正文

安全牛学习笔记smb扫描

author  author  2022-09-19  310

关键词：

SMB扫描

╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋
┃SMB扫描 ┃
┃nmap -v -p 139,134 192.168.60.1-20 ┃
┃nmap 192.168.1.132 -p139,445 --script=smb-os-discovery.nse ┃
┃nmap -v -p139,145 --script=smb-check-vulns --script-args=unsafe=1 1.1.1.1 ┃
┃nbtscan -r 192.168.60.0/24 ┃
┃enum4linux -a 192.168.60.10 ┃
╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋

╋━━━━━━━━━━━━━━━━╋
┃SMB扫描 ┃
┃Server Message Block协议 ┃
┃ 微软历史上出现问题最多的协议 ┃
┃ 实现复杂 ┃
┃ 默认开放 ┃
┃ 文件共享 ┃
┃ 空会话未身份认证访问(SMBI) ┃
┃ 密码策略 ┃
┃ 用户名 ┃
┃ 组名 ┃
┃ 机器名 ┃
┃ 用户、组SID ┃
╋━━━━━━━━━━━━━━━━╋

┌────┬──────────────────┐
│ 版本 │ 操作系统 │
├────┼──────────────────┤
│ SMB1 │ Windows 2000 / XP / Windows 2003 │
├────┼──────────────────┤
│ SMB2 │ windows Vista SP1 / Windows 2008 │
├────┼──────────────────┤
│ SMB2.1│ Windows 7 / Windows 2008 R2 │
├────┼──────────────────┤
│ SMB3 │ Windows 8 / Windows 2012 │
└────┴──────────────────┘

[email protected]:~# uname -a
Linux kali 4.0.0-kali1-686-pae #1 SMP Debian 4.0.4-1+kali2 (2015-06-03) i686 GNU/Linux

[email protected]:~# lsb_release -a
No LSB modules are available.
Distributor ID: Kali
Description: Kali GNU/Linux 2.0
Release: 2.0
Codename: sana

[email protected]:~# cat /etc/apt/sources.list
#

# deb cdrom:[Debian GNU/Linux 2.0 _Sana_ - Official Snapshot i386 LIVE/INSTALL Binary 20150811-09:06]/ sana contrib main non-free

#deb cdrom:[Debian GNU/Linux 2.0 _Sana_ - Official Snapshot i386 LIVE/INSTALL Binary 20150811-09:06]/ sana contrib main non-free

deb http://http.kali.org/kali sana main non-free contrib
deb-src http://http.kali.org/kali sana main non-free contrib

deb http://security.kali.org/kali-security/ sana/updates main contrib non-free
deb-src http://security.kali.org/kali-security/ sana/updates main contrib non-free

deb http://mirrors.ustc.edu.cn/kali kali main non-free contrib
deb-src http://mirrors.ustc.edu.cn/kali kali main non-free contrib
deb http://mirrors.ustc.edu.cn/kali-security kali/updates main contrib non-free
[email protected]:~# apt-get upadate && apt-get dis-ugrade -y

----------------------------------------------------------------------------------
[email protected]:~# nmap -v -p 139,445 192.168.1.0/24

Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-06 17:04 CST
Initiating ARP Ping Scan at 17:04
Scanning 255 hosts [1 port/host]
Completed ARP Ping Scan at 17:04, 1.97s elapsed (255 total hosts)
Initiating Parallel DNS resolution of 255 hosts. at 17:04
Completed Parallel DNS resolution of 255 hosts. at 17:04, 0.23s elapsed
Nmap scan report for 192.168.1.0 [host down]
Nmap scan report for 192.168.1.2 [host down]
Nmap scan report for 192.168.1.3 [host down]
Nmap scan report for 192.168.1.4 [host down]
Nmap scan report for 192.168.1.5 [host down]
Nmap scan report for 192.168.1.6 [host down]
Nmap scan report for 192.168.1.7 [host down]
Nmap scan report for 192.168.1.8 [host down]
Nmap scan report for 192.168.1.9 [host down]
Nmap scan report for 192.168.1.10 [host down]
Nmap scan report for 192.168.1.11 [host down]
Nmap scan report for 192.168.1.12 [host down]
Nmap scan report for 192.168.1.13 [host down]
Nmap scan report for 192.168.1.14 [host down]
Nmap scan report for 192.168.1.15 [host down]
Nmap scan report for 192.168.1.16 [host down]
Nmap scan report for 192.168.1.17 [host down]
Nmap scan report for 192.168.1.18 [host down]
Nmap scan report for 192.168.1.19 [host down]
Nmap scan report for 192.168.1.20 [host down]
Nmap scan report for 192.168.1.21 [host down]
Nmap scan report for 192.168.1.22 [host down]
Nmap scan report for 192.168.1.23 [host down]
Nmap scan report for 192.168.1.24 [host down]
Nmap scan report for 192.168.1.25 [host down]
Nmap scan report for 192.168.1.26 [host down]
Nmap scan report for 192.168.1.27 [host down]
Nmap scan report for 192.168.1.28 [host down]
Nmap scan report for 192.168.1.29 [host down]
Nmap scan report for 192.168.1.30 [host down]
Nmap scan report for 192.168.1.31 [host down]
Nmap scan report for 192.168.1.32 [host down]
Nmap scan report for 192.168.1.33 [host down]
Nmap scan report for 192.168.1.34 [host down]
Nmap scan report for 192.168.1.35 [host down]
Nmap scan report for 192.168.1.36 [host down]
Nmap scan report for 192.168.1.37 [host down]
Nmap scan report for 192.168.1.38 [host down]
Nmap scan report for 192.168.1.39 [host down]
Nmap scan report for 192.168.1.40 [host down]
Nmap scan report for 192.168.1.41 [host down]
Nmap scan report for 192.168.1.42 [host down]
Nmap scan report for 192.168.1.43 [host down]
Nmap scan report for 192.168.1.44 [host down]
Nmap scan report for 192.168.1.45 [host down]
Nmap scan report for 192.168.1.46 [host down]
Nmap scan report for 192.168.1.47 [host down]
Nmap scan report for 192.168.1.48 [host down]
Nmap scan report for 192.168.1.49 [host down]
Nmap scan report for 192.168.1.50 [host down]
Nmap scan report for 192.168.1.51 [host down]
Nmap scan report for 192.168.1.52 [host down]
Nmap scan report for 192.168.1.53 [host down]
Nmap scan report for 192.168.1.54 [host down]
Nmap scan report for 192.168.1.55 [host down]
Nmap scan report for 192.168.1.56 [host down]
Nmap scan report for 192.168.1.57 [host down]
Nmap scan report for 192.168.1.58 [host down]
Nmap scan report for 192.168.1.59 [host down]
Nmap scan report for 192.168.1.60 [host down]
Nmap scan report for 192.168.1.61 [host down]
Nmap scan report for 192.168.1.62 [host down]
Nmap scan report for 192.168.1.63 [host down]
Nmap scan report for 192.168.1.64 [host down]
Nmap scan report for 192.168.1.65 [host down]
Nmap scan report for 192.168.1.66 [host down]
Nmap scan report for 192.168.1.67 [host down]
Nmap scan report for 192.168.1.68 [host down]
Nmap scan report for 192.168.1.69 [host down]
Nmap scan report for 192.168.1.70 [host down]
Nmap scan report for 192.168.1.71 [host down]
Nmap scan report for 192.168.1.72 [host down]
Nmap scan report for 192.168.1.73 [host down]
Nmap scan report for 192.168.1.74 [host down]
Nmap scan report for 192.168.1.75 [host down]
Nmap scan report for 192.168.1.76 [host down]
Nmap scan report for 192.168.1.77 [host down]
Nmap scan report for 192.168.1.78 [host down]
Nmap scan report for 192.168.1.79 [host down]
Nmap scan report for 192.168.1.80 [host down]
Nmap scan report for 192.168.1.81 [host down]
Nmap scan report for 192.168.1.82 [host down]
Nmap scan report for 192.168.1.83 [host down]
Nmap scan report for 192.168.1.84 [host down]
Nmap scan report for 192.168.1.85 [host down]
