Re: Support for iLO4

["Mihai-Radu, Orza" <orzamihai () yahoo com>]

Hi Dan,

I couldn't find the --service-trace option. I used --version-trace instead. Below is the command output.

Regards,
Mihai

./nmap -oX - -v -S 192.168.137.25 --exclude 192.168.137.25 -O --version-trace -sT -T Polite -p 
T:22,T:23,T:513,T:139,T:25 192.168.170.15
WARNING:  If -S is being used to fake your source address, you may also have to use -e <interface> and -Pn .  If you 
are using it to specify your real source address, you can ignore this warning.
WARNING:  -S will only affect the source address used in a connect() scan if you specify one of your own addresses.  
Use -sS or another raw scan if you want to completely spoof your source address, but then you need to know what you're 
doing to obtain meaningful results.
<?xml version="1.0"?>
<?xml-stylesheet href="file:///root/nmap-6.01_dist/bin/../share/nmap/nmap.xsl" type="text/xsl"?>
<!-- Nmap 6.01 scan initiated Fri Jul 13 07:00:43 2012 as: ./nmap -oX - -v -S 192.168.137.25 -&#45;exclude 
192.168.137.25 -O -&#45;version-trace -sT -T Polite -p T:22,T:23,T:513,T:139,T:25 192.168.170.15 -->
<nmaprun scanner="nmap" args="./nmap -oX - -v -S 192.168.137.25 -&#45;exclude 192.168.137.25 -O -&#45;version-trace -sT 
-T Polite -p T:22,T:23,T:513,T:139,T:25 192.168.170.15" start="1342162843" startstr="Fri Jul 13 07:00:43 2012" 
version="6.01" xmloutputversion="1.04">
<scaninfo type="connect" protocol="tcp" numservices="5" services="22-23,25,139,513"/>
<verbose level="1"/>
<debugging level="1"/>
<taskbegin task="Ping Scan" time="1342162843"/>
<taskend task="Ping Scan" time="1342162844" extrainfo="1 total hosts"/>
<taskbegin task="Parallel DNS resolution of 1 host." time="1342162844"/>
<taskend task="Parallel DNS resolution of 1 host." time="1342162849"/>
<taskbegin task="Connect Scan" time="1342162849"/>
<taskend task="Connect Scan" time="1342162851" extrainfo="5 total ports"/>
<host starttime="1342162843" endtime="1342162871"><status state="up" reason="echo-reply"/>
<address addr="192.168.170.15" addrtype="ipv4"/>
<hostnames>
</hostnames>
<ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="0"/><service name="ssh" 
method="table" conf="3"/></port>
<port protocol="tcp" portid="23"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="telnet" 
method="table" conf="3"/></port>
<port protocol="tcp" portid="25"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="smtp" 
method="table" conf="3"/></port>
<port protocol="tcp" portid="139"><state state="closed" reason="conn-refused" reason_ttl="0"/><service 
name="netbios-ssn" method="table" conf="3"/></port>
<port protocol="tcp" portid="513"><state state="closed" reason="conn-refused" reason_ttl="0"/><service name="login" 
method="table" conf="3"/></port>
</ports>
<os><portused state="open" proto="tcp" portid="22"/>
<portused state="closed" proto="tcp" portid="23"/>
<portused state="closed" proto="udp" portid="44711"/>
<osmatch name="HP iLO 3 remote management interface" accuracy="98" line="23380">
<osclass type="remote management" vendor="HP" osfamily="iLO" osgen="3.X" 
accuracy="98"><cpe>cpe:/o:hp:ilo:3</cpe></osclass>
</osmatch>
<osmatch name="Green Hills Probe hardware debugger" accuracy="97" line="20310">
<osclass type="specialized" vendor="Green Hills" osfamily="embedded" accuracy="97"/>
</osmatch>
<osmatch name="HP printer: Photosmart 4300-, 6500-, 7200-, or 8100-series, or Officejet 6000-series" accuracy="95" 
line="22150">
<osclass type="printer" vendor="HP" osfamily="embedded" accuracy="95"/>
</osmatch>
<osmatch name="APC Network Management Card (AOS 3.3.4 - 3.3.5)" accuracy="95" line="2545">
<osclass type="power-device" vendor="APC" osfamily="AOS" osgen="3.X" accuracy="95"><cpe>cpe:/o:apc:aos:3</cpe></osclass>
</osmatch>
<osmatch name="HP LaserJet M2727nf or P1505n printer" accuracy="95" line="21829">
<osclass type="printer" vendor="HP" osfamily="embedded" accuracy="95"/>
</osmatch>
<osmatch name="HP printer (M1120n, M1522n, CP1515n, CP2025dn, or CP2525dn)" accuracy="95" line="22104">
<osclass type="printer" vendor="HP" osfamily="embedded" accuracy="95"/>
</osmatch>
<osmatch name="Blackboard transaction system serial-to-IP converter" accuracy="95" line="6930">
<osclass type="bridge" vendor="Blackboard" osfamily="embedded" accuracy="95"/>
</osmatch>
<osmatch name="3M Filtrete 3M-50 thermostat; or HP LaserJet CM1415fn or CP1525n printer" accuracy="94" line="1040">
<osclass type="specialized" vendor="3M" osfamily="embedded" accuracy="94"/>
<osclass type="printer" vendor="HP" osfamily="embedded" accuracy="94"><cpe>cpe:/h:hp:laserjet_cm1415fn</cpe></osclass>
</osmatch>
<osmatch name="HP Officejet J4680 printer" accuracy="94" line="21973">
<osclass type="printer" vendor="HP" osfamily="embedded" accuracy="94"/>
</osmatch>
<osmatch name="HP Officejet J6480 printer" accuracy="94" line="21991">
<osclass type="printer" vendor="HP" osfamily="embedded" accuracy="94"/>
</osmatch>
<osfingerprint 
fingerprint="SCAN(V=6.01%E=4%D=7/13%OT=22%CT=23%CU=44711%PV=Y%DS=3%DC=I%G=N%TM=4FFFC7B7%P=x86_64-unknown-linux-gnu)&#xa;SEQ(SP=D4%GCD=1%ISR=D9%TI=I%CI=I%II=I%SS=S%TS=A)&#xa;OPS(O1=M5B4NW0NNSNNT11%O2=M578NW0NNSNNT11%O3=M280NW0NNT11%O4=M5B4NW0NNSNNT11%O5=M218NW0NNSNNT11%O6=M109NNSNNT11)&#xa;WIN(W1=8218%W2=8220%W3=8204%W4=8218%W5=80F4%W6=807A)&#xa;ECN(R=Y%DF=Y%T=41%W=832C%O=M5B4NW0NNS%CC=N%Q=)&#xa;T1(R=Y%DF=Y%T=41%S=O%A=S+%F=AS%RD=0%Q=)&#xa;T2(R=N)&#xa;T3(R=N)&#xa;T4(R=Y%DF=N%T=41%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T5(R=Y%DF=N%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;T6(R=Y%DF=N%T=41%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)&#xa;T7(R=Y%DF=N%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)&#xa;U1(R=Y%DF=N%T=100%IPL=38%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)&#xa;IE(R=Y%DFI=N%T=100%CD=S)&#xa;"/>
</os>
<uptime seconds="4168" lastboot="Fri Jul 13 05:51:43 2012"/>
<distance value="3"/>
<tcpsequence index="212" difficulty="Good luck!" values="75A25E12,73A42871,79A62E64,77A80AD1,7DA9AFE7,7BAB8935"/>
<ipidsequence class="Incremental" values="118,119,11A,11B,11C,11D"/>
<tcptssequence class="1000HZ" values="3F7708,3F7898,3F7A28,3F7BB8,3F7D48,3F7EE2"/>
<times srtt="350" rttvar="83" to="400000"/>
</host>
<runstats><finished time="1342162871" timestr="Fri Jul 13 07:01:11 2012" elapsed="28.47" summary="Nmap done at Fri Jul 
13 07:01:11 2012; 1 IP address (1 host up) scanned in 28.47 seconds" exit="success"/><hosts up="1" down="0" total="1"/>
</runstats>
</nmaprun>


________________________________
 From: Daniel Miller <bonsaiviking () gmail com>
To: "Mihai-Radu, Orza" <orzamihai () yahoo com> 
Cc: "nmap-dev () insecure org" <nmap-dev () insecure org> 
Sent: Thursday, July 12, 2012 7:09 PM
Subject: Re: Support for iLO4
 
On 07/12/2012 09:28 AM, Mihai-Radu, Orza wrote:
> Hello,
>
> Is there any plan to add support for HP Integrated Lights Out 4 (iLO4) detection in the near future?
> Nmap version 6.01 sees iLO4 as iLO3.
>
> Thanks and regards,
> Mihai
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
Mihai,

Can you send exactly what Nmap is printing for this service? I can't find a hard-coded version number for any 
iLO-related services in nmap-service-fingerprints; most of them pull a version from the server response. The output of 
a scan with --service-trace would be helpful in creating a fingerprint, too.

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/