Nmap script doesn't provide an answer - nmap
I'm running windows 11 and kali linux on Vmware, I tried to run Nmap script on smb with verbose mode and doesn't provide me with an answer.
nmap --script smb-enum-shares.nse -p445 192.168.189.129 -v
Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-19 14:58 EST
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 14:58
Completed NSE at 14:58, 0.00s elapsed
Initiating Ping Scan at 14:58
Scanning 192.168.189.129 [2 ports]
Completed Ping Scan at 14:58, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:58
Completed Parallel DNS resolution of 1 host. at 14:58, 13.00s elapsed
Initiating Connect Scan at 14:58
Scanning 192.168.189.129 [1 port]
Discovered open port 445/tcp on 192.168.189.129
Completed Connect Scan at 14:58, 0.00s elapsed (1 total ports)
NSE: Script scanning 192.168.189.129.
Initiating NSE at 14:58
Completed NSE at 14:58, 0.01s elapsed
Nmap scan report for 192.168.189.129
Host is up (0.00077s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
NSE: Script Post-scanning.
Initiating NSE at 14:58
Completed NSE at 14:58, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 13.31 seconds
I thought it was firewall so I disabled firewall and all it's rules but still got nothing.
Note:
I'm sharing C folder and Download folder.
Update:
I solved by opening smb on the machine.
Steps:
Open Control Panel.
Select Programs > Programs and Features > Turn Windows features on or off > SMB 1.0/CIFS File Sharing Support.
Check SMB 1.0/CIFS Client, and then press Enter.
should I delete the question or there is option to flag as solved?
Related
Nessus Nmap script not providing desired results on localhost:8843
I'm running Nessus and I want to perform an Nmap script on it, Nessus are running on the localhost:8843. When I run Nmap script it gives me nothing just normal scan Nmap script: C:\Users\mtaha>nmap --script nessus-brute.nse -p8834 <MY_IP> --unprivileged -Pn The output: Starting Nmap 7.92 ( https://nmap.org ) at 2023-02-03 22:44 Egypt Standard Time Nmap scan report for 192.168.189.1 Host is up (0.00s latency). PORT STATE SERVICE 8834/tcp open nessus-xmlrpc Nmap done: 1 IP address (1 host up) scanned in 16.85 seconds I didn't try anything else.
Nmap script error: "ssl_init_helper(): OpenSSL legacy provider failed to load."
I running Nessus on port 8834 and I when I run this Nmap script nmap --script nessus-brute -p 8834 <MY_IP> It gave me this output Starting Nmap 7.93 ( https://nmap.org ) at 2023-02-03 10:38 Egypt Standard Time NSOCK ERROR [0.0460s] ssl_init_helper(): OpenSSL legacy provider failed to load. Nmap scan report for 192.168.189.1 Host is up (0.00s latency). PORT STATE SERVICE 8834/tcp open nessus-xmlrpc Nmap done: 1 IP address (1 host up) scanned in 17.00 seconds I tried also to put args to the script nmap --script nessus-brute --script-args userdb='admin',passdb='adminPass' -p 8834 <MY_IP> And the same output as before.
strange error "(22 - 'Invalid argument')" when used with IPv4
I have "(22 - 'Invalid argument')" using nmap. I'V google'd and got https://seclists.org/nmap-dev/ but on that is it talks about IPv6 while I got this error using IPv4 in no place IPv4 is mensionned, so why am I getting this weird error ? I entered nmap --send-eth --release-memory --nsock-engine=epoll --allports --fuzzy --randomize-hosts --log-errors --max-os-tries=9 -n --reason --append-output --scanflags=URGACKPSHRSTSYNFIN --max-retries=6 --host-timeout=225s --stats-every=10m --ttl=255 --min-hostgroup=5 --max-hostgroup=25 --max-rtt-timeout=60s --scan-delay=250ms --max-scan-delay=25s --stats-every=1 -v5 -sT -sV -A -p 80-82 0.18.0.0 And got: Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-17 16:05 CET NSE: Loaded 148 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 2) scan. Initiating NSE at 16:05 Completed NSE at 16:05, 0.00s elapsed NSE: Starting runlevel 2 (of 2) scan. Initiating NSE at 16:05 Completed NSE at 16:05, 0.00s elapsed Initiating Ping Scan at 16:05 Scanning 0.18.0.0 [2 ports] Stats: 0:00:01 elapsed; 0 