Skip to content

Скенирање (обавезан домаћи задатак)

Преузмите и инсталирајте nmap за Windows са ове везе: https://nmap.org/dist/nmap-7.92-setup.exe
или користите већ инсталиран nmap за Kali Linux.

Уколико желите да инсталирате и Zenmap за Kali Linux пратите следеће инструкције:

# ažurirajte i nadogradite sistem
sudo apt-get update && sudo apt-get upgrade
# promenite direktorijum u ~/Downloads
cd ~/Downloads
# preuzmite Alien
wget http://archive.ubuntu.com/ubuntu/pool/main/a/alien/alien_8.90_all.deb
# preuzmite Zenmap
wget https://nmap.org/dist/zenmap-7.92-1.noarch.rpm
# preuzmite ostale neophodne pakete
wget http://archive.ubuntu.com/ubuntu/pool/universe/p/pygtk/python-gtk2_2.24.0-5.1ubuntu2_amd64.deb
wget http://azure.archive.ubuntu.com/ubuntu/pool/universe/p/pygobject-2/python-gobject-2_2.28.6-14ubuntu1_amd64.deb
wget http://security.ubuntu.com/ubuntu/pool/universe/p/pycairo/python-cairo_1.16.2-2ubuntu2_amd64.deb
# instalirajte preuzete pakete ovim rasporedom
sudo dpkg -i python-gobject-2_2.28.6-14ubuntu1_amd64.deb
sudo dpkg -i python-cairo_1.16.2-2ubuntu2_amd64.deb
sudo dpkg -i python-gtk2_2.24.0-5.1ubuntu2_amd64.deb
sudo dpkg -i alien_8.90_all.deb # ako se javi greška unesite "sudo apt-get --fix-broken install" pa pokušajte ponovo
# konvertujte Zenmap .rpm u .deb
sudo alien zenmap-7.92-1.noarch.rpm
# instalirajte Zenmap
sudo dpkg -i zenmap_7.92-2_all.deb
# --------------------------------------------------
# SADA ZENMAP MOŽETE POKRENUTI IZ TERMINALA KAO ROOT
# --------------------------------------------------
sudo Zenmap

Ако радите домаћи задатак у оперативном систему Windows, покрените терминал (Command Prompt или PowerShell) и унесите ipconfig /all. На пример, резултат извршавања команде ipconfig /all може изгледати овако:

C:\>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : MAINFRAME
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 18-31-BF-52-BF-E8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f511:aeb5:50fc:7f59%8(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.11(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, December 11, 2021 10:57:17 AM
   Lease Expires . . . . . . . . . . : Saturday, December 11, 2021 1:27:14 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 270021055
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-62-51-F1-18-31-BF-52-BF-E8
   DNS Servers . . . . . . . . . . . : 89.216.1.30
                                       89.216.1.50
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ако радите домаћи задатак у оперативном систему Kali Linux, покрените терминал и унесите ifconfig, па потом ip route. На пример, резултат извршавања ових команди може игледати овако:

┌──(kali㉿kali)-[~]
└─$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.37  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::20c:29ff:fec8:8a61  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:c8:8a:61  txqueuelen 1000  (Ethernet)
        RX packets 4  bytes 1086 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14  bytes 1870 (1.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

┌──(kali㉿kali)-[~]
└─$ ip route   
default via 192.168.0.1 dev eth0 proto dhcp metric 100 
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.37 metric 100 

Из резултата можете видети IP адресу вашег рачунара у локалној мрежи и IP адресу гејтвеја (што је у већини случајева ваш рутер).

1. Задатак: откривање активних хостова у мрежи

Извршите брзо пинг скенирање локалне мреже како би открили активне хостове: nmap -sP опсег_адреса. На пример: nmap -sP 192.168.0.0/24. Резултат скенирања ископирајте у TXT фајл под именом lanscan.txt. Резултат пинг скенирања може изгледати овако:

C:\>nmap -sP 192.168.0.0/24
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-12 17:45 Central Europe Standard Time
Nmap scan report for 192.168.0.1
Host is up (0.0070s latency).
MAC Address: 5C:EA:1D:28:28:66 (Hon Hai Precision Ind.)
Nmap scan report for 192.168.0.10
Host is up (0.0050s latency).
MAC Address: 5C:EA:1D:28:28:67 (Hon Hai Precision Ind.)
Nmap scan report for 192.168.0.13
Host is up (0.0010s latency).
MAC Address: 74:D4:35:9F:01:2D (Giga-byte Technology)
Nmap scan report for 192.168.0.22
Host is up (0.13s latency).
MAC Address: 8A:C3:97:00:83:D0 (Unknown)
Nmap scan report for 192.168.0.27
Host is up (0.15s latency).
MAC Address: DE:22:E0:3C:CA:D3 (Unknown)
Nmap scan report for 192.168.0.11
Host is up.
Nmap done: 256 IP addresses (6 hosts up) scanned in 16.43 seconds

2. Скенирање портова, верзија сервиса и оперативног система

Ивршите веома споро инвазивно скенирање вашег рутера: nmap -sS -sU -A -v -PE -PP -PM -PS -PA -PU -PY --script "default" адреса_рутера. На пример: nmap -sS -sU -A -v -PE -PP -PM -PS -PA -PU -PY --script "default" 192.168.0.1. Резултат скенирања искорирајте у ТХТ фајл под именом routerscan.txt. Резултат скенирања може изгледати овако:

C:\>nmap -sS -sU -A -v -PE -PP -PM -PS -PA -PU -PY --script "default" 192.168.0.1
Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-12 17:05 Central Europe Standard Time
NSE: Loaded 155 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 17:05
Completed NSE at 17:05, 0.00s elapsed
Initiating NSE at 17:05
Completed NSE at 17:05, 0.00s elapsed
Initiating NSE at 17:05
Completed NSE at 17:05, 0.00s elapsed
Initiating ARP Ping Scan at 17:05
Scanning 192.168.0.1 [1 port]
Completed ARP Ping Scan at 17:05, 0.06s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 17:05
Completed Parallel DNS resolution of 1 host. at 17:05, 0.01s elapsed
Initiating SYN Stealth Scan at 17:05
Scanning 192.168.0.1 [1000 ports]
Discovered open port 80/tcp on 192.168.0.1
Discovered open port 8888/tcp on 192.168.0.1
Discovered open port 1900/tcp on 192.168.0.1
Discovered open port 8081/tcp on 192.168.0.1
Discovered open port 8082/tcp on 192.168.0.1
Completed SYN Stealth Scan at 17:05, 3.08s elapsed (1000 total ports)
Initiating UDP Scan at 17:05
Scanning 192.168.0.1 [1000 ports]
Discovered open port 161/udp on 192.168.0.1
Discovered open port 1900/udp on 192.168.0.1
Completed UDP Scan at 17:05, 3.30s elapsed (1000 total ports)
Initiating Service scan at 17:05
Scanning 11 services on 192.168.0.1
Service scan Timing: About 54.55% done; ETC: 17:06 (0:00:31 remaining)
Service scan Timing: About 63.64% done; ETC: 17:07 (0:00:56 remaining)
Completed Service scan at 17:06, 97.51s elapsed (11 services on 1 host)
Initiating OS detection (try #1) against 192.168.0.1
Retrying OS detection (try #2) against 192.168.0.1
Retrying OS detection (try #3) against 192.168.0.1
Retrying OS detection (try #4) against 192.168.0.1
Retrying OS detection (try #5) against 192.168.0.1
NSE: Script scanning 192.168.0.1.
Initiating NSE at 17:07
Completed NSE at 17:08, 71.14s elapsed
Initiating NSE at 17:08
Completed NSE at 17:08, 5.07s elapsed
Initiating NSE at 17:08
Completed NSE at 17:08, 0.00s elapsed
Nmap scan report for 192.168.0.1
Host is up (0.0019s latency).
Not shown: 995 closed tcp ports (reset), 994 closed udp ports (port-unreach)
PORT     STATE         SERVICE          VERSION
80/tcp   open          tcpwrapped
|_http-title: Residential Gateway Login
|_http-generator: Microsoft FrontPage 5.0
| http-methods:
|_  Supported Methods: GET
1900/tcp open          http             Cisco DPC3828S WiFi cable modem
8081/tcp open          blackice-icecap?
| fingerprint-strings:
|   FourOhFourRequest, GetRequest:
|     HTTP/1.0 200 OK
|     Content-Type: text/plain
|     {"an":{"5CEA1D282866":{"label":"GW-282866","Type":"1"}}}
|     {"an":{"5CF01D282866":{"label":"Wi-Fi 11n24","Type":"2"}}}
|     {"ae":{"5CEA1D282866_5CF01D282866":{"source":"5CEA1D282866","directed":false,"target":"5CF01D282866","EdgeType":"1","label":""}}}
|     {"an":{"5CEF1D282866":{"label":"Wi-Fi 11n5","Type":"2"}}}
|     {"ae":{"5CEA1D282866_5CEF1D282866":{"source":"5CEA1D282866","directed":false,"target":"5CEF1D282866","EdgeType":"1","label":""}}}
|     {"an":{"5CEE1D282866":{"label":"Eth","Type":"2"}}}
|     {"ae":{"5CEA1D282866_5CEE1D282866":{"source":"5CEA1D282866","directed":false,"target":"5CEE1D282866","EdgeType":"1","label":""}}}
|     {"an":{"5CED1D282866":{"label":"Eth","Type":"2"}}}
|     {"ae":{"5CEA1D282866_5CED1D282866":{"source":"5CEA1D282866","directed":false,"target":"5CED1D282866","EdgeType":"1","label":""}}}
|     {"an":{"5CEC1D282866":{"label":"Eth","Type":"2"}}}
|_    {"ae":{"
8082/tcp open          http             Mongoose httpd
8888/tcp open          sun-answerbook?
| fingerprint-strings:
|   Kerberos, SMBProgNeg:
|_    "Response": "Data is not in XML format" } ]
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
161/udp  open          snmp             SNMPv3 server
|_snmp-info: ERROR: Script execution failed (use -d to debug)
| fingerprint-strings:
|   SNMPv3GetRequest:
|     \xea
|     ((d3
|     \xea
|_    ((d3
1027/udp open|filtered unknown
1900/udp open          upnp?
| upnp-info:
| 192.168.0.1
|     Server: POSIX UPnP/1.0 UPnP Stack/7.14.89.21
|_    Location: http://192.168.0.1:1900/WFADevice.xml
3 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8081-TCP:V=7.92%I=7%D=12/12%Time=61B61DCB%P=i686-pc-windows-windows
SF:%r(GetRequest,BAB,"HTTP/1\.0\x20200\x20OK\r\nContent-Type:\x20text/plai
SF:n\r\n\r\n{\"an\":{\"5CEA1D282866\":{\"label\":\"GW-282866\",\"Type\":\"
SF:1\"}}}\r{\"an\":{\"5CF01D282866\":{\"label\":\"Wi-Fi\x2011n24\",\"Type\
SF:":\"2\"}}}\r{\"ae\":{\"5CEA1D282866_5CF01D282866\":{\"source\":\"5CEA1D
SF:282866\",\"directed\":false,\"target\":\"5CF01D282866\",\"EdgeType\":\"
SF:1\",\"label\":\"\"}}}\r{\"an\":{\"5CEF1D282866\":{\"label\":\"Wi-Fi\x20
SF:11n5\",\"Type\":\"2\"}}}\r{\"ae\":{\"5CEA1D282866_5CEF1D282866\":{\"sou
SF:rce\":\"5CEA1D282866\",\"directed\":false,\"target\":\"5CEF1D282866\",\
SF:"EdgeType\":\"1\",\"label\":\"\"}}}\r{\"an\":{\"5CEE1D282866\":{\"label
SF:\":\"Eth\",\"Type\":\"2\"}}}\r{\"ae\":{\"5CEA1D282866_5CEE1D282866\":{\
SF:"source\":\"5CEA1D282866\",\"directed\":false,\"target\":\"5CEE1D282866
SF:\",\"EdgeType\":\"1\",\"label\":\"\"}}}\r{\"an\":{\"5CED1D282866\":{\"l
SF:abel\":\"Eth\",\"Type\":\"2\"}}}\r{\"ae\":{\"5CEA1D282866_5CED1D282866\
SF:":{\"source\":\"5CEA1D282866\",\"directed\":false,\"target\":\"5CED1D28
SF:2866\",\"EdgeType\":\"1\",\"label\":\"\"}}}\r{\"an\":{\"5CEC1D282866\":
SF:{\"label\":\"Eth\",\"Type\":\"2\"}}}\r{\"ae\":{\"")%r(FourOhFourRequest
SF:,BAB,"HTTP/1\.0\x20200\x20OK\r\nContent-Type:\x20text/plain\r\n\r\n{\"a
SF:n\":{\"5CEA1D282866\":{\"label\":\"GW-282866\",\"Type\":\"1\"}}}\r{\"an
SF:\":{\"5CF01D282866\":{\"label\":\"Wi-Fi\x2011n24\",\"Type\":\"2\"}}}\r{
SF:\"ae\":{\"5CEA1D282866_5CF01D282866\":{\"source\":\"5CEA1D282866\",\"di
SF:rected\":false,\"target\":\"5CF01D282866\",\"EdgeType\":\"1\",\"label\"
SF::\"\"}}}\r{\"an\":{\"5CEF1D282866\":{\"label\":\"Wi-Fi\x2011n5\",\"Type
SF:\":\"2\"}}}\r{\"ae\":{\"5CEA1D282866_5CEF1D282866\":{\"source\":\"5CEA1
SF:D282866\",\"directed\":false,\"target\":\"5CEF1D282866\",\"EdgeType\":\
SF:"1\",\"label\":\"\"}}}\r{\"an\":{\"5CEE1D282866\":{\"label\":\"Eth\",\"
SF:Type\":\"2\"}}}\r{\"ae\":{\"5CEA1D282866_5CEE1D282866\":{\"source\":\"5
SF:CEA1D282866\",\"directed\":false,\"target\":\"5CEE1D282866\",\"EdgeType
SF:\":\"1\",\"label\":\"\"}}}\r{\"an\":{\"5CED1D282866\":{\"label\":\"Eth\
SF:",\"Type\":\"2\"}}}\r{\"ae\":{\"5CEA1D282866_5CED1D282866\":{\"source\"
SF::\"5CEA1D282866\",\"directed\":false,\"target\":\"5CED1D282866\",\"Edge
SF:Type\":\"1\",\"label\":\"\"}}}\r{\"an\":{\"5CEC1D282866\":{\"label\":\"
SF:Eth\",\"Type\":\"2\"}}}\r{\"ae\":{\"");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8888-TCP:V=7.92%I=7%D=12/12%Time=61B61DD0%P=i686-pc-windows-windows
SF:%r(Kerberos,33,"\0\0\x003\[\x20{\x20\"Response\":\x20\"Data\x20is\x20no
SF:t\x20in\x20XML\x20format\"\x20}\x20\]")%r(SMBProgNeg,33,"\0\0\x003\[\x2
SF:0{\x20\"Response\":\x20\"Data\x20is\x20not\x20in\x20XML\x20format\"\x20
SF:}\x20\]");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port161-UDP:V=7.92%I=7%D=12/12%Time=61B61DCA%P=i686-pc-windows-windows%
SF:r(SNMPv3GetRequest,66,"0d\x02\x01\x030\x0e\x02\x02Ji\x02\x02\x05x\x04\x
SF:01\0\x02\x01\x03\x04\x1e0\x1c\x04\x0c\x80\0\x12L\x05\\\xea\x1d\(\(d3\x0
SF:2\x01\x01\x02\x03\x1d:\x91\x04\0\x04\0\x04\x000/\x04\x0c\x80\0\x12L\x05
SF:\\\xea\x1d\(\(d3\x04\0\xa8\x1d\x02\x027\xf0\x02\x01\0\x02\x01\x000\x110
SF:\x0f\x06\n\+\x06\x01\x06\x03\x0f\x01\x01\x04\0A\x01\x07");
MAC Address: 5C:EA:1D:28:28:66 (Hon Hai Precision Ind.)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.92%E=4%D=12/12%OT=1900%CT=1%CU=2%PV=Y%DS=1%DC=D%G=Y%M=5CEA1D%TM
OS:=61B61E79%P=i686-pc-windows-windows)SEQ(SP=FE%GCD=1%ISR=102%TI=I%CI=I%II
OS:=I%SS=S%TS=7)SEQ(CI=I%II=I%TS=7)SEQ(TI=I%CI=I%II=I%SS=S%TS=7)OPS(O1=M200
OS:NW0NNT11%O2=M200NW0NNT11%O3=M200NW0NNT11%O4=M200NW0NNT11%O5=M200NW0NNT11
OS:%O6=M200NNT11)WIN(W1=4000%W2=4000%W3=4000%W4=4000%W5=4000%W6=4000)ECN(R=
OS:Y%DF=N%T=40%W=4000%O=M200NW0%CC=N%Q=)T1(R=Y%DF=N%T=40%S=O%A=S+%F=AS%RD=0
OS:%Q=)T2(R=N)T3(R=Y%DF=N%T=40%W=4000%S=O%A=S+%F=AS%O=M200NW0NNT11%RD=0%Q=)
OS:T4(R=Y%DF=N%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=40%W=0%S=Z%A=S
OS:+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=N%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=
OS:N%T=40%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=38%UN=0%RIPL=G%R
OS:ID=G%RIPCK=G%RUCK=0%RUD=G)IE(R=Y%DFI=S%T=40%CD=S)

