SHARE
TWEET

msf-nmap-allflag

a guest Sep 11th, 2019 190 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. msf > db_nmap -A 10.11.1.1-254
  2. [*] Nmap: Starting Nmap 7.70 ( https://nmap.org ) at 2019-09-11 05:30 EDT
  3. [*] Nmap: Warning: 10.11.1.133 giving up on port because retransmission cap hit (10).
  4. [*] Nmap: Nmap scan report for 10.11.1.5
  5. [*] Nmap: Host is up (0.24s latency).
  6. [*] Nmap: Not shown: 997 closed ports
  7. [*] Nmap: PORT     STATE SERVICE      VERSION
  8. [*] Nmap: 139/tcp  open  netbios-ssn  Microsoft Windows netbios-ssn
  9. [*] Nmap: 445/tcp  open  microsoft-ds Windows XP microsoft-ds
  10. [*] Nmap: 1025/tcp open  NFS-or-IIS?
  11. [*] Nmap: MAC Address: 00:50:56:89:1D:93 (VMware)
  12. [*] Nmap: Device type: general purpose
  13. [*] Nmap: Running: Microsoft Windows XP
  14. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp
  15. [*] Nmap: OS details: Microsoft Windows XP
  16. [*] Nmap: Network Distance: 1 hop
  17. [*] Nmap: Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp
  18. [*] Nmap: Host script results:
  19. [*] Nmap: |_clock-skew: mean: -59m54s, deviation: 0s, median: -59m54s
  20. [*] Nmap: |_nbstat: NetBIOS name: ALICE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:1d:93 (VMware)
  21. [*] Nmap: | smb-os-discovery:
  22. [*] Nmap: |   OS: Windows XP (Windows 2000 LAN Manager)
  23. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_xp::-
  24. [*] Nmap: |   NetBIOS computer name: ALICE\x00
  25. [*] Nmap: |   Workgroup: THINC\x00
  26. [*] Nmap: |_  System time: 2019-09-11T12:28:07+01:00
  27. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  28. [*] Nmap: TRACEROUTE
  29. [*] Nmap: HOP RTT       ADDRESS
  30. [*] Nmap: 1   240.04 ms 10.11.1.5
  31. [*] Nmap: Nmap scan report for 10.11.1.7
  32. [*] Nmap: Host is up (0.24s latency).
  33. [*] Nmap: Not shown: 999 filtered ports
  34. [*] Nmap: PORT     STATE SERVICE       VERSION
  35. [*] Nmap: 3389/tcp open  ms-wbt-server Microsoft Terminal Service
  36. [*] Nmap: MAC Address: 00:50:56:89:2F:72 (VMware)
  37. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  38. [*] Nmap: Device type: WAP|general purpose
  39. [*] Nmap: Running (JUST GUESSING): Apple embedded (90%), Microsoft Windows XP (88%)
  40. [*] Nmap: OS CPE: cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_xp
  41. [*] Nmap: Aggressive OS guesses: Apple AirPort Extreme WAP (90%), Microsoft Windows XP (88%)
  42. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  43. [*] Nmap: Network Distance: 1 hop
  44. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  45. [*] Nmap: TRACEROUTE
  46. [*] Nmap: HOP RTT       ADDRESS
  47. [*] Nmap: 1   238.19 ms 10.11.1.7
  48. [*] Nmap: Nmap scan report for 10.11.1.8
  49. [*] Nmap: Host is up (0.24s latency).
  50. [*] Nmap: Not shown: 990 filtered ports
  51. [*] Nmap: PORT     STATE  SERVICE     VERSION
  52. [*] Nmap: 21/tcp   open   ftp         vsftpd 2.0.1
  53. [*] Nmap: | ftp-anon: Anonymous FTP login allowed (FTP code 230)
  54. [*] Nmap: |_Can't get directory listing: ERROR
  55. [*] Nmap: | ftp-syst:
  56. [*] Nmap: |   STAT:
  57. [*] Nmap: | FTP server status:
  58. [*] Nmap: |      Connected to 10.11.0.96
  59. [*] Nmap: |      Logged in as ftp
  60. [*] Nmap: |      TYPE: ASCII
  61. [*] Nmap: |      No session bandwidth limit
  62. [*] Nmap: |      Session timeout in seconds is 300
  63. [*] Nmap: |      Control connection is plain text
  64. [*] Nmap: |      Data connections will be plain text
  65. [*] Nmap: |      At session startup, client count was 1
  66. [*] Nmap: |      vsFTPd 2.0.1 - secure, fast, stable
  67. [*] Nmap: |_End of status
  68. [*] Nmap: 22/tcp   open   ssh         OpenSSH 3.9p1 (protocol 1.99)
  69. [*] Nmap: | ssh-hostkey:
  70. [*] Nmap: |   1024 89:94:af:2e:5d:c1:da:84:25:11:2c:12:45:c6:70:ac (RSA1)
  71. [*] Nmap: |   1024 c1:c5:d1:83:0f:4d:d8:9e:8f:82:4c:be:53:4b:6e:14 (DSA)
  72. [*] Nmap: |_  1024 bc:e1:e6:dd:ab:5e:fd:d1:21:2e:11:7c:d5:b2:03:52 (RSA)
  73. [*] Nmap: |_sshv1: Server supports SSHv1
  74. [*] Nmap: 25/tcp   closed smtp
  75. [*] Nmap: 80/tcp   open   http        Apache httpd 2.0.52 ((CentOS))
  76. [*] Nmap: | http-methods:
  77. [*] Nmap: |_  Potentially risky methods: TRACE
  78. [*] Nmap: | http-robots.txt: 2 disallowed entries
  79. [*] Nmap: |_/internal/  /tmp/
  80. [*] Nmap: |_http-server-header: Apache/2.0.52 (CentOS)
  81. [*] Nmap: |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
  82. [*] Nmap: 111/tcp  open   rpcbind     2 (RPC #100000)
  83. [*] Nmap: | rpcinfo:
  84. [*] Nmap: |   program version   port/proto  service
  85. [*] Nmap: |   100000  2            111/tcp  rpcbind
  86. [*] Nmap: |   100000  2            111/udp  rpcbind
  87. [*] Nmap: |   100024  1            843/udp  status
  88. [*] Nmap: |_  100024  1            846/tcp  status
  89. [*] Nmap: 139/tcp  open   netbios-ssn Samba smbd 3.X - 4.X (workgroup: MYGROUP)
  90. [*] Nmap: 443/tcp  open   ssl/http    Apache httpd 2.0.52 ((CentOS))
  91. [*] Nmap: | http-robots.txt: 2 disallowed entries
  92. [*] Nmap: |_/internal/  /tmp/
  93. [*] Nmap: |_http-server-header: Apache/2.0.52 (CentOS)
  94. [*] Nmap: |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
  95. [*] Nmap: | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
  96. [*] Nmap: | Not valid before: 2009-09-16T14:03:22
  97. [*] Nmap: |_Not valid after:  2010-09-16T14:03:22
  98. [*] Nmap: |_ssl-date: 2019-09-11T11:30:26+00:00; -15s from scanner time.
  99. [*] Nmap: | sslv2:
  100. [*] Nmap: |   SSLv2 supported
  101. [*] Nmap: |   ciphers:
  102. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  103. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  104. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  105. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  106. [*] Nmap: |     SSL2_RC2_128_CBC_WITH_MD5
  107. [*] Nmap: |     SSL2_DES_64_CBC_WITH_MD5
  108. [*] Nmap: |_    SSL2_RC4_64_WITH_MD5
  109. [*] Nmap: 445/tcp  open   netbios-ssn Samba smbd 3.0.33-0.17.el4 (workgroup: MYGROUP)
  110. [*] Nmap: 631/tcp  open   ipp         CUPS 1.1
  111. [*] Nmap: | http-methods:
  112. [*] Nmap: |_  Potentially risky methods: PUT
  113. [*] Nmap: |_http-server-header: CUPS/1.1
  114. [*] Nmap: |_http-title: 403 Forbidden
  115. [*] Nmap: 3306/tcp open   mysql?
  116. [*] Nmap: |_mysql-info: ERROR: Script execution failed (use -d to debug)
  117. [*] Nmap: MAC Address: 00:50:56:89:3D:A7 (VMware)
  118. [*] Nmap: Aggressive OS guesses: Linux 2.6.18 (94%), Linux 2.6.9 - 2.6.27 (93%), Linux 2.6.9 (93%), Cisco SA520 firewall (Linux 2.6) (92%), Linux 2.6.11 (92%), Linux 2.6.28 (92%), Linux 2.6.30 (92%), Ruckus 7363 WAP (91%), Linux 2.6.32 (90%), Linux 2.6.9 (CentOS 4.4) (90%)
  119. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  120. [*] Nmap: Network Distance: 1 hop
  121. [*] Nmap: Service Info: OS: Unix
  122. [*] Nmap: Host script results:
  123. [*] Nmap: |_clock-skew: mean: 1h20m03s, deviation: 2h19m06s, median: -15s
  124. [*] Nmap: | smb-os-discovery:
  125. [*] Nmap: |   OS: Unix (Samba 3.0.33-0.17.el4)
  126. [*] Nmap: |   Computer name: phoenix
  127. [*] Nmap: |   NetBIOS computer name:
  128. [*] Nmap: |   Domain name:
  129. [*] Nmap: |   FQDN: phoenix
  130. [*] Nmap: |_  System time: 2019-09-11T07:28:42-04:00
  131. [*] Nmap: | smb-security-mode:
  132. [*] Nmap: |   account_used: guest
  133. [*] Nmap: |   authentication_level: user
  134. [*] Nmap: |   challenge_response: supported
  135. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  136. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  137. [*] Nmap: TRACEROUTE
  138. [*] Nmap: HOP RTT       ADDRESS
  139. [*] Nmap: 1   239.11 ms 10.11.1.8
  140. [*] Nmap: Nmap scan report for 10.11.1.10
  141. [*] Nmap: Host is up (0.24s latency).
  142. [*] Nmap: Not shown: 999 filtered ports
  143. [*] Nmap: PORT   STATE SERVICE VERSION
  144. [*] Nmap: 80/tcp open  http    Microsoft IIS httpd 6.0
  145. [*] Nmap: | http-methods:
  146. [*] Nmap: |_  Potentially risky methods: TRACE
  147. [*] Nmap: |_http-server-header: Microsoft-IIS/6.0
  148. [*] Nmap: |_http-title: Under Construction
  149. [*] Nmap: MAC Address: 00:50:56:93:6F:E0 (VMware)
  150. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  151. [*] Nmap: Device type: general purpose|WAP
  152. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2003|2000 (93%), Apple embedded (86%)
  153. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_2000::sp4 cpe:/h:apple:airport_extreme
  154. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (93%), Microsoft Windows Server 2003 SP2 (89%), Microsoft Windows Server 2003 (88%), Microsoft Windows XP SP3 (87%), Microsoft Windows 2000 SP4 (87%), Apple AirPort Extreme WAP (86%)
  155. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  156. [*] Nmap: Network Distance: 1 hop
  157. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  158. [*] Nmap: TRACEROUTE
  159. [*] Nmap: HOP RTT       ADDRESS
  160. [*] Nmap: 1   237.62 ms 10.11.1.10
  161. [*] Nmap: Nmap scan report for 10.11.1.13
  162. [*] Nmap: Host is up (0.24s latency).
  163. [*] Nmap: Not shown: 997 filtered ports
  164. [*] Nmap: PORT     STATE SERVICE        VERSION
  165. [*] Nmap: 21/tcp   open  ftp            Microsoft ftpd
  166. [*] Nmap: | ftp-anon: Anonymous FTP login allowed (FTP code 230)
  167. [*] Nmap: | 01-17-07  07:42PM       <DIR>          AdminScripts
  168. [*] Nmap: | 01-17-07  07:43PM       <DIR>          ftproot
  169. [*] Nmap: | 01-17-07  07:43PM       <DIR>          iissamples
  170. [*] Nmap: | 01-17-07  07:43PM       <DIR>          Scripts
  171. [*] Nmap: |_09-10-19  07:01PM       <DIR>          wwwroot
  172. [*] Nmap: | ftp-syst:
  173. [*] Nmap: |_  SYST: Windows_NT
  174. [*] Nmap: 80/tcp   open  http           Microsoft IIS httpd 5.1
  175. [*] Nmap: | http-methods:
  176. [*] Nmap: |_  Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
  177. [*] Nmap: |_http-server-header: Microsoft-IIS/5.1
  178. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  179. [*] Nmap: | http-webdav-scan:
  180. [*] Nmap: |   WebDAV type: Unkown
  181. [*] Nmap: |   Server Type: Microsoft-IIS/5.1
  182. [*] Nmap: |   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
  183. [*] Nmap: |   Allowed Methods: OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK
  184. [*] Nmap: |_  Server Date: Wed, 11 Sep 2019 11:31:05 GMT
  185. [*] Nmap: 3389/tcp open  ms-wbt-server?
  186. [*] Nmap: 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  187. [*] Nmap: SF-Port3389-TCP:V=7.70%I=7%D=9/11%Time=5D78D8A3%P=i686-pc-linux-gnu%r(Term
  188. [*] Nmap: SF:inalServerCookie,B,"\x03\0\0\x0b\x06\xd0\0\0\x124\0");
  189. [*] Nmap: MAC Address: 00:50:56:89:17:DA (VMware)
  190. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  191. [*] Nmap: Device type: general purpose
  192. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP (96%)
  193. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp
  194. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (96%)
  195. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  196. [*] Nmap: Network Distance: 1 hop
  197. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  198. [*] Nmap: TRACEROUTE
  199. [*] Nmap: HOP RTT       ADDRESS
  200. [*] Nmap: 1   238.41 ms 10.11.1.13
  201. [*] Nmap: Nmap scan report for 10.11.1.14
  202. [*] Nmap: Host is up (0.24s latency).
  203. [*] Nmap: Not shown: 997 filtered ports
  204. [*] Nmap: PORT     STATE SERVICE        VERSION
  205. [*] Nmap: 21/tcp   open  ftp            Microsoft ftpd
  206. [*] Nmap: | ftp-anon: Anonymous FTP login allowed (FTP code 230)
  207. [*] Nmap: | 01-17-07  07:42PM       <DIR>          AdminScripts
  208. [*] Nmap: | 01-17-07  07:43PM       <DIR>          ftproot
  209. [*] Nmap: | 01-17-07  07:43PM       <DIR>          iissamples
  210. [*] Nmap: | 01-17-07  07:43PM       <DIR>          Scripts
  211. [*] Nmap: |_04-16-16  10:42AM       <DIR>          wwwroot
  212. [*] Nmap: | ftp-syst:
  213. [*] Nmap: |_  SYST: Windows_NT
  214. [*] Nmap: 80/tcp   open  http           Microsoft IIS httpd 5.1
  215. [*] Nmap: | http-methods:
  216. [*] Nmap: |_  Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
  217. [*] Nmap: |_http-server-header: Microsoft-IIS/5.1
  218. [*] Nmap: |_http-title: Too Many Users
  219. [*] Nmap: | http-webdav-scan:
  220. [*] Nmap: |   WebDAV type: Unkown
  221. [*] Nmap: |   Server Type: Microsoft-IIS/5.1
  222. [*] Nmap: |   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
  223. [*] Nmap: |   Allowed Methods: OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK
  224. [*] Nmap: |_  Server Date: Wed, 11 Sep 2019 11:30:41 GMT
  225. [*] Nmap: 3389/tcp open  ms-wbt-server?
  226. [*] Nmap: 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  227. [*] Nmap: SF-Port3389-TCP:V=7.70%I=7%D=9/11%Time=5D78D8A3%P=i686-pc-linux-gnu%r(Term
  228. [*] Nmap: SF:inalServerCookie,B,"\x03\0\0\x0b\x06\xd0\0\0\x124\0");
  229. [*] Nmap: MAC Address: 00:50:56:89:7C:1A (VMware)
  230. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  231. [*] Nmap: Device type: general purpose|WAP
  232. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2003 (92%), Apple embedded (85%)
  233. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_server_2003 cpe:/h:apple:airport_extreme
  234. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (92%), Microsoft Windows Server 2003 (85%), Apple AirPort Extreme WAP (85%)
  235. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  236. [*] Nmap: Network Distance: 1 hop
  237. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  238. [*] Nmap: TRACEROUTE
  239. [*] Nmap: HOP RTT       ADDRESS
  240. [*] Nmap: 1   238.45 ms 10.11.1.14
  241. [*] Nmap: Nmap scan report for 10.11.1.22
  242. [*] Nmap: Host is up (0.23s latency).
  243. [*] Nmap: Not shown: 989 closed ports
  244. [*] Nmap: PORT      STATE SERVICE     VERSION
  245. [*] Nmap: 21/tcp    open  ftp?
  246. [*] Nmap: 22/tcp    open  ssh         OpenSSH 3.1p1 (protocol 1.99)
  247. [*] Nmap: | ssh-hostkey:
  248. [*] Nmap: |   1024 4a:e3:f8:07:d5:d6:b1:b5:bf:54:ac:e7:17:36:7e:e8 (RSA1)
  249. [*] Nmap: |   1024 77:67:f2:2c:3d:7c:45:24:fe:5e:0f:de:07:65:b3:57 (DSA)
  250. [*] Nmap: |_  1024 42:b1:48:0b:41:f8:a9:12:cc:9b:c4:ed:26:74:64:2c (RSA)
  251. [*] Nmap: |_sshv1: Server supports SSHv1
  252. [*] Nmap: 23/tcp    open  telnet?
  253. [*] Nmap: 25/tcp    open  smtp?
  254. [*] Nmap: |_smtp-commands: Couldn't establish connection on port 25
  255. [*] Nmap: 80/tcp    open  http        Apache httpd 1.3.23 ((Unix)  (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2)
  256. [*] Nmap: | http-methods:
  257. [*] Nmap: |_  Potentially risky methods: PUT DELETE CONNECT PATCH PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK TRACE
  258. [*] Nmap: |_http-server-header: Apache/1.3.23 (Unix)  (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2
  259. [*] Nmap: |_http-title: Test Page for the Apache Web Server on Red Hat Linux
  260. [*] Nmap: 111/tcp   open  rpcbind     2 (RPC #100000)
  261. [*] Nmap: | rpcinfo:
  262. [*] Nmap: |   program version   port/proto  service
  263. [*] Nmap: |   100000  2            111/tcp  rpcbind
  264. [*] Nmap: |   100000  2            111/udp  rpcbind
  265. [*] Nmap: |   100024  1          32768/tcp  status
  266. [*] Nmap: |_  100024  1          32768/udp  status
  267. [*] Nmap: 139/tcp   open  netbios-ssn Samba smbd (workgroup: MYGROUP)
  268. [*] Nmap: 199/tcp   open  smux        Linux SNMP multiplexer
  269. [*] Nmap: 443/tcp   open  ssl/https   Apache/1.3.23 (Unix)  (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.
  270. [*] Nmap: |_http-server-header: Apache/1.3.23 (Unix)  (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2
  271. [*] Nmap: |_http-title: 400 Bad Request
  272. [*] Nmap: |_ssl-date: 2019-09-11T11:28:15+00:00; -6s from scanner time.
  273. [*] Nmap: | sslv2:
  274. [*] Nmap: |   SSLv2 supported
  275. [*] Nmap: |   ciphers:
  276. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  277. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  278. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  279. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  280. [*] Nmap: |     SSL2_RC2_128_CBC_WITH_MD5
  281. [*] Nmap: |     SSL2_DES_64_CBC_WITH_MD5
  282. [*] Nmap: |_    SSL2_RC4_64_WITH_MD5
  283. [*] Nmap: 995/tcp   open  ssl/pop3s?
  284. [*] Nmap: |_ssl-date: 2019-09-11T11:30:30+00:00; -7s from scanner time.
  285. [*] Nmap: | sslv2:
  286. [*] Nmap: |   SSLv2 supported
  287. [*] Nmap: |   ciphers:
  288. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  289. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  290. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  291. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  292. [*] Nmap: |_    SSL2_RC2_128_CBC_WITH_MD5
  293. [*] Nmap: 32768/tcp open  status      1 (RPC #100024)
  294. [*] Nmap: MAC Address: 00:50:56:89:7C:D5 (VMware)
  295. [*] Nmap: Device type: general purpose|WAP|router|specialized|switch|media device|broadband router
  296. [*] Nmap: Running (JUST GUESSING): Linux 2.4.X|2.6.X (97%), Acorp embedded (95%), Meru embedded (94%), AVM embedded (93%), Google embedded (93%), HP embedded (93%), Philips embedded (93%), Motorola embedded (93%)
  297. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/h:avm:fritz%21box_fon_wlan_7170 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.6.18 cpe:/h:motorola:surfboard_sb6120 cpe:/h:motorola:surfboard_sb6141
  298. [*] Nmap: Aggressive OS guesses: Linux 2.4.20 (97%), Acorp W400G or W422G wireless ADSL modem (MontaVista embedded Linux 2.4.17) (95%), MontaVista embedded Linux 2.4.17 (95%), Meru MC1000 wireless LAN controller (94%), AVM FRITZ!Box FON WLAN 7170 WAP (93%), Google Mini search appliance (93%), HP Brocade 4Gb SAN switch or (93%), Linux 2.4.21 (embedded) (93%), Motorola SURFboard SB6120 or SB6141 cable modem (Linux 2.6.18) (93%), Linux 2.6.15 - 2.6.26 (likely embedded) (93%)
  299. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  300. [*] Nmap: Network Distance: 1 hop
  301. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  302. [*] Nmap: Host script results:
  303. [*] Nmap: |_clock-skew: mean: -6s, deviation: 0s, median: -7s
  304. [*] Nmap: |_nbstat: NetBIOS name: BARRY, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
  305. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  306. [*] Nmap: TRACEROUTE
  307. [*] Nmap: HOP RTT       ADDRESS
  308. [*] Nmap: 1   231.10 ms 10.11.1.22
  309. [*] Nmap: Nmap scan report for 10.11.1.24
  310. [*] Nmap: Host is up (0.26s latency).
  311. [*] Nmap: Not shown: 991 closed ports
  312. [*] Nmap: PORT     STATE SERVICE     VERSION
  313. [*] Nmap: 22/tcp   open  ssh         OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)
  314. [*] Nmap: | ssh-hostkey:
  315. [*] Nmap: |   1024 f3:6e:87:04:ea:2d:b3:60:ff:42:ad:26:67:17:94:d5 (DSA)
  316. [*] Nmap: |_  2048 bb:03:ce:ed:13:f1:9a:9e:36:03:e2:af:ca:b2:35:04 (RSA)
  317. [*] Nmap: 80/tcp   open  http        Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6)
  318. [*] Nmap: |_http-server-header: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6
  319. [*] Nmap: |_http-title: CS-Cart. Powerful PHP shopping cart software
  320. [*] Nmap: 110/tcp  open  pop3        Dovecot pop3d
  321. [*] Nmap: |_pop3-capabilities: UIDL STLS CAPA PIPELINING SASL RESP-CODES TOP
  322. [*] Nmap: | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
  323. [*] Nmap: | Not valid before: 2008-04-25T02:02:48
  324. [*] Nmap: |_Not valid after:  2008-05-25T02:02:48
  325. [*] Nmap: |_ssl-date: 2019-09-11T11:30:54+00:00; -2s from scanner time.
  326. [*] Nmap: | sslv2:
  327. [*] Nmap: |   SSLv2 supported
  328. [*] Nmap: |   ciphers:
  329. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  330. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  331. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  332. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  333. [*] Nmap: |_    SSL2_RC2_128_CBC_WITH_MD5
  334. [*] Nmap: 139/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: MSHOME)
  335. [*] Nmap: 143/tcp  open  imap        Dovecot imapd
  336. [*] Nmap: |_imap-capabilities: OK SORT THREAD=REFERENCES IMAP4rev1 CHILDREN UNSELECT SASL-IR completed MULTIAPPEND Capability LOGINDISABLEDA0001 STARTTLS LOGIN-REFERRALS NAMESPACE LITERAL+ IDLE
  337. [*] Nmap: | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
  338. [*] Nmap: | Not valid before: 2008-04-25T02:02:48
  339. [*] Nmap: |_Not valid after:  2008-05-25T02:02:48
  340. [*] Nmap: |_ssl-date: 2019-09-11T11:28:17+00:00; -2s from scanner time.
  341. [*] Nmap: | sslv2:
  342. [*] Nmap: |   SSLv2 supported
  343. [*] Nmap: |   ciphers:
  344. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  345. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  346. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  347. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  348. [*] Nmap: |_    SSL2_RC2_128_CBC_WITH_MD5
  349. [*] Nmap: 445/tcp  open  netbios-ssn Samba smbd 3.0.26a (workgroup: MSHOME)
  350. [*] Nmap: 993/tcp  open  ssl/imap    Dovecot imapd
  351. [*] Nmap: | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
  352. [*] Nmap: | Not valid before: 2008-04-25T02:02:48
  353. [*] Nmap: |_Not valid after:  2008-05-25T02:02:48
  354. [*] Nmap: |_ssl-date: 2019-09-11T11:28:39+00:00; -2s from scanner time.
  355. [*] Nmap: | sslv2:
  356. [*] Nmap: |   SSLv2 supported
  357. [*] Nmap: |   ciphers:
  358. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  359. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  360. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  361. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  362. [*] Nmap: |_    SSL2_RC2_128_CBC_WITH_MD5
  363. [*] Nmap: 995/tcp  open  ssl/pop3    Dovecot pop3d
  364. [*] Nmap: |_pop3-capabilities: USER UIDL CAPA PIPELINING SASL(PLAIN) RESP-CODES TOP
  365. [*] Nmap: | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
  366. [*] Nmap: | Not valid before: 2008-04-25T02:02:48
  367. [*] Nmap: |_Not valid after:  2008-05-25T02:02:48
  368. [*] Nmap: |_ssl-date: 2019-09-11T11:28:31+00:00; -2s from scanner time.
  369. [*] Nmap: | sslv2:
  370. [*] Nmap: |   SSLv2 supported
  371. [*] Nmap: |   ciphers:
  372. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  373. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  374. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  375. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  376. [*] Nmap: |_    SSL2_RC2_128_CBC_WITH_MD5
  377. [*] Nmap: 8000/tcp open  http-alt?
  378. [*] Nmap: MAC Address: 00:50:56:89:00:33 (VMware)
  379. [*] Nmap: Device type: general purpose|WAP|remote management|switch|specialized|print server|media device
  380. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X|2.4.X (95%), AVM embedded (94%), Dell embedded (94%), Extreme Networks ExtremeXOS 12.X (94%), Google embedded (94%), HP embedded (94%), Philips embedded (94%)
  381. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.34 cpe:/h:avm:fritz%21box_fon_wlan_7170 cpe:/h:dell:remote_access_card:5 cpe:/o:extremenetworks:extremexos:12.5.4 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.4.21
  382. [*] Nmap: Aggressive OS guesses: DD-WRT v24-presp2 (Linux 2.6.34) (95%), AVM FRITZ!Box FON WLAN 7170 WAP (94%), Dell Remote Access Controller 5/I (DRAC 5/I) (94%), Extreme Networks ExtremeXOS 12.5.4 (94%), Google Mini search appliance (94%), HP 4200 PSA (Print Server Appliance) model J4117A (94%), HP Brocade 4Gb SAN switch or (94%), Linux 2.4.20 (94%), Linux 2.4.21 (embedded) (94%), Motorola SURFboard SB6120 or SB6141 cable modem (Linux 2.6.18) (94%)
  383. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  384. [*] Nmap: Network Distance: 1 hop
  385. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  386. [*] Nmap: Host script results:
  387. [*] Nmap: |_clock-skew: mean: 40m29s, deviation: 1h39m16s, median: -2s
  388. [*] Nmap: |_nbstat: NetBIOS name: PAYDAY, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
  389. [*] Nmap: | smb-os-discovery:
  390. [*] Nmap: |   OS: Unix (Samba 3.0.26a)
  391. [*] Nmap: |   Computer name: payday
  392. [*] Nmap: |   NetBIOS computer name:
  393. [*] Nmap: |   Domain name:
  394. [*] Nmap: |   FQDN: payday
  395. [*] Nmap: |_  System time: 2019-09-11T07:31:09-04:00
  396. [*] Nmap: | smb-security-mode:
  397. [*] Nmap: |   account_used: <blank>
  398. [*] Nmap: |   authentication_level: user
  399. [*] Nmap: |   challenge_response: supported
  400. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  401. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  402. [*] Nmap: TRACEROUTE
  403. [*] Nmap: HOP RTT       ADDRESS
  404. [*] Nmap: 1   260.02 ms 10.11.1.24
  405. [*] Nmap: Nmap scan report for 10.11.1.31
  406. [*] Nmap: Host is up (0.24s latency).
  407. [*] Nmap: Not shown: 993 closed ports
  408. [*] Nmap: PORT     STATE SERVICE       VERSION
  409. [*] Nmap: 80/tcp   open  http          Microsoft IIS httpd 6.0
  410. [*] Nmap: | http-cookie-flags:
  411. [*] Nmap: |   /:
  412. [*] Nmap: |     ASPSESSIONIDQACTSDSA:
  413. [*] Nmap: |_      httponly flag not set
  414. [*] Nmap: | http-methods:
  415. [*] Nmap: |_  Potentially risky methods: TRACE
  416. [*] Nmap: |_http-server-header: Microsoft-IIS/6.0
  417. [*] Nmap: |_http-title: Login
  418. [*] Nmap: 135/tcp  open  msrpc         Microsoft Windows RPC
  419. [*] Nmap: 139/tcp  open  netbios-ssn   Microsoft Windows netbios-ssn
  420. [*] Nmap: 445/tcp  open  microsoft-ds  Windows Server 2003 3790 Service Pack 1 microsoft-ds
  421. [*] Nmap: 1025/tcp open  msrpc         Microsoft Windows RPC
  422. [*] Nmap: 1433/tcp open  ms-sql-s      Microsoft SQL Server 2000 8.00.766.00; SP3a
  423. [*] Nmap: | ms-sql-ntlm-info:
  424. [*] Nmap: |_  Product_Version: 5.2.3790
  425. [*] Nmap: 3389/tcp open  ms-wbt-server Microsoft Terminal Service
  426. [*] Nmap: MAC Address: 00:50:56:89:6D:59 (VMware)
  427. [*] Nmap: Device type: general purpose|media device|specialized
  428. [*] Nmap: Running (JUST GUESSING): Microsoft Windows 2003|XP|PocketPC/CE|2000 (94%), Motorola embedded (89%), Beat embedded (87%)
  429. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_ce:5.0 cpe:/h:motorola:vip1216 cpe:/o:microsoft:windows_ce:6.0 cpe:/o:microsoft:windows_2000::sp4
  430. [*] Nmap: Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (94%), Microsoft Windows XP (92%), Microsoft Windows XP SP3 (92%), Microsoft Windows Server 2003 (91%), Microsoft Windows Server 2003 SP1 or SP2 (91%), Microsoft Windows Server 2003 SP1 (90%), Microsoft Windows Server 2003 SP0 - SP2 (90%), Microsoft Windows XP Professional SP3 (89%), Microsoft Windows XP SP2 (89%), Microsoft Windows XP SP2 - SP3 (89%)
  431. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  432. [*] Nmap: Network Distance: 1 hop
  433. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2003
  434. [*] Nmap: Host script results:
  435. [*] Nmap: |_clock-skew: mean: 2h31m26s, deviation: 3h34m22s, median: -8s
  436. [*] Nmap: | ms-sql-info:
  437. [*] Nmap: |   Windows server name: RALPH
  438. [*] Nmap: |   10.11.1.31\MSSQLSERVER:
  439. [*] Nmap: |     Instance name: MSSQLSERVER
  440. [*] Nmap: |     Version:
  441. [*] Nmap: |       name: Microsoft SQL Server 2000 SP3a
  442. [*] Nmap: |       number: 8.00.766.00
  443. [*] Nmap: |       Product: Microsoft SQL Server 2000
  444. [*] Nmap: |       Service pack level: SP3a
  445. [*] Nmap: |       Post-SP patches applied: false
  446. [*] Nmap: |     TCP port: 1433
  447. [*] Nmap: |     Named pipe: \\10.11.1.31\pipe\sql\query
  448. [*] Nmap: |_    Clustered: false
  449. [*] Nmap: |_nbstat: NetBIOS name: RALPH, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:6d:59 (VMware)
  450. [*] Nmap: | smb-os-discovery:
  451. [*] Nmap: |   OS: Windows Server 2003 3790 Service Pack 1 (Windows Server 2003 5.2)
  452. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_server_2003::sp1
  453. [*] Nmap: |   Computer name: ralph
  454. [*] Nmap: |   NetBIOS computer name: RALPH\x00
  455. [*] Nmap: |   Workgroup: THINC\x00
  456. [*] Nmap: |_  System time: 2019-09-11T06:31:04-05:00
  457. [*] Nmap: | smb-security-mode:
  458. [*] Nmap: |   account_used: guest
  459. [*] Nmap: |   authentication_level: user
  460. [*] Nmap: |   challenge_response: supported
  461. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  462. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  463. [*] Nmap: TRACEROUTE
  464. [*] Nmap: HOP RTT       ADDRESS
  465. [*] Nmap: 1   237.19 ms 10.11.1.31
  466. [*] Nmap: Nmap scan report for 10.11.1.35
  467. [*] Nmap: Host is up (0.24s latency).
  468. [*] Nmap: Not shown: 997 filtered ports
  469. [*] Nmap: PORT    STATE  SERVICE  VERSION
  470. [*] Nmap: 22/tcp  open   ssh      OpenSSH 4.3 (protocol 2.0)
  471. [*] Nmap: | ssh-hostkey:
  472. [*] Nmap: |   1024 ab:a7:86:a8:a0:39:c6:0a:81:0b:f9:ae:6f:4b:51:79 (DSA)
  473. [*] Nmap: |_  2048 8b:a5:11:b8:ca:75:9e:8c:a7:17:2c:a3:c9:90:1e:87 (RSA)
  474. [*] Nmap: 443/tcp open   ssl/http Apache httpd 2.2.3 ((CentOS))
  475. [*] Nmap: | http-methods:
  476. [*] Nmap: |_  Potentially risky methods: TRACE
  477. [*] Nmap: |_http-server-header: Apache/2.2.3 (CentOS)
  478. [*] Nmap: |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
  479. [*] Nmap: | ssl-cert: Subject: commonName=pain/organizationName=Thinc LTD/stateOrProvinceName=Pain/countryName=US
  480. [*] Nmap: | Not valid before: 2016-01-07T12:46:17
  481. [*] Nmap: |_Not valid after:  2017-01-06T12:46:17
  482. [*] Nmap: |_ssl-date: 2019-09-11T11:28:52+00:00; -1s from scanner time.
  483. [*] Nmap: 631/tcp closed ipp
  484. [*] Nmap: MAC Address: 00:50:56:89:76:F7 (VMware)
  485. [*] Nmap: Aggressive OS guesses: Linux 2.6.18 (94%), Linux 2.6.9 (94%), Linux 2.6.9 - 2.6.27 (93%), Cisco SA520 firewall (Linux 2.6) (91%), Linux 2.6.11 (91%), Linux 2.6.28 (91%), Linux 2.6.30 (90%), Linux 2.6.32 (90%), Linux 2.6.9 (CentOS 4.4) (90%), Riverbed Steelhead 200 proxy server (90%)
  486. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  487. [*] Nmap: Network Distance: 1 hop
  488. [*] Nmap: Host script results:
  489. [*] Nmap: |_clock-skew: mean: -1s, deviation: 0s, median: -1s
  490. [*] Nmap: TRACEROUTE
  491. [*] Nmap: HOP RTT       ADDRESS
  492. [*] Nmap: 1   238.01 ms 10.11.1.35
  493. [*] Nmap: Nmap scan report for 10.11.1.39
  494. [*] Nmap: Host is up (0.24s latency).
  495. [*] Nmap: Not shown: 997 filtered ports
  496. [*] Nmap: PORT     STATE SERVICE VERSION
  497. [*] Nmap: 22/tcp   open  ssh     OpenSSH 6.6.1 (protocol 2.0)
  498. [*] Nmap: | ssh-hostkey:
  499. [*] Nmap: |   2048 5e:c1:7e:d2:f9:20:f9:11:ea:4b:02:68:07:3f:54:f2 (RSA)
  500. [*] Nmap: |   256 36:ef:27:31:a2:fd:4a:e3:d2:4e:12:58:1f:7a:03:58 (ECDSA)
  501. [*] Nmap: |_  256 2c:70:9c:c9:4c:50:61:d2:51:43:d5:67:d1:d0:39:de (ED25519)
  502. [*] Nmap: 80/tcp   open  http    nginx 1.6.3
  503. [*] Nmap: | http-methods:
  504. [*] Nmap: |_  Potentially risky methods: TRACE
  505. [*] Nmap: |_http-server-header: nginx/1.6.3
  506. [*] Nmap: |_http-title: Apache HTTP Server Test Page powered by CentOS
  507. [*] Nmap: 3306/tcp open  mysql   MariaDB (unauthorized)
  508. [*] Nmap: MAC Address: 00:50:56:93:42:3C (VMware)
  509. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  510. [*] Nmap: Device type: general purpose
  511. [*] Nmap: Running (JUST GUESSING): Linux 4.X|3.X|2.6.X (90%)
  512. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6
  513. [*] Nmap: Aggressive OS guesses: Linux 4.4 (90%), Linux 3.10 - 3.12 (89%), Linux 4.9 (89%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 - 3.16 (86%), Linux 4.0 (86%)
  514. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  515. [*] Nmap: Network Distance: 1 hop
  516. [*] Nmap: TRACEROUTE
  517. [*] Nmap: HOP RTT       ADDRESS
  518. [*] Nmap: 1   239.33 ms 10.11.1.39
  519. [*] Nmap: Nmap scan report for 10.11.1.44
  520. [*] Nmap: Host is up (0.24s latency).
  521. [*] Nmap: Not shown: 998 closed ports
  522. [*] Nmap: PORT     STATE SERVICE   VERSION
  523. [*] Nmap: 22/tcp   open  ssh       OpenSSH 5.3p1 Debian 3ubuntu7 (Ubuntu Linux; protocol 2.0)
  524. [*] Nmap: | ssh-hostkey:
  525. [*] Nmap: |   1024 65:63:69:c9:8b:96:b1:fb:be:d5:5c:f8:1e:7b:de:8f (DSA)
  526. [*] Nmap: |_  2048 28:99:c0:51:20:9b:31:e1:a4:fb:9a:17:46:52:cf:fc (RSA)
  527. [*] Nmap: 8000/tcp open  http-alt?
  528. [*] Nmap: MAC Address: 00:50:56:89:56:18 (VMware)
  529. [*] Nmap: Aggressive OS guesses: Linux 2.6.32 (94%), IPFire 2.11 firewall (Linux 2.6.32) (94%), DD-WRT v24-sp1 (Linux 2.4) (94%), HP MSM410 WAP (93%), Linux 2.6.35 (93%), IGEL UD3 thin client (Linux 2.6) (93%), Kyocera CopyStar CS-2560 printer (91%), QNAP NAS Firmware 3.8.3 (Linux 3.X) (91%), Linux 3.11 - 4.1 (91%), Linux 3.2 - 3.8 (91%)
  530. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  531. [*] Nmap: Network Distance: 1 hop
  532. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  533. [*] Nmap: TRACEROUTE
  534. [*] Nmap: HOP RTT       ADDRESS
  535. [*] Nmap: 1   238.07 ms 10.11.1.44
  536. [*] Nmap: Nmap scan report for 10.11.1.49
  537. [*] Nmap: Host is up (0.25s latency).
