【安全牛学习笔记】SMB扫描

最新推荐文章于 2024-11-15 16:30:56 发布
最新推荐文章于 2024-11-15 16:30:56 发布
阅读量878 收藏
点赞数
分类专栏: 信息安全 文章标签: Security+ 信息安全 安全
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/edu_aqniu/article/details/77983616
版权
SMB扫描

╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋
┃SMB扫描                                                                     ┃
┃nmap -v -p 139,134 192.168.60.1-20                                          ┃
┃nmap 192.168.1.132 -p139,445 --script=smb-os-discovery.nse                  ┃
┃nmap -v -p139,145 --script=smb-check-vulns --script-args=unsafe=1 1.1.1.1   ┃
┃nbtscan -r 192.168.60.0/24                                                  ┃
┃enum4linux -a 192.168.60.10                                                 ┃
╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋


╋━━━━━━━━━━━━━━━━╋
┃SMB扫描                         ┃
┃Server Message Block协议        ┃
┃  微软历史上出现问题最多的协议  ┃
┃  实现复杂                      ┃
┃  默认开放                      ┃
┃  文件共享                      ┃
┃  空会话未身份认证访问(SMBI)    ┃
┃   密码策略                     ┃
┃   用户名                       ┃
┃   组名                         ┃
┃   机器名                       ┃
┃   用户、组SID                  ┃
╋━━━━━━━━━━━━━━━━╋


┌────┬──────────────────┐
│ 版本   │             操作系统               │
├────┼──────────────────┤
│  SMB1  │  Windows 2000 / XP / Windows 2003  │
├────┼──────────────────┤
│  SMB2  │  windows Vista SP1 / Windows 2008  │
├────┼──────────────────┤
│  SMB2.1│  Windows 7 / Windows 2008 R2       │
├────┼──────────────────┤
│  SMB3  │  Windows 8 / Windows 2012          │
└────┴──────────────────┘


root@kali:~# uname -a
Linux kali 4.0.0-kali1-686-pae #1 SMP Debian 4.0.4-1+kali2 (2015-06-03) i686 GNU/Linux


root@kali:~# lsb_release -a
No LSB modules are available.
Distributor ID: Kali
Description: Kali GNU/Linux 2.0
Release: 2.0
Codename: sana

root@kali:~# cat /etc/apt/sources.list


# deb cdrom:[Debian GNU/Linux 2.0 _Sana_ - Official Snapshot i386 LIVE/INSTALL Binary 20150811-09:06]/ sana contrib main non-free

#deb cdrom:[Debian GNU/Linux 2.0 _Sana_ - Official Snapshot i386 LIVE/INSTALL Binary 20150811-09:06]/ sana contrib main non-free

deb http://http.kali.org/kali sana main non-free contrib
deb-src http://http.kali.org/kali sana main non-free contrib

deb http://security.kali.org/kali-security/ sana/updates main contrib non-free
deb-src http://security.kali.org/kali-security/ sana/updates main contrib non-free

deb http://mirrors.ustc.edu.cn/kali kali main non-free contrib
deb-src http://mirrors.ustc.edu.cn/kali kali main non-free contrib
deb http://mirrors.ustc.edu.cn/kali-security kali/updates main contrib non-free
root@kali:~# apt-get upadate && apt-get dis-ugrade -y

----------------------------------------------------------------------------------
root@kali:~# nmap -v -p 139,445 192.168.1.0/24

Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-06 17:04 CST
Initiating ARP Ping Scan at 17:04
Scanning 255 hosts [1 port/host]
Completed ARP Ping Scan at 17:04, 1.97s elapsed (255 total hosts)
Initiating Parallel DNS resolution of 255 hosts. at 17:04
Completed Parallel DNS resolution of 255 hosts. at 17:04, 0.23s elapsed
Nmap scan report for 192.168.1.0 [host down]
Nmap scan report for 192.168.1.2 [host down]
Nmap scan report for 192.168.1.3 [host down]
Nmap scan report for 192.168.1.4 [host down]
Nmap scan report for 192.168.1.5 [host down]
Nmap scan report for 192.168.1.6 [host down]
Nmap scan report for 192.168.1.7 [host down]
Nmap scan report for 192.168.1.8 [host down]
Nmap scan report for 192.168.1.9 [host down]
Nmap scan report for 192.168.1.10 [host down]
Nmap scan report for 192.168.1.11 [host down]
Nmap scan report for 192.168.1.12 [host down]
Nmap scan report for 192.168.1.13 [host down]
Nmap scan report for 192.168.1.14 [host down]
Nmap scan report for 192.168.1.15 [host down]
Nmap scan report for 192.168.1.16 [host down]
Nmap scan report for 192.168.1.17 [host down]
Nmap scan report for 192.168.1.18 [host down]
Nmap scan report for 192.168.1.19 [host down]
Nmap scan report for 192.168.1.20 [host down]
Nmap scan report for 192.168.1.21 [host down]
Nmap scan report for 192.168.1.22 [host down]
Nmap scan report for 192.168.1.23 [host down]
Nmap scan report for 192.168.1.24 [host down]
Nmap scan report for 192.168.1.25 [host down]
Nmap scan report for 192.168.1.26 [host down]
Nmap scan report for 192.168.1.27 [host down]
Nmap scan report for 192.168.1.28 [host down]
Nmap scan report for 192.168.1.29 [host down]
Nmap scan report for 192.168.1.30 [host down]
Nmap scan report for 192.168.1.31 [host down]
Nmap scan report for 192.168.1.32 [host down]
Nmap scan report for 192.168.1.33 [host down]
Nmap scan report for 192.168.1.34 [host down]
Nmap scan report for 192.168.1.35 [host down]
Nmap scan report for 192.168.1.36 [host down]
Nmap scan report for 192.168.1.37 [host down]
Nmap scan report for 192.168.1.38 [host down]
Nmap scan report for 192.168.1.39 [host down]
Nmap scan report for 192.168.1.40 [host down]
Nmap scan report for 192.168.1.41 [host down]
Nmap scan report for 192.168.1.42 [host down]
Nmap scan report for 192.168.1.43 [host down]
Nmap scan report for 192.168.1.44 [host down]
Nmap scan report for 192.168.1.45 [host down]
Nmap scan report for 192.168.1.46 [host down]
Nmap scan report for 192.168.1.47 [host down]
Nmap scan report for 192.168.1.48 [host down]
Nmap scan report for 192.168.1.49 [host down]
Nmap scan report for 192.168.1.50 [host down]
Nmap scan report for 192.168.1.51 [host down]
Nmap scan report for 192.168.1.52 [host down]
Nmap scan report for 192.168.1.53 [host down]
Nmap scan report for 192.168.1.54 [host down]
Nmap scan report for 192.168.1.55 [host down]
Nmap scan report for 192.168.1.56 [host down]
Nmap scan report for 192.168.1.57 [host down]
Nmap scan report for 192.168.1.58 [host down]
Nmap scan report for 192.168.1.59 [host down]
Nmap scan report for 192.168.1.60 [host down]
Nmap scan report for 192.168.1.61 [host down]
Nmap scan report for 192.168.1.62 [host down]
Nmap scan report for 192.168.1.63 [host down]
Nmap scan report for 192.168.1.64 [host down]
Nmap scan report for 192.168.1.65 [host down]
Nmap scan report for 192.168.1.66 [host down]
Nmap scan report for 192.168.1.67 [host down]
Nmap scan report for 192.168.1.68 [host down]
Nmap scan report for 192.168.1.69 [host down]
Nmap scan report for 192.168.1.70 [host down]
Nmap scan report for 192.168.1.71 [host down]
Nmap scan report for 192.168.1.72 [host down]
Nmap scan report for 192.168.1.73 [host down]
Nmap scan report for 192.168.1.74 [host down]
Nmap scan report for 192.168.1.75 [host down]
Nmap scan report for 192.168.1.76 [host down]
Nmap scan report for 192.168.1.77 [host down]
Nmap scan report for 192.168.1.78 [host down]
Nmap scan report for 192.168.1.79 [host down]
Nmap scan report for 192.168.1.80 [host down]
Nmap scan report for 192.168.1.81 [host down]
Nmap scan report for 192.168.1.82 [host down]
Nmap scan report for 192.168.1.83 [host down]
Nmap scan report for 192.168.1.84 [host down]
Nmap scan report for 192.168.1.85 [host down]
Nmap scan report for 192.168.1.86 [host down]
Nmap scan report for 192.168.1.87 [host down]
Nmap scan report for 192.168.1.88 [host down]
Nmap scan report for 192.168.1.89 [host down]
Nmap scan report for 192.168.1.90 [host down]
Nmap scan report for 192.168.1.91 [host down]
Nmap scan report for 192.168.1.92 [host down]
Nmap scan report for 192.168.1.93 [host down]
Nmap scan report for 192.168.1.94 [host down]
Nmap scan report for 192.168.1.95 [host down]
Nmap scan report for 192.168.1.96 [host down]
Nmap scan report for 192.168.1.97 [host down]
Nmap scan report for 192.168.1.98 [host down]
Nmap scan report for 192.168.1.99 [host down]
Nmap scan report for 192.168.1.100 [host down]
Nmap scan report for 192.168.1.102 [host down]
Nmap scan report for 192.168.1.103 [host down]
Nmap scan report for 192.168.1.104 [host down]
Nmap scan report for 192.168.1.105 [host down]
Nmap scan report for 192.168.1.106 [host down]
Nmap scan report for 192.168.1.108 [host down]
Nmap scan report for 192.168.1.109 [host down]
Nmap scan report for 192.168.1.110 [host down]
Nmap scan report for 192.168.1.111 [host down]
Nmap scan report for 192.168.1.112 [host down]
Nmap scan report for 192.168.1.113 [host down]
Nmap scan report for 192.168.1.114 [host down]
Nmap scan report for 192.168.1.115 [host down]
Nmap scan report for 192.168.1.116 [host down]
Nmap scan report for 192.168.1.117 [host down]
Nmap scan report for 192.168.1.118 [host down]
Nmap scan report for 192.168.1.119 [host down]
Nmap scan report for 192.168.1.120 [host down]
Nmap scan report for 192.168.1.121 [host down]
Nmap scan report for 192.168.1.122 [host down]
Nmap scan report for 192.168.1.123 [host down]
Nmap scan report for 192.168.1.124 [host down]
Nmap scan report for 192.168.1.125 [host down]
Nmap scan report for 192.168.1.126 [host down]
Nmap scan report for 192.168.1.127 [host down]
Nmap scan report for 192.168.1.128 [host down]
Nmap scan report for 192.168.1.129 [host down]
Nmap scan report for 192.168.1.130 [host down]
Nmap scan report for 192.168.1.131 [host down]
Nmap scan report for 192.168.1.132 [host down]
