Monday, 29 July 2013

Operating systen & Version detection with NMAP-ii


Operating systen & Version detection with NMAP
these options can help us to gain more information about target. Most widely used function is operating system identification [-o] , used to identify O Srunning on the target machine.
msf > nmap -O 192.168.2.108
[*] exec: nmap -O 192.168.2.108
Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-29 18:18 IST
Nmap scan report for 192.168.2.108
Host is up (0.013s latency).
Not shown: 986 closed ports
PORT STATE SERVICE
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1688/tcp open nsjtp-data
2869/tcp open icslap
3306/tcp open mysql
5357/tcp open wsdapi
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49157/tcp open unknown
49158/tcp open unknown
MAC Address: 7C:E9:D3:34:4A:40 (Hon Hai Precision Ind. Co.)
Device type: general purpose
Running: Microsoft Windows 7|2008
OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
Network Distance: 1 hop


OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3.53 seconds


the other widely used Nmap option is version detection (-sV) of different open ports on the target. It can be mixxed with any of the scan types.
msf > nmap -sT -sV 192.168.2.105
[*] exec: nmap -sT -sV 192.168.2.105
Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-29 18:39 IST
Nmap scan report for 192.168.2.105
Host is up (0.019s latency).
Not shown: 996 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp?
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port21-TCP:V=6.25%I=7%D=7/29%Time=51F6698B%P=x86_64-unknown-linux-gnu%r
SF:(NULL,17,"220\x20220\x20RMNetwork\x20FTP\r\n");
MAC Address: 00:03:47:62:8A:9E (Intel)
Service Info: Host: 220; OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.67 seconds


on No comments:

Port scanning with NMAP-1


Port scanning with NMAP
port scanning is active information gathering technique. Namp is used for port scanning & we will analyze the various scan techniques in detail./
Nmap provides lots of different modes for scanning the target machines. Here we will focus on four scans types namelt TCP connect scan , SYN Stealth scan , UDP scan and ACK scan. Let us move ahead and start vthe scanning process.
TCP connect scan :- is a basic & default scan of nmp. It follow three way handshake process to detect ports of target. Lets perform this to scan :-
root@debian:~# nmap -sT -p1-10000 192.168.2.46


Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-29 13:34 IST
Nmap scan report for 192.168.2.46
Host is up (0.0015s latency).
Not shown: 9997 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 20:CF:30:CB:29:45 (Asustek Computer)
Nmap done: 1 IP address (1 host up) scanned in 37.50 seconds
-sT parameter denotes that we want to perform TCP connect scan
-p parameter showa the rangr of ports we want to scan.
SYN scan :- is considered as stealth scanning as it never forms a complete sconnection between the target and scanner. It is also called half open scanning.
root@debian:~# nmap -sS 192.168.2.46


Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-29 13:46 IST
Nmap scan report for 192.168.2.46
Host is up (0.00061s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 20:CF:30:CB:29:45 (Asustek Computer)


Nmap done: 1 IP address (1 host up) scanned in 17.80 seconds
UDP scan :- is the techniques to identify open UDP ports on target.0-byte UDP packets are sent to the target & the recipient ofan ICMP port unreachable message shows the port is closed other wise considered open.
root@debian:~# nmap -sU 192.168.2.46


Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-29 13:52 IST
Nmap scan report for 192.168.2.46
Host is up (0.00065s latency).
Not shown: 999 open|filtered ports
PORT STATE SERVICE
137/udp open netbios-ns
MAC Address: 20:CF:30:CB:29:45 (Asustek Computer)


Nmap done: 1 IP address (1 host up) scanned in 19.53 seconds
ACK scan:- is a special scan which tells which ports are filtered or unfiltered by a firewall. It operates by sending TCP ACK frames to a remote port. If there is no response then it considered to be a filtered port. If the target returns an RST packet then the port is considered to be unfiltered port.
root@debian:~# nmap -sA 192.168.2.46


Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-29 13:57 IST
Nmap scan report for 192.168.2.46
Host is up (0.00020s latency).
All 1000 scanned ports on 192.168.2.46 are filtered
MAC Address: 20:CF:30:CB:29:45 (Asustek Computer)


Nmap done: 1 IP address (1 host up) scanned in 34.15 seconds
on No comments:
Subscribe to: Posts (Atom)