Construction and testing of network attack and defense environment
The construction and testing of the network attack and defense environment mainly includes four virtual machines (windows attack machine and target machine, Linux attack machine and target machine), all of which use NAT mode, set the IP address of the virtual machine to the same network segment, and the Linux attack machine ( IP 192.168.39.141), Linux target machine (IP 192.168.39.140), Windows attack machine (IP 192.168.39.131), Windows target machine (IP 192.168.39.133)
and then mainly test the connectivity between them:
1. Windows target machine ping Windows attack machine
2. Windows target machine ping Linux attack machine
3. Linux target machine ping Windows attack machine
4. Linux target machine ping Linux attack machine
Textbook learning content summary
This week, I learned the relevant content of Chapter 8 "Linux Operating System Security Attack and Defense" in "Network Attack and Defense Technology and Practice", as follows:
An overview of the basic framework of the Linux operating system
1. Development and current situation of Linux operating system
The advantages of Linux are:
Cross-platform hardware support
Rich software support
Multi-user multi-tasking
solid security
good stability
Perfect network function
2, Linux system structure
(Source: http://outdoego.blog.163.com/blog/static/16930182200706111556295/ )
3, Linux operating system security mechanism
Linux authentication mechanism
Linux is a multi-user and multi-task operating system. It implements user identity management by creating multiple role-type users and user groups to ensure that multiple users use the Linux operating system safely.
Linux users:
- Root root user: is the only super user with supreme authority in the system, and can access any files and commands in the operating system
- Ordinary users: intelligently operate the content in their own directories, with limited execution permissions;
- System users: These users do not have the ability to log in to the system
Linux User Groups:
A collection of user accounts with the same characteristics, which is used to simplify the management of user rights in the entire system. User group information is stored in the system's /etc/group file
Linux local login user authentication mechanism:
The basic process is: start getty from the init process to generate several consoles, and display the login on the console. When the user enters the user, getty executes the login process and enters the login authentication process. After the authentication is successful, the login process will fork the corresponding user shell. The child process, completes the login process.
Linux remote login user authentication mechanism:
ssh provides two user authentication mechanisms: the first is password-based authentication, and the second is asymmetric key-based authentication.
Unified identity authentication middleware for Linux - PAM:
PAM supports four management interfaces: authentication management, account management, password management, and session management
Linux authorization and access control mechanism
- The owner of the file:
Indicates that the file belongs to that user, and the uid of the file owner and the gid of the file owner are indicated, and the file owner can be modified by the chown command
- File access rights:
R: For files, it has the right to read the content of the file; for directories, it has the right to browse the directory
W: For files, it has the right to add and modify the content of the file; for directories, it has the right to delete, Permission X for moving files in a directory
: For files, it has the permission to execute the file; for directories, the user has the permission to enter the directory
- Special execute permissions for files:
Common execution permissions: SUID and SGID permissions, SUID permissions allow executable files to be elevated from the identity of the operator to the permissions of the file owner at runtime, and can arbitrarily access all system resources that the file owner can use, and set the SUID bit. When the owner of the file is a privileged user such as Root, this type of program has super privileges
- Shortcomings and improvements of Linux access control mechanism:
The disadvantage is that users can only be divided into three categories: owner, owner's group and other users. It is impossible to achieve more fine-grained permission control. Using POSIX ACLs for Linux kernel patch software can help the Linux kernel. Implement ACL permission management.
4. Linux security audit mechanism
There are three main log subsystem implementations in the security audit mechanism of Linux: connection time log, process statistics log, and error log record.
Linux system remote attack and defense technology
Four ways:
Linux remote password guessing attack
Linux network service remote penetration attack: remote penetration attack on Linux system network service, network protocol stack implementation in Linux kernel, network service in LAMP Web site construction solution, FTP and Samba and other file sharing services , E-mail sending and receiving services
Precautions:
Prohibit all unnecessary network services, try to choose more secure network protocols and service software, and deploy with best security practices, update network service versions in time, use xinetd firewall to add network access control mechanisms for Linux network services, and establish intrusion detection Corresponding planning process for contingency
Attacking Linux client programs and users: attacking Linux platform client programs, attacking Linux system users
Attacking Linux routers and listeners: attacking Linux routers and firewalls, attacking listeners & intrusion detectors
Linux system local security attack and defense technology
Linux native privilege escalation
Crack out the root user's password, and then execute the su or sudo command to elevate.
Explore and exploit vulnerabilities in su or sudo programs.
Attack user-mode SUID privilege escalation vulnerabilities . Exploit
Linux kernel code privilege escalation vulnerabilities
. directory location and take advantage of
Linux system remote control backdoor program
The main types are: Trojanized system programs, command-line backdoor tools, and graphical backdoor tools
Problems encountered in teaching materials and the process of solving them
Requirements: Use the Metasploit penetration testing software to attack the Samba service user_script security vulnerability on the Linux target machine, and obtain the host access rights of the target Linux target machine. (The IP of the target machine selected here is 192.168.39.140)
Step 1: Open the Samba service on the target machine:
Step 2: Open msfconsole in the kali virtual machine, enter the command to use the corresponding service: use exploit/multi/samba/usermap_script, and use the command show options to view the parameters that need to be set:
Step 3: Set the target address to the IP of the target machine (192.168.39.140)
Step 4: Execute the exploit command to infiltrate the attack:
Step 5: After the above steps are executed successfully, a shell will be returned. We can directly enter some commands to get the host access rights of the target machine we need:
Problems and solutions encountered in video learning
Examples of man-in-the-middle attacks:
Set up development port forwarding for kali
Set ssltrip, in order to hijack ssl data, you need to make https data into http, let sslrtrip listen on port 8081
Then use the ettercap man-in-the-middle attack tool. Before using it, we modify the configuration file:
Use the nano command to enter it for editing, change the etc_uid and etc_gid to 0, and remove the comment from the line if you use iptables under the Linux category below, save and exit:
Open ettercap and enter its graphical interface:
Select unified sniffing under sniff. By default, eth0 is used to sniff the network card. Under host, select scan for hosts to scan the intranet information. It is found that 3 hosts are added to the host list:
View the host list in the host list under host:
Add them as targets, the gateway as target 1, the attacked target as target 2, then select arp poisoning on the mitm tab, and choose as follows:
You can select start sniffing under start. Since there is no picture of the computer's xp target machine, the following steps will not give a picture demonstration; if there is a picture, the next step is to open a browser to visit a website, and you will find that it is normal. Generally, it is https, but after being attacked, there is no ssl encryption in front of the URL, which will cause the plaintext of a username to be captured.