渗透攻击实验

《渗透攻击实验》由会员上传分享，免费在线阅读，更多相关内容在工程资料-天天文库。

1、渗透攻击实验K攻防对抗环境设计环境说明:1）环境区域划分说明:红方区域为攻击方;2）蓝方网络分布说明：Gateway为蓝方的边界网关设备，具有防火墙和路由设备的功能；Server为蓝方的重要服务器，存放有重要文件;PCI、PC2为蓝方内部的办公终端，可以访问NET、Gateway和Server；3）网络区域访问控制说明:蓝方内部允许Gateway访问PCI、PC2和Server；允许PCI、PC2访问NET、Gateway；禁止蓝方的Server访问NET；4）攻防目的：红方需要渗透蓝方网络，获取蓝方服务器上的文件;红

2、方在蓝方安放后门，控制蓝方服务器。需求软件:nessus*nmap>nc.exe.dns.exe*FtpServer>framework・32exe（待定）*open3389shutdown3389.bat2.攻击路径设计攻击路径红方一渗透一〉Gatew町一渗透一〉蓝方Server服务器红方利用nessus扫描蓝方网络,发现Gateway的弱点;红方利用对弱点的攻击，获取对Gateway的控制权;红方将Gateway作为跳板，利用Gateway对蓝方Server进行探测,发现Server的弱点；红方利用Gat

3、eway对Server的弱点进行攻击，获取对Server的控制权；红方在Server±安放后门，获取服务器上的文件。3.攻击路径1实验步骤1）红方利用nessus扫描蓝方网络TenableNessusSecurityReportStartTime:WedJun0309:15:062009FinishTime:WedJun0309:21:012009172.20.54.44general/icmpSynopsis:Therennotehostleaksmemoryinnetworkpackets・Description:

4、Theremotehostisvulnerabletoan^therleak*-theremoteethernetdriverseemstoleakbitsofthecontentofthememoryoftheremoteoperatingsystem.Notethatanattackermaytakeadvantagwofthisflawonlywhenitstargetisonthesamephysicalsubnet.SeeAlso:http://www.atstake.comyresearch/aclviso

5、nes/2003/a010603■:1txtdomain(53/udp)Synopsis:TheremoteDNSserverisvulnerabletocachesnoopingattacks.Description:TheremoteDNSserverrespondstoqueriesforthird-partydomainswhichdonothavetherecursionbitset.Thismayallowaremoteattackertodeterminewhichdomainshaverecentlyb

6、eenresolvedviathisnameserver,andthereforewhichhostshavebeenrecentlyvisited・Forinstance”ifanattackerwasinterestedinwhetheryourcompanyutilizestheonlineservicesofaparticularfinancialinstitution,theywouldbeabletousethisattacktobuildastatisticalmodelregardingconipany

7、usageofthatfinancialinstitution.Ofcourse,,theattackcanalsobeusedtofindB2Bpartners,web-surfingpatterns,externmlmailservers,andmore...SeeAlso:ForamuchmoredetaileddiscussionofthepotentialrisksofallowingDNScacheinformationtobequeriedanonymously,pleasesee:http://www.

8、rootsecure.net/content/downloads/Ddfydnscachesnoopinq-Ddf2）红方分析nessus扫描报告，选择Gateway开放的DNS服务（53端口）进行弱点测试使用工具：dns.exe测试命令：dns-s目标机IPF：Personl_research(20090602)>dns-s1