Paso 1: Saber que rango de ips se asignan a un país, para ello buscar en https://www.ipdeny.com/ipblocks/ \\ - como podemos ver, en https://www.ipdeny.com/ipblocks/data/countries/kp.zone sólamente tiene el bloque 175.45.176.0/22. \\ Ésto quiere decir que se asignan 32 bits - 22 = 10, 2^10 = 1024 ips \\ Escaneo completo y detallado mediante nmap de las 1024 ips que incluya la detección del sistema operativo \\ nmap -A -v 175.45.176.0/22 (Nota: ejecutar con sudo) \\ Aquí el problema que nos encontramos es que al ser la salida muy larga y exceder el buffer de la terminal el resultado se nos perderá, por lo tanto es mejor guardar el resultado de la salida en un fichero de texto, así que vamos a corregir el comando: \\ nmap -A -v 175.45.176.0/22 > resultado.txt (Nota: ejecutar con sudo) \\ después de 3 horas termina el escaneo, el archivo lo subo para que podais analizarlo y aprender, aquí la salida interesante: \\ Completed Connect Scan at 14:51, 8653.30s elapsed (18000 total ports) \\ Initiating Service scan at 14:51 \\ Scanning 37 services on 18 hosts \\ Completed Service scan at 14:52, 72.44s elapsed (37 services on 18 hosts) \\ NSE: Script scanning 18 hosts. \\ Initiating NSE at 14:52 \\ Completed NSE at 14:56, 244.20s elapsed \\ Initiating NSE at 14:56 \\ Completed NSE at 15:04, 466.18s elapsed \\ Initiating NSE at 15:04 \\ Completed NSE at 15:04, 0.01s elapsed \\ Nmap scan report for mail1.silibank.net.kp (175.45.176.21) \\ Host is up (0.48s latency). \\ Not shown: 998 filtered ports \\ PORT STATE SERVICE VERSION \\ 995/tcp open pop3s? \\ 7443/tcp closed oracleas-https \\ \\ Nmap scan report for 175.45.176.22 \\ Host is up (0.46s latency). \\ Not shown: 998 filtered ports \\ PORT STATE SERVICE VERSION \\ 995/tcp open pop3s? \\ 8888/tcp open sun-answerbook? \\ \\ Nmap scan report for 175.45.176.68 \\ Host is up (0.47s latency). \\ Not shown: 999 filtered ports \\ PORT STATE SERVICE VERSION \\ 80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips PHP/5.6.2) \\ \\ Nmap scan report for 175.45.176.69 \\ Host is up (0.42s latency). \\ Not shown: 998 filtered ports \\ PORT STATE SERVICE VERSION \\ 25/tcp open tcpwrapped \\ |_smtp-commands: Couldn't establish connection on port 25 \\ 80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips PHP/5.6.2) \\ \\ Nmap scan report for 175.45.176.71 \\ Host is up (0.43s latency). \\ Not shown: 998 filtered ports \\ PORT STATE SERVICE VERSION \\ 80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips PHP/5.6.2) \\ 443/tcp open ssl/https? \\ \\ Nmap scan report for 175.45.176.72 \\ Host is up (0.52s latency). \\ Not shown: 977 closed ports \\ PORT STATE SERVICE VERSION \\ 13/tcp filtered daytime \\ 80/tcp open http Microsoft IIS httpd 7.5 \\ 82/tcp filtered xfer \\ 135/tcp filtered msrpc \\ 139/tcp filtered netbios-ssn \\ 443/tcp open ssl/https? \\ 445/tcp filtered microsoft-ds \\ 555/tcp filtered dsf \\ 593/tcp filtered http-rpc-epmap \\ 722/tcp filtered unknown \\ 1151/tcp filtered unizensus \\ 1433/tcp open ms-sql-s Microsoft SQL Server 2000 8.00.311; RTMa \\ 2710/tcp filtered sso-service \\ 3017/tcp filtered event_listener \\ 3372/tcp filtered msdtc \\ 4444/tcp filtered krb524 \\ 4446/tcp filtered n1-fwp \\ 30718/tcp filtered unknown \\ 49152/tcp open unknown \\ 49153/tcp open unknown \\ 49154/tcp open msrpc Microsoft Windows RPC \\ 49155/tcp open unknown \\ 60020/tcp filtered unknown \\ Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows \\ \\ Nmap scan report for 175.45.176.75 \\ Host is up (0.45s latency). \\ Not shown: 998 filtered ports \\ PORT STATE SERVICE VERSION \\ 80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips) \\ 443/tcp open ssl/http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips) \\ | ssl-cert: Subject: commonName=www.vok.rep.kp/organizationName=KRT/stateOrProvinceName=Pyongyang/countryName=KP \\ | Subject Alternative Name: IP Address:175.45.176.75, IP Address:175.45.176.85, IP Address:175.45.176.73, IP Address:175.45.176.83, DNS:www.vok.rep.kp, DNS:www.gnu.rep.kp \\ | Issuer: commonName=www.dprk.gov.kp/organizationName=dprk/stateOrProvinceName=Pyongyang/countryName=KP \\ | Public Key type: rsa \\ | Public Key bits: 4096 \\ | Signature Algorithm: sha256WithRSAEncryption \\ | Not valid before: 2018-08-21T04:02:01 \\ | Not valid after: 2021-08-20T04:02:01 \\ | MD5: fed6 b74d 0e32 58be cdd1 9774 3b3f 989b \\ |_SHA-1: ac0a fed2 701d 3d18 994a 05d9 708d 18b1 f37e 5d40 \\ \\ Nmap scan report for 175.45.176.76 \\ Host is up (0.46s latency). \\ Not shown: 997 filtered ports \\ PORT STATE SERVICE VERSION \\ 25/tcp open tcpwrapped \\ |_smtp-commands: Couldn't establish connection on port 25 \\ 80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips PHP/5.6.2) \\ 443/tcp open ssl/https? \\ | http-methods: \\ |_ Supported Methods: GET HEAD \\ \\ Nmap scan report for 175.45.176.80 \\ Host is up (0.48s latency). \\ Not shown: 999 filtered ports \\ PORT STATE SERVICE VERSION \\ 80/tcp open http nginx 1.18.0 \\ \\ Nmap scan report for 175.45.176.81 \\ Host is up (0.45s latency). \\ Not shown: 997 filtered ports \\ PORT STATE SERVICE VERSION \\ 25/tcp open tcpwrapped \\ |_smtp-commands: Couldn't establish connection on port 25 \\ 80/tcp open http nginx 1.18.0 \\ 443/tcp open ssl/http nginx 1.18.0 \\ | ssl-cert: Subject: commonName=192.168.245.6 \\ | Subject Alternative Name: DNS:Xen-6, DNS:Xen-6 \\ | Issuer: commonName=192.168.245.6 \\ | Public Key type: rsa \\ | Public Key bits: 2048 \\ | Signature Algorithm: sha256WithRSAEncryption \\ | Not valid before: 2022-10-19T13:19:44 \\ | Not valid after: 2032-10-16T13:19:44 \\ | MD5: dc5e 7405 d03b 976c 7b8d ea61 4c87 e08c \\ |_SHA-1: e336 92d0 0745 3bb0 fde9 e727 2aad 564a 83fa da37 \\ \\ Nmap scan report for 175.45.176.85 \\ Host is up (0.45s latency). \\ Not shown: 997 filtered ports \\ PORT STATE SERVICE VERSION \\ 25/tcp open tcpwrapped \\ |_smtp-commands: Couldn't establish connection on port 25 \\ 80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips) \\ 443/tcp open ssl/http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips) \\ | http-methods: \\ |_ Supported Methods: GET HEAD POST \\ \\ Nmap scan report for 175.45.176.91 \\ Host is up (0.42s latency). \\ Not shown: 998 filtered ports \\ PORT STATE SERVICE VERSION \\ 80/tcp open http nginx 1.18.0 \\ 443/tcp closed https \\ \\ Nmap scan report for 175.45.177.1 \\ Host is up (0.39s latency). \\ Not shown: 998 filtered ports \\ PORT STATE SERVICE VERSION \\ 80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips PHP/5.6.2) \\ 443/tcp open ssl/https? \\ \\ Nmap scan report for 175.45.177.10 \\ Host is up (0.56s latency). \\ Not shown: 969 filtered ports \\ PORT STATE SERVICE VERSION \\ 22/tcp closed ssh \\ 23/tcp closed telnet \\ 25/tcp open tcpwrapped \\ |_smtp-commands: Couldn't establish connection on port 25 \\ 53/tcp closed domain \\ 80/tcp open http nginx 1.18.0 \\ 113/tcp closed ident \\ 199/tcp closed smux \\ 