前言:
此刻看官们对“chunkedapache”都比较关心,我们都需要了解一些“chunkedapache”的相关资讯。那么小编也在网摘上汇集了一些对于“chunkedapache””的相关知识,希望大家能喜欢,兄弟们一起来了解一下吧!系统指纹识别1. 可以使用nmap进行识别 O参数
nmap -O 10.10.100.103#返回数据如下Starting Nmap 7.91 ( ) at 2021-02-05 22:41 CSTNmap scan report for 10.10.100.103Host is up (0.00028s latency).Not shown: 993 closed portsPORT STATE SERVICE21/tcp open ftp80/tcp open http135/tcp open msrpc139/tcp open netbios-ssn445/tcp open microsoft-ds1026/tcp open LSA-or-nterm3306/tcp open mysqlMAC Address: 00:0C:29:28:F9:63 (VMware)Device type: general purposeRunning: Microsoft Windows 2003OS CPE: cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2OS details: Microsoft Windows Server 2003 SP1 or SP2Network Distance: 1 hopOS detection performed. Please report any incorrect results at .Nmap done: 1 IP address (1 host up) scanned in 9.11 seconds
还有一个p0f这个工具,它是被动扫描识别工具,在最新的kali上并没有安装它,需要执行sudo apt-get install p0f 安装
#操作方法p0f -h 查看参数 p0f -h--- p0f 3.09b by Michal Zalewski <lcamtuf@coredump.cx> ---p0f: invalid option -- 'h'Usage: p0f [ ...options... ] [ 'filter rule' ]Network interface options: -i iface - listen on the specified network interface -r file - read offline pcap data from a given file -p - put the listening interface in promiscuous mode -L - list all available interfacesOperating mode and output settings: -f file - read fingerprint database from 'file' (/etc/p0f/p0f.fp) -o file - write information to the specified log file -s name - answer to API queries at a named unix socket -u user - switch to the specified unprivileged account and chroot -d - fork into background (requires -o or -s)Performance-related options: -S limit - limit number of parallel API connections (20) -t c,h - set connection / host cache age limits (30s,120m) -m c,h - cap the number of active connections / hosts (1000,10000)Optional filter expressions (man tcpdump) can be specified in the commandline to prevent p0f from looking at incidental network traffic.Problems? You can reach the author at <lcamtuf@coredump.cx>.#监听一块网卡,telnet ,ping ,手动触发等如 p0f -i eth0 监听网卡,访问10.10.100.103 显示为如下.-[ 10.10.100.110/52530 -> 10.10.100.103/80 (syn+ack) ]-|这里并没有获取到服务器信息| server = 10.10.100.103/80| os = ??? 这里并没有获取到服务器信息| dist = 0| params = none| raw_sig = 4:128+0:0:1460:mss*44,0:mss,nop,ws,nop,nop,ts,nop,nop,sok:ts1-:0|`----.-[ 10.10.100.110/52530 -> 10.10.100.103/80 (mtu) ]-|| server = 10.10.100.103/80| link = Ethernet or modem| raw_mtu = 1500|`----.-[ 10.10.100.110/52530 -> 10.10.100.103/80 (http request) ]-|| client = 10.10.100.110/52530| app = Firefox 10.x or newer| lang = English| params = none| raw_sig = 1:Host,User-Agent,Accept=[text/html,application/xhtml+xml ,application/xml;q=0.9,image/webp,*/*;q=0.8], Accept-Language=[en-US,en;q=0.5], Accept-Encoding=[gzip, deflate],Connection=[keep-alive], Upgrade-Insecure-Requests=[1],?Cache-Control:Accept-Charset ,Keep-Alive:Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0|`----.-[ 10.10.100.110/52530 -> 10.10.100.103/80 (http response) ]-|| server = 10.10.100.103/80| app = Apache 2.x #app地址| lang = none| params = none包括一些详细信息| raw_sig = 1:Date,Server,X-Powered-By=[PHP/5.4.45],Keep-Alive=[timeout=5, max=100],Connection=[Keep-Alive],Transfer-Encoding=[chunked],Content-Type:Accept-Ranges:Apache/2.4.23 (Win32) OpenSSL/1.0.2j PHP/5.4.45其他信息收集工具1.recon-ng
它是由python编写的一个开源框架和msf长的差不多,用它来查找子域名是比较方便的 ,在最新的kali里没有安装应用,默认打开是使用不了的,如下图
这个可以看到,没有可用的模块可以 使用,需要使用 marketplace install all 进行安装,安装后如下
使用模块 modules load 模块名搜索模块 modules search 模块名案例:查找百度子域名(一个完整的流程)#创建一个新的工作区recon-ng -w baidu#使用对应的模块这里选用bing 可以搜索
使用modules load 模块名进行加载,这里可以用tab键补全哦
查看参数并设置
执行 run (这里只截取了一部分)
搜索到的结果会显示的hosts里show hosts 可以查看
这里已经知道域名了,但是想显示ip地址,也可以加载另一个模块,使用上一个查询出来的结果使用这个模块 modules load recon/hosts-hosts/resolve
options set source query select host from hosts (这里呢相当于在hosts里查指定的列的数据做为source)
执行run,可以对域名进行解析
执行 show hosts 也可以进行查看
也可以执行导出,查询导出模块modules search report
和使用别的模块一样,这里省略了呀,只显示最后结果吧
更多的模块,可以查看帮助文档
版权声明:
本站文章均来自互联网搜集,如有侵犯您的权益,请联系我们删除,谢谢。
标签: #chunkedapache
