00.16
blogkublogmu
in this time i try scanning vuln on windows xp sp3 and ubuntu 10.04, ubuntu and windows no configuration added, all default. i will try use nmap and nessus for scanning.
ubuntu:
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-02-02 15:02 WIT
NSE: Loaded 87 scripts for scanning.
NSE: Script Pre-scanning.
Initiating ARP Ping Scan at 15:02
Scanning 192.168.4.43 [1 port]
Completed ARP Ping Scan at 15:02, 0.07s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:02
Completed Parallel DNS resolution of 1 host. at 15:02, 0.00s elapsed
Initiating SYN Stealth Scan at 15:02
Scanning 192.168.4.43 [1000 ports]
Completed SYN Stealth Scan at 15:02, 0.39s elapsed (1000 total ports)
Initiating Service scan at 15:02
Initiating OS detection (try #1) against 192.168.4.43
Retrying OS detection (try #2) against 192.168.4.43
NSE: Script scanning 192.168.4.43.
Initiating NSE at 15:02
Completed NSE at 15:02, 0.00s elapsed
Nmap scan report for 192.168.4.43
Host is up (0.0044s latency).
All 1000 scanned ports on 192.168.4.43 are closed
MAC Address: 08:00:27:02:B2:23 (Cadmus Computer Systems)
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop
TRACEROUTE
HOP RTT ADDRESS
1 4.38 ms 192.168.4.43
NSE: Script Post-scanning.
Read data files from: /usr/local/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3.04 seconds
Raw packets sent: 1013 (45.696KB) | Rcvd: 1013 (41.632KB)
no open port on ubuntu 10.04, now i try scanning windows xp sp3:
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-02-02 15:04 WIT
NSE: Loaded 87 scripts for scanning.
NSE: Script Pre-scanning.
Initiating ARP Ping Scan at 15:04
Scanning 192.168.4.44 [1 port]
Completed ARP Ping Scan at 15:04, 0.04s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 15:04
Completed Parallel DNS resolution of 1 host. at 15:04, 0.00s elapsed
Initiating SYN Stealth Scan at 15:04
Scanning 192.168.4.44 [1000 ports]
Discovered open port 139/tcp on 192.168.4.44
Discovered open port 135/tcp on 192.168.4.44
Discovered open port 445/tcp on 192.168.4.44
Completed SYN Stealth Scan at 15:04, 0.37s elapsed (1000 total ports)
Initiating Service scan at 15:04
Scanning 3 services on 192.168.4.44
Completed Service scan at 15:04, 6.01s elapsed (3 services on 1 host)
Initiating OS detection (try #1) against 192.168.4.44
NSE: Script scanning 192.168.4.44.
Initiating NSE at 15:04
Completed NSE at 15:04, 0.15s elapsed
Nmap scan report for 192.168.4.44
Host is up (0.0015s latency).
Not shown: 997 closed ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn
445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds
MAC Address: 08:00:27:A5:AD:44 (Cadmus Computer Systems)
Device type: general purpose
Running: Microsoft Windows XP|2003
OS CPE: cpe:/o:microsoft:windows_xp cpe:/o:microsoft:windows_server_2003
OS details: Microsoft Windows XP SP2 or SP3, or Windows Server 2003
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=264 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| nbstat:
| NetBIOS name: CUP3NK, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:a5:ad:44 (Cadmus Computer Systems)
| Names
| CUP3NK<00> Flags: <unique><active>
| WORKGROUP<00> Flags: <group><active>
| CUP3NK<20> Flags: <unique><active>
|_ WORKGROUP<1e> Flags: <group><active>
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
| smb-os-discovery:
| OS: Windows XP (Windows 2000 LAN Manager)
| Computer name: cup3nk
| NetBIOS computer name: CUP3NK
| Workgroup: WORKGROUP
|_ System time: 2012-02-03 06:04:27 UTC-8
TRACEROUTE
HOP RTT ADDRESS
1 1.46 ms 192.168.4.44
NSE: Script Post-scanning.
Read data files from: /usr/local/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 9.02 seconds
Raw packets sent: 1017 (45.446KB) | Rcvd: 1017 (41.234KB)
on windows xp sp3 get information open port where many people can attack to this, it is port 445, SMB vuln on windows. now i try get information with nessus:
0 komentar:
Posting Komentar