!!!

Wednesday, January 25, 2012

Information Gathering for localhost


Information Gathering for localhost

Using Zenmap
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-25 17:13 WIT
NSE: Loaded 87 scripts for scanning.
NSE: Script Pre-scanning.
Initiating ARP Ping Scan at 17:13
Scanning 45 hosts [1 port/host]
Completed ARP Ping Scan at 17:13, 0.67s elapsed (45 total hosts)
Initiating Parallel DNS resolution of 45 hosts. at 17:13
Completed Parallel DNS resolution of 45 hosts. at 17:13, 13.00s elapsed
Nmap scan report for 192.168.0.0 [host down]
Nmap scan report for 192.168.0.1 [host down]
Nmap scan report for 192.168.0.2 [host down]
Nmap scan report for 192.168.0.3 [host down]
Nmap scan report for 192.168.0.4 [host down]
Nmap scan report for 192.168.0.5 [host down]
Nmap scan report for 192.168.0.6 [host down]
Nmap scan report for 192.168.0.7 [host down]
Nmap scan report for 192.168.0.8 [host down]
Nmap scan report for 192.168.0.9 [host down]
Nmap scan report for 192.168.0.10 [host down]
Nmap scan report for 192.168.0.11 [host down]
Nmap scan report for 192.168.0.12 [host down]
Nmap scan report for 192.168.0.13 [host down]
Nmap scan report for 192.168.0.14 [host down]
Nmap scan report for 192.168.0.15 [host down]
Nmap scan report for 192.168.0.16 [host down]
Nmap scan report for 192.168.0.17 [host down]
Nmap scan report for 192.168.0.18 [host down]
Nmap scan report for 192.168.0.19 [host down]
Nmap scan report for 192.168.0.20 [host down]
Nmap scan report for 192.168.0.22 [host down]
Nmap scan report for 192.168.0.23 [host down]
Nmap scan report for 192.168.0.24 [host down]
Nmap scan report for 192.168.0.25 [host down]
Nmap scan report for 192.168.0.27 [host down]
Nmap scan report for 192.168.0.28 [host down]
Nmap scan report for 192.168.0.30 [host down]
Nmap scan report for 192.168.0.31 [host down]
Nmap scan report for 192.168.0.32 [host down]
Nmap scan report for 192.168.0.33 [host down]
Nmap scan report for 192.168.0.37 [host down]
Nmap scan report for 192.168.0.38 [host down]
Nmap scan report for 192.168.0.39 [host down]
Nmap scan report for 192.168.0.41 [host down]
Initiating Parallel DNS resolution of 1 host. at 17:13
Completed Parallel DNS resolution of 1 host. at 17:13, 13.00s elapsed
Initiating SYN Stealth Scan at 17:13
Scanning 10 hosts [1000 ports/host]
Discovered open port 80/tcp on 192.168.0.36
Discovered open port 80/tcp on 192.168.0.40
Discovered open port 80/tcp on 192.168.0.21
Discovered open port 80/tcp on 192.168.0.44
Discovered open port 80/tcp on 192.168.0.43
Discovered open port 139/tcp on 192.168.0.36
Discovered open port 139/tcp on 192.168.0.42
Discovered open port 139/tcp on 192.168.0.26
Discovered open port 139/tcp on 192.168.0.43
Discovered open port 139/tcp on 192.168.0.34
Discovered open port 139/tcp on 192.168.0.29
Discovered open port 139/tcp on 192.168.0.35
Discovered open port 139/tcp on 192.168.0.21
Discovered open port 139/tcp on 192.168.0.44
Discovered open port 445/tcp on 192.168.0.42
Discovered open port 445/tcp on 192.168.0.26
Discovered open port 445/tcp on 192.168.0.43
