本書根據(jù)網(wǎng)絡(luò)安全服務(wù)工程師的技能要求及網(wǎng)絡(luò)安全管理與評估賽項規(guī)范,以網(wǎng)絡(luò)安全服務(wù)工程師的工作情景為主線進行邊寫 ,內(nèi)容包括搭建網(wǎng)絡(luò)攻防環(huán)境、信息收集與漏洞掃描、 LINUX系統(tǒng)滲透測試與加固、 WINDOWS系統(tǒng)滲透測試與加固、數(shù)據(jù)庫系統(tǒng)滲透測試與加固、信息系統(tǒng)應(yīng)急響應(yīng)、 Web系統(tǒng)安全性測試、無線網(wǎng)絡(luò)安全性測試。本書內(nèi)容針對性、適用性強,在同類高職院校網(wǎng)絡(luò)安全類類教材中是一部具有先進性的"崗課賽證融通”教材。
王立進,山東科技職業(yè)學(xué)院副教授,國家級職業(yè)教育教師教學(xué)創(chuàng)新團隊成員,曾獲國家級教學(xué)成果二等獎、山東省教學(xué)成果特等獎,具有CISSP、CCNP、PMP等專業(yè)認證證書。精通WEB攻防、防火墻、入侵檢測、信息安全管理與評估等技術(shù)。具有在啟明星辰等知名信息安全公司超過20年的企業(yè)工作經(jīng)驗,期間曾被聘任為北京郵電大學(xué)計算機學(xué)院兼職副教授、碩士研究生企業(yè)導(dǎo)師
項目一 滲透測試環(huán)境搭建 ·······································································.1
1.1 項目情境 ······················································································.2
1.2 項目任務(wù) ······················································································.3
任務(wù) 1-1 安裝與配置 Kali Linux 操作機 ··············································.3
任務(wù) 1-2 安裝與管理 Kali Linux 軟件 ················································.21
任務(wù) 1-3 安裝與配置 Linux 靶機 ······················································.26
任務(wù) 1-4 安裝與配置 Windows 靶機 ··················································.30
1.3 項目拓展——滲透測試方法論 ··························································.45
1.4 練習(xí)題 ························································································.48
項目二 信息收集與漏洞掃描 ···································································.50
2.1 項目情境 ·····················································································.51
2.2 項目任務(wù) ·····················································································.51
任務(wù) 2-1 通過公開網(wǎng)站收集信息 ·····················································.51
任務(wù) 2-2 使用 Nmap 工具收集信息 ··················································.56
任務(wù) 2-3 使用 Nmap 工具掃描漏洞 ··················································.61
任務(wù) 2-4 使用 Nessus 工具掃描漏洞 ·················································.65
任務(wù) 2-5 檢查主機弱口令 ······························································.74
2.3 項目拓展——深入認識漏洞 ·····························································.78
2.4 練習(xí)題 ························································································.79
網(wǎng)絡(luò)安全 滲透測試與防護
VI
項目三 Linux 操作系統(tǒng)滲透測試與加固 ·····················································.81
3.1 項目情境 ·····················································································.82
3.2 項目任務(wù) ·····················································································.82
任務(wù) 3-1 利用 vsFTPd 后門漏洞進行滲透測試 ····································.82
任務(wù) 3-2 利用 Samba MS-RPC Shell 命令注入漏洞進行滲透測試 ·················.87
任務(wù) 3-3 利用 Samba Sysmlink 默認配置目錄遍歷漏洞進行滲透測試 ··········.90
任務(wù) 3-4 利用臟牛漏洞提升權(quán)限 ·····················································.94
任務(wù) 3-5 Linux 操作系統(tǒng)安全加固 ····················································.97
3.3 項目拓展——臟牛漏洞利用思路解析 ···············································.101
3.4 練習(xí)題 ······················································································.102
項目四 Windows 操作系統(tǒng)滲透測試與加固 ··············································.104
4.1 項目情境 ···················································································.105
4.2 項目任務(wù) ···················································································.105
任務(wù) 4-1 利用 MS17_010_externalblue 漏洞進行滲透測試 ····················.105
任務(wù) 4-2 利用 CVE-2019-0708 漏洞進行滲透測試 ······························.113
任務(wù) 4-3 利用 Trusted Service Paths 漏洞提權(quán) ····································.117
任務(wù) 4-4 社會工程學(xué)攻擊測試 ······················································.123
任務(wù) 4-5 利用 CVE-2020-0796 漏洞進行滲透測試 ······························.126
任務(wù) 4-6 Windows 操作系統(tǒng)安全加固 ·············································.133
4.3 項目拓展——社會工程學(xué)工具包 ·····················································.144
4.4 練習(xí)題 ······················································································.145
項目五 數(shù)據(jù)庫系統(tǒng)滲透測試與加固 ························································.147
5.1 項目情境 ···················································································.148
5.2 項目任務(wù) ···················································································.148
任務(wù) 5-1 暴力破解 MySQL 弱口令 ·················································.148
任務(wù) 5-2 利用 UDF 對 MySQL 數(shù)據(jù)庫提權(quán) ·······································.153
任務(wù) 5-3 利用弱口令對 SQL Server 數(shù)據(jù)庫進行滲透測試 ····················.159
目錄
VII
任務(wù) 5-4 利用 SQL Server 數(shù)據(jù)庫的 xp_cmdshell 組件提權(quán) ···················.163
任務(wù) 5-5 數(shù)據(jù)庫系統(tǒng)安全加固 ······················································.167
5.3 項目拓展——MySQL 數(shù)據(jù)庫權(quán)限深入解析 ········································.172
5.4 練習(xí)題 ······················································································.174
項目六 無線網(wǎng)絡(luò)滲透測試與加固 ···························································.176
6.1 項目情境 ···················································································.177
6.2 項目任務(wù) ···················································································.177
任務(wù) 6-1 無線網(wǎng)絡(luò)嗅探 ·······························································.177
任務(wù) 6-2 破解 WEP 加密的無線網(wǎng)絡(luò) ··············································.182
任務(wù) 6-3 對 WPS 滲透測試 ···························································.186
任務(wù) 6-4 偽造釣魚熱點獲取密碼 ···················································.189
任務(wù) 6-5 無線網(wǎng)絡(luò)安全加固 ·························································.198
6.3 項目拓展——WiFi 加密算法 ··························································.201
6.4 練習(xí)題 ······················································································.202
項目七 滲透測試報告撰寫與溝通匯報 ·····················································.205
7.1 項目情境 ···················································································.206
7.2 項目任務(wù) ···················································································.206
任務(wù) 7-1 滲透測試報告撰寫 ·························································.206
任務(wù) 7-2 項目溝通匯報 ·······························································.211
7.3 項目拓展-問題回答技巧 ·······························································.212
7.4 練習(xí)題 ······················································································.213
參考文獻 ····························································································.215
嚴正聲明 ····························································································.216