增加dcerpc识别主机版本,其他信息目前识别有些问题，在整

2026-02-03 18:43:38 +08:00 · 2022-06-17 15:17:41 +08:00
parent cb72f18edd
commit 620eaf8364
7 changed files with 343 additions and 6 deletions
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -4,7 +4,15 @@
    <option name="autoReloadType" value="ALL" />
  </component>
  <component name="ChangeListManager">
-    <list default="true" id="d434aa11-9789-419c-9b84-854d0d1de639" name="变更" comment="" />
+    <list default="true" id="d434aa11-9789-419c-9b84-854d0d1de639" name="变更" comment="Yasso更新大改动，更新扫描方式，去除不常用功能，增加指纹和协议识别，修补bug等">
+      <change afterPath="$PROJECT_DIR$/core/plugin/dcerpc.go" afterDir="false" />
+      <change afterPath="$PROJECT_DIR$/core/plugin/nbns_test.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/Yasso.exe" beforeDir="false" afterPath="$PROJECT_DIR$/Yasso.exe" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/core/plugin/all.go" beforeDir="false" afterPath="$PROJECT_DIR$/core/plugin/all.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/core/plugin/eternalblue.go" beforeDir="false" afterPath="$PROJECT_DIR$/core/plugin/eternalblue.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/result.txt" beforeDir="false" afterPath="$PROJECT_DIR$/result.txt" afterDir="false" />
+    </list>
    <option name="SHOW_DIALOG" value="false" />
    <option name="HIGHLIGHT_CONFLICTS" value="true" />
    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
@@ -43,6 +51,7 @@
  </component>
  <component name="PropertiesComponent">{
  &quot;keyToString&quot;: {
+    &quot;DefaultGoTemplateProperty&quot;: &quot;Go File&quot;,
    &quot;RunOnceActivity.go.format.on.save.advertiser.fired&quot;: &quot;true&quot;,
    &quot;RunOnceActivity.go.formatter.settings.were.checked&quot;: &quot;true&quot;,
    &quot;RunOnceActivity.go.migrated.go.modules.settings&quot;: &quot;true&quot;,
@@ -149,6 +158,10 @@
      </map>
    </option>
  </component>
+  <component name="VcsManagerConfiguration">
+    <MESSAGE value="Yasso更新大改动，更新扫描方式，去除不常用功能，增加指纹和协议识别，修补bug等" />
+    <option name="LAST_COMMIT_MESSAGE" value="Yasso更新大改动，更新扫描方式，去除不常用功能，增加指纹和协议识别，修补bug等" />
+  </component>
  <component name="VgoProject">
    <settings-migrated>true</settings-migrated>
  </component>
--- a/Yasso.exe
+++ b/Yasso.exe
--- a/core/plugin/all.go
+++ b/core/plugin/all.go
@@ -372,6 +372,10 @@ func (s *scannerAll) RunEnumeration() {
 						if ok {
 							logger.JSONSave(ip, logger.InformationSave, "oxid", information)
 						}
+						ok, information = DceRpcOSVersion(ip, 135, s.timeout)
+						if ok {
+							logger.JSONSave(ip, logger.InformationSave, "dcerpc", information)
+						}
 					}(ip)
 					mutex.Unlock()
 				}
--- a/core/plugin/dcerpc.go
+++ b/core/plugin/dcerpc.go
@@ -0,0 +1,71 @@
+package plugin
+
+import (
+	"Yasso/core/logger"
+	"bytes"
+	"encoding/binary"
+	"fmt"
+	"net"
+	"time"
+)
+
+const v1 = "\x05\x00\x0b\x03\x10\x00\x00\x00\x48\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x08\x83\xaf\xe1\x1f\x5d\xc9\x11\x91\xa4\x08\x00\x2b\x14\xa0\xfa\x03\x00\x00\x00\x33\x05\x71\x71\xba\xbe\x37\x49\x83\x19\xb5\xdb\xef\x9c\xcc\x36\x01\x00\x00\x00"
