扫描目标主机使用的操作系统。
root@bt:~# nmap -sT -O -A 192.168.1.133 Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-31 02:28 EDT Nmap scan report for 192.168.1.133 Host is up (0.090s latency). Not shown: 986 closed ports PORT STATE SERVICE VERSION 80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-methods: No Allow or Public header in OPTIONS response (status code 404) |_http-title: Not Found 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn 445/tcp open netbios-ssn 514/tcp filtered shell 902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP) 912/tcp open vmware-auth VMware Authentication Daemon 1.0 (Uses VNC, SOAP) 1025/tcp open msrpc Microsoft Windows RPC 1026/tcp open msrpc Microsoft Windows RPC 1027/tcp open msrpc Microsoft Windows RPC 1029/tcp open msrpc Microsoft Windows RPC 1030/tcp open msrpc Microsoft Windows RPC 1433/tcp open ms-sql-s Microsoft SQL Server 2008 R2 10.50.1600.00; Pre-RTM 2383/tcp open ms-olap4? Device type: general purpose Running: Microsoft Windows 7(这里是目标使用的操作系统) OS CPE: cpe:/o:microsoft:windows_7:::enterprise OS details: Microsoft Windows 7 Enterprise(操作系统的版本) Network Distance: 2 hops Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: |_nbstat: NetBIOS name: TKE-PC(这里是计算机名称), NetBIOS user: <unknown>, NetBIOS MAC: 70:71:bc:79:fa:54 (Pegatron) (网卡mac地址) | smb-security-mode: | Account that was used for smb scripts: guest | User-level authentication | SMB Security: Challenge/response passwords supported |_ Message signing disabled (dangerous, but default) |_smbv2-enabled: Server supports SMBv2 protocol | smb-os-discovery: | OS: Windows 7 Ultimate 7600 (Windows 7 Ultimate 6.1) | NetBIOS computer name: TKE-PC | Workgroup: WORKGROUP |_ System time: 2012-08-31 02:31:37 UTC+8 | ms-sql-info: | [192.168.1.133:1433] | Version: Microsoft SQL Server 2008 R2 Pre-RTM | Version number: 10.50.1600.00 | Product: Microsoft SQL Server 2008 R2 | Service pack level: Pre-RTM |_ TCP port: 1433 TRACEROUTE (using proto 1/icmp) HOP RTT ADDRESS 1 0.13 ms 192.168.129.2 2 0.75 ms 192.168.1.133 OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 188.80 seconds
这样,就探测出了主机系统为win7,同时还可以看出使用的数据库时SQL server 2008 R2。
不过扫描使用的时间就稍微长了一点,188秒,也就是3分钟左右。
通过QQ的IP探测,我找了一个IP来进行测试,结果发现是这样的
root@bt:~# nmap -sT -O -A 223.67.165.180 Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-08-31 02:47 EDT Nmap scan report for 223.67.165.180 Host is up (0.00051s latency). All 1000 scanned ports on 223.67.165.180 are filtered Too many fingerprints match this host to give specific OS details TRACEROUTE (using proto 1/icmp) HOP RTT ADDRESS 1 ... 30 OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 33.84 seconds
原来是对方使用了路由器,扫描变成了对路由器的扫描了。