一、什么是Banner
Banner信息,欢迎语,在banner信息中可以得到软件开发商,软件名称、版本、服务类型等信息,通过这些信息可以使用某些工具直接去使用相对应的exp去攻击。
(第一类,溢出提权,也就是exp提权,也就是我们这文在下面将记录的。第二类,数据库提权。第三类,第三方软件提权。)
前提条件:需要和目标建立链接,只有建立了链接,我们才能获取对应的banner信息
目标服务器上可以对banner进行隐藏或者禁止读取
二、收集方法
使用namp
nmap -sT -p1-200 --script=banner 192.168.1.1
-sT 表示使用基于TCP方式去扫描
-p1-200 扫描端口是1到200
--script 表示使用脚本banner
C:\Users\88304>netstat -an
活动连接
协议 本地地址 外部地址 状态
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:330 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:902 0.0.0.0:0 LISTENING
TCP 0.0.0.0:912 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1521 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:7680 0.0.0.0:0 LISTENING
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING
TCP 0.0.0.0:33060 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49671 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49682 0.0.0.0:0 LISTENING
TCP 127.0.0.1:4301 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5939 0.0.0.0:0 LISTENING
TCP 127.0.0.1:10000 0.0.0.0:0 LISTENING
TCP 127.0.0.1:27018 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49669 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49672 127.0.0.1:49673 ESTABLISHED
TCP 127.0.0.1:49673 127.0.0.1:49672 ESTABLISHED
TCP 127.0.0.1:51191 127.0.0.1:51192 ESTABLISHED
TCP 127.0.0.1:51192 127.0.0.1:51191 ESTABLISHED
TCP 127.0.0.1:51206 127.0.0.1:51207 ESTABLISHED
TCP 127.0.0.1:51207 127.0.0.1:51206 ESTABLISHED
TCP 127.0.0.1:51235 0.0.0.0:0 LISTENING
TCP 127.0.0.1:51235 127.0.0.1:51250 ESTABLISHED
TCP 127.0.0.1:51250 127.0.0.1:51235 ESTABLISHED
TCP 169.254.144.80:139 0.0.0.0:0 LISTENING
TCP 192.168.43.147:139 0.0.0.0:0 LISTENING
TCP 192.168.43.147:50668 52.139.250.253:443 ESTABLISHED
TCP 192.168.43.147:50722 59.36.89.146:80 CLOSE_WAIT
TCP 192.168.43.147:51195 117.18.232.200:443 ESTABLISHED
TCP 192.168.43.147:51208 184.27.212.52:443 ESTABLISHED
TCP 192.168.43.147:51216 219.147.231.63:443 CLOSE_WAIT
TCP 192.168.43.147:51255 101.201.178.55:443 ESTABLISHED
TCP 192.168.43.147:51256 219.147.83.246:443 ESTABLISHED
TCP 192.168.43.147:51257 39.96.132.69:443 ESTABLISHED
TCP 192.168.43.147:51259 39.96.132.69:443 ESTABLISHED
TCP 192.168.43.147:51260 39.96.132.69:443 ESTABLISHED
TCP 192.168.43.147:51261 39.96.132.69:443 ESTABLISHED
TCP 192.168.43.147:51266 140.143.52.226:443 ESTABLISHED
TCP 192.168.43.147:51267 219.147.82.253:443 ESTABLISHED
TCP 192.168.43.147:51270 101.201.169.146:443 ESTABLISHED
TCP 192.168.43.147:51271 101.201.169.146:443 ESTABLISHED
TCP 192.168.43.147:51274 203.119.169.141:443 ESTABLISHED
TCP 192.168.43.147:51275 203.119.144.59:443 ESTABLISHED
TCP 192.168.43.147:51286 203.119.175.213:443 ESTABLISHED
TCP 192.168.43.147:51288 59.111.181.38:80 CLOSE_WAIT
TCP 192.168.43.147:51290 42.101.56.35:80 ESTABLISHED
TCP 192.168.43.147:51293 47.95.47.253:443 ESTABLISHED
TCP 192.168.43.147:51298 220.181.38.150:443 ESTABLISHED
TCP 192.168.43.147:51320 59.111.181.38:80 CLOSE_WAIT
TCP 192.168.43.147:51324 220.181.38.156:443 ESTABLISHED
TCP 192.168.43.147:51325 220.181.38.150:443 ESTABLISHED
TCP 192.168.43.147:51326 220.181.38.150:443 ESTABLISHED
TCP 192.168.43.147:51328 36.104.142.33:443 ESTABLISHED
TCP 192.168.43.147:51329 42.101.56.35:443 ESTABLISHED
TCP 192.168.43.147:51330 220.181.38.150:443 ESTABLISHED
TCP 192.168.43.147:51331 172.217.160.110:443 SYN_SENT
TCP 192.168.43.147:51332 220.181.38.150:443 ESTABLISHED
TCP 192.168.43.147:51333 172.217.160.110:443 SYN_SENT
TCP 192.168.43.147:51334 172.217.160.110:443 SYN_SENT
TCP 192.168.43.147:51335 202.89.233.101:443 ESTABLISHED
TCP 192.168.43.147:51336 172.217.160.110:443 SYN_SENT
TCP 192.168.43.147:51337 40.90.22.187:443 ESTABLISHED
TCP 192.168.43.147:51339 20.36.72.49:443 ESTABLISHED
TCP 192.168.43.147:51340 13.107.18.254:443 ESTABLISHED
TCP 192.168.43.147:51341 13.107.246.254:443 ESTABLISHED
TCP 192.168.43.147:51342 204.79.197.222:443 SYN_SENT
TCP 192.168.43.147:51343 172.217.160.110:443 SYN_SENT
TCP 192.168.44.1:139 0.0.0.0:0 LISTENING
TCP 192.168.206.1:139 0.0.0.0:0 LISTENING
TCP 192.168.206.1:51251 192.168.206.131:22 CLOSE_WAIT
TCP [::]:135 [::]:0 LISTENING
TCP [::]:330 [::]:0 LISTENING
TCP [::]:445 [::]:0 LISTENING
TCP [::]:1521 [::]:0 LISTENING
TCP [::]:5357 [::]:0 LISTENING
TCP [::]:7680 [::]:0 LISTENING
TCP [::]:8080 [::]:0 LISTENING
TCP [::]:33060 [::]:0 LISTENING
TCP [::]:49664 [::]:0 LISTENING
TCP [::]:49665 [::]:0 LISTENING
TCP [::]:49666 [::]:0 LISTENING
TCP [::]:49667 [::]:0 LISTENING
TCP [::]:49668 [::]:0 LISTENING
TCP [::]:49671 [::]:0 LISTENING
TCP [::]:49682 [::]:0 LISTENING
TCP [fe80::b010:942e:ef14:9050%11]:1521 [fe80::b010:942e:ef14:9050%11]:49681 ESTABLISHED
TCP [fe80::b010:942e:ef14:9050%11]:49681 [fe80::b010:942e:ef14:9050%11]:1521 ESTABLISHED
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:4011 *:*
UDP 0.0.0.0:5050 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:51213 *:*
UDP 0.0.0.0:54135 *:*
UDP 0.0.0.0:54344 *:*
UDP 0.0.0.0:55673 *:*
UDP 0.0.0.0:59110 *:*
UDP 0.0.0.0:61480 *:*
UDP 0.0.0.0:61481 *:*
