IT数码 购物 网址 头条 软件 日历 阅读 图书馆
TxT小说阅读器
↓语音阅读,小说下载,古典文学↓
图片批量下载器
↓批量下载图片,美女图库↓
图片自动播放器
↓图片自动播放器↓
一键清除垃圾
↓轻轻一点,清除系统垃圾↓
开发: C++知识库 Java知识库 JavaScript Python PHP知识库 人工智能 区块链 大数据 移动开发 嵌入式 开发工具 数据结构与算法 开发测试 游戏开发 网络协议 系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑 笔记本 显卡 显示器 固态硬盘 硬盘 耳机 手机 iphone vivo oppo 小米 华为 单反 装机 图拉丁
 
   -> 网络协议 -> 黑客零基础第二章--信息收集-最全最实用的Nmap教程 -> 正文阅读

[网络协议]黑客零基础第二章--信息收集-最全最实用的Nmap教程

nmap是一个网络连接端扫描软件,用来扫描网上电脑开放的网络连接端。确定哪些服务运行在哪些连接端,并且推断计算机运行哪个操作系统(这是亦称 fingerprinting)。它是网络管理员必用的软件之一,以及用以评估网络系统安全。

1.场景

虚拟机:vmware
攻击主机:kali
IP:192.168.239.142
靶机:Windows10
IP:192.168.239.1

2.nmap参数

–traceroute扫描主机端口并跟踪路由
-p扫描指定端口和端口范围
-sP对目标主机进行ping扫描
-A使用高级功能进行扫描
-sV探测开放的端口以确定服务/版本信息
-sC相当于加入了–script=default参数
-sU发送udp
-Pn将所有主机视为在线 – 跳过主机发现
-sTTCP全连接,保证扫描准确
–min-rate每秒最少发多少包,用于提高扫描速度
–max-rate每秒最多发多少包,用于降低扫描速度,绕过防火墙检测

3.实验

  • -p端口扫描

? 批量端口扫描
在这里插入图片描述
? 指定端口扫描
在这里插入图片描述

  • -sP存活扫描
    在这里插入图片描述

  • -A 使用高级功能进行扫描
    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-fnhaAGaq-1628682169380)(file:///C:/Users/liuyb/AppData/Local/Temp/msohtmlclip1/01/clip_image006.jpg)]

  • -sV 探测开放的端口以确定服务/版本信息
    在这里插入图片描述

  • -sC 相当于加入了–script=default参数
    在这里插入图片描述

  • –min-rate 每秒最少发多少包,用于提高扫描速度。
    在这里插入图片描述
    添加—min-rate参数,10.75秒直接扫完。上图没加用时25.43秒。

4.综合运用

在实际进行扫描时,如果不确定对方开放端口需要进行全端口扫描时。应该先快速扫描获取目标端口号。然后取出这些端口号作为指定端口号加-sC -sV进行详细的扫描。以下是一个结合上面两方面的命令,

nmap -p `nmap -p- --min-rate=10000 -T4 192.168.239.1 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//` -sC -sV 192.168.239.1

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-YoIvTeds-1628682169384)(file:///C:/Users/liuyb/AppData/Local/Temp/msohtmlclip1/01/clip_image013.jpg)]
扫描结果如下

Starting Nmap 7.91 ( https://nmap.org ) at 2021-08-11 07:19 EDT                                                                                                                                                                            
Nmap scan report for 192.168.239.1                                                                                                                                                                                                         
Host is up (0.000054s latency).

