51进阶-信息搜集原理与实践2-20220615

最新推荐文章于 2024-04-17 13:36:49 发布
最新推荐文章于 2024-04-17 13:36:49 发布
阅读量766 收藏
点赞数
分类专栏: 网络安全进阶 文章标签: linux 网络 ssh
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/m0_47210241/article/details/125306222
版权

在这里插入图片描述

1/问答题

0.环境准备:

1)安装OWASP环境

安装成功:

2)安装kali

  1. 使用 nmap 扫描 owaspbwa 靶场

nmap -A 172.16.38.0/24

扫描C段,发现主机

``-A:详细扫描目标IP,加载所有脚本,尽可能地全面地探测信息

┌──(kwkl㉿kwkl)-[~]
└─$ nmap -A 172.16.38.0/24                                                                                                                                                            130 ⨯
Starting Nmap 7.91 ( https://nmap.org ) at 2022-06-14 00:00 HKT
Nmap scan report for aronlab-X99-TF (172.16.38.1)
Host is up (0.00066s latency).
Not shown: 994 closed ports
PORT     STATE SERVICE         VERSION
22/tcp   open  ssh             OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 40:7c:c9:d0:1e:e1:1b:92:93:10:aa:b8:39:a3:3c:96 (RSA)
|   256 4c:f4:55:04:10:08:0f:0e:9f:b1:56:26:81:14:32:b7 (ECDSA)
|_  256 cd:0b:3c:c9:ff:b7:74:71:f5:69:5c:dd:a0:31:ee:c4 (ED25519)
139/tcp  open  netbios-ssn     Samba smbd 4.6.2
445/tcp  open  netbios-ssn     Samba smbd 4.6.2
902/tcp  open  ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
3389/tcp open  ms-wbt-server   xrdp
5900/tcp open  vnc             RealVNC Enterprise 5.3 or later (protocol 5.0)
| vnc-info: 
|   Protocol version: 005.000
|   Security types: 
|     Unknown security type (13)
|     Unknown security type (133)
|     RA2 (5)
|     Unknown security type (129)
|_    Unknown security type (192)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host script results:
|_nbstat: NetBIOS name: ARONLAB-X99-TF, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
| smb2-security-mode: 
|   2.02: 
|_    Message signing enabled but not required
| smb2-time: 
|   date: 2022-06-13T16:00:42
|_  start_date: N/A

Nmap scan report for 172.16.38.2
Host is up (0.0013s latency).
All 1000 scanned ports on 172.16.38.2 are closed

Nmap scan report for 172.16.38.130
Host is up (0.0033s latency).
Not shown: 991 closed ports
PORT     STATE SERVICE     VERSION
22/tcp   open  ssh         OpenSSH 5.3p1 Debian 3ubuntu4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   1024 ea:83:1e:45:5a:a6:8c:43:1c:3c:e3:18:dd:fc:88:a5 (DSA)
|_  2048 3a:94:d8:3f:e0:a2:7a:b8:c3:94:d7:5e:00:55:0c:a7 (RSA)
80/tcp   open  http        Apache httpd 2.2.14 ((Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.30 with Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.5 mod_ssl/2.2.14 OpenSSL...)
| http-methods: 
|_  Potentially risky methods: TRACE
|_http-server-header: Apache/2.2.14 (Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.30 with Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.5 mod_ssl/2.2.14 OpenSSL/0.9.8k Phusion_Passenger/4.0.38 mod_perl/2.0.4 Perl/v5.10.1
|_http-title: owaspbwa OWASP Broken Web Applications
139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
143/tcp  open  imap        Courier Imapd (released 2008)
|_imap-capabilities: THREAD=REFERENCES ACL IMAP4rev1 THREAD=ORDEREDSUBJECT completed SORT OK CAPABILITY ACL2=UNIONA0001 UIDPLUS IDLE QUOTA NAMESPACE CHILDREN
443/tcp  open  ssl/http    Apache httpd 2.2.14 ((Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.30 with Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.5 mod_ssl/2.2.14 OpenSSL...)
| http-methods: 
|_  Potentially risky methods: TRACE
|_http-server-header: Apache/2.2.14 (Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.30 with Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.5 mod_ssl/2.2.14 OpenSSL/0.9.8k Phusion_Passenger/4.0.38 mod_perl/2.0.4 Perl/v5.10.1
|_http-title: owaspbwa OWASP Broken Web Applications
| ssl-cert: Subject: commonName=owaspbwa
| Not valid before: 2013-01-02T21:12:38
|_Not valid after:  2022-12-31T21:12:38
|_ssl-date: 2022-06-13T16:00:47+00:00; 0s from scanner time.
445/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
5001/tcp open  java-object Java Object Serialization
8080/tcp open  http        Apache Tomcat/Coyote JSP engine 1.1
|_http-server-header: Apache-Coyote/1.1
|_http-title: Site doesn't have a title.
8081/tcp open  http        Jetty 6.1.25
| http-methods: 
|_  Potentially risky methods: TRACE
|_http-server-header: Jetty(6.1.25)
|_http-title: Choose Your Path
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port5001-TCP:V=7.91%I=7%D=6/14%Time=62A75F23%P=x86_64-pc-linux-gnu%r(NU
SF:LL,4,"\xac\xed\0\x05");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host script results:
|_nbstat: NetBIOS name: OWASPBWA, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
| smb-security-mode: 
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
|_smb2-time: Protocol negotiation failed (SMB2)

Nmap scan report for 172.16.38.131
Host is up (0.00040s latency).
All 1000 scanned ports on 172.16.38.131 are closed

Post-scan script results:
| clock-skew: 
|   0s: 
|     172.16.38.130
|_    172.16.38.1 (aronlab-X99-TF)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 256 IP addresses (4 hosts up) scanned in 27.15 seconds``




─$ nmap -A 172.16.38.130
Starting Nmap 7.91 ( https://nmap.org ) at 2022-06-15 20:30 HKT
Nmap scan report for 172.16.38.130
Host is up (0.0022s latency).
Not shown: 991 closed ports
PORT     STATE SERVICE     VERSION
22/tcp   open  ssh         OpenSSH 5.3p1 Debian 3ubuntu4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   1024 ea:83:1e:45:5a:a6:8c:43:1c:3c:e3:18:dd:fc:88:a5 (DSA)
|_  2048 3a:94:d8:3f:e0:a2:7a:b8:c3:94:d7:5e:00:55:0c:a7 (RSA)
80/tcp   open  http        Apache httpd 2.2.14 ((Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.30 with Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.5 mod_ssl/2.2.14 OpenSSL...)
| http-methods: 
|_  Potentially risky methods: TRACE
|_http-server-header: Apache/2.2.14 (Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.30 with Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.5 mod_ssl/2.2.14 OpenSSL/0.9.8k Phusion_Passenger/4.0.38 mod_perl/2.0.4 Perl/v5.10.1
|_http-title: owaspbwa OWASP Broken Web Applications
139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
143/tcp  open  imap        Courier Imapd (released 2008)
|_imap-capabilities: CHILDREN QUOTA THREAD=ORDEREDSUBJECT IMAP4rev1 SORT UIDPLUS ACL THREAD=REFERENCES ACL2=UNIONA0001 OK CAPABILITY IDLE completed NAMESPACE
443/tcp  open  ssl/http    Apache httpd 2.2.14 ((Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.30 with Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.5 mod_ssl/2.2.14 OpenSSL...)
| http-methods: 
|_  Potentially risky methods: TRACE
|_http-server-header: Apache/2.2.14 (Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.30 with Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.5 mod_ssl/2.2.14 OpenSSL/0.9.8k Phusion_Passenger/4.0.38 mod_perl/2.0.4 Perl/v5.10.1
|_http-title: owaspbwa OWASP Broken Web Applications
| ssl-cert: Subject: commonName=owaspbwa
| Not valid before: 2013-01-02T21:12:38
|_Not valid after:  2022-12-31T21:12:38
|_ssl-date: 2022-06-15T12:30:41+00:00; -3s from scanner time.
445/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
5001/tcp open  java-object Java Object Serialization
8080/tcp open  http        Apache Tomcat/Coyote JSP engine 1.1
|_http-server-header: Apache-Coyote/1.1
|_http-title: Site doesn't have a title.
8081/tcp open  http        Jetty 6.1.25
| http-methods: 
|_  Potentially risky methods: TRACE
|_http-server-header: Jetty(6.1.25)
|_http-title: Choose Your Path
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port5001-TCP:V=7.91%I=7%D=6/15%Time=62A9D0E8%P=x86_64-pc-linux-gnu%r(NU
SF:LL,4,"\xac\xed\0\x05");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Host script results:
|_clock-skew: mean: -2s, deviation: 0s, median: -3s
|_nbstat: NetBIOS name: OWASPBWA, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
| smb-security-mode: 
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
|_smb2-time: Protocol negotiation failed (SMB2)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 18.44 seconds

使用nmap -A 命令

  1. 找出主机开放的端口
┌──(kwkl㉿kwkl)-[~]
└─$ nmap -p- 172.16.38.130
Starting Nmap 7.91 ( https://nmap.org ) at 2022-06-15 20:37 HKT
Nmap scan report for 172.16.38.130
Host is up (0.00068s latency).
Not shown: 65526 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
139/tcp  open  netbios-ssn
143/tcp  open  imap
443/tcp  open  https
445/tcp  open  microsoft-ds
5001/tcp open  commplex-link
8080/tcp open  http-proxy
8081/tcp open  blackice-icecap

Nmap done: 1 IP address (1 host up) scanned in 3.84 seconds

-p-:扫描全部端口

开放端口有:

22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
5001/tcp open commplex-link
8080/tcp open http-proxy
8081/tcp open blackice-icecap

找出开放大端口情况

  1. 根据端口扫描特定服务(如 mysql 或 apache 等)

nmap -sV [host]

其中,-sV表示实施服务版本探测。

┌──(kwkl㉿kwkl)-[~]
└─$ nmap -p- -sV 172.16.38.130
Starting Nmap 7.91 ( https://nmap.org ) at 2022-06-15 20:46 HKT
Nmap scan report for 172.16.38.130
Host is up (0.0019s latency).
Not shown: 65526 closed ports
PORT     STATE SERVICE     VERSION
22/tcp   open  ssh         OpenSSH 5.3p1 Debian 3ubuntu4 (Ubuntu Linux; protocol 2.0)
80/tcp   open  http        Apache httpd 2.2.14 ((Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.30 with Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.5 mod_ssl/2.2.14 OpenSSL...)
139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
143/tcp  open  imap        Courier Imapd (released 2008)
443/tcp  open  ssl/http    Apache httpd 2.2.14 ((Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.30 with Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.5 mod_ssl/2.2.14 OpenSSL...)
445/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
5001/tcp open  java-object Java Object Serialization
8080/tcp open  http        Apache Tomcat/Coyote JSP engine 1.1
8081/tcp open  http        Jetty 6.1.25
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port5001-TCP:V=7.91%I=7%D=6/15%Time=62A9D494%P=x86_64-pc-linux-gnu%r(NU
SF:LL,4,"\xac\xed\0\x05");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.39 seconds

查看服务情况

  1. 在 nmap 的 script 中找到与服务有关的任一脚本
寻找脚本
┌──(kwkl㉿kwkl)-[~]
└─$ ls /usr/share/nmap/scripts
acarsd-info.nse                       fcrdns.nse                              https-redirect.nse               ms-sql-info.nse                 smb-os-discovery.nse
address-info.nse                      finger.nse                              http-stored-xss.nse              ms-sql-ntlm-info.nse            smb-print-text.nse
afp-brute.nse                         fingerprint-strings.nse                 http-svn-enum.nse                ms-sql-query.nse                smb-protocols.nse
afp-ls.nse                            firewalk.nse                            http-svn-info.nse                ms-sql-tables.nse               smb-psexec.nse
afp-path-vuln.nse                     firewall-bypass.nse                     http-title.nse                   ms-sql-xp-cmdshell.nse          smb-security-mode.nse
afp-serverinfo.nse                    flume-master-info.nse                   http-tplink-dir-traversal.nse    mtrace.nse                      smb-server-stats.nse
afp-showmount.nse                     fox-info.nse                            http-trace.nse                   murmur-version.nse              smb-system-info.nse
ajp-auth.nse                          freelancer-info.nse                     http-traceroute.nse              mysql-audit.nse                 smb-vuln-conficker.nse
ajp-brute.nse                         ftp-anon.nse                            http-trane-info.nse              mysql-brute.nse                 smb-vuln-cve2009-3103.nse
ajp-headers.nse                       ftp-bounce.nse                          http-unsafe-output-escaping.nse  mysql-databases.nse             smb-vuln-cve-2017-7494.nse
ajp-methods.nse                       ftp-brute.nse                           http-useragent-tester.nse        mysql-dump-hashes.nse           smb-vuln-ms06-025.nse
ajp-request.nse                       ftp-libopie.nse                         http-userdir-enum.nse            mysql-empty-password.nse        smb-vuln-ms07-029.nse
allseeingeye-info.nse                 ftp-proftpd-backdoor.nse                http-vhosts.nse                  mysql-enum.nse                  smb-vuln-ms08-067.nse
amqp-info.nse                         ftp-syst.nse                            http-virustotal.nse              mysql-info.nse                  smb-vuln-ms10-054.nse
asn-query.nse                         ftp-vsftpd-backdoor.nse                 http-vlcstreamer-ls.nse          mysql-query.nse                 smb-vuln-ms10-061.nse
auth-owners.nse                       ftp-vuln-cve2010-4221.nse               http-vmware-path-vuln.nse        mysql-users.nse                 smb-vuln-ms17-010.nse
auth-spoof.nse                        ganglia-info.nse                        http-vuln-cve2006-3392.nse       mysql-variables.nse             smb-vuln-regsvc-dos.nse
backorifice-brute.nse                 giop-info.nse                           http-vuln-cve2009-3960.nse       mysql-vuln-cve2012-2122.nse     smb-vuln-webexec.nse
backorifice-info.nse                  gkrellm-info.nse                        http-vuln-cve2010-0738.nse       nat-pmp-info.nse                smb-webexec-exploit.nse
bacnet-info.nse                       gopher-ls.nse                           http-vuln-cve2010-2861.nse       nat-pmp-mapport.nse             smtp-brute.nse
banner.nse                            gpsd-info.nse                           http-vuln-cve2011-3192.nse       nbd-info.nse                    smtp-commands.nse
bitcoin-getaddr.nse                   hadoop-datanode-info.nse                http-vuln-cve2011-3368.nse       nbstat.nse                      smtp-enum-users.nse
bitcoin-info.nse                      hadoop-jobtracker-info.nse              http-vuln-cve2012-1823.nse       ncp-enum-users.nse              smtp-ntlm-info.nse
bitcoinrpc-info.nse                   hadoop-namenode-info.nse                http-vuln-cve2013-0156.nse       ncp-serverinfo.nse              smtp-open-relay.nse
bittorrent-discovery.nse              hadoop-secondary-namenode-info.nse      http-vuln-cve2013-6786.nse       ndmp-fs-info.nse                smtp-strangeport.nse
bjnp-discover.nse                     hadoop-tasktracker-info.nse             http-vuln-cve2013-7091.nse       ndmp-version.nse                smtp-vuln-cve2010-4344.nse
broadcast-ataoe-discover.nse          hbase-master-info.nse                   http-vuln-cve2014-2126.nse       nessus-brute.nse                smtp-vuln-cve2011-1720.nse
broadcast-avahi-dos.nse               hbase-region-info.nse                   http-vuln-cve2014-2127.nse       nessus-xmlrpc-brute.nse         smtp-vuln-cve2011-1764.nse
broadcast-bjnp-discover.nse           hddtemp-info.nse                        http-vuln-cve2014-2128.nse       netbus-auth-bypass.nse          sniffer-detect.nse
broadcast-db2-discover.nse            hnap-info.nse                           http-vuln-cve2014-2129.nse       netbus-brute.nse                snmp-brute.nse
broadcast-dhcp6-discover.nse          hostmap-bfk.nse                         http-vuln-cve2014-3704.nse       netbus-info.nse                 snmp-hh3c-logins.nse
broadcast-dhcp-discover.nse           hostmap-crtsh.nse                       http-vuln-cve2014-8877.nse       netbus-version.nse              snmp-info.nse
broadcast-dns-service-discovery.nse   hostmap-robtex.nse                      http-vuln-cve2015-1427.nse       nexpose-brute.nse               snmp-interfaces.nse
broadcast-dropbox-listener.nse        http-adobe-coldfusion-apsa1301.nse      http-vuln-cve2015-1635.nse       nfs-ls.nse                      snmp-ios-config.nse
broadcast-eigrp-discovery.nse         http-affiliate-id.nse                   http-vuln-cve2017-1001000.nse    nfs-showmount.nse               snmp-netstat.nse
broadcast-hid-discoveryd.nse          http-apache-negotiation.nse             http-vuln-cve2017-5638.nse       nfs-statfs.nse                  snmp-processes.nse
broadcast-igmp-discovery.nse          http-apache-server-status.nse           http-vuln-cve2017-5689.nse       nje-node-brute.nse              snmp-sysdescr.nse
broadcast-jenkins-discover.nse        http-aspnet-debug.nse                   http-vuln-cve2017-8917.nse       nje-pass-brute.nse              snmp-win32-services.nse
broadcast-listener.nse                http-auth-finder.nse                    http-vuln-misfortune-cookie.nse  nntp-ntlm-info.nse              snmp-win32-shares.nse
broadcast-ms-sql-discover.nse         http-auth.nse                           http-vuln-wnr1000-creds.nse      nping-brute.nse                 snmp-win32-software.nse
broadcast-netbios-master-browser.nse  http-avaya-ipoffice-users.nse           http-waf-detect.nse              nrpe-enum.nse                   snmp-win32-users.nse
broadcast-networker-discover.nse      http-awstatstotals-exec.nse             http-waf-fingerprint.nse         ntp-info.nse                    socks-auth-info.nse
broadcast-novell-locate.nse           http-axis2-dir-traversal.nse            http-webdav-scan.nse             ntp-monlist.nse                 socks-brute.nse
broadcast-ospf2-discover.nse          http-backup-finder.nse                  http-wordpress-brute.nse         omp2-brute.nse                  socks-open-proxy.nse
broadcast-pc-anywhere.nse             http-barracuda-dir-traversal.nse        http-wordpress-enum.nse          omp2-enum-targets.nse           ssh2-enum-algos.nse
broadcast-pc-duo.nse                  http-bigip-cookie.nse                   http-wordpress-users.nse         omron-info.nse                  ssh-auth-methods.nse
broadcast-pim-discovery.nse           http-brute.nse                          http-xssed.nse                   openlookup-info.nse             ssh-brute.nse
broadcast-ping.nse                    http-cakephp-version.nse                iax2-brute.nse                   openvas-otp-brute.nse           ssh-hostkey.nse
broadcast-pppoe-discover.nse          http-chrono.nse                         iax2-version.nse                 openwebnet-discovery.nse        ssh-publickey-acceptance.nse
broadcast-rip-discover.nse            http-cisco-anyconnect.nse               icap-info.nse                    oracle-brute.nse                ssh-run.nse
broadcast-ripng-discover.nse          http-coldfusion-subzero.nse             iec-identify.nse                 oracle-brute-stealth.nse        sshv1.nse
broadcast-sonicwall-discover.nse      http-comments-displayer.nse             ike-version.nse                  oracle-enum-users.nse           ssl-ccs-injection.nse
broadcast-sybase-asa-discover.nse     http-config-backup.nse                  imap-brute.nse                   oracle-sid-brute.nse            ssl-cert-intaddr.nse
broadcast-tellstick-discover.nse      http-cookie-flags.nse                   imap-capabilities.nse            oracle-tns-version.nse          ssl-cert.nse
broadcast-upnp-info.nse               http-cors.nse                           imap-ntlm-info.nse               ovs-agent-version.nse           ssl-date.nse
broadcast-versant-locate.nse          http-cross-domain-policy.nse            impress-remote-discover.nse      p2p-conficker.nse               ssl-dh-params.nse
broadcast-wake-on-lan.nse             http-csrf.nse                           informix-brute.nse               path-mtu.nse                    ssl-enum-ciphers.nse
broadcast-wpad-discover.nse           http-date.nse                           informix-query.nse               pcanywhere-brute.nse            ssl-heartbleed.nse
broadcast-wsdd-discover.nse           http-default-accounts.nse               informix-tables.nse              pcworx-info.nse                 ssl-known-key.nse
broadcast-xdmcp-discover.nse          http-devframework.nse                   ip-forwarding.nse                pgsql-brute.nse                 ssl-poodle.nse
cassandra-brute.nse                   http-dlink-backdoor.nse                 ip-geolocation-geoplugin.nse     pjl-ready-message.nse           sslv2-drown.nse
cassandra-info.nse                    http-dombased-xss.nse                   ip-geolocation-ipinfodb.nse      pop3-brute.nse                  sslv2.nse
cccam-version.nse                     http-domino-enum-passwords.nse          ip-geolocation-map-bing.nse      pop3-capabilities.nse           sstp-discover.nse
cics-enum.nse                         http-drupal-enum.nse                    ip-geolocation-map-google.nse    pop3-ntlm-info.nse              stun-info.nse
cics-info.nse                         http-drupal-enum-users.nse              ip-geolocation-map-kml.nse       pptp-version.nse                stun-version.nse
cics-user-brute.nse                   http-enum.nse                           ip-geolocation-maxmind.nse       puppet-naivesigning.nse         stuxnet-detect.nse
cics-user-enum.nse                    http-errors.nse                         ip-https-discover.nse            qconn-exec.nse                  supermicro-ipmi-conf.nse
citrix-brute-xml.nse                  http-exif-spider.nse                    ipidseq.nse                      qscan.nse                       svn-brute.nse
citrix-enum-apps.nse                  http-favicon.nse                        ipmi-brute.nse                   quake1-info.nse                 targets-asn.nse
citrix-enum-apps-xml.nse              http-feed.nse                           ipmi-cipher-zero.nse             quake3-info.nse                 targets-ipv6-map4to6.nse
citrix-enum-servers.nse               http-fetch.nse                          ipmi-version.nse                 quake3-master-getservers.nse    targets-ipv6-multicast-echo.nse
citrix-enum-servers-xml.nse           http-fileupload-exploiter.nse           ipv6-multicast-mld-list.nse      rdp-enum-encryption.nse         targets-ipv6-multicast-invalid-dst.nse
clamav-exec.nse                       http-form-brute.nse                     ipv6-node-info.nse               rdp-ntlm-info.nse               targets-ipv6-multicast-mld.nse
clock-skew.nse                        http-form-fuzzer.nse                    ipv6-ra-flood.nse                rdp-vuln-ms12-020.nse           targets-ipv6-multicast-slaac.nse
coap-resources.nse                    http-frontpage-login.nse                irc-botnet-channels.nse          realvnc-auth-bypass.nse         targets-ipv6-wordlist.nse
couchdb-databases.nse                 http-generator.nse                      irc-brute.nse                    redis-brute.nse                 targets-sniffer.nse
couchdb-stats.nse                     http-git.nse                            irc-info.nse                     redis-info.nse                  targets-traceroute.nse
creds-summary.nse                     http-gitweb-projects-enum.nse           irc-sasl-brute.nse               resolveall.nse                  targets-xml.nse
cups-info.nse                         http-google-malware.nse                 irc-unrealircd-backdoor.nse      reverse-index.nse               teamspeak2-version.nse
cups-queue-info.nse                   http-grep.nse                           iscsi-brute.nse                  rexec-brute.nse                 telnet-brute.nse
cvs-brute.nse                         http-headers.nse                        iscsi-info.nse                   rfc868-time.nse                 telnet-encryption.nse
cvs-brute-repository.nse              http-hp-ilo-info.nse                    isns-info.nse                    riak-http-info.nse              telnet-ntlm-info.nse
daap-get-library.nse                  http-huawei-hg5xx-vuln.nse              jdwp-exec.nse                    rlogin-brute.nse                tftp-enum.nse
daytime.nse                           http-icloud-findmyiphone.nse            jdwp-info.nse                    rmi-dumpregistry.nse            tls-alpn.nse
db2-das-info.nse                      http-icloud-sendmsg.nse                 jdwp-inject.nse                  rmi-vuln-classloader.nse        tls-nextprotoneg.nse
deluge-rpc-brute.nse                  http-iis-short-name-brute.nse           jdwp-version.nse                 rpcap-brute.nse                 tls-ticketbleed.nse
dhcp-discover.nse                     http-iis-webdav-vuln.nse                knx-gateway-discover.nse         rpcap-info.nse                  tn3270-screen.nse
dicom-brute.nse                       http-internal-ip-disclosure.nse         knx-gateway-info.nse             rpc-grind.nse                   tor-consensus-checker.nse
dicom-ping.nse                        http-joomla-brute.nse                   krb5-enum-users.nse              rpcinfo.nse                     traceroute-geolocation.nse
dict-info.nse                         http-jsonp-detection.nse                ldap-brute.nse                   rsa-vuln-roca.nse               tso-brute.nse
distcc-cve2004-2687.nse               http-litespeed-sourcecode-download.nse  ldap-novell-getpass.nse          rsync-brute.nse                 tso-enum.nse
dns-blacklist.nse                     http-ls.nse                             ldap-rootdse.nse                 rsync-list-modules.nse          ubiquiti-discovery.nse
dns-brute.nse                         http-majordomo2-dir-traversal.nse       ldap-search.nse                  rtsp-methods.nse                unittest.nse
dns-cache-snoop.nse                   http-malware-host.nse                   lexmark-config.nse               rtsp-url-brute.nse              unusual-port.nse
dns-check-zone.nse                    http-mcmp.nse                           llmnr-resolve.nse                rusers.nse                      upnp-info.nse
dns-client-subnet-scan.nse            http-methods.nse                        lltd-discovery.nse               s7-info.nse                     uptime-agent-info.nse
dns-fuzz.nse                          http-method-tamper.nse                  lu-enum.nse                      samba-vuln-cve-2012-1182.nse    url-snarf.nse
dns-ip6-arpa-scan.nse                 http-mobileversion-checker.nse          maxdb-info.nse                   script.db                       ventrilo-info.nse
dns-nsec3-enum.nse                    http-ntlm-info.nse                      mcafee-epo-agent.nse             servicetags.nse                 versant-info.nse
dns-nsec-enum.nse                     http-open-proxy.nse                     membase-brute.nse                shodan-api.nse                  vmauthd-brute.nse
dns-nsid.nse                          http-open-redirect.nse                  membase-http-info.nse            sip-brute.nse                   vmware-version.nse
dns-random-srcport.nse                http-passwd.nse                         memcached-info.nse               sip-call-spoof.nse              vnc-brute.nse
dns-random-txid.nse                   http-phpmyadmin-dir-traversal.nse       metasploit-info.nse              sip-enum-users.nse              vnc-info.nse
dns-recursion.nse                     http-phpself-xss.nse                    metasploit-msgrpc-brute.nse      sip-methods.nse                 vnc-title.nse
dns-service-discovery.nse             http-php-version.nse                    metasploit-xmlrpc-brute.nse      skypev2-version.nse             voldemort-info.nse
dns-srv-enum.nse                      http-proxy-brute.nse                    mikrotik-routeros-brute.nse      smb2-capabilities.nse           vtam-enum.nse
dns-update.nse                        http-put.nse                            mmouse-brute.nse                 smb2-security-mode.nse          vulners.nse
dns-zeustracker.nse                   http-qnap-nas-info.nse                  mmouse-exec.nse                  smb2-time.nse                   vuze-dht-info.nse
dns-zone-transfer.nse                 http-referer-checker.nse                modbus-discover.nse              smb2-vuln-uptime.nse            wdb-version.nse
docker-version.nse                    http-rfi-spider.nse                     mongodb-brute.nse                smb-brute.nse                   weblogic-t3-info.nse
domcon-brute.nse                      http-robots.txt.nse                     mongodb-databases.nse            smb-double-pulsar-backdoor.nse  whois-domain.nse
domcon-cmd.nse                        http-robtex-reverse-ip.nse              mongodb-info.nse                 smb-enum-domains.nse            whois-ip.nse
domino-enum-users.nse                 http-robtex-shared-ns.nse               mqtt-subscribe.nse               smb-enum-groups.nse             wsdd-discover.nse
dpap-brute.nse                        http-sap-netweaver-leak.nse             mrinfo.nse                       smb-enum-processes.nse          x11-access.nse
drda-brute.nse                        http-security-headers.nse               msrpc-enum.nse                   smb-enum-services.nse           xdmcp-discover.nse
drda-info.nse                         http-server-header.nse                  ms-sql-brute.nse                 smb-enum-sessions.nse           xmlrpc-methods.nse
duplicates.nse                        http-shellshock.nse                     ms-sql-config.nse                smb-enum-shares.nse             xmpp-brute.nse
eap-info.nse                          http-sitemap-generator.nse              ms-sql-dac.nse                   smb-enum-users.nse              xmpp-info.nse
enip-info.nse                         http-slowloris-check.nse                ms-sql-dump-hashes.nse           smb-flood.nse
epmd-info.nse                         http-slowloris.nse                      ms-sql-empty-password.nse        smb-ls.nse
eppc-enum-processes.nse               http-sql-injection.nse                  ms-sql-hasdbaccess.nse           smb-mbenum.nse

寻找apache相关的脚本
                            
┌──(kwkl㉿kwkl)-[~]
└─$ ls /usr/share/nmap/scripts | grep apache
http-apache-negotiation.nse
http-apache-server-status.nse

samba服务相关脚本
└─$ ls /usr/share/nmap/scripts | grep samba                  
samba-vuln-cve-2012-1182.nse

┌──(kwkl㉿kwkl)-[/usr/share/nmap/scripts]
└─$ ls /usr/share/nmap/scripts | grep smb-vuln
smb-vuln-conficker.nse
smb-vuln-cve2009-3103.nse
smb-vuln-cve-2017-7494.nse
smb-vuln-ms06-025.nse
smb-vuln-ms07-029.nse
smb-vuln-ms08-067.nse
smb-vuln-ms10-054.nse
smb-vuln-ms10-061.nse
smb-vuln-ms17-010.nse
smb-vuln-regsvc-dos.nse
smb-vuln-webexec.nse

查找http服务相关脚本
┌──(kwkl㉿kwkl)-[/usr/share/nmap/scripts]
└─$ ls /usr/share/nmap/scripts | grep http-vuln
http-vuln-cve2006-3392.nse
http-vuln-cve2009-3960.nse
http-vuln-cve2010-0738.nse
http-vuln-cve2010-2861.nse
http-vuln-cve2011-3192.nse
http-vuln-cve2011-3368.nse
http-vuln-cve2012-1823.nse
http-vuln-cve2013-0156.nse
http-vuln-cve2013-6786.nse
http-vuln-cve2013-7091.nse
http-vuln-cve2014-2126.nse
http-vuln-cve2014-2127.nse
http-vuln-cve2014-2128.nse
http-vuln-cve2014-2129.nse
http-vuln-cve2014-3704.nse
http-vuln-cve2014-8877.nse
http-vuln-cve2015-1427.nse
http-vuln-cve2015-1635.nse
http-vuln-cve2017-1001000.nse
http-vuln-cve2017-5638.nse
http-vuln-cve2017-5689.nse
http-vuln-cve2017-8917.nse
http-vuln-misfortune-cookie.nse
http-vuln-wnr1000-creds.nse

mysql服务相关的脚本

┌──(kwkl㉿kwkl)-[/usr/share/nmap/scripts]
└─$ ls /usr/share/nmap/scripts | grep mysql    
mysql-audit.nse
mysql-brute.nse
mysql-databases.nse
mysql-dump-hashes.nse
mysql-empty-password.nse
mysql-enum.nse
mysql-info.nse
mysql-query.nse
mysql-users.nse
mysql-variables.nse
mysql-vuln-cve2012-2122.nse

使用grep命令查询脚本

  1. 使用对应的脚本对指定服务进行扫描
利用apache相关脚本探测
┌──(kwkl㉿kwkl)-[/usr/share/nmap/scripts]
└─$ nmap --script http-apache-negotiation.nse 172.16.38.130
Starting Nmap 7.91 ( https://nmap.org ) at 2022-06-15 20:54 HKT
Nmap scan report for 172.16.38.130
Host is up (0.0025s latency).
Not shown: 991 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
|_http-apache-negotiation: mod_negotiation enabled.
139/tcp  open  netbios-ssn
143/tcp  open  imap
443/tcp  open  https
|_http-apache-negotiation: mod_negotiation enabled.
445/tcp  open  microsoft-ds
5001/tcp open  commplex-link
8080/tcp open  http-proxy
8081/tcp open  blackice-icecap

Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds
                                                                                                                                                                                            
┌──(kwkl㉿kwkl)-[/usr/share/nmap/scripts]
└─$ nmap --script http-apache-server-status.nse 172.16.38.130
Starting Nmap 7.91 ( https://nmap.org ) at 2022-06-15 20:54 HKT
Nmap scan report for 172.16.38.130
Host is up (0.0018s latency).
Not shown: 991 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
139/tcp  open  netbios-ssn
143/tcp  open  imap
443/tcp  open  https
445/tcp  open  microsoft-ds
5001/tcp open  commplex-link
8080/tcp open  http-proxy
8081/tcp open  blackice-icecap

Nmap done: 1 IP address (1 host up) scanned in 5.72 seconds
                                                                                                                                                                                            
┌──(kwkl㉿kwkl)-[/usr/share/nmap/scripts]
└─$ 

samba脚本扫描失败
┌──(kwkl㉿kwkl)-[/usr/share/nmap/scripts]
└─$ nmap --script samba-vuln-cve-2012-1182.nse 172.16.38.130
Starting Nmap 7.91 ( https://nmap.org ) at 2022-06-15 20:59 HKT
Nmap scan report for 172.16.38.130
Host is up (0.0013s latency).
Not shown: 991 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
139/tcp  open  netbios-ssn
143/tcp  open  imap
443/tcp  open  https
445/tcp  open  microsoft-ds
5001/tcp open  commplex-link
8080/tcp open  http-proxy
8081/tcp open  blackice-icecap

Host script results:
|_samba-vuln-cve-2012-1182: Could not negotiate a connection:SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [14]


多个smb漏洞脚本扫描:

┌──(kwkl㉿kwkl)-[/usr/share/nmap/scripts]
└─$ nmap --script smb-vuln-* 172.16.38.130
Starting Nmap 7.91 ( https://nmap.org ) at 2022-06-15 21:02 HKT
Failed to resolve "smb-vuln-cve2009-3103.nse".
Failed to resolve "smb-vuln-cve-2017-7494.nse".
Failed to resolve "smb-vuln-ms06-025.nse".
Failed to resolve "smb-vuln-ms07-029.nse".
Failed to resolve "smb-vuln-ms08-067.nse".
Failed to resolve "smb-vuln-ms10-054.nse".
Failed to resolve "smb-vuln-ms10-061.nse".
Failed to resolve "smb-vuln-ms17-010.nse".
Failed to resolve "smb-vuln-regsvc-dos.nse".
Failed to resolve "smb-vuln-webexec.nse".
Nmap scan report for 172.16.38.130
Host is up (0.0016s latency).
Not shown: 991 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
139/tcp  open  netbios-ssn
143/tcp  open  imap
443/tcp  open  https
445/tcp  open  microsoft-ds
5001/tcp open  commplex-link
8080/tcp open  http-proxy
8081/tcp open  blackice-icecap

Nmap done: 1 IP address (1 host up) scanned in 112.66 seconds
                                                                      
 脚本扫描注入漏洞                                                                     
┌──(kwkl㉿kwkl)-[~]
└─$ nmap --script /usr/share/nmap/scripts/http-sql-injection.nse 172.16.38.130
Starting Nmap 7.91 ( https://nmap.org ) at 2022-06-15 21:52 HKT
Nmap scan report for 172.16.38.130
Host is up (0.00061s latency).
Not shown: 991 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
139/tcp  open  netbios-ssn
143/tcp  open  imap
443/tcp  open  https
| http-sql-injection: 
|   Possible sqli for queries:
|     https://172.16.38.130:443/ESAPI-Java-SwingSet-Interactive/main?function=About%27%20OR%20sqlspider
|     https://172.16.38.130:443/ESAPI-Java-SwingSet-Interactive/main?function=ValidateUserInput%27%20OR%20sqlspider
|     https://172.16.38.130:443/ESAPI-Java-SwingSet-Interactive/main?function=SessionManagement%27%20OR%20sqlspider
|     https://172.16.38.130:443/ESAPI-Java-SwingSet-Interactive/main?function=Introduction%27%20OR%20sqlspider
|     https://172.16.38.130:443/ESAPI-Java-SwingSet-Interactive/main?function=DataProtection%27%20OR%20sqlspider
|     https://172.16.38.130:443/ESAPI-Java-SwingSet-Interactive/main?function=Logging%27%20OR%20sqlspider
|     https://172.16.38.130:443/ESAPI-Java-SwingSet-Interactive/main?function=InitialSetup%27%20OR%20sqlspider
|     https://172.16.38.130:443/ESAPI-Java-SwingSet-Interactive/main?function=Login%27%20OR%20sqlspider
|     https://172.16.38.130:443/ESAPI-Java-SwingSet-Interactive/main?function=AccessControl%27%20OR%20sqlspider
|     https://172.16.38.130:443/ESAPI-Java-SwingSet-Interactive/main?function=Encryption%27%20OR%20sqlspider
|     https://172.16.38.130:443/ESAPI-Java-SwingSet-Interactive/main?function=Encoding%27%20OR%20sqlspider
|     https://172.16.38.130:443/ESAPI-Java-SwingSet-Interactive/main?function=HttpSecurity%27%20OR%20sqlspider
|     https://172.16.38.130:443/cyclone/?C=N%3bO%3dD%27%20OR%20sqlspider
|     https://172.16.38.130:443/cyclone/?C=M%3bO%3dA%27%20OR%20sqlspider
|     https://172.16.38.130:443/cyclone/?C=D%3bO%3dA%27%20OR%20sqlspider
|_    https://172.16.38.130:443/cyclone/?C=S%3bO%3dA%27%20OR%20sqlspider
445/tcp  open  microsoft-ds
5001/tcp open  commplex-link
8080/tcp open  http-proxy
8081/tcp open  blackice-icecap

Nmap done: 1 IP address (1 host up) scanned in 24.90 seconds
  1. 上述每一步都需要附上截图(必须包含每一天命令)进行说明

编写实验报告时,将整个作业过程中的涉及的步骤、效果、思路等整理为Word或PDF或PPT⽂档并上传,⽂档名称为"姓名-作业名称"。

32进制
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Web渗透之信息收集技术(附实战练习)
Matheus的博客
05-13 2418
先附上思维导图方便查阅???? 1、收集子域信息 子域名检测工具: Layer子域名挖掘机,K8,wydomain,Sublist3r,dnsmaper,subDomainsBrute,Maltego CE 搜索引擎枚举: 可以利用前面的google黑客语法。列如:搜索百度旗下的子域名就可以使用“site:baidu.com”, site:baidu.com –www 不包含www 第三方聚合应用枚举: 很多第三方服务汇聚了大量DNS数据集,可通过它们检索某个给定域名的子域名。只要往其搜索栏中输入域名,
Linux命令惯用法
hongchangfirst
08-28 2744
1硬连接与软连接 ln a b 这是硬连接,a文件和b文件是同一个inode,连接数为2 ln -s a c 这是符号连接,c文件是一种特殊的文件,即连接文件,指向a,c文件的inode和a文件的inode不同。 可用ls -li来查看inode号。 2想要动态的查看一个文件内容的变化,可以用tail命令 如:tail -f /var/log/messages#将文...
WEB常见漏洞之XXE(靶场篇)_220 vmware authentication daemon version 1
最新发布
2401_84150530的博客
04-17 773
xxe-lab是一个使用PHP,Java,python,C#四种当下最常用语言的网站编写语言来编写的一个存在xxe漏洞的Web demo。靶场地址:https://github.com/c0ny1/xxe-lab。
03、主动信息收集
山兔的博客
08-24 1504
Scapy 是一个可以让用户发送、侦听和解析并伪装网络报文的 Python 程序。这些功能可以用于制作侦测、扫描和攻击网络的工具。僵尸主机:僵尸主机是指感染僵尸程序病毒,从而被黑客程序控制的计算机设备。但是僵尸扫描中的僵尸主机指得是一个闲置的操作系统(这里的闲置是指主机不会主动和任何人通信),且此系统中 IP 数据包中 ID 是递增的。一台机器只要联网了,即使不打开任何应用程序,不做任何操作,他在后台运行的程序,肯定会向后台发送数据包,IPID:指的是通信过程中,IP 数据包中的 ID。
Nmap之主机发现
Hugu
11-06 6328
文章目录0x00 主机发现原理0x01 基本扫描0x02 Ping扫描0x03 无Ping扫描0x04 TCP SYN Ping扫描0x05 TCP ACK Ping扫描0x06 UDP Ping扫描0x07 ICMP Ping Types扫描0x08 ARP Ping扫描0x09 列表扫描0x10 禁止反向域名解析0x11 反向域名解析0x12 使用系统域名解析器0x13 扫描一个IPv6地址0x14 路由跟踪0x15 SCTP INIT Ping扫描 0x00 主机发现原理 ​ 主机发现发现的原理与P
网络安全讲座之八:审计结果
cjwid的专栏
06-25 1429
我们已经学习使用了一些实施有效安全审计的工具。现在还剩下最后一步:提交细致的书面建议。建议应从三个角度来提出:   • 为了能够确定安全策略和实施情况的差距,建议采用特定方法继续进行有效的审计。   • 抵御和清除病毒,蠕虫和木马,修补系统漏洞。   • 建议改善和增强如下内容:    重新配置路由器   添加和重新配置防火墙规则   升级操作系统补丁类型   升级旧有的和不安全的服务和TCP/I
Linux – nmap – nc(ncat) 命令 – 扫描端口
weixin_45129599的博客
11-14 268
本页目录 安装nmapcentOS安装debian安装namp使用扫描全部端口nc命令安装nc – ncat命令nc命令详解nmap、ncat/nc既是一个端口扫描工具,也是一款安全工具,还能是一款监测工具安装nmapcentOS安装yum install -y nmapdebian安装pkg install nmap -ynamp使用[root@VM-4-12-centos ~]# nmap -...
普中51-双核-A6开发板原理图.pdf
04-03
普中51-双核-A6开发板原理
75-喇叭发声原理(51单片机C语言实例Proteus仿真和代码)
06-15
75-喇叭发声原理(51单片机C语言实例Proteus仿真和代码)75-喇叭发声原理(51单片机C语言实例Proteus仿真和代码)75-喇叭发声原理(51单片机C语言实例Proteus仿真和代码)75-喇叭发声原理(51单片机C语言实例Proteus仿真和...
第2章-MCS-51单片机硬件结构和原理.ppt
11-21
"MCS-51单片机硬件结构和原理" MCS-51单片机硬件结构和原理是计算机科学和电子工程领域中的重要知识点。MCS-51单片机是一种微控制器,广泛应用于自动控制、机器人、医疗设备、消费电子产品等领域。本章节将详细介绍...
JESD51-2A.pdf
01-05
JESD51-2A
BlackICE 3.6 服务器版
11-15
很好用的服务器版杀毒软件,但是务必关闭系统的数据执行保护(DEP),不然会蓝屏...
119-红外发射原理(51单片机C语言实例Proteus仿真和代码)
06-15
119-红外发射原理(51单片机C语言实例Proteus仿真和代码)119-红外发射原理(51单片机C语言实例Proteus仿真和代码)119-红外发射原理(51单片机C语言实例Proteus仿真和代码)119-红外发射原理(51单片机C语言实例Proteus...
Linux端口大全】
IChen.的博客
02-23 6171
0端口:无效端口,通常用于分析操作系统 1端口:传输控制协议端口服务多路开关选择器 2端口:管理实用程序 3端口:压缩进程 5端口:远程作业登录 7端口:回显 9端口:丢弃 11端口:在线用户 13端口:时间 17端口:每日引用 18端口:消息发送协议 19端口:字符发生器 20端口:FTP文件传输协议(默认数据口) 21端口:FTP文件传输协议(控制) 22端口:SSH远程登录协议 23端口:telnet(终端仿真协议),木马Tiny Telnet服务器开放此端口 24端口:预留给个人用邮件系统 25端口
《Python 黑帽子》学习笔记 - netcat 介绍1- Day 5
信安工匠
03-24 806
netcat 被称为网络瑞士军刀,是一个功能强大设计优雅的网络工具。 netcat 介绍 netcat 是什么,引用 wiki 的说明如下: Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to network connections usi...
学习日记5
ma963852的博客
11-08 669
DNSEnumeration interacting with a DNS server host -t mx megacorpone.com Automating lookups Forward lookup brute force list.txt: ftp mail owa proxy router 批处理: for ip in $(cat [list.txt]...
Linux中nmap脚本的目录,nmap脚本指南
weixin_42318708的博客
04-29 1354
脚本参数SCRIPT SCAN:-sC: equivalent to --script=default--script=: is a comma separated list ofdirectories, script-files or script-categories--script-args=: provide arguments to scripts--script-args-file=...
nmap_命令详解
weixin_34186128的博客
03-29 1687
1使用主机名扫描[root@wl020237 opt]# nmap www.baidu.comStarting Nmap 7.40 ( https://nmap.org ) at 2017-03-29 16:52 CSTNmap scan report for www.baidu.com (220.181.111.188)Host is up (0.0025s latency...
单片机原理及应用-基于Proteus和Keil-C林立版课后习题答案.docx
11-27
"本资源提供了关于单片机原理及应用的课程学习资料,特别是针对基于Proteus和Keil-C的实践教学。文档包含了MCS-51单片机结构及原理的相关习题解答,帮助学生深入理解单片机的基础知识。" 在单片机的学习中,MCS-51...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值