Nmap scan report for 192.168.1.86 [host down]
Nmap scan report for 192.168.1.87 [host down]
Nmap scan report for 192.168.1.88 [host down]
Nmap scan report for 192.168.1.89 [host down]
Nmap scan report for 192.168.1.90 [host down]
Nmap scan report for 192.168.1.91 [host down]
Nmap scan report for 192.168.1.92 [host down]
Nmap scan report for 192.168.1.93 [host down]
Nmap scan report for 192.168.1.94 [host down]
Nmap scan report for 192.168.1.95 [host down]
Nmap scan report for 192.168.1.96 [host down]
Nmap scan report for 192.168.1.97 [host down]
Nmap scan report for 192.168.1.98 [host down]
Nmap scan report for 192.168.1.99 [host down]
Nmap scan report for 192.168.1.100 [host down]
Nmap scan report for 192.168.1.102 [host down]
Nmap scan report for 192.168.1.103 [host down]
Nmap scan report for 192.168.1.104 [host down]
Nmap scan report for 192.168.1.105 [host down]
Nmap scan report for 192.168.1.106 [host down]
Nmap scan report for 192.168.1.108 [host down]
Nmap scan report for 192.168.1.109 [host down]
Nmap scan report for 192.168.1.110 [host down]
Nmap scan report for 192.168.1.111 [host down]
Nmap scan report for 192.168.1.112 [host down]
Nmap scan report for 192.168.1.113 [host down]
Nmap scan report for 192.168.1.114 [host down]
Nmap scan report for 192.168.1.115 [host down]
Nmap scan report for 192.168.1.116 [host down]
Nmap scan report for 192.168.1.117 [host down]
Nmap scan report for 192.168.1.118 [host down]
Nmap scan report for 192.168.1.119 [host down]
Nmap scan report for 192.168.1.120 [host down]
Nmap scan report for 192.168.1.121 [host down]
Nmap scan report for 192.168.1.122 [host down]
Nmap scan report for 192.168.1.123 [host down]
Nmap scan report for 192.168.1.124 [host down]
Nmap scan report for 192.168.1.125 [host down]
Nmap scan report for 192.168.1.126 [host down]
Nmap scan report for 192.168.1.127 [host down]
Nmap scan report for 192.168.1.128 [host down]
Nmap scan report for 192.168.1.129 [host down]
Nmap scan report for 192.168.1.130 [host down]
Nmap scan report for 192.168.1.131 [host down]
Nmap scan report for 192.168.1.132 [host down]
Nmap scan report for 192.168.1.133 [host down]
Nmap scan report for 192.168.1.134 [host down]
Nmap scan report for 192.168.1.135 [host down]
Nmap scan report for 192.168.1.136 [host down]
Nmap scan report for 192.168.1.137 [host down]
Nmap scan report for 192.168.1.138 [host down]
Nmap scan report for 192.168.1.139 [host down]
Nmap scan report for 192.168.1.140 [host down]
Nmap scan report for 192.168.1.141 [host down]
Nmap scan report for 192.168.1.142 [host down]
Nmap scan report for 192.168.1.143 [host down]
Nmap scan report for 192.168.1.144 [host down]
Nmap scan report for 192.168.1.145 [host down]
Nmap scan report for 192.168.1.146 [host down]
Nmap scan report for 192.168.1.147 [host down]
Nmap scan report for 192.168.1.148 [host down]
Nmap scan report for 192.168.1.149 [host down]
Nmap scan report for 192.168.1.150 [host down]
Nmap scan report for 192.168.1.151 [host down]
Nmap scan report for 192.168.1.152 [host down]
Nmap scan report for 192.168.1.153 [host down]
Nmap scan report for 192.168.1.154 [host down]
Nmap scan report for 192.168.1.155 [host down]
Nmap scan report for 192.168.1.156 [host down]
Nmap scan report for 192.168.1.157 [host down]
Nmap scan report for 192.168.1.158 [host down]
Nmap scan report for 192.168.1.159 [host down]
Nmap scan report for 192.168.1.160 [host down]
Nmap scan report for 192.168.1.161 [host down]
Nmap scan report for 192.168.1.162 [host down]
Nmap scan report for 192.168.1.163 [host down]
Nmap scan report for 192.168.1.164 [host down]
Nmap scan report for 192.168.1.165 [host down]
Nmap scan report for 192.168.1.166 [host down]
Nmap scan report for 192.168.1.167 [host down]
Nmap scan report for 192.168.1.168 [host down]
Nmap scan report for 192.168.1.169 [host down]
Nmap scan report for 192.168.1.170 [host down]
Nmap scan report for 192.168.1.171 [host down]
Nmap scan report for 192.168.1.172 [host down]
Nmap scan report for 192.168.1.173 [host down]
Nmap scan report for 192.168.1.174 [host down]
Nmap scan report for 192.168.1.175 [host down]
Nmap scan report for 192.168.1.176 [host down]
Nmap scan report for 192.168.1.177 [host down]
