20,199,113 2019-2020-2 "network attack and defense practice," the third week of work

Others 2020-03-18 14:12:52 views: null

20,199,113 2019-2020-2 "network attack and defense practice," the third week of work

1. Practice content

1.1 Network Capitol

Before the start of the attack, the organization obtained through surveys or some personal information. Organizational details such as the specific use of the domain name, network address range, directly accessible on the Internet IP address and network services. For individuals, you can check the identity information, contact information and some personal privacy for individuals after the invasion, fully prepared.

(1) web searching and mining information

(2) DNS queries and IP

(3) Network Topology Investigation

1.2 Network Scanning

The purpose is to detect network scanning the target network to find as many connections as the target, further probing security vulnerabilities that may exist. It is divided into several parts host scans, port scans, vulnerability scanning, OS / network services and other identification.

1.3 Network enumeration

It is identified weaknesses more specific and sufficient exploration, to find the key data entry can really attack, and attack the project needs. Enumeration is an active network connection to the target host, it will be logged. The main preventive measure network service enumeration or should give up using an insecure network protocols, to close unnecessary network services, and enhanced security configuration. Commonly used network technologies, including Internet service enumeration flag capture, enumeration common network services, like UNIX platform network service enumeration, Windows platform networking services enumeration.

2. practice

2.1  Network Capitol

2.1.1 Advanced Search and Mining Skills

 

 

 

 2.1.2 DNS query and ip

DNS and IP infrastructure management
ICANN: based on primarily responsible for coordinating the Internet several types of identifiers assigned work, including the DNS domain name, IP address and network communication protocol parameter index and a port number, and maintains the mapping between is to ensure the key premise of the normal operation of the Internet.
ASO: responsible for the uniform distribution of IP addresses
GNSO: responsible for general entry-level domain names in the distribution, including .com, .net, .edu, .org and .info
CNNSO: ccTLD domain responsible for the distribution, including .cn, .us Wait

First visit whoisSoft.com information about the baidu.com URL query. We can get DNS registrant and contact information

 

 Open cmd use nslookup baidu.comquery IP address

 

 In whoisSoft.com obtain specific information input ip 220.181.28.148

 

 2.1.3 attempt by BBS \ QQ \ MSN buddy query the IP address and location

Open Resource Monitor, select weixin.exe, try to send a message with a friend, the other replies can obtain its IP address, phone data transmission will be more

 

 

 

 Find IP WHOIS

 

 

2.2 nmap use

Open source software for use nmap to scan the environment drone, answer the following questions and give operational commands

1. drone IP address is active

2. What drone open TCP and UDP ports

3. What operating system installed drone? What version number?

What network services are installed on a 4 target drone

 

 Check drone IP is active

 

 View open TCP port drone

 

 Check your operating system and version number installed drone

 

 View drone installed network services

 

 

Nessus practice

 Nessus to use drones to scan the environment, replied: open those ports on the drone, there are loopholes network services on each port drone.

 Use Windows Nessus attack machine tools, type in the browser address https: // localhost: 8834 login user name is administrator, password is mima1234

 

Click Policies, click Add to add a scanning strategy, after adding software to re-enter it, otherwise it can not be the next step

 

 

 Add a scan

Scan results are as follows

 

 

 

 

3. Practice jobs

Search your footprint online via search engines, and confirm himself privacy and information leaks.

 

 

4. learning problems and solutions encountered

Nessus can not be installed on kali, also attempts. . .

View drone open TCP port following problems.

 

 

5. practice summary

Learn a lot through practice, there are some small problems can be solved through the efforts, and finally thanks Sunqi Long and Huang Xuanxi students guidance and help! !

 

Guess you like

Origin www.cnblogs.com/yz0218/p/12516907.html
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com