20155217 "Network Confrontation" Exp06 Information Collection and Vulnerability Scanning

Others 2022-04-23 01:36:08 views: 0

20155217 "Network Confrontation" Exp06 Information Collection and Vulnerability Scanning

Practical content

  • Application of various search techniques
  • Query of DNS IP registration information
  • Basic scanning techniques: host discovery, port scanning, OS and service version detection, enumeration of specific services
  • Vulnerability Scanning: Can scan, read reports, check vulnerability descriptions, and patch vulnerabilities

collect message

Mining the information of the target website by DNS and IP

whois query
  • By whoisquerying the DNSregistrant and contact information, you can see the registered company, server, and related information of the registrant and administrator:

nslookup query
  • nslookupTo query ip地址:

  • Then you can search for the specific geographic location of this IP address in Baidu:

dig query
  • Used todig look up IP addresses: dig can look up exact results from official DNS servers:

Information collection through search engines

Search for a specific type of file
  • We can use search engines such as Baidu to query the information we want.
  • In Baidu's search bar, enter filetype:文件格式 关键字 site:edu.cnthe URL that can search for files with a specific format including keywords:

IP route reconnaissance
  • TracertThe command will display the routes that the data packets pass through ip, and these routes or the geographic location of the machine can be queried by ip:

Search URL directory structure: dir_scanner
  • You can query the website directory structure:

Host Probing and Port Scanning

Active host scan

ICMP Ping Command
  • ping baidu.com

Nmap detection
  • nmap -snScan host:

  • It can be seen that 4 hosts are active.
  • nmap -sS ip地址Do a port scan: Scan the open TCP ports of the target host:

  • It was found that there were no open ports. Baidu later learned that the default port of the ssh link is 22. After the system is installed, it is not enabled by default, and the configuration file needs to be modified.
vim /etc/ssh/sshd_config

找到#PasswordAuthentication yes    把#的注释去掉

将PermitRootLogin without-password修改为:PermitRootLogin yes

然后启动ssh服务:/etc/init.d/ssh start

  • nmap -sV IP地址Detect the service version of the target host:

  • nmap -ODetect the operating system of the target host:

  • nmap -sS -sU -top-ports 150 IP地址: Scan the 150 most likely open ports for tcp and udp:

Module in metasploit: arp_sweep
  • arp_sweepUse ARP requests to enumerate active hosts on the local LAN:

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325351860&siteId=291194637
Recommended
Ranking
element
The difference and advantages of video interview and traditional interview
Title【2002】
【Python pypinyin】--2019-08-06 16:16:55
docker pull image error: ‘invalid checksum digest format‘
ubuntu system: Install python on ubuntu22.04 and set system environment variables
October self-examination is the end and the beginning
Reptile error occurs gbk
The realization of the string function
--- CSS --- beautify the front page elements
Daily
More
2024-08-31(0)
2024-08-30(0)
2024-08-29(0)
2024-08-28(0)
2024-08-27(0)
2024-08-26(0)
2024-08-25(0)
2024-08-24(0)
2024-08-23(0)
2024-08-22(0)

Code World

© 2018 codetd.com