Сканирование рдп на нестандартных портах?

Discussion in 'Безопасность и Анонимность' started by yohohol, 18 Aug 2023.

  1. yohohol

    yohohol New Member

    Joined:
    9 Jul 2020
    Messages:
    18
    Likes Received:
    0
    Reputations:
    0
    Чем сканировать рдп сменившие порт?
    Желательно консольный кроссплатформенный софт.
     
  2. b3

    b3 Banned

    Joined:
    5 Dec 2004
    Messages:
    2,170
    Likes Received:
    1,155
    Reputations:
    202
    nmap только вот скрипт наверное прийдется самому писать, ну или выбери из существующих https://nmap.org/nsedoc/scripts/
     
  3. yohohol

    yohohol New Member

    Joined:
    9 Jul 2020
    Messages:
    18
    Likes Received:
    0
    Reputations:
    0
    Они функционируют?
    Пользуясь скриптом redis-brute.nse получаю результат вида:
    Code:
    Nmap scan report for mx.petersmith.one (23.29.118.19)
    Host is up (0.14s latency).
    Not shown: 991 filtered tcp ports (no-response)
    PORT    STATE SERVICE  VERSION
    22/tcp  open  ssh      OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0)
    25/tcp  open  smtp     Postfix smtpd
    80/tcp  open  http     nginx
    110/tcp open  pop3     Dovecot pop3d
    143/tcp open  imap     Dovecot imapd (Ubuntu)
    443/tcp open  ssl/http nginx
    587/tcp open  smtp     Postfix smtpd
    993/tcp open  imaps?
    995/tcp open  pop3s?
    Service Info: Hosts: -mx.petersmith.one,  mx.petersmith.one; OS: Linux; CPE: cpe:/o:linux:linux_kernel
    
    Nmap scan report for 23-29-118-20.static.hvvc.us (23.29.118.20)
    Host is up (0.14s latency).
    Not shown: 850 closed tcp ports (conn-refused), 145 filtered tcp ports (no-response)
    PORT    STATE SERVICE  VERSION
    22/tcp  open  ssh      OpenSSH 8.2p1 Ubuntu 4ubuntu0.9 (Ubuntu Linux; protocol 2.0)
    80/tcp  open  http     Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
    443/tcp open  ssl/http Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
    465/tcp open  ssl/smtp
    | fingerprint-strings:
    |   GenericLines:
    |     220 Apache JAMES awesome SMTP Server
    |     5.5.1 Command unrecognized.
    |     5.5.1 Command unrecognized.
    |   GetRequest:
    |     220 Apache JAMES awesome SMTP Server
    |     5.5.1 Command GET unrecognized.
    |     5.5.1 Command unrecognized.
    |   Hello:
    |     220 Apache JAMES awesome SMTP Server
    |     5.5.4 Domain address required: EHLO
    |   Help:
    |     220 Apache JAMES awesome SMTP Server
    |     5.3.3 HELP is not supported
    |   NULL:
    |_    220 Apache JAMES awesome SMTP Server
    993/tcp open  ssl/imap
    | fingerprint-strings:
    |   GenericLines, GetRequest:
    |     * OK JAMES IMAP4rev1 Server james-deployment-5d8f59b79-pldsb is ready.
    |     Unknown command.
    |   NULL:
    |_    * OK JAMES IMAP4rev1 Server james-deployment-5d8f59b79-pldsb is ready.
    2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
    ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
    SF-Port465-TCP:V=7.94%T=SSL%I=7%D=8/19%Time=64E131B7%P=x86_64-pc-linux-gnu
    SF:%r(NULL,26,"220\x20Apache\x20JAMES\x20awesome\x20SMTP\x20Server\r\n")%r
    SF:(Hello,4F,"220\x20Apache\x20JAMES\x20awesome\x20SMTP\x20Server\r\n501\x
    SF:205\.5\.4\x20Domain\x20address\x20required:\x20EHLO\r\n")%r(Help,47,"22
    SF:0\x20Apache\x20JAMES\x20awesome\x20SMTP\x20Server\r\n502\x205\.3\.3\x20
    SF:HELP\x20is\x20not\x20supported\r\n")%r(GenericLines,6A,"220\x20Apache\x
    SF:20JAMES\x20awesome\x20SMTP\x20Server\r\n500\x205\.5\.1\x20Command\x20\x
    SF:20unrecognized\.\r\n500\x205\.5\.1\x20Command\x20\x20unrecognized\.\r\n
    SF:")%r(GetRequest,6D,"220\x20Apache\x20JAMES\x20awesome\x20SMTP\x20Server
    SF:\r\n500\x205\.5\.1\x20Command\x20GET\x20unrecognized\.\r\n500\x205\.5\.
    SF:1\x20Command\x20\x20unrecognized\.\r\n");
    ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
    SF-Port993-TCP:V=7.94%T=SSL%I=7%D=8/19%Time=64E131BB%P=x86_64-pc-linux-gnu
    SF:%r(NULL,48,"\*\x20OK\x20JAMES\x20IMAP4rev1\x20Server\x20james-deploymen
    SF:t-5d8f59b79-pldsb\x20is\x20ready\.\r\n")%r(GetRequest,60,"\*\x20OK\x20J
    SF:AMES\x20IMAP4rev1\x20Server\x20james-deployment-5d8f59b79-pldsb\x20is\x
    SF:20ready\.\r\n\*\x20BYE\x20Unknown\x20command\.\r\n")%r(GenericLines,60,
    SF:"\*\x20OK\x20JAMES\x20IMAP4rev1\x20Server\x20james-deployment-5d8f59b79
    SF:-pldsb\x20is\x20ready\.\r\n\*\x20BYE\x20Unknown\x20command\.\r\n");
    Service Info: Host: JAMES; OS: Linux; CPE: cpe:/o:linux:linux_kernel
    
    Хотя предположил бы нахождение хостов с включенным redis.
     
  4. b3

    b3 Banned

    Joined:
    5 Dec 2004
    Messages:
    2,170
    Likes Received:
    1,155
    Reputations:
    202
    Как бы вбить наугад скрипт конечно можно, но желательно почитать как правильно пользоваться скриптами и аргументами скриптов.