Преузмите и инсталирајте nmap за Windows са ове везе: https://nmap.org/dist/nmap-7.92-setup.exe
или користите већ инсталиран nmap за Kali Linux.
Уколико желите да инсталирате и Zenmap за Kali Linux пратите следеће инструкције:
# ažurirajte i nadogradite sistem
sudo apt-get update && sudo apt-get upgrade
# promenite direktorijum u ~/Downloads
cd ~/Downloads
# preuzmite Alien
wget http://archive.ubuntu.com/ubuntu/pool/main/a/alien/alien_8.90_all.deb
# preuzmite Zenmap
wget https://nmap.org/dist/zenmap-7.92-1.noarch.rpm
# preuzmite ostale neophodne pakete
wget http://archive.ubuntu.com/ubuntu/pool/universe/p/pygtk/python-gtk2_2.24.0-5.1ubuntu2_amd64.deb
wget http://azure.archive.ubuntu.com/ubuntu/pool/universe/p/pygobject-2/python-gobject-2_2.28.6-14ubuntu1_amd64.deb
wget http://security.ubuntu.com/ubuntu/pool/universe/p/pycairo/python-cairo_1.16.2-2ubuntu2_amd64.deb
# instalirajte preuzete pakete ovim rasporedom
sudo dpkg -i python-gobject-2_2.28.6-14ubuntu1_amd64.deb
sudo dpkg -i python-cairo_1.16.2-2ubuntu2_amd64.deb
sudo dpkg -i python-gtk2_2.24.0-5.1ubuntu2_amd64.deb
sudo dpkg -i alien_8.90_all.deb # ako se javi greška unesite "sudo apt-get --fix-broken install" pa pokušajte ponovo
# konvertujte Zenmap .rpm u .deb
sudo alien zenmap-7.92-1.noarch.rpm
# instalirajte Zenmap
sudo dpkg -i zenmap_7.92-2_all.deb
# --------------------------------------------------
# SADA ZENMAP MOŽETE POKRENUTI IZ TERMINALA KAO ROOT
# --------------------------------------------------
sudo Zenmap
Ако радите домаћи задатак у оперативном систему Windows, покрените терминал (Command Prompt или PowerShell) и унесите ipconfig /all
. На пример, резултат извршавања команде ipconfig /all
може изгледати овако:
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : MAINFRAME
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 18-31-BF-52-BF-E8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f511:aeb5:50fc:7f59%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, December 11, 2021 10:57:17 AM
Lease Expires . . . . . . . . . . : Saturday, December 11, 2021 1:27:14 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 270021055
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-62-51-F1-18-31-BF-52-BF-E8
DNS Servers . . . . . . . . . . . : 89.216.1.30
89.216.1.50
NetBIOS over Tcpip. . . . . . . . : Enabled
Ако радите домаћи задатак у оперативном систему Kali Linux, покрените терминал и унесите ifconfig
, па потом ip route
. На пример, резултат извршавања ових команди може игледати овако:
┌──(kali㉿kali)-[~]
└─$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.37 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::20c:29ff:fec8:8a61 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:c8:8a:61 txqueuelen 1000 (Ethernet)
RX packets 4 bytes 1086 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14 bytes 1870 (1.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
┌──(kali㉿kali)-[~]
└─$ ip route
default via 192.168.0.1 dev eth0 proto dhcp metric 100
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.37 metric 100
Из резултата можете видети IP адресу вашег рачунара у локалној мрежи и IP адресу гејтвеја (што је у већини случајева ваш рутер).
1. Задатак: откривање активних хостова у мрежи
Извршите брзо пинг скенирање локалне мреже како би открили активне хостове: nmap -sP опсег_адреса
. На пример: nmap -sP 192.168.0.0/24
. Резултат скенирања ископирајте у TXT фајл под именом lanscan.txt. Резултат пинг скенирања може изгледати овако:
C:\>nmap -sP 192.168.0.0/24
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-12 17:45 Central Europe Standard Time
Nmap scan report for 192.168.0.1
Host is up (0.0070s latency).
MAC Address: 5C:EA:1D:28:28:66 (Hon Hai Precision Ind.)
Nmap scan report for 192.168.0.10
Host is up (0.0050s latency).
MAC Address: 5C:EA:1D:28:28:67 (Hon Hai Precision Ind.)
Nmap scan report for 192.168.0.13
Host is up (0.0010s latency).
MAC Address: 74:D4:35:9F:01:2D (Giga-byte Technology)
Nmap scan report for 192.168.0.22
Host is up (0.13s latency).
MAC Address: 8A:C3:97:00:83:D0 (Unknown)
Nmap scan report for 192.168.0.27
Host is up (0.15s latency).
MAC Address: DE:22:E0:3C:CA:D3 (Unknown)
Nmap scan report for 192.168.0.11
Host is up.
Nmap done: 256 IP addresses (6 hosts up) scanned in 16.43 seconds
2. Скенирање портова, верзија сервиса и оперативног система
Ивршите веома споро инвазивно скенирање вашег рутера: nmap -sS -sU -A -v -PE -PP -PM -PS -PA -PU -PY --script "default" адреса_рутера
. На пример: nmap -sS -sU -A -v -PE -PP -PM -PS -PA -PU -PY --script "default" 192.168.0.1
. Резултат скенирања искорирајте у ТХТ фајл под именом routerscan.txt. Резултат скенирања може изгледати овако:
C:\>nmap -sS -sU -A -v -PE -PP -PM -PS -PA -PU -PY --script "default" 192.168.0.1
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-12 17:05 Central Europe Standard Time
NSE: Loaded 155 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:05
Completed NSE at 17:05, 0.00s elapsed
Initiating NSE at 17:05
Completed NSE at 17:05, 0.00s elapsed
Initiating NSE at 17:05
Completed NSE at 17:05, 0.00s elapsed
Initiating ARP Ping Scan at 17:05
Scanning 192.168.0.1 [1 port]
Completed ARP Ping Scan at 17:05, 0.06s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 17:05
Completed Parallel DNS resolution of 1 host. at 17:05, 0.01s elapsed
Initiating SYN Stealth Scan at 17:05
Scanning 192.168.0.1 [1000 ports]
Discovered open port 80/tcp on 192.168.0.1
Discovered open port 8888/tcp on 192.168.0.1
Discovered open port 1900/tcp on 192.168.0.1
Discovered open port 8081/tcp on 192.168.0.1
Discovered open port 8082/tcp on 192.168.0.1
Completed SYN Stealth Scan at 17:05, 3.08s elapsed (1000 total ports)
Initiating UDP Scan at 17:05
Scanning 192.168.0.1 [1000 ports]
Discovered open port 161/udp on 192.168.0.1
Discovered open port 1900/udp on 192.168.0.1
Completed UDP Scan at 17:05, 3.30s elapsed (1000 total ports)
Initiating Service scan at 17:05
Scanning 11 services on 192.168.0.1
Service scan Timing: About 54.55% done; ETC: 17:06 (0:00:31 remaining)
Service scan Timing: About 63.64% done; ETC: 17:07 (0:00:56 remaining)
Completed Service scan at 17:06, 97.51s elapsed (11 services on 1 host)
Initiating OS detection (try #1) against 192.168.0.1
Retrying OS detection (try #2) against 192.168.0.1
Retrying OS detection (try #3) against 192.168.0.1
Retrying OS detection (try #4) against 192.168.0.1
Retrying OS detection (try #5) against 192.168.0.1
NSE: Script scanning 192.168.0.1.
Initiating NSE at 17:07
Completed NSE at 17:08, 71.14s elapsed
Initiating NSE at 17:08
Completed NSE at 17:08, 5.07s elapsed
Initiating NSE at 17:08
Completed NSE at 17:08, 0.00s elapsed
Nmap scan report for 192.168.0.1
Host is up (0.0019s latency).
