请遵守网络安全法,本博客仅供记录交流学习,网络不是法外之地,一切行为请在法律范围内开展!本次网站为博主朋友的网址!
目标网址:1188181.cn
1.确定域名
前往
ip查询 查ip 网站ip查询 同ip网站查询 iP反查域名 iP查域名 同ip域名
查询对应主机名和CDN
结果:
site:1188181.cn
site:1188181
inurl:1188181 [](https://site.ip138.com/1188181.cn/beian.htm)
intext:1188181本次网站CDN已经过期。
真实IP考虑隐私,略去。
2.whois
whois扫描结果如下:
whois:
1188181.cn Whois域名信息查询
[Querying whois.cnnic.cn]
[whois.cnnic.cn]
Domain Name: 1188181.cn
ROID: 20151021s10001s77643110-cn
Domain Status: clientDeleteProhibited
Registrant: ***
Registrant Contact Email: igreenmind@aliyun.com
Sponsoring Registrar: 烟台帝**网络科技有限公司
Name Server: ns2.22.cn
Name Server: ns1.22.cn
Name Server: ns3.dnsv3.com
Name Server: ns4.dnsv3.com
Registration Time: 2015-10-21 16:54:25
Expiration Time: 2026-10-21 16:54:25
DNSSEC: unsigned
备案信息:
京ICP备1*000858号-1 2020-10-16-----2024-07-16
1188181.cn服务器iP:
当前解析:
中国 上海 阿里云1**.14.226.158
历史解析记录:
2023-04-03-----2024-07-16 1**.14.226.158
2021-08-07-----2022-03-13 106.54.24.89本次目标网址无SSL证书,且全国节点相同。
3.子域名与DNS(NMAP扫描)
Nmap 7.92 ( https://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iL <inputfilename>: Input from list of hosts/networks
-iR <num hosts>: Choose random targets
--exclude <host1[,host2][,host3],...>: Exclude hosts/networks
--excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
-sL: List Scan - simply list targets to scan
-sn: Ping Scan - disable port scan
-Pn: Treat all hosts as online -- skip host discovery
-PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-PO[protocol list]: IP Protocol Ping
-n/-R: Never do DNS resolution/Always resolve [default: sometimes]
--dns-servers <serv1[,serv2],...>: Specify custom DNS servers
--system-dns: Use OS's DNS resolver
--traceroute: Trace hop path to each host
SCAN TECHNIQUES:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans
--scanflags <flags>: Customize TCP scan flags
-sI <zombie host[:probeport]>: Idle scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-sO: IP protocol scan
-b <FTP relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
-p <port ranges>: Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
--exclude-ports <port ranges>: Exclude the specified ports from scanning
-F: Fast mode - Scan fewer ports than the default scan
-r: Scan ports consecutively - don't randomize
--top-ports <number>: Scan <number> most common ports
--port-ratio <ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:
-sV: Probe open ports to determine service/version info
--version-intensity <level>: Set from 0 (light) to 9 (try all probes)
--version-light: Limit to most likely probes (intensity 2)
--version-all: Try every single probe (intensity 9)
--version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
-sC: equivalent to --script=default
--script=<Lua scripts>: <Lua scripts> is a comma separated list of
directories, script-files or script-categories
--script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
--script-args-file=filename: provide NSE script args in a file
--script-trace: Show all data sent and received
--script-updatedb: Update the script database.
--script-help=<Lua scripts>: Show help about scripts.
<Lua scripts> is a comma-separated list of script-files or
script-categories.
OS DETECTION:
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
Options which take <time> are in seconds, or append 'ms' (milliseconds),
's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
-T<0-5>: Set timing template (higher is faster)
--min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
--min-parallelism/max-parallelism <numprobes>: Probe parallelization
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
probe round trip time.
--max-retries <tries>: Caps number of port scan probe retransmissions.
--host-timeout <time>: Give up on target after this long
--scan-delay/--max-scan-delay <time>: Adjust delay between probes
--min-rate <number>: Send packets no slower than <number> per second
--max-rate <number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:
-f; --mtu <val>: fragment packets (optionally w/given MTU)
-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
-S <IP_Address>: Spoof source address
-e <iface>: Use specified interface
-g/--source-port <portnum>: Use given port number
--proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
--data <hex string>: Append a custom payload to sent packets
--data-string <string>: Append a custom ASCII string to sent packets
--data-length <num>: Append random data to sent packets
--ip-options <options>: Send packets with specified ip options
--ttl <val>: Set IP time-to-live field
--spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
--badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
and Grepable format, respectively, to the given filename.
-oA <basename>: Output in the three major formats at once
-v: Increase verbosity level (use -vv or more for greater effect)
-d: Increase debugging level (use -dd or more for greater effect)
--reason: Display the reason a port is in a particular state
--open: Only show open (or possibly open) ports
--packet-trace: Show all packets sent and received
--iflist: Print host interfaces and routes (for debugging)
--append-output: Append to rather than clobber specified output files
--resume <filename>: Resume an aborted scan
--noninteractive: Disable runtime interactions via keyboard
--stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
--webxml: Reference stylesheet from Nmap.Org for more portable XML
--no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
-6: Enable IPv6 scanning
-A: Enable OS detection, version detection, script scanning, and traceroute
--datadir <dirname>: Specify custom Nmap data file location
--send-eth/--send-ip: Send using raw ethernet frames or IP packets
--privileged: Assume that the user is fully privileged
--unprivileged: Assume the user lacks raw socket privileges
-V: Print version number
-h: Print this help summary page.
EXAMPLES:
nmap -v -A scanme.nmap.org
nmap -v -sn 192.168.0.0/16 10.0.0.0/8
nmap -v -iR 10000 -Pn -p 80
SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES
nmap -v -A 106.14.226.158
Starting Nmap 7.92 ( https://nmap.org ) at 2024-07-16 08:21 CST
NSE: Loaded 155 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 08:21
Completed NSE at 08:21, 0.00s elapsed
Initiating NSE at 08:21
Completed NSE at 08:21, 0.00s elapsed
Initiating NSE at 08:21
Completed NSE at 08:21, 0.00s elapsed
Initiating Ping Scan at 08:21
Scanning 106.14.226.158 [2 ports]
Completed Ping Scan at 08:21, 0.03s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 08:21
Completed Parallel DNS resolution of 1 host. at 08:21, 0.03s elapsed
Initiating Connect Scan at 08:21
Scanning 106.14.226.158 [1000 ports]
Discovered open port 80/tcp on 106.14.226.158
Discovered open port 22/tcp on 106.14.226.158
Discovered open port 443/tcp on 106.14.226.158
Increasing send delay for 106.14.226.158 from 0 to 5 due to 11 out of 15 dropped probes since last increase.
Increasing send delay for 106.14.226.158 from 5 to 10 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 106.14.226.158 from 10 to 20 due to 11 out of 11 dropped probes since last increase.
Completed Connect Scan at 08:22, 57.38s elapsed (1000 total ports)
Initiating Service scan at 08:22
Scanning 3 services on 106.14.226.158
Completed Service scan at 08:22, 12.18s elapsed (3 services on 1 host)
NSE: Script scanning 106.14.226.158.
Initiating NSE at 08:22
Completed NSE at 08:22, 2.14s elapsed
Initiating NSE at 08:22
Completed NSE at 08:22, 1.78s elapsed
Initiating NSE at 08:22
Completed NSE at 08:22, 0.00s elapsed
Nmap scan report for 106.14.226.158
Host is up (0.030s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.0 (protocol 2.0)
| ssh-hostkey:
| 3072 ae:26:60:00:09:3e:28:cb:ae:b0:a3:66:fb:6d:05:81 (RSA)
| 256 57:fd:6e:cb:87:55:a4:ee:08:e5:6e:7d:36:33:58:dc (ECDSA)
|_ 256 54:33:ca:32:ef:22:ae:4f:97:7c:9e:4c:29:24:73:15 (ED25519)
80/tcp open http Apache httpd
| http-methods:
|_ Supported Methods: GET POST OPTIONS HEAD
|_http-title: \xE6\xB2\xA1\xE6\x9C\x89\xE6\x89\xBE\xE5\x88\xB0\xE7\xAB\x99\xE7\x82\xB9
|_http-server-header: Apache
443/tcp open ssl/http Apache httpd
| http-methods:
|_ Supported Methods: GET POST OPTIONS HEAD
|_http-title: \xE6\xB2\xA1\xE6\x9C\x89\xE6\x89\xBE\xE5\x88\xB0\xE7\xAB\x99\xE7\x82\xB9
| ssl-cert: Subject:
| Issuer:
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: md5WithRSAEncryption
| Not valid before: 2024-04-08T03:19:45
| Not valid after: 2034-04-06T03:19:45
| MD5: ad40 a6ba d28a c450 ff0e 7be2 dd22 5f4d
|_SHA-1: f8b0 df79 ea46 4d55 a53a ce19 3747 b9b5 8fee 6e25
|_ssl-date: TLS randomness does not represent time
|_http-server-header: Apache
| tls-alpn:
| h2
|_ http/1.1
NSE: Script Post-scanning.
Initiating NSE at 08:22
Completed NSE at 08:22, 0.00s elapsed
Initiating NSE at 08:22
Completed NSE at 08:22, 0.00s elapsed
Initiating NSE at 08:22
Completed NSE at 08:22, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 73.83 seconds可见端口443、80、22为开放、22可用为ssh。扫描目录。
止步于 /.htpasswd
--END--
扫一扫
3792
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
