Kali intese scan

1.  
2. Starting Nmap 6.25 ( http://nmap.org ) at 2014-10-02 08:12 EDT
3. NSE: Loaded 106 scripts for scanning.
4. NSE: Script Pre-scanning.
5. Initiating ARP Ping Scan at 08:12
6. Scanning 167 hosts [1 port/host]
7. Completed ARP Ping Scan at 08:12, 1.29s elapsed (167 total hosts)
8. Initiating Parallel DNS resolution of 167 hosts. at 08:12
9. Completed Parallel DNS resolution of 167 hosts. at 08:12, 4.00s elapsed
10. Nmap scan report for 192.168.1.0 [host down]
11. Nmap scan report for 192.168.1.2 [host down]
12. Nmap scan report for 192.168.1.3 [host down]
13. Nmap scan report for 192.168.1.4 [host down]
14. Nmap scan report for 192.168.1.6 [host down]
15. Nmap scan report for 192.168.1.7 [host down]
16. Nmap scan report for 192.168.1.9 [host down]
17. Nmap scan report for 192.168.1.10 [host down]
18. Nmap scan report for 192.168.1.11 [host down]
19. Nmap scan report for 192.168.1.12 [host down]
20. Nmap scan report for 192.168.1.14 [host down]
21. Nmap scan report for 192.168.1.15 [host down]
22. Nmap scan report for 192.168.1.16 [host down]
23. Nmap scan report for 192.168.1.17 [host down]
24. Nmap scan report for 192.168.1.18 [host down]
25. Nmap scan report for 192.168.1.19 [host down]
26. Nmap scan report for 192.168.1.20 [host down]
27. Nmap scan report for 192.168.1.21 [host down]
28. Nmap scan report for 192.168.1.22 [host down]
29. Nmap scan report for 192.168.1.23 [host down]
30. Nmap scan report for 192.168.1.24 [host down]
31. Nmap scan report for 192.168.1.26 [host down]
32. Nmap scan report for 192.168.1.27 [host down]
33. Nmap scan report for 192.168.1.28 [host down]
34. Nmap scan report for 192.168.1.29 [host down]
35. Nmap scan report for 192.168.1.33 [host down]
36. Nmap scan report for 192.168.1.34 [host down]
37. Nmap scan report for 192.168.1.36 [host down]
38. Nmap scan report for 192.168.1.37 [host down]
39. Nmap scan report for 192.168.1.38 [host down]
40. Nmap scan report for 192.168.1.39 [host down]
41. Nmap scan report for 192.168.1.41 [host down]
42. Nmap scan report for 192.168.1.42 [host down]
43. Nmap scan report for 192.168.1.43 [host down]
44. Nmap scan report for 192.168.1.44 [host down]
45. Nmap scan report for 192.168.1.46 [host down]
46. Nmap scan report for 192.168.1.47 [host down]
47. Nmap scan report for 192.168.1.48 [host down]
48. Nmap scan report for 192.168.1.49 [host down]
49. Nmap scan report for 192.168.1.51 [host down]
50. Nmap scan report for 192.168.1.52 [host down]
51. Nmap scan report for 192.168.1.53 [host down]
52. Nmap scan report for 192.168.1.54 [host down]
53. Nmap scan report for 192.168.1.55 [host down]
54. Nmap scan report for 192.168.1.56 [host down]
55. Nmap scan report for 192.168.1.57 [host down]
56. Nmap scan report for 192.168.1.58 [host down]
57. Nmap scan report for 192.168.1.59 [host down]
58. Nmap scan report for 192.168.1.60 [host down]
59. Nmap scan report for 192.168.1.61 [host down]
60. Nmap scan report for 192.168.1.62 [host down]
61. Nmap scan report for 192.168.1.63 [host down]
62. Nmap scan report for 192.168.1.64 [host down]
63. Nmap scan report for 192.168.1.65 [host down]
64. Nmap scan report for 192.168.1.66 [host down]
65. Nmap scan report for 192.168.1.67 [host down]
66. Nmap scan report for 192.168.1.68 [host down]
67. Nmap scan report for 192.168.1.69 [host down]
68. Nmap scan report for 192.168.1.70 [host down]
69. Nmap scan report for 192.168.1.71 [host down]
70. Nmap scan report for 192.168.1.72 [host down]
71. Nmap scan report for 192.168.1.73 [host down]
72. Nmap scan report for 192.168.1.74 [host down]
73. Nmap scan report for 192.168.1.75 [host down]
74. Nmap scan report for 192.168.1.76 [host down]
75. Nmap scan report for 192.168.1.77 [host down]
76. Nmap scan report for 192.168.1.78 [host down]
77. Nmap scan report for 192.168.1.79 [host down]
78. Nmap scan report for 192.168.1.80 [host down]
79. Nmap scan report for 192.168.1.82 [host down]
80. Nmap scan report for 192.168.1.83 [host down]
81. Nmap scan report for 192.168.1.87 [host down]
82. Nmap scan report for 192.168.1.88 [host down]
83. Nmap scan report for 192.168.1.89 [host down]
84. Nmap scan report for 192.168.1.91 [host down]
85. Nmap scan report for 192.168.1.92 [host down]
86. Nmap scan report for 192.168.1.93 [host down]
87. Nmap scan report for 192.168.1.94 [host down]
88. Nmap scan report for 192.168.1.95 [host down]
89. Nmap scan report for 192.168.1.96 [host down]
90. Nmap scan report for 192.168.1.97 [host down]
91. Nmap scan report for 192.168.1.98 [host down]
92. Nmap scan report for 192.168.1.99 [host down]
93. Nmap scan report for 192.168.1.100 [host down]
94. Nmap scan report for 192.168.1.101 [host down]
95. Nmap scan report for 192.168.1.102 [host down]
96. Nmap scan report for 192.168.1.105 [host down]
97. Nmap scan report for 192.168.1.106 [host down]
98. Nmap scan report for 192.168.1.107 [host down]
99. Nmap scan report for 192.168.1.108 [host down]
100. Nmap scan report for 192.168.1.109 [host down]
101. Nmap scan report for 192.168.1.110 [host down]
102. Nmap scan report for 192.168.1.111 [host down]
103. Nmap scan report for 192.168.1.113 [host down]
104. Nmap scan report for 192.168.1.116 [host down]
105. Nmap scan report for 192.168.1.119 [host down]
106. Nmap scan report for 192.168.1.120 [host down]
107. Nmap scan report for 192.168.1.122 [host down]
108. Nmap scan report for 192.168.1.123 [host down]
109. Nmap scan report for 192.168.1.124 [host down]
110. Nmap scan report for 192.168.1.126 [host down]
111. Nmap scan report for 192.168.1.128 [host down]
112. Nmap scan report for 192.168.1.129 [host down]
113. Nmap scan report for 192.168.1.130 [host down]
114. Nmap scan report for 192.168.1.132 [host down]
115. Nmap scan report for 192.168.1.133 [host down]
116. Nmap scan report for 192.168.1.135 [host down]
117. Nmap scan report for 192.168.1.137 [host down]
118. Nmap scan report for 192.168.1.138 [host down]
119. Nmap scan report for 192.168.1.139 [host down]
120. Nmap scan report for 192.168.1.140 [host down]
121. Nmap scan report for 192.168.1.141 [host down]
122. Nmap scan report for 192.168.1.143 [host down]
123. Nmap scan report for 192.168.1.144 [host down]
124. Nmap scan report for 192.168.1.145 [host down]
125. Nmap scan report for 192.168.1.146 [host down]
126. Nmap scan report for 192.168.1.147 [host down]
127. Nmap scan report for 192.168.1.148 [host down]
128. Nmap scan report for 192.168.1.149 [host down]
129. Nmap scan report for 192.168.1.150 [host down]
130. Nmap scan report for 192.168.1.152 [host down]
131. Nmap scan report for 192.168.1.153 [host down]
132. Nmap scan report for 192.168.1.156 [host down]
133. Nmap scan report for 192.168.1.158 [host down]
134. Nmap scan report for 192.168.1.160 [host down]
135. Nmap scan report for 192.168.1.161 [host down]
136. Nmap scan report for 192.168.1.162 [host down]
137. Nmap scan report for 192.168.1.164 [host down]
138. Nmap scan report for 192.168.1.165 [host down]
139. Initiating Parallel DNS resolution of 1 host. at 08:12
140. Completed Parallel DNS resolution of 1 host. at 08:12, 0.00s elapsed
141. Initiating SYN Stealth Scan at 08:12
142. Scanning 38 hosts [1000 ports/host]
143. Discovered open port 111/tcp on 192.168.1.5
144. Discovered open port 111/tcp on 192.168.1.8
145. Discovered open port 111/tcp on 192.168.1.31
146. Discovered open port 111/tcp on 192.168.1.32
147. Discovered open port 111/tcp on 192.168.1.40
148. Discovered open port 111/tcp on 192.168.1.104
149. Discovered open port 111/tcp on 192.168.1.103
150. Discovered open port 111/tcp on 192.168.1.136
151. Discovered open port 135/tcp on 192.168.1.25
152. Discovered open port 135/tcp on 192.168.1.35
153. Discovered open port 111/tcp on 192.168.1.50
154. Discovered open port 135/tcp on 192.168.1.30
155. Discovered open port 135/tcp on 192.168.1.84
156. Discovered open port 135/tcp on 192.168.1.85
157. Discovered open port 135/tcp on 192.168.1.86
158. Discovered open port 135/tcp on 192.168.1.90
159. Discovered open port 135/tcp on 192.168.1.118
160. Discovered open port 135/tcp on 192.168.1.131
161. Discovered open port 135/tcp on 192.168.1.125
162. Discovered open port 135/tcp on 192.168.1.159
163. Discovered open port 135/tcp on 192.168.1.157
164. Discovered open port 445/tcp on 192.168.1.5
165. Discovered open port 135/tcp on 192.168.1.163
166. Discovered open port 445/tcp on 192.168.1.13
167. Discovered open port 445/tcp on 192.168.1.25
168. Discovered open port 445/tcp on 192.168.1.30
169. Discovered open port 445/tcp on 192.168.1.32
170. Discovered open port 445/tcp on 192.168.1.35
171. Discovered open port 135/tcp on 192.168.1.81
172. Discovered open port 445/tcp on 192.168.1.84
173. Discovered open port 445/tcp on 192.168.1.85
174. Discovered open port 445/tcp on 192.168.1.86
175. Discovered open port 445/tcp on 192.168.1.90
176. Discovered open port 445/tcp on 192.168.1.103
177. Discovered open port 445/tcp on 192.168.1.104
178. Discovered open port 445/tcp on 192.168.1.118
179. Discovered open port 445/tcp on 192.168.1.131
180. Discovered open port 445/tcp on 192.168.1.125
181. Discovered open port 445/tcp on 192.168.1.136
182. Discovered open port 445/tcp on 192.168.1.157
183. Discovered open port 135/tcp on 192.168.1.154
184. Discovered open port 445/tcp on 192.168.1.81
185. Discovered open port 445/tcp on 192.168.1.159
186. Discovered open port 445/tcp on 192.168.1.154
187. Discovered open port 443/tcp on 192.168.1.5
188. Discovered open port 443/tcp on 192.168.1.31
189. Discovered open port 445/tcp on 192.168.1.163
190. Discovered open port 443/tcp on 192.168.1.1
191. Discovered open port 443/tcp on 192.168.1.166
192. Discovered open port 443/tcp on 192.168.1.50
193. Discovered open port 25/tcp on 192.168.1.103
194. Discovered open port 25/tcp on 192.168.1.32
195. Discovered open port 25/tcp on 192.168.1.104
196. Discovered open port 25/tcp on 192.168.1.136
197. Discovered open port 80/tcp on 192.168.1.8
198. Discovered open port 80/tcp on 192.168.1.45
199. Discovered open port 80/tcp on 192.168.1.103
200. Discovered open port 80/tcp on 192.168.1.5
201. Discovered open port 80/tcp on 192.168.1.31
202. Discovered open port 80/tcp on 192.168.1.32
203. Discovered open port 80/tcp on 192.168.1.35
204. Discovered open port 80/tcp on 192.168.1.50
205. Discovered open port 80/tcp on 192.168.1.104
206. Discovered open port 80/tcp on 192.168.1.136
207. Discovered open port 80/tcp on 192.168.1.166
208. Discovered open port 80/tcp on 192.168.1.159
209. Discovered open port 23/tcp on 192.168.1.103
210. Discovered open port 23/tcp on 192.168.1.32
211. Discovered open port 23/tcp on 192.168.1.104
212. Discovered open port 23/tcp on 192.168.1.136
213. Discovered open port 23/tcp on 192.168.1.166
214. Discovered open port 3389/tcp on 192.168.1.35
215. Discovered open port 3306/tcp on 192.168.1.103
216. Discovered open port 3306/tcp on 192.168.1.32
217. Discovered open port 3306/tcp on 192.168.1.104
218. Discovered open port 3306/tcp on 192.168.1.136
219. Discovered open port 5900/tcp on 192.168.1.103
220. Discovered open port 5900/tcp on 192.168.1.32
221. Discovered open port 5900/tcp on 192.168.1.104
222. Discovered open port 5900/tcp on 192.168.1.136
223. Discovered open port 22/tcp on 192.168.1.103
224. Discovered open port 22/tcp on 192.168.1.5
225. Discovered open port 22/tcp on 192.168.1.32
226. Discovered open port 22/tcp on 192.168.1.45
227. Discovered open port 22/tcp on 192.168.1.50
228. Discovered open port 22/tcp on 192.168.1.104
229. Discovered open port 22/tcp on 192.168.1.136
230. Discovered open port 21/tcp on 192.168.1.103
231. Discovered open port 21/tcp on 192.168.1.5
232. Discovered open port 21/tcp on 192.168.1.32
233. Discovered open port 21/tcp on 192.168.1.35
234. Discovered open port 21/tcp on 192.168.1.104
235. Discovered open port 139/tcp on 192.168.1.103
236. Discovered open port 21/tcp on 192.168.1.136
237. Discovered open port 139/tcp on 192.168.1.5
238. Discovered open port 139/tcp on 192.168.1.32
239. Discovered open port 139/tcp on 192.168.1.35
240. Discovered open port 139/tcp on 192.168.1.104
241. Discovered open port 53/tcp on 192.168.1.103
242. Discovered open port 139/tcp on 192.168.1.125
243. Discovered open port 139/tcp on 192.168.1.159
244. Discovered open port 139/tcp on 192.168.1.136
245. Discovered open port 139/tcp on 192.168.1.25
246. Discovered open port 53/tcp on 192.168.1.32
247. Discovered open port 53/tcp on 192.168.1.104
248. Discovered open port 139/tcp on 192.168.1.131
249. Discovered open port 53/tcp on 192.168.1.136
250. Discovered open port 139/tcp on 192.168.1.13
251. Discovered open port 53/tcp on 192.168.1.25
252. Discovered open port 139/tcp on 192.168.1.163
253. Discovered open port 139/tcp on 192.168.1.118
254. Discovered open port 139/tcp on 192.168.1.154
255. Discovered open port 1099/tcp on 192.168.1.103
256. Discovered open port 1099/tcp on 192.168.1.32
257. Discovered open port 1099/tcp on 192.168.1.104
258. Discovered open port 1099/tcp on 192.168.1.136
259. Discovered open port 2010/tcp on 192.168.1.35
260. Discovered open port 49154/tcp on 192.168.1.159
261. Discovered open port 49154/tcp on 192.168.1.25
262. Discovered open port 49154/tcp on 192.168.1.125
263. Discovered open port 49154/tcp on 192.168.1.154
264. Discovered open port 49154/tcp on 192.168.1.163
265. Discovered open port 49154/tcp on 192.168.1.35
266. Discovered open port 49154/tcp on 192.168.1.131
267. Discovered open port 49154/tcp on 192.168.1.118
268. Discovered open port 49157/tcp on 192.168.1.159
269. Discovered open port 49157/tcp on 192.168.1.125
270. Discovered open port 49157/tcp on 192.168.1.163
271. Discovered open port 49157/tcp on 192.168.1.25
272. Discovered open port 49157/tcp on 192.168.1.35
273. Discovered open port 49157/tcp on 192.168.1.118
274. Discovered open port 5357/tcp on 192.168.1.159
275. Discovered open port 5357/tcp on 192.168.1.125
276. Discovered open port 512/tcp on 192.168.1.103
277. Discovered open port 49157/tcp on 192.168.1.131
278. Discovered open port 5357/tcp on 192.168.1.154
279. Discovered open port 5357/tcp on 192.168.1.163
280. Discovered open port 5357/tcp on 192.168.1.118
281. Discovered open port 512/tcp on 192.168.1.32
282. Discovered open port 512/tcp on 192.168.1.104
283. Discovered open port 5357/tcp on 192.168.1.131
284. Discovered open port 512/tcp on 192.168.1.136
285. Discovered open port 80/tcp on 192.168.1.1
286. Discovered open port 6667/tcp on 192.168.1.103
287. Discovered open port 3389/tcp on 192.168.1.30
288. Discovered open port 6667/tcp on 192.168.1.104
289. Discovered open port 6667/tcp on 192.168.1.32
290. Discovered open port 6667/tcp on 192.168.1.136
291. Discovered open port 139/tcp on 192.168.1.30
292. Discovered open port 139/tcp on 192.168.1.157
293. Discovered open port 139/tcp on 192.168.1.81
294. Discovered open port 139/tcp on 192.168.1.86
295. Discovered open port 139/tcp on 192.168.1.90
296. Discovered open port 3268/tcp on 192.168.1.25
297. Discovered open port 139/tcp on 192.168.1.84
298. Discovered open port 139/tcp on 192.168.1.85
299. Discovered open port 8180/tcp on 192.168.1.103
300. Discovered open port 8180/tcp on 192.168.1.32
301. Discovered open port 8180/tcp on 192.168.1.104
302. Discovered open port 8180/tcp on 192.168.1.136
303. Discovered open port 514/tcp on 192.168.1.103
304. Discovered open port 514/tcp on 192.168.1.32
305. Discovered open port 514/tcp on 192.168.1.104
306. Discovered open port 514/tcp on 192.168.1.136
307. Discovered open port 49154/tcp on 192.168.1.157
308. Discovered open port 8009/tcp on 192.168.1.103
309. Discovered open port 8009/tcp on 192.168.1.32
310. Discovered open port 8009/tcp on 192.168.1.104
311. Discovered open port 8009/tcp on 192.168.1.136
312. Discovered open port 548/tcp on 192.168.1.5
313. Discovered open port 5357/tcp on 192.168.1.81
314. Discovered open port 5357/tcp on 192.168.1.90
315. Discovered open port 49153/tcp on 192.168.1.118
316. Discovered open port 49153/tcp on 192.168.1.125
317. Discovered open port 49153/tcp on 192.168.1.154
318. Discovered open port 49153/tcp on 192.168.1.25
319. Discovered open port 49153/tcp on 192.168.1.35
320. Discovered open port 5357/tcp on 192.168.1.86
321. Discovered open port 5357/tcp on 192.168.1.84
322. Discovered open port 5357/tcp on 192.168.1.85
323. Discovered open port 49153/tcp on 192.168.1.159
324. Discovered open port 49153/tcp on 192.168.1.131
325. Discovered open port 49153/tcp on 192.168.1.163
326. Discovered open port 9100/tcp on 192.168.1.166
327. Discovered open port 999/tcp on 192.168.1.125
328. Discovered open port 636/tcp on 192.168.1.25
329. Discovered open port 49158/tcp on 192.168.1.154
330. Discovered open port 49158/tcp on 192.168.1.25
331. Discovered open port 548/tcp on 192.168.1.13
332. Discovered open port 2105/tcp on 192.168.1.35
333. Discovered open port 6000/tcp on 192.168.1.103
334. Discovered open port 6000/tcp on 192.168.1.32
335. Discovered open port 6000/tcp on 192.168.1.104
336. Discovered open port 6000/tcp on 192.168.1.136
337. Discovered open port 49152/tcp on 192.168.1.118
338. Discovered open port 49152/tcp on 192.168.1.25
339. Discovered open port 515/tcp on 192.168.1.166
340. Discovered open port 49152/tcp on 192.168.1.154
341. Discovered open port 515/tcp on 192.168.1.5
342. Discovered open port 49152/tcp on 192.168.1.125
343. Discovered open port 49152/tcp on 192.168.1.35
344. Discovered open port 49152/tcp on 192.168.1.131
345. Discovered open port 49152/tcp on 192.168.1.159
346. Discovered open port 49152/tcp on 192.168.1.163
347. Discovered open port 5900/tcp on 192.168.1.117
348. Discovered open port 8873/tcp on 192.168.1.5
349. Discovered open port 5009/tcp on 192.168.1.13
350. Discovered open port 2049/tcp on 192.168.1.32
351. Discovered open port 2049/tcp on 192.168.1.103
352. Discovered open port 2049/tcp on 192.168.1.104
353. Discovered open port 2049/tcp on 192.168.1.136
354. Discovered open port 3269/tcp on 192.168.1.25
355. Discovered open port 1524/tcp on 192.168.1.32
356. Discovered open port 2049/tcp on 192.168.1.5
357. Discovered open port 5432/tcp on 192.168.1.32
358. Discovered open port 1524/tcp on 192.168.1.103
359. Discovered open port 1524/tcp on 192.168.1.104
360. Discovered open port 5432/tcp on 192.168.1.103
361. Discovered open port 5432/tcp on 192.168.1.104
362. Discovered open port 1524/tcp on 192.168.1.136
363. Discovered open port 5432/tcp on 192.168.1.136
364. Discovered open port 49156/tcp on 192.168.1.159
365. Discovered open port 49156/tcp on 192.168.1.35
366. Discovered open port 49156/tcp on 192.168.1.163
367. Discovered open port 49156/tcp on 192.168.1.125
368. Discovered open port 22939/tcp on 192.168.1.5
369. Discovered open port 49156/tcp on 192.168.1.154
370. Discovered open port 49156/tcp on 192.168.1.131
371. Discovered open port 49156/tcp on 192.168.1.118
372. Discovered open port 49155/tcp on 192.168.1.25
373. Discovered open port 49155/tcp on 192.168.1.163
374. Discovered open port 49155/tcp on 192.168.1.35
375. Discovered open port 49155/tcp on 192.168.1.159
376. Discovered open port 49155/tcp on 192.168.1.125
377. Discovered open port 49155/tcp on 192.168.1.154
378. Discovered open port 49155/tcp on 192.168.1.131
379. Discovered open port 49155/tcp on 192.168.1.118
380. Discovered open port 873/tcp on 192.168.1.5
381. Discovered open port 88/tcp on 192.168.1.25
382. Discovered open port 464/tcp on 192.168.1.25
383. Discovered open port 389/tcp on 192.168.1.25
384. Discovered open port 280/tcp on 192.168.1.166
385. Discovered open port 513/tcp on 192.168.1.104
386. Discovered open port 513/tcp on 192.168.1.32
387. Discovered open port 513/tcp on 192.168.1.103
388. Discovered open port 513/tcp on 192.168.1.136
389. Discovered open port 2121/tcp on 192.168.1.104
390. Discovered open port 593/tcp on 192.168.1.25
391. Discovered open port 2121/tcp on 192.168.1.32
392. Discovered open port 2121/tcp on 192.168.1.103
393. Discovered open port 2121/tcp on 192.168.1.136
394. Discovered open port 2107/tcp on 192.168.1.35
395. Discovered open port 1801/tcp on 192.168.1.35
396. Discovered open port 2103/tcp on 192.168.1.35
397. Discovered open port 1433/tcp on 192.168.1.35
398. Completed SYN Stealth Scan against 192.168.1.104 in 15.42s (37 hosts left)
399. Completed SYN Stealth Scan against 192.168.1.35 in 15.53s (36 hosts left)
400. Discovered open port 49165/tcp on 192.168.1.25
401. Completed SYN Stealth Scan against 192.168.1.50 in 15.55s (35 hosts left)
402. Completed SYN Stealth Scan against 192.168.1.25 in 15.58s (34 hosts left)
403. Completed SYN Stealth Scan against 192.168.1.45 in 15.58s (33 hosts left)
404. Completed SYN Stealth Scan against 192.168.1.103 in 15.59s (32 hosts left)
405. Completed SYN Stealth Scan against 192.168.1.127 in 15.59s (31 hosts left)
406. Completed SYN Stealth Scan against 192.168.1.5 in 15.60s (30 hosts left)
407. Completed SYN Stealth Scan against 192.168.1.8 in 15.60s (29 hosts left)
408. Completed SYN Stealth Scan against 192.168.1.32 in 15.60s (28 hosts left)
409. Completed SYN Stealth Scan against 192.168.1.166 in 15.60s (27 hosts left)
410. Completed SYN Stealth Scan against 192.168.1.159 in 15.61s (26 hosts left)
411. Completed SYN Stealth Scan against 192.168.1.125 in 15.63s (25 hosts left)
412. Completed SYN Stealth Scan against 192.168.1.163 in 15.63s (24 hosts left)
413. Completed SYN Stealth Scan against 192.168.1.112 in 15.64s (23 hosts left)
414. Completed SYN Stealth Scan against 192.168.1.136 in 15.64s (22 hosts left)
415. Completed SYN Stealth Scan against 192.168.1.155 in 15.64s (21 hosts left)
416. Completed SYN Stealth Scan against 192.168.1.40 in 15.64s (20 hosts left)
417. Completed SYN Stealth Scan against 192.168.1.118 in 15.67s (19 hosts left)
418. Completed SYN Stealth Scan against 192.168.1.31 in 15.68s (18 hosts left)
419. Completed SYN Stealth Scan against 192.168.1.154 in 15.68s (17 hosts left)
420. Completed SYN Stealth Scan against 192.168.1.134 in 15.74s (16 hosts left)
421. Completed SYN Stealth Scan against 192.168.1.142 in 15.76s (15 hosts left)
422. Discovered open port 10000/tcp on 192.168.1.13
423. Completed SYN Stealth Scan against 192.168.1.151 in 15.90s (14 hosts left)
424. Completed SYN Stealth Scan against 192.168.1.114 in 15.93s (13 hosts left)
425. Completed SYN Stealth Scan against 192.168.1.115 in 15.94s (12 hosts left)
426. Completed SYN Stealth Scan against 192.168.1.121 in 20.83s (11 hosts left)
427. Discovered open port 4445/tcp on 192.168.1.30
428. Completed SYN Stealth Scan against 192.168.1.131 in 21.25s (10 hosts left)
429. Completed SYN Stealth Scan against 192.168.1.13 in 22.21s (9 hosts left)
430. Completed SYN Stealth Scan against 192.168.1.85 in 24.54s (8 hosts left)
431. Completed SYN Stealth Scan against 192.168.1.1 in 24.98s (7 hosts left)
432. Completed SYN Stealth Scan against 192.168.1.30 in 25.07s (6 hosts left)
433. Completed SYN Stealth Scan against 192.168.1.84 in 25.24s (5 hosts left)
434. Completed SYN Stealth Scan against 192.168.1.86 in 25.28s (4 hosts left)
435. Completed SYN Stealth Scan against 192.168.1.90 in 25.39s (3 hosts left)
436. Completed SYN Stealth Scan against 192.168.1.81 in 26.39s (2 hosts left)
437. Completed SYN Stealth Scan against 192.168.1.157 in 26.50s (1 host left)
438. Discovered open port 88/tcp on 192.168.1.117
439. Completed SYN Stealth Scan at 08:12, 30.15s elapsed (38000 total ports)
440. Initiating Service scan at 08:12
441. Scanning 258 services on 38 hosts
442. Service scan Timing: About 28.57% done; ETC: 08:14 (0:01:23 remaining)
443. Service scan Timing: About 52.90% done; ETC: 08:15 (0:01:01 remaining)
444. Service scan Timing: About 69.11% done; ETC: 08:15 (0:00:44 remaining)
445. Completed Service scan at 08:16, 233.75s elapsed (259 services on 38 hosts)
446. Initiating OS detection (try #1) against 38 hosts
447. Retrying OS detection (try #2) against 15 hosts
448. Retrying OS detection (try #3) against 4 hosts
449. Retrying OS detection (try #4) against 4 hosts
450. Retrying OS detection (try #5) against 4 hosts
451. NSE: Script scanning 38 hosts.
452. Initiating NSE at 08:17
453. NSE Timing: About 44.32% done; ETC: 08:19 (0:00:59 remaining)
454. NSE Timing: About 66.79% done; ETC: 08:19 (0:00:40 remaining)
455. Completed NSE at 08:20, 166.01s elapsed
456. Nmap scan report for valkyrie.cs2lab.edu (192.168.1.1)
457. Host is up (0.0015s latency).
458. Not shown: 998 filtered ports
459. PORT STATE SERVICE VERSION
460. 80/tcp open http lighttpd 1.4.32
461. |_http-methods: No Allow or Public header in OPTIONS response (status code 301)
462. |_http-title: Did not follow redirect to https://valkyrie.cs2lab.edu/
463. 443/tcp open ssl/http lighttpd 1.4.32
464. |_http-favicon: Unknown favicon MD5: 082559A7867CF27ACAB7E9867A8B320F
465. |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
466. |_http-title: Login
467. | ssl-cert: Subject: commonName=Common Name (eg, YOUR name)/organizationName=CompanyName/stateOrProvinceName=Somewhere/countryName=US
468. | Issuer: commonName=Common Name (eg, YOUR name)/organizationName=CompanyName/stateOrProvinceName=Somewhere/countryName=US
469. | Public Key type: rsa
470. | Public Key bits: 1024
471. | Not valid before: 2011-08-31T14:53:37+00:00
472. | Not valid after: 2017-02-20T15:53:37+00:00
473. | MD5: 175c 123b 071b 5027 8548 0aa9 267b bdcf
474. |_SHA-1: fbce 7749 3d0c cd0a 875f f3e2 053c 85f4 91fc 369e
475. |_ssl-date: 2014-10-02T12:14:24+00:00; -3m00s from local time.
476. MAC Address: 00:1B:21:C6:D5:37 (Intel Corporate)
477. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
478. Device type: specialized|general purpose
479. Running (JUST GUESSING): Comau embedded (92%), OpenBSD 4.X (85%)
480. OS CPE: cpe:/o:openbsd:openbsd:4.0
481. Aggressive OS guesses: Comau C4G robot control unit (92%), OpenBSD 4.0 (85%)
482. No exact OS matches for host (test conditions non-ideal).
483. Uptime guess: 0.002 days (since Thu Oct 2 08:17:03 2014)
484. Network Distance: 1 hop
485. TCP Sequence Prediction: Difficulty=261 (Good luck!)
486. IP ID Sequence Generation: Randomized
487.  
488. TRACEROUTE
489. HOP RTT ADDRESS
490. 1 1.47 ms valkyrie.cs2lab.edu (192.168.1.1)
491.  
492. Nmap scan report for aegir.cs2lab.edu (192.168.1.5)
493. Host is up (0.0036s latency).
494. Not shown: 987 closed ports
495. PORT STATE SERVICE VERSION
496. 21/tcp open ftp ProFTPD
497. | ssl-cert: Subject: commonName=develop/organizationName=buffalo/stateOrProvinceName=Tokyo/countryName=JP
498. | Issuer: commonName=develop/organizationName=BUFFALO INC./stateOrProvinceName=Tokyo/countryName=JP
499. | Public Key type: rsa
500. | Public Key bits: 1024
501. | Not valid before: 2007-06-13T04:47:53+00:00
502. | Not valid after: 2027-06-08T04:47:53+00:00
503. | MD5: a416 afbd 5885 973d d174 e5f1 56ad fe3a
504. |_SHA-1: 9533 2cdc a3d8 05a1 9f34 b948 7031 752b a19b 961f
505. |_ssl-date: 2014-10-02T12:15:48+00:00; -2m59s from local time.
506. 22/tcp open ssh OpenSSH 3.7.1p2 (protocol 2.0)
507. |_ssh-hostkey: 1024 17:60:bb:44:2f:36:d8:df:6b:98:fb:63:7f:52:a7:a1 (RSA)
508. 80/tcp open http lighttpd 1.4.23
509. |_http-favicon: Unknown favicon MD5: F5C14C837BDDA57B96059D6819B114F9
510. |_http-git: 0
511. |_http-methods: OPTIONS GET HEAD POST
512. |_http-title: Site doesn't have a title (text/html).
513. 111/tcp open rpcbind 2 (RPC #100000)
514. | rpcinfo:
515. | program version port/proto service
516. | 100000 2 111/tcp rpcbind
517. | 100000 2 111/udp rpcbind
518. | 100003 3 2049/tcp nfs
519. | 100003 3 2049/udp nfs
520. | 100005 1,3 2049/tcp mountd
521. |_ 100005 1,3 2049/udp mountd
522. 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
523. 443/tcp open ssl/http lighttpd 1.4.23
524. |_http-favicon: Unknown favicon MD5: F5C14C837BDDA57B96059D6819B114F9
525. |_http-git: 0
526. |_http-methods: OPTIONS GET HEAD POST
527. |_http-title: Site doesn't have a title (text/html).
528. | ssl-cert: Subject: commonName=develop/organizationName=buffalo/stateOrProvinceName=Tokyo/countryName=JP
529. | Issuer: commonName=develop/organizationName=BUFFALO INC./stateOrProvinceName=Tokyo/countryName=JP
530. | Public Key type: rsa
531. | Public Key bits: 1024
532. | Not valid before: 2007-06-13T04:47:53+00:00
533. | Not valid after: 2027-06-08T04:47:53+00:00
534. | MD5: a416 afbd 5885 973d d174 e5f1 56ad fe3a
535. |_SHA-1: 9533 2cdc a3d8 05a1 9f34 b948 7031 752b a19b 961f
536. |_ssl-date: 2014-10-02T12:16:26+00:00; -2m58s from local time.
537. 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
538. 515/tcp open printer
539. 548/tcp open afp?
540. | afp-serverinfo:
541. | | Server Flags: 0x8379
542. | | Super Client: Yes
543. | | UUIDs: No
544. | | UTF8 Server Name: Yes
545. | | Open Directory: Yes
546. | | Reconnect: No
547. | | Server Notifications: Yes
548. | | TCP/IP: Yes
549. | | Server Signature: Yes
550. | | ServerMessages: Yes
551. | | Password Saving Prohibited: No
552. | | Password Changing: No
553. | |_ Copy File: Yes
554. | Server Name: TS-QVHL17F
555. | Machine Type: Netatalk
556. | AFP Versions: AFPVersion 1.1, AFPVersion 2.0, AFPVersion 2.1, AFP2.2, AFPX03, AFP3.1, AFP3.2
557. | UAMs: DHCAST128, Cleartxt Passwrd
558. | Server Signature: 0105c0a8ffffffff0105c0a8ffffffff
559. | Network Address 1: 192.168.1.5
560. |_ UTF8 Server Name: TS-QVHL17F
561. 873/tcp open rsync (protocol version 30)
562. 2049/tcp open nfs 3 (RPC #100003)
563. 8873/tcp open ssl/rsync (protocol version 30)
564. 22939/tcp open ssl/unknown
565. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
566. SF-Port548-TCP:V=6.25%I=7%D=10/2%Time=542D4155%P=i686-pc-linux-gnu%r(afp,1
567. SF:C1,"\x01\x03\0\x01\0\0\0\0\0\0\x01\xb1\0\0\0\0\0\x1e\0'\0q\0\x8d\x83y\n
568. SF:TS-QVHL17F\0\x01\x8d\x01\x9d\x01\xa4\x01\xa5\x08Netatalk\x07\x0eAFPVers
569. SF:ion\x201\.1\x0eAFPVersion\x202\.0\x0eAFPVersion\x202\.1\x06AFP2\.2\x06A
570. SF:FPX03\x06AFP3\.1\x06AFP3\.2\x02\tDHCAST128\x10Cleartxt\x20Passwrd0\0\x8
571. SF:f\xf8\xcc\x01H\x0c\xb32\(\n\x8c\xcc\|\x0f\x83\x02\xff\x01\x80\xc3\xc3\x
572. SF:81\x803\xe3\xc1\x80\x0b\xd3\xc1\x80\x0b\xb1a\x80\x0b\xe0\xe1\x80\x0b\xe
573. SF:1\xe1\x80\x0b\xd1\xe1\xc0\n\xc0\xe1p\x0bx\xc1\x1c\x0by\xc1\x17\x0b3\xff
574. SF:!\xcb\xff\xc4@\x7f\xff\x02\x80\x1e\0\x01\xff\xff\xff\xff\x80\0\0\x01\xf
575. SF:f\xff\xff\xff\0\x02\x80\0\0\x02\x80\0\0\x07\xc0\0\0\x04@\0\0\x04@\0\0\x
576. SF:07\xc0\0\0\x05@\0\x0f\xf9\?\xfc\0\x02\x80\0\x0f\xfc\x7f\xfc0\0\x8f\xf8\
577. SF:xfc\x01\xcf\xfc\xff3\xef\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xf
578. SF:f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x
579. SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x7f\xff\xff\xff\x1f\xff\
580. SF:xff\xff\x1f\xff\xff\xff\?\xff\xff\xfc\x7f\xff\xff\xfe\xff\xff\xff\xff\x
581. SF:ff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\0\x03\x80\0\0\x03\x80\0\
582. SF:0\x07\xc0\0\0\x07\xc0\0\0\x07\xc0\0\0\x07\xc0\0\0\x07\xc0\0\xff\xff\xff
583. SF:\xff\?\xfe\xff\xff\xff\xfc\x7f\xff\x01\x05\xc0\xa8\xff\xff\xff\xff\x01\
584. SF:x05\xc0\xa8\xff\xff\xff\xff\x01\x06\x01\xc0\xa8\x01\x05\0\0\nTS-QVHL17F
585. SF:");
586. MAC Address: 4C:E6:76:1F:41:7F (Buffalo)
587. Device type: general purpose
588. Running: Linux 2.6.X
589. OS CPE: cpe:/o:linux:linux_kernel:2.6
590. OS details: Linux 2.6.24 - 2.6.36
591. Uptime guess: 8.250 days (since Wed Sep 24 02:20:50 2014)
592. Network Distance: 1 hop
593. TCP Sequence Prediction: Difficulty=203 (Good luck!)
594. IP ID Sequence Generation: All zeros
595. Service Info: Host: 192.168.1.5; OS: Unix
596.  
597. Host script results:
598. | nbstat:
599. | NetBIOS name: TS-QVHL17F, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
600. | Names
601. | TS-QVHL17F<00> Flags: <unique><active>
602. | TS-QVHL17F<03> Flags: <unique><active>
603. | TS-QVHL17F<20> Flags: <unique><active>
604. | \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
605. | WORKGROUP<1d> Flags: <unique><active>
606. | WORKGROUP<1e> Flags: <group><active>
607. |_ WORKGROUP<00> Flags: <group><active>
608. | smb-os-discovery:
609. | OS: Unix (Samba 3.0.30-1.4.osstech)
610. | Computer name: TS-QVHL17F
611. | NetBIOS computer name:
612. | Domain name:
613. | FQDN: TS-QVHL17F
614. |_ System time: 2014-10-02T14:14:22+02:00
615. | smb-security-mode:
616. | Account that was used for smb scripts: <blank>
617. | User-level authentication
618. | SMB Security: Challenge/response passwords supported
619. |_ Message signing disabled (dangerous, but default)
620. |_smbv2-enabled: Server doesn't support SMBv2 protocol
621.  
622. TRACEROUTE
623. HOP RTT ADDRESS
624. 1 3.59 ms aegir.cs2lab.edu (192.168.1.5)
625.  
626. Nmap scan report for heimdall.cs2lab.edu (192.168.1.8)
627. Host is up (0.0010s latency).
628. Not shown: 998 closed ports
629. PORT STATE SERVICE VERSION
630. 80/tcp open http?
631. |_http-methods: POST OPTIONS GET HEAD
632. |_http-title: Site doesn't have a title (text/html).
633. 111/tcp open rpcbind 2-4 (RPC #100000)
634. | rpcinfo:
635. | program version port/proto service
636. | 100000 2,3,4 111/tcp rpcbind
637. | 100000 2,3,4 111/udp rpcbind
638. | 100024 1 43601/tcp status
639. |_ 100024 1 44822/udp status
640. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
641. SF-Port80-TCP:V=6.25%I=7%D=10/2%Time=542D4150%P=i686-pc-linux-gnu%r(GetReq
642. SF:uest,214,"HTTP/1\.1\x20200\x20OK\r\nDate:\x20Thu,\x2002\x20Oct\x202014\
643. SF:x2012:10:05\x20GMT\r\nServer:\x20Apache\r\nLast-Modified:\x20Tue,\x2009
644. SF:\x20Sep\x202014\x2010:42:34\x20GMT\r\nETag:\x20\"5eb33-b1-5029f97dbf6ab
645. SF:\"\r\nAccept-Ranges:\x20bytes\r\nContent-Length:\x20177\r\nVary:\x20Acc
646. SF:ept-Encoding\r\nX-Content-Type-Options:\x20nosniff\r\nX-XSS-Protection:
647. SF:\x201;\x20mode=block\r\nX-Frame-Options:\x20sameorigin\r\nConnection:\x
648. SF:20close\r\nContent-Type:\x20text/html\r\n\r\n<html><body><h1>It\x20work
649. SF:s!</h1>\n<p>This\x20is\x20the\x20default\x20web\x20page\x20for\x20this\
650. SF:x20server\.</p>\n<p>The\x20web\x20server\x20software\x20is\x20running\x
651. SF:20but\x20no\x20content\x20has\x20been\x20added,\x20yet\.</p>\n</body></
652. SF:html>\n")%r(HTTPOptions,11B,"HTTP/1\.1\x20200\x20OK\r\nDate:\x20Thu,\x2
653. SF:002\x20Oct\x202014\x2012:10:05\x20GMT\r\nServer:\x20Apache\r\nAllow:\x2
654. SF:0POST,OPTIONS,GET,HEAD\r\nVary:\x20Accept-Encoding\r\nX-Content-Type-Op
655. SF:tions:\x20nosniff\r\nX-XSS-Protection:\x201;\x20mode=block\r\nX-Frame-O
656. SF:ptions:\x20sameorigin\r\nContent-Length:\x200\r\nConnection:\x20close\r
657. SF:\nContent-Type:\x20text/html\r\n\r\n")%r(RTSPRequest,11B,"HTTP/1\.1\x20
658. SF:200\x20OK\r\nDate:\x20Thu,\x2002\x20Oct\x202014\x2012:10:05\x20GMT\r\nS
659. SF:erver:\x20Apache\r\nAllow:\x20POST,OPTIONS,GET,HEAD\r\nVary:\x20Accept-
660. SF:Encoding\r\nX-Content-Type-Options:\x20nosniff\r\nX-XSS-Protection:\x20
661. SF:1;\x20mode=block\r\nX-Frame-Options:\x20sameorigin\r\nContent-Length:\x
662. SF:200\r\nConnection:\x20close\r\nContent-Type:\x20text/html\r\n\r\n")%r(F
663. SF:ourOhFourRequest,19C,"HTTP/1\.1\x20404\x20Not\x20Found\r\nDate:\x20Thu,
664. SF:\x2002\x20Oct\x202014\x2012:10:10\x20GMT\r\nServer:\x20Apache\r\nVary:\
665. SF:x20Accept-Encoding\r\nContent-Length:\x20225\r\nConnection:\x20close\r\
666. SF:nContent-Type:\x20text/html;\x20charset=iso-8859-1\r\n\r\n<!DOCTYPE\x20
667. SF:HTML\x20PUBLIC\x20\"-//IETF//DTD\x20HTML\x202\.0//EN\">\n<html><head>\n
668. SF:<title>404\x20Not\x20Found</title>\n</head><body>\n<h1>Not\x20Found</h1
669. SF:>\n<p>The\x20requested\x20URL\x20/nice\x20ports,/Trinity\.txt\.bak\x20w
670. SF:as\x20not\x20found\x20on\x20this\x20server\.</p>\n</body></html>\n");
671. MAC Address: 32:00:BA:EC:01:9D (Unknown)
672. No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
673. TCP/IP fingerprint:
674. OS:SCAN(V=6.25%E=4%D=10/2%OT=80%CT=1%CU=35158%PV=Y%DS=1%DC=D%G=Y%M=3200BA%T
675. OS:M=542D42F7%P=i686-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=10D%TI=Z%CI=I%II=I%T
676. OS:S=8)OPS(O1=M5B4ST11NW4%O2=M5B4ST11NW4%O3=M5B4NNT11NW4%O4=M5B4ST11NW4%O5=
677. OS:M5B4ST11NW4%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3
678. OS:890)ECN(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW4%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A
679. OS:=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%
680. OS:Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=
681. OS:A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=
682. OS:Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%
683. OS:T=40%CD=S)
684.  
685. Uptime guess: 6.881 days (since Thu Sep 25 11:11:59 2014)
686. Network Distance: 1 hop
687. TCP Sequence Prediction: Difficulty=262 (Good luck!)
688. IP ID Sequence Generation: All zeros
689.  
690. TRACEROUTE
691. HOP RTT ADDRESS
692. 1 1.03 ms heimdall.cs2lab.edu (192.168.1.8)
693.  
694. Nmap scan report for tc-eth.cs2lab.edu (192.168.1.13)
695. Host is up (0.0032s latency).
696. Not shown: 995 closed ports
697. PORT STATE SERVICE VERSION
698. 139/tcp open netbios-ssn?
