포트를 열려고 했지만 iptables -I INPUT -p tcp -m tcp --dport 4444 -j ACCEPT
여전히 닫혀 있습니다.
$ nmap hostname -p 4444
Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-23 04:47 +0430
Nmap scan report for linux (127.0.1.1)
Host is up (0.000040s latency).
rDNS record for 127.0.1.1: Linux.domain.linux
PORT STATE SERVICE
4444/tcp closed krb524
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
이유는 무엇입니까? 나는 무엇을 해야 합니까?
답변1
포트에 뭔가 수신 대기 중인 것이 있어야 하며 방화벽만으로는 열 수 없습니다.
여기서 httpd는 80을 수신하고 있으므로 열려 있는 것으로 표시됩니다.
$ nmap localhost -p 80
Starting Nmap 6.40 ( http://nmap.org ) at 2018-05-22 19:22 MDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00019s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT STATE SERVICE
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
여기서 netstat는 httpd가 80을 듣고 있기 때문에 내가 80을 듣고 있다는 것을 보여줍니다.
$ netstat --listening --numeric-ports | grep 80
tcp6 0 0 [::]:80 [::]:* LISTEN
$ systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2018-05-22 18:18:01 MDT; 1h 5min ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 1279 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
Tasks: 7
CGroup: /system.slice/httpd.service
├─1279 /usr/sbin/httpd -DFOREGROUND
├─1928 /usr/sbin/httpd -DFOREGROUND
├─1929 /usr/sbin/httpd -DFOREGROUND
├─1930 /usr/sbin/httpd -DFOREGROUND
├─1931 /usr/sbin/httpd -DFOREGROUND
├─1932 /usr/sbin/httpd -DFOREGROUND
└─1933 /usr/sbin/httpd -DFOREGROUND
May 22 18:17:55 trogdor.mydomain.com systemd[1]: Starting The Apache HTT...
May 22 18:18:01 trogdor.mydomain.com systemd[1]: Started The Apache HTTP...
Hint: Some lines were ellipsized, use -l to show in full.
httpd를 끄면:
# systemctl stop httpd
$ nmap localhost -p 80
Starting Nmap 6.40 ( http://nmap.org ) at 2018-05-22 19:23 MDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00017s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT STATE SERVICE
80/tcp closed http
Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
Netstat에서는 80이 열려 있는데도 듣고 있지 않다고 표시합니다.
$ netstat --listening --numeric-ports | grep 80
$
요점은 IPTables 부분이질문. 4444에서 역방향 연결 수신기를 시작하면(이것은Rapid7 Q&A), 그러면 포트 4444가 열려 있고 수신 대기 중인 것으로 나타나므로 IP 테이블을 건드릴 필요가 없습니다.
msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 127.0.0.1
msf exploit(handler) > set LPORT 4444
msf exploit(handler) > set ExitOnSession false
msf exploit(handler) > exploit -j
# netstat --numeric-ports --listening | grep 4444
tcp 0 0 localhost:4444 0.0.0.0:*