切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
127 网络扫描 : nmap 常见扫描方式2[复制链接]
发表于 2012-9-9 16:48:24 | 显示全部楼层 |!read_mode!
请背诵本文!!!!!!!!!!!!!!!!!!
NMAP更具什么来判断服务?
  1. root@Dis9Team:/pen/nmap/share/nmap# pwd
  2. /pen/nmap/share/nmap
  3. root@Dis9Team:/pen/nmap/share/nmap# ls
  4. nmap.dtd           nmap-os-db     nmap-protocols  nmap-service-probes  nmap.xsl
  5. nmap-mac-prefixes  nmap-payloads  nmap-rpc        nmap-services
  6. root@Dis9Team:/pen/nmap/share/nmap#
复制代码

nmap-service 和 nmap-service-probes
NMAP更具什么来判断系统?
nmap-os-db

默认的扫描方式只按照上面说的来判断

获得详细服务

-sV


  1. root@Dis9Team:/pen/nmap/share/nmap# nmap -sV 192.168.40.129

  2. Starting Nmap 6.01 ( http://nmap.org ) at 2012-06-19 02:45 PDT
  3. Nmap scan report for 192.168.40.129
  4. Host is up (0.0012s latency).
  5. Not shown: 995 closed ports
  6. PORT     STATE SERVICE       VERSION
  7. 23/tcp   open  telnet        Microsoft Windows XP telnetd
  8. 135/tcp  open  msrpc         Microsoft Windows RPC
  9. 139/tcp  open  netbios-ssn
  10. 445/tcp  open  microsoft-ds  Microsoft Windows XP microsoft-ds
  11. 3389/tcp open  ms-wbt-server Microsoft Terminal Service
  12. MAC Address: 00:0C:29:EB:F8:94 (VMware)
  13. Service Info: OSs: Windows XP, Windows; CPE: cpe:/o:microsoft:windows_xp, cpe:/o:microsoft:windows

  14. Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
  15. Nmap done: 1 IP address (1 host up) scanned in 7.61 seconds
  16. root@Dis9Team:/pen/nmap/share/nmap#
复制代码
获得操作系统
  1. root@Dis9Team:/pen/nmap/share/nmap# nmap -O --osscan-limit --osscan-guess 192.168.40.129

  2. Starting Nmap 6.01 ( http://nmap.org ) at 2012-06-19 02:47 PDT
  3. Nmap scan report for 192.168.40.129
  4. Host is up (0.00030s latency).
  5. MAC Address: 00:0C:29:EB:F8:94 (VMware)
  6. Device type: general purpose
  7. Running: Microsoft Windows XP|2003
  8. OS CPE: cpe:/o:microsoft:windows_xp::sp2:professional cpe:/o:microsoft:windows_server_2003
  9. OS details: Microsoft Windows XP Professional SP2 or Windows Server 2003
  10. OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
  11. Nmap done: 1 IP address (1 host up) scanned in 3.19 seconds
  12. root@Dis9Team:/pen/nmap/share/nmap#
复制代码
OS details: Microsoft Windows XP Professional SP2 or Windows Server 2003设置查询时间-T 1-5
  1. root@Dis9Team:~# nmap -T5 192.168.40.129
复制代码
尝试全部服务–version-all,需要配合上面两个东西
  1. root@Dis9Team:~# nmap -T5 --version-all -sV 192.168.40.129
复制代码
查看发送的数据包–packet-trace
  1. root@Dis9Team:~# nmap --packet-trace 192.168.40.129 > 1.txt
  2. root@Dis9Team:~# head 1.txt

  3. Starting Nmap 6.01 ( http://nmap.org ) at 2012-06-19 02:52 PDT
  4. SENT (0.0572s) ARP who-has 192.168.40.129 tell 192.168.40.134
  5. RCVD (0.0574s) ARP reply 192.168.40.129 is-at 00:0C:29:EB:F8:94
  6. NSOCK (0.0570s) UDP connection requested to 192.168.40.2:53 (IOD #1) EID 8
  7. NSOCK (0.0570s) Read request from IOD #1 [192.168.40.2:53] (timeout: -1ms) EID 18
  8. NSOCK (0.0570s) Write request for 45 bytes to IOD #1 EID 27 [192.168.40.2:53]: a............129.40.168.192.in-addr.arpa.....
  9. NSOCK (0.0570s) Callback: CONNECT SUCCESS for EID 8 [192.168.40.2:53]
  10. NSOCK (0.0570s) Callback: WRITE SUCCESS for EID 27 [192.168.40.2:53]
  11. NSOCK (0.3100s) Callback: READ SUCCESS for EID 18 [192.168.40.2:53] (122 bytes)
  12. root@Dis9Team:~#
复制代码
防止劫持嗯,这个很重要 指定DNS 使用GOOGLE或者本地DNS
  1. root@Dis9Team:~# nmap  192.168.40.129  --dns-servers 8.8.8.8
复制代码
Traceroute追踪–traceroute http://net.chinaunix.net/5/2006/08/24/1140064.shtml
下面来比较两个结果:1使用DNS
  1. root@Dis9Team:~# nmap  www.baidu.com  --traceroute --dns-servers 8.8.8.8

  2. Starting Nmap 6.01 ( http://nmap.org ) at 2012-06-19 02:58 PDT
  3. Nmap scan report for www.baidu.com (119.75.217.56)
  4. Host is up (0.0068s latency).
  5. Other addresses for www.baidu.com (not scanned): 119.75.218.77
  6. Not shown: 999 filtered ports
  7. PORT   STATE SERVICE
  8. 80/tcp open  http

  9. TRACEROUTE (using port 80/tcp)
  10. HOP RTT    ADDRESS
  11. 1   ... 30

  12. Nmap done: 1 IP address (1 host up) scanned in 13.51 seconds
复制代码
2.默认
  1. root@Dis9Team:~# nmap  www.baidu.com  --traceroute

  2. Starting Nmap 6.01 ( http://nmap.org ) at 2012-06-19 02:57 PDT
  3. Nmap scan report for www.baidu.com (119.75.217.56)
  4. Host is up (0.0038s latency).
  5. Other addresses for www.baidu.com (not scanned): 119.75.218.77
  6. Not shown: 999 filtered ports
  7. PORT   STATE SERVICE
  8. 80/tcp open  http

  9. TRACEROUTE (using port 80/tcp)
  10. HOP RTT     ADDRESS
  11. 1   0.10 ms 192.168.40.2
  12. 2   0.06 ms 119.75.217.56

  13. Nmap done: 1 IP address (1 host up) scanned in 49.96 seconds
复制代码
地址欺骗-S 必须同一网管! 嗅探的模式 这个必须指定网卡 我欺骗我的IP是 1.1.1.1
  1. root@Dis9Team:~# nmap  192.168.40.129 -S 1.1.1.1 -e eth0 -Pn

  2. Starting Nmap 6.01 ( http://nmap.org ) at 2012-06-19 03:24 PDT
  3. Nmap scan report for 192.168.40.129
  4. Host is up (0.030s latency).
  5. Not shown: 995 closed ports
  6. PORT     STATE SERVICE
  7. 23/tcp   open  telnet
  8. 135/tcp  open  msrpc
  9. 139/tcp  open  netbios-ssn
  10. 445/tcp  open  microsoft-ds
  11. 3389/tcp open  ms-wbt-server
  12. MAC Address: 00:0C:29:EB:F8:94 (VMware)

  13. Nmap done: 1 IP address (1 host up) scanned in 0.38 seconds
  14. root@Dis9Team:~#
复制代码





操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-29 09:33

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部