Herramientas de usuario
china:mfa
¡Esta es una revisión vieja del documento!
nslookup www.mfa.gov.cn
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
www.mfa.gov.cn canonical name = www.mfa.gov.cn.wswebpic.com.
Name: www.mfa.gov.cn.wswebpic.com
Address: 61.110.222.63
Name: www.mfa.gov.cn.wswebpic.com
Address: 138.113.148.176
El dominio apunta a 2 servidores / 2 ips para distribuir la carga, si falla uno el tráfico se redirige al otro
Para saber a qué ip estamos accediendo
curl -v www.mfa.gov.cn * Trying 61.110.222.63:80... * Connected to www.mfa.gov.cn (61.110.222.63) port 80 (#0) > GET / HTTP/1.1 > Host: www.mfa.gov.cn > User-Agent: curl/7.81.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 302 Moved Temporarily < Date: Sun, 23 Feb 2025 20:27:41 GMT < Content-Type: application/octet-stream < Content-Length: 0 < Connection: keep-alive < Server: Cdn Cache Server V2.0 < Location: https://www.mfa.gov.cn/ < X-Via: 1.0 VM-MXP-01JTu31:2 (Cdn Cache Server V2.0) < x-ws-request-id: 67bb84bd_VM-MXP-01LHX142_17300-17169 < Set-Cookie: HMF_CI=1160b3bae6b803999182d83bac320dfb8cb231e8155c1aa9bfbe1d7304731d34558954a8f28e18fe6e189bc986641345a92e7eb4df3d2480fc5ee5a938e9f902dc; Expires=Tue, 25-Mar-25 20:27:41 GMT; Path=/ < * Connection #0 to host www.mfa.gov.cn left intact
-sV: Información de servicio, versión
-O: Detección de sistema operativo
-Pn: No realizamos descubrimiento de host mediante ping porque ya sabemos que está activo, si no ponemos ésta opción y el host no responde a pings, nmap no continuará con el escaneo
sudo nmap -sV -O -Pn www.mfa.gov.cn > nmap_cn.txt cat nmap_cn.txt | grep open 80/tcp open http nginx 81/tcp open http nginx 82/tcp open http nginx 83/tcp open http nginx 84/tcp open http nginx 85/tcp open http nginx 88/tcp open http nginx 89/tcp open http nginx 90/tcp open http nginx 111/tcp open http nginx 443/tcp open ssl/http nginx 444/tcp open ssl/http nginx 800/tcp open http nginx 808/tcp open http nginx 843/tcp open http nginx 888/tcp open http nginx 1000/tcp open http nginx 1024/tcp open http nginx 1058/tcp open http nginx 1066/tcp open http nginx 1080/tcp open http nginx 1085/tcp open http nginx 1086/tcp open http nginx 1090/tcp open http nginx 1111/tcp open http nginx 1433/tcp open http nginx 1443/tcp open ssl/http nginx 1723/tcp open pptp? 1801/tcp open http nginx 1863/tcp open http nginx 1935/tcp open http nginx 2000/tcp open ssl/http nginx 2001/tcp open http nginx 2002/tcp open http nginx 2003/tcp open http nginx 2004/tcp open http nginx 2005/tcp open http nginx 2006/tcp open http nginx 2007/tcp open http nginx 2008/tcp open http nginx 2009/tcp open http nginx 2020/tcp open http nginx 2021/tcp open http nginx 2030/tcp open http nginx 2033/tcp open http nginx 2099/tcp open http nginx 2323/tcp open 3d-nfsd? 3000/tcp open http nginx 3001/tcp open http nginx 3011/tcp open http nginx 3013/tcp open http nginx 3031/tcp open http nginx 3052/tcp open http nginx 4002/tcp open http nginx 4003/tcp open http nginx 4004/tcp open http nginx 4111/tcp open http nginx 4343/tcp open http nginx 4443/tcp open ssl/http nginx 4445/tcp open http nginx 4899/tcp open http nginx 5000/tcp open http nginx 5001/tcp open http nginx 5002/tcp open http nginx 5003/tcp open http nginx 5004/tcp open http nginx 5009/tcp open http nginx 5030/tcp open http nginx 5050/tcp open http nginx 5080/tcp open http nginx 5100/tcp open http nginx 5101/tcp open http nginx 5190/tcp open http nginx 5222/tcp open http nginx 5280/tcp open http nginx 5555/tcp open http nginx 5566/tcp open http nginx 5666/tcp open http nginx 5678/tcp open http nginx 5850/tcp open http nginx 5999/tcp open http nginx 6000/tcp open http nginx 6001/tcp open http nginx 6003/tcp open http nginx 6005/tcp open http nginx 6101/tcp open http nginx 6106/tcp open http nginx 6502/tcp open http nginx 6510/tcp open http nginx 6699/tcp open http nginx 7000/tcp open ssl/http nginx 7001/tcp open http nginx 7002/tcp open http nginx 7004/tcp open http nginx 7007/tcp open http nginx 7070/tcp open http nginx 7100/tcp open http nginx 7200/tcp open http nginx 7443/tcp open ssl/http nginx 7777/tcp open http nginx 7778/tcp open http nginx 7800/tcp open http nginx 7920/tcp open http nginx 7999/tcp open http nginx 8000/tcp open http nginx 8001/tcp open http nginx 8002/tcp open http nginx 8007/tcp open http nginx 8008/tcp open http nginx 8009/tcp open http nginx 8010/tcp open http nginx 8011/tcp open http nginx 8022/tcp open http nginx 8031/tcp open http nginx 8042/tcp open http nginx 8080/tcp open http nginx 8081/tcp open http nginx 8082/tcp open http nginx 8083/tcp open http nginx 8084/tcp open http nginx 8085/tcp open http nginx 8086/tcp open http nginx 8087/tcp open http nginx 8088/tcp open http nginx 8089/tcp open http nginx 8090/tcp open http nginx 8093/tcp open http nginx 8099/tcp open http nginx 8100/tcp open http nginx 8180/tcp open http nginx 8181/tcp open http nginx 8200/tcp open http nginx 8222/tcp open http nginx 8300/tcp open http nginx 8383/tcp open http nginx 8400/tcp open http nginx 8443/tcp open ssl/http nginx 8500/tcp open http nginx 8600/tcp open http nginx 8701/tcp open http nginx 8800/tcp open http nginx 8888/tcp open http nginx 8899/tcp open http nginx 9000/tcp open http nginx 9001/tcp open http nginx 9002/tcp open http nginx 9003/tcp open http nginx 9009/tcp open http nginx 9010/tcp open http nginx 9011/tcp open http nginx 9040/tcp open http nginx 9050/tcp open http nginx 9071/tcp open http nginx 9080/tcp open http nginx 9081/tcp open http nginx 9090/tcp open http nginx 9091/tcp open http nginx 9099/tcp open http nginx 9100/tcp open jetdirect? 9101/tcp open jetdirect? 9102/tcp open jetdirect? 9103/tcp open jetdirect? 9110/tcp open http nginx 9111/tcp open http nginx 9200/tcp open http nginx 9207/tcp open http nginx 9220/tcp open http nginx 9290/tcp open http nginx 9485/tcp open http nginx 9500/tcp open http nginx 9502/tcp open http nginx 9503/tcp open http nginx 9535/tcp open http nginx 9575/tcp open http nginx 9618/tcp open http nginx 9666/tcp open http nginx 9876/tcp open http nginx 9877/tcp open http nginx 9878/tcp open http nginx 9900/tcp open http nginx 9917/tcp open http nginx 9929/tcp open http nginx 9943/tcp open http nginx 9944/tcp open http nginx 9998/tcp open http nginx 9999/tcp open http nginx 10000/tcp open http nginx 10001/tcp open http nginx 10002/tcp open http nginx 10003/tcp open http nginx 10004/tcp open http nginx 10012/tcp open http nginx 10082/tcp open http nginx 10215/tcp open http nginx 10566/tcp open http nginx 10621/tcp open http nginx 12345/tcp open http nginx 14000/tcp open http nginx 14441/tcp open http nginx 14442/tcp open http nginx 15000/tcp open http nginx 15002/tcp open http nginx 15660/tcp open http nginx 15742/tcp open http nginx 16000/tcp open http nginx 16113/tcp open http nginx 17877/tcp open http nginx 18040/tcp open http nginx 18101/tcp open http nginx 20000/tcp open http nginx 20005/tcp open http nginx 20031/tcp open http nginx 31038/tcp open http nginx 50000/tcp open http nginx 50003/tcp open http nginx 55555/tcp open http nginx 58080/tcp open http nginx 60443/tcp open ssl/http nginx 65000/tcp open http nginx 65129/tcp open http nginx
gunzip -c nmap_cn.txt.gz | grep filtered 25/tcp filtered smtp 139/tcp filtered netbios-ssn
Gran cantidad aplicaciones y servicios web asociados a nginx, 25 (SMTP) y 139 (NetBIOS) pueden estar bloqueados por un firewall al estar marcados como filtered
Creamos un fichero con los puertos
gunzip -c nmap_cn.txt.gz | grep -Eo '^[0-9]+[^\/| $]' > puertos_mfa_cn.txt
-sV: Información de servicio, versión
-O: Detección de sistema operativo
-Pn: No realizamos descubrimiento de host mediante ping porque ya sabemos que está activo, si no ponemos ésta opción y el host no responde a pings, nmap no continuará con el escaneo
-oA: Da el resultado del escaner en formato nmap, gnmap y xml
sed -z 's/\n/,/g': Elimina los saltos de línea y pone los puertos en una línea separados por ,
–script “vuln and not intrusive”: elegimos los scripts nse que más convengan para escanear, opciones nse
sudo nmap -sV -Pn -O -p $(cat puertos_mfa_cn.txt | sed -z 's/\n/,/g') --script "vuln and not intrusive" www.mfa.gov.cn -oA nmap_vuln_cn
probamos:
sudo nmap -Pn -p $(cat puertos_mfa_cn.txt | sed -z 's/\n/,/g') -sV --version-all www.mfa.gov.cn -oN detalles_servicios_cn
pero no da ningún detalle que no hayamos visto anteriormente
china/mfa.1740364629.txt.gz · Última modificación: 2025/02/24 03:37 por anonimo
Herramientas de la página
Excepto donde se indique lo contrario, el contenido de este wiki esta bajo la siguiente licencia: CC Attribution 4.0 International
