本节书摘来自异步社区《Nmap渗透测试指南》一书中的第6章6.5节源地址欺骗,作者 商广明,更多章节内容可以访问云栖社区“异步社区”公众号查看。
6.5 源地址欺骗
表6.5所示为本章节所需Nmap命令表,表中加粗命令为本小节所需命令——源地址欺骗。
![c89cae1dca38cafd94592fdacffb05f4ff5ea62b](https://i-blog.csdnimg.cn/blog_migrate/81a4772e6d35a755a2801b2967246e38.png)
使用-sI选项就可以进行源地址欺骗。如果Nmap无法确定你的源地址,Nmap会给出相应的提示,我们使用-sI选项指定所需要发包的接口IP地址。
root@Wing:~# nmap -sI www.0day.co:80 192.168.126.131
WARNING: Many people use -Pn w/Idlescan to prevent pings from their true IP. On the other hand, timing info Nmap gains from pings can allow for faster, more reliable scans.
Starting Nmap 6.40 ( http://nmap.org ) at 2014-06-12 14:50 CST
Idle scan using zombie www.0day.co (210.209.122.11:80); Class: Incremental
Nmap scan report for 192.168.126.131
Host is up (0.051s latency).
Not shown: 977 closed|filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
512/tcp open exec
513/tcp open login
514/tcp open shell
1099/tcp open rmiregistry
1524/tcp open ingreslock
2049/tcp open nfs
2121/tcp open ccproxy-ftp
3306/tcp open mysql
5432/tcp open postgresql
5900/tcp open vnc
6000/tcp open X11
6667/tcp open irc
8009/tcp open ajp13
8180/tcp open unknown
MAC Address: 00:0C:29:E0:2E:76 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 40.30 seconds
root@Wing:~#
-sI选项我们在之前的章节空闲扫描中提到过,但它主要是用作源地址欺骗。