20154307 "Network Confrontation" Exp6 Information Collection and Vulnerability Scanning

Others 2022-04-23 09:59:30 views: 0

20154307 "Network Confrontation" Exp6 Information Collection and Vulnerability Scanning

1. Answers to basic questions

(1) Which organizations are responsible for the management of DNS and IP.

A: The global root servers are managed by ICANN, which is authorized by the US government, and is responsible for the management of global domain name root servers, DNS and IP addresses.

Global root domain name servers: the vast majority are in Europe and North America (13 worldwide, numbered with A~M), and China only has mirror servers (backup).

There are 5 regional registries worldwide:

1. ARIN is mainly responsible for business in North America

2. RIPE is mainly responsible for business in Europe

3. APNIC is mainly responsible for business in the Asia-Pacific region

4.LACNIC is mainly responsible for Latin America business

5.AfriNIC is responsible for the business in Africa

(2) What is 3R information.

The 3Rs are

Registrant

Registrar

Official Registry (Registry)

(3) Evaluate the accuracy of the scan results.

The accuracy of each different scanning tool is different, but they are all quite accurate. It's really like complaining about openvas. The installation and configuration environment is really troublesome. . . .

2. Experimental content

2.1whois query

whois checked the Hangzhou government network

I saw the 3r information, as well as the server registration time information. . . .

2.2nslookup and dig query

I used nslookup and dig respectively

I found that the address information is 113.200.91.197, and then I started to find the IP address. The following are several ways to find the IP address

I used sodan search engine first

The address turned out to be Xi'an. . . . .

ip reverse domain name query

This is the IP address searched by Baidu

2.3tracert route detection

I first used it on kali to traceroute 113.200.91.197see the forwarding path

The result seems to be invisible. . . .

So I looked at the forwarding path in win7

Then I checked the source of each ip online. . .

2.4 Search engine query technology

It seems that there are not many ppts about the network

Physics is a lot

2.5netdiscover query

Use netdiscoverhost detection on private network segments

2.6 The use of nmap scan ports

Enter nmap -sn 192.168.120.*to find active hosts under this network segment

found four

tcp port scan for 192.168.120.1

I tried other host's ip, no open tcp port was found

udp port scan for host

Send tcp ack packets for detection, you can detect whether the host is alive

Scan the host's operating system

You can see that the operating system is win7

Scanning of host Microsoft service version information

2.7 smb service enumeration

Enter msf mode, search_versionand find the auxiliary module of smb.

Modify the parameters, and then run, you can see the host smb version information win7 sp1

2.8 openvas vulnerability scan

After installing openvas many times, it was not installed, and kali crashed several times, so I scanned my win7 vulnerability on the computer of my classmate. . .

Click full and fast to view its details

Here I chose brute force attacks

On the net I found an explanation about brute force attacks:

A brute force attack is a trial-and-error method used to obtain information, such as user passwords or personal identification numbers (PINs). During a brute force attack, automated software is used to generate a large number of consecutive guesses of the value of the required data. Brute force attacks can be used by criminals or by cybersecurity analysts passing security testing organizations to crack encrypted data.

I went in and saw nine loopholes

So I chose a vulnerability with the highest risk factor

This script attempts to authenticate to the VNC server with the password set in the password preferences.

Some VNC services have a blacklist scheme that blocks IP addresses after five unsuccessful connection attempts over a period of time. The script will abort the brute force attack if it is blocked. Also note that passwords can be up to 8 characters.

I don't understand this vulnerability very well, it is probably a vulnerability of remote connection brute force login. . . . .

3. Experimental summary and experience

This experiment is a scanning of computer information (port opening, software version, etc.) to collect vulnerabilities. For attackers, vulnerability scanning and information scanning are necessary. As far as users are concerned, it is the most critical to protect their own host information, properly close unnecessary ports, and promptly repair the loopholes in their own hosts, so as to prevent them from being attacked. . .

Since I have been preparing for the exam this week, the time is tight, and the offensive and defensive experiments have been delayed again and again, so I am very sorry for the late completion. . . .

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325527424&siteId=291194637
Recommended
Ranking
element
The difference and advantages of video interview and traditional interview
Title【2002】
【Python pypinyin】--2019-08-06 16:16:55
docker pull image error: ‘invalid checksum digest format‘
ubuntu system: Install python on ubuntu22.04 and set system environment variables
October self-examination is the end and the beginning
Reptile error occurs gbk
The realization of the string function
--- CSS --- beautify the front page elements
Daily
More
2024-08-31(0)
2024-08-30(0)
2024-08-29(0)
2024-08-28(0)
2024-08-27(0)
2024-08-26(0)
2024-08-25(0)
2024-08-24(0)
2024-08-23(0)
2024-08-22(0)

Code World

© 2018 codetd.com