msf-nmap-allflag

1. msf > db_nmap -A 10.11.1.1-254
2. [*] Nmap: Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-11 05:30 EDT
3. [*] Nmap: Warning: 10.11.1.133 giving up on port because retransmission cap hit (10).
4. [*] Nmap: Nmap scan report for 10.11.1.5
5. [*] Nmap: Host is up (0.24s latency).
6. [*] Nmap: Not shown: 997 closed ports
7. [*] Nmap: PORT     STATE SERVICE      VERSION
8. [*] Nmap: 139/tcp  open  netbios-ssn  Microsoft Windows netbios-ssn
9. [*] Nmap: 445/tcp  open  microsoft-ds Windows XP microsoft-ds
10. [*] Nmap: 1025/tcp open  NFS-or-IIS?
11. [*] Nmap: MAC Address: 00:50:56:89:1D:93 (VMware)
12. [*] Nmap: Device type: general purpose
13. [*] Nmap: Running: Microsoft Windows XP
14. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp
15. [*] Nmap: OS details: Microsoft Windows XP
16. [*] Nmap: Network Distance: 1 hop
17. [*] Nmap: Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp
18. [*] Nmap: Host script results:
19. [*] Nmap: |_clock-skew: mean: -59m54s, deviation: 0s, median: -59m54s
20. [*] Nmap: |_nbstat: NetBIOS name: ALICE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:1d:93 (VMware)
21. [*] Nmap: | smb-os-discovery:
22. [*] Nmap: |   OS: Windows XP (Windows 2000 LAN Manager)
23. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_xp::-
24. [*] Nmap: |   NetBIOS computer name: ALICE\x00
25. [*] Nmap: |   Workgroup: THINC\x00
26. [*] Nmap: |_  System time: 2019-09-11T12:28:07+01:00
27. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
28. [*] Nmap: TRACEROUTE
29. [*] Nmap: HOP RTT       ADDRESS
30. [*] Nmap: 1   240.04 ms 10.11.1.5
31. [*] Nmap: Nmap scan report for 10.11.1.7
32. [*] Nmap: Host is up (0.24s latency).
33. [*] Nmap: Not shown: 999 filtered ports
34. [*] Nmap: PORT     STATE SERVICE       VERSION
35. [*] Nmap: 3389/tcp open  ms-wbt-server Microsoft Terminal Service
36. [*] Nmap: MAC Address: 00:50:56:89:2F:72 (VMware)
37. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
38. [*] Nmap: Device type: WAP|general purpose
39. [*] Nmap: Running (JUST GUESSING): Apple embedded (90%), Microsoft Windows XP (88%)
40. [*] Nmap: OS CPE: cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_xp
41. [*] Nmap: Aggressive OS guesses: Apple AirPort Extreme WAP (90%), Microsoft Windows XP (88%)
42. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
43. [*] Nmap: Network Distance: 1 hop
44. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
45. [*] Nmap: TRACEROUTE
46. [*] Nmap: HOP RTT       ADDRESS
47. [*] Nmap: 1   238.19 ms 10.11.1.7
48. [*] Nmap: Nmap scan report for 10.11.1.8
49. [*] Nmap: Host is up (0.24s latency).
50. [*] Nmap: Not shown: 990 filtered ports
51. [*] Nmap: PORT     STATE  SERVICE     VERSION
52. [*] Nmap: 21/tcp   open   ftp         vsftpd 2.0.1
53. [*] Nmap: | ftp-anon: Anonymous FTP login allowed (FTP code 230)
54. [*] Nmap: |_Can't get directory listing: ERROR
55. [*] Nmap: | ftp-syst:
56. [*] Nmap: |   STAT:
57. [*] Nmap: | FTP server status:
58. [*] Nmap: |      Connected to 10.11.0.96
59. [*] Nmap: |      Logged in as ftp
60. [*] Nmap: |      TYPE: ASCII
61. [*] Nmap: |      No session bandwidth limit
62. [*] Nmap: |      Session timeout in seconds is 300
63. [*] Nmap: |      Control connection is plain text
64. [*] Nmap: |      Data connections will be plain text
65. [*] Nmap: |      At session startup, client count was 1
66. [*] Nmap: |      vsFTPd 2.0.1 - secure, fast, stable
67. [*] Nmap: |_End of status
68. [*] Nmap: 22/tcp   open   ssh         OpenSSH 3.9p1 (protocol 1.99)
69. [*] Nmap: | ssh-hostkey:
70. [*] Nmap: |   1024 89:94:af:2e:5d:c1:da:84:25:11:2c:12:45:c6:70:ac (RSA1)
71. [*] Nmap: |   1024 c1:c5:d1:83:0f:4d:d8:9e:8f:82:4c:be:53:4b:6e:14 (DSA)
72. [*] Nmap: |_  1024 bc:e1:e6:dd:ab:5e:fd:d1:21:2e:11:7c:d5:b2:03:52 (RSA)
73. [*] Nmap: |_sshv1: Server supports SSHv1
74. [*] Nmap: 25/tcp   closed smtp
75. [*] Nmap: 80/tcp   open   http        Apache httpd 2.0.52 ((CentOS))
76. [*] Nmap: | http-methods:
77. [*] Nmap: |_  Potentially risky methods: TRACE
78. [*] Nmap: | http-robots.txt: 2 disallowed entries
79. [*] Nmap: |_/internal/  /tmp/
80. [*] Nmap: |_http-server-header: Apache/2.0.52 (CentOS)
81. [*] Nmap: |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
82. [*] Nmap: 111/tcp  open   rpcbind     2 (RPC #100000)
83. [*] Nmap: | rpcinfo:
84. [*] Nmap: |   program version   port/proto  service
85. [*] Nmap: |   100000  2            111/tcp  rpcbind
86. [*] Nmap: |   100000  2            111/udp  rpcbind
87. [*] Nmap: |   100024  1            843/udp  status
88. [*] Nmap: |_  100024  1            846/tcp  status
89. [*] Nmap: 139/tcp  open   netbios-ssn Samba smbd 3.X - 4.X (workgroup: MYGROUP)
90. [*] Nmap: 443/tcp  open   ssl/http    Apache httpd 2.0.52 ((CentOS))
91. [*] Nmap: | http-robots.txt: 2 disallowed entries
92. [*] Nmap: |_/internal/  /tmp/
93. [*] Nmap: |_http-server-header: Apache/2.0.52 (CentOS)
94. [*] Nmap: |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
95. [*] Nmap: | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
96. [*] Nmap: | Not valid before: 2009-09-16T14:03:22
97. [*] Nmap: |_Not valid after:  2010-09-16T14:03:22
98. [*] Nmap: |_ssl-date: 2019-09-11T11:30:26+00:00; -15s from scanner time.
99. [*] Nmap: | sslv2:
100. [*] Nmap: |   SSLv2 supported
101. [*] Nmap: |   ciphers:
102. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
103. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
104. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
105. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
106. [*] Nmap: |     SSL2_RC2_128_CBC_WITH_MD5
107. [*] Nmap: |     SSL2_DES_64_CBC_WITH_MD5
108. [*] Nmap: |_    SSL2_RC4_64_WITH_MD5
109. [*] Nmap: 445/tcp  open   netbios-ssn Samba smbd 3.0.33-0.17.el4 (workgroup: MYGROUP)
110. [*] Nmap: 631/tcp  open   ipp         CUPS 1.1
111. [*] Nmap: | http-methods:
112. [*] Nmap: |_  Potentially risky methods: PUT
113. [*] Nmap: |_http-server-header: CUPS/1.1
114. [*] Nmap: |_http-title: 403 Forbidden
115. [*] Nmap: 3306/tcp open   mysql?
116. [*] Nmap: |_mysql-info: ERROR: Script execution failed (use -d to debug)
117. [*] Nmap: MAC Address: 00:50:56:89:3D:A7 (VMware)
118. [*] Nmap: Aggressive OS guesses: Linux 2.6.18 (94%), Linux 2.6.9 - 2.6.27 (93%), Linux 2.6.9 (93%), Cisco SA520 firewall (Linux 2.6) (92%), Linux 2.6.11 (92%), Linux 2.6.28 (92%), Linux 2.6.30 (92%), Ruckus 7363 WAP (91%), Linux 2.6.32 (90%), Linux 2.6.9 (CentOS 4.4) (90%)
119. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
120. [*] Nmap: Network Distance: 1 hop
121. [*] Nmap: Service Info: OS: Unix
122. [*] Nmap: Host script results:
123. [*] Nmap: |_clock-skew: mean: 1h20m03s, deviation: 2h19m06s, median: -15s
124. [*] Nmap: | smb-os-discovery:
125. [*] Nmap: |   OS: Unix (Samba 3.0.33-0.17.el4)
126. [*] Nmap: |   Computer name: phoenix
127. [*] Nmap: |   NetBIOS computer name:
128. [*] Nmap: |   Domain name:
129. [*] Nmap: |   FQDN: phoenix
130. [*] Nmap: |_  System time: 2019-09-11T07:28:42-04:00
131. [*] Nmap: | smb-security-mode:
132. [*] Nmap: |   account_used: guest
133. [*] Nmap: |   authentication_level: user
134. [*] Nmap: |   challenge_response: supported
135. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
136. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
137. [*] Nmap: TRACEROUTE
138. [*] Nmap: HOP RTT       ADDRESS
139. [*] Nmap: 1   239.11 ms 10.11.1.8
140. [*] Nmap: Nmap scan report for 10.11.1.10
141. [*] Nmap: Host is up (0.24s latency).
142. [*] Nmap: Not shown: 999 filtered ports
143. [*] Nmap: PORT   STATE SERVICE VERSION
144. [*] Nmap: 80/tcp open  http    Microsoft IIS httpd 6.0
145. [*] Nmap: | http-methods:
146. [*] Nmap: |_  Potentially risky methods: TRACE
147. [*] Nmap: |_http-server-header: Microsoft-IIS/6.0
148. [*] Nmap: |_http-title: Under Construction
149. [*] Nmap: MAC Address: 00:50:56:93:6F:E0 (VMware)
150. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
151. [*] Nmap: Device type: general purpose|WAP
152. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2003|2000 (93%), Apple embedded (86%)
153. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_2000::sp4 cpe:/h:apple:airport_extreme
154. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (93%), Microsoft Windows Server 2003 SP2 (89%), Microsoft Windows Server 2003 (88%), Microsoft Windows XP SP3 (87%), Microsoft Windows 2000 SP4 (87%), Apple AirPort Extreme WAP (86%)
155. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
156. [*] Nmap: Network Distance: 1 hop
157. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
158. [*] Nmap: TRACEROUTE
159. [*] Nmap: HOP RTT       ADDRESS
160. [*] Nmap: 1   237.62 ms 10.11.1.10
161. [*] Nmap: Nmap scan report for 10.11.1.13
162. [*] Nmap: Host is up (0.24s latency).
163. [*] Nmap: Not shown: 997 filtered ports
164. [*] Nmap: PORT     STATE SERVICE        VERSION
165. [*] Nmap: 21/tcp   open  ftp            Microsoft ftpd
166. [*] Nmap: | ftp-anon: Anonymous FTP login allowed (FTP code 230)
167. [*] Nmap: | 01-17-07  07:42PM       <DIR>          AdminScripts
168. [*] Nmap: | 01-17-07  07:43PM       <DIR>          ftproot
169. [*] Nmap: | 01-17-07  07:43PM       <DIR>          iissamples
170. [*] Nmap: | 01-17-07  07:43PM       <DIR>          Scripts
171. [*] Nmap: |_09-10-19  07:01PM       <DIR>          wwwroot
172. [*] Nmap: | ftp-syst:
173. [*] Nmap: |_  SYST: Windows_NT
174. [*] Nmap: 80/tcp   open  http           Microsoft IIS httpd 5.1
175. [*] Nmap: | http-methods:
176. [*] Nmap: |_  Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
177. [*] Nmap: |_http-server-header: Microsoft-IIS/5.1
178. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
179. [*] Nmap: | http-webdav-scan:
180. [*] Nmap: |   WebDAV type: Unkown
181. [*] Nmap: |   Server Type: Microsoft-IIS/5.1
182. [*] Nmap: |   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
183. [*] Nmap: |   Allowed Methods: OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK
184. [*] Nmap: |_  Server Date: Wed, 11 Sep 2019 11:31:05 GMT
185. [*] Nmap: 3389/tcp open  ms-wbt-server?
186. [*] Nmap: 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
187. [*] Nmap: SF-Port3389-TCP:V=7.70%I=7%D=9/11%Time=5D78D8A3%P=i686-pc-linux-gnu%r(Term
188. [*] Nmap: SF:inalServerCookie,B,"\x03\0\0\x0b\x06\xd0\0\0\x124\0");
189. [*] Nmap: MAC Address: 00:50:56:89:17:DA (VMware)
190. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
191. [*] Nmap: Device type: general purpose
192. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP (96%)
193. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp
194. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (96%)
195. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
196. [*] Nmap: Network Distance: 1 hop
197. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
198. [*] Nmap: TRACEROUTE
199. [*] Nmap: HOP RTT       ADDRESS
200. [*] Nmap: 1   238.41 ms 10.11.1.13
201. [*] Nmap: Nmap scan report for 10.11.1.14
202. [*] Nmap: Host is up (0.24s latency).
203. [*] Nmap: Not shown: 997 filtered ports
204. [*] Nmap: PORT     STATE SERVICE        VERSION
205. [*] Nmap: 21/tcp   open  ftp            Microsoft ftpd
206. [*] Nmap: | ftp-anon: Anonymous FTP login allowed (FTP code 230)
207. [*] Nmap: | 01-17-07  07:42PM       <DIR>          AdminScripts
208. [*] Nmap: | 01-17-07  07:43PM       <DIR>          ftproot
209. [*] Nmap: | 01-17-07  07:43PM       <DIR>          iissamples
210. [*] Nmap: | 01-17-07  07:43PM       <DIR>          Scripts
211. [*] Nmap: |_04-16-16  10:42AM       <DIR>          wwwroot
212. [*] Nmap: | ftp-syst:
213. [*] Nmap: |_  SYST: Windows_NT
214. [*] Nmap: 80/tcp   open  http           Microsoft IIS httpd 5.1
215. [*] Nmap: | http-methods:
216. [*] Nmap: |_  Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
217. [*] Nmap: |_http-server-header: Microsoft-IIS/5.1
218. [*] Nmap: |_http-title: Too Many Users
219. [*] Nmap: | http-webdav-scan:
220. [*] Nmap: |   WebDAV type: Unkown
221. [*] Nmap: |   Server Type: Microsoft-IIS/5.1
222. [*] Nmap: |   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
223. [*] Nmap: |   Allowed Methods: OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK
224. [*] Nmap: |_  Server Date: Wed, 11 Sep 2019 11:30:41 GMT
225. [*] Nmap: 3389/tcp open  ms-wbt-server?
226. [*] Nmap: 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
227. [*] Nmap: SF-Port3389-TCP:V=7.70%I=7%D=9/11%Time=5D78D8A3%P=i686-pc-linux-gnu%r(Term
228. [*] Nmap: SF:inalServerCookie,B,"\x03\0\0\x0b\x06\xd0\0\0\x124\0");
229. [*] Nmap: MAC Address: 00:50:56:89:7C:1A (VMware)
230. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
231. [*] Nmap: Device type: general purpose|WAP
232. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2003 (92%), Apple embedded (85%)
233. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_server_2003 cpe:/h:apple:airport_extreme
234. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (92%), Microsoft Windows Server 2003 (85%), Apple AirPort Extreme WAP (85%)
235. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
236. [*] Nmap: Network Distance: 1 hop
237. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
238. [*] Nmap: TRACEROUTE
239. [*] Nmap: HOP RTT       ADDRESS
240. [*] Nmap: 1   238.45 ms 10.11.1.14
241. [*] Nmap: Nmap scan report for 10.11.1.22
242. [*] Nmap: Host is up (0.23s latency).
243. [*] Nmap: Not shown: 989 closed ports
244. [*] Nmap: PORT      STATE SERVICE     VERSION
245. [*] Nmap: 21/tcp    open  ftp?
246. [*] Nmap: 22/tcp    open  ssh         OpenSSH 3.1p1 (protocol 1.99)
247. [*] Nmap: | ssh-hostkey:
248. [*] Nmap: |   1024 4a:e3:f8:07:d5:d6:b1:b5:bf:54:ac:e7:17:36:7e:e8 (RSA1)
249. [*] Nmap: |   1024 77:67:f2:2c:3d:7c:45:24:fe:5e:0f:de:07:65:b3:57 (DSA)
250. [*] Nmap: |_  1024 42:b1:48:0b:41:f8:a9:12:cc:9b:c4:ed:26:74:64:2c (RSA)
251. [*] Nmap: |_sshv1: Server supports SSHv1
252. [*] Nmap: 23/tcp    open  telnet?
253. [*] Nmap: 25/tcp    open  smtp?
254. [*] Nmap: |_smtp-commands: Couldn't establish connection on port 25
255. [*] Nmap: 80/tcp    open  http        Apache httpd 1.3.23 ((Unix)  (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2)
256. [*] Nmap: | http-methods:
257. [*] Nmap: |_  Potentially risky methods: PUT DELETE CONNECT PATCH PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK TRACE
258. [*] Nmap: |_http-server-header: Apache/1.3.23 (Unix)  (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2
259. [*] Nmap: |_http-title: Test Page for the Apache Web Server on Red Hat Linux
260. [*] Nmap: 111/tcp   open  rpcbind     2 (RPC #100000)
261. [*] Nmap: | rpcinfo:
262. [*] Nmap: |   program version   port/proto  service
263. [*] Nmap: |   100000  2            111/tcp  rpcbind
264. [*] Nmap: |   100000  2            111/udp  rpcbind
265. [*] Nmap: |   100024  1          32768/tcp  status
266. [*] Nmap: |_  100024  1          32768/udp  status
267. [*] Nmap: 139/tcp   open  netbios-ssn Samba smbd (workgroup: MYGROUP)
268. [*] Nmap: 199/tcp   open  smux        Linux SNMP multiplexer
269. [*] Nmap: 443/tcp   open  ssl/https   Apache/1.3.23 (Unix)  (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.
270. [*] Nmap: |_http-server-header: Apache/1.3.23 (Unix)  (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2
271. [*] Nmap: |_http-title: 400 Bad Request
272. [*] Nmap: |_ssl-date: 2019-09-11T11:28:15+00:00; -6s from scanner time.
273. [*] Nmap: | sslv2:
274. [*] Nmap: |   SSLv2 supported
275. [*] Nmap: |   ciphers:
276. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
277. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
278. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
279. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
280. [*] Nmap: |     SSL2_RC2_128_CBC_WITH_MD5
281. [*] Nmap: |     SSL2_DES_64_CBC_WITH_MD5
282. [*] Nmap: |_    SSL2_RC4_64_WITH_MD5
283. [*] Nmap: 995/tcp   open  ssl/pop3s?
284. [*] Nmap: |_ssl-date: 2019-09-11T11:30:30+00:00; -7s from scanner time.