699. 445/tcp open netbios-ssn
700. 548/tcp open afp Apple Time Capsule AFP (name: cs2labs-time-capsule; protocol 3.3)
701. | afp-serverinfo:
702. | | Server Flags: 0x8ffb
703. | | Super Client: Yes
704. | | UUIDs: Yes
705. | | UTF8 Server Name: Yes
706. | | Open Directory: Yes
707. | | Reconnect: Yes
708. | | Server Notifications: Yes
709. | | TCP/IP: Yes
710. | | Server Signature: Yes
711. | | ServerMessages: Yes
712. | | Password Saving Prohibited: No
713. | | Password Changing: Yes
714. | |_ Copy File: Yes
715. | Server Name: cs2labs-time-capsule
716. | Machine Type: TimeCapsule6,113
717. | AFP Versions: AFP3.3, AFP3.2, AFP3.1
718. | UAMs: DHCAST128, DHX2, SRP, Recon1
719. | Server Signature: 3646393439314b33415150007369672d
720. | Network Address 1: [fe80:0009:0000:0000:0226:bbff:fe6e:76a8]:548
721. | Network Address 2: nil
722. |_ UTF8 Server Name: CS2Lab's Time Capsule
723. 5009/tcp open airport-admin Apple AirPort or Time Capsule admin
724. 10000/tcp open snet-sensor-mgmt?
725. | ndmp-version:
726. |_ ERROR: Failed to get host information from server
727. MAC Address: 00:26:BB:6E:76:A8 (Apple)
728. Device type: WAP|storage-misc|general purpose
729. Running: Apple NetBSD 4.X, QNX 6.X
730. OS CPE: cpe:/h:apple:airport_extreme cpe:/o:apple:netbsd:4 cpe:/o:qnx:qnx:6
731. OS details: Apple AirPort Extreme WAP or Time Capsule NAS device (NetBSD 4.99), or QNX 6.5.0
732. Network Distance: 1 hop
733. TCP Sequence Prediction: Difficulty=206 (Good luck!)
734. IP ID Sequence Generation: Incremental
735.  
736. Host script results:
737. | nbstat:
738. | NetBIOS name: CS2LABS-TIME-CA, NetBIOS user: <unknown>, NetBIOS MAC: 00:26:bb:6e:76:a8 (Apple)
739. | Names
740. | CS2LABS-TIME-CA<00> Flags: <unique><active><permanent>
741. | WORKGROUP<00> Flags: <group><active><permanent>
742. |_ CS2LABS-TIME-CA<20> Flags: <unique><active><permanent>
743. | smb-os-discovery:
744. | OS: Apple Base Station (CIFS 4.32)
745. | NetBIOS computer name:
746. | Workgroup:
747. |_ System time: 2014-10-02T08:15:50+02:00
748. | smb-security-mode:
749. | Account that was used for smb scripts: guest
750. | User-level authentication
751. | SMB Security: Challenge/response passwords supported
752. |_ Message signing disabled (dangerous, but default)
753. |_smbv2-enabled: Server doesn't support SMBv2 protocol
754.  
755. TRACEROUTE
756. HOP RTT ADDRESS
757. 1 3.15 ms tc-eth.cs2lab.edu (192.168.1.13)
758.  
759. Nmap scan report for ragnarok.cs2lab.edu (192.168.1.25)
760. Host is up (0.0042s latency).
761. Not shown: 982 closed ports
762. PORT STATE SERVICE VERSION
763. 53/tcp open domain Microsoft DNS 6.1.7601
764. | dns-nsid:
765. |_ bind.version: Microsoft DNS 6.1.7601 (1DB1446A) (checked)
766. 88/tcp open kerberos-sec Windows 2003 Kerberos (server time: 2014-10-02 12:10:04Z)
767. 135/tcp open msrpc?
768. 139/tcp open netbios-ssn
769. 389/tcp open ldap
770. 445/tcp open netbios-ssn
771. 464/tcp open kpasswd5?
772. 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
773. 636/tcp open tcpwrapped
774. 3268/tcp open ldap
775. 3269/tcp open tcpwrapped
776. 49152/tcp open unknown
777. 49153/tcp open unknown
778. 49154/tcp open unknown
779. 49155/tcp open unknown
780. 49157/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
781. 49158/tcp open unknown
782. 49165/tcp open unknown
783. MAC Address: BE:9D:9F:DA:67:2D (Unknown)
784. Device type: general purpose
785. Running: Microsoft Windows 2008
786. OS CPE: cpe:/o:microsoft:windows_server_2008::sp2
787. OS details: Microsoft Windows Server 2008 SP2
788. Uptime guess: 49.673 days (since Wed Aug 13 16:11:29 2014)
789. Network Distance: 1 hop
790. TCP Sequence Prediction: Difficulty=261 (Good luck!)
791. IP ID Sequence Generation: Incremental
792. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
793.  
794. Host script results:
795. | nbstat:
796. | NetBIOS name: RAGNAROK, NetBIOS user: <unknown>, NetBIOS MAC: be:9d:9f:da:67:2d (unknown)
797. | Names
798. | RAGNAROK<00> Flags: <unique><active>
799. | CS2LAB<00> Flags: <group><active>
800. | CS2LAB<1c> Flags: <group><active>
801. | RAGNAROK<20> Flags: <unique><active>
802. |_ CS2LAB<1b> Flags: <unique><active>
803. |_smbv2-enabled: Server supports SMBv2 protocol
804.  
805. TRACEROUTE
806. HOP RTT ADDRESS
807. 1 4.18 ms ragnarok.cs2lab.edu (192.168.1.25)
808.  
809. Nmap scan report for loki.cs2lab.edu (192.168.1.30)
810. Host is up (0.0051s latency).
811. Not shown: 995 filtered ports
812. PORT STATE SERVICE VERSION
813. 135/tcp open msrpc Microsoft Windows RPC
814. 139/tcp open netbios-ssn
815. 445/tcp open netbios-ssn
816. 3389/tcp open ms-wbt-server?
817. 4445/tcp open upnotifyp?
818. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
819. SF-Port4445-TCP:V=6.25%I=7%D=10/2%Time=542D4160%P=i686-pc-linux-gnu%r(GetR
820. SF:equest,60,"\xaa\x0f\xd2\xf2`\0\0\0\0\0\0\0\xde\x02_\x1c#8o\x12\0\0\0\0\
821. SF:0\0\0\0\x01\0\0\0\"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\nInva
822. SF:lid\x20header\x20checksum\n\n\x20\0h\0e\0a\0d\0e\0r\0")%r(HTTPOptions,6
823. SF:0,"\xd1\x10NM`\0\0\0\0\0\0\0\xdd\x01I\x13\xa7\(\xb5\x7f\0\0\0\0\0\0\0\0
824. SF:\x01\0\0\0\"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\nInvalid\x20
825. SF:header\x20checksum\n\n\x20\0h\0e\0a\0d\0e\0r\0")%r(RTSPRequest,60,"B\x1
826. SF:1\x17o`\0\0\0\0\0\0\0:\x01\xac\x0b\x1f\xfcq\xe8\0\0\0\0\0\0\0\0\x01\0\0
827. SF:\0\"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\nInvalid\x20header\x
828. SF:20checksum\n\n\x20\0h\0e\0a\0d\0e\0r\0")%r(RPCCheck,60,"\n\x11\x99\]`\0
829. SF:\0\0\0\0\0\0r\x01~\r\)Y\xf3\xc7\0\0\0\0\0\0\0\0\x01\0\0\0\"\0\0\0\xe4\x
830. SF:04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\nInvalid\x20header\x20checksum\n\n\x
831. SF:20\0h\0e\0a\0d\0e\0r\0")%r(DNSVersionBindReq,60,"\x9b\x10\x04>`\0\0\0\0
832. SF:\0\0\0N\x01V\r\xf3J\x81\x0f\0\0\0\0\0\0\0\0\x01\0\0\0\"\0\0\0\xe4\x04\0
833. SF:\0\0\0\0\0\0\0\0\x001\nmain\nn\nInvalid\x20header\x20checksum\n\n\x20\0
834. SF:h\0e\0a\0d\0e\0r\0")%r(SSLSessionReq,60,"\xa8\x10\nA`\0\0\0\0\0\0\0d\x0
835. SF:1I\x0eN\xe5WP\0\0\0\0\0\0\0\0\x01\0\0\0\"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0
836. SF:\0\x001\nmain\nn\nInvalid\x20header\x20checksum\n\n\x20\0h\0e\0a\0d\0e\
837. SF:0r\0")%r(Kerberos,60,"\xc5\x0f@\xfb`\0\0\0\0\0\0\0p\x02@\x18\)Xl\n\0\0\
838. SF:0\0\0\0\0\0\x01\0\0\0\"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\n
839. SF:Invalid\x20header\x20checksum\n\n\x20\0h\0e\0a\0d\0e\0r\0")%r(SMBProgNe
840. SF:g,60,"9\x11\xe1m`\0\0\0\0\0\0\0\xf9\x01\x12\x13\xd3\xa2\x88n\0\0\0\0\0\
841. SF:0\0\0\x01\0\0\0\"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\nInvali
842. SF:d\x20header\x20checksum\n\n\x20\0h\0e\0a\0d\0e\0r\0")%r(FourOhFourReque
843. SF:st,60,"\xdc\x10\x92P`\0\0\0\0\0\0\0/\x02\x90\x16\x8d>\xccw\0\0\0\0\0\0\
844. SF:0\0\x01\0\0\0\"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\nInvalid\
845. SF:x20header\x20checksum\n\n\x20\0h\0e\0a\0d\0e\0r\0")%r(SIPOptions,60,"\+
846. SF:\x11<j`\0\0\0\0\0\0\0C\x01\xdd\x0b\xdc\xfcJ;\0\0\0\0\0\0\0\0\x01\0\0\0\
847. SF:"\0\0\0\xe4\x04\0\0\0\0\0\0\0\0\0\x001\nmain\nn\nInvalid\x20header\x20c
848. SF:hecksum\n\n\x20\0h\0e\0a\0d\0e\0r\0");
849. MAC Address: 00:08:74:39:A4:E8 (Dell Computer)
850. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
851. Device type: general purpose|phone
852. Running: Microsoft Windows Vista|2008|7|Phone
853. OS CPE: cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows
854. OS details: Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
855. Uptime guess: 7.178 days (since Thu Sep 25 04:03:10 2014)
856. Network Distance: 1 hop
857. TCP Sequence Prediction: Difficulty=266 (Good luck!)
858. IP ID Sequence Generation: Incremental
859. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
860.  
861. Host script results:
862. | nbstat:
863. | NetBIOS name: LOKI, NetBIOS user: <unknown>, NetBIOS MAC: 00:08:74:39:a4:e8 (Dell Computer)
864. | Names
865. | LOKI<20> Flags: <unique><active>
866. | LOKI<00> Flags: <unique><active>
867. | CS2LAB<00> Flags: <group><active>
868. | CS2LAB<1e> Flags: <group><active>
869. | CS2LAB<1d> Flags: <unique><active>
870. |_ \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
871. | smb-os-discovery:
872. | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
873. | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
874. | Computer name: loki
875. | NetBIOS computer name: LOKI
876. | Domain name: cs2lab.edu
877. | Forest name: cs2lab.edu
878. | FQDN: loki.cs2lab.edu
879. | NetBIOS domain name: CS2LAB
880. |_ System time: 2014-10-02T14:14:32+02:00
881. | smb-security-mode:
882. | Account that was used for smb scripts: <blank>
883. | User-level authentication
884. | SMB Security: Challenge/response passwords supported
885. |_ Message signing disabled (dangerous, but default)
886. |_smbv2-enabled: Server supports SMBv2 protocol
887.  
888. TRACEROUTE
889. HOP RTT ADDRESS
890. 1 5.08 ms loki.cs2lab.edu (192.168.1.30)
891.  
892. Nmap scan report for OpenVAS.cs2lab.edu (192.168.1.31)
893. Host is up (0.0011s latency).
894. Not shown: 997 closed ports
895. PORT STATE SERVICE VERSION
896. 80/tcp open http?
897. |_http-methods: No Allow or Public header in OPTIONS response (status code 406)
898. |_http-title: Site doesn't have a title.
899. 111/tcp open rpcbind 2-4 (RPC #100000)
900. | rpcinfo:
901. | program version port/proto service
902. | 100000 2,3,4 111/tcp rpcbind
903. | 100000 2,3,4 111/udp rpcbind
904. | 100024 1 33421/udp status
905. |_ 100024 1 59276/tcp status
906. 443/tcp open ssl/https?
907. |_http-favicon: Unknown favicon MD5: 510C3CE29847C600644B882F3F79489C
908. |_http-git: 0
909. |_http-methods: No Allow or Public header in OPTIONS response (status code 406)
910. |_http-title: Site doesn't have a title.
911. | ssl-cert: Subject: commonName=openvas/organizationName=OpenVAS Users United/countryName=DE
912. | Issuer: commonName=openvas/organizationName=OpenVAS Users United/countryName=DE
913. | Public Key type: rsa
914. | Public Key bits: 1024
915. | Not valid before: 2014-05-08T09:09:23+00:00
916. | Not valid after: 2022-07-25T09:09:23+00:00
917. | MD5: 0137 97dd 2446 2781 101a ad80 2555 b7f8
918. |_SHA-1: 2ab2 8e00 6919 fecd 90e4 a5a8 ac56 1415 560f 0a1b
919. 2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
920. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
921. SF-Port80-TCP:V=6.25%I=7%D=10/2%Time=542D4156%P=i686-pc-linux-gnu%r(HTTPOp
922. SF:tions,B3,"HTTP/1\.0\x20406\x20Not\x20Acceptable\r\nContent-Length:\x205
923. SF:1\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nDate:\x20Thu,\x200
924. SF:2\x20Oct\x202014\x2012:10:10\x20GMT\r\n\r\n<html><body>HTTP\x20Method\x
925. SF:20not\x20supported</body></html>")%r(RTSPRequest,B3,"HTTP/1\.1\x20406\x
926. SF:20Not\x20Acceptable\r\nContent-Length:\x2051\r\nContent-Type:\x20text/h
927. SF:tml;\x20charset=utf-8\r\nDate:\x20Thu,\x2002\x20Oct\x202014\x2012:10:10
928. SF:\x20GMT\r\n\r\n<html><body>HTTP\x20Method\x20not\x20supported</body></h
929. SF:tml>")%r(SIPOptions,B3,"HTTP/1\.1\x20406\x20Not\x20Acceptable\r\nConten
930. SF:t-Length:\x2051\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nDate
931. SF::\x20Thu,\x2002\x20Oct\x202014\x2012:10:45\x20GMT\r\n\r\n<html><body>HT
932. SF:TP\x20Method\x20not\x20supported</body></html>");
933. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
934. SF-Port443-TCP:V=6.25%T=SSL%I=7%D=10/2%Time=542D4161%P=i686-pc-linux-gnu%r
935. SF:(HTTPOptions,B3,"HTTP/1\.0\x20406\x20Not\x20Acceptable\r\nContent-Lengt
936. SF:h:\x2051\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nDate:\x20Th
937. SF:u,\x2002\x20Oct\x202014\x2012:10:22\x20GMT\r\n\r\n<html><body>HTTP\x20M
938. SF:ethod\x20not\x20supported</body></html>")%r(RTSPRequest,B3,"HTTP/1\.1\x
939. SF:20406\x20Not\x20Acceptable\r\nContent-Length:\x2051\r\nContent-Type:\x2
940. SF:0text/html;\x20charset=utf-8\r\nDate:\x20Thu,\x2002\x20Oct\x202014\x201
941. SF:2:10:22\x20GMT\r\n\r\n<html><body>HTTP\x20Method\x20not\x20supported</b
942. SF:ody></html>")%r(FourOhFourRequest,651,"HTTP/1\.0\x20200\x20OK\r\nConten
943. SF:t-Length:\x201410\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nSe
944. SF:t-Cookie:\x20GSAD_SID=0;\x20expires=Thu,\x2002-Oct-2014\x2012:10:47\x20
945. SF:GMT;\x20path=/;\x20secure;\x20HTTPonly\r\nDate:\x20Thu,\x2002\x20Oct\x2
946. SF:02014\x2012:10:47\x20GMT\r\n\r\n<!DOCTYPE\x20html\x20PUBLIC\x20\"-//W3C
947. SF://DTD\x20XHTML\x201\.0\x20Transitional//EN\"\x20\"http://www\.w3\.org/T
948. SF:R/xhtml1/DTD/xhtml1-transitional\.dtd\">\n<html\x20xmlns=\"http://www\.
949. SF:w3\.org/1999/xhtml\"><head\x20xmlns=\"\">\n<meta\x20http-equiv=\"Conten
950. SF:t-Type\"\x20content=\"text/html;\x20charset=UTF-8\">\n<link\x20rel=\"st
951. SF:ylesheet\"\x20type=\"text/css\"\x20href=\"/gsa-style\.css\">\n<link\x20
952. SF:rel=\"icon\"\x20href=\"/favicon\.gif\"\x20type=\"image/x-icon\">\n<titl
953. SF:e>Greenbone\x20Security\x20Assistant</title>\n</head>\n<body><center><d
954. SF:iv\x20xmlns=\"\"\x20style=\"width:315px;margin-top:5px;\"><div\x20class
955. SF:=\"gb_window\">\n<div\x20class=\"gb_window_part_left\"></div>\n<div\x20
956. SF:class=\"gb_window_part_right\"></div>\n<div\x20class=\"gb_window_part_c
957. SF:enter\">Greenbone\x20Security\x20Assistant</div>\n<div\x20class=\"gb_wi
958. SF:ndow_part_conten")%r(SIPOptions,B3,"HTTP/1\.1\x20406\x20Not\x20Acceptab
959. SF:le\r\nContent-Length:\x2051\r\nContent-Type:\x20text/html;\x20charset=u
960. SF:tf-8\r\nDate:\x20Thu,\x2002\x20Oct\x202014\x2012:10:57\x20GMT\r\n\r\n<h
961. SF:tml><body>HTTP\x20Method\x20not\x20supported</body></html>");
962. MAC Address: C2:42:D7:11:F3:5E (Unknown)
963. No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
964. TCP/IP fingerprint:
965. OS:SCAN(V=6.25%E=4%D=10/2%OT=80%CT=1%CU=42418%PV=Y%DS=1%DC=D%G=Y%M=C242D7%T
966. OS:M=542D42F7%P=i686-pc-linux-gnu)SEQ(SP=104%GCD=1%ISR=108%TI=Z%CI=I%II=I%T
967. OS:S=8)OPS(O1=M5B4ST11NW4%O2=M5B4ST11NW4%O3=M5B4NNT11NW4%O4=M5B4ST11NW4%O5=
968. OS:M5B4ST11NW4%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3
969. OS:890)ECN(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW4%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A
970. OS:=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%
971. OS:Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=
972. OS:A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=
973. OS:Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%
974. OS:T=40%CD=S)
975.  
976. Uptime guess: 1.053 days (since Wed Oct 1 07:03:06 2014)
977. Network Distance: 1 hop
978. TCP Sequence Prediction: Difficulty=259 (Good luck!)
979. IP ID Sequence Generation: All zeros
980.  
981. TRACEROUTE
982. HOP RTT ADDRESS
983. 1 1.05 ms OpenVAS.cs2lab.edu (192.168.1.31)
984.  
985. Nmap scan report for openvas.cs2lab.edu (192.168.1.32)
986. Host is up (0.0047s latency).
987. Not shown: 977 closed ports
988. PORT STATE SERVICE VERSION
989. 21/tcp open ftp vsftpd 2.3.4
990. |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
991. 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
992. | ssh-hostkey: 1024 60:0f:cf:e1:c0:5f:6a:74:d6:90:24:fa:c4:d5:6c:cd (DSA)
993. |_2048 56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3 (RSA)
994. 23/tcp open telnet Linux telnetd
995. 25/tcp open smtp Postfix smtpd
996. |_smtp-commands: metasploitable.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
997. | ssl-cert: Subject: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
998. | Issuer: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
999. | Public Key type: rsa
1000. | Public Key bits: 1024
1001. | Not valid before: 2010-03-17T13:07:45+00:00
1002. | Not valid after: 2010-04-16T13:07:45+00:00
1003. | MD5: dcd9 ad90 6c8f 2f73 74af 383b 2540 8828
1004. |_SHA-1: ed09 3088 7066 03bf d5dc 2373 99b4 98da 2d4d 31c6
1005. |_ssl-date: 2014-10-02T12:16:31+00:00; -2m56s from local time.
1006. 53/tcp open domain ISC BIND 9.4.2
1007. | dns-nsid:
1008. |_ bind.version: 9.4.2
1009. 80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2)
1010. |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
1011. |_http-title: Metasploitable2 - Linux
1012. 111/tcp open rpcbind 2 (RPC #100000)
1013. | rpcinfo:
1014. | program version port/proto service
1015. | 100000 2 111/tcp rpcbind
1016. | 100000 2 111/udp rpcbind
1017. | 100003 2,3,4 2049/tcp nfs
1018. | 100003 2,3,4 2049/udp nfs
1019. | 100005 1,2,3 37393/tcp mountd
1020. | 100005 1,2,3 48497/udp mountd
1021. | 100021 1,3,4 49631/tcp nlockmgr
1022. | 100021 1,3,4 60664/udp nlockmgr
1023. | 100024 1 37104/tcp status
1024. |_ 100024 1 54571/udp status
1025. 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
1026. 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
1027. 512/tcp open exec netkit-rsh rexecd
1028. 513/tcp open login?
1029. 514/tcp open tcpwrapped
1030. 1099/tcp open rmiregistry GNU Classpath grmiregistry
1031. |_rmi-dumpregistry: Registry listing failed (No return data received from server)
1032. 1524/tcp open ingreslock?
1033. 2049/tcp open nfs 2-4 (RPC #100003)
1034. 2121/tcp open ftp ProFTPD 1.3.1
1035. 3306/tcp open mysql MySQL 5.0.51a-3ubuntu5
1036. | mysql-info: Protocol: 10
1037. | Version: 5.0.51a-3ubuntu5
1038. | Thread ID: 17
1039. | Some Capabilities: Connect with DB, Compress, SSL, Transactions, Secure Connection
1040. | Status: Autocommit
1041. |_Salt: |;NYRnVA&5wxuexLP/:u
1042. 5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7
1043. 5900/tcp open vnc VNC (protocol 3.3)
1044. | vnc-info:
1045. | Protocol version: 3.3
1046. | Security types:
1047. |_ Unknown security type (33554432)
1048. 6000/tcp open X11 (access denied)
1049. 6667/tcp open irc Unreal ircd
1050. | irc-info: Server: irc.Metasploitable.LAN
1051. | Version: Unreal3.2.8.1. irc.Metasploitable.LAN
1052. | Lservers/Lusers: 0/1
1053. | Uptime: 0 days, 23:14:13
1054. | Source host: BD1A38F2.78DED367.FFFA6D49.IP
1055. |_Source ident: OK nmap
1056. 8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
1057. |_ajp-methods: Failed to get a valid response for the OPTION request
1058. 8180/tcp open http Apache Tomcat/Coyote JSP engine 1.1
1059. |_http-favicon: Apache Tomcat
1060. |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
1061. |_http-title: Apache Tomcat/5.5
1062. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
1063. SF-Port1524-TCP:V=6.25%I=7%D=10/2%Time=542D4156%P=i686-pc-linux-gnu%r(NULL
1064. SF:,17,"root@metasploitable:/#\x20")%r(GenericLines,73,"root@metasploitabl
1065. SF:e:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20root@metasp
1066. SF:loitable:/#\x20root@metasploitable:/#\x20")%r(GetRequest,935,"root@meta
1067. SF:sploitable:/#\x20<HTML>\n<HEAD>\n<TITLE>Directory\x20/</TITLE>\n<BASE\x
1068. SF:20HREF=\"file:/\">\n</HEAD>\n<BODY>\n<H1>Directory\x20listing\x20of\x20
1069. SF:/</H1>\n<UL>\n<LI><A\x20HREF=\"\./\">\./</A>\n<LI><A\x20HREF=\"\.\./\">
1070. SF:\.\./</A>\n<LI><A\x20HREF=\"bin/\">bin/</A>\n<LI><A\x20HREF=\"boot/\">b
1071. SF:oot/</A>\n<LI><A\x20HREF=\"cdrom/\">cdrom/</A>\n<LI><A\x20HREF=\"dev/\"
1072. SF:>dev/</A>\n<LI><A\x20HREF=\"etc/\">etc/</A>\n<LI><A\x20HREF=\"home/\">h
1073. SF:ome/</A>\n<LI><A\x20HREF=\"initrd/\">initrd/</A>\n<LI><A\x20HREF=\"init
1074. SF:rd\.img\">initrd\.img</A>\n<LI><A\x20HREF=\"lib/\">lib/</A>\n<LI><A\x20
1075. SF:HREF=\"lost%2Bfound/\">lost\+found/</A>\n<LI><A\x20HREF=\"media/\">medi
1076. SF:a/</A>\n<LI><A\x20HREF=\"mnt/\">mnt/</A>\n<LI><A\x20HREF=\"nohup\.out\"
1077. SF:>nohup\.out</A>\n<LI><A\x20HREF=\"opt/\">opt/</A>\n<LI><A\x20HREF=\"pro
1078. SF:c/\">proc/</A>\n<LI><A\x20HREF=\"root/\">root/</A>\n<LI><A\x20HREF=\"sb
1079. SF:in/\">sbin/</A>\n<LI><A\x20HREF=\"srv/\">srv/</A>\n<LI><A\x20HREF=\"sys
1080. SF:/\">sys/</A>\n<LI><A\x20HREF=\"tmp/\">tmp/</A>\n<LI><A\x20HREF=\"usr/\"
1081. SF:>usr/</A>\n<LI><A\x20HREF=\"var/\">var/</A>\n<LI><A\x20HREF=\"vmlinuz\"
1082. SF:>vmlinuz</A>\n<")%r(HTTPOptions,94,"root@metasploitable:/#\x20bash:\x20
1083. SF:OPTIONS:\x20command\x20not\x20found\nroot@metasploitable:/#\x20root@met
1084. SF:asploitable:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20"
1085. SF:)%r(RTSPRequest,94,"root@metasploitable:/#\x20bash:\x20OPTIONS:\x20comm
1086. SF:and\x20not\x20found\nroot@metasploitable:/#\x20root@metasploitable:/#\x
1087. SF:20root@metasploitable:/#\x20root@metasploitable:/#\x20")%r(RPCCheck,17,
1088. SF:"root@metasploitable:/#\x20")%r(DNSVersionBindReq,17,"root@metasploitab
1089. SF:le:/#\x20")%r(DNSStatusRequest,17,"root@metasploitable:/#\x20")%r(Help,
1090. SF:63,"root@metasploitable:/#\x20bash:\x20HELP:\x20command\x20not\x20found
1091. SF:\nroot@metasploitable:/#\x20root@metasploitable:/#\x20")%r(SSLSessionRe
1092. SF:q,51,"root@metasploitable:/#\x20bash:\x20{O\?G,\x03Sw=:\x20command\x20n
1093. SF:ot\x20found\nroot@metasploitable:/#\x20");
1094. MAC Address: BE:38:5F:53:30:AE (Unknown)
1095. Device type: general purpose
1096. Running: Linux 2.6.X
1097. OS CPE: cpe:/o:linux:linux_kernel:2.6
1098. OS details: Linux 2.6.9 - 2.6.33
1099. Uptime guess: 0.967 days (since Wed Oct 1 09:08:02 2014)
1100. Network Distance: 1 hop
1101. TCP Sequence Prediction: Difficulty=203 (Good luck!)
1102. IP ID Sequence Generation: All zeros
1103. Service Info: Hosts: metasploitable.localdomain, localhost, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
1104.  
1105. Host script results:
1106. | nbstat:
1107. | NetBIOS name: METASPLOITABLE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
1108. | Names
1109. | METASPLOITABLE<00> Flags: <unique><active>
1110. | METASPLOITABLE<03> Flags: <unique><active>
1111. | METASPLOITABLE<20> Flags: <unique><active>
1112. | \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
1113. | WORKGROUP<00> Flags: <group><active>
1114. | WORKGROUP<1d> Flags: <unique><active>
1115. |_ WORKGROUP<1e> Flags: <group><active>
1116. | smb-os-discovery:
1117. | OS: Unix (Samba 3.0.20-Debian)
1118. | NetBIOS computer name:
1119. | Workgroup: WORKGROUP
1120. |_ System time: 2014-10-02T08:14:27-04:00
1121.  
1122. TRACEROUTE
1123. HOP RTT ADDRESS
1124. 1 4.68 ms openvas.cs2lab.edu (192.168.1.32)
1125.  
1126. Nmap scan report for oden.cs2lab.edu (192.168.1.35)
1127. Host is up (0.0046s latency).
1128. Not shown: 982 closed ports
1129. PORT STATE SERVICE VERSION
1130. 21/tcp open ftp Microsoft ftpd
1131. | ftp-anon: Anonymous FTP login allowed (FTP code 230)
1132. | 06-04-14 03:26PM <DIR> Guest
1133. |_02-02-13 03:49AM <DIR> Lab
1134. | ssl-cert: Subject: commonName=WMSvc-ODEN
1135. | Issuer: commonName=WMSvc-ODEN
1136. | Public Key type: rsa
1137. | Public Key bits: 2048
1138. | Not valid before: 2011-11-04T14:49:41+00:00
1139. | Not valid after: 2021-11-01T14:49:41+00:00
1140. | MD5: 306c 6c6e e844 e001 07e4 599a ee06 f439
1141. |_SHA-1: d151 6c86 b9d9 469f a3f7 68ce 6a57 78d1 21b4 9dd5
1142. |_ssl-date: 2014-10-02T12:15:52+00:00; -2m58s from local time.
1143. 80/tcp open http Microsoft IIS httpd 7.5
1144. | http-auth:
1145. | HTTP/1.1 401 Unauthorized
1146. |_ NTLM
1147. |_http-methods: No Allow or Public header in OPTIONS response (status code 401)
1148. |_http-title: Site doesn't have a title.
1149. 135/tcp open msrpc Microsoft Windows RPC
1150. 139/tcp open netbios-ssn
1151. 445/tcp open netbios-ssn
1152. 1433/tcp open ms-sql-s Microsoft SQL Server 2008 R2 10.50.1600.00; RTM
1153. 1801/tcp open msmq?
1154. 2010/tcp open http Microsoft IIS httpd 7.5
1155. | http-auth:
1156. | HTTP/1.1 401 Unauthorized
1157. |_ NTLM
1158. |_http-methods: No Allow or Public header in OPTIONS response (status code 401)
1159. |_http-title: Site doesn't have a title.
1160. 2103/tcp open msrpc Microsoft Windows RPC
1161. 2105/tcp open msrpc Microsoft Windows RPC
1162. 2107/tcp open msrpc Microsoft Windows RPC
1163. 3389/tcp open ms-wbt-server Microsoft Terminal Service
1164. 49152/tcp open msrpc Microsoft Windows RPC
1165. 49153/tcp open msrpc Microsoft Windows RPC
1166. 49154/tcp open msrpc Microsoft Windows RPC
1167. 49155/tcp open msrpc Microsoft Windows RPC
1168. 49156/tcp open msrpc Microsoft Windows RPC
1169. 49157/tcp open msrpc Microsoft Windows RPC
1170. MAC Address: B6:EC:74:84:B4:A6 (Unknown)
1171. Device type: general purpose
1172. Running: Microsoft Windows 7|2008
1173. OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
1174. OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
1175. Uptime guess: 8.941 days (since Tue Sep 23 09:44:42 2014)
1176. Network Distance: 1 hop
1177. TCP Sequence Prediction: Difficulty=260 (Good luck!)
1178. IP ID Sequence Generation: Incremental
1179. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1180.  
1181. Host script results:
1182. | ms-sql-info:
1183. | Windows server name: ODEN
1184. | [192.168.1.35\MSSQLSERVER]
1185. | Instance name: MSSQLSERVER
1186. | Version: Microsoft SQL Server 2008 R2 RTM
1187. | Version number: 10.50.1600.00
1188. | Product: Microsoft SQL Server 2008 R2
1189. | Service pack level: RTM
1190. | Post-SP patches applied: No
1191. | TCP port: 1433
1192. | Named pipe: \\192.168.1.35\pipe\sql\query
1193. |_ Clustered: No
1194. | nbstat:
1195. | NetBIOS name: ODEN, NetBIOS user: <unknown>, NetBIOS MAC: b6:ec:74:84:b4:a6 (unknown)
1196. | Names
1197. | ODEN<20> Flags: <unique><active>
1198. | ODEN<00> Flags: <unique><active>
1199. |_ CS2LAB<00> Flags: <group><active>
1200. | smb-os-discovery:
1201. | OS: Windows Server 2008 R2 Enterprise 7601 Service Pack 1 (Windows Server 2008 R2 Enterprise 6.1)
1202. | OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
1203. | Computer name: oden
1204. | NetBIOS computer name: ODEN
1205. | Domain name: cs2lab.edu
1206. | Forest name: cs2lab.edu
1207. | FQDN: oden.cs2lab.edu
1208. | NetBIOS domain name: CS2LAB
1209. |_ System time: 2014-10-02T14:15:52+02:00
1210. | smb-security-mode:
1211. | Account that was used for smb scripts: guest
1212. | User-level authentication
1213. | SMB Security: Challenge/response passwords supported
1214. |_ Message signing disabled (dangerous, but default)
1215. |_smbv2-enabled: Server supports SMBv2 protocol
1216.  
1217. TRACEROUTE
1218. HOP RTT ADDRESS
1219. 1 4.59 ms oden.cs2lab.edu (192.168.1.35)
1220.  
1221. Nmap scan report for jira.cs2lab.edu (192.168.1.40)
1222. Host is up (0.0011s latency).
1223. Not shown: 999 closed ports
1224. PORT STATE SERVICE VERSION
1225. 111/tcp open rpcbind 2 (RPC #100000)
1226. | rpcinfo:
1227. | program version port/proto service
1228. | 100000 2 111/tcp rpcbind
1229. | 100000 2 111/udp rpcbind
1230. | 100024 1 33465/tcp status
1231. |_ 100024 1 42832/udp status
1232. MAC Address: CE:DD:1B:0C:49:FC (Unknown)
1233. No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
1234. TCP/IP fingerprint:
1235. OS:SCAN(V=6.25%E=4%D=10/2%OT=111%CT=1%CU=43465%PV=Y%DS=1%DC=D%G=Y%M=CEDD1B%
1236. OS:TM=542D42F7%P=i686-pc-linux-gnu)SEQ(SP=C5%GCD=1%ISR=C3%TI=Z%CI=Z%II=I%TS
1237. OS:=7)OPS(O1=M5B4ST11NW6%O2=M5B4ST11NW6%O3=M5B4NNT11NW6%O4=M5B4ST11NW6%O5=M
1238. OS:5B4ST11NW6%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=38
1239. OS:90)ECN(R=Y%DF=Y%T=40%W=3908%O=M5B4NNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=
1240. OS:S+%F=AS%RD=0%Q=)T2(R=N)T3(R=Y%DF=Y%T=40%W=3890%S=O%A=S+%F=AS%O=M5B4ST11N
1241. OS:W6%RD=0%Q=)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%
1242. OS:W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=
1243. OS:)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%
1244. OS:UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
1245.  
1246. Uptime guess: 6.936 days (since Thu Sep 25 09:52:20 2014)
1247. Network Distance: 1 hop
1248. TCP Sequence Prediction: Difficulty=197 (Good luck!)
1249. IP ID Sequence Generation: All zeros
1250.  
1251. TRACEROUTE
1252. HOP RTT ADDRESS
1253. 1 1.10 ms jira.cs2lab.edu (192.168.1.40)
1254.  
1255. Nmap scan report for confluence.cs2lab.edu (192.168.1.45)
1256. Host is up (0.0052s latency).
1257. Not shown: 998 closed ports
1258. PORT STATE SERVICE VERSION
1259. 22/tcp open ssh OpenSSH 5.8p1 Debian 1ubuntu3 (Ubuntu Linux; protocol 2.0)
1260. | ssh-hostkey: 1024 1b:7b:69:d7:be:44:6b:bf:b5:8f:82:0b:f8:fb:7e:a3 (DSA)
1261. | 2048 41:c7:ce:de:93:6f:1b:17:4c:64:40:b4:f9:bf:18:37 (RSA)
1262. |_256 a7:45:0b:6b:fc:05:21:30:74:35:b4:58:fc:2c:b3:19 (ECDSA)
1263. 80/tcp open http Apache Tomcat/Coyote JSP engine 1.1
1264. |_http-favicon: Unknown favicon MD5: 037D48B58C897528001F6A978176DF29
1265. |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
1266. MAC Address: B2:5E:7B:F9:33:4B (Unknown)
1267. Device type: general purpose
1268. Running: Linux 2.6.X
1269. OS CPE: cpe:/o:linux:linux_kernel:2.6
1270. OS details: Linux 2.6.32 - 2.6.39
1271. Uptime guess: 6.906 days (since Thu Sep 25 10:35:11 2014)
1272. Network Distance: 1 hop
1273. TCP Sequence Prediction: Difficulty=188 (Good luck!)
1274. IP ID Sequence Generation: All zeros
1275. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1276.  
1277. TRACEROUTE
1278. HOP RTT ADDRESS
1279. 1 5.19 ms confluence.cs2lab.edu (192.168.1.45)
1280.  
1281. Nmap scan report for thor.cs2lab.edu (192.168.1.50)
1282. Host is up (0.0052s latency).
1283. Not shown: 996 closed ports
1284. PORT STATE SERVICE VERSION
1285. 22/tcp open ssh OpenSSH 5.5p1 Debian 6 (protocol 2.0)
1286. | ssh-hostkey: 1024 0b:b7:2e:8a:8e:92:e9:e9:e6:05:cf:cc:bc:7e:f5:3a (DSA)
1287. |_2048 10:7c:c0:b6:04:b6:2a:6a:f0:ab:ee:5a:11:d9:d2:5a (RSA)
1288. 80/tcp open http?
1289. |_http-methods: No Allow or Public header in OPTIONS response (status code 302)
1290. |_http-title: Did not follow redirect to https://thor.cs2lab.edu:8006/
1291. 111/tcp open rpcbind 2 (RPC #100000)
1292. | rpcinfo:
1293. | program version port/proto service
1294. | 100000 2 111/tcp rpcbind
1295. | 100000 2 111/udp rpcbind
1296. | 100024 1 39004/tcp status
1297. |_ 100024 1 42844/udp status
1298. 443/tcp open ssl/https?
1299. |_http-methods: No Allow or Public header in OPTIONS response (status code 302)
1300. |_http-title: Did not follow redirect to https://thor.cs2lab.edu:443:8006/
1301. | ssl-cert: Subject: commonName=thor.cs2lab.edu/organizationName=Proxmox Virtual Environment
1302. | Issuer: commonName=Proxmox Virtual Environment/organizationName=PVE Cluster Manager CA
1303. | Public Key type: rsa
1304. | Public Key bits: 2048
1305. | Not valid before: 2011-11-03T12:30:53+00:00
1306. | Not valid after: 2021-10-31T12:30:53+00:00
1307. | MD5: f99e 81ce c2eb c918 4b01 ecd4 d38d cc41
1308. |_SHA-1: 62b7 9d5d 5042 d4d2 ffdb 5dbe 2a70 1bb3 605d fc3f
1309. |_ssl-date: 2014-10-02T12:16:29+00:00; -2m58s from local time.
1310. 2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
1311. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
1312. SF-Port80-TCP:V=6.25%I=7%D=10/2%Time=542D4167%P=i686-pc-linux-gnu%r(GetReq
1313. SF:uest,197,"HTTP/1\.1\x20302\x20Found\r\nDate:\x20Thu,\x2002\x20Oct\x2020
1314. SF:14\x2012:10:30\x20GMT\r\nServer:\x20Apache\r\nLocation:\x20https://:800
1315. SF:6/\r\nVary:\x20Accept-Encoding\r\nContent-Length:\x20198\r\nConnection:
1316. SF:\x20close\r\nContent-Type:\x20text/html;\x20charset=iso-8859-1\r\n\r\n<
1317. SF:!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//IETF//DTD\x20HTML\x202\.0//EN\">\n<h
1318. SF:tml><head>\n<title>302\x20Found</title>\n</head><body>\n<h1>Found</h1>\
1319. SF:n<p>The\x20document\x20has\x20moved\x20<a\x20href=\"https://:8006/\">he
1320. SF:re</a>\.</p>\n</body></html>\n")%r(HTTPOptions,197,"HTTP/1\.1\x20302\x2
1321. SF:0Found\r\nDate:\x20Thu,\x2002\x20Oct\x202014\x2012:10:30\x20GMT\r\nServ
1322. SF:er:\x20Apache\r\nLocation:\x20https://:8006/\r\nVary:\x20Accept-Encodin
1323. SF:g\r\nContent-Length:\x20198\r\nConnection:\x20close\r\nContent-Type:\x2
1324. SF:0text/html;\x20charset=iso-8859-1\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x2
1325. SF:0\"-//IETF//DTD\x20HTML\x202\.0//EN\">\n<html><head>\n<title>302\x20Fou
1326. SF:nd</title>\n</head><body>\n<h1>Found</h1>\n<p>The\x20document\x20has\x2
1327. SF:0moved\x20<a\x20href=\"https://:8006/\">here</a>\.</p>\n</body></html>\
1328. SF:n")%r(RTSPRequest,197,"HTTP/1\.1\x20302\x20Found\r\nDate:\x20Thu,\x2002
1329. SF:\x20Oct\x202014\x2012:10:30\x20GMT\r\nServer:\x20Apache\r\nLocation:\x2
1330. SF:0https://:8006/\r\nVary:\x20Accept-Encoding\r\nContent-Length:\x20198\r
1331. SF:\nConnection:\x20close\r\nContent-Type:\x20text/html;\x20charset=iso-88
1332. SF:59-1\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//IETF//DTD\x20HTML\x202\
1333. SF:.0//EN\">\n<html><head>\n<title>302\x20Found</title>\n</head><body>\n<h
1334. SF:1>Found</h1>\n<p>The\x20document\x20has\x20moved\x20<a\x20href=\"https:
1335. SF://:8006/\">here</a>\.</p>\n</body></html>\n")%r(FourOhFourRequest,1D1,"
1336. SF:HTTP/1\.1\x20302\x20Found\r\nDate:\x20Thu,\x2002\x20Oct\x202014\x2012:1
1337. SF:0:35\x20GMT\r\nServer:\x20Apache\r\nLocation:\x20https://:8006/nice%20p
1338. SF:orts,/Trinity\.txt\.bak\r\nVary:\x20Accept-Encoding\r\nContent-Length:\
1339. SF:x20227\r\nConnection:\x20close\r\nContent-Type:\x20text/html;\x20charse
1340. SF:t=iso-8859-1\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//IETF//DTD\x20HT
1341. SF:ML\x202\.0//EN\">\n<html><head>\n<title>302\x20Found</title>\n</head><b
1342. SF:ody>\n<h1>Found</h1>\n<p>The\x20document\x20has\x20moved\x20<a\x20href=
1343. SF:\"https://:8006/nice%20ports,/Trinity\.txt\.bak\">here</a>\.</p>\n</bod
1344. SF:y></html>\n");
1345. ==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
1346. SF-Port443-TCP:V=6.25%T=SSL%I=7%D=10/2%Time=542D4170%P=i686-pc-linux-gnu%r
1347. SF:(GetRequest,197,"HTTP/1\.1\x20302\x20Found\r\nDate:\x20Thu,\x2002\x20Oc
1348. SF:t\x202014\x2012:10:39\x20GMT\r\nServer:\x20Apache\r\nLocation:\x20https
1349. SF:://:8006/\r\nVary:\x20Accept-Encoding\r\nContent-Length:\x20198\r\nConn
1350. SF:ection:\x20close\r\nContent-Type:\x20text/html;\x20charset=iso-8859-1\r
1351. SF:\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//IETF//DTD\x20HTML\x202\.0//EN
1352. SF:\">\n<html><head>\n<title>302\x20Found</title>\n</head><body>\n<h1>Foun
1353. SF:d</h1>\n<p>The\x20document\x20has\x20moved\x20<a\x20href=\"https://:800
1354. SF:6/\">here</a>\.</p>\n</body></html>\n")%r(HTTPOptions,197,"HTTP/1\.1\x2
1355. SF:0302\x20Found\r\nDate:\x20Thu,\x2002\x20Oct\x202014\x2012:10:44\x20GMT\
1356. SF:r\nServer:\x20Apache\r\nLocation:\x20https://:8006/\r\nVary:\x20Accept-
1357. SF:Encoding\r\nContent-Length:\x20198\r\nConnection:\x20close\r\nContent-T
1358. SF:ype:\x20text/html;\x20charset=iso-8859-1\r\n\r\n<!DOCTYPE\x20HTML\x20PU
1359. SF:BLIC\x20\"-//IETF//DTD\x20HTML\x202\.0//EN\">\n<html><head>\n<title>302
1360. SF:\x20Found</title>\n</head><body>\n<h1>Found</h1>\n<p>The\x20document\x2
1361. SF:0has\x20moved\x20<a\x20href=\"https://:8006/\">here</a>\.</p>\n</body><
1362. SF:/html>\n")%r(RTSPRequest,197,"HTTP/1\.1\x20302\x20Found\r\nDate:\x20Thu
1363. SF:,\x2002\x20Oct\x202014\x2012:10:44\x20GMT\r\nServer:\x20Apache\r\nLocat
1364. SF:ion:\x20https://:8006/\r\nVary:\x20Accept-Encoding\r\nContent-Length:\x
1365. SF:20198\r\nConnection:\x20close\r\nContent-Type:\x20text/html;\x20charset
1366. SF:=iso-8859-1\r\n\r\n<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//IETF//DTD\x20HTM
1367. SF:L\x202\.0//EN\">\n<html><head>\n<title>302\x20Found</title>\n</head><bo
1368. SF:dy>\n<h1>Found</h1>\n<p>The\x20document\x20has\x20moved\x20<a\x20href=\
1369. SF:"https://:8006/\">here</a>\.</p>\n</body></html>\n")%r(Help,C6,"<!DOCTY
1370. SF:PE\x20HTML\x20PUBLIC\x20\"-//IETF//DTD\x20HTML\x202\.0//EN\">\n<html><h
1371. SF:ead>\n<title>302\x20Found</title>\n</head><body>\n<h1>Found</h1>\n<p>Th
1372. SF:e\x20document\x20has\x20moved\x20<a\x20href=\"https://:8006/\">here</a>
1373. SF:\.</p>\n</body></html>\n")%r(SSLSessionReq,C6,"<!DOCTYPE\x20HTML\x20PUB
1374. SF:LIC\x20\"-//IETF//DTD\x20HTML\x202\.0//EN\">\n<html><head>\n<title>302\
1375. SF:x20Found</title>\n</head><body>\n<h1>Found</h1>\n<p>The\x20document\x20
1376. SF:has\x20moved\x20<a\x20href=\"https://:8006/\">here</a>\.</p>\n</body></
1377. SF:html>\n");
1378. MAC Address: 78:2B:CB:89:66:F9 (Dell)
1379. Device type: general purpose
1380. Running: Linux 2.6.X
1381. OS CPE: cpe:/o:linux:linux_kernel:2.6
1382. OS details: Linux 2.6.24 - 2.6.36
1383. Uptime guess: 7.175 days (since Thu Sep 25 04:07:27 2014)
1384. Network Distance: 1 hop
1385. TCP Sequence Prediction: Difficulty=203 (Good luck!)
1386. IP ID Sequence Generation: All zeros
1387. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1388.  
