Daftar Blog Saya

Rabu, 25 Januari 2012

Information Gathering


The first task is
A. Information Gathering
1.The information gathering of IS2C-dojo.net
-. the active information gathering
root@BT:~# nmap -v -A 209.85.175.121

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-25 23:58 WIT
NSE: Loaded 87 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 23:58
Scanning 209.85.175.121 [4 ports]
Completed Ping Scan at 23:58, 0.10s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 23:58
Completed Parallel DNS resolution of 1 host. at 23:58, 0.00s elapsed
Initiating SYN Stealth Scan at 23:58
Scanning nx-in-f121.1e100.net (209.85.175.121) [1000 ports]
Discovered open port 53/tcp on 209.85.175.121
Discovered open port 80/tcp on 209.85.175.121
Completed SYN Stealth Scan at 23:59, 15.28s elapsed (1000 total ports)
Initiating Service scan at 23:59
Scanning 2 services on nx-in-f121.1e100.net (209.85.175.121)
Completed Service scan at 23:59, 32.73s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against nx-in-f121.1e100.net (209.85.175.121)
Retrying OS detection (try #2) against nx-in-f121.1e100.net (209.85.175.121)
Initiating Traceroute at 23:59
Completed Traceroute at 23:59, 0.18s elapsed
Initiating Parallel DNS resolution of 14 hosts. at 23:59
Completed Parallel DNS resolution of 14 hosts. at 23:59, 10.04s elapsed
NSE: Script scanning 209.85.175.121.
Initiating NSE at 23:59
Completed NSE at 23:59, 5.95s elapsed
Nmap scan report for nx-in-f121.1e100.net (209.85.175.121)
Host is up (0.031s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE VERSION
53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater
80/tcp open http-proxy Squid webproxy 2.7.STABLE9
|_http-methods: No Allow or Public header in OPTIONS response (status code 404)
| http-open-proxy: Potentially OPEN proxy.
|_Methods supported: GET HEAD CONNECTION
113/tcp closed ident
Device type: general purpose|WAP|remote management|broadband router|printer|phone
Running (JUST GUESSING): Linux 2.6.X|2.4.X (96%), Netgear embedded (90%), Dell embedded (90%), Linksys Linux 2.4.X (90%), Billion embedded (88%), Epson embedded (88%)
OS CPE: cpe:/o:linux:kernel:2.6 cpe:/o:linux:kernel:2.4.7 cpe:/o:linksys:linux:2.4 cpe:/o:linux:kernel:2.4 cpe:/o:linux:kernel:2.6.22 cpe:/o:linux:kernel:2.6.24
Aggressive OS guesses: Linux 2.6.15 - 2.6.30 (96%), Linux 2.4.7 (92%), Linux 2.6.9 - 2.6.27 (92%), Linux 2.6.18-8.el5 (Red Hat Enterprise Linux 5) (92%), Linux 2.6.21 (Arch Linux 0.8, x86) (92%), Linux 2.6.8 - 2.6.27 (92%), Linux 2.6.18 (ClarkConnect 4.3 Enterprise Edition) (91%), Linux 2.6.23 (91%), Linux 2.4.21 - 2.4.31 (likely embedded) (91%), Linux 2.6.15 - 2.6.23 (embedded) (91%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 62.975 days (since Thu Nov 24 00:36:04 2011)
Network Distance: 14 hops
TCP Sequence Prediction: Difficulty=204 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE (using port 113/tcp)
HOP RTT ADDRESS
1 3.60 ms hotspot.sejahtera.net (118.96.157.1)
2 3.67 ms 119.235.28.158
3 3.71 ms host1.subnet128.comnet.net.id (202.150.128.1)
4 3.74 ms host1.subnet129.comnet.net.id (202.150.129.1)
5 46.25 ms 118.96.148.1
6 46.19 ms 181.subnet125-160-15.infra.telkom.net.id (125.160.15.181)
7 73.92 ms 17.subnet118-98-57.astinet.telkom.net.id (118.98.57.17)
8 75.12 ms 118.98.15.29
9 71.48 ms 181.subnet118-98-57.astinet.telkom.net.id (118.98.57.181)
10 71.75 ms 37.subnet118-98-56.astinet.telkom.net.id (118.98.56.37)
11 71.78 ms 6.subnet118-98-59.astinet.telkom.net.id (118.98.59.6)
12 69.79 ms 42.subnet118-98-59.astinet.telkom.net.id (118.98.59.42)
13 164.57 ms 180.240.190.13
14 71.98 ms nx-in-f121.1e100.net (209.85.175.121)

NSE: Script Post-scanning.
Read data files from: /usr/local/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 69.46 seconds
Raw packets sent: 3091 (140.024KB) | Rcvd: 56 (3.148KB)

the conclution of scanning information gathering is
-PORT STATE SERVICE VERSION
53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater
80/tcp open http-proxy Squid webproxy 2.7.STABLE9
-OS CPE: cpe:/o:linux:kernel:2.6 cpe:/o:linux:kernel:2.4.7 cpe:/o:linksys:linux:2.4 cpe:/o:linux:kernel:2.4 cpe:/o:linux:kernel:2.6.22 cpe:/o:linux:kernel:2.6.24

-.passive information gathering
root@BT:~# whois is2c-dojo.net

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: IS2C-DOJO.NET
Registrar: CV. JOGJACAMP
Whois Server: whois.resellercamp.com
Referral URL: http://www.resellercamp.com
Name Server: PARTNERIT1.EARTH.ORDERBOX-DNS.COM
Name Server: PARTNERIT1.MARS.ORDERBOX-DNS.COM
Name Server: PARTNERIT1.MERCURY.ORDERBOX-DNS.COM
Name Server: PARTNERIT1.VENUS.ORDERBOX-DNS.COM
Status: clientTransferProhibited
Updated Date: 22-dec-2011
Creation Date: 22-dec-2011
Expiration Date: 22-dec-2012
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Registration Service Provided By: PARTNER IT
Contact: +62.2749570974

Domain Name: IS2C-DOJO.NET

Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
ID#10760, PO Box 16
Note - All Postal Mails Rejected, visit Privacyprotect.org
Nobby Beach
null,QLD 4218
AU
Tel. +45.36946676

Creation Date: 22-Dec-2011
Expiration Date: 22-Dec-2012

Domain servers in listed order:
partnerit1.earth.orderbox-dns.com
partnerit1.mars.orderbox-dns.com
partnerit1.mercury.orderbox-dns.com
partnerit1.venus.orderbox-dns.com


Administrative Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
ID#10760, PO Box 16
Note - All Postal Mails Rejected, visit Privacyprotect.org
Nobby Beach
null,QLD 4218
AU
Tel. +45.36946676

Technical Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
ID#10760, PO Box 16
Note - All Postal Mails Rejected, visit Privacyprotect.org
Nobby Beach
null,QLD 4218
AU
Tel. +45.36946676

Billing Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
ID#10760, PO Box 16
Note - All Postal Mails Rejected, visit Privacyprotect.org
Nobby Beach
null,QLD 4218
AU
Tel. +45.36946676

Status:LOCKED
Note: This Domain Name is currently Locked. In this status the domain
name cannot be transferred, hijacked, or modified. The Owner of this
domain name can easily change this status from their control panel.
This feature is provided as a security measure against fraudulent domain name hijacking.
Conclution of scanning information gathering is
- Domain Name: IS2C-DOJO.NET
Registrar: CV. JOGJACAMP

2. The information gathering of IS2C-dojo.com
-.the active information gathering
root@BT:~# nmap -v -A 67.222.154.106

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-26 00:17 WIT
NSE: Loaded 87 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 00:17
Scanning 67.222.154.106 [4 ports]
Completed Ping Scan at 00:17, 0.39s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 00:17
Completed Parallel DNS resolution of 1 host. at 00:17, 0.00s elapsed
Initiating SYN Stealth Scan at 00:17
Scanning gudeg.partnerit.us (67.222.154.106) [1000 ports]
Discovered open port 80/tcp on 67.222.154.106
Discovered open port 53/tcp on 67.222.154.106
SYN Stealth Scan Timing: About 47.60% done; ETC: 00:18 (0:00:34 remaining)
Completed SYN Stealth Scan at 00:17, 36.12s elapsed (1000 total ports)
Initiating Service scan at 00:17
Scanning 2 services on gudeg.partnerit.us (67.222.154.106)
Stats: 0:00:53 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 50.00% done; ETC: 00:18 (0:00:16 remaining)
Stats: 0:00:58 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 50.00% done; ETC: 00:18 (0:00:21 remaining)
Stats: 0:01:08 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 50.00% done; ETC: 00:18 (0:00:31 remaining)
Completed Service scan at 00:18, 51.12s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against gudeg.partnerit.us (67.222.154.106)
Initiating Traceroute at 00:18
Completed Traceroute at 00:18, 0.02s elapsed
Initiating Parallel DNS resolution of 3 hosts. at 00:18
Completed Parallel DNS resolution of 3 hosts. at 00:18, 0.05s elapsed
NSE: Script scanning 67.222.154.106.
Initiating NSE at 00:18
Completed NSE at 00:20, 76.71s elapsed
Nmap scan report for gudeg.partnerit.us (67.222.154.106)
Host is up (0.0071s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater
80/tcp open http-proxy Squid webproxy 2.7.STABLE9
| http-open-proxy: Potentially OPEN proxy.
|_Methods supported: GET HEAD CONNECTION
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.15 - 2.6.30
Uptime guess: 62.989 days (since Thu Nov 24 00:36:04 2011)
Network Distance: 3 hops
TCP Sequence Prediction: Difficulty=206 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 5.63 ms hotspot.sejahtera.net (118.96.157.1)
2 5.74 ms 119.235.28.158
3 5.77 ms gudeg.partnerit.us (67.222.154.106)

NSE: Script Post-scanning.
Read data files from: /usr/local/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 167.27 seconds
Raw packets sent: 3067 (136.968KB) | Rcvd: 45 (2.592KB)
conclution the scan is
- PORT STATE SERVICE VERSION
53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater
80/tcp open http-proxy Squid webproxy 2.7.STABLE9
- Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.15 – 2.6.30


-.the passive information gathering
root@BT:~# whois IS2C-dojo.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: IS2C-DOJO.COM
Registrar: CV. JOGJACAMP
Whois Server: whois.resellercamp.com
Referral URL: http://www.resellercamp.com
Name Server: NS1.PARTNERIT.US
Name Server: NS2.PARTNERIT.US
Status: clientTransferProhibited
Updated Date: 14-jan-2012
Creation Date: 14-jan-2012
Expiration Date: 14-jan-2013
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Registration Service Provided By: PARTNER IT
Contact: +62.2749570974

Domain Name: IS2C-DOJO.COM

Registrant:
n/a
Mada Rambu Perdhana (mrp.bpp@gmail.com)
Jl. MT Haryono No.25A rt.36 Kelurahan Damaii
Balikpapan
Balikpapan,12345
ID
Tel. +62.087838463816

Creation Date: 14-Jan-2012
Expiration Date: 14-Jan-2013

Domain servers in listed order:
ns1.partnerit.us
ns2.partnerit.us


Administrative Contact:
n/a
Mada Rambu Perdhana (mrp.bpp@gmail.com)
Jl. MT Haryono No.25A rt.36 Kelurahan Damaii
Balikpapan
Balikpapan,12345
ID
Tel. +62.087838463816

Technical Contact:
n/a
Mada Rambu Perdhana (mrp.bpp@gmail.com)
Jl. MT Haryono No.25A rt.36 Kelurahan Damaii
Balikpapan
Balikpapan,12345
ID
Tel. +62.087838463816

Billing Contact:
n/a
Mada Rambu Perdhana (mrp.bpp@gmail.com)
Jl. MT Haryono No.25A rt.36 Kelurahan Damaii
Balikpapan
Balikpapan,12345
ID
Tel. +62.087838463816

Status:LOCKED
Note: This Domain Name is currently Locked. In this status the domain
name cannot be transferred, hijacked, or modified. The Owner of this
domain name can easily change this status from their control panel.
This feature is provided as a security measure against fraudulent domain name hijacking.

Conclution of scanning information gathering is :
- Domain Name: IS2C-DOJO.COM
Registrar: CV. JOGJACAMP

3.The information gathering of www.spentera.com
-. the active information gathering
root@BT:~# nmap -v -A 74.81.66.104

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-25 23:40 WIT
NSE: Loaded 87 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 23:40
Scanning 74.81.66.104 [4 ports]
Completed Ping Scan at 23:40, 0.34s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 23:40
Completed Parallel DNS resolution of 1 host. at 23:40, 0.00s elapsed
Initiating SYN Stealth Scan at 23:40
Scanning server28.web-hosting.com (74.81.66.104) [1000 ports]
Discovered open port 80/tcp on 74.81.66.104
Discovered open port 53/tcp on 74.81.66.104
SYN Stealth Scan Timing: About 47.50% done; ETC: 23:41 (0:00:34 remaining)
Completed SYN Stealth Scan at 23:40, 36.63s elapsed (1000 total ports)
Initiating Service scan at 23:40
Scanning 2 services on server28.web-hosting.com (74.81.66.104)
Stats: 0:01:08 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 50.00% done; ETC: 23:41 (0:00:31 remaining)
Stats: 0:01:13 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 50.00% done; ETC: 23:41 (0:00:36 remaining)
Completed Service scan at 23:41, 51.10s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against server28.web-hosting.com (74.81.66.104)
Initiating Traceroute at 23:41
Completed Traceroute at 23:41, 0.02s elapsed
Initiating Parallel DNS resolution of 3 hosts. at 23:41
Completed Parallel DNS resolution of 3 hosts. at 23:41, 0.05s elapsed
NSE: Script scanning 74.81.66.104.
Initiating NSE at 23:41
Completed NSE at 23:42, 73.46s elapsed
Nmap scan report for server28.web-hosting.com (74.81.66.104)
Host is up (0.0081s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater
80/tcp open http-proxy Squid webproxy 2.7.STABLE9
| http-open-proxy: Potentially OPEN proxy.
|_Methods supported: GET HEAD CONNECTION
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.15 - 2.6.30
Uptime guess: 62.963 days (since Thu Nov 24 00:36:04 2011)
Network Distance: 3 hops
TCP Sequence Prediction: Difficulty=199 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 4.00 ms hotspot.sejahtera.net (118.96.157.1)
2 4.06 ms 119.235.28.158
3 4.77 ms server28.web-hosting.com (74.81.66.104)

NSE: Script Post-scanning.
Read data files from: /usr/local/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 164.52 seconds

Conclution of scanning information gathering is :
- PORT STATE SERVICE VERSION
53/tcp open domain Mikrotik RouterOS named or OpenDNS Updater
80/tcp open http-proxy Squid webproxy 2.7.STABLE9
- Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6
OS details: Linux 2.6.15 - 2.6.30

-.passive information gathering
root@BT:~# whois spentera.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: SPENTERA.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: DNS1.NAMECHEAPHOSTING.COM
Name Server: DNS2.NAMECHEAPHOSTING.COM
Status: ok
Updated Date: 12-may-2011
Creation Date: 15-feb-2011
Expiration Date: 15-feb-2012

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: spentera.com

Registrant Contact:
WhoisGuard
WhoisGuard Protected ()
Fax:
11400 W. Olympic Blvd. Suite 200
Los Angeles, CA 90064
US

Administrative Contact:
WhoisGuard
WhoisGuard Protected (2289eab88851476688242cf0144287f4.protect@whoisguard.com)
+1.6613102107
Fax: +1.6613102107
11400 W. Olympic Blvd. Suite 200
Los Angeles, CA 90064
US

Technical Contact:
WhoisGuard
WhoisGuard Protected (2289eab88851476688242cf0144287f4.protect@whoisguard.com)
+1.6613102107
Fax: +1.6613102107
11400 W. Olympic Blvd. Suite 200
Los Angeles, CA 90064
US

Status: Active

Name Servers:
dns1.namecheaphosting.com
dns2.namecheaphosting.com

conclution of scanning information gathering is :
- Domain Name: SPENTERA.COM
Registrar: ENOM, INC.
- Registrant Contact, Administrative Contact, and Technical Contact

B. what i did today
1. i used nmap aplication to get information of active and inactive host ip.
ex: " nmap -v -sn 192.168.0.0/24"
then there shown all host IP with range 192.168.0.0-255
to get details information active host IP, type : "nmap -v -A 192.168.0.21"
 
root@bt:~# nmap -v -A 192.168.0.21

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-25 18:00 WIT
NSE: Loaded 87 scripts for scanning.
NSE: Script Pre-scanning.
Initiating ARP Ping Scan at 18:00
Scanning 192.168.0.21 [1 port]
Completed ARP Ping Scan at 18:00, 0.04s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 18:00
Completed Parallel DNS resolution of 1 host. at 18:00, 13.00s elapsed
Initiating SYN Stealth Scan at 18:00
Scanning 192.168.0.21 [1000 ports]
Discovered open port 22/tcp on 192.168.0.21
Discovered open port 139/tcp on 192.168.0.21
Discovered open port 445/tcp on 192.168.0.21
Discovered open port 80/tcp on 192.168.0.21
Discovered open port 10000/tcp on 192.168.0.21
Completed SYN Stealth Scan at 18:00, 0.15s elapsed (1000 total ports)
Initiating Service scan at 18:00
Scanning 5 services on 192.168.0.21
Completed Service scan at 18:01, 11.03s elapsed (5 services on 1 host)
Initiating OS detection (try #1) against 192.168.0.21
NSE: Script scanning 192.168.0.21.
Initiating NSE at 18:01
Completed NSE at 18:01, 1.46s elapsed
Nmap scan report for 192.168.0.21
Host is up (0.00076s latency).
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)
| ssh-hostkey: 1024 e4:46:40:bf:e6:29:ac:c6:00:e2:b2:a3:e1:50:90:3c (DSA)
|_2048 10:cc:35:45:8e:f2:7a:a1:cc:db:a0:e8:bf:c7:73:3d (RSA)
80/tcp open http Apache httpd 2.2.4 ((Ubuntu) PHP/5.2.3-1ubuntu6)
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
|_http-title: Site doesn't have a title (text/html).
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: MSHOME)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: MSHOME)
10000/tcp open http MiniServ 0.01 (Webmin httpd)
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
|_http-favicon: Unknown favicon MD5: 1F4BAEFFD3C738F5BEDC24B7B6B43285
|_http-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
MAC Address: 08:00:27:F9:C1:BB (Cadmus Computer Systems)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:kernel:2.6.22
OS details: Linux 2.6.22 (embedded, ARM)
Uptime guess: 0.076 days (since Wed Jan 25 16:11:48 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=207 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel

Host script results:
| nbstat:
| NetBIOS name: UBUNTUVM, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
| Names
| UBUNTUVM<00> Flags: <unique><active>
| UBUNTUVM<03> Flags: <unique><active>
| UBUNTUVM<20> Flags: <unique><active>
| \x01\x02__MSBROWSE__\x02<01> Flags: <group><active>
| MSHOME<1d> Flags: <unique><active>
| MSHOME<1e> Flags: <group><active>
|_ MSHOME<00> Flags: <group><active>
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol
| smb-os-discovery:
| OS: Unix (Samba 3.0.26a)
| Computer name: ubuntuvm
| Domain name: nsdlab
| FQDN: ubuntuvm.NSDLAB
| NetBIOS computer name:
|_ System time: 2012-01-26 01:01:13 UTC-6

TRACEROUTE
HOP RTT ADDRESS
1 0.75 ms 192.168.0.21

NSE: Script Post-scanning.
Initiating NSE at 18:01
Completed NSE at 18:01, 0.00s elapsed
Read data files from: /usr/local/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 28.19 seconds
Raw packets sent: 1020 (45.626KB) | Rcvd: 1016 (41.358KB)

2. i used nping aplication to scan the host IP, type : " nping 198.168.0.0-255"

3. i used autoscan aplication to scan the host IP. with this way i got GUI information of active host IP

 C. Installation Nessus

Installation Nessus using Linux BackTrack based of debian (Ubuntu) :
  1. Download Nessus, save in directory which we want than save the file with extension “.deb”

    2. For installation make sure we already in directory where nessus exist then type :
# dpkg -i Nessus-4.0.0-ubuntu810_i386.deb
Selecting previously deselected package nessus.
(Reading database … 111769 files and directories currently installed.)
Unpacking nessus (from Nessus-4.0.0-ubuntu810_i386.deb) …
Setting up nessus (4.0.0) …
nessusd (Nessus) 4.0.0. for Linux
(C) 1998 - 2009 Tenable Network Security, Inc.

  • Please run /opt/nessus/sbin/nessus-adduser to add a user
    - Register your Nessus scanner at http://www.nessus.org/register/ to obtain
    all the newest plugins

  • You can start nessusd by typing /etc/init.d/nessusd start
2. after finish the installation follow the message below with add user for nessus :
# /opt/nessus/sbin/nessus-adduser
Login : root
Authentication (pass/cert) : [pass] pass
Login password :
Login password (again) :
Do you want this user to be a Nessus ‘root’ user ? (can upload plugins, etc…) (y/n) [n]: y
User rules
———-
nessusd has a rules system which allows you to restrict the hosts
that admin has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Login : root
Password : ***********
This user will have ‘root’ privileges within the Nessus server
Rules :
Is that ok ? (y/n) [y] y
User added




  1. After add user, if we force to run nessus service before registrate, in the desktop show :
    # /etc/init.d/nessusd start
    $Starting Nessus : .
    Missing plugins. Attempting a plugin update…
    Your installation is missing plugins. Please register and try again.
    To register, please visit http://www.nessus.org/register/

  2. do the registration first to the link, than we will get the activation code from our email.
  1. then we use the activation code to update plugin and run nessus service.
  2. type above :
# /opt/nessus/bin/nessus-fetch –register xxxx-xxxx-xxx-xxxx-xxxx ( depend of the activation code )
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org…
Your Nessus installation is now up-to-date.
If auto_update is set to ‘yes’ in nessusd.conf, Nessus will
update the plugins by itself.




7.after run the update plugin, then we run the nessus service :
# /etc/init.d/nessusd start
$Starting Nessus :




8. finish
to run the nessus open the browser and type : https://ip-server:8834.


Tidak ada komentar:

Posting Komentar