实验报告模板

1、计算机通信与网络实践实验报告课 程计算机通信与网络实践实验题目学生姓名XXXX评分学 号 XXXXXXXXXX班级 信息安全同实验者 XXXX XXXXX XXX XXXXXXX实验时间第X周周X上午1-4节 地点 二理249信息安全专业实验室文档一、实验目的xxxxxx二、实验内容xxxxxx三、实验设备1. xxxxxx四、实验步骤XXX文档文档文档文档1.基于Web的远程管理1)打开平板电脑的菜单，打开PwnieUlonOff以启用Pwnie本地Web服务，但是此处出 现了错误，如下图root(o) local host: /opt/p wnix/ ca ptures* Stopping

2、 Pwinie User Inlerf.5 toppi ! nginiH: ngi ru_ ng i m_ 巾心 pr* t+ Done文档rwttloc 11 host: / opt/imi cptu|2)打开电脑的浏览器，输入网址01:1443，以访问Pwnie本地 Web服务，但是无法打开 Web管理页面，如下图由于进行了多次尝试后仍然没能解决此问题，因此我们暂时放弃了这一步，开始继 续下一步实验（此过程中出现的问题将在实验调试与结果分析部分详细说明）2.使用scp传输文件1）在电脑上打开BvSshServer-lnst，将电脑作为SSHI艮务器端，如

3、下图2）在电脑的CMD令行窗口中，输入命令ipconfig，查看到IP地址为00 ,且用户名为Shiyan，如下图sers Sliian 3*ipcori F igWindows IP酉匚置媒体已断开以太网适配豈Bluetooth网给连抵2J寺圣的DHS后缀D yP - 用1上 - 定希昭天 當土掩网 谆本IP了點氐线局域网适配器无线网络连按fe88：:f5f9：9773：53e9：dlb5xl6 192.18.1.ISO1V2.liS.l.L3）启用平板电脑的本地SSH服务（之前开启，并未关闭）4） 在平板电脑的终端模拟器中，输入命令：scp/

4、opt/pw nix/c aptures/tshark/tshark2015-04-22-2050.capshiyan00:tshark2015-04-22-2050.cap，然后输入正确的口令，可以看到文件传输成功，如下图rootgilocalhost:roct(61ocallicst: /opt/pnnix/cantures# cd16B.K100:tshark2015-04-22-2D5C.captures/tshark/tshark2015-04-22-2050.cap shiyan192 Warning: Permanently added r 192. f6&

5、. L 100 (DSA) to the list of kncw)n hosts. hiyang192.16&.1.100*e password:tshark2Q15 01222050.cap1001 50725.0KB/S00:00roctlocalhost: P 脣5）在电脑的C:UserShiyan目录下找到了传输过来的文件，如下图為鈕盂 U 用口 Shikar ?大小*下京 arandroiidCi$CO Packet. Tracer 5$.DesicopL -flvcritri砖濟代知狀201G/3/M 9t3B2016/3/24 22:142Q16/3/29 9:51201VW

6、1嗣予 201G/1/ID 116201-6/3/7 1&332016/1/7 1&332016/1/7201fi/3/7 16c 3 320l/i/? i fid 31二匸WiFi密码破解1. WEI破解1)设置无线路由器的加密算法为 WE|并在设置 WiFi密码后重启路由器，如下图2)使用OTG线将TL-WN722F无线网卡连接到平板电脑3)打开平板电脑的菜单，打开Wifite可以看到如下界面ro otloce I host: /opt/pwni x/captu re s/ wpa.handshakesmiDcalihostautamji ted wirrle-5is ouditar5冷佃

7、 fix Linuxas not rec|uir*d, but ii recofliaended* scirwiinrg |+j1. fflml2. wlanQA- p2pOI* wltnumlxr af device to put into nwnitor 相打wireless, devic电雷.llhiii dny 1 Cl?5Aheras AR9271UnkhOMnUnkhCMHathk - fptiyq wcnss_Hlan phy34)选择1 (即无线网卡)，开始扫描并展示附近的无线网列表。选择我们组的无线网络SHIYAN-PC_Network37即输入1,开始进入破解流程，如下图*

8、 Q I rooiloca 1 hose /op(/pwn ix/c apt ures/ wpa.handshakes=0毗X1. 8:42roi ESSIDCH EHCRPOWER 祕？CL1EH11 SHPM PC HetHcrk37E MEPclients2 Tp*L 1HK_FZ6?& UPA2刍？dbnQclients3- dS$r92.i& MPA2clients4 TP-LINK_F23J& WPAJ邨血cliinis5 zmywifi1 WA247db6 erlilSl. _1WPA247db对r -十12S46dbio clientB only gr GQO$1 WPA2 4

9、64 09 TP-LINKFZ9F1 WPA242dbclient10 Ll.0:10:00) attacking 5HIYATJ-PC_Network37* via chop-chop attack unable to generate keystreann0:10:0D attompiting fake AuthenticBtion (5/5).0:10:00) attaGki帼 SHIfW-PCJletwork37* via fi 咐attack Linable to generate keyEtreann0:1C:0D) attempting fake authentication (

10、5/5).0： 10 iQOJ at tacking &H 11TW-PC_NetwOrki7 V1 a 匚af fe - L-at te at tack ereplfly-ng txitedi unejcpettedly0;10:00) Bttempting fake duthantication (5/5).0hq：oo Attacking *5Hir/dd-P_Networkj? via pQS4i attack rai replaying exitedl unexpe匚时ly0:10:00) attempting fnl authieticdtlon 15/50:10:00 it ta

11、cking *5HIVAN-RC_Networli37il via hirte Attack alrepl*y-rig exict unwpecteidly|O:D0:OD| attack complete:+ 1 attack completed:+雄P allack succwdcd+ disabling monilor incwie on morO. - done + quittingI nter feChipsetwlanOUnknownp2p0IJrikncNrriOriverwcnss.wlan - phy3 一 phyiwlanU ERROR while gating inter

12、fjc flags No such device rocteiocilhost. / opt /pwi lx/ctpl um/vmJMnd fhaktm |（此过程中出现的问题将在实验调试与结果分析部分详细说明）对此问题的调试过程如下:1）重新尝试破解其他组的无线网络 TP-LINK-F29F，发现可以成功，如下图rootlocalhost /opt/pwnix/captures/wpajwfxhhakesptures/wpa 帕nd/GpT rMFlt vl (rM)t+ SCMHinjMUH ESSIP(mono. ugmt呼 at 5 做CH EftlCRintervals, CTRl+

13、C *POHEH MS? CLIENTG WPAZ 1($b6 MPA2 5MbU NPA2 55db6 WP 52db WP 52 鋅X4）使用其他设备连接此 WIFI，以便快速获取握手信息，过一段时间之后按住“音量键+c”停止抓包，如下图 ZI1 10:41rcotlocalhost: /opt/pwn ix/captures/ wirelessMould you lifce to save an AlrodiHip capture?r dp tores sawed toireles-/choice (1 or 2)Fduindl 1that tould cau&e trouble.If

14、iirodiunp-ngr ai replay-ng or air tuning stops werking after 由 $ hor t-eFID994ProcessPro匚占ProcessProcessPr ocessperiod of (im豊you店nr to kill scm of) tiimfName wpa_supplicant with with with wuhi withiPW PID PIDP:jPW991 (logvirapper) Is runniing on interface lriO (wpa $upplicaht) is running on Interfa

15、ce wlariC 1 2& (etterca-p) is running on interface wlanO 爭号(iDgAirappir) 1$ running on interface pipa ps_suppllcnC) is running on interfdce plporootlocalhost: /opt/pwni x/c a pt ures/ wirelessBSSlDPhIRBeacomsfuata. ff/sMBEHLCIPHERAU THESS ID1 S3C盯5DII13F EltE54e544?54e54e54eS4.Me54e.Be.5*e.544.54e&4

16、eWPA2WPA2 WPAi OPHWPA2WPA2 WEPW鮭WPA?WPA2WPA2 WPA2WPA2 WPA2WPA2 GPMWPA2匚CMP 匚LMP 匚CMPCCMP CCMP WEP CCMP COflPCHF CCMP 匚CMPCCMP CCMP CCMPTKIPLostFir amesPEhP$KP5KP5KP5KPKP5KPSKP5KP5KP5K PSK PSKHiWIFl_3iC ChlnaMet-d TP-LINK_F2 TP-LTNK_F2 UE嵐OJRY.2” ydrigruli f TP-LINK_F3 TP-LIHk_F2n CUCC EW TP-LIN|C_F3

17、 37i LleBaoWLFlG znywin only for G TP-LINK.F2 TP-L1NKF2 erl12S1ProbeK：6J;BF;B8 E2 0Ct Oe0 -240 Oe0536001Qi11172211associated) associated) associated) assoclited)aa：73：0B：2*：F6：B3 Q8 57 00 2C：SA:72 90：B&：a6 A6.C0 ElAC:F7:F3QWDH 95:49:00 0F;1F：a6 92：M!HFAF:62:060-1 It* 0 01 C - Il 0 -11 0 Il0aQSA15164

18、N Jlfi tentto_3D5_t聞5）在平板电脑的终端模拟器中输入命令service ssh start ，打开SSHI艮务，如下图文档6）使用Is命令查看获取的cap文件后，使用SCP命令将cap文件传输到电脑上做破解工作，如下图rwt# 11：.- ； host: , opt/pwnik/captur total Mi- 1rootroot76M57Vr212D1SnrodiMp-01 rcp-E-.r1rootrootMr2230估llri(w-01 W- 1rootroot4*34Bar222015airodu-01. tlsWtL*.1rootrppt琬開kir222315ai

19、rOdq-W丄穴t Et-rw,1rootrt141fi27IbrU315lr cdtfp-02. Cap=rw-“r1rootrootH22MdrU20iSuodunp-02.civ“rw.1rootroot3995liar222015ai rMliW02iet. ctvdrwcr-XF-*. 2 root rt B6 Her 22 201S . rwxr -*r-x. 11 root root +IJ96抑 3 17Q ,. ; 1host. -apt/pWl 1*/Capturts/wirel.es scp . /Alroduap-O . cp shlyqrigz. T01：C4ptur

20、RfrFientljf wMtd J WhL 10? (DSA)炖 th Hit of known host氣 s*ilym*147Ll6a. 1.101+f pis non!:Mradwp-M.cap10M 2532KB 盂卿凸 qq：qrocfloc m t:fptnl n/gtur 加7）在电脑上运行破解程序 Aircrack-ng GUI.exe，选择捕获的CAP文件、加密方式 WPA以及破解的字典文件后开始解析，如下图fcar rs Aurfjiwp 翌里：屮! f 哄聲品上-屯8）解析完毕后，可以看到目标路由器的虚号、名称及握手包数量，输入3,即选择我们所连接的Wifi，开始破解，

21、如下图ESSIBIffjBM-yviE I TP-LIHK_F2*?F ChlnMet-dJKrYb TF-.LNK_nDiB HIflN-pC 用 tura尸!k J TP-LJWK-F233 TF-LlHmRa CHCC EMITF LIMKJTifeF MEBaJM1 J -4GHz_7fiiFTLi&iaWiFil&9 H1W1F1_J3CT3B:143 Pihiuids.hiikn hjHld.fihd.lkt!1 haiiilslusJE Haii (I v hrt 91 hdn d a hd.kH-) han hake- Han rfffhikE 7lidLndBbakn1 hd

22、jidEhd.kif InajndslwLkB IkiFiiis bake ALFPRi UPfi VFA urn umn UFA um UPfli 4IFB UFA PR vrh9）过了一段时间后，破解出了密码，如下图:ft ire rc k-nff 1.2 IbetaS强會14 Be肿F35E CA備F4f3 mnnM M&lreEC EBDE4P2 = 0MK ssKnM 鼻器SJ 2ca$nBF71伪造WiFi热点1. WiFi伪造流程1）使用OTG线将TL-WN722F无线网卡连接到平板电脑2）打开平板电脑的菜单，打开 EvilAP，输入3,即选择无线网卡，如下图rootpwnpad

23、: /opt/pwnix/captures/wireless Weltomp to the EvilAP+ Select which interface you are using tor internet? (1 -3):I. rnnet_U5bO (4G GSM connection)2(USS &th(?rn(?t adapter)3. wlanO (Internal NexWifi)Choice: 3|3）输入伪造 WiFi的SSID: SCUNET然后选择频道1,如下图rootpwnpad: /opt/pwnix/它日pturmsAvirmlBssSSID： SCUNETEnan 5

