Information Gathering for Local Network ~ Information Technology Security Blog

Scanning active Ip and Service

nmap 192.168.0.1/24

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-25 17:00 WIT

Nmap scan report for 192.168.0.21

Host is up (0.00086s latency).

Not shown: 995 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

139/tcp open netbios-ssn

445/tcp open microsoft-ds

10000/tcp open snet-sensor-mgmt

MAC Address: 08:00:27:F9:C1:BB (Cadmus Computer Systems)

Nmap scan report for 192.168.0.26 (Irwan)

Host is up (0.000094s latency).

Not shown: 997 closed ports

PORT STATE SERVICE

139/tcp open netbios-ssn

445/tcp open microsoft-ds

902/tcp open iss-realsecure

MAC Address: 00:1E:33:FA:5A:95 (Inventec)

Nmap scan report for 192.168.0.27 (ryan e)

Host is up (0.000089s latency).

Not shown: 997 closed ports

PORT STATE SERVICE

139/tcp open netbios-ssn

445/tcp open microsoft-ds

902/tcp open iss-realsecure

MAC Address: 14:DA:E9:61:17:0B (Asustek Computer)

Nmap scan report for 192.168.0.29 (yuza)

Host is up (0.000079s latency).

Not shown: 997 closed ports

PORT STATE SERVICE

139/tcp open netbios-ssn

445/tcp open microsoft-ds

902/tcp open iss-realsecure

MAC Address: 00:1E:EC:C4:7D:D0 (Compal Information (kunshan) CO.)

Nmap scan report for 192.168.0.34

Host is up (0.000013s latency).

Not shown: 997 closed ports

PORT STATE SERVICE

139/tcp open netbios-ssn

445/tcp open microsoft-ds

902/tcp open iss-realsecure

Nmap scan report for 192.168.0.36

Host is up (0.00013s latency).

Not shown: 996 closed ports

PORT STATE SERVICE

80/tcp open http

139/tcp open netbios-ssn

445/tcp open microsoft-ds

902/tcp open iss-realsecure

MAC Address: 00:26:22:9C:0E:8E (Compal Information (kunshan) CO.)

Nmap scan report for 192.168.0.40

Host is up (0.00023s latency).

Not shown: 997 closed ports

PORT STATE SERVICE

22/tcp open ssh

80/tcp open http

6566/tcp open sane-port

MAC Address: 10:78:D2:36:65:A4 (Elitegroup Computer System CO.)

Nmap scan report for 192.168.0.42

Host is up (0.00016s latency).

Not shown: 997 closed ports

PORT STATE SERVICE

139/tcp open netbios-ssn

445/tcp open microsoft-ds

902/tcp open iss-realsecure

MAC Address: 00:23:5A:E2:66:0F (Compal Information (kunshan) CO.)

Nmap scan report for 192.168.0.43

Host is up (0.00018s latency).

Not shown: 996 closed ports

PORT STATE SERVICE

80/tcp open http

139/tcp open netbios-ssn

445/tcp open microsoft-ds

902/tcp open iss-realsecure

MAC Address: 00:1B:24:54:44:45 (Quanta Computer)

Nmap scan report for 192.168.0.44

Host is up (0.00027s latency).

Not shown: 996 closed ports

PORT STATE SERVICE

80/tcp open http

139/tcp open netbios-ssn

445/tcp open microsoft-ds

902/tcp open iss-realsecure

MAC Address: 14:DA:E9:5D:39:F1 (Asustek Computer)

Nmap scan report for 192.168.0.45 (ryan)

Host is up (0.000092s latency).

Not shown: 997 closed ports

PORT STATE SERVICE

139/tcp open netbios-ssn

445/tcp open microsoft-ds

902/tcp open iss-realsecure

MAC Address: 3C:D9:2B:1A:35:0E (Hewlett-Packard Company)

Nmap done: 256 IP addresses (11 hosts up) scanned in 42.42 seconds

Scanning Service

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-25 17:19 WIT

NSE: Loaded 87 scripts for scanning.

