Advance hacking with NMAP

The point of port scanning a server is to detect its open ports the port’s listening services. Once a hacker knows all the services running on your server, he could search for possible vulnerabilities they may have and exploit them to take control of your website. In the port scanning example we will use the most popular port scanner: Nmap. The Nmap Security Scanner is available for both Mac and Windows users:
http://nmap.org/download.html .


Host Discovery
-------------
[bryan@nereid bryan] sudo nmap -n -sP 10.150.9.1-20

Host 10.150.9.15 appears to be up.
MAC Address: 00:0C:F1:D2:29:4C (Intel)
Host 10.150.9.16 appears to be up.
MAC Address: 00:0B:DB:27:40:47 (Dell ESG Pcba Test)
Nmap finished: 20 IP addresses (2 hosts up) scanned in 0.646 seconds
------------

Port Scanning
---------------
bryan@firemaw:~$ sudo nmap 10.150.9.46

Interesting ports on 10.150.9.46:
(The 1667 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
21/tcp      open      ftp
22/tcp      open      ssh
80/tcp      open      http
427/tcp     closed  svrloc
443/tcp     closed  https
3689/tcp   open    rendezvous
8080/tcp   open    http-proxy
----------------

Application Fingerprinting
---------------
bryan@firemaw:~$ sudo nmap -n -sV 10.150.9.46

Interesting ports on 10.150.9.46:
(The 1667 ports scanned but not shown below are in state: filtered)
PORT STATE     SERVICE        VERSION
21/tcp open           ftp                  tnftpd 20040810
22/tcp open s        sh                  OpenSSH 3.8.1p1 (protocol 1.99)
80/tcp open          http                 Apache httpd 1.3.33 ((Darwin) PHP/4.4.1)
427/tcp closed      svrloc
443/tcp closed      https
3689/tcp open      rendezvous     Apple iTunes 6.0.4 (on Mac OS X)
8080/tcp open     http-proxy?

******************
Advance hacking with NMAP available (http://nmap.org/book/toc.html)
******************

Advance hacking with NMAP Scripts
*******************************
http://nmap.org/nsedoc/
*******************************