sudo apt-get install konckd knocker knockpy -y knock -v 192.168.56.114 159:tcp 27391:tcp 4:tcp knock -v 192.168.56.114 4:tcp 27391:tcp 159:tcp nmap -sC -sV -p 80 192.168.56.114 敲击脚本 knock.sh #!/bin/bash TARGET=$1 PORTS=$2 for ports
knock -v 192.168.56.114 159:tcp 27391:tcp 4:tcp
knock -v 192.168.56.114 4:tcp 27391:tcp 159:tcp
nmap -sC -sV -p 80 192.168.56.114
敲击脚本 knock.sh
#!/bin/bash
TARGET=$1
PORTS=$2
for ports in $(tr ',' ' ' <<<"$PORTS"); do
echo "[*] Trying sequence $ports..."
for p in $(echo $ports | tr ',' ' '); do
nmap -n -v0 -Pn --max-retries 0 -p $p $TARGET
done
done
执行
./knock.sh 192.168.56.114 159,27391,4
nmap敲门
for x in 159 27391 4 ; do nmap -Pn --max-retries 0 -p $x 192.168.56.114; done
nc直接对应的端口也是可以敲门的=======================================================================================
生成的各种组合
python -c 'import itertools; print list(itertools.permutations([1,2,3]))' | sed 's/), /\n/g' | tr -cd '0-9,\n' | sort | uniq > permutation.txt
敲击shell代码
#!/bin/bash
TARGET=$1
for ports in $(cat permutation.txt); do
echo "[*] Trying sequence $ports..."
for p in $(echo $ports | tr ',' ' '); do
nmap -n -v0 -Pn --max-retries 0 -p $p $TARGET
done
sleep 3
nmap -n -v -Pn -p 1-10000 -A --reason $TARGET -oN ${ports}.txt
done
上述脚本保存成文件,例如保存为knocklord.sh 执行方式 ./knocklord.sh 192.168.226.132
或者使用nmap进行敲击
nmap -n -v0 -Pn --max-retries 0 -p 1 192.168.226.132
nmap -n -v0 -Pn --max-retries 0 -p 2 192.168.226.132
nmap -n -v0 -Pn --max-retries 0 -p 3 192.168.226.132
或者
nmap -r -Pn -p 1,2,3 192.168.226.132
或者
hping3 -S 192.168.226.132 -p 1 -c 1
或者
nmap -Pn --host_timeout 201 --max-retries 0 -p 1 192.168.226.132
nmap -Pn --host_timeout 201 --max-retries 0 -p 2 192.168.226.132
nmap -Pn --host_timeout 201 --max-retries 0 -p 3 192.168.226.132
迷茫的人生,需要不断努力,才能看清远方模糊的志向!