Penetration Testing with Kali Linux OffSec
|
|
nmap -sT 192.168.50.149
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-09 06:44 EST Nmap scan report for 192.168.50.149 Host is up (0.11s latency). Not shown: 989 closed tcp ports (conn-refused) PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl ... Listing 59 - Using nmap to perform a TCP connect scan The output shows that the connect scan resulted in a few open services that are only active on the Windows-based host, especially Domain Controllers, as we’ll cover shortly. One major takeaway, even from this simple scan, is that we can already infer the underlying OS and role of the target host. Having reviewed the most common Nmap TCP scanning techniques, let’s learn about UDP Scanning . When performing a UDP scan, 262 Nmap will use a combination of two different methods to determine if a port is open or closed. For most ports, it will use the standard “ICMP port unreachable” method described earlier by sending an empty packet to a given port. However, for common ports, such as port 161, which is used by SNMP, it will send a protocol-specific SNMP packet in an attempt to get a response from an application bound to that port. To perform a UDP scan, we’ll use the -sU option, with sudo required to access raw sockets. kali@kali:~$ sudo nmap -sU 192.168.50.149 Starting Nmap 7.70 ( https://nmap.org ) at 2019-03-04 11:46 EST Nmap scan report for 192.168.131.149 Host is up (0.11s latency). Not shown: 977 closed udp ports (port-unreach) 260 (Nmap, 2022), https://nmap.org/book/scan-methods-connect-scan.html 261 (Wikipedia, 2022), https://en.wikipedia.org/wiki/Berkeley_sockets 262 (Nmap, 2022), https://nmap.org/book/scan-methods-udp-scan.html Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 146 PORT STATE SERVICE 123/udp open ntp 389/udp open ldap ... Nmap done: 1 IP address (1 host up) scanned in 22.49 seconds Listing 60 - Using nmap to perform a UDP scan The UDP scan (-sU) can also be used in conjunction with a TCP SYN scan (-sS) to build a more complete picture of our target. kali@kali:~$ Yüklə Dostları ilə paylaş:
|