1 扫描
普通扫nmap -A ip地址
,结果太少,没什么突破口。
再全局扫。nmap全局扫太慢,所以用masscan,然后再用nmap扫前者扫出的端口就行了。
8080那个http写着是hfs2.3服务,靶机做多了就知道这有个漏洞,参考靶机optimum
C:\root> masscan -p1-65535,U:1-65535 10.10.17.99 --rate=1000 -e tun0
Starting masscan 1.0.5 (http://bit.ly/14GZzcT) at 2020-05-26 00:51:49 GMT
-- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 1 hosts [131070 ports/host]
Discovered open port 5985/tcp on 10.10.17.99
Discovered open port 49163/tcp on 10.10.17.99
Discovered open port 139/tcp on 10.10.17.99
Discovered open port 49162/tcp on 10.10.17.99
Discovered open port 135/tcp on 10.10.17.99
Discovered open port 49154/tcp on 10.10.17.99
Discovered open port 49157/tcp on 10.10.17.99
Discovered open port 3389/tcp on 10.10.17.99
Discovered open port 137/udp on 10.10.17.99
Discovered open port 49152/tcp on 10.10.17.99
Discovered open port 445/tcp on 10.10.17.99
Discovered open port 49153/tcp on 10.10.17.99
Discovered open port 49155/tcp on 10.10.17.99
Discovered open port 80/tcp on 10.10.17.99
Discovered open port 47001/tcp on 10.10.17.99
Discovered open port 8080/tcp on 10.10.17.99
C:\root> nmap -p5985,49136,139,49162,135,49154,49157,3389,137,49152,445,49153,49155,80,47001,8080 -A 10.10.17.99
Starting Nmap 7.80 ( https://nmap.org ) at 2020-05-25 20:56 EDT
Nmap scan report for 10.10.17.99
Host is up (0.26s latency).
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd 8.5
| http-methods:
|_ Potentially risky methods: TRACE
|_http-server-header: Microsoft-IIS/8.5
|_http-title: Site doesn't have a title (text/html).
135/tcp open msrpc Microsoft Windows RPC
137/tcp closed netbios-ns
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012 microsoft-ds
3389/tcp open ssl/ms-wbt-server?
|_ssl-date: 2020-05-26T00:58:11+00:00; 0s from scanner time.
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Not Found
8080/tcp open http HttpFileServer httpd 2.3
|_http-server-header: HFS 2.3
|_http-title: HFS /
47001/tcp open http Microsoft HTTPAPI httpd