Information Gathering

The first task is

A. Information Gathering

1.The information gathering of IS2C-dojo.net

-. the active information gathering

root@BT:~# nmap -v -A 209.85.175.121

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-25 23:58 WIT

NSE: Loaded 87 scripts for scanning.

NSE: Script Pre-scanning.

Initiating Ping Scan at 23:58

Scanning 209.85.175.121 [4 ports]

Completed Ping Scan at 23:58, 0.10s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 23:58

Completed Parallel DNS resolution of 1 host. at 23:58, 0.00s elapsed

Initiating SYN Stealth Scan at 23:58

Scanning nx-in-f121.1e100.net (209.85.175.121) [1000 ports]

Discovered open port 53/tcp on 209.85.175.121

Discovered open port 80/tcp on 209.85.175.121

Completed SYN Stealth Scan at 23:59, 15.28s elapsed (1000 total ports)

Initiating Service scan at 23:59

Scanning 2 services on nx-in-f121.1e100.net (209.85.175.121)

Completed Service scan at 23:59, 32.73s elapsed (2 services on 1 host)

Initiating OS detection (try #1) against nx-in-f121.1e100.net (209.85.175.121)

Retrying OS detection (try #2) against nx-in-f121.1e100.net (209.85.175.121)

Initiating Traceroute at 23:59

Completed Traceroute at 23:59, 0.18s elapsed

Initiating Parallel DNS resolution of 14 hosts. at 23:59

Completed Parallel DNS resolution of 14 hosts. at 23:59, 10.04s elapsed

NSE: Script scanning 209.85.175.121.

Initiating NSE at 23:59

Completed NSE at 23:59, 5.95s elapsed

Nmap scan report for nx-in-f121.1e100.net (209.85.175.121)

Host is up (0.031s latency).

Not shown: 997 filtered ports

PORT STATE SERVICE VERSION

53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater

80/tcp open http-proxy Squid webproxy 2.7.STABLE9

|_http-methods: No Allow or Public header in OPTIONS response (status code 404)

| http-open-proxy: Potentially OPEN proxy.

|_Methods supported: GET HEAD CONNECTION

113/tcp closed ident

Device type: general purpose|WAP|remote management|broadband router|printer|phone

Running (JUST GUESSING): Linux 2.6.X|2.4.X (96%), Netgear embedded (90%), Dell embedded (90%), Linksys Linux 2.4.X (90%), Billion embedded (88%), Epson embedded (88%)

OS CPE: cpe:/o:linux:kernel:2.6 cpe:/o:linux:kernel:2.4.7 cpe:/o:linksys:linux:2.4 cpe:/o:linux:kernel:2.4 cpe:/o:linux:kernel:2.6.22 cpe:/o:linux:kernel:2.6.24

Aggressive OS guesses: Linux 2.6.15 - 2.6.30 (96%), Linux 2.4.7 (92%), Linux 2.6.9 - 2.6.27 (92%), Linux 2.6.18-8.el5 (Red Hat Enterprise Linux 5) (92%), Linux 2.6.21 (Arch Linux 0.8, x86) (92%), Linux 2.6.8 - 2.6.27 (92%), Linux 2.6.18 (ClarkConnect 4.3 Enterprise Edition) (91%), Linux 2.6.23 (91%), Linux 2.4.21 - 2.4.31 (likely embedded) (91%), Linux 2.6.15 - 2.6.23 (embedded) (91%)

No exact OS matches for host (test conditions non-ideal).

Uptime guess: 62.975 days (since Thu Nov 24 00:36:04 2011)

Network Distance: 14 hops

TCP Sequence Prediction: Difficulty=204 (Good luck!)

IP ID Sequence Generation: All zeros

TRACEROUTE (using port 113/tcp)

HOP RTT ADDRESS

1 3.60 ms hotspot.sejahtera.net (118.96.157.1)

2 3.67 ms 119.235.28.158

3 3.71 ms host1.subnet128.comnet.net.id (202.150.128.1)

4 3.74 ms host1.subnet129.comnet.net.id (202.150.129.1)

5 46.25 ms 118.96.148.1

6 46.19 ms 181.subnet125-160-15.infra.telkom.net.id (125.160.15.181)

7 73.92 ms 17.subnet118-98-57.astinet.telkom.net.id (118.98.57.17)

8 75.12 ms 118.98.15.29

9 71.48 ms 181.subnet118-98-57.astinet.telkom.net.id (118.98.57.181)

10 71.75 ms 37.subnet118-98-56.astinet.telkom.net.id (118.98.56.37)

11 71.78 ms 6.subnet118-98-59.astinet.telkom.net.id (118.98.59.6)

12 69.79 ms 42.subnet118-98-59.astinet.telkom.net.id (118.98.59.42)

13 164.57 ms 180.240.190.13

14 71.98 ms nx-in-f121.1e100.net (209.85.175.121)

NSE: Script Post-scanning.