+
+const dce = "\x05\x00\x0b\x03\x10\x00\x00\x00\x78\x00\x28\x00\x03\x00\x00\x00\xb8\x10\xb8\x10\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x01\x00\xa0\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46\x00\x00\x00\x00\x04\x5d\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00\x2b\x10\x48\x60\x02\x00\x00\x00\x0a\x02\x00\x00\x00\x00\x00\x00\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x07\x82\x08\xa2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x01\xb1\x1d\x00\x00\x00\x0f"
+
+var length = 0
+
+func DceRpcOSVersion(ip string, port int, timeout time.Duration) (bool, string) {
+	conn, err := net.DialTimeout("tcp", fmt.Sprintf("%v:%v", ip, port), timeout)
+	if err != nil {
+		return false, ""
+	}
+	_, err = conn.Write([]byte(dce))
+	if err != nil {
+		return false, ""
+	}
+	var buffer = make([]byte, 4096)
+	_, err = conn.Read(buffer)
+	if err != nil {
+		return false, ""
+	}
+	digit := osDigits(ip) // 获取位数
+	osVersionBytes := buffer[int(0xa0)-54+10 : int(0xa0)-54+18]
+	majorVersion := osVersionBytes[0:1] // 主要版本
+	MinorVersion := osVersionBytes[1:2] // 次要版本
+	BuildNumber := osVersionBytes[2:4]  // 构建号
+	osVersion := fmt.Sprintf("Windows Verison %d.%d Build %v %v", majorVersion[0], MinorVersion[0], binary.LittleEndian.Uint16(BuildNumber), digit)
+
+	//infoLengthBytes := buffer[int(0xa0)-54+2 : int(0xa0)-54+4]
+	//infoLength := int(binary.LittleEndian.Uint16(infoLengthBytes))
+	//infoBytes := buffer[n-infoLength : n-4]
+	//netBoisDomainName := attribute(infoBytes)
+	//dnsDomainName := attribute(infoBytes)
+	//dnsComputerName := attribute(infoBytes)
+	//dnsTreeName := attribute(infoBytes)
+	logger.Success(fmt.Sprintf("%v:%v %v", ip, port, osVersion))
+	//logger.Info(fmt.Sprintf("NetBios (%v) DomainName (%v) ComputerName (%v)", netBoisDomainName, dnsDomainName, dnsComputerName))
+	return true, osVersion
+}
+
+func osDigits(ip string) string {
+	conn, err := net.DialTimeout("tcp", fmt.Sprintf("%v:%v", ip, 135), time.Second*5)
+	if err != nil {
+		return ""
+	}
+	conn.Write([]byte(v1))
+	var buffer = make([]byte, 1024)
+	conn.Read(buffer)
+	var digits = "x86"
+	if bytes.Contains(buffer, []byte("\x33\x05\x71\x71\xBA\xBE\x37\x49\x83\x19\xB5\xDB\xEF\x9C\xCC\x36")) {
+		digits = "x64"
+	}
+	return digits
+}
+
+func attribute(info []byte) string {
+	nameLength := int(binary.LittleEndian.Uint16(info[length+2 : length+4]))
+	name := bytes.Replace(info[length+4:length+4+nameLength], []byte("\x00"), []byte(""), -1)
+	length = length + 4 + nameLength
+	return string(name)
+}
--- a/core/plugin/eternalblue.go
+++ b/core/plugin/eternalblue.go
@@ -112,12 +112,8 @@ func RequestMs17010(conn net.Conn, ip string) (bool, error) {
 	}

 	if reply[9] == 0x05 && reply[10] == 0x02 && reply[11] == 0x00 && reply[12] == 0xc0 {
-		//fmt.Printf("%s\tMS17-010\t(%s)\n", ip, os)
-		//if runtime.GOOS=="windows" {fmt.Printf("%s\tMS17-010\t(%s)\n", ip, os)
