table of Contents
Practice what
The third chapter this week learning the network attack and defense practice. Learn some methods of information-gathering network. Practice is divided into three parts, the first step in the Capitol network, network scanning the second step, the third step network enumeration.
Practice
IP and DNS queries
I chose baidu.com
Baidu query by https://www.internic.net/whois.html website. Results are as follows
According to Registrar WHOIS Server and then go to the website for further information. Query results are as shown below.
Therefore, analysis of information obtained in Baidu
- Registrant is MarkMonitor Inc
- Registrar Abuse Contact Email: [email protected]
- Registrar Abuse Contact Phone: +1.2083895770
- Registrant Organization: Beijing Baidu Netcom Science Technology Co., Ltd.
- Registrant State/Province: Beijing
- Registrant Country: CN
Nslookup query baidu.com obtained by its ip address, as FIG.
By then query the APNIC ip address to obtain further information
- address: 29, Jinrong Ave., Xicheng District, Beijing, 100032
- person: haijun li
- phone: +86 1052686688
Then I went through pure ip ip database query that got its more specific position, as shown below
In the process of using qq chat with friends, I opened the netstat to listen. Ip address has been a frequent, then by pure ip address query tool, to get this ip is located in Shenzhen, Guangdong, so I guess it should be Tencent Tencent chat packets through the server and then forwarded to my friend.
Network Scanning (scanning)
Use nmap to drone on kali address scan showed that active
On winxp by nmap -sS was obtained an open tcp port information
In kali by nmap -sU operation, it has been open udp port information
By -sV operation nmap, has been the target drone and other information versions of the operating system and network services.
Vulnerability scanning
Watching online tutorials download nessus, may be the cause of the network, domestic download very slow, I asked a friend to help me download down
and then pressing the tutorial installation, after installation, scanning drones to obtain the following results
this picture showed his vulnerability
this is the detailed information
this chart shows the development of the port
Practical assignments
Search through search engines own footprint on the Internet and confirm the existence of privacy and sensitive information leakage problem, and if so, propose solutions.
First, I searched my own name directly on Baidu, found the second blog is that I wrote. emmm. Visible, write the best blog or hide their real name is better
Learning problems encountered and solutions
Question 1: nessus download slow
to find a friend to help a bit to download
the issue 2: nessus will not use
school students through the blog and some basic online tutorials, ah, not an idiot
Feelings and learning experience
The learning process takes very long, with a lot of software. The amount of knowledge a little big. This software is practice makes perfect thing, I believe in the constant practice, use of the software will be more skilled.
references
Kali Nessus installation process in detail
Liu's blog who
pay Yuan Yuan students blog