20155338 "Network Confrontation" Exp6 Information Collection and Vulnerability Scanning

20155338 "Network Confrontation" Exp6 Information Collection and Vulnerability Scanning

experiment procedure

Peripheral information collection

(1) Whois domain name registration information query

• The following is the result of searching hao123.com

The same is true for the following

(2) nslookup, dig domain name query

• nslookup can get the result of the cache saved by the DNS resolution server, but it is not necessarily accurate. Dig can query accurate results from the official DNS server, so the results of dig queries are generally more accurate.

• Enter the dig URL or nslookup URL in the kali terminal, you can view the IP address corresponding to the URL

• You can also search for the specific geographic location of this IP address in Baidu.

• Tracert Routing Probe

The tracert command will display the ip that the data packet passes through, and you can query these routes or the geographic location of the machine through ip.
Entering the Tracert IP address under my host Windows 10 shows several ip's that have been walked through.

The routes or geographic locations corresponding to these IPs can be queried on the network.

• Enter the traceroute domain name in kali to view the results

• When traceroute, some lines are indicated by asterisks. In such a situation, it may be that Youku's firewall blocked the return information of ICMP, so we can't get any relevant packet return data.

• search engine query

In Baidu's search bar, filetype:xls 关键字 site:edu.cnyou can search for URLs with xls format files including keywords.

• nmap scan

Enter scan surviving hosts under the Kali terminal. nmap -sn IP地址You can scan a host or a whole network segment of hosts. I scanned the network segments included in my XP virtual machine, and the results are as follows:

• Enter nmap -sS IP address in the Kali terminal to scan the open tcp port of the target host, -sS indicates that it belongs to tcp syn scan.
  I scanned the XP virtual machine and found the status of the tcp ports and the services provided

• Enter under the Kali terminal to scan UDP ports, which nmap -sS -sU -top-ports 150 IP地址means to scan the 150 most likely open ports for tcp and udp respectively.-sU-top-ports 150

• nmap -sV IP地址Enter the service version of the detection target host under the Kali terminal .

• nmap -O IP地址Enter the operating system of the detection target host under the Kali terminal .

Vulnerability Scan

• Type ` in Kali openvas-check-setupto view the installation status of openvas:

As shown in the figure, there is an error, we can enter the command according to the prompt to solve the error

openvasmd --migrate
openvas-manage-certs -a
openvas-manage-certs -a -f
openvasmd
openvas-check-setup

After entering the command shown above, you can see that the openvas installation is successful.

• Enter openvasmd --user=admin --new-password=20155338the command to add a user account and password.

• Enter to openvas-startopen openvas. will automatically jump to the pagehttps://127.0.0.1:9392

When you open the home page for the first time, it prompts an error such as the link is not safe. You need to open Advanced, click the lower left corner, https://127.0.0.1:9392set it as a trusted site, and then open it normally.

• Scan target hosts

The login interface has automatically displayed the account we just added, enter the password, click login to jump to the interface with many scanning tasks.

• Select Tasks under the scan menu, you can see the following results

• Select task wizard under the Wizard (a purple icon) menu, enter the IP of the target host in the scan bar, and start scanning the target host.

Because my computer's memory and network speed are too slow, my target host xp has been stopped at 1%, so I have to use the following IP for 192.168.20.150analysis.

The severity of its vulnerability has reached a level of 9.0

• At this time, we click on our scan results to open the result

You can view information about the vulnerabilities of the target host scanned. And you can see the relevant ports of all vulnerabilities

• Click the vulnerability name to see the specific information of the vulnerability.

Answer questions after the experiment

(1) Which organizations are responsible for the management of DNS and IP

A: The US government authorizes ICANN to uniformly manage global root servers and is responsible for global domain name root servers, DNS and IP address management. The vast majority of global root domain name servers are located in Europe and North America.

There are five regional registries in the world: ARIN is mainly responsible for North America, RIPE is mainly responsible for Europe, APNIC is mainly responsible for Asia Pacific, LACNIC is mainly responsible for Latin America, and AfriNIC is responsible for Africa.

(2) What is 3R information?

A: Refers to the registrant (Registrant), the registrar (Registrar) and the official registry (Registry).

(3) The accuracy of the scan results under evaluation

A: I'm sorry, my computer's memory is too full, and the internet speed is so slow that I can't get the scan results. However, I used my classmate's computer to scan his win7, and the vulnerability scan results are very high. Today, it is used by us to do PKI related experiments, and the security factor such as network firewall has been reduced to the lowest level. The accuracy of the scan results should still be very high.

Experiment summary and experience

The experiment was generally smooth sailing, except for my computer. . . . . . Emmmm is really worrying about this memory, but I still learned a lot of ways to check vulnerabilities, including system vulnerabilities, which I feel is still very useful.