Spoofing MAC address 2E:B1:1F:6A:B3:63 (No registered vendor)# Nmap 6.47 scan

1. Spoofing MAC address 2E:B1:1F:6A:B3:63 (No registered vendor)
2. # Nmap 6.47 scan initiated Sun Jul 23 2017 as:
3.  
4. nmap -sVS --version-intensity 9 -T4 --spoof-mac 0 --top-ports 5000 -n -vv -f --data-length 0 --source-port 20 --reason -O --osscan-guess -oN /tmp/berlusconi --script dns-*,banner,whois-ip,http-sitemap-generator,http-errors,http-exif-spider,http-headers,http-passwd,http-robots.txt,http-stored-xss,http-vhosts,http-waf-detect,http-waf-fingerprint 185.61.137.160
5.  
6. Nmap scan report for 185.61.137.160
7. Host is up, received echo-reply (0.044s latency).
8. Scanned at 2017-07-23 CDT for 287s
9. Not shown: 4237 closed ports
10. Reason: 4237 resets
11. PORT STATE SERVICE REASON VERSION
12. 22/tcp open ssh syn-ack (protocol 2.0)
13. |_banner: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2
14. 23/tcp filtered telnet no-response
15. 445/tcp filtered microsoft-ds no-response
16. 3306/tcp open mysql syn-ack MySQL (unauthorized)
17. | banner: E\x00\x00\x00\xFFj\x04Host 'XX.XX.XX.XX' is not allowed to con
18. |_nect to this MySQL server
19. 8080/tcp open http syn-ack nginx
20. | http-errors:
21. | Spidering limited to: maxpagecount=40; withinhost=185.61.137.160
22. | Found the following error pages:
23. |
24. | Error Code: 404
25. | http://185.61.137.160:8080/?c=users&a=recover
26. |
27. | Error Code: 404
28. | http://185.61.137.160:8080/?c=users&a=doLogin
29. |
30. | Error Code: 404
31. |_ http://185.61.137.160:8080/?c=users&a=doRegister
32. | http-headers:
33. | Server: nginx
34. | Date: Sun, 23 Jul 2017 10:10:11 GMT
35. | Content-Type: text/html; charset=UTF-8
36. | Transfer-Encoding: chunked
37. | Connection: close
38. | Set-Cookie: admin=k1s768ilbc24nv32asmqreslt6; path=/; HttpOnly
39. | Expires: Sun, 23 Jul 2017 11:10:11 GMT
40. | Cache-Control: max-age=3600
41. | Pragma: no-cache
42. | Cache-Control: public
43. | Pragma: public
44. |
45. |_ (Request type: GET)
46. | http-sitemap-generator:
47. | Directory structure:
48. | /
49. | Other: 2
50. | /css/
51. | css: 3
52. | /img/
53. | jpg: 1
54. | Longest directory structure:
55. | Depth: 1
56. | Dir: /css/
57. | Total files found (by extension):
58. |_ Other: 2; css: 3; jpg: 1
59. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
60. | http-vhosts:
61. | 56 names had status ERROR
62. |_71 names had status 302
63. |_http-waf-detect: [ERROR] HTTP request table is empty. This should not ever happen because we at least made one request.
64. 8081/tcp open http syn-ack nginx
65. | http-errors:
66. | Spidering limited to: maxpagecount=40; withinhost=185.61.137.160
67. | Found the following error pages:
68. |
69. | Error Code: 404
70. | http://185.61.137.160:8081/?c=users&a=register
71. |
72. | Error Code: 404
73. |_ http://185.61.137.160:8081/?c=admin&a=doLogin
74. | http-headers:
75. | Server: nginx
76. | Date: Sun, 23 Jul 2017 10:09:29 GMT
77. | Content-Type: text/html; charset=UTF-8
78. | Connection: close
79. | Set-Cookie: admin=dtleepjpvn19cfte9g005i18t7; path=/; HttpOnly
80. | Expires: Thu, 19 Nov 1981 08:52:00 GMT
81. | Cache-Control: no-store, no-cache, must-revalidate
82. | Pragma: no-cache
83. |
84. |_ (Request type: HEAD)
85. | http-sitemap-generator:
86. | Directory structure:
87. | /
88. | Other: 1
89. | /css/
90. | css: 3
91. | Longest directory structure:
92. | Depth: 1
93. | Dir: /css/
94. | Total files found (by extension):
95. |_ Other: 1; css: 3
96. |_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
97. | http-vhosts:
98. | 64 names had status 200
99. |_63 names had status ERROR
100. 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
101. SF-Port22-TCP:V=6.47%I=9%D=7/23%Time=59747596%P=arm-unknown-linux-gnueabih
102. SF:f%r(NULL,29,"SSH-2\.0-OpenSSH_7\.2p2\x20Ubuntu-4ubuntu2\.2\r\n");
103. Device type: general purpose
104. Running: Linux 3.X
105. OS CPE: cpe:/o:linux:linux_kernel:3
106. OS details: Linux 3.11 - 3.14
107. TCP/IP fingerprint:
108. OS:SCAN(V=6.47%E=4%D=7/23%OT=22%CT=1%CU=41695%PV=N%DS=11%DC=I%G=N%TM=597476
109. OS:15%P=arm-unknown-linux-gnueabihf)SEQ(SP=108%GCD=1%ISR=107%TI=Z%CI=I%TS=8
110. OS:)OPS(O1=M5B4ST11NW7%O2=M5B4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B
111. OS:4ST11NW7%O6=M5B4ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120%W5=7120%W6=7120
112. OS:)ECN(R=Y%DF=Y%T=3C%W=7210%O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=3C%S=O%A=S+
113. OS:%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=3C%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
114. OS:T5(R=Y%DF=Y%T=3C%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=3D%W=0%S=A%A
115. OS:=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=3C%IPL=164%UN=0%RIPL=G%RID=G%RIPC
116. OS:K=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=3D%CD=S)
117.  
118. Uptime guess: 10.169 days (since Thu Jul 13 01:07:15 2017)
119. Network Distance: 11 hops
120. TCP Sequence Prediction: Difficulty=264 (Good luck!)
121. IP ID Sequence Generation: All zeros
122.  
123. Host script results:
124. | dns-blacklist:
125. | SPAM
126. |_ bl.nszones.com - SPAM
127. |_dns-brute: Can't guess domain of "185.61.137.160"; use dns-brute.domain script argument.
128. |_whois-ip: ERROR: Script execution failed (use -d to debug)
129.  
130. Read data files from: /usr/bin/../share/nmap
131. OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
132. # Nmap done at Sun Jul 23 2017 -- 1 IP address (1 host up) scanned in 292.95 seconds