Tanya 69 : Mengenal Perangkat Lunak Information Gathering (3) – nmap

Tanya :
Bahasan ini merupakan bagian dari kategori Hacking yang merupakan bagian dari rencana pengembangan tulisan di blog ini
Jawab :

Kali ini kita lanjutkan bahasan tentang Perangkat Lunak yang berfungsi sebagai Information Gathering Tools. Setelah dua sebelumnya p0f dan dmitry. Walaupun masuk dalam bahasan tentang backtrack, tapi nmap juga tersedia di repository ubuntu standar.
Di Ubuntu nmap dapat langsung diinstal dengan mudah :

sudo apt-get install nmap

Dua perangkat lunak Information Gathering sebelumnya kita bahas di :

.
Nmap (“Network Mapper”) adalah perangkat yang bebas dan open source untuk eksplorasi jaringan dan audit security. Banyak sistem dan admin jaringan menggunakannya untuk berbagai hal penting semacam inventory jaringan, mengatur jadwal upgrade layanan dan monitoring host atau service uptime.
Nmap menggunakan paket raw IP dengan cara tertentu untuk menentukan hosts yang tersedia di jaringan, layanan apa (nama dan versi aplikasi) yang disediakan oleh host tersebut, apa sistem operasi (dan versi) yang ia jalankan, apa tipe filter/firewall paket yang digunakan, dan banyak lagi karakteristik lainnya.
Nmap dirancang untuk dapat memindai jaringan yang besar, tetapi juga dapat bekerja baik di host tunggal.
Nmap dapat dijalankan di kebanyakan sistem operasi, baik dalam bentuk consol (terminal) maupun GUI.
Salah satu contoh penggunaan nmap dan hasil keluarannya tampak seperti ini :

