kali@kali:~$ nmap -sP 192.168.1.1/24 Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-09 21:21 EDT Nmap scan report for 192.168.1.1 Host is up (0.013s latency). Nmap scan report for 192.168.1.4 Host is up (0.041s latency). Nmap scan report for 192.168.1.16 Host is up (0.0010s latency). Nmap scan report for 192.168.1.28 Host is up (0.0030s latency). Nmap scan report for 192.168.1.29 Host is up (0.00043s latency). Nmap done: 256 IP addresses (5 hosts up) scanned in 2.44 seconds
继续扫描目标主机上的服务:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
kali@kali:~$ nmap -p1-65535 -A 192.168.1.28 Starting Nmap 7.80 ( https://nmap.org ) at 2020-07-09 21:26 EDT Nmap scan report for 192.168.1.28 Host is up (0.00015s latency). Not shown: 65533 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 2048 94:36:4e:71:6a:83:e2:c1:1e:a9:52:64:45:f6:29:80 (RSA) | 256 b4:ce:5a:c3:3f:40:52:a6:ef:dc:d8:29:f3:2c:b5:d1 (ECDSA) |_ 256 09:6c:17:a1:a3:b4:c7:78:b9:ad:ec:de:8f:64:b1:7b (ED25519) 80/tcp open http Apache httpd 2.4.29 ((Ubuntu)) |_http-server-header: Apache/2.4.29 (Ubuntu) |_http-title: Apache2 Ubuntu Default Page: It works Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 8.68 seconds
---- Entering directory: http://192.168.1.28/tsweb/wp-includes/ ---- (!) WARNING: Directory IS LISTABLE. No need to scan it. (Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://192.168.1.28/tsweb/wp-admin/css/ ---- (!) WARNING: Directory IS LISTABLE. No need to scan it. (Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://192.168.1.28/tsweb/wp-admin/images/ ---- (!) WARNING: Directory IS LISTABLE. No need to scan it. (Use mode '-w' if you want to scan it anyway)
---- Entering directory: http://192.168.1.28/tsweb/wp-admin/includes/ ---- (!) WARNING: Directory IS LISTABLE. No need to scan it. (Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://192.168.1.28/tsweb/wp-admin/js/ ---- (!) WARNING: Directory IS LISTABLE. No need to scan it. (Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://192.168.1.28/tsweb/wp-admin/maint/ ---- (!) WARNING: Directory IS LISTABLE. No need to scan it. (Use mode '-w' if you want to scan it anyway) ---- Entering directory: http://192.168.1.28/tsweb/wp-admin/network/ ---- + http://192.168.1.28/tsweb/wp-admin/network/admin.php (CODE:302|SIZE:0) + http://192.168.1.28/tsweb/wp-admin/network/index.php (CODE:302|SIZE:0)\
---- Entering directory: http://192.168.1.28/tsweb/wp-content/upgrade/ ---- (!) WARNING: Directory IS LISTABLE. No need to scan it. (Use mode '-w' if you want to scan it anyway)
---- Entering directory: http://192.168.1.28/tsweb/wp-content/uploads/ ---- (!) WARNING: Directory IS LISTABLE. No need to scan it. (Use mode '-w' if you want to scan it anyway) ----------------- END_TIME: Thu Jul 9 23:44:08 2020 DOWNLOADED: 36896 - FOUND: 13