Nmap Scan Help

[z3mwaz]

Ok, I'm doin a Pen Test For my contractor and doing a Black box scan where i know nothing about the internals, with no access to their physical system.
I used nmaps before but its was in a controled network i.e. my own, and the results are a little confussing.

+Nmap Results- Edited for security reasons+

Starting Nmap 4.11 ( http://www.insecure.org/nmap ) at 20**-0*-1* 03:14 Central Standard Time

...

No exact OS matches for host (If you know what OS is running on it, see http://
ww.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=4.11%P=i686-pc-windows-windows%D=9/21%Tm=45128356%O=80%C=113)
TSeq(Class=TR%IPID=RD%TS=U)
T1(Resp=Y%DF=N%W=1FFE%ACK=S++%Flags=AS%Ops=ME)
T1(Resp=N)
T1(Resp=Y%DF=N%W=1FFE%ACK=S++%Flags=AS%Ops=ME)
T2(Resp=N)
T2(Resp=N)
T3(Resp=N)
T3(Resp=N)
T4(Resp=N)
T4(Resp=N)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T5(Resp=N)
T6(Resp=N)
T6(Resp=N)
T7(Resp=N)
T7(Resp=N)
PU(Resp=N)
PU(Resp=N)


Is this show a possible Windows box?
It is a web server.

[DNR]

if you know its a webserver, what are the http banners (could be forged).

you can run a vuln scanner on the port 80 to fingerprint the os based on what sploits work.

pen testing for a contractor?

DNR

[z3mwaz]

The banners show its running ISS 6.0 so i'm looking in to that right now
Thanks



Pen tesing for a contractor...

i get jobs through my bother-in-laws company, and i work to find vulnerablities, then write a report stateing my find the the systam admin.

i like the jobs since i have a "Get Out Of Jail Free Card", meaning that if my actions are found i wont get into any trouble.
If i'm caught I have to say so in my reports to the company.
It makes them feel Good knowing that the caught my activity

[bad_brain]

nmap is overrated anyway imo...it's pretty easy to confuse it, so don't rely only on what a nmap scan says. always use different scanners to proof the results, good ones are superscan4 and amap....and always do full scans of the well known ports at least, you can identify OSs by knowing what mailserver is running on it too for example...

[DNR]

What you need to do is share some of that business with your close friends here

Network security has many levels and so many different ways to exploit it. I liked the secure network server room a company built, it had biometric entry devices, it had top notch software and firewalls. The only problem is they did not remove the fire sprinklers that were in the ceiling, someone hit the fire alarm and activated the sprinklers for the floor, hence the secure server room.

Network security groups consist of individual members that have their purpose and skills. You need hackers that specialize in their NOS/OS/protocols, you need a salesman/project manager, you need a speaker. You can't hand a customer a stack of printout with numbers on them anymore, it has no value. A presentation of risk, values, and policies has to be given in plain speak. You have to convince the customer to pay you to (re)structure their network, thats where the real money is.

DNR