terça-feira, 17 de junho de 2014

Nmap descobrindo a versão do programa remoto

Entre as várias funcionalidades do Nmap, um dos mais conhecidos scanner de rede, está a de tentar descobrir quais programas e versões estão instalados no alvo. A opçao "-sV" faz a brincadeira acontecer.

$ nmap -sV 172.20.1.1
Starting Nmap 6.00 ( http://nmap.org ) at 2014-06-17 11:56 BRT
Nmap scan report for 172.20.1.1
Host is up (0.0011s latency).
Not shown: 980 closed ports
PORT     STATE SERVICE       VERSION
42/tcp     open  wins              Microsoft Windows Wins
53/tcp     open  domain          Microsoft DNS
88/tcp     open  tcpwrapped
135/tcp   open  msrpc            Microsoft Windows RPC
139/tcp   open  netbios-ssn
389/tcp   open  ldap
445/tcp   open  microsoft-ds   Microsoft Windows 2003 or 2008 microsoft-ds
464/tcp   open  kpasswd5?
593/tcp   open  ncacn_http     Microsoft Windows RPC over HTTP 1.0
636/tcp   open  tcpwrapped
1025/tcp open  msrpc            Microsoft Windows RPC
1027/tcp open  ncacn_http     Microsoft Windows RPC over HTTP 1.0
1048/tcp open  msrpc            Microsoft Windows RPC
1053/tcp open  msrpc            Microsoft Windows RPC
1124/tcp open  msrpc            Microsoft Windows RPC
2701/tcp open  landesk-rc     LANDesk RC 2.0
2702/tcp open  sms-xfer?
3268/tcp open  ldap
3269/tcp open  tcpwrapped
3389/tcp open  ms-wbt-server Microsoft Terminal Service
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 50.23 seconds

Outro exemplo:

$ nmap -sV 172.20.1.14
Starting Nmap 6.00 ( http://nmap.org ) at 2014-06-17 12:21 BRT
Nmap scan report for www.segundatela.tv.br (172.20.1.14)
Host is up (0.00062s latency).
Not shown: 993 closed ports
PORT      STATE SERVICE                VERSION
22/tcp       open  ssh                    OpenSSH 6.0p1 Debian 4 (protocol 2.0)
80/tcp       open  http                   Apache httpd 2.2.16 ((Debian) PHP/5.3.3-7+squeeze14 with Suhosin-Patch)
111/tcp     open  rpcbind (rpcbind V2-4) 2-4 (rpc #100000)
666/tcp     open  http                   darkstat network analyzer httpd 3.0.715
873/tcp     open  rsync                 (protocol version 30)
2049/tcp   open  nfs (nfs V2-4)    2-4 (rpc #100003)
10000/tcp open  http                   MiniServ 1.660 (Webmin httpd)
Service Info: OSs: Linux, Unix; CPE: cpe:/o:linux:kernel

Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 46.18 seconds