I’ve decided to make notes on my progress through Nmap Network Scanning to mix things up a little.
The first thing of course is to find a legitimate target to scan so as I won’t land in a heap of trouble. Thankfully Nmap provide this in the form of Scanme.
Hello, and welcome to Scanme.Nmap.Org, a service provided by the Nmap Security Scanner Project and Insecure.Org.
We set up this machine to help folks learn about Nmap and also to test and make sure that their Nmap installation (or Internet connection) is working properly. You are authorized to scan this machine with Nmap or other port scanners. Try not to hammer on the server too hard. A few scans in a day is fine, but dont scan 100 times a day or use this site to test your ssh brute-force password cracking tool.
Thanks
-Fyodor
The first task is to uncover as much as possible about the URL without using Nmap. First up is the IP address:
root@Dexter:~# host scanme.nmap.org
scanme.nmap.org has address 74.207.244.221
scanme.nmap.org has IPv6 address 2600:3c01::f03c:91ff:fe93:cd19
And now DIG:
root@Dexter:~# dig scanme.nmap.org
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> scanme.nmap.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34974
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:
;scanme.nmap.org. IN A;; ANSWER SECTION:
scanme.nmap.org. 80189 IN A 74.207.244.22
Hop over to Netcraft and you can view a report I generated here.
Check for Domain Name Servers:
root@Dexter:~# host -t ns http://scanme.nmap.org/
Host http://scanme.nmap.org/ not found: 3(NXDOMAIN)
Nothing found.
A quick Whois on the above IP:
root@Dexter:~# whois 74.207.244.221
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=74.207.244.221?showDetails=true&showARIN=false&ext=netref2
#NetRange: 74.207.224.0 – 74.207.255.255
CIDR: 74.207.224.0/19
OriginAS:
NetName: LINODE-US
NetHandle: NET-74-207-224-0-1
Parent: NET-74-0-0-0-0
NetType: Direct Allocation
Comment: This block is used for static customer allocations.
RegDate: 2009-01-14
Updated: 2012-02-24
Ref: http://whois.arin.net/rest/net/NET-74-207-224-0-1OrgName: Linode
OrgId: LINOD
Address: 329 E. Jimmie Leeds Road
Address: Suite A
City: Galloway
StateProv: NJ
PostalCode: 08205
Country: US
RegDate: 2008-04-24
Updated: 2010-08-31
Comment: http://www.linode.com
Ref: http://whois.arin.net/rest/org/LINODOrgTechHandle: LNO21-ARIN
OrgTechName: Linode Network Operations
OrgTechPhone: +1-609-593-7103
OrgTechEmail: support@linode.com
OrgTechRef: http://whois.arin.net/rest/poc/LNO21-ARINOrgAbuseHandle: LAS12-ARIN
OrgAbuseName: Linode Abuse Support
OrgAbusePhone: +1-609-593-7103
OrgAbuseEmail: abuse@linode.com
OrgAbuseRef: http://whois.arin.net/rest/poc/LAS12-ARINOrgNOCHandle: LNO21-ARIN
OrgNOCName: Linode Network Operations
OrgNOCPhone: +1-609-593-7103
OrgNOCEmail: support@linode.com
OrgNOCRef: http://whois.arin.net/rest/poc/LNO21-ARINRNOCHandle: LNO21-ARIN
RNOCName: Linode Network Operations
RNOCPhone: +1-609-593-7103
RNOCEmail: support@linode.com
RNOCRef: http://whois.arin.net/rest/poc/LNO21-ARINRTechHandle: LNO21-ARIN
RTechName: Linode Network Operations
RTechPhone: +1-609-593-7103
RTechEmail: support@linode.com
RTechRef: http://whois.arin.net/rest/poc/LNO21-ARINRAbuseHandle: LAS12-ARIN
RAbuseName: Linode Abuse Support
RAbusePhone: +1-609-593-7103
RAbuseEmail: abuse@linode.com
RAbuseRef: http://whois.arin.net/rest/poc/LAS12-ARIN
NSLookup:
root@Dexter:~# nslookup 74.207.244.221
Server: 192.168.1.254
Address: 192.168.1.254#53Non-authoritative answer:
221.244.207.74.in-addr.arpa name = scanme.nmap.org.
That’s everything I can remember on digging out info on the URL and IP without using Nmap.