핸즈온 해킹 서적 정리
nmap 명령어
nmap -sT -A -vv -n -Pn 192.168.1.2 -p- -oN result.txt
-sT : TCP 3웨이 핸드쉐이크를 이용하여 대상 접속
-A : OS 검출, 버전 검출, 스크립트 스캐닝 (NSE), 경로추적
-vv : 상세하게
-n : DNS 해석을 비활성화 한다.
- Pn : 핑 비활성화
-p- : 모든 포트
-oN : 결과를 텍스트로 저장한다.
Nmap scan report for 10.0.2.6
Host is up, received arp-response (0.0015s latency).
Scanned at 2023-01-15 03:27:31 EST for 203s
Not shown: 65522 closed tcp ports (conn-refused)
PORT STATE SERVICE REASON VERSION
9/tcp open discard? syn-ack
21/tcp open ftp syn-ack ProFTPD 1.3.3a
|_auth-owners: nobody
25/tcp open smtp syn-ack Exim smtpd 4.68
| smtp-commands: localhost Hello nmap.scanme.org [10.0.2.5], SIZE 52428800, EXPN, PIPELINING, HELP
|_auth-owners: Debian-exim
37/tcp open time syn-ack (32 bits)
|_rfc868-time: 2023-01-15T08:30:41
79/tcp open finger syn-ack Linux fingerd
|_finger: No one logged on.\x0D
80/tcp open http syn-ack nginx 1.4.0
|_http-server-header: nginx/1.4.0
|_auth-owners: www-data
| http-methods:
|_ Supported Methods: GET HEAD POST
110/tcp open pop3 syn-ack Cyrus pop3d 2.3.2
|_ssl-date: TLS randomness does not represent time
|_pop3-capabilities: SASL(DIGEST-MD5 CRAM-MD5 NTLM) LOGIN-DELAY(0) RESP-CODES TOP STLS IMPLEMENTATION(Cyrus POP3 server v2) USER PIPELINING AUTH-RESP-CODE UIDL EXPIRE(NEVER) APOP
|_auth-owners: cyrus
| pop3-ntlm-info:
|_ Target_Name: MAILSERVER01
| ssl-cert: Subject: commonName=hackbloc.linux01.lab/organizationName=HackerHouse/stateOrProvinceName=HH/countryName=UK/emailAddress=info@myhackerhouse.com/organizationalUnitName=HackerHouse/localityName=test
| Issuer: commonName=Superfish, Inc./organizationName=Superfish, Inc./stateOrProvinceName=CA/countryName=US/localityName=SF
| Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2016-12-01T11:34:00
| Not valid after: 2034-05-07T16:25:00
| MD5: 8e68fc141986959b175bf81dc5509829
| SHA-1: d807aeb703b9a2a26cc01e5ef93b1740861c3766
113/tcp open ident? syn-ack
|_auth-owners: oident
143/tcp open imap syn-ack Cyrus imapd 2.3.2
| ssl-cert: Subject: commonName=hackbloc.linux01.lab/organizationName=HackerHouse/stateOrProvinceName=HH/countryName=UK/emailAddress=info@myhackerhouse.com/organizationalUnitName=HackerHouse/localityName=test
| Issuer: commonName=Superfish, Inc./organizationName=Superfish, Inc./stateOrProvinceName=CA/countryName=US/localityName=SF
| Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2016-12-01T11:34:00
| Not valid after: 2034-05-07T16:25:00
| MD5: 8e68fc141986959b175bf81dc5509829
| SHA-1: d807aeb703b9a2a26cc01e5ef93b1740861c3766
443/tcp open ssl/http syn-ack nginx 1.4.0
| tls-nextprotoneg:
|_ http/1.1
|_http-server-header: nginx/1.4.0
| ssl-cert: Subject: commonName=hackbloc.linux01.lab/organizationName=HH/stateOrProvinceName=Underground/countryName=UK/emailAddress=root@localhost/organizationalUnitName=Elite Squad/localityName=Private
| Issuer: commonName=Superfish, Inc./organizationName=Superfish, Inc./stateOrProvinceName=CA/countryName=US/localityName=SF
993/tcp open ssl/imap syn-ack Cyrus imapd 2.3.2
| ssl-cert: Subject: commonName=hackbloc.linux01.lab/organizationName=HackerHouse/stateOrProvinceName=HH/countryName=UK/emailAddress=info@myhackerhouse.com/organizationalUnitName=HackerHouse/localityName=test
| Issuer: commonName=Superfish, Inc./organizationName=Superfish, Inc./stateOrProvinceName=CA/countryName=US/localityName=SF
995/tcp open ssl/pop3 syn-ack Cyrus pop3d 2.3.2
| ssl-cert: Subject: commonName=hackbloc.linux01.lab/organizationName=HackerHouse/stateOrProvinceName=HH/countryName=UK/emailAddress=info@myhackerhouse.com/organizationalUnitName=HackerHouse/localityName=test
| Issuer: commonName=Superfish, Inc./organizationName=Superfish, Inc./stateOrProvinceName=CA/countryName=US/localityName=SF
4190/tcp open sieve syn-ack Cyrus timsieved 2.3.2 (included w/cyrus imap)
|_auth-owners: cyrus
MAC Address: 08:00:27:71:EA:FA (Oracle VirtualBox virtual NIC)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.16 - 4.6
TCP/IP fingerprint:
# Nmap done at Sun Jan 15 03:30:54 2023 -- 1 IP address (1 host up) scanned in 204.02 seconds
hydra를 이용한 패스워드 무차별 대입 공격
hydra -L realusers.txt -P ./wordlists/weak_passwords.txt 192.1.1.2 pop3