Info BackTrack

Linux & Security Tutorial

Analisis Kehidupan di Hosting Menggunakan Netenum [test on linux whax / backtrack outlocalhost]


Langsung saja kita peraktekan ya cara analisisnya, karena saya lagi galau dan sedang tidak mood untuk mengetik pesan pembuka. =))


Target : 86.39.202.35

Nah sebelum menggunakan Netenum , kita cari tahu dulu identitas domainnya melalui Nmap / Traceroute.


lindo@laptop:~# nmap -v -A 86.39.202.35

Starting Nmap 5.51 ( http://nmap.org ) at 2012-08-21 10:07 WIT
NSE: Loaded 57 scripts for scanning.
Initiating Ping Scan at 10:07
Scanning 86.39.202.35 [4 ports]
Completed Ping Scan at 10:07, 1.09s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:07
Completed Parallel DNS resolution of 1 host. at 10:07, 0.20s elapsed
Initiating SYN Stealth Scan at 10:07
Scanning 86.39.202.35.static.hosted.by.easyhost.be (86.39.202.35) [1000 ports]
Discovered open port 5900/tcp on 86.39.202.35
Discovered open port 80/tcp on 86.39.202.35
Discovered open port 21/tcp on 86.39.202.35
Discovered open port 3306/tcp on 86.39.202.35
Increasing send delay for 86.39.202.35 from 0 to 5 due to 47 out of 155 dropped probes since last increase.
SYN Stealth Scan Timing: About 18.88% done; ETC: 10:10 (0:02:13 remaining)
Completed SYN Stealth Scan at 10:08, 59.16s elapsed (1000 total ports)
Initiating Service scan at 10:08
Scanning 4 services on 86.39.202.35.static.hosted.by.easyhost.be (86.39.202.35)
Completed Service scan at 10:08, 0.45s elapsed (4 services on 1 host)
Initiating OS detection (try #1) against 86.39.202.35.static.hosted.by.easyhost.be (86.39.202.35)
WARNING:  RST from 86.39.202.35 port 21 -- is this port really open?
WARNING:  RST from 86.39.202.35 port 21 -- is this port really open?
WARNING:  RST from 86.39.202.35 port 21 -- is this port really open?
WARNING:  RST from 86.39.202.35 port 21 -- is this port really open?
WARNING:  RST from 86.39.202.35 port 21 -- is this port really open?
WARNING:  RST from 86.39.202.35 port 21 -- is this port really open?
Retrying OS detection (try #2) against 86.39.202.35.static.hosted.by.easyhost.be (86.39.202.35)
WARNING:  RST from 86.39.202.35 port 21 -- is this port really open?
WARNING:  RST from 86.39.202.35 port 21 -- is this port really open?
WARNING:  RST from 86.39.202.35 port 21 -- is this port really open?
WARNING:  RST from 86.39.202.35 port 21 -- is this port really open?
WARNING:  RST from 86.39.202.35 port 21 -- is this port really open?
WARNING:  RST from 86.39.202.35 port 21 -- is this port really open?
Initiating Traceroute at 10:09
Completed Traceroute at 10:09, 3.50s elapsed
Initiating Parallel DNS resolution of 20 hosts. at 10:09
Completed Parallel DNS resolution of 20 hosts. at 10:09, 0.96s elapsed
NSE: Script scanning 86.39.202.35.
Initiating NSE at 10:09
Completed NSE at 10:09, 3.38s elapsed
Nmap scan report for 86.39.202.35.static.hosted.by.easyhost.be (86.39.202.35)
Host is up (0.31s latency).
Not shown: 995 closed ports
PORT     STATE    SERVICE VERSION
21/tcp   open     ftp?
|_ftp-bounce: no banner
25/tcp   filtered smtp
80/tcp   open     http?
3306/tcp open     mysql?
5900/tcp open     vnc?
Device type: general purpose|broadband router|media device|specialized
Running (JUST GUESSING): FreeBSD 5.X (86%), D-Link embedded (86%), Linux 2.4.X (86%), Apple iPhone OS 2.X (85%), Larus embedded (85%)
Aggressive OS guesses: FreeBSD 5.4-STABLE (86%), D-Link DSL-500 ADSL router (86%), Linux 2.4.21 (86%), Apple iPod touch audio player (iPhone OS 2.2) (85%), Larus 54580 NTP server (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 24 hops

