The first task is
A. Information Gathering
1.The information gathering of
IS2C-dojo.net
-. the active information gathering
root@BT:~# nmap -v -A 209.85.175.121
Starting Nmap 5.61TEST4 (
http://nmap.org ) at 2012-01-25 23:58 WIT
NSE: Loaded 87 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 23:58
Scanning 209.85.175.121 [4 ports]
Completed Ping Scan at 23:58, 0.10s
elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1
host. at 23:58
Completed Parallel DNS resolution of 1
host. at 23:58, 0.00s elapsed
Initiating SYN Stealth Scan at 23:58
Scanning nx-in-f121.1e100.net
(209.85.175.121) [1000 ports]
Discovered open port 53/tcp on
209.85.175.121
Discovered open port 80/tcp on
209.85.175.121
Completed SYN Stealth Scan at 23:59,
15.28s elapsed (1000 total ports)
Initiating Service scan at 23:59
Scanning 2 services on
nx-in-f121.1e100.net (209.85.175.121)
Completed Service scan at 23:59, 32.73s
elapsed (2 services on 1 host)
Initiating OS detection (try #1)
against nx-in-f121.1e100.net (209.85.175.121)
Retrying OS detection (try #2) against
nx-in-f121.1e100.net (209.85.175.121)
Initiating Traceroute at 23:59
Completed Traceroute at 23:59, 0.18s
elapsed
Initiating Parallel DNS resolution of
14 hosts. at 23:59
Completed Parallel DNS resolution of 14
hosts. at 23:59, 10.04s elapsed
NSE: Script scanning 209.85.175.121.
Initiating NSE at 23:59
Completed NSE at 23:59, 5.95s elapsed
Nmap scan report for
nx-in-f121.1e100.net (209.85.175.121)
Host is up (0.031s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
53/tcp open domain Mikrotik
RouterOS named or OpenDNS Updater
80/tcp open http-proxy Squid
webproxy 2.7.STABLE9
|_http-methods: No Allow or Public
header in OPTIONS response (status code 404)
| http-open-proxy: Potentially OPEN
proxy.
|_Methods supported: GET HEAD
CONNECTION
113/tcp closed ident
Device type: general purpose|WAP|remote
management|broadband router|printer|phone
Running (JUST GUESSING): Linux
2.6.X|2.4.X (96%), Netgear embedded (90%), Dell embedded (90%),
Linksys Linux 2.4.X (90%), Billion embedded (88%), Epson embedded
(88%)
OS CPE: cpe:/o:linux:kernel:2.6
cpe:/o:linux:kernel:2.4.7 cpe:/o:linksys:linux:2.4
cpe:/o:linux:kernel:2.4 cpe:/o:linux:kernel:2.6.22
cpe:/o:linux:kernel:2.6.24
Aggressive OS guesses: Linux 2.6.15 -
2.6.30 (96%), Linux 2.4.7 (92%), Linux 2.6.9 - 2.6.27 (92%), Linux
2.6.18-8.el5 (Red Hat Enterprise Linux 5) (92%), Linux 2.6.21 (Arch
Linux 0.8, x86) (92%), Linux 2.6.8 - 2.6.27 (92%), Linux 2.6.18
(ClarkConnect 4.3 Enterprise Edition) (91%), Linux 2.6.23 (91%),
Linux 2.4.21 - 2.4.31 (likely embedded) (91%), Linux 2.6.15 - 2.6.23
(embedded) (91%)
No exact OS matches for host (test
conditions non-ideal).
Uptime guess: 62.975 days (since Thu
Nov 24 00:36:04 2011)
Network Distance: 14 hops
TCP Sequence Prediction: Difficulty=204
(Good luck!)
IP ID Sequence Generation: All zeros
TRACEROUTE (using port 113/tcp)
HOP RTT ADDRESS
1 3.60 ms hotspot.sejahtera.net
(118.96.157.1)
2 3.67 ms 119.235.28.158
4 3.74 ms
host1.subnet129.comnet.net.id (202.150.129.1)
5 46.25 ms 118.96.148.1
6 46.19 ms
181.subnet125-160-15.infra.telkom.net.id (125.160.15.181)
7 73.92 ms
17.subnet118-98-57.astinet.telkom.net.id (118.98.57.17)
8 75.12 ms 118.98.15.29
9 71.48 ms
181.subnet118-98-57.astinet.telkom.net.id (118.98.57.181)
10 71.75 ms
37.subnet118-98-56.astinet.telkom.net.id (118.98.56.37)
11 71.78 ms
6.subnet118-98-59.astinet.telkom.net.id (118.98.59.6)
12 69.79 ms
42.subnet118-98-59.astinet.telkom.net.id (118.98.59.42)
13 164.57 ms 180.240.190.13
14 71.98 ms nx-in-f121.1e100.net
(209.85.175.121)
NSE: Script Post-scanning.
Read data files from:
/usr/local/bin/../share/nmap
OS and Service detection performed.
Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up)
scanned in 69.46 seconds
Raw packets sent: 3091
(140.024KB) | Rcvd: 56 (3.148KB)
the conclution of scanning
information gathering is
-PORT STATE SERVICE VERSION
53/tcp open domain
Mikrotik RouterOS named or OpenDNS Updater
80/tcp open http-proxy Squid
webproxy 2.7.STABLE9
-OS CPE: cpe:/o:linux:kernel:2.6
cpe:/o:linux:kernel:2.4.7 cpe:/o:linksys:linux:2.4
cpe:/o:linux:kernel:2.4 cpe:/o:linux:kernel:2.6.22
cpe:/o:linux:kernel:2.6.24
-.passive information gathering
root@BT:~# whois is2c-dojo.net
Whois Server Version 2.0
Domain names in the .com and .net
domains can now be registered
with many different competing
registrars. Go to http://www.internic.net
for detailed information.
Domain Name: IS2C-DOJO.NET
Registrar: CV. JOGJACAMP
Whois Server: whois.resellercamp.com
Referral URL:
http://www.resellercamp.com
Name Server:
PARTNERIT1.EARTH.ORDERBOX-DNS.COM
Name Server:
PARTNERIT1.MARS.ORDERBOX-DNS.COM
Name Server:
PARTNERIT1.MERCURY.ORDERBOX-DNS.COM
Name Server:
PARTNERIT1.VENUS.ORDERBOX-DNS.COM
Status: clientTransferProhibited
Updated Date: 22-dec-2011
Creation Date: 22-dec-2011
Expiration Date: 22-dec-2012
The Registry database contains ONLY
.COM, .NET, .EDU domains and
Registrars.
Registration Service Provided By:
PARTNER IT
Contact: +62.2749570974
Domain Name: IS2C-DOJO.NET
Registrant:
PrivacyProtect.org
Domain Admin
(contact@privacyprotect.org)
ID#10760, PO Box 16
Note - All Postal Mails Rejected,
visit Privacyprotect.org
Nobby Beach
null,QLD 4218
AU
Tel. +45.36946676
Creation Date: 22-Dec-2011
Expiration Date: 22-Dec-2012
Domain servers in listed order:
partnerit1.earth.orderbox-dns.com
partnerit1.mars.orderbox-dns.com
partnerit1.mercury.orderbox-dns.com
partnerit1.venus.orderbox-dns.com
Administrative Contact:
PrivacyProtect.org
Domain Admin
(contact@privacyprotect.org)
ID#10760, PO Box 16
Note - All Postal Mails Rejected,
visit Privacyprotect.org
Nobby Beach
null,QLD 4218
AU
Tel. +45.36946676
Technical Contact:
PrivacyProtect.org
Domain Admin
(contact@privacyprotect.org)
ID#10760, PO Box 16
Note - All Postal Mails Rejected,
visit Privacyprotect.org
Nobby Beach
null,QLD 4218
AU
Tel. +45.36946676
Billing Contact:
PrivacyProtect.org
Domain Admin
(contact@privacyprotect.org)
ID#10760, PO Box 16
Note - All Postal Mails Rejected,
visit Privacyprotect.org
Nobby Beach
null,QLD 4218
AU
Tel. +45.36946676
Status:LOCKED
Note: This Domain Name is
currently Locked. In this status the domain
name cannot be transferred,
hijacked, or modified. The Owner of this
domain name can easily change
this status from their control panel.
This feature is provided as a
security measure against fraudulent domain name hijacking.
Conclution of scanning information
gathering is
- Domain Name: IS2C-DOJO.NET
Registrar: CV. JOGJACAMP
Domain Admin
(contact@privacyprotect.org)
2. The information gathering of
IS2C-dojo.com
-.the active information gathering
root@BT:~# nmap -v
-A 67.222.154.106
Starting Nmap
5.61TEST4 ( http://nmap.org ) at 2012-01-26 00:17 WIT
NSE: Loaded 87
scripts for scanning.
NSE: Script
Pre-scanning.
Initiating Ping
Scan at 00:17
Scanning
67.222.154.106 [4 ports]
Completed Ping
Scan at 00:17, 0.39s elapsed (1 total hosts)
Initiating
Parallel DNS resolution of 1 host. at 00:17
Completed Parallel
DNS resolution of 1 host. at 00:17, 0.00s elapsed
Initiating SYN
Stealth Scan at 00:17
Scanning
gudeg.partnerit.us (67.222.154.106) [1000 ports]
Discovered open
port 80/tcp on 67.222.154.106
Discovered open
port 53/tcp on 67.222.154.106
SYN Stealth Scan
Timing: About 47.60% done; ETC: 00:18 (0:00:34 remaining)
Completed SYN
Stealth Scan at 00:17, 36.12s elapsed (1000 total ports)
Initiating Service
scan at 00:17
Scanning 2
services on gudeg.partnerit.us (67.222.154.106)
Stats: 0:00:53
elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan
Timing: About 50.00% done; ETC: 00:18 (0:00:16 remaining)
Stats: 0:00:58
elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan
Timing: About 50.00% done; ETC: 00:18 (0:00:21 remaining)
Stats: 0:01:08
elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan
Timing: About 50.00% done; ETC: 00:18 (0:00:31 remaining)
Completed Service
scan at 00:18, 51.12s elapsed (2 services on 1 host)
Initiating OS
detection (try #1) against gudeg.partnerit.us (67.222.154.106)
Initiating
Traceroute at 00:18
Completed
Traceroute at 00:18, 0.02s elapsed
Initiating
Parallel DNS resolution of 3 hosts. at 00:18
Completed Parallel
DNS resolution of 3 hosts. at 00:18, 0.05s elapsed
NSE: Script
scanning 67.222.154.106.
Initiating NSE at
00:18
Completed NSE at
00:20, 76.71s elapsed
Nmap scan report
for gudeg.partnerit.us (67.222.154.106)
Host is up
(0.0071s latency).
Not shown: 998
filtered ports
PORT STATE
SERVICE VERSION
53/tcp open
domain Mikrotik RouterOS named or OpenDNS Updater
80/tcp open
http-proxy Squid webproxy 2.7.STABLE9
| http-open-proxy:
Potentially OPEN proxy.
|_Methods
supported: GET HEAD CONNECTION
Warning: OSScan
results may be unreliable because we could not find at least 1 open
and 1 closed port
Device type:
general purpose
Running: Linux
2.6.X
OS CPE:
cpe:/o:linux:kernel:2.6
OS details: Linux
2.6.15 - 2.6.30
Uptime guess:
62.989 days (since Thu Nov 24 00:36:04 2011)
Network Distance:
3 hops
TCP Sequence
Prediction: Difficulty=206 (Good luck!)
IP ID Sequence
Generation: All zeros
TRACEROUTE (using
port 80/tcp)
HOP RTT
ADDRESS
1 5.63 ms
hotspot.sejahtera.net (118.96.157.1)
2 5.74 ms
119.235.28.158
3 5.77 ms
gudeg.partnerit.us (67.222.154.106)
NSE: Script
Post-scanning.
Read data files
from: /usr/local/bin/../share/nmap
OS and Service
detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP
address (1 host up) scanned in 167.27 seconds
Raw
packets sent: 3067 (136.968KB) | Rcvd: 45 (2.592KB)
conclution the
scan is
- PORT STATE
SERVICE VERSION
53/tcp open
domain Mikrotik RouterOS named or OpenDNS Updater
80/tcp open
http-proxy Squid webproxy 2.7.STABLE9
- Running: Linux
2.6.X
OS CPE:
cpe:/o:linux:kernel:2.6
OS details:
Linux 2.6.15 – 2.6.30
-.the passive information gathering
root@BT:~# whois IS2C-dojo.com
Whois Server Version 2.0
Domain names in the .com and .net
domains can now be registered
with many different competing
registrars. Go to http://www.internic.net
for detailed information.
Domain Name: IS2C-DOJO.COM
Registrar: CV. JOGJACAMP
Whois Server: whois.resellercamp.com
Referral URL:
http://www.resellercamp.com
Name Server: NS1.PARTNERIT.US
Name Server: NS2.PARTNERIT.US
Status: clientTransferProhibited
Updated Date: 14-jan-2012
Creation Date: 14-jan-2012
Expiration Date: 14-jan-2013
The Registry database contains ONLY
.COM, .NET, .EDU domains and
Registrars.
Registration Service Provided By:
PARTNER IT
Contact: +62.2749570974
Domain Name: IS2C-DOJO.COM
Registrant:
n/a
Mada Rambu Perdhana
(mrp.bpp@gmail.com)
Jl. MT Haryono No.25A rt.36
Kelurahan Damaii
Balikpapan
Balikpapan,12345
ID
Tel. +62.087838463816
Creation Date: 14-Jan-2012
Expiration Date: 14-Jan-2013
Domain servers in listed order:
ns1.partnerit.us
ns2.partnerit.us
Administrative Contact:
n/a
Mada Rambu Perdhana
(mrp.bpp@gmail.com)
Jl. MT Haryono No.25A rt.36
Kelurahan Damaii
Balikpapan
Balikpapan,12345
ID
Tel. +62.087838463816
Technical Contact:
n/a
Mada Rambu Perdhana
(mrp.bpp@gmail.com)
Jl. MT Haryono No.25A rt.36
Kelurahan Damaii
Balikpapan
Balikpapan,12345
ID
Tel. +62.087838463816
Billing Contact:
n/a
Mada Rambu Perdhana
(mrp.bpp@gmail.com)
Jl. MT Haryono No.25A rt.36
Kelurahan Damaii
Balikpapan
Balikpapan,12345
ID
Tel. +62.087838463816
Status:LOCKED
Note: This Domain Name is
currently Locked. In this status the domain
name cannot be transferred,
hijacked, or modified. The Owner of this
domain name can easily change
this status from their control panel.
This feature is provided as a
security measure against fraudulent domain name hijacking.
Conclution of scanning information
gathering is :
- Domain Name: IS2C-DOJO.COM
Registrar: CV. JOGJACAMP
3.The information gathering of
www.spentera.com
-. the active information gathering
root@BT:~# nmap -v -A 74.81.66.104
Starting Nmap 5.61TEST4 (
http://nmap.org ) at 2012-01-25 23:40 WIT
NSE: Loaded 87 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 23:40
Scanning 74.81.66.104 [4 ports]
Completed Ping Scan at 23:40, 0.34s
elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1
host. at 23:40
Completed Parallel DNS resolution of 1
host. at 23:40, 0.00s elapsed
Initiating SYN Stealth Scan at 23:40
Scanning server28.web-hosting.com
(74.81.66.104) [1000 ports]
Discovered open port 80/tcp on
74.81.66.104
Discovered open port 53/tcp on
74.81.66.104
SYN Stealth Scan Timing: About 47.50%
done; ETC: 23:41 (0:00:34 remaining)
Completed SYN Stealth Scan at 23:40,
36.63s elapsed (1000 total ports)
Initiating Service scan at 23:40
Scanning 2 services on
server28.web-hosting.com (74.81.66.104)
Stats: 0:01:08 elapsed; 0 hosts
completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 50.00% done;
ETC: 23:41 (0:00:31 remaining)
Stats: 0:01:13 elapsed; 0 hosts
completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 50.00% done;
ETC: 23:41 (0:00:36 remaining)
Completed Service scan at 23:41, 51.10s
elapsed (2 services on 1 host)
Initiating OS detection (try #1)
against server28.web-hosting.com (74.81.66.104)
Initiating Traceroute at 23:41
Completed Traceroute at 23:41, 0.02s
elapsed
Initiating Parallel DNS resolution of 3
hosts. at 23:41
Completed Parallel DNS resolution of 3
hosts. at 23:41, 0.05s elapsed
NSE: Script scanning 74.81.66.104.
Initiating NSE at 23:41
Completed NSE at 23:42, 73.46s elapsed
Nmap scan report for
server28.web-hosting.com (74.81.66.104)
Host is up (0.0081s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
53/tcp open domain Mikrotik
RouterOS named or OpenDNS Updater
80/tcp open http-proxy Squid webproxy
2.7.STABLE9
| http-open-proxy: Potentially OPEN
proxy.
|_Methods supported: GET HEAD
CONNECTION
Warning: OSScan results may be
unreliable because we could not find at least 1 open and 1 closed
port
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.15 - 2.6.30
Uptime guess: 62.963 days (since Thu
Nov 24 00:36:04 2011)
Network Distance: 3 hops
TCP Sequence Prediction: Difficulty=199
(Good luck!)
IP ID Sequence Generation: All zeros
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 4.00 ms hotspot.sejahtera.net
(118.96.157.1)
2 4.06 ms 119.235.28.158
3 4.77 ms server28.web-hosting.com
(74.81.66.104)
NSE: Script Post-scanning.
Read data files from:
/usr/local/bin/../share/nmap
OS and Service detection performed.
Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up)
scanned in 164.52 seconds
Conclution of scanning information
gathering is :
- PORT STATE SERVICE VERSION
53/tcp open domain
Mikrotik RouterOS named or OpenDNS Updater
80/tcp open http-proxy Squid
webproxy 2.7.STABLE9
- Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.15 - 2.6.30
-.passive information gathering
root@BT:~# whois spentera.com
Whois Server Version 2.0
Domain names in the .com and .net
domains can now be registered
with many different competing
registrars. Go to http://www.internic.net
for detailed information.
Domain Name: SPENTERA.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server:
DNS1.NAMECHEAPHOSTING.COM
Name Server:
DNS2.NAMECHEAPHOSTING.COM
Status: ok
Updated Date: 12-may-2011
Creation Date: 15-feb-2011
Expiration Date: 15-feb-2012
Registration Service Provided By:
Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com
Domain name: spentera.com
Registrant Contact:
WhoisGuard
WhoisGuard Protected ()
Fax:
11400 W. Olympic Blvd. Suite 200
Los Angeles, CA 90064
US
Administrative Contact:
WhoisGuard
WhoisGuard Protected
(2289eab88851476688242cf0144287f4.protect@whoisguard.com)
+1.6613102107
Fax: +1.6613102107
11400 W. Olympic Blvd. Suite 200
Los Angeles, CA 90064
US
Technical Contact:
WhoisGuard
WhoisGuard Protected
(2289eab88851476688242cf0144287f4.protect@whoisguard.com)
+1.6613102107
Fax: +1.6613102107
11400 W. Olympic Blvd. Suite 200
Los Angeles, CA 90064
US
Status: Active
Name Servers:
dns1.namecheaphosting.com
dns2.namecheaphosting.com
conclution of scanning information
gathering is :
- Domain Name: SPENTERA.COM
Registrar: ENOM, INC.
