Skorpinok Rover Posted March 23, 2012 Posted March 23, 2012 Hello i did a nmap scan on my friends external ip address with permission, but i couldn't get inside his pc, instead the scan result showed his ISP Details,server's & what system they are running ,but not his, anybody please suggest me how to do a perfect scan? regards Quote
Mr-Protocol Posted March 23, 2012 Posted March 23, 2012 There is no such thing as a perfect scan. My guess is you got his IP address wrong or he is behind some sort of local NAT in the apartment complex or area he is in. Quote
combatwombat27 Posted March 23, 2012 Posted March 23, 2012 Best, externally your only gonna get to his router/firewall. (Or if the apartment handles NAT then theirs) you would have to be internal to actually nmap his specific machines. (Or they would have to be internet facing) Quote
digip Posted March 23, 2012 Posted March 23, 2012 You could try: nmap -PN --traceroute --script firewalk --script-args firewalk.max-probed-ports=-1 x.x.x.x Where x.x.x is the IP address of your target, but no guarantee you will get anything depending on the end device in question. Quote
flyingpoptartcat Posted March 24, 2012 Posted March 24, 2012 hmmm yes i agree with mr-protocall just try some different things in different combinations, you know explore! i find -sN and -f useful tho Quote
Infiltrator Posted March 24, 2012 Posted March 24, 2012 (edited) hmmm yes i agree with mr-protocall just try some different things in different combinations, you know explore! i find -sN and -f useful tho Could you find any open ports on his router? If there are any opened ports, you could get more information about the service running behind it, by doing some banner grabbing with Nmap. Edit: But first make sure you got the right IP address! Edited March 24, 2012 by Infiltrator Quote
Skorpinok Rover Posted March 24, 2012 Author Posted March 24, 2012 Could you find any open ports on his router? If there are any opened ports, you could get more information about the service running behind it, by doing some banner grabbing with Nmap. Edit: But first make sure you got the right IP address! Hello bro ...this is what i got on nmap scan,the ISP.in is the web url of internet service provider,this were i got confused,when i type his external ip(xxx.xxx.xx.) it shows details of his ISP. Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2012-03-17 09:25 GST NSE: Loaded 63 scripts for scanning. NSE: Script Pre-scanning. Initiating Ping Scan at 09:25 Scanning xxx.xxx.xx.x [4 ports] Completed Ping Scan at 09:25, 0.06s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 09:25 Completed Parallel DNS resolution of 1 host. at 09:25, 0.11s elapsed Initiating SYN Stealth Scan at 09:25 Scanning ABTS-KK-Static-009.15.xxx.xxx.ISP.in(xxx.xxx.xx.x) [1000 ports] Discovered open port 80/tcp on xxx.xxx.xx.x Completed SYN Stealth Scan at 09:25, 4.05s elapsed (1000 total ports) Initiating Service scan at 09:25 Scanning 1 service on ABTS-KK-Static-xxx.xx.xxx.xxx.ISP.in (xxx.xx.xxx.x) Completed Service scan at 09:26, 5.01s elapsed (1 service on 1 host) Initiating OS detection (try #1) against ABTS-KK-Static-009.xx.xxx.xxx.ISP.in (xxx.xxx.xx) Retrying OS detection (try #2) against ABTS-KK-Static-009.15.166.122.ISP.in )xx.xxx.xxx Initiating Traceroute at 09:26 Completed Traceroute at 09:26, 9.09s elapsed NSE: Script scanning xxx.xxx.xx.x. Initiating NSE at 09:26 Completed NSE at 09:26, 12.96s elapsed Nmap scan report for ABTS-KK-Static-009.xx.xxx.xxx.isp.in (xxx.xxx.xx.x) Host is up (0.0078s latency). Not shown: 999 filtered ports PORT STATE SERVICE VERSION 80/tcp open http? Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port OS fingerprint not ideal because: Missing a closed TCP port so results incomplete No OS matches for host TRACEROUTE (using port 80/tcp) HOP RTT ADDRESS 1 ... 30 NSE: Script Post-scanning. Read data files from: /usr/local/bin/../share/nmap OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 38.44 seconds Raw packets sent: 2244 (102.196KB) | Rcvd: 535 (21.420KB) Quote
digip Posted March 24, 2012 Posted March 24, 2012 Sounds to me like you scanned the correct address, and it just showed you the resolved DNS name. You can verify this, by asking him to go to ipchicken.com and tell you both the IP and "Name Address:" it says. Port 80 being found, most likely is his router, assuming the IP is correct and he has a router/gateway between his PC and modem/internet connection. That means his router is listening on the internet for its admin interface, and that should be disabled for the web side and only accessible over the lan so no one can Quote
flyingpoptartcat Posted April 1, 2012 Posted April 1, 2012 Hello bro ...this is what i got on nmap scan,the ISP.in is the web url of internet service provider,this were i got confused,when i type his external ip(xxx.xxx.xx.) it shows details of his ISP. Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2012-03-17 09:25 GST NSE: Loaded 63 scripts for scanning. NSE: Script Pre-scanning. Initiating Ping Scan at 09:25 Scanning xxx.xxx.xx.x [4 ports] Completed Ping Scan at 09:25, 0.06s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 09:25 Completed Parallel DNS resolution of 1 host. at 09:25, 0.11s elapsed Initiating SYN Stealth Scan at 09:25 Scanning ABTS-KK-Static-009.15.xxx.xxx.ISP.in(xxx.xxx.xx.x) [1000 ports] Discovered open port 80/tcp on xxx.xxx.xx.x Completed SYN Stealth Scan at 09:25, 4.05s elapsed (1000 total ports) Initiating Service scan at 09:25 Scanning 1 service on ABTS-KK-Static-xxx.xx.xxx.xxx.ISP.in (xxx.xx.xxx.x) Completed Service scan at 09:26, 5.01s elapsed (1 service on 1 host) Initiating OS detection (try #1) against ABTS-KK-Static-009.xx.xxx.xxx.ISP.in (xxx.xxx.xx) Retrying OS detection (try #2) against ABTS-KK-Static-009.15.166.122.ISP.in )xx.xxx.xxx Initiating Traceroute at 09:26 Completed Traceroute at 09:26, 9.09s elapsed NSE: Script scanning xxx.xxx.xx.x. Initiating NSE at 09:26 Completed NSE at 09:26, 12.96s elapsed Nmap scan report for ABTS-KK-Static-009.xx.xxx.xxx.isp.in (xxx.xxx.xx.x) Host is up (0.0078s latency). Not shown: 999 filtered ports PORT STATE SERVICE VERSION 80/tcp open http? Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port OS fingerprint not ideal because: Missing a closed TCP port so results incomplete No OS matches for host TRACEROUTE (using port 80/tcp) HOP RTT ADDRESS 1 ... 30 NSE: Script Post-scanning. Read data files from: /usr/local/bin/../share/nmap OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 38.44 seconds Raw packets sent: 2244 (102.196KB) | Rcvd: 535 (21.420KB) btw you should update your nmap version! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.