UDP 0.0.0.0:63479 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:49669 *:*
UDP 127.0.0.1:52041 *:*
UDP 127.0.0.1:52042 *:*
UDP 127.0.0.1:52043 *:*
UDP 127.0.0.1:52044 *:*
UDP 127.0.0.1:52045 *:*
UDP 127.0.0.1:52046 *:*
UDP 127.0.0.1:53391 *:*
UDP 127.0.0.1:53392 *:*
UDP 127.0.0.1:53393 *:*
UDP 127.0.0.1:53394 *:*
UDP 127.0.0.1:58487 *:*
UDP 127.0.0.1:58488 *:*
UDP 127.0.0.1:58489 *:*
UDP 127.0.0.1:58490 *:*
UDP 127.0.0.1:62417 *:*
UDP 169.254.144.80:137 *:*
UDP 169.254.144.80:138 *:*
UDP 169.254.144.80:1900 *:*
UDP 169.254.144.80:2177 *:*
UDP 169.254.144.80:62413 *:*
UDP 192.168.43.147:137 *:*
UDP 192.168.43.147:138 *:*
UDP 192.168.43.147:1900 *:*
UDP 192.168.43.147:2177 *:*
UDP 192.168.43.147:62416 *:*
UDP 192.168.44.1:137 *:*
UDP 192.168.44.1:138 *:*
UDP 192.168.44.1:1900 *:*
UDP 192.168.44.1:2177 *:*
UDP 192.168.44.1:62414 *:*
UDP 192.168.206.1:137 *:*
UDP 192.168.206.1:138 *:*
UDP 192.168.206.1:1900 *:*
UDP 192.168.206.1:2177 *:*
UDP 192.168.206.1:5353 *:*
UDP 192.168.206.1:62415 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5353 *:*
UDP [::]:5355 *:*
UDP [::]:51214 *:*
UDP [::]:59111 *:*
UDP [::]:61481 *:*
UDP [::1]:1900 *:*
UDP [::1]:62412 *:*
UDP [fe80::1c4c:6c4c:a36d:dd07%21]:1900 *:*
UDP [fe80::1c4c:6c4c:a36d:dd07%21]:2177 *:*
UDP [fe80::1c4c:6c4c:a36d:dd07%21]:62411 *:*
UDP [fe80::986f:fe34:3735:8cde%7]:1900 *:*
UDP [fe80::986f:fe34:3735:8cde%7]:2177 *:*
UDP [fe80::986f:fe34:3735:8cde%7]:5353 *:*
UDP [fe80::986f:fe34:3735:8cde%7]:62409 *:*
UDP [fe80::b010:942e:ef14:9050%11]:546 *:*
UDP [fe80::b010:942e:ef14:9050%11]:1900 *:*
UDP [fe80::b010:942e:ef14:9050%11]:2177 *:*
UDP [fe80::b010:942e:ef14:9050%11]:5353 *:*
UDP [fe80::b010:942e:ef14:9050%11]:62408 *:*
UDP [fe80::ddb3:5be9:6b43:197f%22]:1900 *:*
UDP [fe80::ddb3:5be9:6b43:197f%22]:2177 *:*
UDP [fe80::ddb3:5be9:6b43:197f%22]:62410 *:*
三、简易Banner信息获取
python提供了一个用于进行网络连接的库——socket,通过这个库我们可以实现一个简单的banner信息采集。
设计思路:
(1)首先导入socket网络数据包
(2)设置网络连接超时时间
(3)创建socket对象
(4)连接目标主机
(5)进行banner信息采集
(6)显示banner信息
代码如下:
#encoding:utf-8
import socket #导入socket网络数据包
socket.setdefaulttimeout(2) #设置网络连接超时时间
s=socket.socket() #创建socket对象
s.connect(('192.168.206.131',22)) #使用socket对象连接目标主机
ans=s.recv(1024) #使用recv方法从目标主机获取banner信息
print(ans)
包含异常处理的Banner信息获取
#encoding:utf-8
import socket #导入socket网络数据包
socket.setdefaulttimeout(2) #设置网络超时时间
s=socket.socket() #创建socket对象
try: #异常处理(主要处理socket的connect连接成功与否)
s.connect(("192.168.11.133",21))
ans=s.recv(1024)
print ans
except Exception,e: #异常处理
print "Error"+e.message
