INetSim模拟C2 这玩意比起nc来说更专业!
INetSim
INetSim是一个非常方便和强大的实用程序,允许你在一台机器上模拟一堆标准的Internet服务。默认情况下,它将模拟可以轻松调整的DNS,HTTP和SMTP。由于我们后续会将受害者机器配置为无Internet访问,因此我们需要使用INetSim进行模拟。
一 安装
从网上的反馈看, 自己安装InetSim这东西实在是太麻烦了, 而在kali linux中默认已经安装了这东西, 所以安装环节就略过, 不再赘述, 以下皆以kali下的配置运行为例说明
二 配置
主要的配置文件: /etc/inetsim/inetsim.conf
一般把这个配置项 打开,然后设置成本机IP就可以了, 其他的参考上面两个网址
service_bind_address 0.0.0.0
kali输入命令inetsim启动服务(注意有些Linux中需要在根目录下才能启动)
结尾处出现Simulation running即成功启动,在上面会报一个错误,这是inetsim缺少另一个服务导致,不影响实验,因此先不用理会。
我自己在kali里运行后的效果:
我们看下日志记录:perfect!就是我想要的c2效果!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 | sudo cat /var/log/inetsim/service.log[2022-10-01 05:58:03] [1624] [https_443_tcp 2337] [127.0.0.1:41662] connect[2022-10-01 05:58:03] [1624] [https_443_tcp 2337] [127.0.0.1:41662] info: Error setting up SSL: SSL accept attempt failed error:0A000412:SSL routines::sslv3 alert bad certificate[2022-10-01 05:58:03] [1624] [https_443_tcp 2337] [127.0.0.1:41662] disconnect[2022-10-01 05:58:03] [1624] [https_443_tcp 2338] [127.0.0.1:41664] connect[2022-10-01 05:58:03] [1624] [https_443_tcp 2338] [127.0.0.1:41664] info: Error setting up SSL: SSL accept attempt failed error:0A000412:SSL routines::sslv3 alert bad certificate[2022-10-01 05:58:03] [1624] [https_443_tcp 2338] [127.0.0.1:41664] disconnect[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] connect[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: GET / HTTP/1.1[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Host: localhost[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Accept-Language: en-US,en;q=0.5[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Accept-Encoding: gzip, deflate, br[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Connection: keep-alive[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Upgrade-Insecure-Requests: 1[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-Dest: document[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-Mode: navigate[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-Site: none[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-User: ?1[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] info: Request URL: https://localhost/[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] info: No matching file extension configured. Sending default fake file.[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: HTTP/1.1 200 OK[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Connection: Close[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Date: Sat, 01 Oct 2022 09:58:08 GMT[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Content-Type: text/html[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Content-Length: 258[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Server: INetSim HTTPs Server[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] stat: 1 method=GET url=https://localhost/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata=[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] disconnect[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] connect[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: GET /favicon.ico HTTP/1.1[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Host: localhost[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Accept: image/webp,*/*[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Accept-Language: en-US,en;q=0.5[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Accept-Encoding: gzip, deflate, br[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Connection: keep-alive[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Referer: https://localhost/[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Sec-Fetch-Dest: image[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Sec-Fetch-Mode: no-cors[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Sec-Fetch-Site: same-origin[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] info: Request URL: https://localhost/favicon.ico[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] info: Sending fake file configured for extension 'ico'.[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: HTTP/1.1 200 OK[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Date: Sat, 01 Oct 2022 09:58:08 GMT[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Content-Length: 198[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Content-Type: image/x-icon[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Connection: Close[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Server: INetSim HTTPs Server[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] info: Sending file: /var/lib/inetsim/http/fakefiles/favicon.ico[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] stat: 1 method=GET url=https://localhost/favicon.ico sent=/var/lib/inetsim/http/fakefiles/favicon.ico postdata=[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] disconnect[2022-10-01 05:59:34] [2704] [https_443_tcp 2835] [192.168.58.1:54903] connect[2022-10-01 05:59:34] [2704] [https_443_tcp 2835] [192.168.58.1:54903] info: Error setting up SSL: SSL accept attempt failed error:0A000412:SSL routines::sslv3 alert bad certificate[2022-10-01 05:59:34] [2704] [https_443_tcp 2835] [192.168.58.1:54903] disconnect[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] connect[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: GET / HTTP/1.1[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Host: 192.168.58.129[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Accept-Encoding: gzip, deflate, br[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Connection: keep-alive[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Upgrade-Insecure-Requests: 1[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-Dest: document[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-Mode: navigate[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-Site: none[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-User: ?1[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] info: Request URL: https://192.168.58.129/[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] info: No matching file extension configured. Sending default fake file.