Este blog se está transportando a un sitio "más libre".
Puede consultarse este artículo en su nueva ubicación:
>>>>>>>>>>>>>>>>>>>>>>
Si no tenemos nmap instalado, basta con
sudo apt-get install nmap
Luego, la orden de trabajo es:
sudo nmap -sP 192.168.0.1/24
---------------------------------------
Nmap 7.60 ( https://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iL <inputfilename>: Input from list of hosts/networks
-iR <num hosts>: Choose random targets
--exclude <host1[,host2][,host3],...>: Exclude hosts/networks
--excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
-sL: List Scan - simply list targets to scan
-sn: Ping Scan - disable port scan
-Pn: Treat all hosts as online -- skip host discovery
-PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports
-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes
-PO[protocol list]: IP Protocol Ping
-n/-R: Never do DNS resolution/Always resolve [default: sometimes]
--dns-servers <serv1[,serv2],...>: Specify custom DNS servers
--system-dns: Use OS's DNS resolver
--traceroute: Trace hop path to each host
SCAN TECHNIQUES:
-sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
-sU: UDP Scan
-sN/sF/sX: TCP Null, FIN, and Xmas scans
--scanflags <flags>: Customize TCP scan flags
-sI <zombie host[:probeport]>: Idle scan
-sY/sZ: SCTP INIT/COOKIE-ECHO scans
-sO: IP protocol scan
-b <FTP relay host>: FTP bounce scan
PORT SPECIFICATION AND SCAN ORDER:
-p <port ranges>: Only scan specified ports
Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
--exclude-ports <port ranges>: Exclude the specified ports from scanning
-F: Fast mode - Scan fewer ports than the default scan
-r: Scan ports consecutively - don't randomize
--top-ports <number>: Scan <number> most common ports
--port-ratio <ratio>: Scan ports more common than <ratio>
SERVICE/VERSION DETECTION:
-sV: Probe open ports to determine service/version info
--version-intensity <level>: Set from 0 (light) to 9 (try all probes)
--version-light: Limit to most likely probes (intensity 2)
--version-all: Try every single probe (intensity 9)
--version-trace: Show detailed version scan activity (for debugging)
SCRIPT SCAN:
-sC: equivalent to --script=default
--script=<Lua scripts>: <Lua scripts> is a comma separated list of
directories, script-files or script-categories
--script-args=<n1=v1,[n2=v2,...]>: provide arguments to scripts
--script-args-file=filename: provide NSE script args in a file
--script-trace: Show all data sent and received
--script-updatedb: Update the script database.
--script-help=<Lua scripts>: Show help about scripts.
<Lua scripts> is a comma-separated list of script-files or
script-categories.
OS DETECTION:
-O: Enable OS detection
--osscan-limit: Limit OS detection to promising targets
--osscan-guess: Guess OS more aggressively
TIMING AND PERFORMANCE:
Options which take <time> are in seconds, or append 'ms' (milliseconds),
's' (seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
-T<0-5>: Set timing template (higher is faster)
--min-hostgroup/max-hostgroup <size>: Parallel host scan group sizes
--min-parallelism/max-parallelism <numprobes>: Probe parallelization
--min-rtt-timeout/max-rtt-timeout/initial-rtt-timeout <time>: Specifies
probe round trip time.
--max-retries <tries>: Caps number of port scan probe retransmissions.
--host-timeout <time>: Give up on target after this long
--scan-delay/--max-scan-delay <time>: Adjust delay between probes
--min-rate <number>: Send packets no slower than <number> per second
--max-rate <number>: Send packets no faster than <number> per second
FIREWALL/IDS EVASION AND SPOOFING:
-f; --mtu <val>: fragment packets (optionally w/given MTU)
-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys
-S <IP_Address>: Spoof source address
-e <iface>: Use specified interface
-g/--source-port <portnum>: Use given port number
--proxies <url1,[url2],...>: Relay connections through HTTP/SOCKS4 proxies
--data <hex string>: Append a custom payload to sent packets
--data-string <string>: Append a custom ASCII string to sent packets
--data-length <num>: Append random data to sent packets
--ip-options <options>: Send packets with specified ip options
--ttl <val>: Set IP time-to-live field
--spoof-mac <mac address/prefix/vendor name>: Spoof your MAC address
--badsum: Send packets with a bogus TCP/UDP/SCTP checksum
OUTPUT:
-oN/-oX/-oS/-oG <file>: Output scan in normal, XML, s|<rIpt kIddi3,
and Grepable format, respectively, to the given filename.
