Amap

Un article de Backtrack-fr.

Sommaire

[modifier] Introduction

AMap est un scanner de protocole crée par le groupe THC. Il permet de retrouvé le service en écoute sur un port "non standard" en utilisant entre autre le grab de bannière.

[modifier] Utilisation 

   #amap [Mode(s)] [Option(s)] Cible Port(s)

[modifier] Modes

   -A            Map applications: send triggers and analyse responses (default)
   -B            Just grab banners, do not send triggers
   -P            No banner or application stuff - be a (full connect) port scanner
   -W            Web Update - online update the application fingerprint database!

[modifier] Options

   -1            Only send triggers to a port until 1st identification. Speeeeed!
   -6            Use IPv6 instead of IPv4
   -b            Print ascii banner of responses
   -i FILE       Nmap machine readable outputfile to read ports from
   -u            Ports specified on commandline are UDP (default is TCP)
   -R / -S       Do NOT identify RPC / SSL services
   -H            Do NOT send application triggers marked as potentially harmful
   -U            Do NOT dump unrecognised responses (better for scripting)
   -d            Dump all responses
   -v            Verbose mode, use twice (or more!) for debug (not recommended :-)
   -q            Do not report closed ports, and do not print them as unidentified
   -o FILE [-m]  Write output to file FILE, -m creates machine readable output
   -c CONS       Amount of parallel connections to make (default 32, max 256)
   -C RETRIES    Number of reconnects on connect timeouts (see -T) (default 3)
   -T SEC        Connect timeout on connection attempts in seconds (default 5)
   -t SEC        Response wait timeout in seconds (default 5)
   -p PROTO      Only send triggers for this protocol (e.g. ftp)
   TARGET PORT   The target address and port(s) to scan (additional to -i)

[modifier] Exemples

[modifier] Syntaxe basique

   bt ~ # amap 10.69.69.69 80

   bt ~ # amap 10.69.69.69 21 25 80 110

   bt ~ # amap 10.69.69.69 0-1024

[modifier] Utilisation d'une sortie d'NMap

   bt ~ # nmap -T5 -oM scan 10.69.69.69
 
   Starting Nmap 4.60 ( http://nmap.org ) at 2008-07-22 14:39 GMT
   Interesting ports on cible (10.69.69.69):
   Not shown: 1708 filtered ports
   PORT     STATE  SERVICE
   21/tcp   open   ftp
   25/tcp   open   smtp
   80/tcp   open   http
   110/tcp  open   pop3
   113/tcp  closed auth
   222/tcp  open   rsh-spx
   3399/tcp open   sapeps   
   Nmap done: 1 IP address (1 host up) scanned in 26.353 seconds
 
   bt ~ # amap -i scan 10.69.69.69
 
   amap v5.2 (www.thc.org/thc-amap) started at 2008-07-22 14:46:52 - MAPPING mode
   Unrecognized response from 10.69.69.69:21/tcp (by trigger ms-ds) received.
   Please send this output and the name of the application to amap-dev@thc.org:
   0000:  3232 302d 4669 6c65 5a69 6c6c 6120 5365    [ 220-FileZilla Se ]
   0010:  7276 6572 2076 6572 7369 6f6e 2030 2e39    [ rver version 0.9 ]
   0020:  2e32 3220 6265 7461 2056 6572 7369 6f6e    [ .22 beta Version ]
   0030:  2046 696c 655a 696c 6c61 2053 6572 7665    [  FileZilla Serve ]
   0040:  720d 0a                                    [ r..              ]
   Protocol on 10.69.69.69:25/tcp matches smtp
   Protocol on 10.69.69.69:110/tcp matches pop3
   Protocol on 10.69.69.69:222/tcp matches ssh
   Protocol on 10.69.69.69:222/tcp matches ssh-openssh
   Protocol on 10.69.69.69:80/tcp matches http-apache-2
   Protocol on 10.69.69.69:80/tcp matches http
   Protocol on 10.69.69.69:3399/tcp matches ms-remote-desktop-protocol
   Protocol on 10.69.69.69:21/tcp matches ftp
   Protocol on 10.69.69.69:80/tcp matches webmin
 
   Unidentified ports: none.
 
   amap v5.2 finished at 2008-07-22 14:47:07

[modifier] Références

Récupérée de « http://wiki.backtrack-fr.net/index.php/Amap »