NSE: Script Pre-scanning.

Initiating ARP Ping Scan at 17:19

Scanning 34 hosts [1 port/host]

Completed ARP Ping Scan at 17:19, 0.66s elapsed (34 total hosts)

Initiating Parallel DNS resolution of 34 hosts. at 17:19

Completed Parallel DNS resolution of 34 hosts. at 17:19, 13.00s elapsed

Initiating Parallel DNS resolution of 1 host. at 17:19

Completed Parallel DNS resolution of 1 host. at 17:19, 13.00s elapsed

Initiating SYN Stealth Scan at 17:19

Scanning 3 hosts [1000 ports/host]

Nmap scan report for 192.168.0.21

Host is up (0.00038s latency).

Not shown: 995 closed ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)

| ssh-hostkey: 1024 e4:46:40:bf:e6:29:ac:c6:00:e2:b2:a3:e1:50:90:3c (DSA)

|_2048 10:cc:35:45:8e:f2:7a:a1:cc:db:a0:e8:bf:c7:73:3d (RSA)

80/tcp open http Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6)

|_http-methods: No Allow or Public header in OPTIONS response (status code 200)

|_http-title: Site doesn't have a title (text/html).

139/tcp open netbios-ssn Samba smbd 3.X (workgroup: MSHOME)

445/tcp open netbios-ssn Samba smbd 3.X (workgroup: MSHOME)

10000/tcp open http MiniServ 0.01 (Webmin httpd)

|_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).

|_http-methods: No Allow or Public header in OPTIONS response (status code 200)

|_http-favicon: Unknown favicon MD5: 1F4BAEFFD3C738F5BEDC24B7B6B43285

MAC Address: 08:00:27:F9:C1:BB (Cadmus Computer Systems)

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:kernel:2.6.22

OS details: Linux 2.6.22 (embedded, ARM)

Uptime guess: 0.047 days (since Wed Jan 25 16:12:00 2012)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=200 (Good luck!)

IP ID Sequence Generation: All zeros

Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

Host script results:

| nbstat:

| NetBIOS name: UBUNTUVM, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>

| Names

| UBUNTUVM<00> Flags: <unique><active>

| UBUNTUVM<03> Flags: <unique><active>

| UBUNTUVM<20> Flags: <unique><active>

| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>

| MSHOME<1d> Flags: <unique><active>

| MSHOME<1e> Flags: <group><active>

|_ MSHOME<00> Flags: <group><active>

| smb-security-mode:

| Account that was used for smb scripts: guest

| User-level authentication

| SMB Security: Challenge/response passwords supported

|_ Message signing disabled (dangerous, but default)

|_smbv2-enabled: Server doesn't support SMBv2 protocol

| smb-os-discovery:

| OS: Unix (Samba 3.0.26a)

| Computer name: ubuntuvm

| Domain name: nsdlab

| FQDN: ubuntuvm.NSDLAB

| NetBIOS computer name:

|_ System time: 2012-01-26 00:19:45 UTC-6

TRACEROUTE

HOP RTT ADDRESS

1 0.38 ms 192.168.0.21

Nmap scan report for 192.168.0.26

Host is up (0.00016s latency).

Not shown: 997 closed ports

PORT STATE SERVICE VERSION

139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)

|_ssl-cert: ERROR

MAC Address: 00:1E:33:FA:5A:95 (Inventec)

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:kernel:2.6

OS details: Linux 2.6.38 - 2.6.39

Uptime guess: 0.046 days (since Wed Jan 25 16:12:55 2012)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=189 (Good luck!)

