了解网络服务器上使用的 Linux 版本的最佳方法

Question 1

操作系统检测

Nmap 最著名的功能之一是使用 TCP/IP 堆栈指纹进行远程操作系统检测。 Nmap 向远程主机发送一系列 TCP 和 UDP 数据包，并检查响应中的几乎每一位。在执行了数十项测试（例如 TCP ISN 采样、TCP 选项支持和排序、IP ID 采样以及初始窗口大小检查）后，Nmap 将结果与其包含 2,600 多个已知操作系统指纹的 nmap-os-db 数据库进行比较，并打印出来操作系统详细信息（如果存在匹配）。每个指纹包括操作系统的自由形式文本描述，以及提供供应商名称（例如 Sun）、底层操作系统（例如 Solaris）、操作系统代（例如 10）和设备类型（通用、路由器、交换机、游戏）的分类。控制台等）。大多数指纹还具有通用平台枚举 (CPE) 表示形式，例如 cpe:/o:linux:kernel:2.6。

例子

[root@liuyan liuyan]# nmap -A -T4 www.kernel.org

Starting Nmap 6.01 ( http://nmap.org ) at 2012-11-07 21:18 CST
Nmap scan report for www.kernel.org (149.20.4.69)
Host is up (0.31s latency).
Other addresses for www.kernel.org (not scanned): 149.20.20.133
Not shown: 990 closed ports
PORT     STATE    SERVICE        VERSION
21/tcp   open     ftp            vsftpd 2.3.4
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| drwxrwx---    2 536      528          4096 May 21  2001 for_mirrors_only
| drwxr-xr-x   11 536      536          4096 Dec 01  2011 pub
|_lrwxrwxrwx    1 0        0              10 Apr 21  2007 welcome.msg -> pub/README
22/tcp   open     ssh            OpenSSH 5.8 (protocol 2.0)
| ssh-hostkey: 1024 01:6f:7b:00:d2:78:e7:68:ef:68:e0:5e:c7:ee:42:28 (DSA)
|_2048 d4:2a:5b:81:00:a9:e9:b2:75:8c:af:40:ee:a0:1b:8e (RSA)
80/tcp   open     http           Apache httpd 2.2.22 ((Fedora))
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
443/tcp  open     ssl/http       Apache httpd 2.2.22 ((Fedora))
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
| http-robots.txt: 16 disallowed entries (15 shown)
| /cgi-bin/ /pub/mirrors/ /pub/scm/ 
| /mirrors/process-registration.cgi /lsb/ /linuxeda/ /os.org/ /debian/ /debian-cd/ /lanana/ 
|_/li18nux/ /freestandards/ /filehub/ /diff/ /git/
| ssl-cert: Subject: commonName=*.kernel.org/organizationName=The Linux Kernel Organization/stateOrProvinceName=California/countryName=US
| Not valid before: 2012-01-03 00:00:00
|_Not valid after:  2014-04-03 23:59:59
|_http-title: The Linux Kernel Archives
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
873/tcp  open     rsync          (protocol version 30)
4444/tcp filtered krb524
Device type: general purpose|storage-misc|WAP|media device|webcam
Running (JUST GUESSING): Linux 2.6.X|3.X|2.4.X (92%), HP embedded (89%), Netgear embedded (87%), Western Digital embedded (87%), Linksys Linux 2.4.X (86%), AXIS Linux 2.6.X (85%), Asus Linux 2.6.X (85%)
OS CPE: cpe:/o:linux:kernel:2.6 cpe:/o:linux:kernel:3 cpe:/o:linux:kernel:2.6.22 cpe:/o:linksys:linux:2.4 cpe:/o:linux:kernel:2.4 cpe:/o:axis:linux:2.6 cpe:/h:asus:rt-n16 cpe:/o:asus:linux:2.6
Aggressive OS guesses: Linux 2.6.32 (92%), Linux 2.6.32 - 2.6.38 (90%), HP P2000 G3 NAS device (89%), Linux 2.6.22 - 2.6.36 (87%), Linux 2.6.23 - 2.6.38 (87%), Linux 2.6.31 - 2.6.35 (87%), Linux 3.0 (87%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.39 (87%), Netgear DG834G WAP or Western Digital WD TV media player (87%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 17 hops
Service Info: OS: Unix

TRACEROUTE (using port 1723/tcp)
HOP RTT       ADDRESS
-   Hops 1-6 are the same as for 69.59.197.21
7   ... 8
9   35.89 ms  69.0.112.112.broad.km.yn.dynamic.163data.com.cn (112.112.0.69)
10  13.22 ms  210.78.7.66
11  10.99 ms  218.105.1.42
12  19.59 ms  210.52.132.230
13  166.83 ms 217.6.49.181
14  286.39 ms 202.97.50.102
15  301.44 ms 80.156.160.90
16  ...
17  328.42 ms pub2.kernel.org (149.20.4.69)

