Когда я запускаю db_nmap
(или почти любой сканер: ipidseq
, syn
, arp_swepp
и т.д.) Из msfconsole
я получаю следующее:
msf > db_nmap -sS -A -v 192.168.0.13
[*] Nmap: Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2013-01-18 01:45 COT
[*] Nmap: NSE: Loaded 91 scripts for scanning.
[*] Nmap: NSE: Script Pre-scanning.
[*] Nmap: Initiating ARP Ping Scan at 01:45
[*] Nmap: Scanning 192.168.0.13 [1 port]
[*] Nmap: Completed ARP Ping Scan at 01:45, 0.44s elapsed (1 total hosts)
[*] Nmap: Nmap scan report for 192.168.0.13 [host down]
[*] Nmap: NSE: Script Post-scanning.
[*] Nmap: Read data files from: /opt/metasploit-4.5.0/common/share/nmap
[*] Nmap: Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
[*] Nmap: Nmap done: 1 IP address (0 hosts up) scanned in 2.28 seconds
[*] Nmap: Raw packets sent: 2 (56B) | Rcvd: 0 (0B)
Но затем я запускаю свое автономное приложение nmap
я получаю это
$> nmap -sS -A -v 192.168.0.13
Starting Nmap 6.00 ( http://nmap.org ) at 2013-01-18 01:54 COT
NSE: Loaded 93 scripts for scanning.
NSE: Script Pre-scanning.
Initiating ARP Ping Scan at 01:54
Scanning 192.168.0.13 [1 port]
Completed ARP Ping Scan at 01:54, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 01:54
Completed Parallel DNS resolution of 1 host. at 01:54, 0.04s elapsed
Initiating SYN Stealth Scan at 01:54
Scanning 192.168.0.13 [1000 ports]
Discovered open port 80/tcp on 192.168.0.13
Discovered open port 445/tcp on 192.168.0.13
...snip...
Completed SYN Stealth Scan at 01:54, 2.48s elapsed (1000 total ports)
Initiating Service scan at 01:54
Scanning 14 services on 192.168.0.13
Service scan Timing: About 57.14% done; ETC: 01:56 (0:00:36 remaining)
Completed Service scan at 01:56, 86.08s elapsed (14 services on 1 host)
Initiating OS detection (try #1) against 192.168.0.13
NSE: Script scanning 192.168.0.13.
Initiating NSE at 01:56
Completed NSE at 01:58, 144.42s elapsed
Nmap scan report for 192.168.0.13
Host is up (0.00086s latency).
Not shown: 986 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS httpd 8.0
| http-methods: OPTIONS TRACE GET HEAD POST
| Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Microsoft Internet Information Services 8
135/tcp open msrpc Microsoft Windows RPC
...snip...
MAC Address: 08:00:27:84:4C:73 (Cadmus Computer Systems)
Device type: general purpose
Running: Microsoft Windows 7|2008
OS CPE: cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2008::sp1
OS details: Microsoft Windows 7 or Windows Server 2008 SP1
Uptime guess: 0.023 days (since Fri Jan 18 01:24:51 2013)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=263 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_smbv2-enabled: Server supports SMBv2 protocol
| smb-security-mode:
| Account that was used for smb scripts: guest
| User-level authentication
| SMB Security: Challenge/response passwords supported
|_ Message signing disabled (dangerous, but default)
| nbstat:
| NetBIOS name: VM1, NetBIOS user: <unknown>, NetBIOS MAC: 08:00:27:84:4c:73 (Cadmus Computer Systems)
| Names
| VM1<00> Flags: <unique><active>
| VM1<20> Flags: <unique><active>
| WORKGROUP<00> Flags: <group><active>
|_ WORKGROUP<1e> Flags: <group><active>
| smb-os-discovery:
| OS: Windows 8 Pro 9200 (Windows 8 Pro 6.2)
| NetBIOS computer name: VM1
| Workgroup: WORKGROUP
|_ System time: 2013-01-18 01:56:18 UTC-8
TRACEROUTE
HOP RTT ADDRESS
1 0.86 ms 192.168.0.13
NSE: Script Post-scanning.
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at ttp://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 235.45 seconds
Raw packets sent: 1158 (51.650KB) | Rcvd: 1023 (41.838KB)
Я почти уверен, что это проблема пользователя.
Машина GUEST работает на VirtualBox и подключена через Bridge Adapter на моем интерфейсе eth0, Windows 8 Pro
Хост машина Ubuntu 12.10 x64
И я только что обновился до версии 4.5.1