theblackhole/20210216_freebox-4.3.0-pre3_nmap1 Secret

## 20210216_freebox-4.3.0-pre3_nmap1
> nmap -sU -p137 --script nbstat 192.168.1.254
Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-16 13:57 CET
Nmap scan report for _gateway (192.168.1.254)
Host is up (0.00022s latency).

PORT    STATE  SERVICE
137/udp closed netbios-ns
MAC Address: 70:FC:8F:51:1E:BC (Freebox SAS)

Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds

## 20210216_freebox-4.3.0-pre3_nmap2
>nmap --script wsdd-discover 192.168.1.254
Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-16 13:57 CET
Nmap scan report for _gateway (192.168.1.254)
Host is up (0.00018s latency).
Not shown: 983 filtered ports
PORT     STATE  SERVICE
21/tcp   open   ftp
53/tcp   open   domain
80/tcp   open   http
139/tcp  closed netbios-ssn
443/tcp  open   https
445/tcp  open   microsoft-ds
548/tcp  open   afp
554/tcp  open   rtsp
1723/tcp closed pptp
2020/tcp open   xinupageserver
5000/tcp closed upnp
5001/tcp closed commplex-link
5357/tcp open   wsdapi
5678/tcp open   rrac
6000/tcp closed X11
8090/tcp open   opsmessaging
9091/tcp open   xmltec-xmlmail
MAC Address: 70:FC:8F:51:1E:BC (Freebox SAS)

Nmap done: 1 IP address (1 host up) scanned in 4.88 seconds

## 20210216_freebox-4.3.0-pre3_nmap3
> nmap -sV 192.168.1.254 --script nbstat.nse -v
Nmap scan report for _gateway (192.168.1.254)
Host is up (0.00033s latency).
Not shown: 988 closed ports
PORT     STATE SERVICE      VERSION
21/tcp   open  ftp          Freebox ftpd
53/tcp   open  domain       dnsmasq 2.81
80/tcp   open  http         nginx
443/tcp  open  ssl/http     nginx
445/tcp  open  microsoft-ds
| fingerprint-strings:
|   SMBProgNeg:
|     SMBr
|_    zYVd
548/tcp  open  afp          Netatalk 3.1.12 (name: Freebox Server; protocol 3.4)
554/tcp  open  rtsp         Freebox rtspd 1.2
2020/tcp open  tcpwrapped
5357/tcp open  wsdapi?
| fingerprint-strings:
|   DNSStatusRequestTCP, DNSVersionBindReqTCP, RPCCheck, SSLSessionReq, TerminalServerCookie:
|     HTTP/1.1 414 URI Too Long
|     Content-Type: text/plain
|     Server: FbxWSD/1.0
|     Content-Length: 16
|     Connection: close
|     Long
|   GenericLines, Help, RTSPRequest:
|     HTTP/1.1 400 Bad Request
|     Content-Type: text/plain
|     Server: FbxWSD/1.0
|     Content-Length: 15
|     Connection: close
|     Request
|   GetRequest, HTTPOptions:
|     HTTP/1.1 426 Upgrade Required
|     Upgrade: HTTP/1.1
|     Content-Type: text/plain
|     Server: FbxWSD/1.0
|     Content-Length: 20
|     Connection: close
|_    Upgrade Required
5678/tcp open  upnp         fbxigdd 1.1 (AliceBox PM203 UPnP; UPnP 1.0)
8090/tcp open  http         nginx
9091/tcp open  http         nginx
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port445-TCP:V=7.91%I=7%D=2/16%Time=602BC303%P=x86_64-pc-linux-gnu%r(SMB
SF:ProgNeg,51,"\0\0\0M\xffSMBr\0\0\0\0\x80\x01@\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0@\x06\0\0\x01\0\x11\x07\0\x03\n\0\x01\0\0\0\x01\0\0\0\x01\0\0\0\0\0\xd
SF:c\xc3\x80\x80\xc1zYVd\x04\xd7\x01\0\0\x08\x08\0\xd3\xb6\xfb\x05\0\x19L\
SF:xe1");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port5357-TCP:V=7.91%I=7%D=2/16%Time=602BC2FD%P=x86_64-pc-linux-gnu%r(Ge
SF:nericLines,80,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20t
SF:ext/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length:\x2015\r\nConnect
SF:ion:\x20close\r\n\r\n400\x20Bad\x20Request")%r(GetRequest,9D,"HTTP/1\.1
SF:\x20426\x20Upgrade\x20Required\r\nUpgrade:\x20HTTP/1\.1\r\nContent-Type
SF::\x20text/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length:\x2020\r\nC
SF:onnection:\x20close\r\n\r\n426\x20Upgrade\x20Required")%r(HTTPOptions,9
SF:D,"HTTP/1\.1\x20426\x20Upgrade\x20Required\r\nUpgrade:\x20HTTP/1\.1\r\n
SF:Content-Type:\x20text/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length
SF::\x2020\r\nConnection:\x20close\r\n\r\n426\x20Upgrade\x20Required")%r(R
SF:TSPRequest,80,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20t
SF:ext/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length:\x2015\r\nConnect
SF:ion:\x20close\r\n\r\n400\x20Bad\x20Request")%r(RPCCheck,82,"HTTP/1\.1\x
SF:20414\x20URI\x20Too\x20Long\r\nContent-Type:\x20text/plain\r\nServer:\x
SF:20FbxWSD/1\.0\r\nContent-Length:\x2016\r\nConnection:\x20close\r\n\r\n4
SF:14\x20URI\x20Too\x20Long")%r(DNSVersionBindReqTCP,82,"HTTP/1\.1\x20414\
SF:x20URI\x20Too\x20Long\r\nContent-Type:\x20text/plain\r\nServer:\x20FbxW
SF:SD/1\.0\r\nContent-Length:\x2016\r\nConnection:\x20close\r\n\r\n414\x20
SF:URI\x20Too\x20Long")%r(DNSStatusRequestTCP,82,"HTTP/1\.1\x20414\x20URI\
SF:x20Too\x20Long\r\nContent-Type:\x20text/plain\r\nServer:\x20FbxWSD/1\.0
SF:\r\nContent-Length:\x2016\r\nConnection:\x20close\r\n\r\n414\x20URI\x20
SF:Too\x20Long")%r(Help,80,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-
SF:Type:\x20text/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length:\x2015\
SF:r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(SSLSessionReq,
SF:82,"HTTP/1\.1\x20414\x20URI\x20Too\x20Long\r\nContent-Type:\x20text/pla
SF:in\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length:\x2016\r\nConnection:\x2
SF:0close\r\n\r\n414\x20URI\x20Too\x20Long")%r(TerminalServerCookie,82,"HT
SF:TP/1\.1\x20414\x20URI\x20Too\x20Long\r\nContent-Type:\x20text/plain\r\n
SF:Server:\x20FbxWSD/1\.0\r\nContent-Length:\x2016\r\nConnection:\x20close
SF:\r\n\r\n414\x20URI\x20Too\x20Long");
Service Info: OSs: Unix, Linux 2.6; Devices: media device, WAP; CPE: cpe:/o:linux:linux_kernel:2.6

