惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Attack and Defense Labs
Attack and Defense Labs
The GitHub Blog
The GitHub Blog
C
Check Point Blog
博客园_首页
MongoDB | Blog
MongoDB | Blog
N
Netflix TechBlog - Medium
F
Full Disclosure
Microsoft Security Blog
Microsoft Security Blog
爱范儿
爱范儿
Recent Announcements
Recent Announcements
阮一峰的网络日志
阮一峰的网络日志
G
GRAHAM CLULEY
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
T
Threat Research - Cisco Blogs
C
Cybersecurity and Infrastructure Security Agency CISA
V
Vulnerabilities – Threatpost
K
Kaspersky official blog
博客园 - 司徒正美
S
Schneier on Security
T
The Exploit Database - CXSecurity.com
Project Zero
Project Zero
云风的 BLOG
云风的 BLOG
Cisco Talos Blog
Cisco Talos Blog
Know Your Adversary
Know Your Adversary
雷峰网
雷峰网
V
V2EX - 技术
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Spread Privacy
Spread Privacy
罗磊的独立博客
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
S
Security Affairs
SecWiki News
SecWiki News
Schneier on Security
Schneier on Security
O
OpenAI News
Jina AI
Jina AI
PCI Perspectives
PCI Perspectives
Cyberwarzone
Cyberwarzone
Y
Y Combinator Blog
Apple Machine Learning Research
Apple Machine Learning Research
B
Blog RSS Feed
I
InfoQ
D
Docker
P
Palo Alto Networks Blog
Recorded Future
Recorded Future
M
MIT News - Artificial intelligence
博客园 - Franky
B
Blog
Scott Helme
Scott Helme
博客园 - 叶小钗
D
DataBreaches.Net

博客园 - live-evil

写给那些ASP.NET程序员:网站中的安全问题 FCKEditor编辑器安全配置 Ajax 安全工具 微软近日发布了三个免费SQL INJECTION检测工具 Enterprise Library 写给设计人的10个jQuery特效 - live-evil - 博客园 SQL注入攻击-来自微软安全博客的建议 用Dos命令进行加锁 防止病毒格式化硬盘 MembershipUser.IsOnline属性 FCKEditor for .NET. 希望所有的人都平安 端口复用小示例 DataReader Deom2_NextResult DataReader Demo. RssPageDemo. DataTable Demo. RSS技术实现(asp.net) 'sys' is undefined 错误. ASP.NET页面传值的方法
Nmap Techniques
live-evil · 2008-05-16 · via 博客园 - live-evil

by d3hydr8 > www.darkc0de.com
date: 01/20/08

Use nmap as a host discovery tool.

linuxbox:/home/d3hydr8 # nmap -sL 128.230.18.30-35 
 
Starting Nmap 4.50 ( http://insecure.org ) at 2008-01-17 22:41 EST 
Host npropane.syr.edu (128.230.18.30) not scanned 
Host helpeiam1.syr.edu (128.230.18.31) not scanned 
Host tracker5-18.syr.edu (128.230.18.32) not scanned 
Host mirage2.syr.edu (128.230.18.33) not scanned 
Host backup01-18.syr.edu (128.230.18.34) not scanned 
Host cwis01.syr.edu (128.230.18.35) not scanned 
Nmap done: 6 IP addresses (0 hosts up) scanned in 6.628 seconds

Use nmap as a banner scanner, scan an ip range for open port 25
running Imail.

linuxbox:/home/d3hydr8 # nmap -sV 12.150.145.135-139 -p25 | grep IMail -B 3 
 
Interesting ports on 138.145.static.conninc.com (12.150.145.138): 
PORT   STATE SERVICE VERSION 
25/tcp open  smtp    IMail NT-ESMTP 6.06 28262-4 
-- 
 
Interesting ports on 139.145.static.conninc.com (12.150.145.139): 
PORT   STATE SERVICE VERSION 
25/tcp open  smtp    IMail NT-ESMTP 6.06 28263-5

Use nmap as a banner scanner, scan an ip range for open port 25
running Imail and send output to a file.

linuxbox:/home/d3hydr8 # nmap -sV 12.150.145.137-139 -p25 | grep IMail -B 3 >> nmap.txt 
linuxbox:/home/d3hydr8 # cat nmap.txt 
 
Interesting ports on 138.145.static.conninc.com (12.150.145.138): 
PORT   STATE SERVICE VERSION 
25/tcp open  smtp    IMail NT-ESMTP 6.06 29384-6 
-- 
 
Interesting ports on 139.145.static.conninc.com (12.150.145.139): 
PORT   STATE SERVICE VERSION 
25/tcp open  smtp    IMail NT-ESMTP 6.06 29385-7

Use the more intensive version check option.

linuxbox:/home/d3hydr8 # nmap -sV --version-all 128.230.18.35 -p 80 
 
Starting Nmap 4.50 ( http://insecure.org ) at 2008-01-17 22:37 EST 
Interesting ports on cwis01.syr.edu (128.230.18.35): 
PORT   STATE SERVICE VERSION 
80/tcp open  http    Apache httpd

Use nmap as a banner scanner, scan random ips for open port 21
running ProFTPD.

linuxbox:/home/d3hydr8 # nmap -sV -iR 1500 -p21 | grep ProFTPD -B 3 
Starting Nmap 4.50 ( http://insecure.org ) at 2008-01-17 17:41 EST 
Interesting ports on www.buford-thompson.net (161.58.19.143): 
PORT   STATE SERVICE VERSION 
21/tcp open  ftp     ProFTPD

Use nmap to scan an ip address and get (guess) the OS being used.

linuxbox:/home/d3hydr8 # nmap -PN -O --osscan-limit 38.117.198.214 | grep Running 
Running (JUST GUESSING) : ZyXEL ZyNOS (96%)

Using nmap for a traceroute, finds an open port and counts the hops.

linuxbox:/home/d3hydr8 # nmap --traceroute 128.230.18.35 
 
Starting Nmap 4.50 ( http://insecure.org ) at 2008-01-17 22:27 EST 
Interesting ports on cwis01.syr.edu (128.230.18.35): 
Not shown: 1656 closed ports, 49 filtered ports 
PORT      STATE SERVICE 
80/tcp    open  http 
 
TRACEROUTE (using port 80/tcp) 
HOP RTT   ADDRESS 
1   2.89  192.168.1.1 
2   12.18 10.114.0.1 
3   9.52  172.22.5.13 
4   12.33 172.22.5.69 
5   10.86 172.22.33.73 
6   12.48 172.22.32.106 
7   15.21 12.86.87.29 
8   41.73 tbr2.attga.ip.att.net (12.122.96.74) 
9   41.78 tbr1.dlstx.ip.att.net (12.122.2.89) 
10  73.50 ggr3.dlstx.ip.att.net (12.123.16.201) 
11  42.87 br2-a3120s2.attga.ip.att.net (192.205.33.206) 
12  66.36 66.192.240.226 
13  74.74 64-132-176-170.static.twtelecom.net (64.132.176.170) 
14  77.85 128.230.61.1 
15  74.08 c6509r-srv.syr.edu (128.230.61.58) 
16  73.36 cwis01.syr.edu (128.230.18.35) 
 
Nmap done: 1 IP address (1 host up) scanned in 111.295 seconds

Use nmap to test the reason why a port is in a specific state.

linuxbox:/home/d3hydr8 # nmap --reason 128.230.18.35 -p 21 
 
Starting Nmap 4.50 ( http://insecure.org ) at 2008-01-17 22:31 EST 
Interesting ports on cwis01.syr.edu (128.230.18.35): 
PORT   STATE    SERVICE REASON 
21/tcp filtered ftp     no-response 
 
Nmap done: 1 IP address (1 host up) scanned in 1.247 seconds

Use nmap with a spoofed MAC address.

linuxbox:/home/d3hydr8 # nmap --spoof-mac 08:00:69:02:01:FC -iR 3 
 
Starting Nmap 4.50 ( http://insecure.org ) at 2008-01-17 22:51 EST 
Spoofing MAC address 08:00:69:02:01:FC (Silicon Graphics) 
Nmap done: 3 IP addresses (0 hosts up) scanned in 3.387 seconds

Use nmap with cloaked decoys. You can use my script for creating
a list of ips to use. http://www.darkc0de.com/misc/ipgen1.1.py

linuxbox:/home/d3hydr8 # nmap -D 198.162.1.100,198.162.1.101 -iR 3 
 
Starting Nmap 4.50 ( http://insecure.org ) at 2008-01-17 23:22 EST 
Nmap done: 3 IP addresses (0 hosts up) scanned in 3.082 seconds

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。