IP ID Sequence Generation: All zeros

Host script results:

| smb-security-mode:

| Account that was used for smb scripts: guest

| User-level authentication

| SMB Security: Challenge/response passwords supported

|_ Message signing disabled (dangerous, but default)

|_smbv2-enabled: Server doesn't support SMBv2 protocol

| nbstat:

| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>

| Names

| BT<00> Flags: <unique><active>

| BT<03> Flags: <unique><active>

| BT<20> Flags: <unique><active>

| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>

| WORKGROUP<1d> Flags: <unique><active>

| WORKGROUP<1e> Flags: <group><active>

|_ WORKGROUP<00> Flags: <group><active>

| smb-os-discovery:

| OS: Unix (Samba 3.4.7)

| Computer name: bt

| Domain name: foo.org

| FQDN: bt.foo.org

| NetBIOS computer name:

|_ System time: 2012-01-26 05:24:38 UTC+7

TRACEROUTE

HOP RTT ADDRESS

1 0.16 ms 192.168.0.26

Nmap scan report for 192.168.0.29

Host is up (0.00022s latency).

Not shown: 997 closed ports

PORT STATE SERVICE VERSION

139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)

|_ssl-cert: ERROR

MAC Address: 00:1E:EC:C4:7D:D0 (Compal Information (kunshan) CO.)

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:kernel:2.6

OS details: Linux 2.6.38 - 2.6.39

Uptime guess: 0.047 days (since Wed Jan 25 16:11:35 2012)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=203 (Good luck!)

IP ID Sequence Generation: All zeros

Host script results:

| nbstat:

| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>

| Names

| BT<00> Flags: <unique><active>

| BT<03> Flags: <unique><active>

| BT<20> Flags: <unique><active>

| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>

| WORKGROUP<1d> Flags: <unique><active>

| WORKGROUP<1e> Flags: <group><active>

|_ WORKGROUP<00> Flags: <group><active>

| smb-security-mode:

| Account that was used for smb scripts: guest

| User-level authentication

| SMB Security: Challenge/response passwords supported

|_ Message signing disabled (dangerous, but default)

|_smbv2-enabled: Server doesn't support SMBv2 protocol

| smb-os-discovery:

| OS: Unix (Samba 3.4.7)

| Computer name: bt

| Domain name: foo.org

| FQDN: bt.foo.org

| NetBIOS computer name:

|_ System time: 2012-01-25 17:21:48 UTC+7

TRACEROUTE

HOP RTT ADDRESS

1 0.22 ms 192.168.0.29

Initiating ARP Ping Scan at 17:19

Scanning 221 hosts [1 port/host]

Completed ARP Ping Scan at 17:19, 1.87s elapsed (221 total hosts)

Initiating Parallel DNS resolution of 221 hosts. at 17:19

Completed Parallel DNS resolution of 221 hosts. at 17:20, 13.00s elapsed

Initiating SYN Stealth Scan at 17:20

Scanning 192.168.0.34 [1000 ports]

Discovered open port 445/tcp on 192.168.0.34

Discovered open port 139/tcp on 192.168.0.34

Discovered open port 902/tcp on 192.168.0.34

Completed SYN Stealth Scan at 17:20, 0.09s elapsed (1000 total ports)

Initiating Service scan at 17:20

Scanning 3 services on 192.168.0.34

Completed Service scan at 17:20, 11.01s elapsed (3 services on 1 host)

Initiating OS detection (try #1) against 192.168.0.34

NSE: Script scanning 192.168.0.34.

Initiating NSE at 17:20

Completed NSE at 17:20, 0.06s elapsed

Nmap scan report for 192.168.0.34

Host is up (0.000051s latency).

Not shown: 997 closed ports

PORT STATE SERVICE VERSION

139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)

|_ssl-cert: ERROR

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:kernel:2.6

OS details: Linux 2.6.19 - 2.6.39

Uptime guess: 0.046 days (since Wed Jan 25 16:13:53 2012)

Network Distance: 0 hops

TCP Sequence Prediction: Difficulty=202 (Good luck!)

