• MSF魔鬼训练营-3.2.2 操作系统辨识


    利用操作系统视频进行社会工程学攻击。
    例如在探测到目标用户所使用的网络设备、服务器设备厂家型号等信息后。可伪装成相关厂家的技术人员通过电话、邮件等方式与系统管理员取得联系得到信任。
    NMAP

    示例: 使用 -PU -sn 扫描存活主机 使用 -O判断系统 -sV对版本信息进行辨识 -A获取更详细的服务和操作系统信息
    msf > nmap -PU -sn 192.168.1.0/24
    [*] exec: nmap -PU -sn 192.168.1.0/24

    Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-08 21:00 CST
    RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
    RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
    RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
    RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
    Nmap scan report for 192.168.1.102
    Host is up (0.0016s latency).
    Nmap scan report for 192.168.1.104
    Host is up (0.0034s latency).
    Nmap done: 256 IP addresses (2 hosts up) scanned in 36.16 seconds
    msf > nmap -O 192.168.1.102
    [*] exec: nmap -O 192.168.1.102


    Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-08 21:01 CST
    Nmap scan report for 192.168.1.102
    Host is up (0.0017s latency).
    Not shown: 998 closed ports
    PORT STATE SERVICE
    22/tcp open ssh
    8000/tcp open http-alt
    Device type: general purpose
    Running: Linux 3.X
    OS CPE: cpe:/o:linux:linux_kernel:3
    OS details: Linux 3.2 - 3.16
    Network Distance: 1 hop

    OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 2.05 seconds
    msf > nmap -O 192.168.1.104
    [*] exec: nmap -O 192.168.1.104


    Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-08 21:01 CST
    Nmap scan report for 192.168.1.104
    Host is up (0.0025s latency).
    Not shown: 992 closed ports
    PORT STATE SERVICE
    135/tcp open msrpc
    139/tcp open netbios-ssn
    445/tcp open microsoft-ds
    49152/tcp open unknown
    49153/tcp open unknown
    49156/tcp open unknown
    49158/tcp open unknown
    49159/tcp open unknown
    Device type: general purpose
    Running: Microsoft Windows 8.1
    OS CPE: cpe:/o:microsoft:windows_8.1
    OS details: Microsoft Windows 8.1 Enterprise
    Network Distance: 2 hops

    OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 2.02 seconds
    msf > nmap -O -sV 192.168.1.104
    [*] exec: nmap -O -sV 192.168.1.104

    Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-08 21:14 CST
    Nmap scan report for 192.168.1.104
    Host is up (0.0024s latency).
    Not shown: 992 closed ports
    PORT STATE SERVICE VERSION
    135/tcp open msrpc Microsoft Windows RPC
    139/tcp open netbios-ssn Microsoft Windows netbios-ssn
    445/tcp open microsoft-ds Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP)
    49152/tcp open msrpc Microsoft Windows RPC
    49153/tcp open msrpc Microsoft Windows RPC
    49156/tcp open msrpc Microsoft Windows RPC
    49158/tcp open msrpc Microsoft Windows RPC
    49159/tcp open msrpc Microsoft Windows RPC
    No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
    TCP/IP fingerprint:
    OS:SCAN(V=7.40%E=4%D=9/8%OT=135%CT=1%CU=31933%PV=Y%DS=2%DC=I%G=Y%TM=59B297F
    OS:0%P=x86_64-pc-linux-gnu)SEQ(SP=FF%GCD=1%ISR=101%TI=I%CI=I%TS=7)SEQ(SP=FF
    OS:%GCD=1%ISR=101%CI=I%TS=7)OPS(O1=M5B4NW8ST11%O2=M5B4NW8ST11%O3=M5B4NW8NNT
    OS:11%O4=M5B4NW8ST11%O5=M5B4NW8ST11%O6=M5B4ST11)WIN(W1=2000%W2=2000%W3=2000
    OS:%W4=2000%W5=2000%W6=2000)ECN(R=Y%DF=Y%T=40%W=2000%O=M5B4NW8NNS%CC=N%Q=)T
    OS:1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0
    OS:%S=A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6
    OS:(R=Y%DF=Y%T=40%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=40%IPL=16
    OS:4%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=N)

    Network Distance: 2 hops
    Service Info: Host: PC-20150927TDPG; OS: Windows; CPE: cpe:/o:microsoft:windows

    OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 71.63 seconds
    msf > nmap -O -sV -A 192.168.1.104
    [*] exec: nmap -O -sV -A 192.168.1.104


    Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-08 21:18 CST
    Nmap scan report for 192.168.1.104
    Host is up (0.0023s latency).
    Not shown: 992 closed ports
    PORT STATE SERVICE VERSION
    135/tcp open msrpc Microsoft Windows RPC
    139/tcp open netbios-ssn Microsoft Windows netbios-ssn
    445/tcp open microsoft-ds Windows 7 Ultimate 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
    49152/tcp open msrpc Microsoft Windows RPC
    49153/tcp open msrpc Microsoft Windows RPC
    49156/tcp open msrpc Microsoft Windows RPC
    49158/tcp open msrpc Microsoft Windows RPC
    49159/tcp open msrpc Microsoft Windows RPC
    Device type: general purpose
    Running: Microsoft Windows 8.1
    OS CPE: cpe:/o:microsoft:windows_8.1
    OS details: Microsoft Windows 8.1 Enterprise
    Network Distance: 2 hops
    Service Info: Host: PC-20150927TDPG; OS: Windows; CPE: cpe:/o:microsoft:windows

    Host script results:
    |_clock-skew: mean: -21m41s, deviation: 0s, median: -21m41s
    |_nbstat: NetBIOS name: PC-20150927TDPG, NetBIOS user: <unknown>, NetBIOS MAC: 90:2b:34:e9:9b:ea (Giga-byte Technology)
    | smb-os-discovery:
    | OS: Windows 7 Ultimate 7601 Service Pack 1 (Windows 7 Ultimate 6.1)
    | OS CPE: cpe:/o:microsoft:windows_7::sp1
    | Computer name: PC-20150927TDPG
    | NetBIOS computer name: PC-20150927TDPGx00
    | Workgroup: WORKGROUPx00
    |_ System time: 2017-09-08T20:58:16+08:00
    | smb-security-mode:
    | account_used: guest
    | authentication_level: user
    | challenge_response: supported
    |_ message_signing: disabled (dangerous, but default)
    |_smbv2-enabled: Server supports SMBv2 protocol

    TRACEROUTE (using port 25/tcp)
    HOP RTT ADDRESS
    1 1.20 ms RT-AC54U.lan (192.168.3.1)
    2 1.77 ms 192.168.1.104

    OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
    Nmap done: 1 IP address (1 host up) scanned in 66.54 seconds

  • 相关阅读:
    Linux--echo输出内容到控制台
    Web前端基础(14):jQuery基础(一)
    Web前端基础(13):JavaScript(七)
    Web前端基础(12):JavaScript(六)
    Web前端基础(11):JavaScript(五)
    Web前端基础(10):JavaScript(四)
    Web前端基础(9):JavaScript(三)
    Web前端基础(8):JavaScript(二)
    Web前端基础(7):JavaScript(一)
    Web前端基础(6):CSS(三)
  • 原文地址:https://www.cnblogs.com/enderzhou/p/7496422.html
Copyright © 2020-2023  润新知