首页 > 其他分享 >INetSim模拟C2 这玩意比起nc来说更专业!

INetSim模拟C2 这玩意比起nc来说更专业!

时间:2023-05-31 13:02:58浏览次数:34  
标签:10 01 2704 nc tcp INetSim 192.168 2022 C2

INetSim

INetSim是一个非常方便和强大的实用程序,允许你在一台机器上模拟一堆标准的Internet服务。默认情况下,它将模拟可以轻松调整的DNS,HTTP和SMTP。由于我们后续会将受害者机器配置为无Internet访问,因此我们需要使用INetSim进行模拟。

一 安装

  从网上的反馈看, 自己安装InetSim这东西实在是太麻烦了, 而在kali linux中默认已经安装了这东西, 所以安装环节就略过, 不再赘述, 以下皆以kali下的配置运行为例说明

二 配置

  主要的配置文件: /etc/inetsim/inetsim.conf

    一般把这个配置项 打开,然后设置成本机IP就可以了, 其他的参考上面两个网址

    service_bind_address 0.0.0.0


kali输入命令inetsim启动服务(注意有些Linux中需要在根目录下才能启动)

结尾处出现Simulation running即成功启动,在上面会报一个错误,这是inetsim缺少另一个服务导致,不影响实验,因此先不用理会。

INetSim模拟C2 这玩意比起nc来说更专业!_html

我自己在kali里运行后的效果:

INetSim模拟C2 这玩意比起nc来说更专业!_ico_02

 

 

 我们看下日志记录:perfect!就是我想要的c2效果!

