Senin, 30 Januari 2012

scanning with information gatherin technique

in this method i use nmap, zenmap, netifera, wireshark, sites target is:
is2c-dojo.com
is2c-dojo.net
spentera.com

the first must i do is pinging to them..
root@cupenk:~# ping is2c-dojo.net
PING is2c-dojo.net (216.239.38.21) 56(84) bytes of data.
64 bytes from any-in-2615.1e100.net (216.239.38.21): icmp_seq=1 ttl=52 time=40.3 ms
64 bytes from any-in-2615.1e100.net (216.239.38.21): icmp_seq=2 ttl=52 time=40.8 ms
64 bytes from any-in-2615.1e100.net (216.239.38.21): icmp_seq=3 ttl=52 time=40.1 ms
^C
--- is2c-dojo.net ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 40.176/40.469/40.899/0.351 ms
root@cupenk:~# ping is2c-dojo.com
PING is2c-dojo.com (67.222.154.106) 56(84) bytes of data.
^C
--- is2c-dojo.com ping statistics ---
14 packets transmitted, 0 received, 100% packet loss, time 12999ms

root@cupenk:~# ping spentera.com
PING spentera.com (74.81.66.104) 56(84) bytes of data.
^C
--- spentera.com ping statistics ---
14 packets transmitted, 0 received, 100% packet loss, time 13102ms

just is2c-dojo.net can be comunication.
ok next i scan is2c-dojo.net with nmap gui version with syntax => nmap -T4 -A -v is2c-dojo.net:
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-31 11:42 WIT
NSE: Loaded 87 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 11:42
Scanning is2c-dojo.net (216.239.36.21) [4 ports]
Completed Ping Scan at 11:42, 0.11s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 11:42
Completed Parallel DNS resolution of 1 host. at 11:42, 0.21s elapsed
Initiating SYN Stealth Scan at 11:42
Scanning is2c-dojo.net (216.239.36.21) [1000 ports]
Discovered open port 80/tcp on 216.239.36.21
Completed SYN Stealth Scan at 11:43, 49.08s elapsed (1000 total ports)
Initiating Service scan at 11:43
Scanning 1 service on is2c-dojo.net (216.239.36.21)
Completed Service scan at 11:43, 13.98s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against is2c-dojo.net (216.239.36.21)
Retrying OS detection (try #2) against is2c-dojo.net (216.239.36.21)
Initiating Traceroute at 11:43
Completed Traceroute at 11:43, 0.28s elapsed
Initiating Parallel DNS resolution of 6 hosts. at 11:43
Completed Parallel DNS resolution of 6 hosts. at 11:43, 0.07s elapsed
NSE: Script scanning 216.239.36.21.
Initiating NSE at 11:43
Completed NSE at 11:44, 14.23s elapsed
Nmap scan report for is2c-dojo.net (216.239.36.21)
Host is up (0.62s latency).
Other addresses for is2c-dojo.net (not scanned): 216.239.38.21 216.239.32.21 216.239.34.21
rDNS record for 216.239.36.21: any-in-2415.1e100.net
Not shown: 998 filtered ports
PORT    STATE  SERVICE VERSION
80/tcp  open   http    Google httpd 2.0 (GFE)
|_http-methods: No Allow or Public header in OPTIONS response (status code 301)
| http-title: 301 Moved
|_Did not follow redirect to http://www.is2c-dojo.net/
113/tcp closed ident
Device type: WAP|general purpose
Running (JUST GUESSING): Netgear embedded (86%), OpenBSD 3.X|4.X (85%)
OS CPE: cpe:/o:openbsd:openbsd:3 cpe:/o:openbsd:openbsd:4
Aggressive OS guesses: Netgear WGR614v7 wireless broadband router (86%), OpenBSD 3.8 - 4.6 (85%), OpenBSD 4.3 (85%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 0.000 days (since Tue Jan 31 11:43:52 2012)
Network Distance: 6 hops
TCP Sequence Prediction: Difficulty=252 (Good luck!)
IP ID Sequence Generation: Randomized
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

TRACEROUTE (using port 113/tcp)
HOP RTT       ADDRESS
1   2.68 ms   192.168.4.1
2   6.34 ms   202.162.33.49
3   6.30 ms   202.162.38.74
4   15.09 ms  202.162.38.205
5   31.31 ms  ip-117-1.mcs.internet.exchange (119.110.117.1)
6   280.43 ms any-in-2415.1e100.net (216.239.36.21)

NSE: Script Post-scanning.
Read data files from: /usr/local/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 93.92 seconds
           Raw packets sent: 3104 (140.644KB) | Rcvd: 96 (4.984KB)

service running port 80 http by google. its blogger.
terminal:
root@cupenk:~# nmap -Pn -sS -A is2c.dojo.net

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-31 12:06 WIT
Nmap scan report for is2c.dojo.net (173.212.56.201)
Host is up (0.34s latency).
Not shown: 999 filtered ports
PORT   STATE SERVICE VERSION
80/tcp open  http    Apache httpd 2.2.3 ((CentOS))
| http-robots.txt: 2 disallowed entries 
|_/click.php /result.php
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
|_http-title: dojo.net
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Linux 2.6.X (88%)
OS CPE: cpe:/o:linux:kernel:2.6
Aggressive OS guesses: Linux 2.6.9 - 2.6.18 (88%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 13 hops

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   3.07 ms   192.168.4.1
2   4.13 ms   202.162.33.49
3   4.11 ms   202.162.38.74
4   4.86 ms   118.97.5.229
5   30.86 ms  118.subnet118-98-56.astinet.telkom.net.id (118.98.56.118)
6   29.97 ms  30.subnet118-98-58.astinet.telkom.net.id (118.98.58.30)
7   29.07 ms  30.190.240.180.telin.sg (180.240.190.30)
8   43.72 ms  58.27.14.57
9   ...
10  353.55 ms ae3-155.lon25.ip4.tinet.net (77.67.75.149)
11  341.05 ms xe-0-1-0.dal33.ip4.tinet.net (89.149.183.214)
12  343.18 ms hunt-brothers-of-louisiana.ip4.tinet.net (77.67.71.226)
13  342.95 ms 173.212.56.201

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 61.03 seconds

try scan with netifera;
on netifera i can see directory from is2c.dojo.net

try again with wireshark:



Information Gathering

first step in phase hacking is information gathering, information gathering is step to find information about target. information that founded on this step is risk, cause next step be able to done if we have some information about target.
in this my article i will examine some tools that use on information gathering.
=> nmap
=> zenmap
=> autoscan
=> wireshark
=> netifera
nmap and zenmap familiar tools, many people use for getting information about running system network. if we use it we will found information about open port, network or host identity, running service on system, bla bla bla..
nmap very easy to use. if terminal base you can input syntax #nmap -h, this syntax show option about nmap. for example i scanning my local network:

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-28 19:29 WIT
NSE: Loaded 87 scripts for scanning.
NSE: Script Pre-scanning.
Initiating ARP Ping Scan at 19:29
Scanning 92 hosts [1 port/host]
Completed ARP Ping Scan at 19:29, 0.87s elapsed (92 total hosts)
Initiating Parallel DNS resolution of 92 hosts. at 19:29
Completed Parallel DNS resolution of 92 hosts. at 19:29, 13.00s elapsed
Nmap scan report for 192.168.0.1 [host down]
Nmap scan report for 192.168.0.2 [host down]
Nmap scan report for 192.168.0.3 [host down]
Nmap scan report for 192.168.0.4 [host down]
Nmap scan report for 192.168.0.5 [host down]
Nmap scan report for 192.168.0.6 [host down]
Nmap scan report for 192.168.0.7 [host down]
Nmap scan report for 192.168.0.8 [host down]
Nmap scan report for 192.168.0.9 [host down]
Nmap scan report for 192.168.0.10 [host down]
Nmap scan report for 192.168.0.11 [host down]
Nmap scan report for 192.168.0.12 [host down]
Nmap scan report for 192.168.0.13 [host down]
Nmap scan report for 192.168.0.14 [host down]
Nmap scan report for 192.168.0.15 [host down]
Nmap scan report for 192.168.0.16 [host down]
Nmap scan report for 192.168.0.17 [host down]
Nmap scan report for 192.168.0.18 [host down]
Nmap scan report for 192.168.0.19 [host down]
Nmap scan report for 192.168.0.20 [host down]
Nmap scan report for 192.168.0.22 [host down]
Nmap scan report for 192.168.0.23 [host down]
Nmap scan report for 192.168.0.24 [host down]
Nmap scan report for 192.168.0.25 [host down]
Nmap scan report for 192.168.0.26 [host down]
Nmap scan report for 192.168.0.27 [host down]
Nmap scan report for 192.168.0.28 [host down]
Nmap scan report for 192.168.0.29 [host down]
Nmap scan report for 192.168.0.30 [host down]
Nmap scan report for 192.168.0.31 [host down]
Nmap scan report for 192.168.0.32 [host down]
Nmap scan report for 192.168.0.33 [host down]
Nmap scan report for 192.168.0.34 [host down]
Nmap scan report for 192.168.0.35 [host down]
Nmap scan report for 192.168.0.36 [host down]
Nmap scan report for 192.168.0.37 [host down]
Nmap scan report for 192.168.0.38 [host down]
Nmap scan report for 192.168.0.39 [host down]
Nmap scan report for 192.168.0.41 [host down]
Nmap scan report for 192.168.0.42 [host down]
Nmap scan report for 192.168.0.43 [host down]
Nmap scan report for 192.168.0.44 [host down]
Nmap scan report for 192.168.0.45 [host down]
Nmap scan report for 192.168.0.46 [host down]
Nmap scan report for 192.168.0.47 [host down]
Nmap scan report for 192.168.0.48 [host down]
Nmap scan report for 192.168.0.49 [host down]
Nmap scan report for 192.168.0.50 [host down]
Nmap scan report for 192.168.0.51 [host down]
Nmap scan report for 192.168.0.52 [host down]
Nmap scan report for 192.168.0.53 [host down]
Nmap scan report for 192.168.0.54 [host down]
Nmap scan report for 192.168.0.55 [host down]
Nmap scan report for 192.168.0.56 [host down]
Nmap scan report for 192.168.0.57 [host down]
Nmap scan report for 192.168.0.58 [host down]
Nmap scan report for 192.168.0.59 [host down]
Nmap scan report for 192.168.0.60 [host down]
Nmap scan report for 192.168.0.61 [host down]
Nmap scan report for 192.168.0.62 [host down]
Nmap scan report for 192.168.0.64 [host down]
Nmap scan report for 192.168.0.65 [host down]
Nmap scan report for 192.168.0.66 [host down]
Nmap scan report for 192.168.0.67 [host down]
Nmap scan report for 192.168.0.68 [host down]
Nmap scan report for 192.168.0.69 [host down]
Nmap scan report for 192.168.0.70 [host down]
Nmap scan report for 192.168.0.71 [host down]
Nmap scan report for 192.168.0.72 [host down]
Nmap scan report for 192.168.0.73 [host down]
Nmap scan report for 192.168.0.74 [host down]
Nmap scan report for 192.168.0.75 [host down]
Nmap scan report for 192.168.0.76 [host down]
Nmap scan report for 192.168.0.77 [host down]
Nmap scan report for 192.168.0.78 [host down]
Nmap scan report for 192.168.0.79 [host down]
Nmap scan report for 192.168.0.80 [host down]
Nmap scan report for 192.168.0.81 [host down]
Nmap scan report for 192.168.0.82 [host down]
Nmap scan report for 192.168.0.83 [host down]
Nmap scan report for 192.168.0.84 [host down]
Nmap scan report for 192.168.0.85 [host down]
Nmap scan report for 192.168.0.86 [host down]
Nmap scan report for 192.168.0.87 [host down]
Nmap scan report for 192.168.0.92 [host down]
Initiating Parallel DNS resolution of 1 host. at 19:29
Completed Parallel DNS resolution of 1 host. at 19:30, 13.00s elapsed
Initiating SYN Stealth Scan at 19:30
Scanning 7 hosts [1000 ports/host]
Discovered open port 445/tcp on 192.168.0.91
Discovered open port 445/tcp on 192.168.0.88
Discovered open port 445/tcp on 192.168.0.21
Discovered open port 445/tcp on 192.168.0.89
Discovered open port 445/tcp on 192.168.0.90
Discovered open port 22/tcp on 192.168.0.40
Discovered open port 22/tcp on 192.168.0.21
Discovered open port 139/tcp on 192.168.0.91
Discovered open port 139/tcp on 192.168.0.21
Discovered open port 139/tcp on 192.168.0.90
Discovered open port 139/tcp on 192.168.0.88
Discovered open port 139/tcp on 192.168.0.89
Discovered open port 80/tcp on 192.168.0.40
Discovered open port 80/tcp on 192.168.0.21
Discovered open port 6566/tcp on 192.168.0.40
Discovered open port 10000/tcp on 192.168.0.21
Discovered open port 902/tcp on 192.168.0.89
Discovered open port 902/tcp on 192.168.0.88
Discovered open port 902/tcp on 192.168.0.90
Discovered open port 902/tcp on 192.168.0.91
Completed SYN Stealth Scan against 192.168.0.21 in 0.29s (6 hosts left)
Completed SYN Stealth Scan against 192.168.0.40 in 0.29s (5 hosts left)
Completed SYN Stealth Scan against 192.168.0.88 in 0.29s (4 hosts left)
Completed SYN Stealth Scan against 192.168.0.89 in 0.29s (3 hosts left)
Completed SYN Stealth Scan against 192.168.0.90 in 0.29s (2 hosts left)
Completed SYN Stealth Scan against 192.168.0.91 in 0.29s (1 host left)
Completed SYN Stealth Scan at 19:30, 2.99s elapsed (7000 total ports)
Initiating Service scan at 19:30
Scanning 20 services on 7 hosts
Completed Service scan at 19:30, 20.01s elapsed (20 services on 7 hosts)
Initiating OS detection (try #1) against 7 hosts
Retrying OS detection (try #2) against 2 hosts
Retrying OS detection (try #3) against 192.168.0.40
Retrying OS detection (try #4) against 192.168.0.40
Retrying OS detection (try #5) against 192.168.0.40
NSE: Script scanning 7 hosts.
Initiating NSE at 19:30
Completed NSE at 19:30, 1.94s elapsed
Nmap scan report for 192.168.0.21
Host is up (0.00045s latency).
Not shown: 995 closed ports
PORT      STATE SERVICE     VERSION
22/tcp    open  ssh         OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)
| ssh-hostkey: 1024 e4:46:40:bf:e6:29:ac:c6:00:e2:b2:a3:e1:50:90:3c (DSA)
|_2048 10:cc:35:45:8e:f2:7a:a1:cc:db:a0:e8:bf:c7:73:3d (RSA)
80/tcp    open  http        Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6)
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
|_http-title: Site doesn't have a title (text/html).
139/tcp   open  netbios-ssn Samba smbd 3.X (workgroup: MSHOME)
445/tcp   open  netbios-ssn Samba smbd 3.X (workgroup: MSHOME)
10000/tcp open  http        MiniServ 0.01 (Webmin httpd)
|_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
|_http-favicon: Unknown favicon MD5: 1F4BAEFFD3C738F5BEDC24B7B6B43285
MAC Address: 08:00:27:F9:C1:BB (Cadmus Computer Systems)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6.22
OS details: Linux 2.6.22 (embedded, ARM)
Uptime guess: 0.136 days (since Sat Jan 28 16:14:27 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=210 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

Host script results:
| smb-security-mode:
|   Account that was used for smb scripts: <blank>
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
| nbstat:
|   NetBIOS name: UBUNTUVM, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     UBUNTUVM<00>         Flags: <unique><active>
|     UBUNTUVM<03>         Flags: <unique><active>
|     UBUNTUVM<20>         Flags: <unique><active>
|     \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
|     MSHOME<1d>           Flags: <unique><active>
|     MSHOME<1e>           Flags: <group><active>
|_    MSHOME<00>           Flags: <group><active>
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
|   OS: Unix (Samba 3.0.26a)
|   Computer name: ubuntuvm
|   Domain name: nsdlab
|   FQDN: ubuntuvm.NSDLAB
|   NetBIOS computer name:
|_  System time: 2012-01-29 02:30:57 UTC-6