TRACEROUTE (using port 111/tcp)
HOP RTT       ADDRESS
1   147.02 ms 192.168.3.1
2   143.03 ms 192.168.3.11
3   147.05 ms 192.168.4.36
4   155.02 ms 192.168.4.36
5   243.03 ms 192.168.3.11
6   243.05 ms 192.168.4.196
7   323.06 ms ix-1-1-1-501.tcore1.SVW-Singapore.as6453.net (180.87.12.97)
8   343.08 ms if-6-2.tcore2.TV2-Tokyo.as6453.net (180.87.12.110)
9   303.09 ms if-2-2.tcore1.TV2-Tokyo.as6453.net (180.87.180.1)
10  335.14 ms if-9-2.tcore2.PDI-PaloAlto.as6453.net (180.87.180.17)
11  305.83 ms Vlan3254.icore1.SQN-SanJose.as6453.net (66.198.144.6)
12  331.11 ms te0-7-0-2.ccr22.sjc03.atlas.cogentco.com (154.54.12.21)
13  391.09 ms te0-1-0-3.ccr22.sjc01.atlas.cogentco.com (154.54.6.233)
14  393.03 ms te0-1-0-5.mpd22.sfo01.atlas.cogentco.com (66.28.4.181)
15  350.00 ms te0-3-0-1.ccr22.mci01.atlas.cogentco.com (154.54.6.41)
16  389.89 ms te0-5-0-4.mpd22.ord01.atlas.cogentco.com (154.54.45.158)
17  391.30 ms te0-2-0-5.ccr22.bos01.atlas.cogentco.com (154.54.43.74)
18  419.01 ms te0-3-0-5.ccr21.ymq02.atlas.cogentco.com (154.54.42.226)
19  390.70 ms te0-4-0-6.ccr22.ams03.atlas.cogentco.com (154.54.37.129)
20  418.65 ms te0-2-0-6.ccr21.ams03.atlas.cogentco.com (154.54.37.89)
21  ...
22  448.00 ms cogent.bru2.easyhost.be (149.6.134.74)
23  436.03 ms cogent.bru2.easyhost.be (149.6.134.74)
24  413.15 ms 86.39.202.35.static.hosted.by.easyhost.be (86.39.202.35)

Read data files from: /usr/local/share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 81.72 seconds
           Raw packets sent: 1209 (57.828KB) | Rcvd: 1082 (43.784KB)

Diketahui salah 1 ip hasil traceroute adalah :


418.65 ms te0-2-0-6.ccr21.ams03.atlas.cogentco.com (154.54.37.89)

Nah sekarang kita masuk ke console Netenum.

Syntax awal Netenum:


lindo@laptop:/pentest/enumeration/irpas# ./netenum 154.54.37.89/24

Nb: 154.54.37.89 --> Target
    24           --> list yang akan berhubungan dengan target

154.54.37.0
154.54.37.1
154.54.37.2
154.54.37.3
154.54.37.4
154.54.37.5
154.54.37.6
154.54.37.7
154.54.37.8
154.54.37.9
154.54.37.10
154.54.37.11
154.54.37.12
154.54.37.13
154.54.37.14
154.54.37.15
154.54.37.16
154.54.37.17
154.54.37.18
154.54.37.19
154.54.37.20
154.54.37.21
154.54.37.22
154.54.37.23
154.54.37.24
154.54.37.25
154.54.37.26
154.54.37.27
154.54.37.28
154.54.37.29
154.54.37.30
154.54.37.31
154.54.37.32
154.54.37.33
154.54.37.34
154.54.37.35
154.54.37.36
154.54.37.37
154.54.37.38
154.54.37.39
154.54.37.40
154.54.37.41
154.54.37.42
154.54.37.43
154.54.37.44
154.54.37.45
154.54.37.46
154.54.37.47
154.54.37.48
154.54.37.49
154.54.37.50
154.54.37.51
154.54.37.52
154.54.37.53
154.54.37.54
154.54.37.55
154.54.37.56
154.54.37.57
154.54.37.58
154.54.37.59
154.54.37.60
154.54.37.61
154.54.37.62
154.54.37.63
154.54.37.64
154.54.37.65
154.54.37.66
154.54.37.67
154.54.37.68
154.54.37.69
154.54.37.70
154.54.37.71
154.54.37.72
154.54.37.73
154.54.37.74
154.54.37.75
154.54.37.76
154.54.37.77
154.54.37.78
154.54.37.79
154.54.37.80
154.54.37.81
154.54.37.82
154.54.37.83
154.54.37.84
154.54.37.85
154.54.37.86
154.54.37.87
154.54.37.88
154.54.37.89  ---------> di identifikasi lagi
154.54.37.90

Dari hasil netenum yang diata, saya tertarik denga list ip ini 154.54.37.89. yuk kita scanning lagi =))


lindo@laptop:/pentest/enumeration/irpas# ./netenum 154.54.37.89/24 9 3
        Netmask: 255.255.255.0
Targeting from 154.54.37.0 to 154.54.37.255
154.54.37.1 respond ... good  --------------> di identifikasi lagi
154.54.37.2 respond ... good
154.54.37.5 respond ... good
154.54.37.6 respond ... good
154.54.37.9 respond ... good
154.54.37.10 respond ... good
154.54.37.13 respond ... good
154.54.37.21 respond ... good
154.54.37.22 respond ... good
154.54.37.25 respond ... good
154.54.37.26 respond ... good
154.54.37.29 respond ... good
154.54.37.30 respond ... good
154.54.37.33 respond ... good
154.54.37.34 respond ... good
154.54.37.37 respond ... good
154.54.37.38 respond ... good
154.54.37.41 respond ... good
154.54.37.42 respond ... good
ping round is at 1

Nah ada ip yang menerima respon yang bagus tuh. yuk kita cek lagi apakah ip itu masih hidup ato nggak. =))


lindo@laptop:/pentest/enumeration/irpas# ./netenum 154.54.37.1 9 1
154.54.37.1 is alive
1 targets found
154.54.37.1

—done

Demikian tutorial dari Netenum, semoga bermanfaat.

Lindo

Artikel Terkait:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: