主动信息收集——SMB扫描

最新推荐文章于 2023-07-07 10:18:48 发布

「已注销」

最新推荐文章于 2023-07-07 10:18:48 发布

阅读量372

点赞数

分类专栏： kali安全牛笔记

本文链接：https://blog.csdn.net/weixin_43229308/article/details/103428295

版权

kali安全牛笔记专栏收录该内容

16 篇文章 0 订阅

订阅专栏

nmap：

-v：显示详细信息

root@kali:~# nmap -v 192.168.96.129 -p139,445
Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 19:08 CST
Initiating ARP Ping Scan at 19:08
Scanning 192.168.96.129 [1 port]
Completed ARP Ping Scan at 19:08, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:08
Completed Parallel DNS resolution of 1 host. at 19:08, 0.00s elapsed
Initiating SYN Stealth Scan at 19:08
Scanning bogon (192.168.96.129) [2 ports]
Discovered open port 445/tcp on 192.168.96.129
Discovered open port 139/tcp on 192.168.96.129
Completed SYN Stealth Scan at 19:08, 0.00s elapsed (2 total ports)
Nmap scan report for bogon (192.168.96.129)
Host is up (0.00036s latency).

PORT    STATE SERVICE
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 00:0C:29:3F:17:B1 (VMware)

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds
           Raw packets sent: 3 (116B) | Rcvd: 3 (116B)

使用smb-os-discovery.nse脚本进行扫描

root@kali:~# nmap 192.168.96.129 -p139,445 --script=smb-os-discovery.nseStarting 
Nmap 7.80 ( https://nmap.org ) at 2019-12-06 19:01 CST
Nmap scan report for 192.168.96.129
Host is up (0.00042s latency).

PORT    STATE SERVICE
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 00:0C:29:3F:17:B1 (VMware)

Host script results:
| smb-os-discovery: 
|   OS: Windows XP (Windows 2000 LAN Manager)
|   OS CPE: cpe:/o:microsoft:windows_xp::-
|   Computer name: windowxppro
|   NetBIOS computer name: WINDOWXPPRO\x00
|   Workgroup: WORKGROUP\x00
|_  System time: 2019-12-06T19:01:18+08:00

Nmap done: 1 IP address (1 host up) scanned in 0.21 seconds

使用smb-vuln-*.nse下的所有脚本扫描，--script-args设置参数值

root@kali:~# nmap -p139,445 --script=smb-vuln-*.nse --script-args=unsafe=1 192.168.96.129
Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 20:35 CST
Nmap scan report for bogon (192.168.96.129)
Host is up (0.00049s latency).

PORT    STATE SERVICE
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 00:0C:29:3F:17:B1 (VMware)

Host script results:
| smb-vuln-ms08-067: 
|   VULNERABLE:
|   Microsoft Windows system vulnerable to remote code execution (MS08-067)
|     State: LIKELY VULNERABLE
|     IDs:  CVE:CVE-2008-4250
|           The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2,
|           Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary
|           code via a crafted RPC request that triggers the overflow during path canonicalization.
|           
|     Disclosure date: 2008-10-23
|     References:
|       https://technet.microsoft.com/en-us/library/security/ms08-067.aspx
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4250
|_smb-vuln-ms10-054: ERROR: Script execution failed (use -d to debug)
|_smb-vuln-ms10-061: ERROR: Script execution failed (use -d to debug)
| smb-vuln-ms17-010: 
|   VULNERABLE:
|   Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)
|     State: VULNERABLE
|     IDs:  CVE:CVE-2017-0143
|     Risk factor: HIGH
|       A critical remote code execution vulnerability exists in Microsoft SMBv1
|        servers (ms17-010).
|           
|     Disclosure date: 2017-03-14
|     References:
|       https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143
|_      https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

nbtscan：

root@kali:/usr/share/nmap/scripts# nbtscan -r 192.168.96.0/24
Doing NBT name scan for addresses from 192.168.96.0/24

IP address       NetBIOS Name     Server    User             MAC address      
------------------------------------------------------------------------------
192.168.96.0	Sendto failed: Permission denied
192.168.96.128   <unknown>                  <unknown>        
192.168.96.129   WINDOWXPPRO                <unknown>        00:0c:29:3f:17:b1
192.168.96.130   METASPLOITABLE   <server>  METASPLOITABLE   00:00:00:00:00:00
192.168.96.255	Sendto failed: Permission denied

enum4linux：

root@kali# enum4linux -a 192.168.96.129
Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Fri Dec  6 21:24:01 2019

 ========================== 
|    Target Information    |
 ========================== 
Target ........... 192.168.96.129
RID Range ........ 500-550,1000-1050
Username ......... ''
Password ......... ''
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none


 ====================================================== 
|    Enumerating Workgroup/Domain on 192.168.96.129    |
 ====================================================== 
[+] Got domain/workgroup name: WORKGROUP

 ============================================== 
|    Nbtstat Information for 192.168.96.129    |
 ============================================== 
Looking up status of 192.168.96.129
	WINDOWXPPRO     <00> -         M <ACTIVE>  Workstation Service
	WORKGROUP       <00> - <GROUP> M <ACTIVE>  Domain/Workgroup Name

	MAC Address = 00-0C-29-3F-17-B1

 ======================================= 
|    Session Check on 192.168.96.129    |
 ======================================= 
[E] Server doesn't allow session using username '', password ''.  Aborting remainder of tests.

「已注销」

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
主动信息收集——SMB扫描

相关链接：https://blog.csdn.net/gengzhikui1992/article/details/89183302nmap：-v：显示详细信息root@kali:~# nmap -v 192.168.96.129 -p139,445Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-06 19:08 CST...
复制链接

扫一扫