+- Forums (https://foro.acosadores.net)
+-- Forum: Hacking, ataques contra dictaduras (https://foro.acosadores.net/forumdisplay.php?fid=4)
+--- Forum: Mapeo de Dictaduras (https://foro.acosadores.net/forumdisplay.php?fid=12)
+---- Forum: Rusia (https://foro.acosadores.net/forumdisplay.php?fid=16)
+---- Thread: Escaneo de servidores gubernamentales (/showthread.php?tid=5)
Escaneo de servidores gubernamentales - anonimo - 11-10-2024
https://www.mid.ru/
sudo nmap -A -v 194.85.30.210
Starting Nmap 7.80 ( https://nmap.org ) at 2024-11-10 19:06 CET
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 19:06
Completed NSE at 19:06, 0.00s elapsed
Initiating NSE at 19:06
Completed NSE at 19:06, 0.00s elapsed
Initiating NSE at 19:06
Completed NSE at 19:06, 0.00s elapsed
Initiating Ping Scan at 19:06
Scanning 194.85.30.210 [4 ports]
Completed Ping Scan at 19:06, 0.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:06
Completed Parallel DNS resolution of 1 host. at 19:06, 0.14s elapsed
Initiating SYN Stealth Scan at 19:06
Scanning web2.mid.ru (194.85.30.210) [1000 ports]
Discovered open port 443/tcp on 194.85.30.210
SYN Stealth Scan Timing: About 11.35% done; ETC: 19:11 (0:04:02 remaining)
Increasing send delay for 194.85.30.210 from 0 to 5 due to 11 out of 16 dropped probes since last increase.
SYN Stealth Scan Timing: About 33.85% done; ETC: 19:09 (0:01:59 remaining)
Increasing send delay for 194.85.30.210 from 5 to 10 due to 11 out of 17 dropped probes since last increase.
Increasing send delay for 194.85.30.210 from 10 to 20 due to 11 out of 13 dropped probes since last increase.
Increasing send delay for 194.85.30.210 from 20 to 40 due to 11 out of 11 dropped probes since last increase.
Completed SYN Stealth Scan at 19:09, 173.52s elapsed (1000 total ports)
Initiating Service scan at 19:09
Scanning 1 service on web2.mid.ru (194.85.30.210)
Completed Service scan at 19:09, 5.01s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against web2.mid.ru (194.85.30.210)
Initiating Traceroute at 19:09
Completed Traceroute at 19:09, 9.07s elapsed
Initiating Parallel DNS resolution of 7 hosts. at 19:09
Completed Parallel DNS resolution of 7 hosts. at 19:10, 13.00s elapsed
NSE: Script scanning 194.85.30.210.
Initiating NSE at 19:10
Completed NSE at 19:10, 32.16s elapsed
Initiating NSE at 19:10
Completed NSE at 19:11, 60.87s elapsed
Initiating NSE at 19:11
Completed NSE at 19:11, 0.00s elapsed
Nmap scan report for web2.mid.ru (194.85.30.210)
Host is up (0.16s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open tcpwrapped
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: specialized|WAP|phone
Running: iPXE 1.X, Linux 2.4.X|2.6.X, Sony Ericsson embedded
OS CPE: cpe:/o:ipxe:ipxe:1.0.0%2b cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.22 cpe:/h
onyericsson:u8i_vivazOS details: iPXE 1.0.0+, Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22), Sony Ericsson U8i Vivaz mobile phone
9 ...
10 150.06 ms equant.inet2.ru (85.112.122.71)
11 150.24 ms Moscow-GIN-PE04-et-5-0-0-0.rosprint.net (195.151.240.221)
12 ... 30
NSE: Script Post-scanning.
Initiating NSE at 19:11
Completed NSE at 19:11, 0.00s elapsed
Initiating NSE at 19:11
Completed NSE at 19:11, 0.00s elapsed
Initiating NSE at 19:11
Completed NSE at 19:11, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 299.79 seconds
Raw packets sent: 2214 (100.400KB) | Rcvd: 72 (9.922KB)
Debido a la advertencia sobre la falta de puertos abiertos y cerrados, nmap no puede garantizar que esta identificación sea completamente precisa.
nslookup kremlin.ru
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: kremlin.ru
Address: 95.173.136.71
Name: kremlin.ru
Address: 95.173.136.72
Name: kremlin.ru
Address: 95.173.136.70
se muestran 3 ips asociadas al dominio, , lo que permite distribuir el tráfico entre múltiples servidores o proporcionar redundancia en caso de que uno falle.
Non-authoritative answer en la salida de nslookup significa que el servidor DNS que proporcionó la información no tiene control directo sobre el dominio consultado.
host kremlin.ru
kremlin.ru has address 95.173.136.72
kremlin.ru has address 95.173.136.70
kremlin.ru has address 95.173.136.71
kremlin.ru mail is handled by 10 mx4.gov.ru.
kremlin.ru mail is handled by 5 mx3.gov.ru.
el dominio kremlin.ru tiene 2 registros mx que indican los servidores que gestionan el correo para kremlin.ru, el número indica la prioridad, mx3.gov.ru la tiene más baja por lo que será utilizado antes que mx4.gov.ru
sudo nmap -A -v 95.173.136.70
Starting Nmap 7.80 ( https://nmap.org ) at 2024-11-10 20:38 CET
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 20:38
Completed NSE at 20:38, 0.00s elapsed
Initiating NSE at 20:38
Completed NSE at 20:38, 0.00s elapsed
Initiating NSE at 20:38
Completed NSE at 20:38, 0.00s elapsed
Initiating Ping Scan at 20:38
Scanning 95.173.136.70 [4 ports]
Completed Ping Scan at 20:38, 3.02s elapsed (1 total hosts)
Nmap scan report for 95.173.136.70 [host down]
NSE: Script Post-scanning.
Initiating NSE at 20:38
Completed NSE at 20:38, 0.00s elapsed
Initiating NSE at 20:38
Completed NSE at 20:38, 0.00s elapsed
Initiating NSE at 20:38
Completed NSE at 20:38, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 4.69 seconds
Raw packets sent: 8 (304B) | Rcvd: 0 (0B)
si hacemos lo mismo con los otros 2 sale lo mismo, sin embargo, la página web está accesible, luego está bloqueando el escaner. Esto es porque los paquetes pings enviados no recibieron respuesta pues bloquea ICMP. Así que usamos la opción -Pn que dice que no haga la comprobación de ping y pase directamente a escanear
sudo nmap -A -v -Pn 95.173.136.71
Starting Nmap 7.80 ( https://nmap.org ) at 2024-11-10 20:43 CET
NSE: Loaded 151 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 20:43
Completed NSE at 20:43, 0.00s elapsed
Initiating NSE at 20:43
Completed NSE at 20:43, 0.00s elapsed
Initiating NSE at 20:43
Completed NSE at 20:43, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 20:43
Completed Parallel DNS resolution of 1 host. at 20:43, 0.04s elapsed
Initiating SYN Stealth Scan at 20:43
Scanning 95.173.136.71 [1000 ports]
Discovered open port 80/tcp on 95.173.136.71
Increasing send delay for 95.173.136.71 from 0 to 5 due to 11 out of 16 dropped probes since last increase.
SYN Stealth Scan Timing: About 53.80% done; ETC: 20:44 (0:00:30 remaining)
Increasing send delay for 95.173.136.71 from 5 to 10 due to 11 out of 13 dropped probes since last increase.
Completed SYN Stealth Scan at 20:45, 88.89s elapsed (1000 total ports)
Initiating Service scan at 20:45
Scanning 1 service on 95.173.136.71
Completed Service scan at 20:45, 6.23s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against 95.173.136.71
Initiating Traceroute at 20:45
Completed Traceroute at 20:45, 3.17s elapsed
Initiating Parallel DNS resolution of 4 hosts. at 20:45
Completed Parallel DNS resolution of 4 hosts. at 20:45, 13.00s elapsed
NSE: Script scanning 95.173.136.71.
Initiating NSE at 20:45
Completed NSE at 20:45, 14.43s elapsed
Initiating NSE at 20:45
Completed NSE at 20:45, 0.41s elapsed
Initiating NSE at 20:45
Completed NSE at 20:45, 0.00s elapsed
Nmap scan report for 95.173.136.71
Host is up (0.097s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http nginx
| http-methods:
|_ Supported Methods: HEAD
113/tcp closed ident
Device type: firewall
Running: Fortinet embedded
OS details: Fortinet FortiGate-50B or 310B firewall, Fortinet FortiGate-60B or -100A firewall
Network Distance: 14 hops
TRACEROUTE (using port 113/tcp)
HOP RTT ADDRESS
1 ...
14 117.64 ms 95.173.136.71
NSE: Script Post-scanning.
Initiating NSE at 20:45
Completed NSE at 20:45, 0.00s elapsed
Initiating NSE at 20:45
Completed NSE at 20:45, 0.00s elapsed
Initiating NSE at 20:45
Completed NSE at 20:45, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 131.37 seconds
Raw packets sent: 2139 (96.852KB) | Rcvd: 28 (1.404KB)
El servidor web es nginx y la respuesta es limitada ya que sólo soporta el método HEAD, el firewall fortined fortigate está en uso, lo que podría hacer que algunos puertos estén filtrados o bloqueados durante el escaneo.