实验报告模板

1、JH 丈 JB电脑通信与网络实践实验报告课 程电脑通信与网络实践实验题目学生 XXXX评分学 号 XXXXXXXXXX班级 信息平安同实验者 XXXX XXXXX XXX XXXXXXX实验时间第X周周X上午1-4节 地点 二理249信息平安专业实验室一、实验目的xxxxxx二、实验内容xxxxxx三、实验设备1. xxxxxx四、实验步骤XXX学习文档仅供参考学习文档仅供参考学习文档仅供参考学习文档仅供参考1.基于Web的远程管理1)翻开平板电脑的菜单，翻开PwnieUlonOff以启用Pwnie本地Web效劳，但是此处出 现了错误，如以下图root(o) local host: /opt/

2、p wnix/ ca ptures* Stopping Pwinie User Inlerf.5 toppi ! nginiH: ngi ru_ ng i m_ 巾心 pr* t+ Done2)效劳，但是无法翻开 Web管理页面，如以下图由于进行了屡次尝试后仍然没能解决此问题，因此我们暂时放弃了这一步，开始继rwttloc 11 host: / opt/imi cptu|翻开电脑的浏览器，输入网址s:/01:1443，以访问Pwnie本地Web续下一步实验此过程中出现的问题将在实验调试与结果分析局部详细说明2.使用scp传输文件1在电脑上翻开BvSshServer-lns

3、t，将电脑作为SSHI艮务器端，如以下图2在电脑的CM亦令行窗口中，输入命令ip，且用户名为Shiyan，如以下图C: MJseps Xfilii uari Ipcori f i：gUindojs IP 3r.W以页网适配誥B1UO tooth网痞违拐媒体已断开H 6 D 0P - * * 羸戛 囂皿厕认 g本IP子W无线局域网适配器无线网络连按:fe30：:fSf?：97?3：53e9：dlb5zl63启用平板电脑的本地SSH效劳之前开启，并未关闭4 在平板电脑的终端模拟器中，输入命令：scp/opt/pw nix/c aptures/tshark/tshark2022-04-22-2050

4、.capshiyan00:tshark2022-04-22-2050.cap，然后输入正确的口令，可以看到文件传输成功，如以下图rootlocalhost:roctlocalhcst：/opt/pwnix/captures# cd.16S.1.1001tshark20l5-04-22-20S0 captures/thark/tshark2022*04*22-2050.cap hlyan191 Earning: Permanently added r192.T6&.L100 (DSA) to the list of known hosts.hiyanS192 16&. 1.

5、 l0Drs pjsswrd:tsharkZQI5-01 22-2050.cap1001 507200:00rootlocalhost: P 脣5在电脑的C:UserShiyan目录下找到了传输过来的文件，如以下图WiFi密码破解1. WEI破解1)设置无线路由器的加密算法为 WE|并在设置 WiFi密码后重启路由器，如以下图2)使用OTG线将TL-WN722F无线网卡连接到平板电脑3)翻开平板电脑的菜单，翻开Wifite可以看到如下界面ro otloce I host: /opt/pwni x/captu re s/ wpa.handshakesmiDcalihostautamji ted

6、wirrle-5is ouditar5冷佃 fix Linuxas not rec|uir*d, but ii recofliaended* scirwiinrg |+j1. fflml2. wlanQA- p2pOI* wltnumlxr af device to put into nwnitor 相打wireless, devic电雷.llhiii dny 1 Cl?5Aheras AR9271UnkhOMnUnkhCMHathk - fptiyq wcnss_Hlan phy34)选择1即无线网卡，开始扫描并展示附近的无线网列表。选择我们组的无线网络SHIYAN-PC_Network37

7、即输入1,开始进入破解流程，如以下图* Q I rooiloca 1 hose /op(/pwn ix/c apt ures/ wpa.handshakes=0毗X1. 8:42roi ESSIDCH EHCRPOWER 祕？CL1EH11 SHPM PC HetHcrk37E MEPclients2 Tp*L 1HK_FZ6?& UPA2刍？dbnQclients3- dS$r92.i& MPA2clients4 TP-LINK_F23J& WPAJ邨血cliinis5 zmywifi1 WA247db6 erlilSl. _1WPA247db对r -十12S46dbio clientB o

8、nly gr GQO$1 WPA2 464 09 TP-LINKFZ9F1 WPA242dbclient10 Ll.0:10:00) attacking 5HIYATJ-PC_Network37* via chop-chop attack unable to generate keystreann0:10:0D attompiting fake AuthenticBtion (5/5).0:10:00) attaGki帼 SHIfW-PCJletwork37* via fi 咐attack Linable to generate keyEtreann0:1C:0D) attempting fa

