20155311 "Network Confrontation" Information Collection and Vulnerability Scanning

20155311 "Network Confrontation" Information Collection and Vulnerability Scanning

experiment procedure

Information collection

• whois

Enter the whois URL in the kali terminal to view the registered company, service, registered province, fax, telephone and other information.

The following is the same

• dig 或 nslookup

Enter the dig URL or nslookup URL in the kali terminal, and you can view the IP address corresponding to the URL.

• Tracert Routing Probe

The tracert command will display the ip that the data packet passes through, and you can query these routes or the geographic location of the machine through ip.

Entering the Tracert IP address under my host Windows 10 shows several ip's that have been walked through.

The routes or geographic locations corresponding to these IPs can be queried on the network.

But enter the traceroute IP address under Kali, there is only one gateway

After I understand it, I feel that the reason is that the message returned by the virtual machine network traceroute cannot be mapped to the source IP address, source port, destination IP address, destination port and protocol, so the message cannot be routed back in reverse.

• search engine query

Enter filetype:xls keyword site:edu.cn in Baidu's search bar to search for URLs with xls format files including keywords.

• nmap scan

• Enter nmap -sn IP address in the Kali terminal to scan the surviving host. It can scan a host or a whole network segment. I scanned a whole host including my Win 10 host and xp virtual machine. Network segment, got the following results:
  Scan to my win 10 host and vm virtual machine win xp

• Enter nmap -sS IP address in the Kali terminal to scan the open tcp port of the target host, -sS indicates that it belongs to tcp syn scan.
  Scanned the virtual machine xp system and the host win 10 system respectively, and found the status of different tcp ports and the services provided

• Enter nmap -sS -sU -top-ports 150 IP address under Kali terminal, -sU means to scan UDP ports, -top-ports 150 means to scan the 150 most likely open ports for tcp and udp respectively.

• Enter nmap -sV IP address in the Kali terminal to check the service version of the target host.

It can be seen that the service version of the win 10 host and the win xp virtual machine is very different. It can be speculated on the system and system version used.

• Enter nmap -O IP address in the Kali terminal to detect the operating system of the target host.

The operating system of win xp is scanned very well

Win 10 is not so easy

Vulnerability Scan

• openvas configuration (re-enable the kali virtual machine given by the teacher)

Enter openvas-check-setup in Kali to check the installation status of openvas:

Check and find an error:

We can solve the error by entering the command according to the prompt
openvas-check-setup
openvasmd --migrate
openvas-manage-certs -a
openvas-manage-certs -a -f
openvasmd
openvas-check-setup

Enter the openvas-check-setup command again, and you can see that the openvas installation is successful.

Enter the openvasmd --user=admin --new-password=20155305 command to add a user account and password.

Type openvas-start to start openvas. Will automatically jump to the webpage https://127.0.0.1:9392

When opening the home page for the first time, an error such as the link is not safe, you need to open Advanced, click the lower left corner, and set https://127.0.0.1:9392 as a trusted site, and you can open it normally.

• Scan target hosts

The login interface has automatically displayed the account we just added, enter the password, click login to jump to the interface with many scanning tasks.

Select Tasks under the scan menu, you can see the following results

Select task wizard under the Wizard (a purple icon) menu, enter the IP of the target host in the scan bar, and start scanning the target host.

First look at my win 10 host is medium after scan is complete

At this time, we click on our scan results to open the result

You can view an advanced vulnerability of the scanned target host. And you can see the relevant ports of all vulnerabilities (the port of this advanced vulnerability is general/tcp)

Click the vulnerability name to see the specific information of the vulnerability.

Or click full and fast when entering the scan information of the target machine to view

At this time, I am more curious about the vulnerability of my win10 host. I
found a vulnerability called 3CTftpSvc TFTP Server Long Mode Buffer Overflow Vulnerability Level 10

• Close openvas.

Experimental experience

Through this experiment, I have a certain understanding and mastery of the means, methods and methods of information collection. In fact, it is the "human flesh" IP and various information of the computer. As the saying goes, knowing oneself and knowing one's enemy is the only way to be safe in a hundred battles. Only by knowing the opponent In order to "prescribe the right medicine". In addition, it also makes us clearly feel that there is no privacy in the Internet information age. If we connect to any network, our location and information will be exposed. Of course, science and technology are neither good nor bad, it depends on how we regulate and use them.