nmap -v -sS -A -T4 10.11.1.0-255 -og LAB_OV.txtWarning: The -o option is depre

1. nmap -v -sS -A -T4 10.11.1.0-255 -og LAB_OV.txt
2. Warning: The -o option is deprecated. Please use -oN
3.  
4. Starting Nmap 7.25BETA2 ( https://nmap.org ) at 2017-02-13 15:56 PST
5. NSE: Loaded 140 scripts for scanning.
6. NSE: Script Pre-scanning.
7. Initiating NSE at 15:56
8. Completed NSE at 15:56, 0.00s elapsed
9. Initiating NSE at 15:56
10. Completed NSE at 15:56, 0.00s elapsed
11. Failed to resolve "LAB_OV.txt".
12. Initiating ARP Ping Scan at 15:56
13. Scanning 256 hosts [1 port/host]
14. Completed ARP Ping Scan at 15:56, 1.63s elapsed (256 total hosts)
15. Initiating Parallel DNS resolution of 256 hosts. at 15:56
16. Completed Parallel DNS resolution of 256 hosts. at 15:56, 0.07s elapsed
17. Nmap scan report for 10.11.1.0 [host down]
18. Nmap scan report for 10.11.1.1 [host down]
19. Nmap scan report for 10.11.1.2 [host down]
20. Nmap scan report for 10.11.1.3 [host down]
21. Nmap scan report for 10.11.1.4 [host down]
22. Nmap scan report for 10.11.1.6 [host down]
23. Nmap scan report for 10.11.1.9 [host down]
24. Nmap scan report for 10.11.1.11 [host down]
25. Nmap scan report for 10.11.1.12 [host down]
26. Nmap scan report for 10.11.1.15 [host down]
27. Nmap scan report for 10.11.1.16 [host down]
28. Nmap scan report for 10.11.1.17 [host down]
29. Nmap scan report for 10.11.1.18 [host down]
30. Nmap scan report for 10.11.1.19 [host down]
31. Nmap scan report for 10.11.1.20 [host down]
32. Nmap scan report for 10.11.1.21 [host down]
33. Nmap scan report for 10.11.1.23 [host down]
34. Nmap scan report for 10.11.1.25 [host down]
35. Nmap scan report for 10.11.1.26 [host down]
36. Nmap scan report for 10.11.1.27 [host down]
37. Nmap scan report for 10.11.1.28 [host down]
38. Nmap scan report for 10.11.1.29 [host down]
39. Nmap scan report for 10.11.1.30 [host down]
40. Nmap scan report for 10.11.1.32 [host down]
41. Nmap scan report for 10.11.1.33 [host down]
42. Nmap scan report for 10.11.1.34 [host down]
43. Nmap scan report for 10.11.1.36 [host down]
44. Nmap scan report for 10.11.1.37 [host down]
45. Nmap scan report for 10.11.1.38 [host down]
46. Nmap scan report for 10.11.1.40 [host down]
47. Nmap scan report for 10.11.1.41 [host down]
48. Nmap scan report for 10.11.1.42 [host down]
49. Nmap scan report for 10.11.1.43 [host down]
50. Nmap scan report for 10.11.1.45 [host down]
51. Nmap scan report for 10.11.1.46 [host down]
52. Nmap scan report for 10.11.1.47 [host down]
53. Nmap scan report for 10.11.1.48 [host down]
54. Nmap scan report for 10.11.1.51 [host down]
55. Nmap scan report for 10.11.1.52 [host down]
56. Nmap scan report for 10.11.1.53 [host down]
57. Nmap scan report for 10.11.1.54 [host down]
58. Nmap scan report for 10.11.1.55 [host down]
59. Nmap scan report for 10.11.1.56 [host down]
60. Nmap scan report for 10.11.1.57 [host down]
61. Nmap scan report for 10.11.1.58 [host down]
62. Nmap scan report for 10.11.1.59 [host down]
63. Nmap scan report for 10.11.1.60 [host down]
64. Nmap scan report for 10.11.1.61 [host down]
65. Nmap scan report for 10.11.1.62 [host down]
66. Nmap scan report for 10.11.1.63 [host down]
67. Nmap scan report for 10.11.1.64 [host down]
68. Nmap scan report for 10.11.1.65 [host down]
69. Nmap scan report for 10.11.1.66 [host down]
70. Nmap scan report for 10.11.1.67 [host down]
71. Nmap scan report for 10.11.1.68 [host down]
72. Nmap scan report for 10.11.1.69 [host down]
73. Nmap scan report for 10.11.1.70 [host down]
74. Nmap scan report for 10.11.1.74 [host down]
75. Nmap scan report for 10.11.1.75 [host down]
76. Nmap scan report for 10.11.1.76 [host down]
77. Nmap scan report for 10.11.1.77 [host down]
78. Nmap scan report for 10.11.1.78 [host down]
79. Nmap scan report for 10.11.1.79 [host down]
80. Nmap scan report for 10.11.1.80 [host down]
81. Nmap scan report for 10.11.1.81 [host down]
82. Nmap scan report for 10.11.1.82 [host down]
83. Nmap scan report for 10.11.1.83 [host down]
84. Nmap scan report for 10.11.1.84 [host down]
85. Nmap scan report for 10.11.1.85 [host down]
86. Nmap scan report for 10.11.1.86 [host down]
87. Nmap scan report for 10.11.1.87 [host down]
88. Nmap scan report for 10.11.1.88 [host down]
89. Nmap scan report for 10.11.1.89 [host down]
90. Nmap scan report for 10.11.1.90 [host down]
91. Nmap scan report for 10.11.1.91 [host down]
92. Nmap scan report for 10.11.1.92 [host down]
93. Nmap scan report for 10.11.1.93 [host down]
94. Nmap scan report for 10.11.1.94 [host down]
95. Nmap scan report for 10.11.1.95 [host down]
96. Nmap scan report for 10.11.1.96 [host down]
97. Nmap scan report for 10.11.1.97 [host down]
98. Nmap scan report for 10.11.1.98 [host down]
99. Nmap scan report for 10.11.1.99 [host down]
100. Nmap scan report for 10.11.1.100 [host down]
101. Nmap scan report for 10.11.1.101 [host down]
102. Nmap scan report for 10.11.1.102 [host down]
103. Nmap scan report for 10.11.1.103 [host down]
104. Nmap scan report for 10.11.1.104 [host down]
105. Nmap scan report for 10.11.1.105 [host down]
106. Nmap scan report for 10.11.1.106 [host down]
107. Nmap scan report for 10.11.1.107 [host down]
108. Nmap scan report for 10.11.1.108 [host down]
109. Nmap scan report for 10.11.1.109 [host down]
110. Nmap scan report for 10.11.1.110 [host down]
111. Nmap scan report for 10.11.1.111 [host down]
112. Nmap scan report for 10.11.1.112 [host down]
113. Nmap scan report for 10.11.1.113 [host down]
114. Nmap scan report for 10.11.1.114 [host down]
115. Nmap scan report for 10.11.1.117 [host down]
116. Nmap scan report for 10.11.1.118 [host down]
117. Nmap scan report for 10.11.1.119 [host down]
118. Nmap scan report for 10.11.1.120 [host down]
119. Nmap scan report for 10.11.1.121 [host down]
120. Nmap scan report for 10.11.1.122 [host down]
121. Nmap scan report for 10.11.1.123 [host down]
122. Nmap scan report for 10.11.1.124 [host down]
123. Nmap scan report for 10.11.1.126 [host down]
124. Nmap scan report for 10.11.1.127 [host down]
125. Nmap scan report for 10.11.1.129 [host down]
126. Nmap scan report for 10.11.1.130 [host down]
127. Nmap scan report for 10.11.1.131 [host down]
128. Nmap scan report for 10.11.1.132 [host down]
129. Nmap scan report for 10.11.1.134 [host down]
130. Nmap scan report for 10.11.1.135 [host down]
131. Nmap scan report for 10.11.1.137 [host down]
132. Nmap scan report for 10.11.1.138 [host down]
133. Nmap scan report for 10.11.1.139 [host down]
134. Nmap scan report for 10.11.1.140 [host down]
135. Nmap scan report for 10.11.1.142 [host down]
136. Nmap scan report for 10.11.1.143 [host down]
137. Nmap scan report for 10.11.1.144 [host down]
138. Nmap scan report for 10.11.1.147 [host down]
139. Nmap scan report for 10.11.1.148 [host down]
140. Nmap scan report for 10.11.1.149 [host down]
141. Nmap scan report for 10.11.1.150 [host down]
142. Nmap scan report for 10.11.1.151 [host down]
143. Nmap scan report for 10.11.1.152 [host down]
144. Nmap scan report for 10.11.1.153 [host down]
145. Nmap scan report for 10.11.1.154 [host down]
146. Nmap scan report for 10.11.1.155 [host down]
147. Nmap scan report for 10.11.1.156 [host down]
148. Nmap scan report for 10.11.1.157 [host down]
149. Nmap scan report for 10.11.1.158 [host down]
150. Nmap scan report for 10.11.1.159 [host down]
151. Nmap scan report for 10.11.1.160 [host down]
152. Nmap scan report for 10.11.1.161 [host down]
153. Nmap scan report for 10.11.1.162 [host down]
154. Nmap scan report for 10.11.1.163 [host down]
155. Nmap scan report for 10.11.1.164 [host down]
156. Nmap scan report for 10.11.1.165 [host down]
157. Nmap scan report for 10.11.1.166 [host down]
158. Nmap scan report for 10.11.1.167 [host down]
159. Nmap scan report for 10.11.1.168 [host down]
160. Nmap scan report for 10.11.1.169 [host down]
161. Nmap scan report for 10.11.1.170 [host down]
162. Nmap scan report for 10.11.1.171 [host down]
163. Nmap scan report for 10.11.1.172 [host down]
164. Nmap scan report for 10.11.1.173 [host down]
165. Nmap scan report for 10.11.1.174 [host down]
166. Nmap scan report for 10.11.1.175 [host down]
167. Nmap scan report for 10.11.1.176 [host down]
168. Nmap scan report for 10.11.1.177 [host down]
169. Nmap scan report for 10.11.1.178 [host down]
170. Nmap scan report for 10.11.1.179 [host down]
171. Nmap scan report for 10.11.1.180 [host down]
172. Nmap scan report for 10.11.1.181 [host down]
173. Nmap scan report for 10.11.1.182 [host down]
174. Nmap scan report for 10.11.1.183 [host down]
175. Nmap scan report for 10.11.1.184 [host down]
176. Nmap scan report for 10.11.1.185 [host down]
177. Nmap scan report for 10.11.1.186 [host down]
178. Nmap scan report for 10.11.1.187 [host down]
179. Nmap scan report for 10.11.1.188 [host down]
180. Nmap scan report for 10.11.1.189 [host down]
181. Nmap scan report for 10.11.1.190 [host down]
182. Nmap scan report for 10.11.1.191 [host down]
183. Nmap scan report for 10.11.1.192 [host down]
184. Nmap scan report for 10.11.1.193 [host down]
185. Nmap scan report for 10.11.1.194 [host down]
186. Nmap scan report for 10.11.1.195 [host down]
187. Nmap scan report for 10.11.1.196 [host down]
188. Nmap scan report for 10.11.1.197 [host down]
189. Nmap scan report for 10.11.1.198 [host down]
190. Nmap scan report for 10.11.1.199 [host down]
191. Nmap scan report for 10.11.1.200 [host down]
192. Nmap scan report for 10.11.1.201 [host down]
193. Nmap scan report for 10.11.1.203 [host down]
194. Nmap scan report for 10.11.1.204 [host down]
195. Nmap scan report for 10.11.1.205 [host down]
196. Nmap scan report for 10.11.1.206 [host down]
197. Nmap scan report for 10.11.1.207 [host down]
198. Nmap scan report for 10.11.1.208 [host down]
199. Nmap scan report for 10.11.1.210 [host down]
200. Nmap scan report for 10.11.1.211 [host down]
201. Nmap scan report for 10.11.1.212 [host down]
202. Nmap scan report for 10.11.1.213 [host down]
203. Nmap scan report for 10.11.1.214 [host down]
204. Nmap scan report for 10.11.1.215 [host down]
205. Nmap scan report for 10.11.1.216 [host down]
206. Nmap scan report for 10.11.1.222 [host down]
207. Nmap scan report for 10.11.1.224 [host down]
208. Nmap scan report for 10.11.1.225 [host down]
209. Nmap scan report for 10.11.1.228 [host down]
210. Nmap scan report for 10.11.1.231 [host down]
211. Nmap scan report for 10.11.1.232 [host down]
212. Nmap scan report for 10.11.1.233 [host down]
213. Nmap scan report for 10.11.1.235 [host down]
214. Nmap scan report for 10.11.1.236 [host down]
215. Nmap scan report for 10.11.1.239 [host down]
216. Nmap scan report for 10.11.1.240 [host down]
217. Nmap scan report for 10.11.1.241 [host down]
218. Nmap scan report for 10.11.1.242 [host down]
219. Nmap scan report for 10.11.1.243 [host down]
220. Nmap scan report for 10.11.1.244 [host down]
221. Nmap scan report for 10.11.1.245 [host down]
222. Nmap scan report for 10.11.1.246 [host down]
223. Nmap scan report for 10.11.1.248 [host down]
224. Nmap scan report for 10.11.1.249 [host down]
225. Nmap scan report for 10.11.1.250 [host down]
226. Nmap scan report for 10.11.1.253 [host down]
227. Nmap scan report for 10.11.1.254 [host down]
228. Nmap scan report for 10.11.1.255 [host down]
229. Initiating SYN Stealth Scan at 15:56
230. Scanning 44 hosts [1000 ports/host]
231. Discovered open port 25/tcp on 10.11.1.22
232. Discovered open port 25/tcp on 10.11.1.115
233. Discovered open port 25/tcp on 10.11.1.72
234. Discovered open port 25/tcp on 10.11.1.128
235. Discovered open port 25/tcp on 10.11.1.217
236. Discovered open port 25/tcp on 10.11.1.227
237. Discovered open port 25/tcp on 10.11.1.229
238. Discovered open port 993/tcp on 10.11.1.24
239. Discovered open port 443/tcp on 10.11.1.8
240. Discovered open port 443/tcp on 10.11.1.22
241. Discovered open port 443/tcp on 10.11.1.35
242. Discovered open port 443/tcp on 10.11.1.115
243. Discovered open port 443/tcp on 10.11.1.128
244. Discovered open port 993/tcp on 10.11.1.217
245. Discovered open port 443/tcp on 10.11.1.223
246. Discovered open port 443/tcp on 10.11.1.227
247. Discovered open port 443/tcp on 10.11.1.237
248. Discovered open port 443/tcp on 10.11.1.238
249. Discovered open port 21/tcp on 10.11.1.22
250. Discovered open port 21/tcp on 10.11.1.8
251. Discovered open port 21/tcp on 10.11.1.13
252. Discovered open port 443/tcp on 10.11.1.202
253. Discovered open port 443/tcp on 10.11.1.217
254. Discovered open port 21/tcp on 10.11.1.220
255. Discovered open port 21/tcp on 10.11.1.227
256. Discovered open port 21/tcp on 10.11.1.128
257. Discovered open port 21/tcp on 10.11.1.115
258. Discovered open port 21/tcp on 10.11.1.202
259. Discovered open port 21/tcp on 10.11.1.116
260. Discovered open port 21/tcp on 10.11.1.229
261. Discovered open port 135/tcp on 10.11.1.128
262. Discovered open port 135/tcp on 10.11.1.202
263. Discovered open port 135/tcp on 10.11.1.220
264. Discovered open port 23/tcp on 10.11.1.22
265. Discovered open port 21/tcp on 10.11.1.146
266. Discovered open port 135/tcp on 10.11.1.221
267. Discovered open port 135/tcp on 10.11.1.227
268. Discovered open port 135/tcp on 10.11.1.223
269. Discovered open port 135/tcp on 10.11.1.230
270. Discovered open port 135/tcp on 10.11.1.49
271. Discovered open port 135/tcp on 10.11.1.5
272. Discovered open port 135/tcp on 10.11.1.31
273. Discovered open port 143/tcp on 10.11.1.115
274. Discovered open port 143/tcp on 10.11.1.116
275. Discovered open port 135/tcp on 10.11.1.218
276. Discovered open port 199/tcp on 10.11.1.22
277. Discovered open port 111/tcp on 10.11.1.22
278. Discovered open port 111/tcp on 10.11.1.8
279. Discovered open port 143/tcp on 10.11.1.24
280. Discovered open port 199/tcp on 10.11.1.115
281. Discovered open port 111/tcp on 10.11.1.141
282. Discovered open port 3389/tcp on 10.11.1.202
283. Discovered open port 143/tcp on 10.11.1.217
284. Discovered open port 3389/tcp on 10.11.1.220
285. Discovered open port 3389/tcp on 10.11.1.5
286. Discovered open port 111/tcp on 10.11.1.115
287. Discovered open port 8080/tcp on 10.11.1.202
288. Discovered open port 3389/tcp on 10.11.1.218
289. Discovered open port 3389/tcp on 10.11.1.221
290. Discovered open port 111/tcp on 10.11.1.72
291. Discovered open port 3389/tcp on 10.11.1.230
292. Discovered open port 111/tcp on 10.11.1.238
293. Discovered open port 3389/tcp on 10.11.1.31
294. Discovered open port 111/tcp on 10.11.1.237
295. Discovered open port 111/tcp on 10.11.1.209
296. Discovered open port 3389/tcp on 10.11.1.223
297. Discovered open port 80/tcp on 10.11.1.22
298. Discovered open port 3306/tcp on 10.11.1.115
299. Discovered open port 3306/tcp on 10.11.1.116
300. Discovered open port 8080/tcp on 10.11.1.209
301. Discovered open port 80/tcp on 10.11.1.71
302. Discovered open port 80/tcp on 10.11.1.202
303. Discovered open port 5900/tcp on 10.11.1.227
304. Discovered open port 139/tcp on 10.11.1.22
305. Discovered open port 80/tcp on 10.11.1.116
306. Discovered open port 113/tcp on 10.11.1.136
307. Discovered open port 80/tcp on 10.11.1.115
308. Discovered open port 5900/tcp on 10.11.1.128
309. Discovered open port 111/tcp on 10.11.1.217
310. Discovered open port 3306/tcp on 10.11.1.223
311. Discovered open port 139/tcp on 10.11.1.202
312. Discovered open port 80/tcp on 10.11.1.227
313. Discovered open port 80/tcp on 10.11.1.128
314. Discovered open port 110/tcp on 10.11.1.116
315. Discovered open port 80/tcp on 10.11.1.234
316. Discovered open port 139/tcp on 10.11.1.5
317. Discovered open port 80/tcp on 10.11.1.72
318. Discovered open port 80/tcp on 10.11.1.209
319. Discovered open port 445/tcp on 10.11.1.202
320. Discovered open port 80/tcp on 10.11.1.238
321. Discovered open port 995/tcp on 10.11.1.22
322. Discovered open port 110/tcp on 10.11.1.72
323. Discovered open port 80/tcp on 10.11.1.133
324. Discovered open port 53/tcp on 10.11.1.220
325. Discovered open port 139/tcp on 10.11.1.227
326. Discovered open port 80/tcp on 10.11.1.230
327. Discovered open port 445/tcp on 10.11.1.5
328. Discovered open port 139/tcp on 10.11.1.220
329. Discovered open port 53/tcp on 10.11.1.221
330. Discovered open port 22/tcp on 10.11.1.22
331. Discovered open port 1025/tcp on 10.11.1.5
332. Discovered open port 3306/tcp on 10.11.1.217
333. Discovered open port 139/tcp on 10.11.1.115
334. Discovered open port 139/tcp on 10.11.1.221
335. Discovered open port 80/tcp on 10.11.1.223
336. Discovered open port 445/tcp on 10.11.1.227
337. Discovered open port 80/tcp on 10.11.1.24
338. Discovered open port 110/tcp on 10.11.1.24
339. Discovered open port 80/tcp on 10.11.1.31
340. Discovered open port 22/tcp on 10.11.1.71
341. Discovered open port 139/tcp on 10.11.1.128
342. Discovered open port 139/tcp on 10.11.1.24
343. Discovered open port 139/tcp on 10.11.1.230
344. Discovered open port 1025/tcp on 10.11.1.227
345. Discovered open port 445/tcp on 10.11.1.220
346. Discovered open port 445/tcp on 10.11.1.221
347. Discovered open port 80/tcp on 10.11.1.237
348. Discovered open port 445/tcp on 10.11.1.128
349. Discovered open port 139/tcp on 10.11.1.136
350. Discovered open port 22/tcp on 10.11.1.141
351. Discovered open port 139/tcp on 10.11.1.31
352. Discovered open port 1025/tcp on 10.11.1.128
353. Discovered open port 22/tcp on 10.11.1.44
354. Discovered open port 445/tcp on 10.11.1.136
355. Discovered open port 80/tcp on 10.11.1.217
356. Discovered open port 139/tcp on 10.11.1.218
357. Discovered open port 445/tcp on 10.11.1.230
358. Discovered open port 139/tcp on 10.11.1.223
359. Discovered open port 445/tcp on 10.11.1.31
360. Discovered open port 22/tcp on 10.11.1.116
361. Discovered open port 22/tcp on 10.11.1.209
362. Discovered open port 1025/tcp on 10.11.1.31
363. Discovered open port 21/tcp on 10.11.1.14
364. Discovered open port 445/tcp on 10.11.1.24
365. Discovered open port 995/tcp on 10.11.1.24
366. Discovered open port 22/tcp on 10.11.1.115
367. Discovered open port 22/tcp on 10.11.1.72
368. Discovered open port 110/tcp on 10.11.1.217
369. Discovered open port 22/tcp on 10.11.1.24
370. Discovered open port 22/tcp on 10.11.1.136
371. Discovered open port 22/tcp on 10.11.1.238
372. Discovered open port 445/tcp on 10.11.1.223
373. Discovered open port 445/tcp on 10.11.1.218
374. Discovered open port 135/tcp on 10.11.1.73
375. Discovered open port 21/tcp on 10.11.1.125
376. Discovered open port 22/tcp on 10.11.1.237
377. Discovered open port 135/tcp on 10.11.1.229
378. Discovered open port 135/tcp on 10.11.1.50
379. Discovered open port 143/tcp on 10.11.1.229
380. Discovered open port 135/tcp on 10.11.1.145
381. Discovered open port 995/tcp on 10.11.1.217
382. Discovered open port 3389/tcp on 10.11.1.14
383. Discovered open port 21/tcp on 10.11.1.226
384. Discovered open port 2049/tcp on 10.11.1.72
385. Discovered open port 8009/tcp on 10.11.1.209
386. Discovered open port 22/tcp on 10.11.1.217
387. Discovered open port 3306/tcp on 10.11.1.8
388. Discovered open port 3389/tcp on 10.11.1.7
389. Discovered open port 3389/tcp on 10.11.1.73
390. Discovered open port 3389/tcp on 10.11.1.13
391. Discovered open port 3389/tcp on 10.11.1.247
392. Discovered open port 8000/tcp on 10.11.1.44
393. Discovered open port 80/tcp on 10.11.1.8
394. Discovered open port 3389/tcp on 10.11.1.145
395. Discovered open port 8080/tcp on 10.11.1.73
396. Discovered open port 3306/tcp on 10.11.1.39
397. Discovered open port 22/tcp on 10.11.1.234
398. Discovered open port 8080/tcp on 10.11.1.145
399. Discovered open port 139/tcp on 10.11.1.8
400. Discovered open port 80/tcp on 10.11.1.39
401. Discovered open port 3306/tcp on 10.11.1.73
402. Discovered open port 80/tcp on 10.11.1.219
403. Discovered open port 5900/tcp on 10.11.1.73
404. Discovered open port 3389/tcp on 10.11.1.229
405. Discovered open port 80/tcp on 10.11.1.13
406. Discovered open port 139/tcp on 10.11.1.145
407. Discovered open port 445/tcp on 10.11.1.8
408. Discovered open port 80/tcp on 10.11.1.49
409. Discovered open port 80/tcp on 10.11.1.14
410. Discovered open port 80/tcp on 10.11.1.50
411. Discovered open port 445/tcp on 10.11.1.145
412. Discovered open port 80/tcp on 10.11.1.10
413. Discovered open port 139/tcp on 10.11.1.73
414. Discovered open port 139/tcp on 10.11.1.49
415. Discovered open port 554/tcp on 10.11.1.73
416. Discovered open port 22/tcp on 10.11.1.146
417. Discovered open port 445/tcp on 10.11.1.73
418. Discovered open port 22/tcp on 10.11.1.8
419. Discovered open port 8888/tcp on 10.11.1.252
420. Discovered open port 22/tcp on 10.11.1.35