Nmap scan report for 192.168.1.133 [host down]
Nmap scan report for 192.168.1.134 [host down]
Nmap scan report for 192.168.1.135 [host down]
Nmap scan report for 192.168.1.136 [host down]
Nmap scan report for 192.168.1.137 [host down]
Nmap scan report for 192.168.1.138 [host down]
Nmap scan report for 192.168.1.139 [host down]
Nmap scan report for 192.168.1.140 [host down]
Nmap scan report for 192.168.1.141 [host down]
Nmap scan report for 192.168.1.142 [host down]
Nmap scan report for 192.168.1.143 [host down]
Nmap scan report for 192.168.1.144 [host down]
Nmap scan report for 192.168.1.145 [host down]
Nmap scan report for 192.168.1.146 [host down]
Nmap scan report for 192.168.1.147 [host down]
Nmap scan report for 192.168.1.148 [host down]
Nmap scan report for 192.168.1.149 [host down]
Nmap scan report for 192.168.1.150 [host down]
Nmap scan report for 192.168.1.151 [host down]
Nmap scan report for 192.168.1.152 [host down]
Nmap scan report for 192.168.1.153 [host down]
Nmap scan report for 192.168.1.154 [host down]
Nmap scan report for 192.168.1.155 [host down]
Nmap scan report for 192.168.1.156 [host down]
Nmap scan report for 192.168.1.157 [host down]
Nmap scan report for 192.168.1.158 [host down]
Nmap scan report for 192.168.1.159 [host down]
Nmap scan report for 192.168.1.160 [host down]
Nmap scan report for 192.168.1.161 [host down]
Nmap scan report for 192.168.1.162 [host down]
Nmap scan report for 192.168.1.163 [host down]
Nmap scan report for 192.168.1.164 [host down]
Nmap scan report for 192.168.1.165 [host down]
Nmap scan report for 192.168.1.166 [host down]
Nmap scan report for 192.168.1.167 [host down]
Nmap scan report for 192.168.1.168 [host down]
Nmap scan report for 192.168.1.169 [host down]
Nmap scan report for 192.168.1.170 [host down]
Nmap scan report for 192.168.1.171 [host down]
Nmap scan report for 192.168.1.172 [host down]
Nmap scan report for 192.168.1.173 [host down]
Nmap scan report for 192.168.1.174 [host down]
Nmap scan report for 192.168.1.175 [host down]
Nmap scan report for 192.168.1.176 [host down]
Nmap scan report for 192.168.1.177 [host down]
Nmap scan report for 192.168.1.178 [host down]
Nmap scan report for 192.168.1.179 [host down]
Nmap scan report for 192.168.1.180 [host down]
Nmap scan report for 192.168.1.181 [host down]
Nmap scan report for 192.168.1.182 [host down]
Nmap scan report for 192.168.1.183 [host down]
Nmap scan report for 192.168.1.184 [host down]
Nmap scan report for 192.168.1.185 [host down]
Nmap scan report for 192.168.1.186 [host down]
Nmap scan report for 192.168.1.187 [host down]
Nmap scan report for 192.168.1.188 [host down]
Nmap scan report for 192.168.1.189 [host down]
Nmap scan report for 192.168.1.190 [host down]
Nmap scan report for 192.168.1.191 [host down]
Nmap scan report for 192.168.1.192 [host down]
Nmap scan report for 192.168.1.193 [host down]
Nmap scan report for 192.168.1.194 [host down]
Nmap scan report for 192.168.1.195 [host down]
Nmap scan report for 192.168.1.196 [host down]
Nmap scan report for 192.168.1.197 [host down]
Nmap scan report for 192.168.1.198 [host down]
Nmap scan report for 192.168.1.199 [host down]
Nmap scan report for 192.168.1.200 [host down]
Nmap scan report for 192.168.1.201 [host down]
Nmap scan report for 192.168.1.202 [host down]
Nmap scan report for 192.168.1.203 [host down]
Nmap scan report for 192.168.1.204 [host down]
Nmap scan report for 192.168.1.205 [host down]
Nmap scan report for 192.168.1.206 [host down]
Nmap scan report for 192.168.1.207 [host down]
Nmap scan report for 192.168.1.208 [host down]
Nmap scan report for 192.168.1.209 [host down]
Nmap scan report for 192.168.1.210 [host down]
Nmap scan report for 192.168.1.211 [host down]
Nmap scan report for 192.168.1.212 [host down]
Nmap scan report for 192.168.1.213 [host down]
Nmap scan report for 192.168.1.214 [host down]
Nmap scan report for 192.168.1.215 [host down]
Nmap scan report for 192.168.1.216 [host down]
Nmap scan report for 192.168.1.217 [host down]
Nmap scan report for 192.168.1.218 [host down]
Nmap scan report for 192.168.1.219 [host down]
Nmap scan report for 192.168.1.220 [host down]
Nmap scan report for 192.168.1.221 [host down]
Nmap scan report for 192.168.1.222 [host down]
Nmap scan report for 192.168.1.223 [host down]
Nmap scan report for 192.168.1.224 [host down]
Nmap scan report for 192.168.1.225 [host down]
Nmap scan report for 192.168.1.226 [host down]
Nmap scan report for 192.168.1.227 [host down]
Nmap scan report for 192.168.1.228 [host down]
Nmap scan report for 192.168.1.229 [host down]
Nmap scan report for 192.168.1.230 [host down]
Nmap scan report for 192.168.1.231 [host down]
Nmap scan report for 192.168.1.232 [host down]
Nmap scan report for 192.168.1.233 [host down]
Nmap scan report for 192.168.1.234 [host down]
Nmap scan report for 192.168.1.235 [host down]
Nmap scan report for 192.168.1.236 [host down]
Nmap scan report for 192.168.1.237 [host down]
Nmap scan report for 192.168.1.238 [host down]
Nmap scan report for 192.168.1.239 [host down]
Nmap scan report for 192.168.1.240 [host down]
Nmap scan report for 192.168.1.241 [host down]
Nmap scan report for 192.168.1.242 [host down]
Nmap scan report for 192.168.1.243 [host down]
Nmap scan report for 192.168.1.244 [host down]
Nmap scan report for 192.168.1.245 [host down]
Nmap scan report for 192.168.1.246 [host down]
Nmap scan report for 192.168.1.247 [host down]
Nmap scan report for 192.168.1.248 [host down]
Nmap scan report for 192.168.1.249 [host down]
Nmap scan report for 192.168.1.250 [host down]
Nmap scan report for 192.168.1.251 [host down]
Nmap scan report for 192.168.1.252 [host down]
Nmap scan report for 192.168.1.253 [host down]
Nmap scan report for 192.168.1.254 [host down]
Nmap scan report for 192.168.1.255 [host down]
Initiating Parallel DNS resolution of 1 host. at 17:04
Completed Parallel DNS resolution of 1 host. at 17:04, 0.01s elapsed
Initiating SYN Stealth Scan at 17:04
Scanning 2 hosts [2 ports/host]
Discovered open port 445/tcp on 192.168.1.101
Discovered open port 139/tcp on 192.168.1.101
Completed SYN Stealth Scan at 17:04, 0.02s elapsed (4 total ports)
Nmap scan report for 192.168.1.1
Host is up (0.0078s latency).
PORT    STATE  SERVICE
139/tcp closed netbios-ssn
445/tcp closed microsoft-ds
MAC Address: F0:EB:D0:22:46:B4 (Shanghai Feixun Communication Co.)

