Forums

Welcome, Guest

You have to register before you can post on our site.

Search Forums

(Advanced Search)

Forum Statistics

» Members: 2
» Latest member: anonimo
» Forum threads: 22
» Forum posts: 22

Full Statistics

Online Users

There is currently 1 user online
» 0 Member(s) | 1 Guest(s)

Latest Threads

ubicaciones físicas,recon...
Forum: Cuba
Last Post: anonimo
12-26-2024, 02:59 AM
» Replies: 0
» Views: 95

sed
Forum: Otros comandos
Last Post: truper
12-25-2024, 08:56 PM
» Replies: 0
» Views: 93

Nmap script vuln a Corea ...
Forum: Corea del Norte
Last Post: anonimo
12-17-2024, 04:21 PM
» Replies: 0
» Views: 63

Ataque de fuerza bruta a ...
Forum: Corea del Norte
Last Post: anonimo
12-16-2024, 05:26 PM
» Replies: 0
» Views: 103

Masscan y Nmap a ips de z...
Forum: Rusia
Last Post: anonimo
12-15-2024, 03:41 AM
» Replies: 0
» Views: 70

Masscan y Nmap al Gobiern...
Forum: Arabia Saudita
Last Post: anonimo
12-12-2024, 01:35 AM
» Replies: 0
» Views: 76

Descubrimiento hosts gube...
Forum: Arabia Saudita
Last Post: anonimo
12-09-2024, 09:33 PM
» Replies: 0
» Views: 112

Vim y expresiones regular...
Forum: Otros comandos
Last Post: anonimo
12-09-2024, 12:55 AM
» Replies: 0
» Views: 69

ffmpeg
Forum: Conversión de audio y vídeo
Last Post: truper
12-08-2024, 02:13 AM
» Replies: 0
» Views: 83

Scan servidores gubername...
Forum: Turkmenistán
Last Post: anonimo
12-06-2024, 09:26 PM
» Replies: 0
» Views: 68

Ayuda

Posted by: truper - 11-09-2024, 05:04 PM - Forum: Ayuda, preguntas, dudas y propuestas - No Replies

Foro mapeo de dictaduras: Escaneo de ips y publicación de los resultados de los escáneres para que otros puedan analizarlo y no pierdan tiempo, vista superficial de posibles vulnerabilidades. Éste foro lo puede ver cualquier usuario pero para descargar los ficheros hay que estar registrado.
|
|-----> Subforo análisis de vulnerabilidades: Sólo para usuarios registrados

Foro ataques contra dictaduras e información obtenida: Sólo para usuarios que pertenezcan al grupo ataques

Tutorial

Posted by: anonimo - 11-04-2024, 10:40 AM - Forum: Corea del Norte - No Replies

Puedes ver una versión wiki de éste post en https://wiki.acosadores.net/doku.php?id=norcorea:nmap

éste post lo iré editando constantemente

Paso 1: Saber que rango de ips se asignan a un país, para ello buscar en https://www.ipdeny.com/ipblocks/

- como podemos ver, en https://www.ipdeny.com/ipblocks/data/countries/kp.zone sólamente tiene el bloque 175.45.176.0/22.

Ésto quiere decir que se asignan 32 bits - 22 = 10, 2^10 = 1024 ips

Escaneo completo y detallado mediante nmap de las 1024 ips que incluya la detección del sistema operativo

nmap -A -v 175.45.176.0/22 (Nota: ejecutar con sudo)

Aquí el problema que nos encontramos es que al ser la salida muy larga y exceder el buffer de la terminal el resultado se nos perderá, por lo tanto es mejor guardar el resultado de la salida en un fichero de texto, así que vamos a corregir el comando:

nmap -A -v 175.45.176.0/22 > resultado.txt (Nota: ejecutar con sudo)

después de 3 horas termina el escaneo, el archivo lo subo para que podais analizarlo y aprender, aquí la salida interesante:

Completed Connect Scan at 14:51, 8653.30s elapsed (18000 total ports)
Initiating Service scan at 14:51
Scanning 37 services on 18 hosts
Completed Service scan at 14:52, 72.44s elapsed (37 services on 18 hosts)
NSE: Script scanning 18 hosts.
Initiating NSE at 14:52
Completed NSE at 14:56, 244.20s elapsed
Initiating NSE at 14:56
Completed NSE at 15:04, 466.18s elapsed
Initiating NSE at 15:04
Completed NSE at 15:04, 0.01s elapsed
Nmap scan report for mail1.silibank.net.kp (175.45.176.21)
Host is up (0.48s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
995/tcp open pop3s?
7443/tcp closed oracleas-https

Nmap scan report for 175.45.176.22
Host is up (0.46s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
995/tcp open pop3s?
8888/tcp open sun-answerbook?

Nmap scan report for 175.45.176.68
Host is up (0.47s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips PHP/5.6.2)

Nmap scan report for 175.45.176.69
Host is up (0.42s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
25/tcp open tcpwrapped
|_smtp-commands: Couldn't establish connection on port 25
80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips PHP/5.6.2)

Nmap scan report for 175.45.176.71
Host is up (0.43s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips PHP/5.6.2)
443/tcp open ssl/https?

Nmap scan report for 175.45.176.72
Host is up (0.52s latency).
Not shown: 977 closed ports
PORT STATE SERVICE VERSION
13/tcp filtered daytime
80/tcp open http Microsoft IIS httpd 7.5
82/tcp filtered xfer
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open ssl/https?
445/tcp filtered microsoft-ds
555/tcp filtered dsf
593/tcp filtered http-rpc-epmap
722/tcp filtered unknown
1151/tcp filtered unizensus
1433/tcp open ms-sql-s Microsoft SQL Server 2000 8.00.311; RTMa
2710/tcp filtered sso-service
3017/tcp filtered event_listener
3372/tcp filtered msdtc
4444/tcp filtered krb524
4446/tcp filtered n1-fwp
30718/tcp filtered unknown
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open msrpc Microsoft Windows RPC
49155/tcp open unknown
60020/tcp filtered unknown
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Nmap scan report for 175.45.176.75
Host is up (0.45s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips)
443/tcp open ssl/http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips)
| ssl-cert: Subject: commonName=www.vok.rep.kp/organizationName=KRT/stateOrProvinceName=Pyongyang/countryName=KP
| Subject Alternative Name: IP Address:175.45.176.75, IP Address:175.45.176.85, IP Address:175.45.176.73, IP Address:175.45.176.83, DNS:www.vok.rep.kp, DNS:www.gnu.rep.kp
| Issuer: commonName=www.dprk.gov.kp/organizationName=dprk/stateOrProvinceName=Pyongyang/countryName=KP
| Public Key type: rsa
| Public Key bits: 4096
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2018-08-21T04:02:01
| Not valid after: 2021-08-20T04:02:01
| MD5: fed6 b74d 0e32 58be cdd1 9774 3b3f 989b
|_SHA-1: ac0a fed2 701d 3d18 994a 05d9 708d 18b1 f37e 5d40

Nmap scan report for 175.45.176.76
Host is up (0.46s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
25/tcp open tcpwrapped
|_smtp-commands: Couldn't establish connection on port 25
80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips PHP/5.6.2)
443/tcp open ssl/https?
| http-methods:
|_ Supported Methods: GET HEAD

Nmap scan report for 175.45.176.80
Host is up (0.48s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http nginx 1.18.0

Nmap scan report for 175.45.176.81
Host is up (0.45s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
25/tcp open tcpwrapped
|_smtp-commands: Couldn't establish connection on port 25
80/tcp open http nginx 1.18.0
443/tcp open ssl/http nginx 1.18.0
| ssl-cert: Subject: commonName=192.168.245.6
| Subject Alternative Name: DNS:Xen-6, DNS:Xen-6
| Issuer: commonName=192.168.245.6
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2022-10-19T13:19:44
| Not valid after: 2032-10-16T13:19:44
| MD5: dc5e 7405 d03b 976c 7b8d ea61 4c87 e08c
|_SHA-1: e336 92d0 0745 3bb0 fde9 e727 2aad 564a 83fa da37

Nmap scan report for 175.45.176.85
Host is up (0.45s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
25/tcp open tcpwrapped
|_smtp-commands: Couldn't establish connection on port 25
80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips)
443/tcp open ssl/http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips)
| http-methods:
|_ Supported Methods: GET HEAD POST

Nmap scan report for 175.45.176.91
Host is up (0.42s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http nginx 1.18.0
443/tcp closed https

Nmap scan report for 175.45.177.1
Host is up (0.39s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.25 ((RedStar4.0) OpenSSL/1.0.1e-fips PHP/5.6.2)
443/tcp open ssl/https?

Nmap scan report for 175.45.177.10
Host is up (0.56s latency).
Not shown: 969 filtered ports
PORT STATE SERVICE VERSION
22/tcp closed ssh
23/tcp closed telnet
25/tcp open tcpwrapped
|_smtp-commands: Couldn't establish connection on port 25
53/tcp closed domain
80/tcp open http nginx 1.18.0
113/tcp closed ident
199/tcp closed smux
256/tcp closed fw1-secureremote
443/tcp open ssl/http nginx 1.18.0
|_http-server-header: nginx/1.18.0
|_http-title: Welcome to nginx!
| ssl-cert: Subject: commonName=5-XEN
| Subject Alternative Name: DNS:5-XEN, DNS:5-XEN
| Issuer: commonName=5-XEN
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2022-09-26T09:45:28
| Not valid after: 2032-09-23T09:45:28
| MD5: 5362 755f 3041 cc43 3b16 61fb 60ed 2966
|_SHA-1: e614 fbef 2595 bddf 52cd e1cc 6977 90ca 7c2a e612
554/tcp closed rtsp
993/tcp closed imaps
1042/tcp closed afrog
1048/tcp closed neod2
1057/tcp closed startron
1999/tcp closed tcp-id-port
2638/tcp closed sybase
3003/tcp closed cgms
3389/tcp closed ms-wbt-server
3551/tcp closed apcupsd
3800/tcp closed pwgpsi
3851/tcp closed spectraport
4126/tcp closed ddrepl
5054/tcp closed rlm-admin
5900/tcp closed vnc
5987/tcp closed wbem-rmi
6789/tcp closed ibm-db2-admin
9666/tcp closed zoomcp
19283/tcp closed keysrvr
27356/tcp closed unknown
49155/tcp closed unknown
49160/tcp closed unknown

Nmap scan report for 175.45.177.11
Host is up (0.54s latency).
Not shown: 948 filtered ports
PORT STATE SERVICE VERSION
23/tcp closed telnet
53/tcp closed domain
80/tcp open http nginx 1.18.0
143/tcp closed imap
199/tcp closed smux
256/tcp closed fw1-secureremote
301/tcp closed unknown
443/tcp open ssl/http nginx 1.18.0
| http-methods:
|_ Supported Methods: GET HEAD
|_http-server-header: nginx/1.18.0
|_http-title: Welcome to nginx!
| ssl-cert: Subject: commonName=192.168.245.6
| Subject Alternative Name: DNS:Xen-6, DNS:Xen-6
| Issuer: commonName=192.168.245.6
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2022-10-19T13:19:44
| Not valid after: 2032-10-16T13:19:44
| MD5: dc5e 7405 d03b 976c 7b8d ea61 4c87 e08c
|_SHA-1: e336 92d0 0745 3bb0 fde9 e727 2aad 564a 83fa da37
554/tcp closed rtsp
587/tcp closed submission
617/tcp closed sco-dtmgr
993/tcp closed imaps
995/tcp closed pop3s
999/tcp closed garcon
1025/tcp closed NFS-or-IIS
1048/tcp closed neod2
1057/tcp closed startron
1060/tcp closed polestar
1069/tcp closed cognex-insight
1070/tcp closed gmrupdateserv
1247/tcp closed visionpyramid
1972/tcp closed intersys-cache
1984/tcp closed bigbrother
2049/tcp closed nfs
2121/tcp closed ccproxy-ftp
3306/tcp closed mysql
3389/tcp closed ms-wbt-server
4003/tcp closed pxc-splr-ft
5560/tcp closed isqlplus
5900/tcp closed vnc
5959/tcp closed unknown
6005/tcp closed X11:5
6059/tcp closed X11:59
6839/tcp closed unknown
7938/tcp closed lgtomapper
8086/tcp closed d-s-n
8088/tcp closed radan-http
8192/tcp closed sophos
8402/tcp closed abarsd
8652/tcp closed unknown
8873/tcp closed dxspider
8888/tcp closed sun-answerbook
9666/tcp closed zoomcp
10000/tcp closed snet-sensor-mgmt
19801/tcp closed unknown
24800/tcp closed unknown
27356/tcp closed unknown
44501/tcp closed unknown
49155/tcp closed unknown
49160/tcp closed unknown
49165/tcp closed unknown
60443/tcp closed unknown

