Penetration Testing with Kali Linux OffSec


sudo nmap -O 192.168.50.14 --osscan-guess


səhifə81/132
tarix21.12.2023
ölçüsü
#187693
1   ...   77   78   79   80   81   82   83   84   ...   132
PEN-200

sudo nmap -O 192.168.50.14 --osscan-guess
... 
Running (JUST GUESSING): Microsoft Windows 2008|2012|2016|7|Vista (88%) 
OS CPE: cpe:/o:microsoft:windows_server_2008::sp1 
cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_server_2012:r2 
cpe:/o:microsoft:windows_server_2016 cpe:/o:microsoft:windows_7 
cpe:/o:microsoft:windows_vista::sp1:home_premium 
Aggressive OS guesses: Microsoft Windows Server 2008 SP1 or Windows Server 2008 R2 
(88%), Microsoft Windows Server 2012 or Windows Server 2012 R2 (88%), Microsoft 
Windows Server 2012 R2 (88%), Microsoft Windows Server 2012 (87%), Microsoft Windows 
Server 2016 (87%), Microsoft Windows 7 (86%), Microsoft Windows Vista Home Premium SP1 
(85%), Microsoft Windows 7 Professional (85%) 
No exact OS matches for host (If you know what OS is running on it, see 
https://nmap.org/submit/ ). 
... 
Listing 67 - Using nmap for OS fingerprinting 
The response suggests that the underlying operating system of this target is either Windows 
2008 R2, 2012, 2016, Vista, or Windows 7. 
Note that OS Fingerprinting is not always 100% accurate, often due to network 
devices like firewalls or proxies that rewrite packet headers in between the 
communication. 
Once we have recognized the underlying operating system, we can go further and identify 
services running on specific ports by inspecting service banners with -A parameter which also 
runs various OS and service enumeration scripts against the target. . 
kali@kali:~$ 
nmap -sT -A 192.168.50.14
Nmap scan report for 192.168.50.14 
Host is up (0.12s latency). 
Not shown: 996 closed tcp ports (conn-refused) 
PORT STATE SERVICE VERSION 
21/tcp open ftp? 
| fingerprint-strings: 
| DNSStatusRequestTCP, DNSVersionBindReqTCP, GenericLines, NULL, RPCCheck, 
SSLSessionReq, TLSSessionReq, TerminalServerCookie: 
| 220-FileZilla Server 1.2.0 
| Please visit https://filezilla-project.org/ 
| GetRequest: 
| 220-FileZilla Server 1.2.0 
| Please visit https://filezilla-project.org/ 


Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
150 
| What are you trying to do? Go away. 
| HTTPOptions, RTSPRequest: 
| 220-FileZilla Server 1.2.0 
| Please visit https://filezilla-project.org/ 
| Wrong command. 
| Help: 
| 220-FileZilla Server 1.2.0 
| Please visit https://filezilla-project.org/ 
| 214-The following commands are recognized. 
| USER TYPE SYST SIZE RNTO RNFR RMD REST QUIT 
| HELP XMKD MLST MKD EPSV XCWD NOOP AUTH OPTS DELE 
| CDUP APPE STOR ALLO RETR PWD FEAT CLNT MFMT 
| MODE XRMD PROT ADAT ABOR XPWD MDTM LIST MLSD PBSZ 
| NLST EPRT PASS STRU PASV STAT PORT 
|_ Help ok. 
| ftp-syst: 
|_ SYST: UNIX emulated by FileZilla. 
| ssl-cert: Subject: commonName=filezilla-server self signed certificate 
| Not valid before: 2022-01-06T15:37:24 
|_Not valid after: 2023-01-07T15:42:24 
|_ssl-date: TLS randomness does not represent time 
135/tcp open msrpc Microsoft Windows RPC 
139/tcp open netbios-ssn Microsoft Windows netbios-ssn 
445/tcp open microsoft-ds? 
Nmap done: 1 IP address (1 host up) scanned in 55.67 seconds 
Listing 68 - Using nmap for banner grabbing and/or service enumeration 
In the above example we used the -A parameter to run a service scan with extra options. If we 
want to run a plain service nmap scan we can do it by providing only the -sV parameter. 
Banner grabbing significantly impacts the amount of traffic used as well as the speed of our 
scan. We should always be mindful of the options we use with nmap and how they affect our 
scans. 
Banners can be modified by system administrators and intentionally set to fake 
service names to mislead potential attackers. 
Now that we have covered Nmap’s major features, we’ll focus on specific Nmap scripts 
encompassed by the 
Nmap Scripting Engine
(NSE). 
We can use the NSE
266
to launch user-created scripts in order to automate various scanning 
tasks. These scripts perform a broad range of functions including DNS enumeration, brute force 
attacks, and even vulnerability identification. NSE scripts are located in the 
/usr/share/nmap/scripts
directory. 
The 
http-headers
script, for example, attempts to connect to the HTTP service on a target system 
and determine the supported headers. 
266
(Nmap, 2022), http://nmap.org/book/nse.html 


Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
151 
kali@kali:~$ 

Yüklə

Dostları ilə paylaş:
1   ...   77   78   79   80   81   82   83   84   ...   132




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin