Jump to content

Archived

This topic is now archived and is closed to further replies.

Skorpinok Rover

Nmap Scan

Recommended Posts

Hello

i did a nmap scan on my friends external ip address with permission, but i couldn't get inside his pc, instead the scan result showed his ISP Details,server's & what system they are running ,but not his, anybody please suggest me how to do a perfect scan?

regards

Share this post


Link to post
Share on other sites

There is no such thing as a perfect scan. My guess is you got his IP address wrong or he is behind some sort of local NAT in the apartment complex or area he is in.

Share this post


Link to post
Share on other sites

Best, externally your only gonna get to his router/firewall. (Or if the apartment handles NAT then theirs) you would have to be internal to actually nmap his specific machines. (Or they would have to be internet facing)

Share this post


Link to post
Share on other sites

You could try:

nmap -PN --traceroute --script firewalk --script-args firewalk.max-probed-ports=-1 x.x.x.x

Where x.x.x is the IP address of your target, but no guarantee you will get anything depending on the end device in question.

Share this post


Link to post
Share on other sites

hmmm yes i agree with mr-protocall just try some different things in different combinations, you know explore! i find -sN and -f useful tho

Share this post


Link to post
Share on other sites

hmmm yes i agree with mr-protocall just try some different things in different combinations, you know explore! i find -sN and -f useful tho

Could you find any open ports on his router? If there are any opened ports, you could get more information about the service running behind it, by doing some banner grabbing with Nmap.

Edit: But first make sure you got the right IP address!

Share this post


Link to post
Share on other sites

Could you find any open ports on his router? If there are any opened ports, you could get more information about the service running behind it, by doing some banner grabbing with Nmap.

Edit: But first make sure you got the right IP address!

Hello bro ...this is what i got on nmap scan,the ISP.in is the web url of internet service provider,this were i got confused,when i type his external ip(xxx.xxx.xx.) it shows details of his ISP.

Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2012-03-17 09:25 GST

NSE: Loaded 63 scripts for scanning.

NSE: Script Pre-scanning.

Initiating Ping Scan at 09:25

Scanning xxx.xxx.xx.x [4 ports]

Completed Ping Scan at 09:25, 0.06s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 09:25

Completed Parallel DNS resolution of 1 host. at 09:25, 0.11s elapsed

Initiating SYN Stealth Scan at 09:25

Scanning ABTS-KK-Static-009.15.xxx.xxx.ISP.in(xxx.xxx.xx.x) [1000 ports]

Discovered open port 80/tcp on xxx.xxx.xx.x

Completed SYN Stealth Scan at 09:25, 4.05s elapsed (1000 total ports)

Initiating Service scan at 09:25

Scanning 1 service on ABTS-KK-Static-xxx.xx.xxx.xxx.ISP.in (xxx.xx.xxx.x)

Completed Service scan at 09:26, 5.01s elapsed (1 service on 1 host)

Initiating OS detection (try #1) against ABTS-KK-Static-009.xx.xxx.xxx.ISP.in (xxx.xxx.xx)

Retrying OS detection (try #2) against ABTS-KK-Static-009.15.166.122.ISP.in )xx.xxx.xxx

Initiating Traceroute at 09:26

Completed Traceroute at 09:26, 9.09s elapsed

NSE: Script scanning xxx.xxx.xx.x.

Initiating NSE at 09:26

Completed NSE at 09:26, 12.96s elapsed

Nmap scan report for ABTS-KK-Static-009.xx.xxx.xxx.isp.in (xxx.xxx.xx.x)

Host is up (0.0078s latency).

Not shown: 999 filtered ports

PORT STATE SERVICE VERSION

80/tcp open http?

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

OS fingerprint not ideal because: Missing a closed TCP port so results incomplete

No OS matches for host

TRACEROUTE (using port 80/tcp)

HOP RTT ADDRESS

1 ... 30

NSE: Script Post-scanning.

Read data files from: /usr/local/bin/../share/nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 38.44 seconds

Raw packets sent: 2244 (102.196KB) | Rcvd: 535 (21.420KB)

Share this post


Link to post
Share on other sites

Sounds to me like you scanned the correct address, and it just showed you the resolved DNS name. You can verify this, by asking him to go to ipchicken.com and tell you both the IP and "Name Address:" it says. Port 80 being found, most likely is his router, assuming the IP is correct and he has a router/gateway between his PC and modem/internet connection. That means his router is listening on the internet for its admin interface, and that should be disabled for the web side and only accessible over the lan so no one can

Share this post


Link to post
Share on other sites

Hello bro ...this is what i got on nmap scan,the ISP.in is the web url of internet service provider,this were i got confused,when i type his external ip(xxx.xxx.xx.) it shows details of his ISP.

Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2012-03-17 09:25 GST

NSE: Loaded 63 scripts for scanning.

NSE: Script Pre-scanning.

Initiating Ping Scan at 09:25

Scanning xxx.xxx.xx.x [4 ports]

Completed Ping Scan at 09:25, 0.06s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 09:25

Completed Parallel DNS resolution of 1 host. at 09:25, 0.11s elapsed

Initiating SYN Stealth Scan at 09:25

Scanning ABTS-KK-Static-009.15.xxx.xxx.ISP.in(xxx.xxx.xx.x) [1000 ports]

Discovered open port 80/tcp on xxx.xxx.xx.x

Completed SYN Stealth Scan at 09:25, 4.05s elapsed (1000 total ports)

Initiating Service scan at 09:25

Scanning 1 service on ABTS-KK-Static-xxx.xx.xxx.xxx.ISP.in (xxx.xx.xxx.x)

Completed Service scan at 09:26, 5.01s elapsed (1 service on 1 host)

Initiating OS detection (try #1) against ABTS-KK-Static-009.xx.xxx.xxx.ISP.in (xxx.xxx.xx)

Retrying OS detection (try #2) against ABTS-KK-Static-009.15.166.122.ISP.in )xx.xxx.xxx

Initiating Traceroute at 09:26

Completed Traceroute at 09:26, 9.09s elapsed

NSE: Script scanning xxx.xxx.xx.x.

Initiating NSE at 09:26

Completed NSE at 09:26, 12.96s elapsed

Nmap scan report for ABTS-KK-Static-009.xx.xxx.xxx.isp.in (xxx.xxx.xx.x)

Host is up (0.0078s latency).

Not shown: 999 filtered ports

PORT STATE SERVICE VERSION

80/tcp open http?

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

OS fingerprint not ideal because: Missing a closed TCP port so results incomplete

No OS matches for host

TRACEROUTE (using port 80/tcp)

HOP RTT ADDRESS

1 ... 30

NSE: Script Post-scanning.

Read data files from: /usr/local/bin/../share/nmap

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 38.44 seconds

Raw packets sent: 2244 (102.196KB) | Rcvd: 535 (21.420KB)

btw you should update your nmap version!

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...