-		//} else{fmt.Printf("\033[33m%s\tMS17-010\t(%s)\033[0m\n", ip, os)}
-		//color.Magenta("%s\tMS17-010\t(%s)\n", ip, os)
+
 		logger.Info(fmt.Sprintf("%v Find MS17010 (%s)", ip, os))
-		// detect present of DOUBLEPULSAR SMB implant
 		trans2SessionSetupRequest[28] = treeID[0]
 		trans2SessionSetupRequest[29] = treeID[1]
 		trans2SessionSetupRequest[32] = userID[0]
--- a/core/plugin/nbns_test.go
+++ b/core/plugin/nbns_test.go
@@ -0,0 +1,7 @@
+package plugin
+
+import "testing"
+
+func TestNbnsScanConn(t *testing.T) {
+
+}
--- a/result.txt
+++ b/result.txt
@@ -1158,3 +1158,249 @@
 [+] [LAPTOP-ESQC1EPT 192.168.23.1 192.168.248.1 2.0.0.1 192.168.0.184]
 [+] 192.168.248.1 Find CVE-2020-0796
 [*] Yasso scan complete
+[*] 192.168.248.1 is alive (ping)
+[*] 192.168.248.1:135 is open
+[*] 192.168.248.1:25 is open
+[*] 192.168.248.1:445 is open
+[*] 192.168.248.1:139 is open
+[*] 192.168.248.1:110 is open
+[*] 192.168.248.1:8443 is open
+[+] https://192.168.248.1:8443 200  [Apache2 Ubuntu Default Page: It works]
+[+] [192.168.248.1:445]
+[10.0.19041 (version) || LAPTOP-ESQC1EPT (FQDN Name) ||LAPTOP-ESQC1EPT (Domain Name) ||LAPTOP-ESQC1EPT (Netbios Name)]
+[+] [LAPTOP-ESQC1EPT 192.168.0.184 192.168.23.1 192.168.248.1 2.0.0.1]
+[+] 192.168.248.1 Find CVE-2020-0796
+[*] Yasso scan complete
+[*] 192.168.248.207 is alive (ping)
+[*] 192.168.248.206 is alive (ping)
+[*] 192.168.248.203 is alive (ping)
+[*] 192.168.248.1 is alive (ping)
+[*] 192.168.248.207:22 is open
+[*] 192.168.248.206:135 is open
+[*] 192.168.248.206:139 is open
+[*] 192.168.248.206:3389 is open
+[*] 192.168.248.206:445 is open
+[*] 192.168.248.203:22 is open
+[*] 192.168.248.1:135 is open
+[*] 192.168.248.1:139 is open
+[*] 192.168.248.1:445 is open
+[*] 192.168.248.206:3389 [Windows 10/Windows 11/Windows Server 2019]
+[*] 192.168.248.203:22 [SSH-2.0-OpenSSH_8.9p1\x20Debian-3]
+[+] brute 192.168.248.203:22 success [root:kali][ssh]
+[*] 192.168.248.207:22 [SSH-2.0-OpenSSH_7.4]
+[+] [192.168.248.206:137] WORKGROUP\DESKTOP-Q258H04
+[+] [192.168.248.206:445]
+[10.0.19041 (version) || DESKTOP-Q258H04 (FQDN Name) ||DESKTOP-Q258H04 (Domain Name) ||DESKTOP-Q258H04 (Netbios Name)]
+[+] [DESKTOP-Q258H04 192.168.248.206]
+[+] [192.168.248.1:445]
+[10.0.19041 (version) || LAPTOP-ESQC1EPT (FQDN Name) ||LAPTOP-ESQC1EPT (Domain Name) ||LAPTOP-ESQC1EPT (Netbios Name)]
+[+] [LAPTOP-ESQC1EPT 192.168.100.175 192.168.23.1 192.168.248.1 2.0.0.1]
+[+] 192.168.248.206 Find CVE-2020-0796
+[+] 192.168.248.1 Find CVE-2020-0796
+[*] Yasso scan complete
+[*] 192.168.248.1 is alive (ping)
+[*] 192.168.248.1:8443 is open
+[*] 192.168.248.1:135 is open
+[*] 192.168.248.1:139 is open
+[*] 192.168.248.1:445 is open
+[*] 192.168.248.1:8080 is open
+[+] http://192.168.248.1:8080 200 [Node.js]  [None]
+[+] https://192.168.248.1:8443 200  [Apache2 Ubuntu Default Page: It works]
+[+] [192.168.248.1:445]
+[10.0.19041 (version) || LAPTOP-ESQC1EPT (FQDN Name) ||LAPTOP-ESQC1EPT (Domain Name) ||LAPTOP-ESQC1EPT (Netbios Name)]
