通常情況下,為了檢測(cè)指定的TCP端口是否存活,我們都是通過(guò)telnet指定的端口看是否有響應(yīng)來(lái)確定,然而默認(rèn)情況下win8以后的系統(tǒng)默認(rèn)是不安裝telnet的。設(shè)想一下如果你黑進(jìn)了一個(gè)服務(wù)器,上面沒(méi)裝telnet,但是為了進(jìn)一步滲透進(jìn)內(nèi)網(wǎng),需要探測(cè)內(nèi)部服務(wù)器特定端口是否打開(kāi),同時(shí)你還不愿意安裝telnet,擔(dān)心引起管理員注意。那么好吧,在這個(gè)情況下你需要我的這個(gè)腳本。由于它是原生態(tài)的PowerShell語(yǔ)句完成,木有telnet你也照樣能檢測(cè)TCP端口的情況了。
下面首先上代碼,后面進(jìn)行講解:
Computername : pop.126.com
Port : 110
IsOpen : True
Response : +OK Welcome to coremail Mail Pop3 Server (126coms[75c606d72bf436dfbce6.....])
Description
-----------
Checks port 110 of an mail server and displays header response.
#>
[OutputType('Net.TCPResponse')]
[cmdletbinding()]
Param (
[parameter(ValueFromPipeline,ValueFromPipelineByPropertyName)]
[Alias('__Server','IPAddress','IP','domain')]
[string[]]$Computername = $env:Computername,
[int[]]$Port = 25,
[int]$TCPTimeout = 1000
)
Process {
ForEach ($Computer in $Computername) {
ForEach ($_port in $Port) {
$stringBuilder = New-Object Text.StringBuilder
$tcpClient = New-Object System.Net.Sockets.TCPClient
$connect = $tcpClient.BeginConnect($Computer,$_port,$null,$null)
$wait = $connect.AsyncWaitHandle.WaitOne($TCPtimeout,$false)
If (-NOT $wait) {
$object = [pscustomobject] @{
Computername = $Computer
Port = $_Port
IsOpen = $False
Response = $Null
}
} Else {
While ($True) {
#Let buffer
Start-Sleep -Milliseconds 1000
Write-Verbose "Bytes available: $($tcpClient.Available)"
If ([int64]$tcpClient.Available -gt 0) {
$stream = $TcpClient.GetStream()
$bindResponseBuffer = New-Object Byte[] -ArgumentList $tcpClient.Available
[Int]$response = $stream.Read($bindResponseBuffer, 0, $bindResponseBuffer.count)
$Null = $stringBuilder.Append(($bindResponseBuffer | ForEach {[char][int]$_}) -join '')
} Else {
Break
}
}
$object = [pscustomobject] @{
Computername = $Computer
Port = $_Port
IsOpen = $True
Response = $stringBuilder.Tostring()
}
}
$object.pstypenames.insert(0,'Net.TCPResponse')
Write-Output $object
If ($Stream) {
$stream.Close()
$stream.Dispose()
}
$tcpClient.Close()
$tcpClient.Dispose()
}
}
}
}
首先創(chuàng)建一個(gè)System.Net.Sockets.TCPClient對(duì)象,去連接指定的域名和端口,瞬間斷開(kāi)的那是服務(wù)器沒(méi)開(kāi)那個(gè)端口,直接被拒絕了,如果沒(méi)拒絕,那就等著服務(wù)器端給你響應(yīng),然后讀取字節(jié)流拼接起來(lái)進(jìn)行解析。
最后需要強(qiáng)調(diào)的是需要對(duì)打開(kāi)的流和TCP連接進(jìn)行關(guān)閉,以便釋放資源
調(diào)用方法如下:
再對(duì)比一下telnet的結(jié)果
結(jié)果是一樣的,以后沒(méi)有telnet也難不住大家了,have fun!^_^
新聞熱點(diǎn)
疑難解答
圖片精選
