Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Starting Nmap 6.25 ( http://nmap.org ) at 2014-10-02 08:12 EDT
- NSE: Loaded 106 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating ARP Ping Scan at 08:12
- Scanning 167 hosts [1 port/host]
- Completed ARP Ping Scan at 08:12, 1.29s elapsed (167 total hosts)
- Initiating Parallel DNS resolution of 167 hosts. at 08:12
- Completed Parallel DNS resolution of 167 hosts. at 08:12, 4.00s elapsed
- Nmap scan report for 192.168.1.0 [host down]
- Nmap scan report for 192.168.1.2 [host down]
- Nmap scan report for 192.168.1.3 [host down]
- Nmap scan report for 192.168.1.4 [host down]
- Nmap scan report for 192.168.1.6 [host down]
- Nmap scan report for 192.168.1.7 [host down]
- Nmap scan report for 192.168.1.9 [host down]
- Nmap scan report for 192.168.1.10 [host down]
- Nmap scan report for 192.168.1.11 [host down]
- Nmap scan report for 192.168.1.12 [host down]
- Nmap scan report for 192.168.1.14 [host down]
- Nmap scan report for 192.168.1.15 [host down]
- Nmap scan report for 192.168.1.16 [host down]
- Nmap scan report for 192.168.1.17 [host down]
- Nmap scan report for 192.168.1.18 [host down]
- Nmap scan report for 192.168.1.19 [host down]
- Nmap scan report for 192.168.1.20 [host down]
- Nmap scan report for 192.168.1.21 [host down]
- Nmap scan report for 192.168.1.22 [host down]
- Nmap scan report for 192.168.1.23 [host down]
- Nmap scan report for 192.168.1.24 [host down]
- Nmap scan report for 192.168.1.26 [host down]
- Nmap scan report for 192.168.1.27 [host down]
- Nmap scan report for 192.168.1.28 [host down]
- Nmap scan report for 192.168.1.29 [host down]
- Nmap scan report for 192.168.1.33 [host down]
- Nmap scan report for 192.168.1.34 [host down]
- Nmap scan report for 192.168.1.36 [host down]
- Nmap scan report for 192.168.1.37 [host down]
- Nmap scan report for 192.168.1.38 [host down]
- Nmap scan report for 192.168.1.39 [host down]
- Nmap scan report for 192.168.1.41 [host down]
- Nmap scan report for 192.168.1.42 [host down]
- Nmap scan report for 192.168.1.43 [host down]
- Nmap scan report for 192.168.1.44 [host down]
- Nmap scan report for 192.168.1.46 [host down]
- Nmap scan report for 192.168.1.47 [host down]
- Nmap scan report for 192.168.1.48 [host down]
- Nmap scan report for 192.168.1.49 [host down]
- Nmap scan report for 192.168.1.51 [host down]
- Nmap scan report for 192.168.1.52 [host down]
- Nmap scan report for 192.168.1.53 [host down]
- Nmap scan report for 192.168.1.54 [host down]
- Nmap scan report for 192.168.1.55 [host down]
- Nmap scan report for 192.168.1.56 [host down]
- Nmap scan report for 192.168.1.57 [host down]
- Nmap scan report for 192.168.1.58 [host down]
- Nmap scan report for 192.168.1.59 [host down]
- Nmap scan report for 192.168.1.60 [host down]
- Nmap scan report for 192.168.1.61 [host down]
- Nmap scan report for 192.168.1.62 [host down]
- Nmap scan report for 192.168.1.63 [host down]
- Nmap scan report for 192.168.1.64 [host down]
- Nmap scan report for 192.168.1.65 [host down]
- Nmap scan report for 192.168.1.66 [host down]
- Nmap scan report for 192.168.1.67 [host down]
- Nmap scan report for 192.168.1.68 [host down]
- Nmap scan report for 192.168.1.69 [host down]
- Nmap scan report for 192.168.1.70 [host down]
- Nmap scan report for 192.168.1.71 [host down]
- Nmap scan report for 192.168.1.72 [host down]
- Nmap scan report for 192.168.1.73 [host down]
- Nmap scan report for 192.168.1.74 [host down]
- Nmap scan report for 192.168.1.75 [host down]
- Nmap scan report for 192.168.1.76 [host down]
- Nmap scan report for 192.168.1.77 [host down]
- Nmap scan report for 192.168.1.78 [host down]
- Nmap scan report for 192.168.1.79 [host down]
- Nmap scan report for 192.168.1.80 [host down]
- Nmap scan report for 192.168.1.82 [host down]
- Nmap scan report for 192.168.1.83 [host down]
- Nmap scan report for 192.168.1.87 [host down]
- Nmap scan report for 192.168.1.88 [host down]
- Nmap scan report for 192.168.1.89 [host down]
- Nmap scan report for 192.168.1.91 [host down]
- Nmap scan report for 192.168.1.92 [host down]
- Nmap scan report for 192.168.1.93 [host down]
- Nmap scan report for 192.168.1.94 [host down]
- Nmap scan report for 192.168.1.95 [host down]
- Nmap scan report for 192.168.1.96 [host down]
- Nmap scan report for 192.168.1.97 [host down]
- Nmap scan report for 192.168.1.98 [host down]
- Nmap scan report for 192.168.1.99 [host down]
- Nmap scan report for 192.168.1.100 [host down]
- Nmap scan report for 192.168.1.101 [host down]
- Nmap scan report for 192.168.1.102 [host down]
- Nmap scan report for 192.168.1.105 [host down]
- Nmap scan report for 192.168.1.106 [host down]
- Nmap scan report for 192.168.1.107 [host down]
- Nmap scan report for 192.168.1.108 [host down]
- Nmap scan report for 192.168.1.109 [host down]
- Nmap scan report for 192.168.1.110 [host down]
- Nmap scan report for 192.168.1.111 [host down]
- Nmap scan report for 192.168.1.113 [host down]
- Nmap scan report for 192.168.1.116 [host down]
- Nmap scan report for 192.168.1.119 [host down]
- Nmap scan report for 192.168.1.120 [host down]
- Nmap scan report for 192.168.1.122 [host down]
- Nmap scan report for 192.168.1.123 [host down]
- Nmap scan report for 192.168.1.124 [host down]
- Nmap scan report for 192.168.1.126 [host down]
- Nmap scan report for 192.168.1.128 [host down]
- Nmap scan report for 192.168.1.129 [host down]
- Nmap scan report for 192.168.1.130 [host down]
- Nmap scan report for 192.168.1.132 [host down]
- Nmap scan report for 192.168.1.133 [host down]
- Nmap scan report for 192.168.1.135 [host down]
- Nmap scan report for 192.168.1.137 [host down]
- Nmap scan report for 192.168.1.138 [host down]
- Nmap scan report for 192.168.1.139 [host down]
- Nmap scan report for 192.168.1.140 [host down]
- Nmap scan report for 192.168.1.141 [host down]
- Nmap scan report for 192.168.1.143 [host down]
- Nmap scan report for 192.168.1.144 [host down]
- Nmap scan report for 192.168.1.145 [host down]
- Nmap scan report for 192.168.1.146 [host down]
- Nmap scan report for 192.168.1.147 [host down]
- Nmap scan report for 192.168.1.148 [host down]
- Nmap scan report for 192.168.1.149 [host down]
- Nmap scan report for 192.168.1.150 [host down]
- Nmap scan report for 192.168.1.152 [host down]
- Nmap scan report for 192.168.1.153 [host down]
- Nmap scan report for 192.168.1.156 [host down]
- Nmap scan report for 192.168.1.158 [host down]
- Nmap scan report for 192.168.1.160 [host down]
- Nmap scan report for 192.168.1.161 [host down]
- Nmap scan report for 192.168.1.162 [host down]
- Nmap scan report for 192.168.1.164 [host down]
- Nmap scan report for 192.168.1.165 [host down]
- Initiating Parallel DNS resolution of 1 host. at 08:12
- Completed Parallel DNS resolution of 1 host. at 08:12, 0.00s elapsed
- Initiating SYN Stealth Scan at 08:12
- Scanning 38 hosts [1000 ports/host]
- Discovered open port 111/tcp on 192.168.1.5
- Discovered open port 111/tcp on 192.168.1.8
- Discovered open port 111/tcp on 192.168.1.31
- Discovered open port 111/tcp on 192.168.1.32
- Discovered open port 111/tcp on 192.168.1.40
- Discovered open port 111/tcp on 192.168.1.104
- Discovered open port 111/tcp on 192.168.1.103
- Discovered open port 111/tcp on 192.168.1.136
- Discovered open port 135/tcp on 192.168.1.25
- Discovered open port 135/tcp on 192.168.1.35
- Discovered open port 111/tcp on 192.168.1.50
- Discovered open port 135/tcp on 192.168.1.30
- Discovered open port 135/tcp on 192.168.1.84
- Discovered open port 135/tcp on 192.168.1.85
- Discovered open port 135/tcp on 192.168.1.86
- Discovered open port 135/tcp on 192.168.1.90
- Discovered open port 135/tcp on 192.168.1.118
- Discovered open port 135/tcp on 192.168.1.131
- Discovered open port 135/tcp on 192.168.1.125
- Discovered open port 135/tcp on 192.168.1.159
- Discovered open port 135/tcp on 192.168.1.157
- Discovered open port 445/tcp on 192.168.1.5
- Discovered open port 135/tcp on 192.168.1.163
- Discovered open port 445/tcp on 192.168.1.13
- Discovered open port 445/tcp on 192.168.1.25
- Discovered open port 445/tcp on 192.168.1.30
- Discovered open port 445/tcp on 192.168.1.32
- Discovered open port 445/tcp on 192.168.1.35
- Discovered open port 135/tcp on 192.168.1.81
- Discovered open port 445/tcp on 192.168.1.84
- Discovered open port 445/tcp on 192.168.1.85
- Discovered open port 445/tcp on 192.168.1.86
- Discovered open port 445/tcp on 192.168.1.90
- Discovered open port 445/tcp on 192.168.1.103
- Discovered open port 445/tcp on 192.168.1.104
- Discovered open port 445/tcp on 192.168.1.118
- Discovered open port 445/tcp on 192.168.1.131
- Discovered open port 445/tcp on 192.168.1.125
- Discovered open port 445/tcp on 192.168.1.136
- Discovered open port 445/tcp on 192.168.1.157
- Discovered open port 135/tcp on 192.168.1.154
- Discovered open port 445/tcp on 192.168.1.81
- Discovered open port 445/tcp on 192.168.1.159
- Discovered open port 445/tcp on 192.168.1.154
- Discovered open port 443/tcp on 192.168.1.5
- Discovered open port 443/tcp on 192.168.1.31
- Discovered open port 445/tcp on 192.168.1.163
- Discovered open port 443/tcp on 192.168.1.1
- Discovered open port 443/tcp on 192.168.1.166
- Discovered open port 443/tcp on 192.168.1.50
- Discovered open port 25/tcp on 192.168.1.103
- Discovered open port 25/tcp on 192.168.1.32
- Discovered open port 25/tcp on 192.168.1.104
- Discovered open port 25/tcp on 192.168.1.136
- Discovered open port 80/tcp on 192.168.1.8
- Discovered open port 80/tcp on 192.168.1.45
- Discovered open port 80/tcp on 192.168.1.103
- Discovered open port 80/tcp on 192.168.1.5
- Discovered open port 80/tcp on 192.168.1.31
- Discovered open port 80/tcp on 192.168.1.32
- Discovered open port 80/tcp on 192.168.1.35
- Discovered open port 80/tcp on 192.168.1.50
- Discovered open port 80/tcp on 192.168.1.104
- Discovered open port 80/tcp on 192.168.1.136
- Discovered open port 80/tcp on 192.168.1.166
- Discovered open port 80/tcp on 192.168.1.159
- Discovered open port 23/tcp on 192.168.1.103
- Discovered open port 23/tcp on 192.168.1.32
- Discovered open port 23/tcp on 192.168.1.104
- Discovered open port 23/tcp on 192.168.1.136
- Discovered open port 23/tcp on 192.168.1.166
- Discovered open port 3389/tcp on 192.168.1.35
- Discovered open port 3306/tcp on 192.168.1.103
- Discovered open port 3306/tcp on 192.168.1.32
- Discovered open port 3306/tcp on 192.168.1.104
- Discovered open port 3306/tcp on 192.168.1.136
- Discovered open port 5900/tcp on 192.168.1.103
- Discovered open port 5900/tcp on 192.168.1.32
- Discovered open port 5900/tcp on 192.168.1.104
- Discovered open port 5900/tcp on 192.168.1.136
- Discovered open port 22/tcp on 192.168.1.103
- Discovered open port 22/tcp on 192.168.1.5
- Discovered open port 22/tcp on 192.168.1.32
- Discovered open port 22/tcp on 192.168.1.45
- Discovered open port 22/tcp on 192.168.1.50
- Discovered open port 22/tcp on 192.168.1.104
- Discovered open port 22/tcp on 192.168.1.136
- Discovered open port 21/tcp on 192.168.1.103
- Discovered open port 21/tcp on 192.168.1.5
- Discovered open port 21/tcp on 192.168.1.32
- Discovered open port 21/tcp on 192.168.1.35
- Discovered open port 21/tcp on 192.168.1.104
- Discovered open port 139/tcp on 192.168.1.103
- Discovered open port 21/tcp on 192.168.1.136
- Discovered open port 139/tcp on 192.168.1.5
- Discovered open port 139/tcp on 192.168.1.32
- Discovered open port 139/tcp on 192.168.1.35
- Discovered open port 139/tcp on 192.168.1.104
- Discovered open port 53/tcp on 192.168.1.103
- Discovered open port 139/tcp on 192.168.1.125
- Discovered open port 139/tcp on 192.168.1.159
- Discovered open port 139/tcp on 192.168.1.136
- Discovered open port 139/tcp on 192.168.1.25
- Discovered open port 53/tcp on 192.168.1.32
- Discovered open port 53/tcp on 192.168.1.104
- Discovered open port 139/tcp on 192.168.1.131
- Discovered open port 53/tcp on 192.168.1.136
- Discovered open port 139/tcp on 192.168.1.13
- Discovered open port 53/tcp on 192.168.1.25
- Discovered open port 139/tcp on 192.168.1.163
- Discovered open port 139/tcp on 192.168.1.118
- Discovered open port 139/tcp on 192.168.1.154
- Discovered open port 1099/tcp on 192.168.1.103
- Discovered open port 1099/tcp on 192.168.1.32
- Discovered open port 1099/tcp on 192.168.1.104
- Discovered open port 1099/tcp on 192.168.1.136
- Discovered open port 2010/tcp on 192.168.1.35
- Discovered open port 49154/tcp on 192.168.1.159
- Discovered open port 49154/tcp on 192.168.1.25
- Discovered open port 49154/tcp on 192.168.1.125
- Discovered open port 49154/tcp on 192.168.1.154
- Discovered open port 49154/tcp on 192.168.1.163
- Discovered open port 49154/tcp on 192.168.1.35
- Discovered open port 49154/tcp on 192.168.1.131
- Discovered open port 49154/tcp on 192.168.1.118
- Discovered open port 49157/tcp on 192.168.1.159
- Discovered open port 49157/tcp on 192.168.1.125
- Discovered open port 49157/tcp on 192.168.1.163
- Discovered open port 49157/tcp on 192.168.1.25
- Discovered open port 49157/tcp on 192.168.1.35
- Discovered open port 49157/tcp on 192.168.1.118
- Discovered open port 5357/tcp on 192.168.1.159
- Discovered open port 5357/tcp on 192.168.1.125
- Discovered open port 512/tcp on 192.168.1.103
- Discovered open port 49157/tcp on 192.168.1.131
- Discovered open port 5357/tcp on 192.168.1.154
- Discovered open port 5357/tcp on 192.168.1.163
- Discovered open port 5357/tcp on 192.168.1.118
- Discovered open port 512/tcp on 192.168.1.32
- Discovered open port 512/tcp on 192.168.1.104
- Discovered open port 5357/tcp on 192.168.1.131
- Discovered open port 512/tcp on 192.168.1.136
- Discovered open port 80/tcp on 192.168.1.1
- Discovered open port 6667/tcp on 192.168.1.103
- Discovered open port 3389/tcp on 192.168.1.30
- Discovered open port 6667/tcp on 192.168.1.104
- Discovered open port 6667/tcp on 192.168.1.32
- Discovered open port 6667/tcp on 192.168.1.136
- Discovered open port 139/tcp on 192.168.1.30
- Discovered open port 139/tcp on 192.168.1.157
- Discovered open port 139/tcp on 192.168.1.81
- Discovered open port 139/tcp on 192.168.1.86
- Discovered open port 139/tcp on 192.168.1.90
- Discovered open port 3268/tcp on 192.168.1.25
- Discovered open port 139/tcp on 192.168.1.84
- Discovered open port 139/tcp on 192.168.1.85
- Discovered open port 8180/tcp on 192.168.1.103
- Discovered open port 8180/tcp on 192.168.1.32
- Discovered open port 8180/tcp on 192.168.1.104
- Discovered open port 8180/tcp on 192.168.1.136
- Discovered open port 514/tcp on 192.168.1.103
- Discovered open port 514/tcp on 192.168.1.32
- Discovered open port 514/tcp on 192.168.1.104
- Discovered open port 514/tcp on 192.168.1.136
- Discovered open port 49154/tcp on 192.168.1.157
- Discovered open port 8009/tcp on 192.168.1.103
- Discovered open port 8009/tcp on 192.168.1.32
- Discovered open port 8009/tcp on 192.168.1.104
- Discovered open port 8009/tcp on 192.168.1.136
- Discovered open port 548/tcp on 192.168.1.5
- Discovered open port 5357/tcp on 192.168.1.81
- Discovered open port 5357/tcp on 192.168.1.90
- Discovered open port 49153/tcp on 192.168.1.118
- Discovered open port 49153/tcp on 192.168.1.125
- Discovered open port 49153/tcp on 192.168.1.154
- Discovered open port 49153/tcp on 192.168.1.25
- Discovered open port 49153/tcp on 192.168.1.35