Nmap scan report for 192.168.1.101
Host is up (0.00035s latency).
PORT    STATE SERVICE
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 00:5A:39:B0:ED:D2 (Shenzhen Fast Technologies CO.)

Initiating SYN Stealth Scan at 17:04
Scanning 192.168.1.107 [2 ports]
Completed SYN Stealth Scan at 17:04, 0.00s elapsed (2 total ports)
Nmap scan report for 192.168.1.107
Host is up (0.00013s latency).
PORT    STATE  SERVICE
139/tcp closed netbios-ssn
445/tcp closed microsoft-ds

Read data files from: /usr/bin/../share/nmap
Nmap done: 256 IP addresses (3 hosts up) scanned in 2.47 seconds
           Raw packets sent: 515 (14.516KB) | Rcvd: 11 (420B)

root@kali:~# nmap -v -p 139,445 192.168.1.0/24 --open

Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-06 17:07 CST
Initiating ARP Ping Scan at 17:07
Scanning 255 hosts [1 port/host]
Completed ARP Ping Scan at 17:07, 2.28s elapsed (255 total hosts)
Initiating Parallel DNS resolution of 255 hosts. at 17:07
Completed Parallel DNS resolution of 255 hosts. at 17:07, 0.04s elapsed
Initiating Parallel DNS resolution of 1 host. at 17:07
Completed Parallel DNS resolution of 1 host. at 17:07, 0.01s elapsed
Initiating SYN Stealth Scan at 17:07
Scanning 3 hosts [2 ports/host]
Discovered open port 139/tcp on 192.168.1.101
Discovered open port 445/tcp on 192.168.1.101
Completed SYN Stealth Scan at 17:07, 0.89s elapsed (6 total ports)
Nmap scan report for 192.168.1.101
Host is up (0.00033s latency).
PORT    STATE SERVICE
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 00:5A:39:B0:ED:D2 (Shenzhen Fast Technologies CO.)


