20155337 "Network Confrontation" Exp6 Information Collection and Vulnerability Scanning

practice goals

(1) Application of various search techniques

(2) Query of DNS IP registration information

(3) Basic scanning techniques: host discovery, port scanning, OS and service version detection, and enumeration of specific services

(4) Vulnerability Scanning: Can scan, read reports, check vulnerability descriptions, and fix vulnerabilities

1. Answers to basic questions

1. Which organizations are responsible for DNS, IP management

DNS IP addresses are uniformly allocated and managed by international organizations. The top management is the Internet Corporation for Assigned Names and Numbers (ICANN). Currently, there are 5 regional registries in the world. ARIN is mainly responsible for North America, RIPE is mainly responsible for Europe, APNIC is mainly responsible for Asia Pacific, LACNIC is mainly responsible for Latin America and AFRINIC is mainly responsible for Africa.

2. What is 3R information

3R stands for Official Registry, Registrar, Registrar

2. Experimental content

1. Information collection

whois

whois+网址Enter and view the registered company, service, registered province, fax, telephone and other information in the kali terminal .

dig 或 nslookup

dig+网址Enter or nslookup+网址view the IP address corresponding to the URL in the kali terminal .

Search in Baidu to find the specific geographic location of this IP address.

Tracert Routing Probe

The tracert command will display the ip that the data packet passes through, and you can query these routes or the geographic location of the machine through ip.

Only the gateway is entered under Kali. The traceroute+IPreason is that the message returned by the virtual machine network traceroute cannot be mapped to the source IP address, source port, destination IP address, destination port and protocol, so the message cannot be routed back in reverse.

search engine query

Enter in Baidu's search bar filetype:xls 关键字 site:edu.cnto search for URLs with xls format files including keywords.

nmap scan

Enter scan surviving hosts in the Kali terminal nmap-sn+IP地址, you can scan a host or a whole network segment of hosts
Enter the address under the Kali terminal to nmap-sS+IPscan the open tcp port of the target host, -sS indicates that it belongs to tcp syn scan.
Enter -sU under the Kali terminal to nmap -sS -sU -top-ports 150 +IP地址scan UDP ports, and -top-ports 150 to scan the 150 most likely open ports for tcp and udp respectively.
nmap-sV+IP地址Enter the service version of the detection target host under the Kali terminal .

Enter the address under the Kali terminal to nmap -O IPdetect the operating system of the target host.

Vulnerability Scan

openvas configuration
apt-get install openvasAfter installing openvas, enter in Kali openvas-check-setupto view the installation status of openvas:
Enter openvas-check-setupthe command again, and you can see that the openvas installation is successful.

Enter openvasmd --user=admin --new-password=20155337the command to add a user account and password.
Enter to openvas-startopen openvas. Will automatically jump to the webpage https://127.0.0.1:9392

When you open the home page for the first time, it prompts an error such as the link is not safe. You need to open Advanced, click the lower left corner, https://127.0.0.1:9392set it as a trusted site, and you can open it normally.
Scan target hosts