Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

基于virtualbox的网络攻防环境搭建 #72

Closed
wants to merge 2 commits into from
Closed

基于virtualbox的网络攻防环境搭建 #72

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1440481
Create README
tyushua1 Oct 8, 2017
22f0672
基于virtualbox的 网络攻防环境搭建
tyushua1 Oct 8, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions 2017-2/ys/README
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
网络安全&移动互联网安全作业
47 changes: 47 additions & 0 deletions 2017-2/ys/基于virtualbox的网络攻防环境搭建.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# chap0x01 基于VirtualBox的网络攻防基础环境搭建

- 要求与完成情况概括
- 节点:靶机、网关、攻击者主机
- 连通性
   靶机可以直接访问攻击者主机(√)
   攻击者主机无法直接访问靶机(√)
   网关可以直接访问攻击者主机和靶机(√)
   靶机的所有对外上下行流量必须经过网关(√)
   所有节点均可以访问互联网(×)
- 其他要求
   所有节点制作成基础镜像(多重加载的虚拟硬盘)(√)
- 配置情况
kali:网关
kali-victim:靶机
kali-attacker:攻击者

- 网关设置转发功能
![](https://i.imgur.com/qWIyD4e.png)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

没有看见你在网关处给靶机设置ip转发规则,这也可能是后面靶机无法访问外网的原因。

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这里没有看见你在网关设置靶机的ip转发规则,这也可能是后面靶机不能访问互联网的原因。

- 靶机(NAT网络):
![](https://i.imgur.com/A3Dbo7r.png)
- 攻击者(桥接):
![](https://i.imgur.com/vBzZFNx.png)
- 网关(对应靶机:eth0-NAT网络、对应攻击者:eth1-桥接):
![](https://i.imgur.com/H7hs3eq.png)
- 连通情况
- 靶机可以访问攻击者主机
![](https://i.imgur.com/eEPFjj8.png)
- 攻击者主机无法直接访问靶机(iptables)
![](https://i.imgur.com/0ulhkXR.png)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这里不需要给靶机的防火墙设置规则,攻击主机就应该无法访问靶机。

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这里不需要给靶机设置防火墙规则,请看

![](https://i.imgur.com/X0cjN3O.png)
- 网关可以直接访问攻击者主机和靶机
![](https://i.imgur.com/hIeJxIN.png)
- 靶机所有上下行流量必须经过网关
![](https://i.imgur.com/ha4WsBe.png)
- 所有节点可以访问互联网(未完成:攻击者和网关可以、靶机不可以,网关route设置不成功)
![](https://i.imgur.com/1NBdp1r.png)
![](https://i.imgur.com/OLahWE9.png)
添加默认路由没有显示出错,但是查看路由表并没有添加进去
![](https://i.imgur.com/tklTzol.png)
查看靶机网卡上抓的包,数据到达192.168.1.1(默认路由选择的网关)就转发不到10.0.2.15(靶机)了,想添加一条新的默认路由(10.0.2.16,靶机的网关),但是没有成功。
- 所有节点制作成基础镜像(多重加载的虚拟硬盘)
![](https://i.imgur.com/jntJq8K.png)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

这里只能看见靶机节点制作成了基础镜像。