2017-2018-2 20155233 "Network Countermeasure Technology" Exp6: Information Collection and Vulnerability Scanning

Others 2022-04-27 13:47:35 views: 0

Mining the information of the target website by DNS and IP

  • whois query: used to query domain name registration information to obtain 3R registration information, including the registrant's name, organization, city and other information. (Remove prefixes such as www when doing whois query, because when registering a domain name, an upper-level domain name is usually registered, and the subdomain name is managed by its own domain name server, which may not be queried in the whois database)

  • nslookup, dig query: nslookup can get the result of the cache saved by the DNS resolution server, but it is not necessarily accurate. dig can query exact results from official DNS servers.

  • Use shodansearch engine to query to get registration information

  • Geolocation query using IP2Location

  • Anti-domain query by IP

  • tracert route detection


(Because the virtual machine uses a NAT connection, the TTL exceeded message returned by traceroute cannot be mapped to the source IP address, source port, destination IP address, destination port and protocol, so the message cannot be routed back through reverse NAT, so under Windows Re-probe, and query the location of these routes through the online ip query tool)

search engine query technology

  • filetype:xxx NAME site:xxx.xxxQuery using the search command format

  • netdiscover discovery: under linux, you can directly perform host detection on the private network segment by executing the netdiscover command

  • nmap scan:
  1. Use the nmap –sn command to scan for active hosts

  1. Use the TCP SYN method to scan the target host 192.168.241.134

  1. Scan port information using UDP protocol

  1. Scan the operating system and you can see that the operating system used by the target host is (as shown in the figure)

  1. Scanning of version information for Microsoft-specific services

smb service enumeration

  • Use the msfconsole command to enter msf, and then enter the search _version command to query the available enumeration auxiliary modules

  • Enter use auxiliary/scanner/smb/smb_versionand configure parameters

  • exploit to scan

Vulnerability Scan

  • openvas-check-setupInstall correctly and check the installation status with the instructions

  • Use the command to openvasmd --user admin --new-password 20155233add the admin user, and then enter to openvas-startopen openvas:

  • The browser pops up a webpage, enter the password to log in, scan, and the result is as follows

basic question answer

  • Which organizations are responsible for DNS, IP management?
  1. The global root servers are managed by ICANN, which is authorized by the US government, and is responsible for the management of global domain name root servers, DNS and IP addresses.
  2. Global root domain name servers: the vast majority are in Europe and North America (13 worldwide, numbered with A~M), and China only has mirror servers (backup).
  3. There are five regional registries in the world: ARIN is mainly responsible for North America, RIPE is mainly responsible for Europe, APNIC is mainly responsible for Asia Pacific, LACNIC is mainly responsible for Latin America, and AfriNIC is responsible for Africa.
  • What is 3R information?
  1. 3R is the registrant (Registrant), the registrar (Registrar), the official registry (Registry)
  2. The 3R registration information is scattered in the official registry or in the database maintained by the registrar. The official registry generally provides the registrar and Referral URL information, and the specific registration information is generally located in the registrar database.

Experimental experience

  • The process of this experiment is simple, but the process of installing OpenVAS is really a headache. First, you have to update the kali system, and then you can install and configure OpenVAS. However, you still encounter such and other problems during the configuration process, so the difficulty is relatively It is recommended to go to the Internet to find a solution to solve the problem when encountering an error. This is also a major difficulty in this experiment. Through scanning and other means, I learned that the environment of my system is relatively safe, and there are not too many loopholes, but this How trustworthy the scanning tool is is unknown.

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325629721&siteId=291194637
Recommended
Ranking
Electric Motor Manufacturer - What Is An Asynchronous Motor?
Operating System (2) - the physical memory (continuous non-continuous) administration
PAT B 1013 (JAVA) - Long brush brother's title path
Java multi-threading (XIII): Thread Pool
gitignre
agc047_a A-Integer Product Mathematical Ideas
Bitcoin block structure Merkle tree and simple payment verification analysis
当技术重构遇上DDD,如何实现业务、技术双赢?
java.lang.IllegalArgumentException: Comparison method violates its general contract!
How to deal with the problem of data skew in Spark tasks?
Daily
More
2024-07-04(0)
2024-07-03(0)
2024-07-02(0)
2024-07-01(0)
2024-06-30(0)
2024-06-29(0)
2024-06-28(0)
2024-06-27(0)
2024-06-26(0)
2024-06-25(0)

Code World

© 2018 codetd.com