[root@zabbix-server ~]# yum -y install nmap
- //基本用法:
- # nmap [扫描类型] [选项] <</span>扫描目标 ...>
- //常用的扫描类型
- // -sS,TCP SYN扫描(半开)
- // -sT,TCP 连接扫描(全开)
- // -sU,UDP扫描
- // -sP,ICMP扫描
- // -A,目标系统全面分析
检查192.168.4.100是否可以平通
[root@zabbix-server ~]# nmap -sP 192.168.4.100
Starting Nmap 6.40 ( http://nmap.org ) at 2018-08-29 14:10 CST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for 192.168.4.100
Host is up (0.00028s latency).
MAC Address: 52:54:00:DD:65:A0 (QEMU Virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 0.01 seconds
-n是可以不执行DNS域名解释,进行ping通:
[root@zabbix-server ~]# nmap -n -sP 192.168.4.100
Starting Nmap 6.40 ( http://nmap.org ) at 2018-08-29 14:10 CST
Nmap scan report for 192.168.4.100
Host is up (0.00023s latency).
MAC Address: 52:54:00:DD:65:A0 (QEMU Virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 0.01 seconds
检查192.168.4.0网段的主机,有那些可以ping通:
[root@zabbix-server ~]# nmap -n -sP 192.168.4.0/24
Starting Nmap 6.40 ( http://nmap.org ) at 2018-08-29 14:11 CST
Nmap scan report for 192.168.4.100
Host is up (0.00043s latency).
MAC Address: 52:54:00:DD:65:A0 (QEMU Virtual NIC)
Nmap scan report for 192.168.4.254
Host is up (0.00019s latency).
MAC Address: 52:54:00:37:78:11 (QEMU Virtual NIC)
Nmap scan report for 192.168.4.5
Host is up.
Nmap done: 256 IP addresses (3 hosts up) scanned in 3.44 seconds
检查192.168.4.0网段内是否开启,ssh和ftp服务:
[root@zabbix-server ~]# nmap -p 21-22 192.168.4.0/24
检查目标主机是否开启TCP服务:
[root@zabbix-server ~]# nmap -sT 192.168.4.100
检查是否开启UDP服务:
[root@zabbix-server ~]# nmap -sU 192.168.4.100
检测目标主机的操作系统:
[root@zabbix-server ~]# nmap -A 192.168.4.100,5
使用tcpdump分析FTP访问中的明文交换信息
准备vsftpd服务器:
[root@zabbix-server ~]# yum -y install vsftpd
[root@zabbix-server ~]# systemctl restart vsftpd
使用tcpdump 进行抓包
[root@zabbix-server ~]# tcpdump -A host 192.168.4.5 and tcp port 21
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes //等待抓包状态
- //监控选项如下:
- // -i,指定监控的网络接口(默认监听第一个网卡)
- // -A,转换为 ACSII 码,以方便阅读
- // -w,将数据包信息保存到指定文件
- // -r,从指定文件读取数据包信息
- //tcpdump的过滤条件:
- // 类型:host、net、port、portrange
- // 方向:src、dst
- // 协议:tcp、udp、ip、wlan、arp、……
- // 多个条件组合:and、or、not
14:34:50.917395 IP 192.168.4.100.55680 > zabbix-server.ftp: Flags [P.], seq 1:11, ack 21, win 229, options [nop,nop,TS val 17267471 ecr 19013927], length 10: FTP: USER tom
E..>/j@.@......d.........4\Tk..............
..{.."!'USER tom
14:34:50.917942 IP zabbix-server.ftp > 192.168.4.100.55680: Flags [P.], seq 21:55, ack 11, win 227, options [nop,nop,TS val 19015933 ecr 17267471], length 34: FTP: 331 Please specify the password.
E..V..@.@..........d....k....4\^...........
."(...{.331 Please specify the password.
执行FTP 并进行观察抓包效果:
[root@client ~]# ftp 192.168.4.5
Connected to 192.168.4.5 (192.168.4.5).
220 (vsFTPd 3.0.2)
Name (192.168.4.5:root): tom //输入用户
331 Please specify the password.
Password: //输入密码
530 Login incorrect.
Login failed.
ftp> quit //退出
221 Goodbye.
使用tcpdump 命令进行抓包,-w是另存为抓包的结果,方便以后再进行分析:
[root@zabbix-server ~]# tcpdump -A -w ftp.cap host 192.168.4.5 and tcp port 21
分析抓包信息:
[root@zabbix-server ~]# tcpdump -A -w ftp.cap host 192.168.4.5 and tcp port 21
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C23 packets captured
23 packets received by filter
0 packets dropped by kernel
[root@zabbix-server ~]# tcpdump -A -r ftp.cap | egrep '(USER|PASS)'
reading from file ftp.cap, link-type EN10MB (Ethernet)
14:45:18.683923 IP 192.168.4.100.55682 > zabbix-server.ftp: Flags [P.], seq 1:11, ack 21, win 229, options [nop,nop,TS val 17895237 ecr 19641223], length 10: FTP: USER tom
...E.+..USER tom
14:45:20.488494 IP 192.168.4.100.55682 > zabbix-server.ftp: Flags [P.], seq 11:21, ack 55, win 229, options [nop,nop,TS val 17897042 ecr 19643700], length 10: FTP: PASS 123
...R.+.4PASS 123
14:45:23.735077 IP zabbix-server.ftp > 192.168.4.100.55682: Flags [P.], seq 77:115, ack 27, win 227, options [nop,nop,TS val 19648750 ecr 17900289], length 38: FTP: 530 Please login with USER and PASS.
.+....#.530 Please login with USER and PASS.
使用tcpdump分析nginx的明文账户认证信息:
vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name localhost;
auth_basic "xx";
auth_basic_user_file "/usr/local/nignx/pass";
安装htpasswd 命令:
yum -y install httpd-tools
[root@zabbix-server conf]# htpasswd -c /usr/local/nginx/pass jerry
New password:
Re-type new password:
Adding password for user jerry
重起nginx服务:
nginx -s reload
使用tcpdump 进行抓包:
[root@zabbix-server ~]# tcpdump -A host 192.168.4.5 and tcp port 80
使用物理机进行访问nginx服务:
firefox http://192.168.4.5
回看抓包信息:
Host: 192.168.4.5
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Authorization: Basic
amVycnk6MTIz
查看base64变码内容:
[root@zabbix-server ~]# echo "amVycnk6MTIz" | base64 -d
jerry:123