9、ke authentication (5/5).0： 10 iQOJ at tacking &H 11TW-PC_NetwOrki7 V1 a 匚af fe - L-at te at tack ereplfly-ng txitedi unejcpettedly0;10:00) Bttempting fake duthantication (5/5).0hq：oo Attacking *5Hir/dd-P_Networkj? via pQS4i attack rai replaying exitedl unexpe匚时ly0:10:00) attempting fnl authieticdtlo

10、n 15/5?0:10:00 it tacking *5HIVAN-RC_Networli37il via hirte Attack alrepl*y-rig exict unwpecteidly|O:D0:OD| attack complete:+ 1 attack completed:+雄P allack succwdcd+ disabling monilor incwie on morO. - done + quittingI nter feChipsetwlanOUnknownp2p0IJrikncNrriOriverwcnss.wlan - phy3 一 phyiwlanU ERRO

11、R while gating interfjc flags No such device rocteiocilhost. / opt /pwi lx/ctpl um/vmJMnd fhaktm |此过程中出现的问题将在实验调试与结果分析局部详细说明对此问题的调试过程如下:1重新尝试破解其他组的无线网络 TP-LINK-F29F,发现可以成功，如以下图rootlocalhost /opt/pwnix/captures/wpajwfxhhakesptures/wpa 帕nd/GpT rMFlt vl (rM)t+ SCMHinjMUH ESSIP(mono. ugmt呼 at 5 做CH Eftl

12、CRintervals, CTRl+C *POHEH MS? CLIENTG WPAZ 1($b6 MPA2 5MbU NPA2 55db6 WP 52db WP 52ib6 WPA2 *b1 MM21TP-LIWI(_F2CtiGKC EDUMERCURf 2 4CH7 7AFF TP*LTMK_f29FTP-LINK.F253- . -&CtlinAF+!t-d3r9b jwywlfl wlAZSl【神 F.wp* 皿 vp rtpliyvwZ昏C*r 10* &占 l*MI Av4 * MLW WE嗣*楸林呻呻汕诩科说诃他亦滞何 mubiiRi *iAthtw BE iMndtfli U

13、itamR： /opt/pwrilK/CWtU/wp* JfcSnd 计 a：缤斗2) 表示的ASCII码，这与路由器的密码一致，如以下图roollocalhott: /opVpwnx/capurvt/wplcMridthikn* credits* 111111 tlltl 11w 2. WP/破解1)设置无线路由器的加密算法为 WPA并在设置WiFi密码后重启路由器2)使用OTG线将TL-WN722F无线网卡连接到平板电脑3)翻开平板电脑的菜单，翻开 Airodump，选择1,开始嗅探WIFI通信，如以下图 Zi 10:41root loca I h ost: / opt/pw nix/ca

14、 ptures/ wirelessjhiotiLd yoo like to save an Airodump capture?t esNo4使用其他设备连接此 WIFI，以便快速获取握手信息，过一段时间之后按住“音量键+c停止抓包，如以下图6 Zll io：4ircotlocalhost: /opt/pwn ix/captures/ wirelessMould you lifce to save an AlrodiHip capture?rjptores sawed toireles-/choice (1 or 2)Fduindl 1that tould cau&e trouble.If ii

15、rodiunp-ngr ai replay-ng or air tuning stops werking after 由 $ hor t-eFID994ProcessPro匚占ProcessProcessPr ocessperiod of (im豊you店nr to kill scm of) tiimfName wpa_supplicant with with with wuhi withiPW PID PIDP:jPW991 (logvirapper) Is runniing on interface lriO (wpa $upplicaht) is running on Interface

16、 wlariC 1 2& (etterca-p) is running on interface wlanO 爭号(iDgAirappir) 1$ running on interface pipa ps_suppllcnC) is running on interfdce plporootlocalhost: Zopt/pwnix/captur皀s/ wirelessBSSlDPhIRBeacomsfuata. ff/sEHLCIPHERAU THESS ID1 S3C盯5DD0000000000II13F EltE54e54e.54e 54e54eS4.Me54e.5*e.544.54e&

17、4eWPA2WPA2 WPAi OPHWPA2WPA2 WEPW鮭WPA?WPA2WPA2 WPA2WPA2 WPA2WPA2 GPMWPA2CCMP 匚LMP CCMPCCMP CCMP WEP CCMP COflPCHF CCMP 匚CMPCCMP CCMP CCMPTKIPLostFir amesPEhP$KP5KP5KP5KPKP5KPSKP5KP5KP5K PSK PSKHiWIFl_3iC ChlnaMet-d TP-LINK_F2 TP-LTNK_F2 UE嵐OJRY.2 ydrigruli f TP-LINK_F3 TP-LIHk_F2n CUCC EW TP-LIN|C_F3

18、 37i LleBaoWLFlG znywin only for G TP-LINK.F2 TP-L1NKF2 erl12S1ProbeK：6J;BF;B8 E2 0Ct Oe0 -240 Oe0536001Qi11172211associated) associated) associated) assoclited)aa：73：0B：2*：F6：B3 Q8 57 00 2C：SA:72 90：B&：a6 A6.C0 ElAC:F7:F3QWDH 95:49:00 0F;1F：a6 92：M!HFAF:62:060-1 It* 0 01 C - Il 0 -11 0 Il0aQSA15164

19、N Jlfi tentto_3D5_t聞5在平板电脑的终端模拟器中输入命令service ssh start，翻开ssH艮务，如以下6使用Is命令查看获取的cap文件后，使用SCP命令将cap文件传输到电脑上做破解工作，如以下图rwt# 11：.- ； host: , opt/pwnik/captur total Mi- 1rootroot76M57Vr212D1SnrodiMp-01 rcp-E-.r1rootrootMr2230估llri(w-01 W- 1rootroot4*34Bar222022airodu-01. tlsWtL*.1rootrppt琬開kir222315airOdq-

20、W丄穴t Et-rw,1rootrt141fi27IbrU315lr cdtfp-02. Cap=rw-“r1rootrootH22MdrU20iSuodunp-02.civ“rw.1rootroot3995liar222022ai rMliW02iet. ctvdrwcr-XF-*. 2 root rt B6 Her 22 201S . rwxr -*r-x. 11 root root +IJ96抑 3 17Q ,. ; 1host. -apt/pWl 1*/Capturts/wirel.es scp . /Alroduap-O . cp shlyqrigz. T01：C4pturRfrFi

21、entljf wMtd J WhL 10? (DSA)炖 th Hit of known host氣 s*ilym*147Ll6a. 1.101+f pis non!:Mradwp-M.cap10M 2532KB 盂卿凸 qq：qrocfloc m t:fptnl n/gtur 加7在，选择捕获的CAP文件、加密方式 WPA以及破解的字典文件后开始解析，如下 列图fcar rs Aurfjiwp 翌里：屮! f 哄聲品上-屯8解析完毕后，可以看到目标路由器的虚号、名称及握手包数量，输入3,即选择我们所连接的Wifi，开始破解，如以下图ESSIBIffjBM-yviE I TP-LIHK_F2*

22、?F ChlnMet-dJKrYb TF-.LNK_nDiB HIflN-pC 用 tura尸!k J TP-LJWK-F233 TF-LlHmRa CHCC EMITF LIMKJTifeF MEBaJM1 J -4GHz_7fiiFTLi&iaWiFil&9 H1W1F1_J3CT3B:143 Pihiuids.hiikn hjHld.fihd.lkt!1 haiiilslusJEHaii (I v hrt 91 hdn d a hd.kH-) han hake- Han rfffhikE 7lidLndBbakn1 hdjidEhd.kif InajndslwLkB IkiFiiis b

23、ake ALFPRi UPfi VFA urn umn UFA um UPfli 4IFB UFA PR vrh9过了一段时间后，破解出了密码，如以下图:k/stested C315.KKnM 鼻器SJ 2ca$nBF强會14 Be肿F35E CA備F4f3 mnnM M&lreEC EBDE4P2 = 0MK ss71二 伪造WiFi热点1. WiFi伪造流程1使用OTG线将TL-WN722F无线网卡连接到平板电脑2翻开平板电脑的菜单，翻开 EvilAP，输入3,即选择无线网卡，如以下图rootpwnpad: /opt/pwnix/captures/wireless Weltomp to t

24、he EvilAP+ Select which interface you are using tor internet? (1 -3):I. rnnet_U5bO (4G GSM connection)2(USS &th(?rn(?t adapter)3. wlanO (Internal NexWifi)Choice: 3|3输入伪造 WiFi的SSID: SCUNET然后选择频道1,如以下图rootpwnpad: /opt/pwnix/它日pturmsAvirmlBssSSID： SCUNETEnan 5513 n jine . Pjbl ic rii elcss；roDtpwnpad:

25、/opt/pwnix/captures/wireless4选择1,那么开始伪造 WiFi，如以下图* Force 匚lients to connect bssed on their profce requests?: FARMINGtiling will tart cnmeting ta you if yti is1 Yes2 . PtoClwite (1 - 2) ： t|dlr*ied prob* r*qu fr W:S：OI:M:7a：m drk .37 ttlrctMt probe r|ut froo. OS:57:M：OC：M：J1 - MU衲h*比 bfMkTfarovdciic

26、brtudcMt broidcist toroHkif t brwdcT br&Mlcast broadcMt 4irc(td prM* rqunt f rw PQ:；5：W；Al：C6：M directed probe rtqucst fro*亠directed proto rtqvwt 料*-browkMt pro* r*UMt 卄C* BC:IS:M6riC* HjlL _t -dlrtCtWIrtqwst fra* OI;l7：QO：OC;ifi：l1 - HitiAM-PCJ -:roadcail probe requvlt frtm56:Itr, tT-dir Sited prob

27、e request frM M： 57lM:X： )1 -対“PCWf. tjroadcBlt prote rsquett fr* 飯:*药:5审 :broKt prob* rqw* 卄*：S：!1：S15r brodcait prt* rr(dctt t braide*it t brOMkASt .C dirvcirt pFMbt FOE (dirretad prob* requwtJSTP-ltlK_FM? TP-LII_FWRprob*frote pmc*prob* pra*w probe pccte protoprobe profitfm Kil5ir*unt from K：M;541

28、 ：K riqu*t Trw k：BS;.:43： Kriqiint request request requntrquac request rqu*ftfr K：a;W;1lM；1C fm DC：騎：黛：趴：酣：忧 froafro* K：U：S*：1 i：1C 什OHfr* D& 50:Et;M：7CiU frt bt：50:E$:0：M：4 fr (M:豹；E*：M：7C：轲HSCT Tp-UiJ_F17f MP-LH 加-TP Jffra 8C；*5iS6：91i6S；Kfrw C：M：M!*Vt：1Cff-ta DC：CD:CDfrw-TOfrv DC;tiD：B g：B4：曲fr4W

29、 Wtr ：1*：；2：5 - fro狛:泓 _ .皿S 5S S；m：S：5bMdCMi prob- rFt fr2等待一段时间之后，扫描结束并显示结果，如以下图Starting Miqp 6.40 ( :worg ) at 2Q 16-0-04 21:M BN Stad: 0:02:37 elapsed： 152 hostsService scan Tinirig： About Sft 46%Stats: Q;02:S5 elapsed 252 hostsServiceTlalngi Ahcmit 96.15N2p $2硏 report fo-r )92 IS.O 1Host is up

30、(0a0057s latency.corapleted (3 up),. 3 undergoing Service Scan 6ooe; ETC： 21(0:00： 17 remainiing) conpleted (3 up)r 3 undergoing Service Scan done： ETC： 21：D9 (0:00.06 remaining)Not shoun PORT ao/tep 1041/tcp 1900/ttp 20001/tep 49152/tcp 49153/tep 49lS4/ttp:993closed portsSTATESERVICEVERSJOfJopen ?o

31、pendanf*ak2?openLipnpiipos 7.0open口 penlid knownopenunkrnawnopen吧PPortable(TP LINK TL-WDfi7Wa WAP 3.0； UPnP 1.0)SDK for UPnP devices 1.6-6 (Linux 2汨一LSOK-9.2三 端口扫描1.端口扫描1使用平板连接我们组的 WiFi，翻开菜单并运行Nmap程序，选择网络接口 2后确定 开启效劳扫描，如以下图 r o otl oca I host: /opt/pwrti x/ca pt ures/ nmap_scans= =s = = =-=ME)(T SER

32、VICE FHH6ERPAIMT (SU6UIT nH#IftJALL斧注訂SFrrn-TGP: V6.40I =7W=4/fflTiBe570 JO FBZSP=*rv71 - unkticwh -linus- gnueab SF； irt&etRequest. 1CCO . HHP/lS. nx20220K200KVrnServr： K20RoutehxCHb 5F: scrverXrfiCcninectJLoni x2iDtlosernContent-Typei x2O tect/htalrnHWW-Axit 5F：lwitlcafe： VK20B551cAx；CirealniXwTP-