- Discovered open port 5357/tcp on 192.168.1.86
- Discovered open port 5357/tcp on 192.168.1.84
- Discovered open port 5357/tcp on 192.168.1.85
- Discovered open port 49153/tcp on 192.168.1.159
- Discovered open port 49153/tcp on 192.168.1.131
- Discovered open port 49153/tcp on 192.168.1.163
- Discovered open port 9100/tcp on 192.168.1.166
- Discovered open port 999/tcp on 192.168.1.125
- Discovered open port 636/tcp on 192.168.1.25
- Discovered open port 49158/tcp on 192.168.1.154
- Discovered open port 49158/tcp on 192.168.1.25
- Discovered open port 548/tcp on 192.168.1.13
- Discovered open port 2105/tcp on 192.168.1.35
- Discovered open port 6000/tcp on 192.168.1.103
- Discovered open port 6000/tcp on 192.168.1.32
- Discovered open port 6000/tcp on 192.168.1.104
- Discovered open port 6000/tcp on 192.168.1.136
- Discovered open port 49152/tcp on 192.168.1.118
- Discovered open port 49152/tcp on 192.168.1.25
- Discovered open port 515/tcp on 192.168.1.166
- Discovered open port 49152/tcp on 192.168.1.154
- Discovered open port 515/tcp on 192.168.1.5
- Discovered open port 49152/tcp on 192.168.1.125
- Discovered open port 49152/tcp on 192.168.1.35
- Discovered open port 49152/tcp on 192.168.1.131
- Discovered open port 49152/tcp on 192.168.1.159
- Discovered open port 49152/tcp on 192.168.1.163
- Discovered open port 5900/tcp on 192.168.1.117
- Discovered open port 8873/tcp on 192.168.1.5
- Discovered open port 5009/tcp on 192.168.1.13
- Discovered open port 2049/tcp on 192.168.1.32
- Discovered open port 2049/tcp on 192.168.1.103
- Discovered open port 2049/tcp on 192.168.1.104
- Discovered open port 2049/tcp on 192.168.1.136
- Discovered open port 3269/tcp on 192.168.1.25
- Discovered open port 1524/tcp on 192.168.1.32
- Discovered open port 2049/tcp on 192.168.1.5
- Discovered open port 5432/tcp on 192.168.1.32
- Discovered open port 1524/tcp on 192.168.1.103
- Discovered open port 1524/tcp on 192.168.1.104
- Discovered open port 5432/tcp on 192.168.1.103
- Discovered open port 5432/tcp on 192.168.1.104
- Discovered open port 1524/tcp on 192.168.1.136
- Discovered open port 5432/tcp on 192.168.1.136
- Discovered open port 49156/tcp on 192.168.1.159
- Discovered open port 49156/tcp on 192.168.1.35
- Discovered open port 49156/tcp on 192.168.1.163
- Discovered open port 49156/tcp on 192.168.1.125
- Discovered open port 22939/tcp on 192.168.1.5
- Discovered open port 49156/tcp on 192.168.1.154
- Discovered open port 49156/tcp on 192.168.1.131
- Discovered open port 49156/tcp on 192.168.1.118
- Discovered open port 49155/tcp on 192.168.1.25
- Discovered open port 49155/tcp on 192.168.1.163
- Discovered open port 49155/tcp on 192.168.1.35
- Discovered open port 49155/tcp on 192.168.1.159
- Discovered open port 49155/tcp on 192.168.1.125
- Discovered open port 49155/tcp on 192.168.1.154
- Discovered open port 49155/tcp on 192.168.1.131
- Discovered open port 49155/tcp on 192.168.1.118
- Discovered open port 873/tcp on 192.168.1.5
- Discovered open port 88/tcp on 192.168.1.25
- Discovered open port 464/tcp on 192.168.1.25
- Discovered open port 389/tcp on 192.168.1.25
- Discovered open port 280/tcp on 192.168.1.166
- Discovered open port 513/tcp on 192.168.1.104
- Discovered open port 513/tcp on 192.168.1.32
- Discovered open port 513/tcp on 192.168.1.103
- Discovered open port 513/tcp on 192.168.1.136
- Discovered open port 2121/tcp on 192.168.1.104
- Discovered open port 593/tcp on 192.168.1.25
- Discovered open port 2121/tcp on 192.168.1.32
- Discovered open port 2121/tcp on 192.168.1.103
- Discovered open port 2121/tcp on 192.168.1.136
- Discovered open port 2107/tcp on 192.168.1.35
- Discovered open port 1801/tcp on 192.168.1.35
- Discovered open port 2103/tcp on 192.168.1.35
- Discovered open port 1433/tcp on 192.168.1.35
- Completed SYN Stealth Scan against 192.168.1.104 in 15.42s (37 hosts left)
- Completed SYN Stealth Scan against 192.168.1.35 in 15.53s (36 hosts left)
- Discovered open port 49165/tcp on 192.168.1.25
- Completed SYN Stealth Scan against 192.168.1.50 in 15.55s (35 hosts left)
- Completed SYN Stealth Scan against 192.168.1.25 in 15.58s (34 hosts left)
- Completed SYN Stealth Scan against 192.168.1.45 in 15.58s (33 hosts left)
- Completed SYN Stealth Scan against 192.168.1.103 in 15.59s (32 hosts left)
- Completed SYN Stealth Scan against 192.168.1.127 in 15.59s (31 hosts left)
- Completed SYN Stealth Scan against 192.168.1.5 in 15.60s (30 hosts left)
- Completed SYN Stealth Scan against 192.168.1.8 in 15.60s (29 hosts left)
- Completed SYN Stealth Scan against 192.168.1.32 in 15.60s (28 hosts left)
- Completed SYN Stealth Scan against 192.168.1.166 in 15.60s (27 hosts left)
- Completed SYN Stealth Scan against 192.168.1.159 in 15.61s (26 hosts left)
- Completed SYN Stealth Scan against 192.168.1.125 in 15.63s (25 hosts left)
- Completed SYN Stealth Scan against 192.168.1.163 in 15.63s (24 hosts left)
- Completed SYN Stealth Scan against 192.168.1.112 in 15.64s (23 hosts left)
- Completed SYN Stealth Scan against 192.168.1.136 in 15.64s (22 hosts left)
- Completed SYN Stealth Scan against 192.168.1.155 in 15.64s (21 hosts left)
- Completed SYN Stealth Scan against 192.168.1.40 in 15.64s (20 hosts left)
- Completed SYN Stealth Scan against 192.168.1.118 in 15.67s (19 hosts left)
- Completed SYN Stealth Scan against 192.168.1.31 in 15.68s (18 hosts left)
- Completed SYN Stealth Scan against 192.168.1.154 in 15.68s (17 hosts left)
- Completed SYN Stealth Scan against 192.168.1.134 in 15.74s (16 hosts left)
- Completed SYN Stealth Scan against 192.168.1.142 in 15.76s (15 hosts left)
- Discovered open port 10000/tcp on 192.168.1.13
- Completed SYN Stealth Scan against 192.168.1.151 in 15.90s (14 hosts left)
- Completed SYN Stealth Scan against 192.168.1.114 in 15.93s (13 hosts left)
- Completed SYN Stealth Scan against 192.168.1.115 in 15.94s (12 hosts left)
- Completed SYN Stealth Scan against 192.168.1.121 in 20.83s (11 hosts left)
- Discovered open port 4445/tcp on 192.168.1.30
- Completed SYN Stealth Scan against 192.168.1.131 in 21.25s (10 hosts left)
- Completed SYN Stealth Scan against 192.168.1.13 in 22.21s (9 hosts left)
- Completed SYN Stealth Scan against 192.168.1.85 in 24.54s (8 hosts left)
- Completed SYN Stealth Scan against 192.168.1.1 in 24.98s (7 hosts left)
- Completed SYN Stealth Scan against 192.168.1.30 in 25.07s (6 hosts left)
- Completed SYN Stealth Scan against 192.168.1.84 in 25.24s (5 hosts left)
- Completed SYN Stealth Scan against 192.168.1.86 in 25.28s (4 hosts left)
- Completed SYN Stealth Scan against 192.168.1.90 in 25.39s (3 hosts left)
- Completed SYN Stealth Scan against 192.168.1.81 in 26.39s (2 hosts left)
- Completed SYN Stealth Scan against 192.168.1.157 in 26.50s (1 host left)
- Discovered open port 88/tcp on 192.168.1.117
- Completed SYN Stealth Scan at 08:12, 30.15s elapsed (38000 total ports)
- Initiating Service scan at 08:12
- Scanning 258 services on 38 hosts
- Service scan Timing: About 28.57% done; ETC: 08:14 (0:01:23 remaining)
- Service scan Timing: About 52.90% done; ETC: 08:15 (0:01:01 remaining)
- Service scan Timing: About 69.11% done; ETC: 08:15 (0:00:44 remaining)
- Completed Service scan at 08:16, 233.75s elapsed (259 services on 38 hosts)
- Initiating OS detection (try #1) against 38 hosts
- Retrying OS detection (try #2) against 15 hosts
- Retrying OS detection (try #3) against 4 hosts
- Retrying OS detection (try #4) against 4 hosts
- Retrying OS detection (try #5) against 4 hosts
- NSE: Script scanning 38 hosts.
- Initiating NSE at 08:17
- NSE Timing: About 44.32% done; ETC: 08:19 (0:00:59 remaining)
- NSE Timing: About 66.79% done; ETC: 08:19 (0:00:40 remaining)
- Completed NSE at 08:20, 166.01s elapsed
- Nmap scan report for valkyrie.cs2lab.edu (192.168.1.1)
- Host is up (0.0015s latency).
- Not shown: 998 filtered ports
- PORT STATE SERVICE VERSION
- 80/tcp open http lighttpd 1.4.32
- |_http-methods: No Allow or Public header in OPTIONS response (status code 301)
- |_http-title: Did not follow redirect to https://valkyrie.cs2lab.edu/
- 443/tcp open ssl/http lighttpd 1.4.32
- |_http-favicon: Unknown favicon MD5: 082559A7867CF27ACAB7E9867A8B320F
- |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
- |_http-title: Login
- | ssl-cert: Subject: commonName=Common Name (eg, YOUR name)/organizationName=CompanyName/stateOrProvinceName=Somewhere/countryName=US
- | Issuer: commonName=Common Name (eg, YOUR name)/organizationName=CompanyName/stateOrProvinceName=Somewhere/countryName=US
- | Public Key type: rsa
- | Public Key bits: 1024
- | Not valid before: 2011-08-31T14:53:37+00:00
- | Not valid after: 2017-02-20T15:53:37+00:00
- | MD5: 175c 123b 071b 5027 8548 0aa9 267b bdcf
- |_SHA-1: fbce 7749 3d0c cd0a 875f f3e2 053c 85f4 91fc 369e
- |_ssl-date: 2014-10-02T12:14:24+00:00; -3m00s from local time.
- MAC Address: 00:1B:21:C6:D5:37 (Intel Corporate)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: specialized|general purpose
- Running (JUST GUESSING): Comau embedded (92%), OpenBSD 4.X (85%)
- OS CPE: cpe:/o:openbsd:openbsd:4.0
- Aggressive OS guesses: Comau C4G robot control unit (92%), OpenBSD 4.0 (85%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 0.002 days (since Thu Oct 2 08:17:03 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: Randomized
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.47 ms valkyrie.cs2lab.edu (192.168.1.1)
- Nmap scan report for aegir.cs2lab.edu (192.168.1.5)
- Host is up (0.0036s latency).
- Not shown: 987 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp ProFTPD
- | ssl-cert: Subject: commonName=develop/organizationName=buffalo/stateOrProvinceName=Tokyo/countryName=JP
- | Issuer: commonName=develop/organizationName=BUFFALO INC./stateOrProvinceName=Tokyo/countryName=JP
- | Public Key type: rsa
- | Public Key bits: 1024
- | Not valid before: 2007-06-13T04:47:53+00:00
- | Not valid after: 2027-06-08T04:47:53+00:00
- | MD5: a416 afbd 5885 973d d174 e5f1 56ad fe3a
- |_SHA-1: 9533 2cdc a3d8 05a1 9f34 b948 7031 752b a19b 961f
- |_ssl-date: 2014-10-02T12:15:48+00:00; -2m59s from local time.
- 22/tcp open ssh OpenSSH 3.7.1p2 (protocol 2.0)
- |_ssh-hostkey: 1024 17:60:bb:44:2f:36:d8:df:6b:98:fb:63:7f:52:a7:a1 (RSA)
- 80/tcp open http lighttpd 1.4.23
- |_http-favicon: Unknown favicon MD5: F5C14C837BDDA57B96059D6819B114F9
- |_http-git: 0
- |_http-methods: OPTIONS GET HEAD POST
- |_http-title: Site doesn't have a title (text/html).
- 111/tcp open rpcbind 2 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2 111/tcp rpcbind
- | 100000 2 111/udp rpcbind
- | 100003 3 2049/tcp nfs
- | 100003 3 2049/udp nfs
- | 100005 1,3 2049/tcp mountd
- |_ 100005 1,3 2049/udp mountd
- 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
- 443/tcp open ssl/http lighttpd 1.4.23
- |_http-favicon: Unknown favicon MD5: F5C14C837BDDA57B96059D6819B114F9
- |_http-git: 0
- |_http-methods: OPTIONS GET HEAD POST
- |_http-title: Site doesn't have a title (text/html).
- | ssl-cert: Subject: commonName=develop/organizationName=buffalo/stateOrProvinceName=Tokyo/countryName=JP
- | Issuer: commonName=develop/organizationName=BUFFALO INC./stateOrProvinceName=Tokyo/countryName=JP
- | Public Key type: rsa
- | Public Key bits: 1024
- | Not valid before: 2007-06-13T04:47:53+00:00
- | Not valid after: 2027-06-08T04:47:53+00:00
- | MD5: a416 afbd 5885 973d d174 e5f1 56ad fe3a
- |_SHA-1: 9533 2cdc a3d8 05a1 9f34 b948 7031 752b a19b 961f
- |_ssl-date: 2014-10-02T12:16:26+00:00; -2m58s from local time.
- 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
- 515/tcp open printer
- 548/tcp open afp?
- | afp-serverinfo:
- | | Server Flags: 0x8379
- | | Super Client: Yes
- | | UUIDs: No
- | | UTF8 Server Name: Yes
- | | Open Directory: Yes
- | | Reconnect: No
- | | Server Notifications: Yes
- | | TCP/IP: Yes
- | | Server Signature: Yes
- | | ServerMessages: Yes
- | | Password Saving Prohibited: No
- | | Password Changing: No
- | |_ Copy File: Yes
- | Server Name: TS-QVHL17F
- | Machine Type: Netatalk
- | AFP Versions: AFPVersion 1.1, AFPVersion 2.0, AFPVersion 2.1, AFP2.2, AFPX03, AFP3.1, AFP3.2
- | UAMs: DHCAST128, Cleartxt Passwrd
- | Server Signature: 0105c0a8ffffffff0105c0a8ffffffff
- | Network Address 1: 192.168.1.5
- |_ UTF8 Server Name: TS-QVHL17F
- 873/tcp open rsync (protocol version 30)
- 2049/tcp open nfs 3 (RPC #100003)
- 8873/tcp open ssl/rsync (protocol version 30)
- 22939/tcp open ssl/unknown
- 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
- SF-Port548-TCP:V=6.25%I=7%D=10/2%Time=542D4155%P=i686-pc-linux-gnu%r(afp,1
- SF:C1,"\x01\x03\0\x01\0\0\0\0\0\0\x01\xb1\0\0\0\0\0\x1e\0'\0q\0\x8d\x83y\n
- SF:TS-QVHL17F\0\x01\x8d\x01\x9d\x01\xa4\x01\xa5\x08Netatalk\x07\x0eAFPVers
- SF:ion\x201\.1\x0eAFPVersion\x202\.0\x0eAFPVersion\x202\.1\x06AFP2\.2\x06A
- SF:FPX03\x06AFP3\.1\x06AFP3\.2\x02\tDHCAST128\x10Cleartxt\x20Passwrd0\0\x8
- SF:f\xf8\xcc\x01H\x0c\xb32\(\n\x8c\xcc\|\x0f\x83\x02\xff\x01\x80\xc3\xc3\x
- SF:81\x803\xe3\xc1\x80\x0b\xd3\xc1\x80\x0b\xb1a\x80\x0b\xe0\xe1\x80\x0b\xe
- SF:1\xe1\x80\x0b\xd1\xe1\xc0\n\xc0\xe1p\x0bx\xc1\x1c\x0by\xc1\x17\x0b3\xff
- SF:!\xcb\xff\xc4@\x7f\xff\x02\x80\x1e\0\x01\xff\xff\xff\xff\x80\0\0\x01\xf
- SF:f\xff\xff\xff\0\x02\x80\0\0\x02\x80\0\0\x07\xc0\0\0\x04@\0\0\x04@\0\0\x
- SF:07\xc0\0\0\x05@\0\x0f\xf9\?\xfc\0\x02\x80\0\x0f\xfc\x7f\xfc0\0\x8f\xf8\
- SF:xfc\x01\xcf\xfc\xff3\xef\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf
- SF:f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x
- SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\xff\x1f\xff\
- SF:xff\xff\x1f\xff\xff\xff\?\xff\xff\xfc\x7f\xff\xff\xfe\xff\xff\xff\xff\x
- SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x03\x80\0\0\x03\x80\0\
- SF:0\x07\xc0\0\0\x07\xc0\0\0\x07\xc0\0\0\x07\xc0\0\0\x07\xc0\0\xff\xff\xff
- SF:\xff\?\xfe\xff\xff\xff\xfc\x7f\xff\x01\x05\xc0\xa8\xff\xff\xff\xff\x01\
- SF:x05\xc0\xa8\xff\xff\xff\xff\x01\x06\x01\xc0\xa8\x01\x05\0\0\nTS-QVHL17F
- SF:");
- MAC Address: 4C:E6:76:1F:41:7F (Buffalo)
- Device type: general purpose
- Running: Linux 2.6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.6
- OS details: Linux 2.6.24 - 2.6.36
- Uptime guess: 8.250 days (since Wed Sep 24 02:20:50 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=203 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: Host: 192.168.1.5; OS: Unix
- Host script results:
- | nbstat:
- | NetBIOS name: TS-QVHL17F, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
- | Names
- | TS-QVHL17F<00> Flags: <unique><active>
- | TS-QVHL17F<03> Flags: <unique><active>
- | TS-QVHL17F<20> Flags: <unique><active>
- | \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
- | WORKGROUP<1d> Flags: <unique><active>
- | WORKGROUP<1e> Flags: <group><active>
- |_ WORKGROUP<00> Flags: <group><active>
- | smb-os-discovery:
- | OS: Unix (Samba 3.0.30-1.4.osstech)
- | Computer name: TS-QVHL17F
- | NetBIOS computer name:
- | Domain name:
- | FQDN: TS-QVHL17F
- |_ System time: 2014-10-02T14:14:22+02:00
- | smb-security-mode:
- | Account that was used for smb scripts: <blank>
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server doesn't support SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 3.59 ms aegir.cs2lab.edu (192.168.1.5)
- Nmap scan report for heimdall.cs2lab.edu (192.168.1.8)
- Host is up (0.0010s latency).
- Not shown: 998 closed ports
- PORT STATE SERVICE VERSION
- 80/tcp open http?
- |_http-methods: POST OPTIONS GET HEAD
- |_http-title: Site doesn't have a title (text/html).
- 111/tcp open rpcbind 2-4 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2,3,4 111/tcp rpcbind
- | 100000 2,3,4 111/udp rpcbind
- | 100024 1 43601/tcp status
- |_ 100024 1 44822/udp status
- 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
- SF-Port80-TCP:V=6.25%I=7%D=10/2%Time=542D4150%P=i686-pc-linux-gnu%r(GetReq
- SF:uest,214,"HTTP/1\.1\x20200\x20OK\r\nDate:\x20Thu,\x2002\x20Oct\x202014\
- SF:x2012:10:05\x20GMT\r\nServer:\x20Apache\r\nLast-Modified:\x20Tue,\x2009
- SF:\x20Sep\x202014\x2010:42:34\x20GMT\r\nETag:\x20\"5eb33-b1-5029f97dbf6ab
- SF:\"\r\nAccept-Ranges:\x20bytes\r\nContent-Length:\x20177\r\nVary:\x20Acc
- SF:ept-Encoding\r\nX-Content-Type-Options:\x20nosniff\r\nX-XSS-Protection:
- SF:\x201;\x20mode=block\r\nX-Frame-Options:\x20sameorigin\r\nConnection:\x
- SF:20close\r\nContent-Type:\x20text/html\r\n\r\n<html><body><h1>It\x20work
- SF:s!</h1>\n<p>This\x20is\x20the\x20default\x20web\x20page\x20for\x20this\
- SF:x20server\.</p>\n<p>The\x20web\x20server\x20software\x20is\x20running\x
- SF:20but\x20no\x20content\x20has\x20been\x20added,\x20yet\.</p>\n</body></
- SF:html>\n")%r(HTTPOptions,11B,"HTTP/1\.1\x20200\x20OK\r\nDate:\x20Thu,\x2
- SF:002\x20Oct\x202014\x2012:10:05\x20GMT\r\nServer:\x20Apache\r\nAllow:\x2
- SF:0POST,OPTIONS,GET,HEAD\r\nVary:\x20Accept-Encoding\r\nX-Content-Type-Op
- SF:tions:\x20nosniff\r\nX-XSS-Protection:\x201;\x20mode=block\r\nX-Frame-O
- SF:ptions:\x20sameorigin\r\nContent-Length:\x200\r\nConnection:\x20close\r
- SF:\nContent-Type:\x20text/html\r\n\r\n")%r(RTSPRequest,11B,"HTTP/1\.1\x20
- SF:200\x20OK\r\nDate:\x20Thu,\x2002\x20Oct\x202014\x2012:10:05\x20GMT\r\nS
- SF:erver:\x20Apache\r\nAllow:\x20POST,OPTIONS,GET,HEAD\r\nVary:\x20Accept-
- SF:Encoding\r\nX-Content-Type-Options:\x20nosniff\r\nX-XSS-Protection:\x20
- SF:1;\x20mode=block\r\nX-Frame-Options:\x20sameorigin\r\nContent-Length:\x
- SF:200\r\nConnection:\x20close\r\nContent-Type:\x20text/html\r\n\r\n")%r(F
- SF:ourOhFourRequest,19C,"HTTP/1\.1\x20404\x20Not\x20Found\r\nDate:\x20Thu,
- SF:\x2002\x20Oct\x202014\x2012:10:10\x20GMT\r\nServer:\x20Apache\r\nVary:\
- SF:x20Accept-Encoding\r\nContent-Length:\x20225\r\nConnection:\x20close\r\
- SF:nContent-Type:\x20text/html;\x20charset=iso-8859-1\r\n\r\n<!DOCTYPE\x20
- SF:HTML\x20PUBLIC\x20\"-//IETF//DTD\x20HTML\x202\.0//EN\">\n<html><head>\n
- SF:<title>404\x20Not\x20Found</title>\n</head><body>\n<h1>Not\x20Found</h1
- SF:>\n<p>The\x20requested\x20URL\x20/nice\x20ports,/Trinity\.txt\.bak\x20w
- SF:as\x20not\x20found\x20on\x20this\x20server\.</p>\n</body></html>\n");
- MAC Address: 32:00:BA:EC:01:9D (Unknown)
- No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=6.25%E=4%D=10/2%OT=80%CT=1%CU=35158%PV=Y%DS=1%DC=D%G=Y%M=3200BA%T
- OS:M=542D42F7%P=i686-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=10D%TI=Z%CI=I%II=I%T
- OS:S=8)OPS(O1=M5B4ST11NW4%O2=M5B4ST11NW4%O3=M5B4NNT11NW4%O4=M5B4ST11NW4%O5=
- OS:M5B4ST11NW4%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3
- OS:890)ECN(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW4%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A
- OS:=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%
- OS:Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=
- OS:A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=
- OS:Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%
- OS:T=40%CD=S)
- Uptime guess: 6.881 days (since Thu Sep 25 11:11:59 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=262 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.03 ms heimdall.cs2lab.edu (192.168.1.8)
- Nmap scan report for tc-eth.cs2lab.edu (192.168.1.13)
- Host is up (0.0032s latency).
- Not shown: 995 closed ports
- PORT STATE SERVICE VERSION
- 139/tcp open netbios-ssn?
- 445/tcp open netbios-ssn
- 548/tcp open afp Apple Time Capsule AFP (name: cs2labs-time-capsule; protocol 3.3)
- | afp-serverinfo:
- | | Server Flags: 0x8ffb
- | | Super Client: Yes
- | | UUIDs: Yes
- | | UTF8 Server Name: Yes
- | | Open Directory: Yes
- | | Reconnect: Yes
- | | Server Notifications: Yes
- | | TCP/IP: Yes
- | | Server Signature: Yes
- | | ServerMessages: Yes
- | | Password Saving Prohibited: No
- | | Password Changing: Yes
- | |_ Copy File: Yes
- | Server Name: cs2labs-time-capsule
- | Machine Type: TimeCapsule6,113
- | AFP Versions: AFP3.3, AFP3.2, AFP3.1
- | UAMs: DHCAST128, DHX2, SRP, Recon1
- | Server Signature: 3646393439314b33415150007369672d
- | Network Address 1: [fe80:0009:0000:0000:0226:bbff:fe6e:76a8]:548
- | Network Address 2: nil
- |_ UTF8 Server Name: CS2Lab's Time Capsule
- 5009/tcp open airport-admin Apple AirPort or Time Capsule admin
- 10000/tcp open snet-sensor-mgmt?
- | ndmp-version:
- |_ ERROR: Failed to get host information from server
- MAC Address: 00:26:BB:6E:76:A8 (Apple)
- Device type: WAP|storage-misc|general purpose
- Running: Apple NetBSD 4.X, QNX 6.X
- OS CPE: cpe:/h:apple:airport_extreme cpe:/o:apple:netbsd:4 cpe:/o:qnx:qnx:6
- OS details: Apple AirPort Extreme WAP or Time Capsule NAS device (NetBSD 4.99), or QNX 6.5.0
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=206 (Good luck!)
- IP ID Sequence Generation: Incremental
- Host script results:
- | nbstat:
- | NetBIOS name: CS2LABS-TIME-CA, NetBIOS user: <unknown>, NetBIOS MAC: 00:26:bb:6e:76:a8 (Apple)
- | Names
- | CS2LABS-TIME-CA<00> Flags: <unique><active><permanent>
- | WORKGROUP<00> Flags: <group><active><permanent>
- |_ CS2LABS-TIME-CA<20> Flags: <unique><active><permanent>
- | smb-os-discovery:
- | OS: Apple Base Station (CIFS 4.32)
- | NetBIOS computer name:
- | Workgroup:
- |_ System time: 2014-10-02T08:15:50+02:00
- | smb-security-mode:
- | Account that was used for smb scripts: guest
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server doesn't support SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 3.15 ms tc-eth.cs2lab.edu (192.168.1.13)
- Nmap scan report for ragnarok.cs2lab.edu (192.168.1.25)
- Host is up (0.0042s latency).
- Not shown: 982 closed ports
- PORT STATE SERVICE VERSION
- 53/tcp open domain Microsoft DNS 6.1.7601
- | dns-nsid:
- |_ bind.version: Microsoft DNS 6.1.7601 (1DB1446A) (checked)
- 88/tcp open kerberos-sec Windows 2003 Kerberos (server time: 2014-10-02 12:10:04Z)
- 135/tcp open msrpc?
- 139/tcp open netbios-ssn
- 389/tcp open ldap
- 445/tcp open netbios-ssn
- 464/tcp open kpasswd5?
- 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
- 636/tcp open tcpwrapped
- 3268/tcp open ldap
- 3269/tcp open tcpwrapped
- 49152/tcp open unknown
- 49153/tcp open unknown
- 49154/tcp open unknown
- 49155/tcp open unknown
- 49157/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
- 49158/tcp open unknown
- 49165/tcp open unknown
- MAC Address: BE:9D:9F:DA:67:2D (Unknown)
- Device type: general purpose
- Running: Microsoft Windows 2008
- OS CPE: cpe:/o:microsoft:windows_server_2008::sp2
- OS details: Microsoft Windows Server 2008 SP2
- Uptime guess: 49.673 days (since Wed Aug 13 16:11:29 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | nbstat:
- | NetBIOS name: RAGNAROK, NetBIOS user: <unknown>, NetBIOS MAC: be:9d:9f:da:67:2d (unknown)
- | Names
- | RAGNAROK<00> Flags: <unique><active>
- | CS2LAB<00> Flags: <group><active>
- | CS2LAB<1c> Flags: <group><active>
- | RAGNAROK<20> Flags: <unique><active>
- |_ CS2LAB<1b> Flags: <unique><active>
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 4.18 ms ragnarok.cs2lab.edu (192.168.1.25)
- Nmap scan report for loki.cs2lab.edu (192.168.1.30)
- Host is up (0.0051s latency).
- Not shown: 995 filtered ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 3389/tcp open ms-wbt-server?
- 4445/tcp open upnotifyp?
- 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
- SF-Port4445-TCP:V=6.25%I=7%D=10/2%Time=542D4160%P=i686-pc-linux-gnu%r(GetR
- SF:equest,60,"\xaa\x0f\xd2\xf2`\0\0\0\0\0\0\0\xde\x02_\x1c#8o\x12\0\0\0\0\
- SF:0\0\0\0\x01\0\0\0\"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\nInva
- SF:lid\x20header\x20checksum\n\n\x20\0h\0e\0a\0d\0e\0r\0")%r(HTTPOptions,6
- SF:0,"\xd1\x10NM`\0\0\0\0\0\0\0\xdd\x01I\x13\xa7\(\xb5\x7f\0\0\0\0\0\0\0\0
- SF:\x01\0\0\0\"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\nInvalid\x20
- SF:header\x20checksum\n\n\x20\0h\0e\0a\0d\0e\0r\0")%r(RTSPRequest,60,"B\x1
- SF:1\x17o`\0\0\0\0\0\0\0:\x01\xac\x0b\x1f\xfcq\xe8\0\0\0\0\0\0\0\0\x01\0\0
- SF:\0\"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\nInvalid\x20header\x
- SF:20checksum\n\n\x20\0h\0e\0a\0d\0e\0r\0")%r(RPCCheck,60,"\n\x11\x99\]`\0
- SF:\0\0\0\0\0\0r\x01~\r\)Y\xf3\xc7\0\0\0\0\0\0\0\0\x01\0\0\0\"\0\0\0\xe4\x
- SF:04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\nInvalid\x20header\x20checksum\n\n\x
- SF:20\0h\0e\0a\0d\0e\0r\0")%r(DNSVersionBindReq,60,"\x9b\x10\x04>`\0\0\0\0
- SF:\0\0\0N\x01V\r\xf3J\x81\x0f\0\0\0\0\0\0\0\0\x01\0\0\0\"\0\0\0\xe4\x04\0
- SF:\0\0\0\0\0\0\0\0\x001\nmain\nn\nInvalid\x20header\x20checksum\n\n\x20\0
- SF:h\0e\0a\0d\0e\0r\0")%r(SSLSessionReq,60,"\xa8\x10\nA`\0\0\0\0\0\0\0d\x0
- SF:1I\x0eN\xe5WP\0\0\0\0\0\0\0\0\x01\0\0\0\"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0
- SF:\0\x001\nmain\nn\nInvalid\x20header\x20checksum\n\n\x20\0h\0e\0a\0d\0e\
- SF:0r\0")%r(Kerberos,60,"\xc5\x0f@\xfb`\0\0\0\0\0\0\0p\x02@\x18\)Xl\n\0\0\
- SF:0\0\0\0\0\0\x01\0\0\0\"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\n
- SF:Invalid\x20header\x20checksum\n\n\x20\0h\0e\0a\0d\0e\0r\0")%r(SMBProgNe
- SF:g,60,"9\x11\xe1m`\0\0\0\0\0\0\0\xf9\x01\x12\x13\xd3\xa2\x88n\0\0\0\0\0\
- SF:0\0\0\x01\0\0\0\"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\nInvali
- SF:d\x20header\x20checksum\n\n\x20\0h\0e\0a\0d\0e\0r\0")%r(FourOhFourReque
- SF:st,60,"\xdc\x10\x92P`\0\0\0\0\0\0\0/\x02\x90\x16\x8d>\xccw\0\0\0\0\0\0\
- SF:0\0\x01\0\0\0\"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\nInvalid\
- SF:x20header\x20checksum\n\n\x20\0h\0e\0a\0d\0e\0r\0")%r(SIPOptions,60,"\+
- SF:\x11<j`\0\0\0\0\0\0\0C\x01\xdd\x0b\xdc\xfcJ;\0\0\0\0\0\0\0\0\x01\0\0\0\
- SF:"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\nInvalid\x20header\x20c
- SF:hecksum\n\n\x20\0h\0e\0a\0d\0e\0r\0");
- MAC Address: 00:08:74:39:A4:E8 (Dell Computer)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|phone
- Running: Microsoft Windows Vista|2008|7|Phone
- OS CPE: cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows
- OS details: Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
- Uptime guess: 7.178 days (since Thu Sep 25 04:03:10 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=266 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | nbstat:
- | NetBIOS name: LOKI, NetBIOS user: <unknown>, NetBIOS MAC: 00:08:74:39:a4:e8 (Dell Computer)
- | Names
- | LOKI<20> Flags: <unique><active>
- | LOKI<00> Flags: <unique><active>
- | CS2LAB<00> Flags: <group><active>
- | CS2LAB<1e> Flags: <group><active>
- | CS2LAB<1d> Flags: <unique><active>
- |_ \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
- | smb-os-discovery:
- | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
- | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
- | Computer name: loki
- | NetBIOS computer name: LOKI
- | Domain name: cs2lab.edu
- | Forest name: cs2lab.edu
- | FQDN: loki.cs2lab.edu
- | NetBIOS domain name: CS2LAB
- |_ System time: 2014-10-02T14:14:32+02:00
- | smb-security-mode:
- | Account that was used for smb scripts: <blank>
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 5.08 ms loki.cs2lab.edu (192.168.1.30)
- Nmap scan report for OpenVAS.cs2lab.edu (192.168.1.31)
- Host is up (0.0011s latency).
- Not shown: 997 closed ports
- PORT STATE SERVICE VERSION
- 80/tcp open http?
- |_http-methods: No Allow or Public header in OPTIONS response (status code 406)
- |_http-title: Site doesn't have a title.
- 111/tcp open rpcbind 2-4 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2,3,4 111/tcp rpcbind
- | 100000 2,3,4 111/udp rpcbind
- | 100024 1 33421/udp status
- |_ 100024 1 59276/tcp status
- 443/tcp open ssl/https?
- |_http-favicon: Unknown favicon MD5: 510C3CE29847C600644B882F3F79489C
- |_http-git: 0
- |_http-methods: No Allow or Public header in OPTIONS response (status code 406)
- |_http-title: Site doesn't have a title.
- | ssl-cert: Subject: commonName=openvas/organizationName=OpenVAS Users United/countryName=DE
- | Issuer: commonName=openvas/organizationName=OpenVAS Users United/countryName=DE
- | Public Key type: rsa
- | Public Key bits: 1024
- | Not valid before: 2014-05-08T09:09:23+00:00
- | Not valid after: 2022-07-25T09:09:23+00:00
- | MD5: 0137 97dd 2446 2781 101a ad80 2555 b7f8
- |_SHA-1: 2ab2 8e00 6919 fecd 90e4 a5a8 ac56 1415 560f 0a1b
- 2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
- ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
- SF-Port80-TCP:V=6.25%I=7%D=10/2%Time=542D4156%P=i686-pc-linux-gnu%r(HTTPOp
- SF:tions,B3,"HTTP/1\.0\x20406\x20Not\x20Acceptable\r\nContent-Length:\x205
- SF:1\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nDate:\x20Thu,\x200
- SF:2\x20Oct\x202014\x2012:10:10\x20GMT\r\n\r\n<html><body>HTTP\x20Method\x
- SF:20not\x20supported</body></html>")%r(RTSPRequest,B3,"HTTP/1\.1\x20406\x
- SF:20Not\x20Acceptable\r\nContent-Length:\x2051\r\nContent-Type:\x20text/h
- SF:tml;\x20charset=utf-8\r\nDate:\x20Thu,\x2002\x20Oct\x202014\x2012:10:10
- SF:\x20GMT\r\n\r\n<html><body>HTTP\x20Method\x20not\x20supported</body></h
- SF:tml>")%r(SIPOptions,B3,"HTTP/1\.1\x20406\x20Not\x20Acceptable\r\nConten
- SF:t-Length:\x2051\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nDate
- SF::\x20Thu,\x2002\x20Oct\x202014\x2012:10:45\x20GMT\r\n\r\n<html><body>HT
- SF:TP\x20Method\x20not\x20supported</body></html>");
- ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
- SF-Port443-TCP:V=6.25%T=SSL%I=7%D=10/2%Time=542D4161%P=i686-pc-linux-gnu%r
- SF:(HTTPOptions,B3,"HTTP/1\.0\x20406\x20Not\x20Acceptable\r\nContent-Lengt
- SF:h:\x2051\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nDate:\x20Th
- SF:u,\x2002\x20Oct\x202014\x2012:10:22\x20GMT\r\n\r\n<html><body>HTTP\x20M
- SF:ethod\x20not\x20supported</body></html>")%r(RTSPRequest,B3,"HTTP/1\.1\x
- SF:20406\x20Not\x20Acceptable\r\nContent-Length:\x2051\r\nContent-Type:\x2
- SF:0text/html;\x20charset=utf-8\r\nDate:\x20Thu,\x2002\x20Oct\x202014\x201
- SF:2:10:22\x20GMT\r\n\r\n<html><body>HTTP\x20Method\x20not\x20supported</b
- SF:ody></html>")%r(FourOhFourRequest,651,"HTTP/1\.0\x20200\x20OK\r\nConten
- SF:t-Length:\x201410\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nSe
- SF:t-Cookie:\x20GSAD_SID=0;\x20expires=Thu,\x2002-Oct-2014\x2012:10:47\x20
- SF:GMT;\x20path=/;\x20secure;\x20HTTPonly\r\nDate:\x20Thu,\x2002\x20Oct\x2
- SF:02014\x2012:10:47\x20GMT\r\n\r\n<!DOCTYPE\x20html\x20PUBLIC\x20\"-//W3C
- SF://DTD\x20XHTML\x201\.0\x20Transitional//EN\"\x20\"http://www\.w3\.org/T
- SF:R/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html\x20xmlns=\"http://www\.