  538. [*] Nmap: Not shown: 996 filtered ports
  539. [*] Nmap: PORT      STATE SERVICE     VERSION
  540. [*] Nmap: 80/tcp    open  http        Microsoft IIS httpd 8.5
  541. [*] Nmap: |_http-generator: Drupal 7 (http://drupal.org)
  542. [*] Nmap: | http-methods:
  543. [*] Nmap: |_  Potentially risky methods: TRACE
  544. [*] Nmap: | http-robots.txt: 36 disallowed entries (15 shown)
  545. [*] Nmap: | /includes/ /misc/ /modules/ /profiles/ /scripts/
  546. [*] Nmap: | /themes/ /CHANGELOG.txt /cron.php /INSTALL.mysql.txt
  547. [*] Nmap: | /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php /INSTALL.txt
  548. [*] Nmap: |_/LICENSE.txt /MAINTAINERS.txt
  549. [*] Nmap: |_http-server-header: Microsoft-IIS/8.5
  550. [*] Nmap: |_http-title: Welcome to Bethany&#039;s Page | Bethany&#039;s Page
  551. [*] Nmap: 135/tcp   open  msrpc       Microsoft Windows RPC
  552. [*] Nmap: 139/tcp   open  netbios-ssn Microsoft Windows netbios-ssn
  553. [*] Nmap: 49155/tcp open  msrpc       Microsoft Windows RPC
  554. [*] Nmap: MAC Address: 00:50:56:89:20:5C (VMware)
  555. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  556. [*] Nmap: Device type: general purpose|phone|specialized
  557. [*] Nmap: Running (JUST GUESSING): Microsoft Windows 2008|7|Phone|8.1|Vista (98%)
  558. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1
  559. [*] Nmap: Aggressive OS guesses: Microsoft Windows 7 or Windows Server 2008 R2 (98%), Microsoft Windows 7 (98%), Microsoft Windows 8.1 Update 1 (92%), Microsoft Windows Phone 7.5 or 8.0 (92%), Microsoft Windows Server 2008 R2 (91%), Microsoft Windows Server 2008 R2 or Windows 8.1 (91%), Microsoft Windows Server 2008 R2 SP1 or Windows 8 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 R2 (91%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (91%), Microsoft Windows Embedded Standard 7 (91%)
  560. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  561. [*] Nmap: Network Distance: 1 hop
  562. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  563. [*] Nmap: Host script results:
  564. [*] Nmap: |_smb2-security-mode: SMB: Couldn't find a NetBIOS name that works for the server. Sorry!
  565. [*] Nmap: |_smb2-time: ERROR: Script execution failed (use -d to debug)
  566. [*] Nmap: TRACEROUTE
  567. [*] Nmap: HOP RTT       ADDRESS
  568. [*] Nmap: 1   245.72 ms 10.11.1.49
  569. [*] Nmap: Nmap scan report for 10.11.1.50
  570. [*] Nmap: Host is up (0.24s latency).
  571. [*] Nmap: Not shown: 996 filtered ports
  572. [*] Nmap: PORT      STATE SERVICE     VERSION
  573. [*] Nmap: 80/tcp    open  http        Microsoft IIS httpd 8.5
  574. [*] Nmap: |_http-generator: Drupal 7 (http://drupal.org)
  575. [*] Nmap: | http-methods:
  576. [*] Nmap: |_  Potentially risky methods: TRACE
  577. [*] Nmap: | http-robots.txt: 36 disallowed entries (15 shown)
  578. [*] Nmap: | /includes/ /misc/ /modules/ /profiles/ /scripts/
  579. [*] Nmap: | /themes/ /CHANGELOG.txt /cron.php /INSTALL.mysql.txt
  580. [*] Nmap: | /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php /INSTALL.txt
  581. [*] Nmap: |_/LICENSE.txt /MAINTAINERS.txt
  582. [*] Nmap: |_http-server-header: Microsoft-IIS/8.5
  583. [*] Nmap: |_http-title: Welcome to Bethany&#039;s Page | Bethany&#039;s Page
  584. [*] Nmap: 135/tcp   open  msrpc       Microsoft Windows RPC
  585. [*] Nmap: 139/tcp   open  netbios-ssn Microsoft Windows netbios-ssn
  586. [*] Nmap: 49155/tcp open  msrpc       Microsoft Windows RPC
  587. [*] Nmap: MAC Address: 00:50:56:89:1A:39 (VMware)
  588. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  589. [*] Nmap: Device type: general purpose
  590. [*] Nmap: Running: Microsoft Windows 2008|7
  591. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7
  592. [*] Nmap: OS details: Microsoft Windows 7 or Windows Server 2008 R2
  593. [*] Nmap: Network Distance: 1 hop
  594. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  595. [*] Nmap: Host script results:
  596. [*] Nmap: |_smb2-security-mode: SMB: Couldn't find a NetBIOS name that works for the server. Sorry!
  597. [*] Nmap: |_smb2-time: ERROR: Script execution failed (use -d to debug)
  598. [*] Nmap: TRACEROUTE
  599. [*] Nmap: HOP RTT       ADDRESS
  600. [*] Nmap: 1   242.09 ms 10.11.1.50
  601. [*] Nmap: Nmap scan report for 10.11.1.71
  602. [*] Nmap: Host is up (0.24s latency).
  603. [*] Nmap: Not shown: 998 closed ports
  604. [*] Nmap: PORT   STATE SERVICE VERSION
  605. [*] Nmap: 22/tcp open  ssh     OpenSSH 6.6.1p1 Ubuntu 2ubuntu2 (Ubuntu Linux; protocol 2.0)
  606. [*] Nmap: | ssh-hostkey:
  607. [*] Nmap: |   1024 72:b5:55:80:1b:24:d6:f3:bf:a5:c5:98:1b:01:03:90 (DSA)
  608. [*] Nmap: |   2048 1a:f6:a7:0d:ed:c2:73:a1:6f:a3:08:68:28:b5:3b:bb (RSA)
  609. [*] Nmap: |   256 e6:43:89:59:f9:85:d8:e2:bb:e3:d7:ed:28:5c:c5:65 (ECDSA)
  610. [*] Nmap: |_  256 3b:0b:f3:84:3c:7d:6e:2b:2c:81:11:94:16:9b:71:7d (ED25519)
  611. [*] Nmap: 80/tcp open  http    Apache/2.4.7 (Ubuntu)
  612. [*] Nmap: | http-cookie-flags:
  613. [*] Nmap: |   /:
  614. [*] Nmap: |     PHPSESSID:
  615. [*] Nmap: |_      httponly flag not set
  616. [*] Nmap: |_http-server-header: Apache/2.4.7 (Ubuntu)
  617. [*] Nmap: | http-title: Trees of Large Sizes
  618. [*] Nmap: |_Requested resource was site/index.php/
  619. [*] Nmap: MAC Address: 00:50:56:93:39:6B (VMware)
  620. [*] Nmap: Aggressive OS guesses: Linux 3.11 - 4.1 (94%), Linux 3.16 (94%), Linux 4.4 (93%), Linux 3.13 (91%), Linux 3.18 (90%), Linux 3.10 - 3.12 (90%), Linux 3.5 (90%), Linux 3.2 - 3.8 (90%), Linux 3.8 (90%), WatchGuard Fireware 11.8 (90%)
  621. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  622. [*] Nmap: Network Distance: 1 hop
  623. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  624. [*] Nmap: TRACEROUTE
  625. [*] Nmap: HOP RTT       ADDRESS
  626. [*] Nmap: 1   239.35 ms 10.11.1.71
  627. [*] Nmap: Nmap scan report for 10.11.1.72
  628. [*] Nmap: Host is up (0.24s latency).
  629. [*] Nmap: Not shown: 993 closed ports
  630. [*] Nmap: PORT     STATE SERVICE VERSION
  631. [*] Nmap: 22/tcp   open  ssh     OpenSSH 5.8p1 Debian 7ubuntu1 (Ubuntu Linux; protocol 2.0)
  632. [*] Nmap: | ssh-hostkey:
  633. [*] Nmap: |   1024 d3:2e:10:0d:48:90:ce:9a:33:fb:66:3f:a0:a6:94:48 (DSA)
  634. [*] Nmap: |   2048 ef:0a:3b:8e:3f:92:a4:5e:f0:ab:e7:7d:75:f0:de:0e (RSA)
  635. [*] Nmap: |_  256 15:3a:65:3b:97:ed:e0:fc:85:bc:4b:53:48:22:61:b1 (ECDSA)
  636. [*] Nmap: 25/tcp   open  smtp    JAMES smtpd 2.3.2
  637. [*] Nmap: |_smtp-commands: beta Hello nmap.scanme.org (10.11.0.96 [10.11.0.96]),
  638. [*] Nmap: 80/tcp   open  http    Apache httpd 2.2.20 ((Ubuntu))
  639. [*] Nmap: |_http-server-header: Apache/2.2.20 (Ubuntu)
  640. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  641. [*] Nmap: 110/tcp  open  pop3    JAMES pop3d 2.3.2
  642. [*] Nmap: 111/tcp  open  rpcbind 2-4 (RPC #100000)
  643. [*] Nmap: | rpcinfo:
  644. [*] Nmap: |   program version   port/proto  service
  645. [*] Nmap: |   100000  2,3,4        111/tcp  rpcbind
  646. [*] Nmap: |   100000  2,3,4        111/udp  rpcbind
  647. [*] Nmap: |   100003  2,3,4       2049/tcp  nfs
  648. [*] Nmap: |   100003  2,3,4       2049/udp  nfs
  649. [*] Nmap: |   100005  1,2,3      53680/tcp  mountd
  650. [*] Nmap: |   100005  1,2,3      58036/udp  mountd
  651. [*] Nmap: |   100021  1,3,4      37520/tcp  nlockmgr
  652. [*] Nmap: |   100021  1,3,4      42345/udp  nlockmgr
  653. [*] Nmap: |   100024  1          44863/udp  status
  654. [*] Nmap: |   100024  1          59611/tcp  status
  655. [*] Nmap: |   100227  2,3         2049/tcp  nfs_acl
  656. [*] Nmap: |_  100227  2,3         2049/udp  nfs_acl
  657. [*] Nmap: 119/tcp  open  nntp    JAMES nntpd (posting ok)
  658. [*] Nmap: 2049/tcp open  nfs_acl 2-3 (RPC #100227)
  659. [*] Nmap: MAC Address: 00:50:56:89:55:06 (VMware)
  660. [*] Nmap: Aggressive OS guesses: Linux 3.2 - 3.8 (94%), Linux 3.8 (94%), WatchGuard Fireware 11.8 (94%), Linux 3.5 (94%), Linux 3.1 - 3.2 (93%), Linux 2.6.32 - 2.6.39 (92%), Linux 3.0 - 3.2 (91%), Linux 2.6.32 (91%), Linux 2.6.32 or 3.10 (91%), Linux 3.3 (91%)
  661. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  662. [*] Nmap: Network Distance: 1 hop
  663. [*] Nmap: Service Info: Host: beta; OS: Linux; CPE: cpe:/o:linux:linux_kernel
  664. [*] Nmap: TRACEROUTE
  665. [*] Nmap: HOP RTT       ADDRESS
  666. [*] Nmap: 1   238.71 ms 10.11.1.72
  667. [*] Nmap: Nmap scan report for 10.11.1.73
  668. [*] Nmap: Host is up (0.24s latency).
  669. [*] Nmap: Not shown: 980 filtered ports
  670. [*] Nmap: PORT      STATE SERVICE       VERSION
  671. [*] Nmap: 135/tcp   open  msrpc         Microsoft Windows RPC
  672. [*] Nmap: 139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
  673. [*] Nmap: 445/tcp   open  microsoft-ds  Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
  674. [*] Nmap: 554/tcp   open  rtsp?
  675. [*] Nmap: 1100/tcp  open  java-rmi      Java RMI Registry
  676. [*] Nmap: | rmi-dumpregistry:
  677. [*] Nmap: |   creamtec/ajaxswing/JVMFactory
  678. [*] Nmap: |     com.creamtec.ajaxswing.core.JVMFactory_Stub
  679. [*] Nmap: |     @10.11.1.73:49157
  680. [*] Nmap: |     extends
  681. [*] Nmap: |       java.rmi.server.RemoteStub
  682. [*] Nmap: |       extends
  683. [*] Nmap: |_        java.rmi.server.RemoteObject
  684. [*] Nmap: 2869/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
  685. [*] Nmap: 3306/tcp  open  mysql?
  686. [*] Nmap: |_mysql-info: ERROR: Script execution failed (use -d to debug)
  687. [*] Nmap: 3389/tcp  open  ms-wbt-server Microsoft Terminal Service
  688. [*] Nmap: | ssl-cert: Subject: commonName=gamma
  689. [*] Nmap: | Not valid before: 2019-09-08T23:50:35
  690. [*] Nmap: |_Not valid after:  2020-03-09T23:50:35
  691. [*] Nmap: |_ssl-date: 2019-09-11T11:30:08+00:00; -16s from scanner time.
  692. [*] Nmap: 5357/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
  693. [*] Nmap: |_http-server-header: Microsoft-HTTPAPI/2.0
  694. [*] Nmap: |_http-title: Service Unavailable
  695. [*] Nmap: 5800/tcp  open  vnc-http      TightVNC (user: gamma; VNC TCP port: 5900)
  696. [*] Nmap: |_http-title: TightVNC desktop [gamma]
  697. [*] Nmap: 5900/tcp  open  vnc           VNC (protocol 3.8)
  698. [*] Nmap: | vnc-info:
  699. [*] Nmap: |   Protocol version: 3.8
  700. [*] Nmap: |   Security types:
  701. [*] Nmap: |     VNC Authentication (2)
  702. [*] Nmap: |     Tight (16)
  703. [*] Nmap: |   Tight auth subtypes:
  704. [*] Nmap: |_    STDV VNCAUTH_ (2)
  705. [*] Nmap: 8080/tcp  open  http          Apache httpd 2.4.9 ((Win32) PHP/5.5.12)
  706. [*] Nmap: |_http-open-proxy: Proxy might be redirecting requests
  707. [*] Nmap: | http-robots.txt: 1 disallowed entry
  708. [*] Nmap: |_/testmysql.php
  709. [*] Nmap: |_http-server-header: Apache/2.4.9 (Win32) PHP/5.5.12
  710. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  711. [*] Nmap: 10243/tcp open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
  712. [*] Nmap: |_http-server-header: Microsoft-HTTPAPI/2.0
  713. [*] Nmap: |_http-title: Not Found
  714. [*] Nmap: 49152/tcp open  msrpc         Microsoft Windows RPC
  715. [*] Nmap: 49153/tcp open  msrpc         Microsoft Windows RPC
  716. [*] Nmap: 49154/tcp open  msrpc         Microsoft Windows RPC
  717. [*] Nmap: 49155/tcp open  msrpc         Microsoft Windows RPC
  718. [*] Nmap: 49156/tcp open  msrpc         Microsoft Windows RPC
  719. [*] Nmap: 49157/tcp open  rmiregistry   Java RMI
  720. [*] Nmap: 49159/tcp open  rmiregistry   Java RMI
  721. [*] Nmap: MAC Address: 00:50:56:93:57:B9 (VMware)
  722. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  723. [*] Nmap: Device type: general purpose
  724. [*] Nmap: Running: Microsoft Windows 2008|7
  725. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7
  726. [*] Nmap: OS details: Microsoft Windows 7 or Windows Server 2008 R2
  727. [*] Nmap: Network Distance: 1 hop
  728. [*] Nmap: Service Info: Host: GAMMA; OS: Windows; CPE: cpe:/o:microsoft:windows
  729. [*] Nmap: Host script results:
  730. [*] Nmap: |_clock-skew: mean: 1h45m34s, deviation: 3h31m41s, median: -16s
  731. [*] Nmap: |_nbstat: NetBIOS name: GAMMA, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:57:b9 (VMware)
  732. [*] Nmap: | smb-os-discovery:
  733. [*] Nmap: |   OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
  734. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
  735. [*] Nmap: |   Computer name: gamma
  736. [*] Nmap: |   NetBIOS computer name: GAMMA\x00
  737. [*] Nmap: |   Workgroup: WORKGROUP\x00
  738. [*] Nmap: |_  System time: 2019-09-11T04:31:09-07:00
  739. [*] Nmap: | smb-security-mode:
  740. [*] Nmap: |   account_used: guest
  741. [*] Nmap: |   authentication_level: user
  742. [*] Nmap: |   challenge_response: supported
  743. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  744. [*] Nmap: | smb2-security-mode:
  745. [*] Nmap: |   2.02:
  746. [*] Nmap: |_    Message signing enabled but not required
  747. [*] Nmap: | smb2-time:
  748. [*] Nmap: |   date: 2019-09-11 07:31:08
  749. [*] Nmap: |_  start_date: 2018-10-18 14:09:11
  750. [*] Nmap: TRACEROUTE
  751. [*] Nmap: HOP RTT       ADDRESS
  752. [*] Nmap: 1   238.92 ms 10.11.1.73
  753. [*] Nmap: Nmap scan report for 10.11.1.75
  754. [*] Nmap: Host is up (0.24s latency).
  755. [*] Nmap: Not shown: 986 filtered ports
  756. [*] Nmap: PORT      STATE SERVICE       VERSION
  757. [*] Nmap: 135/tcp   open  msrpc         Microsoft Windows RPC
  758. [*] Nmap: 139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
  759. [*] Nmap: 445/tcp   open  microsoft-ds  Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
  760. [*] Nmap: 554/tcp   open  rtsp?
  761. [*] Nmap: 2869/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
  762. [*] Nmap: 3389/tcp  open  ms-wbt-server Microsoft Terminal Service
  763. [*] Nmap: | ssl-cert: Subject: commonName=bruce
  764. [*] Nmap: | Not valid before: 2019-09-09T04:16:00
  765. [*] Nmap: |_Not valid after:  2020-03-10T04:16:00
  766. [*] Nmap: |_ssl-date: 2019-09-11T11:28:28+00:00; -3s from scanner time.
  767. [*] Nmap: 5357/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
  768. [*] Nmap: |_http-server-header: Microsoft-HTTPAPI/2.0
  769. [*] Nmap: |_http-title: Service Unavailable
  770. [*] Nmap: 10243/tcp open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
  771. [*] Nmap: |_http-server-header: Microsoft-HTTPAPI/2.0
  772. [*] Nmap: |_http-title: Not Found
  773. [*] Nmap: 49152/tcp open  msrpc         Microsoft Windows RPC
  774. [*] Nmap: 49153/tcp open  msrpc         Microsoft Windows RPC
  775. [*] Nmap: 49154/tcp open  msrpc         Microsoft Windows RPC
  776. [*] Nmap: 49155/tcp open  msrpc         Microsoft Windows RPC
  777. [*] Nmap: 49156/tcp open  msrpc         Microsoft Windows RPC
  778. [*] Nmap: 49157/tcp open  msrpc         Microsoft Windows RPC
  779. [*] Nmap: MAC Address: 00:50:56:93:72:F1 (VMware)
  780. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  781. [*] Nmap: Device type: general purpose
  782. [*] Nmap: Running: Microsoft Windows 7
  783. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_7
  784. [*] Nmap: OS details: Microsoft Windows 7
  785. [*] Nmap: Network Distance: 1 hop
  786. [*] Nmap: Service Info: Host: BRUCE; OS: Windows; CPE: cpe:/o:microsoft:windows
  787. [*] Nmap: Host script results:
  788. [*] Nmap: |_clock-skew: mean: -14m12s, deviation: 28m19s, median: -3s
  789. [*] Nmap: |_nbstat: NetBIOS name: BRUCE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:72:f1 (VMware)
  790. [*] Nmap: | smb-os-discovery:
  791. [*] Nmap: |   OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
  792. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
  793. [*] Nmap: |   Computer name: bruce
  794. [*] Nmap: |   NetBIOS computer name: BRUCE\x00
  795. [*] Nmap: |   Workgroup: WORKGROUP\x00
  796. [*] Nmap: |_  System time: 2019-09-11T12:31:22+01:00
  797. [*] Nmap: | smb-security-mode:
  798. [*] Nmap: |   account_used: guest
  799. [*] Nmap: |   authentication_level: user
  800. [*] Nmap: |   challenge_response: supported
  801. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  802. [*] Nmap: | smb2-security-mode:
  803. [*] Nmap: |   2.02:
  804. [*] Nmap: |_    Message signing enabled but not required
  805. [*] Nmap: | smb2-time:
  806. [*] Nmap: |   date: 2019-09-11 07:31:22
  807. [*] Nmap: |_  start_date: 2019-09-10 11:37:22
  808. [*] Nmap: TRACEROUTE
  809. [*] Nmap: HOP RTT       ADDRESS
  810. [*] Nmap: 1   238.71 ms 10.11.1.75
  811. [*] Nmap: Nmap scan report for 10.11.1.115
  812. [*] Nmap: Host is up (0.24s latency).
  813. [*] Nmap: Not shown: 989 closed ports
  814. [*] Nmap: PORT      STATE SERVICE     VERSION
  815. [*] Nmap: 21/tcp    open  ftp         vsftpd 1.1.3
  816. [*] Nmap: | ftp-anon: Anonymous FTP login allowed (FTP code 230)
  817. [*] Nmap: |_drwxr-xr-x    2 0        0            4096 Feb 28  2003 pub
  818. [*] Nmap: 22/tcp    open  ssh         OpenSSH 3.5p1 (protocol 1.99)
  819. [*] Nmap: | ssh-hostkey:
  820. [*] Nmap: |   1024 36:70:a4:9f:32:47:ac:57:3f:ef:a1:ec:0b:ba:44:1b (RSA1)
  821. [*] Nmap: |   1024 64:79:7d:c6:a2:63:32:54:f0:d9:2b:f3:5d:c7:d2:69 (DSA)
  822. [*] Nmap: |_  1024 48:fb:39:3d:30:82:50:de:66:69:c5:ca:45:62:c0:dc (RSA)
  823. [*] Nmap: |_sshv1: Server supports SSHv1
  824. [*] Nmap: 25/tcp    open  smtp?
  825. [*] Nmap: |_smtp-commands: Couldn't establish connection on port 25
  826. [*] Nmap: 80/tcp    open  http        Apache httpd 2.0.40 ((Red Hat Linux))
  827. [*] Nmap: | http-methods:
  828. [*] Nmap: |_  Potentially risky methods: TRACE
  829. [*] Nmap: |_http-server-header: Apache/2.0.40 (Red Hat Linux)
  830. [*] Nmap: |_http-title: Test Page for the Apache Web Server on Red Hat Linux
  831. [*] Nmap: 111/tcp   open  rpcbind     2 (RPC #100000)
  832. [*] Nmap: | rpcinfo:
  833. [*] Nmap: |   program version   port/proto  service
  834. [*] Nmap: |   100000  2            111/tcp  rpcbind
  835. [*] Nmap: |   100000  2            111/udp  rpcbind
  836. [*] Nmap: |   100024  1          32768/tcp  status
  837. [*] Nmap: |   100024  1          32768/udp  status
  838. [*] Nmap: |_  391002  2          32769/tcp  sgi_fam
  839. [*] Nmap: 139/tcp   open  netbios-ssn Samba smbd (workgroup: MYGROUP)
  840. [*] Nmap: 143/tcp   open  imap        UW imapd 2001.315rh
  841. [*] Nmap: |_imap-capabilities: OK SORT THREAD=REFERENCES IMAP4REV1 NAMESPACE MAILBOX-REFERRALS SCAN THREAD=ORDEREDSUBJECT CAPABILITY AUTH=LOGINA0001 STARTTLS LOGIN-REFERRALS MULTIAPPEND completed IDLE
  842. [*] Nmap: | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
  843. [*] Nmap: | Not valid before: 2007-01-16T06:07:45
  844. [*] Nmap: |_Not valid after:  2008-01-16T06:07:45
  845. [*] Nmap: |_ssl-date: 2019-09-11T11:29:24+00:00; -10s from scanner time.
  846. [*] Nmap: 199/tcp   open  smux        Linux SNMP multiplexer
  847. [*] Nmap: 443/tcp   open  ssl/http    Apache httpd 2.0.40 ((Red Hat Linux))
  848. [*] Nmap: | http-methods:
  849. [*] Nmap: |_  Potentially risky methods: TRACE
  850. [*] Nmap: |_http-server-header: Apache/2.0.40 (Red Hat Linux)
  851. [*] Nmap: |_http-title: Test Page for the Apache Web Server on Red Hat Linux
  852. [*] Nmap: | ssl-cert: Subject: commonName=redhat/organizationName=ACME LOCAL LTD/stateOrProvinceName=Berkshire/countryName=GB
  853. [*] Nmap: | Not valid before: 2007-01-16T14:54:43
  854. [*] Nmap: |_Not valid after:  2008-01-16T14:54:43
  855. [*] Nmap: |_ssl-date: 2019-09-11T11:30:56+00:00; -10s from scanner time.
  856. [*] Nmap: | sslv2:
  857. [*] Nmap: |   SSLv2 supported
  858. [*] Nmap: |   ciphers:
  859. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  860. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  861. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  862. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  863. [*] Nmap: |     SSL2_RC2_128_CBC_WITH_MD5
  864. [*] Nmap: |     SSL2_DES_64_CBC_WITH_MD5
  865. [*] Nmap: |_    SSL2_RC4_64_WITH_MD5
  866. [*] Nmap: 3306/tcp  open  mysql       MySQL (unauthorized)
  867. [*] Nmap: 32768/tcp open  status      1 (RPC #100024)
  868. [*] Nmap: MAC Address: 00:50:56:89:39:7F (VMware)
  869. [*] Nmap: Device type: general purpose
  870. [*] Nmap: Running: Linux 2.4.X
  871. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.4.20
  872. [*] Nmap: OS details: Linux 2.4.20
  873. [*] Nmap: Network Distance: 1 hop
  874. [*] Nmap: Service Info: Host: tophat.acme.local; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
  875. [*] Nmap: Host script results:
  876. [*] Nmap: |_clock-skew: mean: -10s, deviation: 0s, median: -10s
  877. [*] Nmap: |_nbstat: NetBIOS name: TOPHAT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
  878. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  879. [*] Nmap: TRACEROUTE
  880. [*] Nmap: HOP RTT       ADDRESS
  881. [*] Nmap: 1   238.23 ms 10.11.1.115
  882. [*] Nmap: Nmap scan report for 10.11.1.116
  883. [*] Nmap: Host is up (0.24s latency).
  884. [*] Nmap: Not shown: 994 closed ports
  885. [*] Nmap: PORT     STATE SERVICE    VERSION
  886. [*] Nmap: 21/tcp   open  ftp?
  887. [*] Nmap: 22/tcp   open  ssh        OpenSSH 5.8p2_hpn13v11 (FreeBSD 20110503; protocol 2.0)
  888. [*] Nmap: | ssh-hostkey:
  889. [*] Nmap: |   1024 75:e8:80:6f:6c:2f:d2:51:1a:d6:c9:9e:e4:a2:4c:2f (DSA)
  890. [*] Nmap: |   2048 28:43:26:62:1d:07:f9:e3:9f:0b:1a:94:98:1a:74:45 (RSA)
  891. [*] Nmap: |_  256 50:2f:db:dd:1a:8e:22:23:f8:dc:7b:65:c9:fc:8e:df (ECDSA)
  892. [*] Nmap: 80/tcp   open  http       Apache httpd 2.4.6 ((FreeBSD) PHP/5.4.23)
  893. [*] Nmap: | http-methods:
  894. [*] Nmap: |_  Potentially risky methods: TRACE
  895. [*] Nmap: |_http-server-header: Apache/2.4.6 (FreeBSD) PHP/5.4.23
  896. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  897. [*] Nmap: 110/tcp  open  tcpwrapped
  898. [*] Nmap: 143/tcp  open  tcpwrapped
  899. [*] Nmap: 3306/tcp open  mysql      MySQL (unauthorized)
  900. [*] Nmap: MAC Address: 00:50:56:89:10:91 (VMware)
  901. [*] Nmap: Aggressive OS guesses: FreeBSD 9.0-RELEASE - 10.3-RELEASE (97%), FreeBSD 9.0-RELEASE (93%), FreeBSD 7.0-RELEASE (91%), FreeBSD 7.1-PRERELEASE 7.2-STABLE (91%), m0n0wall 1.3b11 - 1.3b15 (FreeBSD 6.3) (91%), FreeBSD 8.1-RELEASE (91%), FreeBSD 8.0-RELEASE (91%), VMware ESXi 4.1.0 (91%), FreeBSD 8.2-RELEASE (90%), FreeBSD 7.0-RELEASE - 9.0-RELEASE (90%)
  902. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  903. [*] Nmap: Network Distance: 1 hop
  904. [*] Nmap: Service Info: OS: FreeBSD; CPE: cpe:/o:freebsd:freebsd
  905. [*] Nmap: TRACEROUTE
  906. [*] Nmap: HOP RTT       ADDRESS
  907. [*] Nmap: 1   238.77 ms 10.11.1.116
  908. [*] Nmap: Nmap scan report for 10.11.1.125
  909. [*] Nmap: Host is up (0.24s latency).
  910. [*] Nmap: Not shown: 999 filtered ports
  911. [*] Nmap: PORT   STATE SERVICE VERSION
  912. [*] Nmap: 21/tcp open  ftp     Acritum Femitter Server ftpd
  913. [*] Nmap: | ftp-anon: Anonymous FTP login allowed (FTP code 230)
  914. [*] Nmap: | drw-rw-rw-   1 ftp      ftp            0 Sep 23  2015 . [NSE: writeable]
  915. [*] Nmap: | drw-rw-rw-   1 ftp      ftp            0 Sep 23  2015 .. [NSE: writeable]
  916. [*] Nmap: | -rw-rw-rw-   1 ftp      ftp        11164 Dec 26  2006 house.jpg [NSE: writeable]
  917. [*] Nmap: | -rw-rw-rw-   1 ftp      ftp          920 Jan 03  2007 index.htm [NSE: writeable]
  918. [*] Nmap: |_drw-rw-rw-   1 ftp      ftp            0 Sep 10 00:10 Upload [NSE: writeable]
  919. [*] Nmap: |_ftp-bounce: bounce working!
  920. [*] Nmap: | ftp-syst:
  921. [*] Nmap: |_  SYST: Internet Component Suite
  922. [*] Nmap: MAC Address: 00:50:56:89:56:6C (VMware)
  923. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  924. [*] Nmap: Device type: WAP|general purpose|media device
  925. [*] Nmap: Running (JUST GUESSING): Apple embedded (90%), Microsoft Windows XP|2003|2000 (89%), RIM Tablet OS 2.X (85%)
  926. [*] Nmap: OS CPE: cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2003::- cpe:/o:microsoft:windows_2000::sp4 cpe:/o:rim:tablet_os:2
  927. [*] Nmap: Aggressive OS guesses: Apple AirPort Extreme WAP (90%), Microsoft Windows Server 2003 SP0 or Windows XP SP2 (89%), Microsoft Windows XP SP3 (89%), Microsoft Windows 2000 SP4 (88%), Microsoft Windows XP SP3 or Small Business Server 2003 (88%), Microsoft Windows XP (88%), Microsoft Windows XP Home SP1 (French) (87%), Microsoft Windows XP Professional SP2 (French) (87%), Microsoft Windows XP SP2 (87%), Microsoft Windows XP Professional SP2 (firewall enabled) (86%)
  928. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  929. [*] Nmap: Network Distance: 1 hop
  930. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  931. [*] Nmap: TRACEROUTE
  932. [*] Nmap: HOP RTT       ADDRESS
  933. [*] Nmap: 1   238.15 ms 10.11.1.125
  934. [*] Nmap: Nmap scan report for 10.11.1.128
  935. [*] Nmap: Host is up (0.24s latency).
  936. [*] Nmap: Not shown: 987 closed ports
  937. [*] Nmap: PORT     STATE SERVICE      VERSION
  938. [*] Nmap: 21/tcp   open  ftp          Microsoft ftpd 5.0
  939. [*] Nmap: 25/tcp   open  smtp         Microsoft ESMTP 5.0.2195.6713
  940. [*] Nmap: | smtp-commands: dj.acme.local Hello [10.11.0.96], AUTH GSSAPI NTLM LOGIN, AUTH=LOGIN, TURN, ATRN, SIZE 2097152, ETRN, PIPELINING, DSN, ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, OK,
  941. [*] Nmap: |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ATRN ETRN BDAT VRFY
  942. [*] Nmap: | smtp-ntlm-info:
  943. [*] Nmap: |   Target_Name: DJ
  944. [*] Nmap: |   NetBIOS_Domain_Name: DJ
  945. [*] Nmap: |   NetBIOS_Computer_Name: DJ
  946. [*] Nmap: |   DNS_Domain_Name: dj.acme.local
  947. [*] Nmap: |   DNS_Computer_Name: dj.acme.local
  948. [*] Nmap: |_  Product_Version: 5.0.2195
  949. [*] Nmap: 80/tcp   open  http         Microsoft IIS httpd 5.0
  950. [*] Nmap: | http-cookie-flags:
  951. [*] Nmap: |   /:
  952. [*] Nmap: |     ASPSESSIONIDACRQSSRT:
  953. [*] Nmap: |_      httponly flag not set
  954. [*] Nmap: | http-methods:
  955. [*] Nmap: |_  Potentially risky methods: TRACE
  956. [*] Nmap: |_http-server-header: Microsoft-IIS/5.0
  957. [*] Nmap: |_http-title: Login
  958. [*] Nmap: 135/tcp  open  msrpc        Microsoft Windows RPC
  959. [*] Nmap: 139/tcp  open  netbios-ssn  Microsoft Windows netbios-ssn
  960. [*] Nmap: 443/tcp  open  https?
  961. [*] Nmap: 445/tcp  open  microsoft-ds Windows 2000 microsoft-ds
  962. [*] Nmap: 1025/tcp open  msrpc        Microsoft Windows RPC
  963. [*] Nmap: 1026/tcp open  msrpc        Microsoft Windows RPC
  964. [*] Nmap: 1030/tcp open  msrpc        Microsoft Windows RPC
  965. [*] Nmap: 3372/tcp open  msdtc        Microsoft Distributed Transaction Coordinator (error)
  966. [*] Nmap: 5800/tcp open  vnc-http     TightVNC
  967. [*] Nmap: |_http-title: TightVNC desktop [dj]
  968. [*] Nmap: 5900/tcp open  vnc          VNC (protocol 3.8)
  969. [*] Nmap: | vnc-info:
  970. [*] Nmap: |   Protocol version: 3.8
  971. [*] Nmap: |   Security types:
  972. [*] Nmap: |     VNC Authentication (2)
  973. [*] Nmap: |     Tight (16)
  974. [*] Nmap: |   Tight auth subtypes:
  975. [*] Nmap: |_    STDV VNCAUTH_ (2)
  976. [*] Nmap: MAC Address: 00:50:56:93:32:22 (VMware)
  977. [*] Nmap: Device type: general purpose|specialized|power-device
  978. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2000|2003|7 (98%), Belkin embedded (89%), SMA embedded (89%)
  979. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7
  980. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (98%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (91%), Microsoft Windows XP SP2 (91%), Microsoft Windows 2000 SP4 (90%), Microsoft Windows XP SP3 (90%), Microsoft Windows Server 2003 SP2 (89%), Belkin OmniView KVM switch or SMA Sunny WebBox solar panel monitor (89%), Microsoft Windows 7 (89%)
  981. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  982. [*] Nmap: Network Distance: 1 hop
  983. [*] Nmap: Service Info: Host: dj.acme.local; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_2000
  984. [*] Nmap: Host script results:
  985. [*] Nmap: |_clock-skew: mean: -58m19s, deviation: 1h22m29s, median: -1h56m39s
  986. [*] Nmap: | ms-sql-info:
  987. [*] Nmap: |   Windows server name: DJ
  988. [*] Nmap: |   10.11.1.128\MSSQLSERVER:
  989. [*] Nmap: |     Instance name: MSSQLSERVER
  990. [*] Nmap: |     Version:
  991. [*] Nmap: |       name: Microsoft SQL Server 2000 RTM
  992. [*] Nmap: |       number: 8.00.194.00
  993. [*] Nmap: |       Product: Microsoft SQL Server 2000
  994. [*] Nmap: |       Service pack level: RTM
  995. [*] Nmap: |       Post-SP patches applied: false
  996. [*] Nmap: |     TCP port: 27900
  997. [*] Nmap: |     Named pipe: \\10.11.1.128\pipe\sql\query
  998. [*] Nmap: |_    Clustered: false
  999. [*] Nmap: |_nbstat: NetBIOS name: DJ, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:32:22 (VMware)
  1000. [*] Nmap: | smb-os-discovery:
  1001. [*] Nmap: |   OS: Windows 2000 (Windows 2000 LAN Manager)
  1002. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_2000::-
  1003. [*] Nmap: |   Computer name: dj
  1004. [*] Nmap: |   NetBIOS computer name: DJ\x00
  1005. [*] Nmap: |   Workgroup: WORKGROUP\x00
  1006. [*] Nmap: |_  System time: 2019-09-11T13:31:26+02:00
  1007. [*] Nmap: | smb-security-mode:
  1008. [*] Nmap: |   account_used: guest
  1009. [*] Nmap: |   authentication_level: user
  1010. [*] Nmap: |   challenge_response: supported
  1011. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1012. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  1013. [*] Nmap: TRACEROUTE
  1014. [*] Nmap: HOP RTT       ADDRESS
  1015. [*] Nmap: 1   238.32 ms 10.11.1.128
  1016. [*] Nmap: Nmap scan report for 10.11.1.133
  1017. [*] Nmap: Host is up (0.24s latency).
