|
NexposeÊÇÁìÏȵÄ©¶´ÆÀ¹À¹¤¾ßÖ®Ò»¡£NexposeÉçÇø°æÊÇÒ»¸öÃâ·ÑµÄ³ÌÐò£¬ÆäËû°æ±¾ÊÇÊշѵġ£ÔÚÕâƪÎÄÕÂÖУ¬ÎÒÃǽ«Ê¹ÓÃNexposeÃâ·ÑÉçÇø°æ£¬ÀïÃæÓÐɨÃè32Ö÷»úµÄÄÜÁ¦¡£Óû§½çÃæ¸É¾»¡¢±¨¸æÇ¿´ó¡£Ïñ´ó¶àÊýÎÒÃÇ¿´µ½µÄ²úÆ·£¬Nexpose sportsÒ»¸öÒ×ÓÚʹÓõģ¬×éÖ¯Á¼ºÃµÄÒDZíÅÌ£¬ËüÖ§³Ö·¶Î§¹ã·ºµÄ±¨¸æ°üÀ¨PCI ·¨¹æ×ñ´ÓÐÔ¡£ÈôÒªÏÂÔØNexpose£¬Ö»Ðè×Ô¼ºÔÚÍøÕ¾ÉÏ×¢²á²¢ÏÂÔØËü¡£
×¢£º¸ÃɨÃ蹤¾ß±ØÐëÔËÐÐÔÚ64λϵͳÉÏ¡£
´ò¿ªä¯ÀÀÆ÷²¢×ªµ½http://localhost:3780£¬ÎÒÃǽ«¿´µ½NexposeÖ÷Ò³¡£
ÔÚÖ÷Ò³ÉÏ£¬ÎÒÃÇ¿ÉÒÔ¿´µ½ÓÐÒ»¸ö¡°Õ¾µãÁÐ±í¡±²¿·Ö£¬µã»÷¡°New Static Site¡±£¬Ëü½«¸ø¡°Site Configuration¡±ÉèÖá£
µÚÒ»¸öÅäÖÃÉèÖÃÊÇ¡°Ò»°ãÐÅÏ¢¡£ ¡±ÎÒÃÇ¿ÉÒÔÔÚÉÏÃæµÄͼÖп´µ½,ÎÒÃǸøÒ»¸öÃû³ÆΪ¡°Site¡±ÉèÖõÄÖØÒªÐÔ¡±ºÜ¸ß¡±²¢Ìí¼ÓһЩ¹ØÓÚÍøÕ¾µÄÃèÊö,ÏÖÔÚÎÒÃǵã»÷¡°Next¡±¡£
¡°Assets¡±ÅäÖÃÒ³ÃæÓÐÁ½¸ö²¿·Ö,ÉÏÃæµÄͼÖпÉÒÔ¿´µ½:¡°Included Assets¡±ºÍ¡°Excluded Assets.¡±¡£ÔÚ¡°Included Assets¡±ÖÐÎÒÃǽ«ÌṩÁ½¸öÄ¿±êIPµØÖ·¡£ Èç¹ûÄãҪɨÃèÕû¸öÍøÂ緶Χ,ÄÇôÄã»á¸øÕû¸öIP·¶Î§:192.168.0.1-254¡£ Èç¹ûÄãÓÐһЩѡÔñµÄIPÁÐ±í£¬ÄÇôÄã¿ÉÒÔͨ¹ýʹÓá°µ¼ÈëÁÐ±í¡±¹¦Äܵ¼Èë¸ÃÎļþ¡£ ¡°Excluded Assets¡±ÊÇÓÃÀ´´ÓɨÃèÖÐÅųýAssets¡£ Èç¹ûÄãҪɨÃèÕû¸öIP·¶Î§,ÄãÏëÅųýһЩIPsµÄɨÃè,°ÑÕâЩIPsÅųý¡£ Íê³Éºó,µã»÷¡°Next¡±ÎªÏÂÒ»¸öÅäÖá£
½ÓÏÂÀ´ÅäÖõÄÊÇΪ¡°Scan Setup¡±ÀïµÄµÚÒ»¸öÑ¡ÏîΪ¡°Scan Template¡±Ñ¡ÔñɨÃèÄ£°å£¬ÒÔÂú×ãÄúµÄÐèÇó¡£ÕâÀïÎÒÃÇʹÓõÄÊÇ¡°Full audit¡±Ä£°åΪÎÒÃǵÄɨÃè¡£
¡°Enable schedule¡±ÊÇÔÚNexposeÒ»¸ö¶ÀÌصŦÄÜ£¬ËüÌṩÁË»ùÓڼƻ®µÄÉóºË¡£ËüÔÊÐíÄãÉèÖÃÒ»¸öÆðʼÈÕÆÚºÍʱ¼ä£¬ÒÔ¼°É¨ÃèµÄʱ¼ä¡£Èç¹ûÄúʹÓõÄÊdz£¹æµÄÉó¼Æ£¬ÄÇô°²È«Éó¼ÆÕâÊÇÒ»¸öÍêÃÀµÄ¹¦ÄÜ¡£Íê³ÉÉèÖúó¡°Scan Setup¡±£¬µã»÷¡°Next.¡±¡£
½ÓÏÂÀ´µÄÅäÖÃÊÇ¡°Credentials Listing¡±£¬»ù±¾ÉÏ£¬ÔÚÕâÀïÎÒÃÇ¿ÉÒÔÖ´ÐлùÓÚϵͳÓû§ÃûºÍÃÜÂëÖ¤ÊéɨÃè¡£¶ÔÓÚWindowsϵͳ£¬ÎÒÃDZØÐë¸øÓèÖÐСÆóÒµSMBÕÊ»§Æ¾¾Ý£¬Linux ϵͳ,ÎÒÃDZØÐë¸øSSHƾ֤¡£ÔÚÕâÀïÎÒÃDz»¸øÓèÈκÎƾ¾Ý£¬ÒÔ±ãÖ»Ìø¹ýËü£¬È»ºóµ¥»÷¡°Next¡±¡£
½ÓÏÂÀ´µÄÅäÖÃÊÇ¡°Web Applications¡±¡£ÎÒÃDz»ÐèÒªÔÚÕâÀïÉèÖã¬ËùÒÔµã»÷¡°Next¡±¡£
½ÓÏÂÀ´µÄÅäÖÃÊÇÓйØ×éÖ¯µÄ£¬¶øÎÒÃǽ«Òª½øÐдàÈõÐÔÆÀ¹ÀµÄÐÅÏ¢; Nexpose½«Ê¹ÓôËÐÅÏ¢ÔÚ±¨¸æÖС£Ìîд±í¸ñ»òÌø¹ýËü£¬È»ºóµ¥»÷¡°Next¡±¡£
×îºóÒ»¸öÅäÖÃΪ¡°Access Listing¡±Èç¹ûÓжà¸ö Nexpose ¿ØÖÆ̨Óû§£¬ÎÒÃÇ¿ÉÒÔÉèÖÃÓû§È¨ÏÞÒÔ·ÃÎÊ´ËÕ¾µã¡£µ¥»÷¡±Save¡±£¬½«±£´æÅäÖá£
ÔÚÕâÀïÎÒÃÇ¿ÉÒÔ¿´µ½ÍøÕ¾Áбí,ÎÒÃÇ´´½¨ÁËÍøÕ¾,Ìí¼ÓOscorp¹«Ë¾²¢×¼±¸É¨Ãè¡£ µã»÷¡°Scan¡±,ÔÚÓÒ²àÓÐÒ»¸ö²¥·Å°´Å¥¡£
Ëü½«ÔÚÒ»¸öд°¿ÚÌáʾ¿ªÊ¼Ò»¸öеÄɨÃè;ÔÚÕâÀï,ÎÒÃÇÄÜ¿´µ½ÎÒÃǵÄÄ¿±êIPµØÖ·¡£ µã»÷¡°Start¡±¡£
ÕýÈçÔÚÉÏÃæµÄͼÖпÉÒÔ¿´³ö£¬ÎÒÃǵÄɨÃèÒѾ¿ªÊ¼£¬ÔÚ¡°Discovered Assets¡±ÖУ¬ÎÒÃÇ¿ÉÒÔ¿´µ½ÎÒÃǵÄÄ¿±êIPµÄϵͳÃû³ÆºÍ²Ù×÷ϵͳÕýÔÚÔËÐС£
Ò»µ©É¨ÃèÍê³Éºó»áÎÒÃÇ¿ÉÒÔÔÚÕâÀï¿´µ½¡°Assets Listing¡±£¬ÎÒÃÇÒѾ¿´µ½¡°Assets by Operating System¡±¡£ÔÚ±¾½ÚÖУ¬Nexpose°´²Ù×÷ϵͳÁгöÁËËùÓÐassets¡£ÔÚÕâÀÎÒÕâÀïÏÔʾ΢ÈíWindows 7Æì½¢°æ,ÁíÒ»¸öÊÇ΢ÈíWindows XP¡£ ÁíÒ»¸öÊÇ¡°Assets by Software¡±,NexposeÁгöËùÓа²×°ÔÚÄ¿±êIPµÄÈí¼þ¡£
½ÓÏÂÀ´µã»÷¡°Vulnerabilities¡±Ñ¡Ï,²é¿´ËùÓеÄ©¶´¡£ ÔÚÕâÀïÎÒÃÇ¿ÉÒÔ¿´µ½¡°Exposures¡±¡£ µÚÒ»¸öͼ±êÒâζ×ÅÈÝÒ×Êܵ½¶ñÒâÈí¼þµÄ¹¥»÷,µÚ¶þ¸öÊÇmetasploit¿ÉÒÔÀûÓõÄ,µÚÈý¸öÊÇÒÑ·¢²¼µÄ©¶´¡£ ÏÖÔÚÈÃÎÒÃǼì²éÕâÈý¸öͼ±ê×öʲô¡£ µ¥»÷¡°M¡±Í¼±ê¡£
ËüÏÔʾµÄÀûÓ÷½Ê½ÊÇmetasploitËùÌṩµÄ£¬ ÕâÒâζ×ÅÎÒÃÇ¿ÉÒÔͨ¹ýʹÓà metasploit ÀûÓôË©¶´¡£ÆäËûͼ±êÏÔʾ©¶´ÒÑ·¢²¼µÄexp£¬ËùÒÔÎÒÃÇ¿ÉÒÔ´Ó exploit-dbÏÂÔØÕâЩ©¶´²¢ÀûÓôË©¶´ ¡£
½ÓÏÂÀ´µã»÷¶ñÒâÈí¼þµÄͼ±ê£¬¿´¿´Ëü¸øÁËʲôÑùµÄÐÅÏ¢¡£
ËüÏÔʾÁË¿ÉÓõĶñÒâÈí¼þ¹¤¾ß°ü£¬´ÓÖÐÎÒÃÇ¿ÉÒÔÀûÓôË©¶´¡£
ÎÒÃÇ¿ÉÒÔÔÚÉÏͼÖп´µ½Ò»Ð©¿ÉÓÃÓÚ´Ë©¶´µÄ¶ñÒâÈí¼þÌ×¼þ¡£
ÏÖÔÚÎÒÃǽ«½øÈ뱨¸æ²¿·Ö£¬µ¥»÷¡°Reports¡±Ñ¡ÏÉÏ¡£
¸øÒ»¸ö±¨¸æÃû×Ö£¬²¢Ñ¡ÔñÒ»¸ö±¨¸æÄ£°åÀàÐÍ¡£
½ÓÏÂÀ´Ñ¡Ôñ±¨¸æ¸ñʽ¡£ÔÚÕâÀÎÒÃÇÑ¡ÔñµÄPDF¸ñʽ¡£È»ºóÑ¡Ôñ¡°sites¡±£¬È»ºóµã»÷¼ÓºÅͼ±ê¡£
´Ó¡°Select Report Scope¡±ÔÚÕâÀÎÒÃÇÑ¡ÔñÎÒÃÇOscorp¹«Ë¾µÄÕ¾µã£¬È»ºóµ¥»÷¡°Done¡±¡£
ÎÒÃǵı¨¸æÔÚÕâÀïÉú³É;µã»÷±¨¸æ½øÐв鿴¡£
|
|
ÎÄÕÂ
|
20262
|
|
´´½¨ÈÕÆÚ
|
3-21-2014
|
|
×÷Õß
|
machao
|
|
ÆÀ·Ö
|
(None)
|
|
´Ê»ã±í Glossary
ÁªÏµÎÒÃÇ Contact Us
Êý¾Ý¿â
²¡¶¾°²È«
Email
Print
Add Comment