1389. TRACEROUTE
1390. HOP RTT ADDRESS
1391. 1 5.17 ms thor.cs2lab.edu (192.168.1.50)
1392.  
1393. Nmap scan report for droid11.cs2lab.edu (192.168.1.81)
1394. Host is up (0.0056s latency).
1395. Not shown: 996 filtered ports
1396. PORT STATE SERVICE VERSION
1397. 135/tcp open msrpc Microsoft Windows RPC
1398. 139/tcp open netbios-ssn
1399. 445/tcp open netbios-ssn
1400. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1401. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
1402. |_http-title: Service Unavailable
1403. MAC Address: 90:B1:1C:5C:A7:C1 (Unknown)
1404. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1405. Device type: general purpose|phone
1406. Running: Microsoft Windows Vista|2008|7|Phone
1407. OS CPE: cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows
1408. OS details: Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
1409. Uptime guess: 0.056 days (since Thu Oct 2 06:59:06 2014)
1410. Network Distance: 1 hop
1411. TCP Sequence Prediction: Difficulty=262 (Good luck!)
1412. IP ID Sequence Generation: Incremental
1413. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1414.  
1415. Host script results:
1416. | nbstat:
1417. | NetBIOS name: SECI041, NetBIOS user: <unknown>, NetBIOS MAC: 90:b1:1c:5c:a7:c1 (unknown)
1418. | Names
1419. | SECI041<00> Flags: <unique><active>
1420. | WORKGROUP<00> Flags: <group><active>
1421. |_ SECI041<20> Flags: <unique><active>
1422. | smb-security-mode:
1423. | User-level authentication
1424. | SMB Security: Challenge/response passwords supported
1425. |_ Message signing disabled (dangerous, but default)
1426. |_smbv2-enabled: Server supports SMBv2 protocol
1427.  
1428. TRACEROUTE
1429. HOP RTT ADDRESS
1430. 1 5.57 ms droid11.cs2lab.edu (192.168.1.81)
1431.  
1432. Nmap scan report for droid14.cs2lab.edu (192.168.1.84)
1433. Host is up (0.0066s latency).
1434. Not shown: 996 filtered ports
1435. PORT STATE SERVICE VERSION
1436. 135/tcp open msrpc Microsoft Windows RPC
1437. 139/tcp open netbios-ssn
1438. 445/tcp open netbios-ssn
1439. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1440. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
1441. |_http-title: Service Unavailable
1442. MAC Address: D4:BE:D9:A2:A2:4E (Dell)
1443. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1444. Device type: general purpose|phone
1445. Running: Microsoft Windows 7|Vista|2008|Phone
1446. OS CPE: cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows
1447. OS details: Microsoft Windows 7 Professional, Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
1448. Uptime guess: 0.091 days (since Thu Oct 2 06:09:05 2014)
1449. Network Distance: 1 hop
1450. TCP Sequence Prediction: Difficulty=261 (Good luck!)
1451. IP ID Sequence Generation: Incremental
1452. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1453.  
1454. Host script results:
1455. | nbstat:
1456. | NetBIOS name: SECI070, NetBIOS user: <unknown>, NetBIOS MAC: d4:be:d9:a2:a2:4e (Dell)
1457. | Names
1458. | SECI070<00> Flags: <unique><active>
1459. | WORKGROUP<00> Flags: <group><active>
1460. |_ SECI070<20> Flags: <unique><active>
1461. | smb-security-mode:
1462. | User-level authentication
1463. | SMB Security: Challenge/response passwords supported
1464. |_ Message signing disabled (dangerous, but default)
1465. |_smbv2-enabled: Server supports SMBv2 protocol
1466.  
1467. TRACEROUTE
1468. HOP RTT ADDRESS
1469. 1 6.65 ms droid14.cs2lab.edu (192.168.1.84)
1470.  
1471. Nmap scan report for droid15.cs2lab.edu (192.168.1.85)
1472. Host is up (0.0067s latency).
1473. Not shown: 996 filtered ports
1474. PORT STATE SERVICE VERSION
1475. 135/tcp open msrpc Microsoft Windows RPC
1476. 139/tcp open netbios-ssn
1477. 445/tcp open netbios-ssn
1478. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1479. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
1480. |_http-title: Service Unavailable
1481. MAC Address: 90:B1:1C:5D:15:37 (Unknown)
1482. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1483. Device type: general purpose|phone
1484. Running: Microsoft Windows 7|Vista|2008|Phone
1485. OS CPE: cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows
1486. OS details: Microsoft Windows 7 Professional, Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
1487. Uptime guess: 0.099 days (since Thu Oct 2 05:56:53 2014)
1488. Network Distance: 1 hop
1489. TCP Sequence Prediction: Difficulty=258 (Good luck!)
1490. IP ID Sequence Generation: Incremental
1491. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1492.  
1493. Host script results:
1494. | nbstat:
1495. | NetBIOS name: SECI030, NetBIOS user: <unknown>, NetBIOS MAC: 90:b1:1c:5d:15:37 (unknown)
1496. | Names
1497. | WORKGROUP<00> Flags: <group><active>
1498. | SECI030<00> Flags: <unique><active>
1499. |_ SECI030<20> Flags: <unique><active>
1500. | smb-security-mode:
1501. | Account that was used for smb scripts: guest
1502. | User-level authentication
1503. | SMB Security: Challenge/response passwords supported
1504. |_ Message signing disabled (dangerous, but default)
1505. |_smbv2-enabled: Server supports SMBv2 protocol
1506.  
1507. TRACEROUTE
1508. HOP RTT ADDRESS
1509. 1 6.75 ms droid15.cs2lab.edu (192.168.1.85)
1510.  
1511. Nmap scan report for droid16.cs2lab.edu (192.168.1.86)
1512. Host is up (0.0068s latency).
1513. Not shown: 996 filtered ports
1514. PORT STATE SERVICE VERSION
1515. 135/tcp open msrpc Microsoft Windows RPC
1516. 139/tcp open netbios-ssn
1517. 445/tcp open netbios-ssn
1518. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1519. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
1520. |_http-title: Service Unavailable
1521. MAC Address: 90:B1:1C:5C:A7:BE (Unknown)
1522. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1523. Device type: general purpose|phone
1524. Running: Microsoft Windows Vista|2008|7|Phone
1525. OS CPE: cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows
1526. OS details: Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
1527. Uptime guess: 0.045 days (since Thu Oct 2 07:15:00 2014)
1528. Network Distance: 1 hop
1529. TCP Sequence Prediction: Difficulty=263 (Good luck!)
1530. IP ID Sequence Generation: Incremental
1531. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1532.  
1533. Host script results:
1534. | nbstat:
1535. | NetBIOS name: SECI033, NetBIOS user: <unknown>, NetBIOS MAC: 90:b1:1c:5c:a7:be (unknown)
1536. | Names
1537. | WORKGROUP<00> Flags: <group><active>
1538. | SECI033<00> Flags: <unique><active>
1539. |_ SECI033<20> Flags: <unique><active>
1540. | smb-security-mode:
1541. | User-level authentication
1542. | SMB Security: Challenge/response passwords supported
1543. |_ Message signing disabled (dangerous, but default)
1544. |_smbv2-enabled: Server supports SMBv2 protocol
1545.  
1546. TRACEROUTE
1547. HOP RTT ADDRESS
1548. 1 6.80 ms droid16.cs2lab.edu (192.168.1.86)
1549.  
1550. Nmap scan report for droid20.cs2lab.edu (192.168.1.90)
1551. Host is up (0.0069s latency).
1552. Not shown: 996 filtered ports
1553. PORT STATE SERVICE VERSION
1554. 135/tcp open msrpc Microsoft Windows RPC
1555. 139/tcp open netbios-ssn
1556. 445/tcp open netbios-ssn
1557. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1558. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
1559. |_http-title: Service Unavailable
1560. MAC Address: D4:BE:D9:A2:E1:24 (Dell)
1561. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1562. Device type: general purpose|phone
1563. Running: Microsoft Windows Vista|2008|7|Phone
1564. OS CPE: cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows
1565. OS details: Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
1566. Uptime guess: 0.039 days (since Thu Oct 2 07:23:53 2014)
1567. Network Distance: 1 hop
1568. TCP Sequence Prediction: Difficulty=264 (Good luck!)
1569. IP ID Sequence Generation: Incremental
1570. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1571.  
1572. Host script results:
1573. | nbstat:
1574. | NetBIOS name: SECI015, NetBIOS user: <unknown>, NetBIOS MAC: d4:be:d9:a2:e1:24 (Dell)
1575. | Names
1576. | SECI015<00> Flags: <unique><active>
1577. | WORKGROUP<00> Flags: <group><active>
1578. |_ SECI015<20> Flags: <unique><active>
1579. | smb-security-mode:
1580. | Account that was used for smb scripts: guest
1581. | User-level authentication
1582. | SMB Security: Challenge/response passwords supported
1583. |_ Message signing disabled (dangerous, but default)
1584. |_smbv2-enabled: Server supports SMBv2 protocol
1585.  
1586. TRACEROUTE
1587. HOP RTT ADDRESS
1588. 1 6.94 ms droid20.cs2lab.edu (192.168.1.90)
1589.  
1590. Nmap scan report for 192.168.1.103
1591. Host is up (0.0057s latency).
1592. Not shown: 977 closed ports
1593. PORT STATE SERVICE VERSION
1594. 21/tcp open ftp vsftpd 2.3.4
1595. |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
1596. 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
1597. | ssh-hostkey: 1024 60:0f:cf:e1:c0:5f:6a:74:d6:90:24:fa:c4:d5:6c:cd (DSA)
1598. |_2048 56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3 (RSA)
1599. 23/tcp open telnet Linux telnetd
1600. 25/tcp open smtp Postfix smtpd
1601. |_smtp-commands: metasploitable.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1602. | ssl-cert: Subject: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
1603. | Issuer: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
1604. | Public Key type: rsa
1605. | Public Key bits: 1024
1606. | Not valid before: 2010-03-17T13:07:45+00:00
1607. | Not valid after: 2010-04-16T13:07:45+00:00
1608. | MD5: dcd9 ad90 6c8f 2f73 74af 383b 2540 8828
1609. |_SHA-1: ed09 3088 7066 03bf d5dc 2373 99b4 98da 2d4d 31c6
1610. |_ssl-date: 2014-10-02T12:15:32+00:00; -2m58s from local time.
1611. 53/tcp open domain ISC BIND 9.4.2
1612. | dns-nsid:
1613. |_ bind.version: 9.4.2
1614. 80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2)
1615. |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
1616. |_http-title: Metasploitable2 - Linux
1617. 111/tcp open rpcbind 2 (RPC #100000)
1618. | rpcinfo:
1619. | program version port/proto service
1620. | 100000 2 111/tcp rpcbind
1621. | 100000 2 111/udp rpcbind
1622. | 100003 2,3,4 2049/tcp nfs
1623. | 100003 2,3,4 2049/udp nfs
1624. | 100005 1,2,3 34612/tcp mountd
1625. | 100005 1,2,3 43318/udp mountd
1626. | 100021 1,3,4 53412/udp nlockmgr
1627. | 100021 1,3,4 56392/tcp nlockmgr
1628. | 100024 1 48893/udp status
1629. |_ 100024 1 55990/tcp status
1630. 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
1631. 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
1632. 512/tcp open exec netkit-rsh rexecd
1633. 513/tcp open login?
1634. 514/tcp open shell?
1635. 1099/tcp open rmiregistry GNU Classpath grmiregistry
1636. |_rmi-dumpregistry: Registry listing failed (No return data received from server)
1637. 1524/tcp open ingreslock?
1638. 2049/tcp open nfs 2-4 (RPC #100003)
1639. 2121/tcp open ftp ProFTPD 1.3.1
1640. 3306/tcp open mysql MySQL 5.0.51a-3ubuntu5
1641. | mysql-info: Protocol: 10
1642. | Version: 5.0.51a-3ubuntu5
1643. | Thread ID: 8
1644. | Some Capabilities: Connect with DB, Compress, SSL, Transactions, Secure Connection
1645. | Status: Autocommit
1646. |_Salt: Ie@PS.,1S,#g^$3vy!0o
1647. 5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7
1648. 5900/tcp open vnc VNC (protocol 3.3)
1649. | vnc-info:
1650. | Protocol version: 3.3
1651. | Security types:
1652. |_ Unknown security type (33554432)
1653. 6000/tcp open X11 (access denied)
1654. 6667/tcp open irc Unreal ircd
1655. | irc-info: Server: irc.Metasploitable.LAN
1656. | Version: Unreal3.2.8.1. irc.Metasploitable.LAN
1657. | Lservers/Lusers: 0/1
1658. | Uptime: 0 days, 0:40:17
1659. | Source host: BD1A38F2.78DED367.FFFA6D49.IP
1660. |_Source ident: OK nmap
1661. 8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
1662. |_ajp-methods: Failed to get a valid response for the OPTION request
1663. 8180/tcp open http Apache Tomcat/Coyote JSP engine 1.1
1664. |_http-favicon: Apache Tomcat
1665. |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
1666. |_http-title: Apache Tomcat/5.5
1667. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
1668. SF-Port1524-TCP:V=6.25%I=7%D=10/2%Time=542D4184%P=i686-pc-linux-gnu%r(NULL
1669. SF:,17,"root@metasploitable:/#\x20")%r(GenericLines,73,"root@metasploitabl
1670. SF:e:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20root@metasp
1671. SF:loitable:/#\x20root@metasploitable:/#\x20")%r(GetRequest,17,"root@metas
1672. SF:ploitable:/#\x20")%r(HTTPOptions,94,"root@metasploitable:/#\x20bash:\x2
1673. SF:0OPTIONS:\x20command\x20not\x20found\nroot@metasploitable:/#\x20root@me
1674. SF:tasploitable:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20
1675. SF:")%r(RTSPRequest,94,"root@metasploitable:/#\x20bash:\x20OPTIONS:\x20com
1676. SF:mand\x20not\x20found\nroot@metasploitable:/#\x20root@metasploitable:/#\
1677. SF:x20root@metasploitable:/#\x20root@metasploitable:/#\x20")%r(RPCCheck,17
1678. SF:,"root@metasploitable:/#\x20")%r(DNSVersionBindReq,17,"root@metasploita
1679. SF:ble:/#\x20")%r(DNSStatusRequest,17,"root@metasploitable:/#\x20")%r(Help
1680. SF:,63,"root@metasploitable:/#\x20bash:\x20HELP:\x20command\x20not\x20foun
1681. SF:d\nroot@metasploitable:/#\x20root@metasploitable:/#\x20")%r(SSLSessionR
1682. SF:eq,51,"root@metasploitable:/#\x20bash:\x20{O\?G,\x03Sw=:\x20command\x20
1683. SF:not\x20found\nroot@metasploitable:/#\x20")%r(Kerberos,AB,"root@metasplo
1684. SF:itable:/#\x20bash:\x20qjn0k:\x20command\x20not\x20found\nroot@metasploi
1685. SF:table:/#\x20root@metasploitable:/#\x20\x1b\[H\x1b\[Jbash:\x200krbtgtNM\
1686. SF:x18:\x20command\x20not\x20found\n\x1b\[H\x1b\[Jroot@metasploitable:/#\x
1687. SF:20")%r(SMBProgNeg,17,"root@metasploitable:/#\x20")%r(X11Probe,17,"root@
1688. SF:metasploitable:/#\x20")%r(FourOhFourRequest,17,"root@metasploitable:/#\
1689. SF:x20")%r(LPDString,4F,"root@metasploitable:/#\x20bash:\x20default:\x20co
1690. SF:mmand\x20not\x20found\nroot@metasploitable:/#\x20")%r(LDAPBindReq,17,"r
1691. SF:oot@metasploitable:/#\x20")%r(SIPOptions,395,"root@metasploitable:/#\x2
1692. SF:0bash:\x20OPTIONS:\x20command\x20not\x20found\nroot@metasploitable:/#\x
1693. SF:20root@metasploitable:/#\x20bash:\x20Via::\x20command\x20not\x20found\n
1694. SF:root@metasploitable:/#\x20root@metasploitable:/#\x20bash:\x20syntax\x20
1695. SF:error\x20near\x20unexpected\x20token\x20`;'\nroot@metasploitable:/#\x20
1696. SF:root@metasploitable:/#\x20bash:\x20syntax\x20error\x20near\x20unexpecte
1697. SF:d\x20token\x20`newline'\nroot@metasploitable:/#\x20root@metasploitable:
1698. SF:/#\x20bash:\x20Call-ID::\x20command\x20not\x20found\nroot@metasploitabl
1699. SF:e:/#\x20root@metasploitable:/#\x20bash:\x20CSeq::\x20command\x20not\x20
1700. SF:found\nroot@metasploitable:/#\x20root@metasploitable:/#\x20bash:\x20Max
1701. SF:-Forwards::\x20command\x20not\x20found\nroot@metasploitable:/#\x20root@
1702. SF:metasploitable:/#\x20bash:\x20Content-Length::\x20command\x20not\x20fou
1703. SF:nd\nroot@metasploitable:/#\x20root@metasploitable:/#\x20bash:\x20syntax
1704. SF:\x20error\x20near\x20unexpected\x20token\x20`newline'\nroot@metasploita
1705. SF:ble:/#\x20root@metasploitable:/#\x20bash:\x20Accept::\x20command\x20not
1706. SF:\x20found\nroot@metasploitable:/#\x20root@metasploitable:/#\x20root@met
1707. SF:asploitable:/#\x20root@m");
1708. MAC Address: 08:00:C0:FF:E1:23 (Unknown)
1709. Device type: general purpose
1710. Running: Linux 2.6.X
1711. OS CPE: cpe:/o:linux:linux_kernel:2.6
1712. OS details: Linux 2.6.9 - 2.6.33
1713. Uptime guess: 0.027 days (since Thu Oct 2 07:41:15 2014)
1714. Network Distance: 1 hop
1715. TCP Sequence Prediction: Difficulty=196 (Good luck!)
1716. IP ID Sequence Generation: All zeros
1717. Service Info: Hosts: metasploitable.localdomain, localhost, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
1718.  
1719. Host script results:
1720. | nbstat:
1721. | NetBIOS name: METASPLOITABLE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
1722. | Names
1723. | METASPLOITABLE<00> Flags: <unique><active>
1724. | METASPLOITABLE<03> Flags: <unique><active>
1725. | METASPLOITABLE<20> Flags: <unique><active>
1726. | WORKGROUP<00> Flags: <group><active>
1727. |_ WORKGROUP<1e> Flags: <group><active>
1728. | smb-os-discovery:
1729. | OS: Unix (Samba 3.0.20-Debian)
1730. | NetBIOS computer name:
1731. | Workgroup: WORKGROUP
1732. |_ System time: 2014-10-02T08:16:28-04:00
1733.  
1734. TRACEROUTE
1735. HOP RTT ADDRESS
1736. 1 5.71 ms 192.168.1.103
1737.  
1738. Nmap scan report for 192.168.1.104
1739. Host is up (0.0057s latency).
1740. Not shown: 977 closed ports
1741. PORT STATE SERVICE VERSION
1742. 21/tcp open ftp vsftpd 2.3.4
1743. |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
1744. 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
1745. | ssh-hostkey: 1024 60:0f:cf:e1:c0:5f:6a:74:d6:90:24:fa:c4:d5:6c:cd (DSA)
1746. |_2048 56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3 (RSA)
1747. 23/tcp open telnet Linux telnetd
1748. 25/tcp open smtp Postfix smtpd
1749. |_smtp-commands: metasploitable.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1750. | ssl-cert: Subject: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
1751. | Issuer: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
1752. | Public Key type: rsa
1753. | Public Key bits: 1024
1754. | Not valid before: 2010-03-17T13:07:45+00:00
1755. | Not valid after: 2010-04-16T13:07:45+00:00
1756. | MD5: dcd9 ad90 6c8f 2f73 74af 383b 2540 8828
1757. |_SHA-1: ed09 3088 7066 03bf d5dc 2373 99b4 98da 2d4d 31c6
1758. |_ssl-date: 2014-10-02T11:52:18+00:00; -26m30s from local time.
1759. 53/tcp open domain ISC BIND 9.4.2
1760. | dns-nsid:
1761. |_ bind.version: 9.4.2
1762. 80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2)
1763. |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
1764. |_http-title: Metasploitable2 - Linux
1765. 111/tcp open rpcbind 2 (RPC #100000)
1766. | rpcinfo:
1767. | program version port/proto service
1768. | 100000 2 111/tcp rpcbind
1769. | 100000 2 111/udp rpcbind
1770. | 100003 2,3,4 2049/tcp nfs
1771. | 100003 2,3,4 2049/udp nfs
1772. | 100005 1,2,3 39616/udp mountd
1773. | 100005 1,2,3 40629/tcp mountd
1774. | 100021 1,3,4 37495/tcp nlockmgr
1775. | 100021 1,3,4 41782/udp nlockmgr
1776. | 100024 1 35945/udp status
1777. |_ 100024 1 50926/tcp status
1778. 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
1779. 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
1780. 512/tcp open exec netkit-rsh rexecd
1781. 513/tcp open login?
1782. 514/tcp open shell?
1783. 1099/tcp open rmiregistry GNU Classpath grmiregistry
1784. |_rmi-dumpregistry: Registry listing failed (No return data received from server)
1785. 1524/tcp open ingreslock?
1786. 2049/tcp open nfs 2-4 (RPC #100003)
1787. 2121/tcp open ftp ProFTPD 1.3.1
1788. 3306/tcp open mysql MySQL 5.0.51a-3ubuntu5
1789. | mysql-info: Protocol: 10
1790. | Version: 5.0.51a-3ubuntu5
1791. | Thread ID: 8
1792. | Some Capabilities: Connect with DB, Compress, SSL, Transactions, Secure Connection
1793. | Status: Autocommit
1794. |_Salt: &u?uT%VfzV{.kTD5z-m_
1795. 5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7
1796. 5900/tcp open vnc VNC (protocol 3.3)
1797. | vnc-info:
1798. | Protocol version: 3.3
1799. | Security types:
1800. |_ Unknown security type (33554432)
1801. 6000/tcp open X11 (access denied)
1802. 6667/tcp open irc Unreal ircd
1803. | irc-info: Server: irc.Metasploitable.LAN
1804. | Version: Unreal3.2.8.1. irc.Metasploitable.LAN
1805. | Lservers/Lusers: 0/1
1806. | Uptime: 0 days, 20:55:22
1807. | Source host: BD1A38F2.78DED367.FFFA6D49.IP
1808. |_Source ident: OK nmap
1809. 8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
1810. |_ajp-methods: Failed to get a valid response for the OPTION request
1811. 8180/tcp open http Apache Tomcat/Coyote JSP engine 1.1
1812. |_http-favicon: Apache Tomcat
1813. |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
1814. |_http-title: Apache Tomcat/5.5
1815. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
1816. SF-Port1524-TCP:V=6.25%I=7%D=10/2%Time=542D4192%P=i686-pc-linux-gnu%r(NULL
1817. SF:,17,"root@metasploitable:/#\x20")%r(GenericLines,73,"root@metasploitabl
1818. SF:e:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20root@metasp
1819. SF:loitable:/#\x20root@metasploitable:/#\x20")%r(GetRequest,17,"root@metas
1820. SF:ploitable:/#\x20")%r(HTTPOptions,94,"root@metasploitable:/#\x20bash:\x2
1821. SF:0OPTIONS:\x20command\x20not\x20found\nroot@metasploitable:/#\x20root@me
1822. SF:tasploitable:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20
1823. SF:")%r(RTSPRequest,94,"root@metasploitable:/#\x20bash:\x20OPTIONS:\x20com
1824. SF:mand\x20not\x20found\nroot@metasploitable:/#\x20root@metasploitable:/#\
1825. SF:x20root@metasploitable:/#\x20root@metasploitable:/#\x20")%r(RPCCheck,17
1826. SF:,"root@metasploitable:/#\x20")%r(DNSVersionBindReq,17,"root@metasploita
1827. SF:ble:/#\x20")%r(DNSStatusRequest,17,"root@metasploitable:/#\x20")%r(Help
1828. SF:,63,"root@metasploitable:/#\x20bash:\x20HELP:\x20command\x20not\x20foun
1829. SF:d\nroot@metasploitable:/#\x20root@metasploitable:/#\x20")%r(SSLSessionR
1830. SF:eq,51,"root@metasploitable:/#\x20bash:\x20{O\?G,\x03Sw=:\x20command\x20
1831. SF:not\x20found\nroot@metasploitable:/#\x20")%r(Kerberos,AB,"root@metasplo
1832. SF:itable:/#\x20bash:\x20qjn0k:\x20command\x20not\x20found\nroot@metasploi
1833. SF:table:/#\x20root@metasploitable:/#\x20\x1b\[H\x1b\[Jbash:\x200krbtgtNM\
1834. SF:x18:\x20command\x20not\x20found\n\x1b\[H\x1b\[Jroot@metasploitable:/#\x
1835. SF:20")%r(SMBProgNeg,17,"root@metasploitable:/#\x20")%r(X11Probe,17,"root@
1836. SF:metasploitable:/#\x20")%r(FourOhFourRequest,5A9,"root@metasploitable:/#
1837. SF:\x20<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x20Fr
1838. SF:ameset//EN\"\x20\"http://www\.w3\.org/TR/html4/frameset\.dtd\">\n<!--\x
1839. SF:20turing_cluster_prod\x20-->\n<html>\n\x20\x20<head>\n\x20\x20\x20\x20<
1840. SF:meta\x20http-equiv=\"Content-Type\"\x20content=\"text/html;\x20charset=
1841. SF:utf-8\"\x20/>\n\n\x20\x20\x20\x20<title>http\.com</title>\n\x20\x20\x20
1842. SF:\x20<meta\x20name=\"keywords\"\x20content=\"http\.com\"\x20/>\n\x20\x20
1843. SF:\x20\x20<meta\x20name=\"description\"\x20content=\"http\.com\"\x20/>\n\
1844. SF:x20\x20\x20\x20<meta\x20name=\"robots\"\x20content=\"index,\x20follow\"
1845. SF:\x20/>\n\x20\x20\x20\x20<meta\x20name=\"revisit-after\"\x20content=\"10
1846. SF:\"\x20/>\n\n\n\x20\x20\x20\x20<meta\x20name=\"viewport\"\x20content=\"w
1847. SF:idth=device-width,\x20initial-scale=1\.0\"\x20/>\x20\n\n\n\x20\x20\x20\
1848. SF:x20\n\x20\x20\x20\x20<script\x20type=\"text/javascript\">\n\x20\x20\x20
1849. SF:\x20\x20\x20document\.cookie\x20=\x20\"jsc=1\";\n\x20\x20\x20\x20</scri
1850. SF:pt>\n\n\x20\x20</head>\n\x20\x20<frameset\x20rows=\"100%,\*\"\x20frameb
1851. SF:order=\"no\"\x20border=\"0\"\x20framespacing=\"0\">\n\x20\x20\x20\x20<f
1852. SF:rame\x20src=\"http://www\.http\.com\?epl=80DGqBI61BZD-8lWmjtGDQUGV1CQUD
1853. SF:hFchd_ymSfNCMP5tYktuwN8wKqeymhJSIWcMucwdb760p0cdF3Xm7x0B4w7LFsKAMDx435E
1854. SF:kOBTvCAlWJlbVgd51yNTzxqeTjxDJ22aipRl");
1855. MAC Address: 00:50:56:AB:34:E5 (VMware)
1856. Device type: general purpose
1857. Running: Linux 2.6.X
1858. OS CPE: cpe:/o:linux:linux_kernel:2.6
1859. OS details: Linux 2.6.9 - 2.6.33
1860. Uptime guess: 0.869 days (since Wed Oct 1 11:28:09 2014)
1861. Network Distance: 1 hop
1862. TCP Sequence Prediction: Difficulty=204 (Good luck!)
1863. IP ID Sequence Generation: All zeros
1864. Service Info: Hosts: metasploitable.localdomain, localhost, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
1865.  
1866. Host script results:
1867. | nbstat:
1868. | NetBIOS name: METASPLOITABLE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
1869. | Names
1870. | METASPLOITABLE<00> Flags: <unique><active>
1871. | METASPLOITABLE<03> Flags: <unique><active>
1872. | METASPLOITABLE<20> Flags: <unique><active>
1873. | WORKGROUP<00> Flags: <group><active>
1874. |_ WORKGROUP<1e> Flags: <group><active>
1875. | smb-os-discovery:
1876. | OS: Unix (Samba 3.0.20-Debian)
1877. | NetBIOS computer name:
1878. | Workgroup: WORKGROUP
1879. |_ System time: 2014-10-02T07:50:59-04:00
1880.  
1881. TRACEROUTE
1882. HOP RTT ADDRESS
1883. 1 5.72 ms 192.168.1.104
1884.  
1885. Nmap scan report for 192.168.1.112
1886. Host is up (0.0043s latency).
1887. All 1000 scanned ports on 192.168.1.112 are closed
1888. MAC Address: 08:00:27:31:29:5E (Cadmus Computer Systems)
1889. Too many fingerprints match this host to give specific OS details
1890. Network Distance: 1 hop
1891.  
1892. TRACEROUTE
1893. HOP RTT ADDRESS
1894. 1 4.35 ms 192.168.1.112
1895.  
1896. Nmap scan report for 192.168.1.114
1897. Host is up (0.0038s latency).
1898. All 1000 scanned ports on 192.168.1.114 are closed
1899. MAC Address: 00:50:56:01:06:C5 (VMware)
1900. Too many fingerprints match this host to give specific OS details
1901. Network Distance: 1 hop
1902.  
1903. TRACEROUTE
1904. HOP RTT ADDRESS
1905. 1 3.79 ms 192.168.1.114
1906.  
1907. Nmap scan report for 192.168.1.115
1908. Host is up (0.0037s latency).
1909. All 1000 scanned ports on 192.168.1.115 are closed
1910. MAC Address: 00:50:56:01:06:B3 (VMware)
1911. Too many fingerprints match this host to give specific OS details
1912. Network Distance: 1 hop
1913.  
1914. TRACEROUTE
1915. HOP RTT ADDRESS
1916. 1 3.71 ms 192.168.1.115
1917.  
1918. Nmap scan report for 192.168.1.117
1919. Host is up (0.039s latency).
1920. Not shown: 998 filtered ports
1921. PORT STATE SERVICE VERSION
1922. 88/tcp open kerberos-sec Heimdal Kerberos (server time: 2014-10-02 12:11:17Z)
1923. 5900/tcp open vnc Apple remote desktop vnc
1924. | vnc-info:
1925. |_ ERROR: ERROR
1926. MAC Address: B8:E8:56:2E:79:70 (Unknown)
1927. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1928. Device type: WAP|phone|specialized
1929. Running: Linksys Linux 2.4.X, Sony Ericsson embedded, iPXE 1.X
1930. OS CPE: cpe:/o:linksys:linux:2.4 cpe:/h:sonyericsson:u8i_vivaz cpe:/o:ipxe:ipxe:1.0.0%2b
1931. OS details: Tomato 1.28 (Linux 2.4.20), Sony Ericsson U8i Vivaz mobile phone, iPXE 1.0.0+
1932. Network Distance: 1 hop
1933. Service Info: OS: Mac OS X; CPE: cpe:/o:apple:mac_os_x
1934.  
1935. TRACEROUTE
1936. HOP RTT ADDRESS
1937. 1 39.05 ms 192.168.1.117
1938.  
1939. Nmap scan report for 192.168.1.118
1940. Host is up (0.0041s latency).
1941. Not shown: 990 closed ports
1942. PORT STATE SERVICE VERSION
1943. 135/tcp open msrpc Microsoft Windows RPC
1944. 139/tcp open netbios-ssn
1945. 445/tcp open netbios-ssn
1946. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1947. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
1948. |_http-title: Service Unavailable
1949. 49152/tcp open msrpc Microsoft Windows RPC
1950. 49153/tcp open msrpc Microsoft Windows RPC
1951. 49154/tcp open msrpc Microsoft Windows RPC
1952. 49155/tcp open msrpc Microsoft Windows RPC
1953. 49156/tcp open msrpc Microsoft Windows RPC
1954. 49157/tcp open msrpc Microsoft Windows RPC
1955. MAC Address: 08:00:27:54:57:41 (Cadmus Computer Systems)
1956. Device type: general purpose
1957. Running: Microsoft Windows 7|2008
1958. OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
1959. OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
1960. Uptime guess: 0.065 days (since Thu Oct 2 06:46:42 2014)
1961. Network Distance: 1 hop
1962. TCP Sequence Prediction: Difficulty=261 (Good luck!)
1963. IP ID Sequence Generation: Incremental
1964. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1965.  
1966. Host script results:
1967. | smb-os-discovery:
1968. | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
1969. | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
1970. | Computer name: cs2lab-PC
1971. | NetBIOS computer name: CS2LAB-PC
1972. | Workgroup: WORKGROUP
1973. |_ System time: 2014-10-02T14:15:12+02:00
1974. | smb-security-mode:
1975. | Account that was used for smb scripts: guest
1976. | User-level authentication
1977. | SMB Security: Challenge/response passwords supported
1978. |_ Message signing disabled (dangerous, but default)
1979. |_smbv2-enabled: Server supports SMBv2 protocol
1980.  
1981. TRACEROUTE
1982. HOP RTT ADDRESS
1983. 1 4.07 ms 192.168.1.118
1984.  
1985. Nmap scan report for 192.168.1.121
1986. Host is up (0.0040s latency).
1987. All 1000 scanned ports on 192.168.1.121 are closed
1988. MAC Address: 08:00:27:7A:0B:13 (Cadmus Computer Systems)
1989. Too many fingerprints match this host to give specific OS details
1990. Network Distance: 1 hop
1991.  
1992. TRACEROUTE
1993. HOP RTT ADDRESS
1994. 1 4.02 ms 192.168.1.121
1995.  
1996. Nmap scan report for 192.168.1.125
1997. Host is up (0.0048s latency).
1998. Not shown: 989 closed ports
1999. PORT STATE SERVICE VERSION
2000. 135/tcp open msrpc Microsoft Windows RPC
2001. 139/tcp open netbios-ssn
2002. 445/tcp open netbios-ssn
2003. 999/tcp open winshell Microsoft Windows 6.1.7601 cmd.exe (**BACKDOOR**)
2004. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2005. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
2006. |_http-title: Service Unavailable
2007. 49152/tcp open msrpc Microsoft Windows RPC
2008. 49153/tcp open msrpc Microsoft Windows RPC
2009. 49154/tcp open msrpc Microsoft Windows RPC
2010. 49155/tcp open msrpc Microsoft Windows RPC
2011. 49156/tcp open msrpc Microsoft Windows RPC
2012. 49157/tcp open msrpc Microsoft Windows RPC
2013. MAC Address: 08:00:27:3E:BB:32 (Cadmus Computer Systems)
2014. Device type: general purpose
2015. Running: Microsoft Windows 7|2008
2016. OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
2017. OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
2018. Uptime guess: 0.088 days (since Thu Oct 2 06:13:43 2014)
2019. Network Distance: 1 hop
2020. TCP Sequence Prediction: Difficulty=261 (Good luck!)
2021. IP ID Sequence Generation: Incremental
2022. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2023.  
2024. Host script results:
2025. | smb-os-discovery:
2026. | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
2027. | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
2028. | Computer name: cs2lab-PC
2029. | NetBIOS computer name: CS2LAB-PC
2030. | Workgroup: WORKGROUP
2031. |_ System time: 2014-10-02T14:14:43+02:00
2032. | smb-security-mode:
2033. | Account that was used for smb scripts: <blank>
2034. | User-level authentication
2035. | SMB Security: Challenge/response passwords supported
2036. |_ Message signing disabled (dangerous, but default)
2037. |_smbv2-enabled: Server supports SMBv2 protocol
2038.  
2039. TRACEROUTE
2040. HOP RTT ADDRESS
2041. 1 4.75 ms 192.168.1.125
2042.  
2043. Nmap scan report for 192.168.1.127
2044. Host is up (0.0053s latency).
2045. All 1000 scanned ports on 192.168.1.127 are closed
2046. MAC Address: 08:00:27:AE:82:11 (Cadmus Computer Systems)
2047. Too many fingerprints match this host to give specific OS details
2048. Network Distance: 1 hop
2049.  
2050. TRACEROUTE
2051. HOP RTT ADDRESS
2052. 1 5.30 ms 192.168.1.127
2053.  
2054. Nmap scan report for 192.168.1.131
2055. Host is up (0.0044s latency).
2056. Not shown: 990 closed ports
2057. PORT STATE SERVICE VERSION
2058. 135/tcp open msrpc Microsoft Windows RPC
2059. 139/tcp open netbios-ssn
2060. 445/tcp open netbios-ssn
2061. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2062. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
2063. |_http-title: Service Unavailable
2064. 49152/tcp open msrpc Microsoft Windows RPC
2065. 49153/tcp open msrpc Microsoft Windows RPC
2066. 49154/tcp open msrpc Microsoft Windows RPC
2067. 49155/tcp open msrpc Microsoft Windows RPC
2068. 49156/tcp open msrpc Microsoft Windows RPC
2069. 49157/tcp open msrpc Microsoft Windows RPC
2070. MAC Address: 08:00:27:A0:43:AC (Cadmus Computer Systems)
2071. Device type: general purpose
2072. Running: Microsoft Windows 7|2008
2073. OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
2074. OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
2075. Uptime guess: 0.043 days (since Thu Oct 2 07:18:45 2014)
2076. Network Distance: 1 hop
2077. TCP Sequence Prediction: Difficulty=252 (Good luck!)
2078. IP ID Sequence Generation: Incremental
2079. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2080.  
2081. Host script results:
2082. | nbstat:
2083. | NetBIOS name: CS2LAB-PC, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:a0:43:ac (Cadmus Computer Systems)
2084. | Names
2085. |_ CS2LAB-PC<20> Flags: <unique><active>
2086. | smb-os-discovery:
2087. | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
2088. | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
2089. | Computer name: cs2lab-PC
2090. | NetBIOS computer name: CS2LAB-PC
2091. | Workgroup: WORKGROUP
2092. |_ System time: 2014-10-02T14:15:50+02:00
2093. | smb-security-mode:
2094. | Account that was used for smb scripts: guest
2095. | User-level authentication
2096. | SMB Security: Challenge/response passwords supported
2097. |_ Message signing disabled (dangerous, but default)
2098. |_smbv2-enabled: Server supports SMBv2 protocol
2099.  
2100. TRACEROUTE
2101. HOP RTT ADDRESS
2102. 1 4.39 ms 192.168.1.131
2103.  
2104. Nmap scan report for 192.168.1.134
2105. Host is up (0.0041s latency).
2106. All 1000 scanned ports on 192.168.1.134 are closed
2107. MAC Address: 00:50:56:01:06:BF (VMware)
2108. Too many fingerprints match this host to give specific OS details
2109. Network Distance: 1 hop
2110.  
2111. TRACEROUTE
2112. HOP RTT ADDRESS
2113. 1 4.13 ms 192.168.1.134
2114.  
2115. Nmap scan report for 192.168.1.136
2116. Host is up (0.0054s latency).
2117. Not shown: 977 closed ports
2118. PORT STATE SERVICE VERSION
2119. 21/tcp open ftp vsftpd 2.3.4
2120. |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
2121. 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0)
2122. | ssh-hostkey: 1024 60:0f:cf:e1:c0:5f:6a:74:d6:90:24:fa:c4:d5:6c:cd (DSA)
2123. |_2048 56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3 (RSA)
2124. 23/tcp open telnet Linux telnetd
2125. 25/tcp open smtp Postfix smtpd
2126. |_smtp-commands: metasploitable.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
2127. | ssl-cert: Subject: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
2128. | Issuer: commonName=ubuntu804-base.localdomain/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
2129. | Public Key type: rsa
2130. | Public Key bits: 1024
2131. | Not valid before: 2010-03-17T13:07:45+00:00
2132. | Not valid after: 2010-04-16T13:07:45+00:00
2133. | MD5: dcd9 ad90 6c8f 2f73 74af 383b 2540 8828
2134. |_SHA-1: ed09 3088 7066 03bf d5dc 2373 99b4 98da 2d4d 31c6
2135. |_ssl-date: 2014-10-02T12:16:29+00:00; -2m57s from local time.
2136. 53/tcp open domain ISC BIND 9.4.2
2137. | dns-nsid:
2138. |_ bind.version: 9.4.2
2139. 80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2)
2140. |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
2141. |_http-title: Metasploitable2 - Linux
2142. 111/tcp open rpcbind 2 (RPC #100000)
2143. | rpcinfo:
2144. | program version port/proto service
2145. | 100000 2 111/tcp rpcbind
2146. | 100000 2 111/udp rpcbind
2147. | 100003 2,3,4 2049/tcp nfs
2148. | 100003 2,3,4 2049/udp nfs
2149. | 100005 1,2,3 43132/udp mountd
2150. | 100005 1,2,3 47980/tcp mountd
2151. | 100021 1,3,4 49676/tcp nlockmgr
2152. | 100021 1,3,4 50928/udp nlockmgr
2153. | 100024 1 34488/tcp status
2154. |_ 100024 1 57037/udp status
2155. 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
2156. 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
2157. 512/tcp open exec netkit-rsh rexecd
2158. 513/tcp open login?
2159. 514/tcp open shell?
2160. 1099/tcp open rmiregistry GNU Classpath grmiregistry
2161. |_rmi-dumpregistry: Registry listing failed (No return data received from server)
2162. 1524/tcp open ingreslock?
2163. 2049/tcp open nfs 2-4 (RPC #100003)
2164. 2121/tcp open ftp ProFTPD 1.3.1
2165. 3306/tcp open mysql MySQL 5.0.51a-3ubuntu5
2166. | mysql-info: Protocol: 10
2167. | Version: 5.0.51a-3ubuntu5
2168. | Thread ID: 8
2169. | Some Capabilities: Connect with DB, Compress, SSL, Transactions, Secure Connection
2170. | Status: Autocommit
2171. |_Salt: 4k?9>l'zUy"96E:1'mqr
2172. 5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7
2173. 5900/tcp open vnc VNC (protocol 3.3)
2174. | vnc-info:
2175. | Protocol version: 3.3
2176. | Security types:
2177. |_ Unknown security type (33554432)
2178. 6000/tcp open X11 (access denied)
2179. 6667/tcp open irc Unreal ircd
2180. | irc-info: Server: irc.Metasploitable.LAN
2181. | Version: Unreal3.2.8.1. irc.Metasploitable.LAN
2182. | Lservers/Lusers: 0/1
2183. | Uptime: 0 days, 0:36:38
2184. | Source host: BD1A38F2.78DED367.FFFA6D49.IP
2185. |_Source ident: OK nmap
2186. 8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
2187. |_ajp-methods: Failed to get a valid response for the OPTION request
2188. 8180/tcp open http Apache Tomcat/Coyote JSP engine 1.1
2189. |_http-favicon: Apache Tomcat
2190. |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
2191. |_http-title: Apache Tomcat/5.5
2192. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
2193. SF-Port1524-TCP:V=6.25%I=7%D=10/2%Time=542D41B7%P=i686-pc-linux-gnu%r(NULL
2194. SF:,17,"root@metasploitable:/#\x20")%r(GenericLines,73,"root@metasploitabl
2195. SF:e:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20root@metasp
2196. SF:loitable:/#\x20root@metasploitable:/#\x20")%r(GetRequest,17,"root@metas
2197. SF:ploitable:/#\x20")%r(HTTPOptions,94,"root@metasploitable:/#\x20bash:\x2
2198. SF:0OPTIONS:\x20command\x20not\x20found\nroot@metasploitable:/#\x20root@me
2199. SF:tasploitable:/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20
2200. SF:")%r(RTSPRequest,94,"root@metasploitable:/#\x20bash:\x20OPTIONS:\x20com
2201. SF:mand\x20not\x20found\nroot@metasploitable:/#\x20root@metasploitable:/#\
2202. SF:x20root@metasploitable:/#\x20root@metasploitable:/#\x20")%r(RPCCheck,17
2203. SF:,"root@metasploitable:/#\x20")%r(DNSVersionBindReq,17,"root@metasploita
2204. SF:ble:/#\x20")%r(DNSStatusRequest,17,"root@metasploitable:/#\x20")%r(Help
2205. SF:,63,"root@metasploitable:/#\x20bash:\x20HELP:\x20command\x20not\x20foun
2206. SF:d\nroot@metasploitable:/#\x20root@metasploitable:/#\x20")%r(SSLSessionR
2207. SF:eq,51,"root@metasploitable:/#\x20bash:\x20{O\?G,\x03Sw=:\x20command\x20
2208. SF:not\x20found\nroot@metasploitable:/#\x20")%r(Kerberos,AB,"root@metasplo
2209. SF:itable:/#\x20bash:\x20qjn0k:\x20command\x20not\x20found\nroot@metasploi
2210. SF:table:/#\x20root@metasploitable:/#\x20\x1b\[H\x1b\[Jbash:\x200krbtgtNM\
2211. SF:x18:\x20command\x20not\x20found\n\x1b\[H\x1b\[Jroot@metasploitable:/#\x
2212. SF:20")%r(SMBProgNeg,17,"root@metasploitable:/#\x20")%r(X11Probe,17,"root@
2213. SF:metasploitable:/#\x20")%r(FourOhFourRequest,5A5,"root@metasploitable:/#
2214. SF:\x20<!DOCTYPE\x20HTML\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x20Fr
2215. SF:ameset//EN\"\x20\"http://www\.w3\.org/TR/html4/frameset\.dtd\">\n<!--\x
2216. SF:20turing_cluster_prod\x20-->\n<html>\n\x20\x20<head>\n\x20\x20\x20\x20<
2217. SF:meta\x20http-equiv=\"Content-Type\"\x20content=\"text/html;\x20charset=
2218. SF:utf-8\"\x20/>\n\n\x20\x20\x20\x20<title>http\.com</title>\n\x20\x20\x20
2219. SF:\x20<meta\x20name=\"keywords\"\x20content=\"http\.com\"\x20/>\n\x20\x20
2220. SF:\x20\x20<meta\x20name=\"description\"\x20content=\"http\.com\"\x20/>\n\
2221. SF:x20\x20\x20\x20<meta\x20name=\"robots\"\x20content=\"index,\x20follow\"
2222. SF:\x20/>\n\x20\x20\x20\x20<meta\x20name=\"revisit-after\"\x20content=\"10
2223. SF:\"\x20/>\n\n\n\x20\x20\x20\x20<meta\x20name=\"viewport\"\x20content=\"w
2224. SF:idth=device-width,\x20initial-scale=1\.0\"\x20/>\x20\n\n\n\x20\x20\x20\
2225. SF:x20\n\x20\x20\x20\x20<script\x20type=\"text/javascript\">\n\x20\x20\x20
2226. SF:\x20\x20\x20document\.cookie\x20=\x20\"jsc=1\";\n\x20\x20\x20\x20</scri
2227. SF:pt>\n\n\x20\x20</head>\n\x20\x20<frameset\x20rows=\"100%,\*\"\x20frameb
2228. SF:order=\"no\"\x20border=\"0\"\x20framespacing=\"0\">\n\x20\x20\x20\x20<f
2229. SF:rame\x20src=\"http://www\.http\.com\?epl=4UnZ3jgGT4u7xrfG3YJNmw57-oGQUD
2230. SF:hFche_XHKjtLCDoXSSJxdGpJARVEhcjQYFwHouPH9XVFrclKPDJg8GmKGCHn5NsqiIeFWH1
2231. SF:T0iaDNDEBbuTUQY2gSStLnqob7UPRORRWOVm");
2232. MAC Address: 08:00:27:C9:AF:62 (Cadmus Computer Systems)
2233. Device type: general purpose
2234. Running: Linux 2.6.X
2235. OS CPE: cpe:/o:linux:linux_kernel:2.6
2236. OS details: Linux 2.6.9 - 2.6.33
2237. Uptime guess: 0.023 days (since Thu Oct 2 07:46:35 2014)
2238. Network Distance: 1 hop
2239. TCP Sequence Prediction: Difficulty=205 (Good luck!)
2240. IP ID Sequence Generation: All zeros
2241. Service Info: Hosts: metasploitable.localdomain, localhost, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
2242.  
2243. Host script results:
2244. | nbstat:
2245. | NetBIOS name: METASPLOITABLE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
2246. | Names
2247. | METASPLOITABLE<00> Flags: <unique><active>
2248. | METASPLOITABLE<03> Flags: <unique><active>
2249. | METASPLOITABLE<20> Flags: <unique><active>
2250. | WORKGROUP<00> Flags: <group><active>
2251. |_ WORKGROUP<1e> Flags: <group><active>
2252. | smb-os-discovery:
2253. | OS: Unix (Samba 3.0.20-Debian)
2254. | NetBIOS computer name:
2255. | Workgroup: WORKGROUP
2256. |_ System time: 2014-10-02T08:15:48-04:00
2257.  
2258. TRACEROUTE
2259. HOP RTT ADDRESS
2260. 1 5.36 ms 192.168.1.136
2261.  
2262. Nmap scan report for 192.168.1.142
2263. Host is up (0.0046s latency).
2264. All 1000 scanned ports on 192.168.1.142 are closed
2265. MAC Address: 00:50:56:01:06:BB (VMware)
2266. Too many fingerprints match this host to give specific OS details
2267. Network Distance: 1 hop
2268.  
2269. TRACEROUTE
2270. HOP RTT ADDRESS
2271. 1 4.57 ms 192.168.1.142
2272.  
2273. Nmap scan report for 192.168.1.151
2274. Host is up (0.0043s latency).
2275. All 1000 scanned ports on 192.168.1.151 are closed
2276. MAC Address: 00:50:56:01:06:B8 (VMware)
2277. Too many fingerprints match this host to give specific OS details
2278. Network Distance: 1 hop
2279.  
2280. TRACEROUTE
2281. HOP RTT ADDRESS
2282. 1 4.34 ms 192.168.1.151
2283.  
2284. Nmap scan report for 192.168.1.154
2285. Host is up (0.0015s latency).
2286. Not shown: 990 closed ports
2287. PORT STATE SERVICE VERSION
2288. 135/tcp open msrpc Microsoft Windows RPC
2289. 139/tcp open netbios-ssn
2290. 445/tcp open netbios-ssn
2291. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2292. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
2293. |_http-title: Service Unavailable
2294. 49152/tcp open msrpc Microsoft Windows RPC
2295. 49153/tcp open msrpc Microsoft Windows RPC
2296. 49154/tcp open msrpc Microsoft Windows RPC
2297. 49155/tcp open msrpc Microsoft Windows RPC
2298. 49156/tcp open msrpc Microsoft Windows RPC
2299. 49158/tcp open msrpc Microsoft Windows RPC
2300. MAC Address: 08:00:27:47:A4:38 (Cadmus Computer Systems)
2301. No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
2302. TCP/IP fingerprint:
2303. OS:SCAN(V=6.25%E=4%D=10/2%OT=135%CT=1%CU=38325%PV=Y%DS=1%DC=D%G=Y%M=080027%
2304. OS:TM=542D42F7%P=i686-pc-linux-gnu)SEQ(SP=FE%GCD=1%ISR=F7%TI=I%CI=I%II=I%SS
2305. OS:=S%TS=7)OPS(O1=M5B4NW8ST11%O2=M5B4NW8ST11%O3=M5B4NW8NNT11%O4=M5B4NW8ST11
2306. OS:%O5=M5B4NW8ST11%O6=M5B4ST11)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%
2307. OS:W6=2000)ECN(R=Y%DF=Y%T=80%W=2000%O=M5B4NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S
2308. OS:=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=Y%T=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)T3(R=Y
2309. OS:%DF=Y%T=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)T4(R=Y%DF=Y%T=80%W=0%S=A%A=O%F=R%
2310. OS:O=%RD=0%Q=)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=8
2311. OS:0%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%
2312. OS:Q=)U1(R=Y%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=
2313. OS:Y%DFI=N%T=80%CD=Z)
2314.  
2315. Uptime guess: 0.013 days (since Thu Oct 2 08:02:03 2014)
2316. Network Distance: 1 hop
2317. TCP Sequence Prediction: Difficulty=254 (Good luck!)
2318. IP ID Sequence Generation: Incremental
2319. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2320.  
2321. Host script results:
2322. | smb-os-discovery:
2323. | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
2324. | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
2325. | Computer name: cs2lab-PC
2326. | NetBIOS computer name: CS2LAB-PC
2327. | Workgroup: WORKGROUP
2328. |_ System time: 2014-10-02T14:15:35+02:00
2329. | smb-security-mode:
2330. | Account that was used for smb scripts: guest
2331. | User-level authentication
2332. | SMB Security: Challenge/response passwords supported
2333. |_ Message signing disabled (dangerous, but default)
2334. |_smbv2-enabled: Server supports SMBv2 protocol
2335.  
2336. TRACEROUTE
2337. HOP RTT ADDRESS
2338. 1 1.45 ms 192.168.1.154
2339.  
2340. Nmap scan report for 192.168.1.155
2341. Host is up (0.0043s latency).
2342. All 1000 scanned ports on 192.168.1.155 are closed
2343. MAC Address: 00:50:56:01:06:BA (VMware)
2344. Too many fingerprints match this host to give specific OS details
2345. Network Distance: 1 hop
2346.  
2347. TRACEROUTE
2348. HOP RTT ADDRESS
2349. 1 4.25 ms 192.168.1.155
2350.  
2351. Nmap scan report for 192.168.1.157
2352. Host is up (0.0029s latency).
2353. Not shown: 996 filtered ports
2354. PORT STATE SERVICE VERSION
2355. 135/tcp open msrpc Microsoft Windows RPC
2356. 139/tcp open netbios-ssn
2357. 445/tcp open netbios-ssn
2358. 49154/tcp open msrpc Microsoft Windows RPC
2359. MAC Address: 00:50:56:AB:11:13 (VMware)
2360. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2361. Device type: general purpose|phone
2362. Running (JUST GUESSING): Microsoft Windows 7|Phone|Vista|2008 (95%)
2363. OS CPE: cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
2364. Aggressive OS guesses: Microsoft Windows 7 Professional (95%), Microsoft Windows Phone 7.5 (94%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (93%), Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008 (93%), Microsoft Windows Vista Home Premium SP1 (93%), Microsoft Windows Server 2008 SP1 (91%), Microsoft Windows Vista SP0 - SP1 (89%), Microsoft Windows 7 SP1 (89%), Microsoft Windows Vista Home Premium SP1, Windows 7, or Windows Server 2008 (87%), Microsoft Windows 7 SP1 or Windows Server 2008 SP1 - SP2 (87%)
2365. No exact OS matches for host (test conditions non-ideal).
2366. Uptime guess: 16.238 days (since Tue Sep 16 02:36:57 2014)
2367. Network Distance: 1 hop
2368. TCP Sequence Prediction: Difficulty=260 (Good luck!)
2369. IP ID Sequence Generation: Incremental
2370. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2371.  
2372. Host script results:
2373. | nbstat:
2374. | NetBIOS name: CS2LAB-FILES, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:ab:11:13 (VMware)
2375. | Names
2376. | CS2LAB-FILES<00> Flags: <unique><active>
2377. | WORKGROUP<00> Flags: <group><active>
2378. |_ CS2LAB-FILES<20> Flags: <unique><active>
2379. | smb-os-discovery:
2380. | OS: Windows Server 2012 Standard 9200 (Windows Server 2012 Standard 6.2)
2381. | OS CPE: cpe:/o:microsoft:windows_server_2012::-
2382. | Computer name: cs2lab-files
2383. | NetBIOS computer name: CS2LAB-FILES
2384. | Workgroup: WORKGROUP
2385. |_ System time: 2014-10-02T14:16:19+02:00
2386. | smb-security-mode:
2387. | Account that was used for smb scripts: guest
2388. | User-level authentication
2389. | SMB Security: Challenge/response passwords supported
2390. |_ Message signing disabled (dangerous, but default)
2391. |_smbv2-enabled: Server supports SMBv2 protocol
2392.  
2393. TRACEROUTE
2394. HOP RTT ADDRESS
2395. 1 2.90 ms 192.168.1.157
2396.  
2397. Nmap scan report for 192.168.1.159
2398. Host is up (0.0050s latency).
2399. Not shown: 989 closed ports
2400. PORT STATE SERVICE VERSION
2401. 80/tcp open http PMSoftware Simple Web Server 2.2
2402. |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
2403. |_http-title: Simple Web Server 2.2
2404. 135/tcp open msrpc Microsoft Windows RPC
2405. 139/tcp open netbios-ssn
2406. 445/tcp open netbios-ssn
2407. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2408. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
2409. |_http-title: Service Unavailable
2410. 49152/tcp open msrpc Microsoft Windows RPC
2411. 49153/tcp open msrpc Microsoft Windows RPC
2412. 49154/tcp open msrpc Microsoft Windows RPC
2413. 49155/tcp open msrpc Microsoft Windows RPC
2414. 49156/tcp open msrpc Microsoft Windows RPC
2415. 49157/tcp open msrpc Microsoft Windows RPC
2416. MAC Address: 08:00:27:51:A9:B0 (Cadmus Computer Systems)
2417. Device type: general purpose
2418. Running: Microsoft Windows 7|2008
2419. OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
2420. OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
2421. Uptime guess: 0.037 days (since Thu Oct 2 07:26:55 2014)
2422. Network Distance: 1 hop
2423. TCP Sequence Prediction: Difficulty=257 (Good luck!)
2424. IP ID Sequence Generation: Incremental
2425. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2426.  
2427. Host script results:
2428. | smb-os-discovery:
2429. | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
2430. | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
2431. | Computer name: cs2lab-PC
2432. | NetBIOS computer name: CS2LAB-PC
2433. | Workgroup: WORKGROUP
2434. |_ System time: 2014-10-02T14:15:38+02:00
2435. | smb-security-mode:
2436. | Account that was used for smb scripts: guest
2437. | User-level authentication
2438. | SMB Security: Challenge/response passwords supported
2439. |_ Message signing disabled (dangerous, but default)
2440. |_smbv2-enabled: Server supports SMBv2 protocol
2441.  
2442. TRACEROUTE
2443. HOP RTT ADDRESS
2444. 1 5.02 ms 192.168.1.159
2445.  
2446. Nmap scan report for 192.168.1.163
2447. Host is up (0.0051s latency).
2448. Not shown: 990 closed ports
2449. PORT STATE SERVICE VERSION
2450. 135/tcp open msrpc Microsoft Windows RPC
2451. 139/tcp open netbios-ssn
2452. 445/tcp open netbios-ssn
2453. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2454. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
2455. |_http-title: Service Unavailable
2456. 49152/tcp open msrpc Microsoft Windows RPC
2457. 49153/tcp open msrpc Microsoft Windows RPC
2458. 49154/tcp open msrpc Microsoft Windows RPC
2459. 49155/tcp open msrpc Microsoft Windows RPC
2460. 49156/tcp open msrpc Microsoft Windows RPC
2461. 49157/tcp open msrpc Microsoft Windows RPC
2462. MAC Address: 08:00:27:3A:6D:C3 (Cadmus Computer Systems)
2463. Device type: general purpose
2464. Running: Microsoft Windows 7|2008
2465. OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
2466. OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
2467. Uptime guess: 0.066 days (since Thu Oct 2 06:44:37 2014)
2468. Network Distance: 1 hop
2469. TCP Sequence Prediction: Difficulty=260 (Good luck!)
2470. IP ID Sequence Generation: Incremental
2471. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2472.  
2473. Host script results:
2474. | smb-os-discovery:
2475. | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
2476. | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
2477. | Computer name: cs2lab-PC
2478. | NetBIOS computer name: CS2LAB-PC
2479. | Workgroup: WORKGROUP
2480. |_ System time: 2014-10-02T14:15:15+02:00
2481. | smb-security-mode:
2482. | Account that was used for smb scripts: guest
2483. | User-level authentication
2484. | SMB Security: Challenge/response passwords supported
2485. |_ Message signing disabled (dangerous, but default)
2486. |_smbv2-enabled: Server supports SMBv2 protocol
2487.  
2488. TRACEROUTE
2489. HOP RTT ADDRESS
2490. 1 5.10 ms 192.168.1.163
2491.  
2492. Nmap scan report for 192.168.1.166
2493. Host is up (0.0052s latency).
2494. Not shown: 994 closed ports
2495. PORT STATE SERVICE VERSION
2496. 23/tcp open telnet HP JetDirect telnetd
2497. 80/tcp open http Virata-EmWeb 6.2.1
2498. |_http-methods: No Allow or Public header in OPTIONS response (status code 501)
2499. |_http-title: HP LaserJet P2055dn&nbsp;&nbsp;&nbsp;192.168.1.166
2500. 280/tcp open http Virata-EmWeb 6.2.1
2501. |_http-methods: No Allow or Public header in OPTIONS response (status code 501)
2502. |_http-title: HP LaserJet P2055dn&nbsp;&nbsp;&nbsp;192.168.1.166
2503. 443/tcp open ssl/http Virata-EmWeb 6.2.1
2504. |_http-methods: No Allow or Public header in OPTIONS response (status code 501)
2505. |_http-title: HP LaserJet P2055dn&nbsp;&nbsp;&nbsp;192.168.1.166
2506. | ssl-cert: Subject: commonName=HP Jetdirect DE835ECB/organizationName=Hewlett-Packard Co.
2507. | Issuer: commonName=HP Jetdirect DE835ECB/organizationName=Hewlett-Packard Co.
2508. | Public Key type: rsa
2509. | Public Key bits: 1024
2510. | Not valid before: 2002-01-01T00:00:00+00:00
2511. | Not valid after: 2007-01-01T00:00:00+00:00
2512. | MD5: ed66 3c15 ebe5 98bd 0873 66bd c3d7 f456
2513. |_SHA-1: f3d9 e5a1 33db bdae a9f1 a83e d4fa a3ee 8ee9 05cc
2514. |_ssl-date: 1970-01-10T07:46:20+00:00; -44y265d4h31m49s from local time.
2515. 515/tcp open printer
2516. 9100/tcp open jetdirect?
2517. MAC Address: 1C:C1:DE:83:5E:CB (Hewlett-Packard Company)
2518. Device type: printer
2519. Running: HP embedded
2520. OS details: HP LaserJet 2055dn, 2420, P3005, CP4005, 4250, or P4014 printer
2521. Uptime guess: 9.325 days (since Tue Sep 23 00:31:39 2014)
2522. Network Distance: 1 hop
2523. TCP Sequence Prediction: Difficulty=262 (Good luck!)
2524. IP ID Sequence Generation: Incremental
2525. Service Info: Device: printer
2526.  
2527. TRACEROUTE
2528. HOP RTT ADDRESS
2529. 1 5.20 ms 192.168.1.166
2530.  
2531. Initiating ARP Ping Scan at 08:20
2532. Scanning 88 hosts [1 port/host]
2533. Completed ARP Ping Scan at 08:20, 0.63s elapsed (88 total hosts)
2534. Initiating Parallel DNS resolution of 88 hosts. at 08:20
2535. Completed Parallel DNS resolution of 88 hosts. at 08:20, 0.04s elapsed
2536. Nmap scan report for 192.168.1.168 [host down]
2537. Nmap scan report for 192.168.1.169 [host down]
2538. Initiating SYN Stealth Scan at 08:20
2539. Scanning 192.168.1.167 [1000 ports]
2540. Completed SYN Stealth Scan at 08:20, 0.02s elapsed (1000 total ports)
2541. Initiating Service scan at 08:20
2542. Initiating OS detection (try #1) against 192.168.1.167
2543. Retrying OS detection (try #2) against 192.168.1.167
2544. NSE: Script scanning 192.168.1.167.
2545. Initiating NSE at 08:20
2546. Completed NSE at 08:20, 0.00s elapsed
2547. Nmap scan report for 192.168.1.167
2548. Host is up (0.000022s latency).
2549. All 1000 scanned ports on 192.168.1.167 are closed
2550. Too many fingerprints match this host to give specific OS details
2551. Network Distance: 0 hops
2552.  
2553. Nmap scan report for 192.168.1.171 [host down]
2554. Nmap scan report for 192.168.1.174 [host down]
2555. Nmap scan report for 192.168.1.177 [host down]
2556. Nmap scan report for 192.168.1.178 [host down]
2557. Nmap scan report for 192.168.1.179 [host down]
2558. Nmap scan report for 192.168.1.180 [host down]
2559. Nmap scan report for 192.168.1.181 [host down]
2560. Nmap scan report for 192.168.1.182 [host down]
2561. Nmap scan report for 192.168.1.184 [host down]
2562. Nmap scan report for 192.168.1.185 [host down]
2563. Nmap scan report for 192.168.1.187 [host down]
2564. Nmap scan report for 192.168.1.188 [host down]
2565. Nmap scan report for 192.168.1.194 [host down]
2566. Nmap scan report for 192.168.1.195 [host down]
2567. Nmap scan report for 192.168.1.196 [host down]
2568. Nmap scan report for 192.168.1.197 [host down]
2569. Nmap scan report for 192.168.1.200 [host down]
2570. Nmap scan report for 192.168.1.201 [host down]
2571. Nmap scan report for 192.168.1.202 [host down]
2572. Nmap scan report for 192.168.1.203 [host down]
2573. Nmap scan report for 192.168.1.204 [host down]
2574. Nmap scan report for 192.168.1.205 [host down]
2575. Nmap scan report for 192.168.1.206 [host down]
2576. Nmap scan report for 192.168.1.207 [host down]
2577. Nmap scan report for 192.168.1.208 [host down]
2578. Nmap scan report for 192.168.1.209 [host down]
2579. Nmap scan report for 192.168.1.210 [host down]
2580. Nmap scan report for 192.168.1.211 [host down]
2581. Nmap scan report for 192.168.1.212 [host down]
2582. Nmap scan report for 192.168.1.213 [host down]
2583. Nmap scan report for 192.168.1.214 [host down]
2584. Nmap scan report for 192.168.1.215 [host down]
2585. Nmap scan report for 192.168.1.216 [host down]
2586. Nmap scan report for 192.168.1.217 [host down]
2587. Nmap scan report for 192.168.1.218 [host down]
2588. Nmap scan report for 192.168.1.219 [host down]
2589. Nmap scan report for 192.168.1.220 [host down]
2590. Nmap scan report for 192.168.1.221 [host down]
2591. Nmap scan report for 192.168.1.222 [host down]
2592. Nmap scan report for 192.168.1.223 [host down]
2593. Nmap scan report for 192.168.1.224 [host down]
2594. Nmap scan report for 192.168.1.225 [host down]
2595. Nmap scan report for 192.168.1.226 [host down]
2596. Nmap scan report for 192.168.1.227 [host down]
2597. Nmap scan report for 192.168.1.228 [host down]
2598. Nmap scan report for 192.168.1.229 [host down]
2599. Nmap scan report for 192.168.1.230 [host down]
2600. Nmap scan report for 192.168.1.231 [host down]
2601. Nmap scan report for 192.168.1.232 [host down]
2602. Nmap scan report for 192.168.1.233 [host down]
2603. Nmap scan report for 192.168.1.234 [host down]
2604. Nmap scan report for 192.168.1.235 [host down]
2605. Nmap scan report for 192.168.1.236 [host down]
2606. Nmap scan report for 192.168.1.237 [host down]
2607. Nmap scan report for 192.168.1.238 [host down]
2608. Nmap scan report for 192.168.1.239 [host down]
2609. Nmap scan report for 192.168.1.240 [host down]
2610. Nmap scan report for 192.168.1.241 [host down]
2611. Nmap scan report for 192.168.1.242 [host down]
2612. Nmap scan report for 192.168.1.243 [host down]
2613. Nmap scan report for 192.168.1.244 [host down]
2614. Nmap scan report for 192.168.1.245 [host down]
2615. Nmap scan report for 192.168.1.246 [host down]
2616. Nmap scan report for 192.168.1.247 [host down]
2617. Nmap scan report for 192.168.1.248 [host down]
2618. Nmap scan report for 192.168.1.249 [host down]
2619. Nmap scan report for 192.168.1.250 [host down]
2620. Nmap scan report for 192.168.1.251 [host down]
2621. Nmap scan report for 192.168.1.252 [host down]
2622. Nmap scan report for 192.168.1.253 [host down]
2623. Nmap scan report for 192.168.1.254 [host down]
2624. Nmap scan report for 192.168.1.255 [host down]
2625. Initiating SYN Stealth Scan at 08:20
2626. Scanning 14 hosts [1000 ports/host]
2627. Discovered open port 135/tcp on 192.168.1.190
2628. Discovered open port 135/tcp on 192.168.1.189
2629. Discovered open port 135/tcp on 192.168.1.191
2630. Discovered open port 135/tcp on 192.168.1.192
2631. Discovered open port 135/tcp on 192.168.1.170
2632. Discovered open port 445/tcp on 192.168.1.190
2633. Discovered open port 445/tcp on 192.168.1.170
2634. Discovered open port 135/tcp on 192.168.1.199
2635. Discovered open port 445/tcp on 192.168.1.199
2636. Discovered open port 445/tcp on 192.168.1.191
2637. Discovered open port 445/tcp on 192.168.1.192
2638. Discovered open port 445/tcp on 192.168.1.189
2639. Discovered open port 139/tcp on 192.168.1.191
2640. Discovered open port 139/tcp on 192.168.1.170
2641. Discovered open port 49154/tcp on 192.168.1.170
2642. Discovered open port 49154/tcp on 192.168.1.191
2643. Discovered open port 49157/tcp on 192.168.1.191
2644. Discovered open port 5357/tcp on 192.168.1.170
2645. Discovered open port 5357/tcp on 192.168.1.191
2646. Discovered open port 49153/tcp on 192.168.1.191
2647. Discovered open port 49153/tcp on 192.168.1.170
2648. Discovered open port 49158/tcp on 192.168.1.170
2649. Discovered open port 49152/tcp on 192.168.1.170
2650. Discovered open port 49152/tcp on 192.168.1.191
2651. Discovered open port 12345/tcp on 192.168.1.170
2652. Discovered open port 49156/tcp on 192.168.1.191
2653. Discovered open port 49156/tcp on 192.168.1.170
2654. Discovered open port 49155/tcp on 192.168.1.191
2655. Discovered open port 139/tcp on 192.168.1.190
2656. Discovered open port 49155/tcp on 192.168.1.170
2657. Discovered open port 139/tcp on 192.168.1.189
2658. Discovered open port 139/tcp on 192.168.1.199
2659. Discovered open port 139/tcp on 192.168.1.192
2660. Discovered open port 5357/tcp on 192.168.1.190
2661. Discovered open port 5357/tcp on 192.168.1.189
2662. Discovered open port 5357/tcp on 192.168.1.192
2663. Discovered open port 5357/tcp on 192.168.1.199
2664. Completed SYN Stealth Scan against 192.168.1.191 in 2.65s (13 hosts left)
2665. Completed SYN Stealth Scan against 192.168.1.193 in 2.66s (12 hosts left)
2666. Completed SYN Stealth Scan against 192.168.1.198 in 2.68s (11 hosts left)
2667. Completed SYN Stealth Scan against 192.168.1.172 in 2.70s (10 hosts left)
2668. Completed SYN Stealth Scan against 192.168.1.170 in 2.70s (9 hosts left)
2669. Completed SYN Stealth Scan against 192.168.1.175 in 2.70s (8 hosts left)
2670. Completed SYN Stealth Scan against 192.168.1.176 in 2.70s (7 hosts left)
2671. Completed SYN Stealth Scan against 192.168.1.173 in 2.71s (6 hosts left)
2672. Completed SYN Stealth Scan against 192.168.1.183 in 2.72s (5 hosts left)
2673. Completed SYN Stealth Scan against 192.168.1.186 in 2.74s (4 hosts left)
2674. Completed SYN Stealth Scan against 192.168.1.192 in 5.36s (3 hosts left)
2675. Completed SYN Stealth Scan against 192.168.1.189 in 5.37s (2 hosts left)
2676. Completed SYN Stealth Scan against 192.168.1.199 in 5.37s (1 host left)
2677. Completed SYN Stealth Scan at 08:20, 5.37s elapsed (14000 total ports)
2678. Initiating Service scan at 08:20
2679. Scanning 37 services on 14 hosts
2680. Completed Service scan at 08:21, 53.60s elapsed (37 services on 14 hosts)
2681. Initiating OS detection (try #1) against 14 hosts
2682. Retrying OS detection (try #2) against 8 hosts
2683. NSE: Script scanning 14 hosts.
2684. Initiating NSE at 08:21
2685. Completed NSE at 08:21, 42.35s elapsed
2686. Initiating NSE at 08:21
2687. Completed NSE at 08:21, 0.01s elapsed
2688. Nmap scan report for 192.168.1.170
2689. Host is up (0.00041s latency).
2690. Not shown: 989 closed ports
2691. PORT STATE SERVICE VERSION
2692. 135/tcp open msrpc Microsoft Windows RPC
2693. 139/tcp open netbios-ssn
2694. 445/tcp open netbios-ssn
2695. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2696. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
2697. |_http-title: Service Unavailable
2698. 12345/tcp open netbus NetBus trojan 1.70
2699. | netbus-info:
2700. | APPLICATIONS
2701. | Start
2702. | Welcome to Facebook - Log In, Sign Up or Learn More - Windows Internet Explorer (active)
2703. | Welcome to Facebook - Log In, Sign Up or Learn More - Mozilla Firefox
2704. | C:\Windows\system32\cmd.exe
2705. | Program Manager
2706. | INFO
2707. | Program Path: C:\Users\cs2lab\Desktop\SecurityPrograms\netbus\Patch.exe
2708. | Restart persistent: Yes
2709. | Login ID: cs2lab
2710. | Clients connected to this host: 1
2711. | SETUP
2712. | TCP-port: 12345
2713. | Log traffic: 0
2714. | Password:
2715. | Notify to:
2716. | Notify from:
2717. | SMTP-server:
2718. | VOLUME
2719. | Wave: 255
2720. | Synth: 0
2721. |_ Cd: 0
2722. 49152/tcp open msrpc Microsoft Windows RPC
2723. 49153/tcp open msrpc Microsoft Windows RPC
2724. 49154/tcp open msrpc Microsoft Windows RPC
2725. 49155/tcp open msrpc Microsoft Windows RPC
2726. 49156/tcp open msrpc Microsoft Windows RPC
2727. 49158/tcp open msrpc Microsoft Windows RPC
2728. MAC Address: 08:00:27:CA:81:BC (Cadmus Computer Systems)
2729. Device type: general purpose
2730. Running: Microsoft Windows 7|2008
2731. OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
2732. OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
2733. Uptime guess: 0.048 days (since Thu Oct 2 07:13:13 2014)
2734. Network Distance: 1 hop
2735. TCP Sequence Prediction: Difficulty=261 (Good luck!)
2736. IP ID Sequence Generation: Incremental
2737. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2738.  
2739. Host script results:
2740. | smb-os-discovery:
2741. | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
2742. | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
2743. | Computer name: cs2lab-PC
2744. | NetBIOS computer name: CS2LAB-PC
2745. | Workgroup: WORKGROUP
2746. |_ System time: 2014-10-02T14:18:16+02:00
2747. | smb-security-mode:
2748. | Account that was used for smb scripts: <blank>
2749. | User-level authentication
2750. | SMB Security: Challenge/response passwords supported
2751. |_ Message signing disabled (dangerous, but default)
2752. |_smbv2-enabled: Server supports SMBv2 protocol
2753.  
2754. TRACEROUTE
2755. HOP RTT ADDRESS
2756. 1 0.41 ms 192.168.1.170
2757.  
2758. Nmap scan report for 192.168.1.172
2759. Host is up (0.0019s latency).
2760. All 1000 scanned ports on 192.168.1.172 are closed
2761. MAC Address: 08:00:27:38:10:87 (Cadmus Computer Systems)
2762. Too many fingerprints match this host to give specific OS details
2763. Network Distance: 1 hop
2764.  
2765. TRACEROUTE
2766. HOP RTT ADDRESS
2767. 1 1.91 ms 192.168.1.172
2768.  
2769. Nmap scan report for 192.168.1.173
2770. Host is up (0.0016s latency).
2771. All 1000 scanned ports on 192.168.1.173 are closed
2772. MAC Address: 00:50:56:01:06:B2 (VMware)
2773. Too many fingerprints match this host to give specific OS details
2774. Network Distance: 1 hop
2775.  
2776. TRACEROUTE
2777. HOP RTT ADDRESS
2778. 1 1.58 ms 192.168.1.173
2779.  
2780. Nmap scan report for 192.168.1.175
2781. Host is up (0.0018s latency).
2782. All 1000 scanned ports on 192.168.1.175 are closed
2783. MAC Address: 08:00:27:0D:DD:45 (Cadmus Computer Systems)
2784. Too many fingerprints match this host to give specific OS details
2785. Network Distance: 1 hop
2786.  
2787. TRACEROUTE
2788. HOP RTT ADDRESS
2789. 1 1.82 ms 192.168.1.175
2790.  
2791. Nmap scan report for 192.168.1.176
2792. Host is up (0.0018s latency).
2793. All 1000 scanned ports on 192.168.1.176 are closed
2794. MAC Address: 00:50:56:01:06:C1 (VMware)
2795. Too many fingerprints match this host to give specific OS details
2796. Network Distance: 1 hop
2797.  
2798. TRACEROUTE
2799. HOP RTT ADDRESS
2800. 1 1.82 ms 192.168.1.176
2801.  
2802. Nmap scan report for 192.168.1.183
2803. Host is up (0.0020s latency).
2804. All 1000 scanned ports on 192.168.1.183 are closed
2805. MAC Address: 08:00:27:15:30:B3 (Cadmus Computer Systems)
2806. Too many fingerprints match this host to give specific OS details
2807. Network Distance: 1 hop
2808.  
2809. TRACEROUTE
2810. HOP RTT ADDRESS
2811. 1 2.04 ms 192.168.1.183
2812.  
2813. Nmap scan report for 192.168.1.186
2814. Host is up (0.0019s latency).
2815. All 1000 scanned ports on 192.168.1.186 are closed
2816. MAC Address: 08:00:27:28:83:2F (Cadmus Computer Systems)
2817. Too many fingerprints match this host to give specific OS details
2818. Network Distance: 1 hop
2819.  
2820. TRACEROUTE
2821. HOP RTT ADDRESS
2822. 1 1.92 ms 192.168.1.186
2823.  
2824. Nmap scan report for 192.168.1.189
2825. Host is up (0.0017s latency).
2826. Not shown: 996 filtered ports
2827. PORT STATE SERVICE VERSION
2828. 135/tcp open msrpc Microsoft Windows RPC
2829. 139/tcp open netbios-ssn
2830. 445/tcp open netbios-ssn
2831. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2832. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
2833. |_http-title: Service Unavailable
2834. MAC Address: 00:24:E8:2B:72:F8 (Dell)
2835. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2836. Device type: general purpose
2837. Running: Microsoft Windows Vista|2008|7
2838. OS CPE: cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_7
2839. OS details: Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008
2840. Uptime guess: 0.072 days (since Thu Oct 2 06:37:58 2014)
2841. Network Distance: 1 hop
2842. TCP Sequence Prediction: Difficulty=256 (Good luck!)
2843. IP ID Sequence Generation: Incremental
2844. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2845.  
2846. Host script results:
2847. | nbstat:
2848. | NetBIOS name: SECI020, NetBIOS user: <unknown>, NetBIOS MAC: 00:24:e8:2b:72:f8 (Dell)
2849. | Names
2850. | SECI020<00> Flags: <unique><active>
2851. | WORKGROUP<00> Flags: <group><active>
2852. |_ SECI020<20> Flags: <unique><active>
2853. | smb-security-mode:
2854. | Account that was used for smb scripts: guest
2855. | User-level authentication
2856. | SMB Security: Challenge/response passwords supported
2857. |_ Message signing disabled (dangerous, but default)
2858. |_smbv2-enabled: Server supports SMBv2 protocol
2859.  
2860. TRACEROUTE
2861. HOP RTT ADDRESS
2862. 1 1.73 ms 192.168.1.189
2863.  
2864. Nmap scan report for 192.168.1.190
2865. Host is up (0.00027s latency).
2866. Not shown: 996 filtered ports
2867. PORT STATE SERVICE VERSION
2868. 135/tcp open msrpc Microsoft Windows RPC
2869. 139/tcp open netbios-ssn
2870. 445/tcp open netbios-ssn
2871. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2872. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
2873. |_http-title: Service Unavailable
2874. MAC Address: 00:24:E8:1F:33:C7 (Dell)
2875. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2876. Device type: general purpose|phone
2877. Running: Microsoft Windows 7|Vista|2008|Phone
2878. OS CPE: cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows
2879. OS details: Microsoft Windows 7 Professional, Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
2880. Uptime guess: 0.080 days (since Thu Oct 2 06:27:01 2014)
2881. Network Distance: 1 hop
2882. TCP Sequence Prediction: Difficulty=262 (Good luck!)
2883. IP ID Sequence Generation: Incremental
2884. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2885.  
2886. Host script results:
2887. | nbstat:
2888. | NetBIOS name: SECI002, NetBIOS user: <unknown>, NetBIOS MAC: 00:24:e8:1f:33:c7 (Dell)
2889. | Names
2890. | SECI002<00> Flags: <unique><active>
2891. | WORKGROUP<00> Flags: <group><active>
2892. |_ SECI002<20> Flags: <unique><active>
2893. | smb-security-mode:
2894. | User-level authentication
2895. | SMB Security: Challenge/response passwords supported
2896. |_ Message signing disabled (dangerous, but default)
2897. |_smbv2-enabled: Server supports SMBv2 protocol
2898.  
2899. TRACEROUTE
2900. HOP RTT ADDRESS
2901. 1 0.27 ms 192.168.1.190
2902.  
2903. Nmap scan report for 192.168.1.191
2904. Host is up (0.0015s latency).
2905. Not shown: 990 closed ports
2906. PORT STATE SERVICE VERSION
2907. 135/tcp open msrpc Microsoft Windows RPC
2908. 139/tcp open netbios-ssn
2909. 445/tcp open netbios-ssn
2910. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2911. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
2912. |_http-title: Service Unavailable
2913. 49152/tcp open msrpc Microsoft Windows RPC
2914. 49153/tcp open msrpc Microsoft Windows RPC
2915. 49154/tcp open msrpc Microsoft Windows RPC
2916. 49155/tcp open msrpc Microsoft Windows RPC
2917. 49156/tcp open msrpc Microsoft Windows RPC
2918. 49157/tcp open msrpc Microsoft Windows RPC
2919. MAC Address: 08:00:27:34:F4:30 (Cadmus Computer Systems)
2920. Device type: general purpose
2921. Running: Microsoft Windows 7|2008
2922. OS CPE: cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_8
2923. OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, or Windows 8
2924. Uptime guess: 0.012 days (since Thu Oct 2 08:04:46 2014)
2925. Network Distance: 1 hop
2926. TCP Sequence Prediction: Difficulty=258 (Good luck!)
2927. IP ID Sequence Generation: Incremental
2928. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2929.  
2930. Host script results:
2931. | smb-os-discovery:
2932. | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
2933. | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
2934. | Computer name: cs2lab-PC
2935. | NetBIOS computer name: CS2LAB-PC
2936. | Workgroup: WORKGROUP
2937. |_ System time: 2014-10-02T14:18:21+02:00
2938. | smb-security-mode:
2939. | Account that was used for smb scripts: <blank>
2940. | User-level authentication
2941. | SMB Security: Challenge/response passwords supported
2942. |_ Message signing disabled (dangerous, but default)
2943. |_smbv2-enabled: Server supports SMBv2 protocol
2944.  
2945. TRACEROUTE
2946. HOP RTT ADDRESS
2947. 1 1.52 ms 192.168.1.191
2948.  
2949. Nmap scan report for 192.168.1.192
2950. Host is up (0.0018s latency).
2951. Not shown: 996 filtered ports
2952. PORT STATE SERVICE VERSION
2953. 135/tcp open msrpc Microsoft Windows RPC
2954. 139/tcp open netbios-ssn
2955. 445/tcp open netbios-ssn
2956. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2957. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
2958. |_http-title: Service Unavailable
2959. MAC Address: 00:24:E8:1F:17:71 (Dell)
2960. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2961. Device type: general purpose
2962. Running: Microsoft Windows 7|Vista|2008
2963. OS CPE: cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1
2964. OS details: Microsoft Windows 7 Professional, Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008
2965. Uptime guess: 0.086 days (since Thu Oct 2 06:17:24 2014)
2966. Network Distance: 1 hop
2967. TCP Sequence Prediction: Difficulty=258 (Good luck!)
2968. IP ID Sequence Generation: Incremental
2969. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2970.  
2971. Host script results:
2972. | nbstat:
2973. | NetBIOS name: SECI069, NetBIOS user: <unknown>, NetBIOS MAC: 00:24:e8:1f:17:71 (Dell)
2974. | Names
2975. | SECI069<00> Flags: <unique><active>
2976. | WORKGROUP<00> Flags: <group><active>
2977. |_ SECI069<20> Flags: <unique><active>
2978. | smb-security-mode:
2979. | Account that was used for smb scripts: guest
2980. | User-level authentication
2981. | SMB Security: Challenge/response passwords supported
2982. |_ Message signing disabled (dangerous, but default)
2983. |_smbv2-enabled: Server supports SMBv2 protocol
2984.  
2985. TRACEROUTE
2986. HOP RTT ADDRESS
2987. 1 1.78 ms 192.168.1.192
2988.  
2989. Nmap scan report for 192.168.1.193
2990. Host is up (0.0017s latency).
2991. All 1000 scanned ports on 192.168.1.193 are closed
2992. MAC Address: 00:50:56:01:06:BD (VMware)
2993. Too many fingerprints match this host to give specific OS details
2994. Network Distance: 1 hop
2995.  
2996. TRACEROUTE
2997. HOP RTT ADDRESS
2998. 1 1.75 ms 192.168.1.193
2999.  
3000. Nmap scan report for 192.168.1.198
3001. Host is up (0.0018s latency).
3002. All 1000 scanned ports on 192.168.1.198 are closed
3003. MAC Address: 00:50:56:01:06:B6 (VMware)
3004. Too many fingerprints match this host to give specific OS details
3005. Network Distance: 1 hop
3006.  
3007. TRACEROUTE
3008. HOP RTT ADDRESS
3009. 1 1.83 ms 192.168.1.198
3010.  
3011. Nmap scan report for 192.168.1.199
3012. Host is up (0.0016s latency).
3013. Not shown: 996 filtered ports
3014. PORT STATE SERVICE VERSION
3015. 135/tcp open msrpc Microsoft Windows RPC
3016. 139/tcp open netbios-ssn
3017. 445/tcp open netbios-ssn
3018. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
3019. |_http-methods: No Allow or Public header in OPTIONS response (status code 503)
3020. |_http-title: Service Unavailable
3021. MAC Address: 00:24:E8:2B:73:64 (Dell)
3022. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3023. Device type: general purpose|phone
3024. Running: Microsoft Windows Vista|2008|7|Phone
3025. OS CPE: cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2008::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows
3026. OS details: Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008, Microsoft Windows Phone 7.5
3027. Uptime guess: 0.097 days (since Thu Oct 2 06:01:52 2014)
3028. Network Distance: 1 hop
3029. TCP Sequence Prediction: Difficulty=263 (Good luck!)
3030. IP ID Sequence Generation: Incremental
3031. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
3032.  
3033. Host script results:
3034. | nbstat:
3035. | NetBIOS name: SECI025, NetBIOS user: <unknown>, NetBIOS MAC: 00:24:e8:2b:73:64 (Dell)
3036. | Names
3037. | SECI025<00> Flags: <unique><active>
3038. | WORKGROUP<00> Flags: <group><active>
3039. |_ SECI025<20> Flags: <unique><active>
3040. | smb-security-mode:
3041. | Account that was used for smb scripts: <blank>
3042. | User-level authentication
3043. | SMB Security: Challenge/response passwords supported
3044. |_ Message signing disabled (dangerous, but default)
3045. |_smbv2-enabled: Server supports SMBv2 protocol
3046.  
3047. TRACEROUTE
3048. HOP RTT ADDRESS
3049. 1 1.65 ms 192.168.1.199
3050.  
3051. NSE: Script Post-scanning.
3052. Initiating NSE at 08:21
3053. Completed NSE at 08:21, 0.00s elapsed
3054. Post-scan script results:
3055. | ssh-hostkey: Possible duplicate hosts
3056. | Key 2048 56:56:24:0f:21:1d:de:a7:2b:ae:61:b1:24:3d:e8:f3 (RSA) used by:
3057. | 192.168.1.32
3058. | 192.168.1.103
3059. | 192.168.1.104
3060. | 192.168.1.136
3061. | Key 1024 60:0f:cf:e1:c0:5f:6a:74:d6:90:24:fa:c4:d5:6c:cd (DSA) used by:
3062. | 192.168.1.32
3063. | 192.168.1.103
3064. | 192.168.1.104
3065. |_ 192.168.1.136
3066. Read data files from: /usr/bin/../share/nmap
3067. OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
3068. Nmap done: 256 IP addresses (53 hosts up) scanned in 575.69 seconds
3069. Raw packets sent: 68161 (3.070MB) | Rcvd: 42237 (1.747MB)