Topology construction
Topology
- External network connection vmnet8 network card
Network configuration
Requirements
-
GW three network cards, ens32 automatically obtains IP, can connect to the external network
ens 33 static IP 192.168.1.254
ens 34 static IP 172.16.1.254
-
Client static IP 192.168.1.100
-
Server static IP 172.16.1.100
-
Server can connect to Client
vmnet configuration
-
In VMware Edit -> Virtual Network Editor
-
VMnet8
-
Uncheck the options for connecting to the host and automatically assigning IPs for VMnet1 and VMnet2
After configuration, click Apply and OK
GW network configuration
Network card mode
- Add two more network cards to GW
- Network card 1 (ens33) is connected to vmnet-1
- Network card 2 (ens32) is connected to vmnet-8 (NAT mode)
- Network card 3 (ens34) is connected to vmnet-2
(My CesntOS7 default network card is ens33, the first network card added is ens32, and the second network card added is ens34. Make the corresponding relationship according to the actual situation)
Network card file configuration
-
View network card configuration file
-
Create the newly added LAN network card file
cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens32 cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens34
-
The network card (ens32) connected to the external network is set to obtain the IP automatically.
-
Open configuration file
vim /etc/sysconfig/network-scripts/ifcfg-ens32
-
Edit file
TYPE=Ethernet # Ethernet BOOTPROTO=dhcp # Get ip method NAME=ens32 # Network card name DEVICE=ens32 # network card ONBOOT=yes # Whether to use this configuration # Others can be deleted # Delete UUID
-
Restart network service
systemctl restart network
-
View IP
-
Connectivity test
-
-
ens33 configuration file
vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet BOOTPROTO=static NAME=ens33 DEVICE=ens33 ONBOOT=yes IPADDR=192.168.1.254 NETMASK=255.255.255.0
-
ens34 configuration file
vim /etc/sysconfig/network-scripts/ifcfg-ens34
TYPE=Ethernet BOOTPROTO=static NAME=ens34 DEVICE=ens34 ONBOOT=yes IPADDR=172.16.1.254 NETMASK=255.255.255.0
-
Restart network service
-
View IP
Server network configuration
-
Edit configuration file
vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet BOOTPROTO=static NAME=ens33 DEVICE=ens33 ONBOOT=yes IPADDR=172.16.1.100 NETMASK=255.255.255.0 GATEWAY=172.16.1.254
-
Connectivity test, ping gateway
Client network configuration
-
set ip
-
Connectivity test ping gateway
-
Connectivity test ping Server
Unable to communicate
Enable GW route forwarding
-
Edit the file /etc/sysctl.conf
net.ipv4.ip_forward = 1 # Check sysctl -p
-
Check forwarding
Use Client ping Server
Telnet and SSH remote login
Telnet
Server
-
Enable automatic disk mounting
systemctl enable autofs.service
-
Mount the CD and restart the machine
-
If the mount is successful, there will be a misc directory in the root directory.
-
Configure yum source
Directory of yum source /etc/yum.repos.d/
cd /etc/yum.repos.d/ mkdir bak mv*bak # Move the default configuration file to the newly created bak directory
Configure new yum source (CD)
vim localDVD.repo #Add the following configuration [localDVD.repo] name=localDVD baseurl=file:/misc/cd gpgcheck=0
-
Install the Telnet command (after configuring the yum source)
yum install telnet-server -y
-
View Telnet services
systemctl list-unit-files | grep "telnet" netstat -anptl | grep "23"
-
Start Telnet service
systemctl start telnet.socket
View port status
netstat -anptl | grep "23"
Client
-
Install Telnet client
-
Remote login
telnet 172.16.1.100
Successfully logged in
Wireshark packet capture
-
GW installs Wireshark after configuring the yum source
Install Wireshark
yum install wireshark-gnome -y
-
Open Wireshark installed by GW
Select the network card to enable monitoring
-
Switch to Client Telnet to remotely log in to the Server
telnet 172.16.1.100
-
Switch back to GW to view the captured data packets
Filter Telnet
SSH
Login
-
Configure kali ip
Configure network file location
/etc/network
iface eth0 inet static address 192.168.1.2 netmask 255.255.255.0 gateway 192.168.1.254
-
Kali uses SSH to remotely log in to the server
ssh 172.16.1.100
Landed successfully
Kali Explosion
hydra ssh://172.16.1.100 -L /home/kali/tools/wordlists/test_username.dic -P /home/kali/tools/wordlists/top_password.txt -f -vV -e nsr -t 64 # -e parameter # n empty password # s username and password are the same # r Username reverse
Log server establishment
Server configuration
vim /etc/rsyslog.conf # Modify line 90 set nu to call up line number display authpriv.* @@172.16.1.200:514 # authpriv refers to "security/authorization" related log information # *Indicates all severity levels, that is, all log information will be included. # @@ means using TCP protocol to send log information # 172.16.1.200 is the IP address of the syslog server #514 is the TCP port number of the syslog server.
Restart service
systemctl restart rsyslog.service
Syslog configuration
-
Configure IP
Edit configuration file
vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet BOOTPROTO=static NAME=ens33 DEVICE=ens33 ONBOOT=yes IPADDR=172.16.1.200 NETMASK=255.255.255.0 GATEWAY=172.16.1.254
-
Connectivity test
-
Create log file
mkdir /var/log/client_secure touch /var/log/client_secure/172.16.1.100.log
-
Open TCP protocol and port 514
vim /etc/rsyslog.conf # Open lines 19 and 20 to open the port and TCP #Add the IP that is allowed to receive and the storage address of the log passed by this IP :fromhost-ip,isequal,"172.16.1.100" /var/log/client_secure/172.16.1.100.log # fromhost-ip Which IP sent it? # isequal is equal to
-
Restart service
systemctl restart rsyslog.service
-
Check service status
netstat -anptl
Verify configuration
-
Syslog monitors log file changes
tail -f /var/log/client_secure/172.16.1.100.log
-
kali blasts Server’s ssh again
-
Syslog shows attempted brute force login logs