目录
一,靶场环境搭建
1.1,网络拓扑结构图
1.2,搭建简易的网络攻防实验靶场环境,包括:
- 使用honeyd软件实现低交互模拟蜜罐,要求能够模拟主机、服务、漏洞和网络拓扑。
- 多台具有不同类型漏洞的虚拟机系统。
- 具有漏洞学校站点类型的Web网站系统。
1.3,网络靶场攻击渗透测试,包括:
- 使用扫描工具对网络靶场进行探测扫描,获取主机信息,分析发现漏洞信息
- 使用metasploit等攻击工具对网络靶场进行攻击,达到获取管理员权限、进程操作、窃取数据库密码、篡改管理员密码、被迫蓝屏、等攻击效果
1.4,网络靶场攻击检测
- 在honeyd模拟蜜罐观察到访问记录
- 虚拟机上部署入侵检测工具snort,检测并采集攻击信息,通过日志文件、告警文件等方式进行记录分析
二,靶场的搭建与攻击渗透测试
2.1,Honeyd
2.1.1,honeyd概述
蜜罐技术(Honeypot),是一种对攻击方进行欺骗的技术,通常伪装成看似有价值的网络、数据、电脑系统,并故意设置bug来吸引攻击者;从而可以对攻击行为进行捕获和分析,了解攻击方所使用的工具与方法,推测攻击意图和动机,能够让防御方清晰地了解他们所面对的安全威胁,并通过技术和管理手段来增强实际系统的安全防护和能力。蜜罐是故意让人攻击的目标,引诱黑客前来攻击。所以攻击者入侵后,你就可以知道他是如何得逞的,随时了解针对服务器发动的最新的攻击和漏洞。还可以通过窃听黑客之间的联系,手机黑客所用的种种工具,并且掌握他们的是社交网络。
2.1.2,honeyd所依赖的函数库
(1) Libevent:是一个非同步事件通知的函数库。通过使用Libevent,开发者能够设定某些事件发生时所运行的函数,能够取代以往程序所使用的循环检查。
(2) Libdnet:是一个提供了跨平台的网络相关API的函数库,包含arp缓存,路由表查询,IP包及物理帧的传输等。
(3) Libpcap:是一个数据包捕获的函数库,大多数网络软件都以它为基础。
(4) Arpd:arpd执行在于Honeyd同样的系统上。是honeyd众多协作工具中最重要的一个。Arpd工作时监视局域网内的流量。并通过查看hneyd系统的ARP表推断其它系统的活动与否。
(5) zlib:Linux核心使用zlib以实作网络协定的压缩、档案系统的压缩以及开机时解压缩自身的核心。
2.1.3,搭建honeyd
将所有库的安装包及工具放在honeyd文件夹中,依次解压并安装
(1)Libevent安装:
使用tar -zxvf libevent-1.4.14b-stable.tar.gz解压缩
使用cd libevent-1.4.14b-stable进入文件夹
使用./configure检测目标特征
使用make进行编译
使用make install安装
(2)libdnet安装:
tar -zxvf libdnet-1.11.tar.gz
cd libdnet-1.11
./configure
make
make install
(3)libpcap的安装
tar -zxvf libpcap-1.3.0.tar.gz
cd libpcap-1.3.0
./configure
make
make install
(4)honeyd安装
tar -zxvf honeyd-1.5c.tar.gz
cd honeyd-1.5c
./configure
make
make install
(5)arpd安装
tar -zxvf tar-0.2.tar.gz
cd arpd-0.2
./configure
make
make install
2.1.4,编写honeyd的配置文件
(1)honeyd的配置文件hoenyd.conf
route entry 192.168.43.153 network 192.168.43.144/28
route 192.168.43.153 link 192.168.43.152/29
route 192.168.43.153 add net 192.168.43.156/30 192.168.43.157
route 192.168.43.157 link 192.168.43.165/30
create windows
set windows personality "Microsoft Windows 2000 SP2"
set windows default tcp action reset
set windows default udp action reset
set windows default icmp action open
add windows tcp port 110 "/usr/share/honeyd-1.5c/scripts/pop3.pl"
add windows tcp port 80 "/usr/share/honeyd-1.5c/scripts/web.sh"
add windows tcp port 25 "/usr/share/honeyd-1.5c/scripts/smtp.pl"
add windows tcp port 23 "/usr/share/honeyd-1.5c/scripts/router-telnet.pl"
add windows tcp port 21 proxy 192.168.43.1:21
create linux
set linux personality "Linux 2.4.20"
set linux default tcp action reset
set linux default udp action reset
set linux default icmp action open
add linux tcp port 80 "/usr/share/honeyd-1.5c/scripts/web.sh"
add linux tcp port 23 "/usr/share/honeyd-1.5c/scripts/router-telnet.pl"
add linux tcp port 22 "/usr/share/honeyd-1.5c/scripts/ssh.sh"