IP ID Sequence Generation: All zeros

Host script results:

| nbstat:

| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>

| Names

| BT<00> Flags: <unique><active>

| BT<03> Flags: <unique><active>

| BT<20> Flags: <unique><active>

| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>

| WORKGROUP<1d> Flags: <unique><active>

| WORKGROUP<1e> Flags: <group><active>

|_ WORKGROUP<00> Flags: <group><active>

|_smbv2-enabled: Server doesn't support SMBv2 protocol

| smb-security-mode:

| Account that was used for smb scripts: guest

| User-level authentication

| SMB Security: Challenge/response passwords supported

|_ Message signing disabled (dangerous, but default)

| smb-os-discovery:

| OS: Unix (Samba 3.4.7)

| Computer name: bt

| Domain name: foo.org

| FQDN: bt.foo.org

| NetBIOS computer name:

|_ System time: 2012-01-25 17:20:19 UTC+7

Initiating SYN Stealth Scan at 17:20

Scanning 7 hosts [1000 ports/host]

Completed SYN Stealth Scan against 192.168.0.35 in 0.39s (6 hosts left)

Completed SYN Stealth Scan against 192.168.0.36 in 0.39s (5 hosts left)

Completed SYN Stealth Scan against 192.168.0.40 in 0.39s (4 hosts left)

Completed SYN Stealth Scan against 192.168.0.42 in 0.39s (3 hosts left)

Completed SYN Stealth Scan against 192.168.0.43 in 0.39s (2 hosts left)

Completed SYN Stealth Scan against 192.168.0.44 in 0.39s (1 host left)

Completed SYN Stealth Scan at 17:20, 0.39s elapsed (7000 total ports)

Initiating Service scan at 17:20

Scanning 24 services on 7 hosts

Completed Service scan at 17:20, 11.02s elapsed (24 services on 7 hosts)

Initiating OS detection (try #1) against 7 hosts

Retrying OS detection (try #2) against 192.168.0.40

Retrying OS detection (try #3) against 192.168.0.40

Retrying OS detection (try #4) against 192.168.0.40

Retrying OS detection (try #5) against 192.168.0.40

NSE: Script scanning 7 hosts.

Initiating NSE at 17:20

Completed NSE at 17:20, 0.56s elapsed

Nmap scan report for 192.168.0.35

Host is up (0.00031s latency).

Not shown: 997 closed ports

PORT STATE SERVICE VERSION

139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)

|_ssl-cert: ERROR

MAC Address: 3C:D9:2B:20:36:02 (Hewlett-Packard Company)

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:kernel:2.6

OS details: Linux 2.6.38 - 2.6.39

Uptime guess: 0.014 days (since Wed Jan 25 17:00:19 2012)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=201 (Good luck!)

IP ID Sequence Generation: All zeros

Host script results:

| nbstat:

| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>

| Names

| BT<00> Flags: <unique><active>

| BT<03> Flags: <unique><active>

| BT<20> Flags: <unique><active>

| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>

| WORKGROUP<1d> Flags: <unique><active>

| WORKGROUP<1e> Flags: <group><active>

|_ WORKGROUP<00> Flags: <group><active>

|_smbv2-enabled: Server doesn't support SMBv2 protocol

| smb-security-mode:

| Account that was used for smb scripts: guest

| User-level authentication

| SMB Security: Challenge/response passwords supported

|_ Message signing disabled (dangerous, but default)

| smb-os-discovery:

| OS: Unix (Samba 3.4.7)

| Computer name: bt

| Domain name: foo.org

| FQDN: bt.foo.org

| NetBIOS computer name:

|_ System time: 2012-01-25 17:22:52 UTC+7

TRACEROUTE

HOP RTT ADDRESS

1 0.31 ms 192.168.0.35

Nmap scan report for 192.168.0.36

Host is up (0.00021s latency).

Not shown: 996 closed ports

PORT STATE SERVICE VERSION

80/tcp open http Apache httpd 2.2.14 ((Ubuntu))

|_http-title: Site doesn't have a title (text/html).

|_http-methods: GET HEAD POST OPTIONS

139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)

|_ssl-cert: ERROR

MAC Address: 00:26:22:9C:0E:8E (Compal Information (kunshan) CO.)

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:kernel:2.6

OS details: Linux 2.6.38 - 2.6.39

Uptime guess: 0.038 days (since Wed Jan 25 16:25:58 2012)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=201 (Good luck!)

