Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- nmap -v -sS -A -T4 10.11.1.0-255 -og LAB_OV.txt
- Warning: The -o option is deprecated. Please use -oN
- Starting Nmap 7.25BETA2 ( https://nmap.org ) at 2017-02-13 15:56 PST
- NSE: Loaded 140 scripts for scanning.
- NSE: Script Pre-scanning.
- Initiating NSE at 15:56
- Completed NSE at 15:56, 0.00s elapsed
- Initiating NSE at 15:56
- Completed NSE at 15:56, 0.00s elapsed
- Failed to resolve "LAB_OV.txt".
- Initiating ARP Ping Scan at 15:56
- Scanning 256 hosts [1 port/host]
- Completed ARP Ping Scan at 15:56, 1.63s elapsed (256 total hosts)
- Initiating Parallel DNS resolution of 256 hosts. at 15:56
- Completed Parallel DNS resolution of 256 hosts. at 15:56, 0.07s elapsed
- Nmap scan report for 10.11.1.0 [host down]
- Nmap scan report for 10.11.1.1 [host down]
- Nmap scan report for 10.11.1.2 [host down]
- Nmap scan report for 10.11.1.3 [host down]
- Nmap scan report for 10.11.1.4 [host down]
- Nmap scan report for 10.11.1.6 [host down]
- Nmap scan report for 10.11.1.9 [host down]
- Nmap scan report for 10.11.1.11 [host down]
- Nmap scan report for 10.11.1.12 [host down]
- Nmap scan report for 10.11.1.15 [host down]
- Nmap scan report for 10.11.1.16 [host down]
- Nmap scan report for 10.11.1.17 [host down]
- Nmap scan report for 10.11.1.18 [host down]
- Nmap scan report for 10.11.1.19 [host down]
- Nmap scan report for 10.11.1.20 [host down]
- Nmap scan report for 10.11.1.21 [host down]
- Nmap scan report for 10.11.1.23 [host down]
- Nmap scan report for 10.11.1.25 [host down]
- Nmap scan report for 10.11.1.26 [host down]
- Nmap scan report for 10.11.1.27 [host down]
- Nmap scan report for 10.11.1.28 [host down]
- Nmap scan report for 10.11.1.29 [host down]
- Nmap scan report for 10.11.1.30 [host down]
- Nmap scan report for 10.11.1.32 [host down]
- Nmap scan report for 10.11.1.33 [host down]
- Nmap scan report for 10.11.1.34 [host down]
- Nmap scan report for 10.11.1.36 [host down]
- Nmap scan report for 10.11.1.37 [host down]
- Nmap scan report for 10.11.1.38 [host down]
- Nmap scan report for 10.11.1.40 [host down]
- Nmap scan report for 10.11.1.41 [host down]
- Nmap scan report for 10.11.1.42 [host down]
- Nmap scan report for 10.11.1.43 [host down]
- Nmap scan report for 10.11.1.45 [host down]
- Nmap scan report for 10.11.1.46 [host down]
- Nmap scan report for 10.11.1.47 [host down]
- Nmap scan report for 10.11.1.48 [host down]
- Nmap scan report for 10.11.1.51 [host down]
- Nmap scan report for 10.11.1.52 [host down]
- Nmap scan report for 10.11.1.53 [host down]
- Nmap scan report for 10.11.1.54 [host down]
- Nmap scan report for 10.11.1.55 [host down]
- Nmap scan report for 10.11.1.56 [host down]
- Nmap scan report for 10.11.1.57 [host down]
- Nmap scan report for 10.11.1.58 [host down]
- Nmap scan report for 10.11.1.59 [host down]
- Nmap scan report for 10.11.1.60 [host down]
- Nmap scan report for 10.11.1.61 [host down]
- Nmap scan report for 10.11.1.62 [host down]
- Nmap scan report for 10.11.1.63 [host down]
- Nmap scan report for 10.11.1.64 [host down]
- Nmap scan report for 10.11.1.65 [host down]
- Nmap scan report for 10.11.1.66 [host down]
- Nmap scan report for 10.11.1.67 [host down]
- Nmap scan report for 10.11.1.68 [host down]
- Nmap scan report for 10.11.1.69 [host down]
- Nmap scan report for 10.11.1.70 [host down]
- Nmap scan report for 10.11.1.74 [host down]
- Nmap scan report for 10.11.1.75 [host down]
- Nmap scan report for 10.11.1.76 [host down]
- Nmap scan report for 10.11.1.77 [host down]
- Nmap scan report for 10.11.1.78 [host down]
- Nmap scan report for 10.11.1.79 [host down]
- Nmap scan report for 10.11.1.80 [host down]
- Nmap scan report for 10.11.1.81 [host down]
- Nmap scan report for 10.11.1.82 [host down]
- Nmap scan report for 10.11.1.83 [host down]
- Nmap scan report for 10.11.1.84 [host down]
- Nmap scan report for 10.11.1.85 [host down]
- Nmap scan report for 10.11.1.86 [host down]
- Nmap scan report for 10.11.1.87 [host down]
- Nmap scan report for 10.11.1.88 [host down]
- Nmap scan report for 10.11.1.89 [host down]
- Nmap scan report for 10.11.1.90 [host down]
- Nmap scan report for 10.11.1.91 [host down]
- Nmap scan report for 10.11.1.92 [host down]
- Nmap scan report for 10.11.1.93 [host down]
- Nmap scan report for 10.11.1.94 [host down]
- Nmap scan report for 10.11.1.95 [host down]
- Nmap scan report for 10.11.1.96 [host down]
- Nmap scan report for 10.11.1.97 [host down]
- Nmap scan report for 10.11.1.98 [host down]
- Nmap scan report for 10.11.1.99 [host down]
- Nmap scan report for 10.11.1.100 [host down]
- Nmap scan report for 10.11.1.101 [host down]
- Nmap scan report for 10.11.1.102 [host down]
- Nmap scan report for 10.11.1.103 [host down]
- Nmap scan report for 10.11.1.104 [host down]
- Nmap scan report for 10.11.1.105 [host down]
- Nmap scan report for 10.11.1.106 [host down]
- Nmap scan report for 10.11.1.107 [host down]
- Nmap scan report for 10.11.1.108 [host down]
- Nmap scan report for 10.11.1.109 [host down]
- Nmap scan report for 10.11.1.110 [host down]
- Nmap scan report for 10.11.1.111 [host down]
- Nmap scan report for 10.11.1.112 [host down]
- Nmap scan report for 10.11.1.113 [host down]
- Nmap scan report for 10.11.1.114 [host down]
- Nmap scan report for 10.11.1.117 [host down]
- Nmap scan report for 10.11.1.118 [host down]
- Nmap scan report for 10.11.1.119 [host down]
- Nmap scan report for 10.11.1.120 [host down]
- Nmap scan report for 10.11.1.121 [host down]
- Nmap scan report for 10.11.1.122 [host down]
- Nmap scan report for 10.11.1.123 [host down]
- Nmap scan report for 10.11.1.124 [host down]
- Nmap scan report for 10.11.1.126 [host down]
- Nmap scan report for 10.11.1.127 [host down]
- Nmap scan report for 10.11.1.129 [host down]
- Nmap scan report for 10.11.1.130 [host down]
- Nmap scan report for 10.11.1.131 [host down]
- Nmap scan report for 10.11.1.132 [host down]
- Nmap scan report for 10.11.1.134 [host down]
- Nmap scan report for 10.11.1.135 [host down]
- Nmap scan report for 10.11.1.137 [host down]
- Nmap scan report for 10.11.1.138 [host down]
- Nmap scan report for 10.11.1.139 [host down]
- Nmap scan report for 10.11.1.140 [host down]
- Nmap scan report for 10.11.1.142 [host down]
- Nmap scan report for 10.11.1.143 [host down]
- Nmap scan report for 10.11.1.144 [host down]
- Nmap scan report for 10.11.1.147 [host down]
- Nmap scan report for 10.11.1.148 [host down]
- Nmap scan report for 10.11.1.149 [host down]
- Nmap scan report for 10.11.1.150 [host down]
- Nmap scan report for 10.11.1.151 [host down]
- Nmap scan report for 10.11.1.152 [host down]
- Nmap scan report for 10.11.1.153 [host down]
- Nmap scan report for 10.11.1.154 [host down]
- Nmap scan report for 10.11.1.155 [host down]
- Nmap scan report for 10.11.1.156 [host down]
- Nmap scan report for 10.11.1.157 [host down]
- Nmap scan report for 10.11.1.158 [host down]
- Nmap scan report for 10.11.1.159 [host down]
- Nmap scan report for 10.11.1.160 [host down]
- Nmap scan report for 10.11.1.161 [host down]
- Nmap scan report for 10.11.1.162 [host down]
- Nmap scan report for 10.11.1.163 [host down]
- Nmap scan report for 10.11.1.164 [host down]
- Nmap scan report for 10.11.1.165 [host down]
- Nmap scan report for 10.11.1.166 [host down]
- Nmap scan report for 10.11.1.167 [host down]
- Nmap scan report for 10.11.1.168 [host down]
- Nmap scan report for 10.11.1.169 [host down]
- Nmap scan report for 10.11.1.170 [host down]
- Nmap scan report for 10.11.1.171 [host down]
- Nmap scan report for 10.11.1.172 [host down]
- Nmap scan report for 10.11.1.173 [host down]
- Nmap scan report for 10.11.1.174 [host down]
- Nmap scan report for 10.11.1.175 [host down]
- Nmap scan report for 10.11.1.176 [host down]
- Nmap scan report for 10.11.1.177 [host down]
- Nmap scan report for 10.11.1.178 [host down]
- Nmap scan report for 10.11.1.179 [host down]
- Nmap scan report for 10.11.1.180 [host down]
- Nmap scan report for 10.11.1.181 [host down]
- Nmap scan report for 10.11.1.182 [host down]
- Nmap scan report for 10.11.1.183 [host down]
- Nmap scan report for 10.11.1.184 [host down]
- Nmap scan report for 10.11.1.185 [host down]
- Nmap scan report for 10.11.1.186 [host down]
- Nmap scan report for 10.11.1.187 [host down]
- Nmap scan report for 10.11.1.188 [host down]
- Nmap scan report for 10.11.1.189 [host down]
- Nmap scan report for 10.11.1.190 [host down]
- Nmap scan report for 10.11.1.191 [host down]
- Nmap scan report for 10.11.1.192 [host down]
- Nmap scan report for 10.11.1.193 [host down]
- Nmap scan report for 10.11.1.194 [host down]
- Nmap scan report for 10.11.1.195 [host down]
- Nmap scan report for 10.11.1.196 [host down]
- Nmap scan report for 10.11.1.197 [host down]
- Nmap scan report for 10.11.1.198 [host down]
- Nmap scan report for 10.11.1.199 [host down]
- Nmap scan report for 10.11.1.200 [host down]
- Nmap scan report for 10.11.1.201 [host down]
- Nmap scan report for 10.11.1.203 [host down]
- Nmap scan report for 10.11.1.204 [host down]
- Nmap scan report for 10.11.1.205 [host down]
- Nmap scan report for 10.11.1.206 [host down]
- Nmap scan report for 10.11.1.207 [host down]
- Nmap scan report for 10.11.1.208 [host down]
- Nmap scan report for 10.11.1.210 [host down]
- Nmap scan report for 10.11.1.211 [host down]
- Nmap scan report for 10.11.1.212 [host down]
- Nmap scan report for 10.11.1.213 [host down]
- Nmap scan report for 10.11.1.214 [host down]
- Nmap scan report for 10.11.1.215 [host down]
- Nmap scan report for 10.11.1.216 [host down]
- Nmap scan report for 10.11.1.222 [host down]
- Nmap scan report for 10.11.1.224 [host down]
- Nmap scan report for 10.11.1.225 [host down]
- Nmap scan report for 10.11.1.228 [host down]
- Nmap scan report for 10.11.1.231 [host down]
- Nmap scan report for 10.11.1.232 [host down]
- Nmap scan report for 10.11.1.233 [host down]
- Nmap scan report for 10.11.1.235 [host down]
- Nmap scan report for 10.11.1.236 [host down]
- Nmap scan report for 10.11.1.239 [host down]
- Nmap scan report for 10.11.1.240 [host down]
- Nmap scan report for 10.11.1.241 [host down]
- Nmap scan report for 10.11.1.242 [host down]
- Nmap scan report for 10.11.1.243 [host down]
- Nmap scan report for 10.11.1.244 [host down]
- Nmap scan report for 10.11.1.245 [host down]
- Nmap scan report for 10.11.1.246 [host down]
- Nmap scan report for 10.11.1.248 [host down]
- Nmap scan report for 10.11.1.249 [host down]
- Nmap scan report for 10.11.1.250 [host down]
- Nmap scan report for 10.11.1.253 [host down]
- Nmap scan report for 10.11.1.254 [host down]
- Nmap scan report for 10.11.1.255 [host down]
- Initiating SYN Stealth Scan at 15:56
- Scanning 44 hosts [1000 ports/host]
- Discovered open port 25/tcp on 10.11.1.22
- Discovered open port 25/tcp on 10.11.1.115
- Discovered open port 25/tcp on 10.11.1.72
- Discovered open port 25/tcp on 10.11.1.128
- Discovered open port 25/tcp on 10.11.1.217
- Discovered open port 25/tcp on 10.11.1.227
- Discovered open port 25/tcp on 10.11.1.229
- Discovered open port 993/tcp on 10.11.1.24
- Discovered open port 443/tcp on 10.11.1.8
- Discovered open port 443/tcp on 10.11.1.22
- Discovered open port 443/tcp on 10.11.1.35
- Discovered open port 443/tcp on 10.11.1.115
- Discovered open port 443/tcp on 10.11.1.128
- Discovered open port 993/tcp on 10.11.1.217
- Discovered open port 443/tcp on 10.11.1.223
- Discovered open port 443/tcp on 10.11.1.227
- Discovered open port 443/tcp on 10.11.1.237
- Discovered open port 443/tcp on 10.11.1.238
- Discovered open port 21/tcp on 10.11.1.22
- Discovered open port 21/tcp on 10.11.1.8
- Discovered open port 21/tcp on 10.11.1.13
- Discovered open port 443/tcp on 10.11.1.202
- Discovered open port 443/tcp on 10.11.1.217
- Discovered open port 21/tcp on 10.11.1.220
- Discovered open port 21/tcp on 10.11.1.227
- Discovered open port 21/tcp on 10.11.1.128
- Discovered open port 21/tcp on 10.11.1.115
- Discovered open port 21/tcp on 10.11.1.202
- Discovered open port 21/tcp on 10.11.1.116
- Discovered open port 21/tcp on 10.11.1.229
- Discovered open port 135/tcp on 10.11.1.128
- Discovered open port 135/tcp on 10.11.1.202
- Discovered open port 135/tcp on 10.11.1.220
- Discovered open port 23/tcp on 10.11.1.22
- Discovered open port 21/tcp on 10.11.1.146
- Discovered open port 135/tcp on 10.11.1.221
- Discovered open port 135/tcp on 10.11.1.227
- Discovered open port 135/tcp on 10.11.1.223
- Discovered open port 135/tcp on 10.11.1.230
- Discovered open port 135/tcp on 10.11.1.49
- Discovered open port 135/tcp on 10.11.1.5
- Discovered open port 135/tcp on 10.11.1.31
- Discovered open port 143/tcp on 10.11.1.115
- Discovered open port 143/tcp on 10.11.1.116
- Discovered open port 135/tcp on 10.11.1.218
- Discovered open port 199/tcp on 10.11.1.22
- Discovered open port 111/tcp on 10.11.1.22
- Discovered open port 111/tcp on 10.11.1.8
- Discovered open port 143/tcp on 10.11.1.24
- Discovered open port 199/tcp on 10.11.1.115
- Discovered open port 111/tcp on 10.11.1.141
- Discovered open port 3389/tcp on 10.11.1.202
- Discovered open port 143/tcp on 10.11.1.217
- Discovered open port 3389/tcp on 10.11.1.220
- Discovered open port 3389/tcp on 10.11.1.5
- Discovered open port 111/tcp on 10.11.1.115
- Discovered open port 8080/tcp on 10.11.1.202
- Discovered open port 3389/tcp on 10.11.1.218
- Discovered open port 3389/tcp on 10.11.1.221
- Discovered open port 111/tcp on 10.11.1.72
- Discovered open port 3389/tcp on 10.11.1.230
- Discovered open port 111/tcp on 10.11.1.238
- Discovered open port 3389/tcp on 10.11.1.31
- Discovered open port 111/tcp on 10.11.1.237
- Discovered open port 111/tcp on 10.11.1.209
- Discovered open port 3389/tcp on 10.11.1.223
- Discovered open port 80/tcp on 10.11.1.22
- Discovered open port 3306/tcp on 10.11.1.115
- Discovered open port 3306/tcp on 10.11.1.116
- Discovered open port 8080/tcp on 10.11.1.209
- Discovered open port 80/tcp on 10.11.1.71
- Discovered open port 80/tcp on 10.11.1.202
- Discovered open port 5900/tcp on 10.11.1.227
- Discovered open port 139/tcp on 10.11.1.22
- Discovered open port 80/tcp on 10.11.1.116
- Discovered open port 113/tcp on 10.11.1.136
- Discovered open port 80/tcp on 10.11.1.115
- Discovered open port 5900/tcp on 10.11.1.128
- Discovered open port 111/tcp on 10.11.1.217
- Discovered open port 3306/tcp on 10.11.1.223
- Discovered open port 139/tcp on 10.11.1.202
- Discovered open port 80/tcp on 10.11.1.227
- Discovered open port 80/tcp on 10.11.1.128
- Discovered open port 110/tcp on 10.11.1.116
- Discovered open port 80/tcp on 10.11.1.234
- Discovered open port 139/tcp on 10.11.1.5
- Discovered open port 80/tcp on 10.11.1.72
- Discovered open port 80/tcp on 10.11.1.209
- Discovered open port 445/tcp on 10.11.1.202
- Discovered open port 80/tcp on 10.11.1.238
- Discovered open port 995/tcp on 10.11.1.22
- Discovered open port 110/tcp on 10.11.1.72
- Discovered open port 80/tcp on 10.11.1.133
- Discovered open port 53/tcp on 10.11.1.220
- Discovered open port 139/tcp on 10.11.1.227
- Discovered open port 80/tcp on 10.11.1.230
- Discovered open port 445/tcp on 10.11.1.5
- Discovered open port 139/tcp on 10.11.1.220
- Discovered open port 53/tcp on 10.11.1.221
- Discovered open port 22/tcp on 10.11.1.22
- Discovered open port 1025/tcp on 10.11.1.5
- Discovered open port 3306/tcp on 10.11.1.217
- Discovered open port 139/tcp on 10.11.1.115
- Discovered open port 139/tcp on 10.11.1.221
- Discovered open port 80/tcp on 10.11.1.223
- Discovered open port 445/tcp on 10.11.1.227
- Discovered open port 80/tcp on 10.11.1.24
- Discovered open port 110/tcp on 10.11.1.24
- Discovered open port 80/tcp on 10.11.1.31
- Discovered open port 22/tcp on 10.11.1.71
- Discovered open port 139/tcp on 10.11.1.128
- Discovered open port 139/tcp on 10.11.1.24
- Discovered open port 139/tcp on 10.11.1.230
- Discovered open port 1025/tcp on 10.11.1.227
- Discovered open port 445/tcp on 10.11.1.220
- Discovered open port 445/tcp on 10.11.1.221
- Discovered open port 80/tcp on 10.11.1.237
- Discovered open port 445/tcp on 10.11.1.128
- Discovered open port 139/tcp on 10.11.1.136
- Discovered open port 22/tcp on 10.11.1.141
- Discovered open port 139/tcp on 10.11.1.31
- Discovered open port 1025/tcp on 10.11.1.128
- Discovered open port 22/tcp on 10.11.1.44
- Discovered open port 445/tcp on 10.11.1.136
- Discovered open port 80/tcp on 10.11.1.217
- Discovered open port 139/tcp on 10.11.1.218
- Discovered open port 445/tcp on 10.11.1.230
- Discovered open port 139/tcp on 10.11.1.223
- Discovered open port 445/tcp on 10.11.1.31
- Discovered open port 22/tcp on 10.11.1.116
- Discovered open port 22/tcp on 10.11.1.209
- Discovered open port 1025/tcp on 10.11.1.31
- Discovered open port 21/tcp on 10.11.1.14
- Discovered open port 445/tcp on 10.11.1.24
- Discovered open port 995/tcp on 10.11.1.24
- Discovered open port 22/tcp on 10.11.1.115
- Discovered open port 22/tcp on 10.11.1.72
- Discovered open port 110/tcp on 10.11.1.217
- Discovered open port 22/tcp on 10.11.1.24
- Discovered open port 22/tcp on 10.11.1.136
- Discovered open port 22/tcp on 10.11.1.238
- Discovered open port 445/tcp on 10.11.1.223
- Discovered open port 445/tcp on 10.11.1.218
- Discovered open port 135/tcp on 10.11.1.73
- Discovered open port 21/tcp on 10.11.1.125
- Discovered open port 22/tcp on 10.11.1.237
- Discovered open port 135/tcp on 10.11.1.229
- Discovered open port 135/tcp on 10.11.1.50
- Discovered open port 143/tcp on 10.11.1.229
- Discovered open port 135/tcp on 10.11.1.145
- Discovered open port 995/tcp on 10.11.1.217
- Discovered open port 3389/tcp on 10.11.1.14
- Discovered open port 21/tcp on 10.11.1.226
- Discovered open port 2049/tcp on 10.11.1.72
- Discovered open port 8009/tcp on 10.11.1.209
- Discovered open port 22/tcp on 10.11.1.217
- Discovered open port 3306/tcp on 10.11.1.8
- Discovered open port 3389/tcp on 10.11.1.7
- Discovered open port 3389/tcp on 10.11.1.73
- Discovered open port 3389/tcp on 10.11.1.13
- Discovered open port 3389/tcp on 10.11.1.247
- Discovered open port 8000/tcp on 10.11.1.44
- Discovered open port 80/tcp on 10.11.1.8
- Discovered open port 3389/tcp on 10.11.1.145
- Discovered open port 8080/tcp on 10.11.1.73
- Discovered open port 3306/tcp on 10.11.1.39
- Discovered open port 22/tcp on 10.11.1.234
- Discovered open port 8080/tcp on 10.11.1.145
- Discovered open port 139/tcp on 10.11.1.8
- Discovered open port 80/tcp on 10.11.1.39
- Discovered open port 3306/tcp on 10.11.1.73
- Discovered open port 80/tcp on 10.11.1.219
- Discovered open port 5900/tcp on 10.11.1.73
- Discovered open port 3389/tcp on 10.11.1.229
- Discovered open port 80/tcp on 10.11.1.13
- Discovered open port 139/tcp on 10.11.1.145
- Discovered open port 445/tcp on 10.11.1.8
- Discovered open port 80/tcp on 10.11.1.49
- Discovered open port 80/tcp on 10.11.1.14
- Discovered open port 80/tcp on 10.11.1.50
- Discovered open port 445/tcp on 10.11.1.145
- Discovered open port 80/tcp on 10.11.1.10
- Discovered open port 139/tcp on 10.11.1.73
- Discovered open port 139/tcp on 10.11.1.49
- Discovered open port 554/tcp on 10.11.1.73
- Discovered open port 22/tcp on 10.11.1.146
- Discovered open port 445/tcp on 10.11.1.73
- Discovered open port 22/tcp on 10.11.1.8
- Discovered open port 8888/tcp on 10.11.1.252
- Discovered open port 22/tcp on 10.11.1.35
- Discovered open port 139/tcp on 10.11.1.50
- Discovered open port 80/tcp on 10.11.1.251
- Discovered open port 636/tcp on 10.11.1.220
- Discovered open port 80/tcp on 10.11.1.229
- Discovered open port 110/tcp on 10.11.1.229
- Discovered open port 139/tcp on 10.11.1.229
- Discovered open port 49154/tcp on 10.11.1.220
- Discovered open port 22/tcp on 10.11.1.39
- Discovered open port 1025/tcp on 10.11.1.229
- Discovered open port 22/tcp on 10.11.1.251
- Discovered open port 49154/tcp on 10.11.1.221
- Discovered open port 1433/tcp on 10.11.1.31
- Discovered open port 49154/tcp on 10.11.1.230
- Discovered open port 49154/tcp on 10.11.1.223
- Discovered open port 8000/tcp on 10.11.1.252
- Discovered open port 49154/tcp on 10.11.1.218
- Discovered open port 49154/tcp on 10.11.1.73
- Discovered open port 49155/tcp on 10.11.1.220
- Discovered open port 49155/tcp on 10.11.1.221
- SYN Stealth Scan Timing: About 14.98% done; ETC: 15:59 (0:02:56 remaining)
- Discovered open port 49155/tcp on 10.11.1.230
- Discovered open port 49155/tcp on 10.11.1.223
- Discovered open port 49155/tcp on 10.11.1.73
- Discovered open port 49155/tcp on 10.11.1.49
- Discovered open port 49155/tcp on 10.11.1.218
- Discovered open port 49155/tcp on 10.11.1.50
- Discovered open port 389/tcp on 10.11.1.220
- Discovered open port 88/tcp on 10.11.1.220
- Discovered open port 49157/tcp on 10.11.1.73
- Discovered open port 1100/tcp on 10.11.1.73
- Discovered open port 49157/tcp on 10.11.1.223
- Discovered open port 1032/tcp on 10.11.1.202
- Discovered open port 49157/tcp on 10.11.1.220
- Discovered open port 49157/tcp on 10.11.1.230
- Discovered open port 49165/tcp on 10.11.1.221
- SYN Stealth Scan Timing: About 28.42% done; ETC: 15:59 (0:02:34 remaining)
- Discovered open port 4445/tcp on 10.11.1.217
- Discovered open port 10000/tcp on 10.11.1.141
- Increasing send delay for 10.11.1.133 from 0 to 5 due to 29 out of 71 dropped probes since last increase.
