For this week’s post I’m continuing to focus on my NMAP scans on the University’s virtual environment set up by the professor.
As stated last week I found a machine on IP: 192.168.33.2 with port 22 open using:
sudo nmap -n --scan-delay 1s -vvv -PN -p22 192.168.33.2-100
Wanting to investigate this machine further, I performed an OS scan using:
sudo nmap -PN -A 192.168.33.2
This revealed:
Running (JUST GUESSING) : FreeBSD 5.x|6.X (90%)
Aggressive OS guesses: FreeBSD 5.4 or 5.5 (x86) (90%), FreeBSD 6.1-RELEASE through 6.2-BETA3 (x86) (88%), FreeNAS 0.671 (runs FreeBSD 6.1-STABLE) (87%)
Earlier in the week I found a machine with port 80 open using:
sudo nmap -n --scan-delay 1s -vvv -PN -p80 192.168.33.2-100
But, another scan this evening, (at around 7:56pm), did not reveal any machines with port 80 open. This may be due to packet loss though we’ve been informed that the web server is not very stable so it may be down at the moment. I'm not completely convinced this is due to packet loss because a ‘w’ command reveals only about 8 other scans being performed at the moment.
We were informed that there is “probably” at least one windows machine on the network, so I decided to search for it with the command:
sudo nmap -n --scan-delay 1s -vvv -PN -p135,139,445 192.168.33.2-100
NMAP returned with:
Host: 192.168.33.40 () Ports: 135/open/tcp//msrpc///, 139/open/tcp//netbios-ss\
n///, 445/open/tcp//microsoft-ds///
The 135 open TCP port tells me this is *probably* a windows machine.
After running:
Sudo nmap –n –PN –A 192.168.33.40
NMAP returned with:
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
Device type: general purpose
Running (JUST GUESSING) : Microsoft Windows 2000|2003|XP (98%)
Aggressive OS guesses: Microsoft Windows 2000 SP4 (98%), Microsoft Windows Server 2003 Enterprise Edition 64-Bit SP1 (95%), Microsoft Windows 2000 Server SP4 (94%), Microsoft Windows XP SP2 (94%), Microsoft Windows XP SP2 (firewall disabled) (94%), Microsoft Windows 2000 SP3 (92%), Microsoft Windows 2000, SP0, SP1, or SP2 (92%), Microsoft Windows 2003 Server SP1 (91%)
Service Info: OS: Windows
After learning from other students in the class, (and from the professor), that there are 4 machines on the subnet, I decided to perform additional scans to try and locate the 4th machine. Another student in the class tipped me off that I should try scans other than SYN scans…so, after performing FIN,Xmas tree and Null scans, I found:
Host 192.168.33.22 appears to be up ... good.
Interesting ports on 192.168.33.22:
Not shown: 1694 closed ports
PORT STATE SERVICE
22/tcp open|filtered ssh
80/tcp open|filtered http
111/tcp open|filtered rpcbind
At this point I *believe* I’ve located everything on the subnet, though I’m going to continue scanning with different switches to see if anything else pops up. I’m also really enjoying using nmap, I think I’ll use it at work just to see what I can find….just kidding, of course =)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment