awl 多线程SYN攻击工具0.2版,加了MAC伪装
 

 
Nmap:
参考：

 
bzip2 -cd nmap-6.25.tar.bz2 | tar xvf -
cd nmap-6.25
./configure
make
su root
make install
 
Ping扫描(Ping Sweeping)
入侵者使用Nmap扫描整个网络寻找目标.通过使用" -sP"命令,进行ping扫描.缺省情况下,Nmap给每个扫描到的主机发送一个ICMP echo和一个TCP ACK, 主机
 
对任何一种的响应都会被Nmap得到.
举例:扫描192.168.7.0网络:
# nmap -sP 10.0.3.0/24
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-12-10 12:58 CST
Host 10.0.3.0 seems to be a subnet broadcast address (returned 1 extra pings).
Host 10.0.3.1 appears to be up.
Host 10.0.3.8 appears to be up.
Host 10.0.3.9 appears to be up.
Host 10.0.3.10 appears to be up.
Host 10.0.3.11 appears to be up.

一个TCP"ping"将发送一个ACK到目标网络上的每个主机.网络上的主机如果在线,则会返回一个TCP RST响应.使用带有ping扫描的TCP ping选项,也就是"PT"
 
选项可以对网络上指定端口进行扫描(本文例子中指的缺省端口是80(http)号端口),它将可能通过目标边界路由器甚至是防火墙.注意,被探测的主机上的目
 
标端口无须打开,关键取决于是否在网络上.
#  nmap -sP -PT3306 10.0.2.0/24
 
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-12-10 13:04 CST
Host 10.0.2.1 appears to be up.
MAC Address: 54:89:98:E9:AD:BF (Unknown)
Host 10.0.2.2 appears to be up.
MAC Address: 00:50:56:B0:40:A2 (VMWare)
Host 10.0.2.7 appears to be up.
MAC Address: 28:6E:D4:4E:F1:DD (Unknown)
Host 10.0.2.14 appears to be up.
MAC Address: 00:50:56:B0:40:8E (VMWare)
Host 10.0.2.18 appears to be up.
MAC Address: 00:50:56:B0:6D:CB (VMWare)
 
Nmap支持不同类别的端口扫描TCP连接, TCP SYN, Stealth FIN, Xmas Tree,Null和UDP扫描.
端口扫描(Port Scanning)
一个攻击者使用TCP连接扫描很容易被发现,因为Nmap将使用connect()系统调用打开目标机上相关端口的连接,并完成三次TCP握手.黑客登录到主机将显示开
 
放的端口.一个tcp连接扫描使用"-sT"命令如下.
# nmap -sT 192.168.7.12
Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Interesting ports on (192.168.7.12):
Port State Protocol Service
7 open tcp echo
9 open tcp discard
13 open tcp daytime
19 open tcp chargen
21 open tcp ftp
...
Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
举例: nmap -sS -P0 -n -p 3389  125.40.70.0/24  -oN aa.txt
 
   解释: -sS   tcp半连接扫描;  -P0  扫描前不做ping与80端口测试是否在线;  -p 3380   设置端口号  ;  125.40.70.0/24  ip地址定义 ;  -oN
 
aa.txt  将结果输出到aa.txt.
 
Interesting ports on 10.0.14.230:
PORT     STATE    SERVICE
3306/tcp filtered mysql
 
Interesting ports on 10.0.14.231:
PORT     STATE    SERVICE
3306/tcp filtered mysql
 
Interesting ports on 10.0.14.232:
PORT     STATE    SERVICE
3306/tcp filtered mysql
 
Interesting ports on 10.0.14.233:
PORT     STATE    SERVICE
3306/tcp filtered mysql
 
 
 
用IP地址反查主机名：
 
windows下
----------------------------------------------------------------------------------------------------------
C:\Windows\System32>ping -a 10.0.28.113
 
正在 Ping BJNB121043.izp.com [10.0.28.113] 具有 32 字节的数据:
来自 10.0.28.113 的回复: 字节=32 时间<1ms TTL=128
来自 10.0.28.113 的回复: 字节=32 时间<1ms TTL=128
来自 10.0.28.113 的回复: 字节=32 时间<1ms TTL=128
 
10.0.28.113 的 Ping 统计信息:
    数据包: 已发送 = 3，已接收 = 3，丢失 = 0 (0% 丢失)，
往返行程的估计时间(以毫秒为单位):
    最短 = 0ms，最长 = 0ms，平均 = 0ms
Control-C
 
-----------------------------------------------------------------------------------------------------------
C:\Windows\System32>nbtstat -A 10.0.28.113
 
本地连接:
节点 IP 址址: [10.0.28.113] 范围 ID: []
 
           NetBIOS 远程计算机名称表
 
       名称               类型         状态
    ---------------------------------------------
    BJNB121043     <00>  唯一        已注册
    IZP            <00>  组          已注册
    IZP            <1E>  组          已注册
    BJNB121043     <20>  唯一        已注册
 
    MAC 地址 = F0-DE-F1-DF-64-1B
 
linux下
netstat -a ip
host ip