Answer

地图能检测/猜测操作系统信息的远程服务器。

操作系统检测

Nmap 最著名的功能之一是使用 TCP/IP 堆栈指纹进行远程操作系统检测。 Nmap 向远程主机发送一系列 TCP 和 UDP 数据包，并检查响应中的几乎每一位。在执行了数十项测试（例如 TCP ISN 采样、TCP 选项支持和排序、IP ID 采样以及初始窗口大小检查）后，Nmap 将结果与其包含 2,600 多个已知操作系统指纹的 nmap-os-db 数据库进行比较，并打印出来操作系统详细信息（如果存在匹配）。每个指纹包括操作系统的自由形式文本描述，以及提供供应商名称（例如 Sun）、底层操作系统（例如 Solaris）、操作系统代（例如 10）和设备类型（通用、路由器、交换机、游戏）的分类。控制台等）。大多数指纹还具有通用平台枚举 (CPE) 表示形式，例如 cpe:/o:linux:kernel:2.6。

例子

[root@liuyan liuyan]# nmap -A -T4 www.kernel.org

Starting Nmap 6.01 ( http://nmap.org ) at 2012-11-07 21:18 CST
Nmap scan report for www.kernel.org (149.20.4.69)
Host is up (0.31s latency).
Other addresses for www.kernel.org (not scanned): 149.20.20.133
Not shown: 990 closed ports
PORT     STATE    SERVICE        VERSION
21/tcp   open     ftp            vsftpd 2.3.4
| ftp-anon: Anonymous FTP login allowed (FTP code 230)
| drwxrwx---    2 536      528          4096 May 21  2001 for_mirrors_only
| drwxr-xr-x   11 536      536          4096 Dec 01  2011 pub
|_lrwxrwxrwx    1 0        0              10 Apr 21  2007 welcome.msg -> pub/README
22/tcp   open     ssh            OpenSSH 5.8 (protocol 2.0)
| ssh-hostkey: 1024 01:6f:7b:00:d2:78:e7:68:ef:68:e0:5e:c7:ee:42:28 (DSA)
|_2048 d4:2a:5b:81:00:a9:e9:b2:75:8c:af:40:ee:a0:1b:8e (RSA)
80/tcp   open     http           Apache httpd 2.2.22 ((Fedora))
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
443/tcp  open     ssl/http       Apache httpd 2.2.22 ((Fedora))
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
| http-robots.txt: 16 disallowed entries (15 shown)
| /cgi-bin/ /pub/mirrors/ /pub/scm/ 
| /mirrors/process-registration.cgi /lsb/ /linuxeda/ /os.org/ /debian/ /debian-cd/ /lanana/ 
|_/li18nux/ /freestandards/ /filehub/ /diff/ /git/
| ssl-cert: Subject: commonName=*.kernel.org/organizationName=The Linux Kernel Organization/stateOrProvinceName=California/countryName=US
| Not valid before: 2012-01-03 00:00:00
|_Not valid after:  2014-04-03 23:59:59
|_http-title: The Linux Kernel Archives
445/tcp  filtered microsoft-ds
593/tcp  filtered http-rpc-epmap
873/tcp  open     rsync          (protocol version 30)
4444/tcp filtered krb524
Device type: general purpose|storage-misc|WAP|media device|webcam
Running (JUST GUESSING): Linux 2.6.X|3.X|2.4.X (92%), HP embedded (89%), Netgear embedded (87%), Western Digital embedded (87%), Linksys Linux 2.4.X (86%), AXIS Linux 2.6.X (85%), Asus Linux 2.6.X (85%)
OS CPE: cpe:/o:linux:kernel:2.6 cpe:/o:linux:kernel:3 cpe:/o:linux:kernel:2.6.22 cpe:/o:linksys:linux:2.4 cpe:/o:linux:kernel:2.4 cpe:/o:axis:linux:2.6 cpe:/h:asus:rt-n16 cpe:/o:asus:linux:2.6
Aggressive OS guesses: Linux 2.6.32 (92%), Linux 2.6.32 - 2.6.38 (90%), HP P2000 G3 NAS device (89%), Linux 2.6.22 - 2.6.36 (87%), Linux 2.6.23 - 2.6.38 (87%), Linux 2.6.31 - 2.6.35 (87%), Linux 3.0 (87%), Linux 2.6.32 - 2.6.39 (87%), Linux 2.6.39 (87%), Netgear DG834G WAP or Western Digital WD TV media player (87%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 17 hops
Service Info: OS: Unix

TRACEROUTE (using port 1723/tcp)
HOP RTT       ADDRESS
-   Hops 1-6 are the same as for 69.59.197.21
7   ... 8
9   35.89 ms  69.0.112.112.broad.km.yn.dynamic.163data.com.cn (112.112.0.69)
10  13.22 ms  210.78.7.66
11  10.99 ms  218.105.1.42
12  19.59 ms  210.52.132.230
13  166.83 ms 217.6.49.181
14  286.39 ms 202.97.50.102
15  301.44 ms 80.156.160.90
16  ...
17  328.42 ms pub2.kernel.org (149.20.4.69)

Question 2

如果您有权访问服务器，您可以尝试获取文件/etc/issue和/或/etc/issue.net- 例如使用脚本语言。

如果您无权访问它，请尝试检查网络服务器标头：

wget -Sq -O /dev/null http://www.example.org

Answer

如果您有权访问服务器，您可以尝试获取文件/etc/issue和/或/etc/issue.net- 例如使用脚本语言。

如果您无权访问它，请尝试检查网络服务器标头：

wget -Sq -O /dev/null http://www.example.org

了解网络服务器上使用的 Linux 版本的最佳方法

答案1

答案2

相关内容