PORT      STATE SERVICE         VERSION
21/tcp    open  ftp             FileZilla ftpd 0.9.41 beta
| ftp-syst: 
|_  SYST: UNIX emulated by FileZilla
25/tcp    open  smtp            Mercury/32 smtpd (Mail server account Maiser)
| smtp-commands: localhost Hello nmap.scanme.org; ESMTPs are:, TIME, SIZE 0, HELP, 
|_ Recognized SMTP commands are: HELO EHLO MAIL RCPT DATA RSET AUTH NOOP QUIT HELP VRFY SOML Mail server account is 'Maiser'. 
79/tcp    open  finger          Mercury/32 fingerd
| finger: Login: Admin         Name: Mail System Administrator\x0D
| \x0D
|_[No profile information]\x0D
80/tcp    open  http            Apache httpd 2.4.46 ((Win64) OpenSSL/1.1.1g PHP/7.4.10)
|_http-server-header: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.4.10
| http-title: Welcome to XAMPP
|_Requested resource was http://192.168.239.1/dashboard/
105/tcp   open  ph-addressbook  Mercury/32 PH addressbook server
106/tcp   open  pop3pw          Mercury/32 poppass service
110/tcp   open  pop3            Mercury/32 pop3d
|_pop3-capabilities: TOP APOP USER UIDL EXPIRE(NEVER)
135/tcp   open  msrpc           Microsoft Windows RPC
139/tcp   open  netbios-ssn     Microsoft Windows netbios-ssn
143/tcp   open  imap            Mercury/32 imapd 4.62
|_imap-capabilities: OK AUTH=PLAIN IMAP4rev1 CAPABILITY X-MERCURY-1A0001 complete
443/tcp   open  ssl/https       VMware Workstation SOAP API 14.1.2
| fingerprint-strings: 
|   FourOhFourRequest: 
|     HTTP/1.1 404 Not Found
|     Date: Wed, 11 Aug 2021 11:20:03 GMT
|     Connection: close
|     Content-Type: text/plain; charset=utf-8
|     X-Frame-Options: DENY
|     Content-Length: 0
|   GetRequest: 
|     HTTP/1.1 403 Forbidden
|     Date: Wed, 11 Aug 2021 11:20:03 GMT
|     Connection: close
|     Content-Type: text/plain; charset=utf-8
|     X-Frame-Options: DENY
|     Content-Length: 0
|   HTTPOptions: 
|     HTTP/1.1 501 Not Implemented
|     Date: Wed, 11 Aug 2021 11:20:03 GMT
|     Connection: close
|     Content-Type: text/plain; charset=utf-8
|     X-Frame-Options: DENY
|     Content-Length: 0
|   RTSPRequest: 
|     HTTP/1.1 400 Bad Request
|     Date: Wed, 11 Aug 2021 11:20:13 GMT
|     Connection: close
|     Content-Type: text/html
|     Content-Length: 50
|     <HTML><BODY><H1>400 Bad Request</H1></BODY></HTML>
|   SIPOptions: 
|     HTTP/1.1 400 Bad Request
|     Date: Wed, 11 Aug 2021 11:21:20 GMT
|     Connection: close
|     Content-Type: text/html
|     Content-Length: 50
|_    <HTML><BODY><H1>400 Bad Request</H1></BODY></HTML>
|_http-title: Site doesn't have a title (text/plain; charset=utf-8).
| ssl-cert: Subject: commonName=VMware/countryName=US
| Not valid before: 2018-10-16T14:29:30
|_Not valid after:  2019-10-16T14:29:30
|_ssl-date: TLS randomness does not represent time
| vmware-version: 
|   Server version: VMware Workstation 14.1.2
|   Build: 8497320
|   Locale version: INTL  
|   OS type: win32-x86
|_  Product Line ID: ws
445/tcp   open  microsoft-ds?
480/tcp   open  http            Apache httpd 2.4.46 ((Win64) OpenSSL/1.1.1g PHP/7.4.10)
|_http-server-header: Apache/2.4.46 (Win64) OpenSSL/1.1.1g PHP/7.4.10
| http-title: Welcome to XAMPP
|_Requested resource was http://192.168.239.1:480/dashboard/
902/tcp   open  ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
912/tcp   open  vmware-auth     VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
1010/tcp  open  surf?
1433/tcp  open  ms-sql-s        Microsoft SQL Server 2008 R2 10.50.1600.00; RTM
| ms-sql-ntlm-info: 
|   Target_Name: DESKTOP-CR4GABK
|   NetBIOS_Domain_Name: DESKTOP-CR4GABK
|   NetBIOS_Computer_Name: DESKTOP-CR4GABK
|   DNS_Domain_Name: DESKTOP-CR4GABK
|   DNS_Computer_Name: DESKTOP-CR4GABK
|_  Product_Version: 10.0.19041
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Not valid before: 2021-08-09T14:13:00
|_Not valid after:  2051-08-09T14:13:00
|_ssl-date: 2021-08-11T11:23:04+00:00; 0s from scanner time.
1536/tcp  open  msrpc           Microsoft Windows RPC
1537/tcp  open  msrpc           Microsoft Windows RPC
1538/tcp  open  msrpc           Microsoft Windows RPC
1539/tcp  open  msrpc           Microsoft Windows RPC
1540/tcp  open  msrpc           Microsoft Windows RPC
1541/tcp  open  msrpc           Microsoft Windows RPC
1545/tcp  open  msrpc           Microsoft Windows RPC
1546/tcp  open  msrpc           Microsoft Windows RPC
2025/tcp  open  ms-sql-s        Microsoft SQL Server 2008 R2 10.50.1600; RTM
| ms-sql-ntlm-info: 
|   Target_Name: DESKTOP-CR4GABK
|   NetBIOS_Domain_Name: DESKTOP-CR4GABK
|   NetBIOS_Computer_Name: DESKTOP-CR4GABK
|   DNS_Domain_Name: DESKTOP-CR4GABK
|   DNS_Computer_Name: DESKTOP-CR4GABK
|_  Product_Version: 10.0.19041
| ssl-cert: Subject: commonName=SSL_Self_Signed_Fallback
| Not valid before: 2021-08-09T14:13:00
|_Not valid after:  2051-08-09T14:13:00
|_ssl-date: 2021-08-11T11:23:04+00:00; -1s from scanner time.
2224/tcp  open  http            Mercury/32 httpd
|_http-title: Mercury HTTP Services
3306/tcp  open  mysql?
| fingerprint-strings: 
|   NULL: 
|_    Host '192.168.239.142' is not allowed to connect to this MariaDB server
5040/tcp  open  unknown
5426/tcp  open  http            Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Bad Request
6000/tcp  open  X11?
|_x11-access: ERROR: Script execution failed (use -d to debug)
7680/tcp  open  pando-pub?
8680/tcp  open  http            FRITZ!Box TR-069 service
|_http-title: Site doesn't have a title.
41091/tcp open  unknown
| fingerprint-strings: 
|   FourOhFourRequest, GetRequest, HTTPOptions, Help, LPDString, RTSPRequest, SIPOptions: 
|     HTTP/1.1 400 Invalid header received from client
|     Content-Type: text/plain
|     Connection: close
|_    Invalid header received from client.
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port3306-TCP:V=7.91%I=7%D=8/11%Time=6113B261%P=x86_64-pc-linux-gnu%r(NU
SF:LL,4E,"J\0\0\x01\xffj\x04Host\x20'192\.168\.239\.142'\x20is\x20not\x20a
SF:llowed\x20to\x20connect\x20to\x20this\x20MariaDB\x20server");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port41091-TCP:V=7.91%I=7%D=8/11%Time=6113B263%P=x86_64-pc-linux-gnu%r(G
SF:etRequest,87,"HTTP/1\.1\x20400\x20Invalid\x20header\x20received\x20from
SF:\x20client\r\nContent-Type:\x20text/plain\r\nConnection:\x20close\r\n\r
SF:\nInvalid\x20header\x20received\x20from\x20client\.\r\n")%r(HTTPOptions
SF:,87,"HTTP/1\.1\x20400\x20Invalid\x20header\x20received\x20from\x20clien
SF:t\r\nContent-Type:\x20text/plain\r\nConnection:\x20close\r\n\r\nInvalid
SF:\x20header\x20received\x20from\x20client\.\r\n")%r(RTSPRequest,87,"HTTP
SF:/1\.1\x20400\x20Invalid\x20header\x20received\x20from\x20client\r\nCont
SF:ent-Type:\x20text/plain\r\nConnection:\x20close\r\n\r\nInvalid\x20heade
SF:r\x20received\x20from\x20client\.\r\n")%r(Help,87,"HTTP/1\.1\x20400\x20
SF:Invalid\x20header\x20received\x20from\x20client\r\nContent-Type:\x20tex
SF:t/plain\r\nConnection:\x20close\r\n\r\nInvalid\x20header\x20received\x2
SF:0from\x20client\.\r\n")%r(FourOhFourRequest,87,"HTTP/1\.1\x20400\x20Inv
SF:alid\x20header\x20received\x20from\x20client\r\nContent-Type:\x20text/p
SF:lain\r\nConnection:\x20close\r\n\r\nInvalid\x20header\x20received\x20fr
SF:om\x20client\.\r\n")%r(LPDString,87,"HTTP/1\.1\x20400\x20Invalid\x20hea
SF:der\x20received\x20from\x20client\r\nContent-Type:\x20text/plain\r\nCon
SF:nection:\x20close\r\n\r\nInvalid\x20header\x20received\x20from\x20clien
SF:t\.\r\n")%r(SIPOptions,87,"HTTP/1\.1\x20400\x20Invalid\x20header\x20rec
SF:eived\x20from\x20client\r\nContent-Type:\x20text/plain\r\nConnection:\x
SF:20close\r\n\r\nInvalid\x20header\x20received\x20from\x20client\.\r\n");
MAC Address: 00:50:56:C0:00:08 (VMware)
Service Info: Host: localhost; OS: Windows; Device: broadband router; CPE: cpe:/o:microsoft:windows, cpe:/o:vmware:Workstation:14.1.2