- Registrant Contact, Administrative
Contact, and Technical Contact
B. what i did today
1. i used nmap aplication to get information of active and inactive host ip.
ex: "
nmap -v -sn 192.168.0.0/24"
then there shown all host IP with range 192.168.0.0-255
to get details information active host IP, type :
"nmap -v -A 192.168.0.21"
root@bt:~# nmap -v -A 192.168.0.21
Starting Nmap 5.61TEST4 (
http://nmap.org ) at 2012-01-25 18:00 WIT
NSE: Loaded 87 scripts for scanning.
NSE: Script Pre-scanning.
Initiating ARP Ping Scan at 18:00
Scanning 192.168.0.21 [1 port]
Completed ARP Ping Scan at 18:00, 0.04s
elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1
host. at 18:00
Completed Parallel DNS resolution of 1
host. at 18:00, 13.00s elapsed
Initiating SYN Stealth Scan at 18:00
Scanning 192.168.0.21 [1000 ports]
Discovered open port 22/tcp on
192.168.0.21
Discovered open port 139/tcp on
192.168.0.21
Discovered open port 445/tcp on
192.168.0.21
Discovered open port 80/tcp on
192.168.0.21
Discovered open port 10000/tcp on
192.168.0.21
Completed SYN Stealth Scan at 18:00,
0.15s elapsed (1000 total ports)
Initiating Service scan at 18:00
Scanning 5 services on 192.168.0.21
Completed Service scan at 18:01, 11.03s
elapsed (5 services on 1 host)
Initiating OS detection (try #1)
against 192.168.0.21
NSE: Script scanning 192.168.0.21.
Initiating NSE at 18:01
Completed NSE at 18:01, 1.46s elapsed
Nmap scan report for 192.168.0.21
Host is up (0.00076s latency).
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH
4.6p1 Debian 5build1 (protocol 2.0)
| ssh-hostkey: 1024
e4:46:40:bf:e6:29:ac:c6:00:e2:b2:a3:e1:50:90:3c (DSA)
|_2048
10:cc:35:45:8e:f2:7a:a1:cc:db:a0:e8:bf:c7:73:3d (RSA)
80/tcp open http Apache
httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6)
|_http-methods: No Allow or Public
header in OPTIONS response (status code 200)
|_http-title: Site doesn't have a title
(text/html).
139/tcp open netbios-ssn Samba smbd
3.X (workgroup: MSHOME)
445/tcp open netbios-ssn Samba smbd
3.X (workgroup: MSHOME)
10000/tcp open http MiniServ
0.01 (Webmin httpd)
|_http-methods: No Allow or Public
header in OPTIONS response (status code 200)
|_http-favicon: Unknown favicon MD5:
1F4BAEFFD3C738F5BEDC24B7B6B43285
|_http-title: Site doesn't have a title
(text/html; Charset=iso-8859-1).
MAC Address: 08:00:27:F9:C1:BB (Cadmus
Computer Systems)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6.22
OS details: Linux 2.6.22 (embedded,
ARM)
Uptime guess: 0.076 days (since Wed Jan
25 16:11:48 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=207
(Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE:
cpe:/o:linux:kernel
Host script results:
| nbstat:
| NetBIOS name: UBUNTUVM, NetBIOS
user: <unknown>, NetBIOS MAC: <unknown>
| Names
| UBUNTUVM<00> Flags:
<unique><active>
| UBUNTUVM<03> Flags:
<unique><active>
| UBUNTUVM<20> Flags:
<unique><active>
| \x01\x02__MSBROWSE__\x02<01>
Flags: <group><active>
| MSHOME<1d> Flags:
<unique><active>
| MSHOME<1e> Flags:
<group><active>
|_ MSHOME<00> Flags:
<group><active>
| smb-security-mode:
| Account that was used for smb
scripts: guest
| User-level authentication
| SMB Security: Challenge/response
passwords supported
|_ Message signing disabled
(dangerous, but default)
|_smbv2-enabled: Server doesn't support
SMBv2 protocol
| smb-os-discovery:
| OS: Unix (Samba 3.0.26a)
| Computer name: ubuntuvm
| Domain name: nsdlab
| FQDN: ubuntuvm.NSDLAB
| NetBIOS computer name:
|_ System time: 2012-01-26 01:01:13
UTC-6
TRACEROUTE
HOP RTT ADDRESS
1 0.75 ms 192.168.0.21
NSE: Script Post-scanning.
Initiating NSE at 18:01
Completed NSE at 18:01, 0.00s elapsed
Read data files from:
/usr/local/bin/../share/nmap
OS and Service detection performed.
Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up)
scanned in 28.19 seconds
Raw packets sent: 1020
(45.626KB) | Rcvd: 1016 (41.358KB)
2. i used nping aplication to scan the host IP, type : "
nping 198.168.0.0-255"
3. i used autoscan aplication to scan the host IP. with this way i got GUI information of active host IP
C. Installation Nessus
Installation Nessus using Linux BackTrack based of debian (Ubuntu) :
7.after run the update plugin, then we run the nessus service :
8. finish
to run the nessus open the browser and type : https://ip-server:8834.
C. Installation Nessus
Installation Nessus using Linux BackTrack based of debian (Ubuntu) :
- Download Nessus, save in directory which we want than save
the file with extension “.deb”
2. For installation make sure we already in directory where nessus exist then type :
# dpkg -i Nessus-4.0.0-ubuntu810_i386.deb
Selecting previously deselected package
nessus.
(Reading database … 111769 files and directories
currently installed.)
Unpacking nessus (from
Nessus-4.0.0-ubuntu810_i386.deb) …
Setting up nessus (4.0.0)
…
nessusd (Nessus) 4.0.0. for Linux
(C) 1998 - 2009 Tenable
Network Security, Inc.
Please run /opt/nessus/sbin/nessus-adduser to add a user
- Register your Nessus scanner at http://www.nessus.org/register/ to obtain
all the newest plugins
You can start nessusd by typing /etc/init.d/nessusd start
# /opt/nessus/sbin/nessus-adduser
Login : root
Authentication (pass/cert) :
[pass] pass
Login password :
Login password (again) :
Do you
want this user to be a Nessus ‘root’ user ? (can upload plugins,
etc…) (y/n) [n]: y
User rules
———-
nessusd has a
rules system which allows you to restrict the hosts
that admin has
the right to test. For instance, you may want
him to be able to
scan his own host only.
Please see the nessus-adduser manual for
the rules syntax
Enter the rules for this user, and enter a BLANK
LINE once you are done :
(the user can have an empty rules
set)
Login : root
Password : ***********
This user will have
‘root’ privileges within the Nessus server
Rules :
Is that
ok ? (y/n) [y] y
User added
- After add user, if we force to run nessus service before
registrate, in the desktop show :
# /etc/init.d/nessusd start
$Starting Nessus : .
Missing plugins. Attempting a plugin update…
Your installation is missing plugins. Please register and try again.
To register, please visit http://www.nessus.org/register/
- do the registration first to the link, than we will get the
activation code from our email.
- then we use the activation code to update plugin and run
nessus service.
- type above :
# /opt/nessus/bin/nessus-fetch –register
xxxx-xxxx-xxx-xxxx-xxxx ( depend of the activation code )
Your activation code has been registered
properly - thank you.
Now fetching the newest plugin set from
plugins.nessus.org…
Your Nessus installation is now
up-to-date.
If auto_update is set to ‘yes’ in nessusd.conf,
Nessus will
update the plugins by itself.
7.after run the update plugin, then we run the nessus service :
# /etc/init.d/nessusd start
$Starting
Nessus :
8. finish
to run the nessus open the browser and type : https://ip-server:8834.
Tidak ada komentar:
Posting Komentar