扫描(netcat & nmap)
nmap将端口分为open(开放的),filtered(被过滤的), closed(关闭的),或者unfiltered(未被过滤的)。
open意味着目标主机的应用程序在监听(listen)
closed意味着端口没有监听,但随时可能打开。
filtered意味着firewall,阻碍了端口访问。
unfiltered表示无法确定开放与否。
ICMP和TCP包
TCP包 不会被记录,因为是不完整的TCP握手
强大的nmap扫描参数
root@bt:~# nmap -O -sV -T 5 -sS -oA scannerout www.finderbao.com
Starting Nmap 6.01 ( http://nmap.org ) at 2012-07-19 00:54 EDT
Nmap scan report for www.finderbao.com (114.80.208.57)
Host is up (0.054s latency).
Not shown: 981 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
42/tcp filtered nameserver
80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1025/tcp filtered NFS-or-IIS
1068/tcp filtered instl_bootc
1311/tcp open ssl/http Dell OpenManage httpd
1434/tcp filtered ms-sql-m
3128/tcp filtered squid-http
3389/tcp filtered ms-wbt-server
4444/tcp filtered krb524
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49158/tcp open msrpc Microsoft Windows RPC
Device type: general purpose|load balancer
Running (JUST GUESSING): Microsoft Windows Vista|7|2008 (88%), Cisco embedded (85%)
OS CPE: cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2008::sp1
Aggressive OS guesses: Microsoft Windows Vista SP0 - SP1 (88%), Microsoft Windows 7 (87%), Microsoft Windows 7 SP1 (87%), Cisco ACE load balancer (85%), Microsoft Windows Server 2008 SP1 (85%)
No exact OS matches for host (test conditions non-ideal).
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 64.61 seconds
参数说明 :
-O 获取指纹
-sV 获取服务和版本说明
-T 速率
-sS 发送TCP SYN数据包
-oA 保存扫描结果到文件
-sU UDP扫描
unicornscan 使用于 IDS
root@bt:~# smbclient -L //192.168.1.100
Enter root's password:
Anonymous login successful
Domain=[WORKGROUP] OS=[Win7U 7600] Server=[Win7U 6.1]
Sharename Type Comment
--------- ---- -------
Error returning browse list: NT_STATUS_ACCESS_DENIED
session request to 192.168.1.100 failed (Called name not present)
session request to 192 failed (Called name not present)
session request to *SMBSERVER failed (Called name not present)
NetBIOS over TCP disabled -- no workgroup available