experiment one
School number 201 721 440 044
Chinese People's Public Security University
Chinese people’ public security university
Network Warfare Technology
experimental report
| experiment one |
| Network Reconnaissance and network scanning |
| student name |
He Nan |
| grade |
2017 |
| District Team |
Net four |
| mentor |
Your opinion |
Institute of Technology and Information Network Security
2017 Nian 7 Yue 7 Ri
Master experimental task
2017-2018 school year first semester
First, the purpose of the experiment
1. Deepen and digest this course lectures, review what they have learned through the Internet search techniques, methods and techniques;
2. Understand and are familiar with popular search engines, scan tools, social networking sites and other Internet resources, given the task of searching, correlation, analysis;
3. The purpose of the consolidation of curriculum knowledge and practical application.
Second, the experimental requirements
1. Carefully read the contents of each experiment, we need to capture the title, to be clear screenshots and annotate screenshots and descriptions.
2. Documentation Requirements clear structure, graphic expression accurate labeling specifications. Reasoning was objective, reasonable and logical.
3. Software tools can be used office2003 or 2007, Nmap, and so on.
4. After the experiment, to retain electronic documents.
Third, the experimental procedures
1. ready
Experimental preparation well in advance, should learn more about the purpose of the experiment, test requirements and test content before the experiment, familiar with the software tools and ready with a good experiment, in accordance with the requirements of experimental content and experimental content ready ahead of time.
2. lab environment
Describes the hardware and software environment used in the experiment (including a variety of software tools);
Office2003 boot and start the software or 2007, browsers, scanning software.
3. experiment procedure
1) Start the system and start-up tool environment.
2) realization of experimental content using software tools.
4. experimental report
Write lab reports in accordance with the standard requirements of the test report format. The document prepared in accordance with the format template embedded test report document, the document written in accordance with the provisions of the written format, the form must be said that the graphics have a table Illustrated.
Experimental task (a)
Network Reconnaissance refers to the hackers in order to more effectively carry out attacks and all exploration activities on the target host before the attack or attack the course. Network Reconnaissance sometimes referred to as "check out the location." Usually "Capitol" include the following: the domain name of the target host, IP address, operating system type, open ports, and which ports are running behind these kind of applications, these applications have no loopholes. So how do you collect this information? You can use technology-independent "social engineering", the search engine as well as a scan tool.
Question one:
With Baidu or google search www.ppsuc.edu.cn all pages that contain "network security". (Screenshot attached)
Question two:
With Baidu or google search for all "Network security" pdf document (attached screenshot)
Question three:
Mary is a professional undergraduate pharmacy, pharmacy has been engaged in professional work, now she would like to obtain a certificate, but the registration conditions required to work for three years. So, what Mary wanted to obtain the certificate. (Please answer and attach screenshots to prove.)
Question 4:
June 28 is the birthday of Wang, he was in 2008 enrolled undergraduate Chinese People's Public Security University. In a senior this year to celebrate his birthday, he and his friends watched a birthday that day just released domestically fantasy movie together. In this movie, playing "master of alchemy" role of actor monk who, may I ask what his Buddhist name was that? (Screenshot attached)
Take training
Question 5:
210.31.48.31, IP address belongs to which the unit (A screenshot)
Xicheng District, Beijing Education Network
Question six:
In one case, the suspect gained a MAC address: 40-16-9F-4E-7F-B4, please check the MAC address of the manufacturer is (attached screenshot)
Manufacturers to TP-LINK TECHNOLOGIES CO., LTD.
Question seven:
In one case, the suspect gained LAC is 41064, CID is 16811, this person may be in any place? (Screenshot attached)
Question eight:
Getting www.zzz.gov.cn domain name registration, the registrant's email is (attached screenshot)
Nine on:
By a person's QQ number, from the Internet to expand clues. The network nickname, MSN number and other information.
You can also choose a virtual network identity (QQ, Mail, Tel), virtual identity through the acquisition of other Internet search relevant information. (Please explain the reasoning process, with a search screenshot)
For example: nickname -> Mailbox -> QQ number -> telephone number, name -> Micro channel -> physical address ...................
First, start with the basic information to start QQ account
1. to read basic information, most people some of the information is true (there are a lot of people untrue information are filled), look at the label and evaluation, the label is self-evaluation, if you know her personally, your impression of her and her the gap between their own label affixed, would be able to see her state of mind.
2. QQ a benefit, contact the person's family and friends are basically what the students, about the interaction: in the comments and responses will not know where can learn a little in the QQ data in things, such as name, if not seen for a long time friends suddenly she added, and she quite big changes, generally have such a dialogue, "ah, you are XXX almost did not recognize you," some inadvertent also informed about the change phone numbers, this information can be sharp get to. At the same time, you can also go in her room for good friends to find more information.
