Hlavní navigace

Vlákno názorů k článku Sbíráme otisky: aktivní Nmap a Xprobe2 od Vlada - Nejak si tim xprobe2 nejsem jisty. Zkousel jsem...

  • Článek je starý, nové názory již nelze přidávat.
  • 16. 3. 2006 11:52

    Vlada (neregistrovaný)
    Nejak si tim xprobe2 nejsem jisty. Zkousel jsem ho na svem domacim debianovem serveriku a misto, aby urcil jadro verze 2.4.xx, tak vyhodil:
    [+] Host 127.0.0.1 Running OS: "Linux Kernel 2.6.10" (Guess probability: 74%)
    [+] Other guesses:
    [+] Host 127.0.0.1 Running OS: "Linux Kernel 2.6.9" (Guess probability: 74%)
    [+] Host 127.0.0.1 Running OS: "Linux Kernel 2.6.8" (Guess probability: 74%)
    [+] Host 127.0.0.1 Running OS: "Linux Kernel 2.6.7" (Guess probability: 74%)
    [+] Host 127.0.0.1 Running OS: "Linux Kernel 2.6.6" (Guess probability: 74%)
    [+] Host 127.0.0.1 Running OS: "Linux Kernel 2.6.5" (Guess probability: 74%)
    [+] Host 127.0.0.1 Running OS: "Linux Kernel 2.6.4" (Guess probability: 74%)
    [+] Host 127.0.0.1 Running OS: "Linux Kernel 2.6.3" (Guess probability: 74%)
    [+] Host 127.0.0.1 Running OS: "Linux Kernel 2.6.2" (Guess probability: 74%)
    [+] Host 127.0.0.1 Running OS: "Linux Kernel 2.6.1" (Guess probability: 74%)

    To mi prijde jako hodne nepresne, a kdyz vemu v potaz, ze jsem rozhodne neprovadel nejaka maskovaci opatreni systemu, tak to vyvolava i jistou neduveryhodnost pro dalsi pouziti. Na druhou stranu je pravda, ze nemam pootevyranych prilis portu (pouze ssh, http, https, rcpbind, smux, ipp), tudiz detekcni moznosti jsou krapet omezene ...
  • 17. 3. 2006 7:52

    bez přezdívky
    .. ale jeho analýzy jsou tak akorát pro kočku :

    a) příklad č.1

    xprobe2 :
    [+] Primary guess:
    [+] Host 192.168.x.x Running OS: "NetBSD 1.6.1" (Guess probability: 96%)
    [+] Other guesses:
    [+] Host 192.168.x.x Running OS: "NetBSD 1.6.2" (Guess probability: 96%)
    [+] Host 192.168.x.x Running OS: "NetBSD 2.0" (Guess probability: 96%)
    [+] Host 192.168.x.x Running OS: "Linux Kernel 2.0.30" (Guess probability: 96%)
    [+] Host 192.168.x.x Running OS: "Linux Kernel 2.0.34" (Guess probability: 96%)
    [+] Host 192.168.x.x Running OS: "Foundry Networks IronWare Version 03.0.01eTc1" (Guess probability: 96%)
    [+] Host 192.168.x.x Running OS: "Foundry Networks IronWare Version 07.5.04T53" (Guess probability: 96%)
    [+] Host 192.168.x.x Running OS: "Foundry Networks IronWare Version 07.5.05KT53" (Guess probability: 96%)
    [+] Host 192.168.x.x Running OS: "Foundry Networks IronWare 07.6.01BT51" (Guess probability: 96%)
    [+] Host 192.168.x.x Running OS: "Foundry Networks IronWare 07.6.04aT51" (Guess probability: 96%)

    nmap :
    Running: IBM OS/390 V5, IBM OS/400 V5
    OS details: IBM OS/390 V5R0M0, IBM OS/400 V5R1 - V5R2

    b) příklad č.2

    xprobe2 :
    [+] Primary guess:
    [+] Host 192.168.x.x Running OS: "FreeBSD 4.3" (Guess probability: 100%)
    [+] Other guesses:
    [+] Host 192.168.x.x Running OS: "FreeBSD 4.2" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "FreeBSD 4.1.1" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "NetBSD 1.5.3" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "NetBSD 1.5.2" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "NetBSD 1.5.1" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "NetBSD 1.5" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "NetBSD 1.4.3" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "NetBSD 1.4.2" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "NetBSD 1.4.1" (Guess probability: 100%)

    nmap :
    Running: HP HP-UX 10.X
    OS details: HP-UX 10.20 E 9000/777 or A 712/60 with tcp_random_seq = 0


    c) příklad č.3 :

    xprobe2 :
    [+] Primary guess:
    [+] Host 192.168.x.x Running OS: "NetBSD 1.4" (Guess probability: 100%)
    [+] Other guesses:
    [+] Host 192.168.x.x Running OS: "NetBSD 1.4.1" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "NetBSD 1.4.2" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "NetBSD 1.4.3" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "NetBSD 1.5" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "NetBSD 1.5.1" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "NetBSD 1.5.2" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "NetBSD 1.5.3" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "FreeBSD 4.1.1" (Guess probability: 100%)
    [+] Host 192.168.x.x Running OS: "FreeBSD 4.2" (Guess probability: 100%)


    nmap :
    Running: Secure Computing embedded
    OS details: Secure Computing Sidewinder firewall 5.2.1.06


    d) Příklad č. 4

    xprobe2 :
    [+] Primary guess:
    [+] Host 192.168.x.x Running OS: "HP JetDirect ROM H.07.15 EEPROM H.08.20" (Guess probability: 92%)
    [+] Other guesses:
    [+] Host 192.168.x.x Running OS: "HP JetDirect ROM G.08.21 EEPROM G.08.21" (Guess probability: 92%)
    [+] Host 192.168.x.x Running OS: "HP JetDirect ROM G.08.08 EEPROM G.08.04" (Guess probability: 92%)
    [+] Host 192.168.x.x Running OS: "HP JetDirect ROM G.07.19 EEPROM G.08.04" (Guess probability: 92%)
    [+] Host 192.168.x.x Running OS: "HP JetDirect ROM G.07.19 EEPROM G.08.03" (Guess probability: 92%)
    [+] Host 192.168.x.x Running OS: "HP JetDirect ROM G.07.19 EEPROM G.07.20" (Guess probability: 92%)
    [+] Host 192.168.x.x Running OS: "HP JetDirect ROM G.07.02 EEPROM G.08.04" (Guess probability: 92%)
    [+] Host 192.168.x.x Running OS: "HP JetDirect ROM G.07.02 EEPROM G.07.20" (Guess probability: 92%)
    [+] Host 192.168.x.x Running OS: "HP JetDirect ROM G.07.02 EEPROM G.07.17" (Guess probability: 92%)
    [+] Host 192.168.x.x Running OS: "HP JetDirect ROM G.06.00 EEPROM G.06.00" (Guess probability: 92%)

    nmap :
    Running: 3Com embedded
    OS details: 3Com Netbuilder Remote Office 222 (ESPL-310), Version 10.1 (SW/NBRO-AB,10.1), 3Com Netbuilder Remote Office 222 router


    e) příklad č.5

    xprobe2 :
    [+] Running scan engine
    [-] ping:tcp_ping module: no closed/open TCP ports known on 192.168.x.x. Module test failed
    [-] ping:udp_ping module: no closed/open UDP ports known on 192.168.x.x. Module test failed
    [-] No distance calculation. 192.168.x.x appears to be dead or no ports known
    [+] Host: 192.168.x.x is down (Guess probability: 0%)
    [+] Cleaning up scan engine

    nmap :
    Running: Microsoft Windows 95/98/ME|NT/2K/XP, Turtle Beach embedded
    OS details: Microsoft Windows 98SE 4.10.2222, Microsoft Windows NT 3.51 SP5, NT 4.0 or 95/98/98SE, Turtle Beach AudioTron 100 network MP3 player or Microsoft Windows 98SE


    Zkuste hádat který z nich se víckrát trefil. Malá nápověda - skóre je 5:0 )v pátém příkladu jde o Win98SE, což se dá u nmap-u akceptovat).
  • 17. 3. 2006 14:41

    anonymní
    "Analyza dokazala hovno"