INetSim
INetSim是一个非常方便和强大的实用程序,允许你在一台机器上模拟一堆标准的Internet服务。默认情况下,它将模拟可以轻松调整的DNS,HTTP和SMTP。由于我们后续会将受害者机器配置为无Internet访问,因此我们需要使用INetSim进行模拟。
一 安装
从网上的反馈看, 自己安装InetSim这东西实在是太麻烦了, 而在kali linux中默认已经安装了这东西, 所以安装环节就略过, 不再赘述, 以下皆以kali下的配置运行为例说明
二 配置
主要的配置文件: /etc/inetsim/inetsim.conf
一般把这个配置项 打开,然后设置成本机IP就可以了, 其他的参考上面两个网址
service_bind_address 0.0.0.0
kali输入命令inetsim启动服务(注意有些Linux中需要在根目录下才能启动)
结尾处出现Simulation running即成功启动,在上面会报一个错误,这是inetsim缺少另一个服务导致,不影响实验,因此先不用理会。
我自己在kali里运行后的效果:
我们看下日志记录:perfect!就是我想要的c2效果!
sudo cat /var/log/inetsim/service.log [2022-10-01 05:58:03] [1624] [https_443_tcp 2337] [127.0.0.1:41662] connect [2022-10-01 05:58:03] [1624] [https_443_tcp 2337] [127.0.0.1:41662] info: Error setting up SSL: SSL accept attempt failed error:0A000412:SSL routines::sslv3 alert bad certificate [2022-10-01 05:58:03] [1624] [https_443_tcp 2337] [127.0.0.1:41662] disconnect [2022-10-01 05:58:03] [1624] [https_443_tcp 2338] [127.0.0.1:41664] connect [2022-10-01 05:58:03] [1624] [https_443_tcp 2338] [127.0.0.1:41664] info: Error setting up SSL: SSL accept attempt failed error:0A000412:SSL routines::sslv3 alert bad certificate [2022-10-01 05:58:03] [1624] [https_443_tcp 2338] [127.0.0.1:41664] disconnect [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] connect [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: GET / HTTP/1.1 [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Host: localhost [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Accept-Language: en-US,en;q=0.5 [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Accept-Encoding: gzip, deflate, br [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Connection: keep-alive [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Upgrade-Insecure-Requests: 1 [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-Dest: document [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-Mode: navigate [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-Site: none [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] recv: Sec-Fetch-User: ?1 [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] info: Request URL: https://localhost/ [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] info: No matching file extension configured. Sending default fake file. [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: HTTP/1.1 200 OK [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Connection: Close [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Date: Sat, 01 Oct 2022 09:58:08 GMT [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Content-Type: text/html [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Content-Length: 258 [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] send: Server: INetSim HTTPs Server [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] stat: 1 method=GET url=https://localhost/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata= [2022-10-01 05:58:08] [1624] [https_443_tcp 2361] [127.0.0.1:41680] disconnect [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] connect [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: GET /favicon.ico HTTP/1.1 [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Host: localhost [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Accept: image/webp,*/* [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Accept-Language: en-US,en;q=0.5 [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Accept-Encoding: gzip, deflate, br [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Connection: keep-alive [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Referer: https://localhost/ [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Sec-Fetch-Dest: image [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Sec-Fetch-Mode: no-cors [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] recv: Sec-Fetch-Site: same-origin [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] info: Request URL: https://localhost/favicon.ico [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] info: Sending fake file configured for extension 'ico'. [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: HTTP/1.1 200 OK [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Date: Sat, 01 Oct 2022 09:58:08 GMT [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Content-Length: 198 [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Content-Type: image/x-icon [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Connection: Close [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] send: Server: INetSim HTTPs Server [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] info: Sending file: /var/lib/inetsim/http/fakefiles/favicon.ico [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] stat: 1 method=GET url=https://localhost/favicon.ico sent=/var/lib/inetsim/http/fakefiles/favicon.ico postdata= [2022-10-01 05:58:08] [1624] [https_443_tcp 2363] [127.0.0.1:41694] disconnect [2022-10-01 05:59:34] [2704] [https_443_tcp 2835] [192.168.58.1:54903] connect [2022-10-01 05:59:34] [2704] [https_443_tcp 2835] [192.168.58.1:54903] info: Error setting up SSL: SSL accept attempt failed error:0A000412:SSL routines::sslv3 alert bad certificate [2022-10-01 05:59:34] [2704] [https_443_tcp 2835] [192.168.58.1:54903] disconnect [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] connect [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: GET / HTTP/1.1 [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Host: 192.168.58.129 [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Accept-Encoding: gzip, deflate, br [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Connection: keep-alive [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Upgrade-Insecure-Requests: 1 [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-Dest: document [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-Mode: navigate [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-Site: none [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] recv: Sec-Fetch-User: ?1 [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] info: Request URL: https://192.168.58.129/ [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] info: No matching file extension configured. Sending default fake file. [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: HTTP/1.1 200 OK [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Content-Length: 258 [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Connection: Close [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Server: INetSim HTTPs Server [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Date: Sat, 01 Oct 2022 09:59:37 GMT [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] send: Content-Type: text/html [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] stat: 1 method=GET url=https://192.168.58.129/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata= [2022-10-01 05:59:37] [2704] [https_443_tcp 2848] [192.168.58.1:54904] disconnect [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] connect [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: GET /favicon.ico HTTP/1.1 [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Host: 192.168.58.129 [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Accept: image/avif,image/webp,*/* [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Accept-Encoding: gzip, deflate, br [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Connection: keep-alive [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Referer: https://192.168.58.129/ [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Sec-Fetch-Dest: image [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Sec-Fetch-Mode: no-cors [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] recv: Sec-Fetch-Site: same-origin [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] info: Request URL: https://192.168.58.129/favicon.ico [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] info: Sending fake file configured for extension 'ico'. [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: HTTP/1.1 200 OK [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Connection: Close [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Server: INetSim HTTPs Server [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Content-Length: 198 [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Content-Type: image/x-icon [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] send: Date: Sat, 01 Oct 2022 09:59:37 GMT [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] info: Sending file: /var/lib/inetsim/http/fakefiles/favicon.ico [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] stat: 1 method=GET url=https://192.168.58.129/favicon.ico sent=/var/lib/inetsim/http/fakefiles/favicon.ico postdata= [2022-10-01 05:59:37] [2704] [https_443_tcp 2849] [192.168.58.1:54905] disconnect [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] connect [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: GET / HTTP/1.1 [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Host: 192.168.58.129 [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Accept-Language: en-US,en;q=0.5 [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Accept-Encoding: gzip, deflate [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Connection: keep-alive [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] recv: Upgrade-Insecure-Requests: 1 [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] info: Request URL: http://192.168.58.129/ [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] info: No matching file extension configured. Sending default fake file. [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: HTTP/1.1 200 OK [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Content-Length: 258 [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Server: INetSim HTTP Server [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Connection: Close [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Date: Sat, 01 Oct 2022 10:01:11 GMT [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] send: Content-Type: text/html [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] stat: 1 method=GET url=http://192.168.58.129/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata= [2022-10-01 06:01:11] [2704] [http_80_tcp 3304] [192.168.58.129:48902] disconnect [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] connect [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: GET /favicon.ico HTTP/1.1 [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Host: 192.168.58.129 [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Accept: image/webp,*/* [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Accept-Language: en-US,en;q=0.5 [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Accept-Encoding: gzip, deflate [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Connection: keep-alive [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] recv: Referer: http://192.168.58.129/ [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] info: Request URL: http://192.168.58.129/favicon.ico [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] info: Sending fake file configured for extension 'ico'. [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: HTTP/1.1 200 OK [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Content-Length: 198 [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Server: INetSim HTTP Server [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Connection: Close [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Date: Sat, 01 Oct 2022 10:01:11 GMT [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] send: Content-Type: image/x-icon [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] info: Sending file: /var/lib/inetsim/http/fakefiles/favicon.ico [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] stat: 1 method=GET url=http://192.168.58.129/favicon.ico sent=/var/lib/inetsim/http/fakefiles/favicon.ico postdata= [2022-10-01 06:01:11] [2704] [http_80_tcp 3307] [192.168.58.129:48906] disconnect [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] connect [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: GET / HTTP/1.1 [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Host: 192.168.58.129 [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Accept-Language: en-US,en;q=0.5 [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Accept-Encoding: gzip, deflate [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: DNT: 1 [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Connection: keep-alive [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Upgrade-Insecure-Requests: 1 [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Pragma: no-cache [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] recv: Cache-Control: no-cache [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] info: Request URL: http://192.168.58.129/ [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] info: No matching file extension configured. Sending default fake file. [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: HTTP/1.1 200 OK [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Server: INetSim HTTP Server [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Connection: Close [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Content-Length: 258 [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Content-Type: text/html [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] send: Date: Sat, 01 Oct 2022 10:02:42 GMT [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] info: Sending file: /var/lib/inetsim/http/fakefiles/sample.html [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] stat: 1 method=GET url=http://192.168.58.129/ sent=/var/lib/inetsim/http/fakefiles/sample.html postdata= [2022-10-01 06:02:42] [2704] [http_80_tcp 3705] [192.168.58.129:34732] disconnect
2、在win10中下载安装Apatedns后打开,在DNS Reply IP处添加需要将请求包欺骗至的IP地址,即kali dns服务器的ip地址,然后点击Start Server开启工具。
==》自己修改hosts文件也可以,所以问题不大!
3、在win10中双击运行Lab01-03.exe,若出现的页面如下,则实验成功
我们也可以从ApateDNS中看到该恶意代码请求访问了www.malwarenalysisbook.com这个网址