hosts completed (0 up), 1 undergoing Ping Scan Ping Scan Timing: About 0.00% done Strange read error from 0.18.0.0 (22 - 'Invalid argument') Strange read error from 0.18.0.0 (22 - 'Invalid argument') Completed Ping Scan at 16:05, 0.50s elapsed (1 total hosts) NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 2) scan. Initiating NSE at 16:05 Completed NSE at 16:05, 0.00s elapsed NSE: Starting runlevel 2 (of 2) scan. Initiating NSE at 16:05 Completed NSE at 16:05, 0.00s elapsed Read data files from: /usr/bin/../share/nmap Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 1.46 seconds When trying with less arguements nmap -p 80-82 0.18.0.0 got: Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-17 16:24 CET Strange read error from 0.18.0.0 (22 - 'Invalid argument') Strange read error from 0.18.0.0 (22 - 'Invalid argument') Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 0.12 seconds When trying with ncat I got: marc#platinum:~/NCat_test$ nc -vvv 0.18.0.0 80 0.18.0.0: inverse host lookup failed: Unknown host (UNKNOWN) [0.18.0.0] 80 (http) : Invalid argument sent 0, rcvd 0 marc#platinum:~/NCat_test$ nc -vvv 0.18.0.0 81 0.18.0.0: inverse host lookup failed: Unknown host (UNKNOWN) [0.18.0.0] 81 (hosts2-ns) : Invalid argument sent 0, rcvd 0 I still have "Invalid argument" but this time instead of 22 I got the post numbers and service 80 (http) 81 (hosts2-ns) This raises a few questions 1) does the "Invalid argument" of ncat and nmap relate to the same thing ? 2) how can I make nmap for informative instead of printing 22 ? 3) how can I say that the remote port is really CLOSEd or is it really OPENned and rejecting because of the firewall ? Thanks for your help
The IP addresses in the 0.0.0.0/8 network (anything with 0 in the first position) are reserved to mean "Current network" and are only valid as source addresses. Nmap generally prefers to not disallow unusual things like invalid addresses or port numbers (port 0 is similarly reserved in most implementations), because interesting things happen when you disobey conventions. But when Nmap makes calls to your system's networking functions, they may produce errors like this.
Error Nmap NSE http-form-brute
I'm trying to get some time using the http-form-brute script, but every time it says that the path is wrong, but I already checked the path, yes, I also checked the syntax and it looks correct ... Point where I'm going wrong. Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-01-12 19:48 UTC --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Using Lua 5.2. NSE: Arguments from CLI: userdb=d.dic,passdb=d.dic,http-form- brute.uservar=usuario,http-form-brute.passvar=senha,http-form-brute.onfailure=invalido!,http-form-brute.path=/admin/validar.php NSE: Arguments parsed: userdb=d.dic,passdb=d.dic,http-form-brute.uservar=usuario,http-form-brute.passvar=senha,http-form-brute.onfailure=invalido!,http-form-brute.path=/admin/validar.php NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 19:48 Completed NSE at 19:48, 0.00s elapsed Initiating Ping Scan at 19:48 Scanning www.laboratoriohacker.com.br (31.170.164.209) [4 ports] Packet capture filter (device wlan0): dst host 192.168.0.102 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 31.170.164.209))) We got a ping packet back from 31.170.164.209: id = 1632 seq = 0 checksum = 63903 Completed Ping Scan at 19:48, 0.52s elapsed (1 total hosts) Overall sending rates: 7.76 packets / s, 294.96 bytes / s. mass_rdns: Using DNS server 192.168.0.1 Initiating Parallel DNS resolution of 1 host. at 19:48 mass_rdns: 0.01s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1] Completed Parallel DNS resolution of 1 host. at 19:48, 0.01s elapsed DNS resolution of 1 IPs took 0.01s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0] Initiating SYN Stealth Scan at 19:48 Scanning www.laboratoriohacker.com.br (31.170.164.209) [1 port] Packet capture filter (device wlan0): dst host 192.168.0.102 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 31.170.164.209))) Discovered open port 80/tcp on 31.170.164.209 Completed SYN Stealth Scan at 19:48, 0.31s elapsed (1 total ports) Overall sending rates: 3.24 packets / s, 142.60 bytes / s. NSE: Script scanning 31.170.164.209. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 19:48 NSE: Starting http-form-brute against www.laboratoriohacker.com.br (31.170.164.209:80). NSE: [http-form-brute 31.170.164.209:80] Form submission path: /admin/validar.php NSE: [http-form-brute 31.170.164.209:80] HTTP method: POST NSE: [http-form-brute 31.170.164.209:80] Username field: usuario NSE: [http-form-brute 31.170.164.209:80] Password field: senha NSE: [http-form-brute 31.170.164.209:80] Failed to get new session cookies: Unable to retrieve a login form from path "/admin/validar.php" NSE: Finished http-form-brute against www.laboratoriohacker.com.br (31.170.164.209:80). Completed NSE at 19:48, 1.35s elapsed Nmap scan report for www.laboratoriohacker.com.br (31.170.164.209) Host is up, received echo-reply ttl 52 (0.46s latency). Scanned at 2017-01-12 19:48:02 UTC for 2s PORT STATE SERVICE REASON 80/tcp open http syn-ack ttl 52 | http-form-brute: |_ ERROR: Failed to submit the form to path "/admin/validar.php" Final times for host: srtt: 457110 rttvar: 414875 to: 2116610 NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 19:48 Completed NSE at 19:48, 0.00s elapsed Read from /usr/bin/../share/nmap: nmap-payloads nmap-services. Nmap done: 1 IP address (1 host up) scanned in 3.02 seconds Raw packets sent: 5 (196B) | Rcvd: 2 (72B)
You have provided the path to the HTML form as /admin/validar.php, but the script is unable to GET a response containing a form from that page. Most likely, this is the path that the form POSTs to, not the page that the form exists on. The path provided should be the URI path that a user sees in his browser when filling out the form. Alternatively, you can try setting sessioncookies to 0 (false) to avoid the form detection, but if the form requires new cookies for each submission, then brute forcing will not be possible.
nmap seems to miss ports: doing something wrong?
If I specify a port range and scan for open ports such as the below range, I get no result, even though ports (per netstat) are clearly open and listening for web activity in this range: [me#box ~]$ ./nmap --open -A --script ssl-enum-ciphers.nse,ssl-cert.nse -p [10050-65535] w.x.y.z Starting Nmap 7.01 at 2016-01-21 16:24 CST Service detection performed. Please report any incorrect results at http.../submit/ . Nmap done: 1 IP address (1 host up) scanned in 0.63 seconds See above: nothing reported! But if I scan a specific port in that same range (the same way), I get the result I'd expect: [me#box ~]$ ./nmap --open -A --script ssl-enum-ciphers.nse,ssl-cert.nse -p 10050 w.x.y.z Starting Nmap 7.01 ( ) at 2016-01-21 16:24 CST Nmap scan report for box-name (w.x.y.z) Host is up (0.00010s latency). PORT STATE SERVICE VERSION 10050/tcp open http Apache httpd |_http-server-header: Apache Service detection performed. Please report any incorrect results at ht.../submit/ . Nmap done: 1 IP address (1 host up) scanned in 11.74 seconds What's wrong? Why doesn't it report that port (and some others) in the results from the first command line? The second command line is the same except it specifies a specific port that's known to be open (and output proves it is indeed open). Makes no sense to me. Any advice? This is nmap 7.01 if it matters. Also I'm scanning the local box itself with its own specific IP address on which the https ports are up and listening. (Not a scan of some other remote machine).
