Closed 0xdf-0xdf closed 5 years ago
@0xdf-0xdf Thanks for the issue submission, I just want to let you know were still looking into this. Chances are it has to do with the actual software itself, and not Commando. Will keep you posted :-)
@0xdf-0xdf Are you still having this issue?
I just ran some scans to test again, it appears I am having the same issue, however, my scan did eventually finish.. I was able to scan a host with no flags in 123 seconds, however when adding the -sT
flag it ended up taking 47 minutes.. My bet is that its a performance issue with Windows.
C:\Users\kevin>nmap -p- 192.168.38.102
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-10 11:33 Pacific Daylight Time
Nmap scan report for dc.windomain.local (192.168.38.102)
Host is up (0.0065s latency).
Not shown: 65514 filtered ports
PORT STATE SERVICE
53/tcp open domain
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3389/tcp open ms-wbt-server
5985/tcp open wsman
9389/tcp open adws
49666/tcp open unknown
49667/tcp open unknown
49677/tcp open unknown
49678/tcp open unknown
49680/tcp open unknown
49695/tcp open unknown
49711/tcp open unknown
MAC Address: 00:0C:29:A2:8E:4A (VMware)
Nmap done: 1 IP address (1 host up) scanned in 123.64 seconds
COMMANDO Fri 05/10/2019 11:35:39.61
C:\Users\kevin>nmap -sT -p- 192.168.38.102
Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-10 11:35 Pacific Daylight Time
Nmap scan report for dc.windomain.local (192.168.38.102)
Host is up (0.00097s latency).
Not shown: 65514 filtered ports
PORT STATE SERVICE
53/tcp open domain
88/tcp open kerberos-sec
135/tcp open msrpc
139/tcp open netbios-ssn
389/tcp open ldap
445/tcp open microsoft-ds
464/tcp open kpasswd5
593/tcp open http-rpc-epmap
636/tcp open ldapssl
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3389/tcp open ms-wbt-server
5985/tcp open wsman
9389/tcp open adws
49666/tcp open unknown
49667/tcp open unknown
49677/tcp open unknown
49678/tcp open unknown
49680/tcp open unknown
49695/tcp open unknown
49711/tcp open unknown
MAC Address: 00:0C:29:A2:8E:4A (VMware)
Nmap done: 1 IP address (1 host up) scanned in 2830.08 seconds
Yes, I'm still having the same issue. I think you are right, that it eventually finishes. That's just so weird as to why?
On Fri, May 10, 2019 at 8:33 PM day1player notifications@github.com wrote:
@0xdf-0xdf https://github.com/0xdf-0xdf Are you still having this issue?
I just ran some scans to test again, it appears I am having the same issue, however, my scan did eventually finish.. I was able to scan a host with no flags in 123 seconds, however when adding the -sT flag it ended up taking 47 minutes.. My bet is that its a performance issue with Windows.
C:\Users\kevin>nmap -p- 192.168.38.102 Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-10 11:33 Pacific Daylight Time Nmap scan report for dc.windomain.local (192.168.38.102) Host is up (0.0065s latency). Not shown: 65514 filtered ports PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 3389/tcp open ms-wbt-server 5985/tcp open wsman 9389/tcp open adws 49666/tcp open unknown 49667/tcp open unknown 49677/tcp open unknown 49678/tcp open unknown 49680/tcp open unknown 49695/tcp open unknown 49711/tcp open unknown MAC Address: 00:0C:29:A2:8E:4A (VMware)
Nmap done: 1 IP address (1 host up) scanned in 123.64 seconds
COMMANDO Fri 05/10/2019 11:35:39.61 C:\Users\kevin>nmap -sT -p- 192.168.38.102 Starting Nmap 7.70 ( https://nmap.org ) at 2019-05-10 11:35 Pacific Daylight Time Nmap scan report for dc.windomain.local (192.168.38.102) Host is up (0.00097s latency). Not shown: 65514 filtered ports PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl 3268/tcp open globalcatLDAP 3269/tcp open globalcatLDAPssl 3389/tcp open ms-wbt-server 5985/tcp open wsman 9389/tcp open adws 49666/tcp open unknown 49667/tcp open unknown 49677/tcp open unknown 49678/tcp open unknown 49680/tcp open unknown 49695/tcp open unknown 49711/tcp open unknown MAC Address: 00:0C:29:A2:8E:4A (VMware)
Nmap done: 1 IP address (1 host up) scanned in 2830.08 seconds
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/fireeye/commando-vm/issues/37#issuecomment-491405515, or mute the thread https://github.com/notifications/unsubscribe-auth/ACG3U7QTBSMJHPMAVJUQBPDPUXEW3ANCNFSM4HEWUHGA .
@0xdf-0xdf it seems like this is an issue with running nmap on Windows, and there doesn't appear to be anything we can do to fix it. I am going to close this issue as an upstream issue. Thank you for all of your feedback, please let us know if you have any other suggestions.
Thanks for following up. I suspected that would be an issue with nmap.
Describe the bug and expected behavior When I run nmap with -sT flag, it hangs. It may only occur with the
-p-
option. Looking in wireshark, I see it making connections to the same port over and over again. The port seems to change on each run, but always an open port. I've tried on multiple hosts, both windows and linux targets.To Reproduce Steps to reproduce the behavior:
nmap -sT -p- --min-rate 10000 [ip with a couple ports open]
Example Without
-sT
, finishes all ports in 32 seconds. With it, it's 2.5 minutes in, with 2.5 hours remaining.If I look in wireshark, I have about 100 conversations with port 21 already (Linux target).
Second target, Windows host:
Wireshark shows this one gets stuck on 8080 (managed engine servicedesk plus).
Third example, edge router x in local network:
Repeated scans to 443, https.
Version
Additional context First two hosts are over VPN to Hackthebox.eu targets. Third example is in local network.