Uptime guess: 22.173 days (since Sat Nov 20 12:59:50 2021)
Network Distance: 1 hop
IP ID Sequence Generation: Incremental
Service Info: Device: WAP; CPE: cpe:/h:cisco:dpc3828s

TRACEROUTE
HOP RTT     ADDRESS
1   1.87 ms 192.168.0.1

NSE: Script Post-scanning.
Initiating NSE at 17:08
Completed NSE at 17:08, 0.00s elapsed
Initiating NSE at 17:08
Completed NSE at 17:08, 0.00s elapsed
Initiating NSE at 17:08
Completed NSE at 17:08, 0.00s elapsed
Read data files from: C:\Program Files (x86)\Nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 194.28 seconds
           Raw packets sent: 2277 (106.729KB) | Rcvd: 2114 (106.381KB)

3. Креирање извештаја о скенирању

У ТХТ фајлу scanreport.txt напишите КРАТАК извештај о резултатима скенирања. Извештај може игледати овако:

Ученик: Петар Петровић
Одељење: IV2, Електротехничар информационих технологија
Датум: 12.12.2021.

                            ИЗВЕШТАЈ О СКЕНИРАЊУ

1. Приликом повезивања у LAN, мој рачунар добио је IP адресу 192.168.0.11/24.
Извршио сам пинг скенирање мреже (nmap -sP 192.168.0.0/24) и пронашао 6 активних хостова:
- 192.168.0.1
- 192.168.0.10
- 192.168.0.11 (мој рачунар)
- 192.168.0.13
- 192.168.0.22
- 192.168.0.27

2. Затим сам извршио скенирање рутера који је уједно и DHCP сервер и гејтвеј
(nmap -sS -sU -A -v -PE -PP -PM -PS -PA -PU -PY --script "default" 192.168.0.1).
На рутеру су били отворени следећи TCP портови:
- 80, HTTP, Residential Gateway Login
- 1900, HTTP, јавља се као Cisco DPC3828S WiFi cable modem
- 8081, HTTP, непознат, blackice-icecap?
- 8082, HTTP, Mongoose httpd
- 8888, HTTP, непознат, sun-answerbook?
и следећи UPD портови:
- 53, филтриран, domain
- 67, филтриран, dhcps
- 68, филтриран, dhcpc
- 161, непознат, SNMPv3 server?
- 1027, филтриран, непознат
- 1900, UPnP, POSIX UPnP/1.0 UPnP Stack/7.14.89.21
Оперативни систем на рутеру: непознат.

Сва три ТХТ фајла архивирајте под именом PrezimeIme.zip и предајте до среде 22.12.2021.