421. Discovered open port 139/tcp on 10.11.1.50
422. Discovered open port 80/tcp on 10.11.1.251
423. Discovered open port 636/tcp on 10.11.1.220
424. Discovered open port 80/tcp on 10.11.1.229
425. Discovered open port 110/tcp on 10.11.1.229
426. Discovered open port 139/tcp on 10.11.1.229
427. Discovered open port 49154/tcp on 10.11.1.220
428. Discovered open port 22/tcp on 10.11.1.39
429. Discovered open port 1025/tcp on 10.11.1.229
430. Discovered open port 22/tcp on 10.11.1.251
431. Discovered open port 49154/tcp on 10.11.1.221
432. Discovered open port 1433/tcp on 10.11.1.31
433. Discovered open port 49154/tcp on 10.11.1.230
434. Discovered open port 49154/tcp on 10.11.1.223
435. Discovered open port 8000/tcp on 10.11.1.252
436. Discovered open port 49154/tcp on 10.11.1.218
437. Discovered open port 49154/tcp on 10.11.1.73
438. Discovered open port 49155/tcp on 10.11.1.220
439. Discovered open port 49155/tcp on 10.11.1.221
440. SYN Stealth Scan Timing: About 14.98% done; ETC: 15:59 (0:02:56 remaining)
441. Discovered open port 49155/tcp on 10.11.1.230
442. Discovered open port 49155/tcp on 10.11.1.223
443. Discovered open port 49155/tcp on 10.11.1.73
444. Discovered open port 49155/tcp on 10.11.1.49
445. Discovered open port 49155/tcp on 10.11.1.218
446. Discovered open port 49155/tcp on 10.11.1.50
447. Discovered open port 389/tcp on 10.11.1.220
448. Discovered open port 88/tcp on 10.11.1.220
449. Discovered open port 49157/tcp on 10.11.1.73
450. Discovered open port 1100/tcp on 10.11.1.73
451. Discovered open port 49157/tcp on 10.11.1.223
452. Discovered open port 1032/tcp on 10.11.1.202
453. Discovered open port 49157/tcp on 10.11.1.220
454. Discovered open port 49157/tcp on 10.11.1.230
455. Discovered open port 49165/tcp on 10.11.1.221
456. SYN Stealth Scan Timing: About 28.42% done; ETC: 15:59 (0:02:34 remaining)
457. Discovered open port 4445/tcp on 10.11.1.217
458. Discovered open port 10000/tcp on 10.11.1.141
459. Increasing send delay for 10.11.1.133 from 0 to 5 due to 29 out of 71 dropped probes since last increase.
460. Discovered open port 49156/tcp on 10.11.1.73
461. Discovered open port 3269/tcp on 10.11.1.220
462. Discovered open port 49156/tcp on 10.11.1.223
463. Discovered open port 49156/tcp on 10.11.1.230
464. Discovered open port 1030/tcp on 10.11.1.202
465. Discovered open port 5357/tcp on 10.11.1.221
466. Discovered open port 5357/tcp on 10.11.1.73
467. Discovered open port 1038/tcp on 10.11.1.202
468. Discovered open port 1029/tcp on 10.11.1.128
469. Increasing send delay for 10.11.1.133 from 5 to 10 due to 11 out of 11 dropped probes since last increase.
470. SYN Stealth Scan Timing: About 46.46% done; ETC: 15:59 (0:01:45 remaining)
471. Discovered open port 4443/tcp on 10.11.1.202
472. Discovered open port 32768/tcp on 10.11.1.22
473. Discovered open port 3268/tcp on 10.11.1.220
474. Discovered open port 5800/tcp on 10.11.1.73
475. Discovered open port 5800/tcp on 10.11.1.227
476. Discovered open port 32768/tcp on 10.11.1.115
477. Discovered open port 5800/tcp on 10.11.1.128
478. Discovered open port 1026/tcp on 10.11.1.227
479. Discovered open port 1026/tcp on 10.11.1.128
480. Discovered open port 3372/tcp on 10.11.1.227
481. Discovered open port 3372/tcp on 10.11.1.128
482. SYN Stealth Scan Timing: About 62.24% done; ETC: 15:59 (0:01:13 remaining)
483. Discovered open port 2869/tcp on 10.11.1.73
484. Discovered open port 593/tcp on 10.11.1.220
485. Discovered open port 3372/tcp on 10.11.1.202
486. Discovered open port 464/tcp on 10.11.1.220
487. Discovered open port 1063/tcp on 10.11.1.227
488. Discovered open port 1521/tcp on 10.11.1.202
489. Discovered open port 631/tcp on 10.11.1.8
490. Discovered open port 49167/tcp on 10.11.1.220
491. Discovered open port 49158/tcp on 10.11.1.220
492. SYN Stealth Scan Timing: About 79.24% done; ETC: 15:59 (0:00:40 remaining)
493. Discovered open port 1033/tcp on 10.11.1.202
494. Completed SYN Stealth Scan against 10.11.1.136 in 151.39s (43 hosts left)
495. Discovered open port 119/tcp on 10.11.1.72
496. Discovered open port 10243/tcp on 10.11.1.73
497. Completed SYN Stealth Scan against 10.11.1.141 in 168.54s (42 hosts left)
498. Discovered open port 49152/tcp on 10.11.1.73
499. Discovered open port 49152/tcp on 10.11.1.220
500. Discovered open port 49152/tcp on 10.11.1.221
501. Discovered open port 49152/tcp on 10.11.1.218
502. Discovered open port 2100/tcp on 10.11.1.202
503. Discovered open port 49152/tcp on 10.11.1.223
504. Discovered open port 49152/tcp on 10.11.1.230
505. Discovered open port 7778/tcp on 10.11.1.202
506. Discovered open port 49153/tcp on 10.11.1.73
507. Discovered open port 49153/tcp on 10.11.1.223
508. Discovered open port 49153/tcp on 10.11.1.221
509. Discovered open port 49153/tcp on 10.11.1.220
510. Completed SYN Stealth Scan against 10.11.1.5 in 181.68s (41 hosts left)
511. Discovered open port 49153/tcp on 10.11.1.218
512. Completed SYN Stealth Scan against 10.11.1.247 in 183.13s (40 hosts left)
513. Discovered open port 2030/tcp on 10.11.1.202
514. Completed SYN Stealth Scan against 10.11.1.22 in 183.36s (39 hosts left)
515. Completed SYN Stealth Scan against 10.11.1.128 in 184.79s (38 hosts left)
516. Discovered open port 49153/tcp on 10.11.1.230
517. Completed SYN Stealth Scan against 10.11.1.24 in 186.35s (37 hosts left)
518. Completed SYN Stealth Scan against 10.11.1.234 in 186.90s (36 hosts left)
519. Completed SYN Stealth Scan against 10.11.1.237 in 186.92s (35 hosts left)
520. Completed SYN Stealth Scan against 10.11.1.71 in 188.43s (34 hosts left)
521. Completed SYN Stealth Scan against 10.11.1.7 in 188.89s (33 hosts left)
522. Completed SYN Stealth Scan against 10.11.1.115 in 189.20s (32 hosts left)
523. Completed SYN Stealth Scan against 10.11.1.146 in 189.59s (31 hosts left)
524. Completed SYN Stealth Scan against 10.11.1.227 in 191.54s (30 hosts left)
525. Completed SYN Stealth Scan against 10.11.1.44 in 191.56s (29 hosts left)
526. Completed SYN Stealth Scan against 10.11.1.238 in 191.93s (28 hosts left)
527. Completed SYN Stealth Scan against 10.11.1.221 in 192.45s (27 hosts left)
528. Completed SYN Stealth Scan against 10.11.1.220 in 192.61s (26 hosts left)
529. Completed SYN Stealth Scan against 10.11.1.8 in 192.96s (25 hosts left)
530. Completed SYN Stealth Scan against 10.11.1.209 in 193.02s (24 hosts left)
531. Completed SYN Stealth Scan against 10.11.1.219 in 193.08s (23 hosts left)
532. Completed SYN Stealth Scan against 10.11.1.223 in 193.10s (22 hosts left)
533. Completed SYN Stealth Scan against 10.11.1.72 in 193.33s (21 hosts left)
534. Completed SYN Stealth Scan against 10.11.1.13 in 193.46s (20 hosts left)
535. Completed SYN Stealth Scan against 10.11.1.10 in 193.59s (19 hosts left)
536. Completed SYN Stealth Scan against 10.11.1.116 in 193.63s (18 hosts left)
537. Completed SYN Stealth Scan against 10.11.1.35 in 193.90s (17 hosts left)
538. Completed SYN Stealth Scan against 10.11.1.39 in 194.00s (16 hosts left)
539. Completed SYN Stealth Scan against 10.11.1.125 in 194.26s (15 hosts left)
540. Completed SYN Stealth Scan against 10.11.1.202 in 194.47s (14 hosts left)
541. Completed SYN Stealth Scan against 10.11.1.230 in 194.49s (13 hosts left)
542. Completed SYN Stealth Scan against 10.11.1.251 in 194.68s (12 hosts left)
543. Completed SYN Stealth Scan against 10.11.1.218 in 194.74s (11 hosts left)
544. Completed SYN Stealth Scan against 10.11.1.252 in 194.79s (10 hosts left)
545. Completed SYN Stealth Scan against 10.11.1.73 in 194.86s (9 hosts left)
546. Completed SYN Stealth Scan against 10.11.1.229 in 194.94s (8 hosts left)
547. Completed SYN Stealth Scan against 10.11.1.31 in 194.95s (7 hosts left)
548. Completed SYN Stealth Scan against 10.11.1.217 in 195.05s (6 hosts left)
549. Completed SYN Stealth Scan against 10.11.1.226 in 195.06s (5 hosts left)
550. Completed SYN Stealth Scan against 10.11.1.14 in 195.22s (4 hosts left)
551. Completed SYN Stealth Scan against 10.11.1.49 in 195.30s (3 hosts left)
552. Completed SYN Stealth Scan against 10.11.1.50 in 195.46s (2 hosts left)
553. Completed SYN Stealth Scan against 10.11.1.145 in 195.99s (1 host left)
554. Completed SYN Stealth Scan at 16:01, 289.10s elapsed (44000 total ports)
555. Initiating Service scan at 16:01
556. Scanning 273 services on 44 hosts
557. Service scan Timing: About 32.97% done; ETC: 16:02 (0:01:03 remaining)
558. Service scan Timing: About 63.00% done; ETC: 16:03 (0:00:57 remaining)
559. Service scan Timing: About 77.66% done; ETC: 16:04 (0:00:45 remaining)
560. Completed Service scan at 16:05, 278.17s elapsed (273 services on 44 hosts)
561. Initiating OS detection (try #1) against 44 hosts
562. Retrying OS detection (try #2) against 44 hosts
563. Retrying OS detection (try #3) against 21 hosts
564. adjust_timeouts2: packet supposedly had rtt of -161830 microseconds. Ignoring time.
565. adjust_timeouts2: packet supposedly had rtt of -161830 microseconds. Ignoring time.
566. Retrying OS detection (try #4) against 21 hosts
567. Retrying OS detection (try #5) against 21 hosts
568. NSE: Script scanning 44 hosts.
569. Initiating NSE at 16:06
570. Completed NSE at 16:11, 335.35s elapsed
571. Initiating NSE at 16:11
572. Completed NSE at 16:11, 2.40s elapsed
573. Nmap scan report for 10.11.1.5
574. Host is up (0.088s latency).
575. Not shown: 995 closed ports
576. PORT STATE SERVICE VERSION
577. 135/tcp open msrpc Microsoft Windows RPC
578. 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
579. 445/tcp open microsoft-ds Windows XP microsoft-ds
580. 1025/tcp open msrpc Microsoft Windows RPC
581. 3389/tcp open ms-wbt-server Microsoft Terminal Service
582. MAC Address: 00:50:56:89:79:B5 (VMware)
583. Device type: general purpose|specialized|power-device|media device
584. Running (JUST GUESSING): Microsoft Windows XP|7|2000|2003|PocketPC/CE (94%), Belkin embedded (91%), SMA embedded (91%), Motorola embedded (85%)
585. OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_ce cpe:/o:microsoft:windows_ce:5.0 cpe:/h:motorola:vip1216
586. Aggressive OS guesses: Microsoft Windows XP (94%), Belkin OmniView KVM switch or SMA Sunny WebBox solar panel monitor (91%), Microsoft Windows 7 (91%), Microsoft Windows XP SP2 (90%), Microsoft Windows XP SP3 (89%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (89%), Microsoft Windows 2000 SP4 (89%), Microsoft Windows Server 2003 SP2 (87%), Microsoft Windows CE 6.0 (86%), Motorola VIP1216 digital set top box (Windows CE 5.0) (85%)
587. No exact OS matches for host (test conditions non-ideal).
588. Network Distance: 1 hop
589. TCP Sequence Prediction: Difficulty=134 (Good luck!)
590. IP ID Sequence Generation: Incremental
591. Service Info: OSs: Windows, Windows XP; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_xp
592.  
593. Host script results:
594. |_clock-skew: mean: 32m36s, deviation: 0s, median: 32m36s
595. | nbstat: NetBIOS name: ALICE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:79:b5 (VMware)
596. | Names:
597. | ALICE<00> Flags: <unique><active>
598. | THINC<00> Flags: <group><active>
599. | ALICE<03> Flags: <unique><active>
600. | ALICE<20> Flags: <unique><active>
601. |_ THINC<1e> Flags: <group><active>
602. | smb-os-discovery:
603. | OS: Windows XP (Windows 2000 LAN Manager)
604. | OS CPE: cpe:/o:microsoft:windows_xp::-
605. | Computer name: alice
606. | NetBIOS computer name: ALICE
607. | Domain name: thinc.local
608. | Forest name: thinc.local
609. | FQDN: alice.thinc.local
610. |_ System time: 2017-02-14T00:39:58+00:00
611. | smb-security-mode:
612. | account_used: <blank>
613. | authentication_level: user
614. | challenge_response: supported
615. |_ message_signing: disabled (dangerous, but default)
616. |_smbv2-enabled: Server doesn't support SMBv2 protocol
617.  
618. TRACEROUTE
619. HOP RTT ADDRESS
620. 1 87.54 ms 10.11.1.5
621.  
622. Nmap scan report for 10.11.1.7
623. Host is up (0.090s latency).
624. Not shown: 999 filtered ports
625. PORT STATE SERVICE VERSION
626. 3389/tcp open ms-wbt-server Microsoft Terminal Service
627. MAC Address: 00:50:56:89:50:A5 (VMware)
628. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
629. Device type: WAP|general purpose
630. Running (JUST GUESSING): Apple embedded (90%), FreeBSD 6.X (85%)
631. OS CPE: cpe:/h:apple:airport_extreme cpe:/o:freebsd:freebsd:6.2
632. Aggressive OS guesses: Apple AirPort Extreme WAP (90%), FreeBSD 6.2-RELEASE (85%), FreeBSD 6.3-RELEASE (85%)
633. No exact OS matches for host (test conditions non-ideal).
634. Network Distance: 1 hop
635. TCP Sequence Prediction: Difficulty=257 (Good luck!)
636. IP ID Sequence Generation: Incremental
637. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
638.  
639. TRACEROUTE
640. HOP RTT ADDRESS
641. 1 90.33 ms 10.11.1.7
642.  
643. Nmap scan report for 10.11.1.8
644. Host is up (0.090s latency).
645. Not shown: 990 filtered ports
646. PORT STATE SERVICE VERSION
647. 21/tcp open ftp vsftpd 2.0.1
648. | ftp-anon: Anonymous FTP login allowed (FTP code 230)
649. |_Can't get directory listing: ERROR
650. 22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99)
651. | ssh-hostkey:
652. | 1024 89:94:af:2e:5d:c1:da:84:25:11:2c:12:45:c6:70:ac (RSA1)
653. | 1024 c1:c5:d1:83:0f:4d:d8:9e:8f:82:4c:be:53:4b:6e:14 (DSA)
654. |_ 1024 bc:e1:e6:dd:ab:5e:fd:d1:21:2e:11:7c:d5:b2:03:52 (RSA)
655. |_sshv1: Server supports SSHv1
656. 25/tcp closed smtp
657. 80/tcp open http Apache httpd 2.0.52 ((CentOS))
658. | http-methods:
659. | Supported Methods: GET HEAD POST OPTIONS TRACE
660. |_ Potentially risky methods: TRACE
661. | http-robots.txt: 2 disallowed entries
662. |_/internal/ /tmp/
663. |_http-server-header: Apache/2.0.52 (CentOS)
664. |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
665. 111/tcp open rpcbind 2 (RPC #100000)
666. | rpcinfo:
667. | program version port/proto service
668. | 100000 2 111/tcp rpcbind
669. | 100000 2 111/udp rpcbind
670. | 100024 1 843/udp status
671. |_ 100024 1 846/tcp status
672. 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: MYGROUP)
673. 443/tcp open ssl/http Apache httpd 2.0.52 ((CentOS))
674. | http-methods:
675. | Supported Methods: GET HEAD POST OPTIONS TRACE
676. |_ Potentially risky methods: TRACE
677. | http-robots.txt: 2 disallowed entries
678. |_/internal/ /tmp/
679. |_http-server-header: Apache/2.0.52 (CentOS)
680. |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
681. | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
682. | Issuer: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
683. | Public Key type: rsa
684. | Public Key bits: 1024.0
685. | Signature Algorithm: md5WithRSAEncryption
686. | Not valid before: 2009-09-16T14:03:22
687. | Not valid after: 2010-09-16T14:03:22
688. | MD5: 1a3c 055e bd46 ad3f 7031 3690 caf7 be26
689. |_SHA-1: ef51 f052 448c f74c af1a 9897 b1b1 2292 06e6 d77e
690. |_ssl-date: 2017-02-13T14:55:28+00:00; -9h12m36s from scanner time.
691. | sslv2:
692. | SSLv2 supported
693. | ciphers:
694. | SSL2_RC4_128_WITH_MD5
695. | SSL2_RC4_64_WITH_MD5
696. | SSL2_DES_64_CBC_WITH_MD5
697. | SSL2_DES_192_EDE3_CBC_WITH_MD5
698. | SSL2_RC4_128_EXPORT40_WITH_MD5
699. | SSL2_RC2_128_CBC_WITH_MD5
700. |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
701. 445/tcp open netbios-ssn Samba smbd 3.0.33-0.17.el4 (workgroup: MYGROUP)
702. 631/tcp open ipp CUPS 1.1
703. | http-methods:
704. | Supported Methods: GET HEAD OPTIONS POST PUT
705. |_ Potentially risky methods: PUT
706. |_http-title: 403 Forbidden
707. 3306/tcp open mysql?
708. |_mysql-info: ERROR: Script execution failed (use -d to debug)
709. MAC Address: 00:50:56:89:55:6D (VMware)
710. Device type: firewall|general purpose|proxy server|WAP|PBX|media device
711. Running (JUST GUESSING): Linux 2.6.X (93%), Cisco embedded (93%), Riverbed embedded (93%), Ruckus embedded (93%), FreeBSD 6.X (89%), Sony embedded (89%), AVM embedded (88%)
712. OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/h:cisco:sa520 cpe:/o:linux:linux_kernel:2.6.9 cpe:/h:riverbed:steelhead_200 cpe:/h:ruckus:7363 cpe:/h:cisco:uc320w cpe:/o:freebsd:freebsd:6.2 cpe:/h:avm:fritz%21box_fon_wlan_7170
713. Aggressive OS guesses: Cisco SA520 firewall (Linux 2.6) (93%), Linux 2.6.9 (CentOS 4.4) (93%), Linux 2.6.9 - 2.6.27 (93%), Riverbed Steelhead 200 proxy server (93%), Ruckus 7363 WAP (93%), Linux 2.6.9 (93%), Linux 2.6.28 (92%), Linux 2.6.30 (92%), Linux 2.6.11 (90%), Linux 2.6.32 (90%)
714. No exact OS matches for host (test conditions non-ideal).
715. Uptime guess: 1.096 days (since Sun Feb 12 13:53:30 2017)
716. Network Distance: 1 hop
717. TCP Sequence Prediction: Difficulty=202 (Good luck!)
718. IP ID Sequence Generation: All zeros
719. Service Info: OS: Unix
720.  
721. Host script results:
722. |_clock-skew: mean: -9h12m36s, deviation: 0s, median: -9h12m36s
723. | smb-os-discovery:
724. | OS: Unix (Samba 3.0.33-0.17.el4)
725. | Computer name: phoenix
726. | NetBIOS computer name:
727. | Domain name:
728. | FQDN: phoenix
729. |_ System time: 2017-02-13T09:55:29-05:00
730. | smb-security-mode:
731. | account_used: guest
732. | authentication_level: user
733. | challenge_response: supported
734. |_ message_signing: disabled (dangerous, but default)
735. |_smbv2-enabled: Server doesn't support SMBv2 protocol
736.  
737. TRACEROUTE
738. HOP RTT ADDRESS
739. 1 89.84 ms 10.11.1.8
740.  
741. Nmap scan report for 10.11.1.10
742. Host is up (0.090s latency).
743. Not shown: 999 filtered ports
744. PORT STATE SERVICE VERSION
745. 80/tcp open http Microsoft IIS httpd 6.0
746. | http-methods:
747. | Supported Methods: OPTIONS TRACE GET HEAD POST
748. |_ Potentially risky methods: TRACE
749. |_http-server-header: Microsoft-IIS/6.0
750. |_http-title: Under Construction
751. MAC Address: 00:50:56:89:78:14 (VMware)
752. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
753. Device type: general purpose|WAP
754. Running (JUST GUESSING): Microsoft Windows 2003|XP|2000 (89%), Apple embedded (86%)
755. OS CPE: cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2000::sp4 cpe:/h:apple:airport_extreme
756. Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (89%), Microsoft Windows XP SP3 (87%), Microsoft Windows 2000 SP4 (87%), Apple AirPort Extreme WAP (86%)
757. No exact OS matches for host (test conditions non-ideal).
758. Network Distance: 1 hop
759. TCP Sequence Prediction: Difficulty=261 (Good luck!)
760. IP ID Sequence Generation: Incremental
761. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
762.  
763. TRACEROUTE
764. HOP RTT ADDRESS
765. 1 90.27 ms 10.11.1.10
766.  
767. Nmap scan report for 10.11.1.13
768. Host is up (0.13s latency).
769. Not shown: 997 filtered ports
770. PORT STATE SERVICE VERSION
771. 21/tcp open ftp Microsoft ftpd
772. | ftp-anon: Anonymous FTP login allowed (FTP code 230)
773. | 01-17-07 06:42PM <DIR> AdminScripts
774. | 01-17-07 06:43PM <DIR> ftproot
775. | 01-17-07 06:43PM <DIR> iissamples
776. | 01-17-07 06:43PM <DIR> Scripts
777. |_02-13-17 09:15AM <DIR> wwwroot
778. 80/tcp open http Microsoft IIS httpd 5.1
779. | http-methods:
780. | Supported Methods: OPTIONS TRACE GET HEAD DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT POST
781. |_ Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
782. |_http-server-header: Microsoft-IIS/5.1
783. |_http-title: Site doesn't have a title (text/html).
784. |_http-webdav-scan: ERROR: Script execution failed (use -d to debug)
785. 3389/tcp open ms-wbt-server Microsoft Terminal Service
786. MAC Address: 00:50:56:89:45:F8 (VMware)
787. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
788. Device type: WAP
789. Running (JUST GUESSING): Apple embedded (86%)
790. OS CPE: cpe:/h:apple:airport_extreme
791. Aggressive OS guesses: Apple AirPort Extreme WAP (86%)
792. No exact OS matches for host (test conditions non-ideal).
793. Network Distance: 1 hop
794. TCP Sequence Prediction: Difficulty=140 (Good luck!)
795. IP ID Sequence Generation: Incremental
796. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
797.  
798. TRACEROUTE
799. HOP RTT ADDRESS
800. 1 125.11 ms 10.11.1.13
801.  
802. Nmap scan report for 10.11.1.14
803. Host is up (0.088s latency).
804. Not shown: 997 filtered ports
805. PORT STATE SERVICE VERSION
806. 21/tcp open ftp Microsoft ftpd
807. 80/tcp open http Microsoft IIS httpd 5.1
808. | http-methods:
809. | Supported Methods: OPTIONS TRACE GET HEAD DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT POST
810. |_ Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
811. |_http-server-header: Microsoft-IIS/5.1
812. |_http-title: Site doesn't have a title (text/html).
813. |_http-webdav-scan: ERROR: Script execution failed (use -d to debug)
814. 3389/tcp open ms-wbt-server Microsoft Terminal Service
815. MAC Address: 00:50:56:89:42:8D (VMware)
816. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
817. Device type: WAP|general purpose
818. Running (JUST GUESSING): Apple embedded (86%), Microsoft Windows 2003|XP (86%)
819. OS CPE: cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp::sp3
820. Aggressive OS guesses: Apple AirPort Extreme WAP (86%), Microsoft Windows Server 2003 SP2 (86%), Microsoft Windows XP SP3 (86%)
821. No exact OS matches for host (test conditions non-ideal).
822. Network Distance: 1 hop
823. TCP Sequence Prediction: Difficulty=138 (Good luck!)
824. IP ID Sequence Generation: Incremental
825. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
826.  
827. TRACEROUTE
828. HOP RTT ADDRESS
829. 1 88.36 ms 10.11.1.14
830.  
831. Nmap scan report for 10.11.1.22
832. Host is up (0.089s latency).
833. Not shown: 989 closed ports
834. PORT STATE SERVICE VERSION
835. 21/tcp open ftp?
836. |_ftp-bounce: no banner
837. 22/tcp open ssh OpenSSH 3.1p1 (protocol 1.99)
838. | ssh-hostkey:
839. | 1024 4a:e3:f8:07:d5:d6:b1:b5:bf:54:ac:e7:17:36:7e:e8 (RSA1)
840. | 1024 77:67:f2:2c:3d:7c:45:24:fe:5e:0f:de:07:65:b3:57 (DSA)
841. |_ 1024 42:b1:48:0b:41:f8:a9:12:cc:9b:c4:ed:26:74:64:2c (RSA)
842. |_sshv1: Server supports SSHv1
843. 23/tcp open telnet?
844. 25/tcp open smtp?
845. |_smtp-commands: Couldn't establish connection on port 25
846. 80/tcp open http Apache httpd 1.3.23 ((Unix) (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2)
847. | http-methods:
848. | Supported Methods: GET HEAD POST PUT DELETE CONNECT OPTIONS PATCH PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK TRACE
849. |_ Potentially risky methods: PUT DELETE CONNECT PATCH PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK TRACE
850. |_http-server-header: Apache/1.3.23 (Unix) (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2
851. |_http-title: Test Page for the Apache Web Server on Red Hat Linux
852. 111/tcp open rpcbind 2 (RPC #100000)
853. | rpcinfo:
854. | program version port/proto service
855. | 100000 2 111/tcp rpcbind
856. | 100000 2 111/udp rpcbind
857. | 100024 1 32768/tcp status
858. |_ 100024 1 32768/udp status
859. 139/tcp open netbios-ssn Samba smbd (workgroup: MYGROUP)
860. 199/tcp open smux Linux SNMP multiplexer
861. 443/tcp open ssl/http Apache httpd 1.3.23 ((Unix) (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2)
862. | http-methods:
863. | Supported Methods: GET HEAD POST PUT DELETE CONNECT OPTIONS PATCH PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK TRACE
864. |_ Potentially risky methods: PUT DELETE CONNECT PATCH PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK TRACE
865. |_http-server-header: Apache/1.3.23 (Unix) (Red-Hat/Linux) mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2
866. |_http-title: Test Page for the Apache Web Server on Red Hat Linux
867. | ssl-cert: Subject: commonName=MAILMAN/organizationName=ACME LOCAL LTD/stateOrProvinceName=Berkshire/countryName=GB
868. | Issuer: commonName=MAILMAN/organizationName=ACME LOCAL LTD/stateOrProvinceName=Berkshire/countryName=GB
869. | Public Key type: rsa
870. | Public Key bits: 1024.0
871. | Signature Algorithm: md5WithRSAEncryption
872. | Not valid before: 2007-01-16T14:44:50
873. | Not valid after: 2008-01-16T14:44:50
874. | MD5: 041d df8f a600 c4b9 fb3c 281f 3c2c 6da1
875. |_SHA-1: 4ea5 cdab 2740 5a09 001f d6ba 4c07 9edb 48d4 e6f2
876. |_ssl-date: 2017-02-13T19:08:57+00:00; -4h58m55s from scanner time.
877. | sslv2:
878. | SSLv2 supported
879. | ciphers:
880. | SSL2_RC4_128_WITH_MD5
881. | SSL2_RC4_64_WITH_MD5
882. | SSL2_DES_64_CBC_WITH_MD5
883. | SSL2_DES_192_EDE3_CBC_WITH_MD5
884. | SSL2_RC4_128_EXPORT40_WITH_MD5
885. | SSL2_RC2_128_CBC_WITH_MD5
886. |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
887. 995/tcp open ssl/pop3 UW Imap pop3d 2001.78rh
888. |_pop3-capabilities: TOP USER UIDL LOGIN-DELAY(180) SASL(PLAIN LOGIN)
889. | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
890. | Issuer: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
891. | Public Key type: rsa
892. | Public Key bits: 1024.0
893. | Signature Algorithm: md5WithRSAEncryption
894. | Not valid before: 2007-01-16T06:13:33
895. | Not valid after: 2008-01-16T06:13:33
896. | MD5: 6e46 a2b0 0859 d753 80b8 f1ee 4efb 2cc0
897. |_SHA-1: 83f3 1bf8 c796 8775 b94b 7f01 7eb6 c9c0 5f90 3d19
898. |_ssl-date: 2017-02-13T19:08:21+00:00; -4h58m55s from scanner time.
899. | sslv2:
900. | SSLv2 supported
901. | ciphers:
902. | SSL2_RC4_128_WITH_MD5
903. | SSL2_DES_192_EDE3_CBC_WITH_MD5
904. | SSL2_RC4_128_EXPORT40_WITH_MD5
905. | SSL2_RC2_128_CBC_WITH_MD5
906. |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
907. 32768/tcp open status 1 (RPC #100024)
908. MAC Address: 00:50:56:89:0A:08 (VMware)
909. Device type: WAP|general purpose|router|specialized|switch|media device|broadband router
910. Running (JUST GUESSING): Acorp embedded (94%), Linux 2.4.X|2.6.X (94%), Meru embedded (94%), AVM embedded (93%), Google embedded (93%), HP embedded (93%), Philips embedded (93%), Motorola embedded (93%)
911. OS CPE: cpe:/o:linux:linux_kernel:2.4.17 cpe:/h:avm:fritz%21box_fon_wlan_7170 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.6.18 cpe:/h:motorola:surfboard_sb6120 cpe:/h:motorola:surfboard_sb6141
912. Aggressive OS guesses: Acorp W400G or W422G wireless ADSL modem (MontaVista embedded Linux 2.4.17) (94%), MontaVista embedded Linux 2.4.17 (94%), Meru MC1000 wireless LAN controller (94%), AVM FRITZ!Box FON WLAN 7170 WAP (93%), Google Mini search appliance (93%), HP Brocade 4Gb SAN switch or (93%), Linux 2.4.20 (93%), Linux 2.4.21 (embedded) (93%), Motorola SURFboard SB6120 or SB6141 cable modem (Linux 2.6.18) (93%), Linux 2.6.15 - 2.6.26 (likely embedded) (93%)
913. No exact OS matches for host (test conditions non-ideal).
914. Uptime guess: 0.004 days (since Mon Feb 13 16:05:49 2017)
915. Network Distance: 1 hop
916. Service Info: Host: barry.thinc.local; OS: Linux; CPE: cpe:/o:linux:linux_kernel
917.  
918. Host script results:
919. |_clock-skew: mean: -4h58m55s, deviation: 0s, median: -4h58m55s
920. | nbstat: NetBIOS name: BARRY, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
921. | Names:
922. | BARRY<00> Flags: <unique><active>
923. | BARRY<03> Flags: <unique><active>
924. | BARRY<20> Flags: <unique><active>
925. | \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
926. | MYGROUP<00> Flags: <group><active>
927. | MYGROUP<1d> Flags: <unique><active>
928. |_ MYGROUP<1e> Flags: <group><active>
929.  
930. TRACEROUTE
931. HOP RTT ADDRESS
932. 1 88.81 ms 10.11.1.22
933.  
934. Nmap scan report for 10.11.1.24
935. Host is up (0.100s latency).
936. Not shown: 992 closed ports
937. PORT STATE SERVICE VERSION
938. 22/tcp open ssh OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)
939. | ssh-hostkey:
940. | 1024 f3:6e:87:04:ea:2d:b3:60:ff:42:ad:26:67:17:94:d5 (DSA)
941. |_ 2048 bb:03:ce:ed:13:f1:9a:9e:36:03:e2:af:ca:b2:35:04 (RSA)
942. 80/tcp open http Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6)
943. | http-methods:
944. |_ Supported Methods: GET HEAD POST OPTIONS
945. |_http-server-header: Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6
946. |_http-title: CS-Cart. Powerful PHP shopping cart software
947. 110/tcp open pop3 Dovecot pop3d
948. |_pop3-capabilities: PIPELINING STLS UIDL RESP-CODES TOP CAPA SASL
949. | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
950. | Issuer: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
951. | Public Key type: rsa
952. | Public Key bits: 1024.0
953. | Signature Algorithm: sha1WithRSAEncryption
954. | Not valid before: 2008-04-25T02:02:48
955. | Not valid after: 2008-05-25T02:02:48
956. | MD5: 90db 2a9a 2d86 29dc f047 d19d c636 9c8e
957. |_SHA-1: 1bde 08b6 86fc 9892 33c9 7bd4 0125 c572 5b32 d829
958. |_ssl-date: 2017-02-13T15:57:01+00:00; -8h10m59s from scanner time.
959. | sslv2:
960. | SSLv2 supported
961. | ciphers:
962. | SSL2_RC4_128_WITH_MD5
963. | SSL2_DES_192_EDE3_CBC_WITH_MD5
964. | SSL2_RC4_128_EXPORT40_WITH_MD5
965. | SSL2_RC2_128_CBC_WITH_MD5
966. |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
967. 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: MSHOME)
968. 143/tcp open imap Dovecot imapd
969. |_imap-capabilities: SORT OK completed IMAP4rev1 UNSELECT Capability MULTIAPPEND STARTTLS LITERAL+ LOGINDISABLEDA0001 IDLE THREAD=REFERENCES LOGIN-REFERRALS CHILDREN NAMESPACE SASL-IR
970. | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
971. | Issuer: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
972. | Public Key type: rsa
973. | Public Key bits: 1024.0
974. | Signature Algorithm: sha1WithRSAEncryption
975. | Not valid before: 2008-04-25T02:02:48
976. | Not valid after: 2008-05-25T02:02:48
977. | MD5: 90db 2a9a 2d86 29dc f047 d19d c636 9c8e
978. |_SHA-1: 1bde 08b6 86fc 9892 33c9 7bd4 0125 c572 5b32 d829
979. |_ssl-date: 2017-02-13T15:55:45+00:00; -8h10m59s from scanner time.
980. | sslv2:
981. | SSLv2 supported
982. | ciphers:
983. | SSL2_RC4_128_WITH_MD5
984. | SSL2_DES_192_EDE3_CBC_WITH_MD5
985. | SSL2_RC4_128_EXPORT40_WITH_MD5
986. | SSL2_RC2_128_CBC_WITH_MD5
987. |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
988. 445/tcp open netbios-ssn Samba smbd 3.0.26a (workgroup: MSHOME)
989. 993/tcp open ssl/imap Dovecot imapd
990. |_imap-capabilities: CAPABILITY
991. | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
992. | Issuer: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
993. | Public Key type: rsa
994. | Public Key bits: 1024.0
995. | Signature Algorithm: sha1WithRSAEncryption
996. | Not valid before: 2008-04-25T02:02:48
997. | Not valid after: 2008-05-25T02:02:48
998. | MD5: 90db 2a9a 2d86 29dc f047 d19d c636 9c8e
999. |_SHA-1: 1bde 08b6 86fc 9892 33c9 7bd4 0125 c572 5b32 d829
1000. |_ssl-date: 2017-02-13T15:55:59+00:00; -8h10m58s from scanner time.
1001. | sslv2:
1002. | SSLv2 supported
1003. | ciphers:
1004. | SSL2_RC4_128_WITH_MD5
1005. | SSL2_DES_192_EDE3_CBC_WITH_MD5
1006. | SSL2_RC4_128_EXPORT40_WITH_MD5
1007. | SSL2_RC2_128_CBC_WITH_MD5
1008. |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
1009. 995/tcp open ssl/pop3 Dovecot pop3d
1010. | ssl-cert: Subject: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
1011. | Issuer: commonName=ubuntu01/organizationName=OCOSA/stateOrProvinceName=There is no such thing outside US/countryName=XX
1012. | Public Key type: rsa
1013. | Public Key bits: 1024.0
1014. | Signature Algorithm: sha1WithRSAEncryption
1015. | Not valid before: 2008-04-25T02:02:48
1016. | Not valid after: 2008-05-25T02:02:48
1017. | MD5: 90db 2a9a 2d86 29dc f047 d19d c636 9c8e
1018. |_SHA-1: 1bde 08b6 86fc 9892 33c9 7bd4 0125 c572 5b32 d829
1019. |_ssl-date: 2017-02-13T15:56:49+00:00; -8h10m59s from scanner time.
1020. | sslv2:
1021. | SSLv2 supported
1022. | ciphers:
1023. | SSL2_RC4_128_WITH_MD5
1024. | SSL2_DES_192_EDE3_CBC_WITH_MD5
1025. | SSL2_RC4_128_EXPORT40_WITH_MD5
1026. | SSL2_RC2_128_CBC_WITH_MD5
1027. |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
1028. MAC Address: 00:50:56:89:1D:48 (VMware)
1029. Device type: general purpose|remote management|WAP|specialized|print server|switch|media device|printer
1030. Running (JUST GUESSING): Linux 2.6.X|2.4.X (95%), Dell embedded (94%), AVM embedded (93%), Google embedded (93%), HP embedded (93%), Philips embedded (93%), Kyocera embedded (93%)
1031. OS CPE: cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:dell:remote_access_card:6 cpe:/h:avm:fritz%21box_fon_wlan_7170 cpe:/h:kyocera:cs_255 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.4.21
1032. Aggressive OS guesses: Linux 2.6.22 (95%), Dell Remote Access Controller (DRAC 6) (94%), Dell Integrated Remote Access Controller (iDRAC) (94%), DD-WRT v24-presp2 (Linux 2.6.34) (94%), AVM FRITZ!Box FON WLAN 7170 WAP (93%), Dell Integrated Remote Access Controller (iDRAC9) (93%), Dell Remote Access Controller 5/I (DRAC 5/I) (93%), Google Mini search appliance (93%), HP 4200 PSA (Print Server Appliance) model J4117A (93%), HP Brocade 4Gb SAN switch or (93%)
1033. No exact OS matches for host (test conditions non-ideal).
1034. Uptime guess: 0.088 days (since Mon Feb 13 14:05:45 2017)
1035. Network Distance: 1 hop
1036. TCP Sequence Prediction: Difficulty=223 (Good luck!)
1037. IP ID Sequence Generation: All zeros
1038. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1039.  
1040. Host script results:
1041. |_clock-skew: mean: -8h10m59s, deviation: 0s, median: -8h10m59s
1042. | nbstat: NetBIOS name: PAYDAY, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
1043. | Names:
1044. | PAYDAY<00> Flags: <unique><active>
1045. | PAYDAY<03> Flags: <unique><active>
1046. | PAYDAY<20> Flags: <unique><active>
1047. | \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
1048. | MSHOME<1d> Flags: <unique><active>
1049. | MSHOME<1e> Flags: <group><active>
1050. |_ MSHOME<00> Flags: <group><active>
1051. | smb-os-discovery:
1052. | OS: Unix (Samba 3.0.26a)
1053. | Computer name: payday
1054. | NetBIOS computer name:
1055. | Domain name:
1056. | FQDN: payday
1057. |_ System time: 2017-02-13T10:57:07-05:00
1058. | smb-security-mode:
1059. | account_used: <blank>
1060. | authentication_level: user
1061. | challenge_response: supported
1062. |_ message_signing: disabled (dangerous, but default)
1063. |_smbv2-enabled: Server doesn't support SMBv2 protocol
1064.  
1065. TRACEROUTE
1066. HOP RTT ADDRESS
1067. 1 99.85 ms 10.11.1.24
1068.  
1069. Nmap scan report for 10.11.1.31
1070. Host is up (0.087s latency).
1071. Not shown: 993 closed ports
1072. PORT STATE SERVICE VERSION
1073. 80/tcp open http Microsoft IIS httpd 6.0
1074. | http-methods:
1075. | Supported Methods: OPTIONS TRACE GET HEAD POST
1076. |_ Potentially risky methods: TRACE
1077. |_http-server-header: Microsoft-IIS/6.0
1078. |_http-title: Login
1079. 135/tcp open msrpc Microsoft Windows RPC
1080. 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
1081. 445/tcp open microsoft-ds Windows Server 2003 3790 Service Pack 1 microsoft-ds
1082. 1025/tcp open msrpc Microsoft Windows RPC
1083. 1433/tcp open ms-sql-s Microsoft SQL Server 2000 8.00.766.00; SP3a
1084. | ms-sql-ntlm-info:
1085. |_ Product_Version: 5.2.3790
1086. 3389/tcp open ms-wbt-server Microsoft Terminal Service
1087. MAC Address: 00:50:56:89:12:79 (VMware)
1088. Device type: general purpose|media device|specialized
1089. Running (JUST GUESSING): Microsoft Windows 2003|XP|PocketPC/CE|2000 (94%), Motorola embedded (89%), Beat embedded (85%)
1090. OS CPE: cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_ce:5.0 cpe:/h:motorola:vip1216 cpe:/o:microsoft:windows_ce cpe:/o:microsoft:windows_2000::sp4
1091. Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (94%), Microsoft Windows XP SP3 (93%), Microsoft Windows Server 2003 SP0 - SP2 (91%), Microsoft Windows Server 2003 SP1 or SP2 (91%), Microsoft Windows 2003 (90%), Microsoft Windows Server 2003 SP1 (90%), Microsoft Windows Server 2003 (89%), Microsoft Windows Server 2003 SP0 or Windows XP SP2 (89%), Microsoft Windows XP Professional SP3 (89%), Microsoft Windows XP SP2 (89%)
1092. No exact OS matches for host (test conditions non-ideal).
1093. Network Distance: 1 hop
1094. TCP Sequence Prediction: Difficulty=263 (Good luck!)
1095. IP ID Sequence Generation: Incremental
1096. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_server_2003
1097.  
1098. Host script results:
1099. |_clock-skew: mean: -8h58m38s, deviation: 0s, median: -8h58m38s
1100. | ms-sql-info:
1101. | Windows server name: RALPH
1102. | 10.11.1.31\MSSQLSERVER:
1103. | Instance name: MSSQLSERVER
1104. | Version:
1105. | Service pack level: SP3a
1106. | Product: Microsoft SQL Server 2000
1107. | name: Microsoft SQL Server 2000 SP3a
1108. | number: 8.00.766.00
1109. | Post-SP patches applied: false
1110. | TCP port: 1433
1111. | Named pipe: \\10.11.1.31\pipe\sql\query
1112. |_ Clustered: false
1113. | nbstat: NetBIOS name: RALPH, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:12:79 (VMware)
1114. | Names:
1115. | RALPH<00> Flags: <unique><active>
1116. | THINC<00> Flags: <group><active>
1117. | RALPH<1f> Flags: <unique><active>
1118. | RALPH<03> Flags: <unique><active>
1119. | RALPH<20> Flags: <unique><active>
1120. | THINC<1e> Flags: <group><active>
1121. | THINC<1d> Flags: <unique><active>
1122. |_ \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
1123. | smb-os-discovery:
1124. | OS: Windows Server 2003 3790 Service Pack 1 (Windows Server 2003 5.2)
1125. | OS CPE: cpe:/o:microsoft:windows_server_2003::sp1
1126. | Computer name: ralph
1127. | NetBIOS computer name: RALPH
1128. | Workgroup: THINC
1129. |_ System time: 2017-02-13T09:09:28-06:00
1130. | smb-security-mode:
1131. | account_used: guest
1132. | authentication_level: user
1133. | challenge_response: supported
1134. |_ message_signing: disabled (dangerous, but default)
1135. |_smbv2-enabled: Server doesn't support SMBv2 protocol
1136.  
1137. TRACEROUTE
1138. HOP RTT ADDRESS
1139. 1 86.96 ms 10.11.1.31
1140.  
1141. Nmap scan report for 10.11.1.35
1142. Host is up (0.090s latency).
1143. Not shown: 997 filtered ports
1144. PORT STATE SERVICE VERSION
1145. 22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
1146. | ssh-hostkey:
1147. | 1024 ab:a7:86:a8:a0:39:c6:0a:81:0b:f9:ae:6f:4b:51:79 (DSA)
1148. |_ 2048 8b:a5:11:b8:ca:75:9e:8c:a7:17:2c:a3:c9:90:1e:87 (RSA)
1149. 443/tcp open ssl/http Apache httpd 2.2.3 ((CentOS))
1150. | http-methods:
1151. | Supported Methods: GET HEAD POST OPTIONS TRACE
1152. |_ Potentially risky methods: TRACE
1153. |_http-server-header: Apache/2.2.3 (CentOS)
1154. |_http-title: Site doesn't have a title (text/html; charset=UTF-8).
1155. | ssl-cert: Subject: commonName=pain/organizationName=Thinc LTD/stateOrProvinceName=Pain/countryName=US
1156. | Issuer: commonName=pain/organizationName=Thinc LTD/stateOrProvinceName=Pain/countryName=US
1157. | Public Key type: rsa
1158. | Public Key bits: 2048.0
1159. | Signature Algorithm: sha1WithRSAEncryption
1160. | Not valid before: 2016-01-07T12:46:17
1161. | Not valid after: 2017-01-06T12:46:17
1162. | MD5: f06b 588b f6f3 94f7 26bc 151f 8144 add9
1163. |_SHA-1: d276 955d 1b77 454c 3ca0 7f8e b965 01f7 c271 e0d3
1164. |_ssl-date: 2017-02-13T15:19:11+00:00; -8h48m19s from scanner time.
1165. 631/tcp closed ipp
1166. MAC Address: 00:50:56:89:7B:53 (VMware)
1167. Device type: firewall|general purpose|proxy server|WAP|PBX|media device
1168. Running (JUST GUESSING): Linux 2.6.X (93%), Cisco embedded (93%), Riverbed embedded (93%), Ruckus embedded (91%), FreeBSD 6.X (89%), Sony embedded (89%), AVM embedded (88%)
1169. OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/h:cisco:sa520 cpe:/o:linux:linux_kernel:2.6.9 cpe:/h:riverbed:steelhead_200 cpe:/h:ruckus:7363 cpe:/h:cisco:uc320w cpe:/o:freebsd:freebsd:6.2 cpe:/h:avm:fritz%21box_fon_wlan_7170
1170. Aggressive OS guesses: Cisco SA520 firewall (Linux 2.6) (93%), Linux 2.6.9 (CentOS 4.4) (93%), Linux 2.6.9 - 2.6.27 (93%), Riverbed Steelhead 200 proxy server (93%), Linux 2.6.9 (93%), Linux 2.6.30 (92%), Ruckus 7363 WAP (91%), Linux 2.6.11 (90%), Linux 2.6.28 (90%), Linux 2.6.32 (90%)
1171. No exact OS matches for host (test conditions non-ideal).
1172. Uptime guess: 1.019 days (since Sun Feb 12 15:44:58 2017)
1173. Network Distance: 1 hop
1174. TCP Sequence Prediction: Difficulty=206 (Good luck!)
1175. IP ID Sequence Generation: All zeros
1176.  
1177. Host script results:
1178. |_clock-skew: mean: -8h48m19s, deviation: 0s, median: -8h48m19s
1179.  
1180. TRACEROUTE
1181. HOP RTT ADDRESS
1182. 1 89.81 ms 10.11.1.35
1183.  
1184. Nmap scan report for 10.11.1.39
1185. Host is up (0.091s latency).
1186. Not shown: 997 filtered ports
1187. PORT STATE SERVICE VERSION
1188. 22/tcp open ssh OpenSSH 6.6.1 (protocol 2.0)
1189. | ssh-hostkey:
1190. | 2048 5e:c1:7e:d2:f9:20:f9:11:ea:4b:02:68:07:3f:54:f2 (RSA)
1191. |_ 256 36:ef:27:31:a2:fd:4a:e3:d2:4e:12:58:1f:7a:03:58 (ECDSA)
1192. 80/tcp open http nginx 1.6.3
1193. | http-methods:
1194. | Supported Methods: OPTIONS GET HEAD POST TRACE
1195. |_ Potentially risky methods: TRACE
1196. |_http-server-header: nginx/1.6.3
1197. |_http-title: Apache HTTP Server Test Page powered by CentOS
1198. 3306/tcp open mysql MariaDB (unauthorized)
1199. MAC Address: 00:50:56:89:46:40 (VMware)
1200. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1201. Device type: general purpose
1202. Running (JUST GUESSING): Linux 3.X|2.6.X|4.X (91%)
1203. OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:4
1204. Aggressive OS guesses: Linux 3.10 - 3.12 (91%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 (86%), Linux 3.10 - 4.1 (85%), Linux 3.11 - 4.1 (85%), Linux 3.2 - 4.4 (85%)
1205. No exact OS matches for host (test conditions non-ideal).
1206. Uptime guess: 0.111 days (since Mon Feb 13 13:32:19 2017)
1207. Network Distance: 1 hop
1208. TCP Sequence Prediction: Difficulty=258 (Good luck!)
1209. IP ID Sequence Generation: All zeros
1210.  
1211. TRACEROUTE
1212. HOP RTT ADDRESS
1213. 1 90.82 ms 10.11.1.39
1214.  
1215. Nmap scan report for 10.11.1.44
1216. Host is up (0.092s latency).
1217. Not shown: 998 closed ports
1218. PORT STATE SERVICE VERSION
1219. 22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu7 (Ubuntu Linux; protocol 2.0)
1220. | ssh-hostkey:
1221. | 1024 65:63:69:c9:8b:96:b1:fb:be:d5:5c:f8:1e:7b:de:8f (DSA)
1222. |_ 2048 28:99:c0:51:20:9b:31:e1:a4:fb:9a:17:46:52:cf:fc (RSA)
1223. 8000/tcp open ssl/http Rocket httpd 1.2.6 (Python 2.6.5)
1224. |_http-favicon: Unknown favicon MD5: E16917BAD986E06AECDA858806BC9AA8
1225. |_http-generator: Web2py Web Framework
1226. | http-methods:
1227. |_ Supported Methods: GET HEAD OPTIONS
1228. | http-robots.txt: 1 disallowed entry
1229. |_/welcome/default/user
1230. |_http-server-header: Rocket 1.2.6 Python/2.6.5
1231. |_http-title: CSC438 - Issue Tracker Project
1232. | ssl-cert: Subject: commonName=Tricia Admin/organizationName=Thinc/stateOrProvinceName=NY/countryName=US
1233. | Issuer: commonName=Tricia Admin/organizationName=Thinc/stateOrProvinceName=NY/countryName=US
1234. | Public Key type: rsa
1235. | Public Key bits: 2048.0
1236. | Signature Algorithm: sha1WithRSAEncryption
1237. | Not valid before: 2013-08-17T11:55:25
1238. | Not valid after: 2014-08-17T11:55:25
1239. | MD5: c935 c83b 4df2 eda0 75d2 cbc7 5db6 2987
1240. |_SHA-1: 9daf e8a2 b91b f0bd ad4a b796 e41b 389f 9507 ffec
1241. | sslv2:
1242. | SSLv2 supported
1243. | ciphers:
1244. | SSL2_RC4_128_WITH_MD5
1245. | SSL2_DES_64_CBC_WITH_MD5
1246. | SSL2_DES_192_EDE3_CBC_WITH_MD5
1247. | SSL2_RC4_128_EXPORT40_WITH_MD5
1248. | SSL2_RC2_128_CBC_WITH_MD5
1249. |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
1250. MAC Address: 00:50:56:89:7B:11 (VMware)
1251. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
1252. TCP/IP fingerprint:
1253. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=35706%PV=Y%DS=1%DC=D%G=Y%M=005
1254. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=FD%GCD=1%ISR=105%TI=Z%II=I%TS
1255. OS:=8)SEQ(SP=105%GCD=1%ISR=108%TI=Z%TS=8)OPS(O1=M529ST11NW6%O2=M529ST11NW6%
1256. OS:O3=M529NNT11NW6%O4=M529ST11NW6%O5=M529ST11NW6%O6=M529ST11)WIN(W1=16A0%W2
1257. OS:=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0%O=M529NNS
1258. OS:NW6%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)
1259. OS:T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%
1260. OS:T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD
1261. OS:=S)
1262.  
1263. Uptime guess: 0.390 days (since Mon Feb 13 06:50:16 2017)
1264. Network Distance: 1 hop
1265. TCP Sequence Prediction: Difficulty=261 (Good luck!)
1266. IP ID Sequence Generation: All zeros
1267. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1268.  
1269. TRACEROUTE
1270. HOP RTT ADDRESS
1271. 1 91.98 ms 10.11.1.44
1272.  
1273. Nmap scan report for 10.11.1.49
1274. Host is up (0.090s latency).
1275. Not shown: 996 filtered ports
1276. PORT STATE SERVICE VERSION
1277. 80/tcp open http Microsoft IIS httpd 8.5
1278. |_http-favicon: Unknown favicon MD5: B6341DFC213100C61DB4FB8775878CEC
1279. |_http-generator: Drupal 7 (http://drupal.org)
1280. | http-methods:
1281. | Supported Methods: OPTIONS TRACE GET HEAD POST
1282. |_ Potentially risky methods: TRACE
1283. | http-robots.txt: 36 disallowed entries (15 shown)
1284. | /includes/ /misc/ /modules/ /profiles/ /scripts/
1285. | /themes/ /CHANGELOG.txt /cron.php /INSTALL.mysql.txt
1286. | /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php /INSTALL.txt
1287. |_/LICENSE.txt /MAINTAINERS.txt
1288. |_http-server-header: Microsoft-IIS/8.5
1289. |_http-title: Welcome to Bethany&#039;s Page | Bethany&#039;s Page
1290. 135/tcp open msrpc Microsoft Windows RPC
1291. 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
1292. 49155/tcp open msrpc Microsoft Windows RPC
1293. MAC Address: 00:50:56:89:38:F6 (VMware)
1294. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1295. Device type: general purpose|phone|specialized
1296. Running (JUST GUESSING): Microsoft Windows 8|Phone|2008|8.1|7|Vista|2012 (92%)
1297. OS CPE: cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2012
1298. Aggressive OS guesses: Microsoft Windows 8.1 Update 1 (92%), Microsoft Windows Phone 7.5 or 8.0 (92%), Microsoft Windows Server 2008 R2 (91%), Microsoft Windows Server 2008 R2 or Windows 8.1 (91%), Microsoft Windows Server 2008 R2 SP1 or Windows 8 (91%), Microsoft Windows 7 (91%), Microsoft Windows 7 Professional or Windows 8 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 R2 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 SP2 or 2008 R2 SP1 (91%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (91%)
1299. No exact OS matches for host (test conditions non-ideal).
1300. Uptime guess: 1.048 days (since Sun Feb 12 15:03:12 2017)
1301. Network Distance: 1 hop
1302. TCP Sequence Prediction: Difficulty=256 (Good luck!)
1303. IP ID Sequence Generation: Incremental
1304. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1305.  
1306. TRACEROUTE
1307. HOP RTT ADDRESS
1308. 1 90.10 ms 10.11.1.49
1309.  
1310. Nmap scan report for 10.11.1.50
1311. Host is up (0.090s latency).
1312. Not shown: 996 filtered ports
1313. PORT STATE SERVICE VERSION
1314. 80/tcp open http Microsoft IIS httpd 8.5
1315. |_http-favicon: Unknown favicon MD5: B6341DFC213100C61DB4FB8775878CEC
1316. |_http-generator: Drupal 7 (http://drupal.org)
1317. | http-methods:
1318. | Supported Methods: OPTIONS TRACE GET HEAD POST
1319. |_ Potentially risky methods: TRACE
1320. | http-robots.txt: 36 disallowed entries (15 shown)
1321. | /includes/ /misc/ /modules/ /profiles/ /scripts/
1322. | /themes/ /CHANGELOG.txt /cron.php /INSTALL.mysql.txt
1323. | /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php /INSTALL.txt
1324. |_/LICENSE.txt /MAINTAINERS.txt
1325. |_http-server-header: Microsoft-IIS/8.5
1326. |_http-title: Welcome to Bethany&#039;s Page | Bethany&#039;s Page
1327. 135/tcp open msrpc Microsoft Windows RPC
1328. 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
1329. 49155/tcp open msrpc Microsoft Windows RPC
1330. MAC Address: 00:50:56:89:0F:DC (VMware)
1331. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1332. Device type: general purpose|phone|specialized
1333. Running (JUST GUESSING): Microsoft Windows 8|Phone|2008|8.1|7|Vista|2012 (92%)
1334. OS CPE: cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2012
1335. Aggressive OS guesses: Microsoft Windows 8.1 Update 1 (92%), Microsoft Windows Phone 7.5 or 8.0 (92%), Microsoft Windows Server 2008 R2 (91%), Microsoft Windows Server 2008 R2 or Windows 8.1 (91%), Microsoft Windows Server 2008 R2 SP1 or Windows 8 (91%), Microsoft Windows 7 (91%), Microsoft Windows 7 Professional or Windows 8 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 R2 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 SP2 or 2008 R2 SP1 (91%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (91%)
1336. No exact OS matches for host (test conditions non-ideal).
1337. Uptime guess: 4.427 days (since Thu Feb 9 05:56:38 2017)
1338. Network Distance: 1 hop
1339. TCP Sequence Prediction: Difficulty=264 (Good luck!)
1340. IP ID Sequence Generation: Incremental
1341. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1342.  
1343. TRACEROUTE
1344. HOP RTT ADDRESS
1345. 1 90.33 ms 10.11.1.50
1346.  
1347. Nmap scan report for 10.11.1.71
1348. Host is up (0.093s latency).
1349. Not shown: 998 closed ports
1350. PORT STATE SERVICE VERSION
1351. 22/tcp open ssh?
1352. 80/tcp open http Apache httpd 2.4.7 ((Ubuntu))
1353. | http-methods:
1354. |_ Supported Methods: GET HEAD POST OPTIONS
1355. |_http-server-header: Apache/2.4.7 (Ubuntu)
1356. | http-title: Trees of Large Sizes
1357. |_Requested resource was site/index.php/
1358. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
1359. SF-Port22-TCP:V=7.25BETA2%I=7%D=2/13%Time=58A248CA%P=i686-pc-linux-gnu%r(N
1360. SF:ULL,7A0,"Usage:\x20useradd\x20\[options\]\x20LOGIN\n\x20\x20\x20\x20\x2
1361. SF:0\x20\x20useradd\x20-D\n\x20\x20\x20\x20\x20\x20\x20useradd\x20-D\x20\[
1362. SF:options\]\n\nOptions:\n\x20\x20-b,\x20--base-dir\x20BASE_DIR\x20\x20\x2
1363. SF:0\x20\x20\x20\x20base\x20directory\x20for\x20the\x20home\x20directory\x
1364. SF:20of\x20the\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
1365. SF:20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20n
1366. SF:ew\x20account\n\x20\x20-c,\x20--comment\x20COMMENT\x20\x20\x20\x20\x20\
1367. SF:x20\x20\x20\x20GECOS\x20field\x20of\x20the\x20new\x20account\n\x20\x20-
1368. SF:d,\x20--home-dir\x20HOME_DIR\x20\x20\x20\x20\x20\x20\x20home\x20directo
1369. SF:ry\x20of\x20the\x20new\x20account\n\x20\x20-D,\x20--defaults\x20\x20\x2
1370. SF:0\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20print\x20or\x20cha
1371. SF:nge\x20default\x20useradd\x20configuration\n\x20\x20-e,\x20--expiredate
1372. SF:\x20EXPIRE_DATE\x20\x20expiration\x20date\x20of\x20the\x20new\x20accoun
1373. SF:t\n\x20\x20-f,\x20--inactive\x20INACTIVE\x20\x20\x20\x20\x20\x20\x20pas
1374. SF:sword\x20inactivity\x20period\x20of\x20the\x20new\x20account\n\x20\x20-
1375. SF:g,\x20--gid\x20GROUP\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2
1376. SF:0\x20\x20name\x20or\x20ID\x20of\x20the\x20primary\x20group\x20of\x20the
1377. SF:\x20new\n\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x
1378. SF:20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20accou
1379. SF:nt\n\x20\x20-G,\x20--groups\x20GROUPS\x20\x20\x20\x20\x20\x20\x20\x20\x
1380. SF:20\x20\x20list\x20of\x20supplementary\x20groups\x20of\x20the\x20new\n\x
1381. SF:20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
1382. SF:x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20account\n\x20\x2
1383. SF:0-h,\x20--help\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\
1384. SF:x20\x20\x20\x20\x20\x20display\x20this\x20help\x20message\x20and\x20exi
1385. SF:t\n\x20\x20-k,\x20--skel\x20SKEL_DIR\x20\x20\x20\x20\x20\x20\x20\x20\x2
1386. SF:0\x20\x20use\x20this\x20alter");
1387. MAC Address: 00:50:56:89:47:97 (VMware)
1388. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
1389. TCP/IP fingerprint:
1390. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=40763%PV=Y%DS=1%DC=D%G=Y%M=005
1391. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=FF%GCD=1%ISR=10E%TI=Z%II=I%TS
1392. OS:=8)SEQ(SP=F8%GCD=1%ISR=110%TI=Z%TS=8)OPS(O1=M529ST11NW7%O2=M529ST11NW7%O
1393. OS:3=M529NNT11NW7%O4=M529ST11NW7%O5=M529ST11NW7%O6=M529ST11)WIN(W1=7120%W2=
1394. OS:7120%W3=7120%W4=7120%W5=7120%W6=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M529NNSN
1395. OS:W7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T
1396. OS:5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T
1397. OS:=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=
1398. OS:S)
1399.  
1400. Uptime guess: 0.218 days (since Mon Feb 13 10:58:07 2017)
1401. Network Distance: 1 hop
1402. TCP Sequence Prediction: Difficulty=250 (Good luck!)
1403. IP ID Sequence Generation: All zeros
1404.  
1405. TRACEROUTE
1406. HOP RTT ADDRESS
1407. 1 92.52 ms 10.11.1.71
1408.  
1409. Nmap scan report for 10.11.1.72
1410. Host is up (0.092s latency).
1411. Not shown: 993 closed ports
1412. PORT STATE SERVICE VERSION
1413. 22/tcp open ssh OpenSSH 5.8p1 Debian 7ubuntu1 (Ubuntu Linux; protocol 2.0)
1414. | ssh-hostkey:
1415. | 1024 d3:2e:10:0d:48:90:ce:9a:33:fb:66:3f:a0:a6:94:48 (DSA)
1416. | 2048 ef:0a:3b:8e:3f:92:a4:5e:f0:ab:e7:7d:75:f0:de:0e (RSA)
1417. |_ 256 15:3a:65:3b:97:ed:e0:fc:85:bc:4b:53:48:22:61:b1 (ECDSA)
1418. 25/tcp open smtp JAMES smtpd 2.3.2
1419. |_smtp-commands: beta Hello nmap.scanme.org (10.11.0.208 [10.11.0.208]),
1420. 80/tcp open http Apache httpd 2.2.20 ((Ubuntu))
1421. | http-methods:
1422. |_ Supported Methods: GET HEAD POST OPTIONS
1423. |_http-server-header: Apache/2.2.20 (Ubuntu)
1424. |_http-title: Site doesn't have a title (text/html).
1425. 110/tcp open pop3 JAMES pop3d 2.3.2
1426. 111/tcp open rpcbind 2-4 (RPC #100000)
1427. | rpcinfo:
1428. | program version port/proto service
1429. | 100000 2,3,4 111/tcp rpcbind
1430. | 100000 2,3,4 111/udp rpcbind
1431. | 100003 2,3,4 2049/tcp nfs
1432. | 100003 2,3,4 2049/udp nfs
1433. | 100005 1,2,3 38990/tcp mountd
1434. | 100005 1,2,3 41335/udp mountd
1435. | 100021 1,3,4 38943/tcp nlockmgr
1436. | 100021 1,3,4 49563/udp nlockmgr
1437. | 100024 1 50349/tcp status
1438. | 100024 1 51992/udp status
1439. | 100227 2,3 2049/tcp nfs_acl
1440. |_ 100227 2,3 2049/udp nfs_acl
1441. 119/tcp open nntp JAMES nntpd (posting ok)
1442. 2049/tcp open nfs_acl 2-3 (RPC #100227)
1443. MAC Address: 00:50:56:89:58:22 (VMware)
1444. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
1445. TCP/IP fingerprint:
1446. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=34169%PV=Y%DS=1%DC=D%G=Y%M=005
1447. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=10D%TI=Z%II=I%T
1448. OS:S=8)SEQ(SP=101%GCD=1%ISR=10F%TI=Z%TS=8)OPS(O1=M529ST11NW4%O2=M529ST11NW4
1449. OS:%O3=M529NNT11NW4%O4=M529ST11NW4%O5=M529ST11NW4%O6=M529ST11)WIN(W1=3890%W
1450. OS:2=3890%W3=3890%W4=3890%W5=3890%W6=3890)ECN(R=Y%DF=Y%T=40%W=3908%O=M529NN
1451. OS:SNW4%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N
1452. OS:)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N
1453. OS:%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%C
1454. OS:D=S)
1455.  
1456. Uptime guess: 0.423 days (since Mon Feb 13 06:02:09 2017)
1457. Network Distance: 1 hop
1458. TCP Sequence Prediction: Difficulty=257 (Good luck!)
1459. IP ID Sequence Generation: All zeros
1460. Service Info: Host: beta; OS: Linux; CPE: cpe:/o:linux:linux_kernel
1461.  
1462. TRACEROUTE
1463. HOP RTT ADDRESS
1464. 1 92.02 ms 10.11.1.72
1465.  
1466. Nmap scan report for 10.11.1.73
1467. Host is up (0.11s latency).
1468. Not shown: 981 filtered ports
1469. PORT STATE SERVICE VERSION
1470. 135/tcp open msrpc Microsoft Windows RPC
1471. 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
1472. 445/tcp open microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
1473. 554/tcp open rtsp?
1474. 1100/tcp open mctp?
1475. 2869/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1476. 3306/tcp open mysql?
1477. |_mysql-info: ERROR: Script execution failed (use -d to debug)
1478. 3389/tcp open ms-wbt-server Microsoft Terminal Service
1479. | ssl-cert: Subject: commonName=gamma
1480. | Issuer: commonName=gamma
1481. | Public Key type: rsa
1482. | Public Key bits: 2048.0
1483. | Signature Algorithm: sha1WithRSAEncryption
1484. | Not valid before: 2017-02-12T06:29:38
1485. | Not valid after: 2017-08-14T06:29:38
1486. | MD5: bb9b a25f 0c8e 2b07 2faf ce6a 8d4d d330
1487. |_SHA-1: 72a4 0440 c132 361b 13e0 ff06 1465 7b9c a38a 4b2b
1488. |_ssl-date: 2017-02-13T15:07:54+00:00; -8h58m38s from scanner time.
1489. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1490. |_http-server-header: Microsoft-HTTPAPI/2.0
1491. |_http-title: Service Unavailable
1492. 5800/tcp open http-proxy sslstrip
1493. | http-methods:
1494. |_ Supported Methods: GET
1495. |_http-title: TightVNC desktop [gamma]
1496. 5900/tcp open vnc VNC (protocol 3.8)
1497. | vnc-info:
1498. | Protocol version: 3.8
1499. | Security types:
1500. | VNC Authentication (2)
1501. | Tight (16)
1502. | Tight auth subtypes:
1503. |_ STDV VNCAUTH_ (2)
1504. 8080/tcp open http Apache httpd 2.4.9 ((Win32) PHP/5.5.12)
1505. |_http-favicon: Unknown favicon MD5: 79E32EEA338FA735AD22D36104C4337A
1506. | http-methods:
1507. |_ Supported Methods: GET HEAD POST OPTIONS
1508. |_http-open-proxy: Proxy might be redirecting requests
1509. | http-robots.txt: 1 disallowed entry
1510. |_/testmysql.php
1511. |_http-server-header: Apache/2.4.9 (Win32) PHP/5.5.12
1512. |_http-title: Site doesn't have a title (text/html).
1513. 10243/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1514. |_http-server-header: Microsoft-HTTPAPI/2.0
1515. |_http-title: Not Found
1516. 49152/tcp open msrpc Microsoft Windows RPC
1517. 49153/tcp open msrpc Microsoft Windows RPC
1518. 49154/tcp open msrpc Microsoft Windows RPC
1519. 49155/tcp open msrpc Microsoft Windows RPC
1520. 49156/tcp open msrpc Microsoft Windows RPC
1521. 49157/tcp open unknown
1522. MAC Address: 00:50:56:89:13:B3 (VMware)
1523. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1524. Device type: general purpose|phone|specialized
1525. Running (JUST GUESSING): Microsoft Windows 2008|Vista|7|Phone|8.1|2012 (91%)
1526. OS CPE: cpe:/o:microsoft:windows_server_2008:r2:sp1 cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_server_2012:r2
1527. Aggressive OS guesses: Microsoft Windows Server 2008 R2 SP1 or Windows 8 (91%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (91%), Microsoft Windows Server 2008 R2 (90%), Microsoft Windows 7 Professional or Windows 8 (90%), Microsoft Windows 7 SP1 or Windows Server 2008 SP2 or 2008 R2 SP1 (90%), Microsoft Windows Vista SP2 (90%), Microsoft Windows Vista SP2, Windows 7 SP1, or Windows Server 2008 (89%), Microsoft Windows 8.1 Update 1 (89%), Microsoft Windows Phone 7.5 or 8.0 (89%), Microsoft Windows Server 2008 R2 or Windows 8.1 (88%)
1528. No exact OS matches for host (test conditions non-ideal).
1529. Uptime guess: 0.365 days (since Mon Feb 13 07:26:40 2017)
1530. Network Distance: 1 hop
1531. TCP Sequence Prediction: Difficulty=254 (Good luck!)
1532. IP ID Sequence Generation: Incremental
1533. Service Info: Host: GAMMA; OS: Windows; CPE: cpe:/o:microsoft:windows
1534.  
1535. Host script results:
1536. |_clock-skew: mean: -8h58m39s, deviation: 1s, median: -8h58m39s
1537. | nbstat: NetBIOS name: GAMMA, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:13:b3 (VMware)
1538. | Names:
1539. | GAMMA<00> Flags: <unique><active>
1540. | WORKGROUP<00> Flags: <group><active>
1541. | GAMMA<20> Flags: <unique><active>
1542. |_ WORKGROUP<1e> Flags: <group><active>
1543. | smb-os-discovery:
1544. | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
1545. | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
1546. | Computer name: gamma
1547. | NetBIOS computer name: GAMMA
1548. | Workgroup: WORKGROUP
1549. |_ System time: 2017-02-13T07:09:35-08:00
1550. | smb-security-mode:
1551. | account_used: guest
1552. | authentication_level: user
1553. | challenge_response: supported
1554. |_ message_signing: disabled (dangerous, but default)
1555. |_smbv2-enabled: Server supports SMBv2 protocol
1556.  
1557. TRACEROUTE
1558. HOP RTT ADDRESS
1559. 1 110.46 ms 10.11.1.73
1560.  
1561. Nmap scan report for 10.11.1.115
1562. Host is up (0.092s latency).
1563. Not shown: 989 closed ports
1564. PORT STATE SERVICE VERSION
1565. 21/tcp open ftp vsftpd 1.1.3
1566. | ftp-anon: Anonymous FTP login allowed (FTP code 230)
1567. |_drwxr-xr-x 2 0 0 4096 Feb 28 2003 pub
1568. 22/tcp open ssh OpenSSH 3.5p1 (protocol 1.99)
1569. | ssh-hostkey:
1570. | 1024 36:70:a4:9f:32:47:ac:57:3f:ef:a1:ec:0b:ba:44:1b (RSA1)
1571. | 1024 64:79:7d:c6:a2:63:32:54:f0:d9:2b:f3:5d:c7:d2:69 (DSA)
1572. |_ 1024 48:fb:39:3d:30:82:50:de:66:69:c5:ca:45:62:c0:dc (RSA)
1573. |_sshv1: Server supports SSHv1
1574. 25/tcp open smtp?
1575. |_smtp-commands: Couldn't establish connection on port 25
1576. 80/tcp open http Apache httpd 2.0.40 ((Red Hat Linux))
1577. | http-methods:
1578. | Supported Methods: GET HEAD POST OPTIONS TRACE
1579. |_ Potentially risky methods: TRACE
1580. |_http-server-header: Apache/2.0.40 (Red Hat Linux)
1581. |_http-title: Test Page for the Apache Web Server on Red Hat Linux
1582. 111/tcp open rpcbind 2 (RPC #100000)
1583. | rpcinfo:
1584. | program version port/proto service
1585. | 100000 2 111/tcp rpcbind
1586. | 100000 2 111/udp rpcbind
1587. | 100024 1 32768/tcp status
1588. | 100024 1 32768/udp status
1589. |_ 391002 2 32769/tcp sgi_fam
1590. 139/tcp open netbios-ssn Samba smbd (workgroup: MYGROUP)
1591. 143/tcp open imap UW imapd 2001.315rh
1592. |_imap-capabilities: SORT SCAN completed MAILBOX-REFERRALS CAPABILITY MULTIAPPEND OK AUTH=LOGINA0001 STARTTLS IDLE THREAD=REFERENCES IMAP4REV1 LOGIN-REFERRALS THREAD=ORDEREDSUBJECT NAMESPACE
1593. | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
1594. | Issuer: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
1595. | Public Key type: rsa
1596. | Public Key bits: 1024.0
1597. | Signature Algorithm: md5WithRSAEncryption
1598. | Not valid before: 2007-01-16T06:07:45
1599. | Not valid after: 2008-01-16T06:07:45
1600. | MD5: 1be1 70c2 4561 74a1 f44e e3bf f085 614d
1601. |_SHA-1: 720d 54ef be48 1888 7d60 2aef f869 6756 fc10 ee89
1602. |_ssl-date: 2017-02-13T14:55:43+00:00; -9h12m22s from scanner time.
1603. 199/tcp open smux Linux SNMP multiplexer
1604. 443/tcp open ssl/http Apache httpd 2.0.40 ((Red Hat Linux))
1605. | http-methods:
1606. | Supported Methods: GET HEAD POST OPTIONS TRACE
1607. |_ Potentially risky methods: TRACE
1608. |_http-server-header: Apache/2.0.40 (Red Hat Linux)
1609. |_http-title: Test Page for the Apache Web Server on Red Hat Linux
1610. | ssl-cert: Subject: commonName=redhat/organizationName=ACME LOCAL LTD/stateOrProvinceName=Berkshire/countryName=GB
1611. | Issuer: commonName=redhat/organizationName=ACME LOCAL LTD/stateOrProvinceName=Berkshire/countryName=GB
1612. | Public Key type: rsa
1613. | Public Key bits: 1024.0
1614. | Signature Algorithm: md5WithRSAEncryption
1615. | Not valid before: 2007-01-16T14:54:43
1616. | Not valid after: 2008-01-16T14:54:43
1617. | MD5: e900 ada0 dfea 0408 06cd ddee 15fd 7d8b
1618. |_SHA-1: 3b9a 70e7 870e 11b8 a221 5af7 bae9 dd03 ce90 3cbc
1619. |_ssl-date: 2017-02-13T14:53:57+00:00; -9h12m23s from scanner time.
1620. | sslv2:
1621. | SSLv2 supported
1622. | ciphers:
1623. | SSL2_RC4_128_WITH_MD5
1624. | SSL2_RC4_64_WITH_MD5
1625. | SSL2_DES_64_CBC_WITH_MD5
1626. | SSL2_DES_192_EDE3_CBC_WITH_MD5
1627. | SSL2_RC4_128_EXPORT40_WITH_MD5
1628. | SSL2_RC2_128_CBC_WITH_MD5
1629. |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
1630. 3306/tcp open mysql MySQL (unauthorized)
1631. 32768/tcp open status 1 (RPC #100024)
1632. MAC Address: 00:50:56:89:77:BF (VMware)
1633. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
1634. TCP/IP fingerprint:
1635. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=21%CT=1%CU=34563%PV=Y%DS=1%DC=D%G=Y%M=005
1636. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=CC%GCD=1%ISR=CE%TI=Z%II=I%TS=
1637. OS:7)SEQ(SP=CC%GCD=1%ISR=D0%TI=Z%TS=7)OPS(O1=M529ST11NW0%O2=M529ST11NW0%O3=
1638. OS:M529NNT11NW0%O4=M529ST11NW0%O5=M529ST11NW0%O6=M529ST11)WIN(W1=16A0%W2=16
1639. OS:A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0%O=M529NNSNW0
1640. OS:%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(
1641. OS:R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=4
1642. OS:0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
1643.  
1644. Uptime guess: 0.110 days (since Mon Feb 13 13:33:23 2017)
1645. Network Distance: 1 hop
1646. TCP Sequence Prediction: Difficulty=203 (Good luck!)
1647. IP ID Sequence Generation: All zeros
1648. Service Info: Host: tophat.acme.local; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
1649.  
1650. Host script results:
1651. |_clock-skew: mean: -9h12m23s, deviation: 1s, median: -9h12m23s
1652. | nbstat: NetBIOS name: TOPHAT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
1653. | Names:
1654. | TOPHAT<00> Flags: <unique><active>
1655. | TOPHAT<03> Flags: <unique><active>
1656. | TOPHAT<20> Flags: <unique><active>
1657. | MYGROUP<00> Flags: <group><active>
1658. |_ MYGROUP<1e> Flags: <group><active>
1659.  
1660. TRACEROUTE
1661. HOP RTT ADDRESS
1662. 1 91.83 ms 10.11.1.115
1663.  
1664. Nmap scan report for 10.11.1.116
1665. Host is up (0.091s latency).
1666. Not shown: 994 closed ports
1667. PORT STATE SERVICE VERSION
1668. 21/tcp open ftp?
1669. |_ftp-bounce: no banner
1670. 22/tcp open ssh OpenSSH 5.8p2_hpn13v11 (FreeBSD 20110503; protocol 2.0)
1671. | ssh-hostkey:
1672. | 1024 75:e8:80:6f:6c:2f:d2:51:1a:d6:c9:9e:e4:a2:4c:2f (DSA)
1673. | 2048 28:43:26:62:1d:07:f9:e3:9f:0b:1a:94:98:1a:74:45 (RSA)
1674. |_ 256 50:2f:db:dd:1a:8e:22:23:f8:dc:7b:65:c9:fc:8e:df (ECDSA)
1675. 80/tcp open http Apache httpd 2.4.6 ((FreeBSD) PHP/5.4.23)
1676. | http-methods:
1677. | Supported Methods: GET HEAD POST OPTIONS TRACE
1678. |_ Potentially risky methods: TRACE
1679. |_http-server-header: Apache/2.4.6 (FreeBSD) PHP/5.4.23
1680. |_http-title: Site doesn't have a title (text/html).
1681. 110/tcp open tcpwrapped
1682. 143/tcp open tcpwrapped
1683. 3306/tcp open mysql MySQL (unauthorized)
1684. MAC Address: 00:50:56:89:6F:31 (VMware)
1685. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
1686. TCP/IP fingerprint:
1687. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=21%CT=1%CU=32687%PV=Y%DS=1%DC=D%G=Y%M=005
1688. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=FB%GCD=2%ISR=109%TI=I%TS=21)O
1689. OS:PS(O1=M529NW6ST11%O2=M529NW6ST11%O3=M280NW6NNT11%O4=M529NW6ST11%O5=M218N
1690. OS:W6ST11%O6=M109ST11)WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FFFF)E
1691. OS:CN(R=Y%DF=Y%T=40%W=FFFF%O=M529NW6SLL%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F
1692. OS:=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%R
1693. OS:D=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=40%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%R
1694. OS:UCK=G%RUD=G)IE(R=Y%DFI=S%T=40%CD=S)
1695.  
1696. Uptime guess: 0.004 days (since Mon Feb 13 16:06:08 2017)
1697. Network Distance: 1 hop
1698. TCP Sequence Prediction: Difficulty=264 (Good luck!)
1699. IP ID Sequence Generation: Incremental
1700. Service Info: OS: FreeBSD; CPE: cpe:/o:freebsd:freebsd
1701.  
1702. TRACEROUTE
1703. HOP RTT ADDRESS
1704. 1 90.82 ms 10.11.1.116
1705.  
1706. Nmap scan report for 10.11.1.125
1707. Host is up (0.092s latency).
1708. Not shown: 999 filtered ports
1709. PORT STATE SERVICE VERSION
1710. 21/tcp open ftp Acritum Femitter Server ftpd
1711. | ftp-anon: Anonymous FTP login allowed (FTP code 230)
1712. | drw-rw-rw- 1 ftp ftp 0 Sep 23 2015 . [NSE: writeable]
1713. | drw-rw-rw- 1 ftp ftp 0 Sep 23 2015 .. [NSE: writeable]
1714. | -rw-rw-rw- 1 ftp ftp 11164 Dec 26 2006 house.jpg [NSE: writeable]
1715. | -rw-rw-rw- 1 ftp ftp 920 Jan 03 2007 index.htm [NSE: writeable]
1716. |_drw-rw-rw- 1 ftp ftp 0 Sep 23 2015 Upload [NSE: writeable]
1717. |_ftp-bounce: bounce working!
1718. MAC Address: 00:50:56:89:63:E6 (VMware)
1719. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1720. Device type: WAP|general purpose|media device
1721. Running (JUST GUESSING): Apple embedded (90%), Microsoft Windows XP|2003|2000 (89%), RIM Tablet OS 2.X (87%), FreeBSD 6.X (86%)
1722. OS CPE: cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_xp::sp2 cpe:/o:microsoft:windows_server_2003::- cpe:/o:microsoft:windows_2000::sp4 cpe:/o:rim:tablet_os:2 cpe:/o:freebsd:freebsd:6.2
1723. Aggressive OS guesses: Apple AirPort Extreme WAP (90%), Microsoft Windows Server 2003 SP0 or Windows XP SP2 (89%), Microsoft Windows XP SP2 (89%), Microsoft Windows XP SP3 (89%), Microsoft Windows 2000 SP4 (88%), Microsoft Windows XP SP3 or Small Business Server 2003 (88%), Microsoft Windows XP Professional SP2 (French) (87%), BlackBerry Tablet OS 2 (87%), FreeBSD 6.2-RELEASE (86%), FreeBSD 6.3-RELEASE (86%)
1724. No exact OS matches for host (test conditions non-ideal).
1725. Network Distance: 1 hop
1726. TCP Sequence Prediction: Difficulty=261 (Good luck!)
1727. IP ID Sequence Generation: Incremental
1728. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1729.  
1730. TRACEROUTE
1731. HOP RTT ADDRESS
1732. 1 91.79 ms 10.11.1.125
1733.  
1734. Nmap scan report for 10.11.1.128
1735. Host is up (0.091s latency).
1736. Not shown: 987 closed ports
1737. PORT STATE SERVICE VERSION
1738. 21/tcp open ftp Microsoft ftpd 5.0
1739. 25/tcp open smtp Microsoft ESMTP 5.0.2195.6713
1740. | smtp-commands: dj.acme.local Hello [10.11.0.208], AUTH GSSAPI NTLM LOGIN, AUTH=LOGIN, TURN, ATRN, SIZE 2097152, ETRN, PIPELINING, DSN, ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, OK,
1741. |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ATRN ETRN BDAT VRFY
1742. | smtp-ntlm-info:
1743. | Target_Name: DJ
1744. | NetBIOS_Domain_Name: DJ
1745. | NetBIOS_Computer_Name: DJ
1746. | DNS_Domain_Name: dj.acme.local
1747. | DNS_Computer_Name: dj.acme.local
1748. |_ Product_Version: 5.0.2195
1749. 80/tcp open http Microsoft IIS httpd 5.0
1750. | http-methods:
1751. | Supported Methods: OPTIONS TRACE GET HEAD POST
1752. |_ Potentially risky methods: TRACE
1753. |_http-server-header: Microsoft-IIS/5.0
1754. |_http-title: Login
1755. 135/tcp open msrpc Microsoft Windows RPC
1756. 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
1757. 443/tcp open https?
1758. 445/tcp open microsoft-ds Windows 2000 microsoft-ds
1759. 1025/tcp open msrpc Microsoft Windows RPC
1760. 1026/tcp open msrpc Microsoft Windows RPC
1761. 1029/tcp open msrpc Microsoft Windows RPC
1762. 3372/tcp open msdtc Microsoft Distributed Transaction Coordinator
1763. 5800/tcp open vnc-http TightVNC
1764. | http-methods:
1765. |_ Supported Methods: GET
1766. |_http-title: TightVNC desktop [dj]
1767. 5900/tcp open vnc VNC (protocol 3.8)
1768. | vnc-info:
1769. | Protocol version: 3.8
1770. | Security types:
1771. | VNC Authentication (2)
1772. | Tight (16)
1773. | Tight auth subtypes:
1774. |_ STDV VNCAUTH_ (2)
1775. MAC Address: 00:50:56:89:45:00 (VMware)
1776. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
1777. TCP/IP fingerprint:
1778. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=21%CT=1%CU=34320%PV=Y%DS=1%DC=D%G=Y%M=005
1779. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=106%GCD=1%ISR=107%TI=I%TS=0)O
1780. OS:PS(O1=M529NW0NNT00NNS%O2=M529NW0NNT00NNS%O3=M529NW0NNT00%O4=M529NW0NNT00
1781. OS:NNS%O5=M529NW0NNT00NNS%O6=M529NNT00NNS)WIN(W1=FAF0%W2=FAF0%W3=FAF0%W4=FA
1782. OS:F0%W5=FAF0%W6=FAF0)ECN(R=Y%DF=Y%T=80%W=FAF0%O=M529NW0NNS%CC=N%Q=)T1(R=Y%
1783. OS:DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=N%T=80%W=
1784. OS:0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=80%IPL=38%UN=0%RI
1785. OS:PL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=S%T=80%CD=Z)
1786.  
1787. Network Distance: 1 hop
1788. TCP Sequence Prediction: Difficulty=261 (Good luck!)
1789. IP ID Sequence Generation: Incremental
1790. Service Info: Host: dj.acme.local; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_2000
1791.  
1792. Host script results:
1793. |_clock-skew: mean: -8h10m59s, deviation: 0s, median: -8h10m59s
1794. | ms-sql-info:
1795. | Windows server name: DJ
1796. | 10.11.1.128\MSSQLSERVER:
1797. | Instance name: MSSQLSERVER
1798. | Version:
1799. | Service pack level: RTM
1800. | Product: Microsoft SQL Server 2000
1801. | name: Microsoft SQL Server 2000 RTM
1802. | number: 8.00.194.00
1803. | Post-SP patches applied: false
1804. | TCP port: 27900
1805. | Named pipe: \\10.11.1.128\pipe\sql\query
1806. |_ Clustered: false
1807. | nbstat: NetBIOS name: DJ, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:45:00 (VMware)
1808. | Names:
1809. | DJ<00> Flags: <unique><active>
1810. | DJ<20> Flags: <unique><active>
1811. | WORKGROUP<00> Flags: <group><active>
1812. | INet~Services<1c> Flags: <group><active>
1813. | WORKGROUP<1e> Flags: <group><active>
1814. | DJ<03> Flags: <unique><active>
1815. |_ IS~DJ<00> Flags: <unique><active>
1816. | smb-os-discovery:
1817. | OS: Windows 2000 (Windows 2000 LAN Manager)
1818. | OS CPE: cpe:/o:microsoft:windows_2000::-
1819. | Computer name: dj
1820. | NetBIOS computer name: DJ
1821. | Workgroup: WORKGROUP
1822. |_ System time: 2017-02-13T17:57:15+02:00
1823. | smb-security-mode:
1824. | account_used: guest
1825. | authentication_level: user
1826. | challenge_response: supported
1827. |_ message_signing: disabled (dangerous, but default)
1828. |_smbv2-enabled: Server doesn't support SMBv2 protocol
1829.  
1830. TRACEROUTE
1831. HOP RTT ADDRESS
1832. 1 90.99 ms 10.11.1.128
1833.  
1834. Nmap scan report for 10.11.1.133
1835. Host is up (0.087s latency).
1836. Not shown: 930 filtered ports, 69 closed ports
1837. PORT STATE SERVICE VERSION
1838. 80/tcp open tcpwrapped
1839. MAC Address: 00:50:56:89:2C:F4 (VMware)
1840. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
1841. TCP/IP fingerprint:
1842. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=80%CT=21%CU=43569%PV=Y%DS=1%DC=D%G=Y%M=00
1843. OS:5056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=C9%GCD=1%ISR=CA%TI=Z%TS=8)OP
1844. OS:S(O1=M529ST11NW5%O2=M529ST11NW5%O3=M529NNT11NW5%O4=M529ST11NW5%O5=M529ST
1845. OS:11NW5%O6=M529ST11)WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)EC
1846. OS:N(R=Y%DF=Y%T=80%W=16D0%O=M529NNSNW5%CC=Y%Q=)ECN(R=N)T1(R=Y%DF=Y%T=80%S=O
1847. OS:%A=S+%F=AS%RD=0%Q=)T1(R=N)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=80%W=0%S=Z%
1848. OS:A=S+%F=AR%O=%RD=0%Q=)T5(R=N)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=80%IPL=164%UN=0%
1849. OS:RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)U1(R=N)IE(R=Y%DFI=N%T=80%CD=S)IE(R=N)
1850.  
1851. Network Distance: 1 hop
1852.  
1853. TRACEROUTE
1854. HOP RTT ADDRESS
1855. 1 86.71 ms 10.11.1.133
1856.  
1857. Nmap scan report for 10.11.1.136
1858. Host is up (0.090s latency).
1859. Not shown: 996 closed ports
1860. PORT STATE SERVICE VERSION
1861. 22/tcp open ssh OpenSSH 4.3p2 Debian 9 (protocol 2.0)
1862. |_auth-owners: root
1863. | ssh-hostkey:
1864. | 1024 88:23:98:0d:9d:8a:20:59:35:b8:14:12:14:d5:d0:44 (DSA)
1865. |_ 2048 6b:5d:04:71:76:78:56:96:56:92:a8:02:30:73:ee:fa (RSA)
1866. 113/tcp open ident
1867. |_auth-owners: identd
1868. 139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: LOCAL)
1869. |_auth-owners: root
1870. 445/tcp open netbios-ssn Samba smbd 3.0.24 (workgroup: LOCAL)
1871. |_auth-owners: root
1872. MAC Address: 00:50:56:89:12:6E (VMware)
1873. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
1874. TCP/IP fingerprint:
1875. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=39906%PV=Y%DS=1%DC=D%G=Y%M=005
1876. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=CC%GCD=1%ISR=CB%TI=Z%TS=8)SEQ
1877. OS:(SP=CC%GCD=1%ISR=CB%TI=Z%II=I%TS=8)OPS(O1=M529ST11NW6%O2=M529ST11NW6%O3=
1878. OS:M529NNT11NW6%O4=M529ST11NW6%O5=M529ST11NW6%O6=M529ST11)WIN(W1=16A0%W2=16
1879. OS:A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0%O=M529NNSNW6
1880. OS:%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(
1881. OS:R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=4
1882. OS:0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
1883.  
1884. Uptime guess: 4.757 days (since Wed Feb 8 22:01:54 2017)
1885. Network Distance: 1 hop
1886. TCP Sequence Prediction: Difficulty=204 (Good luck!)
1887. IP ID Sequence Generation: All zeros
1888. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
1889.  
1890. Host script results:
1891. |_clock-skew: mean: -6h29m33s, deviation: 0s, median: -6h29m33s
1892. | nbstat: NetBIOS name: SUFFERANCE, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
1893. | Names:
1894. | SUFFERANCE<00> Flags: <unique><active>
1895. | SUFFERANCE<03> Flags: <unique><active>
1896. | SUFFERANCE<20> Flags: <unique><active>
1897. | \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
1898. | THINC.LOCAL<1d> Flags: <unique><active>
1899. | THINC.LOCAL<1e> Flags: <group><active>
1900. |_ THINC.LOCAL<00> Flags: <group><active>
1901. | smb-os-discovery:
1902. | OS: Unix (Samba 3.0.24)
1903. | NetBIOS computer name:
1904. | Workgroup: THINC.LOCAL
1905. |_ System time: 2017-02-13T12:38:41-05:00
1906. | smb-security-mode:
1907. | account_used: guest
1908. | authentication_level: share (dangerous)
1909. | challenge_response: supported
1910. |_ message_signing: disabled (dangerous, but default)
1911. |_smbv2-enabled: Server doesn't support SMBv2 protocol
1912.  
1913. TRACEROUTE
1914. HOP RTT ADDRESS
1915. 1 90.03 ms 10.11.1.136
1916.  
1917. Nmap scan report for 10.11.1.141
1918. Host is up (0.088s latency).
1919. Not shown: 997 closed ports
1920. PORT STATE SERVICE VERSION
1921. 22/tcp open ssh OpenSSH 4.0 (protocol 2.0)
1922. | ssh-hostkey:
1923. | 1024 fe:cd:bb:f6:36:d4:59:62:92:b4:10:e4:75:04:43:54 (DSA)
1924. |_ 1024 9a:99:25:75:ac:04:e5:f9:f7:21:c6:f5:88:4f:12:6a (RSA)
1925. 111/tcp open rpcbind 2 (RPC #100000)
1926. | rpcinfo:
1927. | program version port/proto service
1928. | 100000 2 111/tcp rpcbind
1929. |_ 100000 2 111/udp rpcbind
1930. 10000/tcp open http MiniServ 0.01 (Webmin httpd)
1931. |_http-favicon: Unknown favicon MD5: 1F4BAEFFD3C738F5BEDC24B7B6B43285
1932. | http-methods:
1933. |_ Supported Methods: GET HEAD POST OPTIONS
1934. |_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
1935. MAC Address: 00:50:56:89:26:49 (VMware)
1936. Device type: firewall|general purpose|proxy server|WAP|PBX|media device|broadband router
1937. Running (JUST GUESSING): Linux 2.6.X (93%), Cisco embedded (93%), Riverbed embedded (93%), Ruckus embedded (91%), FreeBSD 6.X (89%), Sony embedded (88%), Zhone embedded (88%)
1938. OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/h:cisco:sa520 cpe:/h:riverbed:steelhead_200 cpe:/h:ruckus:7363 cpe:/h:cisco:uc320w cpe:/o:freebsd:freebsd:6.2
1939. Aggressive OS guesses: Cisco SA520 firewall (Linux 2.6) (93%), Linux 2.6.9 - 2.6.27 (93%), Riverbed Steelhead 200 proxy server (93%), Linux 2.6.9 (92%), Linux 2.6.28 (91%), Linux 2.6.30 (91%), Linux 2.6.9 (CentOS 4.4) (91%), Ruckus 7363 WAP (91%), Linux 2.6.11 (90%), Linux 2.6.32 (90%)
1940. No exact OS matches for host (test conditions non-ideal).
1941. Uptime guess: 4.845 days (since Wed Feb 8 19:54:54 2017)
1942. Network Distance: 1 hop
1943. TCP Sequence Prediction: Difficulty=202 (Good luck!)
1944. IP ID Sequence Generation: All zeros
1945.  
1946. TRACEROUTE
1947. HOP RTT ADDRESS
1948. 1 88.21 ms 10.11.1.141
1949.  
1950. Nmap scan report for 10.11.1.145
1951. Host is up (0.091s latency).
1952. Not shown: 995 filtered ports
1953. PORT STATE SERVICE VERSION
1954. 135/tcp open msrpc Microsoft Windows RPC
1955. 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
1956. 445/tcp open microsoft-ds Windows Server (R) 2008 Standard 6001 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
1957. 3389/tcp open ms-wbt-server Microsoft Terminal Service
1958. | ssl-cert: Subject: commonName=HELPDESK
1959. | Issuer: commonName=HELPDESK
1960. | Public Key type: rsa
1961. | Public Key bits: 2048.0
1962. | Signature Algorithm: sha1WithRSAEncryption
1963. | Not valid before: 2017-01-05T08:51:02
1964. | Not valid after: 2017-07-07T08:51:02
1965. | MD5: f7ab 51e6 d8b1 f3da a990 e568 c8ca 5503
1966. |_SHA-1: c274 35cb ec57 9f01 160a 7e11 38ad d308 5172 f10e
1967. |_ssl-date: 2017-02-13T15:16:59+00:00; -8h50m54s from scanner time.
1968. 8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1
1969. | http-methods:
1970. |_ Supported Methods: GET HEAD POST OPTIONS
1971. |_http-server-header: Apache-Coyote/1.1
1972. |_http-title: ManageEngine ServiceDesk Plus
1973. MAC Address: 00:50:56:89:1F:35 (VMware)
1974. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1975. Device type: general purpose|phone|specialized
1976. Running (JUST GUESSING): Microsoft Windows 8|Phone|2008|8.1|7|Vista|2012 (92%)
1977. OS CPE: cpe:/o:microsoft:windows_8 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_server_2008:r2 cpe:/o:microsoft:windows_8.1 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_vista::sp1 cpe:/o:microsoft:windows_server_2012
1978. Aggressive OS guesses: Microsoft Windows 8.1 Update 1 (92%), Microsoft Windows Phone 7.5 or 8.0 (92%), Microsoft Windows Server 2008 R2 (91%), Microsoft Windows Server 2008 R2 or Windows 8.1 (91%), Microsoft Windows Server 2008 R2 SP1 or Windows 8 (91%), Microsoft Windows 7 (91%), Microsoft Windows 7 Professional or Windows 8 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 R2 (91%), Microsoft Windows 7 SP1 or Windows Server 2008 SP2 or 2008 R2 SP1 (91%), Microsoft Windows Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7 (91%)
1979. No exact OS matches for host (test conditions non-ideal).
1980. Uptime guess: 0.208 days (since Mon Feb 13 11:11:47 2017)
1981. Network Distance: 1 hop
1982. TCP Sequence Prediction: Difficulty=262 (Good luck!)
1983. IP ID Sequence Generation: Incremental
1984. Service Info: Host: HELPDESK; OS: Windows; CPE: cpe:/o:microsoft:windows
1985.  
1986. Host script results:
1987. |_clock-skew: mean: -8h50m54s, deviation: 0s, median: -8h50m54s
1988. | nbstat: NetBIOS name: HELPDESK, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:1f:35 (VMware)
1989. | Names:
1990. | HELPDESK<00> Flags: <unique><active>
1991. | WORKGROUP<00> Flags: <group><active>
1992. |_ HELPDESK<20> Flags: <unique><active>
1993. | smb-os-discovery:
1994. | OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)
1995. | OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
1996. | Computer name: HELPDESK
1997. | NetBIOS computer name: HELPDESK
1998. | Workgroup: WORKGROUP
1999. |_ System time: 2017-02-13T07:17:21-08:00
2000. | smb-security-mode:
2001. | account_used: guest
2002. | authentication_level: user
2003. | challenge_response: supported
2004. |_ message_signing: disabled (dangerous, but default)
2005. |_smbv2-enabled: Server supports SMBv2 protocol
2006.  
2007. TRACEROUTE
2008. HOP RTT ADDRESS
2009. 1 90.86 ms 10.11.1.145
2010.  
2011. Nmap scan report for 10.11.1.146
2012. Host is up (0.12s latency).
2013. Not shown: 998 closed ports
2014. PORT STATE SERVICE VERSION
2015. 21/tcp open ftp ProFTPD 1.3.3a
2016. 22/tcp open ssh OpenSSH 5.5p1 Debian 6 (protocol 2.0)
2017. | ssh-hostkey:
2018. | 1024 bb:1e:db:11:2a:c7:90:96:e8:0f:f1:ce:aa:14:6a:c1 (DSA)
2019. |_ 2048 67:62:39:ab:ef:7b:2d:e2:70:18:fd:7d:3d:65:bf:c7 (RSA)
2020. MAC Address: 00:50:56:89:3B:24 (VMware)
2021. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
2022. TCP/IP fingerprint:
2023. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=21%CT=1%CU=43423%PV=Y%DS=1%DC=D%G=Y%M=005
2024. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=C9%GCD=1%ISR=CA%TI=Z%II=I%TS=
2025. OS:8)SEQ(SP=CD%GCD=1%ISR=CC%TI=Z%TS=8)OPS(O1=M529ST11NW5%O2=M529ST11NW5%O3=
2026. OS:M529NNT11NW5%O4=M529ST11NW5%O5=M529ST11NW5%O6=M529ST11)WIN(W1=16A0%W2=16
2027. OS:A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0%O=M529NNSNW5
2028. OS:%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(
2029. OS:R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=4
2030. OS:0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
2031.  
2032. Uptime guess: 4.879 days (since Wed Feb 8 19:06:40 2017)
2033. Network Distance: 1 hop
2034. TCP Sequence Prediction: Difficulty=206 (Good luck!)
2035. IP ID Sequence Generation: All zeros
2036. Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
2037.  
2038. TRACEROUTE
2039. HOP RTT ADDRESS
2040. 1 116.00 ms 10.11.1.146
2041.  
2042. Nmap scan report for 10.11.1.202
2043. Host is up (0.090s latency).
2044. Not shown: 982 closed ports
2045. PORT STATE SERVICE VERSION
2046. 21/tcp open ftp Microsoft ftpd 5.0
2047. |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
2048. 80/tcp open http Microsoft IIS httpd 5.0
2049. | http-methods:
2050. | Supported Methods: OPTIONS TRACE GET HEAD COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT POST MOVE MKCOL PROPPATCH
2051. |_ Potentially risky methods: TRACE COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT MOVE MKCOL PROPPATCH
2052. | http-ntlm-info:
2053. | Target_Name: ACME
2054. | NetBIOS_Domain_Name: ACME
2055. | NetBIOS_Computer_Name: ORACLE
2056. | DNS_Domain_Name: acme.local
2057. | DNS_Computer_Name: oracle.acme.local
2058. |_ Product_Version: 5.0.2195
2059. |_http-server-header: Microsoft-IIS/5.0
2060. |_http-title: Under Construction
2061. |_http-webdav-scan: ERROR: Script execution failed (use -d to debug)
2062. 135/tcp open msrpc Microsoft Windows RPC
2063. 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
2064. 443/tcp open https?
2065. 445/tcp open microsoft-ds Windows 2000 microsoft-ds
2066. 1030/tcp open msrpc Microsoft Windows RPC
2067. 1032/tcp open msrpc Microsoft Windows RPC
2068. 1033/tcp open msrpc Microsoft Windows RPC
2069. 1038/tcp open oracle Oracle Database
2070. 1521/tcp open oracle-tns Oracle TNS Listener 9.2.0.1.0 (for 32-bit Windows)
2071. 2030/tcp open oracle-mts Oracle MTS Recovery Service
2072. 2100/tcp open ftp Oracle Enterprise XML DB ftpd 9.2.0.1.0
2073. 3372/tcp open msdtc Microsoft Distributed Transaction Coordinator
2074. 3389/tcp open ms-wbt-server Microsoft Terminal Service
2075. 4443/tcp open ssl/http Oracle HTTP Server Powered by Apache 1.3.22 (mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12 mod_oprocmgr/1.0 mod_perl/1.25)
2076. |_hadoop-datanode-info:
2077. |_hadoop-jobtracker-info:
2078. |_hadoop-tasktracker-info:
2079. |_hbase-master-info:
2080. |_http-generator: Mozilla/4.72 [en] (WinNT; U) [Netscape]
2081. | http-methods:
2082. | Supported Methods: GET HEAD OPTIONS TRACE
2083. |_ Potentially risky methods: TRACE
2084. |_http-server-header: Oracle HTTP Server Powered by Apache/1.3.22 (Win32) mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12 mod_oprocmgr/1.0 mod_perl/1.25
2085. |_http-title: Oracle HTTP Server Index
2086. | ssl-cert: Subject: commonName=NOT SECURE!!!/organizationName=ORACLE DEMO CERTIFICATE/stateOrProvinceName=oregon/countryName=us
2087. | Issuer: commonName=GET A NEW CERTIFICATE!!/organizationName=ORACLE DEMO CA/stateOrProvinceName=oregon/countryName=us
2088. | Public Key type: rsa
2089. | Public Key bits: 1024.0
2090. | Signature Algorithm: md5WithRSAEncryption
2091. | Not valid before: 2000-06-27T23:32:42
2092. | Not valid after: 2027-11-13T23:32:42
2093. | MD5: 2f08 d58e d75b 463f 9b6e 8a69 edf9 3bbf
2094. |_SHA-1: 0e94 5a51 36ea e406 fccf 096c da78 828a d552 b6c1
2095. |_ssl-date: 2017-02-13T16:05:06+00:00; -8h01m54s from scanner time.
2096. | sslv2:
2097. | SSLv2 supported
2098. | ciphers:
2099. | SSL2_RC4_128_WITH_MD5
2100. | SSL2_RC4_64_WITH_MD5
2101. | SSL2_DES_64_CBC_WITH_MD5
2102. | SSL2_DES_192_EDE3_CBC_WITH_MD5
2103. |_ SSL2_RC4_128_EXPORT40_WITH_MD5
2104. 7778/tcp open http Oracle HTTP Server Powered by Apache 1.3.22 (mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12 mod_oprocmgr/1.0 mod_perl/1.25)
2105. |_hadoop-datanode-info:
2106. |_hadoop-jobtracker-info:
2107. |_hadoop-tasktracker-info:
2108. |_hbase-master-info:
2109. |_http-generator: Mozilla/4.72 [en] (WinNT; U) [Netscape]
2110. | http-methods:
2111. | Supported Methods: GET HEAD OPTIONS TRACE
2112. |_ Potentially risky methods: TRACE
2113. |_http-server-header: Oracle HTTP Server Powered by Apache/1.3.22 (Win32) mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12 mod_oprocmgr/1.0 mod_perl/1.25
2114. |_http-title: Oracle HTTP Server Index
2115. 8080/tcp open http Oracle XML DB Enterprise Edition httpd 9.2.0.1.0 (Oracle9i Enterprise Edition Release)
2116. | http-auth:
2117. | HTTP/1.1 401 Unauthorized
2118. |_ Basic realm=XDB
2119. | http-methods:
2120. |_ Supported Methods: GET HEAD POST OPTIONS
2121. |_http-server-header: Oracle XML DB/Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
2122. |_http-title: 401 Unauthorized
2123. MAC Address: 00:50:56:89:3A:6A (VMware)
2124. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
2125. TCP/IP fingerprint:
2126. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=21%CT=1%CU=35552%PV=Y%DS=1%DC=D%G=Y%M=005
2127. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=FE%GCD=1%ISR=10D%TI=I%TS=0)SE
2128. OS:Q(SP=FD%GCD=1%ISR=10D%TS=0)SEQ(SP=FD%GCD=1%ISR=10D%TI=I%II=I%SS=S%TS=0)O
2129. OS:PS(O1=M529NW0NNT00NNS%O2=M529NW0NNT00NNS%O3=M529NW0NNT00%O4=M529NW0NNT00
2130. OS:NNS%O5=M529NW0NNT00NNS%O6=M529NNT00NNS)WIN(W1=FAF0%W2=FAF0%W3=FAF0%W4=FA
2131. OS:F0%W5=FAF0%W6=FAF0)ECN(R=Y%DF=Y%T=80%W=FAF0%O=M529NW0NNS%CC=N%Q=)T1(R=Y%
2132. OS:DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=N%T=80%W=
2133. OS:0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=80%IPL=38%UN=0%RI
2134. OS:PL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=S%T=80%CD=Z)
2135.  
2136. Network Distance: 1 hop
2137. TCP Sequence Prediction: Difficulty=253 (Good luck!)
2138. IP ID Sequence Generation: Incremental
2139. Service Info: Host: oracle; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_2000
2140.  
2141. Host script results:
2142. |_clock-skew: mean: -8h01m54s, deviation: 0s, median: -8h01m54s
2143. | nbstat: NetBIOS name: ORACLE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:3a:6a (VMware)
2144. | Names:
2145. | ORACLE<00> Flags: <unique><active>
2146. | ACME<00> Flags: <group><active>
2147. | ORACLE<03> Flags: <unique><active>
2148. | ORACLE<20> Flags: <unique><active>
2149. | ACME<1e> Flags: <group><active>
2150. | INet~Services<1c> Flags: <group><active>
2151. | IS~ORACLE<00> Flags: <unique><active>
2152. | ACME<1d> Flags: <unique><active>
2153. |_ \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
2154. | smb-os-discovery:
2155. | OS: Windows 2000 (Windows 2000 LAN Manager)
2156. | OS CPE: cpe:/o:microsoft:windows_2000::-
2157. | Computer name: oracle
2158. | NetBIOS computer name: ORACLE
2159. | Domain name: acme.local
2160. | FQDN: oracle.acme.local
2161. |_ System time: 2017-02-13T18:06:21+02:00
2162. | smb-security-mode:
2163. | account_used: guest
2164. | authentication_level: user
2165. | challenge_response: supported
2166. |_ message_signing: disabled (dangerous, but default)
2167. |_smbv2-enabled: Server doesn't support SMBv2 protocol
2168.  
2169. TRACEROUTE
2170. HOP RTT ADDRESS
2171. 1 90.44 ms 10.11.1.202
2172.  
2173. Nmap scan report for 10.11.1.209
2174. Host is up (0.091s latency).
2175. Not shown: 995 closed ports
2176. PORT STATE SERVICE VERSION
2177. 22/tcp open ssh SunSSH 1.1.5 (protocol 2.0)
2178. | ssh-hostkey:
2179. | 1024 b0:d1:14:4f:d2:43:20:e4:90:f7:ca:e3:8a:36:39:86 (DSA)
2180. |_ 1024 dd:36:f6:09:23:4c:c4:c3:44:d6:6e:2f:6a:ff:b3:12 (RSA)
2181. 80/tcp open http Apache httpd 1.3.41 ((Unix) mod_perl/1.31)
2182. | http-methods:
2183. | Supported Methods: GET HEAD OPTIONS TRACE
2184. |_ Potentially risky methods: TRACE
2185. |_http-server-header: Apache/1.3.41 (Unix) mod_perl/1.31
2186. |_http-title: Test Page for the SSL/TLS-aware Apache Installation on Web Site
2187. 111/tcp open rpcbind 2-4 (RPC #100000)
2188. 8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
2189. |_ajp-methods: Failed to get a valid response for the OPTION request
2190. 8080/tcp open http Apache Tomcat/Coyote JSP engine 1.1
2191. |_http-favicon: Apache Tomcat
2192. | http-methods:
2193. |_ Supported Methods: GET HEAD POST OPTIONS
2194. |_http-server-header: Apache-Coyote/1.1
2195. |_http-title: Apache Tomcat/5.5.35
2196. MAC Address: 00:50:56:89:76:47 (VMware)
2197. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
2198. TCP/IP fingerprint:
2199. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=40107%PV=Y%DS=1%DC=D%G=Y%M=005
2200. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=9D%GCD=1%ISR=A4%TI=I%TS=7)OPS
2201. OS:(O1=NNT11M529NW0NNS%O2=NNT11M529NW0NNS%O3=NNT11M529NW0%O4=NNT11M529NW0NN
2202. OS:S%O5=NNT11M529NW0NNS%O6=NNT11M529NNS)WIN(W1=C24E%W2=C24E%W3=C1CC%W4=C068
2203. OS:%W5=C068%W6=C0B7)ECN(R=Y%DF=Y%T=3C%W=C416%O=M529NW0NNS%CC=Y%Q=)T1(R=Y%DF
2204. OS:=Y%T=3C%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%
2205. OS:S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=Y%T=FF%IPL=70%UN=0%RIPL
2206. OS:=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=Y%T=FF%CD=S)
2207.  
2208. Uptime guess: 0.466 days (since Mon Feb 13 05:00:20 2017)
2209. Network Distance: 1 hop
2210. TCP Sequence Prediction: Difficulty=132 (Good luck!)
2211. IP ID Sequence Generation: Incremental
2212.  
2213. TRACEROUTE
2214. HOP RTT ADDRESS
2215. 1 90.76 ms 10.11.1.209
2216.  
2217. Nmap scan report for 10.11.1.217
2218. Host is up (0.091s latency).
2219. Not shown: 989 closed ports
2220. PORT STATE SERVICE VERSION
2221. 22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
2222. | ssh-hostkey:
2223. | 1024 1a:f6:e5:4c:f5:65:5c:a3:79:ce:e1:30:f9:5a:9c:af (DSA)
2224. |_ 2048 b1:9e:c8:ea:eb:4c:fc:55:cb:1e:4d:4c:40:6e:80:f2 (RSA)
2225. 25/tcp open smtp?
2226. |_smtp-commands: hotline.localdomain, PIPELINING, SIZE 10240000, VRFY, ETRN, ENHANCEDSTATUSCODES, 8BITMIME, DSN,
2227. 80/tcp open http Apache httpd 2.2.3
2228. | http-methods:
2229. |_ Supported Methods: GET HEAD POST OPTIONS
2230. |_http-server-header: Apache/2.2.3 (CentOS)
2231. |_http-title: Did not follow redirect to https://10.11.1.217/
2232. 110/tcp open pop3?
2233. 111/tcp open rpcbind 2 (RPC #100000)
2234. | rpcinfo:
2235. | program version port/proto service
2236. | 100000 2 111/tcp rpcbind
2237. | 100000 2 111/udp rpcbind
2238. | 100024 1 883/udp status
2239. |_ 100024 1 886/tcp status
2240. 143/tcp open imap?
2241. 443/tcp open ssl/http Apache httpd 2.2.3 ((CentOS))
2242. |_http-favicon: Unknown favicon MD5: 80DCC71362B27C7D0E608B0890C05E9F
2243. | http-methods:
2244. |_ Supported Methods: GET HEAD POST OPTIONS
2245. | http-robots.txt: 1 disallowed entry
2246. |_/
2247. |_http-server-header: Apache/2.2.3 (CentOS)
2248. |_http-title: Elastix - Login page
2249. | ssl-cert: Subject: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
2250. | Issuer: commonName=localhost.localdomain/organizationName=SomeOrganization/stateOrProvinceName=SomeState/countryName=--
2251. | Public Key type: rsa
2252. | Public Key bits: 1024.0
2253. | Signature Algorithm: sha1WithRSAEncryption
2254. | Not valid before: 2012-03-23T19:29:13
2255. | Not valid after: 2013-03-23T19:29:13
2256. | MD5: f41c e874 ef3c f28d dd80 9345 c005 3209
2257. |_SHA-1: c443 1924 35ea d598 03bf cc15 40e9 8611 5e84 5491
2258. |_ssl-date: 2017-02-14T00:40:40+00:00; +32m35s from scanner time.
2259. 993/tcp open imaps?
2260. 995/tcp open pop3s?
2261. 3306/tcp open mysql?
2262. |_mysql-info: ERROR: Script execution failed (use -d to debug)
2263. 4445/tcp open upnotifyp?
2264. MAC Address: 00:50:56:89:12:FF (VMware)
2265. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
2266. TCP/IP fingerprint:
2267. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=34890%PV=Y%DS=1%DC=D%G=Y%M=005
2268. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=BC%GCD=1%ISR=CA%TI=Z%TS=A)SEQ
2269. OS:(SP=C1%GCD=1%ISR=CB%TI=Z%II=I%TS=A)OPS(O1=M529ST11NW7%O2=M529ST11NW7%O3=
2270. OS:M529NNT11NW7%O4=M529ST11NW7%O5=M529ST11NW7%O6=M529ST11)WIN(W1=16A0%W2=16
2271. OS:A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0%O=M529NNSNW7
2272. OS:%CC=N%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(
2273. OS:R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=4
2274. OS:0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
2275.  
2276. Uptime guess: 1.992 days (since Sat Feb 11 16:24:05 2017)
2277. Network Distance: 1 hop
2278. TCP Sequence Prediction: Difficulty=193 (Good luck!)
2279. IP ID Sequence Generation: All zeros
2280. Service Info: Host: 127.0.0.1
2281.  
2282. Host script results:
2283. |_clock-skew: mean: 32m35s, deviation: 0s, median: 32m35s
2284.  
2285. TRACEROUTE
2286. HOP RTT ADDRESS
2287. 1 91.40 ms 10.11.1.217
2288.  
2289. Nmap scan report for 10.11.1.218
2290. Host is up (0.091s latency).
2291. Not shown: 992 closed ports
2292. PORT STATE SERVICE VERSION
2293. 135/tcp open msrpc Microsoft Windows RPC
2294. 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
2295. 445/tcp open microsoft-ds Windows 7 Professional 7601 Service Pack 1 microsoft-ds (workgroup: THINC)
2296. 3389/tcp open ms-wbt-server Microsoft Terminal Service
2297. | ssl-cert: Subject: commonName=observer.thinc.local
2298. | Issuer: commonName=observer.thinc.local
2299. | Public Key type: rsa
2300. | Public Key bits: 2048.0
2301. | Signature Algorithm: sha1WithRSAEncryption
2302. | Not valid before: 2013-12-27T07:37:42
2303. | Not valid after: 2014-06-28T07:37:42
2304. | MD5: 1e62 a134 7e36 616c d92f 7676 3e01 5482
2305. |_SHA-1: 4436 c6bd 0149 4b00 fc09 82b0 5884 9697 fd61 b994
2306. |_ssl-date: 2013-12-28T07:37:30+00:00; -3y47d16h30m10s from scanner time.
2307. 49152/tcp open msrpc Microsoft Windows RPC
2308. 49153/tcp open msrpc Microsoft Windows RPC
2309. 49154/tcp open msrpc Microsoft Windows RPC
2310. 49155/tcp open msrpc Microsoft Windows RPC
2311. MAC Address: 00:50:56:89:75:3A (VMware)
2312. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
2313. TCP/IP fingerprint:
2314. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=135%CT=1%CU=33106%PV=Y%DS=1%DC=D%G=Y%M=00
2315. OS:5056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=104%GCD=1%ISR=109%TI=I%TS=7)
2316. OS:OPS(O1=M529NW8ST11%O2=M529NW8ST11%O3=M529NW8NNT11%O4=M529NW8ST11%O5=M529
2317. OS:NW8ST11%O6=M529ST11)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
2318. OS:ECN(R=Y%DF=Y%T=80%W=2000%O=M529NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%
2319. OS:F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%
2320. OS:RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G
2321. OS:%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=80%CD=Z)
2322.  
2323. Uptime guess: 1.362 days (since Sun Feb 12 07:30:23 2017)
2324. Network Distance: 1 hop
2325. TCP Sequence Prediction: Difficulty=260 (Good luck!)
2326. IP ID Sequence Generation: Incremental
2327. Service Info: Host: OBSERVER; OS: Windows; CPE: cpe:/o:microsoft:windows
2328.  
2329. Host script results:
2330. |_clock-skew: mean: -1143d16h30m40s, deviation: 42s, median: -1143d16h31m09s
2331. | nbstat: NetBIOS name: OBSERVER, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:75:3a (VMware)
2332. | Names:
2333. | OBSERVER<00> Flags: <unique><active>
2334. | THINC<00> Flags: <group><active>
2335. | OBSERVER<20> Flags: <unique><active>
2336. |_ THINC<1e> Flags: <group><active>
2337. | smb-os-discovery:
2338. | OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
2339. | OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
2340. | Computer name: observer
2341. | NetBIOS computer name: OBSERVER
2342. | Domain name: thinc.local
2343. | Forest name: thinc.local
2344. | FQDN: observer.thinc.local
2345. |_ System time: 2013-12-27T23:37:06-08:00
2346. | smb-security-mode:
2347. | account_used: guest
2348. | authentication_level: user
2349. | challenge_response: supported
2350. |_ message_signing: disabled (dangerous, but default)
2351. |_smbv2-enabled: Server supports SMBv2 protocol
2352.  
2353. TRACEROUTE
2354. HOP RTT ADDRESS
2355. 1 91.35 ms 10.11.1.218
2356.  
2357. Nmap scan report for 10.11.1.219
2358. Host is up (0.090s latency).
2359. Not shown: 999 filtered ports
2360. PORT STATE SERVICE VERSION
2361. 80/tcp open http Apache httpd
2362. | http-methods:
2363. |_ Supported Methods: OPTIONS GET HEAD POST
2364. |_http-server-header: Apache
2365. |_http-title: Apache2 Ubuntu Default Page: It works
2366. MAC Address: 00:50:56:89:1C:CE (VMware)
2367. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2368. Device type: general purpose
2369. Running (JUST GUESSING): Linux 3.X|4.X (90%)
2370. OS CPE: cpe:/o:linux:linux_kernel:3.16 cpe:/o:linux:linux_kernel:4
2371. Aggressive OS guesses: Linux 3.16 (90%), Linux 3.11 - 4.1 (89%), Linux 3.2.0 (87%), Linux 3.13 (86%)
2372. No exact OS matches for host (test conditions non-ideal).
2373. Uptime guess: 0.543 days (since Mon Feb 13 03:10:27 2017)
2374. Network Distance: 1 hop
2375. TCP Sequence Prediction: Difficulty=261 (Good luck!)
2376. IP ID Sequence Generation: All zeros
2377.  
2378. TRACEROUTE
2379. HOP RTT ADDRESS
2380. 1 89.83 ms 10.11.1.219
2381.  
2382. Nmap scan report for 10.11.1.220
2383. Host is up (0.092s latency).
2384. Not shown: 980 closed ports
2385. PORT STATE SERVICE VERSION
2386. 21/tcp open ftp FileZilla ftpd 0.9.34 beta
2387. 53/tcp open domain Microsoft DNS 6.1.7601
2388. | dns-nsid:
2389. |_ bind.version: Microsoft DNS 6.1.7601 (1DB1446A)
2390. 88/tcp open tcpwrapped
2391. 135/tcp open msrpc Microsoft Windows RPC
2392. 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
2393. 389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: thinc.local, Site: Default-First-Site-Name)
2394. 445/tcp open microsoft-ds Windows Server 2008 R2 Standard 7601 Service Pack 1 microsoft-ds (workgroup: THINC)
2395. 464/tcp open kpasswd5?
2396. 593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
2397. 636/tcp open tcpwrapped
2398. 3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: thinc.local, Site: Default-First-Site-Name)
2399. 3269/tcp open tcpwrapped
2400. 3389/tcp open ms-wbt-server Microsoft Terminal Service
2401. | ssl-cert: Subject: commonName=master.thinc.local
2402. | Issuer: commonName=master.thinc.local
2403. | Public Key type: rsa
2404. | Public Key bits: 2048.0
2405. | Signature Algorithm: sha1WithRSAEncryption
2406. | Not valid before: 2013-12-27T07:37:00
2407. | Not valid after: 2014-06-28T07:37:00
2408. | MD5: 62f5 9691 3337 f479 c365 dcb7 752b 8c20
2409. |_SHA-1: f1ea 4aa6 5ff1 4ee5 308f 55c7 30ed 5cfc e37a 63f2
2410. |_ssl-date: 2013-12-28T07:37:20+00:00; -3y47d16h29m16s from scanner time.
2411. 49152/tcp open msrpc Microsoft Windows RPC
2412. 49153/tcp open msrpc Microsoft Windows RPC
2413. 49154/tcp open msrpc Microsoft Windows RPC
2414. 49155/tcp open msrpc Microsoft Windows RPC
2415. 49157/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
2416. 49158/tcp open msrpc Microsoft Windows RPC
2417. 49167/tcp open msrpc Microsoft Windows RPC
2418. MAC Address: 00:50:56:89:18:E8 (VMware)
2419. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
2420. TCP/IP fingerprint:
2421. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=21%CT=1%CU=38483%PV=Y%DS=1%DC=D%G=Y%M=005
2422. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=109%TI=I%II=I%S
2423. OS:S=O%TS=7)SEQ(SP=104%GCD=1%ISR=10B%TI=I%II=I%TS=7)SEQ(SP=104%GCD=1%ISR=10
2424. OS:B%TI=I%TS=7)OPS(O1=M529NW8ST11%O2=M529NW8ST11%O3=M529NW8NNT11%O4=M529NW8
2425. OS:ST11%O5=M529NW8ST11%O6=M529ST11)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2
2426. OS:000%W6=2000)ECN(R=Y%DF=Y%T=80%W=2000%O=M529NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=
2427. OS:80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=80%W=0%S=Z%A
2428. OS:=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=80%IPL=164%UN=0%RIPL=G%R
2429. OS:ID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=80%CD=Z)
2430.  
2431. Uptime guess: 1.084 days (since Sun Feb 12 14:10:47 2017)
2432. Network Distance: 1 hop
2433. TCP Sequence Prediction: Difficulty=260 (Good luck!)
2434. IP ID Sequence Generation: Incremental
2435. Service Info: Host: MASTER; OS: Windows; CPE: cpe:/o:microsoft:windows
2436.  
2437. Host script results:
2438. |_clock-skew: mean: -1143d16h30m15s, deviation: 1m23s, median: -1143d16h31m14s
2439. | nbstat: NetBIOS name: MASTER, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:18:e8 (VMware)
2440. | Names:
2441. | MASTER<00> Flags: <unique><active>
2442. | THINC<00> Flags: <group><active>
2443. | THINC<1c> Flags: <group><active>
2444. | MASTER<20> Flags: <unique><active>
2445. |_ THINC<1b> Flags: <unique><active>
2446. | smb-os-discovery:
2447. | OS: Windows Server 2008 R2 Standard 7601 Service Pack 1 (Windows Server 2008 R2 Standard 6.1)
2448. | OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
2449. | Computer name: master
2450. | NetBIOS computer name: MASTER
2451. | Domain name: thinc.local
2452. | Forest name: thinc.local
2453. | FQDN: master.thinc.local
2454. |_ System time: 2013-12-27T23:37:02-08:00
2455. | smb-security-mode:
2456. | account_used: guest
2457. | authentication_level: user
2458. | challenge_response: supported
2459. |_ message_signing: required
2460. |_smbv2-enabled: Server supports SMBv2 protocol
2461.  
2462. TRACEROUTE
2463. HOP RTT ADDRESS
2464. 1 91.93 ms 10.11.1.220
2465.  
2466. Nmap scan report for 10.11.1.221
2467. Host is up (0.091s latency).
2468. Not shown: 989 closed ports
2469. PORT STATE SERVICE VERSION
2470. 53/tcp open domain Microsoft DNS 6.0.6001
2471. | dns-nsid:
2472. |_ bind.version: Microsoft DNS 6.0.6001 (17714650)
2473. 135/tcp open msrpc Microsoft Windows RPC
2474. 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
2475. 445/tcp open microsoft-ds Windows Server (R) 2008 Standard 6001 Service Pack 1 microsoft-ds (workgroup: THINC)
2476. 3389/tcp open ms-wbt-server Microsoft Terminal Service
2477. | ssl-cert: Subject: commonName=slave.thinc.local
2478. | Issuer: commonName=slave.thinc.local
2479. | Public Key type: rsa
2480. | Public Key bits: 2048.0
2481. | Signature Algorithm: sha1WithRSAEncryption
2482. | Not valid before: 2013-12-26T21:08:51
2483. | Not valid after: 2014-06-27T21:08:51
2484. | MD5: 7497 ea3d a2eb 1024 985b cd6f 3da9 a328
2485. |_SHA-1: 6651 22ed 3481 a56f c06d 1f97 3d15 78c6 770d caf3
2486. |_ssl-date: 2013-12-28T07:37:10+00:00; -3y47d16h30m55s from scanner time.
2487. 5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2488. |_http-server-header: Microsoft-HTTPAPI/2.0
2489. |_http-title: Service Unavailable
2490. 49152/tcp open msrpc Microsoft Windows RPC
2491. 49153/tcp open msrpc Microsoft Windows RPC
2492. 49154/tcp open msrpc Microsoft Windows RPC
2493. 49155/tcp open msrpc Microsoft Windows RPC
2494. 49165/tcp open msrpc Microsoft Windows RPC
2495. MAC Address: 00:50:56:89:21:7D (VMware)
2496. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
2497. TCP/IP fingerprint:
2498. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=53%CT=1%CU=42249%PV=Y%DS=1%DC=D%G=Y%M=005
2499. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=107%TI=I%II=I%S
2500. OS:S=S%TS=7)SEQ(SP=105%GCD=1%ISR=107%TI=I%TS=7)OPS(O1=M529NW8ST11%O2=M529NW
2501. OS:8ST11%O3=M529NW8NNT11%O4=M529NW8ST11%O5=M529NW8ST11%O6=M529ST11)WIN(W1=2
2502. OS:000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)ECN(R=Y%DF=Y%T=80%W=2000%O=M
2503. OS:529NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T
2504. OS:4(R=N)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y
2505. OS:%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T
2506. OS:=80%CD=Z)
2507.  
2508. Uptime guess: 0.360 days (since Mon Feb 13 07:33:02 2017)
2509. Network Distance: 1 hop
2510. TCP Sequence Prediction: Difficulty=261 (Good luck!)
2511. IP ID Sequence Generation: Incremental
2512. Service Info: Host: SLAVE; OS: Windows; CPE: cpe:/o:microsoft:windows
2513.  
2514. Host script results:
2515. |_clock-skew: mean: -1143d16h30m55s, deviation: 0s, median: -1143d16h30m55s
2516. | nbstat: NetBIOS name: SLAVE, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:21:7d (VMware)
2517. | Names:
2518. | SLAVE<00> Flags: <unique><active>
2519. | THINC<00> Flags: <group><active>
2520. |_ SLAVE<20> Flags: <unique><active>
2521. | smb-os-discovery:
2522. | OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)
2523. | OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
2524. | Computer name: slave
2525. | NetBIOS computer name: SLAVE
2526. | Domain name: thinc.local
2527. | Forest name: thinc.local
2528. | FQDN: slave.thinc.local
2529. |_ System time: 2013-12-27T23:37:21-08:00
2530. | smb-security-mode:
2531. | account_used: guest
2532. | authentication_level: user
2533. | challenge_response: supported
2534. |_ message_signing: disabled (dangerous, but default)
2535. |_smbv2-enabled: Server supports SMBv2 protocol
2536.  
2537. TRACEROUTE
2538. HOP RTT ADDRESS
2539. 1 91.47 ms 10.11.1.221
2540.  
2541. Nmap scan report for 10.11.1.223
2542. Host is up (0.092s latency).
2543. Not shown: 987 closed ports
2544. PORT STATE SERVICE VERSION
2545. 80/tcp open http Apache httpd 2.2.14 (DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
2546. | http-methods:
2547. | Supported Methods: GET HEAD POST OPTIONS TRACE
2548. |_ Potentially risky methods: TRACE
2549. |_http-server-header: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
2550. |_http-title: Index of /
2551. 135/tcp open msrpc Microsoft Windows RPC
2552. 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
2553. 443/tcp open ssl/http Apache httpd 2.2.14 ((Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
2554. | http-methods:
2555. | Supported Methods: GET HEAD POST OPTIONS TRACE
2556. |_ Potentially risky methods: TRACE
2557. |_http-server-header: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1
2558. |_http-title: Index of /
2559. | ssl-cert: Subject: commonName=localhost
2560. | Issuer: commonName=localhost
2561. | Public Key type: rsa
2562. | Public Key bits: 1024.0
2563. | Signature Algorithm: sha1WithRSAEncryption
2564. | Not valid before: 2009-11-10T23:48:47
2565. | Not valid after: 2019-11-08T23:48:47
2566. | MD5: a0a4 4cc9 9e84 b26f 9e63 9f9e d229 dee0
2567. |_SHA-1: b023 8c54 7a90 5bfa 119c 4e8b acca eacf 3649 1ff6
2568. |_ssl-date: 2017-02-13T15:18:41+00:00; -8h48m19s from scanner time.
2569. | sslv2:
2570. | SSLv2 supported
2571. | ciphers:
2572. | SSL2_RC4_128_WITH_MD5
2573. | SSL2_DES_64_CBC_WITH_MD5
2574. | SSL2_DES_192_EDE3_CBC_WITH_MD5
2575. | SSL2_RC4_128_EXPORT40_WITH_MD5
2576. | SSL2_RC2_128_CBC_WITH_MD5
2577. | SSL2_IDEA_128_CBC_WITH_MD5
2578. |_ SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
2579. 445/tcp open microsoft-ds Windows Server (R) 2008 Standard 6001 Service Pack 1 microsoft-ds (workgroup: WORKGROUP)
2580. 3306/tcp open mysql?
2581. 3389/tcp open ms-wbt-server Microsoft Terminal Service
2582. | ssl-cert: Subject: commonName=Jeff
2583. | Issuer: commonName=Jeff
2584. | Public Key type: rsa
2585. | Public Key bits: 2048.0
2586. | Signature Algorithm: sha1WithRSAEncryption
2587. | Not valid before: 2017-02-12T09:53:27
2588. | Not valid after: 2017-08-14T09:53:27
2589. | MD5: 64fd 4d3e a9ce 4dc2 18b0 278e db2c 6860
2590. |_SHA-1: a583 1584 fcab 60f1 41dd c2c3 41f3 2528 5042 5a6f
2591. |_ssl-date: 2017-02-13T15:19:41+00:00; -8h48m19s from scanner time.
2592. 49152/tcp open msrpc Microsoft Windows RPC
2593. 49153/tcp open msrpc Microsoft Windows RPC
2594. 49154/tcp open msrpc Microsoft Windows RPC
2595. 49155/tcp open msrpc Microsoft Windows RPC
2596. 49156/tcp open msrpc Microsoft Windows RPC
2597. 49157/tcp open msrpc Microsoft Windows RPC
2598. MAC Address: 00:50:56:89:77:9C (VMware)
2599. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
2600. TCP/IP fingerprint:
2601. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=80%CT=1%CU=38079%PV=Y%DS=1%DC=D%G=Y%M=005
2602. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=108%TI=I%II=I%S
2603. OS:S=S%TS=7)SEQ(SP=104%GCD=1%ISR=109%TI=I%TS=7)OPS(O1=M529NW8ST11%O2=M529NW
2604. OS:8ST11%O3=M529NW8NNT11%O4=M529NW8ST11%O5=M529NW8ST11%O6=M529ST11)WIN(W1=2
2605. OS:000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)ECN(R=Y%DF=Y%T=80%W=2000%O=M
2606. OS:529NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T
2607. OS:4(R=N)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y
2608. OS:%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T
2609. OS:=80%CD=Z)
2610.  
2611. Uptime guess: 0.730 days (since Sun Feb 12 22:41:18 2017)
2612. Network Distance: 1 hop
2613. TCP Sequence Prediction: Difficulty=258 (Good luck!)
2614. IP ID Sequence Generation: Incremental
2615. Service Info: Hosts: localhost, JEFF; OS: Windows; CPE: cpe:/o:microsoft:windows
2616.  
2617. Host script results:
2618. |_clock-skew: mean: -8h48m19s, deviation: 0s, median: -8h48m19s
2619. | nbstat: NetBIOS name: JEFF, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:77:9c (VMware)
2620. | Names:
2621. | JEFF<00> Flags: <unique><active>
2622. | WORKGROUP<00> Flags: <group><active>
2623. |_ JEFF<20> Flags: <unique><active>
2624. | smb-os-discovery:
2625. | OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R) 2008 Standard 6.0)
2626. | OS CPE: cpe:/o:microsoft:windows_server_2008::sp1
2627. | Computer name: Jeff
2628. | NetBIOS computer name: JEFF
2629. | Workgroup: WORKGROUP
2630. |_ System time: 2017-02-13T07:19:57-08:00
2631. | smb-security-mode:
2632. | account_used: guest
2633. | authentication_level: user
2634. | challenge_response: supported
2635. |_ message_signing: disabled (dangerous, but default)
2636. |_smbv2-enabled: Server supports SMBv2 protocol
2637.  
2638. TRACEROUTE
2639. HOP RTT ADDRESS
2640. 1 92.11 ms 10.11.1.223
2641.  
2642. Nmap scan report for 10.11.1.226
2643. Host is up (0.088s latency).
2644. Not shown: 998 filtered ports
2645. PORT STATE SERVICE VERSION
2646. 21/tcp open ftp GuildFTPd
2647. | ftp-anon: Anonymous FTP login allowed (FTP code 230)
2648. | -rwxrw-rw- 1 root root 0 Dec 24 2009 AUTOEXEC.BAT [NSE: writeable]
2649. | -rwxrw-rw- 1 root root 0 Dec 24 2009 CONFIG.SYS [NSE: writeable]
2650. | drwxrw-rw- 1 root root 0 Sep 19 2011 Documents and Settings [NSE: writeable]
2651. | drwxrw-rw- 1 root root 0 Dec 24 2009 ftproot [NSE: writeable]
2652. | drwxrw-rw- 1 root root 0 Dec 27 2012 Program Files [NSE: writeable]
2653. | drwxrw-rw- 1 root root 0 Jun 16 2016 Python26 [NSE: writeable]
2654. | drwxrw-rw- 1 root root 0 Apr 20 2016 WINDOWS [NSE: writeable]
2655. |_drwxrw-rw- 1 root root 0 Dec 24 2009 wmpub [NSE: writeable]
2656. 3389/tcp closed ms-wbt-server
2657. MAC Address: 00:50:56:89:1C:D7 (VMware)
2658. Device type: general purpose|WAP
2659. Running (JUST GUESSING): Microsoft Windows 2003|2000|XP (92%), Apple embedded (89%), FreeBSD 6.X (85%)
2660. OS CPE: cpe:/o:microsoft:windows_server_2003::sp2 cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:freebsd:freebsd:6.2
2661. Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (92%), Apple AirPort Extreme WAP (89%), Microsoft Windows 2000 SP4 (89%), Microsoft Windows XP SP3 (89%), Microsoft Windows Server 2003 (87%), Microsoft Windows XP (87%), Microsoft Windows Server 2003 SP1 (86%), Microsoft Windows Server 2003 SP0 - SP2 (86%), Microsoft Windows Server 2003 SP1 or SP2 (86%), Microsoft Windows Server 2003 2 (86%)
2662. No exact OS matches for host (test conditions non-ideal).
2663. Network Distance: 1 hop
2664. TCP Sequence Prediction: Difficulty=257 (Good luck!)
2665. IP ID Sequence Generation: Incremental
2666. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
2667.  
2668. TRACEROUTE
2669. HOP RTT ADDRESS
2670. 1 88.46 ms 10.11.1.226
2671.  
2672. Nmap scan report for 10.11.1.227
2673. Host is up (0.092s latency).
2674. Not shown: 987 closed ports
2675. PORT STATE SERVICE VERSION
2676. 21/tcp open ftp Microsoft ftpd 5.0
2677. | ftp-anon: Anonymous FTP login allowed (FTP code 230)
2678. |_02-12-17 11:26PM <DIR> w00t4444
2679. 25/tcp open smtp Microsoft ESMTP 5.0.2195.5329
2680. | smtp-commands: jd.acme.local Hello [10.11.0.208], AUTH GSSAPI NTLM LOGIN, AUTH=LOGIN, TURN, ATRN, SIZE 2097152, ETRN, PIPELINING, DSN, ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, OK,
2681. |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH TURN ATRN ETRN BDAT VRFY
2682. | smtp-ntlm-info:
2683. | Target_Name: JD
2684. | NetBIOS_Domain_Name: JD
2685. | NetBIOS_Computer_Name: JD
2686. | DNS_Domain_Name: jd.acme.local
2687. | DNS_Computer_Name: jd.acme.local
2688. |_ Product_Version: 5.0.2195
2689. 80/tcp open http Microsoft IIS httpd 5.0
2690. | http-methods:
2691. | Supported Methods: OPTIONS TRACE GET HEAD COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT POST MOVE MKCOL PROPPATCH
2692. |_ Potentially risky methods: TRACE COPY PROPFIND SEARCH LOCK UNLOCK DELETE PUT MOVE MKCOL PROPPATCH
2693. | http-ntlm-info:
2694. | Target_Name: JD
2695. | NetBIOS_Domain_Name: JD
2696. | NetBIOS_Computer_Name: JD
2697. | DNS_Domain_Name: jd.acme.local
2698. | DNS_Computer_Name: jd.acme.local
2699. |_ Product_Version: 5.0.2195
2700. |_http-server-header: Microsoft-IIS/5.0
2701. |_http-title: Directory Listing Denied
2702. |_http-webdav-scan: ERROR: Script execution failed (use -d to debug)
2703. 135/tcp open msrpc Microsoft Windows RPC
2704. 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
2705. 443/tcp open https?
2706. 445/tcp open microsoft-ds Windows 2000 microsoft-ds
2707. 1025/tcp open msrpc Microsoft Windows RPC
2708. 1026/tcp open msrpc Microsoft Windows RPC
2709. 1063/tcp open msrpc Microsoft Windows RPC
2710. 3372/tcp open msdtc Microsoft Distributed Transaction Coordinator
2711. 5800/tcp open vnc-http RealVNC 4.0 (resolution: 400x250; VNC TCP port: 5900)
2712. | http-methods:
2713. |_ Supported Methods: GET HEAD
2714. |_http-server-header: RealVNC/4.0
2715. |_http-title: VNC viewer for Java
2716. 5900/tcp open vnc VNC (protocol 3.8)
2717. |_realvnc-auth-bypass: Vulnerable
2718. | vnc-info:
2719. | Protocol version: 3.8
2720. | Security types:
2721. |_ VNC Authentication (2)
2722. MAC Address: 00:50:56:89:0A:20 (VMware)
2723. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
2724. TCP/IP fingerprint:
2725. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=21%CT=1%CU=34651%PV=Y%DS=1%DC=D%G=Y%M=005
2726. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=FD%GCD=2%ISR=104%TI=I%II=I%TS
2727. OS:=0)SEQ(SP=100%GCD=1%ISR=106%TI=I%TS=0)OPS(O1=M529NW0NNT00NNS%O2=M529NW0N
2728. OS:NT00NNS%O3=M529NW0NNT00%O4=M529NW0NNT00NNS%O5=M529NW0NNT00NNS%O6=M529NNT
2729. OS:00NNS)WIN(W1=FAF0%W2=FAF0%W3=FAF0%W4=FAF0%W5=FAF0%W6=FAF0)ECN(R=Y%DF=Y%T
2730. OS:=80%W=FAF0%O=M529NW0NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T
2731. OS:2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=N%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N
2732. OS:)T7(R=N)U1(R=Y%DF=N%T=80%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)I
2733. OS:E(R=Y%DFI=S%T=80%CD=Z)
2734.  
2735. Network Distance: 1 hop
2736. TCP Sequence Prediction: Difficulty=256 (Good luck!)
2737. IP ID Sequence Generation: Incremental
2738. Service Info: Host: jd.acme.local; OSs: Windows, Windows 2000; CPE: cpe:/o:microsoft:windows, cpe:/o:microsoft:windows_2000
2739.  
2740. Host script results:
2741. |_clock-skew: mean: -8h48m20s, deviation: 0s, median: -8h48m20s
2742. | ms-sql-info:
2743. | Windows server name: JD
2744. | 10.11.1.227\MSSQLSERVER:
2745. | Instance name: MSSQLSERVER
2746. | Version:
2747. | Service pack level: RTM
2748. | Product: Microsoft SQL Server 2000
2749. | name: Microsoft SQL Server 2000 RTM
2750. | number: 8.00.194.00
2751. | Post-SP patches applied: false
2752. | TCP port: 27900
2753. | Named pipe: \\10.11.1.227\pipe\sql\query
2754. |_ Clustered: false
2755. | nbstat: NetBIOS name: JD, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:0a:20 (VMware)
2756. | Names:
2757. | JD<00> Flags: <unique><active>
2758. | JD<20> Flags: <unique><active>
2759. | WORKGROUP<00> Flags: <group><active>
2760. | WORKGROUP<1e> Flags: <group><active>
2761. | JD<03> Flags: <unique><active>
2762. | INet~Services<1c> Flags: <group><active>
2763. |_ IS~JD<00> Flags: <unique><active>
2764. | smb-os-discovery:
2765. | OS: Windows 2000 (Windows 2000 LAN Manager)
2766. | OS CPE: cpe:/o:microsoft:windows_2000::-
2767. | Computer name: jd
2768. | NetBIOS computer name: JD
2769. | Workgroup: WORKGROUP
2770. |_ System time: 2017-02-13T17:19:57+02:00
2771. | smb-security-mode:
2772. | account_used: guest
2773. | authentication_level: user
2774. | challenge_response: supported
2775. |_ message_signing: disabled (dangerous, but default)
2776. |_smbv2-enabled: Server doesn't support SMBv2 protocol
2777.  
2778. TRACEROUTE
2779. HOP RTT ADDRESS
2780. 1 92.05 ms 10.11.1.227
2781.  
2782. Nmap scan report for 10.11.1.229
2783. Host is up (0.091s latency).
2784. Not shown: 988 filtered ports
2785. PORT STATE SERVICE VERSION
2786. 21/tcp open tcpwrapped
2787. 23/tcp closed telnet
2788. 25/tcp open smtp hMailServer smtpd
2789. | smtp-commands: MAIL, SIZE 20480000, AUTH LOGIN,
2790. |_ 211 DATA HELO EHLO MAIL NOOP QUIT RCPT RSET SAML TURN VRFY
2791. 80/tcp open http Microsoft IIS httpd 6.0
2792. | http-methods:
2793. | Supported Methods: OPTIONS TRACE GET HEAD DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT POST
2794. |_ Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
2795. |_http-server-header: Microsoft-IIS/6.0
2796. |_http-title: 10.11.1.229 - /
2797. |_http-webdav-scan: ERROR: Script execution failed (use -d to debug)
2798. 110/tcp open pop3 hMailServer pop3d
2799. |_pop3-capabilities: ERROR: Script execution failed (use -d to debug)
2800. 135/tcp open msrpc Microsoft Windows RPC
2801. 139/tcp open netbios-ssn Windows Server 2003 3790 Service Pack 1 netbios-ssn
2802. 143/tcp open imap hMailServer imapd
2803. |_imap-capabilities: SORT QUOTA IMAP4rev1 OK ACL completed IDLE CAPABILITY IMAP4 CHILDREN RIGHTS=texkA0001 NAMESPACE
2804. 443/tcp closed https
2805. 1025/tcp open msrpc Microsoft Windows RPC
2806. 2869/tcp closed icslap
2807. 3389/tcp open ms-wbt-server Microsoft Terminal Service
2808. MAC Address: 00:50:56:89:2D:8F (VMware)
2809. Device type: general purpose|media device
2810. Running (JUST GUESSING): Microsoft Windows 2003|XP|2000|PocketPC/CE (93%), Motorola embedded (86%)
2811. OS CPE: cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_ce:5.0 cpe:/h:motorola:vip1216
2812. Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (93%), Microsoft Windows XP SP3 (91%), Microsoft Windows XP (89%), Microsoft Windows Server 2003 SP1 (88%), Microsoft Windows Server 2003 SP0 - SP2 (88%), Microsoft Windows Server 2003 SP1 or SP2 (88%), Microsoft Windows Server 2003 (87%), Microsoft Windows 2000 SP4 (87%), Microsoft Windows 2003 (86%), Microsoft Windows 2000 Server SP4 or Windows XP Professional SP3 (86%)
2813. No exact OS matches for host (test conditions non-ideal).
2814. Network Distance: 1 hop
2815. TCP Sequence Prediction: Difficulty=261 (Good luck!)
2816. IP ID Sequence Generation: Incremental
2817. Service Info: Host: MAIL; OS: Windows; CPE: cpe:/o:microsoft:windows
2818.  
