Autor
Me dispuse a scanear host, y me tope con uno, que parece insteresante. Al menos tiene un par de puertos abiertos.
Estoy usando Zenmap 4.76, el comando que use fue(desde el GUI):
Código:
nmap -PE -PA21,23,80,3389 -A -v -T4 XXX.XXX.XXX.XXX
Y obtube lo siguiente:
Código:
Initiating SYN Stealth Scan at 03:37
Scanning max (XXX.XXX.XXX.XXX) [1000 ports]
Discovered open port 21/tcp
Discovered open port 80/tcp
Discovered open port 443/tcp
Discovered open port 53/tcp
Discovered open port 25/tcp
Discovered open port 2049/tcp
Discovered open port 110/tcp
Discovered open port 465/tcp
Discovered open port 7070/tcp
Discovered open port 111/tcp
Discovered open port 993/tcp
Discovered open port 8001/tcp
Discovered open port 143/tcp
Discovered open port 3306/tcp
Discovered open port 8000/tcp
Discovered open port 995/tcp
Discovered open port 1/tcp
....
PORT STATE SERVICE VERSION
1/tcp open tcpwrapped
21/tcp open ftp PureFTPd
25/tcp open smtp Exim smtpd 4.69
....
|_ HELP Commands supported:, , AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
53/tcp open domain ISC BIND 9.3.4-P1
80/tcp open http Apache httpd 1.3.37
111/tcp open rpcbind
...
| rpcinfo:
| 100000 2 111/udp rpcbind
| 100011 1,2 638/udp rquotad
| 100005 1,2,3 671/udp mountd
| 100003 2,3,4 2049/udp nfs
| 100021 1,3,4 34024/udp nlockmgr
| 100000 2 111/tcp rpcbind
| 100011 1,2 641/tcp rquotad
| 100005 1,2,3 674/tcp mountd
| 100003 2,3,4 2049/tcp nfs
|_ 100021 1,3,4 53722/tcp nlockmgr
...
143/tcp open imap Courier Imapd (released 2005)
443/tcp open http Apache httpd 1.3.37
...
evice type: firewall|WAP
Running (JUST GUESSING) : ISS Linux 2.4.X (87%), Cisco-Linksys embedded (85%)
Aggressive OS guesses: ISS Proventia GX3002 firewall (Linux 2.4.18) (87%), Cisco-Linksys WAG300 wireless broadband router (85%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 6.372 days (since Sun May 31 18:43:57 2009)
Network Distance: 16 hops
TCP Sequence Prediction: Difficulty=200 (Good luck!)
IP ID Sequence Generation: All zeros
Scanning max (XXX.XXX.XXX.XXX) [1000 ports]
Discovered open port 21/tcp
Discovered open port 80/tcp
Discovered open port 443/tcp
Discovered open port 53/tcp
Discovered open port 25/tcp
Discovered open port 2049/tcp
Discovered open port 110/tcp
Discovered open port 465/tcp
Discovered open port 7070/tcp
Discovered open port 111/tcp
Discovered open port 993/tcp
Discovered open port 8001/tcp
Discovered open port 143/tcp
Discovered open port 3306/tcp
Discovered open port 8000/tcp
Discovered open port 995/tcp
Discovered open port 1/tcp
....
PORT STATE SERVICE VERSION
1/tcp open tcpwrapped
21/tcp open ftp PureFTPd
25/tcp open smtp Exim smtpd 4.69
....
|_ HELP Commands supported:, , AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
53/tcp open domain ISC BIND 9.3.4-P1
80/tcp open http Apache httpd 1.3.37
111/tcp open rpcbind
...
| rpcinfo:
| 100000 2 111/udp rpcbind
| 100011 1,2 638/udp rquotad
| 100005 1,2,3 671/udp mountd
| 100003 2,3,4 2049/udp nfs
| 100021 1,3,4 34024/udp nlockmgr
| 100000 2 111/tcp rpcbind
| 100011 1,2 641/tcp rquotad
| 100005 1,2,3 674/tcp mountd
| 100003 2,3,4 2049/tcp nfs
|_ 100021 1,3,4 53722/tcp nlockmgr
...
143/tcp open imap Courier Imapd (released 2005)
443/tcp open http Apache httpd 1.3.37
...
evice type: firewall|WAP
Running (JUST GUESSING) : ISS Linux 2.4.X (87%), Cisco-Linksys embedded (85%)
Aggressive OS guesses: ISS Proventia GX3002 firewall (Linux 2.4.18) (87%), Cisco-Linksys WAG300 wireless broadband router (85%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 6.372 days (since Sun May 31 18:43:57 2009)
Network Distance: 16 hops
TCP Sequence Prediction: Difficulty=200 (Good luck!)
IP ID Sequence Generation: All zeros
Eh puesto, lo que a mi parecer es lo interesante, se podria llegar a hacer algo interesante con esos puertos, y especialmente con servicios como el de PureFTPd o apache 1.3.37?
Es de tienen algun bug conocido o facil de explotar?
PD: El server es un desktop personal...creo.
Bueno espero su ayuda..
Saludos
En línea
)
no trato de ofender.
