5.2.2 Banner Grabbing
The next step in identifying a remote system is to try to connect using telnet and FTP. The
server programs for these services display text messages called banners. A banner may state
clearly and precisely what server program is running. For example, when you connect to an
anonymous FTP server, you might get the following message:
Connected to anon.server.
220 ProFTPD Server (Welcome . . . )
User (anon.server:(none)):
While the number 220 is an FTP code which indicates that the server is ready for a new user,
the text message ProFTPD Server identifies the FTP server program that is running on the
remote computer. Using a web search engine, you can learn what operating system the
program runs on and other details about its requirements, capabilities, limitations, and flaws.
The primary flaw in the use of banner grabbing to gather information about a system is that
clever system administrators can spoof banners. A banner that reads NoneOfYourBusiness
Server is obviously misleading, but a Unix system with a banner that reads WS_FTP Server (a
Windows-based FTP server) is going to complicate any intelligence gathering that may be
done.
5.2.2 标志提取
识别一个远程系统接下来的一步是通过远程登录和文件传输协议连接。这些服务的服务器程序显示文本信息,这些信息
被称作标志。标志有的时候可以将服务器程序描述的很准确。例如,当你连接一台匿名文件传输协议服务器时,你可能
会得到下面的信息:
连接到匿名服务器。
220 ProFTPD服务器(欢迎。。。)
用户(匿名服务器:(没有)):
220是一个文本传输协议编码,这个编码表明该服务器为新的用户做好了准备,ProFTPD服务器显示的文本信息说明了
在远程电脑上运行的文本传输协议服务器程序。通过一个搜索引擎,你可以了解该程序所在的操作系统,以及其(这个其我
还真不知道是操作系统还是程序)要求,性能,局限性和漏洞。使用标志提取的主要缺陷是:有能力的系统管理员能够
阻止标志提取。一个“不管你事”的标志显然是一个警示标志。但是在Unix系统中,“WS_FTP服务器”标志可以误导
所有正在做的情报搜集行为。
5.2.3 Identifying Services from Ports and Protocols
You can also determine what programs are running on a system by looking at what ports are
open and what protocols are in use.
Start by looking at your own local computer. Go to a command line or shell prompt and run
the netstat program using the -a (or all) switch:
netstat -a
The computer will display a list of open ports and some of the services that are using those
ports:
Active Connections
From this you can see many of the programs and services that are running on your local
computer – many of which you don't even realize are running.
Another program, called fport, provides information similar to that which netstat does, but it
also details which programs are using the open ports and protocols. (Fport is available for free
download from www.foundstone.com.)
Another program, called nmap (for network mapper), will more thoroughly probe your
computer for open ports. When nmap is run, it will display a list of open ports and the services
or protocols that use those ports. It may also be able to determine what operating system
your computer is using. For example, if you run nmap on your local computer, you might see
the following output:
Nmap is available on your Hacker Highschool or L. A. S. cd. It is also available for download
from www.insecure.org.
5.2.3 通过端口和协议识别服务器
可以通过查看接口和协议来判断一个系统上运行的程序。
让我们从自己的电脑开始。打开命令提示符窗口,键入:
netstat -a
窗口会显示一个开放的接口和使用这些接口的服务的表
活动连接:
(如上插入的图所示)
通过这种方式你可以查看到很多在你电脑上运行的程序,有许多你不知道的程序都在运行。
另外一个程序,fport,可以提供和netstat提供的一样的信息。同时,fport会给出使用那些
开放接口程序的详细信息。(fport可以从www.foundstone.com免费下载)。
另一个程序,nmap(网络扫描器),可以更全面的检查你电脑开放的接口。当nmap运行的时候,
会显示一个关于开放的接口和正在使用的服务和协议的表,同时也能显示你电脑使用的操作系统。
如果你在电脑上运行nmap,你会得到和下面格式相似的结果。
Nmap可以在黑客高中或者L. A. S. cd上下载,也可以在www.insecure.org上下载。
扫一扫
8930
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