NSE: Script Post-scanning.
Initiating NSE at 14:05
Completed NSE at 14:05, 0.00s elapsed
Initiating NSE at 14:05
Completed NSE at 14:05, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1007.21 seconds
	> nmap -sU -p137 --script nbstat 192.168.1.254
	Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-16 13:57 CET
	Nmap scan report for _gateway (192.168.1.254)
	Host is up (0.00022s latency).

	PORT STATE SERVICE
	137/udp closed netbios-ns
	MAC Address: 70:FC:8F:51:1E:BC (Freebox SAS)

	Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds
	>nmap --script wsdd-discover 192.168.1.254
	Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-16 13:57 CET
	Nmap scan report for _gateway (192.168.1.254)
	Host is up (0.00018s latency).
	Not shown: 983 filtered ports
	PORT STATE SERVICE
	21/tcp open ftp
	53/tcp open domain
	80/tcp open http
	139/tcp closed netbios-ssn
	443/tcp open https
	445/tcp open microsoft-ds
	548/tcp open afp
	554/tcp open rtsp
	1723/tcp closed pptp
	2020/tcp open xinupageserver
	5000/tcp closed upnp
	5001/tcp closed commplex-link
	5357/tcp open wsdapi
	5678/tcp open rrac
	6000/tcp closed X11
	8090/tcp open opsmessaging
	9091/tcp open xmltec-xmlmail
	MAC Address: 70:FC:8F:51:1E:BC (Freebox SAS)

	Nmap done: 1 IP address (1 host up) scanned in 4.88 seconds
	> nmap -sV 192.168.1.254 --script nbstat.nse -v
	Nmap scan report for _gateway (192.168.1.254)
	Host is up (0.00033s latency).
	Not shown: 988 closed ports
	PORT STATE SERVICE VERSION
	21/tcp open ftp Freebox ftpd
	53/tcp open domain dnsmasq 2.81
	80/tcp open http nginx
	443/tcp open ssl/http nginx
	445/tcp open microsoft-ds
	\| fingerprint-strings:
	\| SMBProgNeg:
	\| SMBr
	\|_ zYVd
	548/tcp open afp Netatalk 3.1.12 (name: Freebox Server; protocol 3.4)
	554/tcp open rtsp Freebox rtspd 1.2
	2020/tcp open tcpwrapped
	5357/tcp open wsdapi?
	\| fingerprint-strings:
	\| DNSStatusRequestTCP, DNSVersionBindReqTCP, RPCCheck, SSLSessionReq, TerminalServerCookie:
	\| HTTP/1.1 414 URI Too Long
	\| Content-Type: text/plain
	\| Server: FbxWSD/1.0
	\| Content-Length: 16
	\| Connection: close
	\| Long
	\| GenericLines, Help, RTSPRequest:
	\| HTTP/1.1 400 Bad Request
	\| Content-Type: text/plain
	\| Server: FbxWSD/1.0
	\| Content-Length: 15
	\| Connection: close
	\| Request
	\| GetRequest, HTTPOptions:
	\| HTTP/1.1 426 Upgrade Required
	\| Upgrade: HTTP/1.1
	\| Content-Type: text/plain
	\| Server: FbxWSD/1.0
	\| Content-Length: 20
	\| Connection: close
	\|_ Upgrade Required
	5678/tcp open upnp fbxigdd 1.1 (AliceBox PM203 UPnP; UPnP 1.0)
	8090/tcp open http nginx
	9091/tcp open http nginx
	2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
	==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
	SF-Port445-TCP:V=7.91%I=7%D=2/16%Time=602BC303%P=x86_64-pc-linux-gnu%r(SMB
	SF:ProgNeg,51,"\0\0\0M\xffSMBr\0\0\0\0\x80\x01@\0\0\0\0\0\0\0\0\0\0\0\0\0\
	SF:0@\x06\0\0\x01\0\x11\x07\0\x03\n\0\x01\0\0\0\x01\0\0\0\x01\0\0\0\0\0\xd
	SF:c\xc3\x80\x80\xc1zYVd\x04\xd7\x01\0\0\x08\x08\0\xd3\xb6\xfb\x05\0\x19L\
	SF:xe1");
	==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
	SF-Port5357-TCP:V=7.91%I=7%D=2/16%Time=602BC2FD%P=x86_64-pc-linux-gnu%r(Ge
	SF:nericLines,80,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20t
	SF:ext/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length:\x2015\r\nConnect
	SF:ion:\x20close\r\n\r\n400\x20Bad\x20Request")%r(GetRequest,9D,"HTTP/1\.1
	SF:\x20426\x20Upgrade\x20Required\r\nUpgrade:\x20HTTP/1\.1\r\nContent-Type
	SF::\x20text/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length:\x2020\r\nC
	SF:onnection:\x20close\r\n\r\n426\x20Upgrade\x20Required")%r(HTTPOptions,9
	SF:D,"HTTP/1\.1\x20426\x20Upgrade\x20Required\r\nUpgrade:\x20HTTP/1\.1\r\n
	SF:Content-Type:\x20text/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length
	SF::\x2020\r\nConnection:\x20close\r\n\r\n426\x20Upgrade\x20Required")%r(R
	SF:TSPRequest,80,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x20t
	SF:ext/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length:\x2015\r\nConnect
	SF:ion:\x20close\r\n\r\n400\x20Bad\x20Request")%r(RPCCheck,82,"HTTP/1\.1\x
	SF:20414\x20URI\x20Too\x20Long\r\nContent-Type:\x20text/plain\r\nServer:\x
	SF:20FbxWSD/1\.0\r\nContent-Length:\x2016\r\nConnection:\x20close\r\n\r\n4
	SF:14\x20URI\x20Too\x20Long")%r(DNSVersionBindReqTCP,82,"HTTP/1\.1\x20414\
	SF:x20URI\x20Too\x20Long\r\nContent-Type:\x20text/plain\r\nServer:\x20FbxW
	SF:SD/1\.0\r\nContent-Length:\x2016\r\nConnection:\x20close\r\n\r\n414\x20
	SF:URI\x20Too\x20Long")%r(DNSStatusRequestTCP,82,"HTTP/1\.1\x20414\x20URI\
	SF:x20Too\x20Long\r\nContent-Type:\x20text/plain\r\nServer:\x20FbxWSD/1\.0
	SF:\r\nContent-Length:\x2016\r\nConnection:\x20close\r\n\r\n414\x20URI\x20
	SF:Too\x20Long")%r(Help,80,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-
	SF:Type:\x20text/plain\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length:\x2015\
	SF:r\nConnection:\x20close\r\n\r\n400\x20Bad\x20Request")%r(SSLSessionReq,
	SF:82,"HTTP/1\.1\x20414\x20URI\x20Too\x20Long\r\nContent-Type:\x20text/pla
	SF:in\r\nServer:\x20FbxWSD/1\.0\r\nContent-Length:\x2016\r\nConnection:\x2
	SF:0close\r\n\r\n414\x20URI\x20Too\x20Long")%r(TerminalServerCookie,82,"HT
	SF:TP/1\.1\x20414\x20URI\x20Too\x20Long\r\nContent-Type:\x20text/plain\r\n
	SF:Server:\x20FbxWSD/1\.0\r\nContent-Length:\x2016\r\nConnection:\x20close
	SF:\r\n\r\n414\x20URI\x20Too\x20Long");
	Service Info: OSs: Unix, Linux 2.6; Devices: media device, WAP; CPE: cpe:/o:linux:linux_kernel:2.6

	NSE: Script Post-scanning.
	Initiating NSE at 14:05
	Completed NSE at 14:05, 0.00s elapsed
	Initiating NSE at 14:05
	Completed NSE at 14:05, 0.00s elapsed
	Read data files from: /usr/bin/../share/nmap
	Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
	Nmap done: 1 IP address (1 host up) scanned in 1007.21 seconds