Read data files from: /usr/local/bin/../share/nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 69.46 seconds

Raw packets sent: 3091 (140.024KB) | Rcvd: 56 (3.148KB)

the conclution of scanning information gathering is

-PORT STATE SERVICE VERSION

53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater

80/tcp open http-proxy Squid webproxy 2.7.STABLE9

-OS CPE: cpe:/o:linux:kernel:2.6 cpe:/o:linux:kernel:2.4.7 cpe:/o:linksys:linux:2.4 cpe:/o:linux:kernel:2.4 cpe:/o:linux:kernel:2.6.22 cpe:/o:linux:kernel:2.6.24

-.passive information gathering

root@BT:~# whois is2c-dojo.net

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered

with many different competing registrars. Go to http://www.internic.net

for detailed information.

Domain Name: IS2C-DOJO.NET

Registrar: CV. JOGJACAMP

Whois Server: whois.resellercamp.com

Referral URL: http://www.resellercamp.com

Name Server: PARTNERIT1.EARTH.ORDERBOX-DNS.COM

Name Server: PARTNERIT1.MARS.ORDERBOX-DNS.COM

Name Server: PARTNERIT1.MERCURY.ORDERBOX-DNS.COM

Name Server: PARTNERIT1.VENUS.ORDERBOX-DNS.COM

Status: clientTransferProhibited

Updated Date: 22-dec-2011

Creation Date: 22-dec-2011

Expiration Date: 22-dec-2012

The Registry database contains ONLY .COM, .NET, .EDU domains and

Registrars.

Registration Service Provided By: PARTNER IT

Contact: +62.2749570974

Domain Name: IS2C-DOJO.NET

Registrant:

PrivacyProtect.org

Domain Admin (contact@privacyprotect.org)

ID#10760, PO Box 16

Note - All Postal Mails Rejected, visit Privacyprotect.org

Nobby Beach

null,QLD 4218

AU

Tel. +45.36946676

Creation Date: 22-Dec-2011

Expiration Date: 22-Dec-2012

Domain servers in listed order:

partnerit1.earth.orderbox-dns.com

partnerit1.mars.orderbox-dns.com

partnerit1.mercury.orderbox-dns.com

partnerit1.venus.orderbox-dns.com

Administrative Contact:

PrivacyProtect.org

Domain Admin (contact@privacyprotect.org)

ID#10760, PO Box 16

Note - All Postal Mails Rejected, visit Privacyprotect.org

Nobby Beach

null,QLD 4218

AU

Tel. +45.36946676

Technical Contact:

PrivacyProtect.org

Domain Admin (contact@privacyprotect.org)

ID#10760, PO Box 16

Note - All Postal Mails Rejected, visit Privacyprotect.org

Nobby Beach

null,QLD 4218

AU

Tel. +45.36946676

Billing Contact:

PrivacyProtect.org

Domain Admin (contact@privacyprotect.org)

ID#10760, PO Box 16

Note - All Postal Mails Rejected, visit Privacyprotect.org

Nobby Beach

null,QLD 4218

AU

Tel. +45.36946676

Status:LOCKED

Note: This Domain Name is currently Locked. In this status the domain

name cannot be transferred, hijacked, or modified. The Owner of this

domain name can easily change this status from their control panel.

This feature is provided as a security measure against fraudulent domain name hijacking.

Conclution of scanning information gathering is

- Domain Name: IS2C-DOJO.NET

Registrar: CV. JOGJACAMP

Domain Admin (contact@privacyprotect.org)

2. The information gathering of IS2C-dojo.com

-.the active information gathering

root@BT:~# nmap -v -A 67.222.154.106

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-26 00:17 WIT

NSE: Loaded 87 scripts for scanning.

NSE: Script Pre-scanning.

