nmap使用方法

扫描目标主机使用的操作系统。

root@bt:~# nmap -sT -O -A 192.168.1.133
 
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-31 02:28 EDT
Nmap scan report for 192.168.1.133
Host is up (0.090s latency).
Not shown: 986 closed ports
PORT     STATE    SERVICE         VERSION
80/tcp   open     http            Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-methods: No Allow or Public header in OPTIONS response (status code 404)
|_http-title: Not Found
135/tcp  open     msrpc           Microsoft Windows RPC
139/tcp  open     netbios-ssn
445/tcp  open     netbios-ssn
514/tcp  filtered shell
902/tcp  open     ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
912/tcp  open     vmware-auth     VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
1025/tcp open     msrpc           Microsoft Windows RPC
1026/tcp open     msrpc           Microsoft Windows RPC
1027/tcp open     msrpc           Microsoft Windows RPC
1029/tcp open     msrpc           Microsoft Windows RPC
1030/tcp open     msrpc           Microsoft Windows RPC
1433/tcp open     ms-sql-s        Microsoft SQL Server 2008 R2 10.50.1600.00; Pre-RTM
2383/tcp open     ms-olap4?
Device type: general purpose
Running: Microsoft Windows 7(这里是目标使用的操作系统)
OS CPE: cpe:/o:microsoft:windows_7:::enterprise
OS details: Microsoft Windows 7 Enterprise(操作系统的版本)
Network Distance: 2 hops
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
 
Host script results:
|_nbstat: NetBIOS name: TKE-PC(这里是计算机名称), NetBIOS user: <unknown>, NetBIOS MAC: 70:71:bc:79:fa:54 (Pegatron)   (网卡mac地址)
| smb-security-mode:
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server supports SMBv2 protocol
| smb-os-discovery:
|   OS: Windows 7 Ultimate 7600 (Windows 7 Ultimate 6.1)
|   NetBIOS computer name: TKE-PC
|   Workgroup: WORKGROUP
|_  System time: 2012-08-31 02:31:37 UTC+8
| ms-sql-info:
|   [192.168.1.133:1433]
|     Version: Microsoft SQL Server 2008 R2 Pre-RTM
|       Version number: 10.50.1600.00
|       Product: Microsoft SQL Server 2008 R2
|       Service pack level: Pre-RTM
|_    TCP port: 1433
 
TRACEROUTE (using proto 1/icmp)
HOP RTT     ADDRESS
1   0.13 ms 192.168.129.2
2   0.75 ms 192.168.1.133
 
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 188.80 seconds

 这样,就探测出了主机系统为win7,同时还可以看出使用的数据库时SQL server 2008 R2。

不过扫描使用的时间就稍微长了一点,188秒,也就是3分钟左右。

通过QQ的IP探测,我找了一个IP来进行测试,结果发现是这样的

复制代码
root@bt:~# nmap -sT -O -A 223.67.165.180

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-31 02:47 EDT
Nmap scan report for 223.67.165.180
Host is up (0.00051s latency).
All 1000 scanned ports on 223.67.165.180 are filtered
Too many fingerprints match this host to give specific OS details

TRACEROUTE (using proto 1/icmp)
HOP RTT    ADDRESS
1   ... 30

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 33.84 seconds
复制代码

原来是对方使用了路由器,扫描变成了对路由器的扫描了。

posted @ 2015-08-09 11:14  idmask  阅读(659)  评论(0编辑  收藏  举报