256/tcp closed fw1-secureremote \\ 443/tcp open ssl/http nginx 1.18.0 \\ |_http-server-header: nginx/1.18.0 \\ |_http-title: Welcome to nginx! \\ | ssl-cert: Subject: commonName=5-XEN \\ | Subject Alternative Name: DNS:5-XEN, DNS:5-XEN \\ | Issuer: commonName=5-XEN \\ | Public Key type: rsa \\ | Public Key bits: 2048 \\ | Signature Algorithm: sha256WithRSAEncryption \\ | Not valid before: 2022-09-26T09:45:28 \\ | Not valid after: 2032-09-23T09:45:28 \\ | MD5: 5362 755f 3041 cc43 3b16 61fb 60ed 2966 \\ |_SHA-1: e614 fbef 2595 bddf 52cd e1cc 6977 90ca 7c2a e612 \\ 554/tcp closed rtsp \\ 993/tcp closed imaps \\ 1042/tcp closed afrog \\ 1048/tcp closed neod2 \\ 1057/tcp closed startron \\ 1999/tcp closed tcp-id-port \\ 2638/tcp closed sybase \\ 3003/tcp closed cgms \\ 3389/tcp closed ms-wbt-server \\ 3551/tcp closed apcupsd \\ 3800/tcp closed pwgpsi \\ 3851/tcp closed spectraport \\ 4126/tcp closed ddrepl \\ 5054/tcp closed rlm-admin \\ 5900/tcp closed vnc \\ 5987/tcp closed wbem-rmi \\ 6789/tcp closed ibm-db2-admin \\ 9666/tcp closed zoomcp \\ 19283/tcp closed keysrvr \\ 27356/tcp closed unknown \\ 49155/tcp closed unknown \\ 49160/tcp closed unknown \\ \\ Nmap scan report for 175.45.177.11 \\ Host is up (0.54s latency). \\ Not shown: 948 filtered ports \\ PORT STATE SERVICE VERSION \\ 23/tcp closed telnet \\ 53/tcp closed domain \\ 80/tcp open http nginx 1.18.0 \\ 143/tcp closed imap \\ 199/tcp closed smux \\ 256/tcp closed fw1-secureremote \\ 301/tcp closed unknown \\ 443/tcp open ssl/http nginx 1.18.0 \\ | http-methods: \\ |_ Supported Methods: GET HEAD \\ |_http-server-header: nginx/1.18.0 \\ |_http-title: Welcome to nginx! \\ | ssl-cert: Subject: commonName=192.168.245.6 \\ | Subject Alternative Name: DNS:Xen-6, DNS:Xen-6 \\ | Issuer: commonName=192.168.245.6 \\ | Public Key type: rsa \\ | Public Key bits: 2048 \\ | Signature Algorithm: sha256WithRSAEncryption \\ | Not valid before: 2022-10-19T13:19:44 \\ | Not valid after: 2032-10-16T13:19:44 \\ | MD5: dc5e 7405 d03b 976c 7b8d ea61 4c87 e08c \\ |_SHA-1: e336 92d0 0745 3bb0 fde9 e727 2aad 564a 83fa da37 \\ 554/tcp closed rtsp \\ 587/tcp closed submission \\ 617/tcp closed sco-dtmgr \\ 993/tcp closed imaps \\ 995/tcp closed pop3s \\ 999/tcp closed garcon \\ 1025/tcp closed NFS-or-IIS \\ 1048/tcp closed neod2 \\ 1057/tcp closed startron \\ 1060/tcp closed polestar \\ 1069/tcp closed cognex-insight \\ 1070/tcp closed gmrupdateserv \\ 1247/tcp closed visionpyramid \\ 1972/tcp closed intersys-cache \\ 1984/tcp closed bigbrother \\ 2049/tcp closed nfs \\ 2121/tcp closed ccproxy-ftp \\ 3306/tcp closed mysql \\ 3389/tcp closed ms-wbt-server \\ 4003/tcp closed pxc-splr-ft \\ 5560/tcp closed isqlplus \\ 5900/tcp closed vnc \\ 5959/tcp closed unknown \\ 6005/tcp closed X11:5 \\ 6059/tcp closed X11:59 \\ 6839/tcp closed unknown \\ 7938/tcp closed lgtomapper \\ 8086/tcp closed d-s-n \\ 8088/tcp closed radan-http \\ 8192/tcp closed sophos \\ 8402/tcp closed abarsd \\ 8652/tcp closed unknown \\ 8873/tcp closed dxspider \\ 8888/tcp closed sun-answerbook \\ 9666/tcp closed zoomcp \\ 10000/tcp closed snet-sensor-mgmt \\ 19801/tcp closed unknown \\ 24800/tcp closed unknown \\ 27356/tcp closed unknown \\ 44501/tcp closed unknown \\ 49155/tcp closed unknown \\ 49160/tcp closed unknown \\ 49165/tcp closed unknown \\ 60443/tcp closed unknown \\ \\ Nmap scan report for 175.45.178.129 \\ Host is up (0.34s latency). \\ Not shown: 985 closed ports \\ PORT STATE SERVICE VERSION \\ 22/tcp open ssh Cisco SSH 1.25 (protocol 1.99) \\ | ssh-hostkey: \\ | 1024 ac:2f:68:9c:2f:a2:b5:2b:09:ce:87:b3:37:bb:3e:ee (RSA1) \\ |_ 1024 3e:03:e3:75:20:ba:92:e9:2c:9a:d4:53:95:6b:a1:ea (RSA) \\ |_sshv1: Server supports SSHv1 \\ 23/tcp open telnet Cisco router telnetd \\ 25/tcp filtered smtp \\ 139/tcp filtered netbios-ssn \\ 1038/tcp filtered mtqp \\ 1061/tcp filtered kiosk \\ 1077/tcp filtered imgames \\ 1658/tcp filtered sixnetudr \\ 3300/tcp filtered ceph \\ 5087/tcp filtered biotic \\ 6565/tcp filtered unknown \\ 6779/tcp filtered unknown \\ 8045/tcp filtered unknown \\ 8222/tcp filtered unknown \\ 60020/tcp filtered unknown \\ Service Info: OS: IOS; Device: router; CPE: cpe:/o:cisco:ios \\ \\ Nmap scan report for 175.45.178.134 \\ Host is up (0.54s latency). \\ Not shown: 992 closed ports \\ PORT STATE SERVICE VERSION \\ 25/tcp filtered smtp \\ 139/tcp filtered netbios-ssn \\ 646/tcp filtered ldp \\ 1187/tcp filtered alias \\ 1723/tcp filtered pptp \\ 5550/tcp filtered sdadmind \\ 8001/tcp filtered vcom-tunnel \\ 64680/tcp filtered unknown \\ \\ Nmap scan report for 175.45.178.138 \\ Host is up (0.39s latency). \\ Not shown: 985 closed ports \\ PORT STATE SERVICE VERSION \\ 22/tcp filtered ssh \\ 23/tcp filtered telnet \\ 25/tcp filtered smtp \\ 53/tcp filtered domain \\ 80/tcp filtered http \\ 139/tcp filtered netbios-ssn \\ 1028/tcp filtered unknown \\ 1096/tcp filtered cnrprotocol \\ 1840/tcp filtered netopia-vo2 \\ 2869/tcp filtered icslap \\ 3168/tcp filtered poweronnud \\ 4005/tcp filtered pxc-pin \\ 9595/tcp filtered pds \\ 10621/tcp filtered unknown \\ 49161/tcp filtered unknown \\ \\ NSE: Script Post-scanning. \\ Initiating NSE at 15:04 \\ Completed NSE at 15:04, 0.00s elapsed \\ Initiating NSE at 15:04 \\ Completed NSE at 15:04, 0.00s elapsed \\ Initiating NSE at 15:04 \\ Completed NSE at 15:04, 0.00s elapsed \\ Read data files from: /usr/bin/../share/nmap \\ Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . \\ Nmap done: 1024 IP addresses (18 hosts up) scanned in 9665.53 seconds \\ Ips de los servidores con algún servicio o puerto abierto: \\ cat resultado.txt | grep 'open port' | cut -d' ' -f6 | sort | uniq \\ Número de servidores con algún servicio o puerto abierto: \\ cat resultado.txt | grep 'open port' | cut -d' ' -f6 | sort | uniq | wc -l \\ Ips de los servidores con el puerto 80 abierto (servidores web) \\ cat resultado.txt | grep 'open port' | grep '80' | cut -d' ' -f6 | sort | uniq \\ Número de servidores con el puerto 80 abierto \\ cat resultado.txt | grep 'open port' | grep '80' | cut -d' ' -f6 | sort | uniq | wc -l \\ Ips de los servidores con el puerto 443 abierto (servidores web con ssl) \\ cat resultado.txt | grep 'open port' | grep '443' | cut -d' ' -f6 | sort | uniq \\ 175.45.176.71 \\ 175.45.176.72 \\ 175.45.176.75 \\ 175.45.176.76 \\ 175.45.176.81 \\ 175.45.176.85 \\ 175.45.177.1 \\ 175.45.177.10 \\ 175.45.177.11 \\ \\ Número de servidores con el puerto 443 abierto (servidores web con ssl) \\ cat resultado.txt | grep 'open port' | grep '443' | cut -d' ' -f6 | sort | uniq | wc -l \\ Aquí es donde vemos que sólo 9 de 13 servidores web tienen ssl, para ver cuales no tienen: \\ cat resultado.txt | grep 'open port' | grep '80' | cut -d' ' -f6 | sort | uniq | grep -v -f <(cat resultado.txt | grep 'open port' | grep '443' | cut -d' ' -f6 | sort | uniq) \\ 175.45.176.68 \\ 175.45.176.69 \\ 175.45.176.80 \\ 175.45.176.91 \\ \\ {{ :norcorea:resultado.txt.tar.gz |}}