Nmap Scan Help

No explicit questions like "how do I hack xxx.com" please!
Post Reply
z3mwaz
suck-o-fied!
suck-o-fied!
Posts: 85
Joined: 23 Jul 2006, 16:00
14
Location: Texas
Contact:

Nmap Scan Help

Post by z3mwaz »

Ok, I'm doin a Pen Test For my contractor and doing a Black box scan where i know nothing about the internals, with no access to their physical system.
I used nmaps before but its was in a controled network i.e. my own, and the results are a little confussing.

+Nmap Results- Edited for security reasons+

Starting Nmap 4.11 ( http://www.insecure.org/nmap ) at 20**-0*-1* 03:14 Central Standard Time

...

No exact OS matches for host (If you know what OS is running on it, see http://
ww.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=4.11%P=i686-pc-windows-windows%D=9/21%Tm=45128356%O=80%C=113)
TSeq(Class=TR%IPID=RD%TS=U)
T1(Resp=Y%DF=N%W=1FFE%ACK=S++%Flags=AS%Ops=ME)
T1(Resp=N)
T1(Resp=Y%DF=N%W=1FFE%ACK=S++%Flags=AS%Ops=ME)
T2(Resp=N)
T2(Resp=N)
T3(Resp=N)
T3(Resp=N)
T4(Resp=N)
T4(Resp=N)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T5(Resp=N)
T6(Resp=N)
T6(Resp=N)
T7(Resp=N)
T7(Resp=N)
PU(Resp=N)
PU(Resp=N)


Is this show a possible Windows box?
It is a web server.
“Yes, I am a criminal. My crime is that of curiosity.”

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
15
Location: Michigan USA
Contact:

Post by DNR »

if you know its a webserver, what are the http banners (could be forged).

you can run a vuln scanner on the port 80 to fingerprint the os based on what sploits work.

pen testing for a contractor?

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

z3mwaz
suck-o-fied!
suck-o-fied!
Posts: 85
Joined: 23 Jul 2006, 16:00
14
Location: Texas
Contact:

Post by z3mwaz »

The banners show its running ISS 6.0 so i'm looking in to that right now
Thanks



Pen tesing for a contractor...

i get jobs through my bother-in-laws company, and i work to find vulnerablities, then write a report stateing my find the the systam admin.

i like the jobs since i have a "Get Out Of Jail Free Card", meaning that if my actions are found i wont get into any trouble.
If i'm caught I have to say so in my reports to the company.
It makes them feel Good knowing that the caught my activity
“Yes, I am a criminal. My crime is that of curiosity.”

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11574
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

nmap is overrated anyway imo...it's pretty easy to confuse it, so don't rely only on what a nmap scan says. always use different scanners to proof the results, good ones are superscan4 and amap....and always do full scans of the well known ports at least, you can identify OSs by knowing what mailserver is running on it too for example... :wink:

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
15
Location: Michigan USA
Contact:

network security teams

Post by DNR »

What you need to do is share some of that business with your close friends here :wink:

Network security has many levels and so many different ways to exploit it. I liked the secure network server room a company built, it had biometric entry devices, it had top notch software and firewalls. The only problem is they did not remove the fire sprinklers that were in the ceiling, someone hit the fire alarm and activated the sprinklers for the floor, hence the secure server room.

Network security groups consist of individual members that have their purpose and skills. You need hackers that specialize in their NOS/OS/protocols, you need a salesman/project manager, you need a speaker. You can't hand a customer a stack of printout with numbers on them anymore, it has no value. A presentation of risk, values, and policies has to be given in plain speak. You have to convince the customer to pay you to (re)structure their network, thats where the real money is.

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

Post Reply