HỌC VIỆN CƠNG NGHỆ BƯU CHÍNH VIỄN THƠNG KHOA CƠNG NGHỆ THƠNG TIN □ □ □ BÁO CÁO Mơn: Kiêm thử xâm nhập Giảng viên hướng dẫn Trần Thanh Tâm Sinh viên thực Nguyễn Thị Ánh Nguyệt Mã số sinh viên N18DCAT054 TPHCM Tháng 1, 2022 o- Sử dụng nmap đê thu thập thông tin máy mục tiêu import vào dradis Nmap (tên đầy đủ Network Mapper) công cụ bảo mật phát triên Floydor Vaskovitch Nmap có mã nguồn mở, miễn phí, dùng đê quét cổng lỗ hổng bảo mật Các chuyên gia quản trị mạng sử dụng Nmap đê xác định xem thiết bị chạy hệ thống họ, tìm kiếm máy chủ có sẵn dịch vụ mà máy chủ cung cấp, đồng thời dị tìm cổng mở phát nguy bảo mật Nmap có thê sử dụng đê giám sát máy chủ đơn lẻ cụm mạng lớn bao gồm hàng trăm nghìn thiết bị nhiều mạng hợp thành root@kaLi: /home/nguyet □ File Actions 993/tcp open 995/tcp open 1433/tcp closed 8888/tcp open Nmap done: Edit View Help imaps pop3s ms-sql-s sun-answerbook IP address (1 host up) scanned ® /home/nguyet - nmap 192.168.36.134 starting Nmap 7.92 ( https://nmap.org ) at Nmap scan report for 192.168.36.134 Host is up (0.0087S latency) Not shown: 993 closed tcp ports (reset) PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 2049/tcp open nfs MAC Address: 00:0C:29:13:27:11 (VMware) Nmap done: 1• IP address (1 host up) scanned /home/nguyet Thu thập hệ điều hành server: in 4.45 seconds 2022-01-14 03:24 EST in 13.29 seconds o /home/nguyet nmap -sV 192.168.36.135 test.xml starting Nmap 7.92 ( https://nmap.org ) at 2022-01-18 19:58 EST Nmap scãn report íor 192.168.36.135 Host is up (0.0024S latency) Not i: closed tcp ports (reset) showr 993 PORT STA SERVICE VERSION 21/tcp open ftp vsítpd 2.3.4 22/tcp open ssh OpenSSH 5.1pl Debian 3ubuntul (Ubuntu Linux; proto col 2.0) 80/tcp open http Apache httpd 2.2.9 ((Ubuntu) PHP/5.2.6-2ubuntu4.6 with Suhosin-Patch) 111/tcp open rpcbind (RPC #100000) 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (vưorkgroup: WORKGROUP) 445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 2049/tcp open nfs 2-4 (RPC #100003) MAC Address: 00:0C:29:1A:B4:17 (VMware) Device type: general purpose Running: Linux 2.6.X os CPE: cpe:/o:linux:linux_kernel:2.6 os details: Linux 2.6.18 - 2.6.31 Network Distance: hop Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel os and Service detection perỉormed Please report any incorrect results at ht tps://nmap.org/submit/ Nmap done: ỈP address (1 host up) scanned in 14.19 seconds o E P r o ® j ® set: Actĩve^active (rum Kali Linux ÍS KaliTools » Kali Docs Kali Forums 1èỉ Kali NetHunter / Exploit-DB ■* Google Hacking DB OííSec e F c i t P l Q A Upload [=1 Export 5Cj Change Project Coníiguration Notiíications ỸHelp (j> Logout s r Dradis Project e u o m c 1: A m e c s t Da s i ar y : 0/ o s ' p n h (3 r : s b r oj o u e E a b8 ct : d r ý s/ i d :3 E l t x V e i C c : eH l S wi ỉ n m YOU DONT HAVE ANY ISSUES YET YOU DONT HAVE ANY [ ( : t ỉ u * : t / METHODOLOGIES YET ] m Use issues to represent vulnerabilities or íindings S : O a h o o Use methodologies to ensure consistency across all of your p s m m e k : prọịeđs e G e n o / i 0 l n More about issues n : G i T g ; o To n o M ; Met e More about W e hod s I methodologies e c olog s b h : ies w s o e u U r e I " : e s S ( S h E e C t l I t p : : 5 : : 5 : : : : : : ứ F i l e M a i n P I D : T a s k s : M e m o r y : C P U : C G r o u p : PROJECT SUMMARY Ã L ũ T l l l \ < i ) E ) ® ' ■B L .L _2341a UploadMa nager- * 'ĩ Upload Manager 'ĩ (r ị c ứ Dradis CE X UpLoad Manager ■ Mozỉ lla Firefox □« n 20:02 > X+ Dradis Project SỘChange Project íQtContiguration Q ếx upload [=1 Export l ☆ © 127.0.0.1:3000/projects/l/uptoad ll\ Notidcat ions ? He lp E J ® (ịặ Logout < Dashboard UPLOAD MANAGER All issues |_y Methodologies UPLOAD OUTPUT FlLES Dradis::Plugins::Metsparker Dradis::Plugins::Nexpose © Trash Use the form below to upload output íĩles from other tools CHOOSE ATOOL Nodes Uploaded tĩles í-— Dradi s:: Pl ug ins: :Acunet ix Processes Netsparker XML íormat Processes Nexpose XML tormat Dradls::Plugins::Mlkto Processes Nikto output Dradis::Plugins::Mipper Processes Nipper XML tormat Dradls::Plugins::Nmap Processes Nmap output Dradls::Plugins::OpenVAS Dradis::Plugins::Projects::Up CHOOSEAPILE Upload Prọịect package file (,zip) load::Pac kage I t.xml Dradis::Plugins::Projects::Up load::Template Browse Upload Project template tile (.xml) Dradls::Plugins::Qualys Processes Qualys output Dradis::Plugins::Saint Processes SAINT XML íormat Upload progress: Dradls::Plugins::Wpscan Processes VVPScan JSON output 4 4 4 4 4 OUTPUT CONSOLE Pilename t.xml rt.11 Size 11.4 KB u pload Manager - Mozìlla Firefox lll\ 03 ®* Q c* Upload 0Export Xchange Prọịect 0Confìguration Notiíications ?Help (ỊtLogout ữradis:iPlugins::Wpscan OUIPUI CONSOLt Uploaded files plugin.output Small attachment detected Processing in line Parsing Nmap output from Ajsi7lib/dradistattachments/3/t.xml Done Validating Nmap output Done New host: 192.168.36.135 New port: 21 /tcp New port: 22/tcp New port: 8O/tcp New port: 11 vtcp Newport: 139/tcp New port: 445/tcp New port: 2049/tcp Worker process completed Thực quét ping khám phá máy chủ với -sn Processes VVPScan JSON output ® /home/nguyet nmap -SI1 192.168.36.135 -õx a.xml starting Nmap 7.92 ( https://nmap.org ) at 2022-01-18 20:06 EST Nmap scan report for 192.168.36.135 Host is up (0.00045S latency) MAC Address: 00:0C:29:1A:B4:17 (VMware) Nmap done: IP address (1 host up) scanned in 13.15 seconds ® 130 /home/nguyet I Thực quét dịch vụ phiên ® /home/nguyet L- nmap -sS -sV 192.168735.135 -oX b.xmt starting Nmap 7.92 ( https://nmap.org ) at 2022-01-18 20:14 EST Nmap scan report for 192.168.35.135 Host is up (0.0038S tatency) Not shown: 999 tiltered tcp ports (no-response) PORT STATE SERVICE VERSION 1433/tcp closed ms-sql-s Service detection pertormed Please report any incorrect results at https://nmap.org/submit/ Nmap done: IP address (1 host up) scanned in 52.39 seconds Thực quét port 3232 ® /home/nguyet L nmap -sS -p 3232 1927168.36.135 -oX c.xml starting Nmap 7.92 ( https://nmap.org ) at 2022-01-18 20:18 EST Nmap scan report for 192.168.36.135 Host is up (0.00085S latency) PORT STATE SERVICE 3232/tcp closed mdtp MAC Address: 00:0C:29:1A:B4:17 (VMware) Nmap done: IP address (1 host up) scanned in 1.28 seconds nmap -A 192.168.36.135 -oX d.xml Starting Nmap 7.92 ( https://nmap.org ) at 2022-01-18 20:26 EST Nmap scăn report for 192.168.36.135 Host ìs up (0.0023S latency) Not shown: 993 closed tcp ports (reset) PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 2.3.4 Ị_ftp-anon: Anonymous FTP login allowed (FTP code 230) ftp-syst: STAT: FTP server status: Connected to 192.168.36.133 Logged in as ftp TYPE: ASCII No session bandwidth lỉmit Sessỉon tìmeout ìn seconds ỉs 300 Control connection ỉs plain text Data connectìons will be plaỉn text At session startup, Client count was vsFTPd 2.3.4 - secure, fastp stable |_End of status 22/tcp open ssh OpenSSH 5.1pl Debian 3ubuntul (ubuntu Linux; proto col 2.0) I ssh-hostkey: 1024 04:a9:f7:el:ce:66:8c:95:ce:cd:dc:84:e2:ff:22:2c (DSA) |_ 2048 ab:d7:b0:df:21:ab:5c:24:8b:92:fe:b2:4f:ef:9c:21 (RSA) 80/tcp open http Apache httpd 2.2.9 ((Ubuntu) PHP/5.2.6-2ubuntu4.6 Thu thập gói tin nhận gửi ® /home/nguyet nmap —packeĩ-trace 192.168.36.135 127 starting Nmap 7.92 ( https://nmap.org ) at 2022-01-18 20:28 EST SENT (0?1467s) ARP who-hàs 192.168.36.135 tell 192.168.36.133 RCVD (0.1472s) ARP reply 192.168.36.135 is-at 00:0C:29:1A:B4:17 NSOCK INFO [0.2050S] nsóck_iod_new2(): nsock_iod_new (IOD #1) NSOCK INFO [0.2050S] nsock_connect_udp(): UDP connection requested to 192.168 36.2:53 (IOD #1) EID NSOCK INFO [0.2050S] nsock_read(): Read request írom IOD #1 [192.168.36.2:53] (timeout: -lms) EID 18 NSOCK INFO [0.2050S] nsock_write(): Write request for 45 bytes to IOD #1 EID 27 [192.168.36.2:53] NSOCK INFO [0.2050S] nsock_trace_handler_callback(): Callback: CONNECT SUCCES s for EID [192.168.36.2:53] NSOCK INFO [0.2050S] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 27 [192.168.36.2:53] NSOCK INFO [1.2580S] nsock_trace_handler_callback(): Callback: READ SUCCESS í or EID 18 [192.168.36.2:53] (45 bytes): u 135.36.168.192.in-addr.a rpa NSOCK INFO [1.2580S] nsock_read(): Read request írom IOD #1 [192.168.36.2:53] (timeout: -lms) EID 34 NSOCK INFO [1.2580S] nsock_iod_delete(): nsock_iod_delete (IOD #1) NSOCK INFO [1.2580S] nevent_delete(): nevent-delete on event #34 (type READ) SENT (1.2897S) TCP 192.168.36.133:42712 > 192.168.36.135:554 s ttí=59 id=4013 iplen=44 seq=4121239932 win=1024 Tiến hành bật firewall máy mục tiêu root(ậ>ubuntu: /home/georgia File Edit yiew Terminal Tabs Help (sudo] password for georgia: root@ubuntu:/home/georgia# ufw enable Firewall started and enabted on System startup root@ubuntu:/home/georgia# ifconfig eth3 Link encap:Ethernet HWaddr 00:0c:29:la:b4:17 inet addr:192.168.36.135 Bcast:192.168.36.255 Mask:255.255.255.0 inetõ addr: fe80::20c:29ff:fela:b417/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:l RX packets:73 errors:0 dropped:0 overruns:0 frame:0 TX packets:83 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7629 (7.6 KB) TX bytes:10526 (10.5 KB) Interrupt:19 Base address:0x2024 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inetõ addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:l RX packets:148 errors:0 dropped:0 overruns:0 frame:0 TX packets:148 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:9196 (9.1 KB) TX bytes:9196 (9.1 KB) root@ubuntu:/home/georgia# Lúc này, ta tiến hành thu thập không thấy port H *- root@kali:/home/nguyet File Actions Edit View Help I—(nguyet® kali)-[~] l—$ sudó su [sudo] password for nguyet: ® /home/nguyet nmap 192.168.36.135 starting Nmap 7.92 ( https://nmap.org ) at 2022-01-20 01:43 EST Nmap scăn report for 192.168.36.135 Host is up (0.00054S latency) Alt 1000 scanned ports on 192.168.36.135 are in ignored States Not shown: 1000 íiltered tcp ports (no-response) MAC Address: 00:0C:29:1A:B4:17 (VMware) Nmap done: IP address (1 host up) scanned in 22.33 seconds I /home/nguyet ... Sử dụng nmap đê thu thập thông tin máy mục tiêu import vào dradis Nmap (tên đầy đủ Network Mapper) công cụ bảo mật phát triên Floydor Vaskovitch Nmap có mã nguồn mở, miễn... mạng sử dụng Nmap đê xác định xem thiết bị chạy hệ thống họ, tìm kiếm máy chủ có sẵn dịch vụ mà máy chủ cung cấp, đồng thời dị tìm cổng mở phát nguy bảo mật Nmap có thê sử dụng đê giám sát máy. .. httpd 2.2.9 ((Ubuntu) PHP/5.2.6-2ubuntu4.6 Thu thập gói tin nhận gửi ® /home/nguyet nmap —packeĩ-trace 192.168.36.135 127 starting Nmap 7.92 ( https:/ /nmap. org ) at 2022-01-18 20:28 EST SENT (0?1467s)