Penetration Testing mailing list archives

Re: linux pen-test

From: s0u1d13r s0u1d13r <s0u1d13r () gmail com>
Date: Fri, 5 Aug 2005 10:04:24 -0700

I missed the original thread, but if it is a Windows machine due to
its lack of sticking to the RFC you may have to set the -P0 flag
(thats a zero not an oh) on nMap in order for it to respond to your
scan.

s

On 5 Aug 2005 12:05:27 -0000, securityfocus () benmansour net
<securityfocus () benmansour net> wrote:

Hi Bruno,

Running nmap with the -sV or -A options should yield more information.
I would be surprised if ports 25 and 110 do not bind to known services.

The version detection feature of nmap is "active" i.e. is likely to be logged by the application and any intrusion 
detection device on the target network.

From http://www.insecure.org/nmap/versionscan.html :

"The new Nmap version scanning subsystem tries to answer all these questions by connecting to open ports and 
interrogating them for this information using probes that the specific services understand. This allows Nmap to give 
a much more details assessment of what is really running, rather than just what port numbers are open. Here is a real 
example:

# nmap -A -T4 -F www.insecure.org

Starting nmap 3.40PVT16 ( http://www.insecure.org/nmap/ ) at 2003-09-06 19:49 PDT
Interesting ports on www.insecure.org (205.217.153.53):
(The 1206 ports scanned but not shown below are in state: filtered)
PORT    STATE  SERVICE VERSION
22/tcp  open   ssh     OpenSSH 3.1p1 (protocol 1.99)
25/tcp  open   smtp    Qmail smtpd
53/tcp  open   domain  ISC Bind 9.2.1
80/tcp  open   http    Apache httpd 2.0.39 ((Unix) mod_perl/1.99_07-dev Perl/v5.6.1)
113/tcp closed auth
Device type: general purpose
Running: Linux 2.4.X|2.5.X
OS details: Linux Kernel 2.4.0 - 2.5.20
Uptime 108.307 days (since Wed May 21 12:27:44 2003)

Nmap run completed -- 1 IP address (1 host up) scanned in 34.962 seconds"

Good luck,

Skander Ben Mansour
--
http://www.benmansour.net/

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------


------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

Current thread:

linux pen-test Bruno Kovacs (Aug 04)
- RE: linux pen-test Leandro Reox (Aug 05)
- Re: linux pen-test frank boldewin (Aug 05)
- Re: linux pen-test Adli Abdul Wahid (Aug 05)
- Re: linux pen-test okrehel (Aug 05)
  - Re: linux pen-test Chris Benedict (Aug 10)
- Re: linux pen-test Javier Fernandez-Sanguino (Aug 08)
- <Possible follow-ups>
- Re: linux pen-test securityfocus (Aug 05)
  - Re: linux pen-test s0u1d13r s0u1d13r (Aug 06)