Initiating SYN Stealth Scan at 17:07
Scanning 192.168.1.107 [2 ports]
Completed SYN Stealth Scan at 17:07, 0.00s elapsed (2 total ports)
Read data files from: /usr/bin/../share/nmap
Nmap done: 256 IP addresses (4 hosts up) scanned in 3.33 seconds
           Raw packets sent: 517 (14.604KB) | Rcvd: 15 (556B)

root@kali:~# nmap 192.168.1.132 -p139,445 --script=smb-os-discovery.nse

Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-06 17:12 CST
Nmap scan report for 192.168.1.134
Host is up (0.00076s latency).
PORT    STATE SERVICE 
139/tcp open  netbois-ssn     
445/tcp open  microsoft-dn
MAC Address: C8:3A:35:CA:46:91(Tenda Technology Co.)

Host script results:
|  smb-os-discovery
|    OS: Windows 8 Pro 9200(Windows 8 Pro 6.2) 
|    OS CPE: cpe:/o:microsoft:windows_8::-
|    NetBIOS computer name: VV
|    workgroup: WORKGROUP
|_   System time: 2015-08-12T18:16:12+08:00

Nmap done: 1 IP address (1 host up) scanned in 2.87 seconds

root@kali:~# nmap -v -p 139,145 --script=smb-check-vulns --script-args=unsafe=1 1.1.1.1
                       //扫描指定的目标,同时检测相关漏洞 

Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-06 19:39 CST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 19:39
Completed NSE at 19:39, 0.00s elapsed
Initiating Ping Scan at 19:39
Scanning 1.1.1.1 [4 ports]
Completed Ping Scan at 19:40, 3.01s elapsed (1 total hosts)
Nmap scan report for 1.1.1.1 [host down]
NSE: Script Post-scanning.
Initiating NSE at 19:40
Completed NSE at 19:40, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.42 seconds
           Raw packets sent: 8 (304B) | Rcvd: 0 (0B)

root@kali:~# nmap -v -p 139,145 --script=smb-check-vulns --script-args=unsafe=1 1.1.1.1 -Pn

Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-06 19:40 CST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 19:40
Completed NSE at 19:40, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 19:40
Completed Parallel DNS resolution of 1 host. at 19:40, 0.02s elapsed
Initiating SYN Stealth Scan at 19:40
Scanning 1.1.1.1 [2 ports]
Completed SYN Stealth Scan at 19:40, 3.01s elapsed (2 total ports)
NSE: Script scanning 1.1.1.1.
Initiating NSE at 19:40
Completed NSE at 19:40, 0.00s elapsed
Nmap scan report for 1.1.1.1
Host is up.
PORT    STATE    SERVICE
139/tcp filtered netbios-ssn
145/tcp filtered unknown

NSE: Script Post-scanning.
Initiating NSE at 19:40
Completed NSE at 19:40, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 3.34 seconds
           Raw packets sent: 4 (176B) | Rcvd: 0 (0B)


root@kali:~# nmap 192.168.1.133,134 -p139,445 --script=smb-os-discovery.nse

Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-06 17:12 CST
Nmap scan report for 192.168.1.134
Host is up (0.00076s latency).
PORT    STATE SERVICE 
139/tcp open  netbois-ssn     
445/tcp open  microsoft-dn
MAC Address: 08:00:27:FB:OB:AA(Tenda Technology Co.)

Host script results:
|  smb-os-discovery
|    OS: Windows XP(Windows 2000 LAN Manager) 
|    OS CPE: cpe:/o:microsoft:windows_xp:-
|    Computer name: xp
|    NetBIOS computer name: XP
|    workgroup: WORKGROUP
|_   System time: 2015-08-12T18:25:16+08:00


Nmap scan report for 192.168.1.134
Host is up (0.00076s latency).
PORT    STATE SERVICE 
139/tcp open  netbois-ssn     
445/tcp open  microsoft-dn
MAC Address: 08:00:27:FB:OB:AA(Tenda Technology Co.)

Host script results:
|  smb-os-discovery
|    OS: Unix(Samba 3.0.20-Debian) 
|    NetBIOS computer name: 
|    workgroup: WORKGROUP
|_   System time: 2015-08-12T06:48:16-04:00

Nmap done: 2 IP address (1 host up) scanned in 2.87 seconds


root@kali:~# nbtscan

NBTscan version 1.5.1. Copyright (C) 1999-2003 Alla Bezroutchko.
This is a free software and it comes with absolutely no warranty.
You can use, distribute and modify it under terms of GNU GPL.

Usage:
nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] [-r] [-q] [-s separator] [-m retransmits] (-f filename)|(<scan_range>) 
-v verbose output. Print all names received
from each host
-d dump packets. Print whole packet contents.
-e Format output in /etc/hosts format.
-l Format output in lmhosts format.
Cannot be used with -v, -s or -h options.
-t timeout wait timeout milliseconds for response.
Default 1000.
-b bandwidth Output throttling. Slow down output
so that it uses no more that bandwidth bps.
Useful on slow links, so that ougoing queries
don't get dropped.
-r use local port 137 for scans. Win95 boxes
respond to this only.
You need to be root to use this option on Unix.
-q Suppress banners and error messages,
-s separator Script-friendly output. Don't print
column and record headers, separate fields with separator.
-h Print human-readable names for services.
Can only be used with -v option.
-m retransmits Number of retransmits. Default 0.
-f filename Take IP addresses to scan from file filename.
-f - makes nbtscan take IP addresses from stdin.
<scan_range> what to scan. Can either be single IP
like 192.168.1.1 or
range of addresses in one of two forms: 
xxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx.
Examples:
nbtscan -r 192.168.1.0/24
Scans the whole C-class network.
nbtscan 192.168.1.25-137
Scans a range from 192.168.1.25 to 192.168.1.137
nbtscan -v -s : 192.168.1.0/24
Scans C-class network. Prints results in script-friendly
format using colon as field separator.
Produces output like that:
192.168.0.1:NT_SERVER:00U
192.168.0.1:MY_DOMAIN:00G
192.168.0.1:ADMINISTRATOR:03U
192.168.0.2:OTHER_BOX:00U
...
nbtscan -f iplist
Scans IP addresses specified in file iplist.