- SF:w3\.org/1999/xhtml\"><head\x20xmlns=\"\">\n<meta\x20http-equiv=\"Conten
- SF:t-Type\"\x20content=\"text/html;\x20charset=UTF-8\">\n<link\x20rel=\"st
- SF:ylesheet\"\x20type=\"text/css\"\x20href=\"/gsa-style\.css\">\n<link\x20
- SF:rel=\"icon\"\x20href=\"/favicon\.gif\"\x20type=\"image/x-icon\">\n<titl
- SF:e>Greenbone\x20Security\x20Assistant</title>\n</head>\n<body><center><d
- SF:iv\x20xmlns=\"\"\x20style=\"width:315px;margin-top:5px;\"><div\x20class
- SF:=\"gb_window\">\n<div\x20class=\"gb_window_part_left\"></div>\n<div\x20
- SF:class=\"gb_window_part_right\"></div>\n<div\x20class=\"gb_window_part_c
- SF:enter\">Greenbone\x20Security\x20Assistant</div>\n<div\x20class=\"gb_wi
- SF:ndow_part_conten")%r(SIPOptions,B3,"HTTP/1\.1\x20406\x20Not\x20Acceptab
- SF:le\r\nContent-Length:\x2051\r\nContent-Type:\x20text/html;\x20charset=u
- SF:tf-8\r\nDate:\x20Thu,\x2002\x20Oct\x202014\x2012:10:57\x20GMT\r\n\r\n<h
- SF:tml><body>HTTP\x20Method\x20not\x20supported</body></html>");
- MAC Address: C2:42:D7:11:F3:5E (Unknown)
- No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=6.25%E=4%D=10/2%OT=80%CT=1%CU=42418%PV=Y%DS=1%DC=D%G=Y%M=C242D7%T
- OS:M=542D42F7%P=i686-pc-linux-gnu)SEQ(SP=104%GCD=1%ISR=108%TI=Z%CI=I%II=I%T
- OS:S=8)OPS(O1=M5B4ST11NW4%O2=M5B4ST11NW4%O3=M5B4NNT11NW4%O4=M5B4ST11NW4%O5=
- OS:M5B4ST11NW4%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3
- OS:890)ECN(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW4%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A
- OS:=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%
- OS:Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=
- OS:A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=
- OS:Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%
- OS:T=40%CD=S)
- Uptime guess: 1.053 days (since Wed Oct 1 07:03:06 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=259 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.05 ms OpenVAS.cs2lab.edu (192.168.1.31)
- Nmap scan report for openvas.cs2lab.edu (192.168.1.32)
- Host is up (0.0047s latency).
- Not shown: 977 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp vsftpd 2.3.4
- |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
- 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
- | ssh-hostkey: 1024 60:0f:cf:e1:c0:5f:6a:74:d6:90:24:fa:c4:d5:6c:cd (DSA)
- |_2048 56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3 (RSA)
- 23/tcp open telnet Linux telnetd
- 25/tcp open smtp Postfix smtpd
- |_smtp-commands: metasploitable.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
- | ssl-cert: Subject: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Issuer: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Public Key type: rsa
- | Public Key bits: 1024
- | Not valid before: 2010-03-17T13:07:45+00:00
- | Not valid after: 2010-04-16T13:07:45+00:00
- | MD5: dcd9 ad90 6c8f 2f73 74af 383b 2540 8828
- |_SHA-1: ed09 3088 7066 03bf d5dc 2373 99b4 98da 2d4d 31c6
- |_ssl-date: 2014-10-02T12:16:31+00:00; -2m56s from local time.
- 53/tcp open domain ISC BIND 9.4.2
- | dns-nsid:
- |_ bind.version: 9.4.2
- 80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
- |_http-title: Metasploitable2 - Linux
- 111/tcp open rpcbind 2 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2 111/tcp rpcbind
- | 100000 2 111/udp rpcbind
- | 100003 2,3,4 2049/tcp nfs
- | 100003 2,3,4 2049/udp nfs
- | 100005 1,2,3 37393/tcp mountd
- | 100005 1,2,3 48497/udp mountd
- | 100021 1,3,4 49631/tcp nlockmgr
- | 100021 1,3,4 60664/udp nlockmgr
- | 100024 1 37104/tcp status
- |_ 100024 1 54571/udp status
- 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
- 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
- 512/tcp open exec netkit-rsh rexecd
- 513/tcp open login?
- 514/tcp open tcpwrapped
- 1099/tcp open rmiregistry GNU Classpath grmiregistry
- |_rmi-dumpregistry: Registry listing failed (No return data received from server)
- 1524/tcp open ingreslock?
- 2049/tcp open nfs 2-4 (RPC #100003)
- 2121/tcp open ftp ProFTPD 1.3.1
- 3306/tcp open mysql MySQL 5.0.51a-3ubuntu5
- | mysql-info: Protocol: 10
- | Version: 5.0.51a-3ubuntu5
- | Thread ID: 17
- | Some Capabilities: Connect with DB, Compress, SSL, Transactions, Secure Connection
- | Status: Autocommit
- |_Salt: |;NYRnVA&5wxuexLP/:u
- 5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7
- 5900/tcp open vnc VNC (protocol 3.3)
- | vnc-info:
- | Protocol version: 3.3
- | Security types:
- |_ Unknown security type (33554432)
- 6000/tcp open X11 (access denied)
- 6667/tcp open irc Unreal ircd
- | irc-info: Server: irc.Metasploitable.LAN
- | Version: Unreal3.2.8.1. irc.Metasploitable.LAN
- | Lservers/Lusers: 0/1
- | Uptime: 0 days, 23:14:13
- | Source host: BD1A38F2.78DED367.FFFA6D49.IP
- |_Source ident: OK nmap
- 8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
- |_ajp-methods: Failed to get a valid response for the OPTION request
- 8180/tcp open http Apache Tomcat/Coyote JSP engine 1.1
- |_http-favicon: Apache Tomcat
- |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
- |_http-title: Apache Tomcat/5.5
- 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
- SF-Port1524-TCP:V=6.25%I=7%D=10/2%Time=542D4156%P=i686-pc-linux-gnu%r(NULL
- SF:,17,"root@metasploitable:/#\x20")%r(GenericLines,73,"root@metasploitabl
- SF:e:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20root@metasp
- SF:loitable:/#\x20root@metasploitable:/#\x20")%r(GetRequest,935,"root@meta
- SF:sploitable:/#\x20<HTML>\n<HEAD>\n<TITLE>Directory\x20/</TITLE>\n<BASE\x
- SF:20HREF=\"file:/\">\n</HEAD>\n<BODY>\n<H1>Directory\x20listing\x20of\x20
- SF:/</H1>\n<UL>\n<LI><A\x20HREF=\"\./\">\./</A>\n<LI><A\x20HREF=\"\.\./\">
- SF:\.\./</A>\n<LI><A\x20HREF=\"bin/\">bin/</A>\n<LI><A\x20HREF=\"boot/\">b
- SF:oot/</A>\n<LI><A\x20HREF=\"cdrom/\">cdrom/</A>\n<LI><A\x20HREF=\"dev/\"
- SF:>dev/</A>\n<LI><A\x20HREF=\"etc/\">etc/</A>\n<LI><A\x20HREF=\"home/\">h
- SF:ome/</A>\n<LI><A\x20HREF=\"initrd/\">initrd/</A>\n<LI><A\x20HREF=\"init
- SF:rd\.img\">initrd\.img</A>\n<LI><A\x20HREF=\"lib/\">lib/</A>\n<LI><A\x20
- SF:HREF=\"lost%2Bfound/\">lost\+found/</A>\n<LI><A\x20HREF=\"media/\">medi
- SF:a/</A>\n<LI><A\x20HREF=\"mnt/\">mnt/</A>\n<LI><A\x20HREF=\"nohup\.out\"
- SF:>nohup\.out</A>\n<LI><A\x20HREF=\"opt/\">opt/</A>\n<LI><A\x20HREF=\"pro
- SF:c/\">proc/</A>\n<LI><A\x20HREF=\"root/\">root/</A>\n<LI><A\x20HREF=\"sb
- SF:in/\">sbin/</A>\n<LI><A\x20HREF=\"srv/\">srv/</A>\n<LI><A\x20HREF=\"sys
- SF:/\">sys/</A>\n<LI><A\x20HREF=\"tmp/\">tmp/</A>\n<LI><A\x20HREF=\"usr/\"
- SF:>usr/</A>\n<LI><A\x20HREF=\"var/\">var/</A>\n<LI><A\x20HREF=\"vmlinuz\"
- SF:>vmlinuz</A>\n<")%r(HTTPOptions,94,"root@metasploitable:/#\x20bash:\x20
- SF:OPTIONS:\x20command\x20not\x20found\nroot@metasploitable:/#\x20root@met
- SF:asploitable:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20"
- SF:)%r(RTSPRequest,94,"root@metasploitable:/#\x20bash:\x20OPTIONS:\x20comm
- SF:and\x20not\x20found\nroot@metasploitable:/#\x20root@metasploitable:/#\x
- SF:20root@metasploitable:/#\x20root@metasploitable:/#\x20")%r(RPCCheck,17,
- SF:"root@metasploitable:/#\x20")%r(DNSVersionBindReq,17,"root@metasploitab
- SF:le:/#\x20")%r(DNSStatusRequest,17,"root@metasploitable:/#\x20")%r(Help,
- SF:63,"root@metasploitable:/#\x20bash:\x20HELP:\x20command\x20not\x20found
- SF:\nroot@metasploitable:/#\x20root@metasploitable:/#\x20")%r(SSLSessionRe
- SF:q,51,"root@metasploitable:/#\x20bash:\x20{O\?G,\x03Sw=:\x20command\x20n
- SF:ot\x20found\nroot@metasploitable:/#\x20");
- MAC Address: BE:38:5F:53:30:AE (Unknown)
- Device type: general purpose
- Running: Linux 2.6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.6
- OS details: Linux 2.6.9 - 2.6.33
- Uptime guess: 0.967 days (since Wed Oct 1 09:08:02 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=203 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: Hosts: metasploitable.localdomain, localhost, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
- Host script results:
- | nbstat:
- | NetBIOS name: METASPLOITABLE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
- | Names
- | METASPLOITABLE<00> Flags: <unique><active>
- | METASPLOITABLE<03> Flags: <unique><active>
- | METASPLOITABLE<20> Flags: <unique><active>
- | \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
- | WORKGROUP<00> Flags: <group><active>
- | WORKGROUP<1d> Flags: <unique><active>
- |_ WORKGROUP<1e> Flags: <group><active>
- | smb-os-discovery:
- | OS: Unix (Samba 3.0.20-Debian)
- | NetBIOS computer name:
- | Workgroup: WORKGROUP
- |_ System time: 2014-10-02T08:14:27-04:00
- TRACEROUTE
- HOP RTT ADDRESS
- 1 4.68 ms openvas.cs2lab.edu (192.168.1.32)
- Nmap scan report for oden.cs2lab.edu (192.168.1.35)
- Host is up (0.0046s latency).
- Not shown: 982 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Microsoft ftpd
- | ftp-anon: Anonymous FTP login allowed (FTP code 230)
- | 06-04-14 03:26PM <DIR> Guest
- |_02-02-13 03:49AM <DIR> Lab
- | ssl-cert: Subject: commonName=WMSvc-ODEN
- | Issuer: commonName=WMSvc-ODEN
- | Public Key type: rsa
- | Public Key bits: 2048
- | Not valid before: 2011-11-04T14:49:41+00:00
- | Not valid after: 2021-11-01T14:49:41+00:00
- | MD5: 306c 6c6e e844 e001 07e4 599a ee06 f439
- |_SHA-1: d151 6c86 b9d9 469f a3f7 68ce 6a57 78d1 21b4 9dd5
- |_ssl-date: 2014-10-02T12:15:52+00:00; -2m58s from local time.
- 80/tcp open http Microsoft IIS httpd 7.5
- | http-auth:
- | HTTP/1.1 401 Unauthorized
- |_ NTLM
- |_http-methods: No Allow or Public header in OPTIONS response (status code 401)
- |_http-title: Site doesn't have a title.
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 1433/tcp open ms-sql-s Microsoft SQL Server 2008 R2 10.50.1600.00; RTM
- 1801/tcp open msmq?
- 2010/tcp open http Microsoft IIS httpd 7.5
- | http-auth:
- | HTTP/1.1 401 Unauthorized
- |_ NTLM
- |_http-methods: No Allow or Public header in OPTIONS response (status code 401)
- |_http-title: Site doesn't have a title.
- 2103/tcp open msrpc Microsoft Windows RPC
- 2105/tcp open msrpc Microsoft Windows RPC
- 2107/tcp open msrpc Microsoft Windows RPC
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- 49152/tcp open msrpc Microsoft Windows RPC
- 49153/tcp open msrpc Microsoft Windows RPC
- 49154/tcp open msrpc Microsoft Windows RPC
- 49155/tcp open msrpc Microsoft Windows RPC
- 49156/tcp open msrpc Microsoft Windows RPC
- 49157/tcp open msrpc Microsoft Windows RPC
- MAC Address: B6:EC:74:84:B4:A6 (Unknown)
- Device type: general purpose
- Running: Microsoft Windows 7|2008
- OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
- OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
- Uptime guess: 8.941 days (since Tue Sep 23 09:44:42 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=260 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | ms-sql-info:
- | Windows server name: ODEN
- | [192.168.1.35\MSSQLSERVER]
- | Instance name: MSSQLSERVER
- | Version: Microsoft SQL Server 2008 R2 RTM
- | Version number: 10.50.1600.00
- | Product: Microsoft SQL Server 2008 R2
- | Service pack level: RTM
- | Post-SP patches applied: No
- | TCP port: 1433
- | Named pipe: \\192.168.1.35\pipe\sql\query
- |_ Clustered: No
- | nbstat:
- | NetBIOS name: ODEN, NetBIOS user: <unknown>, NetBIOS MAC: b6:ec:74:84:b4:a6 (unknown)
- | Names
- | ODEN<20> Flags: <unique><active>
- | ODEN<00> Flags: <unique><active>
- |_ CS2LAB<00> Flags: <group><active>
- | smb-os-discovery:
- | OS: Windows Server 2008 R2 Enterprise 7601 Service Pack 1 (Windows Server 2008 R2 Enterprise 6.1)
- | OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
- | Computer name: oden
- | NetBIOS computer name: ODEN
- | Domain name: cs2lab.edu
- | Forest name: cs2lab.edu
- | FQDN: oden.cs2lab.edu
- | NetBIOS domain name: CS2LAB
- |_ System time: 2014-10-02T14:15:52+02:00
- | smb-security-mode:
- | Account that was used for smb scripts: guest
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 4.59 ms oden.cs2lab.edu (192.168.1.35)
- Nmap scan report for jira.cs2lab.edu (192.168.1.40)
- Host is up (0.0011s latency).
- Not shown: 999 closed ports
- PORT STATE SERVICE VERSION
- 111/tcp open rpcbind 2 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2 111/tcp rpcbind
- | 100000 2 111/udp rpcbind
- | 100024 1 33465/tcp status
- |_ 100024 1 42832/udp status
- MAC Address: CE:DD:1B:0C:49:FC (Unknown)
- No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=6.25%E=4%D=10/2%OT=111%CT=1%CU=43465%PV=Y%DS=1%DC=D%G=Y%M=CEDD1B%
- OS:TM=542D42F7%P=i686-pc-linux-gnu)SEQ(SP=C5%GCD=1%ISR=C3%TI=Z%CI=Z%II=I%TS
- OS:=7)OPS(O1=M5B4ST11NW6%O2=M5B4ST11NW6%O3=M5B4NNT11NW6%O4=M5B4ST11NW6%O5=M
- OS:5B4ST11NW6%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=38
- OS:90)ECN(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=
- OS:S+%F=AS%RD=0%Q=)T2(R=N)T3(R=Y%DF=Y%T=40%W=3890%S=O%A=S+%F=AS%O=M5B4ST11N
- OS:W6%RD=0%Q=)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%
- OS:W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=
- OS:)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%
- OS:UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
- Uptime guess: 6.936 days (since Thu Sep 25 09:52:20 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=197 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.10 ms jira.cs2lab.edu (192.168.1.40)
- Nmap scan report for confluence.cs2lab.edu (192.168.1.45)
- Host is up (0.0052s latency).
- Not shown: 998 closed ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 5.8p1 Debian 1ubuntu3 (Ubuntu Linux; protocol 2.0)
- | ssh-hostkey: 1024 1b:7b:69:d7:be:44:6b:bf:b5:8f:82:0b:f8:fb:7e:a3 (DSA)
- | 2048 41:c7:ce:de:93:6f:1b:17:4c:64:40:b4:f9:bf:18:37 (RSA)
- |_256 a7:45:0b:6b:fc:05:21:30:74:35:b4:58:fc:2c:b3:19 (ECDSA)
- 80/tcp open http Apache Tomcat/Coyote JSP engine 1.1
- |_http-favicon: Unknown favicon MD5: 037D48B58C897528001F6A978176DF29
- |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
- MAC Address: B2:5E:7B:F9:33:4B (Unknown)
- Device type: general purpose
- Running: Linux 2.6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.6
- OS details: Linux 2.6.32 - 2.6.39
- Uptime guess: 6.906 days (since Thu Sep 25 10:35:11 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=188 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- TRACEROUTE
- HOP RTT ADDRESS
- 1 5.19 ms confluence.cs2lab.edu (192.168.1.45)
- Nmap scan report for thor.cs2lab.edu (192.168.1.50)
- Host is up (0.0052s latency).
