20100217 nmap is your friend - plembo/onemoretech GitHub Wiki
title: nmap is your friend link: https://onemoretech.wordpress.com/2010/02/17/nmap-is-your-friend/ author: lembobro description: post_id: 189 created: 2010/02/17 18:57:14 created_gmt: 2010/02/17 18:57:14 comment_status: open post_name: nmap-is-your-friend status: publish post_type: post
nmap is your friend
One of my favorite tools for tracking down abusive LDAP clients is nmap .
Here’s the “standard” command line “SYN Stealth Scan” with O/S detection (invoked as root):
nmap -sS -O -PI -PT 10.0.44.56
And here’s your typical output:
`
Starting Nmap 4.20 ( http://insecure.org ) at 2010-02-17 13:49 EST
Interesting ports on 10.0.44.56:
Not shown: 1690 closed ports
PORT STATE SERVICE
23/tcp open telnet
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1040/tcp open netsaint
1680/tcp open CarbonCopy
12345/tcp open NetBus
`
Notice the listeners on ports 23, 135, 139 and 445. All indicative of this being an MS Windows Server 200x, but probably not a Domain Controller since it isn’t listening on LDAP port 389.
Copyright 2004-2019 Phil Lembo