oot@kali:~# nbtscan -r 192.168.1.0/24
Doing NBT name scan for addresses from 192.168.1.0/24


IP address       NetBIOS Name     Server    User             MAC address      
------------------------------------------------------------------------------
192.168.1.0 Sendto failed: Permission denied
192.168.1.101    ADMIN1502121657  <server>  <unknown>        00:5a:39:b0:ed:d2
192.168.1.107    <unknown>                  <unknown>        
192.168.1.255 Sendto failed: Permission denied


root@kali:~# enum4linux -a 192.168.1.133
Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Tue Oct  6 20:56:00 2015


 ========================== 
|    Target Information    |
 ========================== 
Target ........... 192.168.1.133
RID Range ........ 500-550,1000-1050
Username ......... ''
Password ......... ''
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none




 ===================================================== 
|    Enumerating Workgroup/Domain on 192.168.1.133    |
 ===================================================== 
[E] Can't find workgroup/domain

 ============================================= 
|    Nbtstat Information for 192.168.1.133    |
 ============================================= 
Looking up status of 192.168.1.133
         xp              <00> -         B <ACTIVE> Workstation Service
         WORKGROUP       <00> - <GROUP> B <ACTIVE> Domain/Workgroup Name


         MAC Address = 08=00-27-FB-0B-AA


 ====================================== 
|    Session Check on 192.168.1.133    |
 ====================================
Use of uninitialized value $global_workgroup in concatenation (.) or string at ./enum4linux.pl line 437.== 
[E] Server doesn't allow session using username '', password ''.  Aborting remainder of tests.


╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋
┃SMTP扫描                                                                                          ┃
┃nc -nc 1.1.1.1 25                                                                                 ┃
┃    VRFY root                                                                                     ┃
┃nmap smtp.163.com -p25 --script=script-enum-users.nse --script-args=smtp-enum-user.methods={VRFY} ┃
┃nmap smtp.163.com -p25 --script=script-open-relay.nse                                             ┃
┃smtp-user-enum -M VRFY -U users.txt -t 10.0.0.1                                                   ┃
┃./smtp.py
╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋


╭────────────────────────────────────────────╮
[smtp.py]
#!/usr/bin/python


import socket
import sys


if len(sys.argv)!=2"
  print "Usage: setp.py <username>"
  sys.exit(0)

s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=s.connect(('192.168.1.134',25))
banner=s.recv(1024)
print banner + 'aaaaaaaaaaaa'
s.send('RCPT ' + sys.argv[1] + '\r\n')
helo
result=s.recv(1024)
print result
s.close
╰────────────────────────────────────────────╯


root@kali:~# ./smtp.py zhangsan
root@kali:~# nc smtp.163.com 25
helo 163.com
VRFY zhangsan
AUTH

root@kali:~# 

该笔记为安全牛课堂学员笔记,想看此课程或者信息安全类干货可以移步到安全牛课堂


Security+认证为什么是互联网+时代最火爆的认证?


      牛妹先给大家介绍一下Security+

        Security+ 认证是一种中立第三方认证,其发证机构为美国计算机行业协会CompTIA ;是和CISSP、ITIL 等共同包含在内的国际 IT 业 10 大热门认证之一,和CISSP偏重信息安全管理相比,Security+ 认证更偏重信息安全技术和操作。

       通过该认证证明了您具备网络安全,合规性和操作安全,威胁和漏洞,应用程序、数据和主机安全,访问控制和身份管理以及加密技术等方面的能力。因其考试难度不易,含金量较高,目前已被全球企业和安全专业人士所普遍采纳。

Security+认证如此火爆的原因?

        

       原因一:在所有信息安全认证当中,偏重信息安全技术的认证是空白的, Security+认证正好可以弥补信息安全技术领域的空白 。

      目前行业内受认可的信息安全认证主要有CISP和CISSP,但是无论CISP还是CISSP都是偏重信息安全管理的,技术知识讲的宽泛且浅显,考试都是一带而过。而且CISSP要求持证人员的信息安全工作经验都要5年以上,CISP也要求大专学历4年以上工作经验,这些要求无疑把有能力且上进的年轻人的持证之路堵住。在现实社会中,无论是找工作还是升职加薪,或是投标时候报人员,认证都是必不可少的,这给年轻人带来了很多不公平。而Security+的出现可以扫清这些年轻人职业发展中的障碍,由于Security+偏重信息安全技术,所以对工作经验没有特别的要求。只要你有IT相关背景,追求进步就可以学习和考试。


