Shulou(Shulou.com)06/01 Report--

How to use nmap to detect the system version and service version, many novices are not very clear about this, in order to help you solve this problem, the following small series will explain in detail for everyone, people who have this need can learn, I hope you can gain something.

Next up is the nmap penetration test--version detection text:

If you still think nmap is just a port scanning tool, and even think, since it is port scanning, why do I use nmap, it is really broken pattern.nmap not only can scan ports, you can detect and identify the version, in addition to Linux, but also support Windows.

1. In general we use-sV to enable version detection, simulating:

[root@xinsz08 ~]# nmap -sV 192.168.1.100

Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-12 09:48 CST

Nmap scan report for 192.168.1.100

Host is up (0.0000030s latency).

Not shown: 997 closed ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 5.3 (protocol 2.0)

111/tcp open rpcbind 2-4 (RPC #100000)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 6.39 seconds

2. We can also use the-A parameter for operating system detection and version detection,

[root@xinsz08 ~]# nmap -sV -A 192.168.1.100

Starting Nmap 7.60 ( https://nmap.org ) at 2017-10-12 09:57 CST

Nmap scan report for 192.168.1.100

Host is up (0.000045s latency).

Not shown: 997 closed ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 5.3 (protocol 2.0)

111/tcp open rpcbind 2-4 (RPC #100000)

| rpcinfo:

| program version port/proto service

| 100000 2,3,4 111/tcp rpcbind

| 100000 2,3,4 111/udp rpcbind

| 100024 1 41510/tcp status

|_ 100024 1 44842/udp status

3306/tcp open mysql MySQL (unauthorized)

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:linux_kernel:2.6.32

OS details: Linux 2.6.32

Network Distance: 0 hops

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 9.05 seconds

Here are some things to note:

Don't trust the options detected by the-sV or-A parameters, because some software will disguise them.

How to solve this problem? Another word you need to use at this point is scan intensity.

Parameter--version-intensity parameter can be directly followed by a level

The rating ranges from 0 to-9, with 0 representing the lowest intensity, 9 representing the highest intensity, and 7 by default. The higher the rating, the more likely the service is to be recognized.

[root@xinsz08 ~]# nmap -sV --version-intensity 9 192.168.1.100

Similarly, the higher the level, it means that the longer the consumption time, of course, the longer the time is relatively speaking, not long enough to tolerate the extent.

3. Enable OS probing

Let's start by probing Windows hosts:ip for 192.168.1.102

We use the parameter-O (capital O here, not 0)

If it is a Linux server, we just need to change the ip of the Linux server, and the parameter is also-O.

The main parameters used to detect system and service versions using nmap are:

-sV

-sV -A

-O

Did reading the above help you? If you still want to have further understanding of related knowledge or read more related articles, please pay attention to the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.