ztbzx.xmu.edu.cn · web...
TRANSCRIPT
8 714
5.3
“”
18
1
2
3
4
5
12011300
3
1
2.
4.
6
7
8
9
11
1
1. 2U12210CPU256G8*600GB SAS 8SAS RAID1G50
2.
1
2
3. //
4.
5.
6.
7.
8.
10.
1
3
1.
2.
3.
4.
1
4
4.
5.
6. web
7. WEBWEB
3.
4. IP
1.
2.
3.
1
7
2.
3.
1
8
1.
2.
3. CPU
5. 100
1
9
2.
3.
4.
1
10
2. LinuxLinuxLinuxLinuxrootLinuxinitVimLinuxDockerDockerTcpdumpLinuxLinuxLinux
3. LinuxiptablessshmysqliptablessshmysqlLinuxFTPsuSSHNFSBashsyslogdLinuxviNFSLinuxWEBFTPshellSAMBASquidLinuxLinuxTCP/IPNFSApacheLinuxNmapLinuxApacheLinuxLinuxLinuxLinuxlinuxlinux
4. WindowsIISWWWNTIISFTPWindows-NTWindowsWindowsWindowswindowswindows xpFTPWindowsWindowstskillwindow2000-2017Windows2003DoSWindows2003--LicenseCrawler
5. linuxLinuxftpLinuxWindowswindowswindows 2003 Windows FTPWindowsxpVPNwindowsVPNwindowswindowsNCIIS3389superscanIE
6. CCASCIICCwhilewhileforforwhiledo...whileCifCswitchCbreakcCCCCCCCC
7. C#.NET4.0C#C#C#C#LINQC#Lambda
8. WiresharkTCPWiresharkUDPWiresharkARPWiresharkHTTPFTPDHCPARPIPTCPHTTPICMP
9. ---IP---STP-VLAN-VTP--HSRP-ACL-ACL-ACLNAT-NATNAT-NATNAT-PATVPN-GREVPN-IPsec VPNTCP/IPNATVPN
1
11
2. Zmap-ZmapZmap-ZmapZmap-ZmapZmap-ZmapZmap-ZmapNmap-NmapNmap-NmapNmap-NmapNmap-NmapX-Scan-X-Scan-X-Scan-AWVS-AWVSAWVS-AWVS HTTP editorAWVS-HTTP fuzzAWVS-HTTP fuzzsqlAWVS-HTTP snifferAWVS-Site CrawerAWVS-Target FinderAWVS-AWVS-AWVS-401
3. WEB-wwwscan-pk-SQL-sqlSQL-sqlSQL-sqlSQL-sqlSQL-sqluseragentSQL-sqlSQL-sqlSQL-sqlboolSQL-sqlsleepSQL-sqlupdateSQL-sqlPOSTSQL-sqlcookieSQLMap-SQLMapSQLMap-SQLMapmysqlSQLMap-SQLMapaccessSQLMap-SQLMapcookieSQLMap-SQLMappostSQLMap-SQLMapSQLMap-SQLMapshellSQLMap-SQLMapSQLMap-SQLMapSQLMap-SQLMapWAFSQLMap-SQLMapXSS-DOMXSSXSS-XSSXSS-XSSXSS-()XSS-()XSS-()XSS-(onclick)XSS-()CSRF-GETCSRF-POST-PHP-PHP-PHP-file---webshell-shell-shell--php-php-php-php-php cgi(nginx)-Apache-apahce-IIS-burpsuitshell-shell--ASPX-JSP-php-JBosswar-weblogicwar-tomcatwar2017-tomcat
5. -HTTP---OneFileEXEMaker-ProRat---widthness---IPC$--shellcode-DNS--vpn
6. -TCPDumpUDP-cacca-pingtracert---IIS-Iris-CC-Windows--NET--NC-vpn-DoS--Shadow database scanner--unixunix--Linux--Tftpd32--Firewall-DiskGenius-regtool-FTP-Windows-RunAs-Removeitpro-----IPCheck-(SpotAuditor)--MING Bandwidth Monitor-winroute---IPC$-IPC$-Windows-Windows--Windows-wcehash--at---PwDumpHash-hash
7. -Windows-Windows-web--
9. WEBStruts2CMS
10. -Saminside-HASH-MD5-GetHashes-Brutus-3DES-MD5--RSA-LC5-RC4-John---DES-RSA--AES---Elgamal--DSA-SSH-word-PPT--2017-2017-2017-DSA2017-SSH2017-word2017-PPT2017--BCTextEncoder-CrypTool-HashCalc-MD5 Calculator-Rohos-TrueCrypt-PKI-PGPPKI-MD5sumHASHPKI-SSHPKI-windows 2003 CA-WindowsIC-access--linux-office-Windows-md52017-2017-windows EFS-
11. MetasploitMetasploitMetasploitnmapTCPMetasploitMetasploitMetasploittelnetsshtomcatms08-067ms10-018ms10-018
12. POCPoCPoCPoCPoCData Retrieval over DNSPoCCVECVECVECVE;
1
12
2. 12
3. ;
4.
2.
1. B/S
2. RAMCTFCPU
3. LOGO
4. CTFCTF
5. CTF
6. WEB
7.
8. LOGO
9.
10.
11. LOGO
13. IPCTFWEB
14. CTF
15. CTF
16. 3D
17. CTF
18.
1
3
2. 12
3. ;
4. 1;2;1;2;
2. AMP+4G≥1806/1U610/100/1000M1,1Console 64G SSD
3.
4. NAT
5. VLAN
6.
2. IPS600M1U610/100/1000M2Bypass
3. 1000IMP2P
4.
7. ///
1
2
2
33
4
15
1
1
2
3
“”“”“”“”
“”“”
“ ”
3
1
2
3
4
4
5
7
8
5
1-2
6
1-3
4
1-4
22
4
1-5
2IPSVPN14
32
8
1-6
12
22
4
1-7
2
1-8
22
4
1-9
2CTF 2
4
1-10
1Ping of DeathTeardropIPTCPSmurfFraggleLandWinnukeDNSIP2
2IP2
3MD52
6
1-11
3
1-12
1DNS FloodHTTP FloodTCNS1
2HTTP/FTP/POP3/SMTP/IMAP/SMB61
4“”“”“3”“Struts”“Struts2”“Xshell”CVEIDCNNVDID1
5URL/IPURL1
5
3
2-2
3
2-3
2113
32
7
2-4
2
30
2011181______
1.2011300______
2.____________
()
2
2
“” %
“”
2
4[2017]141
330
“”“//…”
“”
“”
2“”[2012]124
3
2
2
/
2
2
12
2
2
12
15
“”“”“”
2
……
“”
“”
1.
2.
5.
6.
_____________________
_____________________
2
1
2
2.2
3
3.1
3.2
4
4.2
5
6()
7
5
95 5
a. %
10
14
15
15.2
15.3
5.3
“”
18
1
2
3
4
5
12011300
3
1
2.
4.
6
7
8
9
11
1
1. 2U12210CPU256G8*600GB SAS 8SAS RAID1G50
2.
1
2
3. //
4.
5.
6.
7.
8.
10.
1
3
1.
2.
3.
4.
1
4
4.
5.
6. web
7. WEBWEB
3.
4. IP
1.
2.
3.
1
7
2.
3.
1
8
1.
2.
3. CPU
5. 100
1
9
2.
3.
4.
1
10
2. LinuxLinuxLinuxLinuxrootLinuxinitVimLinuxDockerDockerTcpdumpLinuxLinuxLinux
3. LinuxiptablessshmysqliptablessshmysqlLinuxFTPsuSSHNFSBashsyslogdLinuxviNFSLinuxWEBFTPshellSAMBASquidLinuxLinuxTCP/IPNFSApacheLinuxNmapLinuxApacheLinuxLinuxLinuxLinuxlinuxlinux
4. WindowsIISWWWNTIISFTPWindows-NTWindowsWindowsWindowswindowswindows xpFTPWindowsWindowstskillwindow2000-2017Windows2003DoSWindows2003--LicenseCrawler
5. linuxLinuxftpLinuxWindowswindowswindows 2003 Windows FTPWindowsxpVPNwindowsVPNwindowswindowsNCIIS3389superscanIE
6. CCASCIICCwhilewhileforforwhiledo...whileCifCswitchCbreakcCCCCCCCC
7. C#.NET4.0C#C#C#C#LINQC#Lambda
8. WiresharkTCPWiresharkUDPWiresharkARPWiresharkHTTPFTPDHCPARPIPTCPHTTPICMP
9. ---IP---STP-VLAN-VTP--HSRP-ACL-ACL-ACLNAT-NATNAT-NATNAT-PATVPN-GREVPN-IPsec VPNTCP/IPNATVPN
1
11
2. Zmap-ZmapZmap-ZmapZmap-ZmapZmap-ZmapZmap-ZmapNmap-NmapNmap-NmapNmap-NmapNmap-NmapX-Scan-X-Scan-X-Scan-AWVS-AWVSAWVS-AWVS HTTP editorAWVS-HTTP fuzzAWVS-HTTP fuzzsqlAWVS-HTTP snifferAWVS-Site CrawerAWVS-Target FinderAWVS-AWVS-AWVS-401
3. WEB-wwwscan-pk-SQL-sqlSQL-sqlSQL-sqlSQL-sqlSQL-sqluseragentSQL-sqlSQL-sqlSQL-sqlboolSQL-sqlsleepSQL-sqlupdateSQL-sqlPOSTSQL-sqlcookieSQLMap-SQLMapSQLMap-SQLMapmysqlSQLMap-SQLMapaccessSQLMap-SQLMapcookieSQLMap-SQLMappostSQLMap-SQLMapSQLMap-SQLMapshellSQLMap-SQLMapSQLMap-SQLMapSQLMap-SQLMapWAFSQLMap-SQLMapXSS-DOMXSSXSS-XSSXSS-XSSXSS-()XSS-()XSS-()XSS-(onclick)XSS-()CSRF-GETCSRF-POST-PHP-PHP-PHP-file---webshell-shell-shell--php-php-php-php-php cgi(nginx)-Apache-apahce-IIS-burpsuitshell-shell--ASPX-JSP-php-JBosswar-weblogicwar-tomcatwar2017-tomcat
5. -HTTP---OneFileEXEMaker-ProRat---widthness---IPC$--shellcode-DNS--vpn
6. -TCPDumpUDP-cacca-pingtracert---IIS-Iris-CC-Windows--NET--NC-vpn-DoS--Shadow database scanner--unixunix--Linux--Tftpd32--Firewall-DiskGenius-regtool-FTP-Windows-RunAs-Removeitpro-----IPCheck-(SpotAuditor)--MING Bandwidth Monitor-winroute---IPC$-IPC$-Windows-Windows--Windows-wcehash--at---PwDumpHash-hash
7. -Windows-Windows-web--
9. WEBStruts2CMS
10. -Saminside-HASH-MD5-GetHashes-Brutus-3DES-MD5--RSA-LC5-RC4-John---DES-RSA--AES---Elgamal--DSA-SSH-word-PPT--2017-2017-2017-DSA2017-SSH2017-word2017-PPT2017--BCTextEncoder-CrypTool-HashCalc-MD5 Calculator-Rohos-TrueCrypt-PKI-PGPPKI-MD5sumHASHPKI-SSHPKI-windows 2003 CA-WindowsIC-access--linux-office-Windows-md52017-2017-windows EFS-
11. MetasploitMetasploitMetasploitnmapTCPMetasploitMetasploitMetasploittelnetsshtomcatms08-067ms10-018ms10-018
12. POCPoCPoCPoCPoCData Retrieval over DNSPoCCVECVECVECVE;
1
12
2. 12
3. ;
4.
2.
1. B/S
2. RAMCTFCPU
3. LOGO
4. CTFCTF
5. CTF
6. WEB
7.
8. LOGO
9.
10.
11. LOGO
13. IPCTFWEB
14. CTF
15. CTF
16. 3D
17. CTF
18.
1
3
2. 12
3. ;
4. 1;2;1;2;
2. AMP+4G≥1806/1U610/100/1000M1,1Console 64G SSD
3.
4. NAT
5. VLAN
6.
2. IPS600M1U610/100/1000M2Bypass
3. 1000IMP2P
4.
7. ///
1
2
2
33
4
15
1
1
2
3
“”“”“”“”
“”“”
“ ”
3
1
2
3
4
4
5
7
8
5
1-2
6
1-3
4
1-4
22
4
1-5
2IPSVPN14
32
8
1-6
12
22
4
1-7
2
1-8
22
4
1-9
2CTF 2
4
1-10
1Ping of DeathTeardropIPTCPSmurfFraggleLandWinnukeDNSIP2
2IP2
3MD52
6
1-11
3
1-12
1DNS FloodHTTP FloodTCNS1
2HTTP/FTP/POP3/SMTP/IMAP/SMB61
4“”“”“3”“Struts”“Struts2”“Xshell”CVEIDCNNVDID1
5URL/IPURL1
5
3
2-2
3
2-3
2113
32
7
2-4
2
30
2011181______
1.2011300______
2.____________
()
2
2
“” %
“”
2
4[2017]141
330
“”“//…”
“”
“”
2“”[2012]124
3
2
2
/
2
2
12
2
2
12
15
“”“”“”
2
……
“”
“”
1.
2.
5.
6.
_____________________
_____________________
2
1
2
2.2
3
3.1
3.2
4
4.2
5
6()
7
5
95 5
a. %
10
14
15
15.2
15.3