[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: HTTP/1.1 200 OK[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Content-Length: 258[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Connection: Close[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Server: INetSim HTTPs Server[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Date: Sat, 01 Oct 2022 09:59:37 GMT[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Content-Type: text/html[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] stat: 1 method=GET url=https://192.168.58.129/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata=[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] disconnect[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] connect[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: GET /favicon.ico HTTP/1.1[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Host: 192.168.58.129[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Accept: image/avif,image/webp,*/*[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Accept-Encoding: gzip, deflate, br[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Connection: keep-alive[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Referer: https://192.168.58.129/[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Sec-Fetch-Dest: image[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Sec-Fetch-Mode: no-cors[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Sec-Fetch-Site: same-origin[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] info: Request URL: https://192.168.58.129/favicon.ico[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] info: Sending fake file configured for extension 'ico'.[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: HTTP/1.1 200 OK[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Connection: Close[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Server: INetSim HTTPs Server[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Content-Length: 198[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Content-Type: image/x-icon[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Date: Sat, 01 Oct 2022 09:59:37 GMT[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] info: Sending file: /var/lib/inetsim/http/fakefiles/favicon.ico[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] stat: 1 method=GET url=https://192.168.58.129/favicon.ico sent=/var/lib/inetsim/http/fakefiles/favicon.ico postdata=[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] disconnect[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] connect[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: GET / HTTP/1.1[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Host: 192.168.58.129[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Accept-Language: en-US,en;q=0.5[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Accept-Encoding: gzip, deflate[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Connection: keep-alive[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Upgrade-Insecure-Requests: 1[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] info: Request URL: http://192.168.58.129/[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] info: No matching file extension configured. Sending default fake file.[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: HTTP/1.1 200 OK[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Content-Length: 258[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Server: INetSim HTTP Server[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Connection: Close[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Date: Sat, 01 Oct 2022 10:01:11 GMT[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Content-Type: text/html[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] stat: 1 method=GET url=http://192.168.58.129/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata=[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] disconnect[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] connect[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: GET /favicon.ico HTTP/1.1[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Host: 192.168.58.129[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Accept: image/webp,*/*[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Accept-Language: en-US,en;q=0.5[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Accept-Encoding: gzip, deflate[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Connection: keep-alive[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Referer: http://192.168.58.129/[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] info: Request URL: http://192.168.58.129/favicon.ico[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] info: Sending fake file configured for extension 'ico'.[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: HTTP/1.1 200 OK[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Content-Length: 198[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Server: INetSim HTTP Server[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Connection: Close[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Date: Sat, 01 Oct 2022 10:01:11 GMT[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Content-Type: image/x-icon[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] info: Sending file: /var/lib/inetsim/http/fakefiles/favicon.ico[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] stat: 1 method=GET url=http://192.168.58.129/favicon.ico sent=/var/lib/inetsim/http/fakefiles/favicon.ico postdata=[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] disconnect[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] connect[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: GET / HTTP/1.1[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Host: 192.168.58.129[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Accept-Language: en-US,en;q=0.5[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Accept-Encoding: gzip, deflate[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: DNT: 1[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Connection: keep-alive[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Upgrade-Insecure-Requests: 1[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Pragma: no-cache[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Cache-Control: no-cache[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] info: Request URL: http://192.168.58.129/[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] info: No matching file extension configured. Sending default fake file.[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: HTTP/1.1 200 OK[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Server: INetSim HTTP Server[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Connection: Close[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Content-Length: 258[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Content-Type: text/html[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Date: Sat, 01 Oct 2022 10:02:42 GMT[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] stat: 1 method=GET url=http://192.168.58.129/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata=[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] disconnect |
2、在win10中下载安装Apatedns后打开,在DNS Reply IP处添加需要将请求包欺骗至的IP地址,即kali dns服务器的ip地址,然后点击Start Server开启工具。
==》自己修改hosts文件也可以,所以问题不大!
3、在win10中双击运行Lab01-03.exe,若出现的页面如下,则实验成功
我们也可以从ApateDNS中看到该恶意代码请求访问了www.malwarenalysisbook.com这个网址
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· DeepSeek 开源周回顾「GitHub 热点速览」
2020-10-01 gdb list命令查看源码 break设置断点可以通过源码也可以根据汇编代码地址设置
2020-10-01 Error disabling address space randomization: Operation not permitted