IP ID Sequence Generation: All zeros

Host script results:

|_smbv2-enabled: Server doesn't support SMBv2 protocol

| nbstat:

| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>

| Names

| BT<00> Flags: <unique><active>

| BT<03> Flags: <unique><active>

| BT<20> Flags: <unique><active>

| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>

| WORKGROUP<1d> Flags: <unique><active>

| WORKGROUP<1e> Flags: <group><active>

|_ WORKGROUP<00> Flags: <group><active>

| smb-security-mode:

| Account that was used for smb scripts: guest

| User-level authentication

| SMB Security: Challenge/response passwords supported

|_ Message signing disabled (dangerous, but default)

| smb-os-discovery:

| OS: Unix (Samba 3.4.7)

| Computer name: bt

| Domain name: foo.org

| FQDN: bt.foo.org

| NetBIOS computer name:

|_ System time: 2012-01-25 17:20:44 UTC+7

TRACEROUTE

HOP RTT ADDRESS

1 0.21 ms 192.168.0.36

Nmap scan report for 192.168.0.40

Host is up (0.00023s latency).

Not shown: 997 closed ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 5.5p1 Debian 4ubuntu6 (protocol 2.0)

| ssh-hostkey: 1024 1b:bc:bb:7c:5d:22:57:10:e0:1e:b1:e0:da:ab:5e:7e (DSA)

|_2048 d1:7d:e9:a8:58:83:f6:1c:82:b4:f1:98:2d:7f:58:30 (RSA)

80/tcp open http Apache httpd 2.2.16 ((Ubuntu))

|_http-methods: GET HEAD POST OPTIONS

|_http-title: Index of /

6566/tcp open tcpwrapped

MAC Address: 10:78:D2:36:65:A4 (Elitegroup Computer System CO.)

No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).

TCP/IP fingerprint:

OS:SCAN(V=5.61TEST4%E=4%D=1/25%OT=22%CT=1%CU=36048%PV=Y%DS=1%DC=D%G=Y%M=107

OS:8D2%TM=4F1FD77F%P=i686-pc-linux-gnu)SEQ(SP=103%GCD=1%ISR=107%TI=Z%CI=Z%I

OS:I=I%TS=8)OPS(O1=M5B4ST11NW6%O2=M5B4ST11NW6%O3=M5B4NNT11NW6%O4=M5B4ST11NW

OS:6%O5=M5B4ST11NW6%O6=M5B4ST11)WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0

OS:%W6=16A0)ECN(R=Y%DF=Y%T=41%W=16D0%O=M5B4NNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=41%

OS:S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=Y%DF=Y%T=41%W=16A0%S=O%A=S+%F=AS%O=M5B

OS:4ST11NW6%RD=0%Q=)T4(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y

OS:%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R%O=%R

OS:D=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=41%IP

OS:L=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=41%CD=S)

Uptime guess: 0.057 days (since Wed Jan 25 15:58:09 2012)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=259 (Good luck!)

IP ID Sequence Generation: All zeros

Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

TRACEROUTE

HOP RTT ADDRESS

1 0.23 ms 192.168.0.40

Nmap scan report for 192.168.0.42

Host is up (0.00023s latency).

Not shown: 997 closed ports

PORT STATE SERVICE VERSION

139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)

|_ssl-cert: ERROR

MAC Address: 00:23:5A:E2:66:0F (Compal Information (kunshan) CO.)

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:kernel:2.6

OS details: Linux 2.6.38 - 2.6.39

Uptime guess: 0.049 days (since Wed Jan 25 16:10:29 2012)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=206 (Good luck!)

