扫描目标主机使用的操作系统。
root@bt:~# nmap -sT -O -A 192.168.1.133
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-31 02:28 EDT
Nmap scan report for 192.168.1.133
Host is up (0.090s latency).
Not shown: 986 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-methods: No Allow or Public header in OPTIONS response (status code 404)
|_http-title: Not Found
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open netbios-ssn
514/tcp filtered shell
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
1025/tcp open msrpc Microsoft Windows RPC
1026/tcp open msrpc Microsoft Windows RPC
1027/tcp open msrpc Microsoft Windows RPC
1029/tcp open msrpc Microsoft Windows RPC
1030/tcp open msrpc Microsoft Windows RPC
1433/tcp open ms-sql-s Microsoft SQL Server 2008 R2 10.50.1600.00; Pre-RTM
2383/tcp open ms-olap4?
Device type: general purpose
Running: Microsoft Windows 7(这里是目标使用的操作系统)
OS CPE: cpe:/o:microsoft:windows_7:::enterprise
OS details: Microsoft Windows 7 Enterprise(操作系统的版本)
Network Distance: 2 hops
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_nbstat: NetBIOS name: TKE-PC(这里是计算机名称), NetBIOS user: <unknown>, NetBIOS MAC: 70:71:bc:79:fa:54 (Pegatron) (网卡mac地址)
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server supports SMBv2 protocol
| smb-os-discovery:
| OS: Windows 7 Ultimate 7600 (Windows 7 Ultimate 6.1)
| NetBIOS computer name: TKE-PC
| Workgroup: WORKGROUP
|_ System time: 2012-08-31 02:31:37 UTC+8
| ms-sql-info:
| [192.168.1.133:1433]
| Version: Microsoft SQL Server 2008 R2 Pre-RTM
| Version number: 10.50.1600.00
| Product: Microsoft SQL Server 2008 R2
| Service pack level: Pre-RTM
|_ TCP port: 1433
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
1 0.13 ms 192.168.129.2
2 0.75 ms 192.168.1.133
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 188.80 seconds
这样,就探测出了主机系统为win7,同时还可以看出使用的数据库时SQL server 2008 R2。
不过扫描使用的时间就稍微长了一点,188秒,也就是3分钟左右。
通过QQ的IP探测,我找了一个IP来进行测试,结果发现是这样的
root@bt:~# nmap -sT -O -A 223.67.165.180 Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-31 02:47 EDT Nmap scan report for 223.67.165.180 Host is up (0.00051s latency). All 1000 scanned ports on 223.67.165.180 are filtered Too many fingerprints match this host to give specific OS details TRACEROUTE (using proto 1/icmp) HOP RTT ADDRESS 1 ... 30 OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 33.84 seconds
原来是对方使用了路由器,扫描变成了对路由器的扫描了。