Guest User

msf-nmap-allflag

a guest
Sep 11th, 2019
2,114
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. msf > db_nmap -A 10.11.1.1-254
  2. [*] Nmap: Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-11 05:30 EDT
  3. [*] Nmap: Warning: 10.11.1.133 giving up on port because retransmission cap hit (10).
  4. [*] Nmap: Nmap scan report for 10.11.1.5
  5. [*] Nmap: Host is up (0.24s latency).
  6. [*] Nmap: Not shown: 997 closed ports
  7. [*] Nmap: PORT     STATE SERVICE      VERSION
  8. [*] Nmap: 139/tcp  open  netbios-ssn  Microsoft Windows netbios-ssn
  9. [*] Nmap: 445/tcp  open  microsoft-ds Windows XP microsoft-ds
  10. [*] Nmap: 1025/tcp open  NFS-or-IIS?
  11. [*] Nmap: MAC Address: 00:50:56:89:1D:93 (VMware)
  12. [*] Nmap: Device type: general purpose
  13. [*] Nmap: Running: Microsoft Windows XP
  14. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp
  15. [*] Nmap: OS details: Microsoft Windows XP
  16. [*] Nmap: Network Distance: 1 hop
  17. [*] Nmap: Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp
  18. [*] Nmap: Host script results:
  19. [*] Nmap: |_clock-skew: mean: -59m54s, deviation: 0s, median: -59m54s
  20. [*] Nmap: |_nbstat: NetBIOS name: ALICE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:1d:93 (VMware)
  21. [*] Nmap: | smb-os-discovery:
  22. [*] Nmap: |   OS: Windows XP (Windows 2000 LAN Manager)
  23. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_xp::-
  24. [*] Nmap: |   NetBIOS computer name: ALICE\x00
  25. [*] Nmap: |   Workgroup: THINC\x00
  26. [*] Nmap: |_  System time: 2019-09-11T12:28:07+01:00
  27. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  28. [*] Nmap: TRACEROUTE
  29. [*] Nmap: HOP RTT       ADDRESS
  30. [*] Nmap: 1   240.04 ms 10.11.1.5
  31. [*] Nmap: Nmap scan report for 10.11.1.7
  32. [*] Nmap: Host is up (0.24s latency).
  33. [*] Nmap: Not shown: 999 filtered ports
  34. [*] Nmap: PORT     STATE SERVICE       VERSION
  35. [*] Nmap: 3389/tcp open  ms-wbt-server Microsoft Terminal Service
  36. [*] Nmap: MAC Address: 00:50:56:89:2F:72 (VMware)
  37. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  38. [*] Nmap: Device type: WAP|general purpose
  39. [*] Nmap: Running (JUST GUESSING): Apple embedded (90%), Microsoft Windows XP (88%)
  40. [*] Nmap: OS CPE: cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_xp
  41. [*] Nmap: Aggressive OS guesses: Apple AirPort Extreme WAP (90%), Microsoft Windows XP (88%)
  42. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  43. [*] Nmap: Network Distance: 1 hop
  44. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  45. [*] Nmap: TRACEROUTE
  46. [*] Nmap: HOP RTT       ADDRESS
  47. [*] Nmap: 1   238.19 ms 10.11.1.7
  48. [*] Nmap: Nmap scan report for 10.11.1.8
  49. [*] Nmap: Host is up (0.24s latency).
  50. [*] Nmap: Not shown: 990 filtered ports
  51. [*] Nmap: PORT     STATE  SERVICE     VERSION
  52. [*] Nmap: 21/tcp   open   ftp         vsftpd 2.0.1
  53. [*] Nmap: | ftp-anon: Anonymous FTP login allowed (FTP code 230)
  54. [*] Nmap: |_Can't get directory listing: ERROR
  55. [*] Nmap: | ftp-syst:
  56. [*] Nmap: |   STAT:
  57. [*] Nmap: | FTP server status:
  58. [*] Nmap: |      Connected to 10.11.0.96
  59. [*] Nmap: |      Logged in as ftp
  60. [*] Nmap: |      TYPE: ASCII
  61. [*] Nmap: |      No session bandwidth limit
  62. [*] Nmap: |      Session timeout in seconds is 300
  63. [*] Nmap: |      Control connection is plain text
  64. [*] Nmap: |      Data connections will be plain text
  65. [*] Nmap: |      At session startup, client count was 1
  66. [*] Nmap: |      vsFTPd 2.0.1 - secure, fast, stable
  67. [*] Nmap: |_End of status
  68. [*] Nmap: 22/tcp   open   ssh         OpenSSH 3.9p1 (protocol 1.99)
  69. [*] Nmap: | ssh-hostkey:
  70. [*] Nmap: |   1024 89:94:af:2e:5d:c1:da:84:25:11:2c:12:45:c6:70:ac (RSA1)
  71. [*] Nmap: |   1024 c1:c5:d1:83:0f:4d:d8:9e:8f:82:4c:be:53:4b:6e:14 (DSA)
  72. [*] Nmap: |_  1024 bc:e1:e6:dd:ab:5e:fd:d1:21:2e:11:7c:d5:b2:03:52 (RSA)
  73. [*] Nmap: |_sshv1: Server supports SSHv1
  74. [*] Nmap: 25/tcp   closed smtp
  75. [*] Nmap: 80/tcp   open   http        Apache httpd 2.0.52 ((CentOS))
  76. [*] Nmap: | http-methods:
  77. [*] Nmap: |_  Potentially risky methods: TRACE
  78. [*] Nmap: | http-robots.txt: 2 disallowed entries
  79. [*] Nmap: |_/internal/  /tmp/
  80. [*] Nmap: |_http-server-header: Apache/2.0.52 (CentOS)
  81. [*] Nmap: |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
  82. [*] Nmap: 111/tcp  open   rpcbind     2 (RPC #100000)
  83. [*] Nmap: | rpcinfo:
  84. [*] Nmap: |   program version   port/proto  service
  85. [*] Nmap: |   100000  2            111/tcp  rpcbind
  86. [*] Nmap: |   100000  2            111/udp  rpcbind
  87. [*] Nmap: |   100024  1            843/udp  status
  88. [*] Nmap: |_  100024  1            846/tcp  status
  89. [*] Nmap: 139/tcp  open   netbios-ssn Samba smbd 3.X - 4.X (workgroup: MYGROUP)
  90. [*] Nmap: 443/tcp  open   ssl/http    Apache httpd 2.0.52 ((CentOS))
  91. [*] Nmap: | http-robots.txt: 2 disallowed entries
  92. [*] Nmap: |_/internal/  /tmp/
  93. [*] Nmap: |_http-server-header: Apache/2.0.52 (CentOS)
  94. [*] Nmap: |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
  95. [*] Nmap: | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
  96. [*] Nmap: | Not valid before: 2009-09-16T14:03:22
  97. [*] Nmap: |_Not valid after:  2010-09-16T14:03:22
  98. [*] Nmap: |_ssl-date: 2019-09-11T11:30:26+00:00; -15s from scanner time.
  99. [*] Nmap: | sslv2:
  100. [*] Nmap: |   SSLv2 supported
  101. [*] Nmap: |   ciphers:
  102. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  103. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  104. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  105. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  106. [*] Nmap: |     SSL2_RC2_128_CBC_WITH_MD5
  107. [*] Nmap: |     SSL2_DES_64_CBC_WITH_MD5
  108. [*] Nmap: |_    SSL2_RC4_64_WITH_MD5
  109. [*] Nmap: 445/tcp  open   netbios-ssn Samba smbd 3.0.33-0.17.el4 (workgroup: MYGROUP)
  110. [*] Nmap: 631/tcp  open   ipp         CUPS 1.1
  111. [*] Nmap: | http-methods:
  112. [*] Nmap: |_  Potentially risky methods: PUT
  113. [*] Nmap: |_http-server-header: CUPS/1.1
  114. [*] Nmap: |_http-title: 403 Forbidden
  115. [*] Nmap: 3306/tcp open   mysql?
  116. [*] Nmap: |_mysql-info: ERROR: Script execution failed (use -d to debug)
  117. [*] Nmap: MAC Address: 00:50:56:89:3D:A7 (VMware)
  118. [*] Nmap: Aggressive OS guesses: Linux 2.6.18 (94%), Linux 2.6.9 - 2.6.27 (93%), Linux 2.6.9 (93%), Cisco SA520 firewall (Linux 2.6) (92%), Linux 2.6.11 (92%), Linux 2.6.28 (92%), Linux 2.6.30 (92%), Ruckus 7363 WAP (91%), Linux 2.6.32 (90%), Linux 2.6.9 (CentOS 4.4) (90%)
  119. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  120. [*] Nmap: Network Distance: 1 hop
  121. [*] Nmap: Service Info: OS: Unix
  122. [*] Nmap: Host script results:
  123. [*] Nmap: |_clock-skew: mean: 1h20m03s, deviation: 2h19m06s, median: -15s
  124. [*] Nmap: | smb-os-discovery:
  125. [*] Nmap: |   OS: Unix (Samba 3.0.33-0.17.el4)
  126. [*] Nmap: |   Computer name: phoenix
  127. [*] Nmap: |   NetBIOS computer name:
  128. [*] Nmap: |   Domain name:
  129. [*] Nmap: |   FQDN: phoenix
  130. [*] Nmap: |_  System time: 2019-09-11T07:28:42-04:00
  131. [*] Nmap: | smb-security-mode:
  132. [*] Nmap: |   account_used: guest
  133. [*] Nmap: |   authentication_level: user
  134. [*] Nmap: |   challenge_response: supported
  135. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  136. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  137. [*] Nmap: TRACEROUTE
  138. [*] Nmap: HOP RTT       ADDRESS
  139. [*] Nmap: 1   239.11 ms 10.11.1.8
  140. [*] Nmap: Nmap scan report for 10.11.1.10
  141. [*] Nmap: Host is up (0.24s latency).
  142. [*] Nmap: Not shown: 999 filtered ports
  143. [*] Nmap: PORT   STATE SERVICE VERSION
  144. [*] Nmap: 80/tcp open  http    Microsoft IIS httpd 6.0
  145. [*] Nmap: | http-methods:
  146. [*] Nmap: |_  Potentially risky methods: TRACE
  147. [*] Nmap: |_http-server-header: Microsoft-IIS/6.0
  148. [*] Nmap: |_http-title: Under Construction
  149. [*] Nmap: MAC Address: 00:50:56:93:6F:E0 (VMware)
  150. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  151. [*] Nmap: Device type: general purpose|WAP
  152. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2003|2000 (93%), Apple embedded (86%)
  153. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_2000::sp4 cpe:/h:apple:airport_extreme
  154. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (93%), Microsoft Windows Server 2003 SP2 (89%), Microsoft Windows Server 2003 (88%), Microsoft Windows XP SP3 (87%), Microsoft Windows 2000 SP4 (87%), Apple AirPort Extreme WAP (86%)
  155. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  156. [*] Nmap: Network Distance: 1 hop
  157. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  158. [*] Nmap: TRACEROUTE
  159. [*] Nmap: HOP RTT       ADDRESS
  160. [*] Nmap: 1   237.62 ms 10.11.1.10
  161. [*] Nmap: Nmap scan report for 10.11.1.13
  162. [*] Nmap: Host is up (0.24s latency).
  163. [*] Nmap: Not shown: 997 filtered ports
  164. [*] Nmap: PORT     STATE SERVICE        VERSION
  165. [*] Nmap: 21/tcp   open  ftp            Microsoft ftpd
  166. [*] Nmap: | ftp-anon: Anonymous FTP login allowed (FTP code 230)
  167. [*] Nmap: | 01-17-07  07:42PM       <DIR>          AdminScripts
  168. [*] Nmap: | 01-17-07  07:43PM       <DIR>          ftproot
  169. [*] Nmap: | 01-17-07  07:43PM       <DIR>          iissamples
  170. [*] Nmap: | 01-17-07  07:43PM       <DIR>          Scripts
  171. [*] Nmap: |_09-10-19  07:01PM       <DIR>          wwwroot
  172. [*] Nmap: | ftp-syst:
  173. [*] Nmap: |_  SYST: Windows_NT
  174. [*] Nmap: 80/tcp   open  http           Microsoft IIS httpd 5.1
  175. [*] Nmap: | http-methods:
  176. [*] Nmap: |_  Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
  177. [*] Nmap: |_http-server-header: Microsoft-IIS/5.1
  178. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  179. [*] Nmap: | http-webdav-scan:
  180. [*] Nmap: |   WebDAV type: Unkown
  181. [*] Nmap: |   Server Type: Microsoft-IIS/5.1
  182. [*] Nmap: |   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
  183. [*] Nmap: |   Allowed Methods: OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK
  184. [*] Nmap: |_  Server Date: Wed, 11 Sep 2019 11:31:05 GMT
  185. [*] Nmap: 3389/tcp open  ms-wbt-server?
  186. [*] Nmap: 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  187. [*] Nmap: SF-Port3389-TCP:V=7.70%I=7%D=9/11%Time=5D78D8A3%P=i686-pc-linux-gnu%r(Term
  188. [*] Nmap: SF:inalServerCookie,B,"\x03\0\0\x0b\x06\xd0\0\0\x124\0");
  189. [*] Nmap: MAC Address: 00:50:56:89:17:DA (VMware)
  190. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  191. [*] Nmap: Device type: general purpose
  192. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP (96%)
  193. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp
  194. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (96%)
  195. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  196. [*] Nmap: Network Distance: 1 hop
  197. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  198. [*] Nmap: TRACEROUTE
  199. [*] Nmap: HOP RTT       ADDRESS
  200. [*] Nmap: 1   238.41 ms 10.11.1.13
  201. [*] Nmap: Nmap scan report for 10.11.1.14
  202. [*] Nmap: Host is up (0.24s latency).
  203. [*] Nmap: Not shown: 997 filtered ports
  204. [*] Nmap: PORT     STATE SERVICE        VERSION
  205. [*] Nmap: 21/tcp   open  ftp            Microsoft ftpd
  206. [*] Nmap: | ftp-anon: Anonymous FTP login allowed (FTP code 230)
  207. [*] Nmap: | 01-17-07  07:42PM       <DIR>          AdminScripts
  208. [*] Nmap: | 01-17-07  07:43PM       <DIR>          ftproot
  209. [*] Nmap: | 01-17-07  07:43PM       <DIR>          iissamples
  210. [*] Nmap: | 01-17-07  07:43PM       <DIR>          Scripts
  211. [*] Nmap: |_04-16-16  10:42AM       <DIR>          wwwroot
  212. [*] Nmap: | ftp-syst:
  213. [*] Nmap: |_  SYST: Windows_NT
  214. [*] Nmap: 80/tcp   open  http           Microsoft IIS httpd 5.1
  215. [*] Nmap: | http-methods:
  216. [*] Nmap: |_  Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
  217. [*] Nmap: |_http-server-header: Microsoft-IIS/5.1
  218. [*] Nmap: |_http-title: Too Many Users
  219. [*] Nmap: | http-webdav-scan:
  220. [*] Nmap: |   WebDAV type: Unkown
  221. [*] Nmap: |   Server Type: Microsoft-IIS/5.1
  222. [*] Nmap: |   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
  223. [*] Nmap: |   Allowed Methods: OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK
  224. [*] Nmap: |_  Server Date: Wed, 11 Sep 2019 11:30:41 GMT
  225. [*] Nmap: 3389/tcp open  ms-wbt-server?
  226. [*] Nmap: 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  227. [*] Nmap: SF-Port3389-TCP:V=7.70%I=7%D=9/11%Time=5D78D8A3%P=i686-pc-linux-gnu%r(Term
  228. [*] Nmap: SF:inalServerCookie,B,"\x03\0\0\x0b\x06\xd0\0\0\x124\0");
  229. [*] Nmap: MAC Address: 00:50:56:89:7C:1A (VMware)
  230. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  231. [*] Nmap: Device type: general purpose|WAP
  232. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2003 (92%), Apple embedded (85%)
  233. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_server_2003 cpe:/h:apple:airport_extreme
  234. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (92%), Microsoft Windows Server 2003 (85%), Apple AirPort Extreme WAP (85%)
  235. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  236. [*] Nmap: Network Distance: 1 hop
  237. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  238. [*] Nmap: TRACEROUTE
  239. [*] Nmap: HOP RTT       ADDRESS
  240. [*] Nmap: 1   238.45 ms 10.11.1.14
  241. [*] Nmap: Nmap scan report for 10.11.1.22
  242. [*] Nmap: Host is up (0.23s latency).
  243. [*] Nmap: Not shown: 989 closed ports
  244. [*] Nmap: PORT      STATE SERVICE     VERSION
  245. [*] Nmap: 21/tcp    open  ftp?
  246. [*] Nmap: 22/tcp    open  ssh         OpenSSH 3.1p1 (protocol 1.99)
  247. [*] Nmap: | ssh-hostkey:
  248. [*] Nmap: |   1024 4a:e3:f8:07:d5:d6:b1:b5:bf:54:ac:e7:17:36:7e:e8 (RSA1)
  249. [*] Nmap: |   1024 77:67:f2:2c:3d:7c:45:24:fe:5e:0f:de:07:65:b3:57 (DSA)
  250. [*] Nmap: |_  1024 42:b1:48:0b:41:f8:a9:12:cc:9b:c4:ed:26:74:64:2c (RSA)
  251. [*] Nmap: |_sshv1: Server supports SSHv1
  252. [*] Nmap: 23/tcp    open  telnet?
  253. [*] Nmap: 25/tcp    open  smtp?
  254. [*] Nmap: |_smtp-commands: Couldn't establish connection on port 25
  255. [*] Nmap: 80/tcp    open  http        Apache httpd 1.3.23 ((Unix)  (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2)
  256. [*] Nmap: | http-methods:
  257. [*] Nmap: |_  Potentially risky methods: PUT DELETE CONNECT PATCH PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK TRACE
  258. [*] Nmap: |_http-server-header: Apache/1.3.23 (Unix)  (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2
  259. [*] Nmap: |_http-title: Test Page for the Apache Web Server on Red Hat Linux
  260. [*] Nmap: 111/tcp   open  rpcbind     2 (RPC #100000)
  261. [*] Nmap: | rpcinfo:
  262. [*] Nmap: |   program version   port/proto  service
  263. [*] Nmap: |   100000  2            111/tcp  rpcbind
  264. [*] Nmap: |   100000  2            111/udp  rpcbind
  265. [*] Nmap: |   100024  1          32768/tcp  status
  266. [*] Nmap: |_  100024  1          32768/udp  status
  267. [*] Nmap: 139/tcp   open  netbios-ssn Samba smbd (workgroup: MYGROUP)
  268. [*] Nmap: 199/tcp   open  smux        Linux SNMP multiplexer
  269. [*] Nmap: 443/tcp   open  ssl/https   Apache/1.3.23 (Unix)  (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.
  270. [*] Nmap: |_http-server-header: Apache/1.3.23 (Unix)  (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2
  271. [*] Nmap: |_http-title: 400 Bad Request
  272. [*] Nmap: |_ssl-date: 2019-09-11T11:28:15+00:00; -6s from scanner time.
  273. [*] Nmap: | sslv2:
  274. [*] Nmap: |   SSLv2 supported
  275. [*] Nmap: |   ciphers:
  276. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  277. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  278. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  279. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  280. [*] Nmap: |     SSL2_RC2_128_CBC_WITH_MD5
  281. [*] Nmap: |     SSL2_DES_64_CBC_WITH_MD5
  282. [*] Nmap: |_    SSL2_RC4_64_WITH_MD5
  283. [*] Nmap: 995/tcp   open  ssl/pop3s?
  284. [*] Nmap: |_ssl-date: 2019-09-11T11:30:30+00:00; -7s from scanner time.
  285. [*] Nmap: | sslv2:
  286. [*] Nmap: |   SSLv2 supported
  287. [*] Nmap: |   ciphers:
  288. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  289. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  290. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  291. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  292. [*] Nmap: |_    SSL2_RC2_128_CBC_WITH_MD5
  293. [*] Nmap: 32768/tcp open  status      1 (RPC #100024)
  294. [*] Nmap: MAC Address: 00:50:56:89:7C:D5 (VMware)
  295. [*] Nmap: Device type: general purpose|WAP|router|specialized|switch|media device|broadband router
  296. [*] Nmap: Running (JUST GUESSING): Linux 2.4.X|2.6.X (97%), Acorp embedded (95%), Meru embedded (94%), AVM embedded (93%), Google embedded (93%), HP embedded (93%), Philips embedded (93%), Motorola embedded (93%)
  297. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/h:avm:fritz%21box_fon_wlan_7170 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.6.18 cpe:/h:motorola:surfboard_sb6120 cpe:/h:motorola:surfboard_sb6141
  298. [*] Nmap: Aggressive OS guesses: Linux 2.4.20 (97%), Acorp W400G or W422G wireless ADSL modem (MontaVista embedded Linux 2.4.17) (95%), MontaVista embedded Linux 2.4.17 (95%), Meru MC1000 wireless LAN controller (94%), AVM FRITZ!Box FON WLAN 7170 WAP (93%), Google Mini search appliance (93%), HP Brocade 4Gb SAN switch or (93%), Linux 2.4.21 (embedded) (93%), Motorola SURFboard SB6120 or SB6141 cable modem (Linux 2.6.18) (93%), Linux 2.6.15 - 2.6.26 (likely embedded) (93%)
  299. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  300. [*] Nmap: Network Distance: 1 hop
  301. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  302. [*] Nmap: Host script results:
  303. [*] Nmap: |_clock-skew: mean: -6s, deviation: 0s, median: -7s
  304. [*] Nmap: |_nbstat: NetBIOS name: BARRY, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
  305. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  306. [*] Nmap: TRACEROUTE
  307. [*] Nmap: HOP RTT       ADDRESS
  308. [*] Nmap: 1   231.10 ms 10.11.1.22
  309. [*] Nmap: Nmap scan report for 10.11.1.24
  310. [*] Nmap: Host is up (0.26s latency).
  311. [*] Nmap: Not shown: 991 closed ports
  312. [*] Nmap: PORT     STATE SERVICE     VERSION
  313. [*] Nmap: 22/tcp   open  ssh         OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)
  314. [*] Nmap: | ssh-hostkey:
  315. [*] Nmap: |   1024 f3:6e:87:04:ea:2d:b3:60:ff:42:ad:26:67:17:94:d5 (DSA)
  316. [*] Nmap: |_  2048 bb:03:ce:ed:13:f1:9a:9e:36:03:e2:af:ca:b2:35:04 (RSA)
  317. [*] Nmap: 80/tcp   open  http        Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6)
  318. [*] Nmap: |_http-server-header: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6
  319. [*] Nmap: |_http-title: CS-Cart. Powerful PHP shopping cart software
  320. [*] Nmap: 110/tcp  open  pop3        Dovecot pop3d
  321. [*] Nmap: |_pop3-capabilities: UIDL STLS CAPA PIPELINING SASL RESP-CODES TOP
  322. [*] Nmap: | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
  323. [*] Nmap: | Not valid before: 2008-04-25T02:02:48
  324. [*] Nmap: |_Not valid after:  2008-05-25T02:02:48
  325. [*] Nmap: |_ssl-date: 2019-09-11T11:30:54+00:00; -2s from scanner time.
  326. [*] Nmap: | sslv2:
  327. [*] Nmap: |   SSLv2 supported
  328. [*] Nmap: |   ciphers:
  329. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  330. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  331. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  332. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  333. [*] Nmap: |_    SSL2_RC2_128_CBC_WITH_MD5
  334. [*] Nmap: 139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: MSHOME)
  335. [*] Nmap: 143/tcp  open  imap        Dovecot imapd
  336. [*] Nmap: |_imap-capabilities: OK SORT THREAD=REFERENCES IMAP4rev1 CHILDREN UNSELECT SASL-IR completed MULTIAPPEND Capability LOGINDISABLEDA0001 STARTTLS LOGIN-REFERRALS NAMESPACE LITERAL+ IDLE
  337. [*] Nmap: | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
  338. [*] Nmap: | Not valid before: 2008-04-25T02:02:48
  339. [*] Nmap: |_Not valid after:  2008-05-25T02:02:48
  340. [*] Nmap: |_ssl-date: 2019-09-11T11:28:17+00:00; -2s from scanner time.
  341. [*] Nmap: | sslv2:
  342. [*] Nmap: |   SSLv2 supported
  343. [*] Nmap: |   ciphers:
  344. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  345. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  346. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  347. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  348. [*] Nmap: |_    SSL2_RC2_128_CBC_WITH_MD5
  349. [*] Nmap: 445/tcp  open  netbios-ssn Samba smbd 3.0.26a (workgroup: MSHOME)
  350. [*] Nmap: 993/tcp  open  ssl/imap    Dovecot imapd
  351. [*] Nmap: | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
  352. [*] Nmap: | Not valid before: 2008-04-25T02:02:48
  353. [*] Nmap: |_Not valid after:  2008-05-25T02:02:48
  354. [*] Nmap: |_ssl-date: 2019-09-11T11:28:39+00:00; -2s from scanner time.
  355. [*] Nmap: | sslv2:
  356. [*] Nmap: |   SSLv2 supported
  357. [*] Nmap: |   ciphers:
  358. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  359. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  360. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  361. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  362. [*] Nmap: |_    SSL2_RC2_128_CBC_WITH_MD5
  363. [*] Nmap: 995/tcp  open  ssl/pop3    Dovecot pop3d
  364. [*] Nmap: |_pop3-capabilities: USER UIDL CAPA PIPELINING SASL(PLAIN) RESP-CODES TOP
  365. [*] Nmap: | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
  366. [*] Nmap: | Not valid before: 2008-04-25T02:02:48
  367. [*] Nmap: |_Not valid after:  2008-05-25T02:02:48
  368. [*] Nmap: |_ssl-date: 2019-09-11T11:28:31+00:00; -2s from scanner time.
  369. [*] Nmap: | sslv2:
  370. [*] Nmap: |   SSLv2 supported
  371. [*] Nmap: |   ciphers:
  372. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  373. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  374. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  375. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  376. [*] Nmap: |_    SSL2_RC2_128_CBC_WITH_MD5
  377. [*] Nmap: 8000/tcp open  http-alt?
  378. [*] Nmap: MAC Address: 00:50:56:89:00:33 (VMware)
  379. [*] Nmap: Device type: general purpose|WAP|remote management|switch|specialized|print server|media device
  380. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X|2.4.X (95%), AVM embedded (94%), Dell embedded (94%), Extreme Networks ExtremeXOS 12.X (94%), Google embedded (94%), HP embedded (94%), Philips embedded (94%)
  381. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.34 cpe:/h:avm:fritz%21box_fon_wlan_7170 cpe:/h:dell:remote_access_card:5 cpe:/o:extremenetworks:extremexos:12.5.4 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.4.21
  382. [*] Nmap: Aggressive OS guesses: DD-WRT v24-presp2 (Linux 2.6.34) (95%), AVM FRITZ!Box FON WLAN 7170 WAP (94%), Dell Remote Access Controller 5/I (DRAC 5/I) (94%), Extreme Networks ExtremeXOS 12.5.4 (94%), Google Mini search appliance (94%), HP 4200 PSA (Print Server Appliance) model J4117A (94%), HP Brocade 4Gb SAN switch or (94%), Linux 2.4.20 (94%), Linux 2.4.21 (embedded) (94%), Motorola SURFboard SB6120 or SB6141 cable modem (Linux 2.6.18) (94%)
  383. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  384. [*] Nmap: Network Distance: 1 hop
  385. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  386. [*] Nmap: Host script results:
  387. [*] Nmap: |_clock-skew: mean: 40m29s, deviation: 1h39m16s, median: -2s
  388. [*] Nmap: |_nbstat: NetBIOS name: PAYDAY, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
  389. [*] Nmap: | smb-os-discovery:
  390. [*] Nmap: |   OS: Unix (Samba 3.0.26a)
  391. [*] Nmap: |   Computer name: payday
  392. [*] Nmap: |   NetBIOS computer name:
  393. [*] Nmap: |   Domain name:
  394. [*] Nmap: |   FQDN: payday
  395. [*] Nmap: |_  System time: 2019-09-11T07:31:09-04:00
  396. [*] Nmap: | smb-security-mode:
  397. [*] Nmap: |   account_used: <blank>
  398. [*] Nmap: |   authentication_level: user
  399. [*] Nmap: |   challenge_response: supported
  400. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  401. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  402. [*] Nmap: TRACEROUTE
  403. [*] Nmap: HOP RTT       ADDRESS
  404. [*] Nmap: 1   260.02 ms 10.11.1.24
  405. [*] Nmap: Nmap scan report for 10.11.1.31
  406. [*] Nmap: Host is up (0.24s latency).
  407. [*] Nmap: Not shown: 993 closed ports
  408. [*] Nmap: PORT     STATE SERVICE       VERSION
  409. [*] Nmap: 80/tcp   open  http          Microsoft IIS httpd 6.0
  410. [*] Nmap: | http-cookie-flags:
  411. [*] Nmap: |   /:
  412. [*] Nmap: |     ASPSESSIONIDQACTSDSA:
  413. [*] Nmap: |_      httponly flag not set
  414. [*] Nmap: | http-methods:
  415. [*] Nmap: |_  Potentially risky methods: TRACE
  416. [*] Nmap: |_http-server-header: Microsoft-IIS/6.0
  417. [*] Nmap: |_http-title: Login
  418. [*] Nmap: 135/tcp  open  msrpc         Microsoft Windows RPC
  419. [*] Nmap: 139/tcp  open  netbios-ssn   Microsoft Windows netbios-ssn
  420. [*] Nmap: 445/tcp  open  microsoft-ds  Windows Server 2003 3790 Service Pack 1 microsoft-ds
  421. [*] Nmap: 1025/tcp open  msrpc         Microsoft Windows RPC
  422. [*] Nmap: 1433/tcp open  ms-sql-s      Microsoft SQL Server 2000 8.00.766.00; SP3a
  423. [*] Nmap: | ms-sql-ntlm-info:
  424. [*] Nmap: |_  Product_Version: 5.2.3790
  425. [*] Nmap: 3389/tcp open  ms-wbt-server Microsoft Terminal Service
  426. [*] Nmap: MAC Address: 00:50:56:89:6D:59 (VMware)
  427. [*] Nmap: Device type: general purpose|media device|specialized
  428. [*] Nmap: Running (JUST GUESSING): Microsoft Windows 2003|XP|PocketPC/CE|2000 (94%), Motorola embedded (89%), Beat embedded (87%)
  429. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_ce:5.0 cpe:/h:motorola:vip1216 cpe:/o:microsoft:windows_ce:6.0 cpe:/o:microsoft:windows_2000::sp4
  430. [*] Nmap: Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (94%), Microsoft Windows XP (92%), Microsoft Windows XP SP3 (92%), Microsoft Windows Server 2003 (91%), Microsoft Windows Server 2003 SP1 or SP2 (91%), Microsoft Windows Server 2003 SP1 (90%), Microsoft Windows Server 2003 SP0 - SP2 (90%), Microsoft Windows XP Professional SP3 (89%), Microsoft Windows XP SP2 (89%), Microsoft Windows XP SP2 - SP3 (89%)
  431. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  432. [*] Nmap: Network Distance: 1 hop
  433. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2003
  434. [*] Nmap: Host script results:
  435. [*] Nmap: |_clock-skew: mean: 2h31m26s, deviation: 3h34m22s, median: -8s
  436. [*] Nmap: | ms-sql-info:
  437. [*] Nmap: |   Windows server name: RALPH
  438. [*] Nmap: |   10.11.1.31\MSSQLSERVER:
  439. [*] Nmap: |     Instance name: MSSQLSERVER
  440. [*] Nmap: |     Version:
  441. [*] Nmap: |       name: Microsoft SQL Server 2000 SP3a
  442. [*] Nmap: |       number: 8.00.766.00
  443. [*] Nmap: |       Product: Microsoft SQL Server 2000
  444. [*] Nmap: |       Service pack level: SP3a
  445. [*] Nmap: |       Post-SP patches applied: false
  446. [*] Nmap: |     TCP port: 1433
  447. [*] Nmap: |     Named pipe: \\10.11.1.31\pipe\sql\query
  448. [*] Nmap: |_    Clustered: false
  449. [*] Nmap: |_nbstat: NetBIOS name: RALPH, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:6d:59 (VMware)
  450. [*] Nmap: | smb-os-discovery:
  451. [*] Nmap: |   OS: Windows Server 2003 3790 Service Pack 1 (Windows Server 2003 5.2)
  452. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_server_2003::sp1
  453. [*] Nmap: |   Computer name: ralph
  454. [*] Nmap: |   NetBIOS computer name: RALPH\x00
  455. [*] Nmap: |   Workgroup: THINC\x00
  456. [*] Nmap: |_  System time: 2019-09-11T06:31:04-05:00
  457. [*] Nmap: | smb-security-mode:
  458. [*] Nmap: |   account_used: guest
  459. [*] Nmap: |   authentication_level: user
  460. [*] Nmap: |   challenge_response: supported
  461. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  462. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  463. [*] Nmap: TRACEROUTE
  464. [*] Nmap: HOP RTT       ADDRESS
  465. [*] Nmap: 1   237.19 ms 10.11.1.31
  466. [*] Nmap: Nmap scan report for 10.11.1.35
  467. [*] Nmap: Host is up (0.24s latency).
  468. [*] Nmap: Not shown: 997 filtered ports
  469. [*] Nmap: PORT    STATE  SERVICE  VERSION
  470. [*] Nmap: 22/tcp  open   ssh      OpenSSH 4.3 (protocol 2.0)
  471. [*] Nmap: | ssh-hostkey:
  472. [*] Nmap: |   1024 ab:a7:86:a8:a0:39:c6:0a:81:0b:f9:ae:6f:4b:51:79 (DSA)
  473. [*] Nmap: |_  2048 8b:a5:11:b8:ca:75:9e:8c:a7:17:2c:a3:c9:90:1e:87 (RSA)
  474. [*] Nmap: 443/tcp open   ssl/http Apache httpd 2.2.3 ((CentOS))
  475. [*] Nmap: | http-methods:
  476. [*] Nmap: |_  Potentially risky methods: TRACE
  477. [*] Nmap: |_http-server-header: Apache/2.2.3 (CentOS)
  478. [*] Nmap: |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
  479. [*] Nmap: | ssl-cert: Subject: commonName=pain/organizationName=Thinc LTD/stateOrProvinceName=Pain/countryName=US
  480. [*] Nmap: | Not valid before: 2016-01-07T12:46:17
  481. [*] Nmap: |_Not valid after:  2017-01-06T12:46:17
  482. [*] Nmap: |_ssl-date: 2019-09-11T11:28:52+00:00; -1s from scanner time.
  483. [*] Nmap: 631/tcp closed ipp
  484. [*] Nmap: MAC Address: 00:50:56:89:76:F7 (VMware)
  485. [*] Nmap: Aggressive OS guesses: Linux 2.6.18 (94%), Linux 2.6.9 (94%), Linux 2.6.9 - 2.6.27 (93%), Cisco SA520 firewall (Linux 2.6) (91%), Linux 2.6.11 (91%), Linux 2.6.28 (91%), Linux 2.6.30 (90%), Linux 2.6.32 (90%), Linux 2.6.9 (CentOS 4.4) (90%), Riverbed Steelhead 200 proxy server (90%)
  486. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  487. [*] Nmap: Network Distance: 1 hop
  488. [*] Nmap: Host script results:
  489. [*] Nmap: |_clock-skew: mean: -1s, deviation: 0s, median: -1s
  490. [*] Nmap: TRACEROUTE
  491. [*] Nmap: HOP RTT       ADDRESS
  492. [*] Nmap: 1   238.01 ms 10.11.1.35
  493. [*] Nmap: Nmap scan report for 10.11.1.39
  494. [*] Nmap: Host is up (0.24s latency).
  495. [*] Nmap: Not shown: 997 filtered ports
  496. [*] Nmap: PORT     STATE SERVICE VERSION
  497. [*] Nmap: 22/tcp   open  ssh     OpenSSH 6.6.1 (protocol 2.0)
  498. [*] Nmap: | ssh-hostkey:
  499. [*] Nmap: |   2048 5e:c1:7e:d2:f9:20:f9:11:ea:4b:02:68:07:3f:54:f2 (RSA)
  500. [*] Nmap: |   256 36:ef:27:31:a2:fd:4a:e3:d2:4e:12:58:1f:7a:03:58 (ECDSA)
  501. [*] Nmap: |_  256 2c:70:9c:c9:4c:50:61:d2:51:43:d5:67:d1:d0:39:de (ED25519)
  502. [*] Nmap: 80/tcp   open  http    nginx 1.6.3
  503. [*] Nmap: | http-methods:
  504. [*] Nmap: |_  Potentially risky methods: TRACE
  505. [*] Nmap: |_http-server-header: nginx/1.6.3
  506. [*] Nmap: |_http-title: Apache HTTP Server Test Page powered by CentOS
  507. [*] Nmap: 3306/tcp open  mysql   MariaDB (unauthorized)
  508. [*] Nmap: MAC Address: 00:50:56:93:42:3C (VMware)
  509. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  510. [*] Nmap: Device type: general purpose
  511. [*] Nmap: Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (90%)
  512. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6
  513. [*] Nmap: Aggressive OS guesses: Linux 4.4 (90%), Linux 3.10 - 3.12 (89%), Linux 4.9 (89%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 - 3.16 (86%), Linux 4.0 (86%)
  514. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  515. [*] Nmap: Network Distance: 1 hop
  516. [*] Nmap: TRACEROUTE
  517. [*] Nmap: HOP RTT       ADDRESS
  518. [*] Nmap: 1   239.33 ms 10.11.1.39
  519. [*] Nmap: Nmap scan report for 10.11.1.44
  520. [*] Nmap: Host is up (0.24s latency).
  521. [*] Nmap: Not shown: 998 closed ports
  522. [*] Nmap: PORT     STATE SERVICE   VERSION
  523. [*] Nmap: 22/tcp   open  ssh       OpenSSH 5.3p1 Debian 3ubuntu7 (Ubuntu Linux; protocol 2.0)
  524. [*] Nmap: | ssh-hostkey:
  525. [*] Nmap: |   1024 65:63:69:c9:8b:96:b1:fb:be:d5:5c:f8:1e:7b:de:8f (DSA)
  526. [*] Nmap: |_  2048 28:99:c0:51:20:9b:31:e1:a4:fb:9a:17:46:52:cf:fc (RSA)
  527. [*] Nmap: 8000/tcp open  http-alt?
  528. [*] Nmap: MAC Address: 00:50:56:89:56:18 (VMware)
  529. [*] Nmap: Aggressive OS guesses: Linux 2.6.32 (94%), IPFire 2.11 firewall (Linux 2.6.32) (94%), DD-WRT v24-sp1 (Linux 2.4) (94%), HP MSM410 WAP (93%), Linux 2.6.35 (93%), IGEL UD3 thin client (Linux 2.6) (93%), Kyocera CopyStar CS-2560 printer (91%), QNAP NAS Firmware 3.8.3 (Linux 3.X) (91%), Linux 3.11 - 4.1 (91%), Linux 3.2 - 3.8 (91%)
  530. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  531. [*] Nmap: Network Distance: 1 hop
  532. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  533. [*] Nmap: TRACEROUTE
  534. [*] Nmap: HOP RTT       ADDRESS
  535. [*] Nmap: 1   238.07 ms 10.11.1.44
  536. [*] Nmap: Nmap scan report for 10.11.1.49
  537. [*] Nmap: Host is up (0.25s latency).
  538. [*] Nmap: Not shown: 996 filtered ports
  539. [*] Nmap: PORT      STATE SERVICE     VERSION
  540. [*] Nmap: 80/tcp    open  http        Microsoft IIS httpd 8.5
  541. [*] Nmap: |_http-generator: Drupal 7 (http://drupal.org)
  542. [*] Nmap: | http-methods:
  543. [*] Nmap: |_  Potentially risky methods: TRACE
  544. [*] Nmap: | http-robots.txt: 36 disallowed entries (15 shown)
  545. [*] Nmap: | /includes/ /misc/ /modules/ /profiles/ /scripts/
  546. [*] Nmap: | /themes/ /CHANGELOG.txt /cron.php /INSTALL.mysql.txt
  547. [*] Nmap: | /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php /INSTALL.txt
  548. [*] Nmap: |_/LICENSE.txt /MAINTAINERS.txt
  549. [*] Nmap: |_http-server-header: Microsoft-IIS/8.5
  550. [*] Nmap: |_http-title: Welcome to Bethany&#039;s Page | Bethany&#039;s Page
  551. [*] Nmap: 135/tcp   open  msrpc       Microsoft Windows RPC
  552. [*] Nmap: 139/tcp   open  netbios-ssn Microsoft Windows netbios-ssn
  553. [*] Nmap: 49155/tcp open  msrpc       Microsoft Windows RPC
  554. [*] Nmap: MAC Address: 00:50:56:89:20:5C (VMware)
  555. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  556. [*] Nmap: Device type: general purpose|phone|specialized
  557. [*] Nmap: Running (JUST GUESSING): Microsoft Windows 2008|7|Phone|8.1|Vista (98%)
  558. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1
  559. [*] Nmap: Aggressive OS guesses: Microsoft Windows 7 or Windows Server 2008 R2 (98%), Microsoft Windows 7 (98%), Microsoft Windows 8.1 Update 1 (92%), Microsoft Windows Phone 7.5 or 8.0 (92%), Microsoft Windows Server 2008 R2 (91%), Microsoft Windows Server 2008 R2 or Windows 8.1 (91%), Microsoft Windows Server 2008 R2 SP1 or Windows 8 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 R2 (91%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (91%), Microsoft Windows Embedded Standard 7 (91%)
  560. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  561. [*] Nmap: Network Distance: 1 hop
  562. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  563. [*] Nmap: Host script results:
  564. [*] Nmap: |_smb2-security-mode: SMB: Couldn't find a NetBIOS name that works for the server. Sorry!
  565. [*] Nmap: |_smb2-time: ERROR: Script execution failed (use -d to debug)
  566. [*] Nmap: TRACEROUTE
  567. [*] Nmap: HOP RTT       ADDRESS
  568. [*] Nmap: 1   245.72 ms 10.11.1.49
  569. [*] Nmap: Nmap scan report for 10.11.1.50
  570. [*] Nmap: Host is up (0.24s latency).
  571. [*] Nmap: Not shown: 996 filtered ports
  572. [*] Nmap: PORT      STATE SERVICE     VERSION
  573. [*] Nmap: 80/tcp    open  http        Microsoft IIS httpd 8.5
  574. [*] Nmap: |_http-generator: Drupal 7 (http://drupal.org)
  575. [*] Nmap: | http-methods:
  576. [*] Nmap: |_  Potentially risky methods: TRACE
  577. [*] Nmap: | http-robots.txt: 36 disallowed entries (15 shown)
  578. [*] Nmap: | /includes/ /misc/ /modules/ /profiles/ /scripts/
  579. [*] Nmap: | /themes/ /CHANGELOG.txt /cron.php /INSTALL.mysql.txt
  580. [*] Nmap: | /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php /INSTALL.txt
  581. [*] Nmap: |_/LICENSE.txt /MAINTAINERS.txt
  582. [*] Nmap: |_http-server-header: Microsoft-IIS/8.5
  583. [*] Nmap: |_http-title: Welcome to Bethany&#039;s Page | Bethany&#039;s Page
  584. [*] Nmap: 135/tcp   open  msrpc       Microsoft Windows RPC
  585. [*] Nmap: 139/tcp   open  netbios-ssn Microsoft Windows netbios-ssn
  586. [*] Nmap: 49155/tcp open  msrpc       Microsoft Windows RPC
  587. [*] Nmap: MAC Address: 00:50:56:89:1A:39 (VMware)
  588. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  589. [*] Nmap: Device type: general purpose
  590. [*] Nmap: Running: Microsoft Windows 2008|7
  591. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7
  592. [*] Nmap: OS details: Microsoft Windows 7 or Windows Server 2008 R2
  593. [*] Nmap: Network Distance: 1 hop
  594. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  595. [*] Nmap: Host script results:
  596. [*] Nmap: |_smb2-security-mode: SMB: Couldn't find a NetBIOS name that works for the server. Sorry!
  597. [*] Nmap: |_smb2-time: ERROR: Script execution failed (use -d to debug)
  598. [*] Nmap: TRACEROUTE
  599. [*] Nmap: HOP RTT       ADDRESS
  600. [*] Nmap: 1   242.09 ms 10.11.1.50
  601. [*] Nmap: Nmap scan report for 10.11.1.71
  602. [*] Nmap: Host is up (0.24s latency).
  603. [*] Nmap: Not shown: 998 closed ports
  604. [*] Nmap: PORT   STATE SERVICE VERSION
  605. [*] Nmap: 22/tcp open  ssh     OpenSSH 6.6.1p1 Ubuntu 2ubuntu2 (Ubuntu Linux; protocol 2.0)
  606. [*] Nmap: | ssh-hostkey:
  607. [*] Nmap: |   1024 72:b5:55:80:1b:24:d6:f3:bf:a5:c5:98:1b:01:03:90 (DSA)
  608. [*] Nmap: |   2048 1a:f6:a7:0d:ed:c2:73:a1:6f:a3:08:68:28:b5:3b:bb (RSA)
  609. [*] Nmap: |   256 e6:43:89:59:f9:85:d8:e2:bb:e3:d7:ed:28:5c:c5:65 (ECDSA)
  610. [*] Nmap: |_  256 3b:0b:f3:84:3c:7d:6e:2b:2c:81:11:94:16:9b:71:7d (ED25519)
  611. [*] Nmap: 80/tcp open  http    Apache/2.4.7 (Ubuntu)
  612. [*] Nmap: | http-cookie-flags:
  613. [*] Nmap: |   /:
  614. [*] Nmap: |     PHPSESSID:
  615. [*] Nmap: |_      httponly flag not set
  616. [*] Nmap: |_http-server-header: Apache/2.4.7 (Ubuntu)
  617. [*] Nmap: | http-title: Trees of Large Sizes
  618. [*] Nmap: |_Requested resource was site/index.php/
  619. [*] Nmap: MAC Address: 00:50:56:93:39:6B (VMware)
  620. [*] Nmap: Aggressive OS guesses: Linux 3.11 - 4.1 (94%), Linux 3.16 (94%), Linux 4.4 (93%), Linux 3.13 (91%), Linux 3.18 (90%), Linux 3.10 - 3.12 (90%), Linux 3.5 (90%), Linux 3.2 - 3.8 (90%), Linux 3.8 (90%), WatchGuard Fireware 11.8 (90%)
  621. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  622. [*] Nmap: Network Distance: 1 hop
  623. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  624. [*] Nmap: TRACEROUTE
  625. [*] Nmap: HOP RTT       ADDRESS
  626. [*] Nmap: 1   239.35 ms 10.11.1.71
  627. [*] Nmap: Nmap scan report for 10.11.1.72
  628. [*] Nmap: Host is up (0.24s latency).
  629. [*] Nmap: Not shown: 993 closed ports
  630. [*] Nmap: PORT     STATE SERVICE VERSION
  631. [*] Nmap: 22/tcp   open  ssh     OpenSSH 5.8p1 Debian 7ubuntu1 (Ubuntu Linux; protocol 2.0)
  632. [*] Nmap: | ssh-hostkey:
  633. [*] Nmap: |   1024 d3:2e:10:0d:48:90:ce:9a:33:fb:66:3f:a0:a6:94:48 (DSA)
  634. [*] Nmap: |   2048 ef:0a:3b:8e:3f:92:a4:5e:f0:ab:e7:7d:75:f0:de:0e (RSA)
  635. [*] Nmap: |_  256 15:3a:65:3b:97:ed:e0:fc:85:bc:4b:53:48:22:61:b1 (ECDSA)
  636. [*] Nmap: 25/tcp   open  smtp    JAMES smtpd 2.3.2
  637. [*] Nmap: |_smtp-commands: beta Hello nmap.scanme.org (10.11.0.96 [10.11.0.96]),
  638. [*] Nmap: 80/tcp   open  http    Apache httpd 2.2.20 ((Ubuntu))
  639. [*] Nmap: |_http-server-header: Apache/2.2.20 (Ubuntu)
  640. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  641. [*] Nmap: 110/tcp  open  pop3    JAMES pop3d 2.3.2
  642. [*] Nmap: 111/tcp  open  rpcbind 2-4 (RPC #100000)
  643. [*] Nmap: | rpcinfo:
  644. [*] Nmap: |   program version   port/proto  service
  645. [*] Nmap: |   100000  2,3,4        111/tcp  rpcbind
  646. [*] Nmap: |   100000  2,3,4        111/udp  rpcbind
  647. [*] Nmap: |   100003  2,3,4       2049/tcp  nfs
  648. [*] Nmap: |   100003  2,3,4       2049/udp  nfs
  649. [*] Nmap: |   100005  1,2,3      53680/tcp  mountd
  650. [*] Nmap: |   100005  1,2,3      58036/udp  mountd
  651. [*] Nmap: |   100021  1,3,4      37520/tcp  nlockmgr
  652. [*] Nmap: |   100021  1,3,4      42345/udp  nlockmgr
  653. [*] Nmap: |   100024  1          44863/udp  status
  654. [*] Nmap: |   100024  1          59611/tcp  status
  655. [*] Nmap: |   100227  2,3         2049/tcp  nfs_acl
  656. [*] Nmap: |_  100227  2,3         2049/udp  nfs_acl
  657. [*] Nmap: 119/tcp  open  nntp    JAMES nntpd (posting ok)
  658. [*] Nmap: 2049/tcp open  nfs_acl 2-3 (RPC #100227)
  659. [*] Nmap: MAC Address: 00:50:56:89:55:06 (VMware)
  660. [*] Nmap: Aggressive OS guesses: Linux 3.2 - 3.8 (94%), Linux 3.8 (94%), WatchGuard Fireware 11.8 (94%), Linux 3.5 (94%), Linux 3.1 - 3.2 (93%), Linux 2.6.32 - 2.6.39 (92%), Linux 3.0 - 3.2 (91%), Linux 2.6.32 (91%), Linux 2.6.32 or 3.10 (91%), Linux 3.3 (91%)
  661. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  662. [*] Nmap: Network Distance: 1 hop
  663. [*] Nmap: Service Info: Host: beta; OS: Linux; CPE: cpe:/o:linux:linux_kernel
  664. [*] Nmap: TRACEROUTE
  665. [*] Nmap: HOP RTT       ADDRESS
  666. [*] Nmap: 1   238.71 ms 10.11.1.72
  667. [*] Nmap: Nmap scan report for 10.11.1.73
  668. [*] Nmap: Host is up (0.24s latency).
  669. [*] Nmap: Not shown: 980 filtered ports
  670. [*] Nmap: PORT      STATE SERVICE       VERSION
  671. [*] Nmap: 135/tcp   open  msrpc         Microsoft Windows RPC
  672. [*] Nmap: 139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
  673. [*] Nmap: 445/tcp   open  microsoft-ds  Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
  674. [*] Nmap: 554/tcp   open  rtsp?
  675. [*] Nmap: 1100/tcp  open  java-rmi      Java RMI Registry
  676. [*] Nmap: | rmi-dumpregistry:
  677. [*] Nmap: |   creamtec/ajaxswing/JVMFactory
  678. [*] Nmap: |     com.creamtec.ajaxswing.core.JVMFactory_Stub
  679. [*] Nmap: |     @10.11.1.73:49157
  680. [*] Nmap: |     extends
  681. [*] Nmap: |       java.rmi.server.RemoteStub
  682. [*] Nmap: |       extends
  683. [*] Nmap: |_        java.rmi.server.RemoteObject
  684. [*] Nmap: 2869/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
  685. [*] Nmap: 3306/tcp  open  mysql?
  686. [*] Nmap: |_mysql-info: ERROR: Script execution failed (use -d to debug)
  687. [*] Nmap: 3389/tcp  open  ms-wbt-server Microsoft Terminal Service
  688. [*] Nmap: | ssl-cert: Subject: commonName=gamma
  689. [*] Nmap: | Not valid before: 2019-09-08T23:50:35
  690. [*] Nmap: |_Not valid after:  2020-03-09T23:50:35
  691. [*] Nmap: |_ssl-date: 2019-09-11T11:30:08+00:00; -16s from scanner time.
  692. [*] Nmap: 5357/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
  693. [*] Nmap: |_http-server-header: Microsoft-HTTPAPI/2.0
  694. [*] Nmap: |_http-title: Service Unavailable
  695. [*] Nmap: 5800/tcp  open  vnc-http      TightVNC (user: gamma; VNC TCP port: 5900)
  696. [*] Nmap: |_http-title: TightVNC desktop [gamma]
  697. [*] Nmap: 5900/tcp  open  vnc           VNC (protocol 3.8)
  698. [*] Nmap: | vnc-info:
  699. [*] Nmap: |   Protocol version: 3.8
  700. [*] Nmap: |   Security types:
  701. [*] Nmap: |     VNC Authentication (2)
  702. [*] Nmap: |     Tight (16)
  703. [*] Nmap: |   Tight auth subtypes:
  704. [*] Nmap: |_    STDV VNCAUTH_ (2)
  705. [*] Nmap: 8080/tcp  open  http          Apache httpd 2.4.9 ((Win32) PHP/5.5.12)
  706. [*] Nmap: |_http-open-proxy: Proxy might be redirecting requests
  707. [*] Nmap: | http-robots.txt: 1 disallowed entry
  708. [*] Nmap: |_/testmysql.php
  709. [*] Nmap: |_http-server-header: Apache/2.4.9 (Win32) PHP/5.5.12
  710. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  711. [*] Nmap: 10243/tcp open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
  712. [*] Nmap: |_http-server-header: Microsoft-HTTPAPI/2.0
  713. [*] Nmap: |_http-title: Not Found
  714. [*] Nmap: 49152/tcp open  msrpc         Microsoft Windows RPC
  715. [*] Nmap: 49153/tcp open  msrpc         Microsoft Windows RPC
  716. [*] Nmap: 49154/tcp open  msrpc         Microsoft Windows RPC
  717. [*] Nmap: 49155/tcp open  msrpc         Microsoft Windows RPC
  718. [*] Nmap: 49156/tcp open  msrpc         Microsoft Windows RPC
  719. [*] Nmap: 49157/tcp open  rmiregistry   Java RMI
  720. [*] Nmap: 49159/tcp open  rmiregistry   Java RMI
  721. [*] Nmap: MAC Address: 00:50:56:93:57:B9 (VMware)
  722. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  723. [*] Nmap: Device type: general purpose
  724. [*] Nmap: Running: Microsoft Windows 2008|7
  725. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7
  726. [*] Nmap: OS details: Microsoft Windows 7 or Windows Server 2008 R2
  727. [*] Nmap: Network Distance: 1 hop
  728. [*] Nmap: Service Info: Host: GAMMA; OS: Windows; CPE: cpe:/o:microsoft:windows
  729. [*] Nmap: Host script results:
  730. [*] Nmap: |_clock-skew: mean: 1h45m34s, deviation: 3h31m41s, median: -16s
  731. [*] Nmap: |_nbstat: NetBIOS name: GAMMA, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:57:b9 (VMware)
  732. [*] Nmap: | smb-os-discovery:
  733. [*] Nmap: |   OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
  734. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
  735. [*] Nmap: |   Computer name: gamma
  736. [*] Nmap: |   NetBIOS computer name: GAMMA\x00
  737. [*] Nmap: |   Workgroup: WORKGROUP\x00
  738. [*] Nmap: |_  System time: 2019-09-11T04:31:09-07:00
  739. [*] Nmap: | smb-security-mode:
  740. [*] Nmap: |   account_used: guest
  741. [*] Nmap: |   authentication_level: user
  742. [*] Nmap: |   challenge_response: supported
  743. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  744. [*] Nmap: | smb2-security-mode:
  745. [*] Nmap: |   2.02:
  746. [*] Nmap: |_    Message signing enabled but not required
  747. [*] Nmap: | smb2-time:
  748. [*] Nmap: |   date: 2019-09-11 07:31:08
  749. [*] Nmap: |_  start_date: 2018-10-18 14:09:11
  750. [*] Nmap: TRACEROUTE
  751. [*] Nmap: HOP RTT       ADDRESS
  752. [*] Nmap: 1   238.92 ms 10.11.1.73
  753. [*] Nmap: Nmap scan report for 10.11.1.75
  754. [*] Nmap: Host is up (0.24s latency).
  755. [*] Nmap: Not shown: 986 filtered ports
  756. [*] Nmap: PORT      STATE SERVICE       VERSION
  757. [*] Nmap: 135/tcp   open  msrpc         Microsoft Windows RPC
  758. [*] Nmap: 139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
  759. [*] Nmap: 445/tcp   open  microsoft-ds  Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
  760. [*] Nmap: 554/tcp   open  rtsp?
  761. [*] Nmap: 2869/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
  762. [*] Nmap: 3389/tcp  open  ms-wbt-server Microsoft Terminal Service
  763. [*] Nmap: | ssl-cert: Subject: commonName=bruce
  764. [*] Nmap: | Not valid before: 2019-09-09T04:16:00
  765. [*] Nmap: |_Not valid after:  2020-03-10T04:16:00
  766. [*] Nmap: |_ssl-date: 2019-09-11T11:28:28+00:00; -3s from scanner time.
  767. [*] Nmap: 5357/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
  768. [*] Nmap: |_http-server-header: Microsoft-HTTPAPI/2.0
  769. [*] Nmap: |_http-title: Service Unavailable
  770. [*] Nmap: 10243/tcp open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
  771. [*] Nmap: |_http-server-header: Microsoft-HTTPAPI/2.0
  772. [*] Nmap: |_http-title: Not Found
  773. [*] Nmap: 49152/tcp open  msrpc         Microsoft Windows RPC
  774. [*] Nmap: 49153/tcp open  msrpc         Microsoft Windows RPC
  775. [*] Nmap: 49154/tcp open  msrpc         Microsoft Windows RPC
  776. [*] Nmap: 49155/tcp open  msrpc         Microsoft Windows RPC
  777. [*] Nmap: 49156/tcp open  msrpc         Microsoft Windows RPC
  778. [*] Nmap: 49157/tcp open  msrpc         Microsoft Windows RPC
  779. [*] Nmap: MAC Address: 00:50:56:93:72:F1 (VMware)
  780. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  781. [*] Nmap: Device type: general purpose
  782. [*] Nmap: Running: Microsoft Windows 7
  783. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_7
  784. [*] Nmap: OS details: Microsoft Windows 7
  785. [*] Nmap: Network Distance: 1 hop
  786. [*] Nmap: Service Info: Host: BRUCE; OS: Windows; CPE: cpe:/o:microsoft:windows
  787. [*] Nmap: Host script results:
  788. [*] Nmap: |_clock-skew: mean: -14m12s, deviation: 28m19s, median: -3s
  789. [*] Nmap: |_nbstat: NetBIOS name: BRUCE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:72:f1 (VMware)
  790. [*] Nmap: | smb-os-discovery:
  791. [*] Nmap: |   OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
  792. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
  793. [*] Nmap: |   Computer name: bruce
  794. [*] Nmap: |   NetBIOS computer name: BRUCE\x00
  795. [*] Nmap: |   Workgroup: WORKGROUP\x00
  796. [*] Nmap: |_  System time: 2019-09-11T12:31:22+01:00
  797. [*] Nmap: | smb-security-mode:
  798. [*] Nmap: |   account_used: guest
  799. [*] Nmap: |   authentication_level: user
  800. [*] Nmap: |   challenge_response: supported
  801. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  802. [*] Nmap: | smb2-security-mode:
  803. [*] Nmap: |   2.02:
  804. [*] Nmap: |_    Message signing enabled but not required
  805. [*] Nmap: | smb2-time:
  806. [*] Nmap: |   date: 2019-09-11 07:31:22
  807. [*] Nmap: |_  start_date: 2019-09-10 11:37:22
  808. [*] Nmap: TRACEROUTE
  809. [*] Nmap: HOP RTT       ADDRESS
  810. [*] Nmap: 1   238.71 ms 10.11.1.75
  811. [*] Nmap: Nmap scan report for 10.11.1.115
  812. [*] Nmap: Host is up (0.24s latency).
  813. [*] Nmap: Not shown: 989 closed ports
  814. [*] Nmap: PORT      STATE SERVICE     VERSION
  815. [*] Nmap: 21/tcp    open  ftp         vsftpd 1.1.3
  816. [*] Nmap: | ftp-anon: Anonymous FTP login allowed (FTP code 230)
  817. [*] Nmap: |_drwxr-xr-x    2 0        0            4096 Feb 28  2003 pub
  818. [*] Nmap: 22/tcp    open  ssh         OpenSSH 3.5p1 (protocol 1.99)
  819. [*] Nmap: | ssh-hostkey:
  820. [*] Nmap: |   1024 36:70:a4:9f:32:47:ac:57:3f:ef:a1:ec:0b:ba:44:1b (RSA1)
  821. [*] Nmap: |   1024 64:79:7d:c6:a2:63:32:54:f0:d9:2b:f3:5d:c7:d2:69 (DSA)
  822. [*] Nmap: |_  1024 48:fb:39:3d:30:82:50:de:66:69:c5:ca:45:62:c0:dc (RSA)
  823. [*] Nmap: |_sshv1: Server supports SSHv1
  824. [*] Nmap: 25/tcp    open  smtp?
  825. [*] Nmap: |_smtp-commands: Couldn't establish connection on port 25
  826. [*] Nmap: 80/tcp    open  http        Apache httpd 2.0.40 ((Red Hat Linux))
  827. [*] Nmap: | http-methods:
  828. [*] Nmap: |_  Potentially risky methods: TRACE
  829. [*] Nmap: |_http-server-header: Apache/2.0.40 (Red Hat Linux)
  830. [*] Nmap: |_http-title: Test Page for the Apache Web Server on Red Hat Linux
  831. [*] Nmap: 111/tcp   open  rpcbind     2 (RPC #100000)
  832. [*] Nmap: | rpcinfo:
  833. [*] Nmap: |   program version   port/proto  service
  834. [*] Nmap: |   100000  2            111/tcp  rpcbind
  835. [*] Nmap: |   100000  2            111/udp  rpcbind
  836. [*] Nmap: |   100024  1          32768/tcp  status
  837. [*] Nmap: |   100024  1          32768/udp  status
  838. [*] Nmap: |_  391002  2          32769/tcp  sgi_fam
  839. [*] Nmap: 139/tcp   open  netbios-ssn Samba smbd (workgroup: MYGROUP)
  840. [*] Nmap: 143/tcp   open  imap        UW imapd 2001.315rh
  841. [*] Nmap: |_imap-capabilities: OK SORT THREAD=REFERENCES IMAP4REV1 NAMESPACE MAILBOX-REFERRALS SCAN THREAD=ORDEREDSUBJECT CAPABILITY AUTH=LOGINA0001 STARTTLS LOGIN-REFERRALS MULTIAPPEND completed IDLE
  842. [*] Nmap: | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
  843. [*] Nmap: | Not valid before: 2007-01-16T06:07:45
  844. [*] Nmap: |_Not valid after:  2008-01-16T06:07:45
  845. [*] Nmap: |_ssl-date: 2019-09-11T11:29:24+00:00; -10s from scanner time.
  846. [*] Nmap: 199/tcp   open  smux        Linux SNMP multiplexer
  847. [*] Nmap: 443/tcp   open  ssl/http    Apache httpd 2.0.40 ((Red Hat Linux))
  848. [*] Nmap: | http-methods:
  849. [*] Nmap: |_  Potentially risky methods: TRACE
  850. [*] Nmap: |_http-server-header: Apache/2.0.40 (Red Hat Linux)
  851. [*] Nmap: |_http-title: Test Page for the Apache Web Server on Red Hat Linux
  852. [*] Nmap: | ssl-cert: Subject: commonName=redhat/organizationName=ACME LOCAL LTD/stateOrProvinceName=Berkshire/countryName=GB
  853. [*] Nmap: | Not valid before: 2007-01-16T14:54:43
  854. [*] Nmap: |_Not valid after:  2008-01-16T14:54:43
  855. [*] Nmap: |_ssl-date: 2019-09-11T11:30:56+00:00; -10s from scanner time.
  856. [*] Nmap: | sslv2:
  857. [*] Nmap: |   SSLv2 supported
  858. [*] Nmap: |   ciphers:
  859. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  860. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  861. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  862. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  863. [*] Nmap: |     SSL2_RC2_128_CBC_WITH_MD5
  864. [*] Nmap: |     SSL2_DES_64_CBC_WITH_MD5
  865. [*] Nmap: |_    SSL2_RC4_64_WITH_MD5
  866. [*] Nmap: 3306/tcp  open  mysql       MySQL (unauthorized)
  867. [*] Nmap: 32768/tcp open  status      1 (RPC #100024)
  868. [*] Nmap: MAC Address: 00:50:56:89:39:7F (VMware)
  869. [*] Nmap: Device type: general purpose
  870. [*] Nmap: Running: Linux 2.4.X
  871. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.4.20
  872. [*] Nmap: OS details: Linux 2.4.20
  873. [*] Nmap: Network Distance: 1 hop
  874. [*] Nmap: Service Info: Host: tophat.acme.local; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
  875. [*] Nmap: Host script results:
  876. [*] Nmap: |_clock-skew: mean: -10s, deviation: 0s, median: -10s
  877. [*] Nmap: |_nbstat: NetBIOS name: TOPHAT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
  878. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  879. [*] Nmap: TRACEROUTE
  880. [*] Nmap: HOP RTT       ADDRESS
  881. [*] Nmap: 1   238.23 ms 10.11.1.115
  882. [*] Nmap: Nmap scan report for 10.11.1.116
  883. [*] Nmap: Host is up (0.24s latency).
  884. [*] Nmap: Not shown: 994 closed ports
  885. [*] Nmap: PORT     STATE SERVICE    VERSION
  886. [*] Nmap: 21/tcp   open  ftp?
  887. [*] Nmap: 22/tcp   open  ssh        OpenSSH 5.8p2_hpn13v11 (FreeBSD 20110503; protocol 2.0)
  888. [*] Nmap: | ssh-hostkey:
  889. [*] Nmap: |   1024 75:e8:80:6f:6c:2f:d2:51:1a:d6:c9:9e:e4:a2:4c:2f (DSA)
  890. [*] Nmap: |   2048 28:43:26:62:1d:07:f9:e3:9f:0b:1a:94:98:1a:74:45 (RSA)
  891. [*] Nmap: |_  256 50:2f:db:dd:1a:8e:22:23:f8:dc:7b:65:c9:fc:8e:df (ECDSA)
  892. [*] Nmap: 80/tcp   open  http       Apache httpd 2.4.6 ((FreeBSD) PHP/5.4.23)
  893. [*] Nmap: | http-methods:
  894. [*] Nmap: |_  Potentially risky methods: TRACE
  895. [*] Nmap: |_http-server-header: Apache/2.4.6 (FreeBSD) PHP/5.4.23
  896. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  897. [*] Nmap: 110/tcp  open  tcpwrapped
  898. [*] Nmap: 143/tcp  open  tcpwrapped
  899. [*] Nmap: 3306/tcp open  mysql      MySQL (unauthorized)
  900. [*] Nmap: MAC Address: 00:50:56:89:10:91 (VMware)
  901. [*] Nmap: Aggressive OS guesses: FreeBSD 9.0-RELEASE - 10.3-RELEASE (97%), FreeBSD 9.0-RELEASE (93%), FreeBSD 7.0-RELEASE (91%), FreeBSD 7.1-PRERELEASE 7.2-STABLE (91%), m0n0wall 1.3b11 - 1.3b15 (FreeBSD 6.3) (91%), FreeBSD 8.1-RELEASE (91%), FreeBSD 8.0-RELEASE (91%), VMware ESXi 4.1.0 (91%), FreeBSD 8.2-RELEASE (90%), FreeBSD 7.0-RELEASE - 9.0-RELEASE (90%)
  902. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  903. [*] Nmap: Network Distance: 1 hop
  904. [*] Nmap: Service Info: OS: FreeBSD; CPE: cpe:/o:freebsd:freebsd
  905. [*] Nmap: TRACEROUTE
  906. [*] Nmap: HOP RTT       ADDRESS
  907. [*] Nmap: 1   238.77 ms 10.11.1.116
  908. [*] Nmap: Nmap scan report for 10.11.1.125
  909. [*] Nmap: Host is up (0.24s latency).
  910. [*] Nmap: Not shown: 999 filtered ports
  911. [*] Nmap: PORT   STATE SERVICE VERSION
  912. [*] Nmap: 21/tcp open  ftp     Acritum Femitter Server ftpd
  913. [*] Nmap: | ftp-anon: Anonymous FTP login allowed (FTP code 230)
  914. [*] Nmap: | drw-rw-rw-   1 ftp      ftp            0 Sep 23  2015 . [NSE: writeable]
  915. [*] Nmap: | drw-rw-rw-   1 ftp      ftp            0 Sep 23  2015 .. [NSE: writeable]
  916. [*] Nmap: | -rw-rw-rw-   1 ftp      ftp        11164 Dec 26  2006 house.jpg [NSE: writeable]
  917. [*] Nmap: | -rw-rw-rw-   1 ftp      ftp          920 Jan 03  2007 index.htm [NSE: writeable]
  918. [*] Nmap: |_drw-rw-rw-   1 ftp      ftp            0 Sep 10 00:10 Upload [NSE: writeable]
  919. [*] Nmap: |_ftp-bounce: bounce working!
  920. [*] Nmap: | ftp-syst:
  921. [*] Nmap: |_  SYST: Internet Component Suite
  922. [*] Nmap: MAC Address: 00:50:56:89:56:6C (VMware)
  923. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  924. [*] Nmap: Device type: WAP|general purpose|media device
  925. [*] Nmap: Running (JUST GUESSING): Apple embedded (90%), Microsoft Windows XP|2003|2000 (89%), RIM Tablet OS 2.X (85%)
  926. [*] Nmap: OS CPE: cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2003::- cpe:/o:microsoft:windows_2000::sp4 cpe:/o:rim:tablet_os:2
  927. [*] Nmap: Aggressive OS guesses: Apple AirPort Extreme WAP (90%), Microsoft Windows Server 2003 SP0 or Windows XP SP2 (89%), Microsoft Windows XP SP3 (89%), Microsoft Windows 2000 SP4 (88%), Microsoft Windows XP SP3 or Small Business Server 2003 (88%), Microsoft Windows XP (88%), Microsoft Windows XP Home SP1 (French) (87%), Microsoft Windows XP Professional SP2 (French) (87%), Microsoft Windows XP SP2 (87%), Microsoft Windows XP Professional SP2 (firewall enabled) (86%)
  928. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  929. [*] Nmap: Network Distance: 1 hop
  930. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  931. [*] Nmap: TRACEROUTE
  932. [*] Nmap: HOP RTT       ADDRESS
  933. [*] Nmap: 1   238.15 ms 10.11.1.125
  934. [*] Nmap: Nmap scan report for 10.11.1.128
  935. [*] Nmap: Host is up (0.24s latency).
  936. [*] Nmap: Not shown: 987 closed ports
  937. [*] Nmap: PORT     STATE SERVICE      VERSION
  938. [*] Nmap: 21/tcp   open  ftp          Microsoft ftpd 5.0
  939. [*] Nmap: 25/tcp   open  smtp         Microsoft ESMTP 5.0.2195.6713
  940. [*] Nmap: | smtp-commands: dj.acme.local Hello [10.11.0.96], AUTH GSSAPI NTLM LOGIN, AUTH=LOGIN, TURN, ATRN, SIZE 2097152, ETRN, PIPELINING, DSN, ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, OK,
  941. [*] Nmap: |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ATRN ETRN BDAT VRFY
  942. [*] Nmap: | smtp-ntlm-info:
  943. [*] Nmap: |   Target_Name: DJ
  944. [*] Nmap: |   NetBIOS_Domain_Name: DJ
  945. [*] Nmap: |   NetBIOS_Computer_Name: DJ
  946. [*] Nmap: |   DNS_Domain_Name: dj.acme.local
  947. [*] Nmap: |   DNS_Computer_Name: dj.acme.local
  948. [*] Nmap: |_  Product_Version: 5.0.2195
  949. [*] Nmap: 80/tcp   open  http         Microsoft IIS httpd 5.0
  950. [*] Nmap: | http-cookie-flags:
  951. [*] Nmap: |   /:
  952. [*] Nmap: |     ASPSESSIONIDACRQSSRT:
  953. [*] Nmap: |_      httponly flag not set
  954. [*] Nmap: | http-methods:
  955. [*] Nmap: |_  Potentially risky methods: TRACE
  956. [*] Nmap: |_http-server-header: Microsoft-IIS/5.0
  957. [*] Nmap: |_http-title: Login
  958. [*] Nmap: 135/tcp  open  msrpc        Microsoft Windows RPC
  959. [*] Nmap: 139/tcp  open  netbios-ssn  Microsoft Windows netbios-ssn
  960. [*] Nmap: 443/tcp  open  https?
  961. [*] Nmap: 445/tcp  open  microsoft-ds Windows 2000 microsoft-ds
  962. [*] Nmap: 1025/tcp open  msrpc        Microsoft Windows RPC
  963. [*] Nmap: 1026/tcp open  msrpc        Microsoft Windows RPC
  964. [*] Nmap: 1030/tcp open  msrpc        Microsoft Windows RPC
  965. [*] Nmap: 3372/tcp open  msdtc        Microsoft Distributed Transaction Coordinator (error)
  966. [*] Nmap: 5800/tcp open  vnc-http     TightVNC
  967. [*] Nmap: |_http-title: TightVNC desktop [dj]
  968. [*] Nmap: 5900/tcp open  vnc          VNC (protocol 3.8)
  969. [*] Nmap: | vnc-info:
  970. [*] Nmap: |   Protocol version: 3.8
  971. [*] Nmap: |   Security types:
  972. [*] Nmap: |     VNC Authentication (2)
  973. [*] Nmap: |     Tight (16)
  974. [*] Nmap: |   Tight auth subtypes:
  975. [*] Nmap: |_    STDV VNCAUTH_ (2)
  976. [*] Nmap: MAC Address: 00:50:56:93:32:22 (VMware)
  977. [*] Nmap: Device type: general purpose|specialized|power-device
  978. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2000|2003|7 (98%), Belkin embedded (89%), SMA embedded (89%)
  979. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7
  980. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (98%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (91%), Microsoft Windows XP SP2 (91%), Microsoft Windows 2000 SP4 (90%), Microsoft Windows XP SP3 (90%), Microsoft Windows Server 2003 SP2 (89%), Belkin OmniView KVM switch or SMA Sunny WebBox solar panel monitor (89%), Microsoft Windows 7 (89%)
  981. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  982. [*] Nmap: Network Distance: 1 hop
  983. [*] Nmap: Service Info: Host: dj.acme.local; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_2000
  984. [*] Nmap: Host script results:
  985. [*] Nmap: |_clock-skew: mean: -58m19s, deviation: 1h22m29s, median: -1h56m39s
  986. [*] Nmap: | ms-sql-info:
  987. [*] Nmap: |   Windows server name: DJ
  988. [*] Nmap: |   10.11.1.128\MSSQLSERVER:
  989. [*] Nmap: |     Instance name: MSSQLSERVER
  990. [*] Nmap: |     Version:
  991. [*] Nmap: |       name: Microsoft SQL Server 2000 RTM
  992. [*] Nmap: |       number: 8.00.194.00
  993. [*] Nmap: |       Product: Microsoft SQL Server 2000
  994. [*] Nmap: |       Service pack level: RTM
  995. [*] Nmap: |       Post-SP patches applied: false
  996. [*] Nmap: |     TCP port: 27900
  997. [*] Nmap: |     Named pipe: \\10.11.1.128\pipe\sql\query
  998. [*] Nmap: |_    Clustered: false
  999. [*] Nmap: |_nbstat: NetBIOS name: DJ, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:32:22 (VMware)
  1000. [*] Nmap: | smb-os-discovery:
  1001. [*] Nmap: |   OS: Windows 2000 (Windows 2000 LAN Manager)
  1002. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_2000::-
  1003. [*] Nmap: |   Computer name: dj
  1004. [*] Nmap: |   NetBIOS computer name: DJ\x00
  1005. [*] Nmap: |   Workgroup: WORKGROUP\x00
  1006. [*] Nmap: |_  System time: 2019-09-11T13:31:26+02:00
  1007. [*] Nmap: | smb-security-mode:
  1008. [*] Nmap: |   account_used: guest
  1009. [*] Nmap: |   authentication_level: user
  1010. [*] Nmap: |   challenge_response: supported
  1011. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1012. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  1013. [*] Nmap: TRACEROUTE
  1014. [*] Nmap: HOP RTT       ADDRESS
  1015. [*] Nmap: 1   238.32 ms 10.11.1.128
  1016. [*] Nmap: Nmap scan report for 10.11.1.133
  1017. [*] Nmap: Host is up (0.24s latency).
  1018. [*] Nmap: Not shown: 549 filtered ports, 450 closed ports
  1019. [*] Nmap: PORT   STATE SERVICE VERSION
  1020. [*] Nmap: 80/tcp open  http    Microsoft-IIS
  1021. [*] Nmap: | fingerprint-strings:
  1022. [*] Nmap: |   GetRequest, HTTPOptions:
  1023. [*] Nmap: |     HTTP/1.1 200 OK
  1024. [*] Nmap: |     Date: Wed, 11 Sep 2019 11:22:59 GMT
  1025. [*] Nmap: |     Server: Microsoft-IIS
  1026. [*] Nmap: |     Content-Type: text/html
  1027. [*] Nmap: |     Cache-control: private
  1028. [*] Nmap: |     Vary: Accept-Encoding
  1029. [*] Nmap: |     Content-Length: 619
  1030. [*] Nmap: |     Connection: close
  1031. [*] Nmap: |     <html>
  1032. [*] Nmap: |     <head>
  1033. [*] Nmap: |     <title>Let's play with the offsec team</title>
  1034. [*] Nmap: |     </head>
  1035. [*] Nmap: |     <body style="color: #FFFFFF; background-color: #000000;font-family: verdana;">
  1036. [*] Nmap: |     <center>
  1037. [*] Nmap: |     <div style="width:600px;height:399px;background-image:url(offsec-team.jpg);">
  1038. [*] Nmap: |     <form method="post" action="login.asp">
  1039. [*] Nmap: |     <table style="padding-top:170px;">
  1040. [*] Nmap: |     <tr>
  1041. [*] Nmap: |     <td>Username: </td><td><input type="text" name="username" value=""></td>
  1042. [*] Nmap: |     </tr>
  1043. [*] Nmap: |     <tr>
  1044. [*] Nmap: |     <td>Password: </td><td><input type="password" name="password"></td>
  1045. [*] Nmap: |     </tr>
  1046. [*] Nmap: |     <tr>
  1047. [*] Nmap: |     colspan="2" align="right"><input type="submit" name="submit" value="Enter"></td>
  1048. [*] Nmap: |     </tr>
  1049. [*] Nmap: |     </table>
  1050. [*] Nmap: |     </form>
  1051. [*] Nmap: |     </div>
  1052. [*] Nmap: |     </center>
  1053. [*] Nmap: |     </body>
  1054. [*] Nmap: |_    </html>
  1055. [*] Nmap: |_http-server-header: Microsoft-IIS
  1056. [*] Nmap: |_http-title: Let's play with the offsec team
  1057. [*] Nmap: 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  1058. [*] Nmap: SF-Port80-TCP:V=7.70%I=7%D=9/11%Time=5D78D922%P=i686-pc-linux-gnu%r(GetReq
  1059. [*] Nmap: SF:uest,333,"HTTP/1\.1\x20200\x20OK\r\nDate:\x20Wed,\x2011\x20Sep\x202019\
  1060. [*] Nmap: SF:x2011:22:59\x20GMT\r\nServer:\x20Microsoft-IIS\x20\x20\x20\x20\x20\x20\
  1061. [*] Nmap: SF:x20\x20\x20\r\nContent-Type:\x20text/html\r\nCache-control:\x20private\
  1062. [*] Nmap: SF:r\nVary:\x20Accept-Encoding\r\nContent-Length:\x20619\r\nConnection:\x2
  1063. [*] Nmap: SF:0close\r\n\r\n<html>\n<head>\n<title>Let's\x20play\x20with\x20the\x20of
  1064. [*] Nmap: SF:fsec\x20team</title>\n</head>\n<body\x20style=\"color:\x20#FFFFFF;\x20b
  1065. [*] Nmap: SF:ackground-color:\x20#000000;font-family:\x20verdana;\">\n<center>\n<div
  1066. [*] Nmap: SF:\x20style=\"width:600px;height:399px;background-image:url\(offsec-team\
  1067. [*] Nmap: SF:.jpg\);\">\n<form\x20method=\"post\"\x20action=\"login\.asp\">\n<table\
  1068. [*] Nmap: SF:x20style=\"padding-top:170px;\">\n<tr>\n<td>Username:\x20</td><td><inpu
  1069. [*] Nmap: SF:t\x20type=\"text\"\x20name=\"username\"\x20value=\"\"></td>\n</tr>\n<tr
  1070. [*] Nmap: SF:>\n<td>Password:\x20</td><td><input\x20type=\"password\"\x20name=\"pass
  1071. [*] Nmap: SF:word\"></td>\n</tr>\n<tr>\n<td\x20colspan=\"2\"\x20align=\"right\"><inp
  1072. [*] Nmap: SF:ut\x20type=\"submit\"\x20name=\"submit\"\x20value=\"Enter\"></td>\n</tr
  1073. [*] Nmap: SF:>\n</table>\n</form>\n</div>\n</center>\n</body>\n</html>\n")%r(HTTPOpt
  1074. [*] Nmap: SF:ions,333,"HTTP/1\.1\x20200\x20OK\r\nDate:\x20Wed,\x2011\x20Sep\x202019\
  1075. [*] Nmap: SF:x2011:22:59\x20GMT\r\nServer:\x20Microsoft-IIS\x20\x20\x20\x20\x20\x20\
  1076. [*] Nmap: SF:x20\x20\x20\r\nContent-Type:\x20text/html\r\nCache-control:\x20private\
  1077. [*] Nmap: SF:r\nVary:\x20Accept-Encoding\r\nContent-Length:\x20619\r\nConnection:\x2
  1078. [*] Nmap: SF:0close\r\n\r\n<html>\n<head>\n<title>Let's\x20play\x20with\x20the\x20of
  1079. [*] Nmap: SF:fsec\x20team</title>\n</head>\n<body\x20style=\"color:\x20#FFFFFF;\x20b
  1080. [*] Nmap: SF:ackground-color:\x20#000000;font-family:\x20verdana;\">\n<center>\n<div
  1081. [*] Nmap: SF:\x20style=\"width:600px;height:399px;background-image:url\(offsec-team\
  1082. [*] Nmap: SF:.jpg\);\">\n<form\x20method=\"post\"\x20action=\"login\.asp\">\n<table\
  1083. [*] Nmap: SF:x20style=\"padding-top:170px;\">\n<tr>\n<td>Username:\x20</td><td><inpu
  1084. [*] Nmap: SF:t\x20type=\"text\"\x20name=\"username\"\x20value=\"\"></td>\n</tr>\n<tr
  1085. [*] Nmap: SF:>\n<td>Password:\x20</td><td><input\x20type=\"password\"\x20name=\"pass
  1086. [*] Nmap: SF:word\"></td>\n</tr>\n<tr>\n<td\x20colspan=\"2\"\x20align=\"right\"><inp
  1087. [*] Nmap: SF:ut\x20type=\"submit\"\x20name=\"submit\"\x20value=\"Enter\"></td>\n</tr
  1088. [*] Nmap: SF:>\n</table>\n</form>\n</div>\n</center>\n</body>\n</html>\n");
  1089. [*] Nmap: MAC Address: 00:50:56:89:7D:25 (VMware)
  1090. [*] Nmap: Aggressive OS guesses: Linux 2.6.32 (95%), HP MSM410 WAP (91%), Linux 2.6.35 (90%), IGEL UD3 thin client (Linux 2.6) (90%), IPFire 2.11 firewall (Linux 2.6.32) (90%), DD-WRT v24-sp1 (Linux 2.4) (89%), Linux 3.0 - 3.2 (88%), DD-WRT v23 (Linux 2.4.34) (88%), Linux 2.6.15 - 2.6.26 (likely embedded) (88%), Fortinet FortiOS 5.0.6 (88%)
  1091. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1092. [*] Nmap: Network Distance: 1 hop
  1093. [*] Nmap: TRACEROUTE
  1094. [*] Nmap: HOP RTT       ADDRESS
  1095. [*] Nmap: 1   238.60 ms 10.11.1.133
  1096. [*] Nmap: Nmap scan report for 10.11.1.136
  1097. [*] Nmap: Host is up (0.24s latency).
  1098. [*] Nmap: Not shown: 996 closed ports
  1099. [*] Nmap: PORT    STATE SERVICE     VERSION
  1100. [*] Nmap: 22/tcp  open  ssh         OpenSSH 4.3p2 Debian 9 (protocol 2.0)
  1101. [*] Nmap: |_auth-owners: root
  1102. [*] Nmap: | ssh-hostkey:
  1103. [*] Nmap: |   1024 88:23:98:0d:9d:8a:20:59:35:b8:14:12:14:d5:d0:44 (DSA)
  1104. [*] Nmap: |_  2048 6b:5d:04:71:76:78:56:96:56:92:a8:02:30:73:ee:fa (RSA)
  1105. [*] Nmap: 113/tcp open  ident
  1106. [*] Nmap: |_auth-owners: identd
  1107. [*] Nmap: 139/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: LOCAL)
  1108. [*] Nmap: |_auth-owners: root
  1109. [*] Nmap: 445/tcp open  netbios-ssn Samba smbd 3.0.24 (workgroup: LOCAL)
  1110. [*] Nmap: |_auth-owners: root
  1111. [*] Nmap: MAC Address: 00:50:56:93:37:2B (VMware)
  1112. [*] Nmap: Device type: general purpose|switch|printer|firewall|security-misc|WAP|remote management|specialized
  1113. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X|2.4.X (94%), Extreme Networks ExtremeXOS 12.X (93%), Kyocera embedded (93%), Barracuda Networks embedded (92%), AVM embedded (90%), Linksys embedded (90%), Netgear embedded (90%), Dell embedded (90%)
  1114. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:extremenetworks:extremexos:12.5.4 cpe:/h:kyocera:cs-2560 cpe:/h:avm:fritz%21box_fon_wlan_7050 cpe:/h:linksys:wag200g cpe:/h:netgear:dg834gt cpe:/h:dell:remote_access_card:5 cpe:/o:linux:linux_kernel:2.4.21
  1115. [*] Nmap: Aggressive OS guesses: Linux 2.6.15 - 2.6.26 (likely embedded) (94%), Linux 2.6.16 (94%), Extreme Networks ExtremeXOS 12.5.4 (93%), Kyocera CopyStar CS-2560 printer (93%), Linux 2.6.15 (Ubuntu) (93%), Linux 2.6.26 (93%), Barracuda Web Application Firewall 460 (92%), Linux 2.6.32 (92%), Barracuda Web Filter (92%), Linux 2.6.22 (92%)
  1116. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1117. [*] Nmap: Network Distance: 1 hop
  1118. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1119. [*] Nmap: Host script results:
  1120. [*] Nmap: |_clock-skew: mean: 2h01m37s, deviation: 2h52m03s, median: -2s
  1121. [*] Nmap: |_nbstat: NetBIOS name: SUFFERANCE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
  1122. [*] Nmap: | smb-os-discovery:
  1123. [*] Nmap: |   OS: Unix (Samba 3.0.24)
  1124. [*] Nmap: |   NetBIOS computer name:
  1125. [*] Nmap: |   Workgroup: THINC.LOCAL\x00
  1126. [*] Nmap: |_  System time: 2019-09-11T07:31:25-04:00
  1127. [*] Nmap: | smb-security-mode:
  1128. [*] Nmap: |   account_used: guest
  1129. [*] Nmap: |   authentication_level: share (dangerous)
  1130. [*] Nmap: |   challenge_response: supported
  1131. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1132. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  1133. [*] Nmap: TRACEROUTE
  1134. [*] Nmap: HOP RTT       ADDRESS
  1135. [*] Nmap: 1   238.20 ms 10.11.1.136
  1136. [*] Nmap: Nmap scan report for 10.11.1.141
  1137. [*] Nmap: Host is up (0.24s latency).
  1138. [*] Nmap: Not shown: 997 closed ports
  1139. [*] Nmap: PORT      STATE SERVICE VERSION
  1140. [*] Nmap: 22/tcp    open  ssh     OpenSSH 4.0 (protocol 2.0)
  1141. [*] Nmap: | ssh-hostkey:
  1142. [*] Nmap: |   1024 fe:cd:bb:f6:36:d4:59:62:92:b4:10:e4:75:04:43:54 (DSA)
  1143. [*] Nmap: |_  1024 9a:99:25:75:ac:04:e5:f9:f7:21:c6:f5:88:4f:12:6a (RSA)
  1144. [*] Nmap: 111/tcp   open  rpcbind 2 (RPC #100000)
  1145. [*] Nmap: | rpcinfo:
  1146. [*] Nmap: |   program version   port/proto  service
  1147. [*] Nmap: |   100000  2            111/tcp  rpcbind
  1148. [*] Nmap: |_  100000  2            111/udp  rpcbind
  1149. [*] Nmap: 10000/tcp open  http    MiniServ 0.01 (Webmin httpd)
  1150. [*] Nmap: |_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
  1151. [*] Nmap: MAC Address: 00:50:56:89:65:3F (VMware)
  1152. [*] Nmap: Device type: general purpose|firewall|proxy server|PBX|WAP|broadband router
  1153. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X (94%), Cisco embedded (91%), Riverbed embedded (91%), Ruckus embedded (90%), FreeBSD 6.X (89%), Zhone embedded (88%), AVM embedded (87%)
  1154. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6 cpe:/h:cisco:sa520 cpe:/h:riverbed:steelhead_200 cpe:/h:cisco:uc320w cpe:/h:ruckus:7363 cpe:/o:freebsd:freebsd:6.2 cpe:/h:avm:fritz%21box_fon_wlan_7170
  1155. [*] Nmap: Aggressive OS guesses: Linux 2.6.18 (94%), Linux 2.6.9 (94%), Linux 2.6.9 - 2.6.27 (93%), Cisco SA520 firewall (Linux 2.6) (91%), Linux 2.6.11 (91%), Linux 2.6.28 (91%), Riverbed Steelhead 200 proxy server (91%), Linux 2.6.30 (90%), Linux 2.6.32 (90%), Linux 2.6.9 (CentOS 4.4) (90%)
  1156. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1157. [*] Nmap: Network Distance: 1 hop
  1158. [*] Nmap: TRACEROUTE
  1159. [*] Nmap: HOP RTT       ADDRESS
  1160. [*] Nmap: 1   239.06 ms 10.11.1.141
  1161. [*] Nmap: Nmap scan report for 10.11.1.145
  1162. [*] Nmap: Host is up (0.24s latency).
  1163. [*] Nmap: Not shown: 995 filtered ports
  1164. [*] Nmap: PORT     STATE SERVICE            VERSION
  1165. [*] Nmap: 135/tcp  open  msrpc              Microsoft Windows RPC
  1166. [*] Nmap: 139/tcp  open  netbios-ssn        Microsoft Windows netbios-ssn
  1167. [*] Nmap: 445/tcp  open  microsoft-ds       Windows Server (R) 2008 Standard 6001 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
  1168. [*] Nmap: 3389/tcp open  ssl/ms-wbt-server?
  1169. [*] Nmap: | ssl-cert: Subject: commonName=HELPDESK
  1170. [*] Nmap: | Not valid before: 2019-09-10T08:36:52
  1171. [*] Nmap: |_Not valid after:  2020-03-11T08:36:52
  1172. [*] Nmap: |_ssl-date: 2019-09-11T11:28:22+00:00; -3s from scanner time.
  1173. [*] Nmap: 8080/tcp open  http               Apache Tomcat/Coyote JSP engine 1.1
  1174. [*] Nmap: | http-cookie-flags:
  1175. [*] Nmap: |   /:
  1176. [*] Nmap: |     JSESSIONID:
  1177. [*] Nmap: |_      httponly flag not set
  1178. [*] Nmap: |_http-server-header: Apache-Coyote/1.1
  1179. [*] Nmap: |_http-title: ManageEngine ServiceDesk Plus
  1180. [*] Nmap: MAC Address: 00:50:56:89:78:BA (VMware)
  1181. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1182. [*] Nmap: Device type: general purpose
  1183. [*] Nmap: Running: Microsoft Windows 7
  1184. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_7
  1185. [*] Nmap: OS details: Microsoft Windows 7
  1186. [*] Nmap: Network Distance: 1 hop
  1187. [*] Nmap: Service Info: Host: HELPDESK; OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2008:r2
  1188. [*] Nmap: Host script results:
  1189. [*] Nmap: |_clock-skew: mean: 1h45m46s, deviation: 3h31m39s, median: -3s
  1190. [*] Nmap: |_nbstat: NetBIOS name: HELPDESK, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:78:ba (VMware)
  1191. [*] Nmap: | smb-os-discovery:
  1192. [*] Nmap: |   OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)
  1193. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
  1194. [*] Nmap: |   Computer name: HELPDESK
  1195. [*] Nmap: |   NetBIOS computer name: HELPDESK\x00
  1196. [*] Nmap: |   Workgroup: WORKGROUP\x00
  1197. [*] Nmap: |_  System time: 2019-09-11T04:31:25-07:00
  1198. [*] Nmap: | smb-security-mode:
  1199. [*] Nmap: |   account_used: <blank>
  1200. [*] Nmap: |   authentication_level: user
  1201. [*] Nmap: |   challenge_response: supported
  1202. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1203. [*] Nmap: | smb2-security-mode:
  1204. [*] Nmap: |   2.02:
  1205. [*] Nmap: |_    Message signing enabled but not required
  1206. [*] Nmap: | smb2-time:
  1207. [*] Nmap: |   date: 2019-09-11 07:31:25
  1208. [*] Nmap: |_  start_date: 2017-06-05 22:08:09
  1209. [*] Nmap: TRACEROUTE
  1210. [*] Nmap: HOP RTT       ADDRESS
  1211. [*] Nmap: 1   239.09 ms 10.11.1.145
  1212. [*] Nmap: Nmap scan report for 10.11.1.146
  1213. [*] Nmap: Host is up (0.26s latency).
  1214. [*] Nmap: Not shown: 998 closed ports
  1215. [*] Nmap: PORT   STATE SERVICE VERSION
  1216. [*] Nmap: 21/tcp open  ftp     ProFTPD 1.3.3a
  1217. [*] Nmap: 22/tcp open  ssh     OpenSSH 5.5p1 Debian 6 (protocol 2.0)
  1218. [*] Nmap: | ssh-hostkey:
  1219. [*] Nmap: |   1024 bb:1e:db:11:2a:c7:90:96:e8:0f:f1:ce:aa:14:6a:c1 (DSA)
  1220. [*] Nmap: |_  2048 67:62:39:ab:ef:7b:2d:e2:70:18:fd:7d:3d:65:bf:c7 (RSA)
  1221. [*] Nmap: MAC Address: 00:50:56:89:5A:7F (VMware)
  1222. [*] Nmap: Aggressive OS guesses: Linux 2.6.32 (99%), HP MSM410 WAP (94%), Linux 2.6.35 (94%), IGEL UD3 thin client (Linux 2.6) (94%), IPFire 2.11 firewall (Linux 2.6.32) (93%), DD-WRT v24-sp1 (Linux 2.4) (92%), Linux 2.6.31 - 2.6.32 (92%), Extreme Networks ExtremeXOS 12.5.4 (91%), DD-WRT v23 (Linux 2.4.34) (91%), Linux 2.6.15 (Ubuntu) (91%)
  1223. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1224. [*] Nmap: Network Distance: 1 hop
  1225. [*] Nmap: Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
  1226. [*] Nmap: TRACEROUTE
  1227. [*] Nmap: HOP RTT       ADDRESS
  1228. [*] Nmap: 1   264.55 ms 10.11.1.146
  1229. [*] Nmap: Nmap scan report for 10.11.1.202
  1230. [*] Nmap: Host is up (0.24s latency).
  1231. [*] Nmap: Not shown: 982 closed ports
  1232. [*] Nmap: PORT     STATE SERVICE       VERSION
  1233. [*] Nmap: 21/tcp   open  ftp           Microsoft ftpd 5.0
  1234. [*] Nmap: |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
  1235. [*] Nmap: | ftp-syst:
  1236. [*] Nmap: |_  SYST: Windows_NT version 5.0
  1237. [*] Nmap: 80/tcp   open  http          Microsoft IIS httpd 5.0
  1238. [*] Nmap: | http-cookie-flags:
  1239. [*] Nmap: |   /:
  1240. [*] Nmap: |     ASPSESSIONIDSSRCCBAQ:
  1241. [*] Nmap: |_      httponly flag not set
  1242. [*] Nmap: | http-methods:
  1243. [*] Nmap: |_  Potentially risky methods: TRACE COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT MOVE MKCOL PROPPATCH
  1244. [*] Nmap: |_http-server-header: Microsoft-IIS/5.0
  1245. [*] Nmap: |_http-title: Under Construction
  1246. [*] Nmap: | http-webdav-scan:
  1247. [*] Nmap: |   WebDAV type: Unkown
  1248. [*] Nmap: |   Server Type: Microsoft-IIS/5.0
  1249. [*] Nmap: |   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
  1250. [*] Nmap: |   Allowed Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
  1251. [*] Nmap: |_  Server Date: Wed, 11 Sep 2019 11:28:18 GMT
  1252. [*] Nmap: 135/tcp  open  msrpc         Microsoft Windows RPC
  1253. [*] Nmap: 139/tcp  open  netbios-ssn   Microsoft Windows netbios-ssn
  1254. [*] Nmap: 443/tcp  open  https?
  1255. [*] Nmap: 445/tcp  open  microsoft-ds  Windows 2000 microsoft-ds
  1256. [*] Nmap: 1029/tcp open  msrpc         Microsoft Windows RPC
  1257. [*] Nmap: 1032/tcp open  msrpc         Microsoft Windows RPC
  1258. [*] Nmap: 1033/tcp open  msrpc         Microsoft Windows RPC
  1259. [*] Nmap: 1038/tcp open  oracle        Oracle Database
  1260. [*] Nmap: 1521/tcp open  oracle-tns    Oracle TNS Listener 9.2.0.1.0 (for 32-bit Windows)
  1261. [*] Nmap: 2030/tcp open  oracle-mts    Oracle MTS Recovery Service
  1262. [*] Nmap: 2100/tcp open  ftp           Oracle Enterprise XML DB ftpd 9.2.0.1.0
  1263. [*] Nmap: | ftp-syst:
  1264. [*] Nmap: |_  SYST: Unix Type:9.2.0.1 Version:Oracle XML DB
  1265. [*] Nmap: 3372/tcp open  msdtc         Microsoft Distributed Transaction Coordinator (error)
  1266. [*] Nmap: 3389/tcp open  ms-wbt-server Microsoft Terminal Service
  1267. [*] Nmap: 4443/tcp open  ssl/pharos?
  1268. [*] Nmap: |_ssl-date: 2019-09-11T11:28:35+00:00; 0s from scanner time.
  1269. [*] Nmap: | sslv2:
  1270. [*] Nmap: |   SSLv2 supported
  1271. [*] Nmap: |   ciphers:
  1272. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  1273. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  1274. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  1275. [*] Nmap: |     SSL2_DES_64_CBC_WITH_MD5
  1276. [*] Nmap: |_    SSL2_RC4_64_WITH_MD5
  1277. [*] Nmap: 7778/tcp open  http          Oracle HTTP Server Powered by Apache 1.3.22 (mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12 mod_oprocmgr/1.0 mod_perl/1.25)
  1278. [*] Nmap: |_http-generator: Mozilla/4.72 [en] (WinNT; U) [Netscape]
  1279. [*] Nmap: | http-methods:
  1280. [*] Nmap: |_  Potentially risky methods: TRACE
  1281. [*] Nmap: |_http-server-header: Oracle HTTP Server Powered by Apache/1.3.22 (Win32) mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12 mod_oprocmgr/1.0 mod_perl/1.25
  1282. [*] Nmap: |_http-title: Oracle HTTP Server Index
  1283. [*] Nmap: 8080/tcp open  http          Oracle XML DB Enterprise Edition httpd 9.2.0.1.0 (Oracle9i Enterprise Edition Release)
  1284. [*] Nmap: | http-auth:
  1285. [*] Nmap: | HTTP/1.1 401 Unauthorized\x0D
  1286. [*] Nmap: |_  Basic realm=XDB
  1287. [*] Nmap: |_http-server-header: Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
  1288. [*] Nmap: |_http-title: 400 Bad Request
  1289. [*] Nmap: MAC Address: 00:50:56:89:2E:00 (VMware)
  1290. [*] Nmap: Device type: general purpose|specialized|power-device
  1291. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2000|2003|7 (98%), Belkin embedded (89%), SMA embedded (89%)
  1292. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7
  1293. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (98%), Microsoft Windows XP SP2 (92%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (91%), Microsoft Windows 2000 SP4 (91%), Microsoft Windows XP SP3 (91%), Microsoft Windows Server 2003 SP2 (90%), Belkin OmniView KVM switch or SMA Sunny WebBox solar panel monitor (89%), Microsoft Windows 7 (89%)
  1294. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1295. [*] Nmap: Network Distance: 1 hop
  1296. [*] Nmap: Service Info: Host: oracle; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_2000
  1297. [*] Nmap: Host script results:
  1298. [*] Nmap: |_clock-skew: mean: -38m55s, deviation: 1h07m24s, median: 0s
  1299. [*] Nmap: |_nbstat: NetBIOS name: ORACLE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:2e:00 (VMware)
  1300. [*] Nmap: | smb-os-discovery:
  1301. [*] Nmap: |   OS: Windows 2000 (Windows 2000 LAN Manager)
  1302. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_2000::-
  1303. [*] Nmap: |   Computer name: oracle
  1304. [*] Nmap: |   NetBIOS computer name: ORACLE\x00
  1305. [*] Nmap: |   Domain name: acme.local
  1306. [*] Nmap: |   FQDN: oracle.acme.local
  1307. [*] Nmap: |_  System time: 2019-09-11T13:31:28+02:00
  1308. [*] Nmap: | smb-security-mode:
  1309. [*] Nmap: |   account_used: guest
  1310. [*] Nmap: |   authentication_level: user
  1311. [*] Nmap: |   challenge_response: supported
  1312. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1313. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  1314. [*] Nmap: TRACEROUTE
  1315. [*] Nmap: HOP RTT       ADDRESS
  1316. [*] Nmap: 1   241.50 ms 10.11.1.202
  1317. [*] Nmap: Nmap scan report for 10.11.1.209
  1318. [*] Nmap: Host is up (0.26s latency).
  1319. [*] Nmap: Not shown: 995 closed ports
  1320. [*] Nmap: PORT     STATE SERVICE VERSION
  1321. [*] Nmap: 22/tcp   open  ssh     SunSSH 1.1.5 (protocol 2.0)
  1322. [*] Nmap: | ssh-hostkey:
  1323. [*] Nmap: |   1024 b0:d1:14:4f:d2:43:20:e4:90:f7:ca:e3:8a:36:39:86 (DSA)
  1324. [*] Nmap: |_  1024 dd:36:f6:09:23:4c:c4:c3:44:d6:6e:2f:6a:ff:b3:12 (RSA)
  1325. [*] Nmap: 80/tcp   open  http    Apache httpd 1.3.41 ((Unix) mod_perl/1.31)
  1326. [*] Nmap: | http-methods:
  1327. [*] Nmap: |_  Potentially risky methods: TRACE
  1328. [*] Nmap: |_http-server-header: Apache/1.3.41 (Unix) mod_perl/1.31
  1329. [*] Nmap: |_http-title: Test Page for the SSL/TLS-aware Apache Installation on Web Site
  1330. [*] Nmap: 111/tcp  open  rpcbind 2-4 (RPC #100000)
  1331. [*] Nmap: 8009/tcp open  ajp13   Apache Jserv (Protocol v1.3)
  1332. [*] Nmap: |_ajp-methods: Failed to get a valid response for the OPTION request
  1333. [*] Nmap: 8080/tcp open  http    Apache Tomcat/Coyote JSP engine 1.1
  1334. [*] Nmap: |_http-favicon: Apache Tomcat
  1335. [*] Nmap: |_http-server-header: Apache-Coyote/1.1
  1336. [*] Nmap: |_http-title: Apache Tomcat/5.5.35
  1337. [*] Nmap: MAC Address: 00:50:56:89:12:0C (VMware)
  1338. [*] Nmap: Device type: general purpose
  1339. [*] Nmap: Running: Sun SunOS 10
  1340. [*] Nmap: OS CPE: cpe:/o:sun:sunos:10
  1341. [*] Nmap: OS details: Sun Solaris 10
  1342. [*] Nmap: Network Distance: 1 hop
  1343. [*] Nmap: TRACEROUTE
  1344. [*] Nmap: HOP RTT       ADDRESS
  1345. [*] Nmap: 1   256.39 ms 10.11.1.209
  1346. [*] Nmap: Nmap scan report for 10.11.1.217
  1347. [*] Nmap: Host is up (0.33s latency).
  1348. [*] Nmap: Not shown: 989 closed ports
  1349. [*] Nmap: PORT     STATE SERVICE    VERSION
  1350. [*] Nmap: 22/tcp   open  ssh        OpenSSH 4.3 (protocol 2.0)
  1351. [*] Nmap: | ssh-hostkey:
  1352. [*] Nmap: |   1024 1a:f6:e5:4c:f5:65:5c:a3:79:ce:e1:30:f9:5a:9c:af (DSA)
  1353. [*] Nmap: |_  2048 b1:9e:c8:ea:eb:4c:fc:55:cb:1e:4d:4c:40:6e:80:f2 (RSA)
  1354. [*] Nmap: 25/tcp   open  smtp?
  1355. [*] Nmap: |_smtp-commands: hotline.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
  1356. [*] Nmap: 80/tcp   open  http       Apache httpd 2.2.3
  1357. [*] Nmap: |_http-server-header: Apache/2.2.3 (CentOS)
  1358. [*] Nmap: |_http-title: Did not follow redirect to https://10.11.1.217/
  1359. [*] Nmap: 110/tcp  open  pop3?
  1360. [*] Nmap: 111/tcp  open  rpcbind    2 (RPC #100000)
  1361. [*] Nmap: | rpcinfo:
  1362. [*] Nmap: |   program version   port/proto  service
  1363. [*] Nmap: |   100000  2            111/tcp  rpcbind
  1364. [*] Nmap: |   100000  2            111/udp  rpcbind
  1365. [*] Nmap: |   100024  1            884/udp  status
  1366. [*] Nmap: |_  100024  1            887/tcp  status
  1367. [*] Nmap: 143/tcp  open  imap?
  1368. [*] Nmap: 443/tcp  open  ssl/http   Apache httpd 2.2.3 ((CentOS))
  1369. [*] Nmap: | http-robots.txt: 1 disallowed entry
  1370. [*] Nmap: |_/
  1371. [*] Nmap: |_http-server-header: Apache/2.2.3 (CentOS)
  1372. [*] Nmap: |_http-title: Elastix - Login page
  1373. [*] Nmap: | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
  1374. [*] Nmap: | Not valid before: 2012-03-23T19:29:13
  1375. [*] Nmap: |_Not valid after:  2013-03-23T19:29:13
  1376. [*] Nmap: |_ssl-date: 2019-09-11T11:26:40+00:00; -1m59s from scanner time.
  1377. [*] Nmap: 993/tcp  open  imaps?
  1378. [*] Nmap: 995/tcp  open  pop3s?
  1379. [*] Nmap: 3306/tcp open  mysql?
  1380. [*] Nmap: |_mysql-info: ERROR: Script execution failed (use -d to debug)
  1381. [*] Nmap: 4445/tcp open  upnotifyp?
  1382. [*] Nmap: MAC Address: 00:50:56:89:57:05 (VMware)
  1383. [*] Nmap: Device type: general purpose
  1384. [*] Nmap: Running: Linux 2.6.X
  1385. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.18
  1386. [*] Nmap: OS details: Linux 2.6.18
  1387. [*] Nmap: Network Distance: 1 hop
  1388. [*] Nmap: Service Info: Host: 127.0.0.1
  1389. [*] Nmap: Host script results:
  1390. [*] Nmap: |_clock-skew: mean: -1m59s, deviation: 0s, median: -1m59s
  1391. [*] Nmap: TRACEROUTE
  1392. [*] Nmap: HOP RTT       ADDRESS
  1393. [*] Nmap: 1   332.33 ms 10.11.1.217
  1394. [*] Nmap: Nmap scan report for 10.11.1.218
  1395. [*] Nmap: Host is up (0.24s latency).
  1396. [*] Nmap: Not shown: 997 filtered ports
  1397. [*] Nmap: PORT    STATE SERVICE      VERSION
  1398. [*] Nmap: 135/tcp open  msrpc        Microsoft Windows RPC
  1399. [*] Nmap: 139/tcp open  netbios-ssn  Microsoft Windows netbios-ssn
  1400. [*] Nmap: 445/tcp open  microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: THINC)
  1401. [*] Nmap: MAC Address: 00:50:56:93:5C:EA (VMware)
  1402. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1403. [*] Nmap: Device type: general purpose
  1404. [*] Nmap: Running: Microsoft Windows 2008|7
  1405. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7
  1406. [*] Nmap: OS details: Microsoft Windows 7 or Windows Server 2008 R2
  1407. [*] Nmap: Network Distance: 1 hop
  1408. [*] Nmap: Service Info: Host: OBSERVER; OS: Windows; CPE: cpe:/o:microsoft:windows
  1409. [*] Nmap: Host script results:
  1410. [*] Nmap: |_clock-skew: mean: -2083d01h13m04s, deviation: 4h38m41s, median: -2083d03h53m59s
  1411. [*] Nmap: |_nbstat: NetBIOS name: OBSERVER, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:5c:ea (VMware)
  1412. [*] Nmap: | smb-os-discovery:
  1413. [*] Nmap: |   OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
  1414. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
  1415. [*] Nmap: |   Computer name: observer
  1416. [*] Nmap: |   NetBIOS computer name: OBSERVER\x00
  1417. [*] Nmap: |   Domain name: thinc.local
  1418. [*] Nmap: |   Forest name: thinc.local
  1419. [*] Nmap: |   FQDN: observer.thinc.local
  1420. [*] Nmap: |_  System time: 2013-12-27T23:37:33-08:00
  1421. [*] Nmap: | smb-security-mode:
  1422. [*] Nmap: |   account_used: <blank>
  1423. [*] Nmap: |   authentication_level: user
  1424. [*] Nmap: |   challenge_response: supported
  1425. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1426. [*] Nmap: | smb2-security-mode:
  1427. [*] Nmap: |   2.02:
  1428. [*] Nmap: |_    Message signing enabled but not required
  1429. [*] Nmap: | smb2-time:
  1430. [*] Nmap: |   date: 2013-12-28 02:37:35
  1431. [*] Nmap: |_  start_date: 2013-12-27 16:08:12
  1432. [*] Nmap: TRACEROUTE
  1433. [*] Nmap: HOP RTT       ADDRESS
  1434. [*] Nmap: 1   240.45 ms 10.11.1.218
  1435. [*] Nmap: Nmap scan report for 10.11.1.219
  1436. [*] Nmap: Host is up (0.24s latency).
  1437. [*] Nmap: Not shown: 999 filtered ports
  1438. [*] Nmap: PORT   STATE SERVICE VERSION
  1439. [*] Nmap: 80/tcp open  http    Apache httpd
  1440. [*] Nmap: |_http-server-header: Apache
  1441. [*] Nmap: |_http-title: Apache2 Ubuntu Default Page: It works
  1442. [*] Nmap: MAC Address: 00:50:56:89:06:25 (VMware)
  1443. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1444. [*] Nmap: Device type: general purpose
  1445. [*] Nmap: Running (JUST GUESSING): Linux 3.X|4.X (90%)
  1446. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
  1447. [*] Nmap: Aggressive OS guesses: Linux 3.10 - 3.16 (90%), Linux 3.11 - 4.1 (89%), Linux 4.4 (89%), Linux 3.2.0 (87%), Linux 3.16 (86%)
  1448. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1449. [*] Nmap: Network Distance: 1 hop
  1450. [*] Nmap: TRACEROUTE
  1451. [*] Nmap: HOP RTT       ADDRESS
  1452. [*] Nmap: 1   239.22 ms 10.11.1.219
  1453. [*] Nmap: Nmap scan report for 10.11.1.220
  1454. [*] Nmap: Host is up (0.24s latency).
  1455. [*] Nmap: Not shown: 980 closed ports
  1456. [*] Nmap: PORT      STATE SERVICE       VERSION
  1457. [*] Nmap: 21/tcp    open  ftp           FileZilla ftpd 0.9.34 beta
  1458. [*] Nmap: | ftp-syst:
  1459. [*] Nmap: |_  SYST: UNIX emulated by FileZilla
  1460. [*] Nmap: 53/tcp    open  domain        Microsoft DNS 6.1.7601 (1DB15D39) (Windows Server 2008 R2 SP1)
  1461. [*] Nmap: | dns-nsid:
  1462. [*] Nmap: |_  bind.version: Microsoft DNS 6.1.7601 (1DB15D39)
  1463. [*] Nmap: 88/tcp    open  kerberos-sec  Microsoft Windows Kerberos (server time: 2013-12-28 07:37:03Z)
  1464. [*] Nmap: 135/tcp   open  msrpc         Microsoft Windows RPC
  1465. [*] Nmap: 139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
  1466. [*] Nmap: 389/tcp   open  ldap          Microsoft Windows Active Directory LDAP (Domain: thinc.local, Site: Default-First-Site-Name)
  1467. [*] Nmap: 445/tcp   open  microsoft-ds  Windows Server 2008 R2 Standard 7601 Service Pack 1 microsoft-ds (workgroup: THINC)
  1468. [*] Nmap: 464/tcp   open  kpasswd5?
  1469. [*] Nmap: 593/tcp   open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
  1470. [*] Nmap: 636/tcp   open  tcpwrapped
  1471. [*] Nmap: 3268/tcp  open  ldap          Microsoft Windows Active Directory LDAP (Domain: thinc.local, Site: Default-First-Site-Name)
  1472. [*] Nmap: 3269/tcp  open  tcpwrapped
  1473. [*] Nmap: 3389/tcp  open  ms-wbt-server Microsoft Terminal Service
  1474. [*] Nmap: | ssl-cert: Subject: commonName=master.thinc.local
  1475. [*] Nmap: | Not valid before: 2013-12-27T07:37:01
  1476. [*] Nmap: |_Not valid after:  2014-06-28T07:37:01
  1477. [*] Nmap: |_ssl-date: 2013-12-28T07:37:44+00:00; -5y257d03h53m03s from scanner time.
  1478. [*] Nmap: 49152/tcp open  msrpc         Microsoft Windows RPC
  1479. [*] Nmap: 49153/tcp open  msrpc         Microsoft Windows RPC
  1480. [*] Nmap: 49154/tcp open  msrpc         Microsoft Windows RPC
  1481. [*] Nmap: 49155/tcp open  msrpc         Microsoft Windows RPC
  1482. [*] Nmap: 49157/tcp open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
  1483. [*] Nmap: 49158/tcp open  msrpc         Microsoft Windows RPC
  1484. [*] Nmap: 49165/tcp open  msrpc         Microsoft Windows RPC
  1485. [*] Nmap: MAC Address: 00:50:56:93:3B:04 (VMware)
  1486. [*] Nmap: Device type: general purpose
  1487. [*] Nmap: Running: Microsoft Windows 7
  1488. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_7
  1489. [*] Nmap: OS details: Microsoft Windows 7
  1490. [*] Nmap: Network Distance: 1 hop
  1491. [*] Nmap: Service Info: Host: MASTER; OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2008:r2:sp1
  1492. [*] Nmap: Host script results:
  1493. [*] Nmap: |_clock-skew: mean: -2083d01h53m07s, deviation: 4h01m09s, median: -2083d03h54m02s
  1494. [*] Nmap: |_nbstat: NetBIOS name: MASTER, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:3b:04 (VMware)
  1495. [*] Nmap: | smb-os-discovery:
  1496. [*] Nmap: |   OS: Windows Server 2008 R2 Standard 7601 Service Pack 1 (Windows Server 2008 R2 Standard 6.1)
  1497. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
  1498. [*] Nmap: |   Computer name: master
  1499. [*] Nmap: |   NetBIOS computer name: MASTER\x00
  1500. [*] Nmap: |   Domain name: thinc.local
  1501. [*] Nmap: |   Forest name: thinc.local
  1502. [*] Nmap: |   FQDN: master.thinc.local
  1503. [*] Nmap: |_  System time: 2013-12-27T23:37:31-08:00
  1504. [*] Nmap: | smb-security-mode:
  1505. [*] Nmap: |   account_used: <blank>
  1506. [*] Nmap: |   authentication_level: user
  1507. [*] Nmap: |   challenge_response: supported
  1508. [*] Nmap: |_  message_signing: required
  1509. [*] Nmap: | smb2-security-mode:
  1510. [*] Nmap: |   2.02:
  1511. [*] Nmap: |_    Message signing enabled and required
  1512. [*] Nmap: | smb2-time:
  1513. [*] Nmap: |   date: 2013-12-28 02:37:31
  1514. [*] Nmap: |_  start_date: 2013-12-28 11:16:39
  1515. [*] Nmap: TRACEROUTE
  1516. [*] Nmap: HOP RTT       ADDRESS
  1517. [*] Nmap: 1   239.49 ms 10.11.1.220
  1518. [*] Nmap: Nmap scan report for 10.11.1.221
  1519. [*] Nmap: Host is up (0.24s latency).
  1520. [*] Nmap: Not shown: 995 filtered ports
  1521. [*] Nmap: PORT      STATE SERVICE            VERSION
  1522. [*] Nmap: 53/tcp    open  domain             Microsoft DNS 6.0.6001 (17714650) (Windows Server 2008 SP1)
  1523. [*] Nmap: | dns-nsid:
  1524. [*] Nmap: |_  bind.version: Microsoft DNS 6.0.6001 (17714650)
  1525. [*] Nmap: 135/tcp   open  msrpc              Microsoft Windows RPC
  1526. [*] Nmap: 3389/tcp  open  ssl/ms-wbt-server?
  1527. [*] Nmap: | ssl-cert: Subject: commonName=slave.thinc.local
  1528. [*] Nmap: | Not valid before: 2013-12-26T21:08:51
  1529. [*] Nmap: |_Not valid after:  2014-06-27T21:08:51
  1530. [*] Nmap: |_ssl-date: 2013-12-28T07:37:28+00:00; -5y257d03h51m54s from scanner time.
  1531. [*] Nmap: 5357/tcp  open  http               Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
  1532. [*] Nmap: |_http-server-header: Microsoft-HTTPAPI/2.0
  1533. [*] Nmap: |_http-title: Service Unavailable
  1534. [*] Nmap: 49158/tcp open  msrpc              Microsoft Windows RPC
  1535. [*] Nmap: MAC Address: 00:50:56:93:18:E2 (VMware)
  1536. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1537. [*] Nmap: Device type: general purpose
  1538. [*] Nmap: Running: Microsoft Windows 7
  1539. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_7
  1540. [*] Nmap: OS details: Microsoft Windows 7
  1541. [*] Nmap: Network Distance: 1 hop
  1542. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows_server_2008::sp1, cpe:/o:microsoft:windows
  1543. [*] Nmap: Host script results:
  1544. [*] Nmap: |_clock-skew: mean: -2083d03h51m54s, deviation: 0s, median: -2083d03h51m54s
  1545. [*] Nmap: |_nbstat: NetBIOS name: SLAVE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:18:e2 (VMware)
  1546. [*] Nmap: TRACEROUTE
  1547. [*] Nmap: HOP RTT       ADDRESS
  1548. [*] Nmap: 1   237.13 ms 10.11.1.221
  1549. [*] Nmap: Nmap scan report for 10.11.1.223
  1550. [*] Nmap: Host is up (0.24s latency).
  1551. [*] Nmap: Not shown: 987 closed ports
  1552. [*] Nmap: PORT      STATE SERVICE            VERSION
  1553. [*] Nmap: 80/tcp    open  http               Apache httpd 2.2.14 (DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
  1554. [*] Nmap: | http-methods:
  1555. [*] Nmap: |_  Potentially risky methods: TRACE
  1556. [*] Nmap: |_http-server-header: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
  1557. [*] Nmap: |_http-title: Index of /
  1558. [*] Nmap: 135/tcp   open  msrpc              Microsoft Windows RPC
  1559. [*] Nmap: 139/tcp   open  netbios-ssn        Microsoft Windows netbios-ssn
  1560. [*] Nmap: 443/tcp   open  ssl/http           Apache httpd 2.2.14 (DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
  1561. [*] Nmap: | http-methods:
  1562. [*] Nmap: |_  Potentially risky methods: TRACE
  1563. [*] Nmap: |_http-server-header: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
  1564. [*] Nmap: |_http-title: Index of /
  1565. [*] Nmap: | ssl-cert: Subject: commonName=localhost
  1566. [*] Nmap: | Not valid before: 2009-11-10T23:48:47
  1567. [*] Nmap: |_Not valid after:  2019-11-08T23:48:47
  1568. [*] Nmap: |_ssl-date: 2019-09-11T11:28:58+00:00; -5s from scanner time.
  1569. [*] Nmap: | sslv2:
  1570. [*] Nmap: |   SSLv2 supported
  1571. [*] Nmap: |   ciphers:
  1572. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  1573. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  1574. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  1575. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  1576. [*] Nmap: |     SSL2_IDEA_128_CBC_WITH_MD5
  1577. [*] Nmap: |     SSL2_RC2_128_CBC_WITH_MD5
  1578. [*] Nmap: |_    SSL2_DES_64_CBC_WITH_MD5
  1579. [*] Nmap: 445/tcp   open  microsoft-ds       Windows Server (R) 2008 Standard 6001 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
  1580. [*] Nmap: 3306/tcp  open  mysql?
  1581. [*] Nmap: |_mysql-info: ERROR: Script execution failed (use -d to debug)
  1582. [*] Nmap: 3389/tcp  open  ssl/ms-wbt-server?
  1583. [*] Nmap: | ssl-cert: Subject: commonName=Jeff
  1584. [*] Nmap: | Not valid before: 2019-09-09T03:47:08
  1585. [*] Nmap: |_Not valid after:  2020-03-10T03:47:08
  1586. [*] Nmap: |_ssl-date: 2019-09-11T11:29:01+00:00; -5s from scanner time.
  1587. [*] Nmap: 49152/tcp open  msrpc              Microsoft Windows RPC
  1588. [*] Nmap: 49153/tcp open  msrpc              Microsoft Windows RPC
  1589. [*] Nmap: 49154/tcp open  msrpc              Microsoft Windows RPC
  1590. [*] Nmap: 49155/tcp open  msrpc              Microsoft Windows RPC
  1591. [*] Nmap: 49156/tcp open  msrpc              Microsoft Windows RPC
  1592. [*] Nmap: 49157/tcp open  msrpc              Microsoft Windows RPC
  1593. [*] Nmap: MAC Address: 00:50:56:89:32:E3 (VMware)
  1594. [*] Nmap: Device type: general purpose
  1595. [*] Nmap: Running: Microsoft Windows 2008|7
  1596. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7
  1597. [*] Nmap: OS details: Microsoft Windows 7 or Windows Server 2008 R2
  1598. [*] Nmap: Network Distance: 1 hop
  1599. [*] Nmap: Service Info: Hosts: localhost, JEFF; OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2008:r2
  1600. [*] Nmap: Host script results:
  1601. [*] Nmap: |_clock-skew: mean: 1h24m25s, deviation: 3h08m58s, median: -5s
  1602. [*] Nmap: |_nbstat: NetBIOS name: JEFF, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:32:e3 (VMware)
  1603. [*] Nmap: | smb-os-discovery:
  1604. [*] Nmap: |   OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)
  1605. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
  1606. [*] Nmap: |   Computer name: Jeff
  1607. [*] Nmap: |   NetBIOS computer name: JEFF\x00
  1608. [*] Nmap: |   Workgroup: WORKGROUP\x00
  1609. [*] Nmap: |_  System time: 2019-09-11T04:31:30-07:00
  1610. [*] Nmap: | smb-security-mode:
  1611. [*] Nmap: |   account_used: guest
  1612. [*] Nmap: |   authentication_level: user
  1613. [*] Nmap: |   challenge_response: supported
  1614. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1615. [*] Nmap: | smb2-security-mode:
  1616. [*] Nmap: |   2.02:
  1617. [*] Nmap: |_    Message signing enabled but not required
  1618. [*] Nmap: | smb2-time:
  1619. [*] Nmap: |   date: 2019-09-11 07:31:30
  1620. [*] Nmap: |_  start_date: 2016-05-22 08:28:08
  1621. [*] Nmap: TRACEROUTE
  1622. [*] Nmap: HOP RTT       ADDRESS
  1623. [*] Nmap: 1   238.58 ms 10.11.1.223
  1624. [*] Nmap: Nmap scan report for 10.11.1.226
  1625. [*] Nmap: Host is up (0.24s latency).
  1626. [*] Nmap: Not shown: 998 filtered ports
  1627. [*] Nmap: PORT     STATE  SERVICE       VERSION
  1628. [*] Nmap: 21/tcp   open   ftp           GuildFTPd
  1629. [*] Nmap: 3389/tcp closed ms-wbt-server
  1630. [*] Nmap: MAC Address: 00:50:56:89:51:F6 (VMware)
  1631. [*] Nmap: Device type: general purpose|WAP
  1632. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2003|2000 (94%), Apple embedded (89%)
  1633. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_server_2003::sp2 cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_2000::sp4
  1634. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (94%), Microsoft Windows Server 2003 SP2 (92%), Microsoft Windows Server 2003 (90%), Apple AirPort Extreme WAP (89%), Microsoft Windows 2000 SP4 (88%), Microsoft Windows XP SP3 (87%), Microsoft Windows Server 2003 SP1 or SP2 (86%), Microsoft Windows Server 2003 SP1 (85%), Microsoft Windows XP SP2 (85%)
  1635. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1636. [*] Nmap: Network Distance: 1 hop
  1637. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  1638. [*] Nmap: TRACEROUTE
  1639. [*] Nmap: HOP RTT       ADDRESS
  1640. [*] Nmap: 1   238.61 ms 10.11.1.226
  1641. [*] Nmap: Nmap scan report for 10.11.1.227
  1642. [*] Nmap: Host is up (0.24s latency).
  1643. [*] Nmap: Not shown: 987 closed ports
  1644. [*] Nmap: PORT     STATE SERVICE      VERSION
  1645. [*] Nmap: 21/tcp   open  ftp          Microsoft ftpd 5.0
  1646. [*] Nmap: |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
  1647. [*] Nmap: | ftp-syst:
  1648. [*] Nmap: |_  SYST: Windows_NT version 5.0
  1649. [*] Nmap: 25/tcp   open  smtp         Microsoft ESMTP 5.0.2195.5329
  1650. [*] Nmap: | smtp-commands: jd.acme.local Hello [10.11.0.96], AUTH GSSAPI NTLM LOGIN, AUTH=LOGIN, TURN, ATRN, SIZE 2097152, ETRN, PIPELINING, DSN, ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, OK,
  1651. [*] Nmap: |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ATRN ETRN BDAT VRFY
  1652. [*] Nmap: | smtp-ntlm-info:
  1653. [*] Nmap: |   Target_Name: JD
  1654. [*] Nmap: |   NetBIOS_Domain_Name: JD
  1655. [*] Nmap: |   NetBIOS_Computer_Name: JD
  1656. [*] Nmap: |   DNS_Domain_Name: jd.acme.local
  1657. [*] Nmap: |   DNS_Computer_Name: jd.acme.local
  1658. [*] Nmap: |_  Product_Version: 5.0.2195
  1659. [*] Nmap: 80/tcp   open  http         Microsoft IIS httpd 5.0
  1660. [*] Nmap: | http-methods:
  1661. [*] Nmap: |_  Potentially risky methods: TRACE COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT MOVE MKCOL PROPPATCH
  1662. [*] Nmap: |_http-server-header: Microsoft-IIS/5.0
  1663. [*] Nmap: |_http-title: Directory Listing Denied
  1664. [*] Nmap: | http-webdav-scan:
  1665. [*] Nmap: |   WebDAV type: Unkown
  1666. [*] Nmap: |   Server Type: Microsoft-IIS/5.0
  1667. [*] Nmap: |   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
  1668. [*] Nmap: |   Allowed Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
  1669. [*] Nmap: |_  Server Date: Wed, 11 Sep 2019 11:29:07 GMT
  1670. [*] Nmap: 135/tcp  open  msrpc        Microsoft Windows RPC
  1671. [*] Nmap: 139/tcp  open  netbios-ssn  Microsoft Windows netbios-ssn
  1672. [*] Nmap: 443/tcp  open  https?
  1673. [*] Nmap: 445/tcp  open  microsoft-ds Windows 2000 microsoft-ds
  1674. [*] Nmap: 1025/tcp open  msrpc        Microsoft Windows RPC
  1675. [*] Nmap: 1026/tcp open  msrpc        Microsoft Windows RPC
  1676. [*] Nmap: 1028/tcp open  msrpc        Microsoft Windows RPC
  1677. [*] Nmap: 3372/tcp open  msdtc        Microsoft Distributed Transaction Coordinator (error)
  1678. [*] Nmap: 5800/tcp open  vnc-http     RealVNC 4.0 (resolution: 400x250; VNC TCP port: 5900)
  1679. [*] Nmap: |_http-server-header: RealVNC/4.0
  1680. [*] Nmap: |_http-title: VNC viewer for Java
  1681. [*] Nmap: 5900/tcp open  vnc          VNC (protocol 3.8)
  1682. [*] Nmap: | vnc-info:
  1683. [*] Nmap: |   Protocol version: 3.8
  1684. [*] Nmap: |   Security types:
  1685. [*] Nmap: |_    VNC Authentication (2)
  1686. [*] Nmap: MAC Address: 00:50:56:89:0E:65 (VMware)
  1687. [*] Nmap: Device type: general purpose|specialized|power-device
  1688. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2000|2003|7 (98%), Belkin embedded (89%), SMA embedded (89%)
  1689. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7
  1690. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (98%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (91%), Microsoft Windows XP SP2 (91%), Microsoft Windows 2000 SP4 (90%), Microsoft Windows XP SP3 (90%), Microsoft Windows Server 2003 SP2 (90%), Belkin OmniView KVM switch or SMA Sunny WebBox solar panel monitor (89%), Microsoft Windows 7 (89%)
  1691. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1692. [*] Nmap: Network Distance: 1 hop
  1693. [*] Nmap: Service Info: Host: jd.acme.local; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_2000
  1694. [*] Nmap: Host script results:
  1695. [*] Nmap: |_clock-skew: mean: -58m56s, deviation: 1h23m07s, median: -1h57m43s
  1696. [*] Nmap: | ms-sql-info:
  1697. [*] Nmap: |   Windows server name: JD
  1698. [*] Nmap: |   10.11.1.227\MSSQLSERVER:
  1699. [*] Nmap: |     Instance name: MSSQLSERVER
  1700. [*] Nmap: |     Version:
  1701. [*] Nmap: |       name: Microsoft SQL Server 2000 RTM
  1702. [*] Nmap: |       number: 8.00.194.00
  1703. [*] Nmap: |       Product: Microsoft SQL Server 2000
  1704. [*] Nmap: |       Service pack level: RTM
  1705. [*] Nmap: |       Post-SP patches applied: false
  1706. [*] Nmap: |     TCP port: 27900
  1707. [*] Nmap: |     Named pipe: \\10.11.1.227\pipe\sql\query
  1708. [*] Nmap: |_    Clustered: false
  1709. [*] Nmap: |_nbstat: NetBIOS name: JD, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:0e:65 (VMware)
  1710. [*] Nmap: | smb-os-discovery:
  1711. [*] Nmap: |   OS: Windows 2000 (Windows 2000 LAN Manager)
  1712. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_2000::-
  1713. [*] Nmap: |   Computer name: jd
  1714. [*] Nmap: |   NetBIOS computer name: JD\x00
  1715. [*] Nmap: |   Workgroup: WORKGROUP\x00
  1716. [*] Nmap: |_  System time: 2019-09-11T13:31:26+02:00
  1717. [*] Nmap: | smb-security-mode:
  1718. [*] Nmap: |   account_used: guest
  1719. [*] Nmap: |   authentication_level: user
  1720. [*] Nmap: |   challenge_response: supported
  1721. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1722. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  1723. [*] Nmap: TRACEROUTE
  1724. [*] Nmap: HOP RTT       ADDRESS
  1725. [*] Nmap: 1   239.49 ms 10.11.1.227
  1726. [*] Nmap: Nmap scan report for 10.11.1.229
  1727. [*] Nmap: Host is up (0.24s latency).
  1728. [*] Nmap: Not shown: 988 filtered ports
  1729. [*] Nmap: PORT     STATE  SERVICE       VERSION
  1730. [*] Nmap: 21/tcp   open   tcpwrapped
  1731. [*] Nmap: 23/tcp   closed telnet
  1732. [*] Nmap: 25/tcp   open   smtp          hMailServer smtpd
  1733. [*] Nmap: | smtp-commands: MAIL, SIZE 20480000, AUTH LOGIN,
  1734. [*] Nmap: |_ 211 DATA HELO EHLO MAIL NOOP QUIT RCPT RSET SAML TURN VRFY
  1735. [*] Nmap: 80/tcp   open   http          Microsoft IIS httpd 6.0
  1736. [*] Nmap: | http-methods:
  1737. [*] Nmap: |_  Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
  1738. [*] Nmap: |_http-server-header: Microsoft-IIS/6.0
  1739. [*] Nmap: |_http-title: 10.11.1.229 - /
  1740. [*] Nmap: | http-webdav-scan:
  1741. [*] Nmap: |   WebDAV type: Unkown
  1742. [*] Nmap: |   Server Type: Microsoft-IIS/6.0
  1743. [*] Nmap: |   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
  1744. [*] Nmap: |   Allowed Methods: OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK
  1745. [*] Nmap: |_  Server Date: Wed, 11 Sep 2019 11:29:22 GMT
  1746. [*] Nmap: 110/tcp  open   pop3          hMailServer pop3d
  1747. [*] Nmap: |_pop3-capabilities: ERROR: Script execution failed (use -d to debug)
  1748. [*] Nmap: 135/tcp  open   msrpc         Microsoft Windows RPC
  1749. [*] Nmap: 139/tcp  open   netbios-ssn   Windows Server 2003 3790 Service Pack 1 netbios-ssn
  1750. [*] Nmap: 143/tcp  open   imap          hMailServer imapd
  1751. [*] Nmap: |_imap-capabilities: OK SORT ACL IMAP4rev1 CHILDREN NAMESPACE IMAP4 QUOTA CAPABILITY RIGHTS=texkA0001 completed IDLE
  1752. [*] Nmap: 443/tcp  closed https
  1753. [*] Nmap: 1025/tcp open   msrpc         Microsoft Windows RPC
  1754. [*] Nmap: 2869/tcp closed icslap
  1755. [*] Nmap: 3389/tcp open   ms-wbt-server Microsoft Terminal Service
  1756. [*] Nmap: MAC Address: 00:50:56:93:03:7A (VMware)
  1757. [*] Nmap: Device type: general purpose|media device
  1758. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2003|2000|PocketPC/CE (95%), Motorola embedded (86%)
  1759. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_ce:5.0 cpe:/h:motorola:vip1216
  1760. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (95%), Microsoft Windows Server 2003 SP2 (93%), Microsoft Windows XP SP3 (90%), Microsoft Windows Server 2003 SP1 or SP2 (88%), Microsoft Windows XP SP2 (87%), Microsoft Windows Server 2003 SP1 (87%), Microsoft Windows Server 2003 SP0 - SP2 (87%), Microsoft Windows Server 2003 (87%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (86%), Microsoft Windows 2000 SP4 (86%)
  1761. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1762. [*] Nmap: Network Distance: 1 hop
  1763. [*] Nmap: Service Info: Host: MAIL; OS: Windows; CPE: cpe:/o:microsoft:windows
  1764. [*] Nmap: Host script results:
  1765. [*] Nmap: |_clock-skew: mean: 2h31m14s, deviation: 3h33m58s, median: -4s
  1766. [*] Nmap: |_nbstat: NetBIOS name: MAIL, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:03:7a (VMware)
  1767. [*] Nmap: | smb-os-discovery:
  1768. [*] Nmap: |   OS: Windows Server 2003 3790 Service Pack 1 (Windows Server 2003 5.2)
  1769. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_server_2003::sp1
  1770. [*] Nmap: |   Computer name: mail
  1771. [*] Nmap: |   NetBIOS computer name: MAIL\x00
  1772. [*] Nmap: |   Workgroup: WORKGROUP\x00
  1773. [*] Nmap: |_  System time: 2019-09-11T06:31:53-05:00
  1774. [*] Nmap: | smb-security-mode:
  1775. [*] Nmap: |   account_used: guest
  1776. [*] Nmap: |   authentication_level: user
  1777. [*] Nmap: |   challenge_response: supported
  1778. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1779. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  1780. [*] Nmap: TRACEROUTE
  1781. [*] Nmap: HOP RTT       ADDRESS
  1782. [*] Nmap: 1   239.51 ms 10.11.1.229
  1783. [*] Nmap: Nmap scan report for 10.11.1.230
  1784. [*] Nmap: Host is up (0.24s latency).
  1785. [*] Nmap: Not shown: 989 closed ports
  1786. [*] Nmap: PORT      STATE SERVICE            VERSION
  1787. [*] Nmap: 80/tcp    open  http               GoAhead WebServer
  1788. [*] Nmap: |_http-server-header: GoAhead-Webs
  1789. [*] Nmap: | http-title: HP Power Manager
  1790. [*] Nmap: |_Requested resource was http://10.11.1.230/index.asp
  1791. [*] Nmap: 135/tcp   open  msrpc              Microsoft Windows RPC
  1792. [*] Nmap: 139/tcp   open  netbios-ssn        Microsoft Windows netbios-ssn
  1793. [*] Nmap: 445/tcp   open  microsoft-ds       Windows 7 Ultimate N 7600 microsoft-ds (workgroup: WORKGROUP)
  1794. [*] Nmap: 3389/tcp  open  ssl/ms-wbt-server?
