Hacking Tony

Cyber security tutorials

User Tools

Site Tools

Trace: scan_nmap
scan_nmap

This is an old revision of the document!

How to scan computers/network with Nmap

santi@kalibook:$ nmap -sn 192.168.1.0/24
 
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2017-09-10 20:05 CEST
Nmap scan report for 192.168.1.1
Host is up (0.017s latency).
Nmap scan report for 192.168.1.3
Host is up (0.013s latency).
Nmap scan report for 192.168.1.29
Host is up (0.00040s latency).
Nmap scan report for 192.168.1.32
Host is up (0.074s latency).
Nmap scan report for 192.168.1.254
Host is up (0.010s latency).
Nmap done: 256 IP addresses (5 hosts up) scanned in 9.61 seconds

How to detect the operating system of a remote computer (in this case it is a Windows 7).

First, we will try with the Firewall enabled: 

santi@kalibook:$ sudo nmap -O 192.168.1.40
 
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2017-09-10 20:05 CEST
Nmap scan report for 192.168.1.40
Host is up (0.00018s latency).
All 1000 scanned ports on 192.168.1.40 are filtered
MAC Address: 08:00:27:5C:0E:94 (Cadmus Computer Systems)
Too many fingerprints match this host to give specific OS details
Network Distance: 1 hop
 
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 30.73 seconds

We can see that we don't obtain any information abut the remote computer. Then, we will disabled the default Firewall and we will try again with the same nmap options: 

santi@kalibook:$ nmap -O 192.168.1.40
 
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2017-09-10 20:07 CEST
Nmap scan report for 192.168.1.40
Host is up (0.00016s latency).
Not shown: 990 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
5357/tcp  open  wsdapi
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49156/tcp open  unknown
49158/tcp open  unknown
MAC Address: 08:00:27:5C:0E:94 (Cadmus Computer Systems)
Device type: general purpose
Running: Microsoft Windows 2008|10|7|8.1
OS CPE: cpe:/o:microsoft:windows_server_2008::sp2 cpe:/o:microsoft:windows cpe:/o:microsoft:windows_7::- cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_8
OS details: Microsoft Windows Server 2008 SP2 or Windows 10 Tech Preview, Microsoft Windows 7 SP0 - SP1, Windows Server 2008 SP1, Windows 8, or Windows 8.1 Update 1
Network Distance: 1 hop
 
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 103.30 seconds

Because the firewall was disabled we have obtained a lot of information about the remote computer: open ports, services running, MAC address and some extra information about which version of Windows is running and a aproximation about how updated it is (Service Packs installed on remote computer) 

santi@kalibook:$ 
santi@kalibook:$ 
santi@kalibook:$
scan_nmap.1505070725.txt.gz · Last modified: 2019/01/04 13:06 (external edit)