add linux tcp port 21 proxy 192.168.43.1:21
add linux tcp port 20 open
create router
set router personality "Cisco 7206 running IOS 11.1(24)"
set router default tcp action reset
add router tcp port 23 "/usr/share/honeyd-1.5c/scripts/router-telnet.pl"
bind 192.168.43.153 router
bind 192.168.43.156 router
bind 192.168.43.154 windows
bind 192.168.43.155 linux
bind 192.168.43.157 windows
bind 192.168.43.158 linux
(2)ssh端口的配置文件ssh.sh
# $1: srcip, $2: srcport, $3: dstip, $4: dstport, $5: config
#
# modified by Fabian Bieker <fabian.bieker@web.de>
# modified by DataSoft Corporation
#. scripts/misc/base.sh
SRCIP=$1
SRCPORT=$2
DSTIP=$3
DSTPORT=$4
STRINGSFILE=$5
VERSION=`perl -nle '/SSH_VERSION (.*)/ and print $1' < $STRINGSFILE`
SERVICE="ssh"
HOST="serv"
my_start
echo -e "$VERSION"
while read name; do
echo "$name" >> $LOG
LINE=`echo "$name" | egrep -i "[\n ]"`
if [ -z "$LINE" ]; then
echo "Protocol mismatch."
my_stop
else
echo "$name"
fi
done
my_stop
(3)web端口的配置文件web.sh
REQUEST=""
while read name
do
LINE=`echo "$name" | egrep -i "[a-z:]"`
if [ -z "$LINE" ]
then
break
fi
echo "$name" >> /tmp/log
NEWREQUEST=`echo "$name" | grep "GET .scripts.*cmd.exe.*dir.* HTTP/1.0"`
if [ ! -z "$NEWREQUEST" ] ; then
REQUEST=$NEWREQUEST
fi
done
if [ -z "$REQUEST" ] ; then
cat << _eof_
HTTP/1.1 404 NOT FOUND
Server: Microsoft-IIS/5.0
P3P: CP='ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI'
Content-Location: http://cpmsftwbw27/default.htm
Date: Thu, 04 Apr 2002 06:42:18 GMT
Content-Type: text/html
Accept-Ranges: bytes
<html><title>You are in Error</title>
<body>
<h1>You are in Error</h1>
O strange and inconceivable thing! We did not really die, we were not really buried, we were not really crucified and raised again, but our imitation was but a figure, while our salvation is in reality. Christ was actually crucified, and actually buried, and truly rose again; and all these things have been vouchsafed to us, that we, by imitation communicating in His sufferings, might gain salvation in reality. O surpassing loving-kindness! Christ received the nails in His undefiled hands and feet, and endured anguish; while to me without suffering or toil, by the fellowship of His pain He vouchsafed salvation.
<p>
St. Cyril of Jerusalem, On the Christian Sacraments.
</body>
</html>
_eof_
exit 0
fi
DATE=`date`
cat << _eof_
HTTP/1.0 200 OK
Date: $DATE
Server: Microsoft-IIS/5.0
Connection: close
Content-Type: text/plain
Volume in drive C is Webserver
Volume Serial Number is 3421-07F5
Directory of C:\inetpub
01-20-02 3
最低0.47元/天 解锁文章
191
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