Not shown: 995 closed tcp ports (reset), 994 closed udp ports (port-unreach)
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
|_http-title: Residential Gateway Login
|_http-generator: Microsoft FrontPage 5.0
| http-methods:
|_ Supported Methods: GET
1900/tcp open http Cisco DPC3828S WiFi cable modem
8081/tcp open blackice-icecap?
| fingerprint-strings:
| FourOhFourRequest, GetRequest:
| HTTP/1.0 200 OK
| Content-Type: text/plain
| {"an":{"5CEA1D282866":{"label":"GW-282866","Type":"1"}}}
| {"an":{"5CF01D282866":{"label":"Wi-Fi 11n24","Type":"2"}}}
| {"ae":{"5CEA1D282866_5CF01D282866":{"source":"5CEA1D282866","directed":false,"target":"5CF01D282866","EdgeType":"1","label":""}}}
| {"an":{"5CEF1D282866":{"label":"Wi-Fi 11n5","Type":"2"}}}
| {"ae":{"5CEA1D282866_5CEF1D282866":{"source":"5CEA1D282866","directed":false,"target":"5CEF1D282866","EdgeType":"1","label":""}}}
| {"an":{"5CEE1D282866":{"label":"Eth","Type":"2"}}}
| {"ae":{"5CEA1D282866_5CEE1D282866":{"source":"5CEA1D282866","directed":false,"target":"5CEE1D282866","EdgeType":"1","label":""}}}
| {"an":{"5CED1D282866":{"label":"Eth","Type":"2"}}}
| {"ae":{"5CEA1D282866_5CED1D282866":{"source":"5CEA1D282866","directed":false,"target":"5CED1D282866","EdgeType":"1","label":""}}}
| {"an":{"5CEC1D282866":{"label":"Eth","Type":"2"}}}
|_ {"ae":{"
8082/tcp open http Mongoose httpd
8888/tcp open sun-answerbook?
| fingerprint-strings:
| Kerberos, SMBProgNeg:
|_ "Response": "Data is not in XML format" } ]
53/udp open|filtered domain
67/udp open|filtered dhcps
68/udp open|filtered dhcpc
161/udp open snmp SNMPv3 server
|_snmp-info: ERROR: Script execution failed (use -d to debug)
| fingerprint-strings:
| SNMPv3GetRequest:
| \xea
| ((d3
| \xea
|_ ((d3
1027/udp open|filtered unknown
1900/udp open upnp?
| upnp-info:
| 192.168.0.1
| Server: POSIX UPnP/1.0 UPnP Stack/7.14.89.21
|_ Location: http://192.168.0.1:1900/WFADevice.xml
3 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8081-TCP:V=7.92%I=7%D=12/12%Time=61B61DCB%P=i686-pc-windows-windows
SF:%r(GetRequest,BAB,"HTTP/1\.0\x20200\x20OK\r\nContent-Type:\x20text/plai
SF:n\r\n\r\n{\"an\":{\"5CEA1D282866\":{\"label\":\"GW-282866\",\"Type\":\"
SF:1\"}}}\r{\"an\":{\"5CF01D282866\":{\"label\":\"Wi-Fi\x2011n24\",\"Type\
SF:":\"2\"}}}\r{\"ae\":{\"5CEA1D282866_5CF01D282866\":{\"source\":\"5CEA1D
SF:282866\",\"directed\":false,\"target\":\"5CF01D282866\",\"EdgeType\":\"
SF:1\",\"label\":\"\"}}}\r{\"an\":{\"5CEF1D282866\":{\"label\":\"Wi-Fi\x20
SF:11n5\",\"Type\":\"2\"}}}\r{\"ae\":{\"5CEA1D282866_5CEF1D282866\":{\"sou
SF:rce\":\"5CEA1D282866\",\"directed\":false,\"target\":\"5CEF1D282866\",\
SF:"EdgeType\":\"1\",\"label\":\"\"}}}\r{\"an\":{\"5CEE1D282866\":{\"label
SF:\":\"Eth\",\"Type\":\"2\"}}}\r{\"ae\":{\"5CEA1D282866_5CEE1D282866\":{\
SF:"source\":\"5CEA1D282866\",\"directed\":false,\"target\":\"5CEE1D282866
SF:\",\"EdgeType\":\"1\",\"label\":\"\"}}}\r{\"an\":{\"5CED1D282866\":{\"l
SF:abel\":\"Eth\",\"Type\":\"2\"}}}\r{\"ae\":{\"5CEA1D282866_5CED1D282866\
SF:":{\"source\":\"5CEA1D282866\",\"directed\":false,\"target\":\"5CED1D28
SF:2866\",\"EdgeType\":\"1\",\"label\":\"\"}}}\r{\"an\":{\"5CEC1D282866\":
SF:{\"label\":\"Eth\",\"Type\":\"2\"}}}\r{\"ae\":{\"")%r(FourOhFourRequest
SF:,BAB,"HTTP/1\.0\x20200\x20OK\r\nContent-Type:\x20text/plain\r\n\r\n{\"a
SF:n\":{\"5CEA1D282866\":{\"label\":\"GW-282866\",\"Type\":\"1\"}}}\r{\"an
SF:\":{\"5CF01D282866\":{\"label\":\"Wi-Fi\x2011n24\",\"Type\":\"2\"}}}\r{
SF:\"ae\":{\"5CEA1D282866_5CF01D282866\":{\"source\":\"5CEA1D282866\",\"di
SF:rected\":false,\"target\":\"5CF01D282866\",\"EdgeType\":\"1\",\"label\"
SF::\"\"}}}\r{\"an\":{\"5CEF1D282866\":{\"label\":\"Wi-Fi\x2011n5\",\"Type
SF:\":\"2\"}}}\r{\"ae\":{\"5CEA1D282866_5CEF1D282866\":{\"source\":\"5CEA1
SF:D282866\",\"directed\":false,\"target\":\"5CEF1D282866\",\"EdgeType\":\
SF:"1\",\"label\":\"\"}}}\r{\"an\":{\"5CEE1D282866\":{\"label\":\"Eth\",\"
SF:Type\":\"2\"}}}\r{\"ae\":{\"5CEA1D282866_5CEE1D282866\":{\"source\":\"5
SF:CEA1D282866\",\"directed\":false,\"target\":\"5CEE1D282866\",\"EdgeType
SF:\":\"1\",\"label\":\"\"}}}\r{\"an\":{\"5CED1D282866\":{\"label\":\"Eth\
SF:",\"Type\":\"2\"}}}\r{\"ae\":{\"5CEA1D282866_5CED1D282866\":{\"source\"
SF::\"5CEA1D282866\",\"directed\":false,\"target\":\"5CED1D282866\",\"Edge
SF:Type\":\"1\",\"label\":\"\"}}}\r{\"an\":{\"5CEC1D282866\":{\"label\":\"
SF:Eth\",\"Type\":\"2\"}}}\r{\"ae\":{\"");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8888-TCP:V=7.92%I=7%D=12/12%Time=61B61DD0%P=i686-pc-windows-windows
SF:%r(Kerberos,33,"\0\0\x003\[\x20{\x20\"Response\":\x20\"Data\x20is\x20no
SF:t\x20in\x20XML\x20format\"\x20}\x20\]")%r(SMBProgNeg,33,"\0\0\x003\[\x2
SF:0{\x20\"Response\":\x20\"Data\x20is\x20not\x20in\x20XML\x20format\"\x20
SF:}\x20\]");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port161-UDP:V=7.92%I=7%D=12/12%Time=61B61DCA%P=i686-pc-windows-windows%
SF:r(SNMPv3GetRequest,66,"0d\x02\x01\x030\x0e\x02\x02Ji\x02\x02\x05x\x04\x
SF:01\0\x02\x01\x03\x04\x1e0\x1c\x04\x0c\x80\0\x12L\x05\\\xea\x1d\(\(d3\x0
SF:2\x01\x01\x02\x03\x1d:\x91\x04\0\x04\0\x04\x000/\x04\x0c\x80\0\x12L\x05
SF:\\\xea\x1d\(\(d3\x04\0\xa8\x1d\x02\x027\xf0\x02\x01\0\x02\x01\x000\x110
SF:\x0f\x06\n\+\x06\x01\x06\x03\x0f\x01\x01\x04\0A\x01\x07");
