411630139 黃伃菉資安(上)

# **建置虛擬機** ![image](https://hackmd.io/_uploads/rySMel_vT.png) 搜尋"vmware fusion player"，登入帳戶使用免費版本。 ![image](https://hackmd.io/_uploads/S1OIEiDDp.png) 從kali官應下載映像檔 ![image](https://hackmd.io/_uploads/HyOYcjPDa.png) 點擊"Open a Virtual Machine" ![image](https://hackmd.io/_uploads/H1S0rjvw6.png) 登入kali帳戶(帳號: kali,密碼:kali) ![image](https://hackmd.io/_uploads/H1NMDowvT.png) 在終端機中執行兩行指令 1. sudo apt update 2. sudo apt full-upgrade -y ![image](https://hackmd.io/_uploads/BywsbJdDa.png) 將靶機下載(帳號:msfadmin,密碼:msfadmin) 跟先前步驟一樣放進"VMWare"裡 # 滲透測試 1. 確認主機、kali、靶機能否互相訪問 (指令:ifconfig ,主機為:ipconfig) ![image](https://hackmd.io/_uploads/SJ9E41dw6.png) ![image](https://hackmd.io/_uploads/rJfxSyOva.png) ![image](https://hackmd.io/_uploads/BJzsBydwa.png) ![image](https://hackmd.io/_uploads/SJBJUydP6.png) ![image](https://hackmd.io/_uploads/ryjVLyOwT.png) 測試是否能ping到對方 ![image](https://hackmd.io/_uploads/H1EpdyOP6.png) 下載"[Zenmap](https://nmap.org/zenmap/man.html)" ![image](https://hackmd.io/_uploads/B1m8c1OP6.png) 開始進行滲透(將主機、虛擬機、靶機) # nmap kali當中也有nmap功能，他主要用於**網路探測及安全** ![image](https://hackmd.io/_uploads/r1sGPyOwp.png) 可以nmap靶機ip，也可以掃描網站練習傳送門: "[nmap指令](https://www.osslab.tw/books/linux-administration/page/nmap-%E5%B8%B8%E7%94%A8%E6%8C%87%E4%BB%A4%E9%9B%86)" # DVWA (上傳或是下載的一個地方) ![image](https://hackmd.io/_uploads/SJBJUydP6.png) 點擊"**DVWA**" ![image](https://hackmd.io/_uploads/SyACnyuwT.png) (帳號:admin,密碼:password) ![image](https://hackmd.io/_uploads/SkLK0kODT.png) 可以設定**安全層級**，選擇"**low**" # 共享資料夾 ![image](https://hackmd.io/_uploads/r14dGxdP6.png) 將檔案(Ubuntu 64-bits)放置在虛擬機裡 ![image](https://hackmd.io/_uploads/Sk1sQgOPT.png) 在桌面建立資料夾 ![image](https://hackmd.io/_uploads/Sy1bEe_vp.png) ![image](https://hackmd.io/_uploads/HktH4x_v6.png) 選擇"Always enabled"，並且點擊"Add" ![image](https://hackmd.io/_uploads/rkdjNeuDT.png) 加入剛剛在桌面建立的資料夾 ![image](https://hackmd.io/_uploads/H10J8e_Pp.png) 輸入: df -kh (確認空間) ![image](https://hackmd.io/_uploads/SJD2Pg_vp.png) ![螢幕擷取畫面 2023-12-26 145043](https://hackmd.io/_uploads/rJQB_luDa.png) 輸入紅底線的字 ![image](https://hackmd.io/_uploads/BJBZFguwT.png) 確認檔案是否存在 ![image](https://hackmd.io/_uploads/B15Gcg_vp.png) 在檔案中打開，確認是否在裡面。 # **Zphisher** 參考連結:[zphisher](https://github.com/htr-tech/zphisher) 1.在kali安裝 ``` git clone --depth=1 https://github.com/htr-tech/zphisher.git ``` ![image](https://hackmd.io/_uploads/Hk6YIGuda.png) 轉到克隆目錄並運行 ``` $ cd zphisher $ bash zphisher.sh ``` ![image](https://hackmd.io/_uploads/S1ayDGOOT.png) 接著就會跳出這個頁面，可以做你想做的事情 ![image](https://hackmd.io/_uploads/SyGFvzddT.png)