       原因二: IT运维人员工作与翻身的利器。

       在银行、证券、保险、信息通讯等行业,IT运维人员非常多,IT运维涉及的工作面也非常广。是一个集网络、系统、安全、应用架构、存储为一体的综合性技术岗。虽然没有程序猿们“生当做光棍,死亦写代码”的悲壮,但也有着“锄禾日当午,不如运维苦“的感慨。天天对着电脑和机器,时间长了难免有对于职业发展的迷茫和困惑。Security+国际认证的出现可以让有追求的IT运维人员学习网络安全知识,掌握网络安全实践。职业发展朝着网络安全的方向发展,解决国内信息安全人才的匮乏问题。另外,即使不转型,要做好运维工作,学习安全知识取得安全认证也是必不可少的。


        原因三:接地气、国际范儿、考试方便、费用适中!

CompTIA作为全球ICT领域最具影响力的全球领先机构,在信息安全人才认证方面是专业、公平、公正的。Security+认证偏重操作且和一线工程师的日常工作息息相关。适合银行、证券、保险、互联网公司等IT相关人员学习。作为国际认证在全球147个国家受到广泛的认可。

        在目前的信息安全大潮之下,人才是信息安全发展的关键。而目前国内的信息安全人才是非常匮乏的,相信Security+认证一定会成为最火爆的信息安全认证。

 近期,安全牛课堂在做此类线上培训,感兴趣可以了解


解决反射型XSS漏洞攻击
weixin_30466953的博客
03-03 4710
对于程序员来说安全防御,无非从两个方面考虑,要么前端要么后台。 一、首先从前端考虑过滤一些非法字符。 前端的主控js中,在<textarea> 输入框标签中,找到点击发送按钮后,追加到聊天panel前 进行过滤Input输入内容 1 // 过滤XSS反射型漏洞 2 filterInputTxt: function (html) ...
安全牛学习笔记扫描漏洞
edu_aqniu的博客
10-29 548
searchsploit    搜索服务的漏洞利用程序 /usr/share/exploitdb/platforms  存放漏洞攻击代码 sandi-gui工具 主动扫描:黑盒探测 Agent扫描:收平台限制 Nmap工具 Cat 文件 | wc -l   计算行数 smb-v uln-ms10-061.nse,Stuxnet震网病毒蠕虫利用的4个漏洞之一
安全牛学习笔记】Kali Linux 安装-持久加密USB安装、熟悉环境、熟悉BASH命令
weixin_34159110的博客
09-06 1717
持久加密USB安装-1LUKS: linux UNified Key Setup 磁盘分区加密规范 不依赖于操作系统的磁盘级加密 Windows——DoxBox 后端:dm-crypt 前端:cryptsetup 微软的bitlocker将镜像刻录到U盘 dd if=kali-linux-1.1.0-amd64.iso of=/dev/sdb bs=1Mroot...
数据包注入重放工具aireplay-ng
12-04 407
数据包注入重放工具aireplay-ng aireplay-ng是aircrack-ng组件包的一个工具。它可以注入和重放数据帧,用于后期的WEP、WPA-PSK破解。它提供九种攻击模式,包括死亡...
反射型xss解决方法,增加过滤器,防止反射型 XSS攻击漏洞
wuli_qiyou的博客
01-17 4600
web.xml配置 <filter> <filter-name>XSSFilter</filter-name> <filter-class>com.xxx.filter.NewXssFilter</filter-class> </filter> <filter-mapping> <filter-name>XSSFilter</filter-name> <url
漏洞修复-反射型XSS【中危】
最新发布
weixin_46247049的博客
11-15 856
工作中渗透测试检测出,反射型XSS漏洞进行修复的记录。使用过滤器即可修复。
安全牛学习笔记】UDP端口扫描
edu_aqniu的博客
10-29 6076
ICMP port-unreachable python脚本:  #! /usr/bin/python import logging logging.getLogger("scapy.runtime").setLevel(logging.ERROR) from scapy.all import * import time import sys if
安全牛学习笔记】漏洞扫描
edu_aqniu的博客
10-19 580
一、安装 在官网下载home版nussus,然后直接dpkg -i  启动服务 /etc/init.d/nessusd start 前面不用加service  查看服务 nessus status 启动后有8834端口,登录后进入管理界面 nessus6的默认账号密码在安装时会出现 忘记密码可用'/opt/nessus/sbin/nessuscli' adduser
安全牛学习笔记】Kali Linux渗透测试方法
edu_aqniu的博客
11-09 2493
1.安全问题的根源 ①由于分层思想,导致每个层次的相关人员都只关心自己层次的工作,因此每个人认识系统都是片面的,而安全是全方位的,整体的,所以造成安全问题。 ②技术人员追求效率,导致只追求功能实现,而很容易忽略安全性的工作 ③由于人都是会犯错误的,因此最大的安全威胁是人,所以无法避免安全隐患,但可以降低安全风险 软件安全生命周期: 需求——>设计——>编码——>测试—
安全牛学习笔记】Openvas+Nessus
edu_aqniu的博客
07-06 3191
