Penetration Testing with Kali Linux OffSec
nmap --script http-headers 192.168.50.6
|
|
nmap --script http-headers 192.168.50.6
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-10 13:53 EST Nmap scan report for 192.168.50.6 Host is up (0.14s latency). Not shown: 998 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http | http-headers: | Date: Thu, 10 Mar 2022 18:53:29 GMT | Server: Apache/2.4.41 (Ubuntu) | Last-Modified: Thu, 10 Mar 2022 18:51:54 GMT | ETag: "d1-5d9e1b5371420" | Accept-Ranges: bytes | Content-Length: 209 | Vary: Accept-Encoding | Connection: close | Content-Type: text/html | |_ (Request type: HEAD) Nmap done: 1 IP address (1 host up) scanned in 5.11 seconds Listing 69 - Using nmap’s scripting engine (NSE) for OS fingerprinting To view more information about a script, we can use the --script-help option, which displays a description of the script and a URL where we can find more in-depth information, such as the script arguments and usage examples. kali@kali:~$ nmap --script-help http-headers Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-10 13:54 EST http-headers Categories: discovery safe https://nmap.org/nsedoc/scripts/http-headers.html Performs a HEAD request for the root folder ("/") of a web server and displays the HTTP headers returned. ... Listing 70 - Using the --script-help option to view more information about a script When internet access is not available, much of this information can also be found in the NSE script file itself. It’s worth our time to explore the various NSE scripts, as many of them are helpful and time- saving. Having learned how to perform port scanning from Kali, let’s explore how can we apply the same concepts from a Windows host. If we are conducting initial network enumeration from a Windows laptop with no internet access, we are prevented from installing any extra tools that might help us, like the Windows Nmap version. In such a limited scenario, we are forced to pursue the ‘living off the land’ strategy we discussed earlier. Luckily, there are a few helpful built-in PowerShell functions we can use. Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 152 The Test-NetConnection 267 function checks if an IP responds to ICMP and whether a specified TCP port on the target host is open. For instance, from the Windows 11 client, we can verify if the SMB port 445 is open on a domain controller as follows. PS C:\Users\student> Yüklə Dostları ilə paylaş:
|