20155331 "Network Confrontation" Exp6 Information Collection and Vulnerability Scanning

lab question answer

Which organizations are responsible for DNS, IP management

A: The US government authorizes ICANN to manage the global root servers in a unified manner, and is responsible for the management of global domain name root servers, DNS and IP addresses. The vast majority of global root domain name servers are located in Europe and North America, and China only has mirror servers. There are five regional registries in the world: ARIN is mainly responsible for North America, RIPE is mainly responsible for Europe, APNIC is mainly responsible for Asia Pacific, LACNIC is mainly responsible for Latin America, and AfriNIC is responsible for Africa.

What is 3R information?

3R registration information: registrant-registrar-official registry, which can be queried through the whois command.

Experimental experience

This time, the experiment is relatively easy to follow the steps, and there are no problems. The happiest thing is that there is no need to open a virtual machine, and the computer is not stuck! This experiment uses a variety of different methods to scan the target host for vulnerabilities, starting from the most common search engine, to the command line built-in command to query IP and track the direction of data packets, and then to use tools such as nmap and openvas to implement fixed-point Host or formulation aspects of the scan. The focus of the experiment is to learn to use various scanning techniques, which for us is not only to learn how to scan, but also to learn how to analyze the results of scanning.

experiment procedure

Information collection

whois

Enter the whois URL in the kali terminal to view the registered company, service, registered province, fax, telephone and other information. Here, we query Baidu's IP information.

dig 或 nslookup

Enter the command dig URL or nslookup URL on kali to view the IP address corresponding to the URL

The IP can then be queried on the website

Tracert Routing Probe

emmmm ....

Because the virtual machine does not work, so this uses the host

The tracert command will display the IP that the data packet passes through, and you can query these routes or the geographic location of the machine through the IP.

Then you can enter these IPs on Baidu to find out the specific addresses of the routers passing through:

search engine query

Enter filetype:pdf information site:edu.cn in Baidu's search bar to search for URLs with DOC format files including keywords

nmap scan

Scan hosts on the same network segment

You can find your own host that can be scanned

Use the TCP/SYN method to scan your own kali machine:

Enter nmap -sS -sU -top-ports 50 IP address in Kali terminal to scan the 50 most likely open ports for tcp and udp respectively

Enter nmap -sV IP address in the Kali terminal to find the service version number of the target host

Enter nmap -O IP address in the Kali terminal to detect the operating system of the target host

Vulnerability Scan

Enter openvas-check-setup in Kali to check the installation status of openvas:

If there is an error, modify it according to the FIX prompt, and the

modification is successful.

Enter the openvasmd --user=admin --new-password=20155321 command to add the user account admin and password (student number)

Enter openvas-start to start openvas

When it is opened for the first time, it is prompted that it is not safe. Click Advanced to set https://127.0.0.1:9392 as a trusted site and

successfully log in to the website.