渗透测试学习笔记:侦测操作系统
当开启了445,139,135端口时,这说明可能就是windows。
而判断unix等操作系统时,22端口则是最好的标志。
但也可以通过协议栈指纹分析技术来侦测操作系统,不用厂家的IP协议栈实现存在着许多差别,我们可以通过这些差别来进行侦测。
nmap这个工具就是使用的这个技术来侦测操作系统:
[email protected]:~# nmap -O 192.168.133.1
输出结果:
Starting Nmap 7.60 ( https://nmap.org ) at 2018-04-24 20:59 CST Nmap scan report for 192.168.133.1 Host is up (-0.0024s latency). Not shown: 993 filtered ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 843/tcp open unknown 3389/tcp open ms-wbt-server 7000/tcp open afs3-fileserver 8000/tcp open http-alt MAC Address: 00:50:56:C0:00:08 (VMware) Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port OS fingerprint not ideal because: Missing a closed TCP port so results incomplete No OS matches for host Network Distance: 1 hop OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 26.28 seconds
很明显,这次nmap匹配不到相关的结果,但我们能知道,这个主机的操作系统为windows。
关于如何防止被侦测操作系统,这个问题不太好解决,只能使用类似FreeBSD 4.x的软件对协议栈指纹分析发来的数据包不做回应,但如果这样,又违反了RFC 1644号文档的相关规定。