-oA <basename>: Output in the three major formats at once
-v: Increase verbosity level (use -vv or more for greater effect)
-d: Increase debugging level (use -dd or more for greater effect)
--reason: Display the reason a port is in a particular state
--open: Only show open (or possibly open) ports
--packet-trace: Show all packets sent and received
--iflist: Print host interfaces and routes (for debugging)
--append-output: Append to rather than clobber specified output files
--resume <filename>: Resume an aborted scan
--stylesheet <path/URL>: XSL stylesheet to transform XML output to HTML
--webxml: Reference stylesheet from Nmap.Org for more portable XML
--no-stylesheet: Prevent associating of XSL stylesheet w/XML output
MISC:
-6: Enable IPv6 scanning
-A: Enable OS detection, version detection, script scanning, and traceroute
--datadir <dirname>: Specify custom Nmap data file location
--send-eth/--send-ip: Send using raw ethernet frames or IP packets
--privileged: Assume that the user is fully privileged
--unprivileged: Assume the user lacks raw socket privileges
-V: Print version number
-h: Print this help summary page.
EXAMPLES:
nmap -v -A scanme.nmap.org
nmap -v -sn 192.168.0.0/16 10.0.0.0/8
nmap -v -iR 10000 -Pn -p 80
SEE THE MAN PAGE (https://nmap.org/book/man.html) FOR MORE OPTIONS AND EXAMPLES
1. dd
sudo dd if=/dev/sdx of=~/nombrebackup.img
2. Desde la utilidad Discos de Ubuntu
3. Acronis TrueImage y derivados
4. Win32diskimager
Creo archivo llamado 'ssh' en la partición boot del microSD:
touch ssh
Cuando instertemos la microSD en Raspberry Pi, tendremos habilitado el acceso SSH.
Pero éste será cableado, es decir, por rj45.
Si queremos acceder de forma inalámbrica, se puede configurar la conexión wifi también antes de conectar la tarjeta microSD a Raspberry Pi.
En el ordenador en el que hemos creado la microSD con Raspbian.
Desde terminal, en la partición rootfs de la microSD, carpeta /etc/wpa_suplicant/
wpa_passphrase <SSID>
(*) El SSID es el nombre de mi red wifi (mirouterwifi), en mi caso quedaría así: wpa_passphrase mirouterwifi
Al ejecutar ese comando el sistema nos pregunta la contraseña wpa de la red wifi y, cuando la introducimos, devuelve esto:
network={
ssid="mirouterwifi"
#psk="tuclavewpawifisinencriptar"
psk=tuclavewpaencriptada
}
Abrimos como superusuarios el fichero wpa_suplicant.conf
sudo nano wpa-suplicant.conf
Agregamos:
network={
ssid="mirouterwifi"
psk=tuclavewpaencriptada
}
Guardamos los cambios
Extraemos de forma segura la microSD
Ya podemos insertar la microSD con Raspbian en Raspberry Pi y arrancarla. Tendrá conectividad wifi.
Si este procedimiento lo combinamos con la configuración previa del acceso SSH, tendremos acceso a la Raspberry Pi sin haber conectado siquiera la televisión, el teclado y el ratón.