2819. Host script results:
2820. |_clock-skew: mean: -6h30m16s, deviation: 0s, median: -6h30m16s
2821. | nbstat: NetBIOS name: MAIL, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:2d:8f (VMware)
2822. | Names:
2823. | MAIL<00> Flags: <unique><active>
2824. | WORKGROUP<00> Flags: <group><active>
2825. | MAIL<1f> Flags: <unique><active>
2826. | MAIL<03> Flags: <unique><active>
2827. | MAIL<20> Flags: <unique><active>
2828. |_ WORKGROUP<1e> Flags: <group><active>
2829. | smb-os-discovery:
2830. | OS: Windows Server 2003 3790 Service Pack 1 (Windows Server 2003 5.2)
2831. | OS CPE: cpe:/o:microsoft:windows_server_2003::sp1
2832. | Computer name: mail
2833. | NetBIOS computer name: MAIL
2834. | Workgroup: WORKGROUP
2835. |_ System time: 2017-02-13T11:38:01-06:00
2836. | smb-security-mode:
2837. | account_used: guest
2838. | authentication_level: user
2839. | challenge_response: supported
2840. |_ message_signing: disabled (dangerous, but default)
2841. |_smbv2-enabled: Server doesn't support SMBv2 protocol
2842.  
2843. TRACEROUTE
2844. HOP RTT ADDRESS
2845. 1 90.72 ms 10.11.1.229
2846.  
2847. Nmap scan report for 10.11.1.230
2848. Host is up (0.092s latency).
2849. Not shown: 989 closed ports
2850. PORT STATE SERVICE VERSION
2851. 80/tcp open http GoAhead WebServer
2852. | http-methods:
2853. |_ Supported Methods: GET HEAD
2854. |_http-server-header: GoAhead-Webs
2855. | http-title: HP Power Manager
2856. |_Requested resource was http://10.11.1.230/index.asp
2857. 135/tcp open msrpc Microsoft Windows RPC
2858. 139/tcp open netbios-ssn Microsoft Windows netbios-ssn
2859. 445/tcp open microsoft-ds Windows 7 Ultimate N 7600 microsoft-ds (workgroup: WORKGROUP)
2860. 3389/tcp open ms-wbt-server Microsoft Terminal Service
2861. | ssl-cert: Subject: commonName=kevin
2862. | Issuer: commonName=kevin
2863. | Public Key type: rsa
2864. | Public Key bits: 2048.0
2865. | Signature Algorithm: sha1WithRSAEncryption
2866. | Not valid before: 2017-02-13T00:48:27
2867. | Not valid after: 2017-08-15T00:48:27
2868. | MD5: b5af 6ba3 66c2 ba41 bf3f eef4 ceaf a669
2869. |_SHA-1: 6dff 1263 5560 1b97 2e45 3ce1 5713 e2f9 7b07 0898
2870. |_ssl-date: 2017-02-14T00:44:51+00:00; +36m46s from scanner time.
2871. 49152/tcp open msrpc Microsoft Windows RPC
2872. 49153/tcp open msrpc Microsoft Windows RPC
2873. 49154/tcp open msrpc Microsoft Windows RPC
2874. 49155/tcp open msrpc Microsoft Windows RPC
2875. 49156/tcp open msrpc Microsoft Windows RPC
2876. 49157/tcp open msrpc Microsoft Windows RPC
2877. MAC Address: 00:50:56:89:14:32 (VMware)
2878. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
2879. TCP/IP fingerprint:
2880. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=80%CT=1%CU=32612%PV=Y%DS=1%DC=D%G=Y%M=005
2881. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=103%GCD=1%ISR=10A%TI=I%TS=7)O
2882. OS:PS(O1=M529NW8ST11%O2=M529NW8ST11%O3=M529NW8NNT11%O4=M529NW8ST11%O5=M529N
2883. OS:W8ST11%O6=M529ST11)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)E
2884. OS:CN(R=Y%DF=Y%T=80%W=2000%O=M529NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F
2885. OS:=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F=AR%O=%R
2886. OS:D=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%
2887. OS:RUCK=G%RUD=G)IE(R=Y%DFI=N%T=80%CD=Z)
2888.  
2889. Uptime guess: 0.013 days (since Mon Feb 13 15:53:22 2017)
2890. Network Distance: 1 hop
2891. TCP Sequence Prediction: Difficulty=261 (Good luck!)
2892. IP ID Sequence Generation: Incremental
2893. Service Info: Host: KEVIN; OS: Windows; CPE: cpe:/o:microsoft:windows
2894.  
2895. Host script results:
2896. |_clock-skew: mean: 36m46s, deviation: 1s, median: 36m46s
2897. | nbstat: NetBIOS name: KEVIN, NetBIOS user: <unknown>, NetBIOS MAC: 00:50:56:89:14:32 (VMware)
2898. | Names:
2899. | KEVIN<00> Flags: <unique><active>
2900. | WORKGROUP<00> Flags: <group><active>
2901. | KEVIN<20> Flags: <unique><active>
2902. |_ WORKGROUP<1e> Flags: <group><active>
2903. | smb-os-discovery:
2904. | OS: Windows 7 Ultimate N 7600 (Windows 7 Ultimate N 6.1)
2905. | OS CPE: cpe:/o:microsoft:windows_7::-
2906. | Computer name: kevin
2907. | NetBIOS computer name: KEVIN
2908. | Workgroup: WORKGROUP
2909. |_ System time: 2017-02-13T16:45:04-08:00
2910. | smb-security-mode:
2911. | account_used: guest
2912. | authentication_level: user
2913. | challenge_response: supported
2914. |_ message_signing: disabled (dangerous, but default)
2915. |_smbv2-enabled: Server supports SMBv2 protocol
2916.  
2917. TRACEROUTE
2918. HOP RTT ADDRESS
2919. 1 91.81 ms 10.11.1.230
2920.  
2921. Nmap scan report for 10.11.1.234
2922. Host is up (0.10s latency).
2923. Not shown: 998 closed ports
2924. PORT STATE SERVICE VERSION
2925. 22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu3 (Ubuntu Linux; protocol 2.0)
2926. | ssh-hostkey:
2927. | 1024 2c:83:67:02:29:20:87:99:87:55:95:92:6c:8d:a4:a3 (DSA)
2928. |_ 2048 6b:91:08:a8:c0:90:ac:68:bd:c9:cd:9c:be:69:2b:ac (RSA)
2929. 80/tcp open http Apache httpd 2.2.14 ((Ubuntu))
2930. | http-methods:
2931. |_ Supported Methods: GET HEAD POST OPTIONS
2932. |_http-server-header: Apache/2.2.14 (Ubuntu)
2933. |_http-title: Business Statistics | New Server for Thinc&#039;s Business Sta...
2934. MAC Address: 00:50:56:89:40:FB (VMware)
2935. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
2936. TCP/IP fingerprint:
2937. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=40347%PV=Y%DS=1%DC=D%G=Y%M=005
2938. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=C7%GCD=1%ISR=C7%TI=Z%II=I%TS=
2939. OS:8)SEQ(SP=C7%GCD=1%ISR=C8%TI=Z%TS=8)OPS(O1=M529ST11NW6%O2=M529ST11NW6%O3=
2940. OS:M529NNT11NW6%O4=M529ST11NW6%O5=M529ST11NW6%O6=M529ST11)WIN(W1=16A0%W2=16
2941. OS:A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0%O=M529NNSNW6
2942. OS:%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(
2943. OS:R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=4
2944. OS:0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
2945.  
2946. Uptime guess: 0.269 days (since Mon Feb 13 09:45:01 2017)
2947. Network Distance: 1 hop
2948. TCP Sequence Prediction: Difficulty=199 (Good luck!)
2949. IP ID Sequence Generation: All zeros
2950. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
2951.  
2952. TRACEROUTE
2953. HOP RTT ADDRESS
2954. 1 101.25 ms 10.11.1.234
2955.  
2956. Nmap scan report for 10.11.1.237
2957. Host is up (0.092s latency).
2958. Not shown: 996 closed ports
2959. PORT STATE SERVICE VERSION
2960. 22/tcp open ssh OpenSSH 6.0p1 Debian 4 (protocol 2.0)
2961. | ssh-hostkey:
2962. | 1024 fc:89:ba:50:c2:ea:2d:ab:b9:19:f1:f9:0a:b4:c0:5a (DSA)
2963. | 2048 de:2d:b8:bd:43:8a:c3:28:2b:d3:22:84:d0:6c:e0:9d (RSA)
2964. |_ 256 a5:58:4d:9d:e8:61:de:55:83:e2:71:6b:5d:ad:83:e2 (ECDSA)
2965. 80/tcp open http Apache httpd 2.2.22 ((Debian))
2966. | http-methods:
2967. |_ Supported Methods: POST OPTIONS GET HEAD
2968. |_http-server-header: Apache/2.2.22 (Debian)
2969. |_http-title: Site doesn't have a title (text/html).
2970. 111/tcp open rpcbind 2-4 (RPC #100000)
2971. | rpcinfo:
2972. | program version port/proto service
2973. | 100000 2,3,4 111/tcp rpcbind
2974. | 100000 2,3,4 111/udp rpcbind
2975. | 100024 1 46274/udp status
2976. |_ 100024 1 49234/tcp status
2977. 443/tcp open ssl/http Apache httpd 2.2.22 ((Debian))
2978. | http-methods:
2979. |_ Supported Methods: POST OPTIONS GET HEAD
2980. |_http-server-header: Apache/2.2.22 (Debian)
2981. |_http-title: Site doesn't have a title (text/html).
2982. | ssl-cert: Subject: commonName=localhost
2983. | Issuer: commonName=localhost
2984. | Public Key type: rsa
2985. | Public Key bits: 2048.0
2986. | Signature Algorithm: sha1WithRSAEncryption
2987. | Not valid before: 2013-12-26T16:25:05
2988. | Not valid after: 2023-12-24T16:25:05
2989. | MD5: 7ccb cc7f 3cd8 df1a 0ee9 0fe0 d5a6 1a8b
2990. |_SHA-1: 3a52 a856 cb8c 1391 4f2f 9192 9554 c3d5 0653 9a14
2991. |_ssl-date: 2017-02-13T15:18:44+00:00; -8h48m19s from scanner time.
2992. MAC Address: 00:50:56:89:0F:87 (VMware)
2993. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
2994. TCP/IP fingerprint:
2995. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=35062%PV=Y%DS=1%DC=D%G=Y%M=005
2996. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=106%GCD=1%ISR=108%TI=Z%TS=8)O
2997. OS:PS(O1=M529ST11NW3%O2=M529ST11NW3%O3=M529NNT11NW3%O4=M529ST11NW3%O5=M529S
2998. OS:T11NW3%O6=M529ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)E
2999. OS:CN(R=Y%DF=Y%T=40%W=3908%O=M529NNSNW3%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F
3000. OS:=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%R
3001. OS:D=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%
3002. OS:RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
3003.  
3004. Uptime guess: 1.241 days (since Sun Feb 12 10:25:10 2017)
3005. Network Distance: 1 hop
3006. TCP Sequence Prediction: Difficulty=263 (Good luck!)
3007. IP ID Sequence Generation: All zeros
3008. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
3009.  
3010. Host script results:
3011. |_clock-skew: mean: -8h48m19s, deviation: 0s, median: -8h48m19s
3012.  
3013. TRACEROUTE
3014. HOP RTT ADDRESS
3015. 1 92.06 ms 10.11.1.237
3016.  
3017. Nmap scan report for 10.11.1.238
3018. Host is up (0.093s latency).
3019. Not shown: 996 closed ports
3020. PORT STATE SERVICE VERSION
3021. 22/tcp open ssh OpenSSH 6.0p1 Debian 4 (protocol 2.0)
3022. | ssh-hostkey:
3023. | 1024 fc:89:ba:50:c2:ea:2d:ab:b9:19:f1:f9:0a:b4:c0:5a (DSA)
3024. | 2048 de:2d:b8:bd:43:8a:c3:28:2b:d3:22:84:d0:6c:e0:9d (RSA)
3025. |_ 256 a5:58:4d:9d:e8:61:de:55:83:e2:71:6b:5d:ad:83:e2 (ECDSA)
3026. 80/tcp open http Apache httpd 2.2.22 ((Debian))
3027. | http-methods:
3028. |_ Supported Methods: GET HEAD POST OPTIONS
3029. |_http-server-header: Apache/2.2.22 (Debian)
3030. |_http-title: Site doesn't have a title (text/html).
3031. 111/tcp open rpcbind 2-4 (RPC #100000)
3032. | rpcinfo:
3033. | program version port/proto service
3034. | 100000 2,3,4 111/tcp rpcbind
3035. | 100000 2,3,4 111/udp rpcbind
3036. | 100024 1 52691/tcp status
3037. |_ 100024 1 54849/udp status
3038. 443/tcp open ssl/http Apache httpd 2.2.22 ((Debian))
3039. | http-methods:
3040. |_ Supported Methods: GET HEAD POST OPTIONS
3041. |_http-server-header: Apache/2.2.22 (Debian)
3042. |_http-title: Site doesn't have a title (text/html).
3043. | ssl-cert: Subject: commonName=localhost
3044. | Issuer: commonName=localhost
3045. | Public Key type: rsa
3046. | Public Key bits: 2048.0
3047. | Signature Algorithm: sha1WithRSAEncryption
3048. | Not valid before: 2013-12-26T16:25:05
3049. | Not valid after: 2023-12-24T16:25:05
3050. | MD5: 7ccb cc7f 3cd8 df1a 0ee9 0fe0 d5a6 1a8b
3051. |_SHA-1: 3a52 a856 cb8c 1391 4f2f 9192 9554 c3d5 0653 9a14
3052. |_ssl-date: 2017-02-14T07:14:43+00:00; +7h07m21s from scanner time.
3053. MAC Address: 00:50:56:89:06:D8 (VMware)
3054. No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
3055. TCP/IP fingerprint:
3056. OS:SCAN(V=7.25BETA2%E=4%D=2/13%OT=22%CT=1%CU=40607%PV=Y%DS=1%DC=D%G=Y%M=005
3057. OS:056%TM=58A24B49%P=i686-pc-linux-gnu)SEQ(SP=105%GCD=1%ISR=109%TI=Z%II=I%T
3058. OS:S=8)SEQ(SP=105%GCD=1%ISR=109%TI=Z%TS=8)OPS(O1=M529ST11NW3%O2=M529ST11NW3
3059. OS:%O3=M529NNT11NW3%O4=M529ST11NW3%O5=M529ST11NW3%O6=M529ST11)WIN(W1=3890%W
3060. OS:2=3890%W3=3890%W4=3890%W5=3890%W6=3890)ECN(R=Y%DF=Y%T=40%W=3908%O=M529NN
3061. OS:SNW3%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=N
3062. OS:)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N
3063. OS:%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%C
3064. OS:D=S)
3065.  
3066. Uptime guess: 5.310 days (since Wed Feb 8 08:45:51 2017)
3067. Network Distance: 1 hop
3068. TCP Sequence Prediction: Difficulty=261 (Good luck!)
3069. IP ID Sequence Generation: All zeros
3070. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
3071.  
3072. Host script results:
3073. |_clock-skew: mean: 7h07m21s, deviation: 0s, median: 7h07m21s
3074.  
3075. TRACEROUTE
3076. HOP RTT ADDRESS
3077. 1 92.53 ms 10.11.1.238
3078.  
3079. Nmap scan report for 10.11.1.247
3080. Host is up (0.087s latency).
3081. Not shown: 999 filtered ports
3082. PORT STATE SERVICE VERSION
3083. 3389/tcp open ms-wbt-server Microsoft Terminal Service
3084. MAC Address: 00:50:56:89:3F:A5 (VMware)
3085. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3086. Device type: WAP|general purpose
3087. Running (JUST GUESSING): Apple embedded (90%), Microsoft Windows XP|2000|2003 (89%), FreeBSD 6.X (85%)
3088. OS CPE: cpe:/h:apple:airport_extreme cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_2000::sp4 cpe:/o:microsoft:windows_server_2003::sp2 cpe:/o:freebsd:freebsd:6.2
3089. Aggressive OS guesses: Apple AirPort Extreme WAP (90%), Microsoft Windows XP SP3 (89%), Microsoft Windows 2000 SP4 (88%), Microsoft Windows Server 2003 SP2 (86%), Microsoft Windows XP (86%), FreeBSD 6.2-RELEASE (85%), FreeBSD 6.3-RELEASE (85%)
3090. No exact OS matches for host (test conditions non-ideal).
3091. Network Distance: 1 hop
3092. TCP Sequence Prediction: Difficulty=263 (Good luck!)
3093. IP ID Sequence Generation: Incremental
3094. Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
3095.  
3096. TRACEROUTE
3097. HOP RTT ADDRESS
3098. 1 87.19 ms 10.11.1.247
3099.  
3100. Nmap scan report for 10.11.1.251
3101. Host is up (0.090s latency).
3102. Not shown: 998 filtered ports
3103. PORT STATE SERVICE VERSION
3104. 22/tcp open ssh OpenSSH 5.1p1 Debian 5ubuntu1 (Ubuntu Linux; protocol 2.0)
3105. | ssh-hostkey:
3106. | 1024 fd:35:c0:66:fc:2a:d0:76:c0:33:55:21:cb:70:55:54 (DSA)
3107. |_ 2048 bf:e1:ee:61:60:a5:3d:28:0f:af:7d:85:0c:19:c5:8d (RSA)
3108. 80/tcp open http Apache httpd 2.2.11 ((Ubuntu) PHP/5.2.6-3ubuntu4.4 with Suhosin-Patch)
3109. | http-methods:
3110. | Supported Methods: GET HEAD POST OPTIONS TRACE
3111. |_ Potentially risky methods: TRACE
3112. |_http-server-header: Apache/2.2.11 (Ubuntu) PHP/5.2.6-3ubuntu4.4 with Suhosin-Patch
3113. |_http-title: Site doesn't have a title (text/html).
3114. MAC Address: 00:50:56:89:6D:6E (VMware)
3115. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3116. Device type: general purpose|printer|broadband router|remote management|phone|firewall|VoIP phone|security-misc
3117. Running (JUST GUESSING): Linux 2.6.X|3.X (90%), Canon embedded (89%), D-Link embedded (89%), HP embedded (89%), Nokia Symbian OS (89%), Barracuda Networks embedded (89%), Linksys embedded (87%), Thomson embedded (87%)
3118. OS CPE: cpe:/o:linux:linux_kernel:2.6.23 cpe:/h:canon:imagerunner_advance_c5051 cpe:/h:dlink:dsl-2540b cpe:/a:hp:onboard_administrator:2.04 cpe:/o:nokia:symbian_os cpe:/h:linksys:wrv200 cpe:/o:linux:linux_kernel:3.2.0
3119. Aggressive OS guesses: Linux 2.6.23 (90%), Linux 2.6.22 (Debian 4.0) (90%), Linux 2.6.24 (Debian) (90%), Linux 2.6.26 (90%), Canon imageRUNNER ADVANCE C5051 printer (89%), D-Link DSL-2540B ADSL router (89%), HP Onboard Administrator 2.04 (89%), HP Onboard Administrator 2.25 - 3.31 (89%), Linux 2.6.15 (Ubuntu) (89%), Linux 2.6.15 - 2.6.26 (likely embedded) (89%)
3120. No exact OS matches for host (test conditions non-ideal).
3121. Uptime guess: 2.728 days (since Fri Feb 10 22:42:57 2017)
3122. Network Distance: 1 hop
3123. TCP Sequence Prediction: Difficulty=203 (Good luck!)
3124. IP ID Sequence Generation: All zeros
3125. Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
3126.  
3127. TRACEROUTE
3128. HOP RTT ADDRESS
3129. 1 89.59 ms 10.11.1.251
3130.  
3131. Nmap scan report for 10.11.1.252
3132. Host is up (0.089s latency).
3133. Not shown: 998 filtered ports
3134. PORT STATE SERVICE VERSION
3135. 8000/tcp open http Apache httpd 2.2.3 ((CentOS))
3136. | http-methods:
3137. |_ Supported Methods: GET HEAD POST OPTIONS
3138. |_http-open-proxy: Proxy might be redirecting requests
3139. |_http-server-header: Apache/2.2.3 (CentOS)
3140. | http-title: TimeClock Software :: Dev. Dpt. Thinc.local :: Log In
3141. |_Requested resource was login.php
3142. 8888/tcp open http-proxy Squid http proxy 3.3.8
3143. |_http-server-header: squid/3.3.8
3144. |_http-title: Endian Firewall - The requested URL could not be retrieved
3145. MAC Address: 00:50:56:89:60:13 (VMware)
3146. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
3147. Device type: firewall|general purpose|WAP|proxy server|PBX
3148. Running (JUST GUESSING): Linux 2.6.X (89%), Cisco embedded (89%), ZoneAlarm embedded (89%), Ruckus embedded (89%), Riverbed embedded (87%)
3149. OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/h:cisco:sa520 cpe:/h:zonealarm:z100g cpe:/h:ruckus:7363 cpe:/h:riverbed:steelhead_200 cpe:/h:cisco:uc320w
3150. Aggressive OS guesses: Cisco SA520 firewall (Linux 2.6) (89%), Linux 2.6.9 - 2.6.27 (89%), ZoneAlarm Z100G WAP (89%), Ruckus 7363 WAP (89%), Linux 2.6.9 (89%), Linux 2.6.28 (87%), Linux 2.6.30 (87%), Linux 2.6.9 (CentOS 4.4) (87%), Riverbed Steelhead 200 proxy server (87%), Linux 2.6.22.1-32.fc6 (x86, SMP) (86%)
3151. No exact OS matches for host (test conditions non-ideal).
3152. Uptime guess: 2.460 days (since Sat Feb 11 05:09:17 2017)
3153. Network Distance: 1 hop
3154. TCP Sequence Prediction: Difficulty=200 (Good luck!)
3155. IP ID Sequence Generation: All zeros
3156.  
3157. TRACEROUTE
3158. HOP RTT ADDRESS
3159. 1 89.22 ms 10.11.1.252
3160.  
3161. NSE: Script Post-scanning.
3162. Initiating NSE at 16:11
3163. Completed NSE at 16:11, 0.00s elapsed
3164. Initiating NSE at 16:11
3165. Completed NSE at 16:11, 0.00s elapsed
3166. Post-scan script results:
3167. | clock-skew:
3168. | -8h10m59s:
3169. | 10.11.1.128
3170. | 10.11.1.24
3171. | -8h48m19s:
3172. | 10.11.1.35
3173. | 10.11.1.223
3174. |_ 10.11.1.237
3175. | ssh-hostkey: Possible duplicate hosts
3176. | Key 2048 de:2d:b8:bd:43:8a:c3:28:2b:d3:22:84:d0:6c:e0:9d (RSA) used by:
3177. | 10.11.1.237
3178. | 10.11.1.238
3179. | Key 1024 fc:89:ba:50:c2:ea:2d:ab:b9:19:f1:f9:0a:b4:c0:5a (DSA) used by:
3180. | 10.11.1.237
3181. | 10.11.1.238
3182. | Key 256 a5:58:4d:9d:e8:61:de:55:83:e2:71:6b:5d:ad:83:e2 (ECDSA) used by:
3183. | 10.11.1.237
3184. |_ 10.11.1.238
3185. Read data files from: /usr/bin/../share/nmap
3186. OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
3187. Nmap done: 256 IP addresses (44 hosts up) scanned in 943.40 seconds
3188. Raw packets sent: 72114 (3.480MB) | Rcvd: 31174 (1.455MB)
3189. root@kali:~/Documents#