C:\>ping 10.1.1.2 Pinging 10.1.1.2 with 32 bytes of data: Reply from 10.1.1.2: bytes=32 time<10ms TTL=128 Reply from 10.1.1.2: bytes=32 time<10ms TTL=128 Reply from 10.1.1.2: bytes=32 time<10ms TTL=128 Reply from 10.1.1.2: bytes=32 time<10ms TTL=128 Ping statistics for 10.1.1.2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\> C:\>ping 10.1.1.6 Pinging 10.1.1.6 with 32 bytes of data: Request timed out. Reply from 10.1.1.6: bytes=32 time=250ms TTL=237 Reply from 10.1.1.6: bytes=32 time=234ms TTL=237 Reply from 10.1.1.6: bytes=32 time=234ms TTL=237 Ping statistics for 10.1.1.6: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss), Approximate round trip times in milli-seconds: Minimum = 234ms, Maximum = 250ms, Average = 179ms |
Microsoft Windows 2000 [Version 5.00.2195] (C) 版权所有 1985-1998 Microsoft Corp. C:\>telnet 10.1.1.2 80 输入get 回车(注意这里是盲打) 如果返回, HTTP/1.1 400 Bad Request Server: Microsoft-IIS/5.0 Date: Fri, 11 Jul 2003 02:31:55 GMT Content-Type: text/html Content-Length: 87 The parameter is incorrect. 遗失对主机的连接。 C:\> 那么这台就肯定是windows的机子。 如果返回, Method Not Implemented get to / not supported. Invalid method in request get Apache/1.3.27 Server at gosiuniversity.com Port 80 遗失对主机的连接。 C:\> 那么多数就是UINX系统的机子了。 |
C:\>ftp 10.1.1.2 如果返回, Connected to 10.1.1.2. 220 sgyyq-c43s950 Microsoft FTP Service (Version 5.0). User (10.1.1.2none)): 那么这就肯定是一台win2000的机子了,我们还可以知道主机名呢,主机名就是sgyyq-c43s950。这个FTP是windows的IIS自带的一个FTP服务器。 如果返回, Connected to 10.1.1.3. 220 Serv-U FTP Server v4.0 for WinSock ready... User (10.1.1.3none)): 也可以肯定它是windows的机子,因为Serv-U FTP是一个专为windows平台开发的FTP服务器。 如果返回, Connected to 10.1.1.3. 220 ready, dude (vsFTPd 1.1.0: beat me, break me) User (10.1.1.3none)): 那么这就是一台UINX的机子了。 |
如果返回, Microsoft (R) Windows (TM) Version 5.00 (Build 2195) Welcome to Microsoft Telnet Service Telnet Server Build 5.00.99201.1 login: |
如果返回, SunOS 5.8 login: |
F:\nmap>nmap -vv -sS -O 10.1.1.5 Starting nmap V. 3.00 Host IS~123456ADCD (10.1.1.5) appears to be up ... good. Initiating SYN Stealth Scan against IS~123456ADCD (10.1.1.5) Adding open port 139/tcp Adding open port 7070/tcp Adding open port 554/tcp Adding open port 23/tcp Adding open port 1025/tcp Adding open port 8080/tcp Adding open port 21/tcp Adding open port 5050/tcp Adding open port 9090/tcp Adding open port 443/tcp Adding open port 135/tcp Adding open port 1031/tcp Adding open port 3372/tcp Adding open port 25/tcp Adding open port 1433/tcp Adding open port 3389/tcp Adding open port 445/tcp Adding open port 80/tcp The SYN Stealth Scan took 1 second to scan 1601 ports. For OSScan assuming that port 21 is open and port 1 is closed and neither ar rewalled Interesting ports on IS~123456ADCD (10.1.1.5): (The 1583 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 23/tcp open telnet 25/tcp open smtp 80/tcp open http 135/tcp open loc-srv 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 554/tcp open rtsp 1025/tcp open NFS-or-IIS 1031/tcp open iad2 1433/tcp open ms-sql-s 3372/tcp open msdtc 3389/tcp open ms-term-serv 5050/tcp open mmcc 7070/tcp open realserver 8080/tcp open http-proxy 9090/tcp open zeus-admin Remote operating system guess: Windows 2000/XP/ME OS Fingerprint: TSeq(Class=RI%gcd=1%SI=21F8%IPID=I%TS=0) T1(Resp=Y%DF=Y%W=FAF0%ACK=S++%Flags=AS%Ops=MNWNNT) T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) T3(Resp=Y%DF=Y%W=FAF0%ACK=S++%Flags=AS%Ops=MNWNNT) T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=) T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=) PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RIPCK=E%UCK=E%ULEN=134%DAT=E) TCP Sequence Prediction: Class=random positive increments Difficulty=8696 (Worthy challenge) TCP ISN Seq. Numbers: 5B9022E2 5B914E12 5B92A495 5B93915A 5B94A9B5 5B95CC64 IPID Sequence Generation: Incremental Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds |
欢迎光临 【3.A.S.T】网络安全爱好者 (http://3ast.com./) | Powered by Discuz! 7.2 |