# 20200923 Introduction Routing ## 課堂資料 #### 大学霸 Kali Linux 安全渗透教程: {% embed url="" %} #### routersploit 掃 router 設備漏洞 / 弱點: {% embed url="" %} ## 課堂練習 ### 駭客模擬攻擊 ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MIRvLzs6i47_AfGNy48%2F-MIS0iyq0id2YRCSJpSh%2F00.png?alt=media\&token=219ef1bd-e2a0-4026-90af-ae0387ec5daf) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MIRvLzs6i47_AfGNy48%2F-MIS0moJZl-qTHrygtw4%2F02.png?alt=media\&token=b0e8fb73-ccc1-4b85-ae95-e525ff3b0220) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MIRvLzs6i47_AfGNy48%2F-MIS0l2zp-WgMe02wrAw%2F01.png?alt=media\&token=649b1cd7-bdcb-49d2-8bd0-52d3e34aa8f6) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MIRvLzs6i47_AfGNy48%2F-MIS0oo8-ebvEHA2Bv0F%2F03.png?alt=media\&token=3e17977c-e04b-448f-9871-1db20ffc5287) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MIRvLzs6i47_AfGNy48%2F-MIS0qjDEL0rS_gtEgNa%2F04.png?alt=media\&token=fc7e610a-5a5e-4679-98e6-7f2313c2af75) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MIRvLzs6i47_AfGNy48%2F-MIS0szPuaRvnxWJpsiv%2F05.png?alt=media\&token=4609bce1-da2f-44b1-9590-ca4a4f8ab4a1) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MIRvLzs6i47_AfGNy48%2F-MIS122HP3l-REH8K8TV%2F06.png?alt=media\&token=4a27fb9c-edec-485c-8bf3-c53fcfc29e67) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MIRvLzs6i47_AfGNy48%2F-MIS15793xgvgryGNrjf%2F07.png?alt=media\&token=8c193721-3fb9-4963-bff5-bb769a600cec) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MIRvLzs6i47_AfGNy48%2F-MIS17sa9gktP3aGfEkS%2F08.png?alt=media\&token=619f5194-4dd3-41da-8e2a-01a4e591157d) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MIRvLzs6i47_AfGNy48%2F-MIS1COsY0x4sCjoRokp%2F09.png?alt=media\&token=9cb48110-9b0f-4b6c-a30d-15f3ee4b8eda) > 登入 Linux 帳號密碼 ``` user:root password ``` ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNC3wYl5M2tOGhIoBy%2F10.jpg?alt=media\&token=5b0bdeb8-a903-4d0b-ac3b-922a16a495a4) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNCNxqUt1-0-elwedK%2F27.jpg?alt=media\&token=a8cf71ee-d07e-4baa-b263-726413a41ba4) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNCS1ai19vccX_kObl%2F11.jpg?alt=media\&token=e34d5ad2-6a28-4866-b43a-f00cba492185) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNCUmoor46hTWMWyk8%2F12.png?alt=media\&token=ecc4a4ad-ed4a-4a2a-b28f-0101b2bb7762) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNCWrj0G1x8oZUR3Zs%2F13.png?alt=media\&token=ede7c6f9-128c-45f9-925f-1473482d5886) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNCaRDTcGTFKvxyqNy%2F14.png?alt=media\&token=4e0f86c1-0e9b-45c8-bcc3-2f92c61eca40) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNCYzGjKA7LnhvVEhu%2F14.jpg?alt=media\&token=da372a5e-cb84-4cfe-ac64-547c6b9ded85) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNCkp0lM2Um-qQdIHP%2F15.jpg?alt=media\&token=2a1b958d-0f78-4e8f-95e0-794649a94bc4) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNCoBVUZkV5qT3WCjY%2F16.jpg?alt=media\&token=7347c5f5-3612-4b91-95ef-0a25cb899082) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNCrVv79ysZ8NLRegb%2F17.jpg?alt=media\&token=6ad36313-b927-42af-9037-c0a7d62b7e6d) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNCuFrtB3XcpA6zvSd%2F18.jpg?alt=media\&token=4659372d-ed52-4c22-8e8d-44fffdccad6f) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNCxcmWTjlTEe7IBK9%2F19.jpg?alt=media\&token=7537f939-2465-404a-816a-1942cca2ff58) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNCxcn0h-cMULOs-JL%2F20.jpg?alt=media\&token=94a6e448-669d-415d-a3f8-5debe1d18755) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNCxcohdZMZv9bDS5z%2F21.jpg?alt=media\&token=556d1590-19a0-4d66-9031-7b9d2d1cdffd) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNCxcp-GzIVqrbRsk0%2F22.png?alt=media\&token=8ef71ede-b0b1-4d3d-811e-b74d68302fe4) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNDBeHlX9g5vogh-yG%2F23.jpg?alt=media\&token=7b9f9b97-50aa-4f41-85fe-dbf7bfe49f46) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNDBeKPHEwhIHylmqf%2F24.png?alt=media\&token=d3b7239e-2c38-47a6-b148-e71dc2531020) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNDBeMOKVE6ok6BalY%2F25.png?alt=media\&token=5acfed51-4252-4511-8a96-b46b6f8ccbdd) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJNBORhUOE7holslLmK%2F-MJNDBeOjRwg755Yz1iM%2F26.jpg?alt=media\&token=0b828168-0096-4ec3-bc9f-15fd41429a21) #### Arpspoof 工具 #### URL 流量操縱攻擊 > Linux 開啟路由轉發功能 ``` echo 1 >> /proc/sys/net/ipv4/ip_forward ``` > 檢查 ``` cat /proc/sys/net/ipv4/ip_forward ``` ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJS28IVsGUKpO5tidnV%2F-MJS3R1FUVtD4wuQ09d7%2F28.jpg?alt=media\&token=741c9b9f-d4d2-4d44-865c-e66dba2b961a) > Linux 启动 Arpspoof 注入攻击目标系统 ``` arpspoof -i eth0 -t 192.168.1.1 192.168.1.2 ``` ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJS28IVsGUKpO5tidnV%2F-MJSFXoSNu6V5q4RSkAb%2F29.jpg?alt=media\&token=c038a5b6-ed7c-4139-ac0a-58ba83ec5936) > Window ``` arp ? ``` ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJS28IVsGUKpO5tidnV%2F-MJS66bIS8ZUwR6VjZz_%2F30.jpg?alt=media\&token=190fe6c8-dcf7-464f-836a-d6dc5ba7a861) > 顯示路由器的位址解析協議列表 ``` show arp ``` * show arp 同等 show ip arp ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJS28IVsGUKpO5tidnV%2F-MJS6QEN6AuuBe5a4Nl7%2F31.jpg?alt=media\&token=48892580-827e-4cab-a128-9de67f12e5c4) > ping VPC IP ``` ping 192.168.1.1 ``` ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJS28IVsGUKpO5tidnV%2F-MJS7AQ5PpnZ1CI44YeI%2F32.jpg?alt=media\&token=42f59097-8540-4ffe-8351-d73e472383ac) #### RouterSploit 掃 router 設備漏洞 / 弱點 ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJS28IVsGUKpO5tidnV%2F-MJSGnS7t2kJZtN-rG64%2F33.jpg?alt=media\&token=6ccb80f0-4245-46ab-b472-ed1910d85904) ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJS28IVsGUKpO5tidnV%2F-MJSJzChRsZfAw95N6sM%2F35.jpg?alt=media\&token=e7d85f39-6ee1-4309-9326-d2f5d926c87d) > 開啟 Linux 並 ping 外部網路 ``` ping 8.8.8.8 ``` > 網路連接測試 ``` ping www.google.com ``` ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJS28IVsGUKpO5tidnV%2F-MJSKTR5R_L7WaGjq0VU%2F34.jpg?alt=media\&token=a8810675-0e04-41ea-b827-8fbe05db24be) > 網站開啟測試 ![](https://1182807199-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MHJUVmIukmM2g9Ai7CY%2F-MJS28IVsGUKpO5tidnV%2F-MJSKfsHHoGvD9Z9r8-Q%2F36.jpg?alt=media\&token=f681b68e-3e5d-45bc-aa10-911ba46c15e3) > 下載 RouterSploit ``` git clone https://github.com/reverse-shell/routersploit ```