View Full Version : Nmap

2013-06-14, 23:28
Can anyone help with the meaning of this and how to exploit?

root@Invisible:~# nmap -sS -O -T4 -sV -f -P0

Starting Nmap 6.25 ( http://nmap.org ) at 2013-06-14 15:00 CDT
Nmap scan report for sub-130ip171.e-commercepark.com (
Host is up (0.098s latency).
Not shown: 997 filtered ports
22/tcp open ssh OpenSSH 5.5p1 Debian 6+squeeze2 (protocol 2.0)
80/tcp open http Apache httpd 2.2.16 ((Debian) PHP/5.3.3-7+squeeze8 with Suhosin-Patch proxy_html/3.0.1 mod_python/3.3.1 Python/2.6.6 mod_ssl/2.2.16 OpenSSL/0.9.8o mod_perl...)
113/tcp closed ident
Device type: firewall|general purpose|WAP
Running (JUST GUESSING): IPFire Linux 2.6.X (97%), Linux 2.6.X|3.X|2.4.X (95%)
OS CPE: cpe:/o:ipfire:linux:2.6.32 cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:2.4
Aggressive OS guesses: IPFire firewall 2.11 (Linux 2.6.32) (97%), Linux 2.6.32 (95%), Linux 2.6.31 - 2.6.32 (90%), Linux 3.2 (90%), Linux 2.6.24 (Debian) (89%), Linux 2.6.15 - 2.6.26 (89%), Linux 2.6.32 - 2.6.33 (89%), Linux 2.6.32 - 2.6.35 (89%), DD-WRT v24-sp1 (Linux 2.4) (88%), Linux 2.6.32 - 2.6.38 (88%)
No exact OS matches for host (test conditions non-ideal).
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 21.36 seconds

2013-06-16, 13:53
This is what you're looking for http://nmap.org/docs.html

2013-06-17, 01:01
You can check out nmap website as far as how to read nmap scans. As far the exploiting in concerned you should look into (if haven't already) metasploit and armitage.
Metasploit is more commandlne and armitage is GUI which you can scan host the same way with nmap and then you are provided with a list of possible workng exploits against the host.
Try it out.

2013-06-19, 23:07
you pretty much just executed a command to find out what os and services are running on the open ports (nmap found) using the T4 template.
in summary, this address has 3 opens ports, a firewall in place and linux os although unable to determine the specific version it has listed a % based educated guess.
have fun =)

2013-06-20, 02:59
I like armitage much better and it does give you much more information. Struggling with exploiting vulnerabilities on this site...all I can do is keep trying to figure it out.

If you have any suggestions please let me know. Thanks