Tuesday, October 19, 2010

Some example about NMAP (Nmap Scripting Engine, Conflicker, Kaspersky)


Complete Examples with Nmap Script Engine(NSE)

nmap -sC example.com 
A simple script scan using the default set of scripts.
 
nmap -sn -sC example.com
 A script scan without a port scan; only host scripts are eligible to run.
 
nmap -Pn -sn -sC example.com 
A script scan without host discovery or a port scan. All hosts are assumed up and only host scripts are eligible to run.
 
nmap --script smb-os-discovery --script-trace example.com 
Execute a specific script with script tracing.
 
nmap --script snmp-sysdescr --script-args snmpcommunity=admin example.com 
Run an individual script that takes a script argument.
 
nmap --script mycustomscripts,safe example.com 
Execute all scripts in the mycustomscripts directory as well as all scripts in the safe category.


Scan Conflicker

Use more:
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [target]
nmap -PN -T4 -p139,445 -n -v --script smb-check-vulns,smb-os-discovery --script-args safe=1 [target]

Or 
# Run the scripts against host(s) that appear to be Windows
nmap --script p2p-conficker,smb-os-discovery,smb-check-vulns --script-args safe=1 -T4 -vv -p445 [target]
nmap -sU -sS --script p2p-conficker,smb-os-discovery,smb-check-vulns --script-args safe=1 -vv -T4 -p U:137,T:139 [target]


# Run the scripts against all active hosts (recommended)
nmap -p139,445 -vv --script p2p-conficker,smb-os-discovery,smb-check-vulns --script-args=checkconficker=1,safe=1 -T4 [target]


# Run scripts against all 65535 ports (slow)
nmap --script p2p-conficker,smb-os-discovery,smb-check-vulns -p- --script-args=checkall=1,safe=1 -vv -T4 [target]


# Base checks on a different ip address (NATed)
nmap --script p2p-conficker,smb-os-discovery -p445 --script-args=realip=\"192.168.1.65\" -vv -T4 [target]
 
Nmap againts KIS, Port scan
 
First sorry, because this thread could be off topic but i dont know where to post it.
I used nmap to scan ports from work to home.
I used some different techniques to test kis firewall (6.0.2.614 build)
I was connected to home with realvnc and i disabled block ip in IDS. So 5800 and 5900 ports are detected sometimes.

When Kis feels the scan I loose the connection.
 
STEALTH MODE ON

nmap -sT -PA -PE -v -T 3 x.x.x.x 
Not shown: 1695 filtered ports
PORT STATE SERVICE
5800/tcp open vnc-http
5900/tcp open vnc
Warning yes


nmap -sF -PA -PE -v -T 3 x.x.x.x 
All 1697 scanned ports on x.x.x.x are closed
Warning no


nmap -sX -PA -PE -v -T 3 x.x.x.x 
All 1697 scanned ports on x.x.x.x are closed
Warning no


nmap -sN -PA -PE -v -T 3 x.x.x.x 
All 1697 scanned ports on x.x.x.x are closed
Warning no


nmap -sS -PA -PE -f -v -T 3 x.x.x.x 
Host seems down. If it is really up, but blocking our ping probes, try -P0
Warning no


nmap -sS -P0 -f -v -T 3 2123 x.x.x.x
All 1697 scanned ports on 212.21.239.132 are filtered
Warning no

nmap -sS -PA -PE -v -T 3 x.x.x.x 
All 1697 scanned ports on x.x.x.x are filtered
Warning yes.


nmap -sS -P0 -v -T 3 x.x.x.x 
Not shown: 1696 filtered ports
PORT STATE SERVICE
5900/tcp open vnc
Warning yes


nmap -sT -P0 -v -T 3 x.x.x.x 
All 1697 scanned ports on x.x.x.x are filtered
Warning yes


nmap -sT -P0 -v -T 2 x.x.x.x 

Discovered open port 5900/tcp on x.x.x.x
Discovered open port 5800/tcp on x.x.x.x
Completed Connect() Scan at 18:33, 1499.19s elapsed (1697 total ports)
Not shown: 1695 filtered ports 
Warning no


nmap -sT -p 1-120 -PA -PE -v -T 2 x.x.x.x 
Host x.x.x.x appears to be up ... good.
Interesting ports on x.x.x.x :
All 120 ports are filtered 
Warning no


STEALTH MODE OFF

nmap -sS -PA -PE -v -T 3 x.x.x.x 
Not shown: 1687 closed ports
PORT STATE SERVICE
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
1110/tcp open nfsd-status
3389/tcp open ms-term-serv
5800/tcp open vnc-http
5900/tcp open vnc
Warning yes


nmap -sT -PA -PE -v -T 3 x.x.x.x 
All 1697 scanned ports on x.x.x.x are filtered
Warning generic host 

nmap -sF -PA -PE -v -T 3 x.x.x.x 
All 1697 scanned ports on x.x.x.x are closed
Warning no


nmap -sX -PA -PE -v -T 3 x.x.x.x 
All 1697 scanned ports on x.x.x.x are closed
Warning no


nmap -sN -P0 -f -v -T 3 x.x.x.x 
All 1697 scanned ports on x.x.x.x are open|filtered
Warning no

nmap -sT -P0 -v -T 3 x.x.x.x 
Interesting ports on x.x.x.x :
Not shown: 1697 filtered ports
Warning no

nmap -sA -PA -PE -v -T 3 x.x.x.x
Host 212.21.239.132 appears to be up ... good.
All 1697 scanned ports on 212.21.239.132 are Unfiltered
Warning no

I want to demostrate that Kis doesnt detect some. port scans or doesnt alert me.
This is a whist for MP3 or Kis 7. I want to know or can know when somebody scan one port of my computer.

 
 
 Soure:
http://nmap.org/book/nse-usage.html
http://forum.kaspersky.com/index.php?showtopic=32947&st=0&p=292135&#entry292135
thanks!!!

And Happy Women's Day!
Health and have a fun..
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)