English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Forum Index Thảo luận thâm nhập Phân tích finger print output như thế nào?  XML
  [Question]   Phân tích finger print output như thế nào? 02/04/2008 03:12:02 (+0700) | #1 | 122576
[Avatar]
 lamhoang20002000
Member
[Minus]    0    [Plus]
Joined: 03/04/2005 16:32:02
Messages: 52
Offline
[Profile] [PM] [Yahoo!]
Em dùng Nmap for Windows quét IP của một máy tính được kết quả như sau:

Code:
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port3999-TCP:V=4.50%I=7%D=3/28%Time=47EBE52A%P=i686-pc-windows-windows%
SF:r(NULL,D1,"5\.38\.14\0\0\0\0\0\xc1\0\xf5\x04\x1d\x18\xd9#`Z\xef\x1cN\xc
SF:f\xb4\xbf\n\xb0\xed\x0b\x1b\xd2\x13t0\xfa\xf43U\x1fU\x81\xc0\xb7\xe3\xc
SF:4\x03\xc4\xe8h\x90\xd6\xc7\tB\xd1t\xb4\xbd\xdf\xa78\x8eaC\xc2qZ<\xe2\\\
SFsmilief5\xfask\x9d\xeb\x97C\xd3n\xe8\xf7\xf9\xde\xfa\xbe\xfb\x86\xbf\$8\xbf\
SFsmilieb6m\xea\xb7\xdeT\xb7\xa8x\xe1U\x92\xed\x14w\xde7-\xef\n\xfd\xfb&\xe0\x
SF:ed<\x1d\$p3/\xfbz8\x98\|\xb9F\x8c\x89\xed\xf1\x0bBQ\xef\x08\xb3\xb2\xf0
SF:\xa1\xce\xa2\xda\x0e\x8d\xbc\xa9l\xd1\xb1%\xf4\xe3\xf6\x97\x93\xef\xb7\
SFsmilie02\xea\x1d\x07\xe8\xf2H@>R\x97\xe6Y#\xe9O9\xcb\xea\xbe\x20\]@k\xa4\x07
SF:\xc7\xdc\xc81H\xd2\xac\xb0\x87\xfa~W\xdd\x9a\x9dg\xfb\xfc\0")%r(Generic
SF:Lines,D1,"5\.38\.14\0\0\0\0\0\xc1\0\xf5\x04\x1d\x18\xd9#`Z\xef\x1cN\xcf
SF:\xb4\xbf\n\xb0\xed\x0b\x1b\xd2\x13t0\xfa\xf43U\x1fU\x81\xc0\xb7\xe3\xc4
SF:\x03\xc4\xe8h\x90\xd6\xc7\tB\xd1t\xb4\xbd\xdf\xa78\x8eaC\xc2qZ<\xe2\\\x
SF:f5\xfask\x9d\xeb\x97C\xd3n\xe8\xf7\xf9\xde\xfa\xbe\xfb\x86\xbf\$8\xbf\x
SF:b6m\xea\xb7\xdeT\xb7\xa8x\xe1U\x92\xed\x14w\xde7-\xef\n\xfd\xfb&\xe0\xe
SF:d<\x1d\$p3/\xfbz8\x98\|\xb9F\x8c\x89\xed\xf1\x0bBQ\xef\x08\xb3\xb2\xf0\
SFsmiliea1\xce\xa2\xda\x0e\x8d\xbc\xa9l\xd1\xb1%\xf4\xe3\xf6\x97\x93\xef\xb7\x
SF:02\xea\x1d\x07\xe8\xf2H@>R\x97\xe6Y#\xe9O9\xcb\xea\xbe\x20\]@k\xa4\x07\
SFsmiliec7\xdc\xc81H\xd2\xac\xb0\x87\xfa~W\xdd\x9a\x9dg\xfb\xfc\0")%r(GetReque
SF:st,E5,"5\.38\.14\0\0\0\0\0\xc1\0\xba\ne:b\xd37\xb2\x98\|\xe8\xffYdw\x08
SF:w\x87\xe7\xf7i%Z\x87{\xf1\xb9Xu\xa0\xc9n\xf4P\xc9i\x11\xd5\x89\x960\x1d
SF:%\xe1j\xc7\x13\xdc{\xbb\xbe\0\xbb\[\"\xc4\x07\xaa\xac\xd9\xdew\xb8\xda\
SFsmiliee1\xac\x95\xdbk\\\x07;\x94Y\x88\x0e~\^\0S\xbb\xe4\xd7\x9c\xaf5\^\"\t\x
SF:fe\x19\x9e\xe9W\x0b\xde\xd2\x18X\xd1\xe4\xe5!\xcd\xe0yq\xde&\xf0\x97\x1
SF:9,\]4\x97Y\xbe&\x9b\x80\xf1\xee\xa3\^\xb2\xc0'\x1a\xcb\xc0B\x1a\x91\xa7
SF:\x17\xb4\x8b\xb1\x08\[kV}\x01\xc2n71\+Ro0\x03\xda=\xd5\xa7\x1f\xb0:\\\x
SF:c8\xa4j\xf3\x83\x9a\xc1_\xb3\x13\x82\xf9\xc2o\x14\xbc\x85\x065\x20EH\x1
SF:1%E\x02\x91V\x11\xcf\x82\xed\0\x02\0\0\x002\xc31\x98\x81\xfc\xce\x87\x0
SF:4\x7f\xf2\xc0\^\xfa\x8a\xd3")%r(HTTPOptions,E5,"5\.38\.14\0\0\0\0\0\xc1
SF:\0\+\t\xd5\xec\x80\x9fq\x8f\xd5K\xa7\x933\x97\x85\xcb\\\t\x06\x13\t\xe9
SFsmilie\t\x9f~\xc9\r\x17I6\xa42\x11\x05\x1d\x93\xd2F\xe9\xe0A\x1cl\]\xd0\xe5\
SF:^g\x1b\xf7\xba\xa7\xed\xa1\xb8\x18\xcb\x8e\xc3f\xa0O\xce\xb3\x11y\x13\x
SF:0511\x89\x06\(\xab\xf2\xcd\x0b\)\xb3\x11\xe5c\xa6I\x95\xfa\xeb\xbc\xc8y
SF:\xc9\^\x17L\xc1Y\x0c\xff}G\xeb'\xf7\xd3\[\xc2/\$G\x1b\xa1V\xc5\(\r\x99\
SFsmilied3\xae!\xb9\xebm&\x20ce\xad\xac\xaf\x82\xd9\xc6<\xf9\xd9W\x82\x95\xb5\
SF:"\xab\xb3\xaa\xe4\x10\x9f!\xbc\+\xf0\x98Vu\x1a\xb2x\xb0w`\xde\xb7\xc10\
SFsmiliebeS\xe0\xe6\xc1\xaf\xa9\xcd\r\xb5\xc6b\xc6Z\xd8q\xa3\"\xe2\xca\xb8\xe0
SF:\xe3\xc2\xa1\xb6U\xd8#N\0\x02\0\0\0I\x99\x1a\x94v\xae\x94\[\x86k\xde\xa
SF:5\xdc\xb7\xfbv");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port4000-TCP:V=4.50%I=7%D=3/28%Time=47EBE52A%P=i686-pc-windows-windows%
SF:r(NULL,D1,"5\.38\.14\0\0\0\0\0\xc1\0>\x06\xbc\xd7\xc4I\x0c\xf8o\xbc\xe9
SF:\xbd\xd1\xe8\xcd\x81Rv\xc2>\x87x\xf8\+\x12\\\x91\x02g\xc6X\xa0\xe9;\x03
SF:\xd6\xdab\xdb\xaa\xac\x12\xa2\xe9\xf5HO~-n\x05\xb9\xb2F\x1f\x0b{\xd6\x8
SF:5;T\x1e_Ds\xdb\x8f1\xa3\xe9{\x8aS\xf8g-\xe4\xe1\xe3\xb6\x19\xaaD\x90a\x
SF:b9\xc7\x0e;\xc4\x97bl4\xb8\x10e4\xf3\x0e\xea\x9c\xb6qr\.\x873\xf7\x88\x
SF:ae\x90\xdf\[\x16\x0b\x95\xe1\xce\*\x8b\xcd\x89\xb9>\x01\x97\x0f83\^_\x9
SF:f\xee\x90\xfe\xf9\x1a\x16\xbf\xa7\x90cx\xfa\xbf\x7f\xd2\x0c\xd1\xdd\xe1
SF:L\xfbaI\xf2\xb1@\xed;\\\xc9\xe2\x0eu\x92\xb6\xd5\x08U\xf9/3\xc5\x166b\x
SF:bf\x04\xbb\x1f\x12\x82\xb8m\x9fq\xe8\xe2\x96R\xdf\x9b\0")%r(GetRequest,
SF:E5,"5\.38\.14\0\0\0\0\0\xc1\0>\x06\xbc\xd7\xc4I\x0c\xf8o\xbc\xe9\xbd\xd
SF:1\xe8\xcd\x81Rv\xc2>\x87x\xf8\+\x12\\\x91\x02g\xc6X\xa0\xe9;\x03\xd6\xd
SF:ab\xdb\xaa\xac\x12\xa2\xe9\xf5HO~-n\x05\xb9\xb2F\x1f\x0b{\xd6\x85;T\x1e
SF:_Ds\xdb\x8f1\xa3\xe9{\x8aS\xf8g-\xe4\xe1\xe3\xb6\x19\xaaD\x90a\xb9\xc7\
SFsmilie0e;\xc4\x97bl4\xb8\x10e4\xf3\x0e\xea\x9c\xb6qr\.\x873\xf7\x88\xae\x90\
SFsmiliedf\[\x16\x0b\x95\xe1\xce\*\x8b\xcd\x89\xb9>\x01\x97\x0f83\^_\x9f\xee\x
SF:90\xfe\xf9\x1a\x16\xbf\xa7\x90cx\xfa\xbf\x7f\xd2\x0c\xd1\xdd\xe1L\xfbaI
SF:\xf2\xb1@\xed;\\\xc9\xe2\x0eu\x92\xb6\xd5\x08U\xf9/3\xc5\x166b\xbf\x04\
SFsmiliebb\x1f\x12\x82\xb8m\x9fq\xe8\xe2\x96R\xdf\x9b\0\x02\0\0\0\x06\x1dI\x9b
SF:\r\x03\xf8\xb4\x83\x83\x96\xec\^/\x191")%r(GenericLines,D1,"5\.38\.14\0
SF:\0\0\0\0\xc1\0\x08\t\|\x8bOB\x02\x8adf~\xe6\x04\xffRE6\xb1\x11\x0f\xdc\
SFsmiliea1Y\xa0\x13\xe6\x97y\xc1\xebL\x8ef'}\xb5B\xe2g\xcaP\x08\*c\xb4wWM\xe7\
SFsmiliead\xb7\x9f\xed6\x8b\xdf\x94\xa1\xfdUt\xe1o\xab\xd7\xd4\xf2\x88\"\xc7wN
SF:\x1c`\xff\xef\xbf\xcdd\x89d\xeeV\x07F\xd4\x9e\xdaM\xf3\xde\xd6\x93\xfaZ
SF:\?\xfc\xa6\[\xc1Z\xf2}9\xed:\xbeE\xf0\xef3oqm\x861\x8e\x11\xe2\x05\x85\
SFsmilie86\x1cz\|V\xd3\xe4X\x86mf\xc7\xba\x8c/\x04\xd2\xa5P\x1e\xef\x8cI\xbb\x
SF:9c\x18Q\x90\+\xb9\xd7\xdeV\x9b\xa9\x13\xe4\x03\x17O\xd6\x1d\x1c\xd6\x14
SF:\x9cfk/\x98\xf3\x95\$xs\xa5P\x15\xda\x0c\x20\xed\x1a\xc0\]b\\\xf6\x90\x
SF:86\xfb=\x9c\0")%r(HTTPOptions,E5,"5\.38\.14\0\0\0\0\0\xc1\0\t\x07\xe6\x
SF:83#\xf8\xefx_\xc0b\$\x94&D\xb4\xdf\rH\xbf\x14\xc9\xa6\]xJ\xc4\xfc\x9f~L
SF:\x1d\x86\xcf\xb9\]\x1d0\xa8\x9c\xe7\x9b\xfa\x8e\xe4\xfc\xbd`W\xe8\x0c\x
SF:d8}\xa4A\x17\xae\xcd\xbd#P\xee\xaci\x16\xe8\xe2\x9c\x1da\xb59\(\xc9\x94
SF:\xae\xc3\^\xaf\xa6\x90\xb0\x209\xc0T\xffW\x8c\xea\x16\xcd\\\xbd\x10S\x8
SF:a\.q\xee!\xaa\x11\xd7\xa3\x0bp\.#\|\xee\x97\xdd\x1by\xd4\x9e}\x98r\xc0\
