20169208 2016-2017-2 《网络攻防实践》nmap扫描实践
20169208 2016-2017-2 《网络攻防实践》nmap扫描实践
nmap是一个网络连接端扫描软件,用来扫描网上电脑开放的网络连接端。确定哪些服务运行在哪些连接端,并且推断计算机运行哪个操作系统。
nmap基本功能有三个,一是探测一组主机是否在线;其次是扫描 主机端口,嗅探所提供的网络服务;还可以推断主机所用的操作系统 。Nmap可用于扫描仅有两个节点的LAN,直至500个节点以上的网络。Nmap 还允许用户定制扫描技巧。通常,一个简单的使用ICMP协议的ping操作可以满足一般需求;也可以深入探测UDP或者TCP端口,直至主机所 使用的操作系统;还可以将所有探测结果记录到各种格式的日志中, 供进一步分析操作。
1、靶机IP地址是否活跃
使用nmap的-sP命令
nmap -sP 172.16.6.44/24
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-04-26 14:19 CST
Nmap scan report for localhost (172.16.6.1)
Host is up (0.00047s latency).
MAC Address: 18:66:DA:F3:34:51 (Unknown)
Nmap scan report for localhost (172.16.6.3)
Host is up (0.00026s latency).
MAC Address: F8:0F:41:FD:62:1E (Wistron InfoComm(ZhongShan))
Nmap scan report for localhost (172.16.6.4)
Host is up (0.00064s latency).
MAC Address: 00:1A:4B:20:9C:D3 (Hewlett Packard)
Nmap scan report for localhost (172.16.6.5)
Host is up (0.00058s latency).
MAC Address: 30:CD:A7:C2:B7:15 (Samsung Electronics ITS, Printer division)
Nmap scan report for localhost (172.16.6.13)
Host is up (0.00079s latency).
MAC Address: F0:DE:F1:A6:CA:BC (Wistron InfoComm (Kunshan)Co)
Nmap scan report for localhost (172.16.6.21)
Host is up (0.00036s latency).
MAC Address: 00:0C:29:EA:D3:D0 (VMware)
Nmap scan report for localhost (172.16.6.25)
Host is up (0.00047s latency).
MAC Address: B0:95:8E:A5:7D:FC (Unknown)
Nmap scan report for localhost (172.16.6.27)
Host is up (0.00032s latency).
MAC Address: 3C:4A:92:B9:59:B5 (Hewlett Packard)
Nmap scan report for localhost (172.16.6.30)
Host is up (0.00041s latency).
MAC Address: FC:4D:D4:F7:42:0F (Universal Global Scientific Industrial)
Nmap scan report for localhost (172.16.6.31)
Host is up (0.0015s latency).
MAC Address: B8:AE:ED:DA:30:CC (Elitegroup Computer Systems)
Nmap scan report for localhost (172.16.6.32)
Host is up (0.0014s latency).
MAC Address: 00:0B:0E:3B:18:80 (Trapeze Networks)
Nmap scan report for localhost (172.16.6.35)
Host is up (0.00026s latency).
MAC Address: 00:0C:29:33:2E:F8 (VMware)
Nmap scan report for localhost (172.16.6.36)
Host is up (0.0012s latency).
MAC Address: 00:0C:29:BF:8C:D9 (VMware)
Nmap scan report for localhost (172.16.6.46)
Host is up (0.071s latency).
MAC Address: 78:A1:06:EF:CA:D9 (Tp-link Technologies)
Nmap scan report for localhost (172.16.6.48)
Host is up (0.0017s latency).
MAC Address: 00:0C:29:FA:DD:2A (VMware)
Nmap scan report for localhost (172.16.6.51)
Host is up (0.00052s latency).
MAC Address: FC:4D:D4:3E:0E:86 (Universal Global Scientific Industrial)
Nmap scan report for localhost (172.16.6.54)
Host is up (0.00035s latency).
MAC Address: 1C:FA:68:2A:32:A9 (Tp-link Technologies)
Nmap scan report for localhost (172.16.6.55)
Host is up (0.00043s latency).
MAC Address: F8:0F:41:DA:50:6F (Wistron InfoComm(ZhongShan))
Nmap scan report for localhost (172.16.6.57)
Host is up (0.00026s latency).
MAC Address: EC:17:2F:FF:65:D7 (Tp-link Technologies)
Nmap scan report for localhost (172.16.6.63)
Host is up (0.00060s latency).
MAC Address: B0:48:7A:59:FF:71 (Tp-link Technologies)
Nmap scan report for localhost (172.16.6.67)
Host is up (0.00029s latency).
MAC Address: 44:37:E6:87:7F:0A (Hon Hai Precision Ind.)
Nmap scan report for localhost (172.16.6.69)
Host is up (0.0039s latency).
MAC Address: 00:E1:66:02:09:A6 (Unknown)
Nmap scan report for localhost (172.16.6.71)
Host is up (0.00088s latency).
MAC Address: FC:4D:D4:34:EE:A4 (Universal Global Scientific Industrial)
Nmap scan report for localhost (172.16.6.73)
Host is up (0.00071s latency).
MAC Address: CC:B2:55:5C:1C:47 (D-Link International)
Nmap scan report for localhost (172.16.6.79)
Host is up (0.00075s latency).
MAC Address: 18:03:73:3E:F1:EF (Dell)
Nmap scan report for localhost (172.16.6.88)
Host is up (0.00047s latency).
MAC Address: D0:C7:C0:17:DA:87 (Tp-link Technologies)
Nmap scan report for localhost (172.16.6.90)
Host is up (0.0010s latency).
MAC Address: C0:3F:D5:A8:D2:03 (Elitegroup Computer Systems)
Nmap scan report for localhost (172.16.6.95)
Host is up (0.00068s latency).
MAC Address: 00:21:97:CC:36:72 (Elitegroup Computer System)
Nmap scan report for localhost (172.16.6.97)
Host is up (0.0013s latency).
MAC Address: 00:0C:29:30:85:76 (VMware)
Nmap scan report for localhost (172.16.6.98)
Host is up (0.0013s latency).
MAC Address: EC:A8:6B:2E:0A:AB (Elitegroup Computer Systems)
Nmap scan report for localhost (172.16.6.102)
Host is up (0.00063s latency).
MAC Address: 00:21:86:F6:BB:01 (Universal Global Scientific Industrial)
Nmap scan report for localhost (172.16.6.103)
Host is up (0.00056s latency).
MAC Address: FC:4D:D4:34:EE:3A (Universal Global Scientific Industrial)
Nmap scan report for localhost (172.16.6.113)
Host is up (0.00086s latency).
MAC Address: 00:90:F5:F0:F1:30 (Clevo)
Nmap scan report for localhost (172.16.6.114)
Host is up (0.00079s latency).
MAC Address: 00:0C:29:4B:5C:BE (VMware)
Nmap scan report for localhost (172.16.6.117)
Host is up (0.00017s latency).
MAC Address: 00:0C:29:54:5D:F0 (VMware)
Nmap scan report for localhost (172.16.6.124)
Host is up (0.00059s latency).
MAC Address: 70:F3:95:17:5D:C6 (Universal Global Scientific Industrial)
Nmap scan report for localhost (172.16.6.125)
Host is up (0.022s latency).
MAC Address: 6C:88:14:CB:4D:20 (Intel Corporate)
Nmap scan report for localhost (172.16.6.128)
Host is up (0.00060s latency).
MAC Address: FC:4D:D4:34:F1:7D (Universal Global Scientific Industrial)
Nmap scan report for localhost (172.16.6.139)
Host is up (0.00028s latency).
MAC Address: 1C:6F:65:05:B3:DD (Giga-byte Technology)
Nmap scan report for localhost (172.16.6.146)
Host is up (0.0012s latency).
MAC Address: C0:3F:D5:A9:7F:DE (Elitegroup Computer Systems)
Nmap scan report for localhost (172.16.6.153)
Host is up (0.00067s latency).
MAC Address: B8:AE:ED:98:9C:33 (Elitegroup Computer Systems)
Nmap scan report for localhost (172.16.6.160)
Host is up (0.00086s latency).
MAC Address: 00:21:86:EF:2F:CA (Universal Global Scientific Industrial)
Nmap scan report for localhost (172.16.6.161)
Host is up (0.00046s latency).
MAC Address: 34:96:72:27:C2:9B (Unknown)
Nmap scan report for localhost (172.16.6.163)
Host is up (0.00063s latency).
MAC Address: D0:BF:9C:34:F7:1A (Hewlett Packard)
Nmap scan report for 172.16.6.165
Host is up (0.00042s latency).
MAC Address: F4:83:CD:FE:1C:AB (Tp-link Technologies)
Nmap scan report for 172.16.6.166
Host is up (0.0013s latency).
MAC Address: D8:CB:8A:74:7E:35 (Micro-star Intl)
Nmap scan report for localhost (172.16.6.171)
Host is up (0.00033s latency).
MAC Address: FC:4D:D4:34:EE:80 (Universal Global Scientific Industrial)
Nmap scan report for localhost (172.16.6.179)
Host is up (0.00056s latency).
MAC Address: 44:37:E6:44:A1:13 (Hon Hai Precision Ind.)
Nmap scan report for localhost (172.16.6.187)
Host is up (0.00099s latency).
MAC Address: 00:0C:29:8E:0F:E9 (VMware)
Nmap scan report for localhost (172.16.6.192)
Host is up (0.00061s latency).
MAC Address: 00:21:86:F6:BE:97 (Universal Global Scientific Industrial)
Nmap scan report for localhost (172.16.6.193)
Host is up (0.017s latency).
MAC Address: 64:BC:0C:51:BE:99 (LG Electronics)
Nmap scan report for localhost (172.16.6.199)
Host is up (0.00040s latency).
MAC Address: 68:F7:28:89:4A:8A (Lcfc(hefei) Electronics Technology)
Nmap scan report for localhost (172.16.6.203)
Host is up (0.00089s latency).
MAC Address: EC:A8:6B:2E:0C:4B (Elitegroup Computer Systems)
Nmap scan report for localhost (172.16.6.205)
Host is up (0.00011s latency).
MAC Address: FC:4D:D4:34:ED:FF (Universal Global Scientific Industrial)
Nmap scan report for localhost (172.16.6.209)
Host is up (0.00090s latency).
MAC Address: 00:0C:29:F3:27:0C (VMware)
Nmap scan report for localhost (172.16.6.213)
Host is up (0.0092s latency).
MAC Address: 60:D8:19:C5:FB:0C (Hon Hai Precision Ind.)
Nmap scan report for localhost (172.16.6.218)
Host is up (0.00072s latency).
MAC Address: F8:0F:41:FD:5B:FA (Wistron InfoComm(ZhongShan))
Nmap scan report for localhost (172.16.6.219)
Host is up (0.00030s latency).
MAC Address: 00:21:86:F6:BA:9D (Universal Global Scientific Industrial)
Nmap scan report for localhost (172.16.6.234)
Host is up (0.00061s latency).
MAC Address: B8:38:61:2C:A4:2B (Cisco Systems)
Nmap scan report for localhost (172.16.6.237)
Host is up (0.00042s latency).
MAC Address: AC:9E:17:82:9C:BB (Asustek Computer)
Nmap scan report for localhost (172.16.6.238)
Host is up (0.00068s latency).
MAC Address: 00:23:24:81:AE:6A (G-pro Computer)
Nmap scan report for localhost (172.16.6.244)
Host is up (0.0017s latency).
MAC Address: B8:AE:ED:98:9C:56 (Elitegroup Computer Systems)
Nmap scan report for localhost (172.16.6.246)
Host is up (0.00050s latency).
MAC Address: FC:4D:D4:34:EE:7E (Universal Global Scientific Industrial)
Nmap scan report for localhost (172.16.6.249)
Host is up (0.00086s latency).
MAC Address: FC:4D:D4:34:EE:8C (Universal Global Scientific Industrial)
Nmap scan report for localhost (172.16.6.44)
Host is up.
Nmap done: 256 IP addresses (65 hosts up) scanned in 1.68 seconds
列出了网段内所有的活跃主机,其中有靶机172.16.6.35、172.16.6.21和172.16.6.117
2、靶机开放了哪些TCP和UDP端口
针对TCP的扫描有:
- TCP connect(),基本TCP扫描方式。对应命令为 -sT
- TCP SYN 半开放扫描。对应命令为 -sS
- TCP FIN 原理是关闭的端口会用适当的RST来回复FIN数据包,而打开的端口会忽略对FIN数据包的回复。但是和系统的实现有关,有点系统不管端口是否打开都回复RST,此方法不适用了。对应命令为 -sF
这里使用-sS,TCP SYN 半开放扫描。
针对UDP端口的扫描只有一个,-sU。
(1)对靶机SEED的扫描
nmap -sS 172.16.6.35
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-04-26 14:28 CST
Nmap scan report for localhost (172.16.6.35)
Host is up (0.00017s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:0C:29:33:2E:F8 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
结果分析:开放的TCP端口为22, 是ssh服务
nmap -sU 172.16.6.35
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-04-26 14:29 CST
Nmap scan report for localhost (172.16.6.35)
Host is up (0.00033s latency).
Not shown: 954 closed ports, 45 open|filtered ports
PORT STATE SERVICE
5353/udp open zeroconf
MAC Address: 00:0C:29:33:2E:F8 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 1019.60 seconds
结果分析:开放的UDP端口为5353。
(2)对靶机Ubuntu扫描
nmap -sS 172.16.6.21
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-04-26 14:27 CST
Nmap scan report for localhost (172.16.6.21)
Host is up (0.000089s latency).
Not shown: 988 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
53/tcp open domain
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3306/tcp open mysql
5432/tcp open postgresql
8009/tcp open ajp13
8180/tcp open unknown
MAC Address: 00:0C:29:EA:D3:D0 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
结果分析:开放的TCP端口为21、22、23、25、53、139、445、3306、5432、8180
nmap -sU 172.16.6.21
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-04-26 14:27 CST
Nmap scan report for localhost (172.16.6.21)
Host is up (0.00028s latency).
Not shown: 950 closed ports, 48 open|filtered ports
PORT STATE SERVICE
53/udp open domain
137/udp open netbios-ns
MAC Address: 00:0C:29:EA:D3:D0 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 1009.94 seconds
结果分析:UDP开放的端口为53,137。
(3)对靶机Windows扫描
nmap -sS -sU 172.16.6.117
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-04-26 14:24 CST
Nmap scan report for localhost (172.16.6.117)
Host is up (0.00029s latency).
Not shown: 1986 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
5000/tcp open upnp
123/udp open ntp
137/udp open netbios-ns
138/udp open|filtered netbios-dgm
445/udp open|filtered microsoft-ds
500/udp open|filtered isakmp
1026/udp open|filtered win-rpc
1027/udp open|filtered unknown
1900/udp open|filtered upnp
18582/udp open|filtered unknown
MAC Address: 00:0C:29:54:5D:F0 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 1.32 seconds
结果分析:开放的TCP端口为135、139、445、1025、5000
开放的UDP端口为123、137、138、445、500、1026、1027、1900、18582
3、靶机的操作系统版本
操作系统探测nmap -O 目标IP地址
(1)对靶机SEED的扫描
nmap -O 172.16.6.35
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-04-26 14:33 CST
Nmap scan report for localhost (172.16.6.35)
Host is up (0.00028s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:0C:29:33:2E:F8 (VMware)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.13 - 2.6.32
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.74 seconds
结果分析:操作系统是Linux 2.6.X,Linux 2.6.13 - 2.6.32。
(2)对靶机Ubuntu的扫描
nmap -O 172.16.6.21
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-04-26 14:32 CST
Nmap scan report for localhost (172.16.6.21)
Host is up (0.00021s latency).
Not shown: 988 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
53/tcp open domain
80/tcp open http
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3306/tcp open mysql
5432/tcp open postgresql
8009/tcp open ajp13
8180/tcp open unknown
MAC Address: 00:0C:29:EA:D3:D0 (VMware)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.9 - 2.6.33
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.68 seconds
结果分析:操作系统是Linux 2.6.X,Linux 2.6.9 - 2.6.33。
(3)对靶机Windows的扫描
nmap -O 172.16.6.117
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-04-26 14:33 CST
Nmap scan report for localhost (172.16.6.117)
Host is up (0.00041s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
5000/tcp open upnp
MAC Address: 00:0C:29:54:5D:F0 (VMware)
Device type: general purpose
Running: Microsoft Windows 2000|XP
OS CPE: cpe:/o:microsoft:windows_2000::- cpe:/o:microsoft:windows_2000::sp1 cpe:/o:microsoft:windows_2000::sp2 cpe:/o:microsoft:windows_2000::sp3 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_xp::- cpe:/o:microsoft:windows_xp::sp1
OS details: Microsoft Windows 2000 SP0 - SP4 or Windows XP SP0 - SP1
Network Distance: 1 hop
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.37 seconds
操作系统是:Microsoft Windows 2000|XP, Microsoft Windows 2000 SP0 - SP4 或 Windows XP SP0 - SP1。
4、靶机上安装的网络服务
网络服务版本检测扫描
nmap -sV 目标IP地址
用SYN扫描开放的端口及端口使用的软件版本。
(1)对靶机SEED的扫描
nmap -sV 172.16.6.35
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-04-26 14:42 CST
Nmap scan report for localhost (172.16.6.35)
Host is up (0.00015s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.1p1 Debian 5ubuntu1 (Ubuntu Linux; protocol 2.0)
MAC Address: 00:0C:29:33:2E:F8 (VMware)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.71 seconds
结果分析:安装了ssh服务,版本号是 OpenSSH 5.1p1 Debian 5ubuntu1 (Ubuntu Linux; protocol 2.0),在TCP22端口。
(2)对靶机Ubuntu的扫描
nmap -sV 172.16.6.21
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-04-26 14:30 CST
Nmap scan report for localhost (172.16.6.21)
Host is up (0.000093s latency).
Not shown: 988 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.3.1
22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
23/tcp open telnet Linux telnetd
25/tcp open smtp Postfix smtpd
53/tcp open domain ISC BIND 9.4.2
80/tcp open http Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch)
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
3306/tcp open mysql MySQL 5.0.51a-3ubuntu5
5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7
8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
8180/tcp open http Apache Tomcat/Coyote JSP engine 1.1
MAC Address: 00:0C:29:EA:D3:D0 (VMware)
Service Info: Host: metasploitable.localdomain; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.86 seconds
结果分析:
安装了FTP服务,版本号是ProFTPD 1.3.1,在TCP21端口。
安装了ssh服务,版本号是 OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0),在TCP22端口。
安装了Telnet服务,版本号是Linux telnetd,在tcp23端口。
安装了SMTP服务,版本号是Postfix smtpd,在tcp25端口。
安装了domain服务,版本号是ISC BIND 9.4.2,在tcp53端口。
安装了http服务,版本号是Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch),在tcp80端口。
安装了netbios-ssn服务,版本号是Samba smbd 3.X - 4.X (workgroup: WORKGROUP),在tcp139端口。
安装了netbios-ssn服务,版本号是Samba smbd 3.X - 4.X (workgroup: WORKGROUP),在tcp445端口。
安装了mysql服务,版本号是MySQL 5.0.51a-3ubuntu5,在tcp3306端口。
安装了postgresql服务,版本号是MySQL 5.0.51a-3ubuntu5,在tcp5432端口。
安装了ajp13服务,版本号是Apache Jserv (Protocol v1.3),在tcp8080端口。
安装了http服务,版本号是Apache Tomcat/Coyote JSP engine 1.1,在tcp8180端口。
(3)对靶机Windows的扫描
nmap -sV 172.16.6.117
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-04-26 14:35 CST
Nmap scan report for localhost (172.16.6.117)
Host is up (0.00036s latency).
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
5000/tcp open upnp?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port5000-TCP:V=7.25BETA1%I=7%D=4/26%Time=59003FAC%P=x86_64-pc-linux-gnu
SF:%r(GenericLines,1C,"HTTP/1\.1\x20400\x20Bad\x20Request\r\n\r\n")%r(GetR
SF:equest,1C,"HTTP/1\.1\x20400\x20Bad\x20Request\r\n\r\n")%r(RTSPRequest,1
SF:C,"HTTP/1\.1\x20400\x20Bad\x20Request\r\n\r\n")%r(HTTPOptions,1C,"HTTP/
SF:1\.1\x20400\x20Bad\x20Request\r\n\r\n")%r(FourOhFourRequest,1C,"HTTP/1\
SF:.1\x20400\x20Bad\x20Request\r\n\r\n")%r(SIPOptions,1C,"HTTP/1\.1\x20400
SF:\x20Bad\x20Request\r\n\r\n");
MAC Address: 00:0C:29:54:5D:F0 (VMware)
Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 120.84 seconds
安装了tcp服务,版本号是Microsoft Windows RPC,在tcp135端口。
安装了netbios-ssn服务,版本号是Microsoft Windows netbios-ssn,在tcp139端口。
安装了microsoft-ds服务,版本号是Microsoft Windows XP microsoft-ds,在tcp445端口。
安装了msrpc服务,版本号是Microsoft Windows RPC,在tcp1025端口。
参考资料
posted on 2017-04-26 16:23 your_victory 阅读(1027) 评论(0) 编辑 收藏 举报