Nmap scan report for 192.168.1.178 [host down]
Nmap scan report for 192.168.1.179 [host down]
Nmap scan report for 192.168.1.180 [host down]
Nmap scan report for 192.168.1.181 [host down]
Nmap scan report for 192.168.1.182 [host down]
Nmap scan report for 192.168.1.183 [host down]
Nmap scan report for 192.168.1.184 [host down]
Nmap scan report for 192.168.1.185 [host down]
Nmap scan report for 192.168.1.186 [host down]
Nmap scan report for 192.168.1.187 [host down]
Nmap scan report for 192.168.1.188 [host down]
Nmap scan report for 192.168.1.189 [host down]
Nmap scan report for 192.168.1.190 [host down]
Nmap scan report for 192.168.1.191 [host down]
Nmap scan report for 192.168.1.192 [host down]
Nmap scan report for 192.168.1.193 [host down]
Nmap scan report for 192.168.1.194 [host down]
Nmap scan report for 192.168.1.195 [host down]
Nmap scan report for 192.168.1.196 [host down]
Nmap scan report for 192.168.1.197 [host down]
Nmap scan report for 192.168.1.198 [host down]
Nmap scan report for 192.168.1.199 [host down]
Nmap scan report for 192.168.1.200 [host down]
Nmap scan report for 192.168.1.201 [host down]
Nmap scan report for 192.168.1.202 [host down]
Nmap scan report for 192.168.1.203 [host down]
Nmap scan report for 192.168.1.204 [host down]
Nmap scan report for 192.168.1.205 [host down]
Nmap scan report for 192.168.1.206 [host down]
Nmap scan report for 192.168.1.207 [host down]
Nmap scan report for 192.168.1.208 [host down]
Nmap scan report for 192.168.1.209 [host down]
Nmap scan report for 192.168.1.210 [host down]
Nmap scan report for 192.168.1.211 [host down]
Nmap scan report for 192.168.1.212 [host down]
Nmap scan report for 192.168.1.213 [host down]
Nmap scan report for 192.168.1.214 [host down]
Nmap scan report for 192.168.1.215 [host down]
Nmap scan report for 192.168.1.216 [host down]
Nmap scan report for 192.168.1.217 [host down]
Nmap scan report for 192.168.1.218 [host down]
Nmap scan report for 192.168.1.219 [host down]
Nmap scan report for 192.168.1.220 [host down]
Nmap scan report for 192.168.1.221 [host down]
Nmap scan report for 192.168.1.222 [host down]
Nmap scan report for 192.168.1.223 [host down]
Nmap scan report for 192.168.1.224 [host down]
Nmap scan report for 192.168.1.225 [host down]
Nmap scan report for 192.168.1.226 [host down]
Nmap scan report for 192.168.1.227 [host down]
Nmap scan report for 192.168.1.228 [host down]
Nmap scan report for 192.168.1.229 [host down]
Nmap scan report for 192.168.1.230 [host down]
Nmap scan report for 192.168.1.231 [host down]
Nmap scan report for 192.168.1.232 [host down]
Nmap scan report for 192.168.1.233 [host down]
Nmap scan report for 192.168.1.234 [host down]
Nmap scan report for 192.168.1.235 [host down]
Nmap scan report for 192.168.1.236 [host down]
Nmap scan report for 192.168.1.237 [host down]
Nmap scan report for 192.168.1.238 [host down]
Nmap scan report for 192.168.1.239 [host down]
Nmap scan report for 192.168.1.240 [host down]
Nmap scan report for 192.168.1.241 [host down]
Nmap scan report for 192.168.1.242 [host down]
Nmap scan report for 192.168.1.243 [host down]
Nmap scan report for 192.168.1.244 [host down]
Nmap scan report for 192.168.1.245 [host down]
Nmap scan report for 192.168.1.246 [host down]
Nmap scan report for 192.168.1.247 [host down]
Nmap scan report for 192.168.1.248 [host down]
Nmap scan report for 192.168.1.249 [host down]
Nmap scan report for 192.168.1.250 [host down]
Nmap scan report for 192.168.1.251 [host down]
Nmap scan report for 192.168.1.252 [host down]
Nmap scan report for 192.168.1.253 [host down]
Nmap scan report for 192.168.1.254 [host down]
Nmap scan report for 192.168.1.255 [host down]
Initiating Parallel DNS resolution of 1 host. at 17:04
Completed Parallel DNS resolution of 1 host. at 17:04, 0.01s elapsed
Initiating SYN Stealth Scan at 17:04
Scanning 2 hosts [2 ports/host]
Discovered open port 445/tcp on 192.168.1.101
Discovered open port 139/tcp on 192.168.1.101
Completed SYN Stealth Scan at 17:04, 0.02s elapsed (4 total ports)
Nmap scan report for 192.168.1.1
Host is up (0.0078s latency).
PORT STATE SERVICE
139/tcp closed netbios-ssn
445/tcp closed microsoft-ds
MAC Address: F0:EB:D0:22:46:B4 (Shanghai Feixun Communication Co.)

Nmap scan report for 192.168.1.101
Host is up (0.00035s latency).
PORT STATE SERVICE
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 00:5A:39:B0:ED:D2 (Shenzhen Fast Technologies CO.)

Initiating SYN Stealth Scan at 17:04
Scanning 192.168.1.107 [2 ports]
Completed SYN Stealth Scan at 17:04, 0.00s elapsed (2 total ports)
Nmap scan report for 192.168.1.107
Host is up (0.00013s latency).
PORT STATE SERVICE
139/tcp closed netbios-ssn
445/tcp closed microsoft-ds

Read data files from: /usr/bin/../share/nmap
Nmap done: 256 IP addresses (3 hosts up) scanned in 2.47 seconds
Raw packets sent: 515 (14.516KB) | Rcvd: 11 (420B)
[email protected]:~# nmap -v -p 139,445 192.168.1.0/24 --open

Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-06 17:07 CST
Initiating ARP Ping Scan at 17:07
Scanning 255 hosts [1 port/host]
Completed ARP Ping Scan at 17:07, 2.28s elapsed (255 total hosts)
Initiating Parallel DNS resolution of 255 hosts. at 17:07
Completed Parallel DNS resolution of 255 hosts. at 17:07, 0.04s elapsed
Initiating Parallel DNS resolution of 1 host. at 17:07
Completed Parallel DNS resolution of 1 host. at 17:07, 0.01s elapsed
Initiating SYN Stealth Scan at 17:07
Scanning 3 hosts [2 ports/host]
Discovered open port 139/tcp on 192.168.1.101
Discovered open port 445/tcp on 192.168.1.101
Completed SYN Stealth Scan at 17:07, 0.89s elapsed (6 total ports)
Nmap scan report for 192.168.1.101
Host is up (0.00033s latency).
PORT STATE SERVICE
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 00:5A:39:B0:ED:D2 (Shenzhen Fast Technologies CO.)
Initiating SYN Stealth Scan at 17:07
Scanning 192.168.1.107 [2 ports]
Completed SYN Stealth Scan at 17:07, 0.00s elapsed (2 total ports)
Read data files from: /usr/bin/../share/nmap
Nmap done: 256 IP addresses (4 hosts up) scanned in 3.33 seconds
Raw packets sent: 517 (14.604KB) | Rcvd: 15 (556B)
[email protected]:~# nmap 192.168.1.132 -p139,445 --script=smb-os-discovery.nse
Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-06 17:12 CST
Nmap scan report for 192.168.1.134
Host is up (0.00076s latency).
PORT STATE SERVICE
139/tcp open netbois-ssn
445/tcp open microsoft-dn
MAC Address: C8:3A:35:CA:46:91(Tenda Technology Co.)