- Not shown: 996 closed ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 5.5p1 Debian 6 (protocol 2.0)
- | ssh-hostkey: 1024 0b:b7:2e:8a:8e:92:e9:e9:e6:05:cf:cc:bc:7e:f5:3a (DSA)
- |_2048 10:7c:c0:b6:04:b6:2a:6a:f0:ab:ee:5a:11:d9:d2:5a (RSA)
- 80/tcp open http?
- |_http-methods: No Allow or Public header in OPTIONS response (status code 302)
- |_http-title: Did not follow redirect to https://thor.cs2lab.edu:8006/
- 111/tcp open rpcbind 2 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2 111/tcp rpcbind
- | 100000 2 111/udp rpcbind
- | 100024 1 39004/tcp status
- |_ 100024 1 42844/udp status
- 443/tcp open ssl/https?
- |_http-methods: No Allow or Public header in OPTIONS response (status code 302)
- |_http-title: Did not follow redirect to https://thor.cs2lab.edu:443:8006/
- | ssl-cert: Subject: commonName=thor.cs2lab.edu/organizationName=Proxmox Virtual Environment
- | Issuer: commonName=Proxmox Virtual Environment/organizationName=PVE Cluster Manager CA
- | Public Key type: rsa
- | Public Key bits: 2048
- | Not valid before: 2011-11-03T12:30:53+00:00
- | Not valid after: 2021-10-31T12:30:53+00:00
- | MD5: f99e 81ce c2eb c918 4b01 ecd4 d38d cc41
- |_SHA-1: 62b7 9d5d 5042 d4d2 ffdb 5dbe 2a70 1bb3 605d fc3f
- |_ssl-date: 2014-10-02T12:16:29+00:00; -2m58s from local time.
- 2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
- ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
- SF-Port80-TCP:V=6.25%I=7%D=10/2%Time=542D4167%P=i686-pc-linux-gnu%r(GetReq
- SF:uest,197,"HTTP/1\.1\x20302\x20Found\r\nDate:\x20Thu,\x2002\x20Oct\x2020
- SF:14\x2012:10:30\x20GMT\r\nServer:\x20Apache\r\nLocation:\x20https://:800
- SF:6/\r\nVary:\x20Accept-Encoding\r\nContent-Length:\x20198\r\nConnection:
- SF:\x20close\r\nContent-Type:\x20text/html;\x20charset=iso-8859-1\r\n\r\n<
- SF:!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//IETF//DTD\x20HTML\x202\.0//EN\">\n<h
- SF:tml><head>\n<title>302\x20Found</title>\n</head><body>\n<h1>Found</h1>\
- SF:n<p>The\x20document\x20has\x20moved\x20<a\x20href=\"https://:8006/\">he
- SF:re</a>\.</p>\n</body></html>\n")%r(HTTPOptions,197,"HTTP/1\.1\x20302\x2
- SF:0Found\r\nDate:\x20Thu,\x2002\x20Oct\x202014\x2012:10:30\x20GMT\r\nServ
- SF:er:\x20Apache\r\nLocation:\x20https://:8006/\r\nVary:\x20Accept-Encodin
- SF:g\r\nContent-Length:\x20198\r\nConnection:\x20close\r\nContent-Type:\x2
- SF:0text/html;\x20charset=iso-8859-1\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x2
- SF:0\"-//IETF//DTD\x20HTML\x202\.0//EN\">\n<html><head>\n<title>302\x20Fou
- SF:nd</title>\n</head><body>\n<h1>Found</h1>\n<p>The\x20document\x20has\x2
- SF:0moved\x20<a\x20href=\"https://:8006/\">here</a>\.</p>\n</body></html>\
- SF:n")%r(RTSPRequest,197,"HTTP/1\.1\x20302\x20Found\r\nDate:\x20Thu,\x2002
- SF:\x20Oct\x202014\x2012:10:30\x20GMT\r\nServer:\x20Apache\r\nLocation:\x2
- SF:0https://:8006/\r\nVary:\x20Accept-Encoding\r\nContent-Length:\x20198\r
- SF:\nConnection:\x20close\r\nContent-Type:\x20text/html;\x20charset=iso-88
- SF:59-1\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//IETF//DTD\x20HTML\x202\
- SF:.0//EN\">\n<html><head>\n<title>302\x20Found</title>\n</head><body>\n<h
- SF:1>Found</h1>\n<p>The\x20document\x20has\x20moved\x20<a\x20href=\"https:
- SF://:8006/\">here</a>\.</p>\n</body></html>\n")%r(FourOhFourRequest,1D1,"
- SF:HTTP/1\.1\x20302\x20Found\r\nDate:\x20Thu,\x2002\x20Oct\x202014\x2012:1
- SF:0:35\x20GMT\r\nServer:\x20Apache\r\nLocation:\x20https://:8006/nice%20p
- SF:orts,/Trinity\.txt\.bak\r\nVary:\x20Accept-Encoding\r\nContent-Length:\
- SF:x20227\r\nConnection:\x20close\r\nContent-Type:\x20text/html;\x20charse
- SF:t=iso-8859-1\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//IETF//DTD\x20HT
- SF:ML\x202\.0//EN\">\n<html><head>\n<title>302\x20Found</title>\n</head><b
- SF:ody>\n<h1>Found</h1>\n<p>The\x20document\x20has\x20moved\x20<a\x20href=
- SF:\"https://:8006/nice%20ports,/Trinity\.txt\.bak\">here</a>\.</p>\n</bod
- SF:y></html>\n");
- ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
- SF-Port443-TCP:V=6.25%T=SSL%I=7%D=10/2%Time=542D4170%P=i686-pc-linux-gnu%r
- SF:(GetRequest,197,"HTTP/1\.1\x20302\x20Found\r\nDate:\x20Thu,\x2002\x20Oc
- SF:t\x202014\x2012:10:39\x20GMT\r\nServer:\x20Apache\r\nLocation:\x20https
- SF:://:8006/\r\nVary:\x20Accept-Encoding\r\nContent-Length:\x20198\r\nConn
- SF:ection:\x20close\r\nContent-Type:\x20text/html;\x20charset=iso-8859-1\r
- SF:\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//IETF//DTD\x20HTML\x202\.0//EN
- SF:\">\n<html><head>\n<title>302\x20Found</title>\n</head><body>\n<h1>Foun
- SF:d</h1>\n<p>The\x20document\x20has\x20moved\x20<a\x20href=\"https://:800
- SF:6/\">here</a>\.</p>\n</body></html>\n")%r(HTTPOptions,197,"HTTP/1\.1\x2
- SF:0302\x20Found\r\nDate:\x20Thu,\x2002\x20Oct\x202014\x2012:10:44\x20GMT\
- SF:r\nServer:\x20Apache\r\nLocation:\x20https://:8006/\r\nVary:\x20Accept-
- SF:Encoding\r\nContent-Length:\x20198\r\nConnection:\x20close\r\nContent-T
- SF:ype:\x20text/html;\x20charset=iso-8859-1\r\n\r\n<!DOCTYPE\x20HTML\x20PU
- SF:BLIC\x20\"-//IETF//DTD\x20HTML\x202\.0//EN\">\n<html><head>\n<title>302
- SF:\x20Found</title>\n</head><body>\n<h1>Found</h1>\n<p>The\x20document\x2
- SF:0has\x20moved\x20<a\x20href=\"https://:8006/\">here</a>\.</p>\n</body><
- SF:/html>\n")%r(RTSPRequest,197,"HTTP/1\.1\x20302\x20Found\r\nDate:\x20Thu
- SF:,\x2002\x20Oct\x202014\x2012:10:44\x20GMT\r\nServer:\x20Apache\r\nLocat
- SF:ion:\x20https://:8006/\r\nVary:\x20Accept-Encoding\r\nContent-Length:\x
- SF:20198\r\nConnection:\x20close\r\nContent-Type:\x20text/html;\x20charset
- SF:=iso-8859-1\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//IETF//DTD\x20HTM
- SF:L\x202\.0//EN\">\n<html><head>\n<title>302\x20Found</title>\n</head><bo
- SF:dy>\n<h1>Found</h1>\n<p>The\x20document\x20has\x20moved\x20<a\x20href=\
- SF:"https://:8006/\">here</a>\.</p>\n</body></html>\n")%r(Help,C6,"<!DOCTY
- SF:PE\x20HTML\x20PUBLIC\x20\"-//IETF//DTD\x20HTML\x202\.0//EN\">\n<html><h
- SF:ead>\n<title>302\x20Found</title>\n</head><body>\n<h1>Found</h1>\n<p>Th
- SF:e\x20document\x20has\x20moved\x20<a\x20href=\"https://:8006/\">here</a>
- SF:\.</p>\n</body></html>\n")%r(SSLSessionReq,C6,"<!DOCTYPE\x20HTML\x20PUB
- SF:LIC\x20\"-//IETF//DTD\x20HTML\x202\.0//EN\">\n<html><head>\n<title>302\
- SF:x20Found</title>\n</head><body>\n<h1>Found</h1>\n<p>The\x20document\x20
- SF:has\x20moved\x20<a\x20href=\"https://:8006/\">here</a>\.</p>\n</body></
- SF:html>\n");
- MAC Address: 78:2B:CB:89:66:F9 (Dell)
- Device type: general purpose
- Running: Linux 2.6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.6
- OS details: Linux 2.6.24 - 2.6.36
- Uptime guess: 7.175 days (since Thu Sep 25 04:07:27 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=203 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- TRACEROUTE
- HOP RTT ADDRESS
- 1 5.17 ms thor.cs2lab.edu (192.168.1.50)
- Nmap scan report for droid11.cs2lab.edu (192.168.1.81)
- Host is up (0.0056s latency).
- Not shown: 996 filtered ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- MAC Address: 90:B1:1C:5C:A7:C1 (Unknown)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|phone
- Running: Microsoft Windows Vista|2008|7|Phone
- OS CPE: cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows
- OS details: Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
- Uptime guess: 0.056 days (since Thu Oct 2 06:59:06 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=262 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | nbstat:
- | NetBIOS name: SECI041, NetBIOS user: <unknown>, NetBIOS MAC: 90:b1:1c:5c:a7:c1 (unknown)
- | Names
- | SECI041<00> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- |_ SECI041<20> Flags: <unique><active>
- | smb-security-mode:
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 5.57 ms droid11.cs2lab.edu (192.168.1.81)
- Nmap scan report for droid14.cs2lab.edu (192.168.1.84)
- Host is up (0.0066s latency).
- Not shown: 996 filtered ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- MAC Address: D4:BE:D9:A2:A2:4E (Dell)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|phone
- Running: Microsoft Windows 7|Vista|2008|Phone
- OS CPE: cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows
- OS details: Microsoft Windows 7 Professional, Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
- Uptime guess: 0.091 days (since Thu Oct 2 06:09:05 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | nbstat:
- | NetBIOS name: SECI070, NetBIOS user: <unknown>, NetBIOS MAC: d4:be:d9:a2:a2:4e (Dell)
- | Names
- | SECI070<00> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- |_ SECI070<20> Flags: <unique><active>
- | smb-security-mode:
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 6.65 ms droid14.cs2lab.edu (192.168.1.84)
- Nmap scan report for droid15.cs2lab.edu (192.168.1.85)
- Host is up (0.0067s latency).
- Not shown: 996 filtered ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- MAC Address: 90:B1:1C:5D:15:37 (Unknown)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|phone
- Running: Microsoft Windows 7|Vista|2008|Phone
- OS CPE: cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows
- OS details: Microsoft Windows 7 Professional, Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
- Uptime guess: 0.099 days (since Thu Oct 2 05:56:53 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=258 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | nbstat:
- | NetBIOS name: SECI030, NetBIOS user: <unknown>, NetBIOS MAC: 90:b1:1c:5d:15:37 (unknown)
- | Names
- | WORKGROUP<00> Flags: <group><active>
- | SECI030<00> Flags: <unique><active>
- |_ SECI030<20> Flags: <unique><active>
- | smb-security-mode:
- | Account that was used for smb scripts: guest
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 6.75 ms droid15.cs2lab.edu (192.168.1.85)
- Nmap scan report for droid16.cs2lab.edu (192.168.1.86)
- Host is up (0.0068s latency).
- Not shown: 996 filtered ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- MAC Address: 90:B1:1C:5C:A7:BE (Unknown)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|phone
- Running: Microsoft Windows Vista|2008|7|Phone
- OS CPE: cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows
- OS details: Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
- Uptime guess: 0.045 days (since Thu Oct 2 07:15:00 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=263 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | nbstat:
- | NetBIOS name: SECI033, NetBIOS user: <unknown>, NetBIOS MAC: 90:b1:1c:5c:a7:be (unknown)
- | Names
- | WORKGROUP<00> Flags: <group><active>
- | SECI033<00> Flags: <unique><active>
- |_ SECI033<20> Flags: <unique><active>
- | smb-security-mode:
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 6.80 ms droid16.cs2lab.edu (192.168.1.86)
- Nmap scan report for droid20.cs2lab.edu (192.168.1.90)
- Host is up (0.0069s latency).
- Not shown: 996 filtered ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- MAC Address: D4:BE:D9:A2:E1:24 (Dell)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|phone
- Running: Microsoft Windows Vista|2008|7|Phone
- OS CPE: cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows
- OS details: Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
- Uptime guess: 0.039 days (since Thu Oct 2 07:23:53 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=264 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | nbstat:
- | NetBIOS name: SECI015, NetBIOS user: <unknown>, NetBIOS MAC: d4:be:d9:a2:e1:24 (Dell)
- | Names
- | SECI015<00> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- |_ SECI015<20> Flags: <unique><active>
- | smb-security-mode:
- | Account that was used for smb scripts: guest
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 6.94 ms droid20.cs2lab.edu (192.168.1.90)
- Nmap scan report for 192.168.1.103
- Host is up (0.0057s latency).
- Not shown: 977 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp vsftpd 2.3.4
- |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
- 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
- | ssh-hostkey: 1024 60:0f:cf:e1:c0:5f:6a:74:d6:90:24:fa:c4:d5:6c:cd (DSA)
- |_2048 56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3 (RSA)
- 23/tcp open telnet Linux telnetd
- 25/tcp open smtp Postfix smtpd
- |_smtp-commands: metasploitable.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
- | ssl-cert: Subject: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Issuer: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Public Key type: rsa
- | Public Key bits: 1024
- | Not valid before: 2010-03-17T13:07:45+00:00
- | Not valid after: 2010-04-16T13:07:45+00:00
- | MD5: dcd9 ad90 6c8f 2f73 74af 383b 2540 8828
- |_SHA-1: ed09 3088 7066 03bf d5dc 2373 99b4 98da 2d4d 31c6
- |_ssl-date: 2014-10-02T12:15:32+00:00; -2m58s from local time.
- 53/tcp open domain ISC BIND 9.4.2
- | dns-nsid:
- |_ bind.version: 9.4.2
- 80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
- |_http-title: Metasploitable2 - Linux
- 111/tcp open rpcbind 2 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2 111/tcp rpcbind
- | 100000 2 111/udp rpcbind
- | 100003 2,3,4 2049/tcp nfs
- | 100003 2,3,4 2049/udp nfs
- | 100005 1,2,3 34612/tcp mountd
- | 100005 1,2,3 43318/udp mountd
- | 100021 1,3,4 53412/udp nlockmgr
- | 100021 1,3,4 56392/tcp nlockmgr
- | 100024 1 48893/udp status
- |_ 100024 1 55990/tcp status
- 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
- 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
- 512/tcp open exec netkit-rsh rexecd
- 513/tcp open login?
- 514/tcp open shell?
- 1099/tcp open rmiregistry GNU Classpath grmiregistry
- |_rmi-dumpregistry: Registry listing failed (No return data received from server)
- 1524/tcp open ingreslock?
- 2049/tcp open nfs 2-4 (RPC #100003)
- 2121/tcp open ftp ProFTPD 1.3.1
- 3306/tcp open mysql MySQL 5.0.51a-3ubuntu5
- | mysql-info: Protocol: 10
- | Version: 5.0.51a-3ubuntu5
- | Thread ID: 8
- | Some Capabilities: Connect with DB, Compress, SSL, Transactions, Secure Connection
- | Status: Autocommit
- |_Salt: Ie@PS.,1S,#g^$3vy!0o
- 5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7
- 5900/tcp open vnc VNC (protocol 3.3)
- | vnc-info:
- | Protocol version: 3.3
- | Security types:
- |_ Unknown security type (33554432)
- 6000/tcp open X11 (access denied)
- 6667/tcp open irc Unreal ircd
- | irc-info: Server: irc.Metasploitable.LAN
- | Version: Unreal3.2.8.1. irc.Metasploitable.LAN
- | Lservers/Lusers: 0/1
- | Uptime: 0 days, 0:40:17
- | Source host: BD1A38F2.78DED367.FFFA6D49.IP
- |_Source ident: OK nmap
- 8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
- |_ajp-methods: Failed to get a valid response for the OPTION request
- 8180/tcp open http Apache Tomcat/Coyote JSP engine 1.1
- |_http-favicon: Apache Tomcat
- |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
- |_http-title: Apache Tomcat/5.5
- 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
- SF-Port1524-TCP:V=6.25%I=7%D=10/2%Time=542D4184%P=i686-pc-linux-gnu%r(NULL
- SF:,17,"root@metasploitable:/#\x20")%r(GenericLines,73,"root@metasploitabl
- SF:e:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20root@metasp
- SF:loitable:/#\x20root@metasploitable:/#\x20")%r(GetRequest,17,"root@metas
- SF:ploitable:/#\x20")%r(HTTPOptions,94,"root@metasploitable:/#\x20bash:\x2
- SF:0OPTIONS:\x20command\x20not\x20found\nroot@metasploitable:/#\x20root@me
- SF:tasploitable:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20
- SF:")%r(RTSPRequest,94,"root@metasploitable:/#\x20bash:\x20OPTIONS:\x20com
- SF:mand\x20not\x20found\nroot@metasploitable:/#\x20root@metasploitable:/#\
- SF:x20root@metasploitable:/#\x20root@metasploitable:/#\x20")%r(RPCCheck,17
- SF:,"root@metasploitable:/#\x20")%r(DNSVersionBindReq,17,"root@metasploita
- SF:ble:/#\x20")%r(DNSStatusRequest,17,"root@metasploitable:/#\x20")%r(Help
- SF:,63,"root@metasploitable:/#\x20bash:\x20HELP:\x20command\x20not\x20foun
- SF:d\nroot@metasploitable:/#\x20root@metasploitable:/#\x20")%r(SSLSessionR
- SF:eq,51,"root@metasploitable:/#\x20bash:\x20{O\?G,\x03Sw=:\x20command\x20
- SF:not\x20found\nroot@metasploitable:/#\x20")%r(Kerberos,AB,"root@metasplo
- SF:itable:/#\x20bash:\x20qjn0k:\x20command\x20not\x20found\nroot@metasploi
- SF:table:/#\x20root@metasploitable:/#\x20\x1b\[H\x1b\[Jbash:\x200krbtgtNM\
- SF:x18:\x20command\x20not\x20found\n\x1b\[H\x1b\[Jroot@metasploitable:/#\x
- SF:20")%r(SMBProgNeg,17,"root@metasploitable:/#\x20")%r(X11Probe,17,"root@
- SF:metasploitable:/#\x20")%r(FourOhFourRequest,17,"root@metasploitable:/#\
- SF:x20")%r(LPDString,4F,"root@metasploitable:/#\x20bash:\x20default:\x20co
- SF:mmand\x20not\x20found\nroot@metasploitable:/#\x20")%r(LDAPBindReq,17,"r
- SF:oot@metasploitable:/#\x20")%r(SIPOptions,395,"root@metasploitable:/#\x2
- SF:0bash:\x20OPTIONS:\x20command\x20not\x20found\nroot@metasploitable:/#\x
- SF:20root@metasploitable:/#\x20bash:\x20Via::\x20command\x20not\x20found\n
- SF:root@metasploitable:/#\x20root@metasploitable:/#\x20bash:\x20syntax\x20
- SF:error\x20near\x20unexpected\x20token\x20`;'\nroot@metasploitable:/#\x20
- SF:root@metasploitable:/#\x20bash:\x20syntax\x20error\x20near\x20unexpecte
- SF:d\x20token\x20`newline'\nroot@metasploitable:/#\x20root@metasploitable:
- SF:/#\x20bash:\x20Call-ID::\x20command\x20not\x20found\nroot@metasploitabl
- SF:e:/#\x20root@metasploitable:/#\x20bash:\x20CSeq::\x20command\x20not\x20
- SF:found\nroot@metasploitable:/#\x20root@metasploitable:/#\x20bash:\x20Max
- SF:-Forwards::\x20command\x20not\x20found\nroot@metasploitable:/#\x20root@
- SF:metasploitable:/#\x20bash:\x20Content-Length::\x20command\x20not\x20fou
- SF:nd\nroot@metasploitable:/#\x20root@metasploitable:/#\x20bash:\x20syntax
- SF:\x20error\x20near\x20unexpected\x20token\x20`newline'\nroot@metasploita
- SF:ble:/#\x20root@metasploitable:/#\x20bash:\x20Accept::\x20command\x20not
- SF:\x20found\nroot@metasploitable:/#\x20root@metasploitable:/#\x20root@met
- SF:asploitable:/#\x20root@m");
- MAC Address: 08:00:C0:FF:E1:23 (Unknown)
- Device type: general purpose
- Running: Linux 2.6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.6
- OS details: Linux 2.6.9 - 2.6.33
- Uptime guess: 0.027 days (since Thu Oct 2 07:41:15 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=196 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: Hosts: metasploitable.localdomain, localhost, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
- Host script results:
- | nbstat:
- | NetBIOS name: METASPLOITABLE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
- | Names
- | METASPLOITABLE<00> Flags: <unique><active>
- | METASPLOITABLE<03> Flags: <unique><active>
- | METASPLOITABLE<20> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- |_ WORKGROUP<1e> Flags: <group><active>
- | smb-os-discovery:
- | OS: Unix (Samba 3.0.20-Debian)
- | NetBIOS computer name:
- | Workgroup: WORKGROUP
- |_ System time: 2014-10-02T08:16:28-04:00
- TRACEROUTE
- HOP RTT ADDRESS
- 1 5.71 ms 192.168.1.103
- Nmap scan report for 192.168.1.104
- Host is up (0.0057s latency).
- Not shown: 977 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp vsftpd 2.3.4
- |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
- 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
- | ssh-hostkey: 1024 60:0f:cf:e1:c0:5f:6a:74:d6:90:24:fa:c4:d5:6c:cd (DSA)
- |_2048 56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3 (RSA)
- 23/tcp open telnet Linux telnetd
- 25/tcp open smtp Postfix smtpd
- |_smtp-commands: metasploitable.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
- | ssl-cert: Subject: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Issuer: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Public Key type: rsa
- | Public Key bits: 1024
- | Not valid before: 2010-03-17T13:07:45+00:00
- | Not valid after: 2010-04-16T13:07:45+00:00
- | MD5: dcd9 ad90 6c8f 2f73 74af 383b 2540 8828
- |_SHA-1: ed09 3088 7066 03bf d5dc 2373 99b4 98da 2d4d 31c6
- |_ssl-date: 2014-10-02T11:52:18+00:00; -26m30s from local time.
- 53/tcp open domain ISC BIND 9.4.2
- | dns-nsid:
- |_ bind.version: 9.4.2
- 80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
- |_http-title: Metasploitable2 - Linux
- 111/tcp open rpcbind 2 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2 111/tcp rpcbind
- | 100000 2 111/udp rpcbind
- | 100003 2,3,4 2049/tcp nfs
- | 100003 2,3,4 2049/udp nfs
- | 100005 1,2,3 39616/udp mountd
- | 100005 1,2,3 40629/tcp mountd
- | 100021 1,3,4 37495/tcp nlockmgr
- | 100021 1,3,4 41782/udp nlockmgr
- | 100024 1 35945/udp status
- |_ 100024 1 50926/tcp status
- 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
- 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
- 512/tcp open exec netkit-rsh rexecd
- 513/tcp open login?
- 514/tcp open shell?
- 1099/tcp open rmiregistry GNU Classpath grmiregistry
- |_rmi-dumpregistry: Registry listing failed (No return data received from server)
- 1524/tcp open ingreslock?
- 2049/tcp open nfs 2-4 (RPC #100003)
- 2121/tcp open ftp ProFTPD 1.3.1
- 3306/tcp open mysql MySQL 5.0.51a-3ubuntu5
- | mysql-info: Protocol: 10
- | Version: 5.0.51a-3ubuntu5
- | Thread ID: 8
- | Some Capabilities: Connect with DB, Compress, SSL, Transactions, Secure Connection
- | Status: Autocommit
- |_Salt: &u?uT%VfzV{.kTD5z-m_
- 5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7
- 5900/tcp open vnc VNC (protocol 3.3)
- | vnc-info:
- | Protocol version: 3.3
- | Security types:
- |_ Unknown security type (33554432)
- 6000/tcp open X11 (access denied)
- 6667/tcp open irc Unreal ircd
- | irc-info: Server: irc.Metasploitable.LAN
- | Version: Unreal3.2.8.1. irc.Metasploitable.LAN
- | Lservers/Lusers: 0/1
- | Uptime: 0 days, 20:55:22
- | Source host: BD1A38F2.78DED367.FFFA6D49.IP
- |_Source ident: OK nmap
- 8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
- |_ajp-methods: Failed to get a valid response for the OPTION request
- 8180/tcp open http Apache Tomcat/Coyote JSP engine 1.1
- |_http-favicon: Apache Tomcat
- |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
- |_http-title: Apache Tomcat/5.5
- 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
- SF-Port1524-TCP:V=6.25%I=7%D=10/2%Time=542D4192%P=i686-pc-linux-gnu%r(NULL
- SF:,17,"root@metasploitable:/#\x20")%r(GenericLines,73,"root@metasploitabl
- SF:e:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20root@metasp
- SF:loitable:/#\x20root@metasploitable:/#\x20")%r(GetRequest,17,"root@metas
- SF:ploitable:/#\x20")%r(HTTPOptions,94,"root@metasploitable:/#\x20bash:\x2
- SF:0OPTIONS:\x20command\x20not\x20found\nroot@metasploitable:/#\x20root@me
- SF:tasploitable:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20
- SF:")%r(RTSPRequest,94,"root@metasploitable:/#\x20bash:\x20OPTIONS:\x20com
- SF:mand\x20not\x20found\nroot@metasploitable:/#\x20root@metasploitable:/#\
- SF:x20root@metasploitable:/#\x20root@metasploitable:/#\x20")%r(RPCCheck,17
- SF:,"root@metasploitable:/#\x20")%r(DNSVersionBindReq,17,"root@metasploita
- SF:ble:/#\x20")%r(DNSStatusRequest,17,"root@metasploitable:/#\x20")%r(Help
- SF:,63,"root@metasploitable:/#\x20bash:\x20HELP:\x20command\x20not\x20foun
- SF:d\nroot@metasploitable:/#\x20root@metasploitable:/#\x20")%r(SSLSessionR
- SF:eq,51,"root@metasploitable:/#\x20bash:\x20{O\?G,\x03Sw=:\x20command\x20
- SF:not\x20found\nroot@metasploitable:/#\x20")%r(Kerberos,AB,"root@metasplo
- SF:itable:/#\x20bash:\x20qjn0k:\x20command\x20not\x20found\nroot@metasploi
- SF:table:/#\x20root@metasploitable:/#\x20\x1b\[H\x1b\[Jbash:\x200krbtgtNM\
- SF:x18:\x20command\x20not\x20found\n\x1b\[H\x1b\[Jroot@metasploitable:/#\x
- SF:20")%r(SMBProgNeg,17,"root@metasploitable:/#\x20")%r(X11Probe,17,"root@
- SF:metasploitable:/#\x20")%r(FourOhFourRequest,5A9,"root@metasploitable:/#
- SF:\x20<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x20Fr
- SF:ameset//EN\"\x20\"http://www\.w3\.org/TR/html4/frameset\.dtd\">\n<!--\x
- SF:20turing_cluster_prod\x20-->\n<html>\n\x20\x20<head>\n\x20\x20\x20\x20<
- SF:meta\x20http-equiv=\"Content-Type\"\x20content=\"text/html;\x20charset=
- SF:utf-8\"\x20/>\n\n\x20\x20\x20\x20<title>http\.com</title>\n\x20\x20\x20
- SF:\x20<meta\x20name=\"keywords\"\x20content=\"http\.com\"\x20/>\n\x20\x20
- SF:\x20\x20<meta\x20name=\"description\"\x20content=\"http\.com\"\x20/>\n\
- SF:x20\x20\x20\x20<meta\x20name=\"robots\"\x20content=\"index,\x20follow\"
- SF:\x20/>\n\x20\x20\x20\x20<meta\x20name=\"revisit-after\"\x20content=\"10
- SF:\"\x20/>\n\n\n\x20\x20\x20\x20<meta\x20name=\"viewport\"\x20content=\"w
- SF:idth=device-width,\x20initial-scale=1\.0\"\x20/>\x20\n\n\n\x20\x20\x20\
- SF:x20\n\x20\x20\x20\x20<script\x20type=\"text/javascript\">\n\x20\x20\x20
- SF:\x20\x20\x20document\.cookie\x20=\x20\"jsc=1\";\n\x20\x20\x20\x20</scri
- SF:pt>\n\n\x20\x20</head>\n\x20\x20<frameset\x20rows=\"100%,\*\"\x20frameb
- SF:order=\"no\"\x20border=\"0\"\x20framespacing=\"0\">\n\x20\x20\x20\x20<f
- SF:rame\x20src=\"http://www\.http\.com\?epl=80DGqBI61BZD-8lWmjtGDQUGV1CQUD
- SF:hFchd_ymSfNCMP5tYktuwN8wKqeymhJSIWcMucwdb760p0cdF3Xm7x0B4w7LFsKAMDx435E
- SF:kOBTvCAlWJlbVgd51yNTzxqeTjxDJ22aipRl");
- MAC Address: 00:50:56:AB:34:E5 (VMware)
- Device type: general purpose
- Running: Linux 2.6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.6
- OS details: Linux 2.6.9 - 2.6.33
- Uptime guess: 0.869 days (since Wed Oct 1 11:28:09 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=204 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: Hosts: metasploitable.localdomain, localhost, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
- Host script results:
- | nbstat:
- | NetBIOS name: METASPLOITABLE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
- | Names
- | METASPLOITABLE<00> Flags: <unique><active>
- | METASPLOITABLE<03> Flags: <unique><active>
- | METASPLOITABLE<20> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- |_ WORKGROUP<1e> Flags: <group><active>
- | smb-os-discovery:
- | OS: Unix (Samba 3.0.20-Debian)
- | NetBIOS computer name:
- | Workgroup: WORKGROUP
- |_ System time: 2014-10-02T07:50:59-04:00
- TRACEROUTE
- HOP RTT ADDRESS
- 1 5.72 ms 192.168.1.104
- Nmap scan report for 192.168.1.112
- Host is up (0.0043s latency).
- All 1000 scanned ports on 192.168.1.112 are closed
- MAC Address: 08:00:27:31:29:5E (Cadmus Computer Systems)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 4.35 ms 192.168.1.112
- Nmap scan report for 192.168.1.114
- Host is up (0.0038s latency).
- All 1000 scanned ports on 192.168.1.114 are closed
- MAC Address: 00:50:56:01:06:C5 (VMware)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 3.79 ms 192.168.1.114
- Nmap scan report for 192.168.1.115
- Host is up (0.0037s latency).
- All 1000 scanned ports on 192.168.1.115 are closed
- MAC Address: 00:50:56:01:06:B3 (VMware)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 3.71 ms 192.168.1.115
- Nmap scan report for 192.168.1.117
- Host is up (0.039s latency).
- Not shown: 998 filtered ports
- PORT STATE SERVICE VERSION
- 88/tcp open kerberos-sec Heimdal Kerberos (server time: 2014-10-02 12:11:17Z)
- 5900/tcp open vnc Apple remote desktop vnc
- | vnc-info:
- |_ ERROR: ERROR
- MAC Address: B8:E8:56:2E:79:70 (Unknown)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: WAP|phone|specialized
- Running: Linksys Linux 2.4.X, Sony Ericsson embedded, iPXE 1.X
- OS CPE: cpe:/o:linksys:linux:2.4 cpe:/h:sonyericsson:u8i_vivaz cpe:/o:ipxe:ipxe:1.0.0%2b
- OS details: Tomato 1.28 (Linux 2.4.20), Sony Ericsson U8i Vivaz mobile phone, iPXE 1.0.0+
- Network Distance: 1 hop
- Service Info: OS: Mac OS X; CPE: cpe:/o:apple:mac_os_x
- TRACEROUTE
- HOP RTT ADDRESS
- 1 39.05 ms 192.168.1.117
- Nmap scan report for 192.168.1.118
- Host is up (0.0041s latency).
- Not shown: 990 closed ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- 49152/tcp open msrpc Microsoft Windows RPC
- 49153/tcp open msrpc Microsoft Windows RPC
- 49154/tcp open msrpc Microsoft Windows RPC
- 49155/tcp open msrpc Microsoft Windows RPC
- 49156/tcp open msrpc Microsoft Windows RPC
- 49157/tcp open msrpc Microsoft Windows RPC
- MAC Address: 08:00:27:54:57:41 (Cadmus Computer Systems)
- Device type: general purpose
- Running: Microsoft Windows 7|2008
- OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
- OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
- Uptime guess: 0.065 days (since Thu Oct 2 06:46:42 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | smb-os-discovery:
- | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
- | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
- | Computer name: cs2lab-PC
- | NetBIOS computer name: CS2LAB-PC
- | Workgroup: WORKGROUP
- |_ System time: 2014-10-02T14:15:12+02:00
- | smb-security-mode:
- | Account that was used for smb scripts: guest
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 4.07 ms 192.168.1.118
- Nmap scan report for 192.168.1.121
- Host is up (0.0040s latency).
- All 1000 scanned ports on 192.168.1.121 are closed
- MAC Address: 08:00:27:7A:0B:13 (Cadmus Computer Systems)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 4.02 ms 192.168.1.121
- Nmap scan report for 192.168.1.125
- Host is up (0.0048s latency).
- Not shown: 989 closed ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 999/tcp open winshell Microsoft Windows 6.1.7601 cmd.exe (**BACKDOOR**)
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- 49152/tcp open msrpc Microsoft Windows RPC
- 49153/tcp open msrpc Microsoft Windows RPC
- 49154/tcp open msrpc Microsoft Windows RPC
- 49155/tcp open msrpc Microsoft Windows RPC
- 49156/tcp open msrpc Microsoft Windows RPC
- 49157/tcp open msrpc Microsoft Windows RPC
- MAC Address: 08:00:27:3E:BB:32 (Cadmus Computer Systems)
- Device type: general purpose
- Running: Microsoft Windows 7|2008
- OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
- OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
- Uptime guess: 0.088 days (since Thu Oct 2 06:13:43 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | smb-os-discovery:
- | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
- | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
- | Computer name: cs2lab-PC
- | NetBIOS computer name: CS2LAB-PC
- | Workgroup: WORKGROUP
- |_ System time: 2014-10-02T14:14:43+02:00
- | smb-security-mode:
- | Account that was used for smb scripts: <blank>
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 4.75 ms 192.168.1.125
- Nmap scan report for 192.168.1.127
- Host is up (0.0053s latency).
- All 1000 scanned ports on 192.168.1.127 are closed
- MAC Address: 08:00:27:AE:82:11 (Cadmus Computer Systems)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 5.30 ms 192.168.1.127
- Nmap scan report for 192.168.1.131
- Host is up (0.0044s latency).
- Not shown: 990 closed ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- 49152/tcp open msrpc Microsoft Windows RPC
- 49153/tcp open msrpc Microsoft Windows RPC
- 49154/tcp open msrpc Microsoft Windows RPC
- 49155/tcp open msrpc Microsoft Windows RPC
- 49156/tcp open msrpc Microsoft Windows RPC
- 49157/tcp open msrpc Microsoft Windows RPC
- MAC Address: 08:00:27:A0:43:AC (Cadmus Computer Systems)
- Device type: general purpose
- Running: Microsoft Windows 7|2008
- OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
- OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
- Uptime guess: 0.043 days (since Thu Oct 2 07:18:45 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=252 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | nbstat:
- | NetBIOS name: CS2LAB-PC, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:a0:43:ac (Cadmus Computer Systems)
- | Names
- |_ CS2LAB-PC<20> Flags: <unique><active>
- | smb-os-discovery:
- | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
- | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
- | Computer name: cs2lab-PC
- | NetBIOS computer name: CS2LAB-PC
- | Workgroup: WORKGROUP
- |_ System time: 2014-10-02T14:15:50+02:00
- | smb-security-mode:
- | Account that was used for smb scripts: guest
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 4.39 ms 192.168.1.131
- Nmap scan report for 192.168.1.134
- Host is up (0.0041s latency).
- All 1000 scanned ports on 192.168.1.134 are closed
- MAC Address: 00:50:56:01:06:BF (VMware)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 4.13 ms 192.168.1.134
- Nmap scan report for 192.168.1.136
- Host is up (0.0054s latency).
- Not shown: 977 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp vsftpd 2.3.4
- |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
- 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
- | ssh-hostkey: 1024 60:0f:cf:e1:c0:5f:6a:74:d6:90:24:fa:c4:d5:6c:cd (DSA)
- |_2048 56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3 (RSA)
- 23/tcp open telnet Linux telnetd
- 25/tcp open smtp Postfix smtpd
- |_smtp-commands: metasploitable.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
- | ssl-cert: Subject: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Issuer: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Public Key type: rsa
- | Public Key bits: 1024
- | Not valid before: 2010-03-17T13:07:45+00:00
- | Not valid after: 2010-04-16T13:07:45+00:00
- | MD5: dcd9 ad90 6c8f 2f73 74af 383b 2540 8828
- |_SHA-1: ed09 3088 7066 03bf d5dc 2373 99b4 98da 2d4d 31c6
- |_ssl-date: 2014-10-02T12:16:29+00:00; -2m57s from local time.
- 53/tcp open domain ISC BIND 9.4.2
- | dns-nsid:
- |_ bind.version: 9.4.2
- 80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
- |_http-title: Metasploitable2 - Linux
- 111/tcp open rpcbind 2 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2 111/tcp rpcbind
- | 100000 2 111/udp rpcbind
- | 100003 2,3,4 2049/tcp nfs
- | 100003 2,3,4 2049/udp nfs
- | 100005 1,2,3 43132/udp mountd
- | 100005 1,2,3 47980/tcp mountd
- | 100021 1,3,4 49676/tcp nlockmgr
- | 100021 1,3,4 50928/udp nlockmgr
- | 100024 1 34488/tcp status
- |_ 100024 1 57037/udp status
- 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
- 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
- 512/tcp open exec netkit-rsh rexecd
- 513/tcp open login?
- 514/tcp open shell?
- 1099/tcp open rmiregistry GNU Classpath grmiregistry
- |_rmi-dumpregistry: Registry listing failed (No return data received from server)
- 1524/tcp open ingreslock?
- 2049/tcp open nfs 2-4 (RPC #100003)
- 2121/tcp open ftp ProFTPD 1.3.1
- 3306/tcp open mysql MySQL 5.0.51a-3ubuntu5
- | mysql-info: Protocol: 10
- | Version: 5.0.51a-3ubuntu5
- | Thread ID: 8
- | Some Capabilities: Connect with DB, Compress, SSL, Transactions, Secure Connection
- | Status: Autocommit
- |_Salt: 4k?9>l'zUy"96E:1'mqr
- 5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7
- 5900/tcp open vnc VNC (protocol 3.3)
- | vnc-info:
- | Protocol version: 3.3
- | Security types:
- |_ Unknown security type (33554432)
- 6000/tcp open X11 (access denied)
- 6667/tcp open irc Unreal ircd
- | irc-info: Server: irc.Metasploitable.LAN
- | Version: Unreal3.2.8.1. irc.Metasploitable.LAN
- | Lservers/Lusers: 0/1
- | Uptime: 0 days, 0:36:38
- | Source host: BD1A38F2.78DED367.FFFA6D49.IP
- |_Source ident: OK nmap
- 8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
- |_ajp-methods: Failed to get a valid response for the OPTION request
- 8180/tcp open http Apache Tomcat/Coyote JSP engine 1.1
- |_http-favicon: Apache Tomcat
- |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
- |_http-title: Apache Tomcat/5.5
- 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
- SF-Port1524-TCP:V=6.25%I=7%D=10/2%Time=542D41B7%P=i686-pc-linux-gnu%r(NULL
- SF:,17,"root@metasploitable:/#\x20")%r(GenericLines,73,"root@metasploitabl
- SF:e:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20root@metasp
- SF:loitable:/#\x20root@metasploitable:/#\x20")%r(GetRequest,17,"root@metas
- SF:ploitable:/#\x20")%r(HTTPOptions,94,"root@metasploitable:/#\x20bash:\x2
- SF:0OPTIONS:\x20command\x20not\x20found\nroot@metasploitable:/#\x20root@me
- SF:tasploitable:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20
- SF:")%r(RTSPRequest,94,"root@metasploitable:/#\x20bash:\x20OPTIONS:\x20com
- SF:mand\x20not\x20found\nroot@metasploitable:/#\x20root@metasploitable:/#\
- SF:x20root@metasploitable:/#\x20root@metasploitable:/#\x20")%r(RPCCheck,17
- SF:,"root@metasploitable:/#\x20")%r(DNSVersionBindReq,17,"root@metasploita
- SF:ble:/#\x20")%r(DNSStatusRequest,17,"root@metasploitable:/#\x20")%r(Help
- SF:,63,"root@metasploitable:/#\x20bash:\x20HELP:\x20command\x20not\x20foun
- SF:d\nroot@metasploitable:/#\x20root@metasploitable:/#\x20")%r(SSLSessionR
- SF:eq,51,"root@metasploitable:/#\x20bash:\x20{O\?G,\x03Sw=:\x20command\x20
- SF:not\x20found\nroot@metasploitable:/#\x20")%r(Kerberos,AB,"root@metasplo
- SF:itable:/#\x20bash:\x20qjn0k:\x20command\x20not\x20found\nroot@metasploi
- SF:table:/#\x20root@metasploitable:/#\x20\x1b\[H\x1b\[Jbash:\x200krbtgtNM\
- SF:x18:\x20command\x20not\x20found\n\x1b\[H\x1b\[Jroot@metasploitable:/#\x
- SF:20")%r(SMBProgNeg,17,"root@metasploitable:/#\x20")%r(X11Probe,17,"root@
- SF:metasploitable:/#\x20")%r(FourOhFourRequest,5A5,"root@metasploitable:/#
- SF:\x20<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x20Fr
- SF:ameset//EN\"\x20\"http://www\.w3\.org/TR/html4/frameset\.dtd\">\n<!--\x
- SF:20turing_cluster_prod\x20-->\n<html>\n\x20\x20<head>\n\x20\x20\x20\x20<
- SF:meta\x20http-equiv=\"Content-Type\"\x20content=\"text/html;\x20charset=
- SF:utf-8\"\x20/>\n\n\x20\x20\x20\x20<title>http\.com</title>\n\x20\x20\x20
- SF:\x20<meta\x20name=\"keywords\"\x20content=\"http\.com\"\x20/>\n\x20\x20
- SF:\x20\x20<meta\x20name=\"description\"\x20content=\"http\.com\"\x20/>\n\
- SF:x20\x20\x20\x20<meta\x20name=\"robots\"\x20content=\"index,\x20follow\"
- SF:\x20/>\n\x20\x20\x20\x20<meta\x20name=\"revisit-after\"\x20content=\"10
- SF:\"\x20/>\n\n\n\x20\x20\x20\x20<meta\x20name=\"viewport\"\x20content=\"w
- SF:idth=device-width,\x20initial-scale=1\.0\"\x20/>\x20\n\n\n\x20\x20\x20\
- SF:x20\n\x20\x20\x20\x20<script\x20type=\"text/javascript\">\n\x20\x20\x20
- SF:\x20\x20\x20document\.cookie\x20=\x20\"jsc=1\";\n\x20\x20\x20\x20</scri
- SF:pt>\n\n\x20\x20</head>\n\x20\x20<frameset\x20rows=\"100%,\*\"\x20frameb
- SF:order=\"no\"\x20border=\"0\"\x20framespacing=\"0\">\n\x20\x20\x20\x20<f
- SF:rame\x20src=\"http://www\.http\.com\?epl=4UnZ3jgGT4u7xrfG3YJNmw57-oGQUD
- SF:hFche_XHKjtLCDoXSSJxdGpJARVEhcjQYFwHouPH9XVFrclKPDJg8GmKGCHn5NsqiIeFWH1
- SF:T0iaDNDEBbuTUQY2gSStLnqob7UPRORRWOVm");
- MAC Address: 08:00:27:C9:AF:62 (Cadmus Computer Systems)
- Device type: general purpose
- Running: Linux 2.6.X
- OS CPE: cpe:/o:linux:linux_kernel:2.6
- OS details: Linux 2.6.9 - 2.6.33
- Uptime guess: 0.023 days (since Thu Oct 2 07:46:35 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=205 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: Hosts: metasploitable.localdomain, localhost, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
- Host script results:
- | nbstat:
- | NetBIOS name: METASPLOITABLE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
- | Names
- | METASPLOITABLE<00> Flags: <unique><active>
- | METASPLOITABLE<03> Flags: <unique><active>
- | METASPLOITABLE<20> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- |_ WORKGROUP<1e> Flags: <group><active>
- | smb-os-discovery:
- | OS: Unix (Samba 3.0.20-Debian)
- | NetBIOS computer name:
- | Workgroup: WORKGROUP
- |_ System time: 2014-10-02T08:15:48-04:00
- TRACEROUTE
- HOP RTT ADDRESS
- 1 5.36 ms 192.168.1.136
- Nmap scan report for 192.168.1.142
- Host is up (0.0046s latency).
- All 1000 scanned ports on 192.168.1.142 are closed
- MAC Address: 00:50:56:01:06:BB (VMware)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 4.57 ms 192.168.1.142
- Nmap scan report for 192.168.1.151
- Host is up (0.0043s latency).
- All 1000 scanned ports on 192.168.1.151 are closed
- MAC Address: 00:50:56:01:06:B8 (VMware)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 4.34 ms 192.168.1.151
- Nmap scan report for 192.168.1.154
- Host is up (0.0015s latency).
- Not shown: 990 closed ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- 49152/tcp open msrpc Microsoft Windows RPC
- 49153/tcp open msrpc Microsoft Windows RPC
- 49154/tcp open msrpc Microsoft Windows RPC
- 49155/tcp open msrpc Microsoft Windows RPC
- 49156/tcp open msrpc Microsoft Windows RPC
- 49158/tcp open msrpc Microsoft Windows RPC
- MAC Address: 08:00:27:47:A4:38 (Cadmus Computer Systems)
- No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=6.25%E=4%D=10/2%OT=135%CT=1%CU=38325%PV=Y%DS=1%DC=D%G=Y%M=080027%
- OS:TM=542D42F7%P=i686-pc-linux-gnu)SEQ(SP=FE%GCD=1%ISR=F7%TI=I%CI=I%II=I%SS
- OS:=S%TS=7)OPS(O1=M5B4NW8ST11%O2=M5B4NW8ST11%O3=M5B4NW8NNT11%O4=M5B4NW8ST11
- OS:%O5=M5B4NW8ST11%O6=M5B4ST11)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%
- OS:W6=2000)ECN(R=Y%DF=Y%T=80%W=2000%O=M5B4NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S
- OS:=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=Y%T=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=Y
- OS:%DF=Y%T=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)T4(R=Y%DF=Y%T=80%W=0%S=A%A=O%F=R%
- OS:O=%RD=0%Q=)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=8
- OS:0%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%
- OS:Q=)U1(R=Y%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=
- OS:Y%DFI=N%T=80%CD=Z)
- Uptime guess: 0.013 days (since Thu Oct 2 08:02:03 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=254 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | smb-os-discovery:
- | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
- | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
- | Computer name: cs2lab-PC
- | NetBIOS computer name: CS2LAB-PC
- | Workgroup: WORKGROUP
- |_ System time: 2014-10-02T14:15:35+02:00
- | smb-security-mode:
- | Account that was used for smb scripts: guest
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.45 ms 192.168.1.154
- Nmap scan report for 192.168.1.155
- Host is up (0.0043s latency).
- All 1000 scanned ports on 192.168.1.155 are closed
- MAC Address: 00:50:56:01:06:BA (VMware)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 4.25 ms 192.168.1.155
- Nmap scan report for 192.168.1.157
- Host is up (0.0029s latency).
- Not shown: 996 filtered ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 49154/tcp open msrpc Microsoft Windows RPC
- MAC Address: 00:50:56:AB:11:13 (VMware)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|phone
- Running (JUST GUESSING): Microsoft Windows 7|Phone|Vista|2008 (95%)
- OS CPE: cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
- Aggressive OS guesses: Microsoft Windows 7 Professional (95%), Microsoft Windows Phone 7.5 (94%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (93%), Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008 (93%), Microsoft Windows Vista Home Premium SP1 (93%), Microsoft Windows Server 2008 SP1 (91%), Microsoft Windows Vista SP0 - SP1 (89%), Microsoft Windows 7 SP1 (89%), Microsoft Windows Vista Home Premium SP1, Windows 7, or Windows Server 2008 (87%), Microsoft Windows 7 SP1 or Windows Server 2008 SP1 - SP2 (87%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 16.238 days (since Tue Sep 16 02:36:57 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=260 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | nbstat:
- | NetBIOS name: CS2LAB-FILES, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:ab:11:13 (VMware)
- | Names
- | CS2LAB-FILES<00> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- |_ CS2LAB-FILES<20> Flags: <unique><active>
- | smb-os-discovery:
- | OS: Windows Server 2012 Standard 9200 (Windows Server 2012 Standard 6.2)
- | OS CPE: cpe:/o:microsoft:windows_server_2012::-
- | Computer name: cs2lab-files
- | NetBIOS computer name: CS2LAB-FILES
- | Workgroup: WORKGROUP
- |_ System time: 2014-10-02T14:16:19+02:00
- | smb-security-mode:
- | Account that was used for smb scripts: guest
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 2.90 ms 192.168.1.157
- Nmap scan report for 192.168.1.159
- Host is up (0.0050s latency).
- Not shown: 989 closed ports
- PORT STATE SERVICE VERSION
- 80/tcp open http PMSoftware Simple Web Server 2.2
- |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
- |_http-title: Simple Web Server 2.2
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- 49152/tcp open msrpc Microsoft Windows RPC
- 49153/tcp open msrpc Microsoft Windows RPC
- 49154/tcp open msrpc Microsoft Windows RPC
- 49155/tcp open msrpc Microsoft Windows RPC
- 49156/tcp open msrpc Microsoft Windows RPC
- 49157/tcp open msrpc Microsoft Windows RPC
- MAC Address: 08:00:27:51:A9:B0 (Cadmus Computer Systems)
- Device type: general purpose
- Running: Microsoft Windows 7|2008
- OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
- OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
- Uptime guess: 0.037 days (since Thu Oct 2 07:26:55 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=257 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | smb-os-discovery:
- | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
- | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
- | Computer name: cs2lab-PC
- | NetBIOS computer name: CS2LAB-PC
- | Workgroup: WORKGROUP
- |_ System time: 2014-10-02T14:15:38+02:00
- | smb-security-mode:
- | Account that was used for smb scripts: guest
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 5.02 ms 192.168.1.159
- Nmap scan report for 192.168.1.163
- Host is up (0.0051s latency).
- Not shown: 990 closed ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- 49152/tcp open msrpc Microsoft Windows RPC
- 49153/tcp open msrpc Microsoft Windows RPC
- 49154/tcp open msrpc Microsoft Windows RPC
- 49155/tcp open msrpc Microsoft Windows RPC
- 49156/tcp open msrpc Microsoft Windows RPC
- 49157/tcp open msrpc Microsoft Windows RPC
- MAC Address: 08:00:27:3A:6D:C3 (Cadmus Computer Systems)
- Device type: general purpose
- Running: Microsoft Windows 7|2008
- OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
- OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
- Uptime guess: 0.066 days (since Thu Oct 2 06:44:37 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=260 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | smb-os-discovery:
- | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
- | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
- | Computer name: cs2lab-PC
- | NetBIOS computer name: CS2LAB-PC
- | Workgroup: WORKGROUP
- |_ System time: 2014-10-02T14:15:15+02:00
- | smb-security-mode:
- | Account that was used for smb scripts: guest
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 5.10 ms 192.168.1.163
- Nmap scan report for 192.168.1.166
- Host is up (0.0052s latency).
- Not shown: 994 closed ports
- PORT STATE SERVICE VERSION
- 23/tcp open telnet HP JetDirect telnetd
- 80/tcp open http Virata-EmWeb 6.2.1
- |_http-methods: No Allow or Public header in OPTIONS response (status code 501)
- |_http-title: HP LaserJet P2055dn 192.168.1.166
- 280/tcp open http Virata-EmWeb 6.2.1
- |_http-methods: No Allow or Public header in OPTIONS response (status code 501)
- |_http-title: HP LaserJet P2055dn 192.168.1.166
- 443/tcp open ssl/http Virata-EmWeb 6.2.1
- |_http-methods: No Allow or Public header in OPTIONS response (status code 501)
- |_http-title: HP LaserJet P2055dn 192.168.1.166
- | ssl-cert: Subject: commonName=HP Jetdirect DE835ECB/organizationName=Hewlett-Packard Co.
- | Issuer: commonName=HP Jetdirect DE835ECB/organizationName=Hewlett-Packard Co.
- | Public Key type: rsa
- | Public Key bits: 1024
- | Not valid before: 2002-01-01T00:00:00+00:00
- | Not valid after: 2007-01-01T00:00:00+00:00
- | MD5: ed66 3c15 ebe5 98bd 0873 66bd c3d7 f456
- |_SHA-1: f3d9 e5a1 33db bdae a9f1 a83e d4fa a3ee 8ee9 05cc
- |_ssl-date: 1970-01-10T07:46:20+00:00; -44y265d4h31m49s from local time.
- 515/tcp open printer
- 9100/tcp open jetdirect?
