INetSim模拟C2 这玩意比起nc来说更专业!

INetSim

INetSim是一个非常方便和强大的实用程序,允许你在一台机器上模拟一堆标准的Internet服务。默认情况下,它将模拟可以轻松调整的DNS,HTTP和SMTP。由于我们后续会将受害者机器配置为无Internet访问,因此我们需要使用INetSim进行模拟。

一 安装

  从网上的反馈看, 自己安装InetSim这东西实在是太麻烦了, 而在kali linux中默认已经安装了这东西, 所以安装环节就略过, 不再赘述, 以下皆以kali下的配置运行为例说明

二 配置

  主要的配置文件: /etc/inetsim/inetsim.conf

    一般把这个配置项 打开,然后设置成本机IP就可以了, 其他的参考上面两个网址

    service_bind_address 0.0.0.0


kali输入命令inetsim启动服务(注意有些Linux中需要在根目录下才能启动)
结尾处出现Simulation running即成功启动,在上面会报一个错误,这是inetsim缺少另一个服务导致,不影响实验,因此先不用理会。
在这里插入图片描述

我自己在kali里运行后的效果:

 

 

 我们看下日志记录:perfect!就是我想要的c2效果!

sudo cat /var/log/inetsim/service.log
[2022-10-01 05:58:03] [1624] [https_443_tcp 2337] [127.0.0.1:41662] connect
[2022-10-01 05:58:03] [1624] [https_443_tcp 2337] [127.0.0.1:41662] info: Error setting up SSL:  SSL accept attempt failed error:0A000412:SSL routines::sslv3 alert bad certificate
[2022-10-01 05:58:03] [1624] [https_443_tcp 2337] [127.0.0.1:41662] disconnect
[2022-10-01 05:58:03] [1624] [https_443_tcp 2338] [127.0.0.1:41664] connect
[2022-10-01 05:58:03] [1624] [https_443_tcp 2338] [127.0.0.1:41664] info: Error setting up SSL:  SSL accept attempt failed error:0A000412:SSL routines::sslv3 alert bad certificate
[2022-10-01 05:58:03] [1624] [https_443_tcp 2338] [127.0.0.1:41664] disconnect
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] connect
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: GET / HTTP/1.1
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Host: localhost
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Accept-Language: en-US,en;q=0.5
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Accept-Encoding: gzip, deflate, br
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Connection: keep-alive
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Upgrade-Insecure-Requests: 1
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-Dest: document
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-Mode: navigate
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-Site: none
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-User: ?1
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] info: Request URL: https://localhost/
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] info: No matching file extension configured. Sending default fake file.
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: HTTP/1.1 200 OK
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Connection: Close
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Date: Sat, 01 Oct 2022 09:58:08 GMT
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Content-Type: text/html
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Content-Length: 258
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Server: INetSim HTTPs Server
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] stat: 1 method=GET url=https://localhost/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata=
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] disconnect
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] connect
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: GET /favicon.ico HTTP/1.1
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Host: localhost
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Accept: image/webp,*/*
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Accept-Language: en-US,en;q=0.5
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Accept-Encoding: gzip, deflate, br
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Connection: keep-alive
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Referer: https://localhost/
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Sec-Fetch-Dest: image
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Sec-Fetch-Mode: no-cors
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Sec-Fetch-Site: same-origin
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] info: Request URL: https://localhost/favicon.ico
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] info: Sending fake file configured for extension 'ico'.
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: HTTP/1.1 200 OK
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Date: Sat, 01 Oct 2022 09:58:08 GMT
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Content-Length: 198
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Content-Type: image/x-icon
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Connection: Close
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Server: INetSim HTTPs Server
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] info: Sending file: /var/lib/inetsim/http/fakefiles/favicon.ico
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] stat: 1 method=GET url=https://localhost/favicon.ico sent=/var/lib/inetsim/http/fakefiles/favicon.ico postdata=
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] disconnect
[2022-10-01 05:59:34] [2704] [https_443_tcp 2835] [192.168.58.1:54903] connect
[2022-10-01 05:59:34] [2704] [https_443_tcp 2835] [192.168.58.1:54903] info: Error setting up SSL:  SSL accept attempt failed error:0A000412:SSL routines::sslv3 alert bad certificate
[2022-10-01 05:59:34] [2704] [https_443_tcp 2835] [192.168.58.1:54903] disconnect
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] connect
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: GET / HTTP/1.1
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Host: 192.168.58.129
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Accept-Encoding: gzip, deflate, br
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Connection: keep-alive
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Upgrade-Insecure-Requests: 1
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-Dest: document
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-Mode: navigate
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-Site: none
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-User: ?1
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] info: Request URL: https://192.168.58.129/
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] info: No matching file extension configured. Sending default fake file.
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: HTTP/1.1 200 OK
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Content-Length: 258
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Connection: Close
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Server: INetSim HTTPs Server
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Date: Sat, 01 Oct 2022 09:59:37 GMT
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Content-Type: text/html
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] stat: 1 method=GET url=https://192.168.58.129/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata=
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] disconnect
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] connect
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: GET /favicon.ico HTTP/1.1
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Host: 192.168.58.129
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Accept: image/avif,image/webp,*/*
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Accept-Encoding: gzip, deflate, br
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Connection: keep-alive
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Referer: https://192.168.58.129/
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Sec-Fetch-Dest: image
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Sec-Fetch-Mode: no-cors
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Sec-Fetch-Site: same-origin
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] info: Request URL: https://192.168.58.129/favicon.ico
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] info: Sending fake file configured for extension 'ico'.
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: HTTP/1.1 200 OK
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Connection: Close
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Server: INetSim HTTPs Server
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Content-Length: 198
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Content-Type: image/x-icon
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Date: Sat, 01 Oct 2022 09:59:37 GMT
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] info: Sending file: /var/lib/inetsim/http/fakefiles/favicon.ico
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] stat: 1 method=GET url=https://192.168.58.129/favicon.ico sent=/var/lib/inetsim/http/fakefiles/favicon.ico postdata=
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] disconnect
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] connect
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: GET / HTTP/1.1
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Host: 192.168.58.129
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Accept-Language: en-US,en;q=0.5
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Accept-Encoding: gzip, deflate
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Connection: keep-alive
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Upgrade-Insecure-Requests: 1
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] info: Request URL: http://192.168.58.129/
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] info: No matching file extension configured. Sending default fake file.
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: HTTP/1.1 200 OK
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Content-Length: 258
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Server: INetSim HTTP Server
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Connection: Close
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Date: Sat, 01 Oct 2022 10:01:11 GMT
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Content-Type: text/html
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] stat: 1 method=GET url=http://192.168.58.129/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata=
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] disconnect
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] connect
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: GET /favicon.ico HTTP/1.1
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Host: 192.168.58.129
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Accept: image/webp,*/*
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Accept-Language: en-US,en;q=0.5
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Accept-Encoding: gzip, deflate
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Connection: keep-alive
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Referer: http://192.168.58.129/
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] info: Request URL: http://192.168.58.129/favicon.ico
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] info: Sending fake file configured for extension 'ico'.
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: HTTP/1.1 200 OK
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Content-Length: 198
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Server: INetSim HTTP Server
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Connection: Close
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Date: Sat, 01 Oct 2022 10:01:11 GMT
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Content-Type: image/x-icon
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] info: Sending file: /var/lib/inetsim/http/fakefiles/favicon.ico
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] stat: 1 method=GET url=http://192.168.58.129/favicon.ico sent=/var/lib/inetsim/http/fakefiles/favicon.ico postdata=
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] disconnect
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] connect
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: GET / HTTP/1.1
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Host: 192.168.58.129
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Accept-Language: en-US,en;q=0.5
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Accept-Encoding: gzip, deflate
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: DNT: 1
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Connection: keep-alive
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Upgrade-Insecure-Requests: 1
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Pragma: no-cache
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Cache-Control: no-cache
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] info: Request URL: http://192.168.58.129/
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] info: No matching file extension configured. Sending default fake file.
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: HTTP/1.1 200 OK
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Server: INetSim HTTP Server
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Connection: Close
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Content-Length: 258
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Content-Type: text/html
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Date: Sat, 01 Oct 2022 10:02:42 GMT
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] stat: 1 method=GET url=http://192.168.58.129/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata=
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] disconnect

 


2、在win10中下载安装Apatedns后打开,在DNS Reply IP处添加需要将请求包欺骗至的IP地址,即kali dns服务器的ip地址,然后点击Start Server开启工具。
在这里插入图片描述 ==》自己修改hosts文件也可以,所以问题不大!

3、在win10中双击运行Lab01-03.exe,若出现的页面如下,则实验成功
在这里插入图片描述

我们也可以从ApateDNS中看到该恶意代码请求访问了www.malwarenalysisbook.com这个网址
在这里插入图片描述

 
posted @ 2022-10-01 18:03  bonelee  阅读(317)  评论(0编辑  收藏  举报