201721440042
Chinese People's Public Security University
Chinese people’ public security university
Network Warfare Technology
experimental report
experiment one |
Network Reconnaissance and network scanning |
student name |
Liu Xin of |
grade |
2017 |
District Team |
Four districts |
mentor |
Your opinion |
Institute of Technology and Information Network Security
2017 Nian 7 Yue 7 Ri
Master experimental task
2017-2018 school year, Di Yi semester
First, the purpose of the experiment
1 . Deepen and digest this course lectures, review what they have learned through the Internet search techniques, methods and techniques;
2 . Understand and are familiar with popular search engines, scan tools, social networking sites and other Internet resources, given the task of searching, correlation, analysis;
3 . The purpose of the consolidation of curriculum knowledge and practical application.
Second, the experimental requirements
1 . Carefully read the contents of each experiment, we need to capture the title, to be clear screenshots and annotate screenshots and descriptions.
2 . Documentation Requirements clear structure, graphic expression accurate labeling specifications. Reasoning was objective, reasonable and logical.
3 . Software tools can be used office2003 or 2007 , Nmap , and so on.
4 . After the experiment, to retain electronic documents.
Third, the experimental procedures
1 . ready
Experimental preparation well in advance, should learn more about the purpose of the experiment, test requirements and test content before the experiment, familiar with the software tools and ready with a good experiment, in accordance with the requirements of experimental content and experimental content ready ahead of time.
2 . lab environment
Describes the hardware and software environment used in the experiment (including a variety of software tools);
Boot and start the software office2003 or 2007 , browsers, scanning software.
3 . experiment procedure
1 ) Start the system and start-up tool environment.
2 ) realization of experimental content using software tools.
4 . experimental report
Write lab reports in accordance with the standard requirements of the test report format. The document prepared in accordance with the format template embedded test report document, the document written in accordance with the provisions of the written format, the form must be said that the graphics have a table Illustrated.
Experimental task (a)
Network Reconnaissance refers to the hackers in order to more effectively carry out attacks and all exploration activities on the target host before the attack or attack the course. Network Reconnaissance sometimes referred to as " check out the location " . Usually " Capitol " include the following: the domain name of the target host, IP address, operating system type, open ports, and which ports are running behind these kind of applications, these applications have no loopholes. So how do you collect this information? You can use technology-independent " social engineering " , the search engine as well as a scan tool.
Question one:
With Baidu or google search www.ppsuc.edu.cn all included " Network Security " pages. (Screenshot attached)
Question two:
With Baidu or google search all contain " network security " in the pdf document (attached screenshot)
Question three:
Mary is a professional undergraduate pharmacy, pharmacy has been engaged in professional work, now she would like to obtain a certificate, but the registration conditions required to work for three years. So, what Mary wanted to obtain the certificate. (Please answer and attach screenshots to prove.)
Licensed pharmacist qualification certificate
Question 4:
6 Yue 28 Day is Amy's birthday, he is Chinese People's Public Security University 2008 school the following undergraduate students. In a senior this year to celebrate his birthday, he and his friends watched a birthday that day just released domestically fantasy movie together. In this movie, she played " alchemy master " role of actor once a monk, I ask what his Buddhist name was that? (Screenshot attached)
Question 5:
210.31.48.31 , which IP address belongs to which unit (attached screenshot)
Beijing Xicheng District Chinese People's Public Security University Education Network
Question six:
In one case, the suspect gained a MAC address: 40-16-9F-4E-7F-B4 , please check the MAC address of the corresponding vendor is (attached screenshot)
TP-LINK TECHNOLOGIES CO.,LTD.
Question seven:
In one case, the suspect gained LAC is 41064 , CID is 16811 , this person may be in any place? (Screenshot attached)
Beijing Daxing District realistic road
Question eight:
Get www.zzz.gov.cn when domain name registration, the registrant's email is (attached screenshot)
Nine on:
By a person's QQ number, from the Internet to expand clues. The network nickname, MSN number and other information.
You can also choose a virtual network identity ( QQ , Mail , Tel ), virtual identity through the acquisition of other Internet search relevant information. (Please explain the reasoning process, with a search screenshot)
For example: nickname -> Mailbox -> QQ number -> telephone number, name -> Micro channel -> physical address ...................
General social account nickname is constant, when finding a nickname, you can search in different places, to see whether there will be the same person, while micro-letters and phone number will be binding, this time can be inferred that the phone number, then according to dynamic publishing or thumbs situation analysis of his personality or hobby.
Question 10:
Please check the machine's IP address and subnet mask, and scans all hosts on the segment of survival in LAN (Screenshot attached search)
Nmap –sn 192.168.31.1/24
Question 11:
Select a survival IP addresses, scanning open ports (respectively ping scan, the SYN scan attempts), and query the corresponding common port services and operating system information.
Familiar nmap related commands (search attached screenshot)
1.ping scan
2.nmap -sS -P0 -sV -O <target> get the type of system and open ports remote host
-sS TCP SYN scan (also known as semi-open, or stealth scanning)
-P0 pings allows you to turn off ICMP.
-sV open system version detection
-O try to identify the remote operating system
Problem 12:
Internet in the laboratory building of local area network, please scanned, the machine which opened ftp service, which the machine is turned on Remote Desktop Connection service, along with screenshots to prove.