lb

🧩 Syntax:
    ✨ Popular Languages
    • 📚 Other Languages
STEP 1:

Command: sudo arp-scan -l -I eth0

IP ADDRESSES     MAC
10.10.10.1      00:50:56:c0:00:05       (Unknown)
10.10.10.129    00:0c:29:de:d8:ca       (Unknown)
10.10.10.134    00:0c:29:d2:7c:1d       (Unknown)
10.10.10.254    00:50:56:fd:4b:ec       (Unknown)

STEP 2:
For netcat scan, I used the command: nc -nvz -w 1 10.10.10.134 1-1024
to find the open port on IP: 10.10.10.134

(UNKNOWN) [10.10.10.134] 445 (microsoft-ds) open
(UNKNOWN) [10.10.10.134] 139 (netbios-ssn) open
(UNKNOWN) [10.10.10.134] 135 (epmap) open
(UNKNOWN) [10.10.10.134] 80 (http) open
(UNKNOWN) [10.10.10.134] 22 (ssh) open
(UNKNOWN) [10.10.10.134] 21 (ftp) open

For netcat scan, I used the command: nc -nvz -w 1 10.10.10.129 1-1024
to find the open port on IP: 10.10.10.129 

[10.10.10.129] 631 (ipp) open
[10.10.10.129] 445 (microsoft-ds) open
[10.10.10.129] 80 (http) open
[10.10.10.129] 22 (ssh) open
[10.10.10.129] 21 (ftp) open

STEP 3:
nmap scan I used the command: nmap 10.10.10.134
to find the open port on IP: 10.10.10.134

PORT      STATE SERVICE
21/tcp    open  ftp
22/tcp    open  ssh
80/tcp    open  http
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
3306/tcp  open  mysql
3389/tcp  open  ms-wbt-server
4848/tcp  open  appserv-http
7676/tcp  open  imqbrokerd
8009/tcp  open  ajp13
8022/tcp  open  oa-system
8031/tcp  open  unknown
8080/tcp  open  http-proxy
8181/tcp  open  intermapper
8383/tcp  open  m2mservices
8443/tcp  open  https-alt
9200/tcp  open  wap-wsp
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49158/tcp open  unknown

nmap scan I used the command: nmap 10.10.10.129
to find the open port on IP: 10.10.10.129

PORT     STATE  SERVICE
21/tcp   open   ftp
22/tcp   open   ssh
80/tcp   open   http
445/tcp  open   microsoft-ds
631/tcp  open   ipp
3306/tcp open   mysql
8181/tcp open   intermapper

1. Yes, the nmap found more port that the netcat did not find.
i. for IP: 10.10.10.134: None, netcat found the same ports as nmap but the namp found more ports.
   for IP: 10.10.10.129: None, netcat found the same ports as nmap but the namp found more ports.
ii. for IP: 10.10.10.134: the nmap found all the following ports that the netcat did not find: 3306, 3389, 4848, 7676, 8009, 8022, 8031, 8080, 8181, 8383, 8443, 9200, 49152, 49153, 49154, 49155, 49158
  for IP: 10.10.10.129: the nmap found all the following ports that the netcat did not find: 3306 and 8181.
iii. The command nmap finds more ports than netcat meaning that if you want to find more available ports we neeed to use nmap.


Part II: Service Discovery

step 4:

for IP: 10.10.10.134: I used command: nc -v 10.10.10.134 {port numbers}
Port 21: 220 Microsoft FTP Service
Port 22: SSH-2.0-OpenSSH_7.1
Port 80: Server: Microsoft-HTTPAPI/2.0. I had to input data to bring more information.
Port 135: (epmap). I could not find any services beside epmap.
Port 139: netbios-ssn. I could not find any services beside netbios-ssn. 
Port 445:(microsoft-ds). I could not find any services beside microsoft-ds. 

for IP: 10.10.10.129: I used command: nc -v 10.10.10.129 {port numbers}
Port 21: 220 ProFTPD 1.3.5 Server 
Port 22: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.13
Port 80: Server: Apache/2.4.7 (Ubuntu). I had to input data to bring more information.
Port 445:microsoft-ds). I could not find any services beside microsoft-ds. 
Port 631:(ipp) I could not find any services beside (ipp).

STEP 5:
for IP: 10.10.10.134: I used command: nc -v 10.10.10.134 {port numbers}
Port 3306: mysql. 5.5.20-logi.FWckmd��,O's02IZgxG7mysql_native_password!��#08S01Got packets out of order. I had to input more data.
3389: (ms-wbt-server).  I could not find any services beside ms-wbt-server.
4848: No information was found on this port
7676: ortmapper tcp PORTMAPPER 7676. I had to input data to bring more information.
8009: No data was found using this 8009 port.
8022: Server: Apache-Coyote/1.1. I had to input data to bring more information.
8031: No data was found using this 8031 port.
8080: No data was found using this port.
8181: No data was found using while using 8181 port.
8383: No data was found using this port.
8443: No data was found using this port.
9200: No data was found using this port
49152: No data was found using this port
49153: No data was found using this port
49154: No data was found using this port
49155: No data was found using this port
49158: No data was found using this port

for IP: 10.10.10.129: I used command: nc -v 10.10.10.129 {port numbers}
Port 3306: (mysql). No data was found other than mysql.
Port 8181: Server: WEBrick/1.3.1 (Ruby/2.3.7/2018-03-28). More information was needed in order to find the server.

STEP 6: 

For nmap scan of all the possible ports(1-65535), I used the command: nmap -p 1-65535 10.10.10.134
Yes, we did find 22 more ports that was not there in the previous steps because we run the coomand on all possible ports.

PORT      STATE SERVICE
21/tcp    open  ftp
22/tcp    open  ssh
80/tcp    open  http
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
1617/tcp  open  nimrod-agent
3306/tcp  open  mysql
3389/tcp  open  ms-wbt-server
3700/tcp  open  lrs-paging
4848/tcp  open  appserv-http
5985/tcp  open  wsman
7676/tcp  open  imqbrokerd
8009/tcp  open  ajp13
8019/tcp  open  qbdb
8020/tcp  open  intu-ec-svcdisc
8022/tcp  open  oa-system
8027/tcp  open  papachi-p2p-srv
8028/tcp  open  unknown
8031/tcp  open  unknown
8032/tcp  open  pro-ed
8080/tcp  open  http-proxy
8181/tcp  open  intermapper
8282/tcp  open  libelle
8383/tcp  open  m2mservices
8443/tcp  open  https-alt
8444/tcp  open  pcsync-http
8484/tcp  open  unknown
8585/tcp  open  unknown
8686/tcp  open  sun-as-jmxrmi
9200/tcp  open  wap-wsp
9300/tcp  open  vrace
47001/tcp open  winrm
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49156/tcp open  unknown
49180/tcp open  unknown
49205/tcp open  unknown
49207/tcp open  unknown
49209/tcp open  unknown
49273/tcp open  unknown
49274/tcp open  unknown

For nmap scan of all the possible ports(1-65535), I used the command: nmap -p 1-65535 10.10.10.129
Yes, we did find 1 more port that was not there in the previous steps because we run the coomand on all possible port.

PORT     STATE  SERVICE
21/tcp   open   ftps
22/tcp   open   ssh
80/tcp   open   http
445/tcp  open   microsoft-ds
631/tcp  open   ipp
3306/tcp open   mysql
6697/tcp open   ircs-u
8181/tcp open   intermapper

STEP 7:

For nmap scan, I used the command: nmap -sV -p 21,22,80,135,139,445,1617,3306,3389,3700,4848,5985,7676,8009,8019,8020,8022,8027,8028,8031,8080,8181,8282,8383,8443,8444,8484,8585,8686,9200,9300,47001,49152,49153,49154,49155,49156,49180,49205,49207,49209,49273,49274 10.10.10.134

PORT      STATE SERVICE              VERSION
21/tcp    open  ftp                  Microsoft ftpd
22/tcp    open  ssh                  OpenSSH 7.1 (protocol 2.0)
80/tcp    open  http                 Microsoft IIS httpd 7.5
135/tcp   open  msrpc                Microsoft Windows RPC
139/tcp   open  netbios-ssn          Microsoft Windows netbios-ssn
445/tcp   open  microsoft-ds         Microsoft Windows Server 2008 R2 - 2012 microsoft-ds
1617/tcp  open  java-rmi             Java RMI
3306/tcp  open  mysql                MySQL 5.5.20-log
3389/tcp  open  ssl/ms-wbt-server?
3700/tcp  open  giop                 CORBA naming service
4848/tcp  open  ssl/http             Oracle Glassfish Application Server
5985/tcp  open  http                 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
7676/tcp  open  java-message-service Java Message Service 301
8009/tcp  open  ajp13                Apache Jserv (Protocol v1.3)
8019/tcp  open  qbdb?
8020/tcp  open  http                 Apache httpd
8022/tcp  open  http                 Apache Tomcat/Coyote JSP engine 1.1
8027/tcp  open  papachi-p2p-srv?
8028/tcp  open  postgresql           PostgreSQL DB
8031/tcp  open  ssl/unknown
8080/tcp  open  http                 Sun GlassFish Open Source Edition  4.0
8181/tcp  open  ssl/intermapper?
8282/tcp  open  http                 Apache Tomcat/Coyote JSP engine 1.1
8383/tcp  open  http                 Apache httpd
8443/tcp  open  ssl/https-alt?
8444/tcp  open  desktop-central      ManageEngine Desktop Central DesktopCentralServer
8484/tcp  open  http                 Jetty winstone-2.8
8585/tcp  open  http                 Apache httpd 2.2.21 ((Win64) PHP/5.3.10 DAV/2)
8686/tcp  open  java-rmi             Java RMI
9200/tcp  open  wap-wsp?
9300/tcp  open  vrace?
47001/tcp open  http                 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
49152/tcp open  msrpc                Microsoft Windows RPC
49153/tcp open  msrpc                Microsoft Windows RPC
49154/tcp open  msrpc                Microsoft Windows RPC
49155/tcp open  msrpc                Microsoft Windows RPC
49156/tcp open  unknown
49180/tcp open  java-rmi             Java RMI
49205/tcp open  tcpwrapped
49207/tcp open  msrpc                Microsoft Windows RPC
49209/tcp open  msrpc                Microsoft Windows RPC
49273/tcp open  ssh                  Apache Mina sshd 0.8.0 (protocol 2.0)
49274/tcp open  jenkins-listener     Jenkins TcpSlaveAgentListener

For nmap scan, I used the command: nmap -sV -p 21,22,80,445,631,3306,6697,8181 10.10.10.129

PORT     STATE SERVICE     VERSION
21/tcp   open  ftp         ProFTPD 1.3.5
22/tcp   open  ssh         OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
80/tcp   open  http        Apache httpd 2.4.7 ((Ubuntu))
445/tcp  open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
631/tcp  open  ipp         CUPS 1.7
3306/tcp open  mysql       MySQL (unauthorized)
6697/tcp open  irc         UnrealIRCd
8181/tcp open  http        WEBrick httpd 1.3.1 (Ruby 2.3.7 (2018-03-28))


for IP: 10.10.10.134: 
1. nmap was able to find services on all the opened ports except one (port 49156).
2. The service discovery in step 3 and step 7 are different for seven ports (7676,8022,8383,49152,49153,49154,49155)
3. No there were not any ports that was found by netcat that was not discovered by nmap.
4. Yes, there was a difference between nmap ( msrpc) and netcat(epmap)service discovery for port 135. 
5.  I used the command: nmap -sV -p 21,22,80,135,139,445,1617,3306,3389,3700,4848,5985,7676,8009,8019,8020,8022,8027,8028,8031,8080,8181,8282,8383,8443,8444,8484,8585,8686,9200,9300,47001,49152,49153,49154,49155,49156,49180,49205,49207,49209,49273,49274 10.10.10.134

for IP: 10.10.10.129: 
1. nmap was able to find services on all the opened ports except one (port 6697).
2. The service discovery in step 3 and step 7 are different for two ports (445,8181)
3. yes, there was a port(6697) that was found by nmap that was not discovered by netcat.
4. No, there was no difference between nmap and netcat service discovery.
5.  I used the command: nmap -sV -p 21,22,80,445,631,3306,6697,8181 10.10.10.129

Step 8: 

For the operating system detection I used command: sudo nmap -sV -O 10.10.10.129
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9

For the operating system detection I used command: sudo nmap -sV -O 10.10.10.134
OS details: Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, Windows Server 2008 R2, Windows 8, or Windows 8.1 Update 1

The nmap performed really well in detecting the operating systems of virtual machines.
📦 Size:
11.67 KB
🗓️ Created:
3 years ago
🔄 Updated:
6 months ago
👁️ Views:
401
Vimego

Vimego

Universal Video Downloader

Download videos from Vimeo, DailyMotion, OFTV, etc.

  • Fast & Reliable
  • High Quality Formats
  • 😎 Easy One-Click Download
Get Extension
ChatbotsPlace Logo

ChatbotsPlace AI

All-in-one AI Platform
Try AI Models Free