This Appendix contains NMAP scan outputs taken by the group of each Virtual Machine in the lab after the vulnerable had been configured but before the network was made live to the other students. This provides a benchmark for the group of the state of the Virtual Machines before use.
First Level Vlan Virtual Machine Audit
NMAP scan used:
nmap -Pn -sT -sV -O 192.168.1.200-254
Windows 7 - B
Starting Nmap 5.51 ( http://nmap.org ) at 2005-03-24 20:47 EST Nmap scan report for 192.168.1.200
Host is up (0.0038s latency).
Not shown: 988 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.14 ((Win32) DAV/2 mod_autoindex_color PHP/5.3.1) 135/tcp open msrpc Microsoft Windows RPC
445/tcp open netbios-ssn
3306/tcp open mysql MySQL (unauthorized) 5001/tcp open commplex-link?
8009/tcp open ajp13 Apache Jserv (Protocol v1.3)
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port5001-TCP:V=5.51%I=7%D=3/24%Time=42428D7A%P=i686-pc-linux-gnu%r(NULL
Device type: general purpose
Running: Microsoft Windows Vista|2008|7
OS details: Microsoft Windows Vista SP0 - SP2, Server 2008, or Windows 7 Ultimate Network Distance: 1 hop
Service Info: OS: Windows
Windows XP -A
Nmap scan report for 192.168.1.205 Host is up (0.0036s latency).
Not shown: 997 closed ports PORT STATE SERVICE VERSION
21/tcp open ftp Code-Crafters Ability ftpd 2.34
Page 38 of 44 3389/tcp open microsoft-rdp Microsoft Terminal Service
Device type: general purpose
Running: Microsoft Windows XP|2003
OS details: Microsoft Windows XP Professional SP2 or Windows Server 2003 Network Distance: 1 hop
Service Info: OS: Windows
Windows 7 -A
Nmap scan report for 192.168.1.210 Host is up (0.0044s latency).
Not shown: 990 closed ports PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn
445/tcp open netbios-ssn
3389/tcp open microsoft-rdp Microsoft Terminal Service 49152/tcp open msrpc Microsoft Windows RPC 49153/tcp open msrpc Microsoft Windows RPC 49154/tcp open msrpc Microsoft Windows RPC 49155/tcp open msrpc Microsoft Windows RPC 49156/tcp open msrpc Microsoft Windows RPC 49157/tcp open msrpc Microsoft Windows RPC Device type: general purpose
Running: Microsoft Windows Vista|2008|7
OS details: Microsoft Windows Vista SP0 - SP2, Server 2008, or Windows 7 Ultimate Network Distance: 1 hop
Service Info: OS: Windows
Page 39 of 44
Debian 5
Nmap scan report for 192.168.1.211 Host is up (0.0012s latency).
Not shown: 999 closed ports PORT STATE SERVICE VERSION 111/tcp open rpcbind 2 (rpc #100000)
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
Network Distance: 1 hop
Windows XP -B
Nmap scan report for 192.168.1.215 Host is up (0.0036s latency).
Not shown: 997 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp CesarFTPd 0.99g
135/tcp open msrpc Microsoft Windows RPC 3389/tcp open microsoft-rdp Microsoft Terminal Service Device type: general purpose
Running: Microsoft Windows XP
OS details: Microsoft Windows XP SP2 or SP3 Network Distance: 1 hop
Service Info: OS: Windows
Windows Server 2008 - A
Nmap scan report for 192.168.1.220 Host is up (0.0017s latency).
Not shown: 996 filtered ports PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn
445/tcp open netbios-ssn
5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose
Running: Microsoft Windows 2008|7|Vista
OS details: Microsoft Windows Server 2008, Microsoft Windows 7 Professional, Microsoft Windows Vista SP0 or SP1, Server 2008 SP1, or Windows 7
Service Info: OS: Windows
Windows Server 2008 -B
Nmap scan report for 192.168.1.225
Page 40 of 44 Not shown: 996 filtered ports
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn
445/tcp open netbios-ssn
5357/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose
Running: Microsoft Windows 2008|Vista|7
OS details: Microsoft Windows Server 2008, Microsoft Windows Vista SP0 or SP1, Server 2008 SP1, or Windows 7
Service Info: OS: Windows
Page 41 of 44
Windows 8
Nmap scan report for 192.168.1.230 Host is up (0.0018s latency).
Not shown: 991 closed ports PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn
445/tcp open netbios-ssn
49152/tcp open msrpc Microsoft Windows RPC 49153/tcp open msrpc Microsoft Windows RPC 49154/tcp open msrpc Microsoft Windows RPC 49155/tcp open msrpc Microsoft Windows RPC 49156/tcp open msrpc Microsoft Windows RPC 49157/tcp open msrpc Microsoft Windows RPC Device type: general purpose
Running: Microsoft Windows Vista|2008|7
OS details: Microsoft Windows Vista SP0 - SP2, Server 2008, or Windows 7 Ultimate Network Distance: 1 hop
Service Info: OS: Windows
Page 42 of 44 Second Level Vlan Virtual Machine Audit
NMAP Scan Used:
nmap -Pn -sT -sV -O 192.168.2.200-254
Metasploitable
Starting Nmap 6.25 ( http://nmap.org ) at 2013-03-06 17:38 EST Nmap scan report for 192.168.2.200
Host is up (0.0034s latency).
Not shown: 978 closed ports PORT STATE SERVICE VERSION
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP) 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP) 512/tcp open exec?
513/tcp open login?
514/tcp open shell?
1099/tcp open rmiregistry GNU Classpath grmiregistry 1524/tcp open ingreslock?
2049/tcp open nfs 2-4 (RPC #100003) 2121/tcp open ftp ProFTPD 1.3.1
3306/tcp open mysql MySQL 5.0.51a-3ubuntu5 5432/tcp open postgresql PostgreSQL DB 8.3.0 - 8.3.7 5900/tcp open vnc VNC (protocol 3.3)
6000/tcp open X11 (access denied) 6667/tcp open irc Unreal ircd 8180/tcp open unknown
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port1524-TCP:V=6.25%I=7%D=3/6%Time=5136E4FC%P=i686-pc-linux-gnu%r(NULL, SF:17,"root@metasploitable:/#\x20")%r(GenericLines,73,"root@metasploitable SF::/#\x20root@metasploitable:/#\x20root@metasploitable:/#\x20root@metaspl SF:oitable:/#\x20root@metasploitable:/#\x20")%r(GetRequest,17,"root@metasp SF:loitable:/#\x20")%r(HTTPOptions,17,"root@metasploitable:/#\x20");
Device type: general purpose Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.9 - 2.6.33
Service Info: Hosts: localhost, irc.Metasploitable.LAN; OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
Page 43 of 44
Drunk Admin Hacking Challenge
Nmap scan report for 192.168.2.205 Host is up (0.0023s latency).
Not shown: 999 filtered ports PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.5p1 Debian 6+squeeze1 (protocol 2.0)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.32 - 2.6.35
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Hackademic RTB 2
Nmap scan report for 192.168.2.210 Host is up (0.0019s latency).
Not shown: 998 closed ports PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.14 ((Ubuntu)) 666/tcp filtered doom
Device type: general purpose Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6 OS details: Linux 2.6.17 - 2.6.36
Hackademic RTB 1
Nmap scan report for 192.168.2.211 Host is up (0.0019s latency).
Not shown: 998 filtered ports PORT STATE SERVICE VERSION 22/tcp closed ssh
80/tcp open http Apache httpd 2.2.15 ((Fedora))
Aggressive OS guesses: Linux 2.6.22 - 2.6.36 (98%), Linux 2.6.23 - 2.6.38 (95%), Linux 2.6.31 - 2.6.35 (95%), Linux 2.6.9 - 2.6.27 (95%), Linux 2.6.39 (94%), Linux 2.6.20 (Ubuntu, x86_64) (94%), HP P2000 G3 NAS device (94%), Linux 2.6.22 (93%), Linux 2.6.32 - 2.6.35 (93%), Linux 2.6.20 (93%)
No exact OS matches for host (test conditions non-ideal).
Page 44 of 44