网络渗透测试基础：配置HTTP/HTTPS、SNMP、SMB服务与安全枚举实践

network-101 by sickn33/antigravity-awesome-skills

147 周安装量

31,100 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill network-101

网络协议分析测试安全

🇨🇳中文介绍

网络基础 101

目的

为渗透测试实验室环境配置和测试常见的网络服务（HTTP、HTTPS、SNMP、SMB）。支持在正确配置的目标系统上进行服务枚举、日志分析和安全测试的动手实践。

输入/先决条件

用于托管服务的 Windows Server 或 Linux 系统
用于测试的 Kali Linux 或类似系统
对目标系统的管理访问权限
基础网络知识（IP 寻址、端口）
用于端口配置的防火墙访问权限

输出/交付物

配置好的 HTTP/HTTPS Web 服务器
具有可访问团体字符串的 SNMP 服务
具有不同权限级别的 SMB 文件共享
用于分析的捕获日志
记录在案的枚举结果

核心工作流程

1. 配置 HTTP 服务器（端口 80）

设置一个基本的 HTTP Web 服务器用于测试：

Windows IIS 设置：

打开 IIS 管理器（Internet Information Services）
右键点击“站点” → “添加网站”
配置站点名称和物理路径
绑定到 IP 地址和端口 80

Linux Apache 设置：

# 安装 Apache
sudo apt update && sudo apt install apache2

# 启动服务
sudo systemctl start apache2
sudo systemctl enable apache2

# 创建测试页面
echo "<html><body><h1>Test Page</h1></body></html>" | sudo tee /var/www/html/index.html

# 验证服务
curl http://localhost

为 HTTP 配置防火墙：

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

2. 配置 HTTPS 服务器（端口 443）

使用 SSL/TLS 设置安全的 HTTPS：

生成自签名证书：

# Linux - 生成证书
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout /etc/ssl/private/apache-selfsigned.key \
  -out /etc/ssl/certs/apache-selfsigned.crt

# 启用 SSL 模块
sudo a2enmod ssl
sudo systemctl restart apache2

为 HTTPS 配置 Apache：

# 编辑 SSL 虚拟主机
sudo nano /etc/apache2/sites-available/default-ssl.conf

# 启用站点
sudo a2ensite default-ssl
sudo systemctl reload apache2

验证 HTTPS 设置：

# 检查端口 443 是否开放
nmap -p 443 192.168.1.1

# 测试 SSL 连接
openssl s_client -connect 192.168.1.1:443

# 检查证书
curl -kv https://192.168.1.1

3. 配置 SNMP 服务（端口 161）

设置 SNMP 用于枚举练习：

Linux SNMP 设置：

# 安装 SNMP 守护进程
sudo apt install snmpd snmp

# 配置团体字符串
sudo nano /etc/snmp/snmpd.conf

# 添加以下行：
# rocommunity public
# rwcommunity private

# 重启服务
sudo systemctl restart snmpd

Windows SNMP 设置：

打开服务器管理器 → 添加功能
选择 SNMP 服务
在“服务” → “SNMP 服务” → “属性”中配置团体字符串

SNMP 枚举命令：

# 基本 SNMP walk
snmpwalk -c public -v1 192.168.1.1

# 枚举系统信息
snmpwalk -c public -v1 192.168.1.1 1.3.6.1.2.1.1

# 获取运行中的进程
snmpwalk -c public -v1 192.168.1.1 1.3.6.1.2.1.25.4.2.1.2

# SNMP 检查工具
snmp-check 192.168.1.1 -c public

# 暴力破解团体字符串
onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt 192.168.1.1

4. 配置 SMB 服务（端口 445）

设置 SMB 文件共享用于枚举：

Windows SMB 共享：

创建要共享的文件夹
右键点击 → 属性 → 共享 → 高级共享
启用共享并设置权限
配置 NTFS 权限

Linux Samba 设置：

# 安装 Samba
sudo apt install samba

# 创建共享目录
sudo mkdir -p /srv/samba/share
sudo chmod 777 /srv/samba/share

# 配置 Samba
sudo nano /etc/samba/smb.conf

# 添加共享：
# [public]
#    path = /srv/samba/share
#    browsable = yes
#    guest ok = yes
#    read only = no

# 重启服务
sudo systemctl restart smbd

SMB 枚举命令：

# 匿名列出共享
smbclient -L //192.168.1.1 -N

# 连接到共享
smbclient //192.168.1.1/share -N

# 使用 smbmap 枚举
smbmap -H 192.168.1.1

# 完全枚举
enum4linux -a 192.168.1.1

# 检查漏洞
nmap --script smb-vuln* 192.168.1.1

5. 分析服务日志

查看日志以进行安全分析：

HTTP/HTTPS 日志：

# Apache 访问日志
sudo tail -f /var/log/apache2/access.log

# Apache 错误日志
sudo tail -f /var/log/apache2/error.log

# Windows IIS 日志
# 位置：C:\inetpub\logs\LogFiles\W3SVC1\

解析日志以查找凭据：

# 搜索 POST 请求
grep "POST" /var/log/apache2/access.log

# 提取用户代理
awk '{print $12}' /var/log/apache2/access.log | sort | uniq -c

服务	端口	协议
HTTP	80	TCP
HTTPS	443	TCP
SNMP	161	UDP
SMB	445	TCP
NetBIOS	137-139	TCP/UDP

# 检查 HTTP
curl -I http://target

# 检查 HTTPS
curl -kI https://target

# 检查 SNMP
snmpwalk -c public -v1 target

# 检查 SMB
smbclient -L //target -N

工具	用途
nmap	端口扫描和脚本
nikto	Web 漏洞扫描
snmpwalk	SNMP 枚举
enum4linux	SMB/NetBIOS 枚举
smbclient	SMB 连接
gobuster	目录暴力破解

自签名证书会触发浏览器警告
SNMP v1/v2c 团体字符串以明文传输
匿名 SMB 访问通常默认禁用
防火墙规则必须允许入站连接
实验室环境应与生产环境隔离

示例 1：完整的 HTTP 实验室设置

# 安装和配置
sudo apt install apache2
sudo systemctl start apache2

# 创建登录页面
cat << 'EOF' | sudo tee /var/www/html/login.html
<html>
<body>
<form method="POST" action="login.php">
Username: <input type="text" name="user"><br>
Password: <input type="password" name="pass"><br>
<input type="submit" value="Login">
</form>
</body>
</html>
EOF

# 允许通过防火墙
sudo ufw allow 80/tcp

示例 2：SNMP 测试设置

# 快速 SNMP 配置
sudo apt install snmpd
echo "rocommunity public" | sudo tee -a /etc/snmp/snmpd.conf
sudo systemctl restart snmpd

# 测试枚举
snmpwalk -c public -v1 localhost

示例 3：SMB 匿名访问

# 配置匿名共享
sudo apt install samba
sudo mkdir /srv/samba/anonymous
sudo chmod 777 /srv/samba/anonymous

# 测试访问
smbclient //localhost/anonymous -N

问题	解决方案
端口无法访问	检查防火墙规则（ufw、iptables、Windows 防火墙）
服务无法启动	使用 `journalctl -u service-name` 检查日志
SNMP 超时	验证 UDP 161 端口是否开放，检查团体字符串
SMB 访问被拒绝	验证共享权限和用户凭据
HTTPS 证书错误	接受自签名证书或将其添加到受信任存储
无法远程连接	将服务绑定到 0.0.0.0 而不是 localhost

此技能适用于执行概述中描述的工作流程或操作。

🇺🇸English

Network 101

Purpose

Configure and test common network services (HTTP, HTTPS, SNMP, SMB) for penetration testing lab environments. Enable hands-on practice with service enumeration, log analysis, and security testing against properly configured target systems.

Inputs/Prerequisites

Windows Server or Linux system for hosting services
Kali Linux or similar for testing
Administrative access to target system
Basic networking knowledge (IP addressing, ports)
Firewall access for port configuration

Outputs/Deliverables

Configured HTTP/HTTPS web server
SNMP service with accessible communities
SMB file shares with various permission levels
Captured logs for analysis
Documented enumeration results

Core Workflow

1. Configure HTTP Server (Port 80)

Set up a basic HTTP web server for testing:

Windows IIS Setup:

Open IIS Manager (Internet Information Services)
Right-click Sites → Add Website
Configure site name and physical path
Bind to IP address and port 80

Linux Apache Setup:

# Install Apache
sudo apt update && sudo apt install apache2

# Start service
sudo systemctl start apache2
sudo systemctl enable apache2

# Create test page
echo "<html><body><h1>Test Page</h1></body></html>" | sudo tee /var/www/html/index.html

# Verify service
curl http://localhost

Configure Firewall for HTTP:

# Linux (UFW)
sudo ufw allow 80/tcp

# Windows PowerShell
New-NetFirewallRule -DisplayName "HTTP" -Direction Inbound -Protocol TCP -LocalPort 80 -Action Allow

2. Configure HTTPS Server (Port 443)

Set up secure HTTPS with SSL/TLS:

Generate Self-Signed Certificate:

# Linux - Generate certificate
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout /etc/ssl/private/apache-selfsigned.key \
  -out /etc/ssl/certs/apache-selfsigned.crt

# Enable SSL module
sudo a2enmod ssl
sudo systemctl restart apache2

Configure Apache for HTTPS:

# Edit SSL virtual host
sudo nano /etc/apache2/sites-available/default-ssl.conf

# Enable site
sudo a2ensite default-ssl
sudo systemctl reload apache2

Verify HTTPS Setup:

# Check port 443 is open
nmap -p 443 192.168.1.1

# Test SSL connection
openssl s_client -connect 192.168.1.1:443

# Check certificate
curl -kv https://192.168.1.1

3. Configure SNMP Service (Port 161)

Set up SNMP for enumeration practice:

Linux SNMP Setup:

# Install SNMP daemon
sudo apt install snmpd snmp

# Configure community strings
sudo nano /etc/snmp/snmpd.conf

# Add these lines:
# rocommunity public
# rwcommunity private

# Restart service
sudo systemctl restart snmpd

Windows SNMP Setup:

Open Server Manager → Add Features
Select SNMP Service
Configure community strings in Services → SNMP Service → Properties

SNMP Enumeration Commands:

# Basic SNMP walk
snmpwalk -c public -v1 192.168.1.1

# Enumerate system info
snmpwalk -c public -v1 192.168.1.1 1.3.6.1.2.1.1

# Get running processes
snmpwalk -c public -v1 192.168.1.1 1.3.6.1.2.1.25.4.2.1.2

# SNMP check tool
snmp-check 192.168.1.1 -c public

# Brute force community strings
onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt 192.168.1.1

4. Configure SMB Service (Port 445)

Set up SMB file shares for enumeration:

Windows SMB Share:

Create folder to share
Right-click → Properties → Sharing → Advanced Sharing
Enable sharing and set permissions
Configure NTFS permissions

Linux Samba Setup:

# Install Samba
sudo apt install samba

# Create share directory
sudo mkdir -p /srv/samba/share
sudo chmod 777 /srv/samba/share

# Configure Samba
sudo nano /etc/samba/smb.conf

# Add share:
# [public]
#    path = /srv/samba/share
#    browsable = yes
#    guest ok = yes
#    read only = no

# Restart service
sudo systemctl restart smbd

SMB Enumeration Commands:

# List shares anonymously
smbclient -L //192.168.1.1 -N

# Connect to share
smbclient //192.168.1.1/share -N

# Enumerate with smbmap
smbmap -H 192.168.1.1

# Full enumeration
enum4linux -a 192.168.1.1

# Check for vulnerabilities
nmap --script smb-vuln* 192.168.1.1

5. Analyze Service Logs

Review logs for security analysis:

HTTP/HTTPS Logs:

# Apache access log
sudo tail -f /var/log/apache2/access.log

# Apache error log
sudo tail -f /var/log/apache2/error.log

# Windows IIS logs
# Location: C:\inetpub\logs\LogFiles\W3SVC1\

Parse Log for Credentials:

# Search for POST requests
grep "POST" /var/log/apache2/access.log

# Extract user agents
awk '{print $12}' /var/log/apache2/access.log | sort | uniq -c

Quick Reference

Essential Ports

Service	Port	Protocol
HTTP	80	TCP
HTTPS	443	TCP
SNMP	161	UDP
SMB	445	TCP
NetBIOS	137-139	TCP/UDP

Service Verification Commands

# Check HTTP
curl -I http://target

# Check HTTPS
curl -kI https://target

# Check SNMP
snmpwalk -c public -v1 target

# Check SMB
smbclient -L //target -N

Common Enumeration Tools

Tool	Purpose
nmap	Port scanning and scripts
nikto	Web vulnerability scanning
snmpwalk	SNMP enumeration
enum4linux	SMB/NetBIOS enumeration
smbclient	SMB connection
gobuster	Directory brute forcing

Constraints

Self-signed certificates trigger browser warnings
SNMP v1/v2c communities transmit in cleartext
Anonymous SMB access is often disabled by default
Firewall rules must allow inbound connections
Lab environments should be isolated from production

Examples

Example 1: Complete HTTP Lab Setup

# Install and configure
sudo apt install apache2
sudo systemctl start apache2

# Create login page
cat << 'EOF' | sudo tee /var/www/html/login.html
<html>
<body>
<form method="POST" action="login.php">
Username: <input type="text" name="user"><br>
Password: <input type="password" name="pass"><br>
<input type="submit" value="Login">
</form>
</body>
</html>
EOF

# Allow through firewall
sudo ufw allow 80/tcp

Example 2: SNMP Testing Setup

# Quick SNMP configuration
sudo apt install snmpd
echo "rocommunity public" | sudo tee -a /etc/snmp/snmpd.conf
sudo systemctl restart snmpd

# Test enumeration
snmpwalk -c public -v1 localhost

Example 3: SMB Anonymous Access

# Configure anonymous share
sudo apt install samba
sudo mkdir /srv/samba/anonymous
sudo chmod 777 /srv/samba/anonymous

# Test access
smbclient //localhost/anonymous -N

Troubleshooting

Issue	Solution
Port not accessible	Check firewall rules (ufw, iptables, Windows Firewall)
Service not starting	Check logs with `journalctl -u service-name`
SNMP timeout	Verify UDP 161 is open, check community string
SMB access denied	Verify share permissions and user credentials
HTTPS certificate error	Accept self-signed cert or add to trusted store
Cannot connect remotely	Bind service to 0.0.0.0 instead of localhost

When to Use

This skill is applicable to execute the workflow or actions described in the overview.

Weekly Installs

105

Repository

sickn33/antigra…e-skills

GitHub Stars

27.6K

First Seen

Feb 20, 2026

Security Audits

Gen Agent Trust HubPass SocketWarn SnykWarn

Installed on

opencode104

kimi-cli103

gemini-cli103

amp103

github-copilot103

codex103

Lark Mail CLI 使用指南：邮件管理、安全规则与自动化工作流

37,000 周安装