网络安全渗透测试与防护

本书根据网络安全服务工程师的技能要求及网络安全管理与评估赛项规范，以网络安全服务工程师的工作情景为主线进行边写 ，内容包括搭建网络攻防环境、信息收集与漏洞扫描、 LINUX系统渗透测试与加固、 WINDOWS系统渗透测试与加固、数据库系统渗透测试与加固、信息系统应急响应、 Web系统安全性测试、无线网络安全性测试。本书内容针对性、适用性强，在同类高职院校网络安全类类教材中是一部具有先进性的"岗课赛证融通”教材。

项目一 渗透测试环境搭建 ·······································································.1 1.1 项目情境 ······················································································.2 1.2 项目任务 ······················································································.3 任务 1-1 安装与配置 Kali Linux 操作机 ··············································.3 任务 1-2 安装与管理 Kali Linux 软件 ················································.21 任务 1-3 安装与配置 Linux 靶机 ······················································.26 任务 1-4 安装与配置 Windows 靶机 ··················································.30 1.3 项目拓展――渗透测试方法论 ··························································.45 1.4 练习题 ························································································.48 项目二 信息收集与漏洞扫描 ···································································.50 2.1 项目情境 ·····················································································.51 2.2 项目任务 ·····················································································.51 任务 2-1 通过公开网站收集信息 ·····················································.51 任务 2-2 使用 Nmap 工具收集信息 ··················································.56 任务 2-3 使用 Nmap 工具扫描漏洞 ··················································.61 任务 2-4 使用 Nessus 工具扫描漏洞 ·················································.65 任务 2-5 检查主机弱口令 ······························································.74 2.3 项目拓展――深入认识漏洞 ·····························································.78 2.4 练习题 ························································································.79 网络安全 渗透测试与防护 VI 项目三 Linux 操作系统渗透测试与加固 ·····················································.81 3.1 项目情境 ·····················································································.82 3.2 项目任务 ·····················································································.82 任务 3-1 利用 vsFTPd 后门漏洞进行渗透测试 ····································.82 任务 3-2 利用 Samba MS-RPC Shell 命令注入漏洞进行渗透测试 ·················.87 任务 3-3 利用 Samba Sysmlink 默认配置目录遍历漏洞进行渗透测试 ··········.90 任务 3-4 利用脏牛漏洞提升权限 ·····················································.94 任务 3-5 Linux 操作系统安全加固 ····················································.97 3.3 项目拓展――脏牛漏洞利用思路解析 ···············································.101 3.4 练习题 ······················································································.102 项目四 Windows 操作系统渗透测试与加固 ··············································.104 4.1 项目情境 ···················································································.105 4.2 项目任务 ···················································································.105 任务 4-1 利用 MS17_010_externalblue 漏洞进行渗透测试 ····················.105 任务 4-2 利用 CVE-2019-0708 漏洞进行渗透测试 ······························.113 任务 4-3 利用 Trusted Service Paths 漏洞提权 ····································.117 任务 4-4 社会工程学攻击测试 ······················································.123 任务 4-5 利用 CVE-2020-0796 漏洞进行渗透测试 ······························.126 任务 4-6 Windows 操作系统安全加固 ·············································.133 4.3 项目拓展――社会工程学工具包 ·····················································.144 4.4 练习题 ······················································································.145 项目五 数据库系统渗透测试与加固 ························································.147 5.1 项目情境 ···················································································.148 5.2 项目任务 ···················································································.148 任务 5-1 暴力破解 MySQL 弱口令 ·················································.148 任务 5-2 利用 UDF 对 MySQL 数据库提权 ·······································.153 任务 5-3 利用弱口令对 SQL Server 数据库进行渗透测试 ····················.159 目录 VII 任务 5-4 利用 SQL Server 数据库的 xp_cmdshell 组件提权 ···················.163 任务 5-5 数据库系统安全加固 ······················································.167 5.3 项目拓展――MySQL 数据库权限深入解析 ········································.172 5.4 练习题 ······················································································.174 项目六 无线网络渗透测试与加固 ···························································.176 6.1 项目情境 ···················································································.177 6.2 项目任务 ···················································································.177 任务 6-1 无线网络嗅探 ·······························································.177 任务 6-2 破解 WEP 加密的无线网络 ··············································.182 任务 6-3 对 WPS 渗透测试 ···························································.186 任务 6-4 伪造钓鱼热点获取密码 ···················································.189 任务 6-5 无线网络安全加固 ·························································.198 6.3 项目拓展――WiFi 加密算法 ··························································.201 6.4 练习题 ······················································································.202 项目七 渗透测试报告撰写与沟通汇报 ·····················································.205 7.1 项目情境 ···················································································.206 7.2 项目任务 ···················································································.206 任务 7-1 渗透测试报告撰写 ·························································.206 任务 7-2 项目沟通汇报 ·······························································.211 7.3 项目拓展-问题回答技巧 ·······························································.212 7.4 练习题 ······················································································.213 参考文献 ····························································································.215 严正声明 ····························································································.216