  1795. [*] Nmap: | ssl-cert: Subject: commonName=kevin
  1796. [*] Nmap: | Not valid before: 2019-09-08T21:36:17
  1797. [*] Nmap: |_Not valid after:  2020-03-09T21:36:17
  1798. [*] Nmap: |_ssl-date: 2019-09-11T11:30:28+00:00; -6s from scanner time.
  1799. [*] Nmap: 49152/tcp open  msrpc              Microsoft Windows RPC
  1800. [*] Nmap: 49153/tcp open  msrpc              Microsoft Windows RPC
  1801. [*] Nmap: 49154/tcp open  msrpc              Microsoft Windows RPC
  1802. [*] Nmap: 49155/tcp open  msrpc              Microsoft Windows RPC
  1803. [*] Nmap: 49156/tcp open  msrpc              Microsoft Windows RPC
  1804. [*] Nmap: 49157/tcp open  msrpc              Microsoft Windows RPC
  1805. [*] Nmap: MAC Address: 00:50:56:89:1F:2A (VMware)
  1806. [*] Nmap: Device type: general purpose
  1807. [*] Nmap: Running: Microsoft Windows 7
  1808. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_7
  1809. [*] Nmap: OS details: Microsoft Windows 7
  1810. [*] Nmap: Network Distance: 1 hop
  1811. [*] Nmap: Service Info: Host: KEVIN; OS: Windows; CPE: cpe:/o:microsoft:windows
  1812. [*] Nmap: Host script results:
  1813. [*] Nmap: |_clock-skew: mean: 1h45m27s, deviation: 3h31m05s, median: -6s
  1814. [*] Nmap: |_nbstat: NetBIOS name: KEVIN, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:1f:2a (VMware)
  1815. [*] Nmap: | smb-os-discovery:
  1816. [*] Nmap: |   OS: Windows 7 Ultimate N 7600 (Windows 7 Ultimate N 6.1)
  1817. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_7::-
  1818. [*] Nmap: |   Computer name: kevin
  1819. [*] Nmap: |   NetBIOS computer name: KEVIN\x00
  1820. [*] Nmap: |   Workgroup: WORKGROUP\x00
  1821. [*] Nmap: |_  System time: 2019-09-11T04:31:33-07:00
  1822. [*] Nmap: | smb-security-mode:
  1823. [*] Nmap: |   account_used: guest
  1824. [*] Nmap: |   authentication_level: user
  1825. [*] Nmap: |   challenge_response: supported
  1826. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1827. [*] Nmap: | smb2-security-mode:
  1828. [*] Nmap: |   2.02:
  1829. [*] Nmap: |_    Message signing enabled but not required
  1830. [*] Nmap: | smb2-time:
  1831. [*] Nmap: |   date: 2019-09-11 07:31:33
  1832. [*] Nmap: |_  start_date: 2016-05-22 08:55:46
  1833. [*] Nmap: TRACEROUTE
  1834. [*] Nmap: HOP RTT       ADDRESS
  1835. [*] Nmap: 1   239.07 ms 10.11.1.230
  1836. [*] Nmap: Nmap scan report for 10.11.1.234
  1837. [*] Nmap: Host is up (0.24s latency).
  1838. [*] Nmap: Not shown: 998 closed ports
  1839. [*] Nmap: PORT   STATE SERVICE VERSION
  1840. [*] Nmap: 22/tcp open  ssh     OpenSSH 5.3p1 Debian 3ubuntu3 (Ubuntu Linux; protocol 2.0)
  1841. [*] Nmap: | ssh-hostkey:
  1842. [*] Nmap: |   1024 2c:83:67:02:29:20:87:99:87:55:95:92:6c:8d:a4:a3 (DSA)
  1843. [*] Nmap: |_  2048 6b:91:08:a8:c0:90:ac:68:bd:c9:cd:9c:be:69:2b:ac (RSA)
  1844. [*] Nmap: 80/tcp open  http    Apache httpd 2.2.14 ((Ubuntu))
  1845. [*] Nmap: |_http-server-header: Apache/2.2.14 (Ubuntu)
  1846. [*] Nmap: |_http-title: Business Statistics | New Server for Thinc&#039;s Business Sta...
  1847. [*] Nmap: MAC Address: 00:50:56:89:0F:AD (VMware)
  1848. [*] Nmap: Device type: general purpose|terminal|WAP|firewall|security-misc|switch
  1849. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X|2.4.X (95%), IGEL embedded (95%), HP embedded (94%), IPFire 2.X (93%), Fortinet FortiOS 5.X (92%), Check Point embedded (91%), Extreme Networks ExtremeXOS 12.X (91%)
  1850. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:2.6 cpe:/h:igel:ud3 cpe:/h:hp:msm410 cpe:/o:ipfire:ipfire:2.11 cpe:/o:linux:linux_kernel:2.4 cpe:/o:fortinet:fortios:5.0.6 cpe:/o:extremenetworks:extremexos:12.5.4
  1851. [*] Nmap: Aggressive OS guesses: Linux 2.6.32 (95%), Linux 2.6.35 (95%), IGEL UD3 thin client (Linux 2.6) (95%), HP MSM410 WAP (94%), IPFire 2.11 firewall (Linux 2.6.32) (93%), DD-WRT v24-sp1 (Linux 2.4) (92%), Fortinet FortiOS 5.0.6 (92%), Linux 2.6.31 - 2.6.32 (92%), Check Point UTM-1 Edge X firewall (91%), Extreme Networks ExtremeXOS 12.5.4 (91%)
  1852. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1853. [*] Nmap: Network Distance: 1 hop
  1854. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1855. [*] Nmap: TRACEROUTE
  1856. [*] Nmap: HOP RTT       ADDRESS
  1857. [*] Nmap: 1   239.73 ms 10.11.1.234
  1858. [*] Nmap: Nmap scan report for 10.11.1.237
  1859. [*] Nmap: Host is up (0.24s latency).
  1860. [*] Nmap: Not shown: 996 closed ports
  1861. [*] Nmap: PORT    STATE SERVICE  VERSION
  1862. [*] Nmap: 22/tcp  open  ssh      OpenSSH 6.0p1 Debian 4 (protocol 2.0)
  1863. [*] Nmap: | ssh-hostkey:
  1864. [*] Nmap: |   1024 fc:89:ba:50:c2:ea:2d:ab:b9:19:f1:f9:0a:b4:c0:5a (DSA)
  1865. [*] Nmap: |   2048 de:2d:b8:bd:43:8a:c3:28:2b:d3:22:84:d0:6c:e0:9d (RSA)
  1866. [*] Nmap: |_  256 a5:58:4d:9d:e8:61:de:55:83:e2:71:6b:5d:ad:83:e2 (ECDSA)
  1867. [*] Nmap: 80/tcp  open  http     Apache httpd 2.2.22 ((Debian))
  1868. [*] Nmap: |_http-server-header: Apache/2.2.22 (Debian)
  1869. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  1870. [*] Nmap: 111/tcp open  rpcbind  2-4 (RPC #100000)
  1871. [*] Nmap: | rpcinfo:
  1872. [*] Nmap: |   program version   port/proto  service
  1873. [*] Nmap: |   100000  2,3,4        111/tcp  rpcbind
  1874. [*] Nmap: |   100000  2,3,4        111/udp  rpcbind
  1875. [*] Nmap: |   100024  1          43033/tcp  status
  1876. [*] Nmap: |_  100024  1          51243/udp  status
  1877. [*] Nmap: 443/tcp open  ssl/http Apache httpd 2.2.22 ((Debian))
  1878. [*] Nmap: |_http-server-header: Apache/2.2.22 (Debian)
  1879. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  1880. [*] Nmap: | ssl-cert: Subject: commonName=localhost
  1881. [*] Nmap: | Not valid before: 2013-12-26T16:25:05
  1882. [*] Nmap: |_Not valid after:  2023-12-24T16:25:05
  1883. [*] Nmap: |_ssl-date: 2019-09-11T11:29:29+00:00; -12s from scanner time.
  1884. [*] Nmap: MAC Address: 00:50:56:89:67:4E (VMware)
  1885. [*] Nmap: Aggressive OS guesses: Linux 3.2 - 3.8 (95%), Linux 3.8 (95%), WatchGuard Fireware 11.8 (95%), Linux 3.5 (93%), Linux 3.1 - 3.2 (93%), Linux 2.6.32 - 2.6.39 (93%), Linux 3.0 - 3.2 (92%), Linux 2.6.32 (91%), Linux 2.6.32 or 3.10 (91%), Linux 3.0 or 3.5 (91%)
  1886. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1887. [*] Nmap: Network Distance: 1 hop
  1888. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1889. [*] Nmap: Host script results:
  1890. [*] Nmap: |_clock-skew: mean: -12s, deviation: 0s, median: -12s
  1891. [*] Nmap: TRACEROUTE
  1892. [*] Nmap: HOP RTT       ADDRESS
  1893. [*] Nmap: 1   239.85 ms 10.11.1.237
  1894. [*] Nmap: Nmap scan report for 10.11.1.238
  1895. [*] Nmap: Host is up (0.24s latency).
  1896. [*] Nmap: Not shown: 996 closed ports
  1897. [*] Nmap: PORT    STATE SERVICE  VERSION
  1898. [*] Nmap: 22/tcp  open  ssh      OpenSSH 6.0p1 Debian 4 (protocol 2.0)
  1899. [*] Nmap: | ssh-hostkey:
  1900. [*] Nmap: |   1024 fc:89:ba:50:c2:ea:2d:ab:b9:19:f1:f9:0a:b4:c0:5a (DSA)
  1901. [*] Nmap: |   2048 de:2d:b8:bd:43:8a:c3:28:2b:d3:22:84:d0:6c:e0:9d (RSA)
  1902. [*] Nmap: |_  256 a5:58:4d:9d:e8:61:de:55:83:e2:71:6b:5d:ad:83:e2 (ECDSA)
  1903. [*] Nmap: 80/tcp  open  http     Apache httpd 2.2.22 ((Debian))
  1904. [*] Nmap: |_http-server-header: Apache/2.2.22 (Debian)
  1905. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  1906. [*] Nmap: 111/tcp open  rpcbind  2-4 (RPC #100000)
  1907. [*] Nmap: | rpcinfo:
  1908. [*] Nmap: |   program version   port/proto  service
  1909. [*] Nmap: |   100000  2,3,4        111/tcp  rpcbind
  1910. [*] Nmap: |   100000  2,3,4        111/udp  rpcbind
  1911. [*] Nmap: |   100024  1          39665/tcp  status
  1912. [*] Nmap: |_  100024  1          58526/udp  status
  1913. [*] Nmap: 443/tcp open  ssl/http Apache httpd 2.2.22 ((Debian))
  1914. [*] Nmap: |_http-server-header: Apache/2.2.22 (Debian)
  1915. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  1916. [*] Nmap: | ssl-cert: Subject: commonName=localhost
  1917. [*] Nmap: | Not valid before: 2013-12-26T16:25:05
  1918. [*] Nmap: |_Not valid after:  2023-12-24T16:25:05
  1919. [*] Nmap: |_ssl-date: 2019-09-11T11:30:37+00:00; -9s from scanner time.
  1920. [*] Nmap: MAC Address: 00:50:56:89:38:1C (VMware)
  1921. [*] Nmap: Aggressive OS guesses: Linux 3.2 - 3.8 (94%), Linux 3.5 (94%), WatchGuard Fireware 11.8 (94%), Linux 3.1 - 3.2 (93%), Linux 3.8 (93%), Linux 2.6.32 - 2.6.39 (92%), Linux 2.6.32 or 3.10 (91%), Linux 3.3 (91%), Linux 2.6.36 (91%), Linux 3.11 - 4.1 (91%)
  1922. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1923. [*] Nmap: Network Distance: 1 hop
  1924. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1925. [*] Nmap: Host script results:
  1926. [*] Nmap: |_clock-skew: mean: -9s, deviation: 0s, median: -9s
  1927. [*] Nmap: TRACEROUTE
  1928. [*] Nmap: HOP RTT       ADDRESS
  1929. [*] Nmap: 1   238.05 ms 10.11.1.238
  1930. [*] Nmap: Nmap scan report for 10.11.1.247
  1931. [*] Nmap: Host is up (0.24s latency).
  1932. [*] Nmap: Not shown: 999 filtered ports
  1933. [*] Nmap: PORT     STATE SERVICE       VERSION
  1934. [*] Nmap: 3389/tcp open  ms-wbt-server Microsoft Terminal Service
  1935. [*] Nmap: MAC Address: 00:50:56:89:4B:D3 (VMware)
  1936. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1937. [*] Nmap: Device type: general purpose|WAP
  1938. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2000|2003 (96%), Apple embedded (90%)
  1939. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_2000::sp4 cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_server_2003::sp2
  1940. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (96%), Microsoft Windows 2000 SP4 (90%), Apple AirPort Extreme WAP (90%), Microsoft Windows XP SP3 (89%), Microsoft Windows Server 2003 SP2 (86%)
  1941. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1942. [*] Nmap: Network Distance: 1 hop
  1943. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  1944. [*] Nmap: TRACEROUTE
  1945. [*] Nmap: HOP RTT       ADDRESS
  1946. [*] Nmap: 1   239.40 ms 10.11.1.247
  1947. [*] Nmap: Nmap scan report for 10.11.1.251
  1948. [*] Nmap: Host is up (0.25s latency).
  1949. [*] Nmap: Not shown: 998 filtered ports
  1950. [*] Nmap: PORT   STATE SERVICE VERSION
  1951. [*] Nmap: 22/tcp open  ssh     OpenSSH 5.1p1 Debian 5ubuntu1 (Ubuntu Linux; protocol 2.0)
  1952. [*] Nmap: | ssh-hostkey:
  1953. [*] Nmap: |   1024 fd:35:c0:66:fc:2a:d0:76:c0:33:55:21:cb:70:55:54 (DSA)
  1954. [*] Nmap: |_  2048 bf:e1:ee:61:60:a5:3d:28:0f:af:7d:85:0c:19:c5:8d (RSA)
  1955. [*] Nmap: 80/tcp open  http    Apache httpd 2.2.11 ((Ubuntu) PHP/5.2.6-3ubuntu4.4 with Suhosin-Patch)
  1956. [*] Nmap: | http-methods:
  1957. [*] Nmap: |_  Potentially risky methods: TRACE
  1958. [*] Nmap: |_http-server-header: Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.4 with Suhosin-Patch
  1959. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  1960. [*] Nmap: MAC Address: 00:50:56:89:1E:0E (VMware)
  1961. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1962. [*] Nmap: Device type: general purpose|switch|firewall|printer|broadband router|remote management|security-misc
  1963. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X|3.X (92%), Extreme Networks ExtremeXOS 12.X (89%), Barracuda Networks embedded (89%), Canon embedded (87%), D-Link embedded (87%), HP embedded (87%), Linksys embedded (87%), HP Onboard Administrator 4.X (86%)
  1964. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:extremenetworks:extremexos:12.5.4 cpe:/h:canon:imagerunner_advance_c5051 cpe:/h:dlink:dsl-2540b cpe:/a:hp:onboard_administrator:2.04 cpe:/h:linksys:wrv200 cpe:/o:linux:linux_kernel:3.2.0 cpe:/a:hp:onboard_administrator:4
  1965. [*] Nmap: Aggressive OS guesses: Linux 2.6.32 (92%), Linux 2.6.24 (Debian) (90%), Extreme Networks ExtremeXOS 12.5.4 (89%), Linux 2.6.15 - 2.6.26 (likely embedded) (89%), Linux 2.6.26 (89%), Barracuda Web Application Firewall 460 (89%), Linux 2.6.23 (88%), Linux 2.6.22 (Debian 4.0) (88%), Canon imageRUNNER ADVANCE C5051 printer (87%), D-Link DSL-2540B ADSL router (87%)
  1966. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1967. [*] Nmap: Network Distance: 1 hop
  1968. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1969. [*] Nmap: TRACEROUTE
  1970. [*] Nmap: HOP RTT       ADDRESS
  1971. [*] Nmap: 1   246.64 ms 10.11.1.251
  1972. [*] Nmap: Nmap scan report for 10.11.1.252
  1973. [*] Nmap: Host is up (0.24s latency).
  1974. [*] Nmap: Not shown: 998 filtered ports
  1975. [*] Nmap: PORT     STATE SERVICE    VERSION
  1976. [*] Nmap: 8000/tcp open  http       Apache httpd 2.2.3 ((CentOS))
  1977. [*] Nmap: |_http-open-proxy: Proxy might be redirecting requests
  1978. [*] Nmap: |_http-server-header: Apache/2.2.3 (CentOS)
  1979. [*] Nmap: | http-title: TimeClock Software :: Dev. Dpt. Thinc.local :: Log In
  1980. [*] Nmap: |_Requested resource was login.php
  1981. [*] Nmap: 8888/tcp open  http-proxy Squid http proxy 3.3.8
  1982. [*] Nmap: |_http-server-header: squid/3.3.8
  1983. [*] Nmap: |_http-title: Endian Firewall -  The requested URL could not be retrieved
  1984. [*] Nmap: MAC Address: 00:50:56:89:6F:1A (VMware)
  1985. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1986. [*] Nmap: Device type: general purpose|firewall|WAP|proxy server|PBX
  1987. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X (91%), Cisco embedded (87%), ZoneAlarm embedded (87%), Ruckus embedded (87%), Riverbed embedded (86%)
  1988. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6 cpe:/h:cisco:sa520 cpe:/h:zonealarm:z100g cpe:/h:ruckus:7363 cpe:/h:riverbed:steelhead_200 cpe:/h:cisco:uc320w
  1989. [*] Nmap: Aggressive OS guesses: Linux 2.6.18 (91%), Linux 2.6.9 - 2.6.27 (89%), Linux 2.6.9 (89%), Cisco SA520 firewall (Linux 2.6) (87%), Linux 2.6.11 (87%), Linux 2.6.28 (87%), Linux 2.6.30 (87%), ZoneAlarm Z100G WAP (87%), Ruckus 7363 WAP (87%), Linux 2.6.22.1-32.fc6 (x86, SMP) (86%)
  1990. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1991. [*] Nmap: Network Distance: 1 hop
  1992. [*] Nmap: TRACEROUTE
  1993. [*] Nmap: HOP RTT       ADDRESS
  1994. [*] Nmap: 1   240.10 ms 10.11.1.252
  1995. [*] Nmap: Post-scan script results:
  1996. [*] Nmap: | clock-skew:
  1997. [*] Nmap: |   1h45m46s:
  1998. [*] Nmap: |     10.11.1.145
  1999. [*] Nmap: |     10.11.1.75
  2000. [*] Nmap: |   40m29s:
  2001. [*] Nmap: |     10.11.1.24
  2002. [*] Nmap: |_    10.11.1.136
  2003. [*] Nmap: | ssh-hostkey: Possible duplicate hosts
  2004. [*] Nmap: | Key 256 a5:58:4d:9d:e8:61:de:55:83:e2:71:6b:5d:ad:83:e2 (ECDSA) used by:
  2005. [*] Nmap: |   10.11.1.237
  2006. [*] Nmap: |   10.11.1.238
  2007. [*] Nmap: | Key 1024 fc:89:ba:50:c2:ea:2d:ab:b9:19:f1:f9:0a:b4:c0:5a (DSA) used by:
  2008. [*] Nmap: |   10.11.1.237
  2009. [*] Nmap: |   10.11.1.238
  2010. [*] Nmap: | Key 2048 de:2d:b8:bd:43:8a:c3:28:2b:d3:22:84:d0:6c:e0:9d (RSA) used by:
  2011. [*] Nmap: |   10.11.1.237
  2012. [*] Nmap: |_  10.11.1.238
  2013. [*] Nmap: OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  2014. [*] Nmap: Nmap done: 254 IP addresses (45 hosts up) scanned in 8439.13 seconds
RAW Paste Data