SFsmilieb7\)A1\xcf\x11\x12\x04%\xfdL\xb5\xa8\x1c\xad\xba-\xaeI0\xe8G\x12\x14\x
SF:85u1\x8cY\xd3Y\x9b\xc8\xe31_\x0c\xde\xbfJ\|Y\x89q\xb2\xe7\t:\xb3\xc2\xb
SF:49f\x07\x9c\xae\xfe\xa9\x17\x8a\xaa\xa5EZ\x89\xfb7\xd8\\{\xa8\xd6\xe3\0
SF:\x02\0\0\0\x9b\x99\x1a\x94v\xae\x94\[\x86k\xde\xa5\xd6\xb3\xfbv");
MAC Address: 00:0C:29:25:26:7F (VMware)
Device type: general purpose
Running: Microsoft Windows 2000|XP|2003
OS details: Microsoft Windows 2000 Server SP3 or SP4, Microsoft Windows XP SP2 or Windows Server 2003 SP0/SP1
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Windows

Host script results:
|_ NBSTAT: NetBIOS name: VIRTUALPC, NetBIOS MAC: 00:0C:29:25:26:7F
|_ Discover OS Version over NetBIOS and SMB: Windows XP

//////////

Em chỉ đoán được rằng đây là các gói HTTP, nhưng chưa thể hiểu được chứa thông tin gì. Mong các cao thủ giúp đỡ em phân tích đoạn này. Nếu có thể hướng dẫn luôn cho em tool để decode cái đoạn này với.
[Up] [Print Copy]
  [Question]   Re: Phân tích finger print output như thế nào? 02/04/2008 07:39:14 (+0700) | #2 | 122640
[Avatar]
 quanta
Moderator
Joined: 28/07/2006 14:44:21
Messages: 7265
Location: $ locate `whoami`
Offline
[Profile] [PM]
http://insecure.org/cgi-bin/submit.cgi
http://nmap.org/osdetect/osdetect-fingerprint-format.html
Let's build on a great foundation!
[Up] [Print Copy]
  [Question]   Re: Phân tích finger print output như thế nào? 02/04/2008 23:06:49 (+0700) | #3 | 122779
[Avatar]
 lamhoang20002000
Member
[Minus]    0    [Plus]
Joined: 03/04/2005 16:32:02
Messages: 52
Offline
[Profile] [PM] [Yahoo!]
Thanks quanta.
Nhưng ở các site này, nó cho mình submit fingerprint thôi, không có decode, hoặc phân tích gì cho mình hiểu nó là gì.
http://nmap.org/osdetect/osdetect-fingerprint-format.html thì mô tả về fingerprint format nhưng xem ra không có format nào giống với định dạng của fingerprint mà em post lên cả. Có tool nào decode luôn cái này không? Mong các anh chỉ giúp.
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|