Nmap scan report for 175.45.178.129
Host is up (0.34s latency).
Not shown: 985 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh Cisco SSH 1.25 (protocol 1.99)
| ssh-hostkey:
| 1024 ac:2f:68:9c:2f:a2:b5:2b:09:ce:87:b3:37:bb:3e:ee (RSA1)
|_ 1024 3e:03:e3:75:20:ba:92:e9:2c:9a:d4:53:95:6b:a1:ea (RSA)
|_sshv1: Server supports SSHv1
23/tcp open telnet Cisco router telnetd
25/tcp filtered smtp
139/tcp filtered netbios-ssn
1038/tcp filtered mtqp
1061/tcp filtered kiosk
1077/tcp filtered imgames
1658/tcp filtered sixnetudr
3300/tcp filtered ceph
5087/tcp filtered biotic
6565/tcp filtered unknown
6779/tcp filtered unknown
8045/tcp filtered unknown
8222/tcp filtered unknown
60020/tcp filtered unknown
Service Info: OS: IOS; Device: router; CPE: cpe:/o:cisco:ios

Nmap scan report for 175.45.178.134
Host is up (0.54s latency).
Not shown: 992 closed ports
PORT STATE SERVICE VERSION
25/tcp filtered smtp
139/tcp filtered netbios-ssn
646/tcp filtered ldp
1187/tcp filtered alias
1723/tcp filtered pptp
5550/tcp filtered sdadmind
8001/tcp filtered vcom-tunnel
64680/tcp filtered unknown

Nmap scan report for 175.45.178.138
Host is up (0.39s latency).
Not shown: 985 closed ports
PORT STATE SERVICE VERSION
22/tcp filtered ssh
23/tcp filtered telnet
25/tcp filtered smtp
53/tcp filtered domain
80/tcp filtered http
139/tcp filtered netbios-ssn
1028/tcp filtered unknown
1096/tcp filtered cnrprotocol
1840/tcp filtered netopia-vo2
2869/tcp filtered icslap
3168/tcp filtered poweronnud
4005/tcp filtered pxc-pin
9595/tcp filtered pds
10621/tcp filtered unknown
49161/tcp filtered unknown

NSE: Script Post-scanning.
Initiating NSE at 15:04
Completed NSE at 15:04, 0.00s elapsed
Initiating NSE at 15:04
Completed NSE at 15:04, 0.00s elapsed
Initiating NSE at 15:04
Completed NSE at 15:04, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1024 IP addresses (18 hosts up) scanned in 9665.53 seconds

Ips de los servidores con algún servicio o puerto abierto:

cat resultado.txt | grep 'open port' | cut -d' ' -f6 | sort | uniq

Número de servidores con algún servicio o puerto abierto:

Ips de los servidores con el puerto 80 abierto (servidores web)

Número de servidores con el puerto 80 abierto

Aquí es donde vemos que sólo 9 de 13 servidores web tienen ssl, para ver cuales no tienen:

175.45.176.68
175.45.176.69
175.45.176.80
175.45.176.91

Attached Files
.txt

resultado.txt (Size: 78.26 KB / Downloads: 1)

Pages (3): « Previous 1 2 3

Login
Username:
Password:	Lost Password?
	Remember me