Name Disclosure Date Rank Check Description ---- --------------- ---- ----- ----------- auxiliary/scanner/discovery/arp_sweep normal Yes ARP Sweep Local Network Discovery
msf5 > use auxiliary/scanner/discovery/arp_sweep msf5 auxiliary(scanner/discovery/arp_sweep) > options
Name Current Setting Required Description ---- --------------- -------- ----------- INTERFACE no The name of the interface RHOSTS yes The target address range or CIDR identifier SHOST no Source IP Address SMAC no Source MAC Address THREADS 1 yes The number of concurrent threads TIMEOUT 5 yes The number of seconds to waitfor new data
msf5 auxiliary(scanner/discovery/arp_sweep) > set THREADS 50 THREADS => 50 msf5 auxiliary(scanner/discovery/arp_sweep) > set RHOSTS 10.10.10.0/24 RHOSTS => 10.10.10.0/24 msf5 auxiliary(scanner/discovery/arp_sweep) > run
[+] 10.10.10.1 appears to be up (VMware, Inc.). # 宿主主机上的网卡 [+] 10.10.10.2 appears to be up (VMware, Inc.). # 宿主主机上的网卡 [+] 10.10.10.129 appears to be up (VMware, Inc.). [+] 10.10.10.130 appears to be up (VMware, Inc.). [+] 10.10.10.254 appears to be up (VMware, Inc.). [*] Scanned 256 of 256 hosts (100% complete) [*] Auxiliary module execution completed
Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-05 21:57 CST Nmap scan report for 10.10.10.1 Host is up (0.00037s latency). MAC Address: 00:50:56:C0:00:08 (VMware) Nmap scan report for 10.10.10.2 Host is up (0.00020s latency). MAC Address: 00:50:56:F6:FD:F5 (VMware) Nmap scan report for www.dvssc.com (10.10.10.129) # 门户网页 Host is up (0.00036s latency). MAC Address: 00:0C:29:C5:A6:2B (VMware) Nmap scan report for service.dvssc.com (10.10.10.130) # 后台服务器 Host is up (0.00050s latency). MAC Address: 00:0C:29:09:18:C6 (VMware) Nmap scan report for gate.dvssc.com (10.10.10.254) # 定V公司网关 Host is up (0.00077s latency). MAC Address: 00:0C:29:F0:1F:EF (VMware) Nmap scan report for attacker.dvssc.com (10.10.10.128) # 我的攻击机 Host is up. Nmap done: 256 IP addresses (6 hosts up) scanned in 1.68 seconds
Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-05 22:05 CST Nmap scan report for 10.10.10.1 Host is up (0.00051s latency). MAC Address: 00:50:56:C0:00:08 (VMware) Nmap scan report for 10.10.10.2 Host is up (0.00039s latency). MAC Address: 00:50:56:F6:FD:F5 (VMware) Nmap scan report for www.dvssc.com (10.10.10.129) Host is up (0.00027s latency). MAC Address: 00:0C:29:C5:A6:2B (VMware) Nmap scan report for service.dvssc.com (10.10.10.130) Host is up (0.00023s latency). MAC Address: 00:0C:29:09:18:C6 (VMware) Nmap scan report for gate.dvssc.com (10.10.10.254) Host is up (0.00030s latency). MAC Address: 00:0C:29:F0:1F:EF (VMware) Nmap scan report for attacker.dvssc.com (10.10.10.128) Host is up. Nmap done: 256 IP addresses (6 hosts up) scanned in 2.04 seconds
Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-05 22:09 CST Nmap scan report for www.dvssc.com (10.10.10.129) Host is up (0.0019s latency). Not shown: 992 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 80/tcp open http 139/tcp open netbios-ssn 143/tcp open imap 445/tcp open microsoft-ds 5001/tcp open commplex-link 8080/tcp open http-proxy MAC Address: 00:0C:29:C5:A6:2B (VMware) Device type: general purpose Running: Linux 2.6.X OS CPE: cpe:/o:linux:linux_kernel:2.6 # linux主机 OS details: Linux 2.6.17 - 2.6.36 Network Distance: 1 hop
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 2.25 seconds
Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-05 22:09 CST Nmap scan report for service.dvssc.com (10.10.10.130) Host is up (0.00038s latency). Not shown: 985 closed ports PORT STATE SERVICE 21/tcp open ftp 80/tcp open http 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 777/tcp open multiling-http 1025/tcp open NFS-or-IIS 1026/tcp open LSA-or-nterm 1027/tcp open IIS 1031/tcp open iad2 1521/tcp open oracle 6002/tcp open X11:2 7001/tcp open afs3-callback 7002/tcp open afs3-prserver 8099/tcp open unknown MAC Address: 00:0C:29:09:18:C6 (VMware) Device type: general purpose Running: Microsoft Windows XP|2003 OS CPE: cpe:/o:microsoft:windows_xp::sp2:professional cpe:/o:microsoft:windows_server_2003 OS details: Microsoft Windows XP Professional SP2 or Windows Server 2003 # windows的2k3 Network Distance: 1 hop
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1.65 seconds
Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-05 23:47 CST Nmap scan report for gate.dvssc.com (10.10.10.254) Host is up (0.00080s latency). Not shown: 977 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 512/tcp open exec 513/tcp open login 514/tcp open shell 1099/tcp open rmiregistry 1524/tcp open ingreslock 2049/tcp open nfs 2121/tcp open ccproxy-ftp 3306/tcp open mysql 5432/tcp open postgresql 5900/tcp open vnc 6000/tcp open X11 6667/tcp open irc 8009/tcp open ajp13 8180/tcp open unknown MAC Address: 00:0C:29:F0:1F:EF (VMware) Device type: general purpose Running: Linux 2.6.X OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.9 - 2.6.33 Network Distance: 1 hop
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 1.91 seconds
Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-05 22:46 CST Nmap scan report for www.dvssc.com (10.10.10.129) Host is up (0.0024s latency). Not shown: 992 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 80/tcp open http 139/tcp open netbios-ssn 143/tcp open imap 445/tcp open microsoft-ds 5001/tcp open commplex-link 8080/tcp open http-proxy MAC Address: 00:0C:29:C5:A6:2B (VMware)
Nmap done: 1 IP address (1 host up) scanned in 1.69 seconds
Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-05 22:50 CST Nmap scan report for www.dvssc.com (10.10.10.129) Host is up (0.010s latency). Not shown: 992 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 2.2.2 22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu4 (Ubuntu Linux; protocol 2.0) 80/tcp open http Apache httpd 2.2.14 ((Ubuntu) mod_mono/2.4.3 PHP/5.3.2-1ubuntu4.5 with Suhosin-Patch mod_python/3.3.1 Python/2.6.5 mod_perl/2.0.4 Perl/v5.10.1) 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 143/tcp open imap Courier Imapd (released 2008) 445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP) 5001/tcp open java-rmi Java RMI 8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : SF-Port5001-TCP:V=7.70%I=7%D=2/5%Time=5C59A2A2%P=x86_64-pc-linux-gnu%r(NUL SF:L,4,"\xac\xed\0\x05"); # 提示5001端口上未识别的服务 MAC Address: 00:0C:29:C5:A6:2B (VMware) Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 13.91 seconds
v1.5.2