nmap practica

1. Instala el programa de software libre Nmap/Zenmap y averiga todos los equipos que hay en tu subred y los puertos abie

Views 205 Downloads 2 File size 129KB

Report DMCA / Copyright

DOWNLOAD FILE

Recommend stories
Nmap
Nmap

46 0 526KB Read more

Nmap
Nmap

# nmap 10.0.2.15 Este resultado puede variar, dependiendo de las opciones que se le pasen a nmap o de la cantidad de pu

13 0 1MB Read more

tutorial nmap
tutorial nmap

NMAP - Herramienta de exploracion de red y escaner de seguridad. SINOPSIS nmap [Tipos(s)de escaneo] [Opciones] DESCRIP

62 15 35KB Read more

Scanner Nmap
Scanner Nmap

29 3 655KB Read more

Nmap Mindmap
Nmap Mindmap

-p -sA ACK Scan --scanflags -sF FIN Scan -g/--source_port -sI Idel Scan -sL List/DNS Scan --spoof_mac -sM Maimon

41 0 35KB Read more

Nmap Workshop
Nmap Workshop

40 0 1MB Read more

Manual NMAP
Manual NMAP

56 42 365KB Read more

Tutorial Nmap
Tutorial Nmap

42 0 586KB Read more

Nmap Network Scanning
Nmap Network Scanning

24 0 138KB Read more

Lista de Comandos NMAP
Lista de Comandos NMAP

Lista de comandos NMAP (cheatsheet) En esta entrada de hoy recogemos una chuleta de comandos de nmap que todo buen pent

2 0 286KB Read more

Citation preview

1. Instala el programa de software libre Nmap/Zenmap y averiga todos los equipos que hay en tu subred y los puertos abiertos en cada equipo.

2. Averiguar los puertos abiertos del equipo 172.26.103.8.

Abriremos Knmap que lo encontraremos en Aplicaciones/ Accesorio/ Terminal. Cuando esté abierto, escribiremos en la barra de "Target host(s)" la IP 172.26.103.8 y pulsaremos en "Start nmap".

Nos aparecerá el siguiente código indicándonos que el equipo con IP 172.26.103.8 tiene todos los puertos abiertos.

3. ¿Cuál es el Sistema Operativo del equipo con IP 172.26.103.8?

Para comprobar cuál es el sistema operativo de este equipo iremos a la pestaña "Simple Option" de Knmap y marcaremos la casilla de verificación de "OS Detection (-O)".

Después pulsaremos en "Start nmap" y nos aparecerá el siguiente código:

kdesu -n /usr/bin/nmap -T Normal -O 172.26.103.8 > /tmp/kdealumno/knmap_stderr_1017100316 2> /tmp/kde-alumno/knmap_stderr_1385659310 Starting Nmap 4.20 ( http://insecure.org ) at 2008-04-25 09:31 CEST Interesting ports on 172.26.103.8: Not shown: 1694 closed ports PORT STATE SERVICE 53/tcp open domain 111/tcp open rpcbind 10000/tcp open snet-sensor-mgmt MAC Address: 00:0F:EA:31:C5:FA (Giga-Byte Technology Co.) No exact OS matches for host (If you know what OS is running on it, see http://insecure.org/nmap/submit/ ). TCP/IP fingerprint: OS:SCAN(V=4.20%D=4/25%OT=53%CT=1%CU=33247%PV=Y%DS=1%G=Y%M=000FEA %TM=481188E OS:0%P=i686-pc-linux-gnu)SEQ(SP=D8%GCD=1%ISR=EF%TI=Z%II=I%TS=8)SEQ(SP=D8%GC OS:D=2%ISR=EF%TI=Z%II=I%TS=8)SEQ(SP=D8%GCD=1%ISR=EF%TI=Z%II=I%TS=8)OPS(O1=M OS:5B4ST11NW4%O2=M5B4ST11NW4%O3=M5B4NNT11NW4%O4=M5B4ST11NW4%O5=M5B 4ST11NW4% OS:O6=M5B4ST11)WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)E CN(R=Y% OS:DF=Y%T=40%W=16D0%O=M5B4NNSNW4%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+ %F=AS%RD= OS:0%Q=)T2(R=N)T3(R=Y%DF=Y%T=40%W=16A0%S=O%A=S+%F=AS %O=M5B4ST11NW4%RD=0%Q=) OS:T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y %T=40%W=0%S=Z%A=S OS:+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O= %RD=0%Q=)T7(R=Y%DF= OS:Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N %T=40%TOS=C0%IPL=164%UN=0 OS:%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUL=G%RUD=G)IE(R=Y%DFI=N%T=40%TOSI=S %CD=S%S OS:I=S%DLI=S) Uptime: 0.030 days (since Fri Apr 25 08:49:08 2008) Network Distance: 1 hop OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ . Nmap finished: 1 IP address (1 host up) scanned in 11.862 seconds

El sistema operativo que está utilizando este equipo es Linux (Ubuntu).

4. ¿Qué ordenadores de nuestra red están encendidos?

Averiguaremos que los ordenadores están encendidos escribiremos el comando nmap -sP 172.26.0.0/17. El código que obtendremos será algo así: Starting Nmap 4.53 ( http://insecure.org ) at 2008-04-28 13:37 CEST Strange error from connect (105):No buffer space available Host 172.26.0.1 appears to be up. Host 172.26.0.2 appears to be up. Host 172.26.0.4 appears to be up. Host 172.26.0.10 appears to be up. Host 172.26.103.7 appears to be up. Nmap done: 32768 IP addresses (5 hosts up) scanned in 11.345 seconds .

A continuación también añado una captura de cómo quedaría en la terminal.

5. ¿Cuáles son los ordenadores de nuestra clase que están encendidos? Para averiguar los equipos de nuestra clase que están encendidos escribiremos el siguiente código en la terminal: nmap 172.26.103.0/24>puntot6xt.txt.

Nos aparecerá algo similar al código que añado: Starting Nmap 4.20 ( http://insecure.org ) at 2008-04-25 10:28 CEST All 1697 scanned ports on 172.26.103.2 are closed Interesting ports on 172.26.103.5: Not shown: 1696 closed ports PORT STATE SERVICE 3128/tcp open squid-http Interesting ports on 172.26.103.7: Not shown: 1694 closed ports PORT STATE SERVICE

80/tcp open http 3128/tcp open squid-http 8080/tcp open http-proxy All 1697 scanned ports on 172.26.103.12 are closed All 1697 scanned ports on 172.26.103.17 are closed Nmap finished: 256 IP addresses (5 hosts up) scanned in 2.712 seconds

También añado una captura de cómo quedaría en el punto6xt.txt.

6. Averiguar si el equipo con IP 127.26.103.9 está jugando a los Worms.

Escribiremos nmap -PN 172.26.103.20. Nos aparecerá el siguiente código indicándonos los puertos que están abiertos en este equipo.

Starting Nmap 4.53 ( http://insecure.org ) at 2008-04-29 09:47 CEST Interesting ports on 172.26.103.20: PORT STATE SERVICE 17010/udp open|filtered unknown 17012/udp open|filtered unknown MAC Address: 00:0F:EA:31:C5:FA (Giga-Byte Technology Co.) Nmap done: 1 IP address (1 host up) scanned in 1.597 seconds

7. Averiguar qué equipos de la red están jugando a los Worms. Primero comprobaremos cuáles son los puertos del Worms: 17010 y 17012. A continuación averiguaremos qué equipos están jugando en red escribiendo el siguiente

comando en la terminal: sudo nmap -sU -p 17010,17012 172.26.103.0/24. El resultado será el siguiente: Starting Nmap 4.53 ( http://insecure.org ) at 2008-04-29 10:04 CEST Interesting ports on 172.26.103.2: PORT STATE SERVICE 17010/udp closed unknown 17012/udp closed unknown MAC Address: 00:1A:4D:6E:07:EB (Gigabyte Technology Co.)

Interesting ports on 172.26.103.5: PORT STATE SERVICE 17010/udp closed unknown 17012/udp closed unknown MAC Address: 00:1A:4D:7F:9D:D3 (Gigabyte Technology Co.) Interesting ports on 172.26.103.7: PORT STATE SERVICE 17010/udp closed unknown 17012/udp closed unknown

Interesting ports on 172.26.103.8: PORT STATE SERVICE 17010/udp closed unknown 17012/udp closed unknown MAC Address: 00:1A:4D:75:71:79 (Gigabyte Technology Co.)

Interesting ports on 172.26.103.9:

PORT STATE SERVICE 17010/udp closed unknown 17012/udp closed unknown MAC Address: 00:1A:4D:75:70:74 (Gigabyte Technology Co.)

Interesting ports on 172.26.103.12: PORT STATE SERVICE 17010/udp closed unknown 17012/udp closed unknown MAC Address: 00:C0:9F:F2:ED:63 (Quanta Computer)

Interesting ports on 172.26.103.13: PORT STATE SERVICE 17010/udp open|filtered unknown 17012/udp open|filtered unknown MAC Address: 00:16:17:4F:AF:D5 (MSI)

Interesting ports on 172.26.103.17: PORT STATE SERVICE 17010/udp closed unknown 17012/udp closed unknown MAC Address: 00:1B:38:AB:BE:A2 (Compal Information (kunshan) CO.)

Interesting ports on 172.26.103.20: PORT STATE SERVICE 17010/udp open|filtered unknown

17012/udp open|filtered unknown MAC Address: 00:0F:EA:31:C5:FA (Giga-Byte Technology Co.)

Interesting ports on 172.26.103.26: PORT STATE SERVICE 17010/udp closed unknown 17012/udp closed unknown MAC Address: 00:19:66:44:E6:F3 (Asiarock Technology Limited) Interesting ports on 172.26.103.28: PORT STATE SERVICE 17010/udp closed unknown 17012/udp closed unknown MAC Address: 00:1A:4D:75:70:94 (Gigabyte Technology Co.) Nmap done: 256 IP addresses (11 hosts up) scanned in 3.142 seconds

8. Averiguar qué equipos de la red están juando al WOW. Los puertos del WOW son 6112, 3724, 6881-6999. A continuación averiguaremos los equipos de la red que están jugando al WOW, para ello pondremos en la terminal: sudo nmap -sU -p 6112,3724,6881-6999 172.26.103.0/24. Starting Nmap 4.53 ( http://insecure.org ) at 2008-04-30 09:20 CEST All 121 scanned ports on 172.26.103.2 are closed MAC Address: 00:1A:4D:6E:07:EB (Gigabyte Technology Co.) All 121 scanned ports on 172.26.103.5 are closed MAC Address: 00:1A:4D:7F:9D:D3 (Gigabyte Technology Co.) All 121 scanned ports on 172.26.103.7 are closed All 121 scanned ports on 172.26.103.8 are closed MAC Address: 00:1A:4D:75:71:79 (Gigabyte Technology Co.) All 121 scanned ports on 172.26.103.9 are closed MAC Address: 00:1A:4D:75:70:74 (Gigabyte Technology Co.)

All 121 scanned ports on 172.26.103.12 are closed MAC Address: 00:C0:9F:F2:ED:63 (Quanta Computer) All 121 scanned ports on 172.26.103.13 are open|filtered MAC Address: 00:16:17:4F:AF:D5 (MSI) All 121 scanned ports on 172.26.103.17 are closed MAC Address: 00:1B:38:AB:BE:A2 (Compal Information (kunshan) CO.) All 121 scanned ports on 172.26.103.20 are closed MAC Address: 00:0F:EA:31:C5:FA (Giga-Byte Technology Co.) All 121 scanned ports on 172.26.103.26 are closed MAC Address: 00:19:66:44:E6:F3 (Asiarock Technology Limited) All 121 scanned ports on 172.26.103.28 are closed MAC Address: 00:1A:4D:75:70:94 (Gigabyte Technology Co.) All 121 scanned ports on 172.26.103.33 are closed MAC Address: 00:1A:92:55:DC:EF (Asustek Computer) Nmap done: 256 IP addresses (12 hosts up) scanned in 233.499 seconds

9. Averiguar qué equipos tienen un servidor FTP activado o un HTTP o un DNS.

Conseguiremos averiguar los equipos que tienen un servidor FTP activado o un HTTP o un DNS con el siguiente comando: nmap -p 53,80 172.26.103.0/24. Las líneas resultantes son: Starting Nmap 4.53 ( http://insecure.org ) at 2008-04-29 10:16 CEST Interesting ports on 172.26.103.2: PORT STATE SERVICE 53/tcp closed domain 80/tcp closed http

Interesting ports on 172.26.103.5: PORT STATE SERVICE 53/tcp closed domain

80/tcp closed http

Interesting ports on 172.26.103.7: PORT STATE SERVICE 53/tcp closed domain 80/tcp closed http

Interesting ports on 172.26.103.8: PORT STATE SERVICE 53/tcp closed domain 80/tcp closed http

Interesting ports on 172.26.103.9: PORT STATE SERVICE 53/tcp closed domain 80/tcp closed http

Interesting ports on 172.26.103.12: PORT STATE SERVICE 53/tcp closed domain 80/tcp closed http

Interesting ports on 172.26.103.17: PORT STATE SERVICE 53/tcp closed domain 80/tcp closed http

Interesting ports on 172.26.103.20: PORT STATE SERVICE 53/tcp closed domain 80/tcp open http

Interesting ports on 172.26.103.26: PORT STATE SERVICE 53/tcp closed domain 80/tcp open http

Interesting ports on 172.26.103.28: PORT STATE SERVICE 53/tcp closed domain 80/tcp closed http Nmap done: 256 IP addresses (10 hosts up) scanned in 0.936 seconds)

10. Averiguar los puertos abiertos de cada uno de los equipos de la red que están encendidos.

Para averiguar los pc's encendidos de nuestra red pondremos nmap -sP 172.26.0.0/24. Starting Nmap 4.53 ( http://insecure.org ) at 2008-04-29 08:58 CEST Strange error from connect (105):No buffer space available Host 172.26.0.1 appears to be up. Host 172.26.0.2 appears to be up. Host 172.26.0.4 appears to be up. Host 172.26.0.10 appears to be up.

Host 172.26.103.2 appears to be up. Host 172.26.103.7 appears to be up. Host 172.26.103.20 appears to be up. Nmap done: 32768 IP addresses (7 hosts up) scanned in 10.956 seconds

Para ver los puertos que tienen abiertos pondremos: nmap --allports 172.26.103.0/24 y el código resultante es: Starting Nmap 4.53 ( http://insecure.org ) at 2008-04-29 09:37 CEST All 1714 scanned ports on 172.26.103.2 are closed

Interesting ports on 172.26.103.3: Not shown: 1711 closed ports PORT STATE SERVICE 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds

Interesting ports on 172.26.103.5: Not shown: 1713 closed ports PORT STATE SERVICE 3128/tcp open squid-http

Interesting ports on 172.26.103.7: Not shown: 1713 closed ports PORT STATE SERVICE 902/tcp open iss-realsecure-sensor

All 1714 scanned ports on 172.26.103.8 are closed

Interesting ports on 172.26.103.9: Not shown: 1713 closed ports PORT STATE SERVICE 10000/tcp open snet-sensor-mgmt

All 1714 scanned ports on 172.26.103.12 are closed

All 1714 scanned ports on 172.26.103.17 are closed

Interesting ports on 172.26.103.20: Not shown: 1710 closed ports PORT STATE SERVICE 80/tcp open http 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds

Interesting ports on 172.26.103.26: Not shown: 1707 closed ports PORT STATE SERVICE 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn

445/tcp open microsoft-ds 2049/tcp open nfs 3128/tcp open squid-http 8080/tcp open http-proxy

Nmap done: 256 IP addresses (10 hosts up) scanned in 3.926 seconds

11. Propón otro uso de Nmap y resuélvelo.