Discovered open port 445/tcp on 192.168.0.34
Discovered open port 445/tcp on 192.168.0.29
Discovered open port 445/tcp on 192.168.0.36
Discovered open port 445/tcp on 192.168.0.44
Discovered open port 445/tcp on 192.168.0.35
Discovered open port 445/tcp on 192.168.0.21
Discovered open port 22/tcp on 192.168.0.40
Discovered open port 22/tcp on 192.168.0.21
Discovered open port 902/tcp on 192.168.0.26
Discovered open port 902/tcp on 192.168.0.29
Discovered open port 902/tcp on 192.168.0.43
Discovered open port 902/tcp on 192.168.0.42
Discovered open port 902/tcp on 192.168.0.35
Discovered open port 902/tcp on 192.168.0.34
Discovered open port 902/tcp on 192.168.0.36
Discovered open port 902/tcp on 192.168.0.44
Discovered open port 6566/tcp on 192.168.0.40
Discovered open port 10000/tcp on 192.168.0.21
Completed SYN Stealth Scan against 192.168.0.21 in 0.34s (9 hosts left)
Completed SYN Stealth Scan against 192.168.0.26 in 0.34s (8 hosts left)
Completed SYN Stealth Scan against 192.168.0.29 in 0.34s (7 hosts left)
Completed SYN Stealth Scan against 192.168.0.34 in 0.34s (6 hosts left)
Completed SYN Stealth Scan against 192.168.0.35 in 0.34s (5 hosts left)
Completed SYN Stealth Scan against 192.168.0.36 in 0.34s (4 hosts left)
Completed SYN Stealth Scan against 192.168.0.40 in 0.34s (3 hosts left)
Completed SYN Stealth Scan against 192.168.0.42 in 0.34s (2 hosts left)
Completed SYN Stealth Scan against 192.168.0.43 in 0.34s (1 host left)
Completed SYN Stealth Scan at 17:13, 0.34s elapsed (10000 total ports)
Initiating Service scan at 17:13
Scanning 35 services on 10 hosts
Completed Service scan at 17:13, 11.02s elapsed (35 services on 10 hosts)
Initiating OS detection (try #1) against 10 hosts
Retrying OS detection (try #2) against 192.168.0.40
Retrying OS detection (try #3) against 192.168.0.40
Retrying OS detection (try #4) against 192.168.0.40
Retrying OS detection (try #5) against 192.168.0.40
NSE: Script scanning 10 hosts.
Initiating NSE at 17:13
Completed NSE at 17:14, 1.55s elapsed
Nmap scan report for 192.168.0.21
Host is up (0.00039s latency).
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)
| ssh-hostkey: 1024 e4:46:40:bf:e6:29:ac:c6:00:e2:b2:a3:e1:50:90:3c (DSA)
|_2048 10:cc:35:45:8e:f2:7a:a1:cc:db:a0:e8:bf:c7:73:3d (RSA)
80/tcp open http Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6)
|_http-title: Site doesn't have a title (text/html).
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: MSHOME)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: MSHOME)
10000/tcp open http MiniServ 0.01 (Webmin httpd)
|_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
|_http-favicon: Unknown favicon MD5: 1F4BAEFFD3C738F5BEDC24B7B6B43285
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
MAC Address: 08:00:27:F9:C1:BB (Cadmus Computer Systems)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6.22
OS details: Linux 2.6.22 (embedded, ARM)
Uptime guess: 0.043 days (since Wed Jan 25 16:11:57 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=210 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