IP ID Sequence Generation: All zeros

Host script results:

|_smbv2-enabled: Server doesn't support SMBv2 protocol

| nbstat:

| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>

| Names

| BT<00> Flags: <unique><active>

| BT<03> Flags: <unique><active>

| BT<20> Flags: <unique><active>

| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>

| WORKGROUP<1d> Flags: <unique><active>

| WORKGROUP<1e> Flags: <group><active>

|_ WORKGROUP<00> Flags: <group><active>

| smb-security-mode:

| Account that was used for smb scripts: guest

| User-level authentication

| SMB Security: Challenge/response passwords supported

|_ Message signing disabled (dangerous, but default)

| smb-os-discovery:

| OS: Unix (Samba 3.4.7)

| Computer name: bt

| Domain name: foo.org

| FQDN: bt.foo.org

| NetBIOS computer name:

|_ System time: 2012-01-26 17:13:23 UTC+7

TRACEROUTE

HOP RTT ADDRESS

1 0.23 ms 192.168.0.42

Nmap scan report for 192.168.0.43

Host is up (0.00029s latency).

Not shown: 996 closed ports

PORT STATE SERVICE VERSION

80/tcp open http Apache httpd 2.2.14 ((Ubuntu))

|_http-title: Site doesn't have a title (text/html).

|_http-methods: GET HEAD POST OPTIONS

139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)

|_ssl-cert: ERROR

MAC Address: 00:1B:24:54:44:45 (Quanta Computer)

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:kernel:2.6

OS details: Linux 2.6.38 - 2.6.39

Uptime guess: 0.049 days (since Wed Jan 25 16:09:45 2012)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=197 (Good luck!)

IP ID Sequence Generation: All zeros

Host script results:

|_smbv2-enabled: Server doesn't support SMBv2 protocol

| nbstat:

| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>

| Names

| BT<00> Flags: <unique><active>

| BT<03> Flags: <unique><active>

| BT<20> Flags: <unique><active>

| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>

| WORKGROUP<1d> Flags: <unique><active>

| WORKGROUP<1e> Flags: <group><active>

|_ WORKGROUP<00> Flags: <group><active>

| smb-security-mode:

| Account that was used for smb scripts: guest

| User-level authentication

| SMB Security: Challenge/response passwords supported

|_ Message signing disabled (dangerous, but default)

| smb-os-discovery:

| OS: Unix (Samba 3.4.7)

| Computer name: bt

| Domain name: foo.org

| FQDN: bt.foo.org

| NetBIOS computer name:

|_ System time: 2012-01-25 17:20:43 UTC+7

TRACEROUTE

HOP RTT ADDRESS

1 0.29 ms 192.168.0.43

Nmap scan report for 192.168.0.44

Host is up (0.00039s latency).

Not shown: 996 closed ports

PORT STATE SERVICE VERSION

80/tcp open http Apache httpd 2.2.14 ((Ubuntu))

|_http-title: Site doesn't have a title (text/html).

|_http-methods: GET HEAD POST OPTIONS

139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)

|_ssl-cert: ERROR

MAC Address: 14:DA:E9:5D:39:F1 (Asustek Computer)

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:kernel:2.6

OS details: Linux 2.6.38 - 2.6.39

Uptime guess: 0.049 days (since Wed Jan 25 16:10:47 2012)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=199 (Good luck!)

IP ID Sequence Generation: All zeros

Host script results:

| nbstat:

| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>

| Names

| BT<00> Flags: <unique><active>

| BT<03> Flags: <unique><active>

| BT<20> Flags: <unique><active>

| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>

| WORKGROUP<1d> Flags: <unique><active>

| WORKGROUP<1e> Flags: <group><active>

|_ WORKGROUP<00> Flags: <group><active>

| smb-security-mode:

| Account that was used for smb scripts: guest

| User-level authentication

| SMB Security: Challenge/response passwords supported

|_ Message signing disabled (dangerous, but default)

|_smbv2-enabled: Server doesn't support SMBv2 protocol

| smb-os-discovery:

| OS: Unix (Samba 3.4.7)

| Computer name: bt

| Domain name: foo.org

| FQDN: bt.foo.org

| NetBIOS computer name:

|_ System time: 2012-01-25 17:20:34 UTC+7

TRACEROUTE

HOP RTT ADDRESS

1 0.39 ms 192.168.0.44

Nmap scan report for 192.168.0.45

Host is up (0.00023s latency).

