Security Basics mailing list archives
Re: help interpreting the nmap output
From: Corey LeBleu <coreylebleu () gmail com>
Date: Thu, 16 Dec 2004 16:53:23 -0600
Also for SSL connections you could use SSLProxy as, well, a proxy for the connection and then use telnet or netcat. SSLProxy does run on Windows and it's simple to use. Corey On Thu, 16 Dec 2004 16:51:50 -0600, Corey LeBleu <coreylebleu () gmail com> wrote:
The question mark means that nmap isn't sure if it really is that service running on that port ...............so it usually indicates the default service running on that port. I recommend the tool amap www.thc.org to identify if it is the correct service. Unfortunately amap only runs on Unix-based operating systems. I just found out about the tool and really like it so far. Or, like previously stated, you could use telnet or netcat to try to communicate with it manually. Hope this helps. Corey On Wed, 15 Dec 2004 14:39:40 +0100, miguel.dilaj () pharma novartis com <miguel.dilaj () pharma novartis com> wrote:Hi Ivan, What tool are you using to try to connect? If you were using telnet, try netcat to establish a raw connection instead. As for the Apache question: $ nc -vv 192.xxx.yyy.zzz 80 www.xxxxxxxxxxxxxxxxxx.net [192.xxx.yyy.zzz] 80 (http) open HEAD / HTTP/1.1 Host: www.xxxxxxxxxxxxxxx.net [PRESS ENTER TWICE] HTTP/1.1 200 OK Date: Wed, 15 Dec 2004 13:35:21 GMT Server: Apache/1.3.27 (Unix) Content-Type: text/html [PRESS CTRL-C TO STOP] So basically you connect to port 80 of the host, after successful connection type "HEAD / HTTP/1.1", press ENTER, type "Host: {name of the website}", press ENTER twice. If everything is OK you'll get a nice banner from the server. You can try the above. Remember that's possible to tweak Apache in order NOT to show the version. Cheers, Miguel Dilaj (Nekromancer) Vice-President of IT Security Research, OISSG "Ivan Fratric" <hacky_2001 () hotmail com> 14/12/2004 18:43 To: security-basics () securityfocus com cc: (bcc: Miguel Dilaj/PH/Novartis) Subject: help interpreting the nmap output Hi, I'm running nmap on Windows XP. Normally, it works fine (when I use it to scan a computer for which I know what services it's running) and returns detailed info on the services installed. However, I tried to run it on a web server on the Internet and I have trouble getting all the info. Using -A -T4 options on a server and I receive the following reply {snip} So, why the question marks next to the open protocols? Next I tried connecting to the telnet and ftp, but I get disconnected straight away. So I tried to get more info on the http and https by calling nmap with -sV -p 80 or -sV -p 443 options. Since it's a web server it is certainly running those services. I get something like 80/tcp open Apache httpd Anyway, no sign of the Apache version. So, how can I find out what version of the Apache a server is running? What is the best way to proceed from here? TIA _________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.com/
Current thread:
- help interpreting the nmap output Ivan Fratric (Dec 14)
- RE: help interpreting the nmap output Harshul Nayak (Dec 17)
- <Possible follow-ups>
- Re: help interpreting the nmap output miguel . dilaj (Dec 15)
- Re: help interpreting the nmap output Corey LeBleu (Dec 16)
- Re: help interpreting the nmap output Corey LeBleu (Dec 16)
- Re: help interpreting the nmap output Corey LeBleu (Dec 16)
- Re: help interpreting the nmap output miguel . dilaj (Dec 17)