24、513 n jine . Pjbl ic rii elcss；rootpwnpadi /opt/pwnix/captures/wireless文档4）选择1，则开始伪造 WiFi，如下图* Fog& tllents to 匸onnect bdied on their prcsfce requests? UARMIbIGtiling will utart cnnetting to you if yei is l&cted U Yes2. ftoClwite (1 - 2) ： t|MiiliR:;籃is礙備關:=B磐障隣 12I29J1J12121;1211131112)211121J12121

25、211121J121212111*2ZZZ*2 22H2Idlr*ied prob* r*qu fr W:S：OI:M:7a：m drk .37 ttlrctMt probe r|ut froo. OS:57:M：OC：M：J1 - MU衲h*比 bfMkTfarovdciic brtudcMt broidcist toroHkif t brwdcT br&Mlcast broadcMt ” 4irc(td prM* rqunt f rw PQ:；5：W；Al：C6：M directed probe rtqucst fro*亠directed proto rtqvwt 料*-browkMt p

26、ro* r*UMt 卄C* BC:IS:M6riC* HjlL _t -dlrtCtWIrtqwst fra* OI;l7：QO：OC;ifi：l1 - HitiAM-PCJ -:roadcail probe requvlt frtm56:Itr, tT-dir Sited probe request frM M： 57lM:X： )1 -対“PCWf. tjroadcBlt prote rsquett fr* 飯:*药:5审 :broKt prob* rqw* 卄*：S：!1：S15r brodcait prt* rr(dctt t braide*it t brOMkASt .C dirvc

27、irt pFMbt FOE (dirretad prob* requwtJSTP-ltlK_FM? TP-LII_FWRprob*frote pmc*prob* pra*w probe pccte protoprobe profitfm Kil5ir*unt from K：M;541 ：K riqu*t Trw k：BS;.:43： Kriqiint request request requntrquac request rqu*ftfr K：a;W;1lM；1C fm DC：騎：黛：趴：酣：忧 froafro* K：U：S*：1 i：1C 什OH tK：M:M；n：7C；*t fr* D&

28、50:Et;M：7CiU frt bt：50:E$:0：M：4 fr (M:豹；E*：M：7C：轲HSCT Tp-UiJ_F17f MP-LH 加-TP Jffra 8C；*5iS6：91i6S；Kfrw C：M：M!*Vt：1Cff-ta DC：CD:CDfrw-TOfrv DC;tiD：B g：B4：曲fr4W Wtr ：1*：；2：5 - fro狛:泓 _ .皿S 5S S；m：S：5bMdCMi prob- rFt fr2）等待一段时间之后，扫描结束并显示结果，如下图Starting Miqp 6.40 ( http:worg ) at 2Q 16-0-04 21:M BN Stad:

29、 0:02:37 elapsed： 152 hostsService scan Tinirig： About Sft 46%Stats: Q;02:S5 elapsed 252 hostsServiceTlalngi Ahcmit 96.15N2p $2硏 report fo-r )92 IS.O 1Host is up (0a0057s latency.corapleted (3 up),. 3 undergoing Service Scan 6ooe; ETC： 21(0:00： 17 remainiing) conpleted (3 up)r 3 undergoing Service S

30、can done： ETC： 21：D9 (0:00.06 remaining)Not shoun PORT ao/tep 1041/tcp 1900/ttp 20001/tep 49152/tcp 49153/tep 49lS4/ttp:993closed portsSTATESERVICEVERSJOfJopenhttp?opendanf*ak2?openLipnpiipos 7.0open口 penlid knownopenunkrnawnopen吧PPortable(TP LINK TL-WDfi7Wa WAP 3.0； UPnP 1.0)SDK for UPnP devices 1.

31、6-6 (Linux 2汨一LSOK-9.2（三） 端口扫描1. 端口扫描1）使用平板连接我们组的 WiFi，打开菜单并运行Nmap程序，选择网络接口 2后确定 开启服务扫描，如下图 r o otl oca I host: /opt/pwrti x/ca pt ures/ nmap_scans= =s = = =-=ME)(T SERVICE FHH6ERPAIMT (SU6UIT nH#IftJALL”斧注訂SFrrn-TGP: V6.40I =7W=4/fflTiBe570 JO FBZSP=*rv71 - unkticwh -linus- gnueab SF； irt&etRequest

32、. 1CCO . HHP/lS. nx20200K200KVrnServr： K20RoutehxCHb 5F: scrverXrfiCcninectJLoni x2iDtlosernContent-Typei x2O tect/htalrnHWW-Axit 5F：lwitlcafe： VK20B551cAx；CirealniXwTP-ilNKx2QWirele5SK2MXjMx2QeaMXx2(- SF: labitXK20 Rou terx 2OWD R7 MOX wXrnr nnnTL亠WD SF: R750O.n METAx 2Oht tp -n4iETAA 賈 SF : 201111

33、 p - equ 1 v E Kpires X x 20 con ten t - S * wed ( M2026x20Febx201997Xx200B 21:57 SF: x2OGMnvff* nhnvar號 20111C pAutE rrorArr ayx2Q=X 9?2Dniewx2OAr r iy( nO r 5F:je200 p 0x20X ): nnXir rKstylex kzd t ype=H text/css% rrbody r SF: xce xcc X r n tkg r ownd - color: whi te: rnt5F:nwgin:Qpx;Arntp#dding:0

34、px; XrXrtrndlv. LgginBQxXrnrntdlsplay: SF. OiblKk； rntpositi&n; r el at i ve; rtmargin - tap r 10(; Xtrnt text-flilig5F: rt: CAihtAr； XrrXnVrXncliv - pdillTh电rftturgIn-tap: 10pk; rfAridi v SF : picDivrn tid th ： 457px; rntheight; 32Ip罠；XrMn- tbackgrocmd: urI( SF./login/loginbgA. pn*1 )lr(HTTPQptions

35、.filT.HTTP/ IX. 1 x2D501 M2N4ot%20Imp SF 1 ennerttedx.rxnserve：x20Rauterx20Webserverrxnconn-et11 on:A20closerW SF:Wtf-Authenticate; k2OBa5icx20irNlB= TP-LINKAxQWirelessx2QDua 1 K20Ban 5F: dJC2OG igabi tX20ROU ter x20WDR7 50Dir neon tent - Type: x20 tex t/h tnjArAM r SF:n! DOCTPE kxlOMTk) Lx20PUBL I

36、Cx20v*-/WiC/ /DTCiix2tiHTUL204,01 xZOTrani SFiil tion al/ENX*X2Orfi IxZd X2D http:,h3. OT_g/ TR/htfil4/lCN3$*. ded由下图可以看到，00这台机器是CentOS系统，使用了 MySQL5.1.73版数据库和Apache服务器，且上面有一个网站（端口为 80）SF; ion; x20closeUnDate x20Tue . x25-.70, -HTTP/IX, 1x2054) 1 siOUnimplementedrnServer: 5F : XZOunspeci f

37、 ied, KxZOUPnP/1 V. 0., x2OiJrispecif iedXrVnConnettion : k20匚Lose SF:XnCohterit-Length: k20OMAC Address: 14i7S0.AF.FiiDa (UrikrirDMn)Service Info: OS: LinuM； Device wap； CPE: cpe:/o liriux: llndx_Herftel: 2.6. Ji- lsdi?-9.2 0w6.6l6U日p 匚an report for 192- 1&B.C. 10Q iost 15 up (0.0042S IrtWEMl.lot -

38、shcMinclosed portsSTATE SERVICE VERSIOW!2/tcp 30/tcp lll/CCpJiDfi/tcpopen fnerl open openssh OpenSSH 5,3 (protocol 2 0) http Apciie hUpd 2.2- 15 (CentOS) r pc bind 2-4 (RPC IIIOOMO) mysql MySQL (umnulhorizedX Address； OT：ES：r tsPOttTSTATESERVICEVERSION22/Upopenssh(protacol2,0)135/tepopeniwsrpcMicrosoftWlndcwsRP匚13$/tcpopennet bi os -ssn443/CCpopenSl/hLtpMrtjr c Vlr tujKnLer 伙bserv丄t绘4457tcpopnnetbios5M/ccpperitsp?902/tcpopenssl/vniwiare-ythvh-hNsgire Authenticatio