실습> TCP FIN 스캔 (-sF)
화면으로 출력하는 경우
o 방화벽이 없는 경우
| 1. 포트가 열린 경우 Victim ~# vi tcpScan9.sh -- tcpScan9.sh -- #!/bin/sh iptables -F systemctl start httpd tcpdump -n tcp port 80 -i ens33 -- tcpScan9.sh -- Victim ~# chmod 755 tcpScan9.sh Victim ~# ./tcpScan9.sh tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes Attacker ~# nmap -sF -p 80 192.168.108.100 Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-30 07:45 EST Nmap scan report for 192.168.108.100 Host is up (0.0016s latency). PORT STATE SERVICE 80/tcp open|filtered http MAC Address: 00:0C:29:87:C2:1B (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds Victim ~# ./tcpScan9.sh tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes FIN 12:44:35.824207 IP 192.168.108.102.34768 > 192.168.108.100.http: Flags [F], seq 2247460044, win 1024, length 0 FIN 12:44:35.935254 IP 192.168.108.102.34770 > 192.168.108.100.http: Flags [F], seq 2247591118, win 1024, length 0 |
| 2. 포트가 닫힌 경우 Victim ~# vi tcpScan10.sh -- tcpScan10.sh -- #!/bin/sh iptables -F systemctl stop httpd tcpdump -n tcp port 80 -i ens33 -- tcpScan10.sh -- Victim ~# chmod 755 tcpScan10.sh Victim ~# ./tcpScan10.sh tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes Attacker ~# nmap -sF -p 80 192.168.108.100 Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-30 07:47 EST Nmap scan report for 192.168.108.100 Host is up (0.00053s latency). PORT STATE SERVICE 80/tcp closed http MAC Address: 00:0C:29:87:C2:1B (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds Victim ~# ./tcpScan10.sh tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes FIN 12:46:47.862003 IP 192.168.108.102.54005 > 192.168.108.100.http: Flags [F], seq 272011553, win 1024, length 0 RST 12:46:47.862058 IP 192.168.108.100.http > 192.168.108.102.54005: Flags [R.], seq 0, ack 272011554, win 0, length 0 |
o 방화벽이 있는 경우
| 1. 포트가 닫힌 경우 iptables -A INPUT -m state --state INVALID -j DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT iptables -A INPUT -j DROP Victim ~# iptables -nL INPUT Chain INPUT (policy ACCEPT) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 DROP all -- 0.0.0.0/0 0.0.0.0/0 Victim ~# tcpdump -n tcp port 80 -i ens33 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes Attacker ~# nmap -sF -p 80 192.168.108.100 Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-31 01:51 EST Nmap scan report for 192.168.108.100 Host is up (0.0096s latency). PORT STATE SERVICE 80/tcp open|filtered http MAC Address: 00:0C:29:87:C2:1B (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.64 seconds listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 15:51:33.778087 IP 192.168.108.102.sp-remotetablet > 192.168.108.100.http: Flags [F], seq 2545983047, win 1024, length 0 15:51:33.879248 IP 192.168.108.102.mbus > 192.168.108.100.http: Flags [F], seq 2546114117, win 1024, length 0 -sF 는 방화벽 룰의 첫 번째 INVALID 룰에 매칭된다. Victim ~# iptables -nvL INPUT Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2 80 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 158 9776 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 12 779 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Victim ~# iptables -Z INPUT Victim ~# iptables -nvL INPUT Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 8 488 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Attacker ~# nmap -sX -p 80 192.168.108.100 Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-31 01:57 EST Nmap scan report for 192.168.108.100 Host is up (0.00038s latency). PORT STATE SERVICE 80/tcp open|filtered http MAC Address: 00:0C:29:87:C2:1B (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.44 seconds -sX 는 방화벽 룰의 첫 번째 INVALID 룰에 매칭된다. Victim ~# iptables -nvL INPUT Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2 80 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 43 2524 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 2 120 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Attacker ~# nmap -sN -p 80 192.168.108.100 Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-31 01:58 EST Nmap scan report for 192.168.108.100 Host is up (0.00058s latency). PORT STATE SERVICE 80/tcp open|filtered http MAC Address: 00:0C:29:87:C2:1B (VMware) Nmap done: 1 IP address (1 host up) scanned in 0.44 seconds -sN 는 방화벽 룰의 첫 번째 INVALID 룰에 매칭된다. Victim ~# iptables -Z INPUT Victim ~# iptables -nvL INPUT Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2 80 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 32 1920 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 |
'Linux > 모의해킹' 카테고리의 다른 글
| Metasploit 옵션 (#msfconsole) (0) | 2022.01.03 |
|---|---|
| hping3 로 IDLE 스캐닝 (0) | 2022.01.03 |
| TCP SYN stealth 스캔 (Half open scan) (0) | 2021.12.31 |
| TCP Connect 스캔 (Full Connection Scan) (0) | 2021.12.30 |
| nmap 을 이용한 포트 스캐닝 (0) | 2021.12.30 |