- Discovered open port 49156/tcp on 10.11.1.73
- Discovered open port 3269/tcp on 10.11.1.220
- Discovered open port 49156/tcp on 10.11.1.223
- Discovered open port 49156/tcp on 10.11.1.230
- Discovered open port 1030/tcp on 10.11.1.202
- Discovered open port 5357/tcp on 10.11.1.221
- Discovered open port 5357/tcp on 10.11.1.73
- Discovered open port 1038/tcp on 10.11.1.202
- Discovered open port 1029/tcp on 10.11.1.128
- Increasing send delay for 10.11.1.133 from 5 to 10 due to 11 out of 11 dropped probes since last increase.
- SYN Stealth Scan Timing: About 46.46% done; ETC: 15:59 (0:01:45 remaining)
- Discovered open port 4443/tcp on 10.11.1.202
- Discovered open port 32768/tcp on 10.11.1.22
- Discovered open port 3268/tcp on 10.11.1.220
- Discovered open port 5800/tcp on 10.11.1.73
- Discovered open port 5800/tcp on 10.11.1.227
- Discovered open port 32768/tcp on 10.11.1.115
- Discovered open port 5800/tcp on 10.11.1.128
- Discovered open port 1026/tcp on 10.11.1.227
- Discovered open port 1026/tcp on 10.11.1.128
- Discovered open port 3372/tcp on 10.11.1.227
- Discovered open port 3372/tcp on 10.11.1.128
- SYN Stealth Scan Timing: About 62.24% done; ETC: 15:59 (0:01:13 remaining)
- Discovered open port 2869/tcp on 10.11.1.73
- Discovered open port 593/tcp on 10.11.1.220
- Discovered open port 3372/tcp on 10.11.1.202
- Discovered open port 464/tcp on 10.11.1.220
- Discovered open port 1063/tcp on 10.11.1.227
- Discovered open port 1521/tcp on 10.11.1.202
- Discovered open port 631/tcp on 10.11.1.8
- Discovered open port 49167/tcp on 10.11.1.220
- Discovered open port 49158/tcp on 10.11.1.220
- SYN Stealth Scan Timing: About 79.24% done; ETC: 15:59 (0:00:40 remaining)
- Discovered open port 1033/tcp on 10.11.1.202
- Completed SYN Stealth Scan against 10.11.1.136 in 151.39s (43 hosts left)
- Discovered open port 119/tcp on 10.11.1.72
- Discovered open port 10243/tcp on 10.11.1.73
- Completed SYN Stealth Scan against 10.11.1.141 in 168.54s (42 hosts left)
- Discovered open port 49152/tcp on 10.11.1.73
- Discovered open port 49152/tcp on 10.11.1.220
- Discovered open port 49152/tcp on 10.11.1.221
- Discovered open port 49152/tcp on 10.11.1.218
- Discovered open port 2100/tcp on 10.11.1.202
- Discovered open port 49152/tcp on 10.11.1.223
- Discovered open port 49152/tcp on 10.11.1.230
- Discovered open port 7778/tcp on 10.11.1.202
- Discovered open port 49153/tcp on 10.11.1.73
- Discovered open port 49153/tcp on 10.11.1.223
- Discovered open port 49153/tcp on 10.11.1.221
- Discovered open port 49153/tcp on 10.11.1.220
- Completed SYN Stealth Scan against 10.11.1.5 in 181.68s (41 hosts left)
- Discovered open port 49153/tcp on 10.11.1.218
- Completed SYN Stealth Scan against 10.11.1.247 in 183.13s (40 hosts left)
- Discovered open port 2030/tcp on 10.11.1.202
- Completed SYN Stealth Scan against 10.11.1.22 in 183.36s (39 hosts left)
- Completed SYN Stealth Scan against 10.11.1.128 in 184.79s (38 hosts left)
- Discovered open port 49153/tcp on 10.11.1.230
- Completed SYN Stealth Scan against 10.11.1.24 in 186.35s (37 hosts left)
- Completed SYN Stealth Scan against 10.11.1.234 in 186.90s (36 hosts left)
- Completed SYN Stealth Scan against 10.11.1.237 in 186.92s (35 hosts left)
- Completed SYN Stealth Scan against 10.11.1.71 in 188.43s (34 hosts left)
- Completed SYN Stealth Scan against 10.11.1.7 in 188.89s (33 hosts left)
- Completed SYN Stealth Scan against 10.11.1.115 in 189.20s (32 hosts left)
- Completed SYN Stealth Scan against 10.11.1.146 in 189.59s (31 hosts left)
- Completed SYN Stealth Scan against 10.11.1.227 in 191.54s (30 hosts left)
- Completed SYN Stealth Scan against 10.11.1.44 in 191.56s (29 hosts left)
- Completed SYN Stealth Scan against 10.11.1.238 in 191.93s (28 hosts left)
- Completed SYN Stealth Scan against 10.11.1.221 in 192.45s (27 hosts left)
- Completed SYN Stealth Scan against 10.11.1.220 in 192.61s (26 hosts left)
- Completed SYN Stealth Scan against 10.11.1.8 in 192.96s (25 hosts left)
- Completed SYN Stealth Scan against 10.11.1.209 in 193.02s (24 hosts left)
- Completed SYN Stealth Scan against 10.11.1.219 in 193.08s (23 hosts left)
- Completed SYN Stealth Scan against 10.11.1.223 in 193.10s (22 hosts left)
- Completed SYN Stealth Scan against 10.11.1.72 in 193.33s (21 hosts left)
- Completed SYN Stealth Scan against 10.11.1.13 in 193.46s (20 hosts left)
- Completed SYN Stealth Scan against 10.11.1.10 in 193.59s (19 hosts left)
- Completed SYN Stealth Scan against 10.11.1.116 in 193.63s (18 hosts left)
- Completed SYN Stealth Scan against 10.11.1.35 in 193.90s (17 hosts left)
- Completed SYN Stealth Scan against 10.11.1.39 in 194.00s (16 hosts left)
- Completed SYN Stealth Scan against 10.11.1.125 in 194.26s (15 hosts left)
- Completed SYN Stealth Scan against 10.11.1.202 in 194.47s (14 hosts left)
- Completed SYN Stealth Scan against 10.11.1.230 in 194.49s (13 hosts left)
- Completed SYN Stealth Scan against 10.11.1.251 in 194.68s (12 hosts left)
- Completed SYN Stealth Scan against 10.11.1.218 in 194.74s (11 hosts left)
- Completed SYN Stealth Scan against 10.11.1.252 in 194.79s (10 hosts left)
- Completed SYN Stealth Scan against 10.11.1.73 in 194.86s (9 hosts left)
- Completed SYN Stealth Scan against 10.11.1.229 in 194.94s (8 hosts left)
- Completed SYN Stealth Scan against 10.11.1.31 in 194.95s (7 hosts left)
- Completed SYN Stealth Scan against 10.11.1.217 in 195.05s (6 hosts left)
- Completed SYN Stealth Scan against 10.11.1.226 in 195.06s (5 hosts left)
- Completed SYN Stealth Scan against 10.11.1.14 in 195.22s (4 hosts left)
- Completed SYN Stealth Scan against 10.11.1.49 in 195.30s (3 hosts left)
- Completed SYN Stealth Scan against 10.11.1.50 in 195.46s (2 hosts left)
- Completed SYN Stealth Scan against 10.11.1.145 in 195.99s (1 host left)
- Completed SYN Stealth Scan at 16:01, 289.10s elapsed (44000 total ports)
- Initiating Service scan at 16:01
- Scanning 273 services on 44 hosts
- Service scan Timing: About 32.97% done; ETC: 16:02 (0:01:03 remaining)
- Service scan Timing: About 63.00% done; ETC: 16:03 (0:00:57 remaining)
- Service scan Timing: About 77.66% done; ETC: 16:04 (0:00:45 remaining)
- Completed Service scan at 16:05, 278.17s elapsed (273 services on 44 hosts)
- Initiating OS detection (try #1) against 44 hosts
- Retrying OS detection (try #2) against 44 hosts
- Retrying OS detection (try #3) against 21 hosts
- adjust_timeouts2: packet supposedly had rtt of -161830 microseconds. Ignoring time.
- adjust_timeouts2: packet supposedly had rtt of -161830 microseconds. Ignoring time.
- Retrying OS detection (try #4) against 21 hosts
- Retrying OS detection (try #5) against 21 hosts
- NSE: Script scanning 44 hosts.
- Initiating NSE at 16:06
- Completed NSE at 16:11, 335.35s elapsed
- Initiating NSE at 16:11
- Completed NSE at 16:11, 2.40s elapsed
- Nmap scan report for 10.11.1.5
- Host is up (0.088s latency).
- Not shown: 995 closed ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
- 445/tcp open microsoft-ds Windows XP microsoft-ds
- 1025/tcp open msrpc Microsoft Windows RPC
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- MAC Address: 00:50:56:89:79:B5 (VMware)
- Device type: general purpose|specialized|power-device|media device
- Running (JUST GUESSING): Microsoft Windows XP|7|2000|2003|PocketPC/CE (94%), Belkin embedded (91%), SMA embedded (91%), Motorola embedded (85%)
- OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_ce cpe:/o:microsoft:windows_ce:5.0 cpe:/h:motorola:vip1216
- Aggressive OS guesses: Microsoft Windows XP (94%), Belkin OmniView KVM switch or SMA Sunny WebBox solar panel monitor (91%), Microsoft Windows 7 (91%), Microsoft Windows XP SP2 (90%), Microsoft Windows XP SP3 (89%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (89%), Microsoft Windows 2000 SP4 (89%), Microsoft Windows Server 2003 SP2 (87%), Microsoft Windows CE 6.0 (86%), Motorola VIP1216 digital set top box (Windows CE 5.0) (85%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=134 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp
- Host script results:
- |_clock-skew: mean: 32m36s, deviation: 0s, median: 32m36s
- | nbstat: NetBIOS name: ALICE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:79:b5 (VMware)
- | Names:
- | ALICE<00> Flags: <unique><active>
- | THINC<00> Flags: <group><active>
- | ALICE<03> Flags: <unique><active>
- | ALICE<20> Flags: <unique><active>
- |_ THINC<1e> Flags: <group><active>
- | smb-os-discovery:
- | OS: Windows XP (Windows 2000 LAN Manager)
- | OS CPE: cpe:/o:microsoft:windows_xp::-
- | Computer name: alice
- | NetBIOS computer name: ALICE
- | Domain name: thinc.local
- | Forest name: thinc.local
- | FQDN: alice.thinc.local
- |_ System time: 2017-02-14T00:39:58+00:00
- | smb-security-mode:
- | account_used: <blank>
- | authentication_level: user
- | challenge_response: supported
- |_ message_signing: disabled (dangerous, but default)
- |_smbv2-enabled: Server doesn't support SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 87.54 ms 10.11.1.5
- Nmap scan report for 10.11.1.7
- Host is up (0.090s latency).
- Not shown: 999 filtered ports
- PORT STATE SERVICE VERSION
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- MAC Address: 00:50:56:89:50:A5 (VMware)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: WAP|general purpose
- Running (JUST GUESSING): Apple embedded (90%), FreeBSD 6.X (85%)
- OS CPE: cpe:/h:apple:airport_extreme cpe:/o:freebsd:freebsd:6.2
- Aggressive OS guesses: Apple AirPort Extreme WAP (90%), FreeBSD 6.2-RELEASE (85%), FreeBSD 6.3-RELEASE (85%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=257 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- TRACEROUTE
- HOP RTT ADDRESS
- 1 90.33 ms 10.11.1.7
- Nmap scan report for 10.11.1.8
- Host is up (0.090s latency).
- Not shown: 990 filtered ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp vsftpd 2.0.1
- | ftp-anon: Anonymous FTP login allowed (FTP code 230)
- |_Can't get directory listing: ERROR
- 22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
- | ssh-hostkey:
- | 1024 89:94:af:2e:5d:c1:da:84:25:11:2c:12:45:c6:70:ac (RSA1)
- | 1024 c1:c5:d1:83:0f:4d:d8:9e:8f:82:4c:be:53:4b:6e:14 (DSA)
- |_ 1024 bc:e1:e6:dd:ab:5e:fd:d1:21:2e:11:7c:d5:b2:03:52 (RSA)
- |_sshv1: Server supports SSHv1
- 25/tcp closed smtp
- 80/tcp open http Apache httpd 2.0.52 ((CentOS))
- | http-methods:
- | Supported Methods: GET HEAD POST OPTIONS TRACE
- |_ Potentially risky methods: TRACE
- | http-robots.txt: 2 disallowed entries
- |_/internal/ /tmp/
- |_http-server-header: Apache/2.0.52 (CentOS)
- |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
- 111/tcp open rpcbind 2 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2 111/tcp rpcbind
- | 100000 2 111/udp rpcbind
- | 100024 1 843/udp status
- |_ 100024 1 846/tcp status
- 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: MYGROUP)
- 443/tcp open ssl/http Apache httpd 2.0.52 ((CentOS))
- | http-methods:
- | Supported Methods: GET HEAD POST OPTIONS TRACE
- |_ Potentially risky methods: TRACE
- | http-robots.txt: 2 disallowed entries
- |_/internal/ /tmp/
- |_http-server-header: Apache/2.0.52 (CentOS)
- |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
- | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
- | Issuer: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
- | Public Key type: rsa
- | Public Key bits: 1024.0
- | Signature Algorithm: md5WithRSAEncryption
- | Not valid before: 2009-09-16T14:03:22
- | Not valid after: 2010-09-16T14:03:22
- | MD5: 1a3c 055e bd46 ad3f 7031 3690 caf7 be26
- |_SHA-1: ef51 f052 448c f74c af1a 9897 b1b1 2292 06e6 d77e
- |_ssl-date: 2017-02-13T14:55:28+00:00; -9h12m36s from scanner time.
