Skip to content

Instantly share code, notes, and snippets.

@zachriggle
Last active Dec 17, 2015
Embed
What would you like to do?
unalloctf portscan
~ ⮀ sudo nmap -sT -T Insane -P0 -A 192.168.1.2 192.168.1.66 192.168.1.79 192.168.1.80 192.168.1.117 192.168.1.213 192.168.1.214 192.168.1.254 -v -v --privileged
Starting Nmap 6.25 ( http://nmap.org ) at 2013-05-27 14:58 EDT
NSE: Loaded 106 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
NSE: Starting runlevel 2 (of 2) scan.
Initiating Parallel DNS resolution of 8 hosts. at 14:58
Completed Parallel DNS resolution of 8 hosts. at 14:58, 0.74s elapsed
Initiating Connect Scan at 14:58
Scanning 8 hosts [1000 ports/host]
Discovered open port 110/tcp on 192.168.1.66
Discovered open port 21/tcp on 192.168.1.213
Discovered open port 25/tcp on 192.168.1.66
Discovered open port 22/tcp on 192.168.1.66
Discovered open port 22/tcp on 192.168.1.79
Discovered open port 22/tcp on 192.168.1.117
Discovered open port 22/tcp on 192.168.1.2
Discovered open port 3306/tcp on 192.168.1.2
Discovered open port 3306/tcp on 192.168.1.79
Discovered open port 25/tcp on 192.168.1.213
Discovered open port 995/tcp on 192.168.1.66
Discovered open port 143/tcp on 192.168.1.66
Discovered open port 80/tcp on 192.168.1.79
Discovered open port 80/tcp on 192.168.1.2
Discovered open port 993/tcp on 192.168.1.66
Discovered open port 80/tcp on 192.168.1.117
Discovered open port 135/tcp on 192.168.1.80
Discovered open port 1025/tcp on 192.168.1.80
Discovered open port 135/tcp on 192.168.1.213
Discovered open port 1025/tcp on 192.168.1.213
Discovered open port 80/tcp on 192.168.1.213
Discovered open port 445/tcp on 192.168.1.80
Discovered open port 3389/tcp on 192.168.1.80
Discovered open port 139/tcp on 192.168.1.213
Discovered open port 445/tcp on 192.168.1.213
Discovered open port 443/tcp on 192.168.1.213
Discovered open port 139/tcp on 192.168.1.80
Discovered open port 80/tcp on 192.168.1.214
Discovered open port 1026/tcp on 192.168.1.213
Discovered open port 1186/tcp on 192.168.1.80
Discovered open port 1187/tcp on 192.168.1.80
Discovered open port 1218/tcp on 192.168.1.80
Discovered open port 119/tcp on 192.168.1.213
Discovered open port 1027/tcp on 192.168.1.213
Discovered open port 563/tcp on 192.168.1.213
Discovered open port 3372/tcp on 192.168.1.213
Discovered open port 2000/tcp on 192.168.1.117
Completed Connect Scan against 192.168.1.2 in 0.44s (7 hosts left)
Completed Connect Scan against 192.168.1.66 in 0.45s (6 hosts left)
Completed Connect Scan against 192.168.1.117 in 0.45s (5 hosts left)
Completed Connect Scan against 192.168.1.213 in 0.45s (4 hosts left)
Completed Connect Scan against 192.168.1.79 in 0.45s (3 hosts left)
Completed Connect Scan against 192.168.1.80 in 0.45s (2 hosts left)
Completed Connect Scan against 192.168.1.254 in 4.76s (1 host left)
Warning: 192.168.1.214 giving up on port because retransmission cap hit (2).
Completed Connect Scan at 14:59, 5.91s elapsed (8000 total ports)
Initiating Service scan at 14:59
Scanning 37 services on 8 hosts
Completed Service scan at 15:00, 76.04s elapsed (37 services on 8 hosts)
Initiating OS detection (try #1) against 8 hosts
Retrying OS detection (try #2) against 3 hosts
adjust_timeouts2: packet supposedly had rtt of -1041195 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -1041195 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -398032 microseconds. Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -398032 microseconds. Ignoring time.
Initiating Traceroute at 15:00
Completed Traceroute at 15:00, 12.09s elapsed
Initiating Parallel DNS resolution of 8 hosts. at 15:00
Completed Parallel DNS resolution of 8 hosts. at 15:00, 0.02s elapsed
NSE: Script scanning 8 hosts.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 15:00
NSE Timing: About 99.16% done; ETC: 15:01 (0:00:00 remaining)
Completed NSE at 15:01, 31.74s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Nmap scan report for 192.168.1.2
Host is up (0.0012s latency).