Host script results:
| smb-os-discovery
| OS: Windows 8 Pro 9200(Windows 8 Pro 6.2)
| OS CPE: cpe:/o:microsoft:windows_8::-
| NetBIOS computer name: VV
| workgroup: WORKGROUP
|_ System time: 2015-08-12T18:16:12+08:00
Nmap done: 1 IP address (1 host up) scanned in 2.87 seconds
[email protected]:~# nmap -v -p 139,145 --script=smb-check-vulns --script-args=unsafe=1 1.1.1.1
//扫描指定的目标,同时检测相关漏洞
Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-06 19:39 CST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 19:39
Completed NSE at 19:39, 0.00s elapsed
Initiating Ping Scan at 19:39
Scanning 1.1.1.1 [4 ports]
Completed Ping Scan at 19:40, 3.01s elapsed (1 total hosts)
Nmap scan report for 1.1.1.1 [host down]
NSE: Script Post-scanning.
Initiating NSE at 19:40
Completed NSE at 19:40, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.42 seconds
Raw packets sent: 8 (304B) | Rcvd: 0 (0B)
[email protected]:~# nmap -v -p 139,145 --script=smb-check-vulns --script-args=unsafe=1 1.1.1.1 -Pn
Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-06 19:40 CST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 19:40
Completed NSE at 19:40, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 19:40
Completed Parallel DNS resolution of 1 host. at 19:40, 0.02s elapsed
Initiating SYN Stealth Scan at 19:40
Scanning 1.1.1.1 [2 ports]
Completed SYN Stealth Scan at 19:40, 3.01s elapsed (2 total ports)
NSE: Script scanning 1.1.1.1.
Initiating NSE at 19:40
Completed NSE at 19:40, 0.00s elapsed
Nmap scan report for 1.1.1.1
Host is up.
PORT STATE SERVICE
139/tcp filtered netbios-ssn
145/tcp filtered unknown
NSE: Script Post-scanning.
Initiating NSE at 19:40
Completed NSE at 19:40, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 3.34 seconds
Raw packets sent: 4 (176B) | Rcvd: 0 (0B）
[email protected]:~# nmap 192.168.1.133,134 -p139,445 --script=smb-os-discovery.nse
Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-10-06 17:12 CST
Nmap scan report for 192.168.1.134
Host is up (0.00076s latency).
PORT STATE SERVICE
139/tcp open netbois-ssn
445/tcp open microsoft-dn
MAC Address: 08:00:27:FB:OB:AA(Tenda Technology Co.)
Host script results:
| smb-os-discovery
| OS: Windows XP(Windows 2000 LAN Manager)
| OS CPE: cpe:/o:microsoft:windows_xp:-
| Computer name: xp
| NetBIOS computer name: XP
| workgroup: WORKGROUP
|_ System time: 2015-08-12T18:25:16+08:00
Nmap scan report for 192.168.1.134
Host is up (0.00076s latency).
PORT STATE SERVICE
139/tcp open netbois-ssn
445/tcp open microsoft-dn
MAC Address: 08:00:27:FB:OB:AA(Tenda Technology Co.)
Host script results:
| smb-os-discovery
| OS: Unix(Samba 3.0.20-Debian)
| NetBIOS computer name:
| workgroup: WORKGROUP
|_ System time: 2015-08-12T06:48:16-04:00
Nmap done: 2 IP address (1 host up) scanned in 2.87 seconds
[email protected]:~# nbtscan
NBTscan version 1.5.1. Copyright (C) 1999-2003 Alla Bezroutchko.
This is a free software and it comes with absolutely no warranty.
You can use, distribute and modify it under terms of GNU GPL.
Usage:
nbtscan [-v] [-d] [-e] [-l] [-t timeout] [-b bandwidth] [-r] [-q] [-s separator] [-m retransmits] (-f filename)|(<scan_range>)
-v verbose output. Print all names received
from each host
-d dump packets. Print whole packet contents.
-e Format output in /etc/hosts format.
-l Format output in lmhosts format.
Cannot be used with -v, -s or -h options.
-t timeout wait timeout milliseconds for response.
Default 1000.
-b bandwidth Output throttling. Slow down output
so that it uses no more that bandwidth bps.
Useful on slow links, so that ougoing queries
don‘t get dropped.
-r use local port 137 for scans. Win95 boxes
respond to this only.
You need to be root to use this option on Unix.
-q Suppress banners and error messages,
-s separator Script-friendly output. Don‘t print
column and record headers, separate fields with separator.
-h Print human-readable names for services.
Can only be used with -v option.
-m retransmits Number of retransmits. Default 0.
-f filename Take IP addresses to scan from file filename.
-f - makes nbtscan take IP addresses from stdin.
<scan_range> what to scan. Can either be single IP
like 192.168.1.1 or
range of addresses in one of two forms:
xxx.xxx.xxx.xxx/xx or xxx.xxx.xxx.xxx-xxx.
Examples:
nbtscan -r 192.168.1.0/24
Scans the whole C-class network.
nbtscan 192.168.1.25-137
Scans a range from 192.168.1.25 to 192.168.1.137
nbtscan -v -s : 192.168.1.0/24
Scans C-class network. Prints results in script-friendly
format using colon as field separator.
Produces output like that:
192.168.0.1:NT_SERVER:00U
192.168.0.1:MY_DOMAIN:00G
192.168.0.1:ADMINISTRATOR:03U
192.168.0.2:OTHER_BOX:00U
...
nbtscan -f iplist
Scans IP addresses specified in file iplist.
[email protected]:~# nbtscan -r 192.168.1.0/24
Doing NBT name scan for addresses from 192.168.1.0/24
IP address NetBIOS Name Server User MAC address
------------------------------------------------------------------------------
192.168.1.0 Sendto failed: Permission denied
192.168.1.101 ADMIN1502121657 <server> <unknown> 00:5a:39:b0:ed:d2
192.168.1.107 <unknown> <unknown>
192.168.1.255 Sendto failed: Permission denied
[email protected]:~# enum4linux -a 192.168.1.133
Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Tue Oct 6 20:56:00 2015

==========================
| Target Information |
==========================
Target ........... 192.168.1.133
RID Range ........ 500-550,1000-1050
Username ......... ‘‘
Password ......... ‘‘
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none
=====================================================
| Enumerating Workgroup/Domain on 192.168.1.133 |
=====================================================
[E] Can‘t find workgroup/domain
=============================================
| Nbtstat Information for 192.168.1.133 |
=============================================
Looking up status of 192.168.1.133
xp <00> - B <ACTIVE> Workstation Service
WORKGROUP <00> - <GROUP> B <ACTIVE> Domain/Workgroup Name
MAC Address = 08=00-27-FB-0B-AA
======================================
| Session Check on 192.168.1.133 |
====================================
Use of uninitialized value $global_workgroup in concatenation (.) or string at ./enum4linux.pl line 437.==
[E] Server doesn‘t allow session using username ‘‘, password ‘‘. Aborting remainder of tests.
╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋
┃SMTP扫描 ┃
┃nc -nc 1.1.1.1 25 ┃
┃ VRFY root ┃
┃nmap smtp.163.com -p25 --script=script-enum-users.nse --script-args=smtp-enum-user.methods={VRFY} ┃
┃nmap smtp.163.com -p25 --script=script-open-relay.nse ┃
┃smtp-user-enum -M VRFY -U users.txt -t 10.0.0.1 ┃
┃./smtp.py
╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
╭────────────────────────────────────────────╮
[smtp.py]
#!/usr/bin/python
import socket
import sys
if len(sys.argv)!=2"
print "Usage: setp.py <username>"
sys.exit(0)
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=s.connect((‘192.168.1.134‘,25))
banner=s.recv(1024)
print banner + ‘aaaaaaaaaaaa‘
s.send(‘RCPT ‘ + sys.argv[1] + ‘ ‘)
helo
result=s.recv(1024)
print result
s.close
╰────────────────────────────────────────────╯
[email protected]:~# ./smtp.py zhangsan
[email protected]:~# nc smtp.163.com 25
helo 163.com
VRFY zhangsan
AUTH

[email protected]:~#

该笔记为安全牛课堂学员笔记，想看此课程或者信息安全类干货可以移步到安全牛课堂

Security+认证为什么是互联网+时代最火爆的认证？

牛妹先给大家介绍一下Security+

Security+ 认证是一种中立第三方认证，其发证机构为美国计算机行业协会CompTIA ；是和CISSP、ITIL 等共同包含在内的国际 IT 业 10 大热门认证之一，和CISSP偏重信息安全管理相比，Security+ 认证更偏重信息安全技术和操作。

通过该认证证明了您具备网络安全，合规性和操作安全，威胁和漏洞，应用程序、数据和主机安全，访问控制和身份管理以及加密技术等方面的能力。因其考试难度不易，含金量较高，目前已被全球企业和安全专业人士所普遍采纳。

Security+认证如此火爆的原因？

原因一：在所有信息安全认证当中，偏重信息安全技术的认证是空白的， Security+认证正好可以弥补信息安全技术领域的空白。

目前行业内受认可的信息安全认证主要有CISP和CISSP，但是无论CISP还是CISSP都是偏重信息安全管理的，技术知识讲的宽泛且浅显，考试都是一带而过。而且CISSP要求持证人员的信息安全工作经验都要5年以上，CISP也要求大专学历4年以上工作经验，这些要求无疑把有能力且上进的年轻人的持证之路堵住。在现实社会中，无论是找工作还是升职加薪，或是投标时候报人员，认证都是必不可少的，这给年轻人带来了很多不公平。而Security+的出现可以扫清这些年轻人职业发展中的障碍，由于Security+偏重信息安全技术，所以对工作经验没有特别的要求。只要你有IT相关背景，追求进步就可以学习和考试。

原因二： IT运维人员工作与翻身的利器。

在银行、证券、保险、信息通讯等行业，IT运维人员非常多，IT运维涉及的工作面也非常广。是一个集网络、系统、安全、应用架构、存储为一体的综合性技术岗。虽然没有程序猿们“生当做光棍，死亦写代码”的悲壮，但也有着“锄禾日当午，不如运维苦“的感慨。天天对着电脑和机器，时间长了难免有对于职业发展的迷茫和困惑。Security+国际认证的出现可以让有追求的IT运维人员学习网络安全知识，掌握网络安全实践。职业发展朝着网络安全的方向发展，解决国内信息安全人才的匮乏问题。另外，即使不转型，要做好运维工作，学习安全知识取得安全认证也是必不可少的。

原因三：接地气、国际范儿、考试方便、费用适中！

CompTIA作为全球ICT领域最具影响力的全球领先机构,在信息安全人才认证方面是专业、公平、公正的。Security+认证偏重操作且和一线工程师的日常工作息息相关。适合银行、证券、保险、互联网公司等IT相关人员学习。作为国际认证在全球147个国家受到广泛的认可。

在目前的信息安全大潮之下，人才是信息安全发展的关键。而目前国内的信息安全人才是非常匮乏的，相信Security+认证一定会成为最火爆的信息安全认证。

近期，安全牛课堂在做此类线上培训，感兴趣可以了解

本文出自 “11662938” 博客，请务必保留此出处http://11672938.blog.51cto.com/11662938/1965389

安全牛学习笔记端口扫描

端口扫描╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋┃隐蔽端口扫描查看详情

安全牛学习笔记端口扫描

端口扫描（二）╋━━━━━━━━━━━━━━━━━╋┃端口扫描 ┃┃隐蔽扫描-----syn ┃┃ 不建立完整链接 &n 查看详情

安全牛学习笔记udp端口扫描

ICMPport-unreachablepython脚本： #!/usr/bin/pythonimportlogginglogging.getLogger("scapy.runtime").setLevel(logging.ERROR)fromscapy.allimport*importtimeimportsysiflen(sys.argv)!=4:print"Usage./udp_sc 查看详情

安全牛学习笔记服务扫描

1.简述识别开放端口上的应用识别目标操作系统提高攻击效率 2.分类 Banner信息获取服务识别操作系统识别snmp分析防火墙识别 3.Banner(1).含义在等定的时间或场景中显示... 查看详情

安全牛学习笔记漏洞扫描

一、安装在官网下载home版nussus，然后直接dpkg-i 启动服务/etc/init.d/nessusdstart前面不用加service 查看服务nessusstatus启动后有8834端口，登录后进入管理界面nessus6的默认账号密码在安装时会出现忘记密码可用... 查看详情

安全牛学习笔记漏洞概念

1.漏洞管理(信息维度)(1).信息收集扫描发现网络IP、OS、服务、配置、漏洞能力需求:定义扫描方式内容和目标 (2).信息管理格式化信息,并进行筛选、分组、定义优先级能力需求:资产分组、指定... 查看详情

安全牛学习笔记

弱点扫描╋━━━━━━━━━━━━━━━━━━━━╋┃发现弱点 ┃┃发现漏洞 & 查看详情

安全牛学习笔记主动探测

arp协议不可路由桥接到物理网络arping -c指定数量，-d出现两个相同ip地址的主机（二层发现）arping-c11.1.1.1|grep"bytesfrom"|cut-d""-f5|cut-d"("-f2|cut-d")"-f1只显示ip地址通过脚本实现对大量主机扫描#!/bin/bashif[$#-ne1];thenecho"Usage:./... 查看详情

安全牛学习笔记搜索引擎

搜索引擎 shodan爬取banner信息。搜索联网设备。常用关键字: netcitycountryCNportoshostname实例:cisco200ok思科设备defaultpassword默认密码 google 语法: +-ORinurlallinurlintitleallintitlesitelink 实例: 查看详情

安全牛学习笔记fuzzing

FUZZING╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋┃FUZZING &nb 查看详情

安全牛学习笔记提权

WindowsuserAdministratorSystemLinuxUserRootwindows提权将admin提权为systemnet user命令查看账户Guest 用户，权限很小HelpAssistant用户，远程协助账号Windowssystem账号系统设置管理功能SysInternalSuite工具https://technet.microsoft.c 查看详情

安全牛学习笔记wpa安全系统

WAP安全系统 & 查看详情

安全牛学习笔记操作系统识别

该笔记为安全牛课堂学员笔记，想看此课程或者信息安全类干货可以移步到安全牛课堂Security+认证为什么是互联网+时代最火爆的认证？牛妹先给大家介绍一下Security+ Security+认证是一种中立第... 查看详情

安全牛学习笔记windows系统域和工作组的区别

局域网（LocalAreaNetwork,LAN），又称内网，是指在某一区域内由多台计算机互联成的计算机组。局域网可以实现文件管理、应用软件共享、打印机共享、扫描仪共享、工作组内的日程安排、电子邮件和传真通信服... 查看详情

安全牛学习笔记csrf

╋━━━━━━━━━━━━━━━━━━━━━━━╋┃CSRF ┃┃Cross-siterequestforgery 查看详情

安全牛学习笔记漏洞挖掘

漏洞本质数据与指令的混淆对用户输入信息过滤不严,误将指令当做数据漏洞挖掘原则所有变量所有头 cookie中的变量逐个变量删除筛选身份认证弱口令/基于字典的爆破 ... 查看详情

安全牛学习笔记nessus

NESSUS╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋┃NESSUS &nbs 查看详情

安全牛学习笔记nmap

NMAP╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋┃NMAP &nbs... 查看详情

正文

安全牛学习笔记smb扫描

安全牛学习笔记端口扫描

​安全牛学习笔记端口扫描

安全牛学习笔记udp端口扫描

安全牛学习笔记服务扫描

安全牛学习笔记漏洞扫描

安全牛学习笔记漏洞概念

安全牛学习笔记

安全牛学习笔记主动探测

安全牛学习笔记搜索引擎

安全牛学习笔记fuzzing

安全牛学习笔记提权

安全牛学习笔记wpa安全系统

​安全牛学习笔记操作系统识别

安全牛学习笔记windows系统域和工作组的区别

安全牛学习笔记csrf

安全牛学习笔记漏洞挖掘

安全牛学习笔记​nessus

安全牛学习笔记​nmap

安全牛学习笔记端口扫描

安全牛学习笔记操作系统识别

安全牛学习笔记nessus

安全牛学习笔记nmap