- | sslv2:
- | SSLv2 supported
- | ciphers:
- | SSL2_RC4_128_WITH_MD5
- | SSL2_RC4_64_WITH_MD5
- | SSL2_DES_64_CBC_WITH_MD5
- | SSL2_DES_192_EDE3_CBC_WITH_MD5
- | SSL2_RC4_128_EXPORT40_WITH_MD5
- | SSL2_RC2_128_CBC_WITH_MD5
- |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
- 445/tcp open netbios-ssn Samba smbd 3.0.33-0.17.el4 (workgroup: MYGROUP)
- 631/tcp open ipp CUPS 1.1
- | http-methods:
- | Supported Methods: GET HEAD OPTIONS POST PUT
- |_ Potentially risky methods: PUT
- |_http-title: 403 Forbidden
- 3306/tcp open mysql?
- |_mysql-info: ERROR: Script execution failed (use -d to debug)
- MAC Address: 00:50:56:89:55:6D (VMware)
- Device type: firewall|general purpose|proxy server|WAP|PBX|media device
- Running (JUST GUESSING): Linux 2.6.X (93%), Cisco embedded (93%), Riverbed embedded (93%), Ruckus embedded (93%), FreeBSD 6.X (89%), Sony embedded (89%), AVM embedded (88%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/h:cisco:sa520 cpe:/o:linux:linux_kernel:2.6.9 cpe:/h:riverbed:steelhead_200 cpe:/h:ruckus:7363 cpe:/h:cisco:uc320w cpe:/o:freebsd:freebsd:6.2 cpe:/h:avm:fritz%21box_fon_wlan_7170
- Aggressive OS guesses: Cisco SA520 firewall (Linux 2.6) (93%), Linux 2.6.9 (CentOS 4.4) (93%), Linux 2.6.9 - 2.6.27 (93%), Riverbed Steelhead 200 proxy server (93%), Ruckus 7363 WAP (93%), Linux 2.6.9 (93%), Linux 2.6.28 (92%), Linux 2.6.30 (92%), Linux 2.6.11 (90%), Linux 2.6.32 (90%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 1.096 days (since Sun Feb 12 13:53:30 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=202 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: OS: Unix
- Host script results:
- |_clock-skew: mean: -9h12m36s, deviation: 0s, median: -9h12m36s
- | smb-os-discovery:
- | OS: Unix (Samba 3.0.33-0.17.el4)
- | Computer name: phoenix
- | NetBIOS computer name:
- | Domain name:
- | FQDN: phoenix
- |_ System time: 2017-02-13T09:55:29-05:00
- | smb-security-mode:
- | account_used: guest
- | authentication_level: user
- | challenge_response: supported
- |_ message_signing: disabled (dangerous, but default)
- |_smbv2-enabled: Server doesn't support SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 89.84 ms 10.11.1.8
- Nmap scan report for 10.11.1.10
- Host is up (0.090s latency).
- Not shown: 999 filtered ports
- PORT STATE SERVICE VERSION
- 80/tcp open http Microsoft IIS httpd 6.0
- | http-methods:
- | Supported Methods: OPTIONS TRACE GET HEAD POST
- |_ Potentially risky methods: TRACE
- |_http-server-header: Microsoft-IIS/6.0
- |_http-title: Under Construction
- MAC Address: 00:50:56:89:78:14 (VMware)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|WAP
- Running (JUST GUESSING): Microsoft Windows 2003|XP|2000 (89%), Apple embedded (86%)
- OS CPE: cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2000::sp4 cpe:/h:apple:airport_extreme
- Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (89%), Microsoft Windows XP SP3 (87%), Microsoft Windows 2000 SP4 (87%), Apple AirPort Extreme WAP (86%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- TRACEROUTE
- HOP RTT ADDRESS
- 1 90.27 ms 10.11.1.10
- Nmap scan report for 10.11.1.13
- Host is up (0.13s latency).
- Not shown: 997 filtered ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Microsoft ftpd
- | ftp-anon: Anonymous FTP login allowed (FTP code 230)
- | 01-17-07 06:42PM <DIR> AdminScripts
- | 01-17-07 06:43PM <DIR> ftproot
- | 01-17-07 06:43PM <DIR> iissamples
- | 01-17-07 06:43PM <DIR> Scripts
- |_02-13-17 09:15AM <DIR> wwwroot
- 80/tcp open http Microsoft IIS httpd 5.1
- | http-methods:
- | Supported Methods: OPTIONS TRACE GET HEAD DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT POST
- |_ Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
- |_http-server-header: Microsoft-IIS/5.1
- |_http-title: Site doesn't have a title (text/html).
- |_http-webdav-scan: ERROR: Script execution failed (use -d to debug)
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- MAC Address: 00:50:56:89:45:F8 (VMware)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: WAP
- Running (JUST GUESSING): Apple embedded (86%)
- OS CPE: cpe:/h:apple:airport_extreme
- Aggressive OS guesses: Apple AirPort Extreme WAP (86%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=140 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- TRACEROUTE
- HOP RTT ADDRESS
- 1 125.11 ms 10.11.1.13
- Nmap scan report for 10.11.1.14
- Host is up (0.088s latency).
- Not shown: 997 filtered ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Microsoft ftpd
- 80/tcp open http Microsoft IIS httpd 5.1
- | http-methods:
- | Supported Methods: OPTIONS TRACE GET HEAD DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT POST
- |_ Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
- |_http-server-header: Microsoft-IIS/5.1
- |_http-title: Site doesn't have a title (text/html).
- |_http-webdav-scan: ERROR: Script execution failed (use -d to debug)
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- MAC Address: 00:50:56:89:42:8D (VMware)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: WAP|general purpose
- Running (JUST GUESSING): Apple embedded (86%), Microsoft Windows 2003|XP (86%)
- OS CPE: cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp::sp3
- Aggressive OS guesses: Apple AirPort Extreme WAP (86%), Microsoft Windows Server 2003 SP2 (86%), Microsoft Windows XP SP3 (86%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=138 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- TRACEROUTE
- HOP RTT ADDRESS
- 1 88.36 ms 10.11.1.14
- Nmap scan report for 10.11.1.22
- Host is up (0.089s latency).
- Not shown: 989 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp?
- |_ftp-bounce: no banner
- 22/tcp open ssh OpenSSH 3.1p1 (protocol 1.99)
- | ssh-hostkey:
- | 1024 4a:e3:f8:07:d5:d6:b1:b5:bf:54:ac:e7:17:36:7e:e8 (RSA1)
- | 1024 77:67:f2:2c:3d:7c:45:24:fe:5e:0f:de:07:65:b3:57 (DSA)
- |_ 1024 42:b1:48:0b:41:f8:a9:12:cc:9b:c4:ed:26:74:64:2c (RSA)
- |_sshv1: Server supports SSHv1
- 23/tcp open telnet?
- 25/tcp open smtp?
- |_smtp-commands: Couldn't establish connection on port 25
- 80/tcp open http Apache httpd 1.3.23 ((Unix) (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2)
- | http-methods:
- | Supported Methods: GET HEAD POST PUT DELETE CONNECT OPTIONS PATCH PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK TRACE
- |_ Potentially risky methods: PUT DELETE CONNECT PATCH PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK TRACE
- |_http-server-header: Apache/1.3.23 (Unix) (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2
- |_http-title: Test Page for the Apache Web Server on Red Hat Linux
- 111/tcp open rpcbind 2 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2 111/tcp rpcbind
- | 100000 2 111/udp rpcbind
- | 100024 1 32768/tcp status
- |_ 100024 1 32768/udp status
- 139/tcp open netbios-ssn Samba smbd (workgroup: MYGROUP)
- 199/tcp open smux Linux SNMP multiplexer
- 443/tcp open ssl/http Apache httpd 1.3.23 ((Unix) (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2)
- | http-methods:
- | Supported Methods: GET HEAD POST PUT DELETE CONNECT OPTIONS PATCH PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK TRACE
- |_ Potentially risky methods: PUT DELETE CONNECT PATCH PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK TRACE
- |_http-server-header: Apache/1.3.23 (Unix) (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2
- |_http-title: Test Page for the Apache Web Server on Red Hat Linux
- | ssl-cert: Subject: commonName=MAILMAN/organizationName=ACME LOCAL LTD/stateOrProvinceName=Berkshire/countryName=GB
- | Issuer: commonName=MAILMAN/organizationName=ACME LOCAL LTD/stateOrProvinceName=Berkshire/countryName=GB
- | Public Key type: rsa
- | Public Key bits: 1024.0
- | Signature Algorithm: md5WithRSAEncryption
- | Not valid before: 2007-01-16T14:44:50
- | Not valid after: 2008-01-16T14:44:50
- | MD5: 041d df8f a600 c4b9 fb3c 281f 3c2c 6da1
- |_SHA-1: 4ea5 cdab 2740 5a09 001f d6ba 4c07 9edb 48d4 e6f2
- |_ssl-date: 2017-02-13T19:08:57+00:00; -4h58m55s from scanner time.
- | sslv2:
- | SSLv2 supported
- | ciphers:
- | SSL2_RC4_128_WITH_MD5
- | SSL2_RC4_64_WITH_MD5
- | SSL2_DES_64_CBC_WITH_MD5
- | SSL2_DES_192_EDE3_CBC_WITH_MD5
- | SSL2_RC4_128_EXPORT40_WITH_MD5
- | SSL2_RC2_128_CBC_WITH_MD5
- |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
- 995/tcp open ssl/pop3 UW Imap pop3d 2001.78rh
- |_pop3-capabilities: TOP USER UIDL LOGIN-DELAY(180) SASL(PLAIN LOGIN)
- | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
- | Issuer: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
- | Public Key type: rsa
- | Public Key bits: 1024.0
- | Signature Algorithm: md5WithRSAEncryption
- | Not valid before: 2007-01-16T06:13:33
- | Not valid after: 2008-01-16T06:13:33
- | MD5: 6e46 a2b0 0859 d753 80b8 f1ee 4efb 2cc0
- |_SHA-1: 83f3 1bf8 c796 8775 b94b 7f01 7eb6 c9c0 5f90 3d19
- |_ssl-date: 2017-02-13T19:08:21+00:00; -4h58m55s from scanner time.
- | sslv2:
- | SSLv2 supported
- | ciphers:
- | SSL2_RC4_128_WITH_MD5
- | SSL2_DES_192_EDE3_CBC_WITH_MD5
- | SSL2_RC4_128_EXPORT40_WITH_MD5
- | SSL2_RC2_128_CBC_WITH_MD5
- |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
- 32768/tcp open status 1 (RPC #100024)
- MAC Address: 00:50:56:89:0A:08 (VMware)
- Device type: WAP|general purpose|router|specialized|switch|media device|broadband router
- Running (JUST GUESSING): Acorp embedded (94%), Linux 2.4.X|2.6.X (94%), Meru embedded (94%), AVM embedded (93%), Google embedded (93%), HP embedded (93%), Philips embedded (93%), Motorola embedded (93%)
- OS CPE: cpe:/o:linux:linux_kernel:2.4.17 cpe:/h:avm:fritz%21box_fon_wlan_7170 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.6.18 cpe:/h:motorola:surfboard_sb6120 cpe:/h:motorola:surfboard_sb6141
- Aggressive OS guesses: Acorp W400G or W422G wireless ADSL modem (MontaVista embedded Linux 2.4.17) (94%), MontaVista embedded Linux 2.4.17 (94%), Meru MC1000 wireless LAN controller (94%), AVM FRITZ!Box FON WLAN 7170 WAP (93%), Google Mini search appliance (93%), HP Brocade 4Gb SAN switch or (93%), Linux 2.4.20 (93%), Linux 2.4.21 (embedded) (93%), Motorola SURFboard SB6120 or SB6141 cable modem (Linux 2.6.18) (93%), Linux 2.6.15 - 2.6.26 (likely embedded) (93%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 0.004 days (since Mon Feb 13 16:05:49 2017)
- Network Distance: 1 hop
- Service Info: Host: barry.thinc.local; OS: Linux; CPE: cpe:/o:linux:linux_kernel
- Host script results:
- |_clock-skew: mean: -4h58m55s, deviation: 0s, median: -4h58m55s
- | nbstat: NetBIOS name: BARRY, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
- | Names:
- | BARRY<00> Flags: <unique><active>
- | BARRY<03> Flags: <unique><active>
- | BARRY<20> Flags: <unique><active>
- | \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
- | MYGROUP<00> Flags: <group><active>
- | MYGROUP<1d> Flags: <unique><active>
- |_ MYGROUP<1e> Flags: <group><active>
- TRACEROUTE
- HOP RTT ADDRESS
- 1 88.81 ms 10.11.1.22
- Nmap scan report for 10.11.1.24
- Host is up (0.100s latency).
- Not shown: 992 closed ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)
- | ssh-hostkey:
- | 1024 f3:6e:87:04:ea:2d:b3:60:ff:42:ad:26:67:17:94:d5 (DSA)
- |_ 2048 bb:03:ce:ed:13:f1:9a:9e:36:03:e2:af:ca:b2:35:04 (RSA)
- 80/tcp open http Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6)
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6
- |_http-title: CS-Cart. Powerful PHP shopping cart software
- 110/tcp open pop3 Dovecot pop3d
- |_pop3-capabilities: PIPELINING STLS UIDL RESP-CODES TOP CAPA SASL
- | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Issuer: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Public Key type: rsa
- | Public Key bits: 1024.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2008-04-25T02:02:48
- | Not valid after: 2008-05-25T02:02:48
- | MD5: 90db 2a9a 2d86 29dc f047 d19d c636 9c8e
- |_SHA-1: 1bde 08b6 86fc 9892 33c9 7bd4 0125 c572 5b32 d829
- |_ssl-date: 2017-02-13T15:57:01+00:00; -8h10m59s from scanner time.
- | sslv2:
- | SSLv2 supported
- | ciphers:
- | SSL2_RC4_128_WITH_MD5
- | SSL2_DES_192_EDE3_CBC_WITH_MD5
- | SSL2_RC4_128_EXPORT40_WITH_MD5
- | SSL2_RC2_128_CBC_WITH_MD5
- |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
- 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: MSHOME)
- 143/tcp open imap Dovecot imapd
- |_imap-capabilities: SORT OK completed IMAP4rev1 UNSELECT Capability MULTIAPPEND STARTTLS LITERAL+ LOGINDISABLEDA0001 IDLE THREAD=REFERENCES LOGIN-REFERRALS CHILDREN NAMESPACE SASL-IR
- | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Issuer: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Public Key type: rsa
- | Public Key bits: 1024.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2008-04-25T02:02:48
- | Not valid after: 2008-05-25T02:02:48
- | MD5: 90db 2a9a 2d86 29dc f047 d19d c636 9c8e
- |_SHA-1: 1bde 08b6 86fc 9892 33c9 7bd4 0125 c572 5b32 d829
- |_ssl-date: 2017-02-13T15:55:45+00:00; -8h10m59s from scanner time.
- | sslv2:
- | SSLv2 supported
- | ciphers:
- | SSL2_RC4_128_WITH_MD5
- | SSL2_DES_192_EDE3_CBC_WITH_MD5
- | SSL2_RC4_128_EXPORT40_WITH_MD5
- | SSL2_RC2_128_CBC_WITH_MD5
- |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
- 445/tcp open netbios-ssn Samba smbd 3.0.26a (workgroup: MSHOME)
- 993/tcp open ssl/imap Dovecot imapd
- |_imap-capabilities: CAPABILITY
- | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Issuer: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Public Key type: rsa
- | Public Key bits: 1024.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2008-04-25T02:02:48
- | Not valid after: 2008-05-25T02:02:48
- | MD5: 90db 2a9a 2d86 29dc f047 d19d c636 9c8e
- |_SHA-1: 1bde 08b6 86fc 9892 33c9 7bd4 0125 c572 5b32 d829
- |_ssl-date: 2017-02-13T15:55:59+00:00; -8h10m58s from scanner time.
- | sslv2:
- | SSLv2 supported
- | ciphers:
- | SSL2_RC4_128_WITH_MD5
- | SSL2_DES_192_EDE3_CBC_WITH_MD5
- | SSL2_RC4_128_EXPORT40_WITH_MD5
- | SSL2_RC2_128_CBC_WITH_MD5
- |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
- 995/tcp open ssl/pop3 Dovecot pop3d
- | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Issuer: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
- | Public Key type: rsa
- | Public Key bits: 1024.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2008-04-25T02:02:48
- | Not valid after: 2008-05-25T02:02:48
- | MD5: 90db 2a9a 2d86 29dc f047 d19d c636 9c8e
- |_SHA-1: 1bde 08b6 86fc 9892 33c9 7bd4 0125 c572 5b32 d829
- |_ssl-date: 2017-02-13T15:56:49+00:00; -8h10m59s from scanner time.
- | sslv2:
- | SSLv2 supported
- | ciphers:
- | SSL2_RC4_128_WITH_MD5
- | SSL2_DES_192_EDE3_CBC_WITH_MD5
- | SSL2_RC4_128_EXPORT40_WITH_MD5
- | SSL2_RC2_128_CBC_WITH_MD5
- |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
- MAC Address: 00:50:56:89:1D:48 (VMware)
- Device type: general purpose|remote management|WAP|specialized|print server|switch|media device|printer
- Running (JUST GUESSING): Linux 2.6.X|2.4.X (95%), Dell embedded (94%), AVM embedded (93%), Google embedded (93%), HP embedded (93%), Philips embedded (93%), Kyocera embedded (93%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:dell:remote_access_card:6 cpe:/h:avm:fritz%21box_fon_wlan_7170 cpe:/h:kyocera:cs_255 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.4.21
- Aggressive OS guesses: Linux 2.6.22 (95%), Dell Remote Access Controller (DRAC 6) (94%), Dell Integrated Remote Access Controller (iDRAC) (94%), DD-WRT v24-presp2 (Linux 2.6.34) (94%), AVM FRITZ!Box FON WLAN 7170 WAP (93%), Dell Integrated Remote Access Controller (iDRAC9) (93%), Dell Remote Access Controller 5/I (DRAC 5/I) (93%), Google Mini search appliance (93%), HP 4200 PSA (Print Server Appliance) model J4117A (93%), HP Brocade 4Gb SAN switch or (93%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 0.088 days (since Mon Feb 13 14:05:45 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=223 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- Host script results:
- |_clock-skew: mean: -8h10m59s, deviation: 0s, median: -8h10m59s
- | nbstat: NetBIOS name: PAYDAY, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
- | Names:
- | PAYDAY<00> Flags: <unique><active>
- | PAYDAY<03> Flags: <unique><active>
- | PAYDAY<20> Flags: <unique><active>
- | \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
- | MSHOME<1d> Flags: <unique><active>
- | MSHOME<1e> Flags: <group><active>
- |_ MSHOME<00> Flags: <group><active>
- | smb-os-discovery:
- | OS: Unix (Samba 3.0.26a)
- | Computer name: payday
- | NetBIOS computer name:
- | Domain name:
- | FQDN: payday
- |_ System time: 2017-02-13T10:57:07-05:00
- | smb-security-mode:
- | account_used: <blank>
- | authentication_level: user
- | challenge_response: supported
- |_ message_signing: disabled (dangerous, but default)
- |_smbv2-enabled: Server doesn't support SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 99.85 ms 10.11.1.24
- Nmap scan report for 10.11.1.31
- Host is up (0.087s latency).
- Not shown: 993 closed ports
- PORT STATE SERVICE VERSION
- 80/tcp open http Microsoft IIS httpd 6.0
- | http-methods:
- | Supported Methods: OPTIONS TRACE GET HEAD POST
- |_ Potentially risky methods: TRACE
- |_http-server-header: Microsoft-IIS/6.0
- |_http-title: Login
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
- 445/tcp open microsoft-ds Windows Server 2003 3790 Service Pack 1 microsoft-ds
- 1025/tcp open msrpc Microsoft Windows RPC
- 1433/tcp open ms-sql-s Microsoft SQL Server 2000 8.00.766.00; SP3a
- | ms-sql-ntlm-info:
- |_ Product_Version: 5.2.3790
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- MAC Address: 00:50:56:89:12:79 (VMware)
- Device type: general purpose|media device|specialized
- Running (JUST GUESSING): Microsoft Windows 2003|XP|PocketPC/CE|2000 (94%), Motorola embedded (89%), Beat embedded (85%)
- OS CPE: cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_ce:5.0 cpe:/h:motorola:vip1216 cpe:/o:microsoft:windows_ce cpe:/o:microsoft:windows_2000::sp4
- Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (94%), Microsoft Windows XP SP3 (93%), Microsoft Windows Server 2003 SP0 - SP2 (91%), Microsoft Windows Server 2003 SP1 or SP2 (91%), Microsoft Windows 2003 (90%), Microsoft Windows Server 2003 SP1 (90%), Microsoft Windows Server 2003 (89%), Microsoft Windows Server 2003 SP0 or Windows XP SP2 (89%), Microsoft Windows XP Professional SP3 (89%), Microsoft Windows XP SP2 (89%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=263 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2003
- Host script results:
- |_clock-skew: mean: -8h58m38s, deviation: 0s, median: -8h58m38s
- | ms-sql-info:
- | Windows server name: RALPH
- | 10.11.1.31\MSSQLSERVER:
- | Instance name: MSSQLSERVER
- | Version:
- | Service pack level: SP3a
- | Product: Microsoft SQL Server 2000
- | name: Microsoft SQL Server 2000 SP3a
- | number: 8.00.766.00
- | Post-SP patches applied: false
- | TCP port: 1433
- | Named pipe: \\10.11.1.31\pipe\sql\query
- |_ Clustered: false
- | nbstat: NetBIOS name: RALPH, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:12:79 (VMware)
- | Names:
- | RALPH<00> Flags: <unique><active>
- | THINC<00> Flags: <group><active>
- | RALPH<1f> Flags: <unique><active>
- | RALPH<03> Flags: <unique><active>
- | RALPH<20> Flags: <unique><active>
- | THINC<1e> Flags: <group><active>
- | THINC<1d> Flags: <unique><active>
- |_ \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
- | smb-os-discovery:
- | OS: Windows Server 2003 3790 Service Pack 1 (Windows Server 2003 5.2)
- | OS CPE: cpe:/o:microsoft:windows_server_2003::sp1
- | Computer name: ralph
- | NetBIOS computer name: RALPH
- | Workgroup: THINC
- |_ System time: 2017-02-13T09:09:28-06:00
- | smb-security-mode:
- | account_used: guest
- | authentication_level: user
- | challenge_response: supported
- |_ message_signing: disabled (dangerous, but default)
- |_smbv2-enabled: Server doesn't support SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 86.96 ms 10.11.1.31
- Nmap scan report for 10.11.1.35
- Host is up (0.090s latency).
- Not shown: 997 filtered ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
- | ssh-hostkey:
- | 1024 ab:a7:86:a8:a0:39:c6:0a:81:0b:f9:ae:6f:4b:51:79 (DSA)
- |_ 2048 8b:a5:11:b8:ca:75:9e:8c:a7:17:2c:a3:c9:90:1e:87 (RSA)
- 443/tcp open ssl/http Apache httpd 2.2.3 ((CentOS))
- | http-methods:
- | Supported Methods: GET HEAD POST OPTIONS TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Apache/2.2.3 (CentOS)
- |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
- | ssl-cert: Subject: commonName=pain/organizationName=Thinc LTD/stateOrProvinceName=Pain/countryName=US
- | Issuer: commonName=pain/organizationName=Thinc LTD/stateOrProvinceName=Pain/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2016-01-07T12:46:17
- | Not valid after: 2017-01-06T12:46:17
- | MD5: f06b 588b f6f3 94f7 26bc 151f 8144 add9
- |_SHA-1: d276 955d 1b77 454c 3ca0 7f8e b965 01f7 c271 e0d3
- |_ssl-date: 2017-02-13T15:19:11+00:00; -8h48m19s from scanner time.
- 631/tcp closed ipp
- MAC Address: 00:50:56:89:7B:53 (VMware)
- Device type: firewall|general purpose|proxy server|WAP|PBX|media device
- Running (JUST GUESSING): Linux 2.6.X (93%), Cisco embedded (93%), Riverbed embedded (93%), Ruckus embedded (91%), FreeBSD 6.X (89%), Sony embedded (89%), AVM embedded (88%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/h:cisco:sa520 cpe:/o:linux:linux_kernel:2.6.9 cpe:/h:riverbed:steelhead_200 cpe:/h:ruckus:7363 cpe:/h:cisco:uc320w cpe:/o:freebsd:freebsd:6.2 cpe:/h:avm:fritz%21box_fon_wlan_7170
- Aggressive OS guesses: Cisco SA520 firewall (Linux 2.6) (93%), Linux 2.6.9 (CentOS 4.4) (93%), Linux 2.6.9 - 2.6.27 (93%), Riverbed Steelhead 200 proxy server (93%), Linux 2.6.9 (93%), Linux 2.6.30 (92%), Ruckus 7363 WAP (91%), Linux 2.6.11 (90%), Linux 2.6.28 (90%), Linux 2.6.32 (90%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 1.019 days (since Sun Feb 12 15:44:58 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=206 (Good luck!)
- IP ID Sequence Generation: All zeros
- Host script results:
- |_clock-skew: mean: -8h48m19s, deviation: 0s, median: -8h48m19s
- TRACEROUTE
- HOP RTT ADDRESS
- 1 89.81 ms 10.11.1.35
- Nmap scan report for 10.11.1.39
- Host is up (0.091s latency).
- Not shown: 997 filtered ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 6.6.1 (protocol 2.0)
- | ssh-hostkey:
- | 2048 5e:c1:7e:d2:f9:20:f9:11:ea:4b:02:68:07:3f:54:f2 (RSA)
- |_ 256 36:ef:27:31:a2:fd:4a:e3:d2:4e:12:58:1f:7a:03:58 (ECDSA)
- 80/tcp open http nginx 1.6.3
- | http-methods:
- | Supported Methods: OPTIONS GET HEAD POST TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: nginx/1.6.3
- |_http-title: Apache HTTP Server Test Page powered by CentOS
- 3306/tcp open mysql MariaDB (unauthorized)
- MAC Address: 00:50:56:89:46:40 (VMware)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose
- Running (JUST GUESSING): Linux 3.X|2.6.X|4.X (91%)
- OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:4
- Aggressive OS guesses: Linux 3.10 - 3.12 (91%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 (86%), Linux 3.10 - 4.1 (85%), Linux 3.11 - 4.1 (85%), Linux 3.2 - 4.4 (85%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 0.111 days (since Mon Feb 13 13:32:19 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=258 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE
- HOP RTT ADDRESS
- 1 90.82 ms 10.11.1.39
- Nmap scan report for 10.11.1.44
- Host is up (0.092s latency).
- Not shown: 998 closed ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu7 (Ubuntu Linux; protocol 2.0)
- | ssh-hostkey:
- | 1024 65:63:69:c9:8b:96:b1:fb:be:d5:5c:f8:1e:7b:de:8f (DSA)
- |_ 2048 28:99:c0:51:20:9b:31:e1:a4:fb:9a:17:46:52:cf:fc (RSA)
- 8000/tcp open ssl/http Rocket httpd 1.2.6 (Python 2.6.5)
- |_http-favicon: Unknown favicon MD5: E16917BAD986E06AECDA858806BC9AA8
- |_http-generator: Web2py Web Framework
- | http-methods:
- |_ Supported Methods: GET HEAD OPTIONS
- | http-robots.txt: 1 disallowed entry
- |_/welcome/default/user
- |_http-server-header: Rocket 1.2.6 Python/2.6.5
- |_http-title: CSC438 - Issue Tracker Project
- | ssl-cert: Subject: commonName=Tricia Admin/organizationName=Thinc/stateOrProvinceName=NY/countryName=US
- | Issuer: commonName=Tricia Admin/organizationName=Thinc/stateOrProvinceName=NY/countryName=US
- | Public Key type: rsa
- | Public Key bits: 2048.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2013-08-17T11:55:25
- | Not valid after: 2014-08-17T11:55:25
- | MD5: c935 c83b 4df2 eda0 75d2 cbc7 5db6 2987
- |_SHA-1: 9daf e8a2 b91b f0bd ad4a b796 e41b 389f 9507 ffec
- | sslv2:
- | SSLv2 supported
- | ciphers:
- | SSL2_RC4_128_WITH_MD5
- | SSL2_DES_64_CBC_WITH_MD5
- | SSL2_DES_192_EDE3_CBC_WITH_MD5
- | SSL2_RC4_128_EXPORT40_WITH_MD5
- | SSL2_RC2_128_CBC_WITH_MD5
- |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
- MAC Address: 00:50:56:89:7B:11 (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=35706%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=FD%GCD=1%ISR=105%TI=Z%II=I%TS
- OS:=8)SEQ(SP=105%GCD=1%ISR=108%TI=Z%TS=8)OPS(O1=M529ST11NW6%O2=M529ST11NW6%
- OS:O3=M529NNT11NW6%O4=M529ST11NW6%O5=M529ST11NW6%O6=M529ST11)WIN(W1=16A0%W2
- OS:=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0%O=M529NNS
- OS:NW6%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)
- OS:T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%
- OS:T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD
- OS:=S)
- Uptime guess: 0.390 days (since Mon Feb 13 06:50:16 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- TRACEROUTE
- HOP RTT ADDRESS
- 1 91.98 ms 10.11.1.44
- Nmap scan report for 10.11.1.49
- Host is up (0.090s latency).
- Not shown: 996 filtered ports
- PORT STATE SERVICE VERSION
- 80/tcp open http Microsoft IIS httpd 8.5
- |_http-favicon: Unknown favicon MD5: B6341DFC213100C61DB4FB8775878CEC
- |_http-generator: Drupal 7 (http://drupal.org)
- | http-methods:
- | Supported Methods: OPTIONS TRACE GET HEAD POST
- |_ Potentially risky methods: TRACE
- | http-robots.txt: 36 disallowed entries (15 shown)
- | /includes/ /misc/ /modules/ /profiles/ /scripts/
- | /themes/ /CHANGELOG.txt /cron.php /INSTALL.mysql.txt
- | /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php /INSTALL.txt
- |_/LICENSE.txt /MAINTAINERS.txt
- |_http-server-header: Microsoft-IIS/8.5
- |_http-title: Welcome to Bethany's Page | Bethany's Page
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
- 49155/tcp open msrpc Microsoft Windows RPC
- MAC Address: 00:50:56:89:38:F6 (VMware)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|phone|specialized
- Running (JUST GUESSING): Microsoft Windows 8|Phone|2008|8.1|7|Vista|2012 (92%)
- OS CPE: cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2012
- Aggressive OS guesses: Microsoft Windows 8.1 Update 1 (92%), Microsoft Windows Phone 7.5 or 8.0 (92%), Microsoft Windows Server 2008 R2 (91%), Microsoft Windows Server 2008 R2 or Windows 8.1 (91%), Microsoft Windows Server 2008 R2 SP1 or Windows 8 (91%), Microsoft Windows 7 (91%), Microsoft Windows 7 Professional or Windows 8 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 R2 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 SP2 or 2008 R2 SP1 (91%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (91%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 1.048 days (since Sun Feb 12 15:03:12 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=256 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- TRACEROUTE
- HOP RTT ADDRESS
- 1 90.10 ms 10.11.1.49
- Nmap scan report for 10.11.1.50
- Host is up (0.090s latency).
- Not shown: 996 filtered ports
- PORT STATE SERVICE VERSION
- 80/tcp open http Microsoft IIS httpd 8.5
- |_http-favicon: Unknown favicon MD5: B6341DFC213100C61DB4FB8775878CEC
- |_http-generator: Drupal 7 (http://drupal.org)
- | http-methods:
- | Supported Methods: OPTIONS TRACE GET HEAD POST
- |_ Potentially risky methods: TRACE
- | http-robots.txt: 36 disallowed entries (15 shown)
- | /includes/ /misc/ /modules/ /profiles/ /scripts/
- | /themes/ /CHANGELOG.txt /cron.php /INSTALL.mysql.txt
- | /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php /INSTALL.txt
- |_/LICENSE.txt /MAINTAINERS.txt
- |_http-server-header: Microsoft-IIS/8.5
- |_http-title: Welcome to Bethany's Page | Bethany's Page
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
- 49155/tcp open msrpc Microsoft Windows RPC
- MAC Address: 00:50:56:89:0F:DC (VMware)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|phone|specialized
- Running (JUST GUESSING): Microsoft Windows 8|Phone|2008|8.1|7|Vista|2012 (92%)
- OS CPE: cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2012
- Aggressive OS guesses: Microsoft Windows 8.1 Update 1 (92%), Microsoft Windows Phone 7.5 or 8.0 (92%), Microsoft Windows Server 2008 R2 (91%), Microsoft Windows Server 2008 R2 or Windows 8.1 (91%), Microsoft Windows Server 2008 R2 SP1 or Windows 8 (91%), Microsoft Windows 7 (91%), Microsoft Windows 7 Professional or Windows 8 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 R2 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 SP2 or 2008 R2 SP1 (91%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (91%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 4.427 days (since Thu Feb 9 05:56:38 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=264 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- TRACEROUTE
- HOP RTT ADDRESS
- 1 90.33 ms 10.11.1.50
- Nmap scan report for 10.11.1.71
- Host is up (0.093s latency).
- Not shown: 998 closed ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh?
- 80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: Apache/2.4.7 (Ubuntu)
- | http-title: Trees of Large Sizes
- |_Requested resource was site/index.php/
- 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
- SF-Port22-TCP:V=7.25BETA2%I=7%D=2/13%Time=58A248CA%P=i686-pc-linux-gnu%r(N
- SF:ULL,7A0,"Usage:\x20useradd\x20\[options\]\x20LOGIN\n\x20\x20\x20\x20\x2
- SF:0\x20\x20useradd\x20-D\n\x20\x20\x20\x20\x20\x20\x20useradd\x20-D\x20\[
- SF:options\]\n\nOptions:\n\x20\x20-b,\x20--base-dir\x20BASE_DIR\x20\x20\x2
- SF:0\x20\x20\x20\x20base\x20directory\x20for\x20the\x20home\x20directory\x
- SF:20of\x20the\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
- SF:20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20n
- SF:ew\x20account\n\x20\x20-c,\x20--comment\x20COMMENT\x20\x20\x20\x20\x20\
- SF:x20\x20\x20\x20GECOS\x20field\x20of\x20the\x20new\x20account\n\x20\x20-
- SF:d,\x20--home-dir\x20HOME_DIR\x20\x20\x20\x20\x20\x20\x20home\x20directo
- SF:ry\x20of\x20the\x20new\x20account\n\x20\x20-D,\x20--defaults\x20\x20\x2
- SF:0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20print\x20or\x20cha
- SF:nge\x20default\x20useradd\x20configuration\n\x20\x20-e,\x20--expiredate
- SF:\x20EXPIRE_DATE\x20\x20expiration\x20date\x20of\x20the\x20new\x20accoun
- SF:t\n\x20\x20-f,\x20--inactive\x20INACTIVE\x20\x20\x20\x20\x20\x20\x20pas
- SF:sword\x20inactivity\x20period\x20of\x20the\x20new\x20account\n\x20\x20-
- SF:g,\x20--gid\x20GROUP\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
- SF:0\x20\x20name\x20or\x20ID\x20of\x20the\x20primary\x20group\x20of\x20the
- SF:\x20new\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
- SF:20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20accou
- SF:nt\n\x20\x20-G,\x20--groups\x20GROUPS\x20\x20\x20\x20\x20\x20\x20\x20\x
- SF:20\x20\x20list\x20of\x20supplementary\x20groups\x20of\x20the\x20new\n\x
- SF:20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
- SF:x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20account\n\x20\x2
- SF:0-h,\x20--help\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
- SF:x20\x20\x20\x20\x20\x20display\x20this\x20help\x20message\x20and\x20exi
- SF:t\n\x20\x20-k,\x20--skel\x20SKEL_DIR\x20\x20\x20\x20\x20\x20\x20\x20\x2
- SF:0\x20\x20use\x20this\x20alter");
- MAC Address: 00:50:56:89:47:97 (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=40763%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=FF%GCD=1%ISR=10E%TI=Z%II=I%TS
- OS:=8)SEQ(SP=F8%GCD=1%ISR=110%TI=Z%TS=8)OPS(O1=M529ST11NW7%O2=M529ST11NW7%O
- OS:3=M529NNT11NW7%O4=M529ST11NW7%O5=M529ST11NW7%O6=M529ST11)WIN(W1=7120%W2=
- OS:7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M529NNSN
- OS:W7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T
- OS:5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T
- OS:=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=
- OS:S)
- Uptime guess: 0.218 days (since Mon Feb 13 10:58:07 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=250 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE
- HOP RTT ADDRESS
- 1 92.52 ms 10.11.1.71
- Nmap scan report for 10.11.1.72
- Host is up (0.092s latency).
- Not shown: 993 closed ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 5.8p1 Debian 7ubuntu1 (Ubuntu Linux; protocol 2.0)
- | ssh-hostkey:
- | 1024 d3:2e:10:0d:48:90:ce:9a:33:fb:66:3f:a0:a6:94:48 (DSA)
- | 2048 ef:0a:3b:8e:3f:92:a4:5e:f0:ab:e7:7d:75:f0:de:0e (RSA)
- |_ 256 15:3a:65:3b:97:ed:e0:fc:85:bc:4b:53:48:22:61:b1 (ECDSA)
- 25/tcp open smtp JAMES smtpd 2.3.2
- |_smtp-commands: beta Hello nmap.scanme.org (10.11.0.208 [10.11.0.208]),
- 80/tcp open http Apache httpd 2.2.20 ((Ubuntu))
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: Apache/2.2.20 (Ubuntu)
- |_http-title: Site doesn't have a title (text/html).
- 110/tcp open pop3 JAMES pop3d 2.3.2
- 111/tcp open rpcbind 2-4 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2,3,4 111/tcp rpcbind
- | 100000 2,3,4 111/udp rpcbind
- | 100003 2,3,4 2049/tcp nfs
- | 100003 2,3,4 2049/udp nfs
- | 100005 1,2,3 38990/tcp mountd
- | 100005 1,2,3 41335/udp mountd
- | 100021 1,3,4 38943/tcp nlockmgr
- | 100021 1,3,4 49563/udp nlockmgr
- | 100024 1 50349/tcp status
- | 100024 1 51992/udp status
- | 100227 2,3 2049/tcp nfs_acl
- |_ 100227 2,3 2049/udp nfs_acl
- 119/tcp open nntp JAMES nntpd (posting ok)
- 2049/tcp open nfs_acl 2-3 (RPC #100227)
- MAC Address: 00:50:56:89:58:22 (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=34169%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=10D%TI=Z%II=I%T
- OS:S=8)SEQ(SP=101%GCD=1%ISR=10F%TI=Z%TS=8)OPS(O1=M529ST11NW4%O2=M529ST11NW4
- OS:%O3=M529NNT11NW4%O4=M529ST11NW4%O5=M529ST11NW4%O6=M529ST11)WIN(W1=3890%W
- OS:2=3890%W3=3890%W4=3890%W5=3890%W6=3890)ECN(R=Y%DF=Y%T=40%W=3908%O=M529NN
- OS:SNW4%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N
- OS:)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N
- OS:%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%C
- OS:D=S)
- Uptime guess: 0.423 days (since Mon Feb 13 06:02:09 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=257 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: Host: beta; OS: Linux; CPE: cpe:/o:linux:linux_kernel
- TRACEROUTE
- HOP RTT ADDRESS
- 1 92.02 ms 10.11.1.72
- Nmap scan report for 10.11.1.73
- Host is up (0.11s latency).
- Not shown: 981 filtered ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
- 445/tcp open microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
- 554/tcp open rtsp?
- 1100/tcp open mctp?
- 2869/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- 3306/tcp open mysql?
- |_mysql-info: ERROR: Script execution failed (use -d to debug)
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- | ssl-cert: Subject: commonName=gamma
- | Issuer: commonName=gamma
- | Public Key type: rsa
- | Public Key bits: 2048.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2017-02-12T06:29:38
- | Not valid after: 2017-08-14T06:29:38
- | MD5: bb9b a25f 0c8e 2b07 2faf ce6a 8d4d d330
- |_SHA-1: 72a4 0440 c132 361b 13e0 ff06 1465 7b9c a38a 4b2b
- |_ssl-date: 2017-02-13T15:07:54+00:00; -8h58m38s from scanner time.
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-server-header: Microsoft-HTTPAPI/2.0
- |_http-title: Service Unavailable
- 5800/tcp open http-proxy sslstrip
- | http-methods:
- |_ Supported Methods: GET
- |_http-title: TightVNC desktop [gamma]
- 5900/tcp open vnc VNC (protocol 3.8)
- | vnc-info:
- | Protocol version: 3.8
- | Security types:
- | VNC Authentication (2)
- | Tight (16)
- | Tight auth subtypes:
- |_ STDV VNCAUTH_ (2)
- 8080/tcp open http Apache httpd 2.4.9 ((Win32) PHP/5.5.12)
- |_http-favicon: Unknown favicon MD5: 79E32EEA338FA735AD22D36104C4337A
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-open-proxy: Proxy might be redirecting requests
- | http-robots.txt: 1 disallowed entry
- |_/testmysql.php
- |_http-server-header: Apache/2.4.9 (Win32) PHP/5.5.12
- |_http-title: Site doesn't have a title (text/html).
- 10243/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-server-header: Microsoft-HTTPAPI/2.0
- |_http-title: Not Found
- 49152/tcp open msrpc Microsoft Windows RPC
- 49153/tcp open msrpc Microsoft Windows RPC
- 49154/tcp open msrpc Microsoft Windows RPC
- 49155/tcp open msrpc Microsoft Windows RPC
- 49156/tcp open msrpc Microsoft Windows RPC
- 49157/tcp open unknown
- MAC Address: 00:50:56:89:13:B3 (VMware)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|phone|specialized
- Running (JUST GUESSING): Microsoft Windows 2008|Vista|7|Phone|8.1|2012 (91%)
- OS CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2012:r2
- Aggressive OS guesses: Microsoft Windows Server 2008 R2 SP1 or Windows 8 (91%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (91%), Microsoft Windows Server 2008 R2 (90%), Microsoft Windows 7 Professional or Windows 8 (90%), Microsoft Windows 7 SP1 or Windows Server 2008 SP2 or 2008 R2 SP1 (90%), Microsoft Windows Vista SP2 (90%), Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008 (89%), Microsoft Windows 8.1 Update 1 (89%), Microsoft Windows Phone 7.5 or 8.0 (89%), Microsoft Windows Server 2008 R2 or Windows 8.1 (88%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 0.365 days (since Mon Feb 13 07:26:40 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=254 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: Host: GAMMA; OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- |_clock-skew: mean: -8h58m39s, deviation: 1s, median: -8h58m39s
- | nbstat: NetBIOS name: GAMMA, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:13:b3 (VMware)
- | Names:
- | GAMMA<00> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- | GAMMA<20> Flags: <unique><active>
- |_ WORKGROUP<1e> Flags: <group><active>
- | smb-os-discovery:
- | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
- | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
- | Computer name: gamma
- | NetBIOS computer name: GAMMA
- | Workgroup: WORKGROUP
- |_ System time: 2017-02-13T07:09:35-08:00
- | smb-security-mode:
- | account_used: guest
- | authentication_level: user
- | challenge_response: supported
- |_ message_signing: disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 110.46 ms 10.11.1.73
- Nmap scan report for 10.11.1.115
- Host is up (0.092s latency).
- Not shown: 989 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp vsftpd 1.1.3
- | ftp-anon: Anonymous FTP login allowed (FTP code 230)
- |_drwxr-xr-x 2 0 0 4096 Feb 28 2003 pub
- 22/tcp open ssh OpenSSH 3.5p1 (protocol 1.99)
- | ssh-hostkey:
- | 1024 36:70:a4:9f:32:47:ac:57:3f:ef:a1:ec:0b:ba:44:1b (RSA1)
- | 1024 64:79:7d:c6:a2:63:32:54:f0:d9:2b:f3:5d:c7:d2:69 (DSA)
- |_ 1024 48:fb:39:3d:30:82:50:de:66:69:c5:ca:45:62:c0:dc (RSA)
- |_sshv1: Server supports SSHv1
- 25/tcp open smtp?
- |_smtp-commands: Couldn't establish connection on port 25
- 80/tcp open http Apache httpd 2.0.40 ((Red Hat Linux))
- | http-methods:
- | Supported Methods: GET HEAD POST OPTIONS TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Apache/2.0.40 (Red Hat Linux)
- |_http-title: Test Page for the Apache Web Server on Red Hat Linux
- 111/tcp open rpcbind 2 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2 111/tcp rpcbind
- | 100000 2 111/udp rpcbind
- | 100024 1 32768/tcp status
- | 100024 1 32768/udp status
- |_ 391002 2 32769/tcp sgi_fam
- 139/tcp open netbios-ssn Samba smbd (workgroup: MYGROUP)
- 143/tcp open imap UW imapd 2001.315rh
- |_imap-capabilities: SORT SCAN completed MAILBOX-REFERRALS CAPABILITY MULTIAPPEND OK AUTH=LOGINA0001 STARTTLS IDLE THREAD=REFERENCES IMAP4REV1 LOGIN-REFERRALS THREAD=ORDEREDSUBJECT NAMESPACE
- | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
- | Issuer: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
- | Public Key type: rsa
- | Public Key bits: 1024.0
- | Signature Algorithm: md5WithRSAEncryption
- | Not valid before: 2007-01-16T06:07:45
- | Not valid after: 2008-01-16T06:07:45
- | MD5: 1be1 70c2 4561 74a1 f44e e3bf f085 614d
- |_SHA-1: 720d 54ef be48 1888 7d60 2aef f869 6756 fc10 ee89
- |_ssl-date: 2017-02-13T14:55:43+00:00; -9h12m22s from scanner time.
- 199/tcp open smux Linux SNMP multiplexer
- 443/tcp open ssl/http Apache httpd 2.0.40 ((Red Hat Linux))
- | http-methods:
- | Supported Methods: GET HEAD POST OPTIONS TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Apache/2.0.40 (Red Hat Linux)
- |_http-title: Test Page for the Apache Web Server on Red Hat Linux
- | ssl-cert: Subject: commonName=redhat/organizationName=ACME LOCAL LTD/stateOrProvinceName=Berkshire/countryName=GB
- | Issuer: commonName=redhat/organizationName=ACME LOCAL LTD/stateOrProvinceName=Berkshire/countryName=GB
- | Public Key type: rsa
- | Public Key bits: 1024.0
- | Signature Algorithm: md5WithRSAEncryption
- | Not valid before: 2007-01-16T14:54:43
- | Not valid after: 2008-01-16T14:54:43
- | MD5: e900 ada0 dfea 0408 06cd ddee 15fd 7d8b
- |_SHA-1: 3b9a 70e7 870e 11b8 a221 5af7 bae9 dd03 ce90 3cbc
- |_ssl-date: 2017-02-13T14:53:57+00:00; -9h12m23s from scanner time.
- | sslv2:
- | SSLv2 supported
- | ciphers:
- | SSL2_RC4_128_WITH_MD5
- | SSL2_RC4_64_WITH_MD5
- | SSL2_DES_64_CBC_WITH_MD5
- | SSL2_DES_192_EDE3_CBC_WITH_MD5
- | SSL2_RC4_128_EXPORT40_WITH_MD5
- | SSL2_RC2_128_CBC_WITH_MD5
- |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
- 3306/tcp open mysql MySQL (unauthorized)
- 32768/tcp open status 1 (RPC #100024)
- MAC Address: 00:50:56:89:77:BF (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=21%CT=1%CU=34563%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=CC%GCD=1%ISR=CE%TI=Z%II=I%TS=
- OS:7)SEQ(SP=CC%GCD=1%ISR=D0%TI=Z%TS=7)OPS(O1=M529ST11NW0%O2=M529ST11NW0%O3=
- OS:M529NNT11NW0%O4=M529ST11NW0%O5=M529ST11NW0%O6=M529ST11)WIN(W1=16A0%W2=16
- OS:A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0%O=M529NNSNW0
- OS:%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(
- OS:R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=4
- OS:0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
- Uptime guess: 0.110 days (since Mon Feb 13 13:33:23 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=203 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: Host: tophat.acme.local; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
- Host script results:
- |_clock-skew: mean: -9h12m23s, deviation: 1s, median: -9h12m23s
- | nbstat: NetBIOS name: TOPHAT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
- | Names:
- | TOPHAT<00> Flags: <unique><active>
- | TOPHAT<03> Flags: <unique><active>
- | TOPHAT<20> Flags: <unique><active>
- | MYGROUP<00> Flags: <group><active>
- |_ MYGROUP<1e> Flags: <group><active>
- TRACEROUTE
- HOP RTT ADDRESS
- 1 91.83 ms 10.11.1.115
- Nmap scan report for 10.11.1.116
- Host is up (0.091s latency).
- Not shown: 994 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp?
- |_ftp-bounce: no banner
- 22/tcp open ssh OpenSSH 5.8p2_hpn13v11 (FreeBSD 20110503; protocol 2.0)
- | ssh-hostkey:
- | 1024 75:e8:80:6f:6c:2f:d2:51:1a:d6:c9:9e:e4:a2:4c:2f (DSA)
- | 2048 28:43:26:62:1d:07:f9:e3:9f:0b:1a:94:98:1a:74:45 (RSA)
- |_ 256 50:2f:db:dd:1a:8e:22:23:f8:dc:7b:65:c9:fc:8e:df (ECDSA)
- 80/tcp open http Apache httpd 2.4.6 ((FreeBSD) PHP/5.4.23)
- | http-methods:
- | Supported Methods: GET HEAD POST OPTIONS TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Apache/2.4.6 (FreeBSD) PHP/5.4.23
- |_http-title: Site doesn't have a title (text/html).
- 110/tcp open tcpwrapped
- 143/tcp open tcpwrapped
- 3306/tcp open mysql MySQL (unauthorized)
- MAC Address: 00:50:56:89:6F:31 (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=21%CT=1%CU=32687%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=FB%GCD=2%ISR=109%TI=I%TS=21)O
- OS:PS(O1=M529NW6ST11%O2=M529NW6ST11%O3=M280NW6NNT11%O4=M529NW6ST11%O5=M218N
- OS:W6ST11%O6=M109ST11)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)E
- OS:CN(R=Y%DF=Y%T=40%W=FFFF%O=M529NW6SLL%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F
- OS:=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%R
- OS:D=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=40%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%R
- OS:UCK=G%RUD=G)IE(R=Y%DFI=S%T=40%CD=S)
- Uptime guess: 0.004 days (since Mon Feb 13 16:06:08 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=264 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: FreeBSD; CPE: cpe:/o:freebsd:freebsd
- TRACEROUTE
- HOP RTT ADDRESS
- 1 90.82 ms 10.11.1.116
- Nmap scan report for 10.11.1.125
- Host is up (0.092s latency).
- Not shown: 999 filtered ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Acritum Femitter Server ftpd
- | ftp-anon: Anonymous FTP login allowed (FTP code 230)
- | drw-rw-rw- 1 ftp ftp 0 Sep 23 2015 . [NSE: writeable]
- | drw-rw-rw- 1 ftp ftp 0 Sep 23 2015 .. [NSE: writeable]
- | -rw-rw-rw- 1 ftp ftp 11164 Dec 26 2006 house.jpg [NSE: writeable]
- | -rw-rw-rw- 1 ftp ftp 920 Jan 03 2007 index.htm [NSE: writeable]
- |_drw-rw-rw- 1 ftp ftp 0 Sep 23 2015 Upload [NSE: writeable]
- |_ftp-bounce: bounce working!
- MAC Address: 00:50:56:89:63:E6 (VMware)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: WAP|general purpose|media device
- Running (JUST GUESSING): Apple embedded (90%), Microsoft Windows XP|2003|2000 (89%), RIM Tablet OS 2.X (87%), FreeBSD 6.X (86%)
- OS CPE: cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2003::- cpe:/o:microsoft:windows_2000::sp4 cpe:/o:rim:tablet_os:2 cpe:/o:freebsd:freebsd:6.2
- Aggressive OS guesses: Apple AirPort Extreme WAP (90%), Microsoft Windows Server 2003 SP0 or Windows XP SP2 (89%), Microsoft Windows XP SP2 (89%), Microsoft Windows XP SP3 (89%), Microsoft Windows 2000 SP4 (88%), Microsoft Windows XP SP3 or Small Business Server 2003 (88%), Microsoft Windows XP Professional SP2 (French) (87%), BlackBerry Tablet OS 2 (87%), FreeBSD 6.2-RELEASE (86%), FreeBSD 6.3-RELEASE (86%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- TRACEROUTE
- HOP RTT ADDRESS
- 1 91.79 ms 10.11.1.125
- Nmap scan report for 10.11.1.128
- Host is up (0.091s latency).
- Not shown: 987 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Microsoft ftpd 5.0
- 25/tcp open smtp Microsoft ESMTP 5.0.2195.6713
- | smtp-commands: dj.acme.local Hello [10.11.0.208], AUTH GSSAPI NTLM LOGIN, AUTH=LOGIN, TURN, ATRN, SIZE 2097152, ETRN, PIPELINING, DSN, ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, OK,
- |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ATRN ETRN BDAT VRFY
- | smtp-ntlm-info:
- | Target_Name: DJ
- | NetBIOS_Domain_Name: DJ
- | NetBIOS_Computer_Name: DJ
- | DNS_Domain_Name: dj.acme.local
- | DNS_Computer_Name: dj.acme.local
- |_ Product_Version: 5.0.2195
- 80/tcp open http Microsoft IIS httpd 5.0
- | http-methods:
- | Supported Methods: OPTIONS TRACE GET HEAD POST
- |_ Potentially risky methods: TRACE
- |_http-server-header: Microsoft-IIS/5.0
- |_http-title: Login
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
- 443/tcp open https?
- 445/tcp open microsoft-ds Windows 2000 microsoft-ds
- 1025/tcp open msrpc Microsoft Windows RPC
- 1026/tcp open msrpc Microsoft Windows RPC
- 1029/tcp open msrpc Microsoft Windows RPC
- 3372/tcp open msdtc Microsoft Distributed Transaction Coordinator
- 5800/tcp open vnc-http TightVNC
- | http-methods:
- |_ Supported Methods: GET
- |_http-title: TightVNC desktop [dj]
- 5900/tcp open vnc VNC (protocol 3.8)
- | vnc-info:
- | Protocol version: 3.8
- | Security types:
- | VNC Authentication (2)
- | Tight (16)
- | Tight auth subtypes:
- |_ STDV VNCAUTH_ (2)
- MAC Address: 00:50:56:89:45:00 (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=21%CT=1%CU=34320%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=106%GCD=1%ISR=107%TI=I%TS=0)O
- OS:PS(O1=M529NW0NNT00NNS%O2=M529NW0NNT00NNS%O3=M529NW0NNT00%O4=M529NW0NNT00
- OS:NNS%O5=M529NW0NNT00NNS%O6=M529NNT00NNS)WIN(W1=FAF0%W2=FAF0%W3=FAF0%W4=FA
- OS:F0%W5=FAF0%W6=FAF0)ECN(R=Y%DF=Y%T=80%W=FAF0%O=M529NW0NNS%CC=N%Q=)T1(R=Y%
- OS:DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=N%T=80%W=
- OS:0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=80%IPL=38%UN=0%RI
- OS:PL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=S%T=80%CD=Z)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: Host: dj.acme.local; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_2000
- Host script results:
- |_clock-skew: mean: -8h10m59s, deviation: 0s, median: -8h10m59s
- | ms-sql-info:
- | Windows server name: DJ
- | 10.11.1.128\MSSQLSERVER:
- | Instance name: MSSQLSERVER
- | Version:
- | Service pack level: RTM
- | Product: Microsoft SQL Server 2000
- | name: Microsoft SQL Server 2000 RTM
- | number: 8.00.194.00
- | Post-SP patches applied: false
- | TCP port: 27900
- | Named pipe: \\10.11.1.128\pipe\sql\query
- |_ Clustered: false
- | nbstat: NetBIOS name: DJ, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:45:00 (VMware)
- | Names:
- | DJ<00> Flags: <unique><active>
- | DJ<20> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- | INet~Services<1c> Flags: <group><active>
- | WORKGROUP<1e> Flags: <group><active>
- | DJ<03> Flags: <unique><active>
- |_ IS~DJ<00> Flags: <unique><active>
- | smb-os-discovery:
- | OS: Windows 2000 (Windows 2000 LAN Manager)
- | OS CPE: cpe:/o:microsoft:windows_2000::-
- | Computer name: dj
- | NetBIOS computer name: DJ
- | Workgroup: WORKGROUP
- |_ System time: 2017-02-13T17:57:15+02:00
- | smb-security-mode:
- | account_used: guest
- | authentication_level: user
- | challenge_response: supported
- |_ message_signing: disabled (dangerous, but default)
- |_smbv2-enabled: Server doesn't support SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 90.99 ms 10.11.1.128
- Nmap scan report for 10.11.1.133
- Host is up (0.087s latency).
- Not shown: 930 filtered ports, 69 closed ports
- PORT STATE SERVICE VERSION
- 80/tcp open tcpwrapped
- MAC Address: 00:50:56:89:2C:F4 (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=80%CT=21%CU=43569%PV=Y%DS=1%DC=D%G=Y%M=00
- OS:5056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=C9%GCD=1%ISR=CA%TI=Z%TS=8)OP
- OS:S(O1=M529ST11NW5%O2=M529ST11NW5%O3=M529NNT11NW5%O4=M529ST11NW5%O5=M529ST
- OS:11NW5%O6=M529ST11)WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)EC
- OS:N(R=Y%DF=Y%T=80%W=16D0%O=M529NNSNW5%CC=Y%Q=)ECN(R=N)T1(R=Y%DF=Y%T=80%S=O
- OS:%A=S+%F=AS%RD=0%Q=)T1(R=N)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=80%W=0%S=Z%
- OS:A=S+%F=AR%O=%RD=0%Q=)T5(R=N)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=80%IPL=164%UN=0%
- OS:RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)U1(R=N)IE(R=Y%DFI=N%T=80%CD=S)IE(R=N)
- Network Distance: 1 hop
- TRACEROUTE
- HOP RTT ADDRESS
- 1 86.71 ms 10.11.1.133
- Nmap scan report for 10.11.1.136
- Host is up (0.090s latency).
- Not shown: 996 closed ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 4.3p2 Debian 9 (protocol 2.0)
- |_auth-owners: root
- | ssh-hostkey:
- | 1024 88:23:98:0d:9d:8a:20:59:35:b8:14:12:14:d5:d0:44 (DSA)
- |_ 2048 6b:5d:04:71:76:78:56:96:56:92:a8:02:30:73:ee:fa (RSA)
- 113/tcp open ident
- |_auth-owners: identd
- 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: LOCAL)
- |_auth-owners: root
- 445/tcp open netbios-ssn Samba smbd 3.0.24 (workgroup: LOCAL)
- |_auth-owners: root
- MAC Address: 00:50:56:89:12:6E (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=39906%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=CC%GCD=1%ISR=CB%TI=Z%TS=8)SEQ
- OS:(SP=CC%GCD=1%ISR=CB%TI=Z%II=I%TS=8)OPS(O1=M529ST11NW6%O2=M529ST11NW6%O3=
- OS:M529NNT11NW6%O4=M529ST11NW6%O5=M529ST11NW6%O6=M529ST11)WIN(W1=16A0%W2=16
- OS:A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0%O=M529NNSNW6
- OS:%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(
- OS:R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=4
- OS:0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
- Uptime guess: 4.757 days (since Wed Feb 8 22:01:54 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=204 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- Host script results:
- |_clock-skew: mean: -6h29m33s, deviation: 0s, median: -6h29m33s
- | nbstat: NetBIOS name: SUFFERANCE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
- | Names:
- | SUFFERANCE<00> Flags: <unique><active>
- | SUFFERANCE<03> Flags: <unique><active>
- | SUFFERANCE<20> Flags: <unique><active>
- | \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
- | THINC.LOCAL<1d> Flags: <unique><active>
- | THINC.LOCAL<1e> Flags: <group><active>
- |_ THINC.LOCAL<00> Flags: <group><active>
- | smb-os-discovery:
- | OS: Unix (Samba 3.0.24)
- | NetBIOS computer name:
- | Workgroup: THINC.LOCAL
- |_ System time: 2017-02-13T12:38:41-05:00
- | smb-security-mode:
- | account_used: guest
- | authentication_level: share (dangerous)
- | challenge_response: supported
- |_ message_signing: disabled (dangerous, but default)
- |_smbv2-enabled: Server doesn't support SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 90.03 ms 10.11.1.136
- Nmap scan report for 10.11.1.141
- Host is up (0.088s latency).
- Not shown: 997 closed ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 4.0 (protocol 2.0)
- | ssh-hostkey:
- | 1024 fe:cd:bb:f6:36:d4:59:62:92:b4:10:e4:75:04:43:54 (DSA)
- |_ 1024 9a:99:25:75:ac:04:e5:f9:f7:21:c6:f5:88:4f:12:6a (RSA)
- 111/tcp open rpcbind 2 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2 111/tcp rpcbind
- |_ 100000 2 111/udp rpcbind
- 10000/tcp open http MiniServ 0.01 (Webmin httpd)
- |_http-favicon: Unknown favicon MD5: 1F4BAEFFD3C738F5BEDC24B7B6B43285
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
- MAC Address: 00:50:56:89:26:49 (VMware)
- Device type: firewall|general purpose|proxy server|WAP|PBX|media device|broadband router
- Running (JUST GUESSING): Linux 2.6.X (93%), Cisco embedded (93%), Riverbed embedded (93%), Ruckus embedded (91%), FreeBSD 6.X (89%), Sony embedded (88%), Zhone embedded (88%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/h:cisco:sa520 cpe:/h:riverbed:steelhead_200 cpe:/h:ruckus:7363 cpe:/h:cisco:uc320w cpe:/o:freebsd:freebsd:6.2
- Aggressive OS guesses: Cisco SA520 firewall (Linux 2.6) (93%), Linux 2.6.9 - 2.6.27 (93%), Riverbed Steelhead 200 proxy server (93%), Linux 2.6.9 (92%), Linux 2.6.28 (91%), Linux 2.6.30 (91%), Linux 2.6.9 (CentOS 4.4) (91%), Ruckus 7363 WAP (91%), Linux 2.6.11 (90%), Linux 2.6.32 (90%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 4.845 days (since Wed Feb 8 19:54:54 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=202 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE
- HOP RTT ADDRESS
- 1 88.21 ms 10.11.1.141
- Nmap scan report for 10.11.1.145
- Host is up (0.091s latency).
- Not shown: 995 filtered ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
- 445/tcp open microsoft-ds Windows Server (R) 2008 Standard 6001 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- | ssl-cert: Subject: commonName=HELPDESK
- | Issuer: commonName=HELPDESK
- | Public Key type: rsa
- | Public Key bits: 2048.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2017-01-05T08:51:02
- | Not valid after: 2017-07-07T08:51:02
- | MD5: f7ab 51e6 d8b1 f3da a990 e568 c8ca 5503
- |_SHA-1: c274 35cb ec57 9f01 160a 7e11 38ad d308 5172 f10e
- |_ssl-date: 2017-02-13T15:16:59+00:00; -8h50m54s from scanner time.
- 8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: Apache-Coyote/1.1
- |_http-title: ManageEngine ServiceDesk Plus
- MAC Address: 00:50:56:89:1F:35 (VMware)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|phone|specialized
- Running (JUST GUESSING): Microsoft Windows 8|Phone|2008|8.1|7|Vista|2012 (92%)
- OS CPE: cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2012
- Aggressive OS guesses: Microsoft Windows 8.1 Update 1 (92%), Microsoft Windows Phone 7.5 or 8.0 (92%), Microsoft Windows Server 2008 R2 (91%), Microsoft Windows Server 2008 R2 or Windows 8.1 (91%), Microsoft Windows Server 2008 R2 SP1 or Windows 8 (91%), Microsoft Windows 7 (91%), Microsoft Windows 7 Professional or Windows 8 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 R2 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 SP2 or 2008 R2 SP1 (91%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (91%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 0.208 days (since Mon Feb 13 11:11:47 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=262 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: Host: HELPDESK; OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- |_clock-skew: mean: -8h50m54s, deviation: 0s, median: -8h50m54s
- | nbstat: NetBIOS name: HELPDESK, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:1f:35 (VMware)
- | Names:
- | HELPDESK<00> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- |_ HELPDESK<20> Flags: <unique><active>
- | smb-os-discovery:
- | OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)
- | OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
- | Computer name: HELPDESK
- | NetBIOS computer name: HELPDESK
- | Workgroup: WORKGROUP
- |_ System time: 2017-02-13T07:17:21-08:00
- | smb-security-mode:
- | account_used: guest
- | authentication_level: user
- | challenge_response: supported
- |_ message_signing: disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 90.86 ms 10.11.1.145
- Nmap scan report for 10.11.1.146
- Host is up (0.12s latency).
- Not shown: 998 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp ProFTPD 1.3.3a
- 22/tcp open ssh OpenSSH 5.5p1 Debian 6 (protocol 2.0)
- | ssh-hostkey:
- | 1024 bb:1e:db:11:2a:c7:90:96:e8:0f:f1:ce:aa:14:6a:c1 (DSA)
- |_ 2048 67:62:39:ab:ef:7b:2d:e2:70:18:fd:7d:3d:65:bf:c7 (RSA)
- MAC Address: 00:50:56:89:3B:24 (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=21%CT=1%CU=43423%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=C9%GCD=1%ISR=CA%TI=Z%II=I%TS=
- OS:8)SEQ(SP=CD%GCD=1%ISR=CC%TI=Z%TS=8)OPS(O1=M529ST11NW5%O2=M529ST11NW5%O3=
- OS:M529NNT11NW5%O4=M529ST11NW5%O5=M529ST11NW5%O6=M529ST11)WIN(W1=16A0%W2=16
- OS:A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0%O=M529NNSNW5
- OS:%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(
- OS:R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=4
- OS:0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
- Uptime guess: 4.879 days (since Wed Feb 8 19:06:40 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=206 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
- TRACEROUTE
- HOP RTT ADDRESS
- 1 116.00 ms 10.11.1.146
- Nmap scan report for 10.11.1.202
- Host is up (0.090s latency).
- Not shown: 982 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Microsoft ftpd 5.0
- |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
- 80/tcp open http Microsoft IIS httpd 5.0
- | http-methods:
- | Supported Methods: OPTIONS TRACE GET HEAD COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT POST MOVE MKCOL PROPPATCH
- |_ Potentially risky methods: TRACE COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT MOVE MKCOL PROPPATCH
- | http-ntlm-info:
- | Target_Name: ACME
- | NetBIOS_Domain_Name: ACME
- | NetBIOS_Computer_Name: ORACLE
- | DNS_Domain_Name: acme.local
- | DNS_Computer_Name: oracle.acme.local
- |_ Product_Version: 5.0.2195
- |_http-server-header: Microsoft-IIS/5.0
- |_http-title: Under Construction
- |_http-webdav-scan: ERROR: Script execution failed (use -d to debug)
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
- 443/tcp open https?
- 445/tcp open microsoft-ds Windows 2000 microsoft-ds
- 1030/tcp open msrpc Microsoft Windows RPC
- 1032/tcp open msrpc Microsoft Windows RPC
- 1033/tcp open msrpc Microsoft Windows RPC
- 1038/tcp open oracle Oracle Database
- 1521/tcp open oracle-tns Oracle TNS Listener 9.2.0.1.0 (for 32-bit Windows)
- 2030/tcp open oracle-mts Oracle MTS Recovery Service
- 2100/tcp open ftp Oracle Enterprise XML DB ftpd 9.2.0.1.0
- 3372/tcp open msdtc Microsoft Distributed Transaction Coordinator
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- 4443/tcp open ssl/http Oracle HTTP Server Powered by Apache 1.3.22 (mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12 mod_oprocmgr/1.0 mod_perl/1.25)
- |_hadoop-datanode-info:
- |_hadoop-jobtracker-info:
- |_hadoop-tasktracker-info:
- |_hbase-master-info:
- |_http-generator: Mozilla/4.72 [en] (WinNT; U) [Netscape]
- | http-methods:
- | Supported Methods: GET HEAD OPTIONS TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Oracle HTTP Server Powered by Apache/1.3.22 (Win32) mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12 mod_oprocmgr/1.0 mod_perl/1.25
- |_http-title: Oracle HTTP Server Index
- | ssl-cert: Subject: commonName=NOT SECURE!!!/organizationName=ORACLE DEMO CERTIFICATE/stateOrProvinceName=oregon/countryName=us
- | Issuer: commonName=GET A NEW CERTIFICATE!!/organizationName=ORACLE DEMO CA/stateOrProvinceName=oregon/countryName=us
- | Public Key type: rsa
- | Public Key bits: 1024.0
- | Signature Algorithm: md5WithRSAEncryption
- | Not valid before: 2000-06-27T23:32:42
- | Not valid after: 2027-11-13T23:32:42
- | MD5: 2f08 d58e d75b 463f 9b6e 8a69 edf9 3bbf
- |_SHA-1: 0e94 5a51 36ea e406 fccf 096c da78 828a d552 b6c1
- |_ssl-date: 2017-02-13T16:05:06+00:00; -8h01m54s from scanner time.
- | sslv2:
- | SSLv2 supported
- | ciphers:
- | SSL2_RC4_128_WITH_MD5
- | SSL2_RC4_64_WITH_MD5
- | SSL2_DES_64_CBC_WITH_MD5
- | SSL2_DES_192_EDE3_CBC_WITH_MD5
- |_ SSL2_RC4_128_EXPORT40_WITH_MD5
- 7778/tcp open http Oracle HTTP Server Powered by Apache 1.3.22 (mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12 mod_oprocmgr/1.0 mod_perl/1.25)
- |_hadoop-datanode-info:
- |_hadoop-jobtracker-info:
- |_hadoop-tasktracker-info:
- |_hbase-master-info:
- |_http-generator: Mozilla/4.72 [en] (WinNT; U) [Netscape]
- | http-methods:
- | Supported Methods: GET HEAD OPTIONS TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Oracle HTTP Server Powered by Apache/1.3.22 (Win32) mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12 mod_oprocmgr/1.0 mod_perl/1.25
- |_http-title: Oracle HTTP Server Index
- 8080/tcp open http Oracle XML DB Enterprise Edition httpd 9.2.0.1.0 (Oracle9i Enterprise Edition Release)
- | http-auth:
- | HTTP/1.1 401 Unauthorized
- |_ Basic realm=XDB
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
- |_http-title: 401 Unauthorized
- MAC Address: 00:50:56:89:3A:6A (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=21%CT=1%CU=35552%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=FE%GCD=1%ISR=10D%TI=I%TS=0)SE
- OS:Q(SP=FD%GCD=1%ISR=10D%TS=0)SEQ(SP=FD%GCD=1%ISR=10D%TI=I%II=I%SS=S%TS=0)O
- OS:PS(O1=M529NW0NNT00NNS%O2=M529NW0NNT00NNS%O3=M529NW0NNT00%O4=M529NW0NNT00
- OS:NNS%O5=M529NW0NNT00NNS%O6=M529NNT00NNS)WIN(W1=FAF0%W2=FAF0%W3=FAF0%W4=FA
- OS:F0%W5=FAF0%W6=FAF0)ECN(R=Y%DF=Y%T=80%W=FAF0%O=M529NW0NNS%CC=N%Q=)T1(R=Y%
- OS:DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=N%T=80%W=
- OS:0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=80%IPL=38%UN=0%RI
- OS:PL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=S%T=80%CD=Z)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=253 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: Host: oracle; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_2000
- Host script results:
- |_clock-skew: mean: -8h01m54s, deviation: 0s, median: -8h01m54s
- | nbstat: NetBIOS name: ORACLE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:3a:6a (VMware)
- | Names:
- | ORACLE<00> Flags: <unique><active>
- | ACME<00> Flags: <group><active>
- | ORACLE<03> Flags: <unique><active>
- | ORACLE<20> Flags: <unique><active>
- | ACME<1e> Flags: <group><active>
- | INet~Services<1c> Flags: <group><active>
- | IS~ORACLE<00> Flags: <unique><active>
- | ACME<1d> Flags: <unique><active>
- |_ \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
- | smb-os-discovery:
- | OS: Windows 2000 (Windows 2000 LAN Manager)
- | OS CPE: cpe:/o:microsoft:windows_2000::-
- | Computer name: oracle
- | NetBIOS computer name: ORACLE
- | Domain name: acme.local
- | FQDN: oracle.acme.local
- |_ System time: 2017-02-13T18:06:21+02:00
- | smb-security-mode:
- | account_used: guest
- | authentication_level: user
- | challenge_response: supported
- |_ message_signing: disabled (dangerous, but default)
- |_smbv2-enabled: Server doesn't support SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 90.44 ms 10.11.1.202
- Nmap scan report for 10.11.1.209
- Host is up (0.091s latency).
- Not shown: 995 closed ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh SunSSH 1.1.5 (protocol 2.0)
- | ssh-hostkey:
- | 1024 b0:d1:14:4f:d2:43:20:e4:90:f7:ca:e3:8a:36:39:86 (DSA)
- |_ 1024 dd:36:f6:09:23:4c:c4:c3:44:d6:6e:2f:6a:ff:b3:12 (RSA)
- 80/tcp open http Apache httpd 1.3.41 ((Unix) mod_perl/1.31)
- | http-methods:
- | Supported Methods: GET HEAD OPTIONS TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Apache/1.3.41 (Unix) mod_perl/1.31
- |_http-title: Test Page for the SSL/TLS-aware Apache Installation on Web Site
- 111/tcp open rpcbind 2-4 (RPC #100000)
- 8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
- |_ajp-methods: Failed to get a valid response for the OPTION request
- 8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1
- |_http-favicon: Apache Tomcat
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: Apache-Coyote/1.1
- |_http-title: Apache Tomcat/5.5.35
- MAC Address: 00:50:56:89:76:47 (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=40107%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=9D%GCD=1%ISR=A4%TI=I%TS=7)OPS
- OS:(O1=NNT11M529NW0NNS%O2=NNT11M529NW0NNS%O3=NNT11M529NW0%O4=NNT11M529NW0NN
- OS:S%O5=NNT11M529NW0NNS%O6=NNT11M529NNS)WIN(W1=C24E%W2=C24E%W3=C1CC%W4=C068
- OS:%W5=C068%W6=C0B7)ECN(R=Y%DF=Y%T=3C%W=C416%O=M529NW0NNS%CC=Y%Q=)T1(R=Y%DF
- OS:=Y%T=3C%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%
- OS:S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=Y%T=FF%IPL=70%UN=0%RIPL
- OS:=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=Y%T=FF%CD=S)
- Uptime guess: 0.466 days (since Mon Feb 13 05:00:20 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=132 (Good luck!)
- IP ID Sequence Generation: Incremental
- TRACEROUTE
- HOP RTT ADDRESS
- 1 90.76 ms 10.11.1.209
- Nmap scan report for 10.11.1.217
- Host is up (0.091s latency).
- Not shown: 989 closed ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
- | ssh-hostkey:
- | 1024 1a:f6:e5:4c:f5:65:5c:a3:79:ce:e1:30:f9:5a:9c:af (DSA)
- |_ 2048 b1:9e:c8:ea:eb:4c:fc:55:cb:1e:4d:4c:40:6e:80:f2 (RSA)
- 25/tcp open smtp?
- |_smtp-commands: hotline.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
- 80/tcp open http Apache httpd 2.2.3
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: Apache/2.2.3 (CentOS)
- |_http-title: Did not follow redirect to https://10.11.1.217/
- 110/tcp open pop3?
- 111/tcp open rpcbind 2 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2 111/tcp rpcbind
- | 100000 2 111/udp rpcbind
- | 100024 1 883/udp status
- |_ 100024 1 886/tcp status
- 143/tcp open imap?
- 443/tcp open ssl/http Apache httpd 2.2.3 ((CentOS))
- |_http-favicon: Unknown favicon MD5: 80DCC71362B27C7D0E608B0890C05E9F
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- | http-robots.txt: 1 disallowed entry
- |_/
- |_http-server-header: Apache/2.2.3 (CentOS)
- |_http-title: Elastix - Login page
- | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
- | Issuer: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
- | Public Key type: rsa
- | Public Key bits: 1024.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2012-03-23T19:29:13
- | Not valid after: 2013-03-23T19:29:13
- | MD5: f41c e874 ef3c f28d dd80 9345 c005 3209
- |_SHA-1: c443 1924 35ea d598 03bf cc15 40e9 8611 5e84 5491
- |_ssl-date: 2017-02-14T00:40:40+00:00; +32m35s from scanner time.
- 993/tcp open imaps?
- 995/tcp open pop3s?
- 3306/tcp open mysql?
- |_mysql-info: ERROR: Script execution failed (use -d to debug)
- 4445/tcp open upnotifyp?
- MAC Address: 00:50:56:89:12:FF (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=34890%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=BC%GCD=1%ISR=CA%TI=Z%TS=A)SEQ
- OS:(SP=C1%GCD=1%ISR=CB%TI=Z%II=I%TS=A)OPS(O1=M529ST11NW7%O2=M529ST11NW7%O3=
- OS:M529NNT11NW7%O4=M529ST11NW7%O5=M529ST11NW7%O6=M529ST11)WIN(W1=16A0%W2=16
- OS:A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0%O=M529NNSNW7
- OS:%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(
- OS:R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=4
- OS:0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
- Uptime guess: 1.992 days (since Sat Feb 11 16:24:05 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=193 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: Host: 127.0.0.1
- Host script results:
- |_clock-skew: mean: 32m35s, deviation: 0s, median: 32m35s
- TRACEROUTE
- HOP RTT ADDRESS
- 1 91.40 ms 10.11.1.217
- Nmap scan report for 10.11.1.218
- Host is up (0.091s latency).
- Not shown: 992 closed ports
- PORT STATE SERVICE VERSION
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
- 445/tcp open microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: THINC)
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- | ssl-cert: Subject: commonName=observer.thinc.local
- | Issuer: commonName=observer.thinc.local
- | Public Key type: rsa
- | Public Key bits: 2048.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2013-12-27T07:37:42
- | Not valid after: 2014-06-28T07:37:42
- | MD5: 1e62 a134 7e36 616c d92f 7676 3e01 5482
- |_SHA-1: 4436 c6bd 0149 4b00 fc09 82b0 5884 9697 fd61 b994
- |_ssl-date: 2013-12-28T07:37:30+00:00; -3y47d16h30m10s from scanner time.
- 49152/tcp open msrpc Microsoft Windows RPC
- 49153/tcp open msrpc Microsoft Windows RPC
- 49154/tcp open msrpc Microsoft Windows RPC
- 49155/tcp open msrpc Microsoft Windows RPC
- MAC Address: 00:50:56:89:75:3A (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=135%CT=1%CU=33106%PV=Y%DS=1%DC=D%G=Y%M=00
- OS:5056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=104%GCD=1%ISR=109%TI=I%TS=7)
- OS:OPS(O1=M529NW8ST11%O2=M529NW8ST11%O3=M529NW8NNT11%O4=M529NW8ST11%O5=M529
- OS:NW8ST11%O6=M529ST11)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
- OS:ECN(R=Y%DF=Y%T=80%W=2000%O=M529NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%
- OS:F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%
- OS:RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G
- OS:%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=80%CD=Z)
- Uptime guess: 1.362 days (since Sun Feb 12 07:30:23 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=260 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: Host: OBSERVER; OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- |_clock-skew: mean: -1143d16h30m40s, deviation: 42s, median: -1143d16h31m09s
- | nbstat: NetBIOS name: OBSERVER, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:75:3a (VMware)
- | Names:
- | OBSERVER<00> Flags: <unique><active>
- | THINC<00> Flags: <group><active>
- | OBSERVER<20> Flags: <unique><active>
- |_ THINC<1e> Flags: <group><active>
- | smb-os-discovery:
- | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
- | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
- | Computer name: observer
- | NetBIOS computer name: OBSERVER
- | Domain name: thinc.local
- | Forest name: thinc.local
- | FQDN: observer.thinc.local
- |_ System time: 2013-12-27T23:37:06-08:00
- | smb-security-mode:
- | account_used: guest
- | authentication_level: user
- | challenge_response: supported
- |_ message_signing: disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 91.35 ms 10.11.1.218
- Nmap scan report for 10.11.1.219
- Host is up (0.090s latency).
