废话不多说直接执行Nmap扫描的第一步是查看计算机正在运行的服务类型:
nmap -p- -sV -O 10.10.10.152
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-24 10:55 UTC
Nmap scan report for ip-10-10-10-152.eu-west-2.compute.internal (10.10.10.152)
Host is up (0.016s latency).
Not shown: 65521 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
80/tcp open http Indy httpd 18.1.37.13946 (Paessler PRTG bandwidth monitor)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012 microsoft-ds
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
47001/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
49664/tcp open msrpc Microsoft Windows RPC
49665/tcp open msrpc Microsoft Windows RPC
49666/tcp open msrpc Microsoft Windows RPC
49680/tcp open msrpc Microsoft Windows RPC
49681/tcp open msrpc Microsoft Windows RPC
49691/tcp open msrpc Microsoft Windows RPC
51061/tcp open tcpwrapped
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
Network Distance: 2 hops
Service Info: OSs: Windows, Windows Server 2008 R2 - 2012; CPE: cpe:/o:microsoft:windows
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 108.04 seconds
扫描结果中最突出的是端口80上的HTTP和端口21上的FTP。我首先浏览到端口80,并看到Paessler PRTG的登录页面。这是监视设备并报告其状态(占用时间,CPU使用率,磁盘空间使用情况等)的软件。
我不幸的是,一直没有用。就目前而言,这是我可以的PRTG。我决定将目标转向FTP端口。
我连接到FTP,发现它接受匿名连接。