3. There are some special events, such as birthdays, events, tourism, what place (behind can use these information)
Second, the association account
1. As long as a person like social networks, it is impossible to not leave personal information, more like social networking, information leaks will be more, it is a social and privacy eternal contradiction. If you use multiple social networking sites, in order to facilitate also related to each other on the account, such as QQ name may be similar to the name of microblogging, microblogging name because each person is unique, and can be shared name QQ, QQ know it from the name search Weibo, then there will be some difficulty, but this is a proportion of problem, there are always some people apply
Question 10:
Please check the IP address and subnet mask of this machine, and scan all surviving host on the segment (with search screenshot) in the LAN
Question 11:
Select a survival IP addresses, scanning open ports (respectively ping scans, syn scan attempt), and query the corresponding common port services and operating system information.
Familiar nmap related commands (search attached screenshot)
(1) -PS * TCP SYN Ping scan shows all ports are filtered out
(2) nmap -sS -P0 -sV -O <target> acquires the remote host system and the type of open port
-sS TCP SYN scan (also known as semi-open, or stealth scanning)
-P0 pings allows you to turn off ICMP.
-sV open system version detection
-O try to identify the remote operating system
Problem 12:
Internet in the laboratory building LAN, scan it, which opens the ftp service machine, which machines opened the Remote Desktop Connection service, along with screenshots to prove.
Problems thirteen:
For full port scan, the port scan program used
参考: include "stdafx.h"
#include "stdafx.h" #include "stdio.h" #include <string.h> #include <Winsock2.h>
#pragma comment(lib, "ws2_32.lib")
#define DEST_IP "127.0.0.1"
#define DEST_PORT 135
int main() { //初始化WinSock WORD wVersionRequested = MAKEWORD(2,2); WSADATA wsaData; if(WSAStartup(wVersionRequested,&wsaData) != 0) { printf("初始化WinSock失败!\n") ; return 0 ; }
int sockfd,n;
struct sockaddr_in dest_addr;
sockfd = socket(AF_INET, SOCK_STREAM, 0);
dest_addr.sin_family = AF_INET;
dest_addr.sin_port = htons(DEST_PORT);
dest_addr.sin_addr.s_addr = inet_addr(DEST_IP);
//bzero(&(dest_addr.sin_zero)); n=connect(sockfd, (struct sockaddr *)&dest_addr, sizeof(struct sockaddr)); if(n==-1){ printf("端口没有开启"); }else{ printf("端口开启"); } }
Disclaimer: Any legal disputes that where the violation caused the browser, I will not be responsible!
School number 201 721 440 044
Chinese People's Public Security University
Chinese people’ public security university
Network Warfare Technology
experimental report
| experiment one |
| Network Reconnaissance and network scanning |
| student name |
He Nan |
| grade |
2017 |
| District Team |
Net four |
| mentor |
Your opinion |
Institute of Technology and Information Network Security
2017 Nian 7 Yue 7 Ri
Master experimental task
2017-2018 school year first semester
First, the purpose of the experiment
1. Deepen and digest this course lectures, review what they have learned through the Internet search techniques, methods and techniques;
2. Understand and are familiar with popular search engines, scan tools, social networking sites and other Internet resources, given the task of searching, correlation, analysis;
3. The purpose of the consolidation of curriculum knowledge and practical application.
Second, the experimental requirements
1. Carefully read the contents of each experiment, we need to capture the title, to be clear screenshots and annotate screenshots and descriptions.
2. Documentation Requirements clear structure, graphic expression accurate labeling specifications. Reasoning was objective, reasonable and logical.
3. Software tools can be used office2003 or 2007, Nmap, and so on.
4. After the experiment, to retain electronic documents.
Third, the experimental procedures
1. ready
Experimental preparation well in advance, should learn more about the purpose of the experiment, test requirements and test content before the experiment, familiar with the software tools and ready with a good experiment, in accordance with the requirements of experimental content and experimental content ready ahead of time.
2. lab environment
Describes the hardware and software environment used in the experiment (including a variety of software tools);
Office2003 boot and start the software or 2007, browsers, scanning software.
3. experiment procedure
1) Start the system and start-up tool environment.
2) realization of experimental content using software tools.
4. experimental report
Write lab reports in accordance with the standard requirements of the test report format. The document prepared in accordance with the format template embedded test report document, the document written in accordance with the provisions of the written format, the form must be said that the graphics have a table Illustrated.
Experimental task (a)
Network Reconnaissance refers to the hackers in order to more effectively carry out attacks and all exploration activities on the target host before the attack or attack the course. Network Reconnaissance sometimes referred to as "check out the location." Usually "Capitol" include the following: the domain name of the target host, IP address, operating system type, open ports, and which ports are running behind these kind of applications, these applications have no loopholes. So how do you collect this information? You can use technology-independent "social engineering", the search engine as well as a scan tool.
Question one:
With Baidu or google search www.ppsuc.edu.cn all pages that contain "network security". (Screenshot attached)
Question two:
With Baidu or google search for all "Network security" pdf document (attached screenshot)
Question three:
Mary is a professional undergraduate pharmacy, pharmacy has been engaged in professional work, now she would like to obtain a certificate, but the registration conditions required to work for three years. So, what Mary wanted to obtain the certificate. (Please answer and attach screenshots to prove.)
Question 4:
June 28 is the birthday of Wang, he was in 2008 enrolled undergraduate Chinese People's Public Security University. In a senior this year to celebrate his birthday, he and his friends watched a birthday that day just released domestically fantasy movie together. In this movie, playing "master of alchemy" role of actor monk who, may I ask what his Buddhist name was that? (Screenshot attached)
Take training
Question 5:
210.31.48.31, IP address belongs to which the unit (A screenshot)
Xicheng District, Beijing Education Network
Question six:
In one case, the suspect gained a MAC address: 40-16-9F-4E-7F-B4, please check the MAC address of the manufacturer is (attached screenshot)
Manufacturers to TP-LINK TECHNOLOGIES CO., LTD.
Question seven:
In one case, the suspect gained LAC is 41064, CID is 16811, this person may be in any place? (Screenshot attached)
Question eight:
Getting www.zzz.gov.cn domain name registration, the registrant's email is (attached screenshot)
Nine on:
By a person's QQ number, from the Internet to expand clues. The network nickname, MSN number and other information.
You can also choose a virtual network identity (QQ, Mail, Tel), virtual identity through the acquisition of other Internet search relevant information. (Please explain the reasoning process, with a search screenshot)
For example: nickname -> Mailbox -> QQ number -> telephone number, name -> Micro channel -> physical address ...................
First, start with the basic information to start QQ account
1. to read basic information, most people some of the information is true (there are a lot of people untrue information are filled), look at the label and evaluation, the label is self-evaluation, if you know her personally, your impression of her and her the gap between their own label affixed, would be able to see her state of mind.
2. QQ a benefit, contact the person's family and friends are basically what the students, about the interaction: in the comments and responses will not know where can learn a little in the QQ data in things, such as name, if not seen for a long time friends suddenly she added, and she quite big changes, generally have such a dialogue, "ah, you are XXX almost did not recognize you," some inadvertent also informed about the change phone numbers, this information can be sharp get to. At the same time, you can also go in her room for good friends to find more information.
3. There are some special events, such as birthdays, events, tourism, what place (behind can use these information)
Second, the association account
1. As long as a person like social networks, it is impossible to not leave personal information, more like social networking, information leaks will be more, it is a social and privacy eternal contradiction. If you use multiple social networking sites, in order to facilitate also related to each other on the account, such as QQ name may be similar to the name of microblogging, microblogging name because each person is unique, and can be shared name QQ, QQ know it from the name search Weibo, then there will be some difficulty, but this is a proportion of problem, there are always some people apply
Question 10:
Please check the IP address and subnet mask of this machine, and scan all surviving host on the segment (with search screenshot) in the LAN
Question 11:
Select a survival IP addresses, scanning open ports (respectively ping scans, syn scan attempt), and query the corresponding common port services and operating system information.
Familiar nmap related commands (search attached screenshot)
(1) -PS * TCP SYN Ping scan shows all ports are filtered out
(2) nmap -sS -P0 -sV -O <target> acquires the remote host system and the type of open port
-sS TCP SYN scan (also known as semi-open, or stealth scanning)
-P0 pings allows you to turn off ICMP.
-sV open system version detection
-O try to identify the remote operating system
Problem 12:
Internet in the laboratory building LAN, scan it, which opens the ftp service machine, which machines opened the Remote Desktop Connection service, along with screenshots to prove.
Problems thirteen:
For full port scan, the port scan program used
参考: include "stdafx.h"
#include "stdafx.h" #include "stdio.h" #include <string.h> #include <Winsock2.h>
#pragma comment(lib, "ws2_32.lib")
#define DEST_IP "127.0.0.1"
#define DEST_PORT 135
int main() { //初始化WinSock WORD wVersionRequested = MAKEWORD(2,2); WSADATA wsaData; if(WSAStartup(wVersionRequested,&wsaData) != 0) { printf("初始化WinSock失败!\n") ; return 0 ; }
int sockfd,n;
struct sockaddr_in dest_addr;
sockfd = socket(AF_INET, SOCK_STREAM, 0);
dest_addr.sin_family = AF_INET;
dest_addr.sin_port = htons(DEST_PORT);
dest_addr.sin_addr.s_addr = inet_addr(DEST_IP);
//bzero(&(dest_addr.sin_zero)); n=connect(sockfd, (struct sockaddr *)&dest_addr, sizeof(struct sockaddr)); if(n==-1){ printf("端口没有开启"); }else{ printf("端口开启"); } }
Disclaimer: Any legal disputes that where the violation caused the browser, I will not be responsible!