Herramientas de usuario
rusia:aprendiendo-nmap-kremlin
¡Esta es una revisión vieja del documento!
-sV: Información de servicio, versión -O: Detección de sistema operativo puton@kremlin:$ sudo nmap -sV -p80 -O kremlin.ru [sudo] contraseña para puton: Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-23 01:11 CET Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 5.25 seconds nmap por defecto hace ping para saber si el host está activo antes de proceder a hacer el escaneo, como kremlin.ru bloquea pings entonces nmap asume que está apagado pero nosotros sabemos que no porque la página está funcionando, para decirle a nmap que asuma que el host está activo y proceda se usa la opción -Pn puton@kremlin:$ sudo nmap -sV -Pn -p80 -O kremlin.ru Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-23 01:14 CET Nmap scan report for kremlin.ru (95.173.136.71) Host is up (0.086s latency). Other addresses for kremlin.ru (not scanned): 95.173.136.70 95.173.136.72 PORT STATE SERVICE VERSION 80/tcp open http? Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: specialized|WAP|phone Running: iPXE 1.X, Linux 2.4.X|2.6.X, Sony Ericsson embedded OS CPE: cpe:/o:ipxe:ipxe:1.0.0%2b cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:sonyericsson:u8i_vivaz OS details: iPXE 1.0.0+, Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22), Sony Ericsson U8i Vivaz mobile phone OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 32.64 seconds puton@kremlin:$ vuln: busquedas de vulnerabilidades puton@kremlin:$ sudo nmap -Pn --script=vuln kremlin.ru Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-23 01:32 CET Pre-scan script results: | broadcast-avahi-dos: | Discovered hosts: | 224.0.0.251 | After NULL UDP avahi packet DoS (CVE-2011-1002). |_ Hosts are all up (not vulnerable). Nmap scan report for kremlin.ru (95.173.136.72) Host is up. Other addresses for kremlin.ru (not scanned): 95.173.136.70 95.173.136.71 servicio avahi identificado, pero no vulnerable puton@kremlin:$ sudo nmap -Pn --script=exploit kremlin.ru [sudo] contraseña para puton: Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-23 01:48 CET Nmap scan report for kremlin.ru (95.173.136.72) Host is up. Other addresses for kremlin.ru (not scanned): 95.173.136.70 95.173.136.71 All 1000 scanned ports on kremlin.ru (95.173.136.72) are filtered Nmap done: 1 IP address (1 host up) scanned in 207.41 seconds puton@kremlin:$ All 1000 scanned ports on kremlin.ru (95.173.136.72) are filtered Nmap done: 1 IP address (1 host up) scanned in 243.00 seconds No obtenemos nada puton@kremlin:$ puton@kremlin:$ sudo nmap -Pn -sV --script=version kremlin.ru Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-23 01:54 CET Nmap scan report for kremlin.ru (95.173.136.71) Host is up. Other addresses for kremlin.ru (not scanned): 95.173.136.70 95.173.136.72 All 1000 scanned ports on kremlin.ru (95.173.136.71) are filtered Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 208.07 seconds puton@kremlin:$ tampoco obtenemos nada puton@kremlin:$ sudo nmap -Pn -sV --script=discovery kremlin.ru Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-23 02:01 CET too short Pre-scan script results: | ipv6-multicast-mld-list: | fe80::e8d4:9fff:fefd:c085: | device: wlp9s0 | mac: ea:d4:9f:fd:c0:85 | multicast_ips: | ff02::1:fffd:c085 (NDP Solicited-node) | ff05::2 (unknown) | ff02::2 (All Routers Address) |_ ff02::1:ff00:0 (Solicited-Node Address) | targets-asn: |_ targets-asn.asn is a mandatory parameter | targets-ipv6-multicast-echo: | IP: fe80::e8d4:9fff:fefd:c085 MAC: ea:d4:9f:fd:c0:85 IFACE: wlp9s0 |_ Use --script-args=newtargets to add the results as targets | targets-ipv6-multicast-invalid-dst: | IP: fe80::e8d4:9fff:fefd:c085 MAC: ea:d4:9f:fd:c0:85 IFACE: wlp9s0 |_ Use --script-args=newtargets to add the results as targets | targets-ipv6-multicast-mld: | IP: fe80::e8d4:9fff:fefd:c085 MAC: ea:d4:9f:fd:c0:85 IFACE: wlp9s0 | |_ Use --script-args=newtargets to add the results as targets Nmap scan report for kremlin.ru (95.173.136.72) Host is up. Other addresses for kremlin.ru (not scanned): 95.173.136.70 95.173.136.71 All 1000 scanned ports on kremlin.ru (95.173.136.72) are filtered Host script results: |_asn-query: No Answers | dns-brute: | DNS Brute-force hostnames: | news.kremlin.ru - 95.173.136.80 | ns.kremlin.ru - 194.226.127.34 | en.kremlin.ru - 95.173.136.70 | en.kremlin.ru - 95.173.136.71 | en.kremlin.ru - 95.173.136.72 | blog.kremlin.ru - 95.173.136.80 | www.kremlin.ru - 95.173.136.70 | www.kremlin.ru - 95.173.136.71 |_ www.kremlin.ru - 95.173.136.72 |_fcrdns: FAIL (No PTR record) | hostmap-crtsh: | subdomains: | *.kremlin.ru\nkremlin.ru |_ admin.accred.kremlin.ru |_hostmap-robtex: ERROR: Script execution failed (use -d to debug) | ip-geolocation-geoplugin: |_95.173.136.72 (kremlin.ru) | resolveall: | Host 'kremlin.ru' also resolves to: | 95.173.136.70 | 95.173.136.71 | Use the 'newtargets' script-arg to add the results as targets |_ Use the --resolve-all option to scan all resolved addresses without using this script. | whois-domain: | | Domain name record found at whois.tcinet.ru | % TCI Whois Service. Terms of use: | % https://tcinet.ru/documents/whois_ru_rf.pdf (in Russian) | % https://tcinet.ru/documents/whois_su.pdf (in Russian) | | domain: KREMLIN.RU | nserver: acl.dns.ripn.net. | nserver: bcl.dns.ripn.net. | nserver: ccl.dns.ripn.net. | nserver: ns2.gov.ru. | nserver: ns.gov.ru. | state: REGISTERED, DELEGATED, VERIFIED | org: Special Communications and Information Service of the Federal Guard Service of the Russian Federation (Spetssvyaz FSO RF) | taxpayer-id: 7702358248 | registrar: CC-RU | admin-contact: http://www.cctld.ru | created: 1998-07-22T12:02:55Z | paid-till: 2025-07-31T21:00:00Z | free-date: 2025-09-01 | source: TCI | | Last updated on 2025-01-23T01:03:01Z |_ |_whois-ip: ERROR: Script execution failed (use -d to debug) Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 231.28 seconds Interpretación del resultado: ip primaria detectada 95.173.136.72 mas las 2 secundarias 95.173.136.70 y 95.173.136.71 Los 1000 puertos escaneados están marcados como filtrados, es posible que un firewall bloquee el tráfico Detección de direcciones relacionadas con IPv6 multicast: Dirección link-local: fe80::e8d4:9fff:fefd:c085 Se detectaron los siguientes subdominios asociados a kremlin.ru: news.kremlin.ru - 95.173.136.80 ns.kremlin.ru - 194.226.127.34 en.kremlin.ru - 95.173.136.70 en.kremlin.ru - 95.173.136.71 en.kremlin.ru - 95.173.136.72 blog.kremlin.ru - 95.173.136.80 www.kremlin.ru - 95.173.136.70 www.kremlin.ru - 95.173.136.71 www.kremlin.ru - 95.173.136.72 WHOIS del dominio Información general: Registrado por: Special Communications and Information Service of the Federal Guard Service of the Russian Federation (Spetssvyaz FSO RF). Fecha de creación: 1998-07-22. Expiración del registro: 2025-07-31. Servidores dns de kremlin.ru acl.dns.ripn.net. bcl.dns.ripn.net. ccl.dns.ripn.net. ns2.gov.ru. ns.gov.ru. Scripts utilizados: dns-brute: Realizó fuerza bruta para encontrar subdominios asociados al dominio whois-domain: Proporciona detalles del registro de dominio whois-ip: Falla al obtener información específica para la ip (primaria 95.173.136.72), como su ubicación geográfica, registro regional correspondiente (RIR, como ARIN, RIPE, APNIC, LACNIC, o AFRINIC) sudo nmap -Pn -sV --script=external kremlin.ru [sudo] contraseña para puton: Starting Nmap 7.80 ( https://nmap.org ) at 2025-01-23 02:39 CET Pre-scan script results: | targets-asn: |_ targets-asn.asn is a mandatory parameter Nmap scan report for kremlin.ru (95.173.136.71) Host is up. Other addresses for kremlin.ru (not scanned): 95.173.136.72 95.173.136.70 All 1000 scanned ports on kremlin.ru (95.173.136.71) are filtered Host script results: |_asn-query: No Answers | dns-blacklist: | SPAM |_ l2.apews.org - FAIL | hostmap-crtsh: | subdomains: | *.kremlin.ru\nkremlin.ru |_ admin.accred.kremlin.ru |_hostmap-robtex: ERROR: Script execution failed (use -d to debug) | ip-geolocation-geoplugin: |_95.173.136.71 (kremlin.ru) |_tor-consensus-checker: ERROR: Script execution failed (use -d to debug) | whois-domain: | | Domain name record found at whois.tcinet.ru | % TCI Whois Service. Terms of use: | % https://tcinet.ru/documents/whois_ru_rf.pdf (in Russian) | % https://tcinet.ru/documents/whois_su.pdf (in Russian) | | domain: KREMLIN.RU | nserver: acl.dns.ripn.net. | nserver: bcl.dns.ripn.net. | nserver: ccl.dns.ripn.net. | nserver: ns2.gov.ru. | nserver: ns.gov.ru. | state: REGISTERED, DELEGATED, VERIFIED | org: Special Communications and Information Service of the Federal Guard Service of the Russian Federation (Spetssvyaz FSO RF) | taxpayer-id: 7702358248 | registrar: CC-RU | admin-contact: http://www.cctld.ru | created: 1998-07-22T12:02:55Z | paid-till: 2025-07-31T21:00:00Z | free-date: 2025-09-01 | source: TCI | | Last updated on 2025-01-23T01:43:01Z |_ |_whois-ip: ERROR: Script execution failed (use -d to debug) Post-scan script results: |_ip-geolocation-map-bing: Need to specify an API key, get one at https://www.bingmapsportal.com/. |_ip-geolocation-map-google: Need to specify an API key, get one at https://developers.google.com/maps/documentation/static-maps/. Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 219.62 seconds de aquí lo único mas que se extrae es el subdominio admin.accred.kremlin.ru
rusia/aprendiendo-nmap-kremlin.1737598427.txt.gz · Última modificación: 2025/01/23 03:13 por anonimo
Herramientas de la página
Excepto donde se indique lo contrario, el contenido de este wiki esta bajo la siguiente licencia: CC Attribution 4.0 International