285. [*] Nmap: | sslv2:
286. [*] Nmap: |   SSLv2 supported
287. [*] Nmap: |   ciphers:
288. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
289. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
290. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
291. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
292. [*] Nmap: |_    SSL2_RC2_128_CBC_WITH_MD5
293. [*] Nmap: 32768/tcp open  status      1 (RPC #100024)
294. [*] Nmap: MAC Address: 00:50:56:89:7C:D5 (VMware)
295. [*] Nmap: Device type: general purpose|WAP|router|specialized|switch|media device|broadband router
296. [*] Nmap: Running (JUST GUESSING): Linux 2.4.X|2.6.X (97%), Acorp embedded (95%), Meru embedded (94%), AVM embedded (93%), Google embedded (93%), HP embedded (93%), Philips embedded (93%), Motorola embedded (93%)
297. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/h:avm:fritz%21box_fon_wlan_7170 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.6.18 cpe:/h:motorola:surfboard_sb6120 cpe:/h:motorola:surfboard_sb6141
298. [*] Nmap: Aggressive OS guesses: Linux 2.4.20 (97%), Acorp W400G or W422G wireless ADSL modem (MontaVista embedded Linux 2.4.17) (95%), MontaVista embedded Linux 2.4.17 (95%), Meru MC1000 wireless LAN controller (94%), AVM FRITZ!Box FON WLAN 7170 WAP (93%), Google Mini search appliance (93%), HP Brocade 4Gb SAN switch or (93%), Linux 2.4.21 (embedded) (93%), Motorola SURFboard SB6120 or SB6141 cable modem (Linux 2.6.18) (93%), Linux 2.6.15 - 2.6.26 (likely embedded) (93%)
299. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
300. [*] Nmap: Network Distance: 1 hop
301. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
302. [*] Nmap: Host script results:
303. [*] Nmap: |_clock-skew: mean: -6s, deviation: 0s, median: -7s
304. [*] Nmap: |_nbstat: NetBIOS name: BARRY, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
305. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
306. [*] Nmap: TRACEROUTE
307. [*] Nmap: HOP RTT       ADDRESS
308. [*] Nmap: 1   231.10 ms 10.11.1.22
309. [*] Nmap: Nmap scan report for 10.11.1.24
310. [*] Nmap: Host is up (0.26s latency).
311. [*] Nmap: Not shown: 991 closed ports
312. [*] Nmap: PORT     STATE SERVICE     VERSION
313. [*] Nmap: 22/tcp   open  ssh         OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)
314. [*] Nmap: | ssh-hostkey:
315. [*] Nmap: |   1024 f3:6e:87:04:ea:2d:b3:60:ff:42:ad:26:67:17:94:d5 (DSA)
316. [*] Nmap: |_  2048 bb:03:ce:ed:13:f1:9a:9e:36:03:e2:af:ca:b2:35:04 (RSA)
317. [*] Nmap: 80/tcp   open  http        Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6)
318. [*] Nmap: |_http-server-header: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6
319. [*] Nmap: |_http-title: CS-Cart. Powerful PHP shopping cart software
320. [*] Nmap: 110/tcp  open  pop3        Dovecot pop3d
321. [*] Nmap: |_pop3-capabilities: UIDL STLS CAPA PIPELINING SASL RESP-CODES TOP
322. [*] Nmap: | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
323. [*] Nmap: | Not valid before: 2008-04-25T02:02:48
324. [*] Nmap: |_Not valid after:  2008-05-25T02:02:48
325. [*] Nmap: |_ssl-date: 2019-09-11T11:30:54+00:00; -2s from scanner time.
326. [*] Nmap: | sslv2:
327. [*] Nmap: |   SSLv2 supported
328. [*] Nmap: |   ciphers:
329. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
330. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
331. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
332. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
333. [*] Nmap: |_    SSL2_RC2_128_CBC_WITH_MD5
334. [*] Nmap: 139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: MSHOME)
335. [*] Nmap: 143/tcp  open  imap        Dovecot imapd
336. [*] Nmap: |_imap-capabilities: OK SORT THREAD=REFERENCES IMAP4rev1 CHILDREN UNSELECT SASL-IR completed MULTIAPPEND Capability LOGINDISABLEDA0001 STARTTLS LOGIN-REFERRALS NAMESPACE LITERAL+ IDLE
337. [*] Nmap: | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
338. [*] Nmap: | Not valid before: 2008-04-25T02:02:48
339. [*] Nmap: |_Not valid after:  2008-05-25T02:02:48
340. [*] Nmap: |_ssl-date: 2019-09-11T11:28:17+00:00; -2s from scanner time.
341. [*] Nmap: | sslv2:
342. [*] Nmap: |   SSLv2 supported
343. [*] Nmap: |   ciphers:
344. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
345. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
346. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
347. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
348. [*] Nmap: |_    SSL2_RC2_128_CBC_WITH_MD5
349. [*] Nmap: 445/tcp  open  netbios-ssn Samba smbd 3.0.26a (workgroup: MSHOME)
350. [*] Nmap: 993/tcp  open  ssl/imap    Dovecot imapd
351. [*] Nmap: | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
352. [*] Nmap: | Not valid before: 2008-04-25T02:02:48
353. [*] Nmap: |_Not valid after:  2008-05-25T02:02:48
354. [*] Nmap: |_ssl-date: 2019-09-11T11:28:39+00:00; -2s from scanner time.
355. [*] Nmap: | sslv2:
356. [*] Nmap: |   SSLv2 supported
357. [*] Nmap: |   ciphers:
358. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
359. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
360. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
361. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
362. [*] Nmap: |_    SSL2_RC2_128_CBC_WITH_MD5
363. [*] Nmap: 995/tcp  open  ssl/pop3    Dovecot pop3d
364. [*] Nmap: |_pop3-capabilities: USER UIDL CAPA PIPELINING SASL(PLAIN) RESP-CODES TOP
365. [*] Nmap: | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
366. [*] Nmap: | Not valid before: 2008-04-25T02:02:48
367. [*] Nmap: |_Not valid after:  2008-05-25T02:02:48
368. [*] Nmap: |_ssl-date: 2019-09-11T11:28:31+00:00; -2s from scanner time.
369. [*] Nmap: | sslv2:
370. [*] Nmap: |   SSLv2 supported
371. [*] Nmap: |   ciphers:
372. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
373. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
374. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
375. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
376. [*] Nmap: |_    SSL2_RC2_128_CBC_WITH_MD5
377. [*] Nmap: 8000/tcp open  http-alt?
378. [*] Nmap: MAC Address: 00:50:56:89:00:33 (VMware)
379. [*] Nmap: Device type: general purpose|WAP|remote management|switch|specialized|print server|media device
380. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X|2.4.X (95%), AVM embedded (94%), Dell embedded (94%), Extreme Networks ExtremeXOS 12.X (94%), Google embedded (94%), HP embedded (94%), Philips embedded (94%)
381. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.34 cpe:/h:avm:fritz%21box_fon_wlan_7170 cpe:/h:dell:remote_access_card:5 cpe:/o:extremenetworks:extremexos:12.5.4 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.4.21
382. [*] Nmap: Aggressive OS guesses: DD-WRT v24-presp2 (Linux 2.6.34) (95%), AVM FRITZ!Box FON WLAN 7170 WAP (94%), Dell Remote Access Controller 5/I (DRAC 5/I) (94%), Extreme Networks ExtremeXOS 12.5.4 (94%), Google Mini search appliance (94%), HP 4200 PSA (Print Server Appliance) model J4117A (94%), HP Brocade 4Gb SAN switch or (94%), Linux 2.4.20 (94%), Linux 2.4.21 (embedded) (94%), Motorola SURFboard SB6120 or SB6141 cable modem (Linux 2.6.18) (94%)
383. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
384. [*] Nmap: Network Distance: 1 hop
385. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
386. [*] Nmap: Host script results:
387. [*] Nmap: |_clock-skew: mean: 40m29s, deviation: 1h39m16s, median: -2s
388. [*] Nmap: |_nbstat: NetBIOS name: PAYDAY, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
389. [*] Nmap: | smb-os-discovery:
390. [*] Nmap: |   OS: Unix (Samba 3.0.26a)
391. [*] Nmap: |   Computer name: payday
392. [*] Nmap: |   NetBIOS computer name:
393. [*] Nmap: |   Domain name:
394. [*] Nmap: |   FQDN: payday
395. [*] Nmap: |_  System time: 2019-09-11T07:31:09-04:00
396. [*] Nmap: | smb-security-mode:
397. [*] Nmap: |   account_used: <blank>
398. [*] Nmap: |   authentication_level: user
399. [*] Nmap: |   challenge_response: supported
400. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
401. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
402. [*] Nmap: TRACEROUTE
403. [*] Nmap: HOP RTT       ADDRESS
404. [*] Nmap: 1   260.02 ms 10.11.1.24
405. [*] Nmap: Nmap scan report for 10.11.1.31
406. [*] Nmap: Host is up (0.24s latency).
407. [*] Nmap: Not shown: 993 closed ports
408. [*] Nmap: PORT     STATE SERVICE       VERSION
409. [*] Nmap: 80/tcp   open  http          Microsoft IIS httpd 6.0
410. [*] Nmap: | http-cookie-flags:
411. [*] Nmap: |   /:
412. [*] Nmap: |     ASPSESSIONIDQACTSDSA:
413. [*] Nmap: |_      httponly flag not set
414. [*] Nmap: | http-methods:
415. [*] Nmap: |_  Potentially risky methods: TRACE
416. [*] Nmap: |_http-server-header: Microsoft-IIS/6.0
417. [*] Nmap: |_http-title: Login
418. [*] Nmap: 135/tcp  open  msrpc         Microsoft Windows RPC
419. [*] Nmap: 139/tcp  open  netbios-ssn   Microsoft Windows netbios-ssn
420. [*] Nmap: 445/tcp  open  microsoft-ds  Windows Server 2003 3790 Service Pack 1 microsoft-ds
421. [*] Nmap: 1025/tcp open  msrpc         Microsoft Windows RPC
422. [*] Nmap: 1433/tcp open  ms-sql-s      Microsoft SQL Server 2000 8.00.766.00; SP3a
423. [*] Nmap: | ms-sql-ntlm-info:
424. [*] Nmap: |_  Product_Version: 5.2.3790
425. [*] Nmap: 3389/tcp open  ms-wbt-server Microsoft Terminal Service
426. [*] Nmap: MAC Address: 00:50:56:89:6D:59 (VMware)
427. [*] Nmap: Device type: general purpose|media device|specialized
428. [*] Nmap: Running (JUST GUESSING): Microsoft Windows 2003|XP|PocketPC/CE|2000 (94%), Motorola embedded (89%), Beat embedded (87%)
429. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_ce:5.0 cpe:/h:motorola:vip1216 cpe:/o:microsoft:windows_ce:6.0 cpe:/o:microsoft:windows_2000::sp4
430. [*] Nmap: Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (94%), Microsoft Windows XP (92%), Microsoft Windows XP SP3 (92%), Microsoft Windows Server 2003 (91%), Microsoft Windows Server 2003 SP1 or SP2 (91%), Microsoft Windows Server 2003 SP1 (90%), Microsoft Windows Server 2003 SP0 - SP2 (90%), Microsoft Windows XP Professional SP3 (89%), Microsoft Windows XP SP2 (89%), Microsoft Windows XP SP2 - SP3 (89%)
431. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
432. [*] Nmap: Network Distance: 1 hop
433. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2003
434. [*] Nmap: Host script results:
435. [*] Nmap: |_clock-skew: mean: 2h31m26s, deviation: 3h34m22s, median: -8s
436. [*] Nmap: | ms-sql-info:
437. [*] Nmap: |   Windows server name: RALPH
438. [*] Nmap: |   10.11.1.31\MSSQLSERVER:
439. [*] Nmap: |     Instance name: MSSQLSERVER
440. [*] Nmap: |     Version:
441. [*] Nmap: |       name: Microsoft SQL Server 2000 SP3a
442. [*] Nmap: |       number: 8.00.766.00
443. [*] Nmap: |       Product: Microsoft SQL Server 2000
444. [*] Nmap: |       Service pack level: SP3a
445. [*] Nmap: |       Post-SP patches applied: false
446. [*] Nmap: |     TCP port: 1433
447. [*] Nmap: |     Named pipe: \\10.11.1.31\pipe\sql\query
448. [*] Nmap: |_    Clustered: false
449. [*] Nmap: |_nbstat: NetBIOS name: RALPH, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:6d:59 (VMware)
450. [*] Nmap: | smb-os-discovery:
451. [*] Nmap: |   OS: Windows Server 2003 3790 Service Pack 1 (Windows Server 2003 5.2)
452. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_server_2003::sp1
453. [*] Nmap: |   Computer name: ralph
454. [*] Nmap: |   NetBIOS computer name: RALPH\x00
455. [*] Nmap: |   Workgroup: THINC\x00
456. [*] Nmap: |_  System time: 2019-09-11T06:31:04-05:00
457. [*] Nmap: | smb-security-mode:
458. [*] Nmap: |   account_used: guest
459. [*] Nmap: |   authentication_level: user
460. [*] Nmap: |   challenge_response: supported
461. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
462. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
463. [*] Nmap: TRACEROUTE
464. [*] Nmap: HOP RTT       ADDRESS
465. [*] Nmap: 1   237.19 ms 10.11.1.31
466. [*] Nmap: Nmap scan report for 10.11.1.35
467. [*] Nmap: Host is up (0.24s latency).
468. [*] Nmap: Not shown: 997 filtered ports
469. [*] Nmap: PORT    STATE  SERVICE  VERSION
470. [*] Nmap: 22/tcp  open   ssh      OpenSSH 4.3 (protocol 2.0)
471. [*] Nmap: | ssh-hostkey:
472. [*] Nmap: |   1024 ab:a7:86:a8:a0:39:c6:0a:81:0b:f9:ae:6f:4b:51:79 (DSA)
473. [*] Nmap: |_  2048 8b:a5:11:b8:ca:75:9e:8c:a7:17:2c:a3:c9:90:1e:87 (RSA)
474. [*] Nmap: 443/tcp open   ssl/http Apache httpd 2.2.3 ((CentOS))
475. [*] Nmap: | http-methods:
476. [*] Nmap: |_  Potentially risky methods: TRACE
477. [*] Nmap: |_http-server-header: Apache/2.2.3 (CentOS)
478. [*] Nmap: |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
479. [*] Nmap: | ssl-cert: Subject: commonName=pain/organizationName=Thinc LTD/stateOrProvinceName=Pain/countryName=US
480. [*] Nmap: | Not valid before: 2016-01-07T12:46:17
481. [*] Nmap: |_Not valid after:  2017-01-06T12:46:17
482. [*] Nmap: |_ssl-date: 2019-09-11T11:28:52+00:00; -1s from scanner time.
483. [*] Nmap: 631/tcp closed ipp
484. [*] Nmap: MAC Address: 00:50:56:89:76:F7 (VMware)
485. [*] Nmap: Aggressive OS guesses: Linux 2.6.18 (94%), Linux 2.6.9 (94%), Linux 2.6.9 - 2.6.27 (93%), Cisco SA520 firewall (Linux 2.6) (91%), Linux 2.6.11 (91%), Linux 2.6.28 (91%), Linux 2.6.30 (90%), Linux 2.6.32 (90%), Linux 2.6.9 (CentOS 4.4) (90%), Riverbed Steelhead 200 proxy server (90%)
486. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
487. [*] Nmap: Network Distance: 1 hop
488. [*] Nmap: Host script results:
489. [*] Nmap: |_clock-skew: mean: -1s, deviation: 0s, median: -1s
490. [*] Nmap: TRACEROUTE
491. [*] Nmap: HOP RTT       ADDRESS
492. [*] Nmap: 1   238.01 ms 10.11.1.35
493. [*] Nmap: Nmap scan report for 10.11.1.39
494. [*] Nmap: Host is up (0.24s latency).
495. [*] Nmap: Not shown: 997 filtered ports
496. [*] Nmap: PORT     STATE SERVICE VERSION
497. [*] Nmap: 22/tcp   open  ssh     OpenSSH 6.6.1 (protocol 2.0)
498. [*] Nmap: | ssh-hostkey:
499. [*] Nmap: |   2048 5e:c1:7e:d2:f9:20:f9:11:ea:4b:02:68:07:3f:54:f2 (RSA)
500. [*] Nmap: |   256 36:ef:27:31:a2:fd:4a:e3:d2:4e:12:58:1f:7a:03:58 (ECDSA)
501. [*] Nmap: |_  256 2c:70:9c:c9:4c:50:61:d2:51:43:d5:67:d1:d0:39:de (ED25519)
502. [*] Nmap: 80/tcp   open  http    nginx 1.6.3
503. [*] Nmap: | http-methods:
504. [*] Nmap: |_  Potentially risky methods: TRACE
505. [*] Nmap: |_http-server-header: nginx/1.6.3
506. [*] Nmap: |_http-title: Apache HTTP Server Test Page powered by CentOS
507. [*] Nmap: 3306/tcp open  mysql   MariaDB (unauthorized)
508. [*] Nmap: MAC Address: 00:50:56:93:42:3C (VMware)
509. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
510. [*] Nmap: Device type: general purpose
511. [*] Nmap: Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (90%)
512. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6
513. [*] Nmap: Aggressive OS guesses: Linux 4.4 (90%), Linux 3.10 - 3.12 (89%), Linux 4.9 (89%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 - 3.16 (86%), Linux 4.0 (86%)
514. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
515. [*] Nmap: Network Distance: 1 hop
516. [*] Nmap: TRACEROUTE
517. [*] Nmap: HOP RTT       ADDRESS
518. [*] Nmap: 1   239.33 ms 10.11.1.39
519. [*] Nmap: Nmap scan report for 10.11.1.44
520. [*] Nmap: Host is up (0.24s latency).
521. [*] Nmap: Not shown: 998 closed ports
522. [*] Nmap: PORT     STATE SERVICE   VERSION
523. [*] Nmap: 22/tcp   open  ssh       OpenSSH 5.3p1 Debian 3ubuntu7 (Ubuntu Linux; protocol 2.0)
524. [*] Nmap: | ssh-hostkey:
525. [*] Nmap: |   1024 65:63:69:c9:8b:96:b1:fb:be:d5:5c:f8:1e:7b:de:8f (DSA)
526. [*] Nmap: |_  2048 28:99:c0:51:20:9b:31:e1:a4:fb:9a:17:46:52:cf:fc (RSA)
527. [*] Nmap: 8000/tcp open  http-alt?
528. [*] Nmap: MAC Address: 00:50:56:89:56:18 (VMware)
529. [*] Nmap: Aggressive OS guesses: Linux 2.6.32 (94%), IPFire 2.11 firewall (Linux 2.6.32) (94%), DD-WRT v24-sp1 (Linux 2.4) (94%), HP MSM410 WAP (93%), Linux 2.6.35 (93%), IGEL UD3 thin client (Linux 2.6) (93%), Kyocera CopyStar CS-2560 printer (91%), QNAP NAS Firmware 3.8.3 (Linux 3.X) (91%), Linux 3.11 - 4.1 (91%), Linux 3.2 - 3.8 (91%)
530. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
531. [*] Nmap: Network Distance: 1 hop
532. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
533. [*] Nmap: TRACEROUTE
534. [*] Nmap: HOP RTT       ADDRESS
535. [*] Nmap: 1   238.07 ms 10.11.1.44
536. [*] Nmap: Nmap scan report for 10.11.1.49
537. [*] Nmap: Host is up (0.25s latency).
538. [*] Nmap: Not shown: 996 filtered ports
539. [*] Nmap: PORT      STATE SERVICE     VERSION
540. [*] Nmap: 80/tcp    open  http        Microsoft IIS httpd 8.5
541. [*] Nmap: |_http-generator: Drupal 7 (http://drupal.org)
542. [*] Nmap: | http-methods:
543. [*] Nmap: |_  Potentially risky methods: TRACE
544. [*] Nmap: | http-robots.txt: 36 disallowed entries (15 shown)
545. [*] Nmap: | /includes/ /misc/ /modules/ /profiles/ /scripts/
546. [*] Nmap: | /themes/ /CHANGELOG.txt /cron.php /INSTALL.mysql.txt
547. [*] Nmap: | /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php /INSTALL.txt
548. [*] Nmap: |_/LICENSE.txt /MAINTAINERS.txt
549. [*] Nmap: |_http-server-header: Microsoft-IIS/8.5
550. [*] Nmap: |_http-title: Welcome to Bethany&#039;s Page | Bethany&#039;s Page
551. [*] Nmap: 135/tcp   open  msrpc       Microsoft Windows RPC
552. [*] Nmap: 139/tcp   open  netbios-ssn Microsoft Windows netbios-ssn
553. [*] Nmap: 49155/tcp open  msrpc       Microsoft Windows RPC
554. [*] Nmap: MAC Address: 00:50:56:89:20:5C (VMware)
555. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
556. [*] Nmap: Device type: general purpose|phone|specialized
557. [*] Nmap: Running (JUST GUESSING): Microsoft Windows 2008|7|Phone|8.1|Vista (98%)
558. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1
559. [*] Nmap: Aggressive OS guesses: Microsoft Windows 7 or Windows Server 2008 R2 (98%), Microsoft Windows 7 (98%), Microsoft Windows 8.1 Update 1 (92%), Microsoft Windows Phone 7.5 or 8.0 (92%), Microsoft Windows Server 2008 R2 (91%), Microsoft Windows Server 2008 R2 or Windows 8.1 (91%), Microsoft Windows Server 2008 R2 SP1 or Windows 8 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 R2 (91%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (91%), Microsoft Windows Embedded Standard 7 (91%)
560. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
561. [*] Nmap: Network Distance: 1 hop
562. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
563. [*] Nmap: Host script results:
564. [*] Nmap: |_smb2-security-mode: SMB: Couldn't find a NetBIOS name that works for the server. Sorry!
565. [*] Nmap: |_smb2-time: ERROR: Script execution failed (use -d to debug)
566. [*] Nmap: TRACEROUTE
567. [*] Nmap: HOP RTT       ADDRESS
568. [*] Nmap: 1   245.72 ms 10.11.1.49
569. [*] Nmap: Nmap scan report for 10.11.1.50
570. [*] Nmap: Host is up (0.24s latency).
571. [*] Nmap: Not shown: 996 filtered ports
572. [*] Nmap: PORT      STATE SERVICE     VERSION
573. [*] Nmap: 80/tcp    open  http        Microsoft IIS httpd 8.5
574. [*] Nmap: |_http-generator: Drupal 7 (http://drupal.org)
575. [*] Nmap: | http-methods:
576. [*] Nmap: |_  Potentially risky methods: TRACE
577. [*] Nmap: | http-robots.txt: 36 disallowed entries (15 shown)
578. [*] Nmap: | /includes/ /misc/ /modules/ /profiles/ /scripts/
579. [*] Nmap: | /themes/ /CHANGELOG.txt /cron.php /INSTALL.mysql.txt
580. [*] Nmap: | /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php /INSTALL.txt
581. [*] Nmap: |_/LICENSE.txt /MAINTAINERS.txt
582. [*] Nmap: |_http-server-header: Microsoft-IIS/8.5
583. [*] Nmap: |_http-title: Welcome to Bethany&#039;s Page | Bethany&#039;s Page
584. [*] Nmap: 135/tcp   open  msrpc       Microsoft Windows RPC
585. [*] Nmap: 139/tcp   open  netbios-ssn Microsoft Windows netbios-ssn
586. [*] Nmap: 49155/tcp open  msrpc       Microsoft Windows RPC
587. [*] Nmap: MAC Address: 00:50:56:89:1A:39 (VMware)
588. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
589. [*] Nmap: Device type: general purpose
590. [*] Nmap: Running: Microsoft Windows 2008|7
591. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7
592. [*] Nmap: OS details: Microsoft Windows 7 or Windows Server 2008 R2
593. [*] Nmap: Network Distance: 1 hop
594. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
595. [*] Nmap: Host script results:
596. [*] Nmap: |_smb2-security-mode: SMB: Couldn't find a NetBIOS name that works for the server. Sorry!
597. [*] Nmap: |_smb2-time: ERROR: Script execution failed (use -d to debug)
598. [*] Nmap: TRACEROUTE
599. [*] Nmap: HOP RTT       ADDRESS
600. [*] Nmap: 1   242.09 ms 10.11.1.50
601. [*] Nmap: Nmap scan report for 10.11.1.71
602. [*] Nmap: Host is up (0.24s latency).
603. [*] Nmap: Not shown: 998 closed ports
604. [*] Nmap: PORT   STATE SERVICE VERSION
605. [*] Nmap: 22/tcp open  ssh     OpenSSH 6.6.1p1 Ubuntu 2ubuntu2 (Ubuntu Linux; protocol 2.0)
606. [*] Nmap: | ssh-hostkey:
607. [*] Nmap: |   1024 72:b5:55:80:1b:24:d6:f3:bf:a5:c5:98:1b:01:03:90 (DSA)
608. [*] Nmap: |   2048 1a:f6:a7:0d:ed:c2:73:a1:6f:a3:08:68:28:b5:3b:bb (RSA)
609. [*] Nmap: |   256 e6:43:89:59:f9:85:d8:e2:bb:e3:d7:ed:28:5c:c5:65 (ECDSA)
610. [*] Nmap: |_  256 3b:0b:f3:84:3c:7d:6e:2b:2c:81:11:94:16:9b:71:7d (ED25519)
611. [*] Nmap: 80/tcp open  http    Apache/2.4.7 (Ubuntu)
612. [*] Nmap: | http-cookie-flags:
613. [*] Nmap: |   /:
614. [*] Nmap: |     PHPSESSID:
615. [*] Nmap: |_      httponly flag not set
616. [*] Nmap: |_http-server-header: Apache/2.4.7 (Ubuntu)
617. [*] Nmap: | http-title: Trees of Large Sizes
618. [*] Nmap: |_Requested resource was site/index.php/
619. [*] Nmap: MAC Address: 00:50:56:93:39:6B (VMware)
620. [*] Nmap: Aggressive OS guesses: Linux 3.11 - 4.1 (94%), Linux 3.16 (94%), Linux 4.4 (93%), Linux 3.13 (91%), Linux 3.18 (90%), Linux 3.10 - 3.12 (90%), Linux 3.5 (90%), Linux 3.2 - 3.8 (90%), Linux 3.8 (90%), WatchGuard Fireware 11.8 (90%)
621. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
622. [*] Nmap: Network Distance: 1 hop
623. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
624. [*] Nmap: TRACEROUTE
625. [*] Nmap: HOP RTT       ADDRESS
626. [*] Nmap: 1   239.35 ms 10.11.1.71
627. [*] Nmap: Nmap scan report for 10.11.1.72
628. [*] Nmap: Host is up (0.24s latency).
629. [*] Nmap: Not shown: 993 closed ports
630. [*] Nmap: PORT     STATE SERVICE VERSION
631. [*] Nmap: 22/tcp   open  ssh     OpenSSH 5.8p1 Debian 7ubuntu1 (Ubuntu Linux; protocol 2.0)
632. [*] Nmap: | ssh-hostkey:
633. [*] Nmap: |   1024 d3:2e:10:0d:48:90:ce:9a:33:fb:66:3f:a0:a6:94:48 (DSA)
634. [*] Nmap: |   2048 ef:0a:3b:8e:3f:92:a4:5e:f0:ab:e7:7d:75:f0:de:0e (RSA)
635. [*] Nmap: |_  256 15:3a:65:3b:97:ed:e0:fc:85:bc:4b:53:48:22:61:b1 (ECDSA)
636. [*] Nmap: 25/tcp   open  smtp    JAMES smtpd 2.3.2
637. [*] Nmap: |_smtp-commands: beta Hello nmap.scanme.org (10.11.0.96 [10.11.0.96]),
638. [*] Nmap: 80/tcp   open  http    Apache httpd 2.2.20 ((Ubuntu))
639. [*] Nmap: |_http-server-header: Apache/2.2.20 (Ubuntu)
640. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
641. [*] Nmap: 110/tcp  open  pop3    JAMES pop3d 2.3.2
642. [*] Nmap: 111/tcp  open  rpcbind 2-4 (RPC #100000)
643. [*] Nmap: | rpcinfo:
644. [*] Nmap: |   program version   port/proto  service
645. [*] Nmap: |   100000  2,3,4        111/tcp  rpcbind
646. [*] Nmap: |   100000  2,3,4        111/udp  rpcbind
647. [*] Nmap: |   100003  2,3,4       2049/tcp  nfs
648. [*] Nmap: |   100003  2,3,4       2049/udp  nfs
649. [*] Nmap: |   100005  1,2,3      53680/tcp  mountd
650. [*] Nmap: |   100005  1,2,3      58036/udp  mountd
651. [*] Nmap: |   100021  1,3,4      37520/tcp  nlockmgr
652. [*] Nmap: |   100021  1,3,4      42345/udp  nlockmgr
653. [*] Nmap: |   100024  1          44863/udp  status
654. [*] Nmap: |   100024  1          59611/tcp  status
655. [*] Nmap: |   100227  2,3         2049/tcp  nfs_acl
656. [*] Nmap: |_  100227  2,3         2049/udp  nfs_acl
657. [*] Nmap: 119/tcp  open  nntp    JAMES nntpd (posting ok)
658. [*] Nmap: 2049/tcp open  nfs_acl 2-3 (RPC #100227)
659. [*] Nmap: MAC Address: 00:50:56:89:55:06 (VMware)
660. [*] Nmap: Aggressive OS guesses: Linux 3.2 - 3.8 (94%), Linux 3.8 (94%), WatchGuard Fireware 11.8 (94%), Linux 3.5 (94%), Linux 3.1 - 3.2 (93%), Linux 2.6.32 - 2.6.39 (92%), Linux 3.0 - 3.2 (91%), Linux 2.6.32 (91%), Linux 2.6.32 or 3.10 (91%), Linux 3.3 (91%)
661. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
662. [*] Nmap: Network Distance: 1 hop
663. [*] Nmap: Service Info: Host: beta; OS: Linux; CPE: cpe:/o:linux:linux_kernel
664. [*] Nmap: TRACEROUTE
665. [*] Nmap: HOP RTT       ADDRESS
666. [*] Nmap: 1   238.71 ms 10.11.1.72
667. [*] Nmap: Nmap scan report for 10.11.1.73
668. [*] Nmap: Host is up (0.24s latency).
669. [*] Nmap: Not shown: 980 filtered ports
670. [*] Nmap: PORT      STATE SERVICE       VERSION
671. [*] Nmap: 135/tcp   open  msrpc         Microsoft Windows RPC
672. [*] Nmap: 139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
673. [*] Nmap: 445/tcp   open  microsoft-ds  Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
674. [*] Nmap: 554/tcp   open  rtsp?
675. [*] Nmap: 1100/tcp  open  java-rmi      Java RMI Registry
676. [*] Nmap: | rmi-dumpregistry:
677. [*] Nmap: |   creamtec/ajaxswing/JVMFactory
678. [*] Nmap: |     com.creamtec.ajaxswing.core.JVMFactory_Stub
679. [*] Nmap: |     @10.11.1.73:49157
680. [*] Nmap: |     extends
681. [*] Nmap: |       java.rmi.server.RemoteStub
682. [*] Nmap: |       extends
683. [*] Nmap: |_        java.rmi.server.RemoteObject
684. [*] Nmap: 2869/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
685. [*] Nmap: 3306/tcp  open  mysql?
686. [*] Nmap: |_mysql-info: ERROR: Script execution failed (use -d to debug)
687. [*] Nmap: 3389/tcp  open  ms-wbt-server Microsoft Terminal Service
688. [*] Nmap: | ssl-cert: Subject: commonName=gamma
689. [*] Nmap: | Not valid before: 2019-09-08T23:50:35
690. [*] Nmap: |_Not valid after:  2020-03-09T23:50:35
691. [*] Nmap: |_ssl-date: 2019-09-11T11:30:08+00:00; -16s from scanner time.
692. [*] Nmap: 5357/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
693. [*] Nmap: |_http-server-header: Microsoft-HTTPAPI/2.0
694. [*] Nmap: |_http-title: Service Unavailable
695. [*] Nmap: 5800/tcp  open  vnc-http      TightVNC (user: gamma; VNC TCP port: 5900)
696. [*] Nmap: |_http-title: TightVNC desktop [gamma]
697. [*] Nmap: 5900/tcp  open  vnc           VNC (protocol 3.8)
698. [*] Nmap: | vnc-info:
699. [*] Nmap: |   Protocol version: 3.8
700. [*] Nmap: |   Security types:
701. [*] Nmap: |     VNC Authentication (2)
702. [*] Nmap: |     Tight (16)
703. [*] Nmap: |   Tight auth subtypes:
704. [*] Nmap: |_    STDV VNCAUTH_ (2)
705. [*] Nmap: 8080/tcp  open  http          Apache httpd 2.4.9 ((Win32) PHP/5.5.12)
706. [*] Nmap: |_http-open-proxy: Proxy might be redirecting requests
707. [*] Nmap: | http-robots.txt: 1 disallowed entry
708. [*] Nmap: |_/testmysql.php
709. [*] Nmap: |_http-server-header: Apache/2.4.9 (Win32) PHP/5.5.12
710. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
711. [*] Nmap: 10243/tcp open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
712. [*] Nmap: |_http-server-header: Microsoft-HTTPAPI/2.0
713. [*] Nmap: |_http-title: Not Found
714. [*] Nmap: 49152/tcp open  msrpc         Microsoft Windows RPC
715. [*] Nmap: 49153/tcp open  msrpc         Microsoft Windows RPC
716. [*] Nmap: 49154/tcp open  msrpc         Microsoft Windows RPC
717. [*] Nmap: 49155/tcp open  msrpc         Microsoft Windows RPC
718. [*] Nmap: 49156/tcp open  msrpc         Microsoft Windows RPC
719. [*] Nmap: 49157/tcp open  rmiregistry   Java RMI
720. [*] Nmap: 49159/tcp open  rmiregistry   Java RMI
721. [*] Nmap: MAC Address: 00:50:56:93:57:B9 (VMware)
722. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
723. [*] Nmap: Device type: general purpose
724. [*] Nmap: Running: Microsoft Windows 2008|7
725. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7
726. [*] Nmap: OS details: Microsoft Windows 7 or Windows Server 2008 R2
727. [*] Nmap: Network Distance: 1 hop
728. [*] Nmap: Service Info: Host: GAMMA; OS: Windows; CPE: cpe:/o:microsoft:windows
729. [*] Nmap: Host script results:
730. [*] Nmap: |_clock-skew: mean: 1h45m34s, deviation: 3h31m41s, median: -16s
731. [*] Nmap: |_nbstat: NetBIOS name: GAMMA, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:57:b9 (VMware)
732. [*] Nmap: | smb-os-discovery:
733. [*] Nmap: |   OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
734. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
735. [*] Nmap: |   Computer name: gamma
736. [*] Nmap: |   NetBIOS computer name: GAMMA\x00
737. [*] Nmap: |   Workgroup: WORKGROUP\x00
738. [*] Nmap: |_  System time: 2019-09-11T04:31:09-07:00
739. [*] Nmap: | smb-security-mode:
740. [*] Nmap: |   account_used: guest
741. [*] Nmap: |   authentication_level: user
742. [*] Nmap: |   challenge_response: supported
743. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
744. [*] Nmap: | smb2-security-mode:
745. [*] Nmap: |   2.02:
746. [*] Nmap: |_    Message signing enabled but not required
747. [*] Nmap: | smb2-time:
748. [*] Nmap: |   date: 2019-09-11 07:31:08
749. [*] Nmap: |_  start_date: 2018-10-18 14:09:11
750. [*] Nmap: TRACEROUTE
751. [*] Nmap: HOP RTT       ADDRESS
752. [*] Nmap: 1   238.92 ms 10.11.1.73
753. [*] Nmap: Nmap scan report for 10.11.1.75
754. [*] Nmap: Host is up (0.24s latency).
755. [*] Nmap: Not shown: 986 filtered ports
756. [*] Nmap: PORT      STATE SERVICE       VERSION
757. [*] Nmap: 135/tcp   open  msrpc         Microsoft Windows RPC
758. [*] Nmap: 139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
759. [*] Nmap: 445/tcp   open  microsoft-ds  Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
760. [*] Nmap: 554/tcp   open  rtsp?
761. [*] Nmap: 2869/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
762. [*] Nmap: 3389/tcp  open  ms-wbt-server Microsoft Terminal Service
763. [*] Nmap: | ssl-cert: Subject: commonName=bruce
764. [*] Nmap: | Not valid before: 2019-09-09T04:16:00
765. [*] Nmap: |_Not valid after:  2020-03-10T04:16:00
766. [*] Nmap: |_ssl-date: 2019-09-11T11:28:28+00:00; -3s from scanner time.
767. [*] Nmap: 5357/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
768. [*] Nmap: |_http-server-header: Microsoft-HTTPAPI/2.0
769. [*] Nmap: |_http-title: Service Unavailable
770. [*] Nmap: 10243/tcp open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
771. [*] Nmap: |_http-server-header: Microsoft-HTTPAPI/2.0
772. [*] Nmap: |_http-title: Not Found
773. [*] Nmap: 49152/tcp open  msrpc         Microsoft Windows RPC
774. [*] Nmap: 49153/tcp open  msrpc         Microsoft Windows RPC
775. [*] Nmap: 49154/tcp open  msrpc         Microsoft Windows RPC
776. [*] Nmap: 49155/tcp open  msrpc         Microsoft Windows RPC
777. [*] Nmap: 49156/tcp open  msrpc         Microsoft Windows RPC
778. [*] Nmap: 49157/tcp open  msrpc         Microsoft Windows RPC
779. [*] Nmap: MAC Address: 00:50:56:93:72:F1 (VMware)
780. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
781. [*] Nmap: Device type: general purpose
782. [*] Nmap: Running: Microsoft Windows 7
783. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_7
784. [*] Nmap: OS details: Microsoft Windows 7
785. [*] Nmap: Network Distance: 1 hop
786. [*] Nmap: Service Info: Host: BRUCE; OS: Windows; CPE: cpe:/o:microsoft:windows
787. [*] Nmap: Host script results:
788. [*] Nmap: |_clock-skew: mean: -14m12s, deviation: 28m19s, median: -3s
789. [*] Nmap: |_nbstat: NetBIOS name: BRUCE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:72:f1 (VMware)
790. [*] Nmap: | smb-os-discovery:
791. [*] Nmap: |   OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
792. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
793. [*] Nmap: |   Computer name: bruce
794. [*] Nmap: |   NetBIOS computer name: BRUCE\x00
795. [*] Nmap: |   Workgroup: WORKGROUP\x00
796. [*] Nmap: |_  System time: 2019-09-11T12:31:22+01:00
797. [*] Nmap: | smb-security-mode:
798. [*] Nmap: |   account_used: guest
799. [*] Nmap: |   authentication_level: user
800. [*] Nmap: |   challenge_response: supported
801. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
802. [*] Nmap: | smb2-security-mode:
803. [*] Nmap: |   2.02:
804. [*] Nmap: |_    Message signing enabled but not required
805. [*] Nmap: | smb2-time:
806. [*] Nmap: |   date: 2019-09-11 07:31:22
807. [*] Nmap: |_  start_date: 2019-09-10 11:37:22
808. [*] Nmap: TRACEROUTE
809. [*] Nmap: HOP RTT       ADDRESS
810. [*] Nmap: 1   238.71 ms 10.11.1.75
811. [*] Nmap: Nmap scan report for 10.11.1.115
812. [*] Nmap: Host is up (0.24s latency).
813. [*] Nmap: Not shown: 989 closed ports
814. [*] Nmap: PORT      STATE SERVICE     VERSION
815. [*] Nmap: 21/tcp    open  ftp         vsftpd 1.1.3
816. [*] Nmap: | ftp-anon: Anonymous FTP login allowed (FTP code 230)
817. [*] Nmap: |_drwxr-xr-x    2 0        0            4096 Feb 28  2003 pub
818. [*] Nmap: 22/tcp    open  ssh         OpenSSH 3.5p1 (protocol 1.99)
819. [*] Nmap: | ssh-hostkey:
820. [*] Nmap: |   1024 36:70:a4:9f:32:47:ac:57:3f:ef:a1:ec:0b:ba:44:1b (RSA1)
821. [*] Nmap: |   1024 64:79:7d:c6:a2:63:32:54:f0:d9:2b:f3:5d:c7:d2:69 (DSA)
822. [*] Nmap: |_  1024 48:fb:39:3d:30:82:50:de:66:69:c5:ca:45:62:c0:dc (RSA)
823. [*] Nmap: |_sshv1: Server supports SSHv1
824. [*] Nmap: 25/tcp    open  smtp?
825. [*] Nmap: |_smtp-commands: Couldn't establish connection on port 25
826. [*] Nmap: 80/tcp    open  http        Apache httpd 2.0.40 ((Red Hat Linux))
827. [*] Nmap: | http-methods:
828. [*] Nmap: |_  Potentially risky methods: TRACE
829. [*] Nmap: |_http-server-header: Apache/2.0.40 (Red Hat Linux)
830. [*] Nmap: |_http-title: Test Page for the Apache Web Server on Red Hat Linux
831. [*] Nmap: 111/tcp   open  rpcbind     2 (RPC #100000)
832. [*] Nmap: | rpcinfo:
833. [*] Nmap: |   program version   port/proto  service
834. [*] Nmap: |   100000  2            111/tcp  rpcbind
835. [*] Nmap: |   100000  2            111/udp  rpcbind
836. [*] Nmap: |   100024  1          32768/tcp  status
837. [*] Nmap: |   100024  1          32768/udp  status
838. [*] Nmap: |_  391002  2          32769/tcp  sgi_fam
839. [*] Nmap: 139/tcp   open  netbios-ssn Samba smbd (workgroup: MYGROUP)
840. [*] Nmap: 143/tcp   open  imap        UW imapd 2001.315rh
841. [*] Nmap: |_imap-capabilities: OK SORT THREAD=REFERENCES IMAP4REV1 NAMESPACE MAILBOX-REFERRALS SCAN THREAD=ORDEREDSUBJECT CAPABILITY AUTH=LOGINA0001 STARTTLS LOGIN-REFERRALS MULTIAPPEND completed IDLE
842. [*] Nmap: | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
843. [*] Nmap: | Not valid before: 2007-01-16T06:07:45
844. [*] Nmap: |_Not valid after:  2008-01-16T06:07:45
845. [*] Nmap: |_ssl-date: 2019-09-11T11:29:24+00:00; -10s from scanner time.
846. [*] Nmap: 199/tcp   open  smux        Linux SNMP multiplexer
847. [*] Nmap: 443/tcp   open  ssl/http    Apache httpd 2.0.40 ((Red Hat Linux))
848. [*] Nmap: | http-methods:
849. [*] Nmap: |_  Potentially risky methods: TRACE
850. [*] Nmap: |_http-server-header: Apache/2.0.40 (Red Hat Linux)
851. [*] Nmap: |_http-title: Test Page for the Apache Web Server on Red Hat Linux
852. [*] Nmap: | ssl-cert: Subject: commonName=redhat/organizationName=ACME LOCAL LTD/stateOrProvinceName=Berkshire/countryName=GB
853. [*] Nmap: | Not valid before: 2007-01-16T14:54:43
854. [*] Nmap: |_Not valid after:  2008-01-16T14:54:43
855. [*] Nmap: |_ssl-date: 2019-09-11T11:30:56+00:00; -10s from scanner time.
856. [*] Nmap: | sslv2:
857. [*] Nmap: |   SSLv2 supported
858. [*] Nmap: |   ciphers:
859. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
860. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
861. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
862. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
863. [*] Nmap: |     SSL2_RC2_128_CBC_WITH_MD5
864. [*] Nmap: |     SSL2_DES_64_CBC_WITH_MD5
865. [*] Nmap: |_    SSL2_RC4_64_WITH_MD5
866. [*] Nmap: 3306/tcp  open  mysql       MySQL (unauthorized)
867. [*] Nmap: 32768/tcp open  status      1 (RPC #100024)
868. [*] Nmap: MAC Address: 00:50:56:89:39:7F (VMware)
869. [*] Nmap: Device type: general purpose
870. [*] Nmap: Running: Linux 2.4.X
871. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.4.20
872. [*] Nmap: OS details: Linux 2.4.20
873. [*] Nmap: Network Distance: 1 hop
874. [*] Nmap: Service Info: Host: tophat.acme.local; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
875. [*] Nmap: Host script results:
876. [*] Nmap: |_clock-skew: mean: -10s, deviation: 0s, median: -10s
877. [*] Nmap: |_nbstat: NetBIOS name: TOPHAT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
878. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
879. [*] Nmap: TRACEROUTE
880. [*] Nmap: HOP RTT       ADDRESS
881. [*] Nmap: 1   238.23 ms 10.11.1.115
882. [*] Nmap: Nmap scan report for 10.11.1.116
883. [*] Nmap: Host is up (0.24s latency).
884. [*] Nmap: Not shown: 994 closed ports
885. [*] Nmap: PORT     STATE SERVICE    VERSION
886. [*] Nmap: 21/tcp   open  ftp?
887. [*] Nmap: 22/tcp   open  ssh        OpenSSH 5.8p2_hpn13v11 (FreeBSD 20110503; protocol 2.0)
888. [*] Nmap: | ssh-hostkey:
889. [*] Nmap: |   1024 75:e8:80:6f:6c:2f:d2:51:1a:d6:c9:9e:e4:a2:4c:2f (DSA)
890. [*] Nmap: |   2048 28:43:26:62:1d:07:f9:e3:9f:0b:1a:94:98:1a:74:45 (RSA)
891. [*] Nmap: |_  256 50:2f:db:dd:1a:8e:22:23:f8:dc:7b:65:c9:fc:8e:df (ECDSA)
892. [*] Nmap: 80/tcp   open  http       Apache httpd 2.4.6 ((FreeBSD) PHP/5.4.23)
893. [*] Nmap: | http-methods:
894. [*] Nmap: |_  Potentially risky methods: TRACE
895. [*] Nmap: |_http-server-header: Apache/2.4.6 (FreeBSD) PHP/5.4.23
896. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
897. [*] Nmap: 110/tcp  open  tcpwrapped
898. [*] Nmap: 143/tcp  open  tcpwrapped
899. [*] Nmap: 3306/tcp open  mysql      MySQL (unauthorized)
900. [*] Nmap: MAC Address: 00:50:56:89:10:91 (VMware)
901. [*] Nmap: Aggressive OS guesses: FreeBSD 9.0-RELEASE - 10.3-RELEASE (97%), FreeBSD 9.0-RELEASE (93%), FreeBSD 7.0-RELEASE (91%), FreeBSD 7.1-PRERELEASE 7.2-STABLE (91%), m0n0wall 1.3b11 - 1.3b15 (FreeBSD 6.3) (91%), FreeBSD 8.1-RELEASE (91%), FreeBSD 8.0-RELEASE (91%), VMware ESXi 4.1.0 (91%), FreeBSD 8.2-RELEASE (90%), FreeBSD 7.0-RELEASE - 9.0-RELEASE (90%)
902. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
903. [*] Nmap: Network Distance: 1 hop
904. [*] Nmap: Service Info: OS: FreeBSD; CPE: cpe:/o:freebsd:freebsd
905. [*] Nmap: TRACEROUTE
906. [*] Nmap: HOP RTT       ADDRESS
907. [*] Nmap: 1   238.77 ms 10.11.1.116
908. [*] Nmap: Nmap scan report for 10.11.1.125
909. [*] Nmap: Host is up (0.24s latency).
910. [*] Nmap: Not shown: 999 filtered ports
911. [*] Nmap: PORT   STATE SERVICE VERSION
912. [*] Nmap: 21/tcp open  ftp     Acritum Femitter Server ftpd
913. [*] Nmap: | ftp-anon: Anonymous FTP login allowed (FTP code 230)
914. [*] Nmap: | drw-rw-rw-   1 ftp      ftp            0 Sep 23  2015 . [NSE: writeable]
915. [*] Nmap: | drw-rw-rw-   1 ftp      ftp            0 Sep 23  2015 .. [NSE: writeable]
916. [*] Nmap: | -rw-rw-rw-   1 ftp      ftp        11164 Dec 26  2006 house.jpg [NSE: writeable]
917. [*] Nmap: | -rw-rw-rw-   1 ftp      ftp          920 Jan 03  2007 index.htm [NSE: writeable]
918. [*] Nmap: |_drw-rw-rw-   1 ftp      ftp            0 Sep 10 00:10 Upload [NSE: writeable]
919. [*] Nmap: |_ftp-bounce: bounce working!
920. [*] Nmap: | ftp-syst:
921. [*] Nmap: |_  SYST: Internet Component Suite
922. [*] Nmap: MAC Address: 00:50:56:89:56:6C (VMware)
923. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
924. [*] Nmap: Device type: WAP|general purpose|media device
925. [*] Nmap: Running (JUST GUESSING): Apple embedded (90%), Microsoft Windows XP|2003|2000 (89%), RIM Tablet OS 2.X (85%)
926. [*] Nmap: OS CPE: cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2003::- cpe:/o:microsoft:windows_2000::sp4 cpe:/o:rim:tablet_os:2
927. [*] Nmap: Aggressive OS guesses: Apple AirPort Extreme WAP (90%), Microsoft Windows Server 2003 SP0 or Windows XP SP2 (89%), Microsoft Windows XP SP3 (89%), Microsoft Windows 2000 SP4 (88%), Microsoft Windows XP SP3 or Small Business Server 2003 (88%), Microsoft Windows XP (88%), Microsoft Windows XP Home SP1 (French) (87%), Microsoft Windows XP Professional SP2 (French) (87%), Microsoft Windows XP SP2 (87%), Microsoft Windows XP Professional SP2 (firewall enabled) (86%)
928. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
929. [*] Nmap: Network Distance: 1 hop
930. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
931. [*] Nmap: TRACEROUTE
932. [*] Nmap: HOP RTT       ADDRESS
933. [*] Nmap: 1   238.15 ms 10.11.1.125
934. [*] Nmap: Nmap scan report for 10.11.1.128
935. [*] Nmap: Host is up (0.24s latency).
936. [*] Nmap: Not shown: 987 closed ports
937. [*] Nmap: PORT     STATE SERVICE      VERSION
938. [*] Nmap: 21/tcp   open  ftp          Microsoft ftpd 5.0
939. [*] Nmap: 25/tcp   open  smtp         Microsoft ESMTP 5.0.2195.6713
940. [*] Nmap: | smtp-commands: dj.acme.local Hello [10.11.0.96], AUTH GSSAPI NTLM LOGIN, AUTH=LOGIN, TURN, ATRN, SIZE 2097152, ETRN, PIPELINING, DSN, ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, OK,
941. [*] Nmap: |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ATRN ETRN BDAT VRFY
942. [*] Nmap: | smtp-ntlm-info:
943. [*] Nmap: |   Target_Name: DJ
944. [*] Nmap: |   NetBIOS_Domain_Name: DJ
945. [*] Nmap: |   NetBIOS_Computer_Name: DJ
946. [*] Nmap: |   DNS_Domain_Name: dj.acme.local
947. [*] Nmap: |   DNS_Computer_Name: dj.acme.local
948. [*] Nmap: |_  Product_Version: 5.0.2195
949. [*] Nmap: 80/tcp   open  http         Microsoft IIS httpd 5.0
950. [*] Nmap: | http-cookie-flags:
951. [*] Nmap: |   /:
952. [*] Nmap: |     ASPSESSIONIDACRQSSRT:
953. [*] Nmap: |_      httponly flag not set
954. [*] Nmap: | http-methods:
955. [*] Nmap: |_  Potentially risky methods: TRACE
956. [*] Nmap: |_http-server-header: Microsoft-IIS/5.0
957. [*] Nmap: |_http-title: Login
958. [*] Nmap: 135/tcp  open  msrpc        Microsoft Windows RPC
959. [*] Nmap: 139/tcp  open  netbios-ssn  Microsoft Windows netbios-ssn
960. [*] Nmap: 443/tcp  open  https?
961. [*] Nmap: 445/tcp  open  microsoft-ds Windows 2000 microsoft-ds
962. [*] Nmap: 1025/tcp open  msrpc        Microsoft Windows RPC
963. [*] Nmap: 1026/tcp open  msrpc        Microsoft Windows RPC
964. [*] Nmap: 1030/tcp open  msrpc        Microsoft Windows RPC
965. [*] Nmap: 3372/tcp open  msdtc        Microsoft Distributed Transaction Coordinator (error)
966. [*] Nmap: 5800/tcp open  vnc-http     TightVNC
967. [*] Nmap: |_http-title: TightVNC desktop [dj]
968. [*] Nmap: 5900/tcp open  vnc          VNC (protocol 3.8)
969. [*] Nmap: | vnc-info:
970. [*] Nmap: |   Protocol version: 3.8
971. [*] Nmap: |   Security types:
972. [*] Nmap: |     VNC Authentication (2)
973. [*] Nmap: |     Tight (16)
974. [*] Nmap: |   Tight auth subtypes:
975. [*] Nmap: |_    STDV VNCAUTH_ (2)
976. [*] Nmap: MAC Address: 00:50:56:93:32:22 (VMware)
977. [*] Nmap: Device type: general purpose|specialized|power-device
978. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2000|2003|7 (98%), Belkin embedded (89%), SMA embedded (89%)
979. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7
980. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (98%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (91%), Microsoft Windows XP SP2 (91%), Microsoft Windows 2000 SP4 (90%), Microsoft Windows XP SP3 (90%), Microsoft Windows Server 2003 SP2 (89%), Belkin OmniView KVM switch or SMA Sunny WebBox solar panel monitor (89%), Microsoft Windows 7 (89%)
981. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
982. [*] Nmap: Network Distance: 1 hop
983. [*] Nmap: Service Info: Host: dj.acme.local; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_2000
984. [*] Nmap: Host script results:
985. [*] Nmap: |_clock-skew: mean: -58m19s, deviation: 1h22m29s, median: -1h56m39s
986. [*] Nmap: | ms-sql-info:
987. [*] Nmap: |   Windows server name: DJ
988. [*] Nmap: |   10.11.1.128\MSSQLSERVER:
989. [*] Nmap: |     Instance name: MSSQLSERVER
990. [*] Nmap: |     Version:
991. [*] Nmap: |       name: Microsoft SQL Server 2000 RTM
992. [*] Nmap: |       number: 8.00.194.00
993. [*] Nmap: |       Product: Microsoft SQL Server 2000
994. [*] Nmap: |       Service pack level: RTM
995. [*] Nmap: |       Post-SP patches applied: false
996. [*] Nmap: |     TCP port: 27900
997. [*] Nmap: |     Named pipe: \\10.11.1.128\pipe\sql\query
998. [*] Nmap: |_    Clustered: false
999. [*] Nmap: |_nbstat: NetBIOS name: DJ, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:32:22 (VMware)
1000. [*] Nmap: | smb-os-discovery:
1001. [*] Nmap: |   OS: Windows 2000 (Windows 2000 LAN Manager)
1002. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_2000::-
1003. [*] Nmap: |   Computer name: dj
1004. [*] Nmap: |   NetBIOS computer name: DJ\x00
1005. [*] Nmap: |   Workgroup: WORKGROUP\x00
1006. [*] Nmap: |_  System time: 2019-09-11T13:31:26+02:00
1007. [*] Nmap: | smb-security-mode:
1008. [*] Nmap: |   account_used: guest
1009. [*] Nmap: |   authentication_level: user
1010. [*] Nmap: |   challenge_response: supported
1011. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
1012. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
1013. [*] Nmap: TRACEROUTE
1014. [*] Nmap: HOP RTT       ADDRESS
1015. [*] Nmap: 1   238.32 ms 10.11.1.128
1016. [*] Nmap: Nmap scan report for 10.11.1.133
1017. [*] Nmap: Host is up (0.24s latency).
1018. [*] Nmap: Not shown: 549 filtered ports, 450 closed ports
1019. [*] Nmap: PORT   STATE SERVICE VERSION
1020. [*] Nmap: 80/tcp open  http    Microsoft-IIS
1021. [*] Nmap: | fingerprint-strings:
1022. [*] Nmap: |   GetRequest, HTTPOptions:
1023. [*] Nmap: |     HTTP/1.1 200 OK
1024. [*] Nmap: |     Date: Wed, 11 Sep 2019 11:22:59 GMT
1025. [*] Nmap: |     Server: Microsoft-IIS
1026. [*] Nmap: |     Content-Type: text/html
1027. [*] Nmap: |     Cache-control: private
1028. [*] Nmap: |     Vary: Accept-Encoding
1029. [*] Nmap: |     Content-Length: 619
1030. [*] Nmap: |     Connection: close
1031. [*] Nmap: |     <html>
1032. [*] Nmap: |     <head>
1033. [*] Nmap: |     <title>Let's play with the offsec team</title>
1034. [*] Nmap: |     </head>
1035. [*] Nmap: |     <body style="color: #FFFFFF; background-color: #000000;font-family: verdana;">
1036. [*] Nmap: |     <center>
1037. [*] Nmap: |     <div style="width:600px;height:399px;background-image:url(offsec-team.jpg);">
1038. [*] Nmap: |     <form method="post" action="login.asp">
1039. [*] Nmap: |     <table style="padding-top:170px;">
1040. [*] Nmap: |     <tr>
1041. [*] Nmap: |     <td>Username: </td><td><input type="text" name="username" value=""></td>
1042. [*] Nmap: |     </tr>
1043. [*] Nmap: |     <tr>
1044. [*] Nmap: |     <td>Password: </td><td><input type="password" name="password"></td>
1045. [*] Nmap: |     </tr>
1046. [*] Nmap: |     <tr>
1047. [*] Nmap: |     colspan="2" align="right"><input type="submit" name="submit" value="Enter"></td>
1048. [*] Nmap: |     </tr>
1049. [*] Nmap: |     </table>
1050. [*] Nmap: |     </form>
1051. [*] Nmap: |     </div>
1052. [*] Nmap: |     </center>
1053. [*] Nmap: |     </body>
1054. [*] Nmap: |_    </html>
1055. [*] Nmap: |_http-server-header: Microsoft-IIS
1056. [*] Nmap: |_http-title: Let's play with the offsec team
1057. [*] Nmap: 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
1058. [*] Nmap: SF-Port80-TCP:V=7.70%I=7%D=9/11%Time=5D78D922%P=i686-pc-linux-gnu%r(GetReq
1059. [*] Nmap: SF:uest,333,"HTTP/1\.1\x20200\x20OK\r\nDate:\x20Wed,\x2011\x20Sep\x202019\
1060. [*] Nmap: SF:x2011:22:59\x20GMT\r\nServer:\x20Microsoft-IIS\x20\x20\x20\x20\x20\x20\
1061. [*] Nmap: SF:x20\x20\x20\r\nContent-Type:\x20text/html\r\nCache-control:\x20private\
1062. [*] Nmap: SF:r\nVary:\x20Accept-Encoding\r\nContent-Length:\x20619\r\nConnection:\x2
1063. [*] Nmap: SF:0close\r\n\r\n<html>\n<head>\n<title>Let's\x20play\x20with\x20the\x20of
1064. [*] Nmap: SF:fsec\x20team</title>\n</head>\n<body\x20style=\"color:\x20#FFFFFF;\x20b
1065. [*] Nmap: SF:ackground-color:\x20#000000;font-family:\x20verdana;\">\n<center>\n<div
1066. [*] Nmap: SF:\x20style=\"width:600px;height:399px;background-image:url\(offsec-team\
1067. [*] Nmap: SF:.jpg\);\">\n<form\x20method=\"post\"\x20action=\"login\.asp\">\n<table\
1068. [*] Nmap: SF:x20style=\"padding-top:170px;\">\n<tr>\n<td>Username:\x20</td><td><inpu
1069. [*] Nmap: SF:t\x20type=\"text\"\x20name=\"username\"\x20value=\"\"></td>\n</tr>\n<tr
1070. [*] Nmap: SF:>\n<td>Password:\x20</td><td><input\x20type=\"password\"\x20name=\"pass
1071. [*] Nmap: SF:word\"></td>\n</tr>\n<tr>\n<td\x20colspan=\"2\"\x20align=\"right\"><inp
1072. [*] Nmap: SF:ut\x20type=\"submit\"\x20name=\"submit\"\x20value=\"Enter\"></td>\n</tr
1073. [*] Nmap: SF:>\n</table>\n</form>\n</div>\n</center>\n</body>\n</html>\n")%r(HTTPOpt
1074. [*] Nmap: SF:ions,333,"HTTP/1\.1\x20200\x20OK\r\nDate:\x20Wed,\x2011\x20Sep\x202019\
1075. [*] Nmap: SF:x2011:22:59\x20GMT\r\nServer:\x20Microsoft-IIS\x20\x20\x20\x20\x20\x20\
1076. [*] Nmap: SF:x20\x20\x20\r\nContent-Type:\x20text/html\r\nCache-control:\x20private\
1077. [*] Nmap: SF:r\nVary:\x20Accept-Encoding\r\nContent-Length:\x20619\r\nConnection:\x2
1078. [*] Nmap: SF:0close\r\n\r\n<html>\n<head>\n<title>Let's\x20play\x20with\x20the\x20of
1079. [*] Nmap: SF:fsec\x20team</title>\n</head>\n<body\x20style=\"color:\x20#FFFFFF;\x20b
1080. [*] Nmap: SF:ackground-color:\x20#000000;font-family:\x20verdana;\">\n<center>\n<div
1081. [*] Nmap: SF:\x20style=\"width:600px;height:399px;background-image:url\(offsec-team\
1082. [*] Nmap: SF:.jpg\);\">\n<form\x20method=\"post\"\x20action=\"login\.asp\">\n<table\
1083. [*] Nmap: SF:x20style=\"padding-top:170px;\">\n<tr>\n<td>Username:\x20</td><td><inpu
1084. [*] Nmap: SF:t\x20type=\"text\"\x20name=\"username\"\x20value=\"\"></td>\n</tr>\n<tr
1085. [*] Nmap: SF:>\n<td>Password:\x20</td><td><input\x20type=\"password\"\x20name=\"pass
1086. [*] Nmap: SF:word\"></td>\n</tr>\n<tr>\n<td\x20colspan=\"2\"\x20align=\"right\"><inp
1087. [*] Nmap: SF:ut\x20type=\"submit\"\x20name=\"submit\"\x20value=\"Enter\"></td>\n</tr
1088. [*] Nmap: SF:>\n</table>\n</form>\n</div>\n</center>\n</body>\n</html>\n");
1089. [*] Nmap: MAC Address: 00:50:56:89:7D:25 (VMware)
1090. [*] Nmap: Aggressive OS guesses: Linux 2.6.32 (95%), HP MSM410 WAP (91%), Linux 2.6.35 (90%), IGEL UD3 thin client (Linux 2.6) (90%), IPFire 2.11 firewall (Linux 2.6.32) (90%), DD-WRT v24-sp1 (Linux 2.4) (89%), Linux 3.0 - 3.2 (88%), DD-WRT v23 (Linux 2.4.34) (88%), Linux 2.6.15 - 2.6.26 (likely embedded) (88%), Fortinet FortiOS 5.0.6 (88%)
1091. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
1092. [*] Nmap: Network Distance: 1 hop
1093. [*] Nmap: TRACEROUTE
1094. [*] Nmap: HOP RTT       ADDRESS
1095. [*] Nmap: 1   238.60 ms 10.11.1.133
1096. [*] Nmap: Nmap scan report for 10.11.1.136
1097. [*] Nmap: Host is up (0.24s latency).
1098. [*] Nmap: Not shown: 996 closed ports
1099. [*] Nmap: PORT    STATE SERVICE     VERSION
1100. [*] Nmap: 22/tcp  open  ssh         OpenSSH 4.3p2 Debian 9 (protocol 2.0)
1101. [*] Nmap: |_auth-owners: root
1102. [*] Nmap: | ssh-hostkey:
1103. [*] Nmap: |   1024 88:23:98:0d:9d:8a:20:59:35:b8:14:12:14:d5:d0:44 (DSA)
1104. [*] Nmap: |_  2048 6b:5d:04:71:76:78:56:96:56:92:a8:02:30:73:ee:fa (RSA)
1105. [*] Nmap: 113/tcp open  ident
1106. [*] Nmap: |_auth-owners: identd
1107. [*] Nmap: 139/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: LOCAL)
1108. [*] Nmap: |_auth-owners: root
1109. [*] Nmap: 445/tcp open  netbios-ssn Samba smbd 3.0.24 (workgroup: LOCAL)
1110. [*] Nmap: |_auth-owners: root
1111. [*] Nmap: MAC Address: 00:50:56:93:37:2B (VMware)
1112. [*] Nmap: Device type: general purpose|switch|printer|firewall|security-misc|WAP|remote management|specialized
1113. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X|2.4.X (94%), Extreme Networks ExtremeXOS 12.X (93%), Kyocera embedded (93%), Barracuda Networks embedded (92%), AVM embedded (90%), Linksys embedded (90%), Netgear embedded (90%), Dell embedded (90%)
1114. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:extremenetworks:extremexos:12.5.4 cpe:/h:kyocera:cs-2560 cpe:/h:avm:fritz%21box_fon_wlan_7050 cpe:/h:linksys:wag200g cpe:/h:netgear:dg834gt cpe:/h:dell:remote_access_card:5 cpe:/o:linux:linux_kernel:2.4.21
1115. [*] Nmap: Aggressive OS guesses: Linux 2.6.15 - 2.6.26 (likely embedded) (94%), Linux 2.6.16 (94%), Extreme Networks ExtremeXOS 12.5.4 (93%), Kyocera CopyStar CS-2560 printer (93%), Linux 2.6.15 (Ubuntu) (93%), Linux 2.6.26 (93%), Barracuda Web Application Firewall 460 (92%), Linux 2.6.32 (92%), Barracuda Web Filter (92%), Linux 2.6.22 (92%)
1116. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
1117. [*] Nmap: Network Distance: 1 hop
1118. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1119. [*] Nmap: Host script results:
1120. [*] Nmap: |_clock-skew: mean: 2h01m37s, deviation: 2h52m03s, median: -2s
1121. [*] Nmap: |_nbstat: NetBIOS name: SUFFERANCE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
1122. [*] Nmap: | smb-os-discovery:
1123. [*] Nmap: |   OS: Unix (Samba 3.0.24)
1124. [*] Nmap: |   NetBIOS computer name:
1125. [*] Nmap: |   Workgroup: THINC.LOCAL\x00
1126. [*] Nmap: |_  System time: 2019-09-11T07:31:25-04:00
1127. [*] Nmap: | smb-security-mode:
1128. [*] Nmap: |   account_used: guest
1129. [*] Nmap: |   authentication_level: share (dangerous)
1130. [*] Nmap: |   challenge_response: supported
1131. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
1132. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
1133. [*] Nmap: TRACEROUTE
1134. [*] Nmap: HOP RTT       ADDRESS
1135. [*] Nmap: 1   238.20 ms 10.11.1.136
1136. [*] Nmap: Nmap scan report for 10.11.1.141
1137. [*] Nmap: Host is up (0.24s latency).
1138. [*] Nmap: Not shown: 997 closed ports
1139. [*] Nmap: PORT      STATE SERVICE VERSION
1140. [*] Nmap: 22/tcp    open  ssh     OpenSSH 4.0 (protocol 2.0)
1141. [*] Nmap: | ssh-hostkey:
1142. [*] Nmap: |   1024 fe:cd:bb:f6:36:d4:59:62:92:b4:10:e4:75:04:43:54 (DSA)
1143. [*] Nmap: |_  1024 9a:99:25:75:ac:04:e5:f9:f7:21:c6:f5:88:4f:12:6a (RSA)
1144. [*] Nmap: 111/tcp   open  rpcbind 2 (RPC #100000)
1145. [*] Nmap: | rpcinfo:
1146. [*] Nmap: |   program version   port/proto  service
1147. [*] Nmap: |   100000  2            111/tcp  rpcbind
1148. [*] Nmap: |_  100000  2            111/udp  rpcbind
1149. [*] Nmap: 10000/tcp open  http    MiniServ 0.01 (Webmin httpd)
1150. [*] Nmap: |_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
1151. [*] Nmap: MAC Address: 00:50:56:89:65:3F (VMware)
1152. [*] Nmap: Device type: general purpose|firewall|proxy server|PBX|WAP|broadband router
1153. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X (94%), Cisco embedded (91%), Riverbed embedded (91%), Ruckus embedded (90%), FreeBSD 6.X (89%), Zhone embedded (88%), AVM embedded (87%)
1154. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6 cpe:/h:cisco:sa520 cpe:/h:riverbed:steelhead_200 cpe:/h:cisco:uc320w cpe:/h:ruckus:7363 cpe:/o:freebsd:freebsd:6.2 cpe:/h:avm:fritz%21box_fon_wlan_7170
1155. [*] Nmap: Aggressive OS guesses: Linux 2.6.18 (94%), Linux 2.6.9 (94%), Linux 2.6.9 - 2.6.27 (93%), Cisco SA520 firewall (Linux 2.6) (91%), Linux 2.6.11 (91%), Linux 2.6.28 (91%), Riverbed Steelhead 200 proxy server (91%), Linux 2.6.30 (90%), Linux 2.6.32 (90%), Linux 2.6.9 (CentOS 4.4) (90%)
1156. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
1157. [*] Nmap: Network Distance: 1 hop
1158. [*] Nmap: TRACEROUTE
1159. [*] Nmap: HOP RTT       ADDRESS
1160. [*] Nmap: 1   239.06 ms 10.11.1.141
1161. [*] Nmap: Nmap scan report for 10.11.1.145
1162. [*] Nmap: Host is up (0.24s latency).
1163. [*] Nmap: Not shown: 995 filtered ports
1164. [*] Nmap: PORT     STATE SERVICE            VERSION
1165. [*] Nmap: 135/tcp  open  msrpc              Microsoft Windows RPC
1166. [*] Nmap: 139/tcp  open  netbios-ssn        Microsoft Windows netbios-ssn
1167. [*] Nmap: 445/tcp  open  microsoft-ds       Windows Server (R) 2008 Standard 6001 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
1168. [*] Nmap: 3389/tcp open  ssl/ms-wbt-server?
1169. [*] Nmap: | ssl-cert: Subject: commonName=HELPDESK
1170. [*] Nmap: | Not valid before: 2019-09-10T08:36:52
1171. [*] Nmap: |_Not valid after:  2020-03-11T08:36:52
1172. [*] Nmap: |_ssl-date: 2019-09-11T11:28:22+00:00; -3s from scanner time.
1173. [*] Nmap: 8080/tcp open  http               Apache Tomcat/Coyote JSP engine 1.1
1174. [*] Nmap: | http-cookie-flags:
1175. [*] Nmap: |   /:
1176. [*] Nmap: |     JSESSIONID:
1177. [*] Nmap: |_      httponly flag not set
1178. [*] Nmap: |_http-server-header: Apache-Coyote/1.1
1179. [*] Nmap: |_http-title: ManageEngine ServiceDesk Plus
1180. [*] Nmap: MAC Address: 00:50:56:89:78:BA (VMware)
1181. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1182. [*] Nmap: Device type: general purpose
1183. [*] Nmap: Running: Microsoft Windows 7
1184. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_7
1185. [*] Nmap: OS details: Microsoft Windows 7
1186. [*] Nmap: Network Distance: 1 hop
1187. [*] Nmap: Service Info: Host: HELPDESK; OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2008:r2
1188. [*] Nmap: Host script results:
1189. [*] Nmap: |_clock-skew: mean: 1h45m46s, deviation: 3h31m39s, median: -3s
1190. [*] Nmap: |_nbstat: NetBIOS name: HELPDESK, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:78:ba (VMware)
1191. [*] Nmap: | smb-os-discovery:
1192. [*] Nmap: |   OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)
1193. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
1194. [*] Nmap: |   Computer name: HELPDESK
1195. [*] Nmap: |   NetBIOS computer name: HELPDESK\x00
1196. [*] Nmap: |   Workgroup: WORKGROUP\x00
1197. [*] Nmap: |_  System time: 2019-09-11T04:31:25-07:00
1198. [*] Nmap: | smb-security-mode:
1199. [*] Nmap: |   account_used: <blank>
1200. [*] Nmap: |   authentication_level: user
1201. [*] Nmap: |   challenge_response: supported
1202. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
1203. [*] Nmap: | smb2-security-mode:
1204. [*] Nmap: |   2.02:
1205. [*] Nmap: |_    Message signing enabled but not required
1206. [*] Nmap: | smb2-time:
1207. [*] Nmap: |   date: 2019-09-11 07:31:25
1208. [*] Nmap: |_  start_date: 2017-06-05 22:08:09
1209. [*] Nmap: TRACEROUTE
1210. [*] Nmap: HOP RTT       ADDRESS
1211. [*] Nmap: 1   239.09 ms 10.11.1.145
1212. [*] Nmap: Nmap scan report for 10.11.1.146
1213. [*] Nmap: Host is up (0.26s latency).
1214. [*] Nmap: Not shown: 998 closed ports
1215. [*] Nmap: PORT   STATE SERVICE VERSION
1216. [*] Nmap: 21/tcp open  ftp     ProFTPD 1.3.3a
1217. [*] Nmap: 22/tcp open  ssh     OpenSSH 5.5p1 Debian 6 (protocol 2.0)
1218. [*] Nmap: | ssh-hostkey:
1219. [*] Nmap: |   1024 bb:1e:db:11:2a:c7:90:96:e8:0f:f1:ce:aa:14:6a:c1 (DSA)
1220. [*] Nmap: |_  2048 67:62:39:ab:ef:7b:2d:e2:70:18:fd:7d:3d:65:bf:c7 (RSA)
1221. [*] Nmap: MAC Address: 00:50:56:89:5A:7F (VMware)
1222. [*] Nmap: Aggressive OS guesses: Linux 2.6.32 (99%), HP MSM410 WAP (94%), Linux 2.6.35 (94%), IGEL UD3 thin client (Linux 2.6) (94%), IPFire 2.11 firewall (Linux 2.6.32) (93%), DD-WRT v24-sp1 (Linux 2.4) (92%), Linux 2.6.31 - 2.6.32 (92%), Extreme Networks ExtremeXOS 12.5.4 (91%), DD-WRT v23 (Linux 2.4.34) (91%), Linux 2.6.15 (Ubuntu) (91%)
1223. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
1224. [*] Nmap: Network Distance: 1 hop
1225. [*] Nmap: Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
1226. [*] Nmap: TRACEROUTE
1227. [*] Nmap: HOP RTT       ADDRESS
1228. [*] Nmap: 1   264.55 ms 10.11.1.146
1229. [*] Nmap: Nmap scan report for 10.11.1.202
1230. [*] Nmap: Host is up (0.24s latency).
1231. [*] Nmap: Not shown: 982 closed ports
1232. [*] Nmap: PORT     STATE SERVICE       VERSION
1233. [*] Nmap: 21/tcp   open  ftp           Microsoft ftpd 5.0
1234. [*] Nmap: |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
1235. [*] Nmap: | ftp-syst:
1236. [*] Nmap: |_  SYST: Windows_NT version 5.0
1237. [*] Nmap: 80/tcp   open  http          Microsoft IIS httpd 5.0
1238. [*] Nmap: | http-cookie-flags:
1239. [*] Nmap: |   /:
1240. [*] Nmap: |     ASPSESSIONIDSSRCCBAQ:
1241. [*] Nmap: |_      httponly flag not set
1242. [*] Nmap: | http-methods:
1243. [*] Nmap: |_  Potentially risky methods: TRACE COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT MOVE MKCOL PROPPATCH
1244. [*] Nmap: |_http-server-header: Microsoft-IIS/5.0
1245. [*] Nmap: |_http-title: Under Construction
1246. [*] Nmap: | http-webdav-scan:
1247. [*] Nmap: |   WebDAV type: Unkown
1248. [*] Nmap: |   Server Type: Microsoft-IIS/5.0
1249. [*] Nmap: |   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
1250. [*] Nmap: |   Allowed Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
1251. [*] Nmap: |_  Server Date: Wed, 11 Sep 2019 11:28:18 GMT
1252. [*] Nmap: 135/tcp  open  msrpc         Microsoft Windows RPC
1253. [*] Nmap: 139/tcp  open  netbios-ssn   Microsoft Windows netbios-ssn
1254. [*] Nmap: 443/tcp  open  https?
1255. [*] Nmap: 445/tcp  open  microsoft-ds  Windows 2000 microsoft-ds
1256. [*] Nmap: 1029/tcp open  msrpc         Microsoft Windows RPC
1257. [*] Nmap: 1032/tcp open  msrpc         Microsoft Windows RPC
1258. [*] Nmap: 1033/tcp open  msrpc         Microsoft Windows RPC
1259. [*] Nmap: 1038/tcp open  oracle        Oracle Database
1260. [*] Nmap: 1521/tcp open  oracle-tns    Oracle TNS Listener 9.2.0.1.0 (for 32-bit Windows)
1261. [*] Nmap: 2030/tcp open  oracle-mts    Oracle MTS Recovery Service
1262. [*] Nmap: 2100/tcp open  ftp           Oracle Enterprise XML DB ftpd 9.2.0.1.0
1263. [*] Nmap: | ftp-syst:
1264. [*] Nmap: |_  SYST: Unix Type:9.2.0.1 Version:Oracle XML DB
1265. [*] Nmap: 3372/tcp open  msdtc         Microsoft Distributed Transaction Coordinator (error)
1266. [*] Nmap: 3389/tcp open  ms-wbt-server Microsoft Terminal Service
1267. [*] Nmap: 4443/tcp open  ssl/pharos?
1268. [*] Nmap: |_ssl-date: 2019-09-11T11:28:35+00:00; 0s from scanner time.
1269. [*] Nmap: | sslv2:
1270. [*] Nmap: |   SSLv2 supported
1271. [*] Nmap: |   ciphers:
1272. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
1273. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
1274. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
1275. [*] Nmap: |     SSL2_DES_64_CBC_WITH_MD5
1276. [*] Nmap: |_    SSL2_RC4_64_WITH_MD5
1277. [*] Nmap: 7778/tcp open  http          Oracle HTTP Server Powered by Apache 1.3.22 (mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12 mod_oprocmgr/1.0 mod_perl/1.25)
1278. [*] Nmap: |_http-generator: Mozilla/4.72 [en] (WinNT; U) [Netscape]
1279. [*] Nmap: | http-methods:
1280. [*] Nmap: |_  Potentially risky methods: TRACE
1281. [*] Nmap: |_http-server-header: Oracle HTTP Server Powered by Apache/1.3.22 (Win32) mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12 mod_oprocmgr/1.0 mod_perl/1.25
1282. [*] Nmap: |_http-title: Oracle HTTP Server Index
1283. [*] Nmap: 8080/tcp open  http          Oracle XML DB Enterprise Edition httpd 9.2.0.1.0 (Oracle9i Enterprise Edition Release)
1284. [*] Nmap: | http-auth:
1285. [*] Nmap: | HTTP/1.1 401 Unauthorized\x0D
1286. [*] Nmap: |_  Basic realm=XDB
1287. [*] Nmap: |_http-server-header: Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
1288. [*] Nmap: |_http-title: 400 Bad Request
1289. [*] Nmap: MAC Address: 00:50:56:89:2E:00 (VMware)
1290. [*] Nmap: Device type: general purpose|specialized|power-device
1291. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2000|2003|7 (98%), Belkin embedded (89%), SMA embedded (89%)
1292. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7
1293. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (98%), Microsoft Windows XP SP2 (92%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (91%), Microsoft Windows 2000 SP4 (91%), Microsoft Windows XP SP3 (91%), Microsoft Windows Server 2003 SP2 (90%), Belkin OmniView KVM switch or SMA Sunny WebBox solar panel monitor (89%), Microsoft Windows 7 (89%)
1294. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
1295. [*] Nmap: Network Distance: 1 hop
1296. [*] Nmap: Service Info: Host: oracle; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_2000
1297. [*] Nmap: Host script results:
1298. [*] Nmap: |_clock-skew: mean: -38m55s, deviation: 1h07m24s, median: 0s
1299. [*] Nmap: |_nbstat: NetBIOS name: ORACLE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:2e:00 (VMware)
1300. [*] Nmap: | smb-os-discovery:
1301. [*] Nmap: |   OS: Windows 2000 (Windows 2000 LAN Manager)
1302. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_2000::-
1303. [*] Nmap: |   Computer name: oracle
1304. [*] Nmap: |   NetBIOS computer name: ORACLE\x00
1305. [*] Nmap: |   Domain name: acme.local
1306. [*] Nmap: |   FQDN: oracle.acme.local
1307. [*] Nmap: |_  System time: 2019-09-11T13:31:28+02:00
1308. [*] Nmap: | smb-security-mode:
1309. [*] Nmap: |   account_used: guest
1310. [*] Nmap: |   authentication_level: user
1311. [*] Nmap: |   challenge_response: supported
1312. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
1313. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
1314. [*] Nmap: TRACEROUTE
1315. [*] Nmap: HOP RTT       ADDRESS
1316. [*] Nmap: 1   241.50 ms 10.11.1.202
1317. [*] Nmap: Nmap scan report for 10.11.1.209
1318. [*] Nmap: Host is up (0.26s latency).
1319. [*] Nmap: Not shown: 995 closed ports
1320. [*] Nmap: PORT     STATE SERVICE VERSION
1321. [*] Nmap: 22/tcp   open  ssh     SunSSH 1.1.5 (protocol 2.0)
1322. [*] Nmap: | ssh-hostkey:
1323. [*] Nmap: |   1024 b0:d1:14:4f:d2:43:20:e4:90:f7:ca:e3:8a:36:39:86 (DSA)
1324. [*] Nmap: |_  1024 dd:36:f6:09:23:4c:c4:c3:44:d6:6e:2f:6a:ff:b3:12 (RSA)
1325. [*] Nmap: 80/tcp   open  http    Apache httpd 1.3.41 ((Unix) mod_perl/1.31)
1326. [*] Nmap: | http-methods:
1327. [*] Nmap: |_  Potentially risky methods: TRACE
1328. [*] Nmap: |_http-server-header: Apache/1.3.41 (Unix) mod_perl/1.31
1329. [*] Nmap: |_http-title: Test Page for the SSL/TLS-aware Apache Installation on Web Site
1330. [*] Nmap: 111/tcp  open  rpcbind 2-4 (RPC #100000)
1331. [*] Nmap: 8009/tcp open  ajp13   Apache Jserv (Protocol v1.3)
1332. [*] Nmap: |_ajp-methods: Failed to get a valid response for the OPTION request
1333. [*] Nmap: 8080/tcp open  http    Apache Tomcat/Coyote JSP engine 1.1
1334. [*] Nmap: |_http-favicon: Apache Tomcat
1335. [*] Nmap: |_http-server-header: Apache-Coyote/1.1
1336. [*] Nmap: |_http-title: Apache Tomcat/5.5.35
1337. [*] Nmap: MAC Address: 00:50:56:89:12:0C (VMware)
1338. [*] Nmap: Device type: general purpose
1339. [*] Nmap: Running: Sun SunOS 10
1340. [*] Nmap: OS CPE: cpe:/o:sun:sunos:10
1341. [*] Nmap: OS details: Sun Solaris 10
1342. [*] Nmap: Network Distance: 1 hop
1343. [*] Nmap: TRACEROUTE
1344. [*] Nmap: HOP RTT       ADDRESS
1345. [*] Nmap: 1   256.39 ms 10.11.1.209
1346. [*] Nmap: Nmap scan report for 10.11.1.217
1347. [*] Nmap: Host is up (0.33s latency).
1348. [*] Nmap: Not shown: 989 closed ports
1349. [*] Nmap: PORT     STATE SERVICE    VERSION
1350. [*] Nmap: 22/tcp   open  ssh        OpenSSH 4.3 (protocol 2.0)
1351. [*] Nmap: | ssh-hostkey:
1352. [*] Nmap: |   1024 1a:f6:e5:4c:f5:65:5c:a3:79:ce:e1:30:f9:5a:9c:af (DSA)
1353. [*] Nmap: |_  2048 b1:9e:c8:ea:eb:4c:fc:55:cb:1e:4d:4c:40:6e:80:f2 (RSA)
1354. [*] Nmap: 25/tcp   open  smtp?
1355. [*] Nmap: |_smtp-commands: hotline.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
1356. [*] Nmap: 80/tcp   open  http       Apache httpd 2.2.3
1357. [*] Nmap: |_http-server-header: Apache/2.2.3 (CentOS)
1358. [*] Nmap: |_http-title: Did not follow redirect to https://10.11.1.217/
1359. [*] Nmap: 110/tcp  open  pop3?
1360. [*] Nmap: 111/tcp  open  rpcbind    2 (RPC #100000)
1361. [*] Nmap: | rpcinfo:
1362. [*] Nmap: |   program version   port/proto  service
1363. [*] Nmap: |   100000  2            111/tcp  rpcbind
1364. [*] Nmap: |   100000  2            111/udp  rpcbind
1365. [*] Nmap: |   100024  1            884/udp  status
1366. [*] Nmap: |_  100024  1            887/tcp  status
1367. [*] Nmap: 143/tcp  open  imap?
1368. [*] Nmap: 443/tcp  open  ssl/http   Apache httpd 2.2.3 ((CentOS))
1369. [*] Nmap: | http-robots.txt: 1 disallowed entry
1370. [*] Nmap: |_/
1371. [*] Nmap: |_http-server-header: Apache/2.2.3 (CentOS)
1372. [*] Nmap: |_http-title: Elastix - Login page
1373. [*] Nmap: | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
1374. [*] Nmap: | Not valid before: 2012-03-23T19:29:13
1375. [*] Nmap: |_Not valid after:  2013-03-23T19:29:13
1376. [*] Nmap: |_ssl-date: 2019-09-11T11:26:40+00:00; -1m59s from scanner time.
1377. [*] Nmap: 993/tcp  open  imaps?
1378. [*] Nmap: 995/tcp  open  pop3s?
1379. [*] Nmap: 3306/tcp open  mysql?
1380. [*] Nmap: |_mysql-info: ERROR: Script execution failed (use -d to debug)
1381. [*] Nmap: 4445/tcp open  upnotifyp?
1382. [*] Nmap: MAC Address: 00:50:56:89:57:05 (VMware)
1383. [*] Nmap: Device type: general purpose
1384. [*] Nmap: Running: Linux 2.6.X
1385. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.18
1386. [*] Nmap: OS details: Linux 2.6.18
1387. [*] Nmap: Network Distance: 1 hop
1388. [*] Nmap: Service Info: Host: 127.0.0.1
1389. [*] Nmap: Host script results:
1390. [*] Nmap: |_clock-skew: mean: -1m59s, deviation: 0s, median: -1m59s
1391. [*] Nmap: TRACEROUTE
1392. [*] Nmap: HOP RTT       ADDRESS
1393. [*] Nmap: 1   332.33 ms 10.11.1.217
1394. [*] Nmap: Nmap scan report for 10.11.1.218
1395. [*] Nmap: Host is up (0.24s latency).
1396. [*] Nmap: Not shown: 997 filtered ports
1397. [*] Nmap: PORT    STATE SERVICE      VERSION
1398. [*] Nmap: 135/tcp open  msrpc        Microsoft Windows RPC
1399. [*] Nmap: 139/tcp open  netbios-ssn  Microsoft Windows netbios-ssn
1400. [*] Nmap: 445/tcp open  microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: THINC)
1401. [*] Nmap: MAC Address: 00:50:56:93:5C:EA (VMware)
1402. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1403. [*] Nmap: Device type: general purpose
1404. [*] Nmap: Running: Microsoft Windows 2008|7
1405. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7
1406. [*] Nmap: OS details: Microsoft Windows 7 or Windows Server 2008 R2
1407. [*] Nmap: Network Distance: 1 hop
1408. [*] Nmap: Service Info: Host: OBSERVER; OS: Windows; CPE: cpe:/o:microsoft:windows
1409. [*] Nmap: Host script results:
1410. [*] Nmap: |_clock-skew: mean: -2083d01h13m04s, deviation: 4h38m41s, median: -2083d03h53m59s
1411. [*] Nmap: |_nbstat: NetBIOS name: OBSERVER, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:5c:ea (VMware)
1412. [*] Nmap: | smb-os-discovery:
1413. [*] Nmap: |   OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
1414. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
1415. [*] Nmap: |   Computer name: observer
1416. [*] Nmap: |   NetBIOS computer name: OBSERVER\x00
1417. [*] Nmap: |   Domain name: thinc.local
1418. [*] Nmap: |   Forest name: thinc.local
1419. [*] Nmap: |   FQDN: observer.thinc.local
1420. [*] Nmap: |_  System time: 2013-12-27T23:37:33-08:00
1421. [*] Nmap: | smb-security-mode:
1422. [*] Nmap: |   account_used: <blank>
1423. [*] Nmap: |   authentication_level: user
1424. [*] Nmap: |   challenge_response: supported
1425. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
1426. [*] Nmap: | smb2-security-mode:
1427. [*] Nmap: |   2.02:
1428. [*] Nmap: |_    Message signing enabled but not required
1429. [*] Nmap: | smb2-time:
1430. [*] Nmap: |   date: 2013-12-28 02:37:35
1431. [*] Nmap: |_  start_date: 2013-12-27 16:08:12
1432. [*] Nmap: TRACEROUTE
1433. [*] Nmap: HOP RTT       ADDRESS
1434. [*] Nmap: 1   240.45 ms 10.11.1.218
1435. [*] Nmap: Nmap scan report for 10.11.1.219
1436. [*] Nmap: Host is up (0.24s latency).
1437. [*] Nmap: Not shown: 999 filtered ports
1438. [*] Nmap: PORT   STATE SERVICE VERSION
1439. [*] Nmap: 80/tcp open  http    Apache httpd
1440. [*] Nmap: |_http-server-header: Apache
1441. [*] Nmap: |_http-title: Apache2 Ubuntu Default Page: It works
1442. [*] Nmap: MAC Address: 00:50:56:89:06:25 (VMware)
1443. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1444. [*] Nmap: Device type: general purpose
1445. [*] Nmap: Running (JUST GUESSING): Linux 3.X|4.X (90%)
1446. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
1447. [*] Nmap: Aggressive OS guesses: Linux 3.10 - 3.16 (90%), Linux 3.11 - 4.1 (89%), Linux 4.4 (89%), Linux 3.2.0 (87%), Linux 3.16 (86%)
1448. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
1449. [*] Nmap: Network Distance: 1 hop
1450. [*] Nmap: TRACEROUTE
1451. [*] Nmap: HOP RTT       ADDRESS
1452. [*] Nmap: 1   239.22 ms 10.11.1.219
1453. [*] Nmap: Nmap scan report for 10.11.1.220
1454. [*] Nmap: Host is up (0.24s latency).
1455. [*] Nmap: Not shown: 980 closed ports
1456. [*] Nmap: PORT      STATE SERVICE       VERSION
1457. [*] Nmap: 21/tcp    open  ftp           FileZilla ftpd 0.9.34 beta
1458. [*] Nmap: | ftp-syst:
1459. [*] Nmap: |_  SYST: UNIX emulated by FileZilla
1460. [*] Nmap: 53/tcp    open  domain        Microsoft DNS 6.1.7601 (1DB15D39) (Windows Server 2008 R2 SP1)
1461. [*] Nmap: | dns-nsid:
1462. [*] Nmap: |_  bind.version: Microsoft DNS 6.1.7601 (1DB15D39)
1463. [*] Nmap: 88/tcp    open  kerberos-sec  Microsoft Windows Kerberos (server time: 2013-12-28 07:37:03Z)
1464. [*] Nmap: 135/tcp   open  msrpc         Microsoft Windows RPC
1465. [*] Nmap: 139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
1466. [*] Nmap: 389/tcp   open  ldap          Microsoft Windows Active Directory LDAP (Domain: thinc.local, Site: Default-First-Site-Name)
1467. [*] Nmap: 445/tcp   open  microsoft-ds  Windows Server 2008 R2 Standard 7601 Service Pack 1 microsoft-ds (workgroup: THINC)
1468. [*] Nmap: 464/tcp   open  kpasswd5?
1469. [*] Nmap: 593/tcp   open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
1470. [*] Nmap: 636/tcp   open  tcpwrapped
1471. [*] Nmap: 3268/tcp  open  ldap          Microsoft Windows Active Directory LDAP (Domain: thinc.local, Site: Default-First-Site-Name)
1472. [*] Nmap: 3269/tcp  open  tcpwrapped
1473. [*] Nmap: 3389/tcp  open  ms-wbt-server Microsoft Terminal Service
1474. [*] Nmap: | ssl-cert: Subject: commonName=master.thinc.local
1475. [*] Nmap: | Not valid before: 2013-12-27T07:37:01
1476. [*] Nmap: |_Not valid after:  2014-06-28T07:37:01
1477. [*] Nmap: |_ssl-date: 2013-12-28T07:37:44+00:00; -5y257d03h53m03s from scanner time.
1478. [*] Nmap: 49152/tcp open  msrpc         Microsoft Windows RPC
1479. [*] Nmap: 49153/tcp open  msrpc         Microsoft Windows RPC
1480. [*] Nmap: 49154/tcp open  msrpc         Microsoft Windows RPC
1481. [*] Nmap: 49155/tcp open  msrpc         Microsoft Windows RPC
1482. [*] Nmap: 49157/tcp open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
1483. [*] Nmap: 49158/tcp open  msrpc         Microsoft Windows RPC
1484. [*] Nmap: 49165/tcp open  msrpc         Microsoft Windows RPC
1485. [*] Nmap: MAC Address: 00:50:56:93:3B:04 (VMware)
1486. [*] Nmap: Device type: general purpose
1487. [*] Nmap: Running: Microsoft Windows 7
1488. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_7
1489. [*] Nmap: OS details: Microsoft Windows 7
1490. [*] Nmap: Network Distance: 1 hop
1491. [*] Nmap: Service Info: Host: MASTER; OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2008:r2:sp1
1492. [*] Nmap: Host script results:
1493. [*] Nmap: |_clock-skew: mean: -2083d01h53m07s, deviation: 4h01m09s, median: -2083d03h54m02s
1494. [*] Nmap: |_nbstat: NetBIOS name: MASTER, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:3b:04 (VMware)
1495. [*] Nmap: | smb-os-discovery:
1496. [*] Nmap: |   OS: Windows Server 2008 R2 Standard 7601 Service Pack 1 (Windows Server 2008 R2 Standard 6.1)
1497. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
1498. [*] Nmap: |   Computer name: master
1499. [*] Nmap: |   NetBIOS computer name: MASTER\x00
1500. [*] Nmap: |   Domain name: thinc.local
1501. [*] Nmap: |   Forest name: thinc.local
1502. [*] Nmap: |   FQDN: master.thinc.local
1503. [*] Nmap: |_  System time: 2013-12-27T23:37:31-08:00
1504. [*] Nmap: | smb-security-mode:
1505. [*] Nmap: |   account_used: <blank>
1506. [*] Nmap: |   authentication_level: user
1507. [*] Nmap: |   challenge_response: supported
1508. [*] Nmap: |_  message_signing: required
1509. [*] Nmap: | smb2-security-mode:
1510. [*] Nmap: |   2.02:
1511. [*] Nmap: |_    Message signing enabled and required
1512. [*] Nmap: | smb2-time:
1513. [*] Nmap: |   date: 2013-12-28 02:37:31
1514. [*] Nmap: |_  start_date: 2013-12-28 11:16:39
1515. [*] Nmap: TRACEROUTE
1516. [*] Nmap: HOP RTT       ADDRESS
1517. [*] Nmap: 1   239.49 ms 10.11.1.220
1518. [*] Nmap: Nmap scan report for 10.11.1.221
1519. [*] Nmap: Host is up (0.24s latency).
1520. [*] Nmap: Not shown: 995 filtered ports
1521. [*] Nmap: PORT      STATE SERVICE            VERSION
1522. [*] Nmap: 53/tcp    open  domain             Microsoft DNS 6.0.6001 (17714650) (Windows Server 2008 SP1)
1523. [*] Nmap: | dns-nsid:
1524. [*] Nmap: |_  bind.version: Microsoft DNS 6.0.6001 (17714650)
1525. [*] Nmap: 135/tcp   open  msrpc              Microsoft Windows RPC
1526. [*] Nmap: 3389/tcp  open  ssl/ms-wbt-server?
1527. [*] Nmap: | ssl-cert: Subject: commonName=slave.thinc.local
1528. [*] Nmap: | Not valid before: 2013-12-26T21:08:51
1529. [*] Nmap: |_Not valid after:  2014-06-27T21:08:51
1530. [*] Nmap: |_ssl-date: 2013-12-28T07:37:28+00:00; -5y257d03h51m54s from scanner time.
1531. [*] Nmap: 5357/tcp  open  http               Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1532. [*] Nmap: |_http-server-header: Microsoft-HTTPAPI/2.0
1533. [*] Nmap: |_http-title: Service Unavailable
1534. [*] Nmap: 49158/tcp open  msrpc              Microsoft Windows RPC
1535. [*] Nmap: MAC Address: 00:50:56:93:18:E2 (VMware)
1536. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1537. [*] Nmap: Device type: general purpose
1538. [*] Nmap: Running: Microsoft Windows 7
1539. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_7
1540. [*] Nmap: OS details: Microsoft Windows 7
1541. [*] Nmap: Network Distance: 1 hop
1542. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows_server_2008::sp1, cpe:/o:microsoft:windows
1543. [*] Nmap: Host script results:
1544. [*] Nmap: |_clock-skew: mean: -2083d03h51m54s, deviation: 0s, median: -2083d03h51m54s
1545. [*] Nmap: |_nbstat: NetBIOS name: SLAVE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:18:e2 (VMware)
1546. [*] Nmap: TRACEROUTE
1547. [*] Nmap: HOP RTT       ADDRESS
1548. [*] Nmap: 1   237.13 ms 10.11.1.221
1549. [*] Nmap: Nmap scan report for 10.11.1.223
1550. [*] Nmap: Host is up (0.24s latency).
1551. [*] Nmap: Not shown: 987 closed ports
1552. [*] Nmap: PORT      STATE SERVICE            VERSION
1553. [*] Nmap: 80/tcp    open  http               Apache httpd 2.2.14 (DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
1554. [*] Nmap: | http-methods:
1555. [*] Nmap: |_  Potentially risky methods: TRACE
1556. [*] Nmap: |_http-server-header: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
1557. [*] Nmap: |_http-title: Index of /
1558. [*] Nmap: 135/tcp   open  msrpc              Microsoft Windows RPC
1559. [*] Nmap: 139/tcp   open  netbios-ssn        Microsoft Windows netbios-ssn
1560. [*] Nmap: 443/tcp   open  ssl/http           Apache httpd 2.2.14 (DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
1561. [*] Nmap: | http-methods:
1562. [*] Nmap: |_  Potentially risky methods: TRACE
1563. [*] Nmap: |_http-server-header: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
1564. [*] Nmap: |_http-title: Index of /
1565. [*] Nmap: | ssl-cert: Subject: commonName=localhost
1566. [*] Nmap: | Not valid before: 2009-11-10T23:48:47
1567. [*] Nmap: |_Not valid after:  2019-11-08T23:48:47
1568. [*] Nmap: |_ssl-date: 2019-09-11T11:28:58+00:00; -5s from scanner time.
1569. [*] Nmap: | sslv2:
1570. [*] Nmap: |   SSLv2 supported
1571. [*] Nmap: |   ciphers:
1572. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
1573. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
1574. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
1575. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
1576. [*] Nmap: |     SSL2_IDEA_128_CBC_WITH_MD5
1577. [*] Nmap: |     SSL2_RC2_128_CBC_WITH_MD5
1578. [*] Nmap: |_    SSL2_DES_64_CBC_WITH_MD5
1579. [*] Nmap: 445/tcp   open  microsoft-ds       Windows Server (R) 2008 Standard 6001 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
1580. [*] Nmap: 3306/tcp  open  mysql?
1581. [*] Nmap: |_mysql-info: ERROR: Script execution failed (use -d to debug)
1582. [*] Nmap: 3389/tcp  open  ssl/ms-wbt-server?
1583. [*] Nmap: | ssl-cert: Subject: commonName=Jeff
1584. [*] Nmap: | Not valid before: 2019-09-09T03:47:08
1585. [*] Nmap: |_Not valid after:  2020-03-10T03:47:08
1586. [*] Nmap: |_ssl-date: 2019-09-11T11:29:01+00:00; -5s from scanner time.
1587. [*] Nmap: 49152/tcp open  msrpc              Microsoft Windows RPC
1588. [*] Nmap: 49153/tcp open  msrpc              Microsoft Windows RPC
1589. [*] Nmap: 49154/tcp open  msrpc              Microsoft Windows RPC
1590. [*] Nmap: 49155/tcp open  msrpc              Microsoft Windows RPC
1591. [*] Nmap: 49156/tcp open  msrpc              Microsoft Windows RPC
1592. [*] Nmap: 49157/tcp open  msrpc              Microsoft Windows RPC
1593. [*] Nmap: MAC Address: 00:50:56:89:32:E3 (VMware)
1594. [*] Nmap: Device type: general purpose
1595. [*] Nmap: Running: Microsoft Windows 2008|7
1596. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7
1597. [*] Nmap: OS details: Microsoft Windows 7 or Windows Server 2008 R2
1598. [*] Nmap: Network Distance: 1 hop
1599. [*] Nmap: Service Info: Hosts: localhost, JEFF; OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2008:r2
1600. [*] Nmap: Host script results:
1601. [*] Nmap: |_clock-skew: mean: 1h24m25s, deviation: 3h08m58s, median: -5s
1602. [*] Nmap: |_nbstat: NetBIOS name: JEFF, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:32:e3 (VMware)
1603. [*] Nmap: | smb-os-discovery:
1604. [*] Nmap: |   OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)
1605. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
1606. [*] Nmap: |   Computer name: Jeff
1607. [*] Nmap: |   NetBIOS computer name: JEFF\x00
1608. [*] Nmap: |   Workgroup: WORKGROUP\x00
1609. [*] Nmap: |_  System time: 2019-09-11T04:31:30-07:00
1610. [*] Nmap: | smb-security-mode:
1611. [*] Nmap: |   account_used: guest
1612. [*] Nmap: |   authentication_level: user
1613. [*] Nmap: |   challenge_response: supported
1614. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
1615. [*] Nmap: | smb2-security-mode:
1616. [*] Nmap: |   2.02:
1617. [*] Nmap: |_    Message signing enabled but not required
1618. [*] Nmap: | smb2-time:
1619. [*] Nmap: |   date: 2019-09-11 07:31:30
1620. [*] Nmap: |_  start_date: 2016-05-22 08:28:08
1621. [*] Nmap: TRACEROUTE
1622. [*] Nmap: HOP RTT       ADDRESS
1623. [*] Nmap: 1   238.58 ms 10.11.1.223
1624. [*] Nmap: Nmap scan report for 10.11.1.226
1625. [*] Nmap: Host is up (0.24s latency).
1626. [*] Nmap: Not shown: 998 filtered ports
1627. [*] Nmap: PORT     STATE  SERVICE       VERSION
1628. [*] Nmap: 21/tcp   open   ftp           GuildFTPd
1629. [*] Nmap: 3389/tcp closed ms-wbt-server
1630. [*] Nmap: MAC Address: 00:50:56:89:51:F6 (VMware)
1631. [*] Nmap: Device type: general purpose|WAP
1632. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2003|2000 (94%), Apple embedded (89%)
1633. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_server_2003::sp2 cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_2000::sp4
1634. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (94%), Microsoft Windows Server 2003 SP2 (92%), Microsoft Windows Server 2003 (90%), Apple AirPort Extreme WAP (89%), Microsoft Windows 2000 SP4 (88%), Microsoft Windows XP SP3 (87%), Microsoft Windows Server 2003 SP1 or SP2 (86%), Microsoft Windows Server 2003 SP1 (85%), Microsoft Windows XP SP2 (85%)
1635. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
1636. [*] Nmap: Network Distance: 1 hop
1637. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1638. [*] Nmap: TRACEROUTE
1639. [*] Nmap: HOP RTT       ADDRESS
1640. [*] Nmap: 1   238.61 ms 10.11.1.226
1641. [*] Nmap: Nmap scan report for 10.11.1.227
1642. [*] Nmap: Host is up (0.24s latency).
1643. [*] Nmap: Not shown: 987 closed ports
1644. [*] Nmap: PORT     STATE SERVICE      VERSION
1645. [*] Nmap: 21/tcp   open  ftp          Microsoft ftpd 5.0
1646. [*] Nmap: |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
1647. [*] Nmap: | ftp-syst:
1648. [*] Nmap: |_  SYST: Windows_NT version 5.0
1649. [*] Nmap: 25/tcp   open  smtp         Microsoft ESMTP 5.0.2195.5329
1650. [*] Nmap: | smtp-commands: jd.acme.local Hello [10.11.0.96], AUTH GSSAPI NTLM LOGIN, AUTH=LOGIN, TURN, ATRN, SIZE 2097152, ETRN, PIPELINING, DSN, ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, OK,
1651. [*] Nmap: |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ATRN ETRN BDAT VRFY
1652. [*] Nmap: | smtp-ntlm-info:
1653. [*] Nmap: |   Target_Name: JD
1654. [*] Nmap: |   NetBIOS_Domain_Name: JD
1655. [*] Nmap: |   NetBIOS_Computer_Name: JD
1656. [*] Nmap: |   DNS_Domain_Name: jd.acme.local
1657. [*] Nmap: |   DNS_Computer_Name: jd.acme.local
1658. [*] Nmap: |_  Product_Version: 5.0.2195
1659. [*] Nmap: 80/tcp   open  http         Microsoft IIS httpd 5.0
1660. [*] Nmap: | http-methods:
1661. [*] Nmap: |_  Potentially risky methods: TRACE COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT MOVE MKCOL PROPPATCH
1662. [*] Nmap: |_http-server-header: Microsoft-IIS/5.0
1663. [*] Nmap: |_http-title: Directory Listing Denied
1664. [*] Nmap: | http-webdav-scan:
1665. [*] Nmap: |   WebDAV type: Unkown
1666. [*] Nmap: |   Server Type: Microsoft-IIS/5.0
1667. [*] Nmap: |   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
1668. [*] Nmap: |   Allowed Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
1669. [*] Nmap: |_  Server Date: Wed, 11 Sep 2019 11:29:07 GMT
1670. [*] Nmap: 135/tcp  open  msrpc        Microsoft Windows RPC
1671. [*] Nmap: 139/tcp  open  netbios-ssn  Microsoft Windows netbios-ssn
1672. [*] Nmap: 443/tcp  open  https?
1673. [*] Nmap: 445/tcp  open  microsoft-ds Windows 2000 microsoft-ds
1674. [*] Nmap: 1025/tcp open  msrpc        Microsoft Windows RPC
1675. [*] Nmap: 1026/tcp open  msrpc        Microsoft Windows RPC
1676. [*] Nmap: 1028/tcp open  msrpc        Microsoft Windows RPC
1677. [*] Nmap: 3372/tcp open  msdtc        Microsoft Distributed Transaction Coordinator (error)
1678. [*] Nmap: 5800/tcp open  vnc-http     RealVNC 4.0 (resolution: 400x250; VNC TCP port: 5900)
1679. [*] Nmap: |_http-server-header: RealVNC/4.0
1680. [*] Nmap: |_http-title: VNC viewer for Java
1681. [*] Nmap: 5900/tcp open  vnc          VNC (protocol 3.8)
1682. [*] Nmap: | vnc-info:
1683. [*] Nmap: |   Protocol version: 3.8
1684. [*] Nmap: |   Security types:
1685. [*] Nmap: |_    VNC Authentication (2)
1686. [*] Nmap: MAC Address: 00:50:56:89:0E:65 (VMware)
1687. [*] Nmap: Device type: general purpose|specialized|power-device
1688. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2000|2003|7 (98%), Belkin embedded (89%), SMA embedded (89%)
1689. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7
1690. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (98%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (91%), Microsoft Windows XP SP2 (91%), Microsoft Windows 2000 SP4 (90%), Microsoft Windows XP SP3 (90%), Microsoft Windows Server 2003 SP2 (90%), Belkin OmniView KVM switch or SMA Sunny WebBox solar panel monitor (89%), Microsoft Windows 7 (89%)
1691. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
1692. [*] Nmap: Network Distance: 1 hop
1693. [*] Nmap: Service Info: Host: jd.acme.local; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_2000
1694. [*] Nmap: Host script results:
1695. [*] Nmap: |_clock-skew: mean: -58m56s, deviation: 1h23m07s, median: -1h57m43s
1696. [*] Nmap: | ms-sql-info:
1697. [*] Nmap: |   Windows server name: JD
1698. [*] Nmap: |   10.11.1.227\MSSQLSERVER:
1699. [*] Nmap: |     Instance name: MSSQLSERVER
1700. [*] Nmap: |     Version:
1701. [*] Nmap: |       name: Microsoft SQL Server 2000 RTM
1702. [*] Nmap: |       number: 8.00.194.00
1703. [*] Nmap: |       Product: Microsoft SQL Server 2000
1704. [*] Nmap: |       Service pack level: RTM
1705. [*] Nmap: |       Post-SP patches applied: false
1706. [*] Nmap: |     TCP port: 27900
1707. [*] Nmap: |     Named pipe: \\10.11.1.227\pipe\sql\query
1708. [*] Nmap: |_    Clustered: false
1709. [*] Nmap: |_nbstat: NetBIOS name: JD, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:0e:65 (VMware)
1710. [*] Nmap: | smb-os-discovery:
1711. [*] Nmap: |   OS: Windows 2000 (Windows 2000 LAN Manager)
1712. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_2000::-
1713. [*] Nmap: |   Computer name: jd
1714. [*] Nmap: |   NetBIOS computer name: JD\x00
1715. [*] Nmap: |   Workgroup: WORKGROUP\x00
1716. [*] Nmap: |_  System time: 2019-09-11T13:31:26+02:00
1717. [*] Nmap: | smb-security-mode:
1718. [*] Nmap: |   account_used: guest
1719. [*] Nmap: |   authentication_level: user
1720. [*] Nmap: |   challenge_response: supported
1721. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
1722. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
1723. [*] Nmap: TRACEROUTE
1724. [*] Nmap: HOP RTT       ADDRESS
1725. [*] Nmap: 1   239.49 ms 10.11.1.227
1726. [*] Nmap: Nmap scan report for 10.11.1.229
1727. [*] Nmap: Host is up (0.24s latency).
1728. [*] Nmap: Not shown: 988 filtered ports
1729. [*] Nmap: PORT     STATE  SERVICE       VERSION
1730. [*] Nmap: 21/tcp   open   tcpwrapped
1731. [*] Nmap: 23/tcp   closed telnet
1732. [*] Nmap: 25/tcp   open   smtp          hMailServer smtpd
1733. [*] Nmap: | smtp-commands: MAIL, SIZE 20480000, AUTH LOGIN,
1734. [*] Nmap: |_ 211 DATA HELO EHLO MAIL NOOP QUIT RCPT RSET SAML TURN VRFY
1735. [*] Nmap: 80/tcp   open   http          Microsoft IIS httpd 6.0
1736. [*] Nmap: | http-methods:
1737. [*] Nmap: |_  Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
1738. [*] Nmap: |_http-server-header: Microsoft-IIS/6.0
1739. [*] Nmap: |_http-title: 10.11.1.229 - /
1740. [*] Nmap: | http-webdav-scan:
1741. [*] Nmap: |   WebDAV type: Unkown
1742. [*] Nmap: |   Server Type: Microsoft-IIS/6.0
1743. [*] Nmap: |   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
1744. [*] Nmap: |   Allowed Methods: OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK
1745. [*] Nmap: |_  Server Date: Wed, 11 Sep 2019 11:29:22 GMT
1746. [*] Nmap: 110/tcp  open   pop3          hMailServer pop3d
1747. [*] Nmap: |_pop3-capabilities: ERROR: Script execution failed (use -d to debug)
1748. [*] Nmap: 135/tcp  open   msrpc         Microsoft Windows RPC
1749. [*] Nmap: 139/tcp  open   netbios-ssn   Windows Server 2003 3790 Service Pack 1 netbios-ssn
1750. [*] Nmap: 143/tcp  open   imap          hMailServer imapd
1751. [*] Nmap: |_imap-capabilities: OK SORT ACL IMAP4rev1 CHILDREN NAMESPACE IMAP4 QUOTA CAPABILITY RIGHTS=texkA0001 completed IDLE
1752. [*] Nmap: 443/tcp  closed https
1753. [*] Nmap: 1025/tcp open   msrpc         Microsoft Windows RPC
1754. [*] Nmap: 2869/tcp closed icslap
1755. [*] Nmap: 3389/tcp open   ms-wbt-server Microsoft Terminal Service
1756. [*] Nmap: MAC Address: 00:50:56:93:03:7A (VMware)
1757. [*] Nmap: Device type: general purpose|media device
1758. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2003|2000|PocketPC/CE (95%), Motorola embedded (86%)
1759. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_ce:5.0 cpe:/h:motorola:vip1216
1760. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (95%), Microsoft Windows Server 2003 SP2 (93%), Microsoft Windows XP SP3 (90%), Microsoft Windows Server 2003 SP1 or SP2 (88%), Microsoft Windows XP SP2 (87%), Microsoft Windows Server 2003 SP1 (87%), Microsoft Windows Server 2003 SP0 - SP2 (87%), Microsoft Windows Server 2003 (87%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (86%), Microsoft Windows 2000 SP4 (86%)
1761. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
1762. [*] Nmap: Network Distance: 1 hop
1763. [*] Nmap: Service Info: Host: MAIL; OS: Windows; CPE: cpe:/o:microsoft:windows
1764. [*] Nmap: Host script results:
1765. [*] Nmap: |_clock-skew: mean: 2h31m14s, deviation: 3h33m58s, median: -4s
1766. [*] Nmap: |_nbstat: NetBIOS name: MAIL, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:03:7a (VMware)
1767. [*] Nmap: | smb-os-discovery:
1768. [*] Nmap: |   OS: Windows Server 2003 3790 Service Pack 1 (Windows Server 2003 5.2)
1769. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_server_2003::sp1
1770. [*] Nmap: |   Computer name: mail
1771. [*] Nmap: |   NetBIOS computer name: MAIL\x00
1772. [*] Nmap: |   Workgroup: WORKGROUP\x00
1773. [*] Nmap: |_  System time: 2019-09-11T06:31:53-05:00
1774. [*] Nmap: | smb-security-mode:
1775. [*] Nmap: |   account_used: guest
1776. [*] Nmap: |   authentication_level: user
1777. [*] Nmap: |   challenge_response: supported
1778. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
1779. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
1780. [*] Nmap: TRACEROUTE
1781. [*] Nmap: HOP RTT       ADDRESS
1782. [*] Nmap: 1   239.51 ms 10.11.1.229
1783. [*] Nmap: Nmap scan report for 10.11.1.230
1784. [*] Nmap: Host is up (0.24s latency).
1785. [*] Nmap: Not shown: 989 closed ports
1786. [*] Nmap: PORT      STATE SERVICE            VERSION
1787. [*] Nmap: 80/tcp    open  http               GoAhead WebServer
1788. [*] Nmap: |_http-server-header: GoAhead-Webs
1789. [*] Nmap: | http-title: HP Power Manager
1790. [*] Nmap: |_Requested resource was http://10.11.1.230/index.asp
1791. [*] Nmap: 135/tcp   open  msrpc              Microsoft Windows RPC
1792. [*] Nmap: 139/tcp   open  netbios-ssn        Microsoft Windows netbios-ssn
1793. [*] Nmap: 445/tcp   open  microsoft-ds       Windows 7 Ultimate N 7600 microsoft-ds (workgroup: WORKGROUP)
1794. [*] Nmap: 3389/tcp  open  ssl/ms-wbt-server?
1795. [*] Nmap: | ssl-cert: Subject: commonName=kevin
1796. [*] Nmap: | Not valid before: 2019-09-08T21:36:17
1797. [*] Nmap: |_Not valid after:  2020-03-09T21:36:17
1798. [*] Nmap: |_ssl-date: 2019-09-11T11:30:28+00:00; -6s from scanner time.
1799. [*] Nmap: 49152/tcp open  msrpc              Microsoft Windows RPC
1800. [*] Nmap: 49153/tcp open  msrpc              Microsoft Windows RPC
1801. [*] Nmap: 49154/tcp open  msrpc              Microsoft Windows RPC
1802. [*] Nmap: 49155/tcp open  msrpc              Microsoft Windows RPC
1803. [*] Nmap: 49156/tcp open  msrpc              Microsoft Windows RPC
1804. [*] Nmap: 49157/tcp open  msrpc              Microsoft Windows RPC
1805. [*] Nmap: MAC Address: 00:50:56:89:1F:2A (VMware)
1806. [*] Nmap: Device type: general purpose
1807. [*] Nmap: Running: Microsoft Windows 7
1808. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_7
1809. [*] Nmap: OS details: Microsoft Windows 7
1810. [*] Nmap: Network Distance: 1 hop
1811. [*] Nmap: Service Info: Host: KEVIN; OS: Windows; CPE: cpe:/o:microsoft:windows
1812. [*] Nmap: Host script results:
1813. [*] Nmap: |_clock-skew: mean: 1h45m27s, deviation: 3h31m05s, median: -6s
1814. [*] Nmap: |_nbstat: NetBIOS name: KEVIN, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:1f:2a (VMware)
1815. [*] Nmap: | smb-os-discovery:
1816. [*] Nmap: |   OS: Windows 7 Ultimate N 7600 (Windows 7 Ultimate N 6.1)
1817. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_7::-
1818. [*] Nmap: |   Computer name: kevin
1819. [*] Nmap: |   NetBIOS computer name: KEVIN\x00
1820. [*] Nmap: |   Workgroup: WORKGROUP\x00
1821. [*] Nmap: |_  System time: 2019-09-11T04:31:33-07:00
1822. [*] Nmap: | smb-security-mode:
1823. [*] Nmap: |   account_used: guest
1824. [*] Nmap: |   authentication_level: user
1825. [*] Nmap: |   challenge_response: supported
1826. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
1827. [*] Nmap: | smb2-security-mode:
1828. [*] Nmap: |   2.02:
1829. [*] Nmap: |_    Message signing enabled but not required
1830. [*] Nmap: | smb2-time:
1831. [*] Nmap: |   date: 2019-09-11 07:31:33
1832. [*] Nmap: |_  start_date: 2016-05-22 08:55:46
1833. [*] Nmap: TRACEROUTE
1834. [*] Nmap: HOP RTT       ADDRESS
1835. [*] Nmap: 1   239.07 ms 10.11.1.230
1836. [*] Nmap: Nmap scan report for 10.11.1.234
1837. [*] Nmap: Host is up (0.24s latency).
1838. [*] Nmap: Not shown: 998 closed ports
1839. [*] Nmap: PORT   STATE SERVICE VERSION
1840. [*] Nmap: 22/tcp open  ssh     OpenSSH 5.3p1 Debian 3ubuntu3 (Ubuntu Linux; protocol 2.0)
1841. [*] Nmap: | ssh-hostkey:
1842. [*] Nmap: |   1024 2c:83:67:02:29:20:87:99:87:55:95:92:6c:8d:a4:a3 (DSA)
1843. [*] Nmap: |_  2048 6b:91:08:a8:c0:90:ac:68:bd:c9:cd:9c:be:69:2b:ac (RSA)
1844. [*] Nmap: 80/tcp open  http    Apache httpd 2.2.14 ((Ubuntu))
1845. [*] Nmap: |_http-server-header: Apache/2.2.14 (Ubuntu)
1846. [*] Nmap: |_http-title: Business Statistics | New Server for Thinc&#039;s Business Sta...
1847. [*] Nmap: MAC Address: 00:50:56:89:0F:AD (VMware)
1848. [*] Nmap: Device type: general purpose|terminal|WAP|firewall|security-misc|switch
1849. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X|2.4.X (95%), IGEL embedded (95%), HP embedded (94%), IPFire 2.X (93%), Fortinet FortiOS 5.X (92%), Check Point embedded (91%), Extreme Networks ExtremeXOS 12.X (91%)
1850. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:2.6 cpe:/h:igel:ud3 cpe:/h:hp:msm410 cpe:/o:ipfire:ipfire:2.11 cpe:/o:linux:linux_kernel:2.4 cpe:/o:fortinet:fortios:5.0.6 cpe:/o:extremenetworks:extremexos:12.5.4
1851. [*] Nmap: Aggressive OS guesses: Linux 2.6.32 (95%), Linux 2.6.35 (95%), IGEL UD3 thin client (Linux 2.6) (95%), HP MSM410 WAP (94%), IPFire 2.11 firewall (Linux 2.6.32) (93%), DD-WRT v24-sp1 (Linux 2.4) (92%), Fortinet FortiOS 5.0.6 (92%), Linux 2.6.31 - 2.6.32 (92%), Check Point UTM-1 Edge X firewall (91%), Extreme Networks ExtremeXOS 12.5.4 (91%)
1852. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
1853. [*] Nmap: Network Distance: 1 hop
1854. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1855. [*] Nmap: TRACEROUTE
1856. [*] Nmap: HOP RTT       ADDRESS
1857. [*] Nmap: 1   239.73 ms 10.11.1.234
1858. [*] Nmap: Nmap scan report for 10.11.1.237
1859. [*] Nmap: Host is up (0.24s latency).
1860. [*] Nmap: Not shown: 996 closed ports
1861. [*] Nmap: PORT    STATE SERVICE  VERSION
1862. [*] Nmap: 22/tcp  open  ssh      OpenSSH 6.0p1 Debian 4 (protocol 2.0)
1863. [*] Nmap: | ssh-hostkey:
1864. [*] Nmap: |   1024 fc:89:ba:50:c2:ea:2d:ab:b9:19:f1:f9:0a:b4:c0:5a (DSA)
1865. [*] Nmap: |   2048 de:2d:b8:bd:43:8a:c3:28:2b:d3:22:84:d0:6c:e0:9d (RSA)
1866. [*] Nmap: |_  256 a5:58:4d:9d:e8:61:de:55:83:e2:71:6b:5d:ad:83:e2 (ECDSA)
1867. [*] Nmap: 80/tcp  open  http     Apache httpd 2.2.22 ((Debian))
1868. [*] Nmap: |_http-server-header: Apache/2.2.22 (Debian)
1869. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
1870. [*] Nmap: 111/tcp open  rpcbind  2-4 (RPC #100000)
1871. [*] Nmap: | rpcinfo:
1872. [*] Nmap: |   program version   port/proto  service
1873. [*] Nmap: |   100000  2,3,4        111/tcp  rpcbind
1874. [*] Nmap: |   100000  2,3,4        111/udp  rpcbind
1875. [*] Nmap: |   100024  1          43033/tcp  status
1876. [*] Nmap: |_  100024  1          51243/udp  status
1877. [*] Nmap: 443/tcp open  ssl/http Apache httpd 2.2.22 ((Debian))
1878. [*] Nmap: |_http-server-header: Apache/2.2.22 (Debian)
1879. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
1880. [*] Nmap: | ssl-cert: Subject: commonName=localhost
1881. [*] Nmap: | Not valid before: 2013-12-26T16:25:05
1882. [*] Nmap: |_Not valid after:  2023-12-24T16:25:05
1883. [*] Nmap: |_ssl-date: 2019-09-11T11:29:29+00:00; -12s from scanner time.
1884. [*] Nmap: MAC Address: 00:50:56:89:67:4E (VMware)
1885. [*] Nmap: Aggressive OS guesses: Linux 3.2 - 3.8 (95%), Linux 3.8 (95%), WatchGuard Fireware 11.8 (95%), Linux 3.5 (93%), Linux 3.1 - 3.2 (93%), Linux 2.6.32 - 2.6.39 (93%), Linux 3.0 - 3.2 (92%), Linux 2.6.32 (91%), Linux 2.6.32 or 3.10 (91%), Linux 3.0 or 3.5 (91%)
1886. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
1887. [*] Nmap: Network Distance: 1 hop
1888. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1889. [*] Nmap: Host script results:
1890. [*] Nmap: |_clock-skew: mean: -12s, deviation: 0s, median: -12s
1891. [*] Nmap: TRACEROUTE
1892. [*] Nmap: HOP RTT       ADDRESS
1893. [*] Nmap: 1   239.85 ms 10.11.1.237
1894. [*] Nmap: Nmap scan report for 10.11.1.238
1895. [*] Nmap: Host is up (0.24s latency).
1896. [*] Nmap: Not shown: 996 closed ports
1897. [*] Nmap: PORT    STATE SERVICE  VERSION
1898. [*] Nmap: 22/tcp  open  ssh      OpenSSH 6.0p1 Debian 4 (protocol 2.0)
1899. [*] Nmap: | ssh-hostkey:
1900. [*] Nmap: |   1024 fc:89:ba:50:c2:ea:2d:ab:b9:19:f1:f9:0a:b4:c0:5a (DSA)
1901. [*] Nmap: |   2048 de:2d:b8:bd:43:8a:c3:28:2b:d3:22:84:d0:6c:e0:9d (RSA)
1902. [*] Nmap: |_  256 a5:58:4d:9d:e8:61:de:55:83:e2:71:6b:5d:ad:83:e2 (ECDSA)
1903. [*] Nmap: 80/tcp  open  http     Apache httpd 2.2.22 ((Debian))
1904. [*] Nmap: |_http-server-header: Apache/2.2.22 (Debian)
1905. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
1906. [*] Nmap: 111/tcp open  rpcbind  2-4 (RPC #100000)
1907. [*] Nmap: | rpcinfo:
1908. [*] Nmap: |   program version   port/proto  service
1909. [*] Nmap: |   100000  2,3,4        111/tcp  rpcbind
1910. [*] Nmap: |   100000  2,3,4        111/udp  rpcbind
1911. [*] Nmap: |   100024  1          39665/tcp  status
1912. [*] Nmap: |_  100024  1          58526/udp  status
1913. [*] Nmap: 443/tcp open  ssl/http Apache httpd 2.2.22 ((Debian))
1914. [*] Nmap: |_http-server-header: Apache/2.2.22 (Debian)
1915. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
1916. [*] Nmap: | ssl-cert: Subject: commonName=localhost
1917. [*] Nmap: | Not valid before: 2013-12-26T16:25:05
1918. [*] Nmap: |_Not valid after:  2023-12-24T16:25:05
1919. [*] Nmap: |_ssl-date: 2019-09-11T11:30:37+00:00; -9s from scanner time.
1920. [*] Nmap: MAC Address: 00:50:56:89:38:1C (VMware)
1921. [*] Nmap: Aggressive OS guesses: Linux 3.2 - 3.8 (94%), Linux 3.5 (94%), WatchGuard Fireware 11.8 (94%), Linux 3.1 - 3.2 (93%), Linux 3.8 (93%), Linux 2.6.32 - 2.6.39 (92%), Linux 2.6.32 or 3.10 (91%), Linux 3.3 (91%), Linux 2.6.36 (91%), Linux 3.11 - 4.1 (91%)
1922. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
1923. [*] Nmap: Network Distance: 1 hop
1924. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1925. [*] Nmap: Host script results:
1926. [*] Nmap: |_clock-skew: mean: -9s, deviation: 0s, median: -9s
1927. [*] Nmap: TRACEROUTE
1928. [*] Nmap: HOP RTT       ADDRESS
1929. [*] Nmap: 1   238.05 ms 10.11.1.238
1930. [*] Nmap: Nmap scan report for 10.11.1.247
1931. [*] Nmap: Host is up (0.24s latency).
1932. [*] Nmap: Not shown: 999 filtered ports
1933. [*] Nmap: PORT     STATE SERVICE       VERSION
1934. [*] Nmap: 3389/tcp open  ms-wbt-server Microsoft Terminal Service
1935. [*] Nmap: MAC Address: 00:50:56:89:4B:D3 (VMware)
1936. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1937. [*] Nmap: Device type: general purpose|WAP
1938. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2000|2003 (96%), Apple embedded (90%)
1939. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_2000::sp4 cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_server_2003::sp2
1940. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (96%), Microsoft Windows 2000 SP4 (90%), Apple AirPort Extreme WAP (90%), Microsoft Windows XP SP3 (89%), Microsoft Windows Server 2003 SP2 (86%)
1941. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
1942. [*] Nmap: Network Distance: 1 hop
1943. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1944. [*] Nmap: TRACEROUTE
1945. [*] Nmap: HOP RTT       ADDRESS
1946. [*] Nmap: 1   239.40 ms 10.11.1.247
1947. [*] Nmap: Nmap scan report for 10.11.1.251
1948. [*] Nmap: Host is up (0.25s latency).
1949. [*] Nmap: Not shown: 998 filtered ports
1950. [*] Nmap: PORT   STATE SERVICE VERSION
1951. [*] Nmap: 22/tcp open  ssh     OpenSSH 5.1p1 Debian 5ubuntu1 (Ubuntu Linux; protocol 2.0)
1952. [*] Nmap: | ssh-hostkey:
1953. [*] Nmap: |   1024 fd:35:c0:66:fc:2a:d0:76:c0:33:55:21:cb:70:55:54 (DSA)
1954. [*] Nmap: |_  2048 bf:e1:ee:61:60:a5:3d:28:0f:af:7d:85:0c:19:c5:8d (RSA)
1955. [*] Nmap: 80/tcp open  http    Apache httpd 2.2.11 ((Ubuntu) PHP/5.2.6-3ubuntu4.4 with Suhosin-Patch)
1956. [*] Nmap: | http-methods:
1957. [*] Nmap: |_  Potentially risky methods: TRACE
1958. [*] Nmap: |_http-server-header: Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.4 with Suhosin-Patch
1959. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
1960. [*] Nmap: MAC Address: 00:50:56:89:1E:0E (VMware)
1961. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1962. [*] Nmap: Device type: general purpose|switch|firewall|printer|broadband router|remote management|security-misc
1963. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X|3.X (92%), Extreme Networks ExtremeXOS 12.X (89%), Barracuda Networks embedded (89%), Canon embedded (87%), D-Link embedded (87%), HP embedded (87%), Linksys embedded (87%), HP Onboard Administrator 4.X (86%)
1964. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:extremenetworks:extremexos:12.5.4 cpe:/h:canon:imagerunner_advance_c5051 cpe:/h:dlink:dsl-2540b cpe:/a:hp:onboard_administrator:2.04 cpe:/h:linksys:wrv200 cpe:/o:linux:linux_kernel:3.2.0 cpe:/a:hp:onboard_administrator:4
1965. [*] Nmap: Aggressive OS guesses: Linux 2.6.32 (92%), Linux 2.6.24 (Debian) (90%), Extreme Networks ExtremeXOS 12.5.4 (89%), Linux 2.6.15 - 2.6.26 (likely embedded) (89%), Linux 2.6.26 (89%), Barracuda Web Application Firewall 460 (89%), Linux 2.6.23 (88%), Linux 2.6.22 (Debian 4.0) (88%), Canon imageRUNNER ADVANCE C5051 printer (87%), D-Link DSL-2540B ADSL router (87%)
1966. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
1967. [*] Nmap: Network Distance: 1 hop
1968. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1969. [*] Nmap: TRACEROUTE
1970. [*] Nmap: HOP RTT       ADDRESS
1971. [*] Nmap: 1   246.64 ms 10.11.1.251
1972. [*] Nmap: Nmap scan report for 10.11.1.252
1973. [*] Nmap: Host is up (0.24s latency).
1974. [*] Nmap: Not shown: 998 filtered ports
1975. [*] Nmap: PORT     STATE SERVICE    VERSION
1976. [*] Nmap: 8000/tcp open  http       Apache httpd 2.2.3 ((CentOS))
1977. [*] Nmap: |_http-open-proxy: Proxy might be redirecting requests
1978. [*] Nmap: |_http-server-header: Apache/2.2.3 (CentOS)
1979. [*] Nmap: | http-title: TimeClock Software :: Dev. Dpt. Thinc.local :: Log In
1980. [*] Nmap: |_Requested resource was login.php
1981. [*] Nmap: 8888/tcp open  http-proxy Squid http proxy 3.3.8
1982. [*] Nmap: |_http-server-header: squid/3.3.8
1983. [*] Nmap: |_http-title: Endian Firewall -  The requested URL could not be retrieved
1984. [*] Nmap: MAC Address: 00:50:56:89:6F:1A (VMware)
1985. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1986. [*] Nmap: Device type: general purpose|firewall|WAP|proxy server|PBX
1987. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X (91%), Cisco embedded (87%), ZoneAlarm embedded (87%), Ruckus embedded (87%), Riverbed embedded (86%)
1988. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6 cpe:/h:cisco:sa520 cpe:/h:zonealarm:z100g cpe:/h:ruckus:7363 cpe:/h:riverbed:steelhead_200 cpe:/h:cisco:uc320w
1989. [*] Nmap: Aggressive OS guesses: Linux 2.6.18 (91%), Linux 2.6.9 - 2.6.27 (89%), Linux 2.6.9 (89%), Cisco SA520 firewall (Linux 2.6) (87%), Linux 2.6.11 (87%), Linux 2.6.28 (87%), Linux 2.6.30 (87%), ZoneAlarm Z100G WAP (87%), Ruckus 7363 WAP (87%), Linux 2.6.22.1-32.fc6 (x86, SMP) (86%)
1990. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
1991. [*] Nmap: Network Distance: 1 hop
1992. [*] Nmap: TRACEROUTE
1993. [*] Nmap: HOP RTT       ADDRESS
1994. [*] Nmap: 1   240.10 ms 10.11.1.252
1995. [*] Nmap: Post-scan script results:
1996. [*] Nmap: | clock-skew:
1997. [*] Nmap: |   1h45m46s:
1998. [*] Nmap: |     10.11.1.145
1999. [*] Nmap: |     10.11.1.75
2000. [*] Nmap: |   40m29s:
2001. [*] Nmap: |     10.11.1.24
2002. [*] Nmap: |_    10.11.1.136
2003. [*] Nmap: | ssh-hostkey: Possible duplicate hosts
2004. [*] Nmap: | Key 256 a5:58:4d:9d:e8:61:de:55:83:e2:71:6b:5d:ad:83:e2 (ECDSA) used by:
2005. [*] Nmap: |   10.11.1.237
2006. [*] Nmap: |   10.11.1.238
2007. [*] Nmap: | Key 1024 fc:89:ba:50:c2:ea:2d:ab:b9:19:f1:f9:0a:b4:c0:5a (DSA) used by:
2008. [*] Nmap: |   10.11.1.237
2009. [*] Nmap: |   10.11.1.238
2010. [*] Nmap: | Key 2048 de:2d:b8:bd:43:8a:c3:28:2b:d3:22:84:d0:6c:e0:9d (RSA) used by:
2011. [*] Nmap: |   10.11.1.237
2012. [*] Nmap: |_  10.11.1.238
2013. [*] Nmap: OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
2014. [*] Nmap: Nmap done: 254 IP addresses (45 hosts up) scanned in 8439.13 seconds