Chinese People's Public Security University
Chinese people’ public security university
Network Warfare Technology
experimental report
| experiment one |
| Network Reconnaissance and network scanning |
| student name |
Sheng Tian Ning |
| grade |
17 |
| District Team |
Net seven |
| mentor |
Your opinion |
Information and Network Security Technology College
2017 Nian 7 Yue 7 Ri
Master experimental task
20 17 -20 18 grade Dai Ichi semester
First, the purpose of the experiment
1. Deepen and digest this course lectures, review what they have learned through the Internet search techniques, methods and techniques;
2. Understand and are familiar with popular search engines, scan tools, social networking sites and other Internet resources, given the task of searching, correlation, analysis;
3. The purpose of the consolidation of curriculum knowledge and practical application.
Second, the experimental requirements
1. Carefully read the contents of each experiment, we need to capture the title, to be clear screenshots and annotate screenshots and descriptions.
2. Documentation Requirements clear structure, graphic expression accurate labeling specifications. Reasoning was objective, reasonable and logical.
3. Software tools can be used office2003 or 2007, Nmap, and so on.
4. After the experiment, to retain electronic documents.
Three , experimental procedures
1. ready
Experimental preparation well in advance, should learn more about the purpose of the experiment, test requirements and test content before the experiment, familiar with the software tools and ready with a good experiment, in accordance with the requirements of experimental content and experimental content ready ahead of time.
2. lab environment
Describes the hardware and software environment used in the experiment (including a variety of software tools);
Office2003 boot and start the software or 2007, browsers, scanning software.
3. experiment procedure
1) Start the system and start-up tool environment.
2) realization of experimental content using software tools.
4. experimental report
Write lab reports in accordance with the standard requirements of the test report format. The document prepared in accordance with the format template embedded test report document, the document written in accordance with the provisions of the written format, the form must be said that the graphics have a table Illustrated.
Experimental task (a)
Network Reconnaissance refers to the hackers in order to more effectively carry out attacks and all exploration activities on the target host before the attack or attack the course. Network Reconnaissance sometimes referred to as "check out the location." Usually "Capitol" include the following: the domain name of the target host, IP address, operating system type, open ports, and which ports are running behind these kind of applications, these applications have no loopholes. So how do you collect this information? You can use technology-independent "social engineering", the search engine as well as a scan tool.
Question one:
With Baidu or google search www.ppsuc.edu.cn all pages that contain "network security". (Screenshot attached)
Question two:
With Baidu or google search for all "Network security" pdf document (attached screenshot)
Question three:
Mary is a professional undergraduate pharmacy, pharmacy has been engaged in professional work, now she would like to obtain a certificate, but the registration conditions required to work for three years. So, what Mary wanted to obtain the certificate. (Please answer and attach screenshots to prove.)
Question 4:
June 28 is the birthday of Wang, he was in 2008 enrolled undergraduate Chinese People's Public Security University. In a senior this year to celebrate his birthday, he and his friends watched a birthday that day just released domestically fantasy movie together. In this movie, playing "master of alchemy" role of actor monk who, may I ask what his Buddhist name was that? (Screenshot attached)
Question 5:
210.31.48.31, IP address belongs to which the unit (A screenshot)
Question six:
In one case, the suspect gained a MAC address: 40-16-9F-4E-7F-B4, please check the MAC address of the manufacturer is (attached screenshot)
Question seven:
In one case, the suspect gained LAC is 41064, CID is 16811, this person may be in any place? (Screenshot attached)
Question eight:
Getting www.zzz.gov.cn domain name registration, the registrant's email is (attached screenshot)
Nine on:
By a person's QQ number, from the Internet to expand clues. The network nickname, MSN number and other information.
You can also choose a virtual network identity (QQ, Mail, Tel), virtual identity through the acquisition of other Internet search relevant information. (Please explain the reasoning process, with a search screenshot)
For example: nickname -> Mailbox -> QQ number -> telephone number, name -> Micro channel -> physical address ...................
Question 10:
Please check the IP address and subnet mask of this machine, and scan all surviving host on the segment (with search screenshot) in the LAN
Question 11:
Select a survival IP addresses, scanning open ports (respectively ping scans, syn scan attempt), and query the corresponding common port services and operating system information.
Familiar nmap related commands (search attached screenshot)
Https port 443 corresponds to port
Problem 12:
Internet in the laboratory building LAN, scan it, which opens the ftp service machine, which machines opened the Remote Desktop Connection service, along with screenshots to prove.
Problems thirteen:
For full port scan, the port scan program used
from socket import *
import threading #导入线程相关模块
lock = threading.Lock()
openNum = 0 threads = [] #定义线程列表 def portScanner(host,port): global openNum try: s = socket(AF_INET,SOCK_STREAM) s.connect((host,port)) lock.acquire() #因为openNum是个全局变量,每个线程不能对openNum 同时操作,只有获得所的线程才可以操作 openNum openNum+=1 print('[+] %d open' % port) lock.release() #线程对全局变量openNum操作完成后,需要释放所,其他线程才可以继续修改全局变量openNum s.close() except: #如果端口没开,那么就直接pass,不执行其他输出操作。 pass def main(): setdefaulttimeout(1) ports = [20, 21, 22, 23, 80, 111, 3306] #定义要扫描的端口,也可以在for中使用range进行定义,看个人需求,例如 for p in range(1,1024): for p in ports: t = threading.Thread(target=portScanner,args=('192.168.60.130',p)) threads.append(t) t.start() for t in threads: #等待线程列表中的所以线程的执行完毕 t.join() print('[*] The scan is complete!') print('[*] A total of %d open port' % (openNum)) if __name__ == '__main__': main()