Por alguna razón acceder vía VNC a la versión 2018-11-13 se resiste más de lo debido. Desconozco exactamente las causas que hacen que cuando, por ejemplo, tratamos de conectar mediante el cliente Remmina desde Ubuntu 18.04 obtengamos este rechazo:
"esquema de autentificación desconocido del servidor vnc"
Estos son los detalles del servidor VNC que trae de serie Raspbian 2018-11-13. Hace referencia a VNC Server, Real VNC, VNC Viewer. El puerto que utiliza juraría es el 5900.
 |
| Modificamos método de Autentificación para que sea mediante "contraseña de VNC" |
 |
| Agregamos un usuario de tipo "administrador" y le asignamos una contraseña |
 |
| En el cliente Remmina creamos una conexión y la configuramos: le asignamos un nombre identificativo, establecemos el protocolo (VNC), especificamos la IP del servidor VNC y también el usuario y contraseña que agregamos en el paso anterior (en el servidor VNC de Raspbian). |
RDP
RDP stands for Remote Desktop Protocol. It is a proprietary protocol built by Microsoft to let users to graphically control remote computer.
RDP logs in a remote user to the server computer by effectively creating a real desktop session on the server computer including a user profile.
RDP works in the same way as if the user had logged in to the physical server directly.
RDP can support multiple remote users logged in to the same server that completely unaware of each other.
VNC
VNC stands for Virtual Network Computing. It is an open platform independent graphical desktop sharing system designed to remotely control another computer.
VNC follows the older model of simply showing whatever is on the screen with no forced logins required.
VNC connects a remote user to the computer itself by sharing its screen, keyboard and mouse.
Consequently, when several users (including the one operating the real physical monitor and keyboard) connect to the same server they see the same thing and they type on the same keyboard.
VNC has security implications; if you remote into a machine that an Administrator is logged into, you'll effectively be an Administrator. And if you're both trying to use the computer at the same time, it's even more fun!
Similarities between both
Both RDP and VNC technologies require client side and server side software to support communication protocol.
Both technologies use direct peer-to-peer communication. It means that the local user computer directly connects to the remote computer
Both can't handle multiple monitors in any way; you'll only see the primary monitor (but there are ways to see all monitors using other tools)
LSHW
sudo lshw > archivodetexto.txt
SYSINFO
sudo apt-get install sysinfo
HARDINFO
sudo apt-get install hardinfo
fuente:
https://elblogdeliher.com/como-obtener-informacion-sobre-el-hardware-en-ubuntu/
https://adictec.com/comprobar-si-dispositivo-es-usb-30-o-20/
A. Acudiendo al registro del sistema: HKEY _ LOCAL _ MACHINE / SOFTWARE / Microsoft / Windows NT / CurrentVersion / SoftwareProtectionPlatform y en lista de variables buscamos "BackupProductKeyDefault". Ahí debería estar.
B. Ejecutando PowerShell, como bien resaltan en los comentarios, introduciendo lo siguiente: powershell "(Get-WmiObject -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey".
(*) Esta segunda opción a mí no me ha funcionado.
In PowerShell, you can directly access the raw licensing data like this:
PS> Get-WmiObject SoftwareLicensingService
You can also check the license status of your copy of Windows:
PS> Get-WmiObject SoftwareLicensingProduct | Select-Object -Property Description, LicenseStatus | Out-GridView
And you can find out which Windows SKU you are actually using:
PS> Get-WmiObject SoftwareLicensingProduct | Where-Object { $_.LicenseStatus -eq 1 } | Select-Object -ExpandProperty Description
Windows Operating System - Windows(R) 7, RETAIL channel
To investigate all the other logic found in slmgr, have a look at the VBScript source code:
PS> notepad (Get-Command slmgr).Path
Existen 2 formas:
1. CertUtil
Desde Línea de Comandos (ms-dos):
certutil -hashfile archivo SHA512
2. Get-FileHash
Desde PowerShell
Get-FileHash -Path archivo -Algorithm SHA512
+ información:
https://www.nextofwindows.com/5-ways-to-generate-and-verify-md5-sha-checksum-of-any-file-in-windows-10
En las propiedades del equipo en Windows 10 puede aparecer como utilizable menos memoria de la instalada.
Solución:
En Windows > Propiedades de Equipo la memoria RAM utilizable es menor a la instalada
Solución: msconfig > arranque > opciones avanzadas > desmarcar "Cantidad máxima de memoria"
Hay quien dice que hay que desmarcarlo todo, "número de procesadores" inclusive. Yo no lo he hecho.
