Upload
abendcve99990001
View
651
Download
2
Embed Size (px)
Citation preview
Nmap
Nmap()
2Twitterabend
ISOG-WG1Burp Suite Japan User Group
Nmap31
OS
4
5
$ nmap 192.168.0.1
# nmap 192.168.0.1
6Connect Scan
SYN Scan
7SYN ScanRaw SocketConnect Scan
8SYN ScanConnect Scan2
91-sT2--unprivileged
10-A-O-sV-sC--traceroute --unprivileged -O --traceroute
11root@kali:~# nmap -O 192.168.217.131 --unprivilegedTCP/IP fingerprinting (for OS scan) requires root privileges.QUITTING!-O-A
12
unfiltered13
146
open , closed , filtered , unfiltered , open|filtered , closed|filtered
156
open , closed , filtered , unfiltered , open|filtered , closed|filtered
unfiltered?16Nmap
Nmaphttps://nmap.org/man/jp/man-port-scanning-basics.html
unfiltered17open
18ACK ScanACKstatus
ACK
ACK Scan
ACK Scan19
filter
filter!!
ACK Scan20
RSTRSTopenclosed(filter)unfilteredfilter!!
ACK Scan21 filteropenclose
ACK Scan22 } else if (tcp->th_flags & TH_RST) { current_reason = ER_RESETPEER; if (USI->scantype == WINDOW_SCAN ) { newstate = (tcp->th_win) ? PORT_OPEN : PORT_CLOSED; } else if (USI->scantype == ACK_SCAN) { newstate = PORT_UNFILTERED; } else newstate = PORT_CLOSED;scan_engin_raw.cc18181824
Window Scan23
Window Scan24NmapReference Guide
Window scan is exactly the same as ACK scan except that it exploits an implementation detail of certain systems to differentiate open ports from closed ones
https://nmap.org/book/man-port-scanning-techniques.html
Window Scan25Widow ScanACK ScanWindow Scanopenclose
ACK Scan
Window Scan26 } else if (tcp->th_flags & TH_RST) { current_reason = ER_RESETPEER; if (USI->scantype == WINDOW_SCAN ) { newstate = (tcp->th_win) ? PORT_OPEN : PORT_CLOSED; } else if (USI->scantype == ACK_SCAN) { newstate = PORT_UNFILTERED; } else newstate = PORT_CLOSED;Window ScanACK ScanRSTWindow size0open
open27Starting Nmap 7.10 ( https://nmap.org ) at 2016-07-03 04:22 JSTNmap scan report for 192.168.1.219Host is up (0.00070s latency).PORT STATE SERVICE80/tcp open http
close28Starting Nmap 7.10 ( https://nmap.org ) at 2016-07-03 05:14 JSTNmap scan report for 192.168.1.219Host is up (0.00031s latency).PORT STATE SERVICE80/tcp closed http
Window Scan29VMNATWindow ScanRSTWindow size0Connect ScanRSTWindow size0
30NAT