search

minsk-hackerspace / spynet

hackerspace network
The Unlicense
3 stars 1 forks source link

Submit Nmap fingerprint #4

Closed abitrolly closed 7 years ago

abitrolly commented 8 years ago

https://nmap.org/book/osdetect-fingerprint-format.html

For #1

abitrolly commented 7 years ago 
# Nmap 7.25BETA2 scan initiated Sun May 21 19:09:24 2017 as: C:\nmap-7.25BETA2\nmap.exe -v -A -Pn -oN scan.log 91.215.176.168
Nmap scan report for alisa.hackerspace.by (91.215.176.168)
Host is up (0.0085s latency).
Not shown: 987 filtered ports
PORT     STATE  SERVICE         VERSION
22/tcp   open   ssh             OpenSSH 6.7p1 Debian 5+deb8u2 (protocol 2.0)
| ssh-hostkey: 
|   1024 ea:eb:da:04:ca:83:b5:20:e9:0b:4f:a2:89:26:3f:80 (DSA)
|   2048 0d:f1:cd:f0:b2:87:74:30:bf:67:96:69:09:54:7a:e5 (RSA)
|_  256 ad:2f:e9:e6:a7:57:1b:09:7c:84:6c:d2:f8:e3:5e:62 (ECDSA)
2022/tcp open   ssh             OpenSSH 6.7p1 Raspbian 5+deb8u3 (protocol 2.0)
| ssh-hostkey: 
|   1024 ec:a6:fb:12:af:df:49:6b:5c:80:bf:2c:d2:82:b1:38 (DSA)
|   2048 2c:cf:fa:6c:10:cb:99:70:f6:38:e9:90:03:29:93:e9 (RSA)
|_  256 4f:75:41:7b:57:f9:90:34:cb:21:da:77:bb:9a:ff:78 (ECDSA)
8080/tcp open   http-proxy      ecstatic-2.1.0
|_http-favicon: Unknown favicon MD5: 2F4BF3C62E64B87E259C84A07A236BB6
| http-methods: 
|_  Supported Methods: GET HEAD
|_http-server-header: ecstatic-2.1.0
|_http-title: LaserWeb - v0.4.0 (alpha)
8081/tcp closed blackice-icecap
8082/tcp closed blackice-alerts
8083/tcp closed us-srv
8084/tcp closed unknown
8085/tcp closed unknown
8086/tcp closed d-s-n
8087/tcp closed simplifymedia
8088/tcp closed radan-http
8089/tcp closed unknown
8090/tcp closed unknown
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port8080-TCP:V=7.25BETA2%I=7%D=5/21%Time=5921BBC2%P=i686-pc-windows-win
SF:dows%r(GetRequest,4B6,"HTTP/1\.1\x20200\x20OK\r\nserver:\x20ecstatic-2\
SF:.1\.0\r\nlast-modified:\x20Mon,\x2008\x20May\x202017\x2014:07:09\x20GMT
SF:\r\netag:\x20\"265641-924-\"2017-05-08T14:07:09\.000Z\"\"\r\ncache-cont
SF:rol:\x20max-age=3600\r\ncontent-length:\x20924\r\ncontent-type:\x20text
SF:/html;\x20charset=UTF-8\r\nDate:\x20Sun,\x2021\x20May\x202017\x2016:09:
SF:38\x20GMT\r\nConnection:\x20close\r\n\r\n<!DOCTYPE\x20html>\n<html\x20l
SF:ang=\"en\">\n\x20\x20\x20\x20<head>\n\x20\x20\x20\x20\x20\x20\x20\x20<m
SF:eta\x20charset=\"utf-8\"\x20/>\n\x20\x20\x20\x20\x20\x20\x20\x20<meta\x
SF:20http-equiv=\"X-UA-Compatible\"\x20content=\"IE=edge\"\x20/>\n\x20\x20
SF:\x20\x20\x20\x20\x20\x20<meta\x20name=\"viewport\"\x20content=\"width=d
SF:evice-width,\x20initial-scale=1\"\x20/>\n\x20\x20\x20\x20\x20\x20\x20\x
SF:20<title>LaserWeb\x20-\x20v0\.4\.0\x20\(alpha\)</title>\n\x20\x20\x20\x
SF:20\x20\x20\x20\x20<link\x20rel=\"icon\"\x20href=\"favicon\.ico\"\x20/>\
SF:n\x20\x20\x20\x20</head>\n\x20\x20\x20\x20<body>\n\x20\x20\x20\x20\x20\
SF:x20\x20\x20<div\x20id=\"laserweb\"\x20class=\"full-height\"><!--\x20#ye
SF:arofthelaser\x20--></div>\n\x20\x20\x20\x20\x20\x20\x20\x20<script\x20t
SF:ype=\"text/javascript\"\x20src=\"index\.js\"></script>\n\x20\x20\x20\x2
SF:0\x20\x20\x20\x20<script>\n\x20\x20\(function\(i,s,o,g,r,a,m\){i\['Goog
SF:leAnalyticsObject'\]=r;i\[r\]=i\[r\]\|\|function\(\){\n\x20\x20\(i\[r\]
SF:\.q=i\[r\]\.q\|\|\[\]\)\.push\(arguments\)},i\[")%r(HTTPOptions,73,"HTT
SF:P/1\.1\x20405\x20Method\x20Not\x20Allowed\r\nserver:\x20ecstatic-2\.1\.
SF:0\r\nDate:\x20Sun,\x2021\x20May\x202017\x2016:09:38\x20GMT\r\nConnectio
SF:n:\x20close\r\n\r\n")%r(FourOhFourRequest,6A,"HTTP/1\.1\x20404\x20Not\x
SF:20Found\r\nserver:\x20ecstatic-2\.1\.0\r\nDate:\x20Sun,\x2021\x20May\x2
SF:02017\x2016:09:38\x20GMT\r\nConnection:\x20close\r\n\r\n");
Aggressive OS guesses: DD-WRT v24 (Linux 3.10) (93%), Linux 3.4 (93%), Linux 3.5 (93%), HP P2000 G3 NAS device (92%), MikroTik RouterOS 6.32.1 (91%), Linux 2.6.32 - 3.13 (91%), Linux 3.10 (90%), Linux 3.2 - 3.16 (90%), Linux 2.6.32 - 2.6.39 (89%), Linux 3.11 (89%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 0.005 days (since Sun May 21 19:02:08 2017)
Network Distance: 8 hops
TCP Sequence Prediction: Difficulty=261 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 8088/tcp)
HOP RTT      ADDRESS
1   ...
2   ...
3   7.00 ms  mm-122-80-84-93.dynamic.pppoe.mgts.by (93.84.80.122)
4   9.00 ms  core1.net.belpak.by (93.85.80.45)
5   6.00 ms  195.137.180.69
6   6.00 ms  ex-v503-bras.flynet.by (91.215.176.226)
7   ...
8   22.00 ms alisa.hackerspace.by (91.215.176.168)

Read data files from: C:\nmap-7.25BETA2
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sun May 21 19:09:53 2017 -- 1 IP address (1 host up) scanned in 29.92 seconds
abitrolly commented 7 years ago

Looks like OS detection was made correctly. Need to make ideal testing conditions.

Aggressive OS guesses: DD-WRT v24 (Linux 3.10) (93%), Linux 3.4 (93%), Linux 3.5 (93%), HP 
P2000 G3 NAS device (92%), MikroTik RouterOS 6.32.1 (91%), Linux 2.6.32 - 3.13 (91%), Linux 
3.10 (90%), Linux 3.2 - 3.16 (90%), Linux 2.6.32 - 2.6.39 (89%), Linux 3.11 (89%)
No exact OS matches for host (test conditions non-ideal).

LaserWeb - v0.4.0 (alpha) service fingerprint is too obvious to be sent.