TRACEROUTE
HOP RTT     ADDRESS
1   0.45 ms 192.168.0.21

Nmap scan report for 192.168.0.40
Host is up (0.00023s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE    VERSION
22/tcp   open  ssh        OpenSSH 5.5p1 Debian 4ubuntu6 (protocol 2.0)
| ssh-hostkey: 1024 1b:bc:bb:7c:5d:22:57:10:e0:1e:b1:e0:da:ab:5e:7e (DSA)
|_2048 d1:7d:e9:a8:58:83:f6:1c:82:b4:f1:98:2d:7f:58:30 (RSA)
80/tcp   open  http       Apache httpd 2.2.16 ((Ubuntu))
|_http-title: Index of /
|_http-methods: GET HEAD POST OPTIONS
6566/tcp open  tcpwrapped
MAC Address: 10:78:D2:36:65:A4 (Elitegroup Computer System CO.)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=5.61TEST4%E=4%D=1/28%OT=22%CT=1%CU=37840%PV=Y%DS=1%DC=D%G=Y%M=107
OS:8D2%TM=4F23EA7C%P=i686-pc-linux-gnu)SEQ(SP=104%GCD=1%ISR=10A%TI=Z%CI=Z%I
OS:I=I%TS=8)OPS(O1=M5B4ST11NW6%O2=M5B4ST11NW6%O3=M5B4NNT11NW6%O4=M5B4ST11NW
OS:6%O5=M5B4ST11NW6%O6=M5B4ST11)WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0
OS:%W6=16A0)ECN(R=Y%DF=Y%T=41%W=16D0%O=M5B4NNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=41%
OS:S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=Y%DF=Y%T=41%W=16A0%S=O%A=S+%F=AS%O=M5B
OS:4ST11NW6%RD=0%Q=)T4(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y
OS:%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R%O=%R
OS:D=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=41%IP
OS:L=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=41%CD=S)

Uptime guess: 1.237 days (since Fri Jan 27 13:49:38 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=260 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

TRACEROUTE
HOP RTT     ADDRESS
1   0.23 ms 192.168.0.40

Nmap scan report for 192.168.0.63
Host is up (0.0013s latency).
All 1000 scanned ports on 192.168.0.63 are filtered
MAC Address: 08:00:27:A2:A6:32 (Cadmus Computer Systems)
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop

TRACEROUTE
HOP RTT     ADDRESS
1   1.29 ms 192.168.0.63

Nmap scan report for 192.168.0.88
Host is up (0.00035s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE         VERSION
139/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open  ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 00:23:8B:F6:C6:B7 (Quanta Computer)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.038 days (since Sat Jan 28 18:35:55 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=196 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
| smb-security-mode:
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
| nbstat:
|   NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     BT<00>               Flags: <unique><active>
|     BT<03>               Flags: <unique><active>
|     BT<20>               Flags: <unique><active>
|     \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
|     WORKGROUP<1d>        Flags: <unique><active>
|     WORKGROUP<1e>        Flags: <group><active>
|_    WORKGROUP<00>        Flags: <group><active>
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
|   OS: Unix (Samba 3.4.7)
|   Computer name: bt
|   Domain name: foo.org
|   FQDN: bt.foo.org
|   NetBIOS computer name:
|_  System time: 2012-01-28 19:30:50 UTC+7

TRACEROUTE
HOP RTT     ADDRESS
1   0.35 ms 192.168.0.88

Nmap scan report for 192.168.0.89
Host is up (0.00033s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE         VERSION
139/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open  ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 00:1D:72:1A:56:9C (Wistron)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.205 days (since Sat Jan 28 14:35:40 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=189 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
| smb-security-mode:
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| nbstat:
|   NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     BT<00>               Flags: <unique><active>
|     BT<03>               Flags: <unique><active>
|     BT<20>               Flags: <unique><active>
|     \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
|     WORKGROUP<1d>        Flags: <unique><active>
|     WORKGROUP<1e>        Flags: <group><active>
|_    WORKGROUP<00>        Flags: <group><active>
| smb-os-discovery:
|   OS: Unix (Samba 3.4.7)
|   Computer name: bt
|   Domain name: foo.org
|   FQDN: bt.foo.org
|   NetBIOS computer name:
|_  System time: 2012-01-28 19:33:52 UTC+7

TRACEROUTE
HOP RTT     ADDRESS
1   0.33 ms 192.168.0.89

Nmap scan report for 192.168.0.90
Host is up (0.00023s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE         VERSION
139/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open  ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 70:5A:B6:17:33:40 (Compal Information (kunshan) CO.)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.028 days (since Sat Jan 28 18:50:25 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=195 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
| smb-security-mode:
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| nbstat:
|   NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     BT<00>               Flags: <unique><active>
|     BT<03>               Flags: <unique><active>
|     BT<20>               Flags: <unique><active>
|     \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
|     WORKGROUP<1d>        Flags: <unique><active>
|     WORKGROUP<1e>        Flags: <group><active>
|_    WORKGROUP<00>        Flags: <group><active>
| smb-os-discovery:
|   OS: Unix (Samba 3.4.7)
|   Computer name: bt
|   Domain name: foo.org
|   FQDN: bt.foo.org
|   NetBIOS computer name:
|_  System time: 2012-01-28 19:30:31 UTC+7

TRACEROUTE
HOP RTT     ADDRESS
1   0.23 ms 192.168.0.90

Nmap scan report for 192.168.0.91
Host is up (0.00026s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE         VERSION
139/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open  ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 00:23:5A:EF:0D:A2 (Compal Information (kunshan) CO.)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.026 days (since Sat Jan 28 18:53:12 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=208 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-security-mode:
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
| nbstat:
|   NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     BT<00>               Flags: <unique><active>
|     BT<03>               Flags: <unique><active>
|     BT<20>               Flags: <unique><active>
|     \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
|     WORKGROUP<1d>        Flags: <unique><active>
|     WORKGROUP<1e>        Flags: <group><active>
|_    WORKGROUP<00>        Flags: <group><active>
| smb-os-discovery:
|   OS: Unix (Samba 3.4.7)
|   Computer name: bt
|   Domain name: foo.org
|   FQDN: bt.foo.org
|   NetBIOS computer name:
|_  System time: 2012-01-28 19:30:50 UTC+7

TRACEROUTE
HOP RTT     ADDRESS
1   0.26 ms 192.168.0.91

Initiating ARP Ping Scan at 19:30
Scanning 162 hosts [1 port/host]
Completed ARP Ping Scan at 19:30, 1.48s elapsed (162 total hosts)
Initiating Parallel DNS resolution of 162 hosts. at 19:30
Completed Parallel DNS resolution of 162 hosts. at 19:31, 13.00s elapsed
Nmap scan report for 192.168.0.94 [host down]
Nmap scan report for 192.168.0.95 [host down]
Nmap scan report for 192.168.0.96 [host down]
Nmap scan report for 192.168.0.97 [host down]
Initiating SYN Stealth Scan at 19:31
Scanning 192.168.0.93 [1000 ports]
Completed SYN Stealth Scan at 19:31, 0.10s elapsed (1000 total ports)
Initiating Service scan at 19:31
Initiating OS detection (try #1) against 192.168.0.93
Retrying OS detection (try #2) against 192.168.0.93
NSE: Script scanning 192.168.0.93.
Initiating NSE at 19:31
Completed NSE at 19:31, 0.00s elapsed
Nmap scan report for 192.168.0.93
Host is up (0.000077s latency).
All 1000 scanned ports on 192.168.0.93 are closed
Too many fingerprints match this host to give specific OS details
Network Distance: 0 hops

Nmap scan report for 192.168.0.101 [host down]
Nmap scan report for 192.168.0.106 [host down]
Nmap scan report for 192.168.0.107 [host down]
Nmap scan report for 192.168.0.108 [host down]
Nmap scan report for 192.168.0.109 [host down]
Nmap scan report for 192.168.0.110 [host down]
Nmap scan report for 192.168.0.111 [host down]
Nmap scan report for 192.168.0.112 [host down]
Nmap scan report for 192.168.0.113 [host down]
Nmap scan report for 192.168.0.114 [host down]
Nmap scan report for 192.168.0.115 [host down]
Nmap scan report for 192.168.0.116 [host down]
Nmap scan report for 192.168.0.117 [host down]
Nmap scan report for 192.168.0.118 [host down]
Nmap scan report for 192.168.0.119 [host down]
Nmap scan report for 192.168.0.120 [host down]
Nmap scan report for 192.168.0.121 [host down]
Nmap scan report for 192.168.0.122 [host down]
Nmap scan report for 192.168.0.123 [host down]
Nmap scan report for 192.168.0.124 [host down]
Nmap scan report for 192.168.0.125 [host down]
Nmap scan report for 192.168.0.126 [host down]
Nmap scan report for 192.168.0.127 [host down]
Nmap scan report for 192.168.0.128 [host down]
Nmap scan report for 192.168.0.129 [host down]
Nmap scan report for 192.168.0.130 [host down]
Nmap scan report for 192.168.0.131 [host down]
Nmap scan report for 192.168.0.132 [host down]
Nmap scan report for 192.168.0.133 [host down]
Nmap scan report for 192.168.0.134 [host down]
Nmap scan report for 192.168.0.135 [host down]
Nmap scan report for 192.168.0.136 [host down]
Nmap scan report for 192.168.0.137 [host down]
Nmap scan report for 192.168.0.138 [host down]
Nmap scan report for 192.168.0.139 [host down]
Nmap scan report for 192.168.0.140 [host down]
Nmap scan report for 192.168.0.141 [host down]
Nmap scan report for 192.168.0.142 [host down]
Nmap scan report for 192.168.0.143 [host down]
Nmap scan report for 192.168.0.144 [host down]
Nmap scan report for 192.168.0.145 [host down]
Nmap scan report for 192.168.0.146 [host down]
Nmap scan report for 192.168.0.147 [host down]
Nmap scan report for 192.168.0.148 [host down]
Nmap scan report for 192.168.0.149 [host down]
Nmap scan report for 192.168.0.150 [host down]
Nmap scan report for 192.168.0.151 [host down]
Nmap scan report for 192.168.0.152 [host down]
Nmap scan report for 192.168.0.153 [host down]
Nmap scan report for 192.168.0.154 [host down]
Nmap scan report for 192.168.0.155 [host down]
Nmap scan report for 192.168.0.156 [host down]
Nmap scan report for 192.168.0.157 [host down]
Nmap scan report for 192.168.0.158 [host down]
Nmap scan report for 192.168.0.159 [host down]
Nmap scan report for 192.168.0.160 [host down]
Nmap scan report for 192.168.0.161 [host down]
Nmap scan report for 192.168.0.162 [host down]
Nmap scan report for 192.168.0.163 [host down]
Nmap scan report for 192.168.0.164 [host down]
Nmap scan report for 192.168.0.165 [host down]
Nmap scan report for 192.168.0.166 [host down]
Nmap scan report for 192.168.0.167 [host down]
Nmap scan report for 192.168.0.168 [host down]
Nmap scan report for 192.168.0.169 [host down]
Nmap scan report for 192.168.0.170 [host down]
Nmap scan report for 192.168.0.171 [host down]
Nmap scan report for 192.168.0.172 [host down]
Nmap scan report for 192.168.0.173 [host down]
Nmap scan report for 192.168.0.174 [host down]
Nmap scan report for 192.168.0.175 [host down]
Nmap scan report for 192.168.0.176 [host down]
Nmap scan report for 192.168.0.177 [host down]
Nmap scan report for 192.168.0.178 [host down]
Nmap scan report for 192.168.0.179 [host down]
Nmap scan report for 192.168.0.180 [host down]
Nmap scan report for 192.168.0.181 [host down]
Nmap scan report for 192.168.0.182 [host down]
Nmap scan report for 192.168.0.183 [host down]
Nmap scan report for 192.168.0.184 [host down]
Nmap scan report for 192.168.0.185 [host down]
Nmap scan report for 192.168.0.186 [host down]
Nmap scan report for 192.168.0.187 [host down]
Nmap scan report for 192.168.0.188 [host down]
Nmap scan report for 192.168.0.189 [host down]
Nmap scan report for 192.168.0.190 [host down]
Nmap scan report for 192.168.0.191 [host down]
Nmap scan report for 192.168.0.192 [host down]
Nmap scan report for 192.168.0.193 [host down]
Nmap scan report for 192.168.0.194 [host down]
Nmap scan report for 192.168.0.195 [host down]
Nmap scan report for 192.168.0.196 [host down]
Nmap scan report for 192.168.0.197 [host down]
Nmap scan report for 192.168.0.198 [host down]
Nmap scan report for 192.168.0.199 [host down]
Nmap scan report for 192.168.0.200 [host down]
Nmap scan report for 192.168.0.201 [host down]
Nmap scan report for 192.168.0.202 [host down]
Nmap scan report for 192.168.0.203 [host down]
Nmap scan report for 192.168.0.204 [host down]
Nmap scan report for 192.168.0.205 [host down]
Nmap scan report for 192.168.0.206 [host down]
Nmap scan report for 192.168.0.207 [host down]
Nmap scan report for 192.168.0.208 [host down]
Nmap scan report for 192.168.0.209 [host down]
Nmap scan report for 192.168.0.210 [host down]
Nmap scan report for 192.168.0.211 [host down]
Nmap scan report for 192.168.0.212 [host down]
Nmap scan report for 192.168.0.213 [host down]
Nmap scan report for 192.168.0.214 [host down]
Nmap scan report for 192.168.0.215 [host down]
Nmap scan report for 192.168.0.216 [host down]
Nmap scan report for 192.168.0.217 [host down]
Nmap scan report for 192.168.0.218 [host down]
Nmap scan report for 192.168.0.219 [host down]
Nmap scan report for 192.168.0.220 [host down]
Nmap scan report for 192.168.0.221 [host down]
Nmap scan report for 192.168.0.222 [host down]
Nmap scan report for 192.168.0.223 [host down]
Nmap scan report for 192.168.0.224 [host down]
Nmap scan report for 192.168.0.225 [host down]
Nmap scan report for 192.168.0.226 [host down]
Nmap scan report for 192.168.0.227 [host down]
Nmap scan report for 192.168.0.228 [host down]
Nmap scan report for 192.168.0.229 [host down]
Nmap scan report for 192.168.0.230 [host down]
Nmap scan report for 192.168.0.231 [host down]
Nmap scan report for 192.168.0.232 [host down]
Nmap scan report for 192.168.0.233 [host down]
Nmap scan report for 192.168.0.234 [host down]
Nmap scan report for 192.168.0.235 [host down]
Nmap scan report for 192.168.0.236 [host down]
Nmap scan report for 192.168.0.237 [host down]
Nmap scan report for 192.168.0.238 [host down]
Nmap scan report for 192.168.0.239 [host down]
Nmap scan report for 192.168.0.240 [host down]
Nmap scan report for 192.168.0.241 [host down]
Nmap scan report for 192.168.0.242 [host down]
Nmap scan report for 192.168.0.243 [host down]
Nmap scan report for 192.168.0.244 [host down]
Nmap scan report for 192.168.0.245 [host down]
Nmap scan report for 192.168.0.246 [host down]
Nmap scan report for 192.168.0.247 [host down]
Nmap scan report for 192.168.0.248 [host down]
Nmap scan report for 192.168.0.249 [host down]
Nmap scan report for 192.168.0.250 [host down]
Nmap scan report for 192.168.0.251 [host down]
Nmap scan report for 192.168.0.252 [host down]
Nmap scan report for 192.168.0.253 [host down]
Nmap scan report for 192.168.0.254 [host down]
Nmap scan report for 192.168.0.255 [host down]
Initiating SYN Stealth Scan at 19:31
Scanning 7 hosts [1000 ports/host]
Discovered open port 445/tcp on 192.168.0.100
Discovered open port 445/tcp on 192.168.0.102
Discovered open port 445/tcp on 192.168.0.99
Discovered open port 445/tcp on 192.168.0.98
Discovered open port 445/tcp on 192.168.0.103
Discovered open port 445/tcp on 192.168.0.105
Discovered open port 445/tcp on 192.168.0.104
Discovered open port 139/tcp on 192.168.0.100
Discovered open port 139/tcp on 192.168.0.99
Discovered open port 139/tcp on 192.168.0.102
Discovered open port 139/tcp on 192.168.0.98
Discovered open port 139/tcp on 192.168.0.103
Discovered open port 139/tcp on 192.168.0.105
Discovered open port 139/tcp on 192.168.0.104
Discovered open port 902/tcp on 192.168.0.102
Discovered open port 902/tcp on 192.168.0.100
Discovered open port 902/tcp on 192.168.0.98
Discovered open port 902/tcp on 192.168.0.103
Discovered open port 902/tcp on 192.168.0.99
Discovered open port 902/tcp on 192.168.0.105
Discovered open port 902/tcp on 192.168.0.104
Completed SYN Stealth Scan against 192.168.0.98 in 0.30s (6 hosts left)
Completed SYN Stealth Scan against 192.168.0.99 in 0.30s (5 hosts left)
Completed SYN Stealth Scan against 192.168.0.100 in 0.30s (4 hosts left)
Completed SYN Stealth Scan against 192.168.0.102 in 0.30s (3 hosts left)
Completed SYN Stealth Scan against 192.168.0.103 in 0.30s (2 hosts left)
Completed SYN Stealth Scan against 192.168.0.104 in 0.30s (1 host left)
Completed SYN Stealth Scan at 19:31, 0.30s elapsed (7000 total ports)
Initiating Service scan at 19:31
Scanning 21 services on 7 hosts
Completed Service scan at 19:31, 11.02s elapsed (21 services on 7 hosts)
Initiating OS detection (try #1) against 7 hosts
NSE: Script scanning 7 hosts.
Initiating NSE at 19:31
Completed NSE at 19:31, 2.05s elapsed
Nmap scan report for 192.168.0.98
Host is up (0.00024s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE         VERSION
139/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open  ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 00:26:22:9B:AC:54 (Compal Information (kunshan) CO.)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.001 days (since Sat Jan 28 19:30:06 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=194 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-security-mode:
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
| nbstat:
|   NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     BT<00>               Flags: <unique><active>
|     BT<03>               Flags: <unique><active>
|     BT<20>               Flags: <unique><active>
|     \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
|     WORKGROUP<1d>        Flags: <unique><active>
|     WORKGROUP<1e>        Flags: <group><active>
|_    WORKGROUP<00>        Flags: <group><active>
| smb-os-discovery:
|   OS: Unix (Samba 3.4.7)
|   Computer name: bt
|   Domain name: foo.org
|   FQDN: bt.foo.org
|   NetBIOS computer name:
|_  System time: 2012-01-29 02:31:45 UTC+7

TRACEROUTE
HOP RTT     ADDRESS
1   0.24 ms 192.168.0.98

Nmap scan report for 192.168.0.99
Host is up (0.00034s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE         VERSION
139/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open  ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 60:EB:69:06:22:EC (Quanta computer)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.159 days (since Sat Jan 28 15:42:18 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=200 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
| smb-security-mode:
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
| nbstat:
|   NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     BT<00>               Flags: <unique><active>
|     BT<03>               Flags: <unique><active>
|     BT<20>               Flags: <unique><active>
|     \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
|     WORKGROUP<1d>        Flags: <unique><active>
|     WORKGROUP<1e>        Flags: <group><active>
|_    WORKGROUP<00>        Flags: <group><active>
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
|   OS: Unix (Samba 3.4.7)
|   Computer name: bt
|   Domain name: foo.org
|   FQDN: bt.foo.org
|   NetBIOS computer name:
|_  System time: 2012-01-29 02:31:23 UTC+7

TRACEROUTE
HOP RTT     ADDRESS
1   0.34 ms 192.168.0.99

Nmap scan report for 192.168.0.100
Host is up (0.00025s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE         VERSION
139/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open  ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 00:16:36:48:B4:93 (Quanta Computer)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.136 days (since Sat Jan 28 16:15:29 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=198 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
| nbstat:
|   NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     BT<00>               Flags: <unique><active>
|     BT<03>               Flags: <unique><active>
|     BT<20>               Flags: <unique><active>
|     \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
|     WORKGROUP<1d>        Flags: <unique><active>
|     WORKGROUP<1e>        Flags: <group><active>
|_    WORKGROUP<00>        Flags: <group><active>
| smb-security-mode:
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
|   OS: Unix (Samba 3.4.7)
|   Computer name: bt
|   Domain name: foo.org
|   FQDN: bt.foo.org
|   NetBIOS computer name:
|_  System time: 2012-01-28 19:25:47 UTC+7

TRACEROUTE
HOP RTT     ADDRESS
1   0.25 ms 192.168.0.100

Nmap scan report for 192.168.0.102
Host is up (0.00028s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE         VERSION
139/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open  ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 00:23:5A:2A:EB:2E (Compal Information (kunshan) CO.)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.036 days (since Sat Jan 28 18:39:38 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=197 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
| smb-security-mode:
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
| nbstat:
|   NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     BT<00>               Flags: <unique><active>
|     BT<03>               Flags: <unique><active>
|     BT<20>               Flags: <unique><active>
|     \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
|     WORKGROUP<1d>        Flags: <unique><active>
|     WORKGROUP<1e>        Flags: <group><active>
|_    WORKGROUP<00>        Flags: <group><active>
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
|   OS: Unix (Samba 3.4.7)
|   Computer name: bt
|   Domain name: foo.org
|   FQDN: bt.foo.org
|   NetBIOS computer name:
|_  System time: 2012-01-29 02:33:38 UTC+7

TRACEROUTE
HOP RTT     ADDRESS
1   0.28 ms 192.168.0.102

Nmap scan report for 192.168.0.103
Host is up (0.00020s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE         VERSION
139/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open  ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 54:04:A6:71:E7:E9 (Asustek Computer)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.147 days (since Sat Jan 28 15:59:20 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=193 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
| smb-security-mode:
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
| nbstat:
|   NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     BT<00>               Flags: <unique><active>
|     BT<03>               Flags: <unique><active>
|     BT<20>               Flags: <unique><active>
|     \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
|     WORKGROUP<1d>        Flags: <unique><active>
|     WORKGROUP<1e>        Flags: <group><active>
|_    WORKGROUP<00>        Flags: <group><active>
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
|   OS: Unix (Samba 3.4.7)
|   Computer name: bt
|   Domain name: foo.org
|   FQDN: bt.foo.org
|   NetBIOS computer name:
|_  System time: 2012-01-29 14:24:14 UTC+7

