一、什麼是Banner
Banner信息,歡迎語,在banner信息中可以得到軟件開發商,軟件名稱、版本、服務類型等信息,通過這些信息可以使用某些工具直接去使用相對應的exp去攻擊。
(第一類,溢出提權,也就是exp提權,也就是我們這文在下面將記錄的。第二類,數據庫提權。第三類,第三方軟件提權。)
前提條件:需要和目標建立鏈接,只有建立了鏈接,我們才能獲取對應的banner信息
目標服務器上可以對banner進行隱藏或者禁止讀取
二、收集方法
使用namp
nmap -sT -p1-200 --script=banner 192.168.1.1
-sT 表示使用基於TCP方式去掃描
-p1-200 掃描端口是1到200
--script 表示使用腳本banner
C:\Users\88304>netstat -an
活動連接
協議 本地地址 外部地址 狀態
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:330 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:902 0.0.0.0:0 LISTENING
TCP 0.0.0.0:912 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1521 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:7680 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:33060 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49671 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49682 0.0.0.0:0 LISTENING
TCP 127.0.0.1:4301 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5939 0.0.0.0:0 LISTENING
TCP 127.0.0.1:10000 0.0.0.0:0 LISTENING
TCP 127.0.0.1:27018 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49669 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49672 127.0.0.1:49673 ESTABLISHED
TCP 127.0.0.1:49673 127.0.0.1:49672 ESTABLISHED
TCP 127.0.0.1:51191 127.0.0.1:51192 ESTABLISHED
TCP 127.0.0.1:51192 127.0.0.1:51191 ESTABLISHED
TCP 127.0.0.1:51206 127.0.0.1:51207 ESTABLISHED
TCP 127.0.0.1:51207 127.0.0.1:51206 ESTABLISHED
TCP 127.0.0.1:51235 0.0.0.0:0 LISTENING
TCP 127.0.0.1:51235 127.0.0.1:51250 ESTABLISHED
TCP 127.0.0.1:51250 127.0.0.1:51235 ESTABLISHED
TCP 169.254.144.80:139 0.0.0.0:0 LISTENING
TCP 192.168.43.147:139 0.0.0.0:0 LISTENING
TCP 192.168.43.147:50668 52.139.250.253:443 ESTABLISHED
TCP 192.168.43.147:50722 59.36.89.146:80 CLOSE_WAIT
TCP 192.168.43.147:51195 117.18.232.200:443 ESTABLISHED
TCP 192.168.43.147:51208 184.27.212.52:443 ESTABLISHED
TCP 192.168.43.147:51216 219.147.231.63:443 CLOSE_WAIT
TCP 192.168.43.147:51255 101.201.178.55:443 ESTABLISHED
TCP 192.168.43.147:51256 219.147.83.246:443 ESTABLISHED
TCP 192.168.43.147:51257 39.96.132.69:443 ESTABLISHED
TCP 192.168.43.147:51259 39.96.132.69:443 ESTABLISHED
TCP 192.168.43.147:51260 39.96.132.69:443 ESTABLISHED
TCP 192.168.43.147:51261 39.96.132.69:443 ESTABLISHED
TCP 192.168.43.147:51266 140.143.52.226:443 ESTABLISHED
TCP 192.168.43.147:51267 219.147.82.253:443 ESTABLISHED
TCP 192.168.43.147:51270 101.201.169.146:443 ESTABLISHED
TCP 192.168.43.147:51271 101.201.169.146:443 ESTABLISHED
TCP 192.168.43.147:51274 203.119.169.141:443 ESTABLISHED