Not shown: 997 closed ports

PORT STATE SERVICE VERSION

139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)

902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)

|_ssl-cert: ERROR

MAC Address: 3C:D9:2B:1A:35:0E (Hewlett-Packard Company)

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:kernel:2.6

OS details: Linux 2.6.38 - 2.6.39

Uptime guess: 0.049 days (since Wed Jan 25 16:10:38 2012)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=206 (Good luck!)

IP ID Sequence Generation: All zeros

Host script results:

| smb-security-mode:

| Account that was used for smb scripts: guest

| User-level authentication

| SMB Security: Challenge/response passwords supported

|_ Message signing disabled (dangerous, but default)

|_smbv2-enabled: Server doesn't support SMBv2 protocol

| nbstat:

| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>

| Names

| BT<00> Flags: <unique><active>

| BT<03> Flags: <unique><active>

| BT<20> Flags: <unique><active>

| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>

| WORKGROUP<1d> Flags: <unique><active>

| WORKGROUP<1e> Flags: <group><active>

|_ WORKGROUP<00> Flags: <group><active>

| smb-os-discovery:

| OS: Unix (Samba 3.4.7)

| Computer name: bt

| Domain name: foo.org

| FQDN: bt.foo.org

| NetBIOS computer name:

|_ System time: 2012-01-25 17:20:43 UTC+7

TRACEROUTE

HOP RTT ADDRESS

1 0.23 ms 192.168.0.45

NSE: Script Post-scanning.

Initiating NSE at 17:20

Completed NSE at 17:20, 0.00s elapsed

Read data files from: /usr/local/bin/../share/nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 256 IP addresses (11 hosts up) scanned in 98.95 seconds

Raw packets sent: 11789 (522.194KB) | Rcvd: 12277 (506.505KB)

SCANING USING WHATWEB

root@bt:/pentest/enumeration/web/whatweb# ./whatweb 192.168.0.21

http://192.168.0.21 [200] Apache[2.2.4], X-Powered-By[PHP/5.2.3-1ubuntu6], Country[RESERVED][ZZ], HTTPServer[Ubuntu Linux][Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6], IP[192.168.0.21], PHP[5.2.3-1ubuntu6]

root@bt:/pentest/enumeration/web/whatweb# ./whatweb 192.168.0.40

http://192.168.0.40 [200] Apache[2.2.16], Index-Of, Country[RESERVED][ZZ], HTTPServer[Ubuntu Linux][Apache/2.2.16 (Ubuntu)], IP[192.168.0.40], Title[Index of /]

root@bt:/pentest/enumeration/web/whatweb# ./whatweb 192.168.0.36

http://192.168.0.36 [200] Apache[2.2.14], Country[RESERVED][ZZ], HTTPServer[Ubuntu Linux][Apache/2.2.14 (Ubuntu)], IP[192.168.0.36]

root@bt:/pentest/enumeration/web/whatweb# ./whatweb 192.168.0.40

http://192.168.0.40 [200] Apache[2.2.16], Index-Of, Country[RESERVED][ZZ], HTTPServer[Ubuntu Linux][Apache/2.2.16 (Ubuntu)], IP[192.168.0.40], Title[Index of /]

root@bt:/pentest/enumeration/web/whatweb# ./whatweb 192.168.0.43

http://192.168.0.43 [200] Apache[2.2.14], Country[RESERVED][ZZ], HTTPServer[Ubuntu Linux][Apache/2.2.14 (Ubuntu)], IP[192.168.0.43]

root@bt:/pentest/enumeration/web/whatweb# ./whatweb 192.168.0.44

http://192.168.0.44 [200] Apache[2.2.14], Country[RESERVED][ZZ], HTTPServer[Ubuntu Linux][Apache/2.2.14 (Ubuntu)], IP[192.168.0.44]

Information Technology Security Blog

Popular Posts

Pages

About Me

Followers

Blog Archive

Blogger templates

Blog Archive

Blogger templates

Blogger news

Blogroll

Blogger news

Wednesday, January 25, 2012

Information Gathering for Local Network

0 komentar:

Post a Comment