All Questions
14
questions
0
votes
1
answer
223
views
What is the version of the scanned OS?
I've scanned a target with metasploit scanner/smb/smb_version and nmap -O.
smb_version: Windows 2016 Standard (build:14393)
Nmap: Windows Server 2008 R2 - 2012; CPE: cpe:/o:microsoft:windows
What is ...
2
votes
0
answers
1k
views
Windows XP SP3 2002 is not vulnerable to MS08-067
Why is my VM not vulnerable to MS08-067?
There are similar question on stack exchange, yes, but they fail to specify all relevant information and so non receive a meaningful, thoughtful nor thorough ...
0
votes
1
answer
2k
views
Can I elicit responses from "any remote host" on "all protocols" if I want to?
An nmap scan of my test computer returns a result of “5357 / tcp open wsdapi”.
After some research, this is something that can be exploited.
It is explained here that:
By default, WSDAPI will listen ...
- 11
2
votes
2
answers
4k
views
The security of an SMB port exposed to the internet
I have installed a Windows machine with update 1909 (build 18363.720 (March 2020) (On which I try to find vulnerabilities with nmap), which includes smb 3.1.1 with the latest fixed bugs. I created a ...
- 121
1
vote
0
answers
497
views
Inbound rules for a port is configured and disabled yet an NMap scan shows that the port is opened
I am new to Windows Defender but have read about it to understand the basics of Inbound/Outbound rules.
As mentioned on the app, Inbound connections that do not match a rule are simply blocked.
For ...
- 11
0
votes
0
answers
767
views
How to fingerprint Windows 10 reliably?
Recently, I have been practicing penetration testing and I have come to a standstill when trying to fingerprint the OS for a Windows 10 target with nmap.
For the most part, I'm not able to identify ...
6
votes
1
answer
897
views
How can Nmap bypass Windows Server firewall rules?
I need to block all communication (inbound/outbound) from server A to server B (all ports/all protocols). Server A should communicate with every machine except server B. I can't place firewall rules ...
- 61
0
votes
2
answers
6k
views
nmap traceroute shows only one hop regardless of target
I'm using Zenmap to map out the network topology of the company I'm working in. When I ran the following command to trace how my system connects to the internet, Zenmap only shows me a single hop.
...
- 403
0
votes
1
answer
974
views
Block OS fingerprinting without using iptables?
I have a Linux machine connected to a Windows 98 PC on port 104. Now I want to block the OS fingerprinting using nmap for the windows 98 PC. I tried using iptables (blocking that particular port) but ...
- 1
1
vote
2
answers
538
views
Is a Windows (fresh installation) 7 really this safe against NMAP or am I missing something?
I am playing with NMAP in my small private network performing port scanning.
So far I went through scanning the following OSs (Unaltered new installations - Meaning no extra software installed!):
...
- 121
1
vote
3
answers
5k
views
How can I scan open ports through Windows Firewall?
I use Kali Linux and VMWare for testing some penetration techniques.
The problem is that when I scan ports with Nmap to my Windows IP "all ports are filtered". I know that the firewall is blocking the ...
- 11
0
votes
1
answer
4k
views
how to bypass windows xp firewall with nmap
I'm scanning a Windows XP in a virtualized environment. I use all of needed arguments to bypass its firewall but it doesn't answer:
nmap -e eth0 -Pn --data-length 5 --badsum -g 80 -S 192.168.1.103 -f ...
- 113
0
votes
5
answers
9k
views
NMAP scan fails
I started to read a metasploit guide book so I set up 2 Machines in VirtualBox for pen testing (host - BT 5, the second - WinXP SP2). When Im trying to scan open ports with NMAP on the Windows machine,...
- 1
1
vote
2
answers
2k
views
Changing IP ID generation of a server
I've seen plenty about Idle Scans and incremental IP IDs on the net, but I have trouble finding a "solution" to the problem. Is there a way to "set" IP IDs for example to all zeros or is it coded into ...
- 963