+[+] [LAPTOP-ESQC1EPT 192.168.23.1 192.168.248.1 192.168.100.175 2.0.0.1]
+[+] 192.168.248.1 Find CVE-2020-0796
+[*] Yasso scan complete
+[*] 192.168.248.1 is alive (ping)
+[*] 192.168.248.1:135 is open
+[*] 192.168.248.1:139 is open
+[*] 192.168.248.1:445 is open
+[+] [192.168.248.1:445]
+[10.0.19041 (version) || LAPTOP-ESQC1EPT (FQDN Name) ||LAPTOP-ESQC1EPT (Domain Name) ||LAPTOP-ESQC1EPT (Netbios Name)]
+[+] [LAPTOP-ESQC1EPT 192.168.23.1 192.168.248.1 192.168.100.175 2.0.0.1]
+[+] 192.168.248.1 Find CVE-2020-0796
+[*] Yasso scan complete
+[*] 192.168.248.203 is alive (ping)
+[*] 192.168.248.217 is alive (ping)
+[*] 192.168.248.1 is alive (ping)
+[*] 192.168.248.203:22 is open
+[*] 192.168.248.203:445 is open
+[*] 192.168.248.203:139 is open
+[*] 192.168.248.217:3389 is open
+[*] 192.168.248.217:135 is open
+[*] 192.168.248.217:139 is open
+[*] 192.168.248.217:445 is open
+[*] 192.168.248.1:135 is open
+[*] 192.168.248.1:139 is open
+[*] 192.168.248.1:445 is open
+[*] 192.168.248.203:22 [SSH-2.0-OpenSSH_8.9p1\x20Debian-3]
+[+] brute 192.168.248.203:22 success [root:kali][ssh]
+[*] smb 192.168.248.203 unauthorized
+[*] 192.168.248.217:3389 [Windows 10/Windows 11/Windows Server 2019]
+[+] [192.168.248.203:445]
+[6.1.0 (version) || kali (FQDN Name) ||KALI (Domain Name) ||KALI (Netbios Name)]
+[+] [192.168.248.217:137] WORKGROUP\DESKTOP-Q258H04
+[+] [192.168.248.217:445]
+[10.0.19041 (version) || DESKTOP-Q258H04 (FQDN Name) ||DESKTOP-Q258H04 (Domain Name) ||DESKTOP-Q258H04 (Netbios Name)]
+[+] [DESKTOP-Q258H04 192.168.248.217]
+[+] [192.168.248.1:445]
+[10.0.19041 (version) || LAPTOP-ESQC1EPT (FQDN Name) ||LAPTOP-ESQC1EPT (Domain Name) ||LAPTOP-ESQC1EPT (Netbios Name)]
+[+] [LAPTOP-ESQC1EPT 192.168.23.1 192.168.248.1 192.168.100.175 2.0.0.1]
+[+] 192.168.248.217 Find CVE-2020-0796
+[+] 192.168.248.1 Find CVE-2020-0796
+[*] Yasso scan complete
+[*] 192.168.248.1 is alive (ping)
+[*] 192.168.248.212 is alive (ping)
+[*] 192.168.248.223 is alive (ping)
+[*] 192.168.248.203 is alive (ping)
+[*] 192.168.248.1:135 is open
+[*] 192.168.248.1:445 is open
+[*] 192.168.248.1:139 is open
+[*] 192.168.248.212:53 is open
+[*] 192.168.248.223:135 is open
+[*] 192.168.248.223:139 is open
+[*] 192.168.248.223:445 is open
+[*] 192.168.248.223:3389 is open
+[*] 192.168.248.203:445 is open
+[*] 192.168.248.203:22 is open
+[*] 192.168.248.203:139 is open
+[*] 192.168.248.223:3389 [Windows 10/Windows 11/Windows Server 2019]
+[*] 192.168.248.203:22 [SSH-2.0-OpenSSH_8.9p1\x20Debian-3]
+[+] brute 192.168.248.203:22 success [kali:kali][ssh]
+[*] smb 192.168.248.203 unauthorized
+[+] [192.168.248.1:445]
+[10.0.19041 (version) || LAPTOP-ESQC1EPT (FQDN Name) ||LAPTOP-ESQC1EPT (Domain Name) ||LAPTOP-ESQC1EPT (Netbios Name)]
+[+] [LAPTOP-ESQC1EPT 192.168.248.1 192.168.100.175 192.168.23.1 2.0.0.1]
+[+] [192.168.248.212:137] KLION\DC02 [[31;1mDomain Controllers[0m]
+[+] [192.168.248.212:445]
+[6.3.9600 (version) || Dc02.klion.local (FQDN Name) ||KLION (Domain Name) ||DC02 (Netbios Name)]
