Security Basics mailing list archives

Re: help interpreting the nmap output

From: miguel.dilaj () pharma novartis com
Date: Wed, 15 Dec 2004 14:39:40 +0100

Hi Ivan,

What tool are you using to try to connect? If you were using telnet, try 
netcat to establish a raw connection instead.
As for the Apache question:

$ nc -vv 192.xxx.yyy.zzz 80
www.xxxxxxxxxxxxxxxxxx.net [192.xxx.yyy.zzz] 80 (http) open
HEAD / HTTP/1.1
Host: www.xxxxxxxxxxxxxxx.net
[PRESS ENTER TWICE]

HTTP/1.1 200 OK
Date: Wed, 15 Dec 2004 13:35:21 GMT
Server: Apache/1.3.27 (Unix)
Content-Type: text/html
[PRESS CTRL-C TO STOP]

So basically you connect to port 80 of the host, after successful 
connection type "HEAD / HTTP/1.1", press ENTER, type "Host: {name of the 
website}", press ENTER twice. If everything is OK you'll get a nice banner 
from the server.
You can try the above. Remember that's possible to tweak Apache in order 
NOT to show the version.
Cheers,

Miguel Dilaj (Nekromancer)
Vice-President of IT Security Research, OISSG






"Ivan Fratric" <hacky_2001 () hotmail com>
14/12/2004 18:43

 
        To:     security-basics () securityfocus com
        cc:     (bcc: Miguel Dilaj/PH/Novartis)
        Subject:        help interpreting the nmap output


Hi,

I'm running nmap on Windows XP. Normally, it works fine (when I use it to 
scan a computer for which I know what services it's running) and returns 
detailed info on the services installed.
However, I tried to run it on a web server on the Internet and I have 
trouble getting all the info.
Using -A -T4 options on a server and I receive the following reply

{snip}

So, why the question marks next to the open protocols? Next I tried 
connecting to the telnet and ftp, but I get disconnected straight away. So 
I 
tried to get more info on the http and https by calling nmap with -sV -p 
80 
or -sV -p 443 options. Since it's a web server it is certainly running 
those 
services. I get something like

80/tcp    open   Apache httpd

Anyway, no sign of the Apache version. So, how can I find out what version 

of the Apache a server is running? What is the best way to proceed from 
here? TIA

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! 
http://search.msn.com/

Current thread:

help interpreting the nmap output Ivan Fratric (Dec 14)
- RE: help interpreting the nmap output Harshul Nayak (Dec 17)
- <Possible follow-ups>
- Re: help interpreting the nmap output miguel . dilaj (Dec 15)
  - Re: help interpreting the nmap output Corey LeBleu (Dec 16)
    - Re: help interpreting the nmap output Corey LeBleu (Dec 16)
- Re: help interpreting the nmap output miguel . dilaj (Dec 17)