Initiating Ping Scan at 00:17

Scanning 67.222.154.106 [4 ports]

Completed Ping Scan at 00:17, 0.39s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 00:17

Completed Parallel DNS resolution of 1 host. at 00:17, 0.00s elapsed

Initiating SYN Stealth Scan at 00:17

Scanning gudeg.partnerit.us (67.222.154.106) [1000 ports]

Discovered open port 80/tcp on 67.222.154.106

Discovered open port 53/tcp on 67.222.154.106

SYN Stealth Scan Timing: About 47.60% done; ETC: 00:18 (0:00:34 remaining)

Completed SYN Stealth Scan at 00:17, 36.12s elapsed (1000 total ports)

Initiating Service scan at 00:17

Scanning 2 services on gudeg.partnerit.us (67.222.154.106)

Stats: 0:00:53 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan

Service scan Timing: About 50.00% done; ETC: 00:18 (0:00:16 remaining)

Stats: 0:00:58 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan

Service scan Timing: About 50.00% done; ETC: 00:18 (0:00:21 remaining)

Stats: 0:01:08 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan

Service scan Timing: About 50.00% done; ETC: 00:18 (0:00:31 remaining)

Completed Service scan at 00:18, 51.12s elapsed (2 services on 1 host)

Initiating OS detection (try #1) against gudeg.partnerit.us (67.222.154.106)

Initiating Traceroute at 00:18

Completed Traceroute at 00:18, 0.02s elapsed

Initiating Parallel DNS resolution of 3 hosts. at 00:18

Completed Parallel DNS resolution of 3 hosts. at 00:18, 0.05s elapsed

NSE: Script scanning 67.222.154.106.

Initiating NSE at 00:18

Completed NSE at 00:20, 76.71s elapsed

Nmap scan report for gudeg.partnerit.us (67.222.154.106)

Host is up (0.0071s latency).

Not shown: 998 filtered ports

PORT STATE SERVICE VERSION

53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater

80/tcp open http-proxy Squid webproxy 2.7.STABLE9

| http-open-proxy: Potentially OPEN proxy.

|_Methods supported: GET HEAD CONNECTION

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:kernel:2.6

OS details: Linux 2.6.15 - 2.6.30

Uptime guess: 62.989 days (since Thu Nov 24 00:36:04 2011)

Network Distance: 3 hops

TCP Sequence Prediction: Difficulty=206 (Good luck!)

IP ID Sequence Generation: All zeros

TRACEROUTE (using port 80/tcp)

HOP RTT ADDRESS

1 5.63 ms hotspot.sejahtera.net (118.96.157.1)

2 5.74 ms 119.235.28.158

3 5.77 ms gudeg.partnerit.us (67.222.154.106)

NSE: Script Post-scanning.

Read data files from: /usr/local/bin/../share/nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 167.27 seconds

Raw packets sent: 3067 (136.968KB) | Rcvd: 45 (2.592KB)

conclution the scan is

- PORT STATE SERVICE VERSION

53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater

80/tcp open http-proxy Squid webproxy 2.7.STABLE9

- Running: Linux 2.6.X

OS CPE: cpe:/o:linux:kernel:2.6

OS details: Linux 2.6.15 – 2.6.30

-.the passive information gathering

root@BT:~# whois IS2C-dojo.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered

with many different competing registrars. Go to http://www.internic.net

for detailed information.

Domain Name: IS2C-DOJO.COM

Registrar: CV. JOGJACAMP

Whois Server: whois.resellercamp.com

Referral URL: http://www.resellercamp.com

Name Server: NS1.PARTNERIT.US

Name Server: NS2.PARTNERIT.US

Status: clientTransferProhibited

Updated Date: 14-jan-2012

Creation Date: 14-jan-2012

Expiration Date: 14-jan-2013

The Registry database contains ONLY .COM, .NET, .EDU domains and

Registrars.