TRACEROUTE
HOP RTT     ADDRESS
1   0.20 ms 192.168.0.103

Nmap scan report for 192.168.0.104
Host is up (0.00026s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE         VERSION
139/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open  ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: F4:6D:04:81:F9:39 (Asustek Computer)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.141 days (since Sat Jan 28 16:08:41 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=200 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-security-mode:
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
| nbstat:
|   NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     BT<00>               Flags: <unique><active>
|     BT<03>               Flags: <unique><active>
|     BT<20>               Flags: <unique><active>
|     \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
|     WORKGROUP<1d>        Flags: <unique><active>
|     WORKGROUP<1e>        Flags: <group><active>
|_    WORKGROUP<00>        Flags: <group><active>
| smb-os-discovery:
|   OS: Unix (Samba 3.4.7)
|   Computer name: bt
|   Domain name: foo.org
|   FQDN: bt.foo.org
|   NetBIOS computer name:
|_  System time: 2012-01-29 16:32:02 UTC+7

TRACEROUTE
HOP RTT     ADDRESS
1   0.26 ms 192.168.0.104

Nmap scan report for 192.168.0.105
Host is up (0.00035s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE         VERSION
139/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open  netbios-ssn     Samba smbd 3.X (workgroup: WORKGROUP)
902/tcp open  ssl/vmware-auth VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
|_ssl-cert: ERROR
MAC Address: 00:1D:72:0D:BB:13 (Wistron)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.38 - 2.6.39
Uptime guess: 0.155 days (since Sat Jan 28 15:47:42 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=204 (Good luck!)
IP ID Sequence Generation: All zeros

Host script results:
| nbstat:
|   NetBIOS name: BT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
|   Names
|     BT<00>               Flags: <unique><active>
|     BT<03>               Flags: <unique><active>
|     BT<20>               Flags: <unique><active>
|     \x01\x02__MSBROWSE__\x02<01>  Flags: <group><active>
|     WORKGROUP<1d>        Flags: <unique><active>
|     WORKGROUP<1e>        Flags: <group><active>
|_    WORKGROUP<00>        Flags: <group><active>
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-security-mode:
|   Account that was used for smb scripts: guest
|   User-level authentication
|   SMB Security: Challenge/response passwords supported
|_  Message signing disabled (dangerous, but default)
| smb-os-discovery:
|   OS: Unix (Samba 3.4.7)
|   Computer name: bt
|   Domain name: foo.org
|   FQDN: bt.foo.org
|   NetBIOS computer name:
|_  System time: 2012-01-29 19:31:08 UTC+7

TRACEROUTE
HOP RTT     ADDRESS
1   0.35 ms 192.168.0.105

NSE: Script Post-scanning.
Initiating NSE at 19:31
Completed NSE at 19:31, 0.00s elapsed
Read data files from: /usr/local/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 255 IP addresses (15 hosts up) scanned in 102.53 seconds
           Raw packets sent: 16879 (753.426KB) | Rcvd: 15337 (630.864KB)

autoscan is a tools for scanning host live in our local network. you can see every people use our local network, you also see service running in their computer. for example:

wireshark is a tools analysis network, but this tools can also be use on information gathering, you need xplico for use for that. on wireshark you can see trafic on your comunication computer.

netifera
on netifera you can see service run on target, you can see comunication them.


Minggu, 29 Januari 2012

conecting virtualbox to host with bridge mode

os has been istalled to virtual machine, at this time is time to connecting os in virtual machine to our computer, in comunication i use bridge mode to connecting os in virtual machine to our computer. in virtualbox has running be network adapter right click then select in adapter1 attached to change top mode bridged








if has done now tested with ping each other. has connected or no.

yes each other has connected. now is finished to build our laboratory use virtualbox

Sabtu, 28 Januari 2012

Installation ubuntu VirtualBox in backtrack

now i make tutorial again abaout installing ubuntu in virtual box, in concept use as same with my tutorial before, you can see at this how make virtual machine in virtualbox. on installation ubuntu because ram use in virtual to small you must create swap 2x from ram in our machine.
installation ubuntu:
step1 click install next setting up the clock












next step forward
then partition clik manually partition then make swap and hard disk for installation
then forward make username and password
next wait to finish enjoy your system in virtual machine

Installation Windows XP SP3 VirtualBox in backtrack

if you learn security for newbie, you need own laboratory for yours experiment. for example use windows xp sp3 for target attack, you must install windows xp sp3 in virtual machine. i used virtual box as virtual machine in my laboratory. step by step of installation you must get that aplication in www.virtualbox.org/wiki/Downloads. for get it to installation on your machine you must choice aplication which support your system architecture in this tutorial i use backtrack 5R1 gnome therefore i use virutalbox version Ubuntu 10.04 LTS ("Lucid Lynx")  i386 |  AMD64.

image1
image2
after we has done for installation virtual machine in our computer now lets begin installation windows xp. run virtualbox then click new in virtualbox then next after that show like the picutre you must fill inthe name then next after that appear for allocated memory in your machine, 192MB ram for your machine have enough. click next appear create hard disk, select new hard disk then click next then appear some choice type hard disk machine, select VDI(Virtualbox Disk Image) like image 2. click next if has done now in virtual disk details you select fixed size after that click next appear location and size give 5GB then click next then click create. machine has installed.
image 3
now installation windows xp sp3 in our machine click setting in your machine then system in boot order make cd in first boot like image 3 after that click storage then choice cd empty, enter your image in your cd machine in beside atributes cd / dvd drive icon cd click choice virtual cd/dvd disk file in the form iso file. ok finish windows xp can installation like you install xp as usually..

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Cup3nK - Premium Blogger Themes | Hosted Desktop