此文的目的不在于教人入侵,而是为了提高自身的技术和加强网络管理员的安全防范意识。仅此而已!粗心大意的网络管理员应该明白:由于你们一个小小的操作失误可能会导致整个网络全面沦陷!本文主要是围绕LPD:网络打印服务的攻击而进行的。
首先确定目标,假设是:www.XXX.com
先让俺看看是不是连得上:
C:\pingwww.XXX.com
Pingingwww.XXX.com[202.106.184.200]with32bytesofdata:
Replyfrom202.106.184.200:bytes=32time=541msTTL=244
Replyfrom202.106.184.200:bytes=32time=620msTTL=244
Replyfrom202.106.184.200:bytes=32time=651msTTL=244
Replyfrom202.106.184.200:bytes=32time=511msTTL=244
Pingstatisticsfor202.106.184.200:
Packets:Sent=4,Received=4,Lost=0(0%loss),
Approximateroundtriptimesinmilli-seconds:
Minimum=511ms,Maximum=651ms,Average=580ms
嘻嘻—不但连得上,速度还不错……
先telnet看看banner:
C:\telnet www.XXX.com
遗失对主机的连接。
再试试ftp,
C:\ftp www.XXX.com
Connected to www.fbi.gov.tw.
220 XXX-www FTP server (Version wu-2.6.1(1) Wed Aug 9 05:54:50 EDT 2000) ready.
User (www.XXX.com:(none)):
wu-2.6.1看来有点眉目了。这台机器像是RedHat7.0!首先必须确认一下,连上俺的跳板:
C:\telnetxxx.xxx.xxx.xxx
RedHatLinuxrelease7.0(Guinness)
Kernel2.2.16-22smponani686
login:fetdog
Password:
bash-2.04$
拿nmap扫描器,看看其中的奥妙~~~
bash-2.04$nmap-sT-Owww.XXX.com
StartingnmapV.2.54BETA7(www.insecure.org/nmap/ )
WARNING!Thefollowingfilesexistandarereadable:/usr/local/sha
-servicesand./nmap-services.Iamchoosing/usr/local/share/nmap/
sforsecurityreasons.setNMAPDIR=.togiveprioritytofilesin
irectory
Interestingportson(www.XXX.com):
(The1520portsscannedbutnotshownbelowareinstate:closed)
PortStateService
25/tcpopensmtp
79/tcpopenfinger
80/tcpopenhttp
111/tcpopensunrpc
113/tcpopenauth
443/tcpopenhttps
513/tcpopenlogin
514/tcpopenshell
515/tcpopenprinter
587/tcpopensubmission
1024/tcpopenkdm