root@henny-M540SR:/home/henny# nmap -sS -A -T4 -v 118.97.186.115
Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-15 06:40 WIT
 NSE: Loaded 36 scripts for scanning.
 Initiating Ping Scan at 06:40
 Scanning 118.97.186.115 [4 ports]
 Completed Ping Scan at 06:40, 0.50s elapsed (1 total hosts)
 Initiating Parallel DNS resolution of 1 host. at 06:40
 Completed Parallel DNS resolution of 1 host. at 06:40, 2.47s elapsed
 Initiating SYN Stealth Scan at 06:40
 Scanning 115.subnet118-97-186.astinet.telkom.net.id (118.97.186.115) [1000 ports]
 Discovered open port 25/tcp on 118.97.186.115
 Discovered open port 22/tcp on 118.97.186.115
 Discovered open port 3306/tcp on 118.97.186.115
 Increasing send delay for 118.97.186.115 from 0 to 5 due to 11 out of 21 dropped probes since last increase.
 Discovered open port 80/tcp on 118.97.186.115
 Increasing send delay for 118.97.186.115 from 5 to 10 due to max_successful_tryno increase to 5
 SYN Stealth Scan Timing: About 17.26% done; ETC: 06:43 (0:02:29 remaining)
 Warning: 118.97.186.115 giving up on port because retransmission cap hit (6).
 SYN Stealth Scan Timing: About 24.97% done; ETC: 06:44 (0:03:06 remaining)
 SYN Stealth Scan Timing: About 29.27% done; ETC: 06:45 (0:03:42 remaining)
 SYN Stealth Scan Timing: About 36.50% done; ETC: 06:46 (0:03:58 remaining)
 SYN Stealth Scan Timing: About 41.99% done; ETC: 06:48 (0:04:20 remaining)
 SYN Stealth Scan Timing: About 52.97% done; ETC: 06:49 (0:03:56 remaining)
 SYN Stealth Scan Timing: About 61.34% done; ETC: 06:49 (0:03:27 remaining)
 SYN Stealth Scan Timing: About 69.90% done; ETC: 06:49 (0:02:35 remaining)
 SYN Stealth Scan Timing: About 75.70% done; ETC: 06:49 (0:02:08 remaining)
 SYN Stealth Scan Timing: About 82.10% done; ETC: 06:49 (0:01:35 remaining)
 SYN Stealth Scan Timing: About 87.63% done; ETC: 06:49 (0:01:06 remaining)
 SYN Stealth Scan Timing: About 92.97% done; ETC: 06:49 (0:00:38 remaining)
 Completed SYN Stealth Scan at 06:54, 810.29s elapsed (1000 total ports)
 Initiating Service scan at 06:54
 Scanning 4 services on 115.subnet118-97-186.astinet.telkom.net.id (118.97.186.115)
 Completed Service scan at 06:54, 12.05s elapsed (4 services on 1 host)
 Initiating OS detection (try #1) against 115.subnet118-97-186.astinet.telkom.net.id (118.97.186.115)
 Retrying OS detection (try #2) against 115.subnet118-97-186.astinet.telkom.net.id (118.97.186.115)
 Initiating Traceroute at 06:56
 Completed Traceroute at 06:56, 3.31s elapsed
 Initiating Parallel DNS resolution of 8 hosts. at 06:56
 Completed Parallel DNS resolution of 8 hosts. at 06:56, 5.32s elapsed
 NSE: Script scanning 118.97.186.115.
 NSE: Starting runlevel 1 (of 1) scan.
 Initiating NSE at 06:56
 Completed NSE at 06:56, 37.29s elapsed
 NSE: Script Scanning completed.
 Nmap scan report for 115.subnet118-97-186.astinet.telkom.net.id (118.97.186.115)
 Host is up (2.4s latency).
 Not shown: 996 closed ports
 PORT STATE SERVICE VERSION
 22/tcp open ssh OpenSSH 5.2p1 (FreeBSD 20090522; protocol 2.0)
 | ssh-hostkey: 1024 73:ee:94:f8:33:66:bf:d6:ec:0d:52:eb:f5:87:67:13 (DSA)
 |_2048 7d:6a:00:8c:d5:21:db:ec:08:ad:f7:d2:56:54:5d:35 (RSA)
 25/tcp open smtp?
 80/tcp open http Apache httpd 2.2.16 ((FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8k DAV/2 PHP/5.2.14 with Suhosin-Patch)
 | html-title: UNIVERSITAS PENDIDIKAN INDONESIA |_ LEADING AND OUTSTANDING
 3306/tcp open mysql MySQL (unauthorized)
 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
 SF-Port25-TCP:V=5.21%I=7%D=4/15%Time=4DA78925%P=i686-pc-linux-gnu%r(NULL,4
 SF:1,"421\x20service\x20not\x20available\x20\(connection\x20refused,\x20ge
 SF:neric\x20failure\)\r\n")%r(HTTPOptions,41,"421\x20service\x20not\x20ava
 SF:ilable\x20\(connection\x20refused,\x20generic\x20failure\)\r\n")%r(RPCC
 SF:heck,41,"421\x20service\x20not\x20available\x20\(connection\x20refused,
 SF:\x20generic\x20failure\)\r\n")%r(DNSStatusRequest,41,"421\x20service\x2
 SF:0not\x20available\x20\(connection\x20refused,\x20generic\x20failure\)\r
 SF:\n")%r(SSLSessionReq,1F,"452\x20syntax\x20error\x20\(connecting\)\r\n")
 SF:%r(SMBProgNeg,41,"421\x20service\x20not\x20available\x20\(connection\x2
 SF:0refused,\x20generic\x20failure\)\r\n")%r(X11Probe,41,"421\x20service\x
 SF:20not\x20available\x20\(connection\x20refused,\x20generic\x20failure\)\
 SF:r\n")%r(FourOhFourRequest,3E,"452\x20syntax\x20error\x20\(connecting\)\
 SF:r\n452\x20syntax\x20error\x20\(connecting\)\r\n")%r(LDAPBindReq,41,"421
 SF:\x20service\x20not\x20available\x20\(connection\x20refused,\x20generic\
 SF:x20failure\)\r\n")%r(SIPOptions,41,"421\x20service\x20not\x20available\
 SF:x20\(connection\x20refused,\x20generic\x20failure\)\r\n")%r(TerminalSer
 SF:ver,41,"421\x20service\x20not\x20available\x20\(connection\x20refused,\
 SF:x20generic\x20failure\)\r\n")%r(NCP,41,"421\x20service\x20not\x20availa
 SF:ble\x20\(connection\x20refused,\x20generic\x20failure\)\r\n")%r(WMSRequ
 SF:est,41,"421\x20service\x20not\x20available\x20\(connection\x20refused,\
 SF:x20generic\x20failure\)\r\n");
 Device type: general purpose|firewall
 Running (JUST GUESSING) : FreeBSD 7.X (96%), OpenBSD 4.X (89%), m0n0wall FreeBSD 6.X (87%), Apple Mac OS X 10.5.X (87%)
 Aggressive OS guesses: FreeBSD 7.0-STABLE (96%), FreeBSD 7.1-PRERELEASE 7.2-STABLE (96%), FreeBSD 7.0-RELEASE (95%), FreeBSD 7.0-RELEASE-p5 (93%), FreeBSD 7.0-RELEASE - 7.2-RELEASE (93%), FreeBSD 7.0-RC1 (91%), FreeBSD 7.1-RELEASE (91%), FreeBSD 7.2-RELEASE (89%), OpenBSD 4.0 (89%), OpenBSD 4.1 - 4.3 (89%)
 No exact OS matches for host (test conditions non-ideal).
 Uptime guess: 0.001 days (since Fri Apr 15 06:55:15 2011)
 Network Distance: 11 hops
 TCP Sequence Prediction: Difficulty=228 (Good luck!)
 IP ID Sequence Generation: Randomized
 Service Info: OS: FreeBSD
TRACEROUTE (using port 199/tcp)
 HOP RTT ADDRESS
 1 118.38 ms 192.168.16.3
 2 118.41 ms 192.168.16.1
 3 118.49 ms 192.168.9.49
 4 98.47 ms 192.168.110.19
 5 317.42 ms 192.168.110.19
 6 317.37 ms 192.168.9.49
 7 703.36 ms 192.168.10.2
 8 703.38 ms 114.127.253.126
 9 1003.27 ms 114.127.254.10
 10 ...
 11 1202.31 ms 115.subnet118-97-186.astinet.telkom.net.id (118.97.186.115)
Read data files from: /usr/share/nmap
 OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
 Nmap done: 1 IP address (1 host up) scanned in 969.29 seconds
 Raw packets sent: 4955 (223.692KB) | Rcvd: 4428 (183.332KB)

1 Trackback / Pingback

  1. Tanya 101 : Mengenal Perangkat Lunak di BackTrack (4) – metagoofil « Tanya Reza Ervani Tentang LINUX

Leave a Reply

Your email address will not be published.


*