sudo cat /var/log/inetsim/service.log
[2022-10-01 05:58:03] [1624] [https_443_tcp 2337] [127.0.0.1:41662] connect
[2022-10-01 05:58:03] [1624] [https_443_tcp 2337] [127.0.0.1:41662] info: Error setting up SSL:  SSL accept attempt failed error:0A000412:SSL routines::sslv3 alert bad certificate
[2022-10-01 05:58:03] [1624] [https_443_tcp 2337] [127.0.0.1:41662] disconnect
[2022-10-01 05:58:03] [1624] [https_443_tcp 2338] [127.0.0.1:41664] connect
[2022-10-01 05:58:03] [1624] [https_443_tcp 2338] [127.0.0.1:41664] info: Error setting up SSL:  SSL accept attempt failed error:0A000412:SSL routines::sslv3 alert bad certificate
[2022-10-01 05:58:03] [1624] [https_443_tcp 2338] [127.0.0.1:41664] disconnect
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] connect
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: GET / HTTP/1.1
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Host: localhost
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Accept-Language: en-US,en;q=0.5
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Accept-Encoding: gzip, deflate, br
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Connection: keep-alive
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Upgrade-Insecure-Requests: 1
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-Dest: document
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-Mode: navigate
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-Site: none
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-User: ?1
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] info: Request URL: https://localhost/
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] info: No matching file extension configured. Sending default fake file.
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: HTTP/1.1 200 OK
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Connection: Close
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Date: Sat, 01 Oct 2022 09:58:08 GMT
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Content-Type: text/html
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Content-Length: 258
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Server: INetSim HTTPs Server
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] stat: 1 method=GET url=https://localhost/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata=
[2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] disconnect
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] connect
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: GET /favicon.ico HTTP/1.1
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Host: localhost
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Accept: image/webp,*/*
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Accept-Language: en-US,en;q=0.5
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Accept-Encoding: gzip, deflate, br
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Connection: keep-alive
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Referer: https://localhost/
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Sec-Fetch-Dest: image
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Sec-Fetch-Mode: no-cors
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Sec-Fetch-Site: same-origin
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] info: Request URL: https://localhost/favicon.ico
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] info: Sending fake file configured for extension 'ico'.
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: HTTP/1.1 200 OK
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Date: Sat, 01 Oct 2022 09:58:08 GMT
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Content-Length: 198
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Content-Type: image/x-icon
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Connection: Close
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Server: INetSim HTTPs Server
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] info: Sending file: /var/lib/inetsim/http/fakefiles/favicon.ico
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] stat: 1 method=GET url=https://localhost/favicon.ico sent=/var/lib/inetsim/http/fakefiles/favicon.ico postdata=
[2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] disconnect
[2022-10-01 05:59:34] [2704] [https_443_tcp 2835] [192.168.58.1:54903] connect
[2022-10-01 05:59:34] [2704] [https_443_tcp 2835] [192.168.58.1:54903] info: Error setting up SSL:  SSL accept attempt failed error:0A000412:SSL routines::sslv3 alert bad certificate
[2022-10-01 05:59:34] [2704] [https_443_tcp 2835] [192.168.58.1:54903] disconnect
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] connect
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: GET / HTTP/1.1
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Host: 192.168.58.129
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Accept-Encoding: gzip, deflate, br
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Connection: keep-alive
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Upgrade-Insecure-Requests: 1
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-Dest: document
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-Mode: navigate
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-Site: none
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-User: ?1
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] info: Request URL: https://192.168.58.129/
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] info: No matching file extension configured. Sending default fake file.
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: HTTP/1.1 200 OK
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Content-Length: 258
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Connection: Close
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Server: INetSim HTTPs Server
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Date: Sat, 01 Oct 2022 09:59:37 GMT
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Content-Type: text/html
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] stat: 1 method=GET url=https://192.168.58.129/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata=
[2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] disconnect
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] connect
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: GET /favicon.ico HTTP/1.1
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Host: 192.168.58.129
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Accept: image/avif,image/webp,*/*
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Accept-Encoding: gzip, deflate, br
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Connection: keep-alive
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Referer: https://192.168.58.129/
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Sec-Fetch-Dest: image
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Sec-Fetch-Mode: no-cors
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Sec-Fetch-Site: same-origin
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] info: Request URL: https://192.168.58.129/favicon.ico
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] info: Sending fake file configured for extension 'ico'.
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: HTTP/1.1 200 OK
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Connection: Close
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Server: INetSim HTTPs Server
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Content-Length: 198
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Content-Type: image/x-icon
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Date: Sat, 01 Oct 2022 09:59:37 GMT
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] info: Sending file: /var/lib/inetsim/http/fakefiles/favicon.ico
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] stat: 1 method=GET url=https://192.168.58.129/favicon.ico sent=/var/lib/inetsim/http/fakefiles/favicon.ico postdata=
[2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] disconnect
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] connect
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: GET / HTTP/1.1
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Host: 192.168.58.129
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Accept-Language: en-US,en;q=0.5
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Accept-Encoding: gzip, deflate
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Connection: keep-alive
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Upgrade-Insecure-Requests: 1
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] info: Request URL: http://192.168.58.129/
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] info: No matching file extension configured. Sending default fake file.
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: HTTP/1.1 200 OK
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Content-Length: 258
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Server: INetSim HTTP Server
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Connection: Close
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Date: Sat, 01 Oct 2022 10:01:11 GMT
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Content-Type: text/html
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] stat: 1 method=GET url=http://192.168.58.129/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata=
[2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] disconnect
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] connect
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: GET /favicon.ico HTTP/1.1
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Host: 192.168.58.129
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Accept: image/webp,*/*
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Accept-Language: en-US,en;q=0.5
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Accept-Encoding: gzip, deflate
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Connection: keep-alive
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Referer: http://192.168.58.129/
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] info: Request URL: http://192.168.58.129/favicon.ico
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] info: Sending fake file configured for extension 'ico'.
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: HTTP/1.1 200 OK
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Content-Length: 198
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Server: INetSim HTTP Server
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Connection: Close
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Date: Sat, 01 Oct 2022 10:01:11 GMT
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Content-Type: image/x-icon
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] info: Sending file: /var/lib/inetsim/http/fakefiles/favicon.ico
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] stat: 1 method=GET url=http://192.168.58.129/favicon.ico sent=/var/lib/inetsim/http/fakefiles/favicon.ico postdata=
[2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] disconnect
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] connect
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: GET / HTTP/1.1
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Host: 192.168.58.129
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Accept-Language: en-US,en;q=0.5
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Accept-Encoding: gzip, deflate
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: DNT: 1
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Connection: keep-alive
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Upgrade-Insecure-Requests: 1
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Pragma: no-cache
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Cache-Control: no-cache
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] info: Request URL: http://192.168.58.129/
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] info: No matching file extension configured. Sending default fake file.
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: HTTP/1.1 200 OK
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Server: INetSim HTTP Server
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Connection: Close
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Content-Length: 258
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Content-Type: text/html
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Date: Sat, 01 Oct 2022 10:02:42 GMT
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] stat: 1 method=GET url=http://192.168.58.129/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata=
[2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] disconnect

 

2、在win10中下载安装Apatedns后打开,在DNS Reply IP处添加需要将请求包欺骗至的IP地址,即kali dns服务器的ip地址,然后点击Start Server开启工具。

INetSim模拟C2 这玩意比起nc来说更专业!_安全分析_03

==》自己修改hosts文件也可以,所以问题不大!3、在win10中双击运行Lab01-03.exe,若出现的页面如下,则实验成功

INetSim模拟C2 这玩意比起nc来说更专业!_ico_04

我们也可以从ApateDNS中看到该恶意代码请求访问了www.malwarenalysisbook.com这个网址

INetSim模拟C2 这玩意比起nc来说更专业!_html_05

 

标签:10,01,2704,nc,tcp,INetSim,192.168,2022,C2
From: https://blog.51cto.com/u_11908275/6386077

相关文章

  • nc这个工具用于伪造c2服务器 做c2初始连接的抓包分析实在是太tm好用了!必要时候配合APA
    DNSSpoofingwithAPATEDNS20thFebruary2015Wannes.ColmanLeaveacommentIfyou quicklywanttofindoutwhatthemalwareinyoursandboxisresolving,youcanuseApateDNS.ThisfreetoolwilllistenforoutgoingDNSrequestsandisabletospoofthe......
  • The 2023 Guangdong Provincial Collegiate Programming Contest
    A-算法竞赛#include<bits/stdc++.h>usingnamespacestd;#defineintlonglongvoidsolve(){intst,n,ed;cin>>st>>n;map<int,int>cnt;for(inti=1,x;i<=n;i++){cin>>x;......
  • 「题解」ABC292G Count Strictly Increasing Sequences
    没一眼看出来还是拉了。考虑区间dp,\(f_{i,l,r}\)表示\([l,r]\)前\((i-1)\)位都相同,看后面\([i,n]\)位填数使得递增的方案数是多少。这样已经可以做了,但是还不够,要追求一下最简单的写法。想想,发现每次dp是要分为多个儿子乘起来,内部还要搞个dp。但可以改成每次两个儿子......
  • HDFS 文件格式——SequenceFile RCFile
    HDFS块内行存储的例子HDFS块内列存储的例子HDFS块内RCFile方式存储的例子......
  • java同步mysql的数据到PostgreSQL时报错ERROR: invalid byte sequence for encoding "
    最近,同事在做一个功能,通过java程序将mysql中的一张表的数据同步到pgsql中,在同步过程中,插入到pgsql中出现了如下错误:`###Errorupdatingdatabase.Cause:org.postgresql.util.PSQLException:ERROR:invalidbytesequenceforencoding"UTF8":0x00在位置:unnamedportalpa......
  • Visual Components Experience功能介绍 衡祖仿真
    借助VisualComponentsExperience,可以在移动设备和虚拟现实中体验您使用VisualComponents设计的3D模拟。虚拟现实●完全身临其境且引人入胜的体验入了一种处理生产设计和规划的新方法●让观众在完全身临其境的虚拟环境中体验您的布局●我们的虚拟现实应用程序为制造商和......
  • AdvancedInstaller制作Excel的COM加载项
       Excel控件安装之前,先检查一下以往的安装是否卸载干净,可以先文件-》加载项-》COM加载项里“删除”: 进入到AdvancedInstaller: Create后写入程序名:EXE方式:Add-In方式:一定要选编译器的Release版本: 默认全部选上,否则后期安装没有效果: 后续根据情况选版本:......
  • #include_next定义
    #include_next和#include指令一样,也是包含一个头文件,它们的不同地方是包含的路径不一样。 #include_next的意思就是“包含指定的这个文件所在的路径的后面路径的那个文件”,听起来是不是很坳口,我自己也觉得是这样,但下面举个例子说明就清楚了。例如有个搜索路径链,在#include中,它......
  • 基于FPGA的LFSR16位伪随机数产生算法实现,可以配置不同的随机数种子和改生成多项式,包
    1.算法仿真效果vivado2019.2仿真结果如下:2.算法涉及理论知识概要LFSR(线性反馈移位寄存器)提供了一种在微控制器上快速生成非序列数字列表的简单方法。生成伪随机数只需要右移操作和XOR操作。LFSR完全由其多项式指定。例如,6千-次多项式与每个项存在用方程x表示6+x5+x4+x3......
  • ERESOLVE unable to resolve dependency tree
    错误描述:报错原因(据查):依赖项中存在无法解决的冲突解决方法:使用如下命令npmi--legacy-peer-deps运行结果:......