1.nmap弱点扫描400+扫描脚本 目录 /usr/share/nmap/scripts/script.db实例 nmap-p445--script=smb-enum-shares.nse--script-args=smbuser=admin,smbpassword=pass1.1.1.1 nmap-sU-sS--script=smb-check-vulns.nse--script-arg
sslh:应用协议多路复用器(例如,在同一端口上共享SSH和HTTPS)
02-20
sslh-ssl / ssh多路复用器 sslh接受指定端口上的连接,并根据对远程客户端发送的第一个数据包执行的测试进一步转发它们。 实现了针对HTTP,TLS / SSL(包括SNI和ALPN),SSH,OpenVPN,tinc,XMPP,SOCKS5的探针,并且可以识别可以使用正则表达式测试的任何其他协议。 一个典型的用例是允许在端口443上提供多种服务(例如,从公司防火墙内部连接到SSH,几乎从不阻止端口443),同时仍在该端口上提供HTTPS。 因此, sslh充当协议多路分解器或配电盘。 使用SNI和ALPN探针,它可以很好地成为托管在单个IP地址后面的虚拟主机场的前端。 sslh具有成熟的守护程序所sslh :特权和功能下降,inetd支持,systemd支持,透明代理,chroot,日志记录,IPv4和IPv6,基于fork和基于select的模型等等。 安装 请参考。
反射型XSS漏洞的条件+类型+危害+解决
gb4215287的博客
02-04 3582
XSS攻击需要具备两个条件:需要向web页面注入恶意代码;这些恶意代码能够被浏览器成功的执行。 XSS攻击有2种: 反射型攻击; 存储型攻击 XSS反射型攻击,恶意代码并没有保存在目标网站,通过引诱用户点击一个链接到目标网站的恶意链接来实施攻击的。 XSS存储型攻击,恶意代码被保存到目标网站的服务器中,这种攻击具有较强的稳定性和持久性,比较常见场景是在博客,论坛、OA、CRM等社交...
WPA攻击
qq_37759106的博客
02-26 703
WPA PSK攻击                       只有一种密码破解方法                  WPA不存在WEP的弱点            只能暴力破解                          CPU资源                           时间                              字典质量                ...
[ 笔 记 ] NETCAT传输文件/端口扫描/硬盘克隆
qq_40636259的博客
07-01 306
NC{ 传输文件/目录 A: nc -lp 333 > 1.mp4 B: nc -nv 1.1.1.1 333 < 1.mp4 -q 1 OR A: nc -q 1 -lp 333 < a.mp4 B: nc -nv 1.1.1.1 333 > 2.mp4 A: tar -cvf - [dir] | nc -lp 333 -q 1 B: nc -nv 1.1.1.1 333...
Aircrack-ng官方文档翻译[中英对照]---Aireplay-ng
平凡之路
02-11 5835
Aircrack-ng官方文档翻译---Aireplay-ng[90%] 本文由CSDN-蚍蜉撼青松【主页:http://blog.csdn.net/howeverpf】整理翻译,欢迎转载,但请务必注明出处!   Description【简介】   Aireplay-ng is used to inject frames.         Aireplay-ng 是一个用来(向网络中)...
解的思路、身份认证方法、密码破解方法、字典
分享学习网络的点点滴滴
09-05 264
目标系统实施了强安全措施安装了所有补丁无任何已知漏洞无应用层漏洞攻击面最小化社会工程学获取目标系统用户身份非授权用户不受信,认证用户可以访问守信资源已有用户账号权限受限,需要提权不会触发系统报警证明你是你声称你是那个人你知道什么(账号密码,pin,passphrase)你有什么(令牌、token、key、证书、密保、手机)你是谁(指纹、视网膜、虹膜、掌纹、声纹、面部识别)以上方法结合使用(多因素身份认证)基于互联网的身份验证仍以账号密码为主要形式人工猜解垃圾桶工程。
无线攻击 --aircrack-ng套件之一:Aireplay-NG(将数据包注入无线网络生成流量工具 / 解除认证DOS攻击,强制用户二次身份验证)
Kevin's Blog
03-05 5810
文章目录一、用法概述二、命令格式三、用法示例3.1 注入质量测试3.2 强制取消用户身份验证攻击3.3 虚假身份验证 一、用法概述   aireplay-ng是aircrack-ng的套件之一,用于注入无线帧,主要作用是产生流量,以便后续用aircrack-ng来对WPA-PSK进行破解,Aireplay-ng有许多攻击可以解除无线客户端的攻击,以捕获WPA握手数据,虚假身份认证,交互式数据包重放...
spring boot 2.x解决反射性xss
虫二
07-22 2107
spring boot 2.x解决反射性xss
Aircrack-ng之Aireplay-ng命令
热门推荐
HoukChen的博客
08-30 2万+
描述aireplay-ng是一个注入帧的工具。它的主要作用是产生数据流量,而这些随后将会被用于aircrack-ng破解WEP和WPA/WPA2秘钥。aireplay-ng里包含了很多种不同的攻击方式用来获取WPA握手包。如:解除认证攻击(-0)、伪造认证攻击(-1)、交互式数据包重放攻击(-2)、手动ARP请求注入攻击(-3)、ARP请求重放注入攻击(-4)。而且,通过与packetforge-n
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值