Host script results:
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
| nbstat:
| NetBIOS name: UBUNTUVM, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| Names
| UBUNTUVM<00> Flags: <unique><active>
| UBUNTUVM<03> Flags: <unique><active>
| UBUNTUVM<20> Flags: <unique><active>
| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
| MSHOME<1d> Flags: <unique><active>
| MSHOME<1e> Flags: <group><active>
|_ MSHOME<00> Flags: <group><active>
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
| OS: Unix (Samba 3.0.26a)
| Computer name: ubuntuvm
| Domain name: nsdlab
| FQDN: ubuntuvm.NSDLAB
| NetBIOS computer name:
|_ System time: 2012-01-26 00:13:57 UTC-6

TRACEROUTE
HOP RTT ADDRESS
1 0.39 ms 192.168.0.21

Nmap scan report for 192.168.0.26
Host is up (0.00019s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 00:1E:33:FA:5A:95 (Inventec)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.043 days (since Wed Jan 25 16:12:20 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=195 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
| nbstat:
| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| Names
| BT<00> Flags: <unique><active>
| BT<03> Flags: <unique><active>
| BT<20> Flags: <unique><active>
| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
| WORKGROUP<1d> Flags: <unique><active>
| WORKGROUP<1e> Flags: <group><active>
|_ WORKGROUP<00> Flags: <group><active>
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
| OS: Unix (Samba 3.4.7)
| Computer name: bt
| Domain name: foo.org
| FQDN: bt.foo.org
| NetBIOS computer name:
|_ System time: 2012-01-26 05:18:50 UTC+7

TRACEROUTE
HOP RTT ADDRESS
1 0.19 ms 192.168.0.26

Nmap scan report for 192.168.0.29
Host is up (0.00022s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 00:1E:EC:C4:7D:D0 (Compal Information (kunshan) CO.)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.043 days (since Wed Jan 25 16:11:32 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=206 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
| nbstat:
| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| Names
| BT<00> Flags: <unique><active>
| BT<03> Flags: <unique><active>
| BT<20> Flags: <unique><active>
| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
| WORKGROUP<1d> Flags: <unique><active>
| WORKGROUP<1e> Flags: <group><active>
|_ WORKGROUP<00> Flags: <group><active>
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
| OS: Unix (Samba 3.4.7)
| Computer name: bt
| Domain name: foo.org
| FQDN: bt.foo.org
| NetBIOS computer name:
|_ System time: 2012-01-25 17:16:00 UTC+7

TRACEROUTE
HOP RTT ADDRESS
1 0.22 ms 192.168.0.29

Nmap scan report for 192.168.0.34
Host is up (0.00021s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 00:1D:60:F1:9B:E2 (Asustek Computer)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.041 days (since Wed Jan 25 16:14:18 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=205 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
| nbstat:
| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| Names
| BT<00> Flags: <unique><active>
| BT<03> Flags: <unique><active>
| BT<20> Flags: <unique><active>
| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
| WORKGROUP<1d> Flags: <unique><active>
| WORKGROUP<1e> Flags: <group><active>
|_ WORKGROUP<00> Flags: <group><active>
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
| OS: Unix (Samba 3.4.7)
| Computer name: bt
| Domain name: foo.org
| FQDN: bt.foo.org
| NetBIOS computer name:
|_ System time: 2012-01-25 17:14:03 UTC+7

TRACEROUTE
HOP RTT ADDRESS
1 0.21 ms 192.168.0.34

Nmap scan report for 192.168.0.35
Host is up (0.00028s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 3C:D9:2B:20:36:02 (Hewlett-Packard Company)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.010 days (since Wed Jan 25 17:00:15 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=194 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
| nbstat:
| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| Names
| BT<00> Flags: <unique><active>
| BT<03> Flags: <unique><active>
| BT<20> Flags: <unique><active>
| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
| WORKGROUP<1d> Flags: <unique><active>
| WORKGROUP<1e> Flags: <group><active>
|_ WORKGROUP<00> Flags: <group><active>
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
| OS: Unix (Samba 3.4.7)
| Computer name: bt
| Domain name: foo.org
| FQDN: bt.foo.org
| NetBIOS computer name:
|_ System time: 2012-01-25 17:16:09 UTC+7
TRACEROUTE
HOP RTT ADDRESS
1 0.28 ms 192.168.0.35

Nmap scan report for 192.168.0.36
Host is up (0.00021s latency).
Not shown: 996 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.14 ((Ubuntu))
|_http-title: Site doesn't have a title (text/html).
|_http-methods: GET HEAD POST OPTIONS
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 00:26:22:9C:0E:8E (Compal Information (kunshan) CO.)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.033 days (since Wed Jan 25 16:25:56 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=206 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
| nbstat:
| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| Names
| BT<00> Flags: <unique><active>
| BT<03> Flags: <unique><active>
| BT<20> Flags: <unique><active>
| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
| WORKGROUP<1d> Flags: <unique><active>
| WORKGROUP<1e> Flags: <group><active>
|_ WORKGROUP<00> Flags: <group><active>
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
| smb-os-discovery:
| OS: Unix (Samba 3.4.7)
| Computer name: bt
| Domain name: foo.org
| FQDN: bt.foo.org
| NetBIOS computer name:
|_ System time: 2012-01-25 17:14:01 UTC+7

TRACEROUTE
HOP RTT ADDRESS
1 0.21 ms 192.168.0.36

Nmap scan report for 192.168.0.40
Host is up (0.00024s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.5p1 Debian 4ubuntu6 (protocol 2.0)
| ssh-hostkey: 1024 1b:bc:bb:7c:5d:22:57:10:e0:1e:b1:e0:da:ab:5e:7e (DSA)
|_2048 d1:7d:e9:a8:58:83:f6:1c:82:b4:f1:98:2d:7f:58:30 (RSA)
80/tcp open http Apache httpd 2.2.16 ((Ubuntu))
|_http-title: Index of /
|_http-methods: GET HEAD POST OPTIONS
6566/tcp open tcpwrapped
MAC Address: 10:78:D2:36:65:A4 (Elitegroup Computer System CO.)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.61TEST4%E=4%D=1/25%OT=22%CT=1%CU=34436%PV=Y%DS=1%DC=D%G=Y%M=107
OS:8D2%TM=4F1FD5E9%P=i686-pc-linux-gnu)SEQ(SP=103%GCD=1%ISR=10B%TI=Z%CI=Z%I
OS:I=I%TS=8)OPS(O1=M5B4ST11NW6%O2=M5B4ST11NW6%O3=M5B4NNT11NW6%O4=M5B4ST11NW
OS:6%O5=M5B4ST11NW6%O6=M5B4ST11)WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0
OS:%W6=16A0)ECN(R=Y%DF=Y%T=41%W=16D0%O=M5B4NNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=41%
OS:S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=Y%DF=Y%T=41%W=16A0%S=O%A=S+%F=AS%O=M5B
OS:4ST11NW6%RD=0%Q=)T4(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y
OS:%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R%O=%R
OS:D=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=41%IP
OS:L=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=41%CD=S)

Uptime guess: 0.053 days (since Wed Jan 25 15:57:27 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

TRACEROUTE
HOP RTT ADDRESS
1 0.24 ms 192.168.0.40

Nmap scan report for 192.168.0.42
Host is up (0.00024s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 00:23:5A:E2:66:0F (Compal Information (kunshan) CO.)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.044 days (since Wed Jan 25 16:10:09 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=194 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
| nbstat:
| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| Names
| BT<00> Flags: <unique><active>
| BT<03> Flags: <unique><active>
| BT<20> Flags: <unique><active>
| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
| WORKGROUP<1d> Flags: <unique><active>
| WORKGROUP<1e> Flags: <group><active>
|_ WORKGROUP<00> Flags: <group><active>
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
| smb-os-discovery:
| OS: Unix (Samba 3.4.7)
| Computer name: bt
| Domain name: foo.org
| FQDN: bt.foo.org
| NetBIOS computer name:
|_ System time: 2012-01-26 17:06:40 UTC+7

TRACEROUTE
HOP RTT ADDRESS
1 0.24 ms 192.168.0.42

Nmap scan report for 192.168.0.43
Host is up (0.00030s latency).
Not shown: 996 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.14 ((Ubuntu))
|_http-title: Site doesn't have a title (text/html).
|_http-methods: GET HEAD POST OPTIONS
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 00:1B:24:54:44:45 (Quanta Computer)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.044 days (since Wed Jan 25 16:10:29 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=206 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| nbstat:
| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| Names
| BT<00> Flags: <unique><active>
| BT<03> Flags: <unique><active>
| BT<20> Flags: <unique><active>
| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
| WORKGROUP<1d> Flags: <unique><active>
| WORKGROUP<1e> Flags: <group><active>
|_ WORKGROUP<00> Flags: <group><active>
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
| smb-os-discovery:
| OS: Unix (Samba 3.4.7)
| Computer name: bt
| Domain name: foo.org
| FQDN: bt.foo.org
| NetBIOS computer name:
|_ System time: 2012-01-25 17:14:00 UTC+7

TRACEROUTE
HOP RTT ADDRESS
1 0.30 ms 192.168.0.43
Nmap scan report for 192.168.0.44
Host is up (0.00035s latency).
Not shown: 996 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.14 ((Ubuntu))
|_http-methods: GET HEAD POST OPTIONS
|_http-title: Site doesn't have a title (text/html).
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 14:DA:E9:5D:39:F1 (Asustek Computer)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.043 days (since Wed Jan 25 16:11:30 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=201 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
| nbstat:
| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| Names
| BT<00> Flags: <unique><active>
| BT<03> Flags: <unique><active>
| BT<20> Flags: <unique><active>
| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
| WORKGROUP<1d> Flags: <unique><active>
| WORKGROUP<1e> Flags: <group><active>
|_ WORKGROUP<00> Flags: <group><active>
| smb-os-discovery:
| OS: Unix (Samba 3.4.7)
| Computer name: bt
| Domain name: foo.org
| FQDN: bt.foo.org
| NetBIOS computer name:
|_ System time: 2012-01-25 17:13:51 UTC+7

TRACEROUTE
HOP RTT ADDRESS
1 0.35 ms 192.168.0.44

Initiating ARP Ping Scan at 17:14
Scanning 210 hosts [1 port/host]
Completed ARP Ping Scan at 17:14, 8.48s elapsed (210 total hosts)
Nmap scan report for 192.168.0.46 [host down]
Nmap scan report for 192.168.0.47 [host down]
Nmap scan report for 192.168.0.48 [host down]
Nmap scan report for 192.168.0.49 [host down]
Nmap scan report for 192.168.0.50 [host down]
Nmap scan report for 192.168.0.51 [host down]
Nmap scan report for 192.168.0.52 [host down]
Nmap scan report for 192.168.0.53 [host down]
Nmap scan report for 192.168.0.54 [host down]
Nmap scan report for 192.168.0.55 [host down]
Nmap scan report for 192.168.0.56 [host down]
Nmap scan report for 192.168.0.57 [host down]
Nmap scan report for 192.168.0.58 [host down]
Nmap scan report for 192.168.0.59 [host down]
Nmap scan report for 192.168.0.60 [host down]
Nmap scan report for 192.168.0.61 [host down]
Nmap scan report for 192.168.0.62 [host down]
Nmap scan report for 192.168.0.63 [host down]
Nmap scan report for 192.168.0.64 [host down]
Nmap scan report for 192.168.0.65 [host down]
Nmap scan report for 192.168.0.66 [host down]
Nmap scan report for 192.168.0.67 [host down]
Nmap scan report for 192.168.0.68 [host down]
Nmap scan report for 192.168.0.69 [host down]
Nmap scan report for 192.168.0.70 [host down]
Nmap scan report for 192.168.0.71 [host down]
Nmap scan report for 192.168.0.72 [host down]
Nmap scan report for 192.168.0.73 [host down]
Nmap scan report for 192.168.0.74 [host down]
Nmap scan report for 192.168.0.75 [host down]
Nmap scan report for 192.168.0.76 [host down]
Nmap scan report for 192.168.0.77 [host down]
Nmap scan report for 192.168.0.78 [host down]
Nmap scan report for 192.168.0.79 [host down]
Nmap scan report for 192.168.0.80 [host down]
Nmap scan report for 192.168.0.81 [host down]
Nmap scan report for 192.168.0.82 [host down]
Nmap scan report for 192.168.0.83 [host down]
Nmap scan report for 192.168.0.84 [host down]
Nmap scan report for 192.168.0.85 [host down]
Nmap scan report for 192.168.0.86 [host down]
Nmap scan report for 192.168.0.87 [host down]
Nmap scan report for 192.168.0.88 [host down]
Nmap scan report for 192.168.0.89 [host down]
Nmap scan report for 192.168.0.90 [host down]
Nmap scan report for 192.168.0.91 [host down]
Nmap scan report for 192.168.0.92 [host down]
Nmap scan report for 192.168.0.93 [host down]
Nmap scan report for 192.168.0.94 [host down]
Nmap scan report for 192.168.0.95 [host down]
Nmap scan report for 192.168.0.96 [host down]
Nmap scan report for 192.168.0.97 [host down]
Nmap scan report for 192.168.0.98 [host down]
Nmap scan report for 192.168.0.99 [host down]
Nmap scan report for 192.168.0.100 [host down]
Nmap scan report for 192.168.0.101 [host down]
Nmap scan report for 192.168.0.102 [host down]
Nmap scan report for 192.168.0.103 [host down]
Nmap scan report for 192.168.0.104 [host down]
Nmap scan report for 192.168.0.105 [host down]
Nmap scan report for 192.168.0.106 [host down]
Nmap scan report for 192.168.0.107 [host down]
Nmap scan report for 192.168.0.108 [host down]
Nmap scan report for 192.168.0.109 [host down]
Nmap scan report for 192.168.0.110 [host down]
Nmap scan report for 192.168.0.111 [host down]
Nmap scan report for 192.168.0.112 [host down]
Nmap scan report for 192.168.0.113 [host down]
Nmap scan report for 192.168.0.114 [host down]
Nmap scan report for 192.168.0.115 [host down]
Nmap scan report for 192.168.0.116 [host down]
Nmap scan report for 192.168.0.117 [host down]
Nmap scan report for 192.168.0.118 [host down]
Nmap scan report for 192.168.0.119 [host down]
Nmap scan report for 192.168.0.120 [host down]
Nmap scan report for 192.168.0.121 [host down]
Nmap scan report for 192.168.0.122 [host down]
Nmap scan report for 192.168.0.123 [host down]
Nmap scan report for 192.168.0.124 [host down]
Nmap scan report for 192.168.0.125 [host down]
Nmap scan report for 192.168.0.126 [host down]
Nmap scan report for 192.168.0.127 [host down]
Nmap scan report for 192.168.0.128 [host down]
Nmap scan report for 192.168.0.129 [host down]
Nmap scan report for 192.168.0.130 [host down]
Nmap scan report for 192.168.0.131 [host down]
Nmap scan report for 192.168.0.132 [host down]
Nmap scan report for 192.168.0.133 [host down]
Nmap scan report for 192.168.0.134 [host down]
Nmap scan report for 192.168.0.135 [host down]
Nmap scan report for 192.168.0.136 [host down]
Nmap scan report for 192.168.0.137 [host down]
Nmap scan report for 192.168.0.138 [host down]
Nmap scan report for 192.168.0.139 [host down]
Nmap scan report for 192.168.0.140 [host down]
Nmap scan report for 192.168.0.141 [host down]
Nmap scan report for 192.168.0.142 [host down]
Nmap scan report for 192.168.0.143 [host down]
Nmap scan report for 192.168.0.144 [host down]
Nmap scan report for 192.168.0.145 [host down]
Nmap scan report for 192.168.0.146 [host down]
Nmap scan report for 192.168.0.147 [host down]
Nmap scan report for 192.168.0.148 [host down]
Nmap scan report for 192.168.0.149 [host down]
Nmap scan report for 192.168.0.150 [host down]
Nmap scan report for 192.168.0.151 [host down]
Nmap scan report for 192.168.0.152 [host down]
Nmap scan report for 192.168.0.153 [host down]
Nmap scan report for 192.168.0.154 [host down]
Nmap scan report for 192.168.0.155 [host down]
Nmap scan report for 192.168.0.156 [host down]
Nmap scan report for 192.168.0.157 [host down]
Nmap scan report for 192.168.0.158 [host down]
Nmap scan report for 192.168.0.159 [host down]
Nmap scan report for 192.168.0.160 [host down]
Nmap scan report for 192.168.0.161 [host down]
Nmap scan report for 192.168.0.162 [host down]
Nmap scan report for 192.168.0.163 [host down]
Nmap scan report for 192.168.0.164 [host down]
Nmap scan report for 192.168.0.165 [host down]
Nmap scan report for 192.168.0.166 [host down]
Nmap scan report for 192.168.0.167 [host down]
Nmap scan report for 192.168.0.168 [host down]
Nmap scan report for 192.168.0.169 [host down]
Nmap scan report for 192.168.0.170 [host down]
Nmap scan report for 192.168.0.171 [host down]
Nmap scan report for 192.168.0.172 [host down]
Nmap scan report for 192.168.0.173 [host down]
Nmap scan report for 192.168.0.174 [host down]
Nmap scan report for 192.168.0.175 [host down]
Nmap scan report for 192.168.0.176 [host down]
Nmap scan report for 192.168.0.177 [host down]
Nmap scan report for 192.168.0.178 [host down]
Nmap scan report for 192.168.0.179 [host down]
Nmap scan report for 192.168.0.180 [host down]
Nmap scan report for 192.168.0.181 [host down]
Nmap scan report for 192.168.0.182 [host down]
Nmap scan report for 192.168.0.183 [host down]
Nmap scan report for 192.168.0.184 [host down]
Nmap scan report for 192.168.0.185 [host down]
Nmap scan report for 192.168.0.186 [host down]
Nmap scan report for 192.168.0.187 [host down]
Nmap scan report for 192.168.0.188 [host down]
Nmap scan report for 192.168.0.189 [host down]
Nmap scan report for 192.168.0.190 [host down]
Nmap scan report for 192.168.0.191 [host down]
Nmap scan report for 192.168.0.192 [host down]
Nmap scan report for 192.168.0.193 [host down]
Nmap scan report for 192.168.0.194 [host down]
Nmap scan report for 192.168.0.195 [host down]
Nmap scan report for 192.168.0.196 [host down]
Nmap scan report for 192.168.0.197 [host down]
Nmap scan report for 192.168.0.198 [host down]
Nmap scan report for 192.168.0.199 [host down]
Nmap scan report for 192.168.0.200 [host down]
Nmap scan report for 192.168.0.201 [host down]
Nmap scan report for 192.168.0.202 [host down]
Nmap scan report for 192.168.0.203 [host down]
Nmap scan report for 192.168.0.204 [host down]
Nmap scan report for 192.168.0.205 [host down]
Nmap scan report for 192.168.0.206 [host down]
Nmap scan report for 192.168.0.207 [host down]
Nmap scan report for 192.168.0.208 [host down]
Nmap scan report for 192.168.0.209 [host down]
Nmap scan report for 192.168.0.210 [host down]
Nmap scan report for 192.168.0.211 [host down]
Nmap scan report for 192.168.0.212 [host down]
Nmap scan report for 192.168.0.213 [host down]
Nmap scan report for 192.168.0.214 [host down]
Nmap scan report for 192.168.0.215 [host down]
Nmap scan report for 192.168.0.216 [host down]
Nmap scan report for 192.168.0.217 [host down]
Nmap scan report for 192.168.0.218 [host down]
Nmap scan report for 192.168.0.219 [host down]
Nmap scan report for 192.168.0.220 [host down]
Nmap scan report for 192.168.0.221 [host down]
Nmap scan report for 192.168.0.222 [host down]
Nmap scan report for 192.168.0.223 [host down]
Nmap scan report for 192.168.0.224 [host down]
Nmap scan report for 192.168.0.225 [host down]
Nmap scan report for 192.168.0.226 [host down]
Nmap scan report for 192.168.0.227 [host down]
Nmap scan report for 192.168.0.228 [host down]
Nmap scan report for 192.168.0.229 [host down]
Nmap scan report for 192.168.0.230 [host down]
Nmap scan report for 192.168.0.231 [host down]
Nmap scan report for 192.168.0.232 [host down]
Nmap scan report for 192.168.0.233 [host down]
Nmap scan report for 192.168.0.234 [host down]
Nmap scan report for 192.168.0.235 [host down]
Nmap scan report for 192.168.0.236 [host down]
Nmap scan report for 192.168.0.237 [host down]
Nmap scan report for 192.168.0.238 [host down]
Nmap scan report for 192.168.0.239 [host down]
Nmap scan report for 192.168.0.240 [host down]
Nmap scan report for 192.168.0.241 [host down]
Nmap scan report for 192.168.0.242 [host down]
Nmap scan report for 192.168.0.243 [host down]
Nmap scan report for 192.168.0.244 [host down]
Nmap scan report for 192.168.0.245 [host down]
Nmap scan report for 192.168.0.246 [host down]
Nmap scan report for 192.168.0.247 [host down]
Nmap scan report for 192.168.0.248 [host down]
Nmap scan report for 192.168.0.249 [host down]
Nmap scan report for 192.168.0.250 [host down]
Nmap scan report for 192.168.0.251 [host down]
Nmap scan report for 192.168.0.252 [host down]
Nmap scan report for 192.168.0.253 [host down]
Nmap scan report for 192.168.0.254 [host down]
Nmap scan report for 192.168.0.255 [host down]
Initiating SYN Stealth Scan at 17:14
Scanning 192.168.0.45 [1000 ports]
Discovered open port 139/tcp on 192.168.0.45
Discovered open port 445/tcp on 192.168.0.45
Discovered open port 902/tcp on 192.168.0.45
Completed SYN Stealth Scan at 17:14, 0.12s elapsed (1000 total ports)
Initiating Service scan at 17:14
Scanning 3 services on 192.168.0.45
Completed Service scan at 17:14, 11.02s elapsed (3 services on 1 host)
Initiating OS detection (try #1) against 192.168.0.45
NSE: Script scanning 192.168.0.45.
Initiating NSE at 17:14
Completed NSE at 17:14, 0.05s elapsed
Nmap scan report for 192.168.0.45
Host is up (0.000056s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.19 - 2.6.39
Uptime guess: 0.044 days (since Wed Jan 25 16:10:18 2012)
Network Distance: 0 hops
TCP Sequence Prediction: Difficulty=201 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
| nbstat:
| NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| Names
| BT<00> Flags: <unique><active>
| BT<03> Flags: <unique><active>
| BT<20> Flags: <unique><active>
| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
| WORKGROUP<1d> Flags: <unique><active>
| WORKGROUP<1e> Flags: <group><active>
|_ WORKGROUP<00> Flags: <group><active>
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
| OS: Unix (Samba 3.4.7)
| Computer name: bt
| Domain name: foo.org
| FQDN: bt.foo.org
| NetBIOS computer name:
|_ System time: 2012-01-25 17:14:22 UTC+7

NSE: Script Post-scanning.
Initiating NSE at 17:14
Completed NSE at 17:14, 0.00s elapsed
Read data files from: /usr/local/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 256 IP addresses (11 hosts up) scanned in 77.32 seconds
Raw packets sent: 11785 (521.970KB) | Rcvd: 12846 (531.702KB)

Using Whatweb
root@bt:/pentest/enumeration/web/whatweb# ./whatweb 192.168.0.44
http://192.168.0.44 [200] Country[RESERVED][ZZ], IP[192.168.0.44], Apache[2.2.14], HTTPServer[Ubuntu Linux][Apache/2.2.14 (Ubuntu)]
root@bt:/pentest/enumeration/web/whatweb# ./whatweb 192.168.0.40
http://192.168.0.40 [200] Title[Index of /], Country[RESERVED][ZZ], Index-Of, IP[192.168.0.40], Apache[2.2.16], HTTPServer[Ubuntu Linux][Apache/2.2.16 (Ubuntu)]
root@bt:/pentest/enumeration/web/whatweb# ./whatweb 192.168.0.41
http://192.168.0.41 ERROR: No route to host - connect(2)
root@bt:/pentest/enumeration/web/whatweb# nect(2)
bash: syntax error near unexpected token `2'
root@bt:/pentest/enumeration/web/whatweb# root@bt:/pentest/enumeration/web/whatweb#
bash: root@bt:/pentest/enumeration/web/whatweb#: No such file or directory
root@bt:/pentest/enumeration/web/whatweb# ./whatweb 192.168.0.21
http://192.168.0.21 [200] Country[RESERVED][ZZ], PHP[5.2.3-1ubuntu6], IP[192.168.0.21], Apache[2.2.4], X-Powered-By[PHP/5.2.3-1ubuntu6], HTTPServer[Ubuntu Linux][Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6]  
Posted by at 10:02 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)