"Network attack and defense practice" second job
job belongs courses: https://edu.cnblogs.com/campus/besti/19attackdefense/
operational requirements: https://edu.cnblogs.com/campus/besti/19attackdefense/homework/ 10449
table of Contents
- 1. The detailed process environment to build Defense
topology Defense Environment 1.1
1.2 Experimental Environment
1.3 Construction of virtual Honeynets step
1.4 drone installation
1.5 attack installation
1.6 Installation Honeywall - 2. Test
- 3. Features
- 4. learning problems and solutions encountered
- 5. learning insights and experience
- 6. References
Offensive and defensive environment to build detailed process (illustrated, which is the key part)
Topology FIG.
lab environment
- Host Host
- Operating System: Win10
- Software: VMware workstation pro
- Associated virtual machines
- Honeywall Mirror: roo-1.4.hw-20090425114542.iso
- Drone virtual machine: Windows XP professional linux Metasploitable
- Attack virtual machine: WinXPattacker SEEDUbuntu16.04 Kali2020.1a
Build a virtual Honeynet step
Network Configuration
VMware Workstation pro -> Edit -> Virtual Network Editor VMnet1
VMnet8
Wherein, NAT set as follows:
DHCP (Dynamic ip address is provided for) is set as follows:
Drone installation
windows XP professional, and network connections to VMnet1, set the IP address
win2Kserver
linux Metasploitable, the network connection is set VMnet1, set the IP address
Command inputsudo vim /etc/rc.local
network configuration, configuration is as follows:
ifconfig eth0 192.168.200.123 netmask 255.255.255.128 route add default gw 192.168.200.1
sudo reboot
Attack aircraft installation
Attacker mounted virtual machine (WinXPattacker, kali and SEEDUbuntu16), and network connections to VMnet8 WinXPattacker automatically acquired IP (192.168.200.2) as shown below:
kali acquired IP (192.168.200.3) as follows:
SEED Ubuntu16, only .vmdk file compression bag, you need to create a new virtual machine, just pay attention to when choosing disk, choose to use an existing disk, and select the .vmdk as a disk.
Acquired IP (192.168.200.5) as follows:
Honeywall installation
Honeywall install a virtual machine and configure it. Honeywall virtual machine installation should pay attention to four points: (1) select CD / DVD drive after the virtual machine configured to specify the mirror
(2) Version:
(3) before the final step, select the custom hardware on the network adapter to add and set, and determines -> complete
The left (4) click on the virtual machine configuration list, add a CD / DVD drive and determination to complete.
Use roo log, after use
su -
Be put right, the first time
su -
will enter the configuration interface, you can also entermenu
into the configuration page. Configuration interface as follows:
Click to enter into the next page
Press
↓
Select 4.honeywall configuration, carriage return
Press
↓
Select 1.mode and IP information, carriage returns
Press
↓
Select 2.honeypot IP Address, Enter ---> Enter honeypot IP, Enter
Select 5.LAN Broadcast Address, Enter ---> Enter the broadcast address, enter
Select 6.LAN CIDR Prefix, carriage return, the network number, the transport
Return to the previous menu, select 2.remote management, setting management information platform.
Select IP 1. management IP, input management platform and determine
Select Subnet Mask 2. management netmask, and to determine the input management platform
Select Gateway 3. management gateway, and to determine the input management platform
Select 7. manager, IP setting management range, and determines the input
Return to previous menu
Select 11. sebek, setting information to be transmitted to the host IP, upd port 1101, the packet processing option to drop
Configuration
test
After opening honeywall virtual machine, and log in roo mention the right to root, enter
su -
Open WinXPattacker, IE browser, enter the address in the address bar management
https://192.168.200.8
Certificates have a problem, click Continue, enter the following interface
Use honeywall account and password, roo and enter their password honey, first login password will change: the need to contain both uppercase letters, lowercase letters, special characters and numbers four types of characters. Login after:
Connectivity Test Honeywall
Enter the monitor command on honeywall gateway:
tcpdump -i eth0 icmp
In the pingWin2kserver WinXPattacker, the following data packet is detected on the gateway host honeywall:
(With the other port on the same, slightly)
(a VMnet1 in any of the other virtual machines and virtual machine VMnet8 ping each other and the same are slightly)
Features
Drone: As a honeypot, has some loopholes, used as a lure to attack the attacker to obtain information attack aircraft.
metasploitable vulnerability, based on Ubuntu, WinXP operating system, used as a security tool to test and demonstrate common exploits, as with MSF drone attacks.
Attack: Attack drones
WinXPattacker attack tools in a series of
scanning tools: decompiler, penetration tools, etc., Nessus, Nmap scan tool is used in the pre-challenge phase; Wireshark packet capture, as shown:
kali system also Nmap scan tool
metasploit frame involved metasploit vulnerability penetration;
Nmap, Nessus scan tool;
Wireshark packet capture tool;
the Aircrack-ng is used to break WEP / WAP / WPA 2 wireless password by receiving data packets to the network work, and analyzed by password recovery. It also has a console interface. In addition, Aircrack-ng also use standard FMS (Fluhrer, Mantin and Shamir) attacks, as well as some optimization (such as KORK attack and PTW attack) to speed up the attack;
Hydra violent attacks, used to verify the identity of the remote service break;
honey network gateway, a network connection and a drone attack machine is located where the network and set the Honeynet.
Learning problems encountered and solutions
1, after installing roo-1.4 virtual machine, did not enter the menu, enter the menu did not enter the Honeynet configuration page, carefully watching online tutorials, original mention the right time to use the
su -
And I use the
su
2, the installation kali Chinese system, but after installing into the system, the emergence of various garbled.
Solution: as follows:
(1) The first system code is set to English encoded (for mounting various tools required, fonts, etc., mainly in the case of downloaded fonts distortion wrong time, and prompts the distortion, it is necessary to put the system encoder arranged to English and easy to see what is wrong). Open the terminal input
sudo dpkg-reconfigure locales
select
en_US.UTF-8
,as the picture shows:
View up and down keys, space bar to select, "*" indicates that selected, tab key is used to finalize, later to determine the following interface
Up and down keys to move between en_US.UTF-8 and determine, you can (do not forget to restart) see English interface rather than garbled (although in some places is still garbled, but good enough)
(2) update the software source, type the command
sudo vim /etc/apt/sources.list
Add the following source software
Use command to update
sudo apt-get update
(3) install Chinese fonts, use the command
sudo apt-get install xfonts-intl-chinese
as well as
sudo apt-get install ttf-wqy-microhei
Reboot, the system finally show normal
3, when the kali installation of the system has a step asks whether you want to use a network mirror as a supplement to this mirror, if the election is the case, there will be some errors, the source should not be used, so I'll select No, just install a local mirror step, network configuration there have been some problems, I choose not to direct configuration, etc. after you install the system and then configure the network connection.
4, in kali, use the ifconfig -a can not view IP, through Baidu, that can be used directly in the new version of kali
ip addr
Check the local IP address.
5, now there is a problem, VMnet1 and VMnet8 looks like two segments, but why are used 192.168.200.2-192.168.200.126 in the IP address of the computer network of knowledge have forgotten a lot, need Make it up
Learning insights and experience
Always remember, there will be reverberations. Spent a day just find out the Honeynet system is probably what the situation, it took more than a day ride the system, feel at home, like my mind is not good enough, it took so long, very hard to accept. Bahrain but in the end, still gratifying. Although the research is still lacking narrative related software, but first let me uncomfortable for a while.
Reference material
"Network attack and defense technology and practice"
, "network attack and defense environment to build"
Kali system 20 super useful tool hacker penetration, you know a few?
How to determine two ip address is not in the same segment
three network connection modes VM (Vmware Workstation) virtual machine
table of Contents
- 1. The detailed process environment to build Defense
topology Defense Environment 1.1
1.2 Experimental Environment
1.3 Construction of virtual Honeynets step
1.4 drone installation
1.5 attack installation
1.6 Installation Honeywall - 2. Test
- 3. Features
- 4. learning problems and solutions encountered
- 5. learning insights and experience
- 6. References
Offensive and defensive environment to build detailed process (illustrated, which is the key part)
Topology FIG.
lab environment
- Host Host
- Operating System: Win10
- Software: VMware workstation pro
- Associated virtual machines
- Honeywall Mirror: roo-1.4.hw-20090425114542.iso
- Drone virtual machine: Windows XP professional linux Metasploitable
- Attack virtual machine: WinXPattacker SEEDUbuntu16.04 Kali2020.1a
Build a virtual Honeynet step
Network Configuration
VMware Workstation pro -> Edit -> Virtual Network Editor VMnet1
VMnet8
Wherein, NAT set as follows:
DHCP (Dynamic ip address is provided for) is set as follows:
Drone installation
windows XP professional, and network connections to VMnet1, set the IP address
win2Kserver
linux Metasploitable, the network connection is set VMnet1, set the IP address
Command inputsudo vim /etc/rc.local
network configuration, configuration is as follows:
ifconfig eth0 192.168.200.123 netmask 255.255.255.128 route add default gw 192.168.200.1
sudo reboot
Attack aircraft installation
Attacker mounted virtual machine (WinXPattacker, kali and SEEDUbuntu16), and network connections to VMnet8 WinXPattacker automatically acquired IP (192.168.200.2) as shown below:
kali acquired IP (192.168.200.3) as follows:
SEED Ubuntu16, only .vmdk file compression bag, you need to create a new virtual machine, just pay attention to when choosing disk, choose to use an existing disk, and select the .vmdk as a disk.
Acquired IP (192.168.200.5) as follows:
Honeywall installation
Honeywall install a virtual machine and configure it. Honeywall virtual machine installation should pay attention to four points: (1) select CD / DVD drive after the virtual machine configured to specify the mirror
(2) Version:
(3) before the final step, select the custom hardware on the network adapter to add and set, and determines -> complete
The left (4) click on the virtual machine configuration list, add a CD / DVD drive and determination to complete.
Use roo log, after use
su -
Be put right, the first time
su -
will enter the configuration interface, you can also entermenu
into the configuration page. Configuration interface as follows:
Click to enter into the next page
Press
↓
Select 4.honeywall configuration, carriage return
Press
↓
Select 1.mode and IP information, carriage returns
Press
↓
Select 2.honeypot IP Address, Enter ---> Enter honeypot IP, Enter
Select 5.LAN Broadcast Address, Enter ---> Enter the broadcast address, enter
Select 6.LAN CIDR Prefix, carriage return, the network number, the transport
Return to the previous menu, select 2.remote management, setting management information platform.
Select IP 1. management IP, input management platform and determine
Select Subnet Mask 2. management netmask, and to determine the input management platform
Select Gateway 3. management gateway, and to determine the input management platform
Select 7. manager, IP setting management range, and determines the input
Return to previous menu
Select 11. sebek, setting information to be transmitted to the host IP, upd port 1101, the packet processing option to drop
Configuration
test
After opening honeywall virtual machine, and log in roo mention the right to root, enter
su -
Open WinXPattacker, IE browser, enter the address in the address bar management
https://192.168.200.8
Certificates have a problem, click Continue, enter the following interface
Use honeywall account and password, roo and enter their password honey, first login password will change: the need to contain both uppercase letters, lowercase letters, special characters and numbers four types of characters. Login after:
Connectivity Test Honeywall
Enter the monitor command on honeywall gateway:
tcpdump -i eth0 icmp
In the pingWin2kserver WinXPattacker, the following data packet is detected on the gateway host honeywall:
(With the other port on the same, slightly)
(a VMnet1 in any of the other virtual machines and virtual machine VMnet8 ping each other and the same are slightly)
Features
Drone: As a honeypot, has some loopholes, used as a lure to attack the attacker to obtain information attack aircraft.
metasploitable vulnerability, based on Ubuntu, WinXP operating system, used as a security tool to test and demonstrate common exploits, as with MSF drone attacks.
Attack: Attack drones
WinXPattacker attack tools in a series of
scanning tools: decompiler, penetration tools, etc., Nessus, Nmap scan tool is used in the pre-challenge phase; Wireshark packet capture, as shown:
kali system also Nmap scan tool
metasploit frame involved metasploit vulnerability penetration;
Nmap, Nessus scan tool;
Wireshark packet capture tool;
the Aircrack-ng is used to break WEP / WAP / WPA 2 wireless password by receiving data packets to the network work, and analyzed by password recovery. It also has a console interface. In addition, Aircrack-ng also use standard FMS (Fluhrer, Mantin and Shamir) attacks, as well as some optimization (such as KORK attack and PTW attack) to speed up the attack;
Hydra violent attacks, used to verify the identity of the remote service break;
honey network gateway, a network connection and a drone attack machine is located where the network and set the Honeynet.
Learning problems encountered and solutions
1, after installing roo-1.4 virtual machine, did not enter the menu, enter the menu did not enter the Honeynet configuration page, carefully watching online tutorials, original mention the right time to use the
su -
And I use the
su
2, the installation kali Chinese system, but after installing into the system, the emergence of various garbled.
Solution: as follows:
(1) The first system code is set to English encoded (for mounting various tools required, fonts, etc., mainly in the case of downloaded fonts distortion wrong time, and prompts the distortion, it is necessary to put the system encoder arranged to English and easy to see what is wrong). Open the terminal input
sudo dpkg-reconfigure locales
select
en_US.UTF-8
,as the picture shows:
View up and down keys, space bar to select, "*" indicates that selected, tab key is used to finalize, later to determine the following interface
Up and down keys to move between en_US.UTF-8 and determine, you can (do not forget to restart) see English interface rather than garbled (although in some places is still garbled, but good enough)
(2) update the software source, type the command
sudo vim /etc/apt/sources.list
Add the following source software
Use command to update
sudo apt-get update
(3) install Chinese fonts, use the command
sudo apt-get install xfonts-intl-chinese
as well as
sudo apt-get install ttf-wqy-microhei
Reboot, the system finally show normal
3, when the kali installation of the system has a step asks whether you want to use a network mirror as a supplement to this mirror, if the election is the case, there will be some errors, the source should not be used, so I'll select No, just install a local mirror step, network configuration there have been some problems, I choose not to direct configuration, etc. after you install the system and then configure the network connection.
4, in kali, use the ifconfig -a can not view IP, through Baidu, that can be used directly in the new version of kali
ip addr
Check the local IP address.
5, now there is a problem, VMnet1 and VMnet8 looks like two segments, but why are used 192.168.200.2-192.168.200.126 in the IP address of the computer network of knowledge have forgotten a lot, need Make it up
Learning insights and experience
Always remember, there will be reverberations. Spent a day just find out the Honeynet system is probably what the situation, it took more than a day ride the system, feel at home, like my mind is not good enough, it took so long, very hard to accept. Bahrain but in the end, still gratifying. Although the research is still lacking narrative related software, but first let me uncomfortable for a while.
Reference material
"Network attack and defense technology and practice"
, "network attack and defense environment to build"
Kali system 20 super useful tool hacker penetration, you know a few?
How to determine two ip address is not in the same segment
three network connection modes VM (Vmware Workstation) virtual machine