Scanned at 2013-05-27 14:58:58 EDT for 103s
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.0p1 Debian 3ubuntu1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 1024 b8:14:6e:b5:2d:c1:8e:56:12:e5:5c:73:b2:03:9c:f4 (DSA)
| ssh-dss AAAAB3NzaC1kc3MAAACBAPZiCVO2SrlGIiaRkKlOvTQLGNImPzr+T2cZIPdBT7mcSsIhGeXEvbjFwZuvcUkxoK61TvFnsQf6xK5wkeDDo5UuQCU3JzdRS8tsdaNKMIqOjUd66OOrzSDl8t74AUAppsXr4W/MEJ24xTEZRqM7hQb0f8NuF8X/+0DQ4l9epfNrAAAAFQCeoO/lBHeb68IJfnz9y60NP/KOwQAAAIBf6d4H99CpPLLaTqgOkm6s035/jpRG3fCvg8JNBV/vQFvSRe4RraQR/bjSt5MaZjElQJObevTpKmz0z+EuGpsJvHxk2qv7Un7Mf2sNZ7pE8k2GFhs4XBRjnwBFfufD248yOVErDf/GYEVhUJ0CEt+fDyKOwpi/MlpT8Tjkf2L+RgAAAIEAllADrdQ/xJJfSkGkzneH1/Hk7NQSt696IL4VlW1H91Vlsd37rxtPaW0i72NtXxT9EKoCOEPmn0pxr94eVgQbmQX5G8rU4RI0dzycQdu1mPE27iYqTpT2I6ywPbJDeB99nUK3c7g09yg34loGBh5tku074B+6+cey/8M/dFoK82A=
| 2048 a8:7b:41:d2:d6:47:57:e7:ba:05:6b:7a:c4:f2:3f:54 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQ7sGkGED/B6af7W77uAY5Ef+jD3Zm6kSBnLr7rZYWefSn+NyNiyXD+GUQKXdFV3AoYQUoe1Gjskc1V28ym3smqQ9+q83eiTR/PGja35DlGu9k9qC+TBNjJdU8TFR6SNLqke6d+2L59iV21bwR4CRrWaI/IjJUjDi34eb/eX0Q0I7FHJJy8xVfYJDlmGnEnlKUrjrjP4D1GL68EH9sHULDlICvyI2D65h/vwlvQ/h1xhMjrmHXqBVHpaw54sHMv2KjClkiEBldzqgZwYyo9v3KjO++kYcS4Sf5CvJVgWPoI3ix85c2GoR7Jz/QBeRmx9bsCV53+Eaind9RkK4F/IKH
| 256 d7:d8:13:94:93:2f:e5:d8:d6:9c:54:e2:5b:63:ee:48 (ECDSA)
|_ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMcxYDFI52jOAlylJG5UeL5RVnY8JRUv4iL8hkyvQ99lnjfdsA4UHvaOzPyVMsFVKs6hjiR4RnGYMyK7cvA1kcE=
80/tcp open http Apache httpd 2.2.22 ((Ubuntu))
|_http-methods: GET HEAD POST OPTIONS
|_http-title: Site doesn't have a title (text/html).
3306/tcp open mysql MySQL (unauthorized)
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.2
TCP/IP fingerprint:
OS:SCAN(V=6.25%E=4%D=5/27%OT=22%CT=1%CU=42198%PV=Y%DS=2%DC=T%G=N%TM=51A3AD7
OS:6%P=x86_64-apple-darwin12.3.0)SEQ(SP=103%GCD=1%ISR=109%TI=Z%II=I%TS=8)OP
OS:S(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST
OS:11NW7%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)EC
OS:N(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=
OS:AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD
OS:=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%R
OS:UCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Uptime guess: 0.683 days (since Sun May 26 22:37:38 2013)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
1 0.59 ms 172.16.105.254
2 0.95 ms 192.168.1.2
Nmap scan report for 192.168.1.66
Host is up (0.0012s latency).
Scanned at 2013-05-27 14:58:58 EDT for 103s
Not shown: 994 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.0p1 Debian 3ubuntu1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 1024 ad:c3:f0:ff:df:9e:61:dc:6e:0c:97:83:ba:1a:e9:d8 (DSA)
| ssh-dss AAAAB3NzaC1kc3MAAACBAP8Yu84NOJqGSk5tIXyKLFsKccPfZTJszOXY9TZPhjfZnAmBlEoIDb27vq/fLuKsM5vIaxHFEfwLI+HTaqU82pOGmt4OuE6qHRHago8Ub36NOdc1TgQ/CQrH3mE71X0bl+wj+3PMY2yOr7k7aMrd+HxPk/3PVoVwb6yKOzfeYHjXAAAAFQDRDm9lZyHo25ZBZdUMZ86PewnvbwAAAIEA2VLFF4A5HQa73HYUN0gjrkpW5/zJTHe4kRC6e/arJz0DKp6sTLxLrbluSzGJ3g+oGBTy2gRKC82CB09csTCFN/tDPMcjJKX2iQB+MuNhZEt0704ZkR7OF8c5QCN918CtpdS1c75jXADuqpY+LHp3igsmw4Ybdk9AAiE5pVJyaFgAAACBAMnmUNfRKq0embGckfGanE9pIAyuIrnx9ngRz0AGtw1JmXXCJosqjqLKQ/Kr5u9jIdhgGUOlHEcgShYsflehVCUhkf9UJWH6fKM/hiJFi3N6jUvQQ5BB8zgst56Ge8FwMcn+UJlRtOjk2VO0TeRkTxIcCzPxL3k1vgtC2YOdfgHU
| 2048 18:13:6e:62:c5:a6:1a:c0:3d:49:05:4d:94:c9:9a:7a (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXFQ96ASoiBf/jjk3Q4tJhrZLEVbg1x4okxVbzFI8cm1wqAtUe86p7EWYz7OAvi4aJwthW5Fjzr1TPHwR9UsKkAspxIR/+laWBC8eXjdxnzT/wzIo+oFzQRdISEOJIzoVn31+XAfgOkclD34B6NGsIGJexamq3L4RiM/4ycRnVqwLejD5/jQxJY4hHN0//OfnMPrjSsk4gJF0U8mLyc98tES5BqFSkU0AUEQID1OyZuO31sh0K2Kt8p++8n4dTbwUS/MX8aSQwVIl7qxJhpAX6yZFMoZA0g3pQ0ebJzflGqs+A2uu5T7Psxl2j9om1Ws9Lnh1vHlDKjjvWmihbVwZr
| 256 fb:fd:3c:2f:1c:2b:34:f1:c8:2a:57:78:09:97:de:d5 (ECDSA)
|_ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG2pl5fMwWnoAUaQyhBbPLn80FxeW3W2gu6dxQig/FK1tJwxmHLURqbM1E3iLYrHJWenGeUohn71Co05wBpl92A=