33、ilNKx2QWirele5SK2MXjMx2QeaMXx2(- SF: labitXK20 Rou terx 2OWD R7 MOX wXrnr nnnTL亠WD SF: R750O.n METAx 2Oht tp -n4iETAA 賈 SF : 202211 p - equ 1 v E Kpires X x 20 con ten t - S * wed ( M2026x20Febx202297Xx200B 21:57 SF: x2OGMnvff* nhnvar號 20221C pAutE rrorArr ayx2Q=X 9?2Dniewx2OAr r iy( nO r 5F:je200 p

34、 0x20X ): nnXir rKstylex kzd t ype=H text/css% rrbody r SF: xce xcc X r n tkg r ownd - color: whi te: rnt5F:nwgin:Qpx;Arntp#dding:0px; XrXrtrndlv. LgginBQxXrnrntdlsplay: SF. OiblKk； rntpositi&n; r el at i ve; rtmargin - tap r 10(; Xtrnt text-flilig5F: rt: CAihtAr； XrrXnVrXncliv - pdillTh电rftturgIn-t

35、ap: 10pk; rfAridi v SF : picDivrn tid th ： 457px; rntheight; 32Ip罠；XrMn- tbackgrocmd: urI( SF./login/loginbgA. pn*1 )lr( Qptions.filT. / IX. 1 x2D501 M2N4ot%20Imp SF 1 ennerttedx.rxnserve：x20Rauterx20Webserverrxnconn-et11 on:A20closerW SF:Wtf-Authenticate; k2OBa5icx20irNlB= TP-LINKAxQWirelessx2QDua

36、1 K20Ban 5F: dJC2OG igabi tX20ROU ter x20WDR7 50Dir neon tent - Type: x20 tex t/h tnjArAM r SF:n! DOCTPE kxlOMTk) Lx20PUBL I Cx20v*-/WiC/ /DTCiix2tiHTUL204,01 xZOTrani SFiil tion al/ENX*X2Orfi IxZd X2D :,h3. OT_g/ TR/htfil4/lCN3$*. ded由以下图可以看到，192.168.这台机器是CentOS系统，使用了 版数据库和Apache效劳器，且上面有一个网站端口为 80S

37、F; ion; x20closeUnDate x20Tue . x25-.70, - /IX, 1x2054) 1 siOUnimplementedrnServer: 5F : XZOunspeci f ied, KxZOUPnP/1 V. 0., x2OiJrispecif iedXrVnConnettion : k20匚Lose SF:XnCohterit-Length: k20OMAC Address: 14i7S0.AF.FiiDa (UrikrirDMn)Service Info: OS: LinuM； Device wap； CPE: cpe:/o liriux: llndx_He

38、rftel: 2.6. Ji- lsdi?-9.2 0w6.6l6U日p 匚an report for 192- 1&B.C. 10Q iost 15 up (0.0042S IrtWEMl.lot -shcMinclosed portsSTATE SERVICE VERSIOW!2/tcp 30/tcp lll/CCpJiDfi/tcpopen fnerl open openssh OpenSSH 5,3 (protocol 2 0) Apciie hUpd 2.2- 15 (CentOS) r pc bind 2-4 (RPC IIIOOMO) mysql MySQL (umnulhori

39、zedX Address； OT：ES：r tsPOttTSTATESERVICEVERSION22/Upopenssh(protacol2,0)135/tepopeniwsrpcMicrosoftWlndcwsRP匚13$/tcpopennet bi os -ssn443/CCpopenSl/hLtpMrtjr c Vlr tujKnLer 伙bserv丄t绘4457tcpopnnetbios5M/ccpperitsp?902/tcpopenssl/vniwiare-ythvh-hNsgire Authentication 口pnon1 10 Use5912/tcpap+envware-aB

40、 1 tvx2Q55Hx20$eruerx20S F: X(WinSSHD )Ax 20, 07 W ;MAC Address： DS：i6：ll (UnknOMfi)service lofo: os： wmdw&; cpt: epe:/o:sicrosoft:winacwgKnap scan report for 192.161.0 102Hdt is up (O_00007$ latency)-Service detection ubmit/ Nduip done. 2苛 IPAll 1000 scanned ports on 19Z.16S.0.102 are closed performMi. Please report any lmco亡results 虚t addresses (4 hosts up) scanned in zi1sZ2 secondsHosts can saed to /opt/pwnlx/captures/nmap_scans/service_5can_2022-04-04-2W5i txt3尝试登陆网站，输