운영 체제 스캐닝 ( 해킹 스캐닝 )

운영 체제 스캐닝 ( 해킹 스캐닝 )

배너 그래빙 ( Banner Grabbing )  버전 정보 같은 것들을 수집하는 작업

telnet 명령어를 사용하여 원격지의 시스템에 로그인을 시도하면 나타나는 안내문

운영체제 버전과 커널 버전을 확인

배너 그래빙은 21, 23, 25, 110, 143 포트에서 가능

# nmap -sV 192.168.20.200

[root@linux200 ~]# nmap -F -sV 192.168.20.200   Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2016-12-08 08:14 KST Interesting ports on linux200.example.com (192.168.20.200): Not shown: 1227 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 2.0.5 22/tcp open ssh OpenSSH 4.3 (protocol 2.0) 23/tcp open telnet BSD-derived telnetd 25/tcp open smtp Sendmail 8.13.8/8.13.8 53/tcp open domain 80/tcp open http Apache httpd 2.2.3 ((CentOS)) 110/tcp open pop3 Dovecot pop3d 111/tcp open rpcbind 2 (rpc #100000) 143/tcp open imap Dovecot imapd 443/tcp open ssl/http Apache httpd 2.2.3 ((CentOS)) 993/tcp open ssl/imap Dovecot imapd 995/tcp open ssl/pop3 Dovecot pop3d Service Info: Host: mail.example.com; OS: Unix   Nmap finished: 1 IP address (1 host up) scanned in 19.004 seconds

 

리눅스 서버에서 작업을 하게 됩니다!

# telnet localhost 23

Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. <<-- 빨간색 진한 것은 컨트롤+] 키   linux200.example.com (Linux release 2.6.18-348.el5 #1 SMP Tue Jan 8 17:57:28 EST 2013) (3)   login: <CTRL + ]> telnet> quit

 

# telnet localhost 21

Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 (vsFTPd 2.0.5) quit

 

# telnet localhost 25

rying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.example.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 15 Jul 2014 09:28:06 +0900 quit

 

# lynx -head http://localhost

HTTP/1.1 200 OK Date: Wed, 16 Jul 2014 07:02:33 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Mon, 14 Jul 2014 10:40:47 GMT ETag: "62237b-43-ec8109c0" Accept-Ranges: bytes Content-Length: 67 Connection: close Content-Type: text/html; charset=UTF-8 Q

-> 대표적인 Text-based Web Browser : curl, lynx