- Not shown: 999 filtered ports
- PORT STATE SERVICE VERSION
- 80/tcp open http Apache httpd
- | http-methods:
- |_ Supported Methods: OPTIONS GET HEAD POST
- |_http-server-header: Apache
- |_http-title: Apache2 Ubuntu Default Page: It works
- MAC Address: 00:50:56:89:1C:CE (VMware)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose
- Running (JUST GUESSING): Linux 3.X|4.X (90%)
- OS CPE: cpe:/o:linux:linux_kernel:3.16 cpe:/o:linux:linux_kernel:4
- Aggressive OS guesses: Linux 3.16 (90%), Linux 3.11 - 4.1 (89%), Linux 3.2.0 (87%), Linux 3.13 (86%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 0.543 days (since Mon Feb 13 03:10:27 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE
- HOP RTT ADDRESS
- 1 89.83 ms 10.11.1.219
- Nmap scan report for 10.11.1.220
- Host is up (0.092s latency).
- Not shown: 980 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp FileZilla ftpd 0.9.34 beta
- 53/tcp open domain Microsoft DNS 6.1.7601
- | dns-nsid:
- |_ bind.version: Microsoft DNS 6.1.7601 (1DB1446A)
- 88/tcp open tcpwrapped
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
- 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: thinc.local, Site: Default-First-Site-Name)
- 445/tcp open microsoft-ds Windows Server 2008 R2 Standard 7601 Service Pack 1 microsoft-ds (workgroup: THINC)
- 464/tcp open kpasswd5?
- 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
- 636/tcp open tcpwrapped
- 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: thinc.local, Site: Default-First-Site-Name)
- 3269/tcp open tcpwrapped
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- | ssl-cert: Subject: commonName=master.thinc.local
- | Issuer: commonName=master.thinc.local
- | Public Key type: rsa
- | Public Key bits: 2048.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2013-12-27T07:37:00
- | Not valid after: 2014-06-28T07:37:00
- | MD5: 62f5 9691 3337 f479 c365 dcb7 752b 8c20
- |_SHA-1: f1ea 4aa6 5ff1 4ee5 308f 55c7 30ed 5cfc e37a 63f2
- |_ssl-date: 2013-12-28T07:37:20+00:00; -3y47d16h29m16s from scanner time.
- 49152/tcp open msrpc Microsoft Windows RPC
- 49153/tcp open msrpc Microsoft Windows RPC
- 49154/tcp open msrpc Microsoft Windows RPC
- 49155/tcp open msrpc Microsoft Windows RPC
- 49157/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
- 49158/tcp open msrpc Microsoft Windows RPC
- 49167/tcp open msrpc Microsoft Windows RPC
- MAC Address: 00:50:56:89:18:E8 (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=21%CT=1%CU=38483%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=109%TI=I%II=I%S
- OS:S=O%TS=7)SEQ(SP=104%GCD=1%ISR=10B%TI=I%II=I%TS=7)SEQ(SP=104%GCD=1%ISR=10
- OS:B%TI=I%TS=7)OPS(O1=M529NW8ST11%O2=M529NW8ST11%O3=M529NW8NNT11%O4=M529NW8
- OS:ST11%O5=M529NW8ST11%O6=M529ST11)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2
- OS:000%W6=2000)ECN(R=Y%DF=Y%T=80%W=2000%O=M529NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=
- OS:80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=80%W=0%S=Z%A
- OS:=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=80%IPL=164%UN=0%RIPL=G%R
- OS:ID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=80%CD=Z)
- Uptime guess: 1.084 days (since Sun Feb 12 14:10:47 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=260 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: Host: MASTER; OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- |_clock-skew: mean: -1143d16h30m15s, deviation: 1m23s, median: -1143d16h31m14s
- | nbstat: NetBIOS name: MASTER, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:18:e8 (VMware)
- | Names:
- | MASTER<00> Flags: <unique><active>
- | THINC<00> Flags: <group><active>
- | THINC<1c> Flags: <group><active>
- | MASTER<20> Flags: <unique><active>
- |_ THINC<1b> Flags: <unique><active>
- | smb-os-discovery:
- | OS: Windows Server 2008 R2 Standard 7601 Service Pack 1 (Windows Server 2008 R2 Standard 6.1)
- | OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
- | Computer name: master
- | NetBIOS computer name: MASTER
- | Domain name: thinc.local
- | Forest name: thinc.local
- | FQDN: master.thinc.local
- |_ System time: 2013-12-27T23:37:02-08:00
- | smb-security-mode:
- | account_used: guest
- | authentication_level: user
- | challenge_response: supported
- |_ message_signing: required
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 91.93 ms 10.11.1.220
- Nmap scan report for 10.11.1.221
- Host is up (0.091s latency).
- Not shown: 989 closed ports
- PORT STATE SERVICE VERSION
- 53/tcp open domain Microsoft DNS 6.0.6001
- | dns-nsid:
- |_ bind.version: Microsoft DNS 6.0.6001 (17714650)
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
- 445/tcp open microsoft-ds Windows Server (R) 2008 Standard 6001 Service Pack 1 microsoft-ds (workgroup: THINC)
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- | ssl-cert: Subject: commonName=slave.thinc.local
- | Issuer: commonName=slave.thinc.local
- | Public Key type: rsa
- | Public Key bits: 2048.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2013-12-26T21:08:51
- | Not valid after: 2014-06-27T21:08:51
- | MD5: 7497 ea3d a2eb 1024 985b cd6f 3da9 a328
- |_SHA-1: 6651 22ed 3481 a56f c06d 1f97 3d15 78c6 770d caf3
- |_ssl-date: 2013-12-28T07:37:10+00:00; -3y47d16h30m55s from scanner time.
- 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
- |_http-server-header: Microsoft-HTTPAPI/2.0
- |_http-title: Service Unavailable
- 49152/tcp open msrpc Microsoft Windows RPC
- 49153/tcp open msrpc Microsoft Windows RPC
- 49154/tcp open msrpc Microsoft Windows RPC
- 49155/tcp open msrpc Microsoft Windows RPC
- 49165/tcp open msrpc Microsoft Windows RPC
- MAC Address: 00:50:56:89:21:7D (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=53%CT=1%CU=42249%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=107%TI=I%II=I%S
- OS:S=S%TS=7)SEQ(SP=105%GCD=1%ISR=107%TI=I%TS=7)OPS(O1=M529NW8ST11%O2=M529NW
- OS:8ST11%O3=M529NW8NNT11%O4=M529NW8ST11%O5=M529NW8ST11%O6=M529ST11)WIN(W1=2
- OS:000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)ECN(R=Y%DF=Y%T=80%W=2000%O=M
- OS:529NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T
- OS:4(R=N)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y
- OS:%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T
- OS:=80%CD=Z)
- Uptime guess: 0.360 days (since Mon Feb 13 07:33:02 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: Host: SLAVE; OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- |_clock-skew: mean: -1143d16h30m55s, deviation: 0s, median: -1143d16h30m55s
- | nbstat: NetBIOS name: SLAVE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:21:7d (VMware)
- | Names:
- | SLAVE<00> Flags: <unique><active>
- | THINC<00> Flags: <group><active>
- |_ SLAVE<20> Flags: <unique><active>
- | smb-os-discovery:
- | OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)
- | OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
- | Computer name: slave
- | NetBIOS computer name: SLAVE
- | Domain name: thinc.local
- | Forest name: thinc.local
- | FQDN: slave.thinc.local
- |_ System time: 2013-12-27T23:37:21-08:00
- | smb-security-mode:
- | account_used: guest
- | authentication_level: user
- | challenge_response: supported
- |_ message_signing: disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 91.47 ms 10.11.1.221
- Nmap scan report for 10.11.1.223
- Host is up (0.092s latency).
- Not shown: 987 closed ports
- PORT STATE SERVICE VERSION
- 80/tcp open http Apache httpd 2.2.14 (DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
- | http-methods:
- | Supported Methods: GET HEAD POST OPTIONS TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
- |_http-title: Index of /
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
- 443/tcp open ssl/http Apache httpd 2.2.14 ((Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
- | http-methods:
- | Supported Methods: GET HEAD POST OPTIONS TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
- |_http-title: Index of /
- | ssl-cert: Subject: commonName=localhost
- | Issuer: commonName=localhost
- | Public Key type: rsa
- | Public Key bits: 1024.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2009-11-10T23:48:47
- | Not valid after: 2019-11-08T23:48:47
- | MD5: a0a4 4cc9 9e84 b26f 9e63 9f9e d229 dee0
- |_SHA-1: b023 8c54 7a90 5bfa 119c 4e8b acca eacf 3649 1ff6
- |_ssl-date: 2017-02-13T15:18:41+00:00; -8h48m19s from scanner time.
- | sslv2:
- | SSLv2 supported
- | ciphers:
- | SSL2_RC4_128_WITH_MD5
- | SSL2_DES_64_CBC_WITH_MD5
- | SSL2_DES_192_EDE3_CBC_WITH_MD5
- | SSL2_RC4_128_EXPORT40_WITH_MD5
- | SSL2_RC2_128_CBC_WITH_MD5
- | SSL2_IDEA_128_CBC_WITH_MD5
- |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
- 445/tcp open microsoft-ds Windows Server (R) 2008 Standard 6001 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
- 3306/tcp open mysql?
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- | ssl-cert: Subject: commonName=Jeff
- | Issuer: commonName=Jeff
- | Public Key type: rsa
- | Public Key bits: 2048.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2017-02-12T09:53:27
- | Not valid after: 2017-08-14T09:53:27
- | MD5: 64fd 4d3e a9ce 4dc2 18b0 278e db2c 6860
- |_SHA-1: a583 1584 fcab 60f1 41dd c2c3 41f3 2528 5042 5a6f
- |_ssl-date: 2017-02-13T15:19:41+00:00; -8h48m19s from scanner time.
- 49152/tcp open msrpc Microsoft Windows RPC
- 49153/tcp open msrpc Microsoft Windows RPC
- 49154/tcp open msrpc Microsoft Windows RPC
- 49155/tcp open msrpc Microsoft Windows RPC
- 49156/tcp open msrpc Microsoft Windows RPC
- 49157/tcp open msrpc Microsoft Windows RPC
- MAC Address: 00:50:56:89:77:9C (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=80%CT=1%CU=38079%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=108%TI=I%II=I%S
- OS:S=S%TS=7)SEQ(SP=104%GCD=1%ISR=109%TI=I%TS=7)OPS(O1=M529NW8ST11%O2=M529NW
- OS:8ST11%O3=M529NW8NNT11%O4=M529NW8ST11%O5=M529NW8ST11%O6=M529ST11)WIN(W1=2
- OS:000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)ECN(R=Y%DF=Y%T=80%W=2000%O=M
- OS:529NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T
- OS:4(R=N)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y
- OS:%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T
- OS:=80%CD=Z)
- Uptime guess: 0.730 days (since Sun Feb 12 22:41:18 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=258 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: Hosts: localhost, JEFF; OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- |_clock-skew: mean: -8h48m19s, deviation: 0s, median: -8h48m19s
- | nbstat: NetBIOS name: JEFF, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:77:9c (VMware)
- | Names:
- | JEFF<00> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- |_ JEFF<20> Flags: <unique><active>
- | smb-os-discovery:
- | OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)
- | OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
- | Computer name: Jeff
- | NetBIOS computer name: JEFF
- | Workgroup: WORKGROUP
- |_ System time: 2017-02-13T07:19:57-08:00
- | smb-security-mode:
- | account_used: guest
- | authentication_level: user
- | challenge_response: supported
- |_ message_signing: disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 92.11 ms 10.11.1.223
- Nmap scan report for 10.11.1.226
- Host is up (0.088s latency).
- Not shown: 998 filtered ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp GuildFTPd
- | ftp-anon: Anonymous FTP login allowed (FTP code 230)
- | -rwxrw-rw- 1 root root 0 Dec 24 2009 AUTOEXEC.BAT [NSE: writeable]
- | -rwxrw-rw- 1 root root 0 Dec 24 2009 CONFIG.SYS [NSE: writeable]
- | drwxrw-rw- 1 root root 0 Sep 19 2011 Documents and Settings [NSE: writeable]
- | drwxrw-rw- 1 root root 0 Dec 24 2009 ftproot [NSE: writeable]
- | drwxrw-rw- 1 root root 0 Dec 27 2012 Program Files [NSE: writeable]
- | drwxrw-rw- 1 root root 0 Jun 16 2016 Python26 [NSE: writeable]
- | drwxrw-rw- 1 root root 0 Apr 20 2016 WINDOWS [NSE: writeable]
- |_drwxrw-rw- 1 root root 0 Dec 24 2009 wmpub [NSE: writeable]
- 3389/tcp closed ms-wbt-server
- MAC Address: 00:50:56:89:1C:D7 (VMware)
- Device type: general purpose|WAP
- Running (JUST GUESSING): Microsoft Windows 2003|2000|XP (92%), Apple embedded (89%), FreeBSD 6.X (85%)
- OS CPE: cpe:/o:microsoft:windows_server_2003::sp2 cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:freebsd:freebsd:6.2
- Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (92%), Apple AirPort Extreme WAP (89%), Microsoft Windows 2000 SP4 (89%), Microsoft Windows XP SP3 (89%), Microsoft Windows Server 2003 (87%), Microsoft Windows XP (87%), Microsoft Windows Server 2003 SP1 (86%), Microsoft Windows Server 2003 SP0 - SP2 (86%), Microsoft Windows Server 2003 SP1 or SP2 (86%), Microsoft Windows Server 2003 2 (86%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=257 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- TRACEROUTE
- HOP RTT ADDRESS
- 1 88.46 ms 10.11.1.226
- Nmap scan report for 10.11.1.227
- Host is up (0.092s latency).
- Not shown: 987 closed ports
- PORT STATE SERVICE VERSION
- 21/tcp open ftp Microsoft ftpd 5.0
- | ftp-anon: Anonymous FTP login allowed (FTP code 230)
- |_02-12-17 11:26PM <DIR> w00t4444
- 25/tcp open smtp Microsoft ESMTP 5.0.2195.5329
- | smtp-commands: jd.acme.local Hello [10.11.0.208], AUTH GSSAPI NTLM LOGIN, AUTH=LOGIN, TURN, ATRN, SIZE 2097152, ETRN, PIPELINING, DSN, ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, OK,
- |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ATRN ETRN BDAT VRFY
- | smtp-ntlm-info:
- | Target_Name: JD
- | NetBIOS_Domain_Name: JD
- | NetBIOS_Computer_Name: JD
- | DNS_Domain_Name: jd.acme.local
- | DNS_Computer_Name: jd.acme.local
- |_ Product_Version: 5.0.2195
- 80/tcp open http Microsoft IIS httpd 5.0
- | http-methods:
- | Supported Methods: OPTIONS TRACE GET HEAD COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT POST MOVE MKCOL PROPPATCH
- |_ Potentially risky methods: TRACE COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT MOVE MKCOL PROPPATCH
- | http-ntlm-info:
- | Target_Name: JD
- | NetBIOS_Domain_Name: JD
- | NetBIOS_Computer_Name: JD
- | DNS_Domain_Name: jd.acme.local
- | DNS_Computer_Name: jd.acme.local
- |_ Product_Version: 5.0.2195
- |_http-server-header: Microsoft-IIS/5.0
- |_http-title: Directory Listing Denied
- |_http-webdav-scan: ERROR: Script execution failed (use -d to debug)
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
- 443/tcp open https?
- 445/tcp open microsoft-ds Windows 2000 microsoft-ds
- 1025/tcp open msrpc Microsoft Windows RPC
- 1026/tcp open msrpc Microsoft Windows RPC
- 1063/tcp open msrpc Microsoft Windows RPC
- 3372/tcp open msdtc Microsoft Distributed Transaction Coordinator
- 5800/tcp open vnc-http RealVNC 4.0 (resolution: 400x250; VNC TCP port: 5900)
- | http-methods:
- |_ Supported Methods: GET HEAD
- |_http-server-header: RealVNC/4.0
- |_http-title: VNC viewer for Java
- 5900/tcp open vnc VNC (protocol 3.8)
- |_realvnc-auth-bypass: Vulnerable
- | vnc-info:
- | Protocol version: 3.8
- | Security types:
- |_ VNC Authentication (2)
- MAC Address: 00:50:56:89:0A:20 (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=21%CT=1%CU=34651%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=FD%GCD=2%ISR=104%TI=I%II=I%TS
- OS:=0)SEQ(SP=100%GCD=1%ISR=106%TI=I%TS=0)OPS(O1=M529NW0NNT00NNS%O2=M529NW0N
- OS:NT00NNS%O3=M529NW0NNT00%O4=M529NW0NNT00NNS%O5=M529NW0NNT00NNS%O6=M529NNT
- OS:00NNS)WIN(W1=FAF0%W2=FAF0%W3=FAF0%W4=FAF0%W5=FAF0%W6=FAF0)ECN(R=Y%DF=Y%T
- OS:=80%W=FAF0%O=M529NW0NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T
- OS:2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=N%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N
- OS:)T7(R=N)U1(R=Y%DF=N%T=80%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)I
- OS:E(R=Y%DFI=S%T=80%CD=Z)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=256 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: Host: jd.acme.local; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_2000
- Host script results:
- |_clock-skew: mean: -8h48m20s, deviation: 0s, median: -8h48m20s
- | ms-sql-info:
- | Windows server name: JD
- | 10.11.1.227\MSSQLSERVER:
- | Instance name: MSSQLSERVER
- | Version:
- | Service pack level: RTM
- | Product: Microsoft SQL Server 2000
- | name: Microsoft SQL Server 2000 RTM
- | number: 8.00.194.00
- | Post-SP patches applied: false
- | TCP port: 27900
- | Named pipe: \\10.11.1.227\pipe\sql\query
- |_ Clustered: false
- | nbstat: NetBIOS name: JD, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:0a:20 (VMware)
- | Names:
- | JD<00> Flags: <unique><active>
- | JD<20> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- | WORKGROUP<1e> Flags: <group><active>
- | JD<03> Flags: <unique><active>
- | INet~Services<1c> Flags: <group><active>
- |_ IS~JD<00> Flags: <unique><active>
- | smb-os-discovery:
- | OS: Windows 2000 (Windows 2000 LAN Manager)
- | OS CPE: cpe:/o:microsoft:windows_2000::-
- | Computer name: jd
- | NetBIOS computer name: JD
- | Workgroup: WORKGROUP
- |_ System time: 2017-02-13T17:19:57+02:00
- | smb-security-mode:
- | account_used: guest
- | authentication_level: user
- | challenge_response: supported
- |_ message_signing: disabled (dangerous, but default)
- |_smbv2-enabled: Server doesn't support SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 92.05 ms 10.11.1.227
- Nmap scan report for 10.11.1.229
- Host is up (0.091s latency).
- Not shown: 988 filtered ports
- PORT STATE SERVICE VERSION
- 21/tcp open tcpwrapped
- 23/tcp closed telnet
- 25/tcp open smtp hMailServer smtpd
- | smtp-commands: MAIL, SIZE 20480000, AUTH LOGIN,
- |_ 211 DATA HELO EHLO MAIL NOOP QUIT RCPT RSET SAML TURN VRFY
- 80/tcp open http Microsoft IIS httpd 6.0
- | http-methods:
- | Supported Methods: OPTIONS TRACE GET HEAD DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT POST
- |_ Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
- |_http-server-header: Microsoft-IIS/6.0
- |_http-title: 10.11.1.229 - /
- |_http-webdav-scan: ERROR: Script execution failed (use -d to debug)
- 110/tcp open pop3 hMailServer pop3d
- |_pop3-capabilities: ERROR: Script execution failed (use -d to debug)
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn Windows Server 2003 3790 Service Pack 1 netbios-ssn
- 143/tcp open imap hMailServer imapd
- |_imap-capabilities: SORT QUOTA IMAP4rev1 OK ACL completed IDLE CAPABILITY IMAP4 CHILDREN RIGHTS=texkA0001 NAMESPACE
- 443/tcp closed https
- 1025/tcp open msrpc Microsoft Windows RPC
- 2869/tcp closed icslap
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- MAC Address: 00:50:56:89:2D:8F (VMware)
- Device type: general purpose|media device
- Running (JUST GUESSING): Microsoft Windows 2003|XP|2000|PocketPC/CE (93%), Motorola embedded (86%)
- OS CPE: cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_ce:5.0 cpe:/h:motorola:vip1216
- Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (93%), Microsoft Windows XP SP3 (91%), Microsoft Windows XP (89%), Microsoft Windows Server 2003 SP1 (88%), Microsoft Windows Server 2003 SP0 - SP2 (88%), Microsoft Windows Server 2003 SP1 or SP2 (88%), Microsoft Windows Server 2003 (87%), Microsoft Windows 2000 SP4 (87%), Microsoft Windows 2003 (86%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (86%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: Host: MAIL; OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- |_clock-skew: mean: -6h30m16s, deviation: 0s, median: -6h30m16s
- | nbstat: NetBIOS name: MAIL, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:2d:8f (VMware)
- | Names:
- | MAIL<00> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- | MAIL<1f> Flags: <unique><active>
- | MAIL<03> Flags: <unique><active>
- | MAIL<20> Flags: <unique><active>
- |_ WORKGROUP<1e> Flags: <group><active>
- | smb-os-discovery:
- | OS: Windows Server 2003 3790 Service Pack 1 (Windows Server 2003 5.2)
- | OS CPE: cpe:/o:microsoft:windows_server_2003::sp1
- | Computer name: mail
- | NetBIOS computer name: MAIL
- | Workgroup: WORKGROUP
- |_ System time: 2017-02-13T11:38:01-06:00
- | smb-security-mode:
- | account_used: guest
- | authentication_level: user
- | challenge_response: supported
- |_ message_signing: disabled (dangerous, but default)
- |_smbv2-enabled: Server doesn't support SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 90.72 ms 10.11.1.229
- Nmap scan report for 10.11.1.230
- Host is up (0.092s latency).
- Not shown: 989 closed ports
- PORT STATE SERVICE VERSION
- 80/tcp open http GoAhead WebServer
- | http-methods:
- |_ Supported Methods: GET HEAD
- |_http-server-header: GoAhead-Webs
- | http-title: HP Power Manager
- |_Requested resource was http://10.11.1.230/index.asp
- 135/tcp open msrpc Microsoft Windows RPC
- 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
- 445/tcp open microsoft-ds Windows 7 Ultimate N 7600 microsoft-ds (workgroup: WORKGROUP)
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- | ssl-cert: Subject: commonName=kevin
- | Issuer: commonName=kevin
- | Public Key type: rsa
- | Public Key bits: 2048.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2017-02-13T00:48:27
- | Not valid after: 2017-08-15T00:48:27
- | MD5: b5af 6ba3 66c2 ba41 bf3f eef4 ceaf a669
- |_SHA-1: 6dff 1263 5560 1b97 2e45 3ce1 5713 e2f9 7b07 0898
- |_ssl-date: 2017-02-14T00:44:51+00:00; +36m46s from scanner time.
- 49152/tcp open msrpc Microsoft Windows RPC
- 49153/tcp open msrpc Microsoft Windows RPC
- 49154/tcp open msrpc Microsoft Windows RPC
- 49155/tcp open msrpc Microsoft Windows RPC
- 49156/tcp open msrpc Microsoft Windows RPC
- 49157/tcp open msrpc Microsoft Windows RPC
- MAC Address: 00:50:56:89:14:32 (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=80%CT=1%CU=32612%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=103%GCD=1%ISR=10A%TI=I%TS=7)O
- OS:PS(O1=M529NW8ST11%O2=M529NW8ST11%O3=M529NW8NNT11%O4=M529NW8ST11%O5=M529N
- OS:W8ST11%O6=M529ST11)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)E
- OS:CN(R=Y%DF=Y%T=80%W=2000%O=M529NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F
- OS:=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%R
- OS:D=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%
- OS:RUCK=G%RUD=G)IE(R=Y%DFI=N%T=80%CD=Z)
- Uptime guess: 0.013 days (since Mon Feb 13 15:53:22 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: Host: KEVIN; OS: Windows; CPE: cpe:/o:microsoft:windows
- Host script results:
- |_clock-skew: mean: 36m46s, deviation: 1s, median: 36m46s
- | nbstat: NetBIOS name: KEVIN, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:14:32 (VMware)
- | Names:
- | KEVIN<00> Flags: <unique><active>
- | WORKGROUP<00> Flags: <group><active>
- | KEVIN<20> Flags: <unique><active>
- |_ WORKGROUP<1e> Flags: <group><active>
- | smb-os-discovery:
- | OS: Windows 7 Ultimate N 7600 (Windows 7 Ultimate N 6.1)
- | OS CPE: cpe:/o:microsoft:windows_7::-
- | Computer name: kevin
- | NetBIOS computer name: KEVIN
- | Workgroup: WORKGROUP
- |_ System time: 2017-02-13T16:45:04-08:00
- | smb-security-mode:
- | account_used: guest
- | authentication_level: user
- | challenge_response: supported
- |_ message_signing: disabled (dangerous, but default)
- |_smbv2-enabled: Server supports SMBv2 protocol
- TRACEROUTE
- HOP RTT ADDRESS
- 1 91.81 ms 10.11.1.230
- Nmap scan report for 10.11.1.234
- Host is up (0.10s latency).
- Not shown: 998 closed ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu3 (Ubuntu Linux; protocol 2.0)
- | ssh-hostkey:
- | 1024 2c:83:67:02:29:20:87:99:87:55:95:92:6c:8d:a4:a3 (DSA)
- |_ 2048 6b:91:08:a8:c0:90:ac:68:bd:c9:cd:9c:be:69:2b:ac (RSA)
- 80/tcp open http Apache httpd 2.2.14 ((Ubuntu))
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: Apache/2.2.14 (Ubuntu)
- |_http-title: Business Statistics | New Server for Thinc's Business Sta...
- MAC Address: 00:50:56:89:40:FB (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=40347%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=C7%GCD=1%ISR=C7%TI=Z%II=I%TS=
- OS:8)SEQ(SP=C7%GCD=1%ISR=C8%TI=Z%TS=8)OPS(O1=M529ST11NW6%O2=M529ST11NW6%O3=
- OS:M529NNT11NW6%O4=M529ST11NW6%O5=M529ST11NW6%O6=M529ST11)WIN(W1=16A0%W2=16
- OS:A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0%O=M529NNSNW6
- OS:%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(
- OS:R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=4
- OS:0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
- Uptime guess: 0.269 days (since Mon Feb 13 09:45:01 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=199 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- TRACEROUTE
- HOP RTT ADDRESS
- 1 101.25 ms 10.11.1.234
- Nmap scan report for 10.11.1.237
- Host is up (0.092s latency).
- Not shown: 996 closed ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 6.0p1 Debian 4 (protocol 2.0)
- | ssh-hostkey:
- | 1024 fc:89:ba:50:c2:ea:2d:ab:b9:19:f1:f9:0a:b4:c0:5a (DSA)
- | 2048 de:2d:b8:bd:43:8a:c3:28:2b:d3:22:84:d0:6c:e0:9d (RSA)
- |_ 256 a5:58:4d:9d:e8:61:de:55:83:e2:71:6b:5d:ad:83:e2 (ECDSA)
- 80/tcp open http Apache httpd 2.2.22 ((Debian))
- | http-methods:
- |_ Supported Methods: POST OPTIONS GET HEAD
- |_http-server-header: Apache/2.2.22 (Debian)
- |_http-title: Site doesn't have a title (text/html).
- 111/tcp open rpcbind 2-4 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2,3,4 111/tcp rpcbind
- | 100000 2,3,4 111/udp rpcbind
- | 100024 1 46274/udp status
- |_ 100024 1 49234/tcp status
- 443/tcp open ssl/http Apache httpd 2.2.22 ((Debian))
- | http-methods:
- |_ Supported Methods: POST OPTIONS GET HEAD
- |_http-server-header: Apache/2.2.22 (Debian)
- |_http-title: Site doesn't have a title (text/html).
- | ssl-cert: Subject: commonName=localhost
- | Issuer: commonName=localhost
- | Public Key type: rsa
- | Public Key bits: 2048.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2013-12-26T16:25:05
- | Not valid after: 2023-12-24T16:25:05
- | MD5: 7ccb cc7f 3cd8 df1a 0ee9 0fe0 d5a6 1a8b
- |_SHA-1: 3a52 a856 cb8c 1391 4f2f 9192 9554 c3d5 0653 9a14
- |_ssl-date: 2017-02-13T15:18:44+00:00; -8h48m19s from scanner time.
- MAC Address: 00:50:56:89:0F:87 (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=35062%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=106%GCD=1%ISR=108%TI=Z%TS=8)O
- OS:PS(O1=M529ST11NW3%O2=M529ST11NW3%O3=M529NNT11NW3%O4=M529ST11NW3%O5=M529S
- OS:T11NW3%O6=M529ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)E
- OS:CN(R=Y%DF=Y%T=40%W=3908%O=M529NNSNW3%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F
- OS:=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%R
- OS:D=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%
- OS:RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
- Uptime guess: 1.241 days (since Sun Feb 12 10:25:10 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=263 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- Host script results:
- |_clock-skew: mean: -8h48m19s, deviation: 0s, median: -8h48m19s
- TRACEROUTE
- HOP RTT ADDRESS
- 1 92.06 ms 10.11.1.237
- Nmap scan report for 10.11.1.238
- Host is up (0.093s latency).
- Not shown: 996 closed ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 6.0p1 Debian 4 (protocol 2.0)
- | ssh-hostkey:
- | 1024 fc:89:ba:50:c2:ea:2d:ab:b9:19:f1:f9:0a:b4:c0:5a (DSA)
- | 2048 de:2d:b8:bd:43:8a:c3:28:2b:d3:22:84:d0:6c:e0:9d (RSA)
- |_ 256 a5:58:4d:9d:e8:61:de:55:83:e2:71:6b:5d:ad:83:e2 (ECDSA)
- 80/tcp open http Apache httpd 2.2.22 ((Debian))
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: Apache/2.2.22 (Debian)
- |_http-title: Site doesn't have a title (text/html).
- 111/tcp open rpcbind 2-4 (RPC #100000)
- | rpcinfo:
- | program version port/proto service
- | 100000 2,3,4 111/tcp rpcbind
- | 100000 2,3,4 111/udp rpcbind
- | 100024 1 52691/tcp status
- |_ 100024 1 54849/udp status
- 443/tcp open ssl/http Apache httpd 2.2.22 ((Debian))
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-server-header: Apache/2.2.22 (Debian)
- |_http-title: Site doesn't have a title (text/html).
- | ssl-cert: Subject: commonName=localhost
- | Issuer: commonName=localhost
- | Public Key type: rsa
- | Public Key bits: 2048.0
- | Signature Algorithm: sha1WithRSAEncryption
- | Not valid before: 2013-12-26T16:25:05
- | Not valid after: 2023-12-24T16:25:05
- | MD5: 7ccb cc7f 3cd8 df1a 0ee9 0fe0 d5a6 1a8b
- |_SHA-1: 3a52 a856 cb8c 1391 4f2f 9192 9554 c3d5 0653 9a14
- |_ssl-date: 2017-02-14T07:14:43+00:00; +7h07m21s from scanner time.
- MAC Address: 00:50:56:89:06:D8 (VMware)
- No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
- TCP/IP fingerprint:
- OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=40607%PV=Y%DS=1%DC=D%G=Y%M=005
- OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=109%TI=Z%II=I%T
- OS:S=8)SEQ(SP=105%GCD=1%ISR=109%TI=Z%TS=8)OPS(O1=M529ST11NW3%O2=M529ST11NW3
- OS:%O3=M529NNT11NW3%O4=M529ST11NW3%O5=M529ST11NW3%O6=M529ST11)WIN(W1=3890%W
- OS:2=3890%W3=3890%W4=3890%W5=3890%W6=3890)ECN(R=Y%DF=Y%T=40%W=3908%O=M529NN
- OS:SNW3%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N
- OS:)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N
- OS:%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%C
- OS:D=S)
- Uptime guess: 5.310 days (since Wed Feb 8 08:45:51 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=261 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- Host script results:
- |_clock-skew: mean: 7h07m21s, deviation: 0s, median: 7h07m21s
- TRACEROUTE
- HOP RTT ADDRESS
- 1 92.53 ms 10.11.1.238
- Nmap scan report for 10.11.1.247
- Host is up (0.087s latency).
- Not shown: 999 filtered ports
- PORT STATE SERVICE VERSION
- 3389/tcp open ms-wbt-server Microsoft Terminal Service
- MAC Address: 00:50:56:89:3F:A5 (VMware)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: WAP|general purpose
- Running (JUST GUESSING): Apple embedded (90%), Microsoft Windows XP|2000|2003 (89%), FreeBSD 6.X (85%)
- OS CPE: cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:freebsd:freebsd:6.2
- Aggressive OS guesses: Apple AirPort Extreme WAP (90%), Microsoft Windows XP SP3 (89%), Microsoft Windows 2000 SP4 (88%), Microsoft Windows Server 2003 SP2 (86%), Microsoft Windows XP (86%), FreeBSD 6.2-RELEASE (85%), FreeBSD 6.3-RELEASE (85%)
- No exact OS matches for host (test conditions non-ideal).
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=263 (Good luck!)
- IP ID Sequence Generation: Incremental
- Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
- TRACEROUTE
- HOP RTT ADDRESS
- 1 87.19 ms 10.11.1.247
- Nmap scan report for 10.11.1.251
- Host is up (0.090s latency).
- Not shown: 998 filtered ports
- PORT STATE SERVICE VERSION
- 22/tcp open ssh OpenSSH 5.1p1 Debian 5ubuntu1 (Ubuntu Linux; protocol 2.0)
- | ssh-hostkey:
- | 1024 fd:35:c0:66:fc:2a:d0:76:c0:33:55:21:cb:70:55:54 (DSA)
- |_ 2048 bf:e1:ee:61:60:a5:3d:28:0f:af:7d:85:0c:19:c5:8d (RSA)
- 80/tcp open http Apache httpd 2.2.11 ((Ubuntu) PHP/5.2.6-3ubuntu4.4 with Suhosin-Patch)
- | http-methods:
- | Supported Methods: GET HEAD POST OPTIONS TRACE
- |_ Potentially risky methods: TRACE
- |_http-server-header: Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.4 with Suhosin-Patch
- |_http-title: Site doesn't have a title (text/html).
- MAC Address: 00:50:56:89:6D:6E (VMware)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: general purpose|printer|broadband router|remote management|phone|firewall|VoIP phone|security-misc
- Running (JUST GUESSING): Linux 2.6.X|3.X (90%), Canon embedded (89%), D-Link embedded (89%), HP embedded (89%), Nokia Symbian OS (89%), Barracuda Networks embedded (89%), Linksys embedded (87%), Thomson embedded (87%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6.23 cpe:/h:canon:imagerunner_advance_c5051 cpe:/h:dlink:dsl-2540b cpe:/a:hp:onboard_administrator:2.04 cpe:/o:nokia:symbian_os cpe:/h:linksys:wrv200 cpe:/o:linux:linux_kernel:3.2.0
- Aggressive OS guesses: Linux 2.6.23 (90%), Linux 2.6.22 (Debian 4.0) (90%), Linux 2.6.24 (Debian) (90%), Linux 2.6.26 (90%), Canon imageRUNNER ADVANCE C5051 printer (89%), D-Link DSL-2540B ADSL router (89%), HP Onboard Administrator 2.04 (89%), HP Onboard Administrator 2.25 - 3.31 (89%), Linux 2.6.15 (Ubuntu) (89%), Linux 2.6.15 - 2.6.26 (likely embedded) (89%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 2.728 days (since Fri Feb 10 22:42:57 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=203 (Good luck!)
- IP ID Sequence Generation: All zeros
- Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
- TRACEROUTE
- HOP RTT ADDRESS
- 1 89.59 ms 10.11.1.251
- Nmap scan report for 10.11.1.252
- Host is up (0.089s latency).
- Not shown: 998 filtered ports
- PORT STATE SERVICE VERSION
- 8000/tcp open http Apache httpd 2.2.3 ((CentOS))
- | http-methods:
- |_ Supported Methods: GET HEAD POST OPTIONS
- |_http-open-proxy: Proxy might be redirecting requests
- |_http-server-header: Apache/2.2.3 (CentOS)
- | http-title: TimeClock Software :: Dev. Dpt. Thinc.local :: Log In
- |_Requested resource was login.php
- 8888/tcp open http-proxy Squid http proxy 3.3.8
- |_http-server-header: squid/3.3.8
- |_http-title: Endian Firewall - The requested URL could not be retrieved
- MAC Address: 00:50:56:89:60:13 (VMware)
- Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
- Device type: firewall|general purpose|WAP|proxy server|PBX
- Running (JUST GUESSING): Linux 2.6.X (89%), Cisco embedded (89%), ZoneAlarm embedded (89%), Ruckus embedded (89%), Riverbed embedded (87%)
- OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/h:cisco:sa520 cpe:/h:zonealarm:z100g cpe:/h:ruckus:7363 cpe:/h:riverbed:steelhead_200 cpe:/h:cisco:uc320w
- Aggressive OS guesses: Cisco SA520 firewall (Linux 2.6) (89%), Linux 2.6.9 - 2.6.27 (89%), ZoneAlarm Z100G WAP (89%), Ruckus 7363 WAP (89%), Linux 2.6.9 (89%), Linux 2.6.28 (87%), Linux 2.6.30 (87%), Linux 2.6.9 (CentOS 4.4) (87%), Riverbed Steelhead 200 proxy server (87%), Linux 2.6.22.1-32.fc6 (x86, SMP) (86%)
- No exact OS matches for host (test conditions non-ideal).
- Uptime guess: 2.460 days (since Sat Feb 11 05:09:17 2017)
- Network Distance: 1 hop
- TCP Sequence Prediction: Difficulty=200 (Good luck!)
- IP ID Sequence Generation: All zeros
- TRACEROUTE
- HOP RTT ADDRESS
- 1 89.22 ms 10.11.1.252
- NSE: Script Post-scanning.
- Initiating NSE at 16:11
- Completed NSE at 16:11, 0.00s elapsed
- Initiating NSE at 16:11
- Completed NSE at 16:11, 0.00s elapsed
- Post-scan script results:
- | clock-skew:
- | -8h10m59s:
- | 10.11.1.128
- | 10.11.1.24
- | -8h48m19s:
- | 10.11.1.35
- | 10.11.1.223
- |_ 10.11.1.237
- | ssh-hostkey: Possible duplicate hosts
- | Key 2048 de:2d:b8:bd:43:8a:c3:28:2b:d3:22:84:d0:6c:e0:9d (RSA) used by:
- | 10.11.1.237
- | 10.11.1.238
- | Key 1024 fc:89:ba:50:c2:ea:2d:ab:b9:19:f1:f9:0a:b4:c0:5a (DSA) used by:
- | 10.11.1.237
- | 10.11.1.238
- | Key 256 a5:58:4d:9d:e8:61:de:55:83:e2:71:6b:5d:ad:83:e2 (ECDSA) used by:
- | 10.11.1.237
- |_ 10.11.1.238
- Read data files from: /usr/bin/../share/nmap
- OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
- Nmap done: 256 IP addresses (44 hosts up) scanned in 943.40 seconds
- Raw packets sent: 72114 (3.480MB) | Rcvd: 31174 (1.455MB)
- root@kali:~/Documents#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement