20155337 "Network Confrontation" Exp6 Information Collection and Vulnerability Scanning
practice goals
(1) Application of various search techniques
(2) Query of DNS IP registration information
(3) Basic scanning techniques: host discovery, port scanning, OS and service version detection, and enumeration of specific services
(4) Vulnerability Scanning: Can scan, read reports, check vulnerability descriptions, and fix vulnerabilities
1. Answers to basic questions
1. Which organizations are responsible for DNS, IP management
- DNS IP addresses are uniformly allocated and managed by international organizations. The top management is the Internet Corporation for Assigned Names and Numbers (ICANN). Currently, there are 5 regional registries in the world. ARIN is mainly responsible for North America, RIPE is mainly responsible for Europe, APNIC is mainly responsible for Asia Pacific, LACNIC is mainly responsible for Latin America and AFRINIC is mainly responsible for Africa.
2. What is 3R information
- 3R stands for Official Registry, Registrar, Registrar
2. Experimental content
1. Information collection
whois
whois+网址
Enter and view the registered company, service, registered province, fax, telephone and other information in the kali terminal .
dig 或 nslookup
dig+网址
Enter ornslookup+网址
view the IP address corresponding to the URL in the kali terminal .
Search in Baidu to find the specific geographic location of this IP address.
Tracert Routing Probe
The tracert command will display the ip that the data packet passes through, and you can query these routes or the geographic location of the machine through ip.
- Only the gateway is entered under Kali. The
traceroute+IP
reason is that the message returned by the virtual machine network traceroute cannot be mapped to the source IP address, source port, destination IP address, destination port and protocol, so the message cannot be routed back in reverse.
search engine query
- Enter in Baidu's search bar
filetype:xls 关键字 site:edu.cn
to search for URLs with xls format files including keywords.
nmap scan
Enter scan surviving hosts in the Kali terminal
nmap-sn+IP地址
, you can scan a host or a whole network segment of hosts
Enter the address under the Kali terminal to
nmap-sS+IP
scan the open tcp port of the target host, -sS indicates that it belongs to tcp syn scan.
Enter -sU under the Kali terminal to
nmap -sS -sU -top-ports 150 +IP地址
scan UDP ports, and -top-ports 150 to scan the 150 most likely open ports for tcp and udp respectively.
nmap-sV+IP地址
Enter the service version of the detection target host under the Kali terminal .
Enter the address under the Kali terminal to nmap -O IP
detect the operating system of the target host.
Vulnerability Scan
- openvas configuration
apt-get install openvas
After installing openvas, enter in Kaliopenvas-check-setup
to view the installation status of openvas:
Enter
openvas-check-setup
the command again, and you can see that the openvas installation is successful.
Enter
openvasmd --user=admin --new-password=20155337
the command to add a user account and password.Enter to
openvas-start
open openvas. Will automatically jump to the webpage https://127.0.0.1:9392
When you open the home page for the first time, it prompts an error such as the link is not safe. You need to open Advanced, click the lower left corner,
https://127.0.0.1:9392
set it as a trusted site, and you can open it normally.Scan target hosts