Registration Service Provided By: PARTNER IT

Contact: +62.2749570974

Domain Name: IS2C-DOJO.COM

Registrant:

n/a

Mada Rambu Perdhana (mrp.bpp@gmail.com)

Jl. MT Haryono No.25A rt.36 Kelurahan Damaii

Balikpapan

Balikpapan,12345

ID

Tel. +62.087838463816

Creation Date: 14-Jan-2012

Expiration Date: 14-Jan-2013

Domain servers in listed order:

ns1.partnerit.us

ns2.partnerit.us

Administrative Contact:

n/a

Mada Rambu Perdhana (mrp.bpp@gmail.com)

Jl. MT Haryono No.25A rt.36 Kelurahan Damaii

Balikpapan

Balikpapan,12345

ID

Tel. +62.087838463816

Technical Contact:

n/a

Mada Rambu Perdhana (mrp.bpp@gmail.com)

Jl. MT Haryono No.25A rt.36 Kelurahan Damaii

Balikpapan

Balikpapan,12345

ID

Tel. +62.087838463816

Billing Contact:

n/a

Mada Rambu Perdhana (mrp.bpp@gmail.com)

Jl. MT Haryono No.25A rt.36 Kelurahan Damaii

Balikpapan

Balikpapan,12345

ID

Tel. +62.087838463816

Status:LOCKED

Note: This Domain Name is currently Locked. In this status the domain

name cannot be transferred, hijacked, or modified. The Owner of this

domain name can easily change this status from their control panel.

This feature is provided as a security measure against fraudulent domain name hijacking.

Conclution of scanning information gathering is :

- Domain Name: IS2C-DOJO.COM

Registrar: CV. JOGJACAMP

3.The information gathering of www.spentera.com

-. the active information gathering

root@BT:~# nmap -v -A 74.81.66.104

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-25 23:40 WIT

NSE: Loaded 87 scripts for scanning.

NSE: Script Pre-scanning.

Initiating Ping Scan at 23:40

Scanning 74.81.66.104 [4 ports]

Completed Ping Scan at 23:40, 0.34s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 23:40

Completed Parallel DNS resolution of 1 host. at 23:40, 0.00s elapsed

Initiating SYN Stealth Scan at 23:40

Scanning server28.web-hosting.com (74.81.66.104) [1000 ports]

Discovered open port 80/tcp on 74.81.66.104

Discovered open port 53/tcp on 74.81.66.104

SYN Stealth Scan Timing: About 47.50% done; ETC: 23:41 (0:00:34 remaining)

Completed SYN Stealth Scan at 23:40, 36.63s elapsed (1000 total ports)

Initiating Service scan at 23:40

Scanning 2 services on server28.web-hosting.com (74.81.66.104)

Stats: 0:01:08 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan

Service scan Timing: About 50.00% done; ETC: 23:41 (0:00:31 remaining)

Stats: 0:01:13 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan

Service scan Timing: About 50.00% done; ETC: 23:41 (0:00:36 remaining)

Completed Service scan at 23:41, 51.10s elapsed (2 services on 1 host)

Initiating OS detection (try #1) against server28.web-hosting.com (74.81.66.104)

Initiating Traceroute at 23:41

Completed Traceroute at 23:41, 0.02s elapsed

Initiating Parallel DNS resolution of 3 hosts. at 23:41

Completed Parallel DNS resolution of 3 hosts. at 23:41, 0.05s elapsed

NSE: Script scanning 74.81.66.104.

Initiating NSE at 23:41

Completed NSE at 23:42, 73.46s elapsed

Nmap scan report for server28.web-hosting.com (74.81.66.104)

Host is up (0.0081s latency).

Not shown: 998 filtered ports

PORT STATE SERVICE VERSION

53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater

80/tcp open http-proxy Squid webproxy 2.7.STABLE9

| http-open-proxy: Potentially OPEN proxy.

|_Methods supported: GET HEAD CONNECTION

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:kernel:2.6

OS details: Linux 2.6.15 - 2.6.30

Uptime guess: 62.963 days (since Thu Nov 24 00:36:04 2011)

Network Distance: 3 hops

TCP Sequence Prediction: Difficulty=199 (Good luck!)

IP ID Sequence Generation: All zeros

TRACEROUTE (using port 80/tcp)

HOP RTT ADDRESS

1 4.00 ms hotspot.sejahtera.net (118.96.157.1)

2 4.06 ms 119.235.28.158

3 4.77 ms server28.web-hosting.com (74.81.66.104)

NSE: Script Post-scanning.

Read data files from: /usr/local/bin/../share/nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 164.52 seconds

Conclution of scanning information gathering is :

- PORT STATE SERVICE VERSION

53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater

80/tcp open http-proxy Squid webproxy 2.7.STABLE9

- Running: Linux 2.6.X

OS CPE: cpe:/o:linux:kernel:2.6

OS details: Linux 2.6.15 - 2.6.30

-.passive information gathering

root@BT:~# whois spentera.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered

with many different competing registrars. Go to http://www.internic.net

for detailed information.

Domain Name: SPENTERA.COM

Registrar: ENOM, INC.

Whois Server: whois.enom.com

Referral URL: http://www.enom.com

Name Server: DNS1.NAMECHEAPHOSTING.COM

Name Server: DNS2.NAMECHEAPHOSTING.COM

Status: ok

Updated Date: 12-may-2011

Creation Date: 15-feb-2011

Expiration Date: 15-feb-2012

Registration Service Provided By: Namecheap.com

Contact: support@namecheap.com

Visit: http://namecheap.com

Domain name: spentera.com

Registrant Contact:

WhoisGuard

WhoisGuard Protected ()

Fax:

11400 W. Olympic Blvd. Suite 200

Los Angeles, CA 90064

US

Administrative Contact:

WhoisGuard

WhoisGuard Protected (2289eab88851476688242cf0144287f4.protect@whoisguard.com)

+1.6613102107

Fax: +1.6613102107

11400 W. Olympic Blvd. Suite 200

Los Angeles, CA 90064

US

Technical Contact:

WhoisGuard

WhoisGuard Protected (2289eab88851476688242cf0144287f4.protect@whoisguard.com)

+1.6613102107

Fax: +1.6613102107

11400 W. Olympic Blvd. Suite 200

Los Angeles, CA 90064

US

Status: Active

Name Servers:

dns1.namecheaphosting.com

dns2.namecheaphosting.com

conclution of scanning information gathering is :

- Domain Name: SPENTERA.COM

Registrar: ENOM, INC.

- Registrant Contact, Administrative Contact, and Technical Contact

B. what i did today
1. i used nmap aplication to get information of active and inactive host ip.

ex: " nmap -v -sn 192.168.0.0/24"

then there shown all host IP with range 192.168.0.0-255

to get details information active host IP, type : "nmap -v -A 192.168.0.21"

 

root@bt:~# nmap -v -A 192.168.0.21

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-25 18:00 WIT

NSE: Loaded 87 scripts for scanning.

NSE: Script Pre-scanning.

Initiating ARP Ping Scan at 18:00

Scanning 192.168.0.21 [1 port]

Completed ARP Ping Scan at 18:00, 0.04s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 18:00

Completed Parallel DNS resolution of 1 host. at 18:00, 13.00s elapsed

Initiating SYN Stealth Scan at 18:00

Scanning 192.168.0.21 [1000 ports]

Discovered open port 22/tcp on 192.168.0.21

Discovered open port 139/tcp on 192.168.0.21

Discovered open port 445/tcp on 192.168.0.21

Discovered open port 80/tcp on 192.168.0.21

Discovered open port 10000/tcp on 192.168.0.21

Completed SYN Stealth Scan at 18:00, 0.15s elapsed (1000 total ports)

Initiating Service scan at 18:00

Scanning 5 services on 192.168.0.21

Completed Service scan at 18:01, 11.03s elapsed (5 services on 1 host)

Initiating OS detection (try #1) against 192.168.0.21

NSE: Script scanning 192.168.0.21.

Initiating NSE at 18:01

Completed NSE at 18:01, 1.46s elapsed

Nmap scan report for 192.168.0.21

Host is up (0.00076s latency).

Not shown: 995 closed ports

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)

| ssh-hostkey: 1024 e4:46:40:bf:e6:29:ac:c6:00:e2:b2:a3:e1:50:90:3c (DSA)

|_2048 10:cc:35:45:8e:f2:7a:a1:cc:db:a0:e8:bf:c7:73:3d (RSA)

80/tcp open http Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6)

|_http-methods: No Allow or Public header in OPTIONS response (status code 200)

|_http-title: Site doesn't have a title (text/html).

139/tcp open netbios-ssn Samba smbd 3.X (workgroup: MSHOME)

445/tcp open netbios-ssn Samba smbd 3.X (workgroup: MSHOME)

10000/tcp open http MiniServ 0.01 (Webmin httpd)

|_http-methods: No Allow or Public header in OPTIONS response (status code 200)

|_http-favicon: Unknown favicon MD5: 1F4BAEFFD3C738F5BEDC24B7B6B43285

|_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).

MAC Address: 08:00:27:F9:C1:BB (Cadmus Computer Systems)

Device type: general purpose

Running: Linux 2.6.X

OS CPE: cpe:/o:linux:kernel:2.6.22

OS details: Linux 2.6.22 (embedded, ARM)

Uptime guess: 0.076 days (since Wed Jan 25 16:11:48 2012)

Network Distance: 1 hop

TCP Sequence Prediction: Difficulty=207 (Good luck!)

IP ID Sequence Generation: All zeros

Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

Host script results:

| nbstat:

| NetBIOS name: UBUNTUVM, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>

| Names

| UBUNTUVM<00> Flags: <unique><active>

| UBUNTUVM<03> Flags: <unique><active>

| UBUNTUVM<20> Flags: <unique><active>

| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>

| MSHOME<1d> Flags: <unique><active>

| MSHOME<1e> Flags: <group><active>

|_ MSHOME<00> Flags: <group><active>

| smb-security-mode:

| Account that was used for smb scripts: guest

| User-level authentication

| SMB Security: Challenge/response passwords supported

|_ Message signing disabled (dangerous, but default)

|_smbv2-enabled: Server doesn't support SMBv2 protocol

| smb-os-discovery:

| OS: Unix (Samba 3.0.26a)

| Computer name: ubuntuvm

| Domain name: nsdlab

| FQDN: ubuntuvm.NSDLAB

| NetBIOS computer name:

|_ System time: 2012-01-26 01:01:13 UTC-6

TRACEROUTE

HOP RTT ADDRESS

1 0.75 ms 192.168.0.21

NSE: Script Post-scanning.

Initiating NSE at 18:01

Completed NSE at 18:01, 0.00s elapsed

Read data files from: /usr/local/bin/../share/nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 28.19 seconds

Raw packets sent: 1020 (45.626KB) | Rcvd: 1016 (41.358KB)

2. i used nping aplication to scan the host IP, type : " nping 198.168.0.0-255"

3. i used autoscan aplication to scan the host IP. with this way i got GUI information of active host IP

 C. Installation Nessus

Installation Nessus using Linux BackTrack based of debian (Ubuntu) :

1. Download Nessus, save in directory which we want than save the file with extension “.deb”
   
   2. For installation make sure we already in directory where nessus exist then type :
   

# dpkg -i Nessus-4.0.0-ubuntu810_i386.deb
Selecting previously deselected package nessus.
(Reading database … 111769 files and directories currently installed.)
Unpacking nessus (from Nessus-4.0.0-ubuntu810_i386.deb) …
Setting up nessus (4.0.0) …
nessusd (Nessus) 4.0.0. for Linux
(C) 1998 - 2009 Tenable Network Security, Inc.

• Please run /opt/nessus/sbin/nessus-adduser to add a user
- Register your Nessus scanner at http://www.nessus.org/register/ to obtain
all the newest plugins
  
• You can start nessusd by typing /etc/init.d/nessusd start
  

2. after finish the installation follow the message below with add user for nessus :
# /opt/nessus/sbin/nessus-adduser
Login : root
Authentication (pass/cert) : [pass] pass
Login password :
Login password (again) :
Do you want this user to be a Nessus ‘root’ user ? (can upload plugins, etc…) (y/n) [n]: y
User rules
———-
nessusd has a rules system which allows you to restrict the hosts
that admin has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Login : root
Password : ***********
This user will have ‘root’ privileges within the Nessus server
Rules :
Is that ok ? (y/n) [y] y
User added

3. After add user, if we force to run nessus service before registrate, in the desktop show :
   # /etc/init.d/nessusd start
$Starting Nessus : .
Missing plugins. Attempting a plugin update…
Your installation is missing plugins. Please register and try again.
To register, please visit http://www.nessus.org/register/
   
4. do the registration first to the link, than we will get the activation code from our email.
   

5. then we use the activation code to update plugin and run nessus service.
   
6. type above :
   

# /opt/nessus/bin/nessus-fetch –register xxxx-xxxx-xxx-xxxx-xxxx ( depend of the activation code )
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org…
Your Nessus installation is now up-to-date.
If auto_update is set to ‘yes’ in nessusd.conf, Nessus will
update the plugins by itself.



7.after run the update plugin, then we run the nessus service :
# /etc/init.d/nessusd start
$Starting Nessus :



8. finish
to run the nessus open the browser and type : https://ip-server:8834.