扫描(netcat & nmap)
nmap将端口分为open(开放的),filtered(被过滤的), closed(关闭的),或者unfiltered(未被过滤的)。
open意味着目标主机的应用程序在监听(listen)
closed意味着端口没有监听,但随时可能打开。
filtered意味着firewall,阻碍了端口访问。
unfiltered表示无法确定开放与否。
ICMP和TCP包
TCP包 不会被记录,因为是不完整的TCP握手
强大的nmap扫描参数
root@bt:~# nmap -O -sV -T 5 -sS -oA scannerout www.finderbao.com Starting Nmap 6.01 ( http://nmap.org ) at 2012-07-19 00:54 EDT Nmap scan report for www.finderbao.com (114.80.208.57) Host is up (0.054s latency). Not shown: 981 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp Microsoft ftpd 42/tcp filtered nameserver 80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 593/tcp filtered http-rpc-epmap 1025/tcp filtered NFS-or-IIS 1068/tcp filtered instl_bootc 1311/tcp open ssl/http Dell OpenManage httpd 1434/tcp filtered ms-sql-m 3128/tcp filtered squid-http 3389/tcp filtered ms-wbt-server 4444/tcp filtered krb524 49152/tcp open msrpc Microsoft Windows RPC 49153/tcp open msrpc Microsoft Windows RPC 49154/tcp open msrpc Microsoft Windows RPC 49155/tcp open msrpc Microsoft Windows RPC 49158/tcp open msrpc Microsoft Windows RPC Device type: general purpose|load balancer Running (JUST GUESSING): Microsoft Windows Vista|7|2008 (88%), Cisco embedded (85%) OS CPE: cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2008::sp1 Aggressive OS guesses: Microsoft Windows Vista SP0 - SP1 (88%), Microsoft Windows 7 (87%), Microsoft Windows 7 SP1 (87%), Cisco ACE load balancer (85%), Microsoft Windows Server 2008 SP1 (85%) No exact OS matches for host (test conditions non-ideal). Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 64.61 seconds
参数说明 :
-O 获取指纹
-sV 获取服务和版本说明
-T 速率
-sS 发送TCP SYN数据包
-oA 保存扫描结果到文件
-sU UDP扫描
unicornscan 使用于 IDS
root@bt:~# smbclient -L //192.168.1.100 Enter root's password: Anonymous login successful Domain=[WORKGROUP] OS=[Win7U 7600] Server=[Win7U 6.1] Sharename Type Comment --------- ---- ------- Error returning browse list: NT_STATUS_ACCESS_DENIED session request to 192.168.1.100 failed (Called name not present) session request to 192 failed (Called name not present) session request to *SMBSERVER failed (Called name not present) NetBIOS over TCP disabled -- no workgroup available