table of Contents
- 20,199,123 2019-2020-2 "network attack and defense practice," the second week of work
20,199,123 2019-2020-2 "network attack and defense practice," the second week of work
0 overall structure
| The work belongs to the curriculum | "Network attack and defense practice." |
|---|---|
| Where the job requires | "Network attack and defense practice" second job |
| My aim in this course is | Learning network attack and defense-related technologies, grasp the network attack and defense related capabilities |
| In particular aspects of the job which helped me achieve goals | Knowledge of software configuration and network environment truly begin to understand the offense and defense, review of computer networks |
| Text of the job | The following text |
| Other references | See end of text |
1. learning summary
前两周的课程中老师主要介绍了网络攻防实践的一些基础知识:
1.网络安全目标:保密性、完整性、不可抵赖性、可用性、可控性
2.安全威胁:恶意代码、远程入侵、拒绝服务、身份假冒、信息窃取和篡改在(主动攻击和被动攻击)
3.网络安全研究内容:网络安全体系、网络攻击技术、网络防御技术、密码技术应用、网络安全应用
最后老师还介绍了一些密码学的基础知识,包括对称密码和公钥密码,对称加密算法、公钥加密算法和散列算法等。2. The offense and defense environment to build detailed process
Topology Figure 2.1 offensive environment
2.2 operating system and software environments used in attack and defense
As the teacher said to provide some of the books were old version of Mirror encourage everyone to find a new version of attack and defense build environment, and here I refer to the newer version of the mirror experiment Sunqi Long classmates blog has been updated. Specific operating system and software resources are as follows:
Attack aircraft
2, WinXP: teacher Baidu cloud provider (WinXPattacker)
3, SEED VMUbuntu: https://pan.zju.edu.cn/share/6c72d40cdc0877833c6b96bd2d
target drone
1、Linux Metasploitable:https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
2, Windows drone: teacher Baidu cloud provider (Win2kServer_SP0_target)
Honeywall
1, the teacher Baidu cloud provider (roo-1.4.hw-20090425114542.iso)
2.3 environment to build offensive and defensive
2.3.1 VM network settings
Most students begin to see the Sun Qilong blog, I was ignorant of force. How one up on the virtual machine network settings of it? In the explanation chiefs finally get to know the entire offense and defense environment, incidentally, also reviewed a wave of computer network subnets, IP address and mask (if he is Han Han). Less specific explanation is as follows:
Under 1, first of all to understand vm virtual network settings
2, followed by IP address configuration offensive environment
3. The offensive environment topology diagram shows that we will VMnet1 host-only mode as the drone network segment, Linux and WinXP drone connected to the network segment, the VMnet8 NAT mode as attack aircraft segment, Kali, Windowsattacker , SEED UBuntu the virtual machine connected to the network segment, and eth0 HoneyWall Honeywall connection attack aircraft segment, eth1 connected drone segment connecting two network segments by way of the bridge, and as attack aircraft segment to target drone the only channel network link segment, the interface eth2 Honeywall VMnet8 also connected into the network, it is accessed by a host through Honeywall VMnet8 virtual network card, data analysis and management Honeywall. (Above the reference word textbook section 2.2.2)
4, by the above analysis shows us know VMNet0 configured to bridge mode; VMNet1 configured as Host-only mode, and its IP subnets configured 192.168.200.128/25;VMNet8 configured for NAT mode, the IP subnet as 192.168.200.0/ 25, due to the virtual network adapter to access the host through VMNet8 Honeywall, so setting the gateway IP address is 192.168.200.1;
5, detailed configuration screenshot follows:
2.3.2 Linux installation attack aircraft _kali
1, kali virtual machine packed in the form vmx file, so open the virtual machine to extract the files into the kali.vmx can be directly
2 is disposed below the virtual machine network kali
Since kali virtual machine as a machine connected VMnet8 under attack, so the network adapter VMnet8 NAT mode select (or NAT mode, both equivalent)
3, boot into the system software settings. kali default user name, password and the root password is
kali. Specific software to set the operation flow: Log -> mention the right (usingsumention the right) -> install net-tools (ifconfig package) -> view network information.
PS: Remember the IP address of kali attack machine (192.168.200.2) do offensive and defensive back available! ! !
2.3.3 Windows Installation attack aircraft WinXPattacker
1, WinXPattacker attack aircraft packed in the form of vmx, introduced in a manner similar import according to the attack aircraft kali
2, WinXPattacker card configured as follows:
3, into the system to see the IP address of 192.168.200.3
2.3.4 SEEDUbuntu installation
1, SEEDUbuntu by VM virtual machines vmdk disk mirroring given, thus requiring a new virtual machine. Installation process is as follows: Choose New Virtual Machine -> Custom Installation -> Compatible xx-> install the system later -> choose Linux, version Ubuntu-> Position -> continuously until Next -> Use the Virtual Disk -> Select seedubuntu the vmdk file -> Next to the end
2, SEEDUbuntu NIC are set as follows:
3, boot into the system. Account as
seedthe password isdees, after boot bysulifting weights (PS: If you are usingsudo suinto root mode password, then use the password the original accountdees, becausesudo sutemporary root privileges,sudoare used in the original account's password because it is based on the original accounts mention the right - above from the students to explain the Sun Qilong) lastifconfigview the network information, the IP address is 192.168.200.4
2.3.5 Windows installation drone win2kSever
1, win2kSever virtual machine image is provided by introducing the same manner through kali
2, after the installed power, use the shortcut key
alt+ctrl+del(this is called life-saving triple bond triple bond in the windows inside) into the system, for the accountadministrator, passwordmima12343, disposed below the card
PS: because drones are connected at VMNet1, so the network adapter selects only host mode
4, the network configuration parameters into the system as follows FIG.
PS: Since honeypots need drone gateway to communicate with NAT, so the set gateway 192.168.200.1
2.3.6 Linux installation drone
1, Metasploitable2-Linux drone vm virtual image given by introducing the same manner as kali
2, Metasploitable2-Linux NIC are set as follows:
3, into the system, account passwords are
msfadmin. Here need to manually set IP addresses, as follows: first bysudo sulifting weights (passwordmsfadmin) ->vim /etc/rc.local> -ienter the edit mode, locateexit0inserting the following two priorifconfig eth0 192.168.200.125 netmask 255.255.255.128route add default gw 192.168.200.1PS: Setting
eth0address is 192.168.200.125 address VMNet1 segment because of the need to find Pictured under attack drone aircraft edit documents through a gateway honeypotrc.localscreenshots
-> Press the
ESCkey -> Press:-> Presswq-> ENTER ->rebootRestart4, type the command
ifconfigto view the configuration of the IP (192.168.200.124) and other network information
2.3.7 honeypot Gateway Installation
1, according to Sun Qilong students blog in the installation steps (Gangster spade what it is)
2, installation of the boot image added
3, add two network cards (NIC two network connection settings to make correct)
4, boot into the system -> login account as
roothe password ishoney-> usesu -privilege escalation, passwordhoney-> Manual to enter the configuration interface ->cd /usr/sbin./menuConfigure> Start honeypot Gateway -5, the process of configuring the gateway honeypot following theme
6, open the browser, enter the address https://192.168.200.8 in windowsattacker
6, this basic offense and defense throughout the network environment on the configuration finished
2.3.8 Testing
1, using the honeypot gateway
su -to mention the right, run the commandtcpdump -i eth0 icmp
2, switch to Attack kali attack machine drone Linux Metasploitable
3, View honeypot gateway tcpdump can see the bridge function properly
4, switch to Attack Win2kSever drone aircraft WinXP
5, Linux drone attack aircraft attack kali
2.3.9 Related Software
3. The problems and solutions encountered in the study
- 1, the beginning of the VM virtual network configuration when he started wondering, plus look at teaching students Sun Qilong patient and meticulous explanations I finally understand network configuration VMNet0 / VMNet1 / VMNet8 of!
- 2, in the back of the IP address of the virtual machine's configuration is also the place appeared puzzled, the students are under the Sun Qilong explain all the hang of. Thank big brother, and is moving day for the big brother!
- 3, after the last of all finished configuring, my machine is not enough memory ... unable to fully open all the virtual machines to attack test, can only come part of a part of!
- 4, carrying out attacks occur when the test case WinXP can not ping two drones, and finally I put the honey pot gateway open, after the attack aircraft and drones are open ping successful. Han Han is a really general, not honeypot gateway connection, how can be in different segments of drones and attack aircraft ping get through it?
4. learning insights and experience
This lesson too much experience (Behind his) whole in a semi-ignorant half-fill holes to force the state of knowledge, but to finish all of the offensive and defensive environment configuration, discovered that in fact all around the whole network topology, I'm configuration process the picture is analyzed in the paper (feel better understand the configuration of the entire environment). Last point offensive and defensive road full of thorns and obstacles, Credit goes to the teacher's course explains coupled with Sun Qilong big brother to help, in order through the clutter and see the light. (Offense and defense can be white too hard!)