+[+] [Dc02 192.168.248.212]
+[+] [192.168.248.223:137] WORKGROUP\DESKTOP-Q258H04
+[+] [192.168.248.223:445]
+[10.0.19041 (version) || DESKTOP-Q258H04 (FQDN Name) ||DESKTOP-Q258H04 (Domain Name) ||DESKTOP-Q258H04 (Netbios Name)]
+[+] [DESKTOP-Q258H04 192.168.248.223]
+[+] [192.168.248.203:445]
+[6.1.0 (version) || kali (FQDN Name) ||KALI (Domain Name) ||KALI (Netbios Name)]
+[+] 192.168.248.1 Find CVE-2020-0796
+[*] 192.168.248.212 Find MS17010 (Windows Server 2012 R2 Standard 9600)
+[+] 192.168.248.223 Find CVE-2020-0796
+[*] Yasso scan complete
+[*] 192.168.248.1 is alive (ping)
+[*] 192.168.248.223 is alive (ping)
+[*] 192.168.248.203 is alive (ping)
+[*] 192.168.248.212 is alive (ping)
+[*] 192.168.248.223:135 is open
+[*] 192.168.248.223:139 is open
+[*] 192.168.248.223:445 is open
+[*] 192.168.248.223:3389 is open
+[*] 192.168.248.1:139 is open
+[*] 192.168.248.1:135 is open
+[*] 192.168.248.1:445 is open
+[*] 192.168.248.203:445 is open
+[*] 192.168.248.203:22 is open
+[*] 192.168.248.203:139 is open
+[*] 192.168.248.212:88 is open
+[*] 192.168.248.212:139 is open
+[*] 192.168.248.212:135 is open
+[*] 192.168.248.212:445 is open
+[*] 192.168.248.212:3389 is open
+[*] 192.168.248.212:80 is open
+[*] 192.168.248.212:53 is open
+[*] 192.168.248.212:389 is open
+[*] 192.168.248.212:49155 is open
+[*] 192.168.248.223:3389 [Windows 10/Windows 11/Windows Server 2019]
+[*] 192.168.248.203:22 [SSH-2.0-OpenSSH_8.9p1\x20Debian-3]
+[+] brute 192.168.248.203:22 success [root:kali][ssh]
+[*] smb 192.168.248.203 unauthorized
+[+] http://192.168.248.212 200 [IIS]  [IIS Windows Server]
+[*] 192.168.248.212:3389 [Windows 10/Windows 11/Windows Server 2019]
+[+] [192.168.248.1:445]
+[10.0.19041 (version) || LAPTOP-ESQC1EPT (FQDN Name) ||LAPTOP-ESQC1EPT (Domain Name) ||LAPTOP-ESQC1EPT (Netbios Name)]
+[+] [LAPTOP-ESQC1EPT 192.168.248.1 192.168.100.175 192.168.23.1 2.0.0.1]
+[*] Windows Verison 10.0 Build 19041 x64
+[*] NetBios (LAPTOP-ESQC1EPT) DomainName (LAPTOP-ESQC1EPT) ComputerName (LAPTOP-ESQC1EPT)
+[+] [192.168.248.223:137] WORKGROUP\DESKTOP-Q258H04
+[+] [192.168.248.223:445]
+[10.0.19041 (version) || DESKTOP-Q258H04 (FQDN Name) ||DESKTOP-Q258H04 (Domain Name) ||DESKTOP-Q258H04 (Netbios Name)]
+[+] [DESKTOP-Q258H04 192.168.248.223]
+[*] Windows Verison 10.0 Build 19041 x64
+[*] NetBios (DESKTOP-Q258H04) DomainName (úÒöÃ‚Ø) ComputerName ()
+[+] [192.168.248.203:445]
+[6.1.0 (version) || kali (FQDN Name) ||KALI (Domain Name) ||KALI (Netbios Name)]
+[+] [192.168.248.212:137] KLION\DC02 [[31;1mDomain Controllers[0m]
+[+] [192.168.248.212:445]
+[6.3.9600 (version) || Dc02.klion.local (FQDN Name) ||KLION (Domain Name) ||DC02 (Netbios Name)]
+[+] [Dc02 192.168.248.212]
+[*] Windows Verison 6.3 Build 9600 x64
+[*] NetBios () DomainName () ComputerName ()
+[+] 192.168.248.1 Find CVE-2020-0796
+[+] 192.168.248.223 Find CVE-2020-0796
+[*] 192.168.248.212 Find MS17010 (Windows Server 2012 R2 Standard 9600)
+[*] Yasso scan complete
+[*] 192.168.248.212 is alive (ping)
+[*] 192.168.248.212:53 is open
+[*] 192.168.248.212:139 is open
+[*] 192.168.248.212:445 is open
+[*] 192.168.248.212:135 is open
+[*] 192.168.248.212:88 is open
+[*] 192.168.248.212:80 is open
+[*] 192.168.248.212:49155 is open
+[*] 192.168.248.212:389 is open
+[*] 192.168.248.212:3389 is open
+[+] http://192.168.248.212 200 [IIS]  [IIS Windows Server]
+[*] 192.168.248.212:3389 [Windows 10/Windows 11/Windows Server 2019]
+[+] [192.168.248.212:137] KLION\DC02 [[31;1mDomain Controllers[0m]
+[+] [192.168.248.212:445]
+[6.3.9600 (version) || Dc02.klion.local (FQDN Name) ||KLION (Domain Name) ||DC02 (Netbios Name)]
+[+] [Dc02 192.168.248.212]
+[+] Windows Verison 6.3 Build 9600 x64
+[*] 192.168.248.212 Find MS17010 (Windows Server 2012 R2 Standard 9600)
+[*] Yasso scan complete
+[*] 192.168.248.212 is alive (ping)
+[*] 192.168.248.212:3389 is open
+[*] 192.168.248.212:53 is open
+[*] 192.168.248.212:49155 is open
+[*] 192.168.248.212:139 is open
+[*] 192.168.248.212:445 is open
+[*] 192.168.248.212:389 is open
+[*] 192.168.248.212:80 is open
+[*] 192.168.248.212:135 is open
+[*] 192.168.248.212:88 is open
+[+] http://192.168.248.212 200 [IIS]  [IIS Windows Server]
+[*] 192.168.248.212:3389 [Windows 10/Windows 11/Windows Server 2019]
+[+] [192.168.248.212:137] KLION\DC02 [[31;1mDomain Controllers[0m]
+[+] [192.168.248.212:445]
+[6.3.9600 (version) || Dc02.klion.local (FQDN Name) ||KLION (Domain Name) ||DC02 (Netbios Name)]
+[+] [Dc02 192.168.248.212]
+[+] %!v(MISSING):%!v(MISSING) %!v(MISSING) 192.168.248.212 135 Windows Verison 6.3 Build 9600 x64
+[*] 192.168.248.212 Find MS17010 (Windows Server 2012 R2 Standard 9600)
+[*] Yasso scan complete
+[*] 192.168.248.212 is alive (ping)
+[*] 192.168.248.212:53 is open
+[*] 192.168.248.212:445 is open
+[*] 192.168.248.212:49155 is open
+[*] 192.168.248.212:88 is open
+[*] 192.168.248.212:139 is open
+[*] 192.168.248.212:135 is open
+[*] 192.168.248.212:3389 is open
+[*] 192.168.248.212:389 is open
+[*] 192.168.248.212:80 is open
+[+] http://192.168.248.212 200 [IIS]  [IIS Windows Server]
+[*] 192.168.248.212:3389 [Windows 10/Windows 11/Windows Server 2019]
+[+] [192.168.248.212:137] KLION\DC02 [[31;1mDomain Controllers[0m]
+[+] [192.168.248.212:445]
+[6.3.9600 (version) || Dc02.klion.local (FQDN Name) ||KLION (Domain Name) ||DC02 (Netbios Name)]
+[+] [Dc02 192.168.248.212]
+[+] 192.168.248.212:135 Windows Verison 6.3 Build 9600 x64
+[*] 192.168.248.212 Find MS17010 (Windows Server 2012 R2 Standard 9600)
+[*] Yasso scan complete
+[*] 192.168.248.1 is alive (ping)
+[*] 192.168.248.1:135 is open
+[*] 192.168.248.1:445 is open
+[*] 192.168.248.1:139 is open
+[+] [192.168.248.1:445]
+[10.0.19041 (version) || LAPTOP-ESQC1EPT (FQDN Name) ||LAPTOP-ESQC1EPT (Domain Name) ||LAPTOP-ESQC1EPT (Netbios Name)]
+[+] [LAPTOP-ESQC1EPT 192.168.248.1 192.168.100.175 192.168.23.1 2.0.0.1]
+[+] 192.168.248.1:135 Windows Verison 10.0 Build 19041 x64
+[+] 192.168.248.1 Find CVE-2020-0796
+[*] Yasso scan complete