  1018. [*] Nmap: Not shown: 549 filtered ports, 450 closed ports
  1019. [*] Nmap: PORT   STATE SERVICE VERSION
  1020. [*] Nmap: 80/tcp open  http    Microsoft-IIS
  1021. [*] Nmap: | fingerprint-strings:
  1022. [*] Nmap: |   GetRequest, HTTPOptions:
  1023. [*] Nmap: |     HTTP/1.1 200 OK
  1024. [*] Nmap: |     Date: Wed, 11 Sep 2019 11:22:59 GMT
  1025. [*] Nmap: |     Server: Microsoft-IIS
  1026. [*] Nmap: |     Content-Type: text/html
  1027. [*] Nmap: |     Cache-control: private
  1028. [*] Nmap: |     Vary: Accept-Encoding
  1029. [*] Nmap: |     Content-Length: 619
  1030. [*] Nmap: |     Connection: close
  1031. [*] Nmap: |     <html>
  1032. [*] Nmap: |     <head>
  1033. [*] Nmap: |     <title>Let's play with the offsec team</title>
  1034. [*] Nmap: |     </head>
  1035. [*] Nmap: |     <body style="color: #FFFFFF; background-color: #000000;font-family: verdana;">
  1036. [*] Nmap: |     <center>
  1037. [*] Nmap: |     <div style="width:600px;height:399px;background-image:url(offsec-team.jpg);">
  1038. [*] Nmap: |     <form method="post" action="login.asp">
  1039. [*] Nmap: |     <table style="padding-top:170px;">
  1040. [*] Nmap: |     <tr>
  1041. [*] Nmap: |     <td>Username: </td><td><input type="text" name="username" value=""></td>
  1042. [*] Nmap: |     </tr>
  1043. [*] Nmap: |     <tr>
  1044. [*] Nmap: |     <td>Password: </td><td><input type="password" name="password"></td>
  1045. [*] Nmap: |     </tr>
  1046. [*] Nmap: |     <tr>
  1047. [*] Nmap: |     colspan="2" align="right"><input type="submit" name="submit" value="Enter"></td>
  1048. [*] Nmap: |     </tr>
  1049. [*] Nmap: |     </table>
  1050. [*] Nmap: |     </form>
  1051. [*] Nmap: |     </div>
  1052. [*] Nmap: |     </center>
  1053. [*] Nmap: |     </body>
  1054. [*] Nmap: |_    </html>
  1055. [*] Nmap: |_http-server-header: Microsoft-IIS
  1056. [*] Nmap: |_http-title: Let's play with the offsec team
  1057. [*] Nmap: 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
  1058. [*] Nmap: SF-Port80-TCP:V=7.70%I=7%D=9/11%Time=5D78D922%P=i686-pc-linux-gnu%r(GetReq
  1059. [*] Nmap: SF:uest,333,"HTTP/1\.1\x20200\x20OK\r\nDate:\x20Wed,\x2011\x20Sep\x202019\
  1060. [*] Nmap: SF:x2011:22:59\x20GMT\r\nServer:\x20Microsoft-IIS\x20\x20\x20\x20\x20\x20\
  1061. [*] Nmap: SF:x20\x20\x20\r\nContent-Type:\x20text/html\r\nCache-control:\x20private\
  1062. [*] Nmap: SF:r\nVary:\x20Accept-Encoding\r\nContent-Length:\x20619\r\nConnection:\x2
  1063. [*] Nmap: SF:0close\r\n\r\n<html>\n<head>\n<title>Let's\x20play\x20with\x20the\x20of
  1064. [*] Nmap: SF:fsec\x20team</title>\n</head>\n<body\x20style=\"color:\x20#FFFFFF;\x20b
  1065. [*] Nmap: SF:ackground-color:\x20#000000;font-family:\x20verdana;\">\n<center>\n<div
  1066. [*] Nmap: SF:\x20style=\"width:600px;height:399px;background-image:url\(offsec-team\
  1067. [*] Nmap: SF:.jpg\);\">\n<form\x20method=\"post\"\x20action=\"login\.asp\">\n<table\
  1068. [*] Nmap: SF:x20style=\"padding-top:170px;\">\n<tr>\n<td>Username:\x20</td><td><inpu
  1069. [*] Nmap: SF:t\x20type=\"text\"\x20name=\"username\"\x20value=\"\"></td>\n</tr>\n<tr
  1070. [*] Nmap: SF:>\n<td>Password:\x20</td><td><input\x20type=\"password\"\x20name=\"pass
  1071. [*] Nmap: SF:word\"></td>\n</tr>\n<tr>\n<td\x20colspan=\"2\"\x20align=\"right\"><inp
  1072. [*] Nmap: SF:ut\x20type=\"submit\"\x20name=\"submit\"\x20value=\"Enter\"></td>\n</tr
  1073. [*] Nmap: SF:>\n</table>\n</form>\n</div>\n</center>\n</body>\n</html>\n")%r(HTTPOpt
  1074. [*] Nmap: SF:ions,333,"HTTP/1\.1\x20200\x20OK\r\nDate:\x20Wed,\x2011\x20Sep\x202019\
  1075. [*] Nmap: SF:x2011:22:59\x20GMT\r\nServer:\x20Microsoft-IIS\x20\x20\x20\x20\x20\x20\
  1076. [*] Nmap: SF:x20\x20\x20\r\nContent-Type:\x20text/html\r\nCache-control:\x20private\
  1077. [*] Nmap: SF:r\nVary:\x20Accept-Encoding\r\nContent-Length:\x20619\r\nConnection:\x2
  1078. [*] Nmap: SF:0close\r\n\r\n<html>\n<head>\n<title>Let's\x20play\x20with\x20the\x20of
  1079. [*] Nmap: SF:fsec\x20team</title>\n</head>\n<body\x20style=\"color:\x20#FFFFFF;\x20b
  1080. [*] Nmap: SF:ackground-color:\x20#000000;font-family:\x20verdana;\">\n<center>\n<div
  1081. [*] Nmap: SF:\x20style=\"width:600px;height:399px;background-image:url\(offsec-team\
  1082. [*] Nmap: SF:.jpg\);\">\n<form\x20method=\"post\"\x20action=\"login\.asp\">\n<table\
  1083. [*] Nmap: SF:x20style=\"padding-top:170px;\">\n<tr>\n<td>Username:\x20</td><td><inpu
  1084. [*] Nmap: SF:t\x20type=\"text\"\x20name=\"username\"\x20value=\"\"></td>\n</tr>\n<tr
  1085. [*] Nmap: SF:>\n<td>Password:\x20</td><td><input\x20type=\"password\"\x20name=\"pass
  1086. [*] Nmap: SF:word\"></td>\n</tr>\n<tr>\n<td\x20colspan=\"2\"\x20align=\"right\"><inp
  1087. [*] Nmap: SF:ut\x20type=\"submit\"\x20name=\"submit\"\x20value=\"Enter\"></td>\n</tr
  1088. [*] Nmap: SF:>\n</table>\n</form>\n</div>\n</center>\n</body>\n</html>\n");
  1089. [*] Nmap: MAC Address: 00:50:56:89:7D:25 (VMware)
  1090. [*] Nmap: Aggressive OS guesses: Linux 2.6.32 (95%), HP MSM410 WAP (91%), Linux 2.6.35 (90%), IGEL UD3 thin client (Linux 2.6) (90%), IPFire 2.11 firewall (Linux 2.6.32) (90%), DD-WRT v24-sp1 (Linux 2.4) (89%), Linux 3.0 - 3.2 (88%), DD-WRT v23 (Linux 2.4.34) (88%), Linux 2.6.15 - 2.6.26 (likely embedded) (88%), Fortinet FortiOS 5.0.6 (88%)
  1091. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1092. [*] Nmap: Network Distance: 1 hop
  1093. [*] Nmap: TRACEROUTE
  1094. [*] Nmap: HOP RTT       ADDRESS
  1095. [*] Nmap: 1   238.60 ms 10.11.1.133
  1096. [*] Nmap: Nmap scan report for 10.11.1.136
  1097. [*] Nmap: Host is up (0.24s latency).
  1098. [*] Nmap: Not shown: 996 closed ports
  1099. [*] Nmap: PORT    STATE SERVICE     VERSION
  1100. [*] Nmap: 22/tcp  open  ssh         OpenSSH 4.3p2 Debian 9 (protocol 2.0)
  1101. [*] Nmap: |_auth-owners: root
  1102. [*] Nmap: | ssh-hostkey:
  1103. [*] Nmap: |   1024 88:23:98:0d:9d:8a:20:59:35:b8:14:12:14:d5:d0:44 (DSA)
  1104. [*] Nmap: |_  2048 6b:5d:04:71:76:78:56:96:56:92:a8:02:30:73:ee:fa (RSA)
  1105. [*] Nmap: 113/tcp open  ident
  1106. [*] Nmap: |_auth-owners: identd
  1107. [*] Nmap: 139/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: LOCAL)
  1108. [*] Nmap: |_auth-owners: root
  1109. [*] Nmap: 445/tcp open  netbios-ssn Samba smbd 3.0.24 (workgroup: LOCAL)
  1110. [*] Nmap: |_auth-owners: root
  1111. [*] Nmap: MAC Address: 00:50:56:93:37:2B (VMware)
  1112. [*] Nmap: Device type: general purpose|switch|printer|firewall|security-misc|WAP|remote management|specialized
  1113. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X|2.4.X (94%), Extreme Networks ExtremeXOS 12.X (93%), Kyocera embedded (93%), Barracuda Networks embedded (92%), AVM embedded (90%), Linksys embedded (90%), Netgear embedded (90%), Dell embedded (90%)
  1114. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:extremenetworks:extremexos:12.5.4 cpe:/h:kyocera:cs-2560 cpe:/h:avm:fritz%21box_fon_wlan_7050 cpe:/h:linksys:wag200g cpe:/h:netgear:dg834gt cpe:/h:dell:remote_access_card:5 cpe:/o:linux:linux_kernel:2.4.21
  1115. [*] Nmap: Aggressive OS guesses: Linux 2.6.15 - 2.6.26 (likely embedded) (94%), Linux 2.6.16 (94%), Extreme Networks ExtremeXOS 12.5.4 (93%), Kyocera CopyStar CS-2560 printer (93%), Linux 2.6.15 (Ubuntu) (93%), Linux 2.6.26 (93%), Barracuda Web Application Firewall 460 (92%), Linux 2.6.32 (92%), Barracuda Web Filter (92%), Linux 2.6.22 (92%)
  1116. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1117. [*] Nmap: Network Distance: 1 hop
  1118. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1119. [*] Nmap: Host script results:
  1120. [*] Nmap: |_clock-skew: mean: 2h01m37s, deviation: 2h52m03s, median: -2s
  1121. [*] Nmap: |_nbstat: NetBIOS name: SUFFERANCE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
  1122. [*] Nmap: | smb-os-discovery:
  1123. [*] Nmap: |   OS: Unix (Samba 3.0.24)
  1124. [*] Nmap: |   NetBIOS computer name:
  1125. [*] Nmap: |   Workgroup: THINC.LOCAL\x00
  1126. [*] Nmap: |_  System time: 2019-09-11T07:31:25-04:00
  1127. [*] Nmap: | smb-security-mode:
  1128. [*] Nmap: |   account_used: guest
  1129. [*] Nmap: |   authentication_level: share (dangerous)
  1130. [*] Nmap: |   challenge_response: supported
  1131. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1132. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  1133. [*] Nmap: TRACEROUTE
  1134. [*] Nmap: HOP RTT       ADDRESS
  1135. [*] Nmap: 1   238.20 ms 10.11.1.136
  1136. [*] Nmap: Nmap scan report for 10.11.1.141
  1137. [*] Nmap: Host is up (0.24s latency).
  1138. [*] Nmap: Not shown: 997 closed ports
  1139. [*] Nmap: PORT      STATE SERVICE VERSION
  1140. [*] Nmap: 22/tcp    open  ssh     OpenSSH 4.0 (protocol 2.0)
  1141. [*] Nmap: | ssh-hostkey:
  1142. [*] Nmap: |   1024 fe:cd:bb:f6:36:d4:59:62:92:b4:10:e4:75:04:43:54 (DSA)
  1143. [*] Nmap: |_  1024 9a:99:25:75:ac:04:e5:f9:f7:21:c6:f5:88:4f:12:6a (RSA)
  1144. [*] Nmap: 111/tcp   open  rpcbind 2 (RPC #100000)
  1145. [*] Nmap: | rpcinfo:
  1146. [*] Nmap: |   program version   port/proto  service
  1147. [*] Nmap: |   100000  2            111/tcp  rpcbind
  1148. [*] Nmap: |_  100000  2            111/udp  rpcbind
  1149. [*] Nmap: 10000/tcp open  http    MiniServ 0.01 (Webmin httpd)
  1150. [*] Nmap: |_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
  1151. [*] Nmap: MAC Address: 00:50:56:89:65:3F (VMware)
  1152. [*] Nmap: Device type: general purpose|firewall|proxy server|PBX|WAP|broadband router
  1153. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X (94%), Cisco embedded (91%), Riverbed embedded (91%), Ruckus embedded (90%), FreeBSD 6.X (89%), Zhone embedded (88%), AVM embedded (87%)
  1154. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6 cpe:/h:cisco:sa520 cpe:/h:riverbed:steelhead_200 cpe:/h:cisco:uc320w cpe:/h:ruckus:7363 cpe:/o:freebsd:freebsd:6.2 cpe:/h:avm:fritz%21box_fon_wlan_7170
  1155. [*] Nmap: Aggressive OS guesses: Linux 2.6.18 (94%), Linux 2.6.9 (94%), Linux 2.6.9 - 2.6.27 (93%), Cisco SA520 firewall (Linux 2.6) (91%), Linux 2.6.11 (91%), Linux 2.6.28 (91%), Riverbed Steelhead 200 proxy server (91%), Linux 2.6.30 (90%), Linux 2.6.32 (90%), Linux 2.6.9 (CentOS 4.4) (90%)
  1156. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1157. [*] Nmap: Network Distance: 1 hop
  1158. [*] Nmap: TRACEROUTE
  1159. [*] Nmap: HOP RTT       ADDRESS
  1160. [*] Nmap: 1   239.06 ms 10.11.1.141
  1161. [*] Nmap: Nmap scan report for 10.11.1.145
  1162. [*] Nmap: Host is up (0.24s latency).
  1163. [*] Nmap: Not shown: 995 filtered ports
  1164. [*] Nmap: PORT     STATE SERVICE            VERSION
  1165. [*] Nmap: 135/tcp  open  msrpc              Microsoft Windows RPC
  1166. [*] Nmap: 139/tcp  open  netbios-ssn        Microsoft Windows netbios-ssn
  1167. [*] Nmap: 445/tcp  open  microsoft-ds       Windows Server (R) 2008 Standard 6001 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
  1168. [*] Nmap: 3389/tcp open  ssl/ms-wbt-server?
  1169. [*] Nmap: | ssl-cert: Subject: commonName=HELPDESK
  1170. [*] Nmap: | Not valid before: 2019-09-10T08:36:52
  1171. [*] Nmap: |_Not valid after:  2020-03-11T08:36:52
  1172. [*] Nmap: |_ssl-date: 2019-09-11T11:28:22+00:00; -3s from scanner time.
  1173. [*] Nmap: 8080/tcp open  http               Apache Tomcat/Coyote JSP engine 1.1
  1174. [*] Nmap: | http-cookie-flags:
  1175. [*] Nmap: |   /:
  1176. [*] Nmap: |     JSESSIONID:
  1177. [*] Nmap: |_      httponly flag not set
  1178. [*] Nmap: |_http-server-header: Apache-Coyote/1.1
  1179. [*] Nmap: |_http-title: ManageEngine ServiceDesk Plus
  1180. [*] Nmap: MAC Address: 00:50:56:89:78:BA (VMware)
  1181. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1182. [*] Nmap: Device type: general purpose
  1183. [*] Nmap: Running: Microsoft Windows 7
  1184. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_7
  1185. [*] Nmap: OS details: Microsoft Windows 7
  1186. [*] Nmap: Network Distance: 1 hop
  1187. [*] Nmap: Service Info: Host: HELPDESK; OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2008:r2
  1188. [*] Nmap: Host script results:
  1189. [*] Nmap: |_clock-skew: mean: 1h45m46s, deviation: 3h31m39s, median: -3s
  1190. [*] Nmap: |_nbstat: NetBIOS name: HELPDESK, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:78:ba (VMware)
  1191. [*] Nmap: | smb-os-discovery:
  1192. [*] Nmap: |   OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)
  1193. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
  1194. [*] Nmap: |   Computer name: HELPDESK
  1195. [*] Nmap: |   NetBIOS computer name: HELPDESK\x00
  1196. [*] Nmap: |   Workgroup: WORKGROUP\x00
  1197. [*] Nmap: |_  System time: 2019-09-11T04:31:25-07:00
  1198. [*] Nmap: | smb-security-mode:
  1199. [*] Nmap: |   account_used: <blank>
  1200. [*] Nmap: |   authentication_level: user
  1201. [*] Nmap: |   challenge_response: supported
  1202. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1203. [*] Nmap: | smb2-security-mode:
  1204. [*] Nmap: |   2.02:
  1205. [*] Nmap: |_    Message signing enabled but not required
  1206. [*] Nmap: | smb2-time:
  1207. [*] Nmap: |   date: 2019-09-11 07:31:25
  1208. [*] Nmap: |_  start_date: 2017-06-05 22:08:09
  1209. [*] Nmap: TRACEROUTE
  1210. [*] Nmap: HOP RTT       ADDRESS
  1211. [*] Nmap: 1   239.09 ms 10.11.1.145
  1212. [*] Nmap: Nmap scan report for 10.11.1.146
  1213. [*] Nmap: Host is up (0.26s latency).
  1214. [*] Nmap: Not shown: 998 closed ports
  1215. [*] Nmap: PORT   STATE SERVICE VERSION
  1216. [*] Nmap: 21/tcp open  ftp     ProFTPD 1.3.3a
  1217. [*] Nmap: 22/tcp open  ssh     OpenSSH 5.5p1 Debian 6 (protocol 2.0)
  1218. [*] Nmap: | ssh-hostkey:
  1219. [*] Nmap: |   1024 bb:1e:db:11:2a:c7:90:96:e8:0f:f1:ce:aa:14:6a:c1 (DSA)
  1220. [*] Nmap: |_  2048 67:62:39:ab:ef:7b:2d:e2:70:18:fd:7d:3d:65:bf:c7 (RSA)
  1221. [*] Nmap: MAC Address: 00:50:56:89:5A:7F (VMware)
  1222. [*] Nmap: Aggressive OS guesses: Linux 2.6.32 (99%), HP MSM410 WAP (94%), Linux 2.6.35 (94%), IGEL UD3 thin client (Linux 2.6) (94%), IPFire 2.11 firewall (Linux 2.6.32) (93%), DD-WRT v24-sp1 (Linux 2.4) (92%), Linux 2.6.31 - 2.6.32 (92%), Extreme Networks ExtremeXOS 12.5.4 (91%), DD-WRT v23 (Linux 2.4.34) (91%), Linux 2.6.15 (Ubuntu) (91%)
  1223. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1224. [*] Nmap: Network Distance: 1 hop
  1225. [*] Nmap: Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
  1226. [*] Nmap: TRACEROUTE
  1227. [*] Nmap: HOP RTT       ADDRESS
  1228. [*] Nmap: 1   264.55 ms 10.11.1.146
  1229. [*] Nmap: Nmap scan report for 10.11.1.202
  1230. [*] Nmap: Host is up (0.24s latency).
  1231. [*] Nmap: Not shown: 982 closed ports
  1232. [*] Nmap: PORT     STATE SERVICE       VERSION
  1233. [*] Nmap: 21/tcp   open  ftp           Microsoft ftpd 5.0
  1234. [*] Nmap: |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
  1235. [*] Nmap: | ftp-syst:
  1236. [*] Nmap: |_  SYST: Windows_NT version 5.0
  1237. [*] Nmap: 80/tcp   open  http          Microsoft IIS httpd 5.0
  1238. [*] Nmap: | http-cookie-flags:
  1239. [*] Nmap: |   /:
  1240. [*] Nmap: |     ASPSESSIONIDSSRCCBAQ:
  1241. [*] Nmap: |_      httponly flag not set
  1242. [*] Nmap: | http-methods:
  1243. [*] Nmap: |_  Potentially risky methods: TRACE COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT MOVE MKCOL PROPPATCH
  1244. [*] Nmap: |_http-server-header: Microsoft-IIS/5.0
  1245. [*] Nmap: |_http-title: Under Construction
  1246. [*] Nmap: | http-webdav-scan:
  1247. [*] Nmap: |   WebDAV type: Unkown
  1248. [*] Nmap: |   Server Type: Microsoft-IIS/5.0
  1249. [*] Nmap: |   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
  1250. [*] Nmap: |   Allowed Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
  1251. [*] Nmap: |_  Server Date: Wed, 11 Sep 2019 11:28:18 GMT
  1252. [*] Nmap: 135/tcp  open  msrpc         Microsoft Windows RPC
  1253. [*] Nmap: 139/tcp  open  netbios-ssn   Microsoft Windows netbios-ssn
  1254. [*] Nmap: 443/tcp  open  https?
  1255. [*] Nmap: 445/tcp  open  microsoft-ds  Windows 2000 microsoft-ds
  1256. [*] Nmap: 1029/tcp open  msrpc         Microsoft Windows RPC
  1257. [*] Nmap: 1032/tcp open  msrpc         Microsoft Windows RPC
  1258. [*] Nmap: 1033/tcp open  msrpc         Microsoft Windows RPC
  1259. [*] Nmap: 1038/tcp open  oracle        Oracle Database
  1260. [*] Nmap: 1521/tcp open  oracle-tns    Oracle TNS Listener 9.2.0.1.0 (for 32-bit Windows)
  1261. [*] Nmap: 2030/tcp open  oracle-mts    Oracle MTS Recovery Service
  1262. [*] Nmap: 2100/tcp open  ftp           Oracle Enterprise XML DB ftpd 9.2.0.1.0
  1263. [*] Nmap: | ftp-syst:
  1264. [*] Nmap: |_  SYST: Unix Type:9.2.0.1 Version:Oracle XML DB
  1265. [*] Nmap: 3372/tcp open  msdtc         Microsoft Distributed Transaction Coordinator (error)
  1266. [*] Nmap: 3389/tcp open  ms-wbt-server Microsoft Terminal Service
  1267. [*] Nmap: 4443/tcp open  ssl/pharos?
  1268. [*] Nmap: |_ssl-date: 2019-09-11T11:28:35+00:00; 0s from scanner time.
  1269. [*] Nmap: | sslv2:
  1270. [*] Nmap: |   SSLv2 supported
  1271. [*] Nmap: |   ciphers:
  1272. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  1273. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  1274. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  1275. [*] Nmap: |     SSL2_DES_64_CBC_WITH_MD5
  1276. [*] Nmap: |_    SSL2_RC4_64_WITH_MD5
  1277. [*] Nmap: 7778/tcp open  http          Oracle HTTP Server Powered by Apache 1.3.22 (mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12 mod_oprocmgr/1.0 mod_perl/1.25)
  1278. [*] Nmap: |_http-generator: Mozilla/4.72 [en] (WinNT; U) [Netscape]
  1279. [*] Nmap: | http-methods:
  1280. [*] Nmap: |_  Potentially risky methods: TRACE
  1281. [*] Nmap: |_http-server-header: Oracle HTTP Server Powered by Apache/1.3.22 (Win32) mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12 mod_oprocmgr/1.0 mod_perl/1.25
  1282. [*] Nmap: |_http-title: Oracle HTTP Server Index
  1283. [*] Nmap: 8080/tcp open  http          Oracle XML DB Enterprise Edition httpd 9.2.0.1.0 (Oracle9i Enterprise Edition Release)
  1284. [*] Nmap: | http-auth:
  1285. [*] Nmap: | HTTP/1.1 401 Unauthorized\x0D
  1286. [*] Nmap: |_  Basic realm=XDB
  1287. [*] Nmap: |_http-server-header: Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
  1288. [*] Nmap: |_http-title: 400 Bad Request
  1289. [*] Nmap: MAC Address: 00:50:56:89:2E:00 (VMware)
  1290. [*] Nmap: Device type: general purpose|specialized|power-device
  1291. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2000|2003|7 (98%), Belkin embedded (89%), SMA embedded (89%)
  1292. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7
  1293. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (98%), Microsoft Windows XP SP2 (92%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (91%), Microsoft Windows 2000 SP4 (91%), Microsoft Windows XP SP3 (91%), Microsoft Windows Server 2003 SP2 (90%), Belkin OmniView KVM switch or SMA Sunny WebBox solar panel monitor (89%), Microsoft Windows 7 (89%)
  1294. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1295. [*] Nmap: Network Distance: 1 hop
  1296. [*] Nmap: Service Info: Host: oracle; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_2000
  1297. [*] Nmap: Host script results:
  1298. [*] Nmap: |_clock-skew: mean: -38m55s, deviation: 1h07m24s, median: 0s
  1299. [*] Nmap: |_nbstat: NetBIOS name: ORACLE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:2e:00 (VMware)
  1300. [*] Nmap: | smb-os-discovery:
  1301. [*] Nmap: |   OS: Windows 2000 (Windows 2000 LAN Manager)
  1302. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_2000::-
  1303. [*] Nmap: |   Computer name: oracle
  1304. [*] Nmap: |   NetBIOS computer name: ORACLE\x00
  1305. [*] Nmap: |   Domain name: acme.local
  1306. [*] Nmap: |   FQDN: oracle.acme.local
  1307. [*] Nmap: |_  System time: 2019-09-11T13:31:28+02:00
  1308. [*] Nmap: | smb-security-mode:
  1309. [*] Nmap: |   account_used: guest
  1310. [*] Nmap: |   authentication_level: user
  1311. [*] Nmap: |   challenge_response: supported
  1312. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1313. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  1314. [*] Nmap: TRACEROUTE
  1315. [*] Nmap: HOP RTT       ADDRESS
  1316. [*] Nmap: 1   241.50 ms 10.11.1.202
  1317. [*] Nmap: Nmap scan report for 10.11.1.209
  1318. [*] Nmap: Host is up (0.26s latency).
  1319. [*] Nmap: Not shown: 995 closed ports
  1320. [*] Nmap: PORT     STATE SERVICE VERSION
  1321. [*] Nmap: 22/tcp   open  ssh     SunSSH 1.1.5 (protocol 2.0)
  1322. [*] Nmap: | ssh-hostkey:
  1323. [*] Nmap: |   1024 b0:d1:14:4f:d2:43:20:e4:90:f7:ca:e3:8a:36:39:86 (DSA)
  1324. [*] Nmap: |_  1024 dd:36:f6:09:23:4c:c4:c3:44:d6:6e:2f:6a:ff:b3:12 (RSA)
  1325. [*] Nmap: 80/tcp   open  http    Apache httpd 1.3.41 ((Unix) mod_perl/1.31)
  1326. [*] Nmap: | http-methods:
  1327. [*] Nmap: |_  Potentially risky methods: TRACE
  1328. [*] Nmap: |_http-server-header: Apache/1.3.41 (Unix) mod_perl/1.31
  1329. [*] Nmap: |_http-title: Test Page for the SSL/TLS-aware Apache Installation on Web Site
  1330. [*] Nmap: 111/tcp  open  rpcbind 2-4 (RPC #100000)
  1331. [*] Nmap: 8009/tcp open  ajp13   Apache Jserv (Protocol v1.3)
  1332. [*] Nmap: |_ajp-methods: Failed to get a valid response for the OPTION request
  1333. [*] Nmap: 8080/tcp open  http    Apache Tomcat/Coyote JSP engine 1.1
  1334. [*] Nmap: |_http-favicon: Apache Tomcat
  1335. [*] Nmap: |_http-server-header: Apache-Coyote/1.1
  1336. [*] Nmap: |_http-title: Apache Tomcat/5.5.35
  1337. [*] Nmap: MAC Address: 00:50:56:89:12:0C (VMware)
  1338. [*] Nmap: Device type: general purpose
  1339. [*] Nmap: Running: Sun SunOS 10
  1340. [*] Nmap: OS CPE: cpe:/o:sun:sunos:10
  1341. [*] Nmap: OS details: Sun Solaris 10
  1342. [*] Nmap: Network Distance: 1 hop
  1343. [*] Nmap: TRACEROUTE
  1344. [*] Nmap: HOP RTT       ADDRESS
  1345. [*] Nmap: 1   256.39 ms 10.11.1.209
  1346. [*] Nmap: Nmap scan report for 10.11.1.217
  1347. [*] Nmap: Host is up (0.33s latency).
  1348. [*] Nmap: Not shown: 989 closed ports
  1349. [*] Nmap: PORT     STATE SERVICE    VERSION
  1350. [*] Nmap: 22/tcp   open  ssh        OpenSSH 4.3 (protocol 2.0)
  1351. [*] Nmap: | ssh-hostkey:
  1352. [*] Nmap: |   1024 1a:f6:e5:4c:f5:65:5c:a3:79:ce:e1:30:f9:5a:9c:af (DSA)
  1353. [*] Nmap: |_  2048 b1:9e:c8:ea:eb:4c:fc:55:cb:1e:4d:4c:40:6e:80:f2 (RSA)
  1354. [*] Nmap: 25/tcp   open  smtp?
  1355. [*] Nmap: |_smtp-commands: hotline.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
  1356. [*] Nmap: 80/tcp   open  http       Apache httpd 2.2.3
  1357. [*] Nmap: |_http-server-header: Apache/2.2.3 (CentOS)
  1358. [*] Nmap: |_http-title: Did not follow redirect to https://10.11.1.217/
  1359. [*] Nmap: 110/tcp  open  pop3?
  1360. [*] Nmap: 111/tcp  open  rpcbind    2 (RPC #100000)
  1361. [*] Nmap: | rpcinfo:
  1362. [*] Nmap: |   program version   port/proto  service
  1363. [*] Nmap: |   100000  2            111/tcp  rpcbind
  1364. [*] Nmap: |   100000  2            111/udp  rpcbind
  1365. [*] Nmap: |   100024  1            884/udp  status
  1366. [*] Nmap: |_  100024  1            887/tcp  status
  1367. [*] Nmap: 143/tcp  open  imap?
  1368. [*] Nmap: 443/tcp  open  ssl/http   Apache httpd 2.2.3 ((CentOS))
  1369. [*] Nmap: | http-robots.txt: 1 disallowed entry
  1370. [*] Nmap: |_/
  1371. [*] Nmap: |_http-server-header: Apache/2.2.3 (CentOS)
  1372. [*] Nmap: |_http-title: Elastix - Login page
  1373. [*] Nmap: | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
  1374. [*] Nmap: | Not valid before: 2012-03-23T19:29:13
  1375. [*] Nmap: |_Not valid after:  2013-03-23T19:29:13
  1376. [*] Nmap: |_ssl-date: 2019-09-11T11:26:40+00:00; -1m59s from scanner time.
  1377. [*] Nmap: 993/tcp  open  imaps?
  1378. [*] Nmap: 995/tcp  open  pop3s?
  1379. [*] Nmap: 3306/tcp open  mysql?
  1380. [*] Nmap: |_mysql-info: ERROR: Script execution failed (use -d to debug)
  1381. [*] Nmap: 4445/tcp open  upnotifyp?
  1382. [*] Nmap: MAC Address: 00:50:56:89:57:05 (VMware)
  1383. [*] Nmap: Device type: general purpose
  1384. [*] Nmap: Running: Linux 2.6.X
  1385. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.18
  1386. [*] Nmap: OS details: Linux 2.6.18
  1387. [*] Nmap: Network Distance: 1 hop
  1388. [*] Nmap: Service Info: Host: 127.0.0.1
  1389. [*] Nmap: Host script results:
  1390. [*] Nmap: |_clock-skew: mean: -1m59s, deviation: 0s, median: -1m59s
  1391. [*] Nmap: TRACEROUTE
  1392. [*] Nmap: HOP RTT       ADDRESS
  1393. [*] Nmap: 1   332.33 ms 10.11.1.217
  1394. [*] Nmap: Nmap scan report for 10.11.1.218
  1395. [*] Nmap: Host is up (0.24s latency).
  1396. [*] Nmap: Not shown: 997 filtered ports
  1397. [*] Nmap: PORT    STATE SERVICE      VERSION
  1398. [*] Nmap: 135/tcp open  msrpc        Microsoft Windows RPC
  1399. [*] Nmap: 139/tcp open  netbios-ssn  Microsoft Windows netbios-ssn
  1400. [*] Nmap: 445/tcp open  microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: THINC)
  1401. [*] Nmap: MAC Address: 00:50:56:93:5C:EA (VMware)
  1402. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1403. [*] Nmap: Device type: general purpose
  1404. [*] Nmap: Running: Microsoft Windows 2008|7
  1405. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7
  1406. [*] Nmap: OS details: Microsoft Windows 7 or Windows Server 2008 R2
  1407. [*] Nmap: Network Distance: 1 hop
  1408. [*] Nmap: Service Info: Host: OBSERVER; OS: Windows; CPE: cpe:/o:microsoft:windows
  1409. [*] Nmap: Host script results:
  1410. [*] Nmap: |_clock-skew: mean: -2083d01h13m04s, deviation: 4h38m41s, median: -2083d03h53m59s
  1411. [*] Nmap: |_nbstat: NetBIOS name: OBSERVER, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:5c:ea (VMware)
  1412. [*] Nmap: | smb-os-discovery:
  1413. [*] Nmap: |   OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
  1414. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
  1415. [*] Nmap: |   Computer name: observer
  1416. [*] Nmap: |   NetBIOS computer name: OBSERVER\x00
  1417. [*] Nmap: |   Domain name: thinc.local
  1418. [*] Nmap: |   Forest name: thinc.local
  1419. [*] Nmap: |   FQDN: observer.thinc.local
  1420. [*] Nmap: |_  System time: 2013-12-27T23:37:33-08:00
  1421. [*] Nmap: | smb-security-mode:
  1422. [*] Nmap: |   account_used: <blank>
  1423. [*] Nmap: |   authentication_level: user
  1424. [*] Nmap: |   challenge_response: supported
  1425. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1426. [*] Nmap: | smb2-security-mode:
  1427. [*] Nmap: |   2.02:
  1428. [*] Nmap: |_    Message signing enabled but not required
  1429. [*] Nmap: | smb2-time:
  1430. [*] Nmap: |   date: 2013-12-28 02:37:35
  1431. [*] Nmap: |_  start_date: 2013-12-27 16:08:12
  1432. [*] Nmap: TRACEROUTE
  1433. [*] Nmap: HOP RTT       ADDRESS
  1434. [*] Nmap: 1   240.45 ms 10.11.1.218
  1435. [*] Nmap: Nmap scan report for 10.11.1.219
  1436. [*] Nmap: Host is up (0.24s latency).
  1437. [*] Nmap: Not shown: 999 filtered ports
  1438. [*] Nmap: PORT   STATE SERVICE VERSION
  1439. [*] Nmap: 80/tcp open  http    Apache httpd
  1440. [*] Nmap: |_http-server-header: Apache
  1441. [*] Nmap: |_http-title: Apache2 Ubuntu Default Page: It works
  1442. [*] Nmap: MAC Address: 00:50:56:89:06:25 (VMware)
  1443. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1444. [*] Nmap: Device type: general purpose
  1445. [*] Nmap: Running (JUST GUESSING): Linux 3.X|4.X (90%)
  1446. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
  1447. [*] Nmap: Aggressive OS guesses: Linux 3.10 - 3.16 (90%), Linux 3.11 - 4.1 (89%), Linux 4.4 (89%), Linux 3.2.0 (87%), Linux 3.16 (86%)
  1448. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1449. [*] Nmap: Network Distance: 1 hop
  1450. [*] Nmap: TRACEROUTE
  1451. [*] Nmap: HOP RTT       ADDRESS
  1452. [*] Nmap: 1   239.22 ms 10.11.1.219
  1453. [*] Nmap: Nmap scan report for 10.11.1.220
  1454. [*] Nmap: Host is up (0.24s latency).
  1455. [*] Nmap: Not shown: 980 closed ports
  1456. [*] Nmap: PORT      STATE SERVICE       VERSION
  1457. [*] Nmap: 21/tcp    open  ftp           FileZilla ftpd 0.9.34 beta
  1458. [*] Nmap: | ftp-syst:
  1459. [*] Nmap: |_  SYST: UNIX emulated by FileZilla
  1460. [*] Nmap: 53/tcp    open  domain        Microsoft DNS 6.1.7601 (1DB15D39) (Windows Server 2008 R2 SP1)
  1461. [*] Nmap: | dns-nsid:
  1462. [*] Nmap: |_  bind.version: Microsoft DNS 6.1.7601 (1DB15D39)
  1463. [*] Nmap: 88/tcp    open  kerberos-sec  Microsoft Windows Kerberos (server time: 2013-12-28 07:37:03Z)
  1464. [*] Nmap: 135/tcp   open  msrpc         Microsoft Windows RPC
  1465. [*] Nmap: 139/tcp   open  netbios-ssn   Microsoft Windows netbios-ssn
  1466. [*] Nmap: 389/tcp   open  ldap          Microsoft Windows Active Directory LDAP (Domain: thinc.local, Site: Default-First-Site-Name)
  1467. [*] Nmap: 445/tcp   open  microsoft-ds  Windows Server 2008 R2 Standard 7601 Service Pack 1 microsoft-ds (workgroup: THINC)
  1468. [*] Nmap: 464/tcp   open  kpasswd5?
  1469. [*] Nmap: 593/tcp   open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
  1470. [*] Nmap: 636/tcp   open  tcpwrapped
  1471. [*] Nmap: 3268/tcp  open  ldap          Microsoft Windows Active Directory LDAP (Domain: thinc.local, Site: Default-First-Site-Name)
  1472. [*] Nmap: 3269/tcp  open  tcpwrapped
  1473. [*] Nmap: 3389/tcp  open  ms-wbt-server Microsoft Terminal Service
  1474. [*] Nmap: | ssl-cert: Subject: commonName=master.thinc.local
  1475. [*] Nmap: | Not valid before: 2013-12-27T07:37:01
  1476. [*] Nmap: |_Not valid after:  2014-06-28T07:37:01
  1477. [*] Nmap: |_ssl-date: 2013-12-28T07:37:44+00:00; -5y257d03h53m03s from scanner time.
  1478. [*] Nmap: 49152/tcp open  msrpc         Microsoft Windows RPC
  1479. [*] Nmap: 49153/tcp open  msrpc         Microsoft Windows RPC
  1480. [*] Nmap: 49154/tcp open  msrpc         Microsoft Windows RPC
  1481. [*] Nmap: 49155/tcp open  msrpc         Microsoft Windows RPC
  1482. [*] Nmap: 49157/tcp open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
  1483. [*] Nmap: 49158/tcp open  msrpc         Microsoft Windows RPC
  1484. [*] Nmap: 49165/tcp open  msrpc         Microsoft Windows RPC
  1485. [*] Nmap: MAC Address: 00:50:56:93:3B:04 (VMware)
  1486. [*] Nmap: Device type: general purpose
  1487. [*] Nmap: Running: Microsoft Windows 7
  1488. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_7
  1489. [*] Nmap: OS details: Microsoft Windows 7
  1490. [*] Nmap: Network Distance: 1 hop
  1491. [*] Nmap: Service Info: Host: MASTER; OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2008:r2:sp1
  1492. [*] Nmap: Host script results:
  1493. [*] Nmap: |_clock-skew: mean: -2083d01h53m07s, deviation: 4h01m09s, median: -2083d03h54m02s
  1494. [*] Nmap: |_nbstat: NetBIOS name: MASTER, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:3b:04 (VMware)
  1495. [*] Nmap: | smb-os-discovery:
  1496. [*] Nmap: |   OS: Windows Server 2008 R2 Standard 7601 Service Pack 1 (Windows Server 2008 R2 Standard 6.1)
  1497. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
  1498. [*] Nmap: |   Computer name: master
  1499. [*] Nmap: |   NetBIOS computer name: MASTER\x00
  1500. [*] Nmap: |   Domain name: thinc.local
  1501. [*] Nmap: |   Forest name: thinc.local
  1502. [*] Nmap: |   FQDN: master.thinc.local
  1503. [*] Nmap: |_  System time: 2013-12-27T23:37:31-08:00
  1504. [*] Nmap: | smb-security-mode:
  1505. [*] Nmap: |   account_used: <blank>
  1506. [*] Nmap: |   authentication_level: user
  1507. [*] Nmap: |   challenge_response: supported
  1508. [*] Nmap: |_  message_signing: required
  1509. [*] Nmap: | smb2-security-mode:
  1510. [*] Nmap: |   2.02:
  1511. [*] Nmap: |_    Message signing enabled and required
  1512. [*] Nmap: | smb2-time:
  1513. [*] Nmap: |   date: 2013-12-28 02:37:31
  1514. [*] Nmap: |_  start_date: 2013-12-28 11:16:39
  1515. [*] Nmap: TRACEROUTE
  1516. [*] Nmap: HOP RTT       ADDRESS
  1517. [*] Nmap: 1   239.49 ms 10.11.1.220
  1518. [*] Nmap: Nmap scan report for 10.11.1.221
  1519. [*] Nmap: Host is up (0.24s latency).
  1520. [*] Nmap: Not shown: 995 filtered ports
  1521. [*] Nmap: PORT      STATE SERVICE            VERSION
  1522. [*] Nmap: 53/tcp    open  domain             Microsoft DNS 6.0.6001 (17714650) (Windows Server 2008 SP1)
  1523. [*] Nmap: | dns-nsid:
  1524. [*] Nmap: |_  bind.version: Microsoft DNS 6.0.6001 (17714650)
  1525. [*] Nmap: 135/tcp   open  msrpc              Microsoft Windows RPC
  1526. [*] Nmap: 3389/tcp  open  ssl/ms-wbt-server?
  1527. [*] Nmap: | ssl-cert: Subject: commonName=slave.thinc.local
  1528. [*] Nmap: | Not valid before: 2013-12-26T21:08:51
  1529. [*] Nmap: |_Not valid after:  2014-06-27T21:08:51
  1530. [*] Nmap: |_ssl-date: 2013-12-28T07:37:28+00:00; -5y257d03h51m54s from scanner time.
  1531. [*] Nmap: 5357/tcp  open  http               Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
  1532. [*] Nmap: |_http-server-header: Microsoft-HTTPAPI/2.0
  1533. [*] Nmap: |_http-title: Service Unavailable
  1534. [*] Nmap: 49158/tcp open  msrpc              Microsoft Windows RPC
  1535. [*] Nmap: MAC Address: 00:50:56:93:18:E2 (VMware)
  1536. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1537. [*] Nmap: Device type: general purpose
  1538. [*] Nmap: Running: Microsoft Windows 7
  1539. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_7
  1540. [*] Nmap: OS details: Microsoft Windows 7
  1541. [*] Nmap: Network Distance: 1 hop
  1542. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows_server_2008::sp1, cpe:/o:microsoft:windows
  1543. [*] Nmap: Host script results:
  1544. [*] Nmap: |_clock-skew: mean: -2083d03h51m54s, deviation: 0s, median: -2083d03h51m54s
  1545. [*] Nmap: |_nbstat: NetBIOS name: SLAVE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:18:e2 (VMware)
  1546. [*] Nmap: TRACEROUTE
  1547. [*] Nmap: HOP RTT       ADDRESS
  1548. [*] Nmap: 1   237.13 ms 10.11.1.221
  1549. [*] Nmap: Nmap scan report for 10.11.1.223
  1550. [*] Nmap: Host is up (0.24s latency).
  1551. [*] Nmap: Not shown: 987 closed ports
  1552. [*] Nmap: PORT      STATE SERVICE            VERSION
  1553. [*] Nmap: 80/tcp    open  http               Apache httpd 2.2.14 (DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
  1554. [*] Nmap: | http-methods:
  1555. [*] Nmap: |_  Potentially risky methods: TRACE
  1556. [*] Nmap: |_http-server-header: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
  1557. [*] Nmap: |_http-title: Index of /
  1558. [*] Nmap: 135/tcp   open  msrpc              Microsoft Windows RPC
  1559. [*] Nmap: 139/tcp   open  netbios-ssn        Microsoft Windows netbios-ssn
  1560. [*] Nmap: 443/tcp   open  ssl/http           Apache httpd 2.2.14 (DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
  1561. [*] Nmap: | http-methods:
  1562. [*] Nmap: |_  Potentially risky methods: TRACE
  1563. [*] Nmap: |_http-server-header: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
  1564. [*] Nmap: |_http-title: Index of /
  1565. [*] Nmap: | ssl-cert: Subject: commonName=localhost
  1566. [*] Nmap: | Not valid before: 2009-11-10T23:48:47
  1567. [*] Nmap: |_Not valid after:  2019-11-08T23:48:47
  1568. [*] Nmap: |_ssl-date: 2019-09-11T11:28:58+00:00; -5s from scanner time.
  1569. [*] Nmap: | sslv2:
  1570. [*] Nmap: |   SSLv2 supported
  1571. [*] Nmap: |   ciphers:
  1572. [*] Nmap: |     SSL2_DES_192_EDE3_CBC_WITH_MD5
  1573. [*] Nmap: |     SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
  1574. [*] Nmap: |     SSL2_RC4_128_WITH_MD5
  1575. [*] Nmap: |     SSL2_RC4_128_EXPORT40_WITH_MD5
  1576. [*] Nmap: |     SSL2_IDEA_128_CBC_WITH_MD5
  1577. [*] Nmap: |     SSL2_RC2_128_CBC_WITH_MD5
  1578. [*] Nmap: |_    SSL2_DES_64_CBC_WITH_MD5
  1579. [*] Nmap: 445/tcp   open  microsoft-ds       Windows Server (R) 2008 Standard 6001 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
  1580. [*] Nmap: 3306/tcp  open  mysql?
  1581. [*] Nmap: |_mysql-info: ERROR: Script execution failed (use -d to debug)
  1582. [*] Nmap: 3389/tcp  open  ssl/ms-wbt-server?
  1583. [*] Nmap: | ssl-cert: Subject: commonName=Jeff
  1584. [*] Nmap: | Not valid before: 2019-09-09T03:47:08
  1585. [*] Nmap: |_Not valid after:  2020-03-10T03:47:08
  1586. [*] Nmap: |_ssl-date: 2019-09-11T11:29:01+00:00; -5s from scanner time.
  1587. [*] Nmap: 49152/tcp open  msrpc              Microsoft Windows RPC
  1588. [*] Nmap: 49153/tcp open  msrpc              Microsoft Windows RPC
  1589. [*] Nmap: 49154/tcp open  msrpc              Microsoft Windows RPC
  1590. [*] Nmap: 49155/tcp open  msrpc              Microsoft Windows RPC
  1591. [*] Nmap: 49156/tcp open  msrpc              Microsoft Windows RPC
  1592. [*] Nmap: 49157/tcp open  msrpc              Microsoft Windows RPC
  1593. [*] Nmap: MAC Address: 00:50:56:89:32:E3 (VMware)
  1594. [*] Nmap: Device type: general purpose
  1595. [*] Nmap: Running: Microsoft Windows 2008|7
  1596. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_7
  1597. [*] Nmap: OS details: Microsoft Windows 7 or Windows Server 2008 R2
  1598. [*] Nmap: Network Distance: 1 hop
  1599. [*] Nmap: Service Info: Hosts: localhost, JEFF; OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2008:r2
  1600. [*] Nmap: Host script results:
  1601. [*] Nmap: |_clock-skew: mean: 1h24m25s, deviation: 3h08m58s, median: -5s
  1602. [*] Nmap: |_nbstat: NetBIOS name: JEFF, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:32:e3 (VMware)
  1603. [*] Nmap: | smb-os-discovery:
  1604. [*] Nmap: |   OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)
  1605. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
  1606. [*] Nmap: |   Computer name: Jeff
  1607. [*] Nmap: |   NetBIOS computer name: JEFF\x00
  1608. [*] Nmap: |   Workgroup: WORKGROUP\x00
  1609. [*] Nmap: |_  System time: 2019-09-11T04:31:30-07:00
  1610. [*] Nmap: | smb-security-mode:
  1611. [*] Nmap: |   account_used: guest
  1612. [*] Nmap: |   authentication_level: user
  1613. [*] Nmap: |   challenge_response: supported
  1614. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1615. [*] Nmap: | smb2-security-mode:
  1616. [*] Nmap: |   2.02:
  1617. [*] Nmap: |_    Message signing enabled but not required
  1618. [*] Nmap: | smb2-time:
  1619. [*] Nmap: |   date: 2019-09-11 07:31:30
  1620. [*] Nmap: |_  start_date: 2016-05-22 08:28:08
  1621. [*] Nmap: TRACEROUTE
  1622. [*] Nmap: HOP RTT       ADDRESS
  1623. [*] Nmap: 1   238.58 ms 10.11.1.223
  1624. [*] Nmap: Nmap scan report for 10.11.1.226
  1625. [*] Nmap: Host is up (0.24s latency).
  1626. [*] Nmap: Not shown: 998 filtered ports
  1627. [*] Nmap: PORT     STATE  SERVICE       VERSION
  1628. [*] Nmap: 21/tcp   open   ftp           GuildFTPd
  1629. [*] Nmap: 3389/tcp closed ms-wbt-server
  1630. [*] Nmap: MAC Address: 00:50:56:89:51:F6 (VMware)
  1631. [*] Nmap: Device type: general purpose|WAP
  1632. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2003|2000 (94%), Apple embedded (89%)
  1633. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_server_2003::sp2 cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_2000::sp4
  1634. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (94%), Microsoft Windows Server 2003 SP2 (92%), Microsoft Windows Server 2003 (90%), Apple AirPort Extreme WAP (89%), Microsoft Windows 2000 SP4 (88%), Microsoft Windows XP SP3 (87%), Microsoft Windows Server 2003 SP1 or SP2 (86%), Microsoft Windows Server 2003 SP1 (85%), Microsoft Windows XP SP2 (85%)
  1635. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1636. [*] Nmap: Network Distance: 1 hop
  1637. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  1638. [*] Nmap: TRACEROUTE
  1639. [*] Nmap: HOP RTT       ADDRESS
  1640. [*] Nmap: 1   238.61 ms 10.11.1.226
  1641. [*] Nmap: Nmap scan report for 10.11.1.227
  1642. [*] Nmap: Host is up (0.24s latency).
  1643. [*] Nmap: Not shown: 987 closed ports
  1644. [*] Nmap: PORT     STATE SERVICE      VERSION
  1645. [*] Nmap: 21/tcp   open  ftp          Microsoft ftpd 5.0
  1646. [*] Nmap: |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
  1647. [*] Nmap: | ftp-syst:
  1648. [*] Nmap: |_  SYST: Windows_NT version 5.0
  1649. [*] Nmap: 25/tcp   open  smtp         Microsoft ESMTP 5.0.2195.5329
  1650. [*] Nmap: | smtp-commands: jd.acme.local Hello [10.11.0.96], AUTH GSSAPI NTLM LOGIN, AUTH=LOGIN, TURN, ATRN, SIZE 2097152, ETRN, PIPELINING, DSN, ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, OK,
  1651. [*] Nmap: |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ATRN ETRN BDAT VRFY
  1652. [*] Nmap: | smtp-ntlm-info:
  1653. [*] Nmap: |   Target_Name: JD
  1654. [*] Nmap: |   NetBIOS_Domain_Name: JD
  1655. [*] Nmap: |   NetBIOS_Computer_Name: JD
  1656. [*] Nmap: |   DNS_Domain_Name: jd.acme.local
  1657. [*] Nmap: |   DNS_Computer_Name: jd.acme.local
  1658. [*] Nmap: |_  Product_Version: 5.0.2195
  1659. [*] Nmap: 80/tcp   open  http         Microsoft IIS httpd 5.0
  1660. [*] Nmap: | http-methods:
  1661. [*] Nmap: |_  Potentially risky methods: TRACE COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT MOVE MKCOL PROPPATCH
  1662. [*] Nmap: |_http-server-header: Microsoft-IIS/5.0
  1663. [*] Nmap: |_http-title: Directory Listing Denied
  1664. [*] Nmap: | http-webdav-scan:
  1665. [*] Nmap: |   WebDAV type: Unkown
  1666. [*] Nmap: |   Server Type: Microsoft-IIS/5.0
  1667. [*] Nmap: |   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
  1668. [*] Nmap: |   Allowed Methods: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
  1669. [*] Nmap: |_  Server Date: Wed, 11 Sep 2019 11:29:07 GMT
  1670. [*] Nmap: 135/tcp  open  msrpc        Microsoft Windows RPC
  1671. [*] Nmap: 139/tcp  open  netbios-ssn  Microsoft Windows netbios-ssn
  1672. [*] Nmap: 443/tcp  open  https?
  1673. [*] Nmap: 445/tcp  open  microsoft-ds Windows 2000 microsoft-ds
  1674. [*] Nmap: 1025/tcp open  msrpc        Microsoft Windows RPC
  1675. [*] Nmap: 1026/tcp open  msrpc        Microsoft Windows RPC
  1676. [*] Nmap: 1028/tcp open  msrpc        Microsoft Windows RPC
  1677. [*] Nmap: 3372/tcp open  msdtc        Microsoft Distributed Transaction Coordinator (error)
  1678. [*] Nmap: 5800/tcp open  vnc-http     RealVNC 4.0 (resolution: 400x250; VNC TCP port: 5900)
  1679. [*] Nmap: |_http-server-header: RealVNC/4.0
  1680. [*] Nmap: |_http-title: VNC viewer for Java
  1681. [*] Nmap: 5900/tcp open  vnc          VNC (protocol 3.8)
  1682. [*] Nmap: | vnc-info:
  1683. [*] Nmap: |   Protocol version: 3.8
  1684. [*] Nmap: |   Security types:
  1685. [*] Nmap: |_    VNC Authentication (2)
  1686. [*] Nmap: MAC Address: 00:50:56:89:0E:65 (VMware)
  1687. [*] Nmap: Device type: general purpose|specialized|power-device
  1688. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2000|2003|7 (98%), Belkin embedded (89%), SMA embedded (89%)
  1689. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_7
  1690. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (98%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (91%), Microsoft Windows XP SP2 (91%), Microsoft Windows 2000 SP4 (90%), Microsoft Windows XP SP3 (90%), Microsoft Windows Server 2003 SP2 (90%), Belkin OmniView KVM switch or SMA Sunny WebBox solar panel monitor (89%), Microsoft Windows 7 (89%)
  1691. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1692. [*] Nmap: Network Distance: 1 hop
  1693. [*] Nmap: Service Info: Host: jd.acme.local; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_2000
  1694. [*] Nmap: Host script results:
  1695. [*] Nmap: |_clock-skew: mean: -58m56s, deviation: 1h23m07s, median: -1h57m43s
  1696. [*] Nmap: | ms-sql-info:
  1697. [*] Nmap: |   Windows server name: JD
  1698. [*] Nmap: |   10.11.1.227\MSSQLSERVER:
  1699. [*] Nmap: |     Instance name: MSSQLSERVER
  1700. [*] Nmap: |     Version:
  1701. [*] Nmap: |       name: Microsoft SQL Server 2000 RTM
  1702. [*] Nmap: |       number: 8.00.194.00
  1703. [*] Nmap: |       Product: Microsoft SQL Server 2000
  1704. [*] Nmap: |       Service pack level: RTM
  1705. [*] Nmap: |       Post-SP patches applied: false
  1706. [*] Nmap: |     TCP port: 27900
  1707. [*] Nmap: |     Named pipe: \\10.11.1.227\pipe\sql\query
  1708. [*] Nmap: |_    Clustered: false
  1709. [*] Nmap: |_nbstat: NetBIOS name: JD, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:0e:65 (VMware)
  1710. [*] Nmap: | smb-os-discovery:
  1711. [*] Nmap: |   OS: Windows 2000 (Windows 2000 LAN Manager)
  1712. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_2000::-
  1713. [*] Nmap: |   Computer name: jd
  1714. [*] Nmap: |   NetBIOS computer name: JD\x00
  1715. [*] Nmap: |   Workgroup: WORKGROUP\x00
  1716. [*] Nmap: |_  System time: 2019-09-11T13:31:26+02:00
  1717. [*] Nmap: | smb-security-mode:
  1718. [*] Nmap: |   account_used: guest
  1719. [*] Nmap: |   authentication_level: user
  1720. [*] Nmap: |   challenge_response: supported
  1721. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1722. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  1723. [*] Nmap: TRACEROUTE
  1724. [*] Nmap: HOP RTT       ADDRESS
  1725. [*] Nmap: 1   239.49 ms 10.11.1.227
  1726. [*] Nmap: Nmap scan report for 10.11.1.229
  1727. [*] Nmap: Host is up (0.24s latency).
  1728. [*] Nmap: Not shown: 988 filtered ports
  1729. [*] Nmap: PORT     STATE  SERVICE       VERSION
  1730. [*] Nmap: 21/tcp   open   tcpwrapped
  1731. [*] Nmap: 23/tcp   closed telnet
  1732. [*] Nmap: 25/tcp   open   smtp          hMailServer smtpd
  1733. [*] Nmap: | smtp-commands: MAIL, SIZE 20480000, AUTH LOGIN,
  1734. [*] Nmap: |_ 211 DATA HELO EHLO MAIL NOOP QUIT RCPT RSET SAML TURN VRFY
  1735. [*] Nmap: 80/tcp   open   http          Microsoft IIS httpd 6.0
  1736. [*] Nmap: | http-methods:
  1737. [*] Nmap: |_  Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
  1738. [*] Nmap: |_http-server-header: Microsoft-IIS/6.0
  1739. [*] Nmap: |_http-title: 10.11.1.229 - /
  1740. [*] Nmap: | http-webdav-scan:
  1741. [*] Nmap: |   WebDAV type: Unkown
  1742. [*] Nmap: |   Server Type: Microsoft-IIS/6.0
  1743. [*] Nmap: |   Public Options: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
  1744. [*] Nmap: |   Allowed Methods: OPTIONS, TRACE, GET, HEAD, DELETE, COPY, MOVE, PROPFIND, PROPPATCH, SEARCH, MKCOL, LOCK, UNLOCK
  1745. [*] Nmap: |_  Server Date: Wed, 11 Sep 2019 11:29:22 GMT
  1746. [*] Nmap: 110/tcp  open   pop3          hMailServer pop3d
  1747. [*] Nmap: |_pop3-capabilities: ERROR: Script execution failed (use -d to debug)
  1748. [*] Nmap: 135/tcp  open   msrpc         Microsoft Windows RPC
  1749. [*] Nmap: 139/tcp  open   netbios-ssn   Windows Server 2003 3790 Service Pack 1 netbios-ssn
  1750. [*] Nmap: 143/tcp  open   imap          hMailServer imapd
  1751. [*] Nmap: |_imap-capabilities: OK SORT ACL IMAP4rev1 CHILDREN NAMESPACE IMAP4 QUOTA CAPABILITY RIGHTS=texkA0001 completed IDLE
  1752. [*] Nmap: 443/tcp  closed https
  1753. [*] Nmap: 1025/tcp open   msrpc         Microsoft Windows RPC
  1754. [*] Nmap: 2869/tcp closed icslap
  1755. [*] Nmap: 3389/tcp open   ms-wbt-server Microsoft Terminal Service
  1756. [*] Nmap: MAC Address: 00:50:56:93:03:7A (VMware)
  1757. [*] Nmap: Device type: general purpose|media device
  1758. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2003|2000|PocketPC/CE (95%), Motorola embedded (86%)
  1759. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_ce:5.0 cpe:/h:motorola:vip1216
  1760. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (95%), Microsoft Windows Server 2003 SP2 (93%), Microsoft Windows XP SP3 (90%), Microsoft Windows Server 2003 SP1 or SP2 (88%), Microsoft Windows XP SP2 (87%), Microsoft Windows Server 2003 SP1 (87%), Microsoft Windows Server 2003 SP0 - SP2 (87%), Microsoft Windows Server 2003 (87%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (86%), Microsoft Windows 2000 SP4 (86%)
  1761. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1762. [*] Nmap: Network Distance: 1 hop
  1763. [*] Nmap: Service Info: Host: MAIL; OS: Windows; CPE: cpe:/o:microsoft:windows
  1764. [*] Nmap: Host script results:
  1765. [*] Nmap: |_clock-skew: mean: 2h31m14s, deviation: 3h33m58s, median: -4s
  1766. [*] Nmap: |_nbstat: NetBIOS name: MAIL, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:93:03:7a (VMware)
  1767. [*] Nmap: | smb-os-discovery:
  1768. [*] Nmap: |   OS: Windows Server 2003 3790 Service Pack 1 (Windows Server 2003 5.2)
  1769. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_server_2003::sp1
  1770. [*] Nmap: |   Computer name: mail
  1771. [*] Nmap: |   NetBIOS computer name: MAIL\x00
  1772. [*] Nmap: |   Workgroup: WORKGROUP\x00
  1773. [*] Nmap: |_  System time: 2019-09-11T06:31:53-05:00
  1774. [*] Nmap: | smb-security-mode:
  1775. [*] Nmap: |   account_used: guest
  1776. [*] Nmap: |   authentication_level: user
  1777. [*] Nmap: |   challenge_response: supported
  1778. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1779. [*] Nmap: |_smb2-time: Protocol negotiation failed (SMB2)
  1780. [*] Nmap: TRACEROUTE
  1781. [*] Nmap: HOP RTT       ADDRESS
  1782. [*] Nmap: 1   239.51 ms 10.11.1.229
  1783. [*] Nmap: Nmap scan report for 10.11.1.230
  1784. [*] Nmap: Host is up (0.24s latency).
  1785. [*] Nmap: Not shown: 989 closed ports
  1786. [*] Nmap: PORT      STATE SERVICE            VERSION
  1787. [*] Nmap: 80/tcp    open  http               GoAhead WebServer
  1788. [*] Nmap: |_http-server-header: GoAhead-Webs
  1789. [*] Nmap: | http-title: HP Power Manager
  1790. [*] Nmap: |_Requested resource was http://10.11.1.230/index.asp
  1791. [*] Nmap: 135/tcp   open  msrpc              Microsoft Windows RPC
  1792. [*] Nmap: 139/tcp   open  netbios-ssn        Microsoft Windows netbios-ssn
  1793. [*] Nmap: 445/tcp   open  microsoft-ds       Windows 7 Ultimate N 7600 microsoft-ds (workgroup: WORKGROUP)
  1794. [*] Nmap: 3389/tcp  open  ssl/ms-wbt-server?
  1795. [*] Nmap: | ssl-cert: Subject: commonName=kevin
  1796. [*] Nmap: | Not valid before: 2019-09-08T21:36:17
  1797. [*] Nmap: |_Not valid after:  2020-03-09T21:36:17
  1798. [*] Nmap: |_ssl-date: 2019-09-11T11:30:28+00:00; -6s from scanner time.
  1799. [*] Nmap: 49152/tcp open  msrpc              Microsoft Windows RPC
  1800. [*] Nmap: 49153/tcp open  msrpc              Microsoft Windows RPC
  1801. [*] Nmap: 49154/tcp open  msrpc              Microsoft Windows RPC
  1802. [*] Nmap: 49155/tcp open  msrpc              Microsoft Windows RPC
  1803. [*] Nmap: 49156/tcp open  msrpc              Microsoft Windows RPC
  1804. [*] Nmap: 49157/tcp open  msrpc              Microsoft Windows RPC
  1805. [*] Nmap: MAC Address: 00:50:56:89:1F:2A (VMware)
  1806. [*] Nmap: Device type: general purpose
  1807. [*] Nmap: Running: Microsoft Windows 7
  1808. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_7
  1809. [*] Nmap: OS details: Microsoft Windows 7
  1810. [*] Nmap: Network Distance: 1 hop
  1811. [*] Nmap: Service Info: Host: KEVIN; OS: Windows; CPE: cpe:/o:microsoft:windows
  1812. [*] Nmap: Host script results:
  1813. [*] Nmap: |_clock-skew: mean: 1h45m27s, deviation: 3h31m05s, median: -6s
  1814. [*] Nmap: |_nbstat: NetBIOS name: KEVIN, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:1f:2a (VMware)
  1815. [*] Nmap: | smb-os-discovery:
  1816. [*] Nmap: |   OS: Windows 7 Ultimate N 7600 (Windows 7 Ultimate N 6.1)
  1817. [*] Nmap: |   OS CPE: cpe:/o:microsoft:windows_7::-
  1818. [*] Nmap: |   Computer name: kevin
  1819. [*] Nmap: |   NetBIOS computer name: KEVIN\x00
  1820. [*] Nmap: |   Workgroup: WORKGROUP\x00
  1821. [*] Nmap: |_  System time: 2019-09-11T04:31:33-07:00
  1822. [*] Nmap: | smb-security-mode:
  1823. [*] Nmap: |   account_used: guest
  1824. [*] Nmap: |   authentication_level: user
  1825. [*] Nmap: |   challenge_response: supported
  1826. [*] Nmap: |_  message_signing: disabled (dangerous, but default)
  1827. [*] Nmap: | smb2-security-mode:
  1828. [*] Nmap: |   2.02:
  1829. [*] Nmap: |_    Message signing enabled but not required
  1830. [*] Nmap: | smb2-time:
  1831. [*] Nmap: |   date: 2019-09-11 07:31:33
  1832. [*] Nmap: |_  start_date: 2016-05-22 08:55:46
  1833. [*] Nmap: TRACEROUTE
  1834. [*] Nmap: HOP RTT       ADDRESS
  1835. [*] Nmap: 1   239.07 ms 10.11.1.230
  1836. [*] Nmap: Nmap scan report for 10.11.1.234
  1837. [*] Nmap: Host is up (0.24s latency).
  1838. [*] Nmap: Not shown: 998 closed ports
  1839. [*] Nmap: PORT   STATE SERVICE VERSION
  1840. [*] Nmap: 22/tcp open  ssh     OpenSSH 5.3p1 Debian 3ubuntu3 (Ubuntu Linux; protocol 2.0)
  1841. [*] Nmap: | ssh-hostkey:
  1842. [*] Nmap: |   1024 2c:83:67:02:29:20:87:99:87:55:95:92:6c:8d:a4:a3 (DSA)
  1843. [*] Nmap: |_  2048 6b:91:08:a8:c0:90:ac:68:bd:c9:cd:9c:be:69:2b:ac (RSA)
  1844. [*] Nmap: 80/tcp open  http    Apache httpd 2.2.14 ((Ubuntu))
  1845. [*] Nmap: |_http-server-header: Apache/2.2.14 (Ubuntu)
  1846. [*] Nmap: |_http-title: Business Statistics | New Server for Thinc&#039;s Business Sta...
  1847. [*] Nmap: MAC Address: 00:50:56:89:0F:AD (VMware)
  1848. [*] Nmap: Device type: general purpose|terminal|WAP|firewall|security-misc|switch
  1849. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X|2.4.X (95%), IGEL embedded (95%), HP embedded (94%), IPFire 2.X (93%), Fortinet FortiOS 5.X (92%), Check Point embedded (91%), Extreme Networks ExtremeXOS 12.X (91%)
  1850. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:2.6 cpe:/h:igel:ud3 cpe:/h:hp:msm410 cpe:/o:ipfire:ipfire:2.11 cpe:/o:linux:linux_kernel:2.4 cpe:/o:fortinet:fortios:5.0.6 cpe:/o:extremenetworks:extremexos:12.5.4
  1851. [*] Nmap: Aggressive OS guesses: Linux 2.6.32 (95%), Linux 2.6.35 (95%), IGEL UD3 thin client (Linux 2.6) (95%), HP MSM410 WAP (94%), IPFire 2.11 firewall (Linux 2.6.32) (93%), DD-WRT v24-sp1 (Linux 2.4) (92%), Fortinet FortiOS 5.0.6 (92%), Linux 2.6.31 - 2.6.32 (92%), Check Point UTM-1 Edge X firewall (91%), Extreme Networks ExtremeXOS 12.5.4 (91%)
  1852. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1853. [*] Nmap: Network Distance: 1 hop
  1854. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1855. [*] Nmap: TRACEROUTE
  1856. [*] Nmap: HOP RTT       ADDRESS
  1857. [*] Nmap: 1   239.73 ms 10.11.1.234
  1858. [*] Nmap: Nmap scan report for 10.11.1.237
  1859. [*] Nmap: Host is up (0.24s latency).
  1860. [*] Nmap: Not shown: 996 closed ports
  1861. [*] Nmap: PORT    STATE SERVICE  VERSION
  1862. [*] Nmap: 22/tcp  open  ssh      OpenSSH 6.0p1 Debian 4 (protocol 2.0)
  1863. [*] Nmap: | ssh-hostkey:
  1864. [*] Nmap: |   1024 fc:89:ba:50:c2:ea:2d:ab:b9:19:f1:f9:0a:b4:c0:5a (DSA)
  1865. [*] Nmap: |   2048 de:2d:b8:bd:43:8a:c3:28:2b:d3:22:84:d0:6c:e0:9d (RSA)
  1866. [*] Nmap: |_  256 a5:58:4d:9d:e8:61:de:55:83:e2:71:6b:5d:ad:83:e2 (ECDSA)
  1867. [*] Nmap: 80/tcp  open  http     Apache httpd 2.2.22 ((Debian))
  1868. [*] Nmap: |_http-server-header: Apache/2.2.22 (Debian)
  1869. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  1870. [*] Nmap: 111/tcp open  rpcbind  2-4 (RPC #100000)
  1871. [*] Nmap: | rpcinfo:
  1872. [*] Nmap: |   program version   port/proto  service
  1873. [*] Nmap: |   100000  2,3,4        111/tcp  rpcbind
  1874. [*] Nmap: |   100000  2,3,4        111/udp  rpcbind
  1875. [*] Nmap: |   100024  1          43033/tcp  status
  1876. [*] Nmap: |_  100024  1          51243/udp  status
  1877. [*] Nmap: 443/tcp open  ssl/http Apache httpd 2.2.22 ((Debian))
  1878. [*] Nmap: |_http-server-header: Apache/2.2.22 (Debian)
  1879. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  1880. [*] Nmap: | ssl-cert: Subject: commonName=localhost
  1881. [*] Nmap: | Not valid before: 2013-12-26T16:25:05
  1882. [*] Nmap: |_Not valid after:  2023-12-24T16:25:05
  1883. [*] Nmap: |_ssl-date: 2019-09-11T11:29:29+00:00; -12s from scanner time.
  1884. [*] Nmap: MAC Address: 00:50:56:89:67:4E (VMware)
  1885. [*] Nmap: Aggressive OS guesses: Linux 3.2 - 3.8 (95%), Linux 3.8 (95%), WatchGuard Fireware 11.8 (95%), Linux 3.5 (93%), Linux 3.1 - 3.2 (93%), Linux 2.6.32 - 2.6.39 (93%), Linux 3.0 - 3.2 (92%), Linux 2.6.32 (91%), Linux 2.6.32 or 3.10 (91%), Linux 3.0 or 3.5 (91%)
  1886. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1887. [*] Nmap: Network Distance: 1 hop
  1888. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1889. [*] Nmap: Host script results:
  1890. [*] Nmap: |_clock-skew: mean: -12s, deviation: 0s, median: -12s
  1891. [*] Nmap: TRACEROUTE
  1892. [*] Nmap: HOP RTT       ADDRESS
  1893. [*] Nmap: 1   239.85 ms 10.11.1.237
  1894. [*] Nmap: Nmap scan report for 10.11.1.238
  1895. [*] Nmap: Host is up (0.24s latency).
  1896. [*] Nmap: Not shown: 996 closed ports
  1897. [*] Nmap: PORT    STATE SERVICE  VERSION
  1898. [*] Nmap: 22/tcp  open  ssh      OpenSSH 6.0p1 Debian 4 (protocol 2.0)
  1899. [*] Nmap: | ssh-hostkey:
  1900. [*] Nmap: |   1024 fc:89:ba:50:c2:ea:2d:ab:b9:19:f1:f9:0a:b4:c0:5a (DSA)
  1901. [*] Nmap: |   2048 de:2d:b8:bd:43:8a:c3:28:2b:d3:22:84:d0:6c:e0:9d (RSA)
  1902. [*] Nmap: |_  256 a5:58:4d:9d:e8:61:de:55:83:e2:71:6b:5d:ad:83:e2 (ECDSA)
  1903. [*] Nmap: 80/tcp  open  http     Apache httpd 2.2.22 ((Debian))
  1904. [*] Nmap: |_http-server-header: Apache/2.2.22 (Debian)
  1905. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  1906. [*] Nmap: 111/tcp open  rpcbind  2-4 (RPC #100000)
  1907. [*] Nmap: | rpcinfo:
  1908. [*] Nmap: |   program version   port/proto  service
  1909. [*] Nmap: |   100000  2,3,4        111/tcp  rpcbind
  1910. [*] Nmap: |   100000  2,3,4        111/udp  rpcbind
  1911. [*] Nmap: |   100024  1          39665/tcp  status
  1912. [*] Nmap: |_  100024  1          58526/udp  status
  1913. [*] Nmap: 443/tcp open  ssl/http Apache httpd 2.2.22 ((Debian))
  1914. [*] Nmap: |_http-server-header: Apache/2.2.22 (Debian)
  1915. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  1916. [*] Nmap: | ssl-cert: Subject: commonName=localhost
  1917. [*] Nmap: | Not valid before: 2013-12-26T16:25:05
  1918. [*] Nmap: |_Not valid after:  2023-12-24T16:25:05
  1919. [*] Nmap: |_ssl-date: 2019-09-11T11:30:37+00:00; -9s from scanner time.
  1920. [*] Nmap: MAC Address: 00:50:56:89:38:1C (VMware)
  1921. [*] Nmap: Aggressive OS guesses: Linux 3.2 - 3.8 (94%), Linux 3.5 (94%), WatchGuard Fireware 11.8 (94%), Linux 3.1 - 3.2 (93%), Linux 3.8 (93%), Linux 2.6.32 - 2.6.39 (92%), Linux 2.6.32 or 3.10 (91%), Linux 3.3 (91%), Linux 2.6.36 (91%), Linux 3.11 - 4.1 (91%)
  1922. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1923. [*] Nmap: Network Distance: 1 hop
  1924. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1925. [*] Nmap: Host script results:
  1926. [*] Nmap: |_clock-skew: mean: -9s, deviation: 0s, median: -9s
  1927. [*] Nmap: TRACEROUTE
  1928. [*] Nmap: HOP RTT       ADDRESS
  1929. [*] Nmap: 1   238.05 ms 10.11.1.238
  1930. [*] Nmap: Nmap scan report for 10.11.1.247
  1931. [*] Nmap: Host is up (0.24s latency).
  1932. [*] Nmap: Not shown: 999 filtered ports
  1933. [*] Nmap: PORT     STATE SERVICE       VERSION
  1934. [*] Nmap: 3389/tcp open  ms-wbt-server Microsoft Terminal Service
  1935. [*] Nmap: MAC Address: 00:50:56:89:4B:D3 (VMware)
  1936. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1937. [*] Nmap: Device type: general purpose|WAP
  1938. [*] Nmap: Running (JUST GUESSING): Microsoft Windows XP|2000|2003 (96%), Apple embedded (90%)
  1939. [*] Nmap: OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_2000::sp4 cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_server_2003::sp2
  1940. [*] Nmap: Aggressive OS guesses: Microsoft Windows XP (96%), Microsoft Windows 2000 SP4 (90%), Apple AirPort Extreme WAP (90%), Microsoft Windows XP SP3 (89%), Microsoft Windows Server 2003 SP2 (86%)
  1941. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1942. [*] Nmap: Network Distance: 1 hop
  1943. [*] Nmap: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
  1944. [*] Nmap: TRACEROUTE
  1945. [*] Nmap: HOP RTT       ADDRESS
  1946. [*] Nmap: 1   239.40 ms 10.11.1.247
  1947. [*] Nmap: Nmap scan report for 10.11.1.251
  1948. [*] Nmap: Host is up (0.25s latency).
  1949. [*] Nmap: Not shown: 998 filtered ports
  1950. [*] Nmap: PORT   STATE SERVICE VERSION
  1951. [*] Nmap: 22/tcp open  ssh     OpenSSH 5.1p1 Debian 5ubuntu1 (Ubuntu Linux; protocol 2.0)
  1952. [*] Nmap: | ssh-hostkey:
  1953. [*] Nmap: |   1024 fd:35:c0:66:fc:2a:d0:76:c0:33:55:21:cb:70:55:54 (DSA)
  1954. [*] Nmap: |_  2048 bf:e1:ee:61:60:a5:3d:28:0f:af:7d:85:0c:19:c5:8d (RSA)
  1955. [*] Nmap: 80/tcp open  http    Apache httpd 2.2.11 ((Ubuntu) PHP/5.2.6-3ubuntu4.4 with Suhosin-Patch)
  1956. [*] Nmap: | http-methods:
  1957. [*] Nmap: |_  Potentially risky methods: TRACE
  1958. [*] Nmap: |_http-server-header: Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.4 with Suhosin-Patch
  1959. [*] Nmap: |_http-title: Site doesn't have a title (text/html).
  1960. [*] Nmap: MAC Address: 00:50:56:89:1E:0E (VMware)
  1961. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1962. [*] Nmap: Device type: general purpose|switch|firewall|printer|broadband router|remote management|security-misc
  1963. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X|3.X (92%), Extreme Networks ExtremeXOS 12.X (89%), Barracuda Networks embedded (89%), Canon embedded (87%), D-Link embedded (87%), HP embedded (87%), Linksys embedded (87%), HP Onboard Administrator 4.X (86%)
  1964. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:extremenetworks:extremexos:12.5.4 cpe:/h:canon:imagerunner_advance_c5051 cpe:/h:dlink:dsl-2540b cpe:/a:hp:onboard_administrator:2.04 cpe:/h:linksys:wrv200 cpe:/o:linux:linux_kernel:3.2.0 cpe:/a:hp:onboard_administrator:4
  1965. [*] Nmap: Aggressive OS guesses: Linux 2.6.32 (92%), Linux 2.6.24 (Debian) (90%), Extreme Networks ExtremeXOS 12.5.4 (89%), Linux 2.6.15 - 2.6.26 (likely embedded) (89%), Linux 2.6.26 (89%), Barracuda Web Application Firewall 460 (89%), Linux 2.6.23 (88%), Linux 2.6.22 (Debian 4.0) (88%), Canon imageRUNNER ADVANCE C5051 printer (87%), D-Link DSL-2540B ADSL router (87%)
  1966. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1967. [*] Nmap: Network Distance: 1 hop
  1968. [*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
  1969. [*] Nmap: TRACEROUTE
  1970. [*] Nmap: HOP RTT       ADDRESS
  1971. [*] Nmap: 1   246.64 ms 10.11.1.251
  1972. [*] Nmap: Nmap scan report for 10.11.1.252
  1973. [*] Nmap: Host is up (0.24s latency).
  1974. [*] Nmap: Not shown: 998 filtered ports
  1975. [*] Nmap: PORT     STATE SERVICE    VERSION
  1976. [*] Nmap: 8000/tcp open  http       Apache httpd 2.2.3 ((CentOS))
  1977. [*] Nmap: |_http-open-proxy: Proxy might be redirecting requests
  1978. [*] Nmap: |_http-server-header: Apache/2.2.3 (CentOS)
  1979. [*] Nmap: | http-title: TimeClock Software :: Dev. Dpt. Thinc.local :: Log In
  1980. [*] Nmap: |_Requested resource was login.php
  1981. [*] Nmap: 8888/tcp open  http-proxy Squid http proxy 3.3.8
  1982. [*] Nmap: |_http-server-header: squid/3.3.8
  1983. [*] Nmap: |_http-title: Endian Firewall -  The requested URL could not be retrieved
  1984. [*] Nmap: MAC Address: 00:50:56:89:6F:1A (VMware)
  1985. [*] Nmap: Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  1986. [*] Nmap: Device type: general purpose|firewall|WAP|proxy server|PBX
  1987. [*] Nmap: Running (JUST GUESSING): Linux 2.6.X (91%), Cisco embedded (87%), ZoneAlarm embedded (87%), Ruckus embedded (87%), Riverbed embedded (86%)
  1988. [*] Nmap: OS CPE: cpe:/o:linux:linux_kernel:2.6.18 cpe:/o:linux:linux_kernel:2.6 cpe:/h:cisco:sa520 cpe:/h:zonealarm:z100g cpe:/h:ruckus:7363 cpe:/h:riverbed:steelhead_200 cpe:/h:cisco:uc320w
  1989. [*] Nmap: Aggressive OS guesses: Linux 2.6.18 (91%), Linux 2.6.9 - 2.6.27 (89%), Linux 2.6.9 (89%), Cisco SA520 firewall (Linux 2.6) (87%), Linux 2.6.11 (87%), Linux 2.6.28 (87%), Linux 2.6.30 (87%), ZoneAlarm Z100G WAP (87%), Ruckus 7363 WAP (87%), Linux 2.6.22.1-32.fc6 (x86, SMP) (86%)
  1990. [*] Nmap: No exact OS matches for host (test conditions non-ideal).
  1991. [*] Nmap: Network Distance: 1 hop
  1992. [*] Nmap: TRACEROUTE
  1993. [*] Nmap: HOP RTT       ADDRESS
  1994. [*] Nmap: 1   240.10 ms 10.11.1.252
  1995. [*] Nmap: Post-scan script results:
  1996. [*] Nmap: | clock-skew:
  1997. [*] Nmap: |   1h45m46s:
  1998. [*] Nmap: |     10.11.1.145
  1999. [*] Nmap: |     10.11.1.75
  2000. [*] Nmap: |   40m29s:
  2001. [*] Nmap: |     10.11.1.24
  2002. [*] Nmap: |_    10.11.1.136
  2003. [*] Nmap: | ssh-hostkey: Possible duplicate hosts
  2004. [*] Nmap: | Key 256 a5:58:4d:9d:e8:61:de:55:83:e2:71:6b:5d:ad:83:e2 (ECDSA) used by:
  2005. [*] Nmap: |   10.11.1.237
  2006. [*] Nmap: |   10.11.1.238
  2007. [*] Nmap: | Key 1024 fc:89:ba:50:c2:ea:2d:ab:b9:19:f1:f9:0a:b4:c0:5a (DSA) used by:
  2008. [*] Nmap: |   10.11.1.237
  2009. [*] Nmap: |   10.11.1.238
  2010. [*] Nmap: | Key 2048 de:2d:b8:bd:43:8a:c3:28:2b:d3:22:84:d0:6c:e0:9d (RSA) used by:
  2011. [*] Nmap: |   10.11.1.237
  2012. [*] Nmap: |_  10.11.1.238
  2013. [*] Nmap: OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
  2014. [*] Nmap: Nmap done: 254 IP addresses (45 hosts up) scanned in 8439.13 seconds
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top