My switch is a TP-Link TL-SG105E perfectly function, but I can’t access to it because, it’s like hidden somehow from the network. I used tools like Netdiscover:
netdiscover -I wlp2s0 -r 192.168.0.0/24
nmap -PR 192.168.1.0/24 nmap -SP 192.168.1.0/24
and I tried to find it via open port 80
nmap -p 80 192.168.1.0/24
And many other tests. All of them gave me the same result but not my switch IP or mac address. I’m wondering how it is possible that a fully functional device which previously could identify even the operating system now can’t find it on the network and still work without responding to the ARP ICMP HTTP protocols. It’s not even listed in Router’s DHCP address table. How can it still work? And how can it not be found after scanning the network? And for those who wonder, I hit the reset button and it’s still the same.
Thank you all for your time.
It shows that the ssh port of my metasploitable is open. but when I execute ssh-brute.nse script it doesn’t run. 192.168.0.107 is my metasploitable.
IF after that i use -d to debug I get this error can’t execute any other script also pls help I am just a beginner
I did a SYN scan (
-sS) on a large scope, and now I want to execute a script scan (
-sC) on the open ports from the previous SYN scan results. I have results in all formats.
Is there a way to do this without having nmap re-scanning the whole scope?
I’m doing a nmap scan to my own machine to my own machine. First of all I set the port 333 to listen with this command
sudo nc -lvnp 333
On the other terminal I run
sudo nmap -O -sV -p 0-65535 IP where IP is my local IP. The result I got on the nmap terminal is this one:
But on the terminal where I opened the port, the process finishes and I have this message:
root@kali:~$ sudo nc -lvnp 333 listening on [any] 333 ... connect to [IP] from (UNKNOWN) [IP] 47462
I got curious and I tried to do the same thing with proxychain just to check which IP would appear, so I run
sudo proxychains nmap -O -sV -p 0-65535 IP
The result on the nmap terminal was different I guessed because the limitations of nmap through proxy I read in other places:
But when I checked on the nc terminal the process didn’t finish and it doesn’t seem that noticed some scan was checking that port. Which is the reason that with proxychains the scan was stealthy?
After scanning my local network with
nmap, this host shows up listed as a
nmap result but it is the only host that shows on
nmap that is not listed as a client on my router list of connected devices.
❯ nmap 192.168.0.xxx -A Starting Nmap 7.80 ( https://nmap.org ) at 2020-04-21 14:33 -03 Nmap scan report for 192.168.0.xxx Host is up (0.0056s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 6666/tcp open upnp MiniUPnP 1.6 (Linksys/Belkin WiFi range extender; SDK 188.8.131.52; UPnP 1.0; MTK 2.001) |_irc-info: Unable to open connection 8888/tcp open upnp MiniUPnP 1.6 (Linksys/Belkin WiFi range extender; SDK 184.108.40.206; UPnP 1.0; MTK 2.001) Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 37.47 seconds
What exactly about this host might be causing it to show on
nmap in my local network if its not connected to my router?
I was following this Lynda course.
The instructor used this script to detect the OS of the target system.
nmap --script /usr/share/nmap/scripts/smb-os-discovery.nse 192.168.56.3
I have a OWASP box vm and Kali Linux running in a host only network in VirtualBox.
192.168.56.3 is the IP of OWASP. I’m running the above command from the Kali linux.
The output is
Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-21 01:00 CDT mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers Nmap scan report for 192.168.56.3 Host is up (0.00045s latency). Not shown: 991 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 139/tcp open netbios-ssn 143/tcp open imap 443/tcp open https 445/tcp open microsoft-ds 5001/tcp open commplex-link 8080/tcp open http-proxy 8081/tcp open blackice-icecap MAC Address: 08:00:27:FE:F6:AC (Oracle VirtualBox virtual NIC)
A port scan is done but the OS detection part in the script is not performed.
For example this is the output shown in the tutorial
I have an Android device that runs Android9 and also another Android device that runs Android6 on it. I shared Android9’s internet to Android6 through a wifi connection. Then I shared the Android6’s internet to my computer (runs linux) through
USB Tethering option. Then on my computer, I run the command
sudo nmap -sn <my_network_address>
It only showed my Android6’s ip address and my computer’s ip address. It does not show my Android9 on that list.
I want to know why do this happen.
Thanks in advance.
I tried to use nmap in my computer and saw that nmap cant find nothing for my local computer ip(even that HTTPS absolutely open).
But when I tried to scan nmap with range of IP’s I saw that the only open port’s nmap found was on the default gateway ip.
Why is that?(cant find nothing on the web).
edit: I have been asked to give exampale.
so lets say my default getway(router) ip its 220.127.116.11 and my first computer local ip is 18.104.22.168 and my second computer loacl ip is 22.214.171.124
when I try nmap(with different parameters) on 126.96.36.199 or 188.8.131.52 I dont getting any open port(“all 1000 ports are closed”)
but when I try nmap on 184.108.40.206 I am getting 12 open ports(that I belive open on my first or second computer).
I have a strange situation. My scanning machine is on networkA and target is on networkB. Those networks are managed by IP pools in cisco ASA.
When I nmap the target with
-Pn -sS --reason, I get as results the following:
Host is up ; port is filtered ; reason = no-response
What doesn’t make sense is
Host is up. It should not be there since there is no routing between those pools.
What do you think of that?
I’m testing this decoy feature from nmap, and pretend to be a bad guy. I will run it against my owned VM.
sudo nmap -sS -sV 220.127.116.11 -D 192.168.0.3,10.0.0.2,18.104.22.168
If I SSH into my server, wow do I see the incoming traffic into my VM (Ubuntu) during the Nmap scan ?
netstat -plant, and
iftop, not so good.