Pastebin THNIC PDF

Pastebin.com - Printed Paste ID: http://pastebin.
com/3S0p6iNV
Page 1 of 28
1. # Nmap 5.35DC1 scan initiated Sat Sep 18 22:04:57 2010 as: nmap -O -sV -A -sS -sU
-o THINC.local 192.168.11.200-250
2. Warning: 192.168.11.202 giving up on port because retransmission cap hit (10).
3. Nmap scan report for 192.168.11.201
4. Host is up (0.053s latency).
5. Not shown: 1990 closed ports
6. PORT
STATE
SERVICE
VERSION
7. 135/tcp open
msrpc
Microsoft Windows RPC
8. 139/tcp open
netbios-ssn
9. 135/udp open
msrpc
10. 137/udp open
netbios-ns
Microsoft Windows NT netbios-ssn (workgroup:
THINC)
11. 138/udp open|filtered netbios-dgm
12. 445/udp open|filtered microsoft-ds
13. 1026/udp open|filtered win-rpc
14. 1027/udp open|filtered unknown
17. MAC Address: 00:50:56:BC:10:DE (VMware)
18. Device type: general purpose|media device|switch|printer
19. Running (JUST GUESSING) : Microsoft Windows XP|2000|2003|NT (95%), Motorola
Windows PocketPC/CE (87%), 3Com embedded (86%), Ricoh embedded (85%)
20. Aggressive OS guesses: Microsoft Windows XP (95%), Microsoft Windows 2000 SP0
(94%), Microsoft Windows 2000 SP4 (93%), Microsoft Windows 2000 SP2 (91%),
Microsoft Windows XP SP3 (90%), Microsoft Windows 2000 SP4 or Windows XP SP2 or
SP3 (89%), Microsoft Windows XP SP1 (88%), Microsoft Windows Server 2003 SP1 or
SP2 (88%), Microsoft Windows Server 2003 SP2 (88%), Microsoft Windows XP Embedded
(87%)
21. No exact OS matches for host (test conditions non-ideal).
22. Network Distance: 1 hop
23. Service Info: Host: ALICE; OS: Windows
24.
25. Host script results:
26. |_nbstat: NetBIOS name: ALICE, NetBIOS user: <unknown>, NetBIOS MAC:
00:50:56:bc:10:de (VMware)
27. | smb-os-discovery:
28. |
OS: Windows XP (Windows 2000 LAN Manager)
29. |
Name: THINC\ALICE
30. |_ System time: 2010-09-19 05:28:20 UTC+1
31. |_smbv2-enabled: Server doesn't support SMBv2 protocol
32.
33. TRACEROUTE
34. HOP RTT
ADDRESS
35. 1
52.52 ms 192.168.11.201
36.
39. Not shown: 1055 closed ports, 659 open|filtered ports, 285 filtered ports
40. PORT
STATE SERVICE VERSION
41. 80/tcp open http?
42. |_html-title: Let's play with the offsec team
43. MAC Address: 00:50:56:BC:79:02 (VMware)
44. Device type: general purpose|WAP|router
45. Running (JUST GUESSING) : Linux 2.6.X|2.4.X (92%), D-Link embedded (89%), Linksys
embedded (89%), Peplink embedded (89%), Linksys Linux 2.4.X (89%), Gemtek
embedded (87%), Siemens embedded (87%)
46. Aggressive OS guesses: Linux 2.6.23 - 2.6.32 (92%), Linux 2.6.22 (91%), Linux
2.6.31 (90%), Linux 2.6.18 - 2.6.27 (89%), D-Link DSA-3100 or Linksys WRT54GL
(DD-WRT v23) WAP, or Peplink Balance 30 router (89%), Linux 2.6.15 - 2.6.27
(89%), Linux 2.6.16 - 2.6.20 (89%), Linux 2.6.21 (89%), Linux 2.6.21 (Arch Linux
0.8, x86) (89%), Linux 2.6.22 (Fedora Core 6) (89%)
49.
50. TRACEROUTE
51. HOP RTT
ADDRESS
52. 1
51.93 ms 192.168.11.202
53.
54. Nmap scan report for bob.thinc.local (192.168.11.203)
56. Not shown: 999 open|filtered ports, 997 filtered ports
http://pastebin.com/print.php?i=3S0p6iNV
05-03-2015
Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
121.
122.
123.
124.
125.
Page 2 of 28
PORT
STATE SERVICE
VERSION
21/tcp
open ftp
Microsoft ftpd
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
80/tcp
open http
Microsoft IIS httpd 5.1
| http-methods: Potentially risky methods: TRACE DELETE COPY MOVE PROPFIND
PROPPATCH SEARCH MKCOL LOCK UNLOCK PUT
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_html-title: Site doesn't have a title (text/html).
3389/tcp open microsoft-rdp Microsoft Terminal Service
161/udp open snmp
SNMPv1 server (public)
| snmp-win32-software:
|
VMware Tools; 2008-09-16 11:26:22
|
WebFldrs XP; 2007-01-16 17:53:06
|
WinRAR archiver; 2007-01-10 14:12:18
|_ freeSSHd 1.2.1; 2008-09-26 15:02:40
| snmp-win32-users:
|
Administrator
|
Guest
|
HelpAssistant
|
IUSR_BOB
|
IWAM_BOB
|
SUPPORT_388945a0
|
bob
|_ dj
| snmp-interfaces:
|
MS TCP Loopback interface
|
IP address: 127.0.0.1 Netmask: 255.0.0.0
|
Type: softwareLoopback Speed: 10 Mbps
|
Traffic stats: 156.64 Kb sent, 156.64 Kb received
|
VMware Accelerated AMD PCNet Adapter
|
|
MAC address: 00:50:56:bc:32:a0 (VMware)
|
Type: ethernetCsmacd Speed: 1 Gbps
|_
Traffic stats: 13.59 Mb sent, 40.94 Mb received
| snmp-sysdescr: Hardware: x86 Family 6 Model 7 Stepping 10 AT/AT COMPATIBLE Software: Windows 2000 Version 5.1 (Build 2600 Uniprocessor Free)
|_ System uptime: 183 days, 19:04:33.40 (1587987340 timeticks)
| snmp-win32-services:
|
Application Layer Gateway Service
|
COM+ Event System
|
COM+ System Application
|
Computer Browser
|
DNS Client
|
Distributed Link Tracking Client
|
Distributed Transaction Coordinator
|
Event Log
|
FTP Publishing
|
FreeSSHDService
|
Help and Support
|
IIS Admin
|
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
|
Logical Disk Manager
|
Messenger
|
Net Logon
|
Network Connections
|
Network Location Awareness (NLA)
|
Plug and Play
|
Print Spooler
|
Protected Storage
|
Remote Access Connection Manager
|
Remote Procedure Call (RPC)
|
Remote Registry
|
SNMP Service
|
Secondary Logon
|
Security Accounts Manager
|
Server
|
Shell Hardware Detection
|
System Event Notification
|
TCP/IP NetBIOS Helper
|
Task Scheduler
|
Telephony
05-03-2015
126.
127.
128.
129.
130.
131.
132.
133.
134.
135.
136.
137.
138.
139.
140.
141.
142.
143.
144.
145.
146.
147.
148.
149.
150.
151.
152.
153.
154.
155.
156.
157.
158.
159.
160.
161.
162.
163.
164.
165.
166.
167.
168.
169.
170.
171.
172.
173.
174.
175.
176.
177.
178.
179.
180.
181.
182.
183.
184.
185.
186.
187.
188.
189.
190.
191.
192.
193.
194.
Page 3 of 28
|
Terminal Services
|
Themes
|
Upload Manager
|
VMware Tools Service
|
WebClient
|
Windows Audio
|
Windows Management Instrumentation
|
Windows Time
|
Workstation
|_ World Wide Web Publishing
MAC Address: 00:50:56:BC:32:A0 (VMware)
Warning: OSScan results may be unreliable because we could not find at least 1
open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
Network Distance: 1 hop
Service Info: OS: Windows
TRACEROUTE
HOP RTT
ADDRESS
1
55.54 ms bob.thinc.local (192.168.11.203)
Nmap scan report for bob2.thinc.local (192.168.11.204)
Host is up (0.050s latency).
Not shown: 999 open|filtered ports, 997 filtered ports
PORT
STATE SERVICE
VERSION
21/tcp
open ftp
Microsoft ftpd
80/tcp
open http
|_html-title: Site doesn't have a title (text/html).
161/udp open snmp
| snmp-win32-software:
|
VMware Tools; 2008-09-16 11:26:22
|
WebFldrs XP; 2007-01-16 17:53:06
|
WinRAR archiver; 2007-01-10 14:12:18
|_ freeSSHd 1.2.1; 2008-09-26 15:02:40
| snmp-processes:
|
System Idle Process
|
PID: 1
|
System
|
PID: 4
|
dllhost.exe
|
PID: 148
|
smss.exe
|
PID: 332
|
logon.scr
|
PID: 368
|
csrss.exe
|
PID: 404
|
winlogon.exe
|
PID: 428
|
services.exe
|
PID: 472
|
lsass.exe
|
PID: 484
|
svchost.exe
|
PID: 652
|
svchost.exe
|
PID: 700
|
svchost.exe
|
PID: 756
|
msdtc.exe
|
PID: 764
|
svchost.exe
|
PID: 808
|
IEXPLORE.EXE
|
PID: 824
05-03-2015
195.
196.
197.
198.
199.
200.
201.
202.
203.
204.
205.
206.
207.
208.
209.
210.
211.
212.
213.
214.
215.
216.
217.
218.
219.
220.
221.
222.
223.
224.
225.
226.
227.
228.
229.
230.
231.
232.
233.
234.
235.
236.
237.
238.
239.
240.
241.
242.
243.
244.
245.
246.
247.
248.
249.
250.
251.
252.
253.
254.
255.
256.
257.
258.
259.
260.
261.
262.
263.
264.
265.
Page 4 of 28
|
spoolsv.exe
|
PID: 864
|
cmd.exe
|
PID: 904
|
alg.exe
|
PID: 1000
|
FreeSSHDService.exe
|
PID: 1020
|
snmp.exe
|
PID: 1088
|
VMwareService.exe
|
PID: 1124
|
davcdata.exe
|
PID: 1204
|
IEXPLORE.EXE
|
PID: 1248
|
dllhost.exe
|
PID: 1780
|
IEXPLORE.EXE
|
PID: 1808
|
inetinfo.exe
|_
PID: 2036
|
Application Layer Gateway Service
|
COM+ Event System
|
COM+ System Application
|
Computer Browser
|
DNS Client
|
|
|
Event Log
|
FTP Publishing
|
FreeSSHDService
|
Help and Support
|
IIS Admin
|
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)
|
|
Messenger
|
Net Logon
|
Network Connections
|
Network Location Awareness (NLA)
|
Plug and Play
|
Print Spooler
|
Remote Access Connection Manager
|
|
Remote Registry
|
SNMP Service
|
Secondary Logon
|
|
Server
|
Shell Hardware Detection
|
|
TCP/IP NetBIOS Helper
|
Task Scheduler
|
Telephony
|
Terminal Services
|
Themes
|
Upload Manager
|
|
WebClient
|
Windows Audio
|
|
Windows Time
|
Workstation
|_ World Wide Web Publishing
| snmp-win32-users:
|
Administrator
|
Guest
|
HelpAssistant
|
IUSR_BOB
|
IWAM_BOB
05-03-2015
Page 5 of 28
266. |
SUPPORT_388945a0
267. |_ bob
268. | snmp-sysdescr: Hardware: x86 Family 6 Model 7 Stepping 10 AT/AT COMPATIBLE Software: Windows 2000 Version 5.1 (Build 2600 Uniprocessor Free)
269. |_ System uptime: 183 days, 19:00:25.09 (1587962509 timeticks)
270. | snmp-netstat:
271. |
TCP 0.0.0.0:21
0.0.0.0:14556
272. |
TCP 0.0.0.0:80
0.0.0.0:45125
273. |
TCP 0.0.0.0:135
0.0.0.0:12376
274. |
TCP 0.0.0.0:443
0.0.0.0:34986
275. |
TCP 0.0.0.0:445
0.0.0.0:24822
276. |
TCP 0.0.0.0:1025
0.0.0.0:41204
277. |
TCP 0.0.0.0:1038
0.0.0.0:45118
278. |
TCP 0.0.0.0:3060
0.0.0.0:10347
279. |
TCP 0.0.0.0:3061
0.0.0.0:37066
280. |
TCP 0.0.0.0:3389
0.0.0.0:41121
281. |
TCP 0.0.0.0:4620
0.0.0.0:10418
282. |
TCP 0.0.0.0:60000
0.0.0.0:28691
283. |
TCP 127.0.0.1:3001
0.0.0.0:45070
284. |
TCP 127.0.0.1:3002
0.0.0.0:49283
285. |
TCP 127.0.0.1:3003
0.0.0.0:45118
286. |
TCP 127.0.0.1:3114
0.0.0.0:14428
287. |
TCP 127.0.0.1:3128
0.0.0.0:18494
288. |
TCP 127.0.0.1:3129
0.0.0.0:36906
289. |
TCP 127.0.0.1:3130
0.0.0.0:32904
290. |
TCP 127.0.0.1:3131
0.0.0.0:57555
291. |
TCP 127.0.0.1:3243
0.0.0.0:39125
292. |
TCP 127.0.0.1:3444
0.0.0.0:45278
293. |
TCP 127.0.0.1:3449
0.0.0.0:2064
294. |
TCP 127.0.0.1:3450
0.0.0.0:206
295. |
TCP 127.0.0.1:3451
0.0.0.0:33016
296. |
TCP 127.0.0.1:3452
0.0.0.0:45230
297. |
TCP 127.0.0.1:3481
0.0.0.0:47235
298. |
TCP 127.0.0.1:3755
0.0.0.0:2096
299. |
TCP 127.0.0.1:3756
0.0.0.0:14457
300. |
TCP 127.0.0.1:3757
0.0.0.0:6148
301. |
TCP 127.0.0.1:3800
0.0.0.0:24627
302. |
TCP 127.0.0.1:3801
0.0.0.0:45226
303. |
TCP 127.0.0.1:3885
0.0.0.0:22758
304. |
TCP 127.0.0.1:3886
0.0.0.0:2048
305. |
TCP 127.0.0.1:3887
0.0.0.0:8261
306. |
TCP 127.0.0.1:3888
0.0.0.0:59629
307. |
TCP 127.0.0.1:3889
0.0.0.0:2251
308. |
TCP 127.0.0.1:4029
0.0.0.0:2128
309. |
TCP 127.0.0.1:4054
0.0.0.0:10311
310. |
TCP 127.0.0.1:4057
0.0.0.0:53433
311. |
TCP 127.0.0.1:4200
0.0.0.0:2144
312. |
TCP 127.0.0.1:4230
0.0.0.0:18443
313. |
TCP 127.0.0.1:4571
0.0.0.0:45294
314. |
TCP 127.0.0.1:4572
0.0.0.0:45230
315. |
TCP 127.0.0.1:4749
0.0.0.0:26877
316. |
TCP 127.0.0.1:4829
0.0.0.0:51200
317. |
TCP 127.0.0.1:4830
0.0.0.0:2080
318. |
TCP 127.0.0.1:4831
0.0.0.0:22740
319. |
TCP 127.0.0.1:4832
0.0.0.0:43093
320. |
TCP 127.0.0.1:4833
0.0.0.0:43189
321. |
TCP 127.0.0.1:4894
0.0.0.0:16555
322. |
TCP 192.168.11.204:80
192.168.10.129:35127
323. |
TCP 192.168.11.204:80
192.168.10.129:57887
324. |
TCP 192.168.11.204:80
192.168.10.129:58032
325. |
TCP 192.168.11.204:80
192.168.10.129:58033
326. |
TCP 192.168.11.204:80
192.168.10.129:58034
327. |
TCP 192.168.11.204:139
0.0.0.0:2080
328. |
TCP 192.168.11.204:3061 192.168.10.127:4444
329. |
TCP 192.168.11.204:3115 192.168.11.220:139
330. |
TCP 192.168.11.204:3117 192.168.11.220:139
331. |
TCP 192.168.11.204:3121 192.168.11.204:21
332. |
UDP 0.0.0.0:135
*:*
333. |
UDP 0.0.0.0:161
*:*
334. |
UDP 0.0.0.0:445
*:*
335. |
UDP 0.0.0.0:1026
*:*
05-03-2015
336.
337.
338.
339.
340.
341.
342.
343.
344.
345.
346.
347.
348.
349.
350.
351.
352.
353.
354.
355.
356.
357.
358.
359.
360.
361.
362.
363.
364.
365.
366.
367.
368.
369.
370.
371.
372.
373.
374.
375.
376.
377.
378.
379.
380.
381.
382.
383.
384.
385.
386.
387.
388.
389.
390.
391.
392.
393.
394.
395.
396.
397.
398.
Page 6 of 28
|
UDP 0.0.0.0:1027
*:*
|
UDP 0.0.0.0:1039
*:*
|
UDP 0.0.0.0:3007
*:*
|
UDP 0.0.0.0:3456
*:*
|
UDP 127.0.0.1:123
*:*
|
UDP 127.0.0.1:3154
*:*
|
UDP 127.0.0.1:3166
*:*
|
UDP 192.168.11.204:123
*:*
|
UDP 192.168.11.204:137
*:*
|_ UDP 192.168.11.204:138
*:*
| snmp-interfaces:
|
MS TCP Loopback interface
|
|
Type: softwareLoopback Speed: 10 Mbps
|
|
VMware Accelerated AMD PCNet Adapter
|
|
MAC address: 00:50:56:bc:7a:58 (VMware)
|
Type: ethernetCsmacd Speed: 1 Gbps
|_
MAC Address: 00:50:56:BC:7A:58 (VMware)
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
TRACEROUTE
HOP RTT
ADDRESS
1
49.64 ms bob2.thinc.local (192.168.11.204)
Nmap scan report for oracle.thinc.local (192.168.11.205)
Not shown: 1978 closed ports
PORT
STATE
SERVICE
VERSION
21/tcp
open
ftp
Microsoft ftpd 5.0
80/tcp
open
http
|_html-title: Under Construction
| http-methods: Potentially risky methods: TRACE COPY PROPFIND SEARCH LOCK UNLOCK
DELETE PUT MOVE MKCOL PROPPATCH
135/tcp open
msrpc
139/tcp open
netbios-ssn
443/tcp open
https?
445/tcp open
microsoft-ds Microsoft Windows 2000 microsoft-ds
1027/tcp open
msrpc
1033/tcp open
msrpc
1038/tcp open
msrpc
1043/tcp open
oracle
Oracle Database
2030/tcp open
oracle-mts
Oracle MTS Recovery Service
3372/tcp open
msdtc
Microsoft Distributed Transaction
Coordinator
3389/tcp open
microsoft-rdp Microsoft Terminal Service
4443/tcp open
http
Oracle HTTP Server Powered by Apache 1.3.22
(mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12
mod_oprocmgr/1.0 mod_perl/1.25)
|_html-title: 400 Bad Request
| http-methods: Potentially risky methods: TRACE
7778/tcp open
http
Oracle HTTP Server Powered by Apache 1.3.22
(mod_plsql/3.0.9.8.3b mod_ssl/2.8.5 OpenSSL/0.9.6b mod_fastcgi/2.2.12
mod_oprocmgr/1.0 mod_perl/1.25)
|_html-title: Oracle HTTP Server Index
135/udp open
msrpc
137/udp open
netbios-ns
Microsoft Windows netbios-ssn (workgroup:
ACME)
138/udp open|filtered netbios-dgm
05-03-2015
399.
400.
401.
402.
403.
404.
405.
406.
407.
408.
409.
410.
411.
412.
413.
414.
415.
416.
417.
418.
419.
420.
421.
422.
423.
424.
425.
426.
427.
428.
429.
430.
431.
432.
433.
434.
435.
436.
437.
438.
439.
440.
441.
442.
443.
444.
445.
446.
447.
448.
449.
450.
451.
452.
453.
454.
455.
Page 7 of 28
445/udp open|filtered microsoft-ds

500/udp open|filtered isakmp
1029/udp open
msrpc
3456/udp open|filtered IISrpc-or-vat
MAC Address: 00:50:56:BC:1E:F7 (VMware)
Device type: general purpose|media device
Running (JUST GUESSING) : Microsoft Windows 2000|XP|NT|2003 (94%), Motorola
Windows PocketPC/CE (85%)
Aggressive OS guesses: Microsoft Windows 2000 SP0 (94%), Microsoft Windows XP
Microsoft Windows NT 4.0 SP6 (89%), Microsoft Windows XP SP3 (89%), Microsoft
Windows 2000 SP4 or Windows XP SP2 or SP3 (89%), Microsoft Windows Server 2003
SP1 or SP2 (88%), Microsoft Windows Server 2003 SP2 (88%), Microsoft Windows XP
SP1 (87%)
No exact OS matches for host (test conditions non-ideal).
Service Info: Host: ORACLE2; OS: Windows
Host script results:
| smb-os-discovery:
|
OS: Windows 2000 (Windows 2000 LAN Manager)
|
Name: ACME\ORACLE2
|_ System time: 2010-09-19 05:27:01 UTC+2
|_smbv2-enabled: Server doesn't support SMBv2 protocol
|_nbstat: NetBIOS name: ORACLE2, NetBIOS user: <unknown>, NetBIOS MAC:
00:50:56:bc:1e:f7 (VMware)
TRACEROUTE
HOP RTT
ADDRESS
1
50.22 ms oracle.thinc.local (192.168.11.205)
Nmap scan report for oracle2.thinc.local (192.168.11.206)
PORT
STATE
SERVICE
VERSION
135/tcp open
msrpc
139/tcp open
netbios-ssn
445/tcp open
microsoft-ds
Microsoft Windows 2000 microsoft-ds
1038/tcp open
msrpc
1054/tcp open
msrpc
1064/tcp open
msrpc
1069/tcp open
cognex-insight?
2030/tcp open
oracle-mts
Oracle MTS Recovery Service
3372/tcp open
msdtc?
3389/tcp open
microsoft-rdp
Microsoft Terminal Service
4443/tcp open
pharos?
137/udp open
netbios-ns?
1027/udp open|filtered unknown
1 service unrecognized despite returning data. If you know the service/version,
please submit the following fingerprint at http://www.insecure.org/cgibin/servicefp-submit.cgi :
SF-Port3372-TCP:V=5.35DC1%I=7%D=9/19%Time=4C959229%P=i686-pc-linux-gnu%r(G
SF:etRequest,6,"\xb8\xdc\n\0\x08@")%r(RTSPRequest,6,"\xb8\xdc\n\0\x08@")%r
SF:(HTTPOptions,6,"\x08\xb0\n\0\xb8\xdc")%r(Help,6,"\xb8\xdc\n\0\x08@")%r(
SF:SSLSessionReq,6,"\xb8\xdc\n\0\x08@")%r(FourOhFourRequest,6,"\xb8\xdc\n\
SF:0\x08@")%r(LPDString,6,"\xb8\xdc\n\0\x08@")%r(SIPOptions,6,"\xb8\xdc\n\
SF:0\x08@");
MAC Address: 00:50:56:BC:28:EB (VMware)
Device type: general purpose|media device|switch|printer
Running (JUST GUESSING) : Microsoft Windows 2000|XP|2003|NT (95%), Motorola
Windows PocketPC/CE (86%), 3Com embedded (86%), Ricoh embedded (85%)
Aggressive OS guesses: Microsoft Windows 2000 SP0 (95%), Microsoft Windows XP
Microsoft Windows XP SP3 (90%), Microsoft Windows 2000 SP4 or Windows XP SP2 or
SP3 (89%), Microsoft Windows XP SP1 (88%), Microsoft Windows XP Embedded (88%),
05-03-2015
Page 8 of 28
Microsoft Windows Server 2003 SP1 or SP2 (88%), Microsoft Windows Server 2003 SP2
(88%)
458. Service Info: OS: Windows
459.
462.
463. TRACEROUTE
464. HOP RTT
ADDRESS
465. 1
50.13 ms oracle2.thinc.local (192.168.11.206)
466.
469. All 2000 scanned ports on 192.168.11.207 are filtered (1000) or open|filtered
(1000)
470. MAC Address: 00:50:56:BC:74:7A (VMware)
471. Too many fingerprints match this host to give specific OS details
473.
474. TRACEROUTE
475. HOP RTT
ADDRESS
476. 1
48.03 ms 192.168.11.207
477.
478. Nmap scan report for phoenix.thinc.local (192.168.11.208)
480. Not shown: 1989 filtered ports
481. PORT
STATE
SERVICE
VERSION
482. 21/tcp
open
ftp
vsftpd 2.0.1
483. |_ftp-anon: Anonymous FTP login allowed (FTP code 230)
484. 22/tcp
open
ssh
OpenSSH 3.9p1 (protocol 1.99)
485. |_sshv1: Server supports SSHv1
486. | ssh-hostkey: 1024 89:94:af:2e:5d:c1:da:84:25:11:2c:12:45:c6:70:ac (RSA1)
487. | 1024 c1:c5:d1:83:0f:4d:d8:9e:8f:82:4c:be:53:4b:6e:14 (DSA)
488. |_1024 bc:e1:e6:dd:ab:5e:fd:d1:21:2e:11:7c:d5:b2:03:52 (RSA)
489. 25/tcp
closed
smtp
490. 80/tcp
open
http
Apache httpd 2.0.52 ((CentOS))
491. |_html-title: Site doesn't have a title (text/html; charset=UTF-8).
492. | http-methods: Potentially risky methods: TRACE
493. |_See http://nmap.org/nsedoc/scripts/http-methods.html
494. | robots.txt: has 2 disallowed entries
495. |_/internal/ /tmp/
496. 111/tcp open
rpcbind
2 (rpc #100000)
497. 139/tcp open
netbios-ssn Samba smbd 3.X (workgroup: MYGROUP)
498. 443/tcp open
ssl/http
499. |_html-title: Site doesn't have a title (text/html; charset=UTF-8).
500. |_sslv2: server still supports SSLv2
503. | robots.txt: has 2 disallowed entries
504. |_/internal/ /tmp/
505. 445/tcp open
netbios-ssn Samba smbd 3.X (workgroup: MYGROUP)
506. 631/tcp open
ipp
CUPS 1.1
507. 3306/tcp open
mysql
MySQL (unauthorized)
508. 631/udp open|filtered ipp
509. MAC Address: 00:50:56:BC:3D:AB (VMware)
510. Device type: WAP|general purpose|remote management|webcam|storage-misc
511. Running (JUST GUESSING) : Linux 2.4.X|2.6.X (94%), Linksys Linux 2.4.X (93%), TPLink embedded (91%), Dell embedded (90%), AXIS Linux 2.6.X (88%), IBM embedded
(88%)
512. Aggressive OS guesses: OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (94%), Linux
2.6.21 (94%), OpenWrt White Russian 0.9 (Linux 2.4.30) (93%), OpenWrt Kamikaze
7.09 (Linux 2.6.22) (93%), Linux 2.6.27 (Ubuntu 8.10) (93%), Linux 2.6.9 - 2.6.27
(92%), Linux 2.6.22 (92%), Linux 2.6.5 (SUSE Enterprise Server 9) (92%), Linux
2.6.20 (91%), Linux 2.6.20 (Ubuntu, x86_64) (91%)
515. Service Info: OS: Unix
516.
05-03-2015
518.
519.
520.
521.
522.
523.
524.
525.
526.
527.
528.
529.
530.
531.
532.
533.
534.
535.
536.
537.
538.
539.
540.
541.
542.
543.
544.
545.
546.
547.
548.
549.
550.
551.
552.
553.
554.
555.
556.
557.
558.
559.
560.
561.
562.
563.
564.
565.
566.
567.
568.
569.
570.
571.
572.
573.
574.
575.
576.
577.
578.
579.
580.
Page 9 of 28

| smb-os-discovery:
|
OS: Unix (Samba 3.0.33-0.17.el4)
|
Name: MYGROUP\Unknown
|_ System time: 2010-03-14 08:28:56 UTC-4
TRACEROUTE
HOP RTT
ADDRESS
1
51.88 ms phoenix.thinc.local (192.168.11.208)
Nmap scan report for suse.thinc.local (192.168.11.209)
PORT
STATE
SERVICE VERSION
22/tcp
open
ssh
OpenSSH 4.1 (protocol 1.99)
| ssh-hostkey: 1024 5c:98:60:0f:d3:ae:57:dd:cb:97:d8:f7:4c:e0:b4:10 (RSA1)
| 1024 f3:c5:c1:14:c9:41:c2:6b:10:75:cf:fd:86:8e:6a:fc (DSA)
|_1024 cf:ad:91:b2:a6:8a:88:1b:8f:e3:c6:9e:e9:a1:81:ba (RSA)
|_sshv1: Server supports SSHv1
80/tcp
open
http
Apache httpd 2.0.54 ((Linux/SUSE))
| robots.txt: has 1 disallowed entry
|_/
|_html-title: Access forbidden!
|_http-favicon: Apache on Linux
111/tcp
open
rpcbind 2 (rpc #100000)
631/tcp
open
ipp
CUPS 1.1
3306/tcp open
mysql
MySQL 4.1.13
| mysql-info: Protocol: 10
| Version: 4.1.13
| Thread ID: 8
| Some Capabilities: Connect with DB, Compress, Transactions, Secure Connection
| Status: Autocommit
|_Salt: W)fHr(ljM$f[tX:V&V^Y
111/udp
open
631/udp
open|filtered ipp
5353/udp open|filtered zeroconf
32768/udp open|filtered omad
MAC Address: 00:50:56:BC:26:80 (VMware)
Device type: WAP|general purpose|router|firewall|remote management|broadband
router
Running (JUST GUESSING) : Linux 2.4.X|2.6.X (96%), Linksys Linux 2.4.X (95%),
Linksys embedded (92%), TP-Link embedded (91%), Dell embedded (91%)
Aggressive OS guesses: OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (96%), OpenWrt
White Russian 0.9 (Linux 2.4.30) (95%), OpenWrt Kamikaze 7.09 (Linux 2.6.22)
(95%), Linux 2.6.15 - 2.6.27 (94%), Linux 2.6.16 - 2.6.20 (94%), Linux 2.6.21
(94%), Linux 2.6.21 (Arch Linux 0.8, x86) (94%), Linux 2.6.23 (94%), Linux 2.6.18
- 2.6.27 (94%), Linux 2.6.18 - 2.6.24 (94%)
TRACEROUTE
HOP RTT
ADDRESS
1
49.87 ms suse.thinc.local (192.168.11.209)
Nmap scan report for 192.168.11.210
Not shown: 1996 filtered ports
PORT
22/tcp open
ssh
| ssh-hostkey: 1024 ab:a7:86:a8:a0:39:c6:0a:81:0b:f9:ae:6f:4b:51:79 (DSA)
|_2048 8b:a5:11:b8:ca:75:9e:8c:a7:17:2c:a3:c9:90:1e:87 (RSA)
80/tcp closed http
631/tcp closed ipp
631/udp closed ipp
Device type: WAP|general purpose|webcam|remote management|storage-misc|firewall
Running (JUST GUESSING) : Linux 2.4.X|2.6.X (96%), Linksys Linux 2.4.X (94%), TPLink embedded (92%), AXIS Linux 2.6.X (92%), Dell embedded (91%), IBM embedded
(91%), HID embedded (90%)
05-03-2015
Page 10 of 28
581. Aggressive OS guesses: OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (96%), OpenWrt
Kamikaze 7.09 (Linux 2.6.22) (95%), Linux 2.6.21 (94%), OpenWrt White Russian 0.9
(Linux 2.4.30) (94%), Linux 2.6.9 - 2.6.27 (94%), Linux 2.6.22 (94%), Linux 2.6.5
(SUSE Enterprise Server 9) (94%), Linux 2.6.9 - 2.6.18 (93%), Linux 2.6.18 2.6.27 (92%), Linux 2.6.9 (CentOS 4.3) (92%)
584.
585. TRACEROUTE
586. HOP RTT
ADDRESS
587. 1
49.25 ms 192.168.11.210
588.
589. Nmap scan report for sip.thinc.local (192.168.11.211)
592. PORT
STATE
SERVICE
VERSION
593. 21/tcp
open
ftp
vsftpd 2.0.5
594. 22/tcp
open
ssh
595. | ssh-hostkey: 1024 3e:a0:7d:28:94:bb:51:86:17:1b:4e:0f:ec:b6:c0:89 (DSA)
596. |_2048 46:42:b8:92:26:8b:bc:7f:07:45:0f:dd:68:55:e0:31 (RSA)
597. 80/tcp
open
http
598. | robots.txt: has 1 disallowed entry
599. |_/
600. |_http-methods: No Allow or Public header in OPTIONS response (status code 302)
601. | html-title: trixbox - User Mode
602. |_Requested resource was http://sip.thinc.local/user/
603. |_http-favicon:
604. 111/tcp open
rpcbind
605. 139/tcp open
netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
606. 443/tcp open
ssl/http
608. | robots.txt: has 1 disallowed entry
609. |_/
610. | html-title: trixbox - User Mode
611. |_Requested resource was https://sip.thinc.local:443/user/
612. |_http-favicon:
613. 445/tcp open
netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
614. 3306/tcp open
mysql
615. 69/udp
open|filtered tftp
616. 111/udp open
rpcbind
2 (rpc #100000)
617. 123/udp open|filtered ntp
618. 137/udp open
netbios-ns Samba nmbd (workgroup: WORKGROUP)
620. 5060/udp open
sip-proxy
Asterisk PBX
621. 5353/udp open
mdns
DNS-based service discovery
622. | dns-service-discovery:
623. |
69/tcp aastra-cfg
624. |
Address=192.168.11.233
625. |
80/tcp http
626. |_
Address=192.168.11.233
628. Device type: WAP|general purpose|storage-misc|remote management|firewall|webcam
629. Running (JUST GUESSING) : Linksys Linux 2.4.X (96%), Linux 2.6.X|2.4.X (95%), TPLink embedded (94%), IBM embedded (93%), Dell embedded (92%), HID embedded (92%),
AXIS Linux 2.6.X (92%)
630. Aggressive OS guesses: OpenWrt White Russian 0.9 (Linux 2.4.30) (96%), Linux
2.6.21 (95%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (95%), OpenWrt Kamikaze
7.09 (Linux 2.6.22) (95%), Linux 2.6.9 - 2.6.27 (94%), Linux 2.6.22 (94%), Linux
2.6.5 (SUSE Enterprise Server 9) (94%), TP-Link TL-WR941N WAP (94%), Linux 2.6.27
(93%), Linux 2.6.9 (CentOS 4.3) (93%)
633. Service Info: Host: TRIXBOX1; OS: Unix
634.
636. |_nbstat: NetBIOS name: TRIXBOX1, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
638. |
OS: Unix (Samba 3.0.25b-1.el5_1.4)
639. |
Name: WORKGROUP\Unknown
640. |_ System time: 2010-03-18 23:42:11 UTC-4
05-03-2015
642.
643.
644.
645.
646.
647.
648.
649.
650.
651.
652.
653.
654.
655.
656.
657.
658.
659.
660.
661.
662.
663.
664.
665.
666.
667.
668.
669.
670.
671.
672.
673.
674.
675.
676.
677.
678.
679.
680.
681.
682.
683.
684.
685.
686.
687.
688.
689.
690.
691.
692.
693.
694.
Page 11 of 28
TRACEROUTE
HOP RTT
ADDRESS
1
49.57 ms sip.thinc.local (192.168.11.211)
PORT
STATE SERVICE
VERSION
3389/tcp open
4444/tcp closed krb524
5900/tcp closed vnc
MAC Address: 00:50:56:BC:3F:89 (VMware)
Running (JUST GUESSING) : Microsoft Windows 2000|XP|2003 (92%), Motorola Windows
PocketPC/CE (85%)
Aggressive OS guesses: Microsoft Windows 2000 SP4 (92%), Microsoft Windows XP SP3
(92%), Microsoft Windows Server 2003 SP1 or SP2 (91%), Microsoft Windows 2000 SP0
(91%), Microsoft Windows XP (91%), Microsoft Windows Server 2003 SP2 (90%),
Microsoft Windows XP SP2 (89%), Microsoft Windows XP SP2 or SP3 (89%), Microsoft
Windows 2000 SP4 or Windows XP SP2 or SP3 (88%), Microsoft Windows XP SP2
(firewall disabled) (88%)
TRACEROUTE
HOP RTT
ADDRESS
1
51.13 ms 192.168.11.212
PORT
STATE SERVICE
VERSION
3389/tcp open
5900/tcp closed vnc
MAC Address: 00:50:56:BC:1A:EF (VMware)
PocketPC/CE (85%)
Aggressive OS guesses: Microsoft Windows 2000 SP4 (93%), Microsoft Windows XP SP3
(92%), Microsoft Windows Server 2003 SP1 or SP2 (91%), Microsoft Windows 2000 SP0
(91%), Microsoft Windows XP (91%), Microsoft Windows Server 2003 SP2 (90%),
Microsoft Windows Server 2003 (89%), Microsoft Windows XP SP2 (89%), Microsoft
Windows XP SP2 or SP3 (89%), Microsoft Windows 2000 SP4 or Windows XP SP2 or SP3
(88%)
TRACEROUTE
HOP RTT
ADDRESS
1
51.54 ms 192.168.11.213

PORT
STATE SERVICE
VERSION
3389/tcp open
5900/tcp closed vnc
MAC Address: 00:50:56:BC:7B:8F (VMware)
Running (JUST GUESSING) : Microsoft Windows XP|2000|2003 (93%), Motorola Windows
PocketPC/CE (85%)
695. Aggressive OS guesses: Microsoft Windows XP SP3 (93%), Microsoft Windows 2000 SP4
(92%), Microsoft Windows Server 2003 SP1 or SP2 (91%), Microsoft Windows Server
2003 SP2 (91%), Microsoft Windows 2000 SP0 (91%), Microsoft Windows XP (91%),
Microsoft Windows XP SP2 (90%), Microsoft Windows Server 2003 (89%), Microsoft
05-03-2015
Page 12 of 28
Windows XP SP2 or SP3 (89%), Microsoft Windows 2000 SP4 or Windows XP SP2 or SP3
(88%)
699.
700. TRACEROUTE
701. HOP RTT
ADDRESS
702. 1
52.80 ms 192.168.11.214
703.
704. Nmap scan report for redhat9.thinc.local (192.168.11.215)
707. PORT
STATE
SERVICE
VERSION
708. 21/tcp
open
ftp
vsftpd 1.1.3
710. 22/tcp
open
ssh
711. | ssh-hostkey: 1024 36:70:a4:9f:32:47:ac:57:3f:ef:a1:ec:0b:ba:44:1b (RSA1)
712. | 1024 64:79:7d:c6:a2:63:32:54:f0:d9:2b:f3:5d:c7:d2:69 (DSA)
713. |_1024 48:fb:39:3d:30:82:50:de:66:69:c5:ca:45:62:c0:dc (RSA)
715. 25/tcp
open
smtp
Sendmail 8.12.8/8.12.8
716. | smtp-commands: redhat.acme.com Hello [192.168.10.129], pleased to meet you,
ENHANCEDSTATUSCODES, PIPELINING, EXPN, VERB, 8BITMIME, SIZE, DSN, ETRN,
DELIVERBY, HELP
717. |_ 2.0.0 This is sendmail version 8.12.8 2.0.0 Topics: 2.0.0 HELO EHLO MAIL RCPT
DATA 2.0.0 RSET NOOP QUIT HELP VRFY 2.0.0 EXPN VERB ETRN DSN AUTH 2.0.0 STARTTLS
2.0.0 For more info use "HELP <topic>". 2.0.0 To report bugs in the
implementation send email to 2.0.0 sendmail-bugs@sendmail.org. 2.0.0 For local
information send email to Postmaster at your site. 2.0.0 End of HELP info
718. 111/tcp
open
rpcbind
719. 139/tcp
open
netbios-ssn Samba smbd (workgroup: MYGROUP)
720. 143/tcp
open
imap
UW imapd 2001.315rh
721. |_imap-capabilities: LOGIN-REFERRALS IMAP4REV1 STARTTLS SCAN THREAD=REFERENCES
MAILBOX-REFERRALS SORT AUTH=LOGIN THREAD=ORDEREDSUBJECT IDLE NAMESPACE
MULTIAPPEND
722. 199/tcp
open
smux
Linux SNMP multiplexer
723. 3306/tcp open
mysql
724. 32768/tcp open
status
1 (rpc #100024)
725. 111/udp
open
rpcbind
2 (rpc #100000)
726. 137/udp
open
netbios-ns Microsoft Windows NT netbios-ssn (workgroup:
MYGROUP)
727. 138/udp
open|filtered netbios-dgm
728. 161/udp
open
snmp?
729. | snmp-sysdescr: Linux redhat.acme.com 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003
i686
731. 32768/udp open
status
1 (rpc #100024)
732. 1 service unrecognized despite returning data. If you know the service/version,
733. SF-Port161-UDP:V=5.35DC1%I=7%D=9/19%Time=4C959240%P=i686-pc-linux-gnu%r(SN
734. SF:MPv3GetRequest,A4,"08\x02\x01\0\x04\x06public\xa2\+\x02\x04L3\xa7V\x02\
735. SF:x01\0\x02\x01\x000\x1d0\x1b\x06\x08\+\x06\x01\x02\x01\x01\x05\0\x04\x0f
736. SF:redhat\.acme\.com0h\x02\x01\x030\x0f\x02\x02Ji\x02\x03\0\xff\xe3\x04\x0
737. SF:1\0\x02\x01\x03\x04\x200\x1e\x04\r\x80\0\x07\xe5\x80\xaaI\xe6k\xb0i\xac
738. SF:E\x02\x01\x17\x02\x04\0\xf3\x08\xea\x04\0\x04\0\x04\x0000\x04\r\x80\0\x
739. SF:07\xe5\x80\xaaI\xe6k\xb0i\xacE\x04\0\xa8\x1d\x02\x027\xf0\x02\x01\0\x02
740. SF:\x01\x000\x110\x0f\x06\n\+\x06\x01\x06\x03\x0f\x01\x01\x04\0A\x01\x02");
742. Device type: WAP|remote management|general purpose|router
743. Running (JUST GUESSING) : Linksys Linux 2.4.X (96%), Dell embedded (95%), Linux
2.4.X|2.6.X (95%), D-Link embedded (93%), Enterasys embedded (93%), Netgear
embedded (93%), D-Link Linux 2.4.X (93%)
744. Aggressive OS guesses: OpenWrt White Russian 0.9 (Linux 2.4.30) (96%), Dell
Integrated Remote Access Controller (iDRAC6) (95%), Linux 2.4.21 - 2.4.31 (likely
embedded) (95%), Linux 2.6.15 - 2.6.23 (embedded) (95%), Linux 2.6.15 - 2.6.30
(95%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (95%), Linux 2.6.22 (94%), OpenWrt
0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (94%), Linux 2.4.27 (94%), Linux 2.6.23gentoo-r3 (93%)
05-03-2015
746.
747.
748.
749.
750.
751.
752.
753.
754.
755.
756.
757.
758.
759.
760.
761.
762.
763.
764.
765.
766.
767.
768.
769.
770.
771.
772.
773.
774.
775.
776.
777.
778.
779.
780.
781.
782.
783.
784.
785.
786.
787.
788.
789.
790.
791.
792.
793.
794.
795.
796.
797.
798.
799.
800.
801.
802.
803.
804.
805.
806.
807.
808.
809.
Page 13 of 28

Service Info: Host: redhat.acme.com; OSs: Unix, Linux, Windows
|_nbstat: NetBIOS name: REDHAT, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
TRACEROUTE
HOP RTT
ADDRESS
1
53.57 ms redhat9.thinc.local (192.168.11.215)
Nmap scan report for redhat6.thinc.local (192.168.11.217)
PORT
STATE SERVICE
VERSION
21/tcp
open ftp
WU-FTPD wu-2.6.0
|_auth-owners: root
23/tcp
open telnet
Linux telnetd
|_auth-owners: root
25/tcp
open smtp
Sendmail 8.9.3/8.9.3
| smtp-commands: ftp3.thinc.local Hello [192.168.10.129], pleased to meet you,
EXPN, VERB, 8BITMIME, SIZE, DSN, ONEX, ETRN, XUSR, HELP
|_ This is Sendmail version 8.9.3 Topics: HELO EHLO MAIL RCPT DATA RSET NOOP QUIT
HELP VRFY EXPN VERB ETRN DSN For more info use "HELP <topic>". To report bugs in
the implementation send email to sendmail-bugs@sendmail.org. For local
information send email to Postmaster at your site. End of HELP info
|_auth-owners: root
79/tcp
open finger
Debian fingerd
| finger: Login
Name
Tty
Idle Login Time
Office
Office
Phone
|_OS5547
*pts/0
12:56 Sep 18 22:47 (192.168.10.39)
|_auth-owners: root
111/tcp open rpcbind
|_auth-owners: bin
113/tcp open ident
|_auth-owners: nobody
513/tcp open login?
|_auth-owners: root
514/tcp open tcpwrapped
|_auth-owners: root
515/tcp open printer
lpd (error: : Malformed from address)
|_auth-owners: root
|_auth-owners: root
111/udp open rpcbind
2 (rpc #100000)
517/udp open talk?
518/udp open ntalk?
1024/udp open rpc.unknown
2 services unrecognized despite returning data. If you know the service/version,
please submit the following fingerprints at http://www.insecure.org/cgibin/servicefp-submit.cgi :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port517-UDP:V=5.35DC1%I=7%D=9/19%Time=4C959240%P=i686-pc-linux-gnu%r(RP
SF:CCheck,18,"\x01\xfe\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0")%r(D
SF:NSVersionBindReq,18,"\x01\x06\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0")%r(DNSStatusRequest,18,"\x01\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0")%r(NBTStat,18,"\x01\xf0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0")%r(Help,18,"\x01e\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0")%r(SIPOptions,18,"\x01P\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0")%r(Sqlping,18,"\x01P\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0")%r(NTPRequest,18,"\x01\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0")%r(SNMPv1public,18,"\x01\x82\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0")%r(SNMPv3GetRequest,18,"\x01:\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0")%r(xdmcp,18,"\x01\x01\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0")%r(AFSVersionRequest,18,"\x01\0\x03\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0")%r(DNS-SD,18,"\x01\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0")%r(Citrix,18,"\x01\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0")%r(Kerberos,18,"\x01\x81\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port518-UDP:V=5.35DC1%I=7%D=9/19%Time=4C959241%P=i686-pc-linux-gnu%r(RP
05-03-2015
810.
811.
812.
813.
814.
815.
816.
817.
818.
819.
820.
821.
822.
823.
824.
825.
826.
827.
828.
829.
830.
831.
832.
833.
834.
835.
836.
837.
838.
839.
840.
841.
842.
843.
844.
845.
846.
847.
848.
849.
850.
851.
852.
853.
854.
855.
856.
857.
858.
859.
860.
861.
862.
863.
864.
865.
866.
867.
868.
869.
870.
Page 14 of 28
SF:CCheck,18,"\x01\xfe\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0")%r(D
SF:NSVersionBindReq,18,"\x01\x06\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0")%r(DNSStatusRequest,18,"\x01\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0")%r(NBTStat,18,"\x01\xf0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0")%r(Help,18,"\x01e\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0")%r(SIPOptions,18,"\x01P\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0")%r(Sqlping,18,"\x01P\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0")%r(NTPRequest,18,"\x01\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0")%r(SNMPv1public,18,"\x01\x82\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0")%r(SNMPv3GetRequest,18,"\x01:\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0")%r(xdmcp,18,"\x01\x01\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0")%r(AFSVersionRequest,18,"\x01\0\x03\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0\0\0\0")%r(DNS-SD,18,"\x01\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0\0")%r(Citrix,18,"\x01\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0
SF:\0\0\0\0\0\0\0")%r(Kerberos,18,"\x01\x81\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\
SF:0\0\0\0\0\0\0\0");
MAC Address: 00:50:56:BC:5D:06 (VMware)
Device type: general purpose|webcam|printer|WAP|game console
Running (JUST GUESSING) : Linux 2.2.X|2.6.X|2.4.X (90%), Mobotix Linux 2.2.X
(89%), Lexmark embedded (88%), Netgear Linux 2.4.X (88%), Linksys Linux 2.4.X
(87%), GNU Hurd (86%), Sony embedded (86%), D-Link embedded (85%)
Aggressive OS guesses: Linux 2.2.5 - 2.2.14 (Red Hat 6.0 - 6.2) (90%), Linux
2.2.9 (89%), Linux 2.2.13 (SuSE 6.3) (88%), Lexmark X644e printer (88%), Netgear
WG602v1 WAP (Linux 2.2.14) (88%), OpenWrt White Russian 0.9 (Linux 2.4.30) (87%),
GNU Hurd 0.3 (86%), Sony PlayStation 2 game console test kit 2.2.1 (86%), OpenWrt
Kamikaze 7.09 (Linux 2.6.22) (86%), Linux 2.4.19 - 2.4.20 (86%)
Service Info: Host: ftp3.thinc.local; OSs: Unix, Linux
TRACEROUTE
HOP RTT
ADDRESS
1
PORT
STATE SERVICE
VERSION
21/tcp
open ftp
FileZilla ftpd
53/tcp
open domain
Microsoft DNS 6.0.6001
88/tcp
open kerberos-sec Microsoft Windows kerberos-sec
135/tcp
open msrpc
139/tcp
open netbios-ssn
389/tcp
open ldap
445/tcp
open microsoft-ds Microsoft Windows 2003 or 2008 microsoft-ds
464/tcp
open kpasswd5?
593/tcp
open ncacn_http
Microsoft Windows RPC over HTTP 1.0
636/tcp
open tcpwrapped
3268/tcp open ldap
49154/tcp open msrpc
49157/tcp open ncacn_http
53/udp
open domain
Microsoft DNS 6.0.6001 (17714650)
|_dns-recursion: Recursion appears to be enabled
88/udp
open kerberos-sec Windows 2003 Kerberos (server time: 2010-09-19
05:03:52Z)
123/udp
open ntp
NTP v3
| ntp-info:
|_ receive time stamp: Sun Sep 19 05:26:52 2010
137/udp
open netbios-ns
Microsoft Windows NT netbios-ssn (workgroup: THINC)
MAC Address: 00:50:56:BC:40:CE (VMware)
Device type: general purpose
Running (JUST GUESSING) : Microsoft Windows 2008|Vista|7 (90%), FreeBSD 6.X (85%)
05-03-2015
Page 15 of 28
871. Aggressive OS guesses: Microsoft Windows Server 2008 R2 (90%), Microsoft Windows
Server 2008 Beta 3 (89%), Microsoft Windows Vista SP0 or SP1, Server 2008 SP1, or
Windows 7 (89%), FreeBSD 6.2-RELEASE (85%), FreeBSD 6.3-RELEASE (85%)
874. Service Info: Hosts: Welcome, MASTER; OS: Windows
875.
877. |_nbstat: NetBIOS name: MASTER, NetBIOS user: <unknown>, NetBIOS MAC:
00:50:56:bc:40:ce (VMware)
879. |
OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R)
2008 Standard 6.0)
880. |
Name: THINC\MASTER
881. |_ System time: 2010-09-19 05:27:49 UTC-7
882. |_smbv2-enabled: Server supports SMBv2 protocol
883.
884. TRACEROUTE
885. HOP RTT
ADDRESS
886. 1
56.15 ms 192.168.11.220
887.
888. Nmap scan report for slave.thinc.local (192.168.11.221)
891. PORT
STATE
SERVICE
VERSION
892. 53/tcp
open
domain
Microsoft DNS
893. 88/tcp
open
kerberos-sec Microsoft Windows kerberos-sec
894. 135/tcp open
msrpc
895. 139/tcp open
netbios-ssn
896. 389/tcp open
ldap
897. 445/tcp open
tcpwrapped
898. 464/tcp open
tcpwrapped
899. 593/tcp open
ncacn_http
900. 636/tcp open
tcpwrapped
901. 1025/tcp open
msrpc
902. 1027/tcp open
ncacn_http
903. 1038/tcp open
msrpc
904. 53/udp
open
domain?
905. |_dns-recursion: Recursion appears to be enabled
906. 88/udp
open
kerberos-sec Windows 2003 Kerberos (server time: 2010-0919 06:07:05Z)
907. 123/udp open
ntp
Microsoft NTP
908. | ntp-info:
909. |_ receive time stamp: Sun Sep 19 05:27:24 2010
910. 137/udp open
netbios-ns
THINC)
912. 389/udp open|filtered ldap
913. 445/udp open|filtered microsoft-ds
914. 464/udp open|filtered kpasswd5
915. 500/udp open|filtered isakmp
917. 1036/udp open
domain
Zoom X5 ADSL modem DNS
919. 1043/udp open|filtered boinc
920. 4500/udp open|filtered nat-t-ike
922. SF-Port53-UDP:V=5.35DC1%I=7%D=9/19%Time=4C959263%P=i686-pc-linux-gnu%r(NBT
923. SF:Stat,32,"\x80\xf0\x80\x82\0\x01\0\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAA
924. SF:AAAAAAAA\0\0!\0\x01")%r(DNS-SD,2E,"\0\0\x80\x82\0\x01\0\0\0\0\0\0\t_ser
925. SF:vices\x07_dns-sd\x04_udp\x05local\0\0\x0c\0\x01")%r(Citrix,1E,"\x1e\0\x
926. SF:81\x01\x02\xfd\xa8\xe3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
928. Device type: general purpose|media device
929. Running (JUST GUESSING) : Microsoft Windows 2003|2000|XP (95%), Motorola Windows
PocketPC/CE (90%)
930. Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (95%), Microsoft Windows
Server 2003 R2 SP2 (91%), Microsoft Windows 2000 or Server 2003 SP1 (91%),
Microsoft Windows Server 2003 SP1 or SP2 (91%), Microsoft Windows XP SP2 (91%),
05-03-2015
Page 16 of 28
Microsoft Windows XP SP2 or Server 2003 SP2 (90%), Motorola VIP1200 digital set
top box (Windows CE 5.0) (90%), Microsoft Windows XP SP2 or SP3 (89%), Microsoft
Windows XP SP3 (89%), Microsoft Windows XP SP2 (firewall disabled) (89%)
933. Service Info: OS: Windows; Device: broadband router
934.
937. |
OS: Windows Server 2003 3790 Service Pack 1 (Windows Server 2003 5.2)
938. |
Name: THINC\SLAVE
939. |_ System time: 2010-09-19 05:27:26 UTC-7
941. |_nbstat: NetBIOS name: SLAVE, NetBIOS user: <unknown>, NetBIOS MAC:
00:50:56:bc:16:63 (VMware)
942.
943. TRACEROUTE
944. HOP RTT
ADDRESS
945. 1
51.74 ms slave.thinc.local (192.168.11.221)
946.
947. Nmap scan report for redhat7.thinc.local (192.168.11.222)
950. PORT
STATE
SERVICE
VERSION
951. 21/tcp
open
ftp
WU-FTPD wu-2.6.2-5
953. 22/tcp
open
ssh
955. | ssh-hostkey: 1024 4a:e3:f8:07:d5:d6:b1:b5:bf:54:ac:e7:17:36:7e:e8 (RSA1)
956. | 1024 77:67:f2:2c:3d:7c:45:24:fe:5e:0f:de:07:65:b3:57 (DSA)
957. |_1024 42:b1:48:0b:41:f8:a9:12:cc:9b:c4:ed:26:74:64:2c (RSA)
958. 23/tcp
open
telnet
Linux telnetd
959. 25/tcp
open
smtp
Sendmail 8.11.6/8.11.6
960. | smtp-commands: localhost.localdomain Hello [192.168.10.129], pleased to meet
you, ENHANCEDSTATUSCODES, EXPN, VERB, 8BITMIME, SIZE, DSN, ONEX, ETRN, XUSR, HELP
961. |_ 2.0.0 This is sendmail version 8.11.6 2.0.0 Topics: 2.0.0 HELO EHLO MAIL RCPT
DATA 2.0.0 RSET NOOP QUIT HELP VRFY 2.0.0 EXPN VERB ETRN DSN AUTH 2.0.0 STARTTLS
2.0.0 For more info use "HELP <topic>". 2.0.0 To report bugs in the
implementation send email to 2.0.0 sendmail-bugs@sendmail.org. 2.0.0 For local
information send email to Postmaster at your site. 2.0.0 End of HELP info
962. 80/tcp
open
http
Apache httpd 1.3.23 ((Unix) (Red-Hat/Linux)
mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2
mod_perl/1.26 mod_throttle/3.1.2)
963. |_html-title: Test Page for the Apache Web Server on Red Hat Linux
964. | http-methods: Potentially risky methods: PUT DELETE CONNECT PATCH PROPFIND
PROPPATCH MKCOL COPY MOVE LOCK UNLOCK TRACE
966. 111/tcp
open
rpcbind
967. 139/tcp
open
netbios-ssn Samba smbd (workgroup: MYGROUP)
968. 199/tcp
open
smux
Linux SNMP multiplexer
969. 443/tcp
open
ssl/http
Apache httpd 1.3.23 ((Unix) (Red-Hat/Linux)
mod_python/2.7.6 Python/1.5.2 mod_ssl/2.8.7 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2
mod_perl/1.26 mod_throttle/3.1.2)
971. | http-methods: Potentially risky methods: PUT DELETE CONNECT PATCH PROPFIND
PROPPATCH MKCOL COPY MOVE LOCK UNLOCK TRACE
973. |_html-title: Test Page for the Apache Web Server on Red Hat Linux
974. 995/tcp
open
ssl/pop3
ipopd 2001.78rh
975. |_pop3-capabilities: OK(K Capability list follows) UIDL LOGIN-DELAY(180) USER TOP
SASL(PLAIN LOGIN)
977. 32768/tcp open
status
1 (rpc #100024)
978. 111/udp
open
rpcbind
2 (rpc #100000)
979. 137/udp
open
netbios-ns Microsoft Windows XP netbios-ssn
980. 138/udp
981. 161/udp
open
snmp
982. | snmp-sysdescr: Linux mailman 2.4.18-3 #1 Thu Apr 18 07:37:53 EDT 2002 i686
984. 32768/udp open
status
1 (rpc #100024)
985. MAC Address: 00:50:56:BC:0D:2C (VMware)
05-03-2015
Page 17 of 28
986. Device type: WAP|router|remote management|general purpose|firewall

987. Running (JUST GUESSING) : D-Link embedded (95%), Enterasys embedded (95%),
Netgear embedded (95%), Linksys Linux 2.4.X (93%), Dell embedded (93%), Linux
2.4.X|2.6.X (93%), Cisco embedded (92%)
988. Aggressive OS guesses: Enterasys Matrix X router, or D-Link DWL-G700AP or Netgear
WG302v1 WAP (95%), OpenWrt White Russian 0.9 (Linux 2.4.30) (93%), Dell
Integrated Remote Access Controller (iDRAC6) (93%), Linux 2.4.21 - 2.4.31 (likely
embedded) (93%), Linux 2.6.15 - 2.6.23 (embedded) (93%), Linux 2.6.15 - 2.6.30
(93%), Cisco MARS 50 firewall version 4.2.1 (92%), Linux 2.4.9 (Red Hat
Enterprise Linux 2.1 AS) (92%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (92%),
OpenWrt Kamikaze 7.09 (Linux 2.6.22) (92%)
991. Service Info: Hosts: localhost.localdomain, 192.168.11.222, MAILMAN; OSs: Unix,
Linux, Windows
992.
994. |_nbstat: NetBIOS name: MAILMAN, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
995.
996. TRACEROUTE
997. HOP RTT
ADDRESS
998. 1
999.
1000. Nmap scan report for jeff.thinc.local (192.168.11.223)
1003. PORT
STATE
SERVICE
VERSION
1004. 80/tcp
open
http
Apache httpd 2.2.14 ((Win32) DAV/2
mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq220090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
1007. |_html-title: Index of /
1008. 135/tcp
open
msrpc
1009. 139/tcp
open
netbios-ssn
1010. 443/tcp
open
ssl/http
Apache httpd 2.2.14 ((Win32) DAV/2
mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 mod_apreq220090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1)
1011. |_html-title: Index of /
1015. 3306/tcp open
mysql
1016. 3389/tcp open
1017. 49152/tcp open
msrpc
1018. 49153/tcp open
msrpc
1019. 49154/tcp open
msrpc
1020. 49155/tcp open
msrpc
1021. 49156/tcp open
msrpc
1022. 49157/tcp open
msrpc
1023. 123/udp
open|filtered ntp
1024. 137/udp
open
netbios-ns?
1025. 138/udp
1026. 500/udp
open|filtered isakmp
1030. SF-Port137-UDP:V=5.35DC1%I=7%D=9/19%Time=4C959276%P=i686-pc-linux-gnu%r(NB
1031. SF:TStat,67,"\x80\xf0\x84\0\0\0\0\x01\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAAA
1032. SF:AAAAAAA\0\0!\0\x01\0\0\0\0\0/\0\0PV\xbcO\x16\0\0\0\0\0\0\0\0\0\0\0\0\0\
1033. SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0");
1034. MAC Address: 00:50:56:BC:4F:16 (VMware)
1035. Device type: general purpose|printer|WAP
1036. Running (JUST GUESSING) : Microsoft Windows Vista|7|2008 (95%), Lexmark embedded
(88%), Linux 2.6.X (85%)
1037. Aggressive OS guesses: Microsoft Windows Vista Home Premium SP1, Windows 7, or
Server 2008 (95%), Microsoft Windows Vista SP1 (93%), Microsoft Windows Vista
Enterprise (90%), Lexmark X644e printer (88%), Microsoft Windows Vista (88%),
Microsoft Windows Vista Business (86%), Microsoft Windows Vista SP0 - SP2, Server
05-03-2015
Page 18 of 28
2008, or Windows 7 Ultimate (86%), Microsoft Windows Vista SP0 or SP1 (86%),
Microsoft Windows Vista SP0 or SP1, Server 2008 SP1, or Windows 7 (86%),
Microsoft Windows Server 2008 SP1 (86%)
1041.
1042. TRACEROUTE
1043. HOP RTT
ADDRESS
1044. 1
53.54 ms jeff.thinc.local (192.168.11.223)
1045.
1046. Nmap scan report for ubuntu7.thinc.local (192.168.11.224)
1049. PORT
STATE
SERVICE
VERSION
1050. 22/tcp open
ssh
OpenSSH 4.6p1 Debian 5build1 (protocol 2.0)
1051. | ssh-hostkey: 1024 f3:6e:87:04:ea:2d:b3:60:ff:42:ad:26:67:17:94:d5 (DSA)
1052. |_2048 bb:03:ce:ed:13:f1:9a:9e:36:03:e2:af:ca:b2:35:04 (RSA)
1053. 80/tcp open
http
Apache httpd 2.2.4 ((Ubuntu)
PHP/5.2.3-1ubuntu6)
1056. |_html-title: Site doesn't have a title (text/html).
1057. 110/tcp open
pop3
Dovecot pop3d
1058. |_pop3-capabilities: OK(K) CAPA RESP-CODES UIDL PIPELINING STLS TOP SASL
1059. 139/tcp open
netbios-ssn Samba smbd 3.X (workgroup: MSHOME)
1060. 143/tcp open
imap
Dovecot imapd
1061. |_imap-capabilities: LOGIN-REFERRALS LOGINDISABLED UNSELECT THREAD=REFERENCES
STARTTLS IMAP4rev1 NAMESPACE SORT CHILDREN LITERAL+ IDLE SASL-IR MULTIAPPEND
1062. 445/tcp open
netbios-ssn Samba smbd 3.X (workgroup: MSHOME)
1063. 993/tcp open
ssl/imaps?
1065. 995/tcp open
ssl/pop3
Dovecot pop3d
1066. |_pop3-capabilities: OK(K) CAPA RESP-CODES UIDL PIPELINING USER TOP SASL(PLAIN)
1068. 137/udp open
1070. MAC Address: 00:50:56:BC:4F:CB (VMware)
1071. Device type: WAP|general purpose|remote management|webcam|printer
1072. Running (JUST GUESSING) : Linux 2.6.X|2.4.X (96%), Linksys Linux 2.4.X (94%),
Dell embedded (94%), Linksys embedded (92%), AXIS Linux 2.6.X (92%), Epson
embedded (92%), D-Link embedded (91%)
1073. Aggressive OS guesses: OpenWrt Kamikaze 7.09 (Linux 2.6.22) (96%), Linux 2.6.22
(94%), OpenWrt White Russian 0.9 (Linux 2.4.30) (94%), OpenWrt 0.9 - 7.09 (Linux
2.4.30 - 2.4.34) (94%), Dell Integrated Remote Access Controller (iDRAC6) (94%),
Linux 2.4.21 - 2.4.31 (likely embedded) (94%), Linux 2.6.15 - 2.6.23 (embedded)
(94%), Linux 2.6.15 - 2.6.30 (94%), Dell Remote Access Controller 5 (DRAC 5)
(92%), Linux 2.4.27 (92%)
1076. Service Info: Host: UBUNTU05; OSs: Linux, Windows
1077.
1080. |_nbstat: NetBIOS name: UBUNTU05, NetBIOS user: <unknown>, NetBIOS MAC: <unknown>
1082. |
OS: Unix (Samba 3.0.26a)
1083. |
Name: MSHOME\Unknown
1084. |_ System time: 2010-09-19 05:28:46 UTC-4
1085.
1086. TRACEROUTE
1087. HOP RTT
ADDRESS
1088. 1
50.49 ms ubuntu7.thinc.local (192.168.11.224)
1089.
1092. Not shown: 1000 open|filtered ports, 998 filtered ports
1093. PORT
STATE SERVICE
VERSION
1094. 21/tcp
open ftp
GuildFTPd
1096. |_ftp-bounce: bounce working!
05-03-2015
Page 19 of 28
1097. 3389/tcp open microsoft-rdp Microsoft Terminal Service

1099. Warning: OSScan results may be unreliable because we could not find at least 1
1100. Device type: general purpose
1101. Running (JUST GUESSING) : Microsoft Windows 2003|XP|2000 (91%)
1102. Aggressive OS guesses: Microsoft Windows Server 2003 SP2 (91%), Microsoft Windows
XP SP2 or Server 2003 SP2 (91%), Microsoft Windows 2000 or Server 2003 SP1 (87%),
Microsoft Windows Server 2003 Enterprise Edition (85%), Microsoft Windows Server
2003 R2 SP2 (85%), Microsoft Windows Server 2003 SP1 (85%)
1106.
1107. TRACEROUTE
1108. HOP RTT
ADDRESS
1109. 1
50.99 ms 192.168.11.226
1110.
1111. Nmap scan report for websql.thinc.local (192.168.11.227)
1114. PORT
STATE
SERVICE
VERSION
1115. 21/tcp
open
ftp
Microsoft ftpd 5.0
1117. 25/tcp
open
smtp
Microsoft ESMTP 5.0.2195.5329
1118. | smtp-commands: mail.barak.net.il Hello [192.168.10.129], AUTH GSSAPI NTLM
LOGIN, AUTH=LOGIN, TURN, ATRN, SIZE 2097152, ETRN, PIPELINING, DSN,
ENHANCEDSTATUSCODES, 8bitmime, BINARYMIME, CHUNKING, VRFY, OK
1119. |_ This server supports the following commands: HELO EHLO STARTTLS RCPT DATA RSET
MAIL QUIT HELP AUTH TURN ATRN ETRN BDAT VRFY
1120. 80/tcp
open
http
1121. |_html-title: Login
1122. | http-methods: Potentially risky methods: TRACE COPY PROPFIND SEARCH LOCK UNLOCK
DELETE PUT MOVE MKCOL PROPPATCH
1124. 135/tcp open
msrpc
1125. 139/tcp open
netbios-ssn
1126. 443/tcp open
https?
1127. 445/tcp open
microsoft-ds Microsoft Windows 2000 microsoft-ds
1128. 1025/tcp open
msrpc
1129. 1026/tcp open
mstask
Microsoft mstask (task server c:\winnt\system32\Mstask.exe)
1130. 1028/tcp open
msrpc
1131. 3372/tcp open
msdtc
Microsoft Distributed Transaction
Coordinator
1132. 5800/tcp open
vnc-http
RealVNC 4.0 (Resolution 400x250; VNC TCP
port: 5900)
1133. 5900/tcp open
vnc
VNC (protocol 3.8)
1134. |_realvnc-auth-bypass: Vulnerable
1135. 135/udp open
msrpc?
1136. 137/udp open
netbios-ns
Microsoft Windows netbios-ssn (workgroup:
WORKGROUP)
1138. 161/udp open
snmp
1139. | snmp-sysdescr: Hardware: x86 Family 6 Model 7 Stepping 10 AT/AT COMPATIBLE Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)
1141. | snmp-processes:
1142. |
System Idle Process
1143. |
PID: 1
1144. |
System
1145. |
PID: 8
1146. |
smss.exe
1147. |
PID: 164
1148. |
csrss.exe
1149. |
PID: 188
1150. |
WINLOGON.EXE
1151. |
PID: 208
1152. |
services.exe
1153. |
PID: 236
1154. |
LSASS.EXE
05-03-2015
1155.
1156.
1157.
1158.
1159.
1160.
1161.
1162.
1163.
1164.
1165.
1166.
1167.
1168.
1169.
1170.
1171.
1172.
1173.
1174.
1175.
1176.
1177.
1178.
1179.
1180.
1181.
1182.
1183.
1184.
1185.
1186.
1187.
1188.
1189.
1190.
1191.
1192.
1193.
1194.
1195.
1196.
1197.
1198.
1199.
1200.
1201.
1202.
1203.
1204.
1205.
1206.
1207.
1208.
1209.
1210.
1211.
1212.
1213.
1214.
1215.
1216.
1217.
1218.
1219.
1220.
1221.
1222.
1223.
1224.
1225.
|
PID: 248
|
svchost.exe
|
PID: 452
|
SPOOLSV.EXE
|
PID: 480
|
msdtc.exe
|
PID: 508
|
svchost.exe
|
PID: 612
|
FreeSSHDService
|
PID: 624
|
LLSSRV.EXE
|
PID: 668
|
sqlservr.exe
|
PID: 700
|
regsvc.exe
|
PID: 788
|
mstask.exe
|
PID: 804
|
dllhost.exe
|
PID: 836
|
snmp.exe
|
PID: 844
|
VMwareService.e
|
PID: 896
|
winmgmt.exe
|
PID: 952
|
winvnc4.exe
|
PID: 964
|
svchost.exe
|
PID: 976
|
inetinfo.exe
|
PID: 996
|
mssearch.exe
|
PID: 1012
|
dfssvc.exe
|
PID: 1248
|
dllhost.exe
|
PID: 1260
|
sqlagent.exe
|
PID: 1324
|
svchost.exe
|_
PID: 1540
| snmp-netstat:
|
TCP 0.0.0.0:21
|
TCP 0.0.0.0:25
|
TCP 0.0.0.0:80
|
TCP 0.0.0.0:135
|
TCP 0.0.0.0:443
|
TCP 0.0.0.0:445
|
TCP 0.0.0.0:1025
|
TCP 0.0.0.0:1026
|
TCP 0.0.0.0:1028
|
TCP 0.0.0.0:1032
|
TCP 0.0.0.0:1037
|
TCP 0.0.0.0:3372
|
TCP 0.0.0.0:4444
|
TCP 0.0.0.0:4444
|
TCP 0.0.0.0:4444
|
TCP 0.0.0.0:5800
|
TCP 0.0.0.0:5900
|
TCP 0.0.0.0:6532
|
TCP 0.0.0.0:60000
|
TCP 127.0.0.1:27900
|
TCP 192.168.11.227:80
|
TCP 192.168.11.227:80
|
TCP 192.168.11.227:80
|
TCP 192.168.11.227:80
|
TCP 192.168.11.227:80
|
TCP 192.168.11.227:139
|
TCP 192.168.11.227:443
Page 20 of 28
0.0.0.0:2112
0.0.0.0:18620
0.0.0.0:51241
0.0.0.0:18638
0.0.0.0:34997
0.0.0.0:59569
0.0.0.0:26717
0.0.0.0:2286
0.0.0.0:2224
0.0.0.0:10396
0.0.0.0:18686
0.0.0.0:10454
0.0.0.0:18586
0.0.0.0:34844
0.0.0.0:59450
0.0.0.0:18644
0.0.0.0:34965
0.0.0.0:10306
0.0.0.0:26733
0.0.0.0:34947
192.168.10.129:34951
192.168.10.129:34961
192.168.10.129:47322
192.168.10.129:47394
192.168.10.129:47397
0.0.0.0:34962
192.168.10.129:39572
05-03-2015
1226.
1227.
1228.
1229.
1230.
1231.
1232.
1233.
1234.
1235.
1236.
1237.
1238.
1239.
1240.
1241.
1242.
1243.
1244.
1245.
1246.
1247.
1248.
1249.
1250.
1251.
1252.
1253.
1254.
1255.
1256.
1257.
1258.
1259.
1260.
1261.
1262.
1263.
1264.
1265.
1266.
1267.
1268.
1269.
1270.
1271.
1272.
1273.
1274.
1275.
1276.
1277.
1278.
1279.
1280.
1281.
1282.
1283.
1284.
1285.
1286.
1287.
1288.
1289.
1290.
1291.
1292.
1293.
1294.
1295.
1296.
Page 21 of 28
|
TCP 192.168.11.227:443
192.168.10.129:40422
|
TCP 192.168.11.227:443
192.168.10.129:40423
|
TCP 192.168.11.227:443
192.168.10.129:40424
|
TCP 192.168.11.227:443
192.168.10.129:40434
|
TCP 192.168.11.227:443
192.168.10.129:40435
|
TCP 192.168.11.227:443
192.168.10.129:40436
|
TCP 192.168.11.227:1037 192.168.10.165:4444
|
TCP 192.168.11.227:4444 192.168.10.165:38261
|
TCP 192.168.11.227:4444 192.168.10.165:55804
|
TCP 192.168.11.227:27900 0.0.0.0:26776
|
UDP 0.0.0.0:135
*:*
|
UDP 0.0.0.0:161
*:*
|
UDP 0.0.0.0:445
*:*
|
UDP 0.0.0.0:1031
*:*
|
UDP 0.0.0.0:1434
*:*
|
UDP 0.0.0.0:3456
*:*
|
UDP 192.168.11.227:137
*:*
|
UDP 192.168.11.227:138
*:*
|_ UDP 192.168.11.227:500
*:*
|
Alerter
|
Automatic Updates
|
COM+ Event System
|
Computer Browser
|
DHCP Client
|
DNS Client
|
Distributed File System
|
|
|
Event Log
|
FTP Publishing Service
|
FreeSSHDService
|
IIS Admin Service
|
IPSEC Policy Agent
|
License Logging Service
|
|
MSSQLSERVER
|
Messenger
|
Microsoft Search
|
NT LM Security Support Provider
|
Plug and Play
|
Print Spooler
|
Protected Storage
|
|
Remote Registry Service
|
Removable Storage
|
RunAs Service
|
SNMP Service
|
SQLSERVERAGENT
|
|
Server
|
Simple Mail Transport Protocol (SMTP)
|
|
TCP/IP NetBIOS Helper Service
|
Task Scheduler
|
Telephony
|
|
VNC Server Version 4
|
|
Windows Management Instrumentation Driver Extensions
|
Workstation
|_ World Wide Web Publishing Service
| snmp-win32-users:
|
Administrator
|
Guest
|
IUSR_SRV2
|
IWAM_SRV2
|
OS5547
|
TsInternetUser
|
admin
|
alice
05-03-2015
1297.
1298.
1299.
1300.
1301.
1302.
1303.
1304.
1305.
1306.
1307.
1308.
1309.
1310.
1311.
1312.
1313.
1314.
1315.
1316.
1317.
1318.
1319.
1320.
1321.
1322.
1323.
1324.
1325.
1326.
1327.
1328.
1329.
1330.
1331.
1332.
1333.
1334.
1335.
1336.
1337.
1338.
1339.
1340.
1341.
1342.
1343.
1344.
1345.
1346.
1347.
1348.
1349.
1350.
1351.
1352.
1353.
1354.
1355.
1356.
Page 22 of 28
|
backup
|
david
|
hacker
|
john
|
lisa
|
mark
|_ sqlusr
1030/udp open|filtered iad1
1434/udp open
ms-sql-m
Microsoft SQL Server 8.00.194 (ServerName:
SRV2; TCPPort: 27900)
| ms-sql-info: Discovered Microsoft SQL Server 2000
|
Server name: SRV2
|
Server version: 8.00.194
|
Instance name: MSSQLSERVER
|
TCP Port: 27900
|_
Could not retrieve actual version information
1 service unrecognized despite returning data. If you know the service/version,
SF-Port135-UDP:V=5.35DC1%I=7%D=9/19%Time=4C961683%P=i686-pc-linux-gnu%r(Ke
SF:rberos,54,"\x04\x06\x20\0\x10\0\0\x03\x02\x01\x05\xa2\x03\x02\x01\n\xa4
SF:\x81\^0\\\xa0\x07\x03\x05\0P\x80\0\x10\xa2\x04\x1b\x02NM\xa3\x170\x15\x
SF:a0\x03\x02\x01\0\xa1\x0e0\x0c\x1b\x06krbtg\x1b\xe5\x92LM\xa5\x11\x18\x0
SF:f197001010\x04\x0000\0Z\x08\0\0\x1c");
Device type: general purpose|media device|printer
Running (JUST GUESSING) : Microsoft Windows 2000|XP|2003|NT (95%), Motorola
Windows PocketPC/CE (85%), Ricoh embedded (85%)
Aggressive OS guesses: Microsoft Windows 2000 SP4 (95%), Microsoft Windows 2000
SP0 (93%), Microsoft Windows XP (93%), Microsoft Windows XP SP3 (91%), Microsoft
Windows 2000 SP4 or Windows XP SP2 or SP3 (91%), Microsoft Windows Server 2003
SP1 or SP2 (90%), Microsoft Windows Server 2003 SP2 (90%), Microsoft Windows 2000
SP2 (90%), Microsoft Windows XP SP2 (89%), Microsoft Windows XP SP2 or SP3 (88%)
Service Info: Hosts: mail.barak.net.il, SRV2; OS: Windows
| smb-os-discovery:
|
OS: Windows 2000 (Windows 2000 LAN Manager)
|
Name: WORKGROUP\SRV2
|_ System time: 2010-09-19 05:27:36 UTC+2
|_nbstat: NetBIOS name: SRV2, NetBIOS user: <unknown>, NetBIOS MAC:
00:50:56:bc:20:67 (VMware)
TRACEROUTE
HOP RTT
ADDRESS
1
51.44 ms websql.thinc.local (192.168.11.227)
Nmap scan report for mail.thinc.local (192.168.11.229)
PORT
STATE
SERVICE
VERSION
25/tcp
open
smtp
hMailServer smtpd
80/tcp
open
http
|_html-title: mail.thinc.local - /
110/tcp open
pop3
hMailServer pop3d
|_pop3-capabilities: capa
135/tcp open
msrpc
139/tcp open
netbios-ssn
143/tcp open
imap
hMailServer imapd
|_imap-capabilities: IMAP4 ACL QUOTA SORT IMAP4rev1 RIGHTS=texk IDLE NAMESPACE
CHILDREN
445/tcp open
microsoft-ds Microsoft Windows 2003 or 2008 microsoft-ds
05-03-2015
1357.
1358.
1359.
1360.
1361.
1362.
1363.
1364.
1365.
1366.
1367.
1368.
1369.
1370.
1371.
1372.
1373.
1374.
1375.
1376.
1377.
1378.
1379.
1380.
1381.
1382.
Page 23 of 28
1027/tcp open
msrpc
3389/tcp open
123/udp open|filtered ntp
137/udp open
netbios-ns
THINC)
1025/udp open|filtered blackjack
1026/udp open|filtered win-rpc
1028/udp open|filtered ms-lsa
4500/udp open|filtered nat-t-ike
MAC Address: 00:50:56:BC:7B:D9 (VMware)
PocketPC/CE (90%)
Aggressive OS guesses: Microsoft Windows Server 2003 SP1 or SP2 (95%), Microsoft
Windows Server 2003 SP2 (94%), Microsoft Windows XP SP3 (94%), Microsoft Windows
XP SP2 (91%), Microsoft Windows XP SP2 or SP3 (90%), Microsoft Windows XP SP2
(firewall disabled) (90%), Motorola VIP1200 digital set top box (Windows CE 5.0)
(90%), Microsoft Windows 2000 SP4 (89%), Microsoft Windows 2003 Small Business
Server (89%), Microsoft Windows XP Professional SP2 (89%)
Service Info: Host: THINCMAIL; OS: Windows

| smb-os-discovery:
|
OS: Windows Server 2003 3790 Service Pack 1 (Windows Server 2003 5.2)
|
Name: THINC\THINCMAIL
|_ System time: 2010-09-19 05:27:01 UTC-5
|_nbstat: NetBIOS name: THINCMAIL, NetBIOS user: <unknown>, NetBIOS MAC:
00:50:56:bc:7b:d9 (VMware)
1384.
1385. TRACEROUTE
1386. HOP RTT
ADDRESS
1387. 1
51.77 ms mail.thinc.local (192.168.11.229)
1388.
1389. Nmap scan report for kevin.thinc.local (192.168.11.230)
1392. PORT
STATE
SERVICE
VERSION
1393. 80/tcp
open
http
GoAhead-Webs embedded httpd
1394. | html-title: HP Power Manager
1395. |_Requested resource was http://kevin.thinc.local/index.asp
1397. 135/tcp
open
msrpc
1398. 139/tcp
open
netbios-ssn
1399. 445/tcp
open
netbios-ssn
1400. 3389/tcp open
1401. 49152/tcp open
msrpc
1402. 49153/tcp open
msrpc
1403. 49154/tcp open
msrpc
1404. 49155/tcp open
msrpc
1405. 49158/tcp open
msrpc
1406. 49160/tcp open
msrpc
1407. 123/udp
open|filtered ntp
1408. 137/udp
open
netbios-ns
Microsoft Windows NT netbios-ssn
(workgroup: WORKGROUP)
1409. 138/udp
1410. 500/udp
open|filtered isakmp
1413. MAC Address: 00:50:56:BC:1A:10 (VMware)
1414. No exact OS matches for host (If you know what OS is running on it, see
http://nmap.org/submit/ ).
1415. TCP/IP fingerprint:
1416. OS:SCAN(V=5.35DC1%D=9/19%OT=80%CT=1%CU=2%PV=Y%DS=1%DC=D%G=Y%M=005056%TM=4C9
1417. OS:63649%P=i686-pc-linux-gnu)SEQ(SP=106%GCD=1%ISR=10C%TI=I%CI=I%TS=7)SEQ(SP
05-03-2015
1418.
1419.
1420.
1421.
1422.
1423.
1424.
1425.
1426.
1427.
1428.
1429.
1430.
1431.
1432.
1433.
1434.
1435.
1436.
1437.
1438.
1439.
1440.
1441.
1442.
1443.
1444.
1445.
1446.
1447.
1448.
1449.
1450.
1451.
1452.
1453.
1454.
1455.
1456.
1457.
1458.
1459.
1460.
1461.
1462.
1463.
1464.
1465.
1466.
1467.
1468.
1469.
1470.
1471.
Page 24 of 28
OS:=105%GCD=1%ISR=10B%TI=I%CI=I%TS=7)SEQ(SP=106%GCD=1%ISR=10B%TI=I%CI=I%TS=
OS:7)SEQ(SP=104%GCD=1%ISR=109%TI=I%CI=I%TS=7)OPS(O1=M538NW8ST11%O2=M538NW8S
OS:T11%O3=M538NW8NNT11%O4=M538NW8ST11%O5=M538NW8ST11%O6=M538ST11)WIN(W1=200
OS:0%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)ECN(R=Y%DF=Y%T=80%W=2000%O=M53
OS:8NW8NNS%CC=N%Q=)T1(R=Y%DF=Y%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(
OS:R=Y%DF=Y%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=80%W=0%S=Z%A=S+%F
OS:=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=N)U1(R=Y
OS:%DF=N%T=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=N)
Service Info: Host: KEVIN-PC; OS: Windows
|_nbstat: NetBIOS name: KEVIN-PC, NetBIOS user: <unknown>, NetBIOS MAC:
00:50:56:bc:1a:10 (VMware)
| smb-os-discovery:
|
OS: Windows 7 Ultimate N 7600 (Windows 7 Ultimate N 6.1)
|
Name: WORKGROUP\KEVIN-PC
|_ System time: 2010-09-19 05:27:18 UTC-7
|_smbv2-enabled: Server supports SMBv2 protocol
TRACEROUTE
HOP RTT
ADDRESS
1
52.60 ms kevin.thinc.local (192.168.11.230)
PORT
STATE
SERVICE
VERSION
80/tcp
open
http
|_html-title: Login
135/tcp open
msrpc
139/tcp open
netbios-ssn
445/tcp open
tcpwrapped
1025/tcp open
msrpc
1433/tcp open
ms-sql-s
Microsoft SQL Server 2000 8.00.766; SP3a
3389/tcp open
123/udp open|filtered ntp
137/udp open
netbios-ns
Microsoft Windows XP netbios-ssn
1026/udp open|filtered win-rpc
1434/udp open
ms-sql-m
Microsoft SQL Server 8.00.194 (ServerName:
RALPH; TCPPort: 1433)
| ms-sql-info: Discovered Microsoft SQL Server 2000
|
Server name: RALPH
|
Server version: 8.00.194
|
Instance name: MSSQLSERVER
|
TCP Port: 1433
|_
Could not retrieve actual version information
4500/udp open|filtered nat-t-ike
MAC Address: 00:50:56:BC:18:F4 (VMware)
No exact OS matches for host (If you know what OS is running on it, see
TCP/IP fingerprint:
OS:SCAN(V=5.35DC1%D=9/19%OT=80%CT=1%CU=2%PV=Y%DS=1%DC=D%G=Y%M=005056%TM=4C9
OS:63649%P=i686-pc-linux-gnu)SEQ(SP=102%GCD=1%ISR=10F%TI=I%CI=I%TS=0)SEQ(SP
OS:=100%GCD=1%ISR=10E%TI=I%CI=I%TS=0)SEQ(SP=104%GCD=1%ISR=10D%TI=I%CI=I%TS=
OS:0)OPS(O1=M538NW0NNT00NNS%O2=M538NW0NNT00NNS%O3=M538NW0NNT00%O4=M538NW0NN
OS:T00NNS%O5=M538NW0NNT00NNS%O6=M538NNT00NNS)WIN(W1=FAF0%W2=FAF0%W3=FAF0%W4
OS:=FAF0%W5=FAF0%W6=FAF0)ECN(R=Y%DF=N%T=80%W=FAF0%O=M538NW0NNS%CC=N%Q=)T1(R
OS:=Y%DF=N%T=80%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=N%T=80%W=0%S=
OS:A%A=O%F=R%O=%RD=0%Q=)T5(R=Y%DF=N%T=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=
OS:Y%DF=N%T=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=80%IPL=B0%UN
OS:=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=N)
1472.
1473.
1474.
1475.
1476.
1477.
1478.
1479.
1480.
1481.
1482.
1483.
05-03-2015
1485.
1486.
1487.
1488.
1489.
1490.
1491.
1492.
1493.
1494.
1495.
1496.
1497.
1498.
1499.
1500.
1501.
1502.
1503.
1504.
1505.
1506.
1507.
1508.
1509.
1510.
1511.
1512.
1513.
1514.
1515.
1516.
1517.
1518.
1519.
1520.
1521.
1522.
1523.
1524.
1525.
1526.
1527.
1528.
1529.
1530.
1531.
Page 25 of 28
Service Info: Host: RALPH; OS: Windows

TRACEROUTE
HOP RTT
ADDRESS
1
53.57 ms 192.168.11.231
Nmap scan report for gentoo.thinc.local (192.168.11.234)
PORT
22/tcp
open ssh
| ssh-hostkey: 1024 3e:82:1d:81:b6:28:cf:ce:52:8b:c6:3f:15:6b:22:b9 (DSA)
|_2048 92:7b:8e:6c:fb:77:1c:2b:62:42:91:67:7b:82:13:05 (RSA)
80/tcp
open http
lighttpd 1.4.25
|_html-title: 404 - Not Found
110/tcp open pop3?
143/tcp open imap
Cyrus imapd 2.3.2
993/tcp open imaps?
995/tcp open pop3s?
2000/tcp open sieve
Cyrus timsieved 2.3.2 (included w/cyrus imap)
MAC Address: 00:50:56:BC:17:0F (VMware)
Device type: WAP|remote management|firewall|general purpose|router
Running (JUST GUESSING) : Linksys Linux 2.4.X (99%), Linux 2.6.X|2.4.X (98%),
Dell embedded (95%), HID embedded (95%), TP-Link embedded (93%), D-Link embedded
(92%), Enterasys embedded (92%)
Aggressive OS guesses: OpenWrt White Russian 0.9 (Linux 2.4.30) (99%), OpenWrt
Kamikaze 7.09 (Linux 2.6.22) (98%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34)
(97%), Dell Integrated Remote Access Controller (iDRAC6) (95%), HID EdgePlus Solo
ES400 firewall (95%), Linux 2.6.18 - 2.6.27 (95%), Linux 2.6.8 (95%), Linux 2.6.9
- 2.6.27 (95%), Linux 2.4.21 - 2.4.31 (likely embedded) (95%), Linux 2.6.15 2.6.23 (embedded) (95%)
Service Info: Host: localhost
TRACEROUTE
HOP RTT
ADDRESS
1
57.74 ms gentoo.thinc.local (192.168.11.234)
Nmap scan report for pain.thinc.local (192.168.11.235)
Not shown: 1996 filtered ports
PORT
STATE
SERVICE VERSION
22/tcp open
ssh
| ssh-hostkey: 1024 ab:a7:86:a8:a0:39:c6:0a:81:0b:f9:ae:6f:4b:51:79 (DSA)
|_2048 8b:a5:11:b8:ca:75:9e:8c:a7:17:2c:a3:c9:90:1e:87 (RSA)
80/tcp open
http
|_html-title: Site doesn't have a title (text/html; charset=UTF-8).
631/tcp closed
ipp
631/udp open|filtered ipp
MAC Address: 00:50:56:BC:2A:0C (VMware)
TCP/IP fingerprint:
OS:SCAN(V=5.35DC1%D=9/19%OT=22%CT=631%CU=%PV=Y%DS=1%DC=D%G=Y%M=005056%TM=4C
OS:963649%P=i686-pc-linux-gnu)SEQ(SP=CD%GCD=1%ISR=D0%TI=Z%CI=Z%II=I%TS=A)SE
OS:Q(SP=CC%GCD=1%ISR=D0%TI=Z%CI=Z%II=I%TS=A)SEQ(SP=C9%GCD=1%ISR=C9%TI=Z%CI=
OS:Z%II=I%TS=A)SEQ(SP=C9%GCD=1%ISR=C8%TI=Z%CI=Z%II=I%TS=A)OPS(O1=M538ST11NW
OS:3%O2=M538ST11NW3%O3=M538NNT11NW3%O4=M538ST11NW3%O5=M538ST11NW3%O6=M538ST
OS:11)WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%TG=4
OS:0%W=16D0%O=M538NNSNW3%CC=N%Q=)T1(R=Y%DF=Y%TG=40%S=O%A=S+%F=AS%RD=0%Q=)T2
OS:(R=N)T3(R=N)T4(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%TG=
OS:40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%TG=40%W=0%S=A%A=Z%F=R%O=%RD=
OS:0%Q=)T7(R=N)U1(R=N)IE(R=Y%DFI=N%TG=40%CD=S)
1532.
1533.
1534.
1535.
1536.
1537.
1538.
1539.
1540.
1541.
1542.
1543.
1545.
1546. TRACEROUTE
1547. HOP RTT
ADDRESS
05-03-2015
1548.
1549.
1550.
1551.
1552.
1553.
1554.
1555.
1556.
1557.
1558.
1559.
1560.
1561.
1562.
1563.
1564.
1565.
1566.
1567.
1568.
1569.
1570.
1571.
1572.
1573.
1574.
1575.
1576.
1577.
1578.
1579.
1580.
1581.
1582.
1583.
1584.
1585.
1586.
1587.
1588.
1589.
1590.
1591.
1592.
1593.
1594.
1595.
1596.
1597.
1598.
1599.
1600.
1601.
1602.
1603.
1604.
1605.
1606.
1607.
1608.
1609.
1610.
Page 26 of 28
53.27 ms pain.thinc.local (192.168.11.235)

PORT
STATE
SERVICE
VERSION
22/tcp open
ssh
OpenSSH 4.3p2 Debian 9 (protocol 2.0)
| ssh-hostkey: 1024 88:23:98:0d:9d:8a:20:59:35:b8:14:12:14:d5:d0:44 (DSA)
|_2048 6b:5d:04:71:76:78:56:96:56:92:a8:02:30:73:ee:fa (RSA)
|_auth-owners: root
113/tcp open
ident
|_auth-owners: identd
139/tcp open
netbios-ssn Samba smbd 3.X (workgroup: BOB)
|_auth-owners: root
445/tcp open
netbios-ssn Samba smbd 3.X (workgroup: BOB)
|_auth-owners: root
137/udp open
Device type: WAP|general purpose|broadband router|router|firewall|remote
management
Running (JUST GUESSING) : Linksys Linux 2.4.X (96%), Linux 2.6.X|2.4.X (95%),
Linksys embedded (93%), Dell embedded (92%), HID embedded (92%)
Aggressive OS guesses: OpenWrt White Russian 0.9 (Linux 2.4.30) (96%), Linux
2.6.18 - 2.6.27 (95%), Linux 2.6.15 - 2.6.27 (95%), Linux 2.6.16 - 2.6.20 (95%),
Linux 2.6.21 (95%), Linux 2.6.21 (Arch Linux 0.8, x86) (95%), Linux 2.6.23 (95%),
OpenWrt Kamikaze 7.09 (Linux 2.6.22) (95%), Linux 2.6.18 - 2.6.24 (94%), OpenWrt
0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (94%)
Service Info: Host: SUFFERENCE; OSs: Linux, Windows
| smb-os-discovery:
|
OS: Unix (Samba 3.0.24)
|
Name: BOB\Unknown
|_ System time: 2010-03-06 10:28:06 UTC-5
|_nbstat: NetBIOS name: SUFFERENCE, NetBIOS user: <unknown>, NetBIOS MAC:
<unknown>
TRACEROUTE
HOP RTT
ADDRESS
1
51.95 ms 192.168.11.236
Nmap scan report for fc4.thinc.local (192.168.11.241)
PORT
STATE
SERVICE VERSION
22/tcp
open
ssh
| ssh-hostkey: 1024 fe:cd:bb:f6:36:d4:59:62:92:b4:10:e4:75:04:43:54 (DSA)
|_1024 9a:99:25:75:ac:04:e5:f9:f7:21:c6:f5:88:4f:12:6a (RSA)
111/tcp
open
rpcbind
10000/tcp open
http
MiniServ 0.01 (Webmin httpd)
|_http-favicon:
|_html-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
|_http-methods: No Allow or Public header in OPTIONS response (status code 200)
111/udp
open
631/udp
open|filtered ipp
996/udp
open|filtered vsinet
10000/udp open
webmin (http on TCP port 10000)
MAC Address: 00:50:56:BC:4E:50 (VMware)
TCP/IP fingerprint:
OS:63649%P=i686-pc-linux-gnu)SEQ(SP=C4%GCD=1%ISR=CC%TI=Z%CI=Z%II=I%TS=8)SEQ
OS:(SP=C7%GCD=1%ISR=CD%TI=Z%CI=Z%II=I%TS=8)SEQ(SP=C5%GCD=1%ISR=CB%TI=Z%CI=Z
OS:%II=I%TS=8)SEQ(SP=C7%GCD=1%ISR=CD%TI=Z%CI=Z%TS=8)SEQ(SP=C9%GCD=1%ISR=CC%
OS:TI=Z%CI=Z%TS=8)OPS(O1=M538ST11NW5%O2=M538ST11NW5%O3=M538NNT11NW5%O4=M538
OS:ST11NW5%O5=M538ST11NW5%O6=M538ST11)WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W
05-03-2015
1611.
1612.
1613.
1614.
1615.
1616.
1617.
1618.
1619.
1620.
1621.
1622.
1623.
1624.
1625.
1626.
1627.
1628.
1629.
1630.
1631.
1632.
1633.
1634.
1635.
1636.
1637.
1638.
1639.
1640.
1641.
1642.
1643.
1644.
1645.
1646.
1647.
1648.
1649.
1650.
1651.
1652.
1653.
1654.
1655.
1656.
1657.
1658.
1659.
1660.
1661.
1662.
1663.
1664.
1665.
1666.
1667.
1668.
1669.
1670.
1671.
1672.
1673.
1674.
1675.
1676.
Page 27 of 28
OS:5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0%O=M538NNSNW5%CC=N%Q=)T1(R=Y%DF=Y
OS:%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F
OS:=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%
OS:T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIP
OS:L=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
TRACEROUTE
HOP RTT
ADDRESS
1
53.62 ms fc4.thinc.local (192.168.11.241)
Nmap scan report for fc42.thinc.local (192.168.11.242)
PORT
STATE
SERVICE VERSION
22/tcp
open
ssh
| ssh-hostkey: 1024 fe:cd:bb:f6:36:d4:59:62:92:b4:10:e4:75:04:43:54 (DSA)
|_1024 9a:99:25:75:ac:04:e5:f9:f7:21:c6:f5:88:4f:12:6a (RSA)
111/tcp
open
rpcbind
10000/tcp open
http
MiniServ 0.01 (Webmin httpd)
|_html-title: Site doesn't have a title (text/html; Charset=iso-8859-1).
|_http-favicon:
111/udp
open
631/udp
open|filtered ipp
10000/udp open
webmin (http on TCP port 10000)
MAC Address: 00:50:56:BC:24:BD (VMware)
TCP/IP fingerprint:
OS:63649%P=i686-pc-linux-gnu)SEQ(SP=CE%GCD=1%ISR=D0%TI=Z%CI=Z%II=I%TS=8)SEQ
OS:(SP=CD%GCD=2%ISR=CF%TI=Z%CI=Z%II=I%TS=8)SEQ(SP=CD%GCD=1%ISR=CF%TI=Z%CI=Z
OS:%II=I%TS=8)SEQ(SP=CD%GCD=1%ISR=CF%TI=Z%CI=Z%TS=8)SEQ(SP=C1%GCD=1%ISR=C3%
OS:TI=Z%CI=Z%TS=8)OPS(O1=M538ST11NW5%O2=M538ST11NW5%O3=M538NNT11NW5%O4=M538
OS:ST11NW5%O5=M538ST11NW5%O6=M538ST11)WIN(W1=16A0%W2=16A0%W3=16A0%W4=16A0%W
OS:5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0%O=M538NNSNW5%CC=N%Q=)T1(R=Y%DF=Y
OS:%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F
OS:=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%
OS:T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=N)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIP
OS:L=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
TRACEROUTE
HOP RTT
ADDRESS
1
55.38 ms fc42.thinc.local (192.168.11.242)
Nmap scan report for helpdesk.thinc.local (192.168.11.245)
PORT
STATE SERVICE
VERSION
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open netbios-ssn
8080/tcp open http
Apache Tomcat/Coyote JSP engine 1.1
|_html-title: ManageEngine ServiceDesk Plus
137/udp open netbios-ns
WORKGROUP)
Device type: general purpose
Running (JUST GUESSING) : Microsoft Windows 2008|Vista|7 (90%), FreeBSD 6.X (85%)
Aggressive OS guesses: Microsoft Windows Server 2008 R2 (90%), Microsoft Windows
Server 2008 Beta 3 (89%), Microsoft Windows Vista SP0 or SP1, Server 2008 SP1, or
Windows 7 (89%), FreeBSD 6.2-RELEASE (85%), FreeBSD 6.3-RELEASE (85%)
05-03-2015
1677.
1678.
1679.
1680.
1681.
1682.
1683.
1684.
1685.
1686.
1687.
1688.
1689.
1690.
1691.
1692.
1693.
1694.
1695.
1696.
1697.
1698.
1699.
1700.
1701.
1702.
1703.
1704.
1705.
1706.
1707.
1708.
1709.
Page 28 of 28

|_nbstat: NetBIOS name: HELPDESK, NetBIOS user: <unknown>, NetBIOS MAC:
00:50:56:bc:66:98 (VMware)
| smb-os-discovery:
|
OS: Windows Server (R) 2008 Standard 6001 Service Pack 1 (Windows Server (R)
2008 Standard 6.0)
|
Name: WORKGROUP\HELPDESK
|_ System time: 2010-09-19 05:29:01 UTC-7
TRACEROUTE
HOP RTT
ADDRESS
1
49.75 ms helpdesk.thinc.local (192.168.11.245)
Nmap scan report for cory.thinc.local (192.168.11.247)
PORT
STATE SERVICE
VERSION
PocketPC/CE (85%), Apple Mac OS X 10.4.X (85%)
Aggressive OS guesses: Microsoft Windows Server 2003 (91%), Microsoft Windows XP
SP2 (91%), Microsoft Windows XP SP2 or SP3 (91%), Microsoft Windows 2000 SP4
(91%), Microsoft Windows XP SP2 (firewall disabled) (91%), Microsoft Windows XP
SP3 (89%), Microsoft Windows 2000 (88%), Microsoft Windows Server 2003 SP2 (88%),
Microsoft Windows XP Professional SP2 (86%), Microsoft Windows XP SP 2 (86%)
TRACEROUTE
HOP RTT
ADDRESS
1
50.40 ms cory.thinc.local (192.168.11.247)
OS and Service detection performed. Please report any incorrect results at

http://nmap.org/submit/ .
1710. # Nmap done at Sun Sep 19 12:11:53 2010 -- 51 IP addresses (33 hosts up) scanned
in 50817.11 seconds
05-03-2015

Pastebin THNIC PDF

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Pastebin THNIC PDF

Caricato da

Copyright:

Formati disponibili

Pastebin.com - Printed Paste ID: http://pastebin.

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

445/udp open|filtered microsoft-ds

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

|_smbv2-enabled: Server doesn't support SMBv2 protocol

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Nmap scan report for 192.168.11.214

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Network Distance: 1 hop

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

986. Device type: WAP|router|remote management|general purpose|firewall

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

1097. 3389/tcp open microsoft-rdp Microsoft Terminal Service

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Host script results:

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Service Info: Host: RALPH; OS: Windows

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

53.27 ms pain.thinc.local (192.168.11.235)

Nmap scan report for 192.168.11.236

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Pastebin.com - Printed Paste ID: http://pastebin.com/3S0p6iNV

Network Distance: 1 hop

OS and Service detection performed. Please report any incorrect results at

Potrebbero piacerti anche