Penetration Testing with Kali Linux OffSec
nmap -v -p 139,445 -oG smb.txt 192.168.50.1-254
|
|
nmap -v -p 139,445 -oG smb.txt 192.168.50.1-254
kali@kali:~$ cat smb.txt # Nmap 7.92 scan initiated Thu Mar 17 06:03:12 2022 as: nmap -v -p 139,445 -oG smb.txt 192.168.50.1-254 # Ports scanned: TCP(2;139,445) UDP(0;) SCTP(0;) PROTOCOLS(0;) Host: 192.168.50.1 () Status: Down ... Host: 192.168.50.21 () Status: Up Host: 192.168.50.21 () Ports: 139/closed/tcp//netbios-ssn///, 445/closed/tcp//microsoft-ds/// ... Host: 192.168.50.217 () Status: Up Host: 192.168.50.217 () Ports: 139/closed/tcp//netbios-ssn///, 445/closed/tcp//microsoft-ds/// # Nmap done at Thu Mar 17 06:03:18 2022 -- 254 IP addresses (15 hosts up) scanned in 6.17 seconds Listing 73 - Using nmap to scan for the NetBIOS service We saved the scan output into a text file, which revealed hosts with ports 139 and 445 open. There are other, more specialized tools for specifically identifying NetBIOS information, such as nbtscan . We can use this to query the NetBIOS name service for valid NetBIOS names, specifying the originating UDP port as 137 with the -r option. kali@kali:~$ sudo nbtscan -r 192.168.50.0/24 Doing NBT name scan for addresses from 192.168.50.0/24 IP address NetBIOS Name Server User MAC address ------------------------------------------------------------------------------ 192.168.50.124 SAMBA 192.168.50.134 SAMBAWEB ... Listing 74 - Using nbtscan to collect additional NetBIOS information The scan revealed two NetBIOS names belonging to two hosts. This kind of information can be used to further improve the context of the scanned hosts, as NetBIOS names are often very descriptive about the role of the host within the organization. This data can feed our information- gathering cycle by leading to further disclosures. Nmap also offers many useful NSE scripts that we can use to discover and enumerate SMB services. We’ll find these scripts in the /usr/share/nmap/scripts directory. kali@kali:~$ Yüklə Dostları ilə paylaş:
|