Basics information gathering using Nmap

Hi, I will show you how to use the Nmap application when I try to scan http://www.is2c-dojo.com. As we know that Nmap is an application used to perform port scannning. In Backtrack you are able to run nmap through terminal or GUI (zenmap). So we will try to find out what services are running on this webiste, so make sure you are connected to the internet. Ok, in Backtrack,  Open Terminal and type the following command: 

root@bt:~# nmap -v -A www.is2c-dojo.com  <press enter>

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-09-08 04:58 WIT
NSE: Loaded 87 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 04:58
Scanning www.is2c-dojo.com (108.162.199.80) [4 ports]
Completed Ping Scan at 04:58, 0.09s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 04:58
Completed Parallel DNS resolution of 1 host. at 04:58, 0.42s elapsed
Initiating SYN Stealth Scan at 04:58
Scanning www.is2c-dojo.com (108.162.199.80) [1000 ports]
Discovered open port 80/tcp on 108.162.199.80
Discovered open port 8080/tcp on 108.162.199.80
SYN Stealth Scan Timing: About 44.30% done; ETC: 04:59 (0:00:39 remaining)
Increasing send delay for 108.162.199.80 from 0 to 5 due to 11 out of 18 dropped probes since last increase.
Increasing send delay for 108.162.199.80 from 5 to 10 due to 11 out of 13 dropped probes since last increase.
Completed SYN Stealth Scan at 04:59, 77.32s elapsed (1000 total ports)
Initiating Service scan at 04:59
Scanning 2 services on www.is2c-dojo.com (108.162.199.80)
Completed Service scan at 04:59, 5.00s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against www.is2c-dojo.com (108.162.199.80)
Retrying OS detection (try #2) against www.is2c-dojo.com (108.162.199.80)
NSE: Script scanning 108.162.199.80.
Initiating NSE at 04:59
Completed NSE at 05:01, 84.00s elapsed
Nmap scan report for www.is2c-dojo.com (108.162.199.80)
Host is up (0.091s latency).
Other addresses for www.is2c-dojo.com (not scanned): 108.162.199.180
Not shown: 997 filtered ports
PORT     STATE  SERVICE     VERSION
80/tcp   open   http?
| http-robots.txt: 1 disallowed entry
|_/
|_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
|_http-methods: No Allow or Public header in OPTIONS response (status code 301)
| http-title: IS2C | Information Security Shinobi Camp
|_Requested resource was http://is2c-dojo.com/
443/tcp  closed https
8080/tcp open   http-proxy?
Aggressive OS guesses: Check Point ZoneAlarm Z100G firewall (97%), Linux 2.6.36 (97%), Check Point UTM-1 Edge X firewall (97%), DD-WRT v23 (Linux 2.4.34) (97%), Linux 2.6.23 (97%), Linux 2.6.32 (97%), Sun Solaris 10 (97%), Sun Solaris 10 (SPARC) (97%), Actiontec GT701 DSL modem (96%), Linux 2.6.31 (96%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 2.906 days (since Wed Sep  5 07:16:01 2012)
TCP Sequence Prediction: Difficulty=206 (Good luck!)
IP ID Sequence Generation: All zeros

TRACEROUTE
HOP RTT      ADDRESS
1   90.56 ms 108.162.199.80

NSE: Script Post-scanning.
Read data files from: /usr/local/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 174.81 seconds
           Raw packets sent: 2140 (99.110KB) | Rcvd: 24 (1.266KB)
After, we are done scanning the above we can see that this website has the following information :

• The site has an IP address of 108.162.199.80 
• Open port 80 and 8080, http port.
• Port 443 (https) closed
• This web server is likely to have a Linux operating system and sun solaris.

Ok, from the following information:


No exact OS matches for host (test conditions non-ideal)

we know that Nmap is still not able to detect the OS on a www.is2c-dojo.com.

Ok, thank u and see u soon.

by scx020c07d :)