MAC Address: 5C:EA:1D:28:28:66 (Hon Hai Precision Ind.)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.92%E=4%D=12/12%OT=1900%CT=1%CU=2%PV=Y%DS=1%DC=D%G=Y%M=5CEA1D%TM
OS:=61B61E79%P=i686-pc-windows-windows)SEQ(SP=FE%GCD=1%ISR=102%TI=I%CI=I%II
OS:=I%SS=S%TS=7)SEQ(CI=I%II=I%TS=7)SEQ(TI=I%CI=I%II=I%SS=S%TS=7)OPS(O1=M200
OS:NW0NNT11%O2=M200NW0NNT11%O3=M200NW0NNT11%O4=M200NW0NNT11%O5=M200NW0NNT11
OS:%O6=M200NNT11)WIN(W1=4000%W2=4000%W3=4000%W4=4000%W5=4000%W6=4000)ECN(R=
OS:Y%DF=N%T=40%W=4000%O=M200NW0%CC=N%Q=)T1(R=Y%DF=N%T=40%S=O%A=S+%F=AS%RD=0
OS:%Q=)T2(R=N)T3(R=Y%DF=N%T=40%W=4000%S=O%A=S+%F=AS%O=M200NW0NNT11%RD=0%Q=)
OS:T4(R=Y%DF=N%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=40%W=0%S=Z%A=S
OS:+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=
OS:N%T=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=38%UN=0%RIPL=G%R
OS:ID=G%RIPCK=G%RUCK=0%RUD=G)IE(R=Y%DFI=S%T=40%CD=S)
Uptime guess: 22.173 days (since Sat Nov 20 12:59:50 2021)
Network Distance: 1 hop
IP ID Sequence Generation: Incremental
Service Info: Device: WAP; CPE: cpe:/h:cisco:dpc3828s
TRACEROUTE
HOP RTT ADDRESS
1 1.87 ms 192.168.0.1
NSE: Script Post-scanning.
Initiating NSE at 17:08
Completed NSE at 17:08, 0.00s elapsed
Initiating NSE at 17:08
Completed NSE at 17:08, 0.00s elapsed
Initiating NSE at 17:08
Completed NSE at 17:08, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 194.28 seconds
Raw packets sent: 2277 (106.729KB) | Rcvd: 2114 (106.381KB)
3. Креирање извештаја о скенирању
У ТХТ фајлу scanreport.txt напишите КРАТАК извештај о резултатима скенирања. Извештај може игледати овако:
Ученик: Петар Петровић
Одељење: IV2, Електротехничар информационих технологија
Датум: 12.12.2021.
ИЗВЕШТАЈ О СКЕНИРАЊУ
1. Приликом повезивања у LAN, мој рачунар добио је IP адресу 192.168.0.11/24.
Извршио сам пинг скенирање мреже (nmap -sP 192.168.0.0/24) и пронашао 6 активних хостова:
- 192.168.0.1
- 192.168.0.10
- 192.168.0.11 (мој рачунар)
- 192.168.0.13
- 192.168.0.22
- 192.168.0.27
2. Затим сам извршио скенирање рутера који је уједно и DHCP сервер и гејтвеј
(nmap -sS -sU -A -v -PE -PP -PM -PS -PA -PU -PY --script "default" 192.168.0.1).
На рутеру су били отворени следећи TCP портови:
- 80, HTTP, Residential Gateway Login
- 1900, HTTP, јавља се као Cisco DPC3828S WiFi cable modem
- 8081, HTTP, непознат, blackice-icecap?
- 8082, HTTP, Mongoose httpd
- 8888, HTTP, непознат, sun-answerbook?
и следећи UPD портови:
- 53, филтриран, domain
- 67, филтриран, dhcps
- 68, филтриран, dhcpc
- 161, непознат, SNMPv3 server?
- 1027, филтриран, непознат
- 1900, UPnP, POSIX UPnP/1.0 UPnP Stack/7.14.89.21
Оперативни систем на рутеру: непознат.
Сва три ТХТ фајла архивирајте под именом PrezimeIme.zip и предајте до среде 22.12.2021.