TCP 192.168.43.147:51275 203.119.144.59:443 ESTABLISHED
TCP 192.168.43.147:51286 203.119.175.213:443 ESTABLISHED
TCP 192.168.43.147:51288 59.111.181.38:80 CLOSE_WAIT
TCP 192.168.43.147:51290 42.101.56.35:80 ESTABLISHED
TCP 192.168.43.147:51293 47.95.47.253:443 ESTABLISHED
TCP 192.168.43.147:51298 220.181.38.150:443 ESTABLISHED
TCP 192.168.43.147:51320 59.111.181.38:80 CLOSE_WAIT
TCP 192.168.43.147:51324 220.181.38.156:443 ESTABLISHED
TCP 192.168.43.147:51325 220.181.38.150:443 ESTABLISHED
TCP 192.168.43.147:51326 220.181.38.150:443 ESTABLISHED
TCP 192.168.43.147:51328 36.104.142.33:443 ESTABLISHED
TCP 192.168.43.147:51329 42.101.56.35:443 ESTABLISHED
TCP 192.168.43.147:51330 220.181.38.150:443 ESTABLISHED
TCP 192.168.43.147:51331 172.217.160.110:443 SYN_SENT
TCP 192.168.43.147:51332 220.181.38.150:443 ESTABLISHED
TCP 192.168.43.147:51333 172.217.160.110:443 SYN_SENT
TCP 192.168.43.147:51334 172.217.160.110:443 SYN_SENT
TCP 192.168.43.147:51335 202.89.233.101:443 ESTABLISHED
TCP 192.168.43.147:51336 172.217.160.110:443 SYN_SENT
TCP 192.168.43.147:51337 40.90.22.187:443 ESTABLISHED
TCP 192.168.43.147:51339 20.36.72.49:443 ESTABLISHED
TCP 192.168.43.147:51340 13.107.18.254:443 ESTABLISHED
TCP 192.168.43.147:51341 13.107.246.254:443 ESTABLISHED
TCP 192.168.43.147:51342 204.79.197.222:443 SYN_SENT
TCP 192.168.43.147:51343 172.217.160.110:443 SYN_SENT
TCP 192.168.44.1:139 0.0.0.0:0 LISTENING
TCP 192.168.206.1:139 0.0.0.0:0 LISTENING
TCP 192.168.206.1:51251 192.168.206.131:22 CLOSE_WAIT
TCP [::]:135 [::]:0 LISTENING
TCP [::]:330 [::]:0 LISTENING
TCP [::]:445 [::]:0 LISTENING
TCP [::]:1521 [::]:0 LISTENING
TCP [::]:5357 [::]:0 LISTENING
TCP [::]:7680 [::]:0 LISTENING
TCP [::]:8080 [::]:0 LISTENING
TCP [::]:33060 [::]:0 LISTENING
TCP [::]:49664 [::]:0 LISTENING
TCP [::]:49665 [::]:0 LISTENING
TCP [::]:49666 [::]:0 LISTENING
TCP [::]:49667 [::]:0 LISTENING
TCP [::]:49668 [::]:0 LISTENING
TCP [::]:49671 [::]:0 LISTENING
TCP [::]:49682 [::]:0 LISTENING
TCP [fe80::b010:942e:ef14:9050%11]:1521 [fe80::b010:942e:ef14:9050%11]:49681 ESTABLISHED
TCP [fe80::b010:942e:ef14:9050%11]:49681 [fe80::b010:942e:ef14:9050%11]:1521 ESTABLISHED
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:4011 *:*
UDP 0.0.0.0:5050 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:51213 *:*
UDP 0.0.0.0:54135 *:*
UDP 0.0.0.0:54344 *:*
UDP 0.0.0.0:55673 *:*
UDP 0.0.0.0:59110 *:*
UDP 0.0.0.0:61480 *:*
UDP 0.0.0.0:61481 *:*
UDP 0.0.0.0:63479 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:49669 *:*
UDP 127.0.0.1:52041 *:*
UDP 127.0.0.1:52042 *:*
UDP 127.0.0.1:52043 *:*
UDP 127.0.0.1:52044 *:*
UDP 127.0.0.1:52045 *:*
UDP 127.0.0.1:52046 *:*
UDP 127.0.0.1:53391 *:*
UDP 127.0.0.1:53392 *:*
UDP 127.0.0.1:53393 *:*
UDP 127.0.0.1:53394 *:*
UDP 127.0.0.1:58487 *:*
UDP 127.0.0.1:58488 *:*
UDP 127.0.0.1:58489 *:*
UDP 127.0.0.1:58490 *:*
UDP 127.0.0.1:62417 *:*
UDP 169.254.144.80:137 *:*
UDP 169.254.144.80:138 *:*
UDP 169.254.144.80:1900 *:*
UDP 169.254.144.80:2177 *:*
UDP 169.254.144.80:62413 *:*
UDP 192.168.43.147:137 *:*
UDP 192.168.43.147:138 *:*
UDP 192.168.43.147:1900 *:*
UDP 192.168.43.147:2177 *:*
UDP 192.168.43.147:62416 *:*
UDP 192.168.44.1:137 *:*
UDP 192.168.44.1:138 *:*
UDP 192.168.44.1:1900 *:*
UDP 192.168.44.1:2177 *:*
UDP 192.168.44.1:62414 *:*
UDP 192.168.206.1:137 *:*
UDP 192.168.206.1:138 *:*
UDP 192.168.206.1:1900 *:*
UDP 192.168.206.1:2177 *:*
UDP 192.168.206.1:5353 *:*
UDP 192.168.206.1:62415 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5355 *:*
UDP [::]:51214 *:*
UDP [::]:59111 *:*
UDP [::]:61481 *:*
UDP [::1]:1900 *:*
UDP [::1]:62412 *:*
UDP [fe80::1c4c:6c4c:a36d:dd07%21]:1900 *:*
UDP [fe80::1c4c:6c4c:a36d:dd07%21]:2177 *:*
UDP [fe80::1c4c:6c4c:a36d:dd07%21]:62411 *:*
UDP [fe80::986f:fe34:3735:8cde%7]:1900 *:*
UDP [fe80::986f:fe34:3735:8cde%7]:2177 *:*
UDP [fe80::986f:fe34:3735:8cde%7]:5353 *:*
UDP [fe80::986f:fe34:3735:8cde%7]:62409 *:*
UDP [fe80::b010:942e:ef14:9050%11]:546 *:*
UDP [fe80::b010:942e:ef14:9050%11]:1900 *:*
UDP [fe80::b010:942e:ef14:9050%11]:2177 *:*
UDP [fe80::b010:942e:ef14:9050%11]:5353 *:*
UDP [fe80::b010:942e:ef14:9050%11]:62408 *:*
UDP [fe80::ddb3:5be9:6b43:197f%22]:1900 *:*
UDP [fe80::ddb3:5be9:6b43:197f%22]:2177 *:*
UDP [fe80::ddb3:5be9:6b43:197f%22]:62410 *:*
三、簡易Banner信息獲取
python提供了一個用於進行網絡連接的庫——socket,通過這個庫我們可以實現一個簡單的banner信息採集。
設計思路:
(1)首先導入socket網絡數據包
(2)設置網絡連接超時時間
(3)創建socket對象
(4)連接目標主機
(5)進行banner信息採集
(6)顯示banner信息
代碼如下:
#encoding:utf-8
import socket #導入socket網絡數據包
socket.setdefaulttimeout(2) #設置網絡連接超時時間
s=socket.socket() #創建socket對象
s.connect(('192.168.206.131',22)) #使用socket對象連接目標主機
ans=s.recv(1024) #使用recv方法從目標主機獲取banner信息
print(ans)
包含異常處理的Banner信息獲取
#encoding:utf-8
import socket #導入socket網絡數據包
socket.setdefaulttimeout(2) #設置網絡超時時間
s=socket.socket() #創建socket對象
try: #異常處理(主要處理socket的connect連接成功與否)
s.connect(("192.168.11.133",21))
ans=s.recv(1024)
print ans
except Exception,e: #異常處理
print "Error"+e.message