Home page logo
/

basics logo Security Basics mailing list archives

Re: help interpreting the nmap output
From: Corey LeBleu <coreylebleu () gmail com>
Date: Thu, 16 Dec 2004 16:53:23 -0600

Also for SSL connections you could use SSLProxy as, well, a proxy for
the connection and then use telnet or netcat. SSLProxy does run on
Windows and it's simple to use.

Corey


On Thu, 16 Dec 2004 16:51:50 -0600, Corey LeBleu <coreylebleu () gmail com> wrote:
The question mark means that nmap isn't sure if it really is that
service running on that port ...............so it usually indicates
the default service running on that port.  I recommend the tool amap
www.thc.org to identify if it is the correct service.  Unfortunately
amap only runs on Unix-based operating systems.  I just found out
about the tool and really like it so far.  Or, like previously stated,
you could use telnet or netcat to try to communicate with it manually.
Hope this helps.


Corey


On Wed, 15 Dec 2004 14:39:40 +0100, miguel.dilaj () pharma novartis com
<miguel.dilaj () pharma novartis com> wrote:
Hi Ivan,

What tool are you using to try to connect? If you were using telnet, try
netcat to establish a raw connection instead.
As for the Apache question:

$ nc -vv 192.xxx.yyy.zzz 80
www.xxxxxxxxxxxxxxxxxx.net [192.xxx.yyy.zzz] 80 (http) open
HEAD / HTTP/1.1
Host: www.xxxxxxxxxxxxxxx.net
[PRESS ENTER TWICE]

HTTP/1.1 200 OK
Date: Wed, 15 Dec 2004 13:35:21 GMT
Server: Apache/1.3.27 (Unix)
Content-Type: text/html
[PRESS CTRL-C TO STOP]

So basically you connect to port 80 of the host, after successful
connection type "HEAD / HTTP/1.1", press ENTER, type "Host: {name of the
website}", press ENTER twice. If everything is OK you'll get a nice banner
from the server.
You can try the above. Remember that's possible to tweak Apache in order
NOT to show the version.
Cheers,

Miguel Dilaj (Nekromancer)
Vice-President of IT Security Research, OISSG

"Ivan Fratric" <hacky_2001 () hotmail com>
14/12/2004 18:43

       To:     security-basics () securityfocus com
       cc:     (bcc: Miguel Dilaj/PH/Novartis)
       Subject:        help interpreting the nmap output


Hi,

I'm running nmap on Windows XP. Normally, it works fine (when I use it to
scan a computer for which I know what services it's running) and returns
detailed info on the services installed.
However, I tried to run it on a web server on the Internet and I have
trouble getting all the info.
Using -A -T4 options on a server and I receive the following reply

{snip}

So, why the question marks next to the open protocols? Next I tried
connecting to the telnet and ftp, but I get disconnected straight away. So
I
tried to get more info on the http and https by calling nmap with -sV -p
80
or -sV -p 443 options. Since it's a web server it is certainly running
those
services. I get something like

80/tcp    open   Apache httpd

Anyway, no sign of the Apache version. So, how can I find out what version

of the Apache a server is running? What is the best way to proceed from
here? TIA

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.com/





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault