本节书摘来自异步社区《Nmap渗透测试指南》一书中的第6章6.5节源地址欺骗,作者 商广明,更多章节内容可以访问云栖社区“异步社区”公众号查看。
6.5 源地址欺骗表6.5所示为本章节所需Nmap命令表,表中加粗命令为本小节所需命令——源地址欺骗。
使用-sI选项就可以进行源地址欺骗。如果Nmap无法确定你的源地址,Nmap会给出相应的提示,我们使用-sI选项指定所需要发包的接口IP地址。 root@Wing:~# nmap -sI www.0day.co:80 192.168.126.131 WARNING: Many people use -Pn w/Idlescan to prevent pings from their true IP. On the other hand, timing info Nmap gains from pings can allow for faster, more reliable scans. Starting Nmap 6.40 ( http://nmap.org ) at 2014-06-12 14:50 CST Idle scan using zombie www.0day.co (210.209.122.11:80); Class: Incremental Nmap scan report for 192.168.126.131 Host is up (0.051s latency). Not shown: 977 closed|filtered ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 512/tcp open exec 513/tcp open login 514/tcp open shell 1099/tcp open rmiregistry 1524/tcp open ingreslock 2049/tcp open nfs 2121/tcp open ccproxy-ftp 3306/tcp open mysql 5432/tcp open postgresql 5900/tcp open vnc 6000/tcp open X11 6667/tcp open irc 8009/tcp open ajp13 8180/tcp open unknown MAC Address: 00:0C:29:E0:2E:76 (VMware) Nmap done: 1 IP address (1 host up) scanned in 40.30 seconds root@Wing:~#-sI选项我们在之前的章节空闲扫描中提到过,但它主要是用作源地址欺骗。
相关资源:敏捷开发V1.0.pptx