- MAC Address: 1C:C1:DE:83:5E:CB (Hewlett-Packard Company)
- Device type: printer
- Running: HP embedded
- OS details: HP LaserJet 2055dn, 2420, P3005, CP4005, 4250, or P4014 printer
- Uptime guess: 9.325 days (since Tue Sep 23 00:31:39 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=262 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: Device: printer
- TRACEROUTE
- HOP RTT ADDRESS
- 1 5.20 ms 192.168.1.166
- Initiating ARP Ping Scan at 08:20
- Scanning 88 hosts [1 port/host]
- Completed ARP Ping Scan at 08:20, 0.63s elapsed (88 total hosts)
- Initiating Parallel DNS resolution of 88 hosts. at 08:20
- Completed Parallel DNS resolution of 88 hosts. at 08:20, 0.04s elapsed
- Nmap scan report for 192.168.1.168 [host down]
- Nmap scan report for 192.168.1.169 [host down]
- Initiating SYN Stealth Scan at 08:20
- Scanning 192.168.1.167 [1000 ports]
- Completed SYN Stealth Scan at 08:20, 0.02s elapsed (1000 total ports)
- Initiating Service scan at 08:20
- Initiating OS detection (try #1) against 192.168.1.167
- Retrying OS detection (try #2) against 192.168.1.167
- NSE: Script scanning 192.168.1.167.
- Initiating NSE at 08:20
- Completed NSE at 08:20, 0.00s elapsed
- Nmap scan report for 192.168.1.167
- Host is up (0.000022s latency).
- All 1000 scanned ports on 192.168.1.167 are closed
- Too many fingerprints match this host to give specific OS details
- Network Distance: 0 hops
- Nmap scan report for 192.168.1.171 [host down]
- Nmap scan report for 192.168.1.174 [host down]
- Nmap scan report for 192.168.1.177 [host down]
- Nmap scan report for 192.168.1.178 [host down]
- Nmap scan report for 192.168.1.179 [host down]
- Nmap scan report for 192.168.1.180 [host down]
- Nmap scan report for 192.168.1.181 [host down]
- Nmap scan report for 192.168.1.182 [host down]
- Nmap scan report for 192.168.1.184 [host down]
- Nmap scan report for 192.168.1.185 [host down]
- Nmap scan report for 192.168.1.187 [host down]
- Nmap scan report for 192.168.1.188 [host down]
- Nmap scan report for 192.168.1.194 [host down]
- Nmap scan report for 192.168.1.195 [host down]
- Nmap scan report for 192.168.1.196 [host down]
- Nmap scan report for 192.168.1.197 [host down]
- Nmap scan report for 192.168.1.200 [host down]
- Nmap scan report for 192.168.1.201 [host down]
- Nmap scan report for 192.168.1.202 [host down]
- Nmap scan report for 192.168.1.203 [host down]
- Nmap scan report for 192.168.1.204 [host down]
- Nmap scan report for 192.168.1.205 [host down]
- Nmap scan report for 192.168.1.206 [host down]
- Nmap scan report for 192.168.1.207 [host down]
- Nmap scan report for 192.168.1.208 [host down]
- Nmap scan report for 192.168.1.209 [host down]
- Nmap scan report for 192.168.1.210 [host down]
- Nmap scan report for 192.168.1.211 [host down]
- Nmap scan report for 192.168.1.212 [host down]
- Nmap scan report for 192.168.1.213 [host down]
- Nmap scan report for 192.168.1.214 [host down]
- Nmap scan report for 192.168.1.215 [host down]
- Nmap scan report for 192.168.1.216 [host down]
- Nmap scan report for 192.168.1.217 [host down]
- Nmap scan report for 192.168.1.218 [host down]
- Nmap scan report for 192.168.1.219 [host down]
- Nmap scan report for 192.168.1.220 [host down]
- Nmap scan report for 192.168.1.221 [host down]
- Nmap scan report for 192.168.1.222 [host down]
- Nmap scan report for 192.168.1.223 [host down]
- Nmap scan report for 192.168.1.224 [host down]
- Nmap scan report for 192.168.1.225 [host down]
- Nmap scan report for 192.168.1.226 [host down]
- Nmap scan report for 192.168.1.227 [host down]
- Nmap scan report for 192.168.1.228 [host down]
- Nmap scan report for 192.168.1.229 [host down]
- Nmap scan report for 192.168.1.230 [host down]
- Nmap scan report for 192.168.1.231 [host down]
- Nmap scan report for 192.168.1.232 [host down]
- Nmap scan report for 192.168.1.233 [host down]
- Nmap scan report for 192.168.1.234 [host down]
- Nmap scan report for 192.168.1.235 [host down]
- Nmap scan report for 192.168.1.236 [host down]
- Nmap scan report for 192.168.1.237 [host down]
- Nmap scan report for 192.168.1.238 [host down]
- Nmap scan report for 192.168.1.239 [host down]
- Nmap scan report for 192.168.1.240 [host down]
- Nmap scan report for 192.168.1.241 [host down]
- Nmap scan report for 192.168.1.242 [host down]
- Nmap scan report for 192.168.1.243 [host down]
- Nmap scan report for 192.168.1.244 [host down]
- Nmap scan report for 192.168.1.245 [host down]
- Nmap scan report for 192.168.1.246 [host down]
- Nmap scan report for 192.168.1.247 [host down]
- Nmap scan report for 192.168.1.248 [host down]
- Nmap scan report for 192.168.1.249 [host down]
- Nmap scan report for 192.168.1.250 [host down]
- Nmap scan report for 192.168.1.251 [host down]
- Nmap scan report for 192.168.1.252 [host down]
- Nmap scan report for 192.168.1.253 [host down]
- Nmap scan report for 192.168.1.254 [host down]
- Nmap scan report for 192.168.1.255 [host down]
- Initiating SYN Stealth Scan at 08:20
- Scanning 14 hosts [1000 ports/host]
- Discovered open port 135/tcp on 192.168.1.190
- Discovered open port 135/tcp on 192.168.1.189
- Discovered open port 135/tcp on 192.168.1.191
- Discovered open port 135/tcp on 192.168.1.192
- Discovered open port 135/tcp on 192.168.1.170
- Discovered open port 445/tcp on 192.168.1.190
- Discovered open port 445/tcp on 192.168.1.170
- Discovered open port 135/tcp on 192.168.1.199
- Discovered open port 445/tcp on 192.168.1.199
- Discovered open port 445/tcp on 192.168.1.191
- Discovered open port 445/tcp on 192.168.1.192
- Discovered open port 445/tcp on 192.168.1.189
- Discovered open port 139/tcp on 192.168.1.191
- Discovered open port 139/tcp on 192.168.1.170
- Discovered open port 49154/tcp on 192.168.1.170
- Discovered open port 49154/tcp on 192.168.1.191
- Discovered open port 49157/tcp on 192.168.1.191
- Discovered open port 5357/tcp on 192.168.1.170
- Discovered open port 5357/tcp on 192.168.1.191
- Discovered open port 49153/tcp on 192.168.1.191
- Discovered open port 49153/tcp on 192.168.1.170
- Discovered open port 49158/tcp on 192.168.1.170
- Discovered open port 49152/tcp on 192.168.1.170
- Discovered open port 49152/tcp on 192.168.1.191
- Discovered open port 12345/tcp on 192.168.1.170
- Discovered open port 49156/tcp on 192.168.1.191
- Discovered open port 49156/tcp on 192.168.1.170
- Discovered open port 49155/tcp on 192.168.1.191
- Discovered open port 139/tcp on 192.168.1.190
- Discovered open port 49155/tcp on 192.168.1.170
- Discovered open port 139/tcp on 192.168.1.189
- Discovered open port 139/tcp on 192.168.1.199
- Discovered open port 139/tcp on 192.168.1.192
- Discovered open port 5357/tcp on 192.168.1.190
- Discovered open port 5357/tcp on 192.168.1.189
- Discovered open port 5357/tcp on 192.168.1.192
- Discovered open port 5357/tcp on 192.168.1.199
- Completed SYN Stealth Scan against 192.168.1.191 in 2.65s (13 hosts left)
- Completed SYN Stealth Scan against 192.168.1.193 in 2.66s (12 hosts left)
- Completed SYN Stealth Scan against 192.168.1.198 in 2.68s (11 hosts left)
- Completed SYN Stealth Scan against 192.168.1.172 in 2.70s (10 hosts left)
- Completed SYN Stealth Scan against 192.168.1.170 in 2.70s (9 hosts left)
- Completed SYN Stealth Scan against 192.168.1.175 in 2.70s (8 hosts left)
- Completed SYN Stealth Scan against 192.168.1.176 in 2.70s (7 hosts left)
- Completed SYN Stealth Scan against 192.168.1.173 in 2.71s (6 hosts left)
- Completed SYN Stealth Scan against 192.168.1.183 in 2.72s (5 hosts left)
- Completed SYN Stealth Scan against 192.168.1.186 in 2.74s (4 hosts left)
- Completed SYN Stealth Scan against 192.168.1.192 in 5.36s (3 hosts left)
- Completed SYN Stealth Scan against 192.168.1.189 in 5.37s (2 hosts left)
- Completed SYN Stealth Scan against 192.168.1.199 in 5.37s (1 host left)
- Completed SYN Stealth Scan at 08:20, 5.37s elapsed (14000 total ports)
- Initiating Service scan at 08:20
- Scanning 37 services on 14 hosts
- Completed Service scan at 08:21, 53.60s elapsed (37 services on 14 hosts)
- Initiating OS detection (try #1) against 14 hosts
- Retrying OS detection (try #2) against 8 hosts
- NSE: Script scanning 14 hosts.
- Initiating NSE at 08:21
- Completed NSE at 08:21, 42.35s elapsed
- Initiating NSE at 08:21
- Completed NSE at 08:21, 0.01s elapsed
- Nmap scan report for 192.168.1.170
- Host is up (0.00041s latency).
- Not shown: 989 closed ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- 12345/tcp open netbus NetBus trojan 1.70
- | netbus-info:
- | APPLICATIONS
- | Start
- | Welcome to Facebook - Log In, Sign Up or Learn More - Windows Internet Explorer (active)
- | Welcome to Facebook - Log In, Sign Up or Learn More - Mozilla Firefox
- | C:\Windows\system32\cmd.exe
- | Program Manager
- | INFO
- | Program Path: C:\Users\cs2lab\Desktop\SecurityPrograms\netbus\Patch.exe
- | Restart persistent: Yes
- | Login ID: cs2lab
- | Clients connected to this host: 1
- | SETUP
- | TCP-port: 12345
- | Log traffic: 0
- | Password:
- | Notify to:
- | Notify from:
- | SMTP-server:
- | VOLUME
- | Wave: 255
- | Synth: 0
- |_ Cd: 0
- 49152/tcp open msrpc Microsoft Windows RPC
- 49153/tcp open msrpc Microsoft Windows RPC
- 49154/tcp open msrpc Microsoft Windows RPC
- 49155/tcp open msrpc Microsoft Windows RPC
- 49156/tcp open msrpc Microsoft Windows RPC
- 49158/tcp open msrpc Microsoft Windows RPC
- MAC Address: 08:00:27:CA:81:BC (Cadmus Computer Systems)
- Device type: general purpose
- Running: Microsoft Windows 7|2008
- OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
- OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
- Uptime guess: 0.048 days (since Thu Oct 2 07:13:13 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | smb-os-discovery:
- | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
- | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
- | Computer name: cs2lab-PC
- | NetBIOS computer name: CS2LAB-PC
- | Workgroup: WORKGROUP
- |_ System time: 2014-10-02T14:18:16+02:00
- | smb-security-mode:
- | Account that was used for smb scripts: <blank>
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 0.41 ms 192.168.1.170
- Nmap scan report for 192.168.1.172
- Host is up (0.0019s latency).
- All 1000 scanned ports on 192.168.1.172 are closed
- MAC Address: 08:00:27:38:10:87 (Cadmus Computer Systems)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.91 ms 192.168.1.172
- Nmap scan report for 192.168.1.173
- Host is up (0.0016s latency).
- All 1000 scanned ports on 192.168.1.173 are closed
- MAC Address: 00:50:56:01:06:B2 (VMware)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.58 ms 192.168.1.173
- Nmap scan report for 192.168.1.175
- Host is up (0.0018s latency).
- All 1000 scanned ports on 192.168.1.175 are closed
- MAC Address: 08:00:27:0D:DD:45 (Cadmus Computer Systems)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.82 ms 192.168.1.175
- Nmap scan report for 192.168.1.176
- Host is up (0.0018s latency).
- All 1000 scanned ports on 192.168.1.176 are closed
- MAC Address: 00:50:56:01:06:C1 (VMware)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.82 ms 192.168.1.176
- Nmap scan report for 192.168.1.183
- Host is up (0.0020s latency).
- All 1000 scanned ports on 192.168.1.183 are closed
- MAC Address: 08:00:27:15:30:B3 (Cadmus Computer Systems)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 2.04 ms 192.168.1.183
- Nmap scan report for 192.168.1.186
- Host is up (0.0019s latency).
- All 1000 scanned ports on 192.168.1.186 are closed
- MAC Address: 08:00:27:28:83:2F (Cadmus Computer Systems)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.92 ms 192.168.1.186
- Nmap scan report for 192.168.1.189
- Host is up (0.0017s latency).
- Not shown: 996 filtered ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- MAC Address: 00:24:E8:2B:72:F8 (Dell)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose
- Running: Microsoft Windows Vista|2008|7
- OS CPE: cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_7
- OS details: Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008
- Uptime guess: 0.072 days (since Thu Oct 2 06:37:58 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=256 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | nbstat:
- | NetBIOS name: SECI020, NetBIOS user: <unknown>, NetBIOS MAC: 00:24:e8:2b:72:f8 (Dell)
- | Names
- | SECI020<00> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- |_ SECI020<20> Flags: <unique><active>
- | smb-security-mode:
- | Account that was used for smb scripts: guest
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.73 ms 192.168.1.189
- Nmap scan report for 192.168.1.190
- Host is up (0.00027s latency).
- Not shown: 996 filtered ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- MAC Address: 00:24:E8:1F:33:C7 (Dell)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|phone
- Running: Microsoft Windows 7|Vista|2008|Phone
- OS CPE: cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows
- OS details: Microsoft Windows 7 Professional, Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
- Uptime guess: 0.080 days (since Thu Oct 2 06:27:01 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=262 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | nbstat:
- | NetBIOS name: SECI002, NetBIOS user: <unknown>, NetBIOS MAC: 00:24:e8:1f:33:c7 (Dell)
- | Names
- | SECI002<00> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- |_ SECI002<20> Flags: <unique><active>
- | smb-security-mode:
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 0.27 ms 192.168.1.190
- Nmap scan report for 192.168.1.191
- Host is up (0.0015s latency).
- Not shown: 990 closed ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- 49152/tcp open msrpc Microsoft Windows RPC
- 49153/tcp open msrpc Microsoft Windows RPC
- 49154/tcp open msrpc Microsoft Windows RPC
- 49155/tcp open msrpc Microsoft Windows RPC
- 49156/tcp open msrpc Microsoft Windows RPC
- 49157/tcp open msrpc Microsoft Windows RPC
- MAC Address: 08:00:27:34:F4:30 (Cadmus Computer Systems)
- Device type: general purpose
- Running: Microsoft Windows 7|2008
- OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
- OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
- Uptime guess: 0.012 days (since Thu Oct 2 08:04:46 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=258 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | smb-os-discovery:
- | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
- | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
- | Computer name: cs2lab-PC
- | NetBIOS computer name: CS2LAB-PC
- | Workgroup: WORKGROUP
- |_ System time: 2014-10-02T14:18:21+02:00
- | smb-security-mode:
- | Account that was used for smb scripts: <blank>
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.52 ms 192.168.1.191
- Nmap scan report for 192.168.1.192
- Host is up (0.0018s latency).
- Not shown: 996 filtered ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- MAC Address: 00:24:E8:1F:17:71 (Dell)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose
- Running: Microsoft Windows 7|Vista|2008
- OS CPE: cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1
- OS details: Microsoft Windows 7 Professional, Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008
- Uptime guess: 0.086 days (since Thu Oct 2 06:17:24 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=258 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | nbstat:
- | NetBIOS name: SECI069, NetBIOS user: <unknown>, NetBIOS MAC: 00:24:e8:1f:17:71 (Dell)
- | Names
- | SECI069<00> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- |_ SECI069<20> Flags: <unique><active>
- | smb-security-mode:
- | Account that was used for smb scripts: guest
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.78 ms 192.168.1.192
- Nmap scan report for 192.168.1.193
- Host is up (0.0017s latency).
- All 1000 scanned ports on 192.168.1.193 are closed
- MAC Address: 00:50:56:01:06:BD (VMware)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.75 ms 192.168.1.193
- Nmap scan report for 192.168.1.198
- Host is up (0.0018s latency).
- All 1000 scanned ports on 192.168.1.198 are closed
- MAC Address: 00:50:56:01:06:B6 (VMware)
- Too many fingerprints match this host to give specific OS details
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.83 ms 192.168.1.198
- Nmap scan report for 192.168.1.199
- Host is up (0.0016s latency).
- Not shown: 996 filtered ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn
- 445/tcp open netbios-ssn
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
- |_http-title: Service Unavailable
- MAC Address: 00:24:E8:2B:73:64 (Dell)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|phone
- Running: Microsoft Windows Vista|2008|7|Phone
- OS CPE: cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows
- OS details: Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
- Uptime guess: 0.097 days (since Thu Oct 2 06:01:52 2014)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=263 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- | nbstat:
- | NetBIOS name: SECI025, NetBIOS user: <unknown>, NetBIOS MAC: 00:24:e8:2b:73:64 (Dell)
- | Names
- | SECI025<00> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- |_ SECI025<20> Flags: <unique><active>
- | smb-security-mode:
- | Account that was used for smb scripts: <blank>
- | User-level authentication
- | SMB Security: Challenge/response passwords supported
- |_ Message signing disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 1.65 ms 192.168.1.199
- NSE: Script Post-scanning.
- Initiating NSE at 08:21
- Completed NSE at 08:21, 0.00s elapsed
- Post-scan script results:
- | ssh-hostkey: Possible duplicate hosts
- | Key 2048 56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3 (RSA) used by:
- | 192.168.1.32
- | 192.168.1.103
- | 192.168.1.104
- | 192.168.1.136
- | Key 1024 60:0f:cf:e1:c0:5f:6a:74:d6:90:24:fa:c4:d5:6c:cd (DSA) used by:
- | 192.168.1.32
- | 192.168.1.103
- | 192.168.1.104
- |_ 192.168.1.136
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
- Nmap done: 256 IP addresses (53 hosts up) scanned in 575.69 seconds
- Raw packets sent: 68161 (3.070MB) | Rcvd: 42237 (1.747MB)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement