Scribd Logo
Upload

Welcome to Scribd!

  • ATHENA - Bai - Thuc - Hanh - AN - NINH - MANG

    Uploaded by

    DucTien3790
    145 views4 pages

    Original Title

    ATHENA_ Bai_Thuc_Hanh_AN_NINH_MANG

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    145 views4 pages

    ATHENA - Bai - Thuc - Hanh - AN - NINH - MANG

    Uploaded by

    DucTien3790

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    92 Nguyn nh Chiu, DaKao, Qun 1, Tp HCM www.athena.edu.

    vn Hotline : 090 67 68 477

    THC HNH KIM TRA LI AN NINH MNG Ta c s mng sau


    AD Server Server 2003 SP2 Attacker

    Internet

    Gim c

    Client XP SP3

    M t s mng: - Cu hnh Window Server 2003 lm cc chc nng sau cho o DHCP Server o DNS Server o Acitve Directory Server
    o

    IIS Server version 6.0 (web server)

    - Cc client trong mng iu l thnh vin bn trong domain.


    -

    Mt my client s dng window xp sp3 . Trn my XP SP 3 c cc user : client 1, client 2, client 3, v user admin , c quyn qun l ton b h thng. Trong 3 user client trn, c 2 user t password t hn 7 k t (4 k t) v 1 client t passowrd nhiu hn 7 k t

    Trung tm an ninh mng ATHENA Ti liu thc hnh an ninh mng 1

    92 Nguyn nh Chiu, DaKao, Qun 1, Tp HCM www.athena.edu.vn Hotline : 090 67 68 477

    Gi s bn l 1 user thng (attacker) chung mt mng LAN nh s trn.

    Yu cu :

    Phn 1 : Pht hin l hng trong mng

    Cu 1: Sinh vin thc hin 1.1 Ci t chng trnh scan xc nh IP ca my Client SP3, Server 2003, Gim c ( 2 im) 1.2 1.3 1.4 Ci t Nmap trn my ng vai tr attacker ( 1 im) Ci t Nessus trn my ng vai tr attacker (1 im) Ci t metasploit trn my attacker ( 1 im)

    Cu 2 :Xc nh cc dch v 2.1


    2.2

    Xc nh phin bn h iu hnh cc my trong mng. ( 1im) Xc nh cc port ang m trn my tnh. ( 1im) Xc nh cc dch v tng ng vi cc port ( 2im)

    2.3

    Trung tm an ninh mng ATHENA Ti liu thc hnh an ninh mng 2

    92 Nguyn nh Chiu, DaKao, Qun 1, Tp HCM www.athena.edu.vn Hotline : 090 67 68 477

    Cu 3 :S dng Nmap v Nessus scan cc vulnerability (l hng) trn my client xp sp3. 3.1 3.2
    3.3

    S dng Script Engine ca Nmap scan li h iu hnh (1 im) S dng Nessus scan li ( 1im) Xc nh li cho php t xa truy cp v thc thi tri php vo my XP SP3 ( 5 im)

    Cu 4 : khai thc l hng

    4.1

    S dng chng trnh Cain Abel hoc Ettercap thc hin thu thp file SAM cha username v hash ca password trn my XP SP3 ( 1 im) Da trn file SAM xc nh 2 user c chiu di password nh hn 7 (4 k t) k t trn my XP SP 3 ( 2 im). Thc hin qu trnh crack password bng cng c Cain Abel hoc Ophcrack, ca 2 user client trn. ( 2 im) Xc nh cc li MS10-065 v dng Denial of Service IIS Server. ( 3 im) Kim tra li WebDav Auth By Pass exploit trn IIS 6.0 ( 3 im) Thc thi qu trnh attacker c th da vo my XP SP3 chim quyn iu khin my Server ( 3 im)

    4.2

    4.3

    4.4

    4.5

    4.6

    Trung tm an ninh mng ATHENA Ti liu thc hnh an ninh mng 3

    92 Nguyn nh Chiu, DaKao, Qun 1, Tp HCM www.athena.edu.vn Hotline : 090 67 68 477

    Phn 2 : a ra hng khc phc l hng

    Cu 1: Sinh vin a ra gii php khc phc li cho php truy cp v thc thi t xa my XP SP 3 (20 im) Cu 2 : Sinh vin a ra gii php khc phc li WebDav by Pass Exploit trn Server ( 10 im)

    Lu : Sinh vin c th s dng cc cng c Nmap, Wireshark, GFI , Metasploit, Firefox, Ophcrack, Hasmter

    Sinh vin nn tm kim thng tin cc li trn trang Microsoft, Inj3ct0r.com, exploit-db.com.

    Trung tm an ninh mng ATHENA Ti liu thc hnh an ninh mng 4

    You might also like