20155220 Wu Siqi Exp6 Information Collection and Vulnerability Scanning
basic question answer
1. Which organizations are responsible for DNS, IP management.
The top management is the Internet Corporation for Assigned Names and Numbers (ICANN).
Currently, there are 5 regional registries in the world:
ARIN is mainly responsible for North America business
RIPE is mainly responsible for Europe business
APNIC is mainly responsible for Asia Pacific business
LACNIC is mainly responsible for Latin America and America business
AfriNIC is mainly responsible for Africa business.
The ICANN Board is the core authority of ICANN. It has three supporting organizations:
1. The Address Support Organization (ASO) is responsible for the management of the IP address system.
2. The Domain Name Supporting Organization (DNSO) is responsible for the management of the Domain Name System (DNS) on the Internet.
3. The Protocol Support Organization (PSO) is responsible for the assignment of unique parameters involving Internet Protocol.
2. What is 3R information.
Registrant: the registrant
Registrar: Registrar
Registry: Official Registry
carry out the practice process
1. Information collection
"whois query"
whois is used to query domain name registration information. 3R registration information can be queried by inputting in the terminal whois cnblogs.com
, including the registrant's name, organization and city.
can see the server
and registration information:
2. "nslookup, dig domain name query"
1. The ip address corresponding to the website can be obtained by the dig command or the nslookup command
Here are a few tools for querying IP address details:
2. Obtain the specific location of this ip through Baidu IP query
3. You can also use the sodan search engine for relevant information
4. You can also use IP-ADDRESS to query
"Search URL directory structure"
automated tools: metasploit's brute_dirs, dir_listing, dir_scanner and other auxiliary modules, mainly for violent guessing. Take dir_scanner as an example, enter the following commands in sequence:
use auxiliary/scanner/http/dir_scanner
set THREADS 50
set RHOSTS www.phpluntan.com
exploit
Indicates that there is no open browsing permission.
"Detect specific types of files"
Baidu and download the required documents,
"Use the traceroute command for route detection"
traceroute www.baidu.com
Use to detect the route passed under Linux :
Re-detect using tracert www.baidu.com under Windows:
Active host scan
nmap scan
Do a TCP port scan on a specific host
Scan the UDP protocol port information of a specific host
Scan a specific host operating system
smb service enumeration
1. msfconsole
Enter msf, auxiliary module of search smb_version
search querysmb_version
2. use auxiliary/scanner/smb/smb_version
Use auxiliary modules and configure them
Vulnerability Scan
1. Update kali
apt-get update apt-get dist-upgrade
2. Install OpenVAS
Start the service with openvas-start
When opening the home page for the first time, an error such as the link is not safe, you need to open Advanced, click the lower left corner, and set https://127.0.0.1:9392 as a trusted site, and you can open it normally.
Click login to jump to the interface with many scanning tasks.
Create a new task and start scanning
Select Tasks in the menu bar:
After entering, click Task Wizard to create a new task wizard, enter the IP address of the host to be scanned in the column, and click Start Scans to confirm to start scanning.
Scan is complete:
View and analyze scan results
Open the details of the scan result as shown below:
clickFull and fast
Take Buffer overflow as an example, click to view the detailed results:
Experimental experience and perception
I completed this experiment according to the corresponding steps. Through this experiment, I have a new understanding of the security of personal information, and have a deeper understanding of the functions of information collection and vulnerability scanning in network attack and defense.