Host script results:
| ms-sql-info: 
|   192.168.239.1:1433: 
|     Version: 
|       name: Microsoft SQL Server 2008 R2 RTM
|       number: 10.50.1600.00
|       Product: Microsoft SQL Server 2008 R2
|       Service pack level: RTM
|       Post-SP patches applied: false
|_    TCP port: 1433
|_nbstat: NetBIOS name: DESKTOP-CR4GABK, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:c0:00:08 (VMware)
| smb2-security-mode: 
|   2.02: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2021-08-11T11:22:34
|_  start_date: N/A

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 195.34 seconds

这样我们能以较快的速度获取了目标的详细扫描信息。

  网络协议 最新文章
使用Easyswoole 搭建简单的Websoket服务
常见的数据通信方式有哪些?
Openssl 1024bit RSA算法---公私钥获取和处
HTTPS协议的密钥交换流程
《小白WEB安全入门》03. 漏洞篇
HttpRunner4.x 安装与使用
2021-07-04
手写RPC学习笔记
K8S高可用版本部署
mySQL计算IP地址范围
上一篇文章      下一篇文章      查看所有文章
加:2021-08-12 17:02:27  更:2021-08-12 17:03:18 
 
开发: C++知识库 Java知识库 JavaScript Python PHP知识库 人工智能 区块链 大数据 移动开发 嵌入式 开发工具 数据结构与算法 开发测试 游戏开发 网络协议 系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑 笔记本 显卡 显示器 固态硬盘 硬盘 耳机 手机 iphone vivo oppo 小米 华为 单反 装机 图拉丁

360图书馆 购物 三丰科技 阅读网 日历 万年历 2024年12日历 -2024/12/28 5:29:28-

图片自动播放器
↓图片自动播放器↓
TxT小说阅读器
↓语音阅读,小说下载,古典文学↓
一键清除垃圾
↓轻轻一点,清除系统垃圾↓
图片批量下载器
↓批量下载图片,美女图库↓
  网站联系: qq:121756557 email:121756557@qq.com  IT数码
数据统计