disbeliever
14.08.2013, 01:00
Сканирую определенный сервер Nmap'ом и вот результат. В какой порт ломиться проще всего? Информации в интернете много, но какой путь проще понять не могу. Судя по всему все упирается в Fortigate файрвол.
Также там показаны ключи SSH. Они мне как то могут помочь?
source:
Starting
Nmap
6.25
(
http
:
//nmap.org ) at 2013-08-13 13:00 UTC
Nmap scan report for lin9.nictr.com (
93.187
.
204.153
)
Host is up (
0.0023s
latency).
Not
shown
:
982
closed ports
PORT STATE SERVICE VERSION
21
/tcp open ftp ProFTPD
1.3
.
3
c
22
/tcp open ssh OpenSSH
4.3
(protocol
2.0
)
|
ssh-hostkey
:
1024
b8
:
a4
:
15
:
73
:
00
:
b2
:
e8
:
c1
:
19
:
9
d
:
1
f
:
a6
:
3
d
:
8
e
:
d7
:ce (DSA)
|_2048
67
:
fe
:
74
:
41
:
06
:
a2
:
b6
:
ab
:
8
f
:
d7
:
3
e
:
12
:
3
e
:
2
e
:
68
:
9
c (RSA)
25
/tcp open smtp Exim smtpd
4.77
|
smtp-commands
: lin9.nictr.com Hello lin9.nictr.com [
82.222
.
164.91
], SIZE
20971520
, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
|_ Commands
supported
: AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
|
_ssl-cert
:
ERROR
: Script execution failed (use -d to debug)
|
_ssl-date
:
2013
-08-13T12
:
54
:
16
+
00
:
00
; -
8
m27s from local time.
53
/tcp open domain ISC BIND
9.3
.
6
-
20
.P1.el5_8.
5
|
dns-nsid
:
|_ bind.
version
:
9.3
.
6
-P1-RedHat-
9.3
.
6
-
20
.P1.el5_8.
5
80
/tcp open http Apache httpd
2
|
_http-title
: Site doesn't have a title (text/html).
110
/tcp open pop3 Dovecot DirectAdmin pop3d
|
_pop3-capabilities
:
SASL
(PLAIN) USER STLS RESP-CODES CAPA UIDL
111
/tcp open rpcbind
2
(RPC
#100000
)
|
rpcinfo
:
| program version port/proto service
|
100000
2
111
/tcp rpcbind
|
100000
2
111
/udp rpcbind
|
100024
1
915
/udp status
|_
100024
1
918
/tcp status
119
/tcp open tcpwrapped
143
/tcp open imap Dovecot imapd
|
_imap-capabilities
: ENABLE IMAP4rev1 more have Pre-login SASL-IR post-login listed capabilities LITERAL+ ID OK AUTH=PLAINA0001 STARTTLS LOGIN-REFERRALS IDLE
443
/tcp open ssl/http Apache httpd
2
|
_http-title
: Site doesn't have a title (text/html).
|
_ssl-cert
:
ERROR
: Script execution failed (use -d to debug)
|
_ssl-date
:
2013
-08-13T12
:
54
:
14
+
00
:
00
; -
8
m26s from local time.
465
/tcp open ssl/smtps?
|
_smtp-commands
: Couldn't establish connection on port
465
|
_ssl-date
:
2013
-08-13T13
:
02
:
46
+
00
:
00
; +
4s
from local time.
587
/tcp open smtp Exim smtpd
4.77
|
smtp-commands
: lin9.nictr.com Hello lin9.nictr.com [
82.222
.
164.91
], SIZE
20971520
, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
|_ Commands
supported
: AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
|
_ssl-cert
:
ERROR
: Script execution failed (use -d to debug)
|
_ssl-date
:
2013
-08-13T12
:
54
:
15
+
00
:
00
; -
8
m27s from local time.
993
/tcp open ssl/imaps?
|
_ssl-date
:
2013
-08-13T13
:
02
:
44
+
00
:
00
; +
3s
from local time.
995
/tcp open pop3s?
|
_ssl-date
:
2013
-08-13T13
:
02
:
44
+
00
:
00
; +
3s
from local time.
2222
/tcp open hbase-master Apache Hadoop Hbase
1.43
.
0
(Registered to Nictr Internet Tescil)
|
flume-master-info
:
| Flume
nodes
:
| Zookeeper
Master
:
| Hbase Master
Master
:
|
Enviroment
:
|_
Config
:
|
_http-git
:
0
|
_http-methods
: No Allow or Public header in OPTIONS response (status code
404
)
|
_http-title
: DirectAdmin Login
3306
/tcp open mysql MySQL (unauthorized)
8008
/tcp open http?
|
_http-methods
: No Allow or Public header in OPTIONS response (status code
302
)
|
_http-title
: Did
not
follow redirect to
https
:
//lin9.nictr.com:8010/
8010
/tcp open ssl/hadoop-jobtracker Apache Hadoop
|
flume-master-info
:
| Flume
nodes
:
| Zookeeper
Master
:
| Hbase Master
Master
:
|
Enviroment
:
|_
Config
:
|
_http-git
:
0
|
_http-methods
: No Allow or Public header in OPTIONS response (status code
200
)
|
_http-title
: Web Filter Block Override
|
ssl-cert
:
Subject
: commonName=Fortigate/organizationName=Fortinet/stateOrProvinceName=California/countryName=US
|
Not
valid
before
:
2006
-01-27T19
:
44
:
14
+
00
:
00
|_Not valid
after
:
2026
-03-13T19
:
44
:
14
+
00
:
00
|
_ssl-date
:
2013
-08-13T13
:
02
:
44
+
00
:
00
; +
3s
from local time.
|
_sslv2
: server still supports SSLv2
1
service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at
http
:
//www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port8008-TCP
:V=
6.25%
I=
7%
D=
8
/
13%
Time=
520
A2E00%P=i686-pc-linux-gnu%
r
(GetR
SF
:equest,
43
,"HTTP/
1
\.
1
\x20302\x20Found\r\
nLocation
:\
x20https
:
//:8010/\r\n
SF
:
Connection
:\x20close\r\n\r\n
")%r(FourOhFourRequest,66,"
HTTP/
1
\.
1
\x20302
SF
:\x20Found\r\
nLocation
:\
x20https
:
//:8010/nice%20ports%2C/Tri%6Eity\.txt%
SF
:
2
ebak\r\
nConnection
:\x20close\r\n\r\n
")%r(GenericLines,42,"
HTTP/
1
\.
1
\x2
SF
:
0302
\x20Found\r\
nLocation
:\
x20https
:
//:8010\r\nConnection:\x20close\r\n
SF
:\r\n
")%r(HTTPOptions,42,"
HTTP/
1
\.
1
\x20302\x20Found\r\
nLocation
:\x20http
SF
:
s
:
//:8010\r\nConnection:\x20close\r\n\r\n")%r(RTSPRequest,42,"HTTP/1\.1
SF
:\x20302\x20Found\r\
nLocation
:\
x20https
:
//:8010\r\nConnection:\x20close\
SF
:r\n\r\n
")%r(SIPOptions,42,"
HTTP/
1
\.
1
\x20302\x20Found\r\
nLocation
:\x20ht
SF
:
tps
:
//:8010\r\nConnection:\x20close\r\n\r\n");
Aggressive OS
guesses
: Linux
2.6
.
15
-
2.6
.
26
(
95%
), Linux
2.6
.
18
(
95%
), Netgear ReadyNAS Duo NAS device (RAIDiator
4.1
.
4
) (
95%
), Vyatta router (Linux
2.6
.
26
) (
94%
), Linux
2.6
.
28
(
94%
), Lexmark Z2400 printer (
93%
), Linux
2.6
.
16
-
2.6
.
28
(
91%
), Linux
3.2
(
91%
), Linux
3.2
.
0
(
90%
), Cisco Unified Communications Manager VoIP adapter (
90%
)
No exact OS matches for host (test conditions non-ideal).
Network
Distance
:
1
hop
Service
Info
:
OSs
: Unix, Red Hat Enterprise Linux;
Device
: firewall;
CPE
:
cpe
:/
o
:
redhat
:enterprise_linux
TRACEROUTE (using port
113
/tcp)
HOP RTT ADDRESS
1
0.33
ms lin9.nictr.com (
93.187
.
204.153
)
OS
and
Service detection performed. Please report any incorrect results at
http
:
//nmap.org/submit/ .
Nmap
done
:
1
IP address (
1
host up) scanned in
152.10
seconds
Также там показаны ключи SSH. Они мне как то могут помочь?
source:
Starting
Nmap
6.25
(
http
:
//nmap.org ) at 2013-08-13 13:00 UTC
Nmap scan report for lin9.nictr.com (
93.187
.
204.153
)
Host is up (
0.0023s
latency).
Not
shown
:
982
closed ports
PORT STATE SERVICE VERSION
21
/tcp open ftp ProFTPD
1.3
.
3
c
22
/tcp open ssh OpenSSH
4.3
(protocol
2.0
)
|
ssh-hostkey
:
1024
b8
:
a4
:
15
:
73
:
00
:
b2
:
e8
:
c1
:
19
:
9
d
:
1
f
:
a6
:
3
d
:
8
e
:
d7
:ce (DSA)
|_2048
67
:
fe
:
74
:
41
:
06
:
a2
:
b6
:
ab
:
8
f
:
d7
:
3
e
:
12
:
3
e
:
2
e
:
68
:
9
c (RSA)
25
/tcp open smtp Exim smtpd
4.77
|
smtp-commands
: lin9.nictr.com Hello lin9.nictr.com [
82.222
.
164.91
], SIZE
20971520
, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
|_ Commands
supported
: AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
|
_ssl-cert
:
ERROR
: Script execution failed (use -d to debug)
|
_ssl-date
:
2013
-08-13T12
:
54
:
16
+
00
:
00
; -
8
m27s from local time.
53
/tcp open domain ISC BIND
9.3
.
6
-
20
.P1.el5_8.
5
|
dns-nsid
:
|_ bind.
version
:
9.3
.
6
-P1-RedHat-
9.3
.
6
-
20
.P1.el5_8.
5
80
/tcp open http Apache httpd
2
|
_http-title
: Site doesn't have a title (text/html).
110
/tcp open pop3 Dovecot DirectAdmin pop3d
|
_pop3-capabilities
:
SASL
(PLAIN) USER STLS RESP-CODES CAPA UIDL
111
/tcp open rpcbind
2
(RPC
#100000
)
|
rpcinfo
:
| program version port/proto service
|
100000
2
111
/tcp rpcbind
|
100000
2
111
/udp rpcbind
|
100024
1
915
/udp status
|_
100024
1
918
/tcp status
119
/tcp open tcpwrapped
143
/tcp open imap Dovecot imapd
|
_imap-capabilities
: ENABLE IMAP4rev1 more have Pre-login SASL-IR post-login listed capabilities LITERAL+ ID OK AUTH=PLAINA0001 STARTTLS LOGIN-REFERRALS IDLE
443
/tcp open ssl/http Apache httpd
2
|
_http-title
: Site doesn't have a title (text/html).
|
_ssl-cert
:
ERROR
: Script execution failed (use -d to debug)
|
_ssl-date
:
2013
-08-13T12
:
54
:
14
+
00
:
00
; -
8
m26s from local time.
465
/tcp open ssl/smtps?
|
_smtp-commands
: Couldn't establish connection on port
465
|
_ssl-date
:
2013
-08-13T13
:
02
:
46
+
00
:
00
; +
4s
from local time.
587
/tcp open smtp Exim smtpd
4.77
|
smtp-commands
: lin9.nictr.com Hello lin9.nictr.com [
82.222
.
164.91
], SIZE
20971520
, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
|_ Commands
supported
: AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
|
_ssl-cert
:
ERROR
: Script execution failed (use -d to debug)
|
_ssl-date
:
2013
-08-13T12
:
54
:
15
+
00
:
00
; -
8
m27s from local time.
993
/tcp open ssl/imaps?
|
_ssl-date
:
2013
-08-13T13
:
02
:
44
+
00
:
00
; +
3s
from local time.
995
/tcp open pop3s?
|
_ssl-date
:
2013
-08-13T13
:
02
:
44
+
00
:
00
; +
3s
from local time.
2222
/tcp open hbase-master Apache Hadoop Hbase
1.43
.
0
(Registered to Nictr Internet Tescil)
|
flume-master-info
:
| Flume
nodes
:
| Zookeeper
Master
:
| Hbase Master
Master
:
|
Enviroment
:
|_
Config
:
|
_http-git
:
0
|
_http-methods
: No Allow or Public header in OPTIONS response (status code
404
)
|
_http-title
: DirectAdmin Login
3306
/tcp open mysql MySQL (unauthorized)
8008
/tcp open http?
|
_http-methods
: No Allow or Public header in OPTIONS response (status code
302
)
|
_http-title
: Did
not
follow redirect to
https
:
//lin9.nictr.com:8010/
8010
/tcp open ssl/hadoop-jobtracker Apache Hadoop
|
flume-master-info
:
| Flume
nodes
:
| Zookeeper
Master
:
| Hbase Master
Master
:
|
Enviroment
:
|_
Config
:
|
_http-git
:
0
|
_http-methods
: No Allow or Public header in OPTIONS response (status code
200
)
|
_http-title
: Web Filter Block Override
|
ssl-cert
:
Subject
: commonName=Fortigate/organizationName=Fortinet/stateOrProvinceName=California/countryName=US
|
Not
valid
before
:
2006
-01-27T19
:
44
:
14
+
00
:
00
|_Not valid
after
:
2026
-03-13T19
:
44
:
14
+
00
:
00
|
_ssl-date
:
2013
-08-13T13
:
02
:
44
+
00
:
00
; +
3s
from local time.
|
_sslv2
: server still supports SSLv2
1
service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at
http
:
//www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port8008-TCP
:V=
6.25%
I=
7%
D=
8
/
13%
Time=
520
A2E00%P=i686-pc-linux-gnu%
r
(GetR
SF
:equest,
43
,"HTTP/
1
\.
1
\x20302\x20Found\r\
nLocation
:\
x20https
:
//:8010/\r\n
SF
:
Connection
:\x20close\r\n\r\n
")%r(FourOhFourRequest,66,"
HTTP/
1
\.
1
\x20302
SF
:\x20Found\r\
nLocation
:\
x20https
:
//:8010/nice%20ports%2C/Tri%6Eity\.txt%
SF
:
2
ebak\r\
nConnection
:\x20close\r\n\r\n
")%r(GenericLines,42,"
HTTP/
1
\.
1
\x2
SF
:
0302
\x20Found\r\
nLocation
:\
x20https
:
//:8010\r\nConnection:\x20close\r\n
SF
:\r\n
")%r(HTTPOptions,42,"
HTTP/
1
\.
1
\x20302\x20Found\r\
nLocation
:\x20http
SF
:
s
:
//:8010\r\nConnection:\x20close\r\n\r\n")%r(RTSPRequest,42,"HTTP/1\.1
SF
:\x20302\x20Found\r\
nLocation
:\
x20https
:
//:8010\r\nConnection:\x20close\
SF
:r\n\r\n
")%r(SIPOptions,42,"
HTTP/
1
\.
1
\x20302\x20Found\r\
nLocation
:\x20ht
SF
:
tps
:
//:8010\r\nConnection:\x20close\r\n\r\n");
Aggressive OS
guesses
: Linux
2.6
.
15
-
2.6
.
26
(
95%
), Linux
2.6
.
18
(
95%
), Netgear ReadyNAS Duo NAS device (RAIDiator
4.1
.
4
) (
95%
), Vyatta router (Linux
2.6
.
26
) (
94%
), Linux
2.6
.
28
(
94%
), Lexmark Z2400 printer (
93%
), Linux
2.6
.
16
-
2.6
.
28
(
91%
), Linux
3.2
(
91%
), Linux
3.2
.
0
(
90%
), Cisco Unified Communications Manager VoIP adapter (
90%
)
No exact OS matches for host (test conditions non-ideal).
Network
Distance
:
1
hop
Service
Info
:
OSs
: Unix, Red Hat Enterprise Linux;
Device
: firewall;
CPE
:
cpe
:/
o
:
redhat
:enterprise_linux
TRACEROUTE (using port
113
/tcp)
HOP RTT ADDRESS
1
0.33
ms lin9.nictr.com (
93.187
.
204.153
)
OS
and
Service detection performed. Please report any incorrect results at
http
:
//nmap.org/submit/ .
Nmap
done
:
1
IP address (
1
host up) scanned in
152.10
seconds