_addr, sizeof(struct sockaddr));
if(n==-1){
printf ( "% d port number is not turned \ n", DEST_PORT);}
else
{Printf ( " port open ");}
} return 0; }