Using brackets around the port list means "Only scan ports if they occur in the services file." The nmap-services file that comes with Nmap does not contain a reference to port 10050, so that port is not scanned. In fact, you can see just which ports are scanned by using Grepable output and the -v flag: $ ./nmap -p [10050-65535] -oG - -v # Nmap 7.01SVN scan initiated Fri Jan 22 01:59:37 2016 as: ./nmap -p [10050-65535] -oG - -v # Ports scanned: TCP(1371;10058,10064,10082-10083,10093,10101,10115,10160,10180,10215,10238,10243,10245-10246,10255,10280,10338,10347,10357,10387,10414,10443,10494,10500,10509,10529,10535,10550-10556,10565-10567,10601-10602,10616-10617,10621,10626,10628-10629,10699,10754,10778,10842,10852,10873,10878,10900,11000-11001,11003,11007,11019,11026,11031-11033,11089,11100,11110-11111,11180,11200,11224,11250,11288,11296,11371,11401,11552,11697,11735,11813,11862-11863,11940,11967,12000-12002,12005-12006,12009,12019,12021,12031,12034,12059,12077,12080,12090,12096-12097,12121,12132,12137,12146,12156,12171,12174,12192,12215,12225,12240,12243,12251,12262,12265,12271,12275,12296,12340,12345-12346,12380,12414,12452,12699,12702,12766,12865,12891-12892,12955,12962,13017,13093,13130,13132,13140,13142,13149,13167,13188,13192-13194,13229,13250,13261,13264-13265,13306,13318,13340,13359,13456,13502,13580,13695,13701,13713-13715,13718,13720-13724,13730,13766,13782-13784,13846,13899,14000-14001,14141,14147,14218,14237-14238,14254,14418,14441-14444,14534,14545,14693,14733,14827,14891,14916,15000-15005,15050,15145,15151,15190-15191,15275,15317,15344,15402,15448,15550,15631,15645-15646,15660,15670,15677,15722,15730,15742,15758,15915,16000-16001,16012,16016,16018,16048,16080,16113,16161,16270,16273,16283,16286,16297,16349,16372,16444,16464,16705,16723-16725,16797,16800,16845,16851,16900-16901,16992-16993,17007,17016-17017,17070,17089,17129,17251,17255,17300,17409,17413,17500,17595,17700-17702,17715,17801-17802,17860,17867,17877,17969,17985,17988,17997,18000,18012,18015,18018,18040,18080,18101,18148,18181-18184,18187,18231,18264,18333,18336-18337,18380,18439,18505,18517,18569,18669,18874,18887,18910,18962,18988,19010,19101,19130,19150,19200-19201,19283,19315,19333,19350,19353,19403,19464,19501,19612,19634,19715,19780,19801,19842,19852,19900,19995-19996,20000-20002,20005,20011,20017,20021,20031-20032,20039,20052,20076,20080,20085,20089,20102,20106,20111,20118,20125,20127,20147,20179-20180,20221-20228,20280,20473,20734,20828,20883,20934,20940,20990,21011,21078,21201,21473,21571,21631,21634,21728,21792,21891,21915,22022,22063,22100,22125,22128,22177,22200,22222-22223,22273,22290,22341,22350,22555,22563,22711,22719,22727,22769,22882,22939,22959,22969,23017,23040,23052,23219,23228,23270,23296,23342,23382,23430,23451,23502,23723,23796,23887,23953,24218,24392,24416,24444,24552,24554,24616,24800,24999-25001,25174,25260,25262,25288,25327,25445,25473,25486,25565,25703,25717,25734-25735,25847,26000-26001,26007,26208,26214,26340,26417,26470,26669,26972,27000-27003,27005,27007,27009-27010,27015-27019,27055,27074-27075,27087,27204,27316,27350-27353,27355-27357,27372,27374,27521,27537,27665,27715,27770,28017,28114,28142,28201,28211,28374,28567,28717,28850-28851,28924,28967,29045,29152,29243,29507,29672,29810,29831,30000-30001,30005,30087,30195,30299,30519,30599,30644,30659,30704-30705,30718,30896,30951,31033,31038,31058,31072,31337,31339,31386,31416,31438,31522,31657,31727-31728,32006,32022,32031,32088,32102,32200,32219,32260-32261,32764-32765,32767-32792,32797-32799,32803,32807,32814-32816,32820,32822,32835,32837,32842,32858,32868-32869,32871,32888,32897-32898,32904-32905,32908,32910-32911,32932,32944,32960-32961,32976,33000,33011,33017,33070,33087,33124,33175,33192,33200,33203,33277,33327,33335,33337,33354,33367,33395,33444,33453,33522-33523,33550,33554,33604-33605,33841,33879,33882,33889,33895,33899,34021,34036,34096,34189,34317,34341,34381,34401,34507,34510,34571-34573,34683,34728,34765,34783,34833,34875,35033,35050,35116,35131,35217,35272,35349,35392-35393,35401,35500,35506,35513,35553,35593,35731,35879,35900-35901,35906,35929,35986,36046,36104-36105,36256,36275,36368,36436,36508,36530,36552,36659,36677,36694,36710,36748,36823-36824,36914,36950,36962,36983,37121,37151,37174,37185,37218,37393,37522,37607,37614,37647,37674,37777,37789,37839,37855,38029,38037,38185,38188,38194,38205,38224,38270,38292,38313,38331,38358,38446,38481,38546,38561,38570,38761,38764,38780,38805,38936,39067,39117,39136,39265,39293,39376,39380,39433,39482,39489,39630,39659,39732,39763,39774,39795,39869,39883,39895,39917,40000-40003,40005,40011,40193,40306,40393,40400,40457,40489,40513,40614,40628,40712,40732,40754,40811-40812,40834,40911,40951,41064,41123,41142,41250,41281,41318,41342,41345,41348,41398,41442,41511,41523,41551,41632,41773,41794-41795,41808,42001,42035,42127,42158,42251,42276,42322,42449,42452,42510,42559-42560,42575,42590,42632,42675,42679,42685,42735,42906,42990,43000,43002,43018,43027,43103,43139,43143,43188,43212,43231,43242,43425,43654,43690,43734,43823,43868,44004,44101,44119,44176,44200,44334,44380,44410,44431,44442-44443,44479,44501,44505,44541,44616,44628,44704,44709,44711,44965,44981,45038,45050,45100,45136,45164,45220,45226,45413,45438,45463,45602,45624,45697,45777,45864,45960,46034,46069,46115,46171,46182,46200,46310,46372,46418,46436,46593,46813,46992,46996,47012,47029,47119,47197,47267,47348,47372,47448,47544,47557,47567,47581,47595,47624,47634,47700,47777,47806,47850,47858,47860,47966,47969,48009,48067,48080,48083,48127,48153,48167,48356,48434,48619,48631,48648,48682,48783,48813,48925,48966-48967,48973,49002,49048,49132,49152-49161,49163-49173,49175-49176,49179,49186,49189-49191,49195-49197,49201-49204,49211,49213,49216,49228,49232,49235-49236,49241,49275,49302,49352,49372,49398,49400-49401,49452,49498,49500,49519-49522,49597,49603,49678,49751,49762,49765,49803,49927,49999-50003,50006,50016,50019,50040,50050,50101,50189,50198,50202,50205,50224,50246,50258,50277,50300,50356,50389,50500,50513,50529,50545,50576-50577,50585,50636,50692,50733,50787,50800,50809,50815,50831,50833-50836,50849,50854,50887,50903,50945,50997,51011,51020,51037,51067,51103,51118,51139,51191,51233-51235,51240,51300,51343,51351,51366,51413,51423,51460,51484-51485,51488,51493,51515,51582,51658,51771-51772,51800,51809,51906,51909,51961,51965,52000-52003,52025,52046,52071,52173,52225-52226,52230,52237,52262,52391,52477,52506,52573,52660,52665,52673,52675,52710,52735,52822,52847-52851,52853,52869,52893,52948,53085,53178,53189,53211-53212,53240,53313-53314,53319,53361,53370,53460,53469,53491,53535,53633,53639,53656,53690,53742,53782,53827,53852,53910,53958,54045,54075,54101,54127,54235,54263,54276,54320-54321,54323,54328,54514,54551,54605,54658,54688,54722,54741,54873,54907,54987,54991,55000,55020,55055-55056,55183,55187,55227,55312,55350,55382,55400,55426,55479,55527,55555-55556,55568-55569,55576,55579,55600,55635,55652,55684,55721,55758,55773,55781,55901,55907,55910,55948,56016,56055,56259,56293,56507,56535,56591,56668,56681,56723,56725,56737-56738,56810,56822,56827,56973,56975,57020,57103,57123,57294,57325,57335,57347,57350,57352,57387,57398,57479,57576,57665,57678,57681,57702,57730,57733,57797,57891,57896,57923,57928,57988,57999,58001-58002,58072,58080,58107,58109,58164,58252,58305,58310,58374,58430,58446,58456,58468,58498,58562,58570,58610,58622,58630,58632,58634,58699,58721,58838,58908,58970,58991,59087,59107,59110,59122,59149,59160,59191,59200-59202,59239,59340,59499,59504,59509-59510,59525,59565,59684,59778,59810,59829,59841,59987,60000,60002-60003,60020,60055,60086,60111,60123,60146,60177,60227,60243,60279,60377,60401,60403,60443,60485,60492,60504,60544,60579,60612,60621,60628,60642,60713,60728,60743,60753,60782-60783,60789,60794,60989,61159,61169-61170,61402,61473,61516,61532,61613,61616-61617,61669,61722,61734,61827,61851,61900,61942,62006,62042,62078,62080,62188,62312,62519,62570,62674,62866,63105,63156,63331,63423,63675,63803,64080,64127,64320,64438,64507,64551,64623,64680,64726-64727,64890,65000,65048,65129,65301,65310-65311,65389,65488,65514) UDP(0;) SCTP(0;) PROTOCOLS(0;) WARNING: No targets were specified, so 0 hosts scanned. # Nmap done at Fri Jan 22 01:59:37 2016 -- 0 IP addresses (0 hosts up) scanned in 0.10 seconds That shows 1371 scanned ports out of 55486 in the range you gave. Note that no packets were sent in this command: it's a nice way to see exactly which ports you will scan (like the default 1000, or the top 100 with -F, or some other list with --top-ports).