Penetration Testing with Kali Linux OffSec
sudo nmap -O 192.168.50.14 --osscan-guess
|
|
sudo nmap -O 192.168.50.14 --osscan-guess
... Running (JUST GUESSING): Microsoft Windows 2008|2012|2016|7|Vista (88%) OS CPE: cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_server_2012:r2 cpe:/o:microsoft:windows_server_2016 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_vista::sp1:home_premium Aggressive OS guesses: Microsoft Windows Server 2008 SP1 or Windows Server 2008 R2 (88%), Microsoft Windows Server 2012 or Windows Server 2012 R2 (88%), Microsoft Windows Server 2012 R2 (88%), Microsoft Windows Server 2012 (87%), Microsoft Windows Server 2016 (87%), Microsoft Windows 7 (86%), Microsoft Windows Vista Home Premium SP1 (85%), Microsoft Windows 7 Professional (85%) No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ). ... Listing 67 - Using nmap for OS fingerprinting The response suggests that the underlying operating system of this target is either Windows 2008 R2, 2012, 2016, Vista, or Windows 7. Note that OS Fingerprinting is not always 100% accurate, often due to network devices like firewalls or proxies that rewrite packet headers in between the communication. Once we have recognized the underlying operating system, we can go further and identify services running on specific ports by inspecting service banners with -A parameter which also runs various OS and service enumeration scripts against the target. . kali@kali:~$ nmap -sT -A 192.168.50.14 Nmap scan report for 192.168.50.14 Host is up (0.12s latency). Not shown: 996 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 21/tcp open ftp? | fingerprint-strings: | DNSStatusRequestTCP, DNSVersionBindReqTCP, GenericLines, NULL, RPCCheck, SSLSessionReq, TLSSessionReq, TerminalServerCookie: | 220-FileZilla Server 1.2.0 | Please visit https://filezilla-project.org/ | GetRequest: | 220-FileZilla Server 1.2.0 | Please visit https://filezilla-project.org/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 150 | What are you trying to do? Go away. | HTTPOptions, RTSPRequest: | 220-FileZilla Server 1.2.0 | Please visit https://filezilla-project.org/ | Wrong command. | Help: | 220-FileZilla Server 1.2.0 | Please visit https://filezilla-project.org/ | 214-The following commands are recognized. | USER TYPE SYST SIZE RNTO RNFR RMD REST QUIT | HELP XMKD MLST MKD EPSV XCWD NOOP AUTH OPTS DELE | CDUP APPE STOR ALLO RETR PWD FEAT CLNT MFMT | MODE XRMD PROT ADAT ABOR XPWD MDTM LIST MLSD PBSZ | NLST EPRT PASS STRU PASV STAT PORT |_ Help ok. | ftp-syst: |_ SYST: UNIX emulated by FileZilla. | ssl-cert: Subject: commonName=filezilla-server self signed certificate | Not valid before: 2022-01-06T15:37:24 |_Not valid after: 2023-01-07T15:42:24 |_ssl-date: TLS randomness does not represent time 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 445/tcp open microsoft-ds? Nmap done: 1 IP address (1 host up) scanned in 55.67 seconds Listing 68 - Using nmap for banner grabbing and/or service enumeration In the above example we used the -A parameter to run a service scan with extra options. If we want to run a plain service nmap scan we can do it by providing only the -sV parameter. Banner grabbing significantly impacts the amount of traffic used as well as the speed of our scan. We should always be mindful of the options we use with nmap and how they affect our scans. Banners can be modified by system administrators and intentionally set to fake service names to mislead potential attackers. Now that we have covered Nmap’s major features, we’ll focus on specific Nmap scripts encompassed by the Nmap Scripting Engine (NSE). We can use the NSE 266 to launch user-created scripts in order to automate various scanning tasks. These scripts perform a broad range of functions including DNS enumeration, brute force attacks, and even vulnerability identification. NSE scripts are located in the /usr/share/nmap/scripts directory. The http-headers script, for example, attempts to connect to the HTTP service on a target system and determine the supported headers. 266 (Nmap, 2022), http://nmap.org/book/nse.html Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 151 kali@kali:~$ Yüklə Dostları ilə paylaş:
|