Saturday, 2 February 2013

Interpreting Host Results


Interpreting Host Results

Having identified our potential target hosts, we have progressed by
analyzing these hosts to identify the services the targets are running.
Furthermore, we have launched our automated vulnerability scanning
tools against the hosts to try and find a known exploitable problem. We
will now analyze sample output from our various tools.
Nmap Scans
We will first examine the output from our various nmap scans, as this
should give us a good feel for the target system. We have results from
two systems - one Sun and one Intel - to compare and contrast. We will
start with the TCP-connect scan, shown below

Windows NT connect scan


Starting nmap V. 2.54BETA1 by fyodor@insecure.org ( www.insecure.org/
nmap/ )
Interesting ports on (192.168.3.4):
(The 65528 ports scanned but not shown below are in state: closed)
Port State Service
80/tcp open http
135/tcp open loc-srv
139/tcp open netbios-ssn
443/tcp open https
1028/tcp open unknown
1063/tcp open unknown
3924/tcp open unknown
TCP Sequence Prediction: Class=trivial time dependency
Difficulty=2 (Trivial joke)
Remote operating system guess: Windows NT4 / Win95 / Win98
Nmap run completed -- 1 IP address (1 host up) scanned in 34 seconds


Solaris Connect Scan


Starting nmap V. 2.54BETA1 by fyodor@insecure.org ( www.insecure.org/
nmap/ )
Interesting ports on (192.168.2.3):
(The 65507 ports scanned but not shown below are in state: closed)
Port State Service
7/tcp open echo
9/tcp open discard
13/tcp open daytime
19/tcp open chargen
21/tcp open ftp
23/tcp open telnet
25/tcp open smtp
37/tcp open time
79/tcp open finger
111/tcp open sunrpc
512/tcp open exec
513/tcp open login
514/tcp open shell
515/tcp open printer
540/tcp open uucp
1103/tcp open xaudio
4045/tcp open lockd
6000/tcp open X11
6112/tcp open dtspc
7100/tcp open font-service
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
32773/tcp open sometimes-rpc9
32774/tcp open sometimes-rpc11
32775/tcp open sometimes-rpc13
32776/tcp open sometimes-rpc15
32777/tcp open sometimes-rpc17
32778/tcp open sometimes-rpc19
TCP Sequence Prediction: Class=random positive increments
Difficulty=24554 (Worthy challenge)
Remote OS guesses: Solaris 2.6 - 2.7, Solaris 7
Nmap run completed -- 1 IP address (1 host up) scanned in 34 seconds



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
  • Substitute Bytes Transformation
    Substitute Bytes Transformation Forward and Inverse Transformations The forward substitute byte transformation , called SubBytes,...
  • Finding the Greatest Common Divisor
    Finding the Greatest Common Divisor The Euclidean algorithm is based on the following theorem: For any nonnegative integer a and any...