1. Scanning
Tool: nmap
ARP 스캐닝은 맥 주소를 참고하니, 같은 네트워크 대역대만 스캔 가능
IP, ICMP 스캐닝은 라우팅이 가능한 네트워크 대역대라면 전부 가능
TCP 스캐닝은 방화벽에 걸릴 가능성이 높다
#nmap -v -sn 192.168.1.0/24 (live scan)
#nmap -v -A 192.168.1.83 (port scan)
#nmap -v -A 192.168.1.5
#nmap -v -sn 192.168.2.0/24
#nmap -v -A 192.168.2.10
#nmap -v -A 192.168.2.5
# nmap -v -sn 192.168.1.0/24 스캐닝
Nmap scan report for 192.168.1.82 [host down]
Nmap scan report for 192.168.1.83
Host is up (0.00059s latency).
MAC Address: 00:0C:29:70:BD:91 (VMware)
Nmap scan report for 192.168.1.84 [host down]
...
Initiating Parallel DNS resolution of 1 host. at 02:42
Completed Parallel DNS resolution of 1 host. at 02:42, 0.04s elapsed
Nmap scan report for 192.168.1.70
Host is up.
Read data files from: /usr/bin/../share/nmap
Nmap done: 256 IP addresses (4 hosts up) scanned in 1.88 seconds
Raw packets sent: 507 (14.196KB) | Rcvd: 3 (84B)
-> 83번 포트가 열려있네요.
# 해당 IP에 열려있는 포트를 스캔해봅니다.
nmap -v -A 192.168.1.83
Starting Nmap 7.70 ( https://nmap.org ) at 2020-08-28 02:48 KST
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 02:48
Completed NSE at 02:48, 0.00s elapsed
Initiating NSE at 02:48
Completed NSE at 02:48, 0.00s elapsed
Initiating ARP Ping Scan at 02:48
Scanning 192.168.1.83 [1 port]
Completed ARP Ping Scan at 02:48, 0.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 02:48
Completed Parallel DNS resolution of 1 host. at 02:48, 0.03s elapsed
Initiating SYN Stealth Scan at 02:48
Scanning 192.168.1.83 [1000 ports]
Discovered open port 135/tcp on 192.168.1.83
Discovered open port 139/tcp on 192.168.1.83
Discovered open port 49155/tcp on 192.168.1.83
Discovered open port 49156/tcp on 192.168.1.83
Discovered open port 49154/tcp on 192.168.1.83
Discovered open port 49152/tcp on 192.168.1.83
Discovered open port 445/tcp on 192.168.1.83
Discovered open port 49153/tcp on 192.168.1.83
Discovered open port 5357/tcp on 192.168.1.83
Discovered open port 49157/tcp on 192.168.1.83
Completed SYN Stealth Scan at 02:48, 1.42s elapsed (1000 total ports)
Initiating Service scan at 02:48
Scanning 10 services on 192.168.1.83
Service scan Timing: About 50.00% done; ETC: 02:50 (0:00:53 remaining)
Completed Service scan at 02:49, 58.57s elapsed (10 services on 1 host)
Initiating OS detection (try #1) against 192.168.1.83
NSE: Script scanning 192.168.1.83.
Initiating NSE at 02:49
Completed NSE at 02:49, 6.00s elapsed
Initiating NSE at 02:49
Completed NSE at 02:49, 0.00s elapsed
Nmap scan report for 192.168.1.83
Host is up (0.00043s latency).
Not shown: 990 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
445/tcp open microsoft-ds Windows 7 Ultimate 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Service Unavailable
49152/tcp open msrpc Microsoft Windows RPC
49153/tcp open msrpc Microsoft Windows RPC
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open msrpc Microsoft Windows RPC
49156/tcp open msrpc Microsoft Windows RPC
49157/tcp open msrpc Microsoft Windows RPC
MAC Address: 00:0C:29:70:BD:91 (VMware)
Device type: general purpose
Running: Microsoft Windows 7|2008|8.1
OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows_8.1
OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, Windows Server 2008 R2, Windows 8, or Windows 8.1 Update 1
Uptime guess: 0.187 days (since Thu Aug 27 22:19:42 2020)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=250 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: Host: WIN7-PC; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_clock-skew: mean: -12h00m00s, deviation: 5h11m46s, median: -9h00m00s
| nbstat: NetBIOS name: WIN7-PC, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:70:bd:91 (VMware)
| Names:
| WIN7-PC<00> Flags: <unique><active>
| WORKGROUP<00> Flags: <group><active>
| WIN7-PC<20> Flags: <unique><active>
| WORKGROUP<1e> Flags: <group><active>
| WORKGROUP<1d> Flags: <unique><active>
|_ \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
| smb-os-discovery:
| OS: Windows 7 Ultimate 7601 Service Pack 1 (Windows 7 Ultimate 6.1)
| OS CPE: cpe:/o:microsoft:windows_7::sp1
| Computer name: Win7-PC
| NetBIOS computer name: WIN7-PC\x00
| Workgroup: WORKGROUP\x00
|_ System time: 2020-08-27T17:49:30+09:00
| smb-security-mode:
| account_used: <blank>
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
| smb2-security-mode:
| 2.02:
|_ Message signing enabled but not required
| smb2-time:
| date: 2020-08-27 17:49:30
|_ start_date: 2020-08-27 13:20:27
TRACEROUTE
HOP RTT ADDRESS
1 0.43 ms 192.168.1.83
NSE: Script Post-scanning.
Initiating NSE at 02:49
Completed NSE at 02:49, 0.00s elapsed
Initiating NSE at 02:49
Completed NSE at 02:49, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 68.64 seconds
Raw packets sent: 1145 (51.078KB) | Rcvd: 1017 (41.398KB)
# IDS/IPS에서 로그 확인 결과
2010939 5432 PostageSQL scan
2010937 3306 Mysql scan
2010936 1521 Oracle SQL scan
2010935 1443 MSSQL scan
2002910 2800-2850 VNC scan
2002911 2900-2920 VNC scan
2003068 ssh scan outbound
위와 같은 룰 정책이 탐지된 것을 볼 수 있었습니다.
반응형
'Security > NETWORK' 카테고리의 다른 글
| 와이어샤크 꿀팁 | 시간형식 변경 | 포트 번호 같이 보기 | Columns 설정| 그래프 만들기 | 패킷 시각화 (0) | 2020.09.12 |
|---|---|
| ncrack을 활용한 SSH(22번포트) 암호 크랙 (0) | 2020.08.27 |
| Untangle 을 활용하여 특정 사이트 차단하기 (0) | 2020.08.25 |
| Untangle 을 활용한 방화벽 실습 (0) | 2020.08.25 |
| Untangle 을 활용한 VPN 서버 설정 (0) | 2020.08.25 |