25/tcp open smtp Postfix smtpd
|_smtp-commands: ubuntu, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
| ssl-cert: Subject: commonName=ubuntu
| Issuer: commonName=ubuntu
| Public Key type: rsa
| Public Key bits: 2048
| Not valid before: 2013-05-17T18:12:05+00:00
| Not valid after: 2023-05-15T18:12:05+00:00
| MD5: aa9f 27b4 5a31 cdc6 b146 f825 dfde 82d8
| SHA-1: 7971 d554 6dc2 990d a8cb fa62 313a 0e0c b8c2 c269
| -----BEGIN CERTIFICATE-----
| MIICsjCCAZqgAwIBAgIJAPEXgDagVFeCMA0GCSqGSIb3DQEBBQUAMBExDzANBgNV
| BAMTBnVidW50dTAeFw0xMzA1MTcxOTEyMDVaFw0yMzA1MTUxOTEyMDVaMBExDzAN
| BgNVBAMTBnVidW50dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANtU
| v0RC/rJi+svbZ7TbyQ4oQkrNuvAZ0owCi4fOBJKoN4IO4RuXU+gg9hhQ7sZkxjRe
| ikFPzr3uxMZvPF44nEUqJu8o3jyFyaEiANs4+VV+oFIJIvOCL661MBm6r2lRIWR+
| x4UWr1dBLF5Eo2cI79rzUjjU524RtpxNrKXTzo6rX+Mhc9+dRhn2w8Yny//lsLvn
| ig54rJblJA64hBH4cmp+5TysKqWHeRMokaUcPNZJuZUEieYlBJJAYlwrEJukQ1qx
| EOew334uaHSA/+xR0mbYRX4jUeCO8HDiwWsKJYPaorO/kyvpcN2+VhxD9H8e42t6
| GxzLNRrxe+7/Gpbpo/sCAwEAAaMNMAswCQYDVR0TBAIwADANBgkqhkiG9w0BAQUF
| AAOCAQEAYlI7mS2UMvbE9cb1Ja0Bc9nTZQ7ijAsflh4iqW1q1n/E2R+1oGV0+Bvm
| PgalZD+NXo9w/MZmq15Iw3o/A64T1HBcTLxw9b86LwuUAZJbHDJZPPPKQxUdiGYT
| ZnCP2kscs0Msx3+wGYStnrYFTD6pcjo77Im1eznCMtKKa5w2Hfmh9Q/tdATzlKIS
| t/hRZ81zMn3sWHVI+Y3ibP3tuv6c46vDpSozZOKIkXAT/rY5z8JTEhzbL0PhDkkl
| J0bxAPsS/sTSigTqz0Z579tfj89Bq68cLzMFKYXopMWePX/PPFjYLTWU5i6us5ee
| DXnhP3GwwUzt8IHb8rLixO281MTVIg==
|_-----END CERTIFICATE-----
|_ssl-date: 2013-05-27T19:00:12+00:00; -27s from local time.
110/tcp open pop3 Dovecot pop3d
|_pop3-capabilities: SASL TOP CAPA STLS PIPELINING UIDL RESP-CODES
143/tcp open imap Dovecot imapd
|_imap-capabilities: IDLE listed capabilities have Pre-login LOGIN-REFERRALS LITERAL+ STARTTLS ID ENABLE more SASL-IR LOGINDISABLEDA0001 OK post-login IMAP4rev1
993/tcp open ssl/imap Dovecot imapd
|_imap-capabilities: IDLE capabilities have Pre-login LOGIN-REFERRALS LITERAL+ AUTH=PLAINA0001 ID ENABLE more SASL-IR listed OK post-login IMAP4rev1
| ssl-cert: Subject: commonName=ubuntu/organizationName=Dovecot mail server/emailAddress=root@ubuntu/organizationalUnitName=ubuntu
| Issuer: commonName=ubuntu/organizationName=Dovecot mail server/emailAddress=root@ubuntu/organizationalUnitName=ubuntu
| Public Key type: rsa
| Public Key bits: 2048
| Not valid before: 2013-05-17T18:12:14+00:00
| Not valid after: 2023-05-17T18:12:14+00:00
| MD5: a647 bcef bf7a 9b83 9698 a1f1 5bcb a725
| SHA-1: 13f3 b3b2 7af9 4659 da0b 6894 4a1f ce9b ef66 a190
| -----BEGIN CERTIFICATE-----
| MIIDizCCAnOgAwIBAgIJAJawBt9Bw5bKMA0GCSqGSIb3DQEBBQUAMFwxHDAaBgNV
| BAoME0RvdmVjb3QgbWFpbCBzZXJ2ZXIxDzANBgNVBAsMBnVidW50dTEPMA0GA1UE
| AwwGdWJ1bnR1MRowGAYJKoZIhvcNAQkBFgtyb290QHVidW50dTAeFw0xMzA1MTcx
| OTEyMTRaFw0yMzA1MTcxOTEyMTRaMFwxHDAaBgNVBAoME0RvdmVjb3QgbWFpbCBz
| ZXJ2ZXIxDzANBgNVBAsMBnVidW50dTEPMA0GA1UEAwwGdWJ1bnR1MRowGAYJKoZI
| hvcNAQkBFgtyb290QHVidW50dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
| ggEBAOGc8hSjdmHua5l9aRwqZg3t+M3Ydan3dacFnwXriv1japosXHbTH3dAQ1X0
| uHByqJq23F1MgJqqxfpBoMaWIVGaKrff6fhq5f7NXYUhoQbCAK/GJg9i7ipNTfMg
| gIiyCoti8Z7fQqqYRESENeHJgT3HX1N6ozDfueFdzUZJ0aVC1HZjskMa9VEb8iru
| TdqXzVU+p21Iov+5ttArZHEax35a++Et5OVLz3TyWnGewKwTfQeWTuN3CfL1e31p
| 4X77Tgkac1bgY2yx/aa//lUBlQw6mG9p+PQ9BSwbts03Eci9WeeIyVTG8hvKWNJu
| h28XAHjU8m/+C2J2AW4U84OubhMCAwEAAaNQME4wHQYDVR0OBBYEFCcQ6LPsunxS
| QObBGDeCrhcQDnvEMB8GA1UdIwQYMBaAFCcQ6LPsunxSQObBGDeCrhcQDnvEMAwG
| A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHBao+qbPFrm7XcJ/lFSQ2+B
| OM8lg2eniG6XThiCHaoqfM5XnaTZeYt2p/SuwFMQx9qw9s/iWnL6t2DYoOlGz2Ga
| XKf+tS54M1G6d1UHF6AhWTnnnqb3GFlmvGtgUf8fGavJ2bRfndxhHkawYz+8InwU
| LoDOXuMYM37ZaAHijUq5iTSgc7NzTZyhGEulUL3uexQu+1jIQmHPwjukvZC6dCiK
| 9wVMVN9Ce2dNv9Nfd7CSwopdlxU9IJ6YPf6Je4KzJfCABtIcuFJDxDoE2hiGUlOF
| fJRNPDjjzn4AOf2AQGG0n8AEVLrP9ZAbqhCs+bFKA1xC/7r4kcEkz1Lh/fujj+U=
|_-----END CERTIFICATE-----
|_ssl-date: 2013-05-27T19:00:13+00:00; -27s from local time.
995/tcp open ssl/pop3 Dovecot pop3d
|_pop3-capabilities: SASL(PLAIN) TOP CAPA USER PIPELINING UIDL RESP-CODES
| ssl-cert: Subject: commonName=ubuntu/organizationName=Dovecot mail server/emailAddress=root@ubuntu/organizationalUnitName=ubuntu
| Issuer: commonName=ubuntu/organizationName=Dovecot mail server/emailAddress=root@ubuntu/organizationalUnitName=ubuntu
| Public Key type: rsa
| Public Key bits: 2048
| Not valid before: 2013-05-17T18:12:14+00:00
| Not valid after: 2023-05-17T18:12:14+00:00
| MD5: a647 bcef bf7a 9b83 9698 a1f1 5bcb a725
| SHA-1: 13f3 b3b2 7af9 4659 da0b 6894 4a1f ce9b ef66 a190
| -----BEGIN CERTIFICATE-----
| MIIDizCCAnOgAwIBAgIJAJawBt9Bw5bKMA0GCSqGSIb3DQEBBQUAMFwxHDAaBgNV
| BAoME0RvdmVjb3QgbWFpbCBzZXJ2ZXIxDzANBgNVBAsMBnVidW50dTEPMA0GA1UE
| AwwGdWJ1bnR1MRowGAYJKoZIhvcNAQkBFgtyb290QHVidW50dTAeFw0xMzA1MTcx
| OTEyMTRaFw0yMzA1MTcxOTEyMTRaMFwxHDAaBgNVBAoME0RvdmVjb3QgbWFpbCBz
| ZXJ2ZXIxDzANBgNVBAsMBnVidW50dTEPMA0GA1UEAwwGdWJ1bnR1MRowGAYJKoZI
| hvcNAQkBFgtyb290QHVidW50dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
| ggEBAOGc8hSjdmHua5l9aRwqZg3t+M3Ydan3dacFnwXriv1japosXHbTH3dAQ1X0
| uHByqJq23F1MgJqqxfpBoMaWIVGaKrff6fhq5f7NXYUhoQbCAK/GJg9i7ipNTfMg
| gIiyCoti8Z7fQqqYRESENeHJgT3HX1N6ozDfueFdzUZJ0aVC1HZjskMa9VEb8iru
| TdqXzVU+p21Iov+5ttArZHEax35a++Et5OVLz3TyWnGewKwTfQeWTuN3CfL1e31p
| 4X77Tgkac1bgY2yx/aa//lUBlQw6mG9p+PQ9BSwbts03Eci9WeeIyVTG8hvKWNJu
| h28XAHjU8m/+C2J2AW4U84OubhMCAwEAAaNQME4wHQYDVR0OBBYEFCcQ6LPsunxS
| QObBGDeCrhcQDnvEMB8GA1UdIwQYMBaAFCcQ6LPsunxSQObBGDeCrhcQDnvEMAwG
| A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHBao+qbPFrm7XcJ/lFSQ2+B
| OM8lg2eniG6XThiCHaoqfM5XnaTZeYt2p/SuwFMQx9qw9s/iWnL6t2DYoOlGz2Ga
| XKf+tS54M1G6d1UHF6AhWTnnnqb3GFlmvGtgUf8fGavJ2bRfndxhHkawYz+8InwU
| LoDOXuMYM37ZaAHijUq5iTSgc7NzTZyhGEulUL3uexQu+1jIQmHPwjukvZC6dCiK
| 9wVMVN9Ce2dNv9Nfd7CSwopdlxU9IJ6YPf6Je4KzJfCABtIcuFJDxDoE2hiGUlOF
| fJRNPDjjzn4AOf2AQGG0n8AEVLrP9ZAbqhCs+bFKA1xC/7r4kcEkz1Lh/fujj+U=
|_-----END CERTIFICATE-----
|_ssl-date: 2013-05-27T19:00:11+00:00; -27s from local time.
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.2
TCP/IP fingerprint:
OS:SCAN(V=6.25%E=4%D=5/27%OT=22%CT=1%CU=36056%PV=Y%DS=2%DC=T%G=N%TM=51A3AD7
OS:6%P=x86_64-apple-darwin12.3.0)SEQ(SP=107%GCD=1%ISR=108%TI=Z%II=I%TS=8)OP
OS:S(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST
OS:11NW7%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)EC
OS:N(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=
OS:AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD
OS:=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%R
OS:UCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Uptime guess: 0.617 days (since Mon May 27 00:12:07 2013)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: ubuntu; OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
- Hop 1 is the same as for 192.168.1.2
2 0.89 ms 192.168.1.66
Nmap scan report for 192.168.1.79
Host is up (0.00084s latency).
Scanned at 2013-05-27 14:58:58 EDT for 102s
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.0p1 Debian 3ubuntu1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 1024 b8:14:6e:b5:2d:c1:8e:56:12:e5:5c:73:b2:03:9c:f4 (DSA)
| ssh-dss AAAAB3NzaC1kc3MAAACBAPZiCVO2SrlGIiaRkKlOvTQLGNImPzr+T2cZIPdBT7mcSsIhGeXEvbjFwZuvcUkxoK61TvFnsQf6xK5wkeDDo5UuQCU3JzdRS8tsdaNKMIqOjUd66OOrzSDl8t74AUAppsXr4W/MEJ24xTEZRqM7hQb0f8NuF8X/+0DQ4l9epfNrAAAAFQCeoO/lBHeb68IJfnz9y60NP/KOwQAAAIBf6d4H99CpPLLaTqgOkm6s035/jpRG3fCvg8JNBV/vQFvSRe4RraQR/bjSt5MaZjElQJObevTpKmz0z+EuGpsJvHxk2qv7Un7Mf2sNZ7pE8k2GFhs4XBRjnwBFfufD248yOVErDf/GYEVhUJ0CEt+fDyKOwpi/MlpT8Tjkf2L+RgAAAIEAllADrdQ/xJJfSkGkzneH1/Hk7NQSt696IL4VlW1H91Vlsd37rxtPaW0i72NtXxT9EKoCOEPmn0pxr94eVgQbmQX5G8rU4RI0dzycQdu1mPE27iYqTpT2I6ywPbJDeB99nUK3c7g09yg34loGBh5tku074B+6+cey/8M/dFoK82A=
| 2048 a8:7b:41:d2:d6:47:57:e7:ba:05:6b:7a:c4:f2:3f:54 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQ7sGkGED/B6af7W77uAY5Ef+jD3Zm6kSBnLr7rZYWefSn+NyNiyXD+GUQKXdFV3AoYQUoe1Gjskc1V28ym3smqQ9+q83eiTR/PGja35DlGu9k9qC+TBNjJdU8TFR6SNLqke6d+2L59iV21bwR4CRrWaI/IjJUjDi34eb/eX0Q0I7FHJJy8xVfYJDlmGnEnlKUrjrjP4D1GL68EH9sHULDlICvyI2D65h/vwlvQ/h1xhMjrmHXqBVHpaw54sHMv2KjClkiEBldzqgZwYyo9v3KjO++kYcS4Sf5CvJVgWPoI3ix85c2GoR7Jz/QBeRmx9bsCV53+Eaind9RkK4F/IKH
| 256 d7:d8:13:94:93:2f:e5:d8:d6:9c:54:e2:5b:63:ee:48 (ECDSA)
|_ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMcxYDFI52jOAlylJG5UeL5RVnY8JRUv4iL8hkyvQ99lnjfdsA4UHvaOzPyVMsFVKs6hjiR4RnGYMyK7cvA1kcE=
80/tcp open http Apache httpd 2.2.22 ((Ubuntu))
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
|_http-title: Site doesn't have a title (text/html).
3306/tcp open mysql MySQL 5.5.27-0ubuntu2
| mysql-info: Protocol: 10
| Version: 5.5.27-0ubuntu2
| Thread ID: 11541
| Some Capabilities: Long Passwords, Connect with DB, Compress, ODBC, Transactions, Secure Connection
| Status: Autocommit
|_Salt: J8ug''0X
Device type: general purpose|firewall|terminal|WAP
Running (JUST GUESSING): Linux 3.X|2.6.X|2.4.X (98%), IPFire Linux 2.6.X (90%), IGEL Linux 2.6.X (89%)
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6 cpe:/o:ipfire:linux:2.6.32 cpe:/o:igel:linux:2.6 cpe:/o:linux:linux_kernel:2.4
OS fingerprint not ideal because: Timing level 5 (Insane) used
Aggressive OS guesses: Linux 3.2 (98%), Linux 2.6.32 - 2.6.38 (98%), Linux 3.0 (95%), Linux 2.6.32 (92%), Linux 3.1 - 3.4 (91%), Linux 2.6.38 (91%), Linux 3.0 - 3.2 (91%), Linux 2.6.15 - 2.6.26 (90%), Linux 2.6.32 - 2.6.33 (90%), Linux 2.6.32 - 2.6.35 (90%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=6.25%E=4%D=5/27%OT=22%CT=1%CU=43628%PV=Y%DS=2%DC=T%G=N%TM=51A3AD76%P=x86_64-apple-darwin12.3.0)
SEQ(SP=F5%GCD=1%ISR=FB%TI=Z%II=I%TS=8)
OPS(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11)
WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)
ECN(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW7%CC=Y%Q=)
T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
T6(R=N)
T7(R=N)
U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
IE(R=Y%DFI=N%T=40%CD=S)
Uptime guess: 0.600 days (since Mon May 27 00:36:48 2013)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=245 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
- Hop 1 is the same as for 192.168.1.2
2 0.88 ms 192.168.1.79
Nmap scan report for 192.168.1.80
Host is up (0.00089s latency).
Scanned at 2013-05-27 14:58:58 EDT for 105s
Not shown: 992 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open tcpwrapped
1025/tcp open msrpc Microsoft Windows RPC
1186/tcp open sip (SIP end point; Status: 200 OK)
| sip-methods:
|_ INVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, SUBSCRIBE, NOTIFY, REFER, INFO, MESSAGE
1187/tcp open tcpwrapped
1218/tcp open sip (SIP end point; Status: 200 OK)
| sip-methods:
|_ INVITE, ACK, CANCEL, OPTIONS, BYE, REGISTER, SUBSCRIBE, NOTIFY, REFER, INFO, MESSAGE
3389/tcp open ms-wbt-server Microsoft Terminal Service
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port1186-TCP:V=6.25%I=7%D=5/27%Time=51A3AD03%P=x86_64-apple-darwin12.3.
SF:0%r(GenericLines,2,"\r\n")%r(SIPOptions,1C1,"SIP/2\.0\x20200\x20OK\r\nV
SF:ia:\x20SIP/2\.0/TCP\x20nm;branch=foo;received=172\.16\.105\.106\r\nCont
SF:act:\x20<sip:192\.168\.1\.80:1186;transport=TCP>\r\nTo:\x20<sip:nm2@nm2
SF:>;tag=56799d03\r\nFrom:\x20<sip:nm@nm>;tag=root\r\nCall-ID:\x2050000\r\
SF:nCSeq:\x2042\x20OPTIONS\r\nAccept:\x20application/sdp\r\nAccept-Languag
SF:e:\x20en\r\nAllow:\x20INVITE,\x20ACK,\x20CANCEL,\x20OPTIONS,\x20BYE,\x2
SF:0REGISTER,\x20SUBSCRIBE,\x20NOTIFY,\x20REFER,\x20INFO,\x20MESSAGE\r\nSu
SF:pported:\x20replaces\r\nAllow-Events:\x20presence,\x20message-summary,\
SF:x20tunnel-info\r\nContent-Length:\x200\r\n\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port1218-TCP:V=6.25%I=7%D=5/27%Time=51A3AD03%P=x86_64-apple-darwin12.3.
SF:0%r(GenericLines,2,"\r\n")%r(SIPOptions,1C1,"SIP/2\.0\x20200\x20OK\r\nV
SF:ia:\x20SIP/2\.0/TCP\x20nm;branch=foo;received=172\.16\.105\.106\r\nCont
SF:act:\x20<sip:192\.168\.1\.80:1218;transport=TCP>\r\nTo:\x20<sip:nm2@nm2
SF:>;tag=8976fd4b\r\nFrom:\x20<sip:nm@nm>;tag=root\r\nCall-ID:\x2050000\r\
SF:nCSeq:\x2042\x20OPTIONS\r\nAccept:\x20application/sdp\r\nAccept-Languag
SF:e:\x20en\r\nAllow:\x20INVITE,\x20ACK,\x20CANCEL,\x20OPTIONS,\x20BYE,\x2
SF:0REGISTER,\x20SUBSCRIBE,\x20NOTIFY,\x20REFER,\x20INFO,\x20MESSAGE\r\nSu
SF:pported:\x20replaces\r\nAllow-Events:\x20presence,\x20message-summary,\
SF:x20tunnel-info\r\nContent-Length:\x200\r\n\r\n");
Device type: general purpose
Running: Microsoft Windows 2003
OS CPE: cpe:/o:microsoft:windows_server_2003::sp1 cpe:/o:microsoft:windows_server_2003::sp2
OS details: Microsoft Windows Server 2003 SP1 or SP2
TCP/IP fingerprint:
OS:SCAN(V=6.25%E=4%D=5/27%OT=135%CT=1%CU=33237%PV=Y%DS=2%DC=T%G=N%TM=51A3AD
OS:76%P=x86_64-apple-darwin12.3.0)SEQ(SP=F2%GCD=1%ISR=10A%TI=I%II=I%SS=S%TS
OS:=0)OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0N
OS:NT00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)WIN(W1=4000%W2=4000%W3=4000%W
OS:4=4000%W5=4000%W6=4000)ECN(R=Y%DF=N%T=80%W=4000%O=M5B4NW0NNS%CC=N%Q=)T1(
OS:R=Y%DF=N%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=N%T=8
OS:0%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=80%IPL=B0%UN=
OS:0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=S%T=80%CD=Z)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=242 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| nbstat:
| NetBIOS name: REMOTE, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:af:6c:a6 (VMware)
| Names
| REMOTE<00> Flags: <unique><active>
| CTF<00> Flags: <group><active>
| CTF<1e> Flags: <group><active>
| CTF<1d> Flags: <unique><active>
| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
| REMOTE<20> Flags: <unique><active>
| Statistics
| 00 0c 29 af 6c a6 00 00 00 00 00 00 00 00 00 00
| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|_ 00 00 00 00 00 00 00 00 00 00 00 00 00 00
| p2p-conficker:
| Checking for Conficker.C or higher...
| Check 1 (port 39226/tcp): CLEAN (Couldn't connect)
| Check 2 (port 23895/tcp): CLEAN (Couldn't connect)
| | Check 3 (port 40520/udp): CLEAN (Failed to receive data)
| | Check 4 (port 34590/udp): CLEAN (Failed to receive data)
|_ 0/4 checks are positive: Host is CLEAN or ports are blocked
| smb-os-discovery:
| OS: Windows Server 2003 3790 Service Pack 2 (Windows Server 2003 5.2)
| OS CPE: cpe:/o:microsoft:windows_server_2003::sp2
| Computer name: remote
| NetBIOS computer name: REMOTE
| Domain name: ctf.unallocatedspace.org
| Forest name: ctf.unallocatedspace.org
| FQDN: remote.ctf.unallocatedspace.org
| NetBIOS domain name: CTF
|_ System time: 2013-05-27T15:38:22-04:00
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
- Hop 1 is the same as for 192.168.1.2
2 0.86 ms 192.168.1.80
Nmap scan report for 192.168.1.117
Host is up (0.0011s latency).
Scanned at 2013-05-27 14:58:58 EDT for 103s
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.0p1 Debian 3ubuntu1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 1024 d6:6e:ac:6a:3a:45:9d:9d:9d:fc:97:e3:3a:9f:39:d1 (DSA)
| ssh-dss AAAAB3NzaC1kc3MAAACBANeimg5jeRW1iR79w8WEckuwHoKhPVpc4muMOC0aUgSJKvSxRuZk6cuTepH42zLDjdB3/F/7h+iOHhlj3pI6S4fF5Rq0A1zHavqwD406FX0ys6vZRbj7XoJfdLH2n7aEI6lwcNjCbqXC09OCRrCENjM4NZgLLx5/4TFtbXSYEdeVAAAAFQD9tgrUJg2Zfr/QM5UJbhF0GApEswAAAIEAl7ezliqWJ1c9FjmHXSaxLiFq56Ibg0aG7NRHkb1z1tEKfMZGD83YFBeP5gg8qB+3DHuASm0OOIW1vUvubKhopsw5fKdpjpGZFpsC/d5YVTZB7b2fxAOp5oSR8ZlsMgdxgteL3yKwqHV+fmoqGb2SkcgD7bhRk5y4Y+cih5gbZcQAAACAQWg09KCZuJFnPVne3UJMC2AlL95tM9LaDqRPqb1Z2qIbWxszetGm7WRLkoaZH6RF9iw6F6dqdJlosXv6zpuzomxb7gOtY4WL/nzqH44mmdhW2Xjq0hk2025I9Uq9V0BKmZlEyRFtqBcqyeEmNKMxkKrj/Hl5lGwWFoaM8hylIPQ=
| 2048 92:0c:09:f4:98:67:e1:45:c8:05:24:dd:bd:4a:eb:78 (RSA)
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDNQD6BQ33Aktt1VWdkwUH/fahNBCQLWgEwsds1nSRqzwvTI07pYUVaeFMXhRk0r7hbQrf7wCm3rKk3vulYtk86fseC1xF/MdiKMmHWiIBf7bxR8RdeLE7Cji8P1LwHAdXR2ltFVsLWKHdLVAt2Eq5tiS7Enk7PbiNRtDjZSPRSonKW6lY5i7Zj3Uwh0yosk/gs42Ln2HaJy3H8l8LOOwQyklLcMjtpIaTlCqlZFORt/FmzVgOdn2u4A2gHi0Gq6kqZd3K6+Sm3VR0h4vebYC5+ERsbbjgT2xz5JZlvgo2DFUa3WF3UvB+FKb/8Qfkl7ViFcyCZ51Qk3OiH5jEMZjR
| 256 93:98:38:45:a1:05:21:d2:e8:03:80:0b:e7:72:c5:92 (ECDSA)
|_ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFBB+tWncu7U7zGkzPqLxPTxwbH+ACtbhK3S0+BoP7DNu9/aDif7aUdd9gLmZQUaxe8wzjtHWH68CmHVwvnww9k=
80/tcp open http Apache httpd 2.2.22 ((Ubuntu))
|_http-methods: GET HEAD POST OPTIONS
| http-robots.txt: 1 disallowed entry
|_/
|_http-title: FreePBX
2000/tcp open cisco-sccp?
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.2
TCP/IP fingerprint:
OS:SCAN(V=6.25%E=4%D=5/27%OT=22%CT=1%CU=37027%PV=Y%DS=2%DC=T%G=N%TM=51A3AD7
OS:6%P=x86_64-apple-darwin12.3.0)SEQ(SP=105%GCD=1%ISR=107%TI=Z%II=I%TS=8)OP
OS:S(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST
OS:11NW7%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)EC
OS:N(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=
OS:AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD
OS:=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%R
OS:UCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Uptime guess: 0.787 days (since Sun May 26 20:08:00 2013)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
- Hop 1 is the same as for 192.168.1.2
2 0.85 ms 192.168.1.117
Nmap scan report for 192.168.1.213
Host is up (0.00096s latency).
Scanned at 2013-05-27 14:58:58 EDT for 104s
Not shown: 987 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd 5.0
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
25/tcp open smtp Microsoft ESMTP 5.0.2172.1
| smtp-commands: scada-dev.ctf.unallocatedspace.org Hello [172.16.105.106], AUTH GSSAPI NTLM LOGIN, AUTH=LOGIN, TURN, ATRN, SIZE 2097152, ETRN, PIPELINING, DSN, ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, OK,
|_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ATRN ETRN BDAT VRFY
80/tcp open http Microsoft IIS httpd 5.0
| http-methods: OPTIONS TRACE GET HEAD COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT POST MOVE MKCOL PROPPATCH
| Potentially risky methods: TRACE COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT MOVE MKCOL PROPPATCH
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Under Construction
119/tcp open nntp Microsoft NNTP Service 5.00.0984
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows 2000 microsoft-ds
563/tcp open snews?
1025/tcp open msrpc Microsoft Windows RPC
1026/tcp open msrpc Microsoft Windows RPC
1027/tcp open msrpc Microsoft Windows RPC
3372/tcp open msdtc Microsoft Distributed Transaction Coordinator
Device type: general purpose
Running: Microsoft Windows 7
OS CPE: cpe:/o:microsoft:windows_7
OS details: Microsoft Windows 7
TCP/IP fingerprint:
OS:SCAN(V=6.25%E=4%D=5/27%OT=21%CT=1%CU=35287%PV=Y%DS=2%DC=T%G=N%TM=51A3AD7
OS:6%P=x86_64-apple-darwin12.3.0)SEQ(SP=80%GCD=1%ISR=9A%TI=I%II=I%SS=S%TS=0
OS:)OPS(O1=M5B4NW0NNT00NNS%O2=M5B4NW0NNT00NNS%O3=M5B4NW0NNT00%O4=M5B4NW0NNT
OS:00NNS%O5=M5B4NW0NNT00NNS%O6=M5B4NNT00NNS)WIN(W1=4470%W2=41A0%W3=4100%W4=
OS:40E8%W5=40E8%W6=402E)ECN(R=Y%DF=Y%T=80%W=4470%O=M5B4NW0NNS%CC=N%Q=)T1(R=
OS:Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=N%T=80%
OS:W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=80%IPL=38%UN=0%
OS:RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=S%T=80%CD=Z)
Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=128 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: Host: scada-dev.ctf.unallocatedspace.org; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows
Host script results:
| nbstat:
| NetBIOS name: SCADA-DEV, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:a3:42:c0 (VMware)
| Names
| SCADA-DEV<00> Flags: <unique><active>
| SCADA-DEV<20> Flags: <unique><active>
| CTF<00> Flags: <group><active>
| SCADA-DEV<03> Flags: <unique><active>
| CTF<1e> Flags: <group><active>
| INet~Services<1c> Flags: <group><active>
| IS~SCADA-DEV<00> Flags: <unique><active>
| Statistics
| 00 0c 29 a3 42 c0 00 00 00 00 00 00 00 00 00 00
| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|_ 00 00 00 00 00 00 00 00 00 00 00 00 00 00
| p2p-conficker:
| Checking for Conficker.C or higher...
| Check 1 (port 29462/tcp): CLEAN (Couldn't connect)
| Check 2 (port 4176/tcp): CLEAN (Couldn't connect)
| | Check 3 (port 62292/udp): CLEAN (Failed to receive data)
| | Check 4 (port 5769/udp): CLEAN (Failed to receive data)
|_ 0/4 checks are positive: Host is CLEAN or ports are blocked
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
- Hop 1 is the same as for 192.168.1.2
2 0.83 ms 192.168.1.213
Nmap scan report for 192.168.1.214
Host is up (0.0064s latency).
Scanned at 2013-05-27 14:58:58 EDT for 132s
Not shown: 806 closed ports, 193 filtered ports
PORT STATE SERVICE VERSION
80/tcp open tcpwrapped
|_http-favicon: Unknown favicon MD5: 86C4F4F950DD8664AF572A874E9BDA6A
|_http-title: IP9258
Device type: router
Running (JUST GUESSING): Linksys embedded (87%)
OS fingerprint not ideal because: Timing level 5 (Insane) used
Aggressive OS guesses: Linksys BEFSR41 EtherFast router (87%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SCAN(V=6.25%E=4%D=5/27%OT=80%CT=1%CU=%PV=Y%DS=3%DC=T%G=N%TM=51A3AD76%P=x86_64-apple-darwin12.3.0)
SEQ(SP=28%GCD=A%ISR=64%TI=I%TS=U)
SEQ(SP=2F%GCD=A%ISR=65%TI=I%II=RI%SS=O%TS=U)
OPS(O1=M5BA%O2=M5BA%O3=M5BA%O4=M5BA%O5=M5BA%O6=M5BA)
WIN(W1=8000%W2=8000%W3=8000%W4=8000%W5=8000%W6=8000)
ECN(R=Y%DF=N%TG=FF%W=8000%O=M5BA%CC=N%Q=)
T1(R=Y%DF=N%TG=FF%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
T5(R=Y%DF=N%TG=FF%W=7A69%S=A%A=S+%F=AR%O=%RD=0%Q=)
T6(R=N)
T7(R=N)
U1(R=N)
IE(R=Y%DFI=S%TG=40%CD=S)
Network Distance: 3 hops
TCP Sequence Prediction: Difficulty=47 (Good luck!)
IP ID Sequence Generation: Incremental
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
- Hop 1 is the same as for 192.168.1.2
2 ...
3 4.09 ms 192.168.1.214
Nmap scan report for 192.168.1.254
Host is up.
All 1000 scanned ports on 192.168.1.254 are filtered
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SCAN(V=6.25%E=4%D=5/27%OT=%CT=%CU=%PV=Y%DC=I%G=N%TM=51A3AD76%P=x86_64-apple-darwin12.3.0)
U1(R=N)
IE(R=N)
TRACEROUTE (using proto 1/icmp)
HOP RTT ADDRESS
1 ... 30
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 2) scan.
Initiating NSE at 15:01
Completed NSE at 15:01, 0.00s elapsed
NSE: Starting runlevel 2 (of 2) scan.
Post-scan script results:
| ssh-hostkey: Possible duplicate hosts
| Key 2048 a8:7b:41:d2:d6:47:57:e7:ba:05:6b:7a:c4:f2:3f:54 (RSA) used by:
| 192.168.1.2
| 192.168.1.79
| Key 1024 b8:14:6e:b5:2d:c1:8e:56:12:e5:5c:73:b2:03:9c:f4 (DSA) used by:
| 192.168.1.2
| 192.168.1.79
| Key 256 d7:d8:13:94:93:2f:e5:d8:d6:9c:54:e2:5b:63:ee:48 (ECDSA) used by:
| 192.168.1.2
|_ 192.168.1.79
Read data files from: /opt/boxen/homebrew/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 8 IP addresses (8 hosts up) scanned in 132.93 seconds